OCIPEP DAILY BRIEF Number: DOB02-148 Date: 19 September 2002 http://www.ocipep.gc.ca/DOB/DOB02-148_e.html
NEWS U.S. National Strategy to Secure Cyberspace - Links Update Details of the draft strategy were first reported yesterday in DOB02-146. The OCIPEP Information Note regarding the draft strategy can be viewed at: http://www.ocipep.gc.ca/emergencies/info_notes/IN02_006_e.html The draft National Strategy to Secure Cyberspace can be viewed at: http://www.whitehouse.gov/pcipb/cyberstrategy-draft.pdf IN BRIEF Prime Minister assures that Kyoto will not be lethal for economy While speaking at a Liberal fundraiser in Calgary, the Prime Minister came to the defence of the Kyoto protocol yesterday evening, making assurances that it would not cause any catastrophes in the job market and investment sectors as voiced by several provincial government leaders, particularly Alberta. With the support of Canadian business leaders and oil companies, the Alberta government began a $1.5-million anti-Kyoto public relations campaign yesterday. (Source: thestar.com, 19 September 2002) Click here for the source article Halifax plans to clean up harbour Halifax Regional Council will raise $210 million of the $315 million required to fund the Halifax Harbour Solutions Project. This project aims to construct three sewage treatment plants to process raw sewage before it is dumped in the harbour. The Nova Scotia government has pledged to contribute $30 million to the project and it is hoped that the remainder of the funds will be provided by the federal government. (Source: THE GLOBE AND MAIL, 18 September 2002) Click here for the source article Comment: The clean-up of the heavily polluted Halifax Harbour has been a difficult issue for the Nova Scotia provincial government for the past 20 years. The dumping of untreated sanitary and storm wastewater into the harbour has caused numerous problems, including widespread bacterial contamination and the prohibition of shellfish harvesting in the harbour. The web page for the Halifax Harbour Solutions Project can be viewed at: http://www.region.halifax.ns.ca/harboursol/project_summary.html Winnipeg sewage dumping to be investigated This week's accidental dumping of raw sewage in Manitoba's Red River will be investigated by federal fisheries officials to determine if charges will be laid under the federal Fisheries Act. The act prohibits the dumping of harmful material into a body of water which contains fish. The investigation will focus on whether negligence was a factor in this incident. (Source: CBC Manitoba, 18 September 2002) Click here for the source article Comment: Details of this incident were first reported yesterday in DOB02-147 . Winnipeg residents have been advised to continue using their water and sewer services as usual. Internet cable: Growing popularity in the U.S. According to an U.S. research company, cable modems remain the primary means used by North Americans for connecting to the Internet. The study revealed that 58 percent of high-speed Internet users in the U.S. were accessing the web via cable compared to one third of consumers using digital subscriber lines (DSL) . The research company noted that in Canada, there are more DSL users in central and eastern Canada compared to more cable users in western Canada. (Source: THE GLOBE AND MAIL, 18 September, 2002) Click here for the source article CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats McAfee Security reports on BackDoor-AKR, which is a Trojan horse that copies itself to Windows system directory as internat.dic and Windows directory as notepad.jmp. It opens TCP port 3721 to allow a remote attacker to connect to the infected system and perform various tasks. http://vil.nai.com/vil/content/v_99695.htm McAfee Security reports on Jekord, which is a Trojan horse written in Borland Delphi that reads through the victim's browser history files and cookie data. It may attempt to mail information to its creator. http://vil.nai.com/vil/content/v_99701.htm Trend Micro reports on VBS_INA.A, which is a VBScript malware that uses Outlook e-mail to propagate copies of the batch file malware, BAT_INA.A. It arrives with the subject line "hehe, isn't that fascinating..." and the attachment "BAT.INA.BAT". http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_INA.A Vulnerabilities SecurityFocus reports on a remotely exploitable denial-of-service vulnerability in MS Windows XP Professional and .NET Standard Server Beta 3. View the "Solution" tab for workaround information. http://online.securityfocus.com/bid/5713/discussion/ SecurityFocus reports on a remotely exploitable keystroke injection vulnerability in MS Windows RDP that could allow an attacker to inject maliciously crafted packets into a session. View the "Solution" tab for workaround information. http://online.securityfocus.com/bid/5712/discussion/ SecurityFocus reports on a locally exploitable session hijacking vulnerability in MS Netmeeting 3.0.1 4.4.3385 that could allow an attacker to gain the privileges of the locally logged on user. No known patch is available at this time. http://online.securityfocus.com/bid/5715/discussion/ SecurityFocus reports on a remotely exploitable packet information leakage vulnerability in MS Windows Encrypted RDP that could allow an attacker to deduce certain things about the nature of the traffic. No known patch is available at this time. http://online.securityfocus.com/bid/5711/discussion/ SecuriTeam reports on a remotely exploitable IP Spoofing vulnerability in Sygate Personal Firewall 5.0. Follow the link for workaround information. http://www.securiteam.com/windowsntfocus/5WP0I2A8AI.html Patches: New packages are now available for Debian PHP. (SecurityFocus) http://online.securityfocus.com/advisories/4486 Additional vulnerabilities were reported in the following products: Opera Web Browser 6.0.1 linux denial-of-service vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5717/discussion/ PlanetDNS PlanetWeb 1.14 buffer overflow vulnerability. (SecurityFocus) http://online.securityfocus.com/bid/5710/discussion/ NetBSD setlocale (multiple versions) buffer overflow vulnerability. (SecurityFocus) http://online.securityfocus.com/advisories/4481 NetBSD mbone tools and pppd buffer overflow vulnerability. (SecurityFocus) http://online.securityfocus.com/advisories/4483 NetBSD NFS server code denial-of-service vulnerability. (SecurityFocus) http://online.securityfocus.com/advisories/4482 NetBSD kfd daemon vulnerabilities. (SecurityFocus) http://online.securityfocus.com/advisories/4484 OpenSSH 3.4p1 password disclosure vulnerability. (SecuriTeam) http://www.securiteam.com/unixfocus/5VP0H2A8AK.html Entrust GetAccess arbitrary file disclosure vulnerability. (CERT/CC) http://www.kb.cert.org/vuls/id/243243 Tools IRCCrypt 1.3 beta is a local IRC Proxy-style utility that provides application-layer encryption for public channels. (ISSO) http://readyresponse.dynu.com/isso/projects/irccrypt/ CONTACT US For additions to, or removals from the distribution list for this product, or to report a change in contact information, please send to: Email: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP’s Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP’s Communications Division at: Phone: (613) 991-7035 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the OCIPEP Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible for the information found through these links. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk