DAILY BRIEF Number: DOB02-158 Date: 03 October 2002 http://www.ocipep.gc.ca/DOB/DOB02-158_e.html
NEWS Kyoto and Beyond A report prepared for The David Suzuki Foundation and the Canadian Climate Action Network (CANet) entitled "Kyoto and Beyond: The Low Emission Path to Innovation and Efficiency" proposes several measures that are key to meeting Kyoto requirements. These include energy conservation; efficiency improvements; decreasing electric heat usage; industrial cogeneration; increased usage of wind and other renewable sources; and, in the long term, increased imports of hydroelectricity. The report can be viewed in PDF format at the following address: http://www.davidsuzuki.org/files/Kyoto_Beyond_LR.pdf Comment: There has been considerable media attention lately to the issue of alternate means of power production. The Conservation Council of New Brunswick (CCNB) and CANet stated Wednesday that rebuilding nuclear power plants and using them as an alternative to carbon dioxide-producing fossil fuels wouldn't necessarily assist Canada in reaching Kyoto Protocol targets. A spokesperson from the CCNB contends that the province's nuclear power generating station at Point Lepreau has outlived its usefulness and that funding the extension of its lifespan will only serve to delay the development of alternative methods of energy production. As reported in the OCIPEP Daily Brief DOB02-152, released 25 September 2002, New Brunswick Power is looking to make substantial renovations to keep the Point Lepreau nuclear generating station operational past its planned closing date in 2006. http://www.web.net/~ccnb/news/current/kyoto_press.htm http://www.web.net/~ccnb/news/current/kyoto_stmnt.htm Hurricane Lili halts U.S. gulf refinery production Hurricane Lili is affecting the U.S. oil production industry as refineries in Port Arthur, Texas, and Louisiana, including the Louisiana Offshore Oil Port (the largest oil port in the U.S.), are shutting down because of the storm. Such closures are depleting the market of more than 500,000 barrels of oil per day. (Source: Forbes.com, 02 October 2002) Click here for the source article Comment: Hurricane Lili has been downgraded to a category 2 hurricane. A projected track of the hurricane shows that Lili will be situated south of the Ontario/Great Lakes area by October 5. The projected track can be viewed on the Environment Canada's web site at: http://www.ns.ec.gc.ca/weather/hurricane/current6.html EPA releases Homeland Security Strategy On October 2, the U.S. Environmental Protection Agency (EPA) released its Strategic Plan for Homeland Security, which is intended to support the U.S. President's National Strategy for Homeland Security and the efforts undertaken by the new Department of Homeland Security. The plan divides the EPA's homeland security responsibilities into four areas: critical infrastructure protection; preparedness, response, and recovery; communication and information; and, protection of EPA personnel and infrastructure. For each mission area, goals, tactics, and results are outlined. The EPA's homeland security responsibilities include protection of water infrastructure; cleanup following biological or chemical attacks; "reducing the vulnerability of the chemical industry and hazardous materials sector of the nation's critical infrastructure"; and, involvement in response to and recovery from radiological attacks. (Source: www.epa.gov, October 2, 2002) Click here for the source article Comment: The EPA noted in the plan that although it had lead agency status in several homeland security areas, that status was subject to change along with its Homeland Security Strategy, as the Department of Homeland Security may absorb some of those responsibilities as it develops. The EPA has bolstered its response, preparedness and recovery capabilities since 11 September 2001 by providing training and better equipping response teams, issuing water system security grants and announcing plans for a center to coordinate research in areas such as building decontamination, rapid risk assessment and drinking water protection. For the full text of the EPA's Strategic Plan for Homeland Security, please go to: http://www.epa.gov/epahome/downloads/epa_homeland_security_strategic_pla n.pdf IN BRIEF Ontario hydro dam alert system will be improved The Ontario Energy Minister stated yesterday that the government has ordered modifications to their computerized warning system at the province's hydroelectric dams following a tragic accident near Calabogie that caused the death of a mother and son in June 2002. Comment: The Members' Statements regarding hydro dam safety can be viewed at: http://hansardindex.ontla.on.ca/hansardeissue/37-3/l035a.htm. Bruce power tables environmental impact study for restart of two nuclear reactors The Canadian Nuclear Safety Commission (CNSC) has released an Environmental Assessment (EA) Study Report for public comment. The study was prepared by Bruce Power for the proposed restart of Bruce units 3 and 4 at the Bruce A Nuclear Generating Station. The release of the study follows the request filed by Bruce Power to restart the two nuclear reactors in the fall of 2001 and the issuing of the environmental assessment guidelines by the CNSC in April 2002. (Source: Canadian Nuclear Association Newsletter, 2 October 2002-at the time of the Daily Brief release, the Newsletter was not yet available online; however, to view the CNA Newsletters web page, please go to: CNA - Newsletters) Comment: To view the Bruce Power EA Study Report, please go to: http://www.brucepower.com/restart/ea/reports/index.html Firms respond to White House cybersecurity call Five security firms, including Foundstone, TippingPoint, Internet Security Systems Inc. and Qualys Inc., are expected to introduce product upgrades that address the vulnerabilities highlighted by the GSA/NIPC/SANS report, which was released 2 October 2002. In the past, one of the main cyber security problems was that vendors were unable to agree on what the main security flaws were. (Source: www.csoonline.com) Click here for the source article Comment: As reported in the OCIPEP Daily Brief DOB02-157, released 2 October 2002, OCIPEP has produced an Information Note, IN02-007, regarding the Top 20 Internet security vulnerabilities. CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats There are no new updates to report at this time. Vulnerabilities SecurityFocus reports on a locally exploitable vulnerability in HP OpenVMS Potential POP server (multiple versions) that could allow a local authorized non-privileged attacker to gain unauthorized privileges or access to privileged files. Follow the link for more information. http://online.securityfocus.com/advisories/4516 SecuriTeam reports on flood ACK packets causing the IBM Secureway Firewall 4.2.x on aix to hang. Follow the link for more information. http://www.securiteam.com/unixfocus/6E0020A5PS.html Additional vulnerabilities were reported in the following products: Trolltech Qt Assistant 1.0 unauthorized access vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5833/discussion/ WN Server (multiple versions) buffer overflow vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5831/discussion/ Monkey (multiple versions) HTTP Server multiple cross-site scripting vulnerabilities. (SecurityFocus) http://online.securityfocus.com/bid/5829/discussion/ Sun ONE Starter Kit 2.0 / ASTAware SearchDisc 3.1 Search Engine directory traversal vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5828/discussion/ Eric S. Raymond Fetchmail (multiple versions) Multidrop Mode heap overflow, denial-of-service and buffer overflow vulnerabilities. (SecurityFocus) http://online.securityfocus.com/bid/5827/discussion/ http://online.securityfocus.com/bid/5826/discussion/ http://online.securityfocus.com/bid/5825/discussion/ BearShare 4.0.5 directory traversal vulnerability resurfaces. (SecuriTeam) http://www.securiteam.com/windowsntfocus/6D0010A5PU.html Sendmail 8.12.6 and 8.11.6-15 smrsh bypass vulnerabilities. (SecuriTeam) http://www.securiteam.com/unixfocus/6F0030A5PG.html Allot's NetEnforcer privilege elevation vulnerability. (Security Tracker) http://www.infosyssec.com/cgi-bin/link.cgi?target=http://www.infosyssec. com/infosyssec/aaa33.htm CGI-Telnet Perl Script 1.1 for Web Servers password file disclosure vulnerability. (Security Tracker) http://www.infosyssec.com/cgi-bin/link.cgi?target=http://www.infosyssec. com/infosyssec/aaa33.htm Tools There are no new updates to report at this time. CONTACT US For additions to, or removals from the distribution list for this product, or to report a change in contact information, please send to: Email: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP's Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP's Communications Division at: Phone: (613) 991-7035 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the OCIPEP Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible for the information found through these links. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk
