OCIPEP DAILY BRIEF Number: DOB02-068 Date: 27 May 2002 OCIPEP Issues Paper on Mobile Telephone Services
OCIPEP recently issued a paper entitled "Commercial Mobile Telephone Services and the Canadian Emergency Management Community: Prospects and Challenges for the Coming Decade." The paper discusses the use of emerging commercial wireless technologies in emergency management in Canada. New mobile telecommunications products have been adopted by emergency management organizations because they are cost-effective and provide a wider range of services in comparison to traditional land mobile radio. The paper also describes the growing role of commercial mobile telephone services in emergency management, and identifies concerns relevant to emergency preparedness planning in Canada. Comment: The full report can be viewed at: http://www.ocipep-bpiepc.gc.ca/research/scie_tech/AndersonGow_1999-D005_e.ht ml Ottawa Police Issues Public Security Alert The Ottawa police over the weekend issued a public security alert, warning of a credible threat against a synagogue or other gathering place for the Jewish community in the city. The warning, which was based on an intelligence report received by the RCMP and Ottawa police, states that an attack is planned for some time in June. Police have increased patrols around possible targets including eleven synagogues and several Jewish community centres, offices and facilities. Mitchell Bellman, executive director of the Jewish Community Council of Ottawa, said the Jewish community intends to continue with all scheduled events, commenting that it is "business as usual." (Source: The National Post, 25 May 2002) http://www.nationalpost.com/ IN BRIEF Insurance Policies to Cover Cost of G8 Protest Damage Insurance policies are expected to cover most damage that may be caused by protests during the June 26-27 G8 Summit in Calgary, according to an Insurance Bureau of Canada official. He stated that most all-perils policies would cover damage resulting from an event such as the G8 Summit. (Source: CBC News, 25 May 2002) http://calgary.cbc.ca/template/servlet/View?filename=meet020525 Water Systems on Reserves in Need of Repair A large number of water systems on reserves across Canada have a high risk of contamination, according to First Nations chiefs in Ontario. Quoting information from the Walkerton report indicating that 83 reserves have high-risk water systems, a spokesperson for the Chiefs of Ontario is asking the federal government to provide appropriate funding to help First Nations communities fix the problem. (Source: CBC News, 27 May 2002) http://www.cbc.ca/stories/2002/05/27/reserve_water020527 FBI Unable to Detect Terrorism: Media Report The FBI lacks the training and skills to detect domestic terrorism, according to a media report on Sunday. Following criticism of poor cooperation between the FBI and CIA, FBI director Robert Mueller has promised that no field agent's reports of a threat will be overlooked again. (Source: The Globe and Mail, 27 May 2002) http://www.globeandmail.ca Canada Not Immune to Terrorism: Former CSIS Director Canada's relationship with the U.S. makes it a potential target for Islamic extremists, according to Reid Morden, former director of the Canadian Security and Intelligence Service (CSIS). Although "We haven't seen ourselves as anybody's enemy," Morden points out that Canada has not been untouched by terrorist activity. He cited events such as Air India Flight 182 and an extremist attack on the Turkish Embassy as examples. (Source: The Calgary Herald, 26 May 2002) http://www.canada.com/calgary/calgaryherald/ http://www.canada.com/calgary/calgaryherald/story.asp?id={C29BC45D-0BB7-4200 -B1B7-BCCD40B17EEC} CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Trend Micro reports on JS_NOCLOSE.E, which is a non-destructive Java Script that opens several windows upon execution, each connecting to a URL listed in its body. It then hides the opened windows so that the infected user can not close them. http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=JS_NOCLOSE.E Sophos reports on VBS/Redlof-A, which is a virus that infects HTM, HTML, ASP, PHP, JSP, HTT and VBS files by appending a VBScript containing an encrypted copy of the virus code to them. The virus exploits the MS VM ActiveX component vulnerability enabling the virus to be activated by viewing an infected HTML document at a remote site. http://sophos.com/virusinfo/analyses/vbsredlofa.html Sophos reports on WM97/Marker-AK, which is a variant of the WM97/Marker-A Word macro virus. It has no active malicious payload and does little more than replicate. http://sophos.com/virusinfo/analyses/wm97markerak.html McAfee reports on W97M/Hich.gen, which is a virus that disables Word virus protection features and the Esc key. It is a parasitic virus that can delete some or all of the contents of a document. http://vil.nai.com/vil/content/v_99503.htm Vulnerabilities CERT/CC reports on the taskpads ActiveX control included with the MS Windows 98 resource kit and resource kit sampler, as well as the Back Office resource kit. It was incorrectly marked "safe-for-scripting" and could allow remote attackers to execute arbitrary commands on a target system with the privileges of the victim. Follow link for patch information. http://www.kb.cert.org/vuls/id/28370 CERT/CC reports on a buffer overflow vulnerability in the System Monitor ActiveX control (sysmon.ocx) for Windows 2000 that could allow a remote attacker, who can script the control, to execute arbitrary code with the privileges of the victim. Follow link for patch information. http://www.kb.cert.org/vuls/id/183397 CERT/CC reports on a buffer overflow vulnerability in the MS Windows 2000 event viewer that allows both privileged and unprivileged users to read and write to the system and application logs. This could result in the execution of arbitrary code with the privileges of the person examining the record. Follow link for patch information. http://www.kb.cert.org/vuls/id/201704 SecurityFocus provides a report on a vulnerability in Cisco Catalyst that could cause the unicast traffic between two systems across the switch to be broadcast to all systems connected to the switch. No known patch is available as of yet. http://online.securityfocus.com/bid/4790/discussion/ SecurityFocus provides a report on a vulnerability in Cisco VoIP 7900 series phones that use a default admin password. This could allow a local attacker to change configuration information on the phone. View "solution" tab for patch information. http://online.securityfocus.com/bid/4799/discussion/ SecurityFocus provides a report on vulnerabilities in Cisco VoIP 7900 series phones that could result in the web server returning a dump of the contents of phone memory or a denial-of-service. View "solution" tab for patch information. http://online.securityfocus.com/bid/4798/discussion/ http://online.securityfocus.com/bid/4794/discussion/ SecurityFocus provides a report on vulnerabilities in Cisco Broadband Operating System (CBOS) that can cause a denial-of-service. All three vulnerabilities can be exploited remotely. Follow link for solution. http://online.securityfocus.com/advisories/4147 SecurityFocus provides a report on a vulnerability in the Cisco ATA 186 Analog Telephone Adaptor that is provided with a web-based configuration interface. Authentication is easily circumvented allowing a remote attacker to view configuration information such as passwords. Follow link for solution. http://online.securityfocus.com/advisories/4146 SecurityFocus provides a report on a vulnerability in Microsoft MSDE and SQL Server 2000 Desktop Engine, which are configured by default with a null administrative password that could allow a remote attacker to gain admin access to the database if the password has not been manually changed. View "solution" tab for workaround information. http://online.securityfocus.com/bid/4797/discussion/ SecurityFocus provides a report on a vulnerability in MS IIS ServletExec/ISAPI for MS Windows NT/2000/XP that could result in a denial-of-service when the JSPServlet is sent an overly long request either directly or via a request for a JSP file. View "solution" tab for patch information. http://online.securityfocus.com/bid/4796/discussion/ SecurityFocus provides a report on a vulnerability in MS IIS ServletExec/ISAPI for MS Windows NT/2000/XP that discloses the contents of arbitrary files within the webroot. It does not appear possible to exploit this condition to break out of the webroot. View "solution" tab for patch information. http://online.securityfocus.com/bid/4795/discussion/ SecurityFocus provides a report on a vulnerability in MS IIS ServletExec/ISAPI for MS Windows NT/2000/XP, which discloses the absolute path to the webroot directory and could aid in further attacks against the host running the vulnerable software. View "solution" tab for workaround information. http://online.securityfocus.com/bid/4793/discussion/ SecurityFocus provides a report on a buffer overflow vulnerability in CMailServer that could allow a remote attacker to craft a request that will result in code execution on the vulnerable system. View "solution" tab for patch information. http://online.securityfocus.com/bid/4789/discussion/ SecurityFocus provides a report on a buffer overflow vulnerability in Matu FTP for MS Windows 95 and 98 Matu FTP Server that could allow a remote attacker to craft a request that will result in code execution on the vulnerable system. No known patch is available as of yet. http://online.securityfocus.com/bid/4792/discussion/ SecurityFocus provides a report on a buffer overflow and format string vulnerabilities in rarpd for Solaris that could allow a remote attacker to craft a request that will result in code execution on the vulnerable system. These conditions are not exploitable and the attacker must be on the local subnet to exploit this vulnerability. No known patch is available as of yet. http://online.securityfocus.com/bid/4791/discussion/ SecurityFocus provides a report on a buffer overflow and denial-of-service vulnerability in /etc/popper. Follow link for solution. http://online.securityfocus.com/advisories/4148 Tools There are no updates to report at this time. CONTACT US For additions to, or removals from the distribution list for this product, or to report a change in contact information, please send to: Email: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP’s Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP’s Communications Division at: Phone: (613) 991-7035 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the OCIPEP Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible for the information found through these links. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk