DAILY BRIEF Number: DOB02-038 Date: 15 April 2002 NEWS
TransCanada Pipeline Explodes in Manitoba A section of the TransCanada pipeline exploded on Sunday night near Brookdale, Manitoba. The natural gas explosion and ensuing fire led authorities to evacuate the few homes that were within an eight kilometer radius of the incident. The fire was brought under control within two hours. The cause of the explosion is still under investigation. (Source: The Globe and Mail, 15 April 2002) www.globeandmail.com Oil Spill in Detroit and Rouge Rivers The Great Lakes have been impacted by the largest oil spill in a decade. More than 10,000 gallons (37,800 litres) of oil has spilled into the Detroit and Rouge Rivers since Wednesday. The source of the spill is being investigated. (Source: The Ottawa Citizen, 15 April 2002) http://www.canada.com/ottawa/ottawacitizen/ Comment: At least 27 kilometers of Canadian and American coastline have been impacted by the spill. ICANN Convenes Industry-Heavy Security Panel The Internet Corporation for Assigned Names and Numbers (ICANN) has brought together industry leaders in a standing security committee. The board will provide threat assessments for domain name servers (DNS), monitor the security of physical and electronic components that comprise DNS and make security recommendations to ICANN. (Source: Newsbytes, 12 April 2002) www.newsbytes.com IN BRIEF Lieberman to Introduce New Homeland Defence Bill The Government Computer News reports that Senator Joseph Lieberman plans to introduce a bill that would place the Critical Infrastructure Assurance Office and the National Infrastructure Protection Center under a new Homeland Security Department. (Source: Government Computer News, 15 April 2002) www.gcn.com Murdoch Company Leaked Codes The Financial Times reports that NDS, a software subsidiary of Rupert Murdoch's pay-television empire, directed an employee to leak secret codes belonging to its closest rival to Internet pirates. Canal Plus and ITV Digital are claiming hundreds of millions of pounds in lost revenues from the piracy that allowed hackers to access films, sports and other content free. (Source: The Financial Times, 11 April 2002) http://news.ft.com Greatest Threat to E-Business Security from Eastern Europe and Russia The former head of data security for NATO's European HQ stated that the most significant threat to e-business security is now coming from teams of ex-KGB computer specialists working out of eastern Europe and Russia, according to a Sunday Tribune article cited by the Overseas Security Advisory Council. (Source: The Overseas Security Advisory Council, 11 April 2002) www.ds-osac.org CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Trend Micro reports on VBS_VCARD.A, which is a virus that appears as an electronic greeting card. It uses a message entered by the user and sends itself to MS Outlook addresses with the subject line "You have a special Vcard" and a random attachment taken from the infected system's Hard Drive including: vcrd01.vcrd, vcrd02.vcrd, vcrd03.vcrd and vcards.vbs http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_VCARD.A Sophos Anti-Virus reports on W32/MyLife-J, which is a virus that sends itself to MS Outlook addresses with the subject line "sexyy Screen Saver" and the attachment "usa.scr". http://sophos.com/virusinfo/analyses/w32mylifej.html Symantec reports on VBS.Resreg@mm, which is a virus that sends itself to MS Outlook addresses with the subject line "Free Access To Thousands Of MP3" and the attachment "Freemp3s.vbs" http:[EMAIL PROTECTED] Vulnerabilities SecurityFocus reports on multiple vulnerabilities in Microsoft Internet Information Server. For technical information on these vulnerabilities, go to the SecurityFocus link listed below and select "Microsoft" for the vendor. http://online.securityfocus.com/cgi-bin/vulns.pl?section=vendor SecurityFocus reports on a vulnerability in ASP-Nuke, which could cause the host to return sensitive system information. A user may modify their authentication cookie in such a way that, upon submitting the cookie, the host will return a list of all currently logged in users or the path to the web root. Click on the "solution" tab for patch information. http://online.SecurityFocus.com/cgi-bin/vulns-item.pl?section=discussion&id= 4489 SecurityFocus reports on a vulnerability in ASP-Nuke that does not sufficiently sanitize potentially malicious characters, such as HTML tags, from user profile pages. As a result, it may be possible to insert arbitrary script code. The script will execute when the malicious profiles are viewed. Click on the "solution" tab for patch information. http://online.SecurityFocus.com/cgi-bin/vulns-item.pl?section=discussion&id= 4481 SecurityFocus provides a report on vulnerabilities in SNMP request and trap handling which could result in a denial-of-service, service interruptions and unauthorized access. http://online.SecurityFocus.com/advisories/4032 SecurityFocus provides a report on vulnerabilities in a number of standard utilities in IRIX. These vulnerabilities could lead to a denial-of-service or root exploit. There is no patch available as of yet. http://online.SecurityFocus.com/advisories/4029 SecurityFocus provides a report on vulnerabilities Open UNIX 8.0.0 UnixWare 7.1.1. There is a buffer overflow in the X11 library. Any command linked with it that accepts the -xrm option will core dump if a long string is used as the argument, thereby leaving it vulnerable to attack. Follow link for the solution: http://online.SecurityFocus.com/advisories/4031 SecurityFocus reports on a vulnerability in Emumail that makes it possible for a local user to gain privileges equal to the HTTP server process. This could result in the execution of an arbitrary program supplied by an attacker with local access to the host. There is no patch available as of yet. http://online.SecurityFocus.com/cgi-bin/vulns-item.pl?section=discussion&id= 4488 Tools No updates to report at this time. CONTACT US For additions to, or removals from the distribution list for this product, or to report a change in contact information, please send to: Email: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP’s Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP’s Communications Division at: Phone: (613) 991-7066 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the OCIPEP Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible for the information found through these links. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk