OCIPEP DAILY BRIEF Number: DOB02-068 Date: 27 May 2002

OCIPEP Issues Paper on Mobile Telephone Services

OCIPEP recently issued a paper entitled "Commercial Mobile Telephone
Services and the Canadian Emergency Management Community: Prospects and
Challenges for the Coming Decade." The paper discusses the use of emerging
commercial wireless technologies in emergency management in Canada. New
mobile telecommunications products have been adopted by emergency management
organizations because they are cost-effective and provide a wider range of
services in comparison to traditional land mobile radio. The paper also
describes the growing role of commercial mobile telephone services in
emergency management, and identifies concerns relevant to emergency
preparedness planning in Canada.

Comment: The full report can be viewed at:
http://www.ocipep-bpiepc.gc.ca/research/scie_tech/AndersonGow_1999-D005_e.ht
ml

Ottawa Police Issues Public Security Alert

The Ottawa police over the weekend issued a public security alert, warning
of a credible threat against a synagogue or other gathering place for the
Jewish community in the city. The warning, which was based on an
intelligence report received by the RCMP and Ottawa police, states that an
attack is planned for some time in June. Police have increased patrols
around possible targets including eleven synagogues and several Jewish
community centres, offices and facilities. Mitchell Bellman, executive
director of the Jewish Community Council of Ottawa, said the Jewish
community intends to continue with all scheduled events, commenting that it
is "business as usual." (Source: The National Post, 25 May 2002)
http://www.nationalpost.com/

IN BRIEF

Insurance Policies to Cover Cost of G8 Protest Damage
Insurance policies are expected to cover most damage that may be caused by
protests during the June 26-27 G8 Summit in Calgary, according to an
Insurance Bureau of Canada official. He stated that most all-perils policies
would cover damage resulting from an event such as the G8 Summit. (Source:
CBC News, 25 May 2002)
http://calgary.cbc.ca/template/servlet/View?filename=meet020525

Water Systems on Reserves in Need of Repair
A large number of water systems on reserves across Canada have a high risk
of contamination, according to First Nations chiefs in Ontario. Quoting
information from the Walkerton report indicating that 83 reserves have
high-risk water systems, a spokesperson for the Chiefs of Ontario is asking
the federal government to provide appropriate funding to help First Nations
communities fix the problem. (Source: CBC News, 27 May 2002)
http://www.cbc.ca/stories/2002/05/27/reserve_water020527

FBI Unable to Detect Terrorism: Media Report
The FBI lacks the training and skills to detect domestic terrorism,
according to a media report on Sunday. Following criticism of poor
cooperation between the FBI and CIA,
FBI director Robert Mueller has promised that no field agent's reports of a
threat will be overlooked again. (Source: The Globe and Mail, 27 May 2002)
http://www.globeandmail.ca

Canada Not Immune to Terrorism: Former CSIS Director
Canada's relationship with the U.S. makes it a potential target for Islamic
extremists, according to Reid Morden, former director of the Canadian
Security and Intelligence Service (CSIS). Although "We haven't seen
ourselves as anybody's enemy," Morden points out that Canada has not been
untouched by terrorist activity. He cited events such as Air India Flight
182 and an extremist attack on the Turkish Embassy as examples. (Source: The
Calgary Herald, 26 May 2002)
http://www.canada.com/calgary/calgaryherald/
http://www.canada.com/calgary/calgaryherald/story.asp?id={C29BC45D-0BB7-4200
-B1B7-BCCD40B17EEC}


CYBER UPDATES
See: What's New for the latest Alerts, Advisories and Information Products

Threats

Trend Micro reports on JS_NOCLOSE.E, which is a non-destructive Java Script
that opens several windows upon execution, each connecting to a URL listed
in its body. It then hides the opened windows so that the infected user can
not close them.
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=JS_NOCLOSE.E


Sophos reports on VBS/Redlof-A, which is a virus that infects HTM, HTML,
ASP, PHP, JSP, HTT and VBS files by appending a VBScript containing an
encrypted copy of the virus code to them. The virus exploits the MS VM
ActiveX component vulnerability enabling the virus to be activated by
viewing an infected HTML document at a remote site.
http://sophos.com/virusinfo/analyses/vbsredlofa.html


Sophos reports on WM97/Marker-AK, which is a variant of the WM97/Marker-A
Word macro virus. It has no active malicious payload and does little more
than replicate.
http://sophos.com/virusinfo/analyses/wm97markerak.html


McAfee reports on W97M/Hich.gen, which is a virus that disables Word virus
protection features and the Esc key. It is a parasitic virus that can delete
some or all of the contents of a document.
http://vil.nai.com/vil/content/v_99503.htm

Vulnerabilities

CERT/CC reports on the taskpads ActiveX control included with the MS Windows
98 resource kit and resource kit sampler, as well as the Back Office
resource kit. It was incorrectly marked "safe-for-scripting" and could allow
remote attackers to execute arbitrary commands on a target system with the
privileges of the victim. Follow link for patch information.
http://www.kb.cert.org/vuls/id/28370


CERT/CC reports on a buffer overflow vulnerability in the System Monitor
ActiveX control (sysmon.ocx) for Windows 2000 that could allow a remote
attacker, who can script the control, to execute arbitrary code with the
privileges of the victim. Follow link for patch information.
http://www.kb.cert.org/vuls/id/183397


CERT/CC reports on a buffer overflow vulnerability in the MS Windows 2000
event viewer that allows both privileged and unprivileged users to read and
write to the system and application logs. This could result in the execution
of arbitrary code with the privileges of the person examining the record.
Follow link for patch information.
http://www.kb.cert.org/vuls/id/201704


SecurityFocus provides a report on a vulnerability in Cisco Catalyst that
could cause the unicast traffic between two systems across the switch to be
broadcast to all systems connected to the switch. No known patch is
available as of yet.
http://online.securityfocus.com/bid/4790/discussion/


SecurityFocus provides a report on a vulnerability in Cisco VoIP 7900 series
phones that use a default admin password. This could allow a local attacker
to change configuration information on the phone. View "solution" tab for
patch information.
http://online.securityfocus.com/bid/4799/discussion/


SecurityFocus provides a report on vulnerabilities in Cisco VoIP 7900 series
phones that could result in the web server returning a dump of the contents
of phone memory or a denial-of-service. View "solution" tab for patch
information.
http://online.securityfocus.com/bid/4798/discussion/
http://online.securityfocus.com/bid/4794/discussion/


SecurityFocus provides a report on vulnerabilities in Cisco Broadband
Operating System (CBOS) that can cause a denial-of-service. All three
vulnerabilities can be exploited remotely. Follow link for solution.
http://online.securityfocus.com/advisories/4147


SecurityFocus provides a report on a vulnerability in the Cisco ATA 186
Analog Telephone Adaptor that is provided with a web-based configuration
interface. Authentication is easily circumvented allowing a remote attacker
to view configuration information such as passwords. Follow link for
solution.
http://online.securityfocus.com/advisories/4146


SecurityFocus provides a report on a vulnerability in Microsoft MSDE and SQL
Server 2000 Desktop Engine, which are configured by default with a null
administrative password that could allow a remote attacker to gain admin
access to the database if the password has not been manually changed. View
"solution" tab for workaround information.
http://online.securityfocus.com/bid/4797/discussion/


SecurityFocus provides a report on a vulnerability in MS IIS
ServletExec/ISAPI for MS Windows NT/2000/XP that could result in a
denial-of-service when the JSPServlet is sent an overly long request either
directly or via a request for a JSP file. View "solution" tab for patch
information.
http://online.securityfocus.com/bid/4796/discussion/


SecurityFocus provides a report on a vulnerability in MS IIS
ServletExec/ISAPI for MS Windows NT/2000/XP that discloses the contents of
arbitrary files within the webroot. It does not appear possible to exploit
this condition to break out of the webroot. View "solution" tab for patch
information.
http://online.securityfocus.com/bid/4795/discussion/


SecurityFocus provides a report on a vulnerability in MS IIS
ServletExec/ISAPI for MS Windows NT/2000/XP, which discloses the absolute
path to the webroot directory and could aid in further attacks against the
host running the vulnerable software. View "solution" tab for workaround
information.
http://online.securityfocus.com/bid/4793/discussion/


SecurityFocus provides a report on a buffer overflow vulnerability in
CMailServer that could allow a remote attacker to craft a request that will
result in code execution on the vulnerable system. View "solution" tab for
patch information.
http://online.securityfocus.com/bid/4789/discussion/


SecurityFocus provides a report on a buffer overflow vulnerability in Matu
FTP for MS Windows 95 and 98 Matu FTP Server that could allow a remote
attacker to craft a request that will result in code execution on the
vulnerable system. No known patch is available as of yet.
http://online.securityfocus.com/bid/4792/discussion/


SecurityFocus provides a report on a buffer overflow and format string
vulnerabilities in rarpd for Solaris that could allow a remote attacker to
craft a request that will result in code execution on the vulnerable system.
These conditions are not exploitable and the attacker must be on the local
subnet to exploit this vulnerability. No known patch is available as of yet.
http://online.securityfocus.com/bid/4791/discussion/


SecurityFocus provides a report on a buffer overflow and denial-of-service
vulnerability in /etc/popper. Follow link for solution.
http://online.securityfocus.com/advisories/4148

Tools

There are no updates to report at this time.


CONTACT US

For additions to, or removals from the distribution list for this product,
or to report a change in contact information, please send to:
Email: [EMAIL PROTECTED]

For urgent matters or to report any incidents, please contact OCIPEP’s
Emergency Operations Centre at:

Phone: (613) 991-7000
Fax: (613) 996-0995
Secure Fax: (613) 991-7094
Email: [EMAIL PROTECTED]

For general information, please contact OCIPEP’s Communications Division at:

Phone: (613) 991-7035 or 1-800-830-3118
Fax: (613) 998-9589
Email: [EMAIL PROTECTED]
Web Site: www.ocipep-bpiepc.gc.ca

Disclaimer
The information in the OCIPEP Daily Brief has been drawn from a variety of
external sources. Although OCIPEP makes reasonable efforts to ensure the
accuracy, currency and reliability of the content, OCIPEP does not offer any
guarantee in that regard. The links provided are solely for the convenience
of OCIPEP Daily Brief users. OCIPEP is not responsible for the information
found through these links.







IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk


Reply via email to