Return-Path: <sentto-279987-2110-1000984754-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Thu, 20 Sep 2001 04:21:10 -0700 (PDT) Received: (qmail 9424 invoked by uid 510); 20 Sep 2001 11:19:37 -0000 Received: from n33.groups.yahoo.com (216.115.96.83) by 204.181.12.215 with SMTP; 20 Sep 2001 11:19:37 -0000 X-eGroups-Return: sentto-279987-2110-1000984754-fc=all.net@returns.onelist.com Received: from [10.1.4.53] by ei.egroups.com with NNFMP; 20 Sep 2001 11:19:14 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_3_2_2); 20 Sep 2001 11:19:13 -0000 Received: (qmail 21424 invoked from network); 20 Sep 2001 11:19:12 -0000 Received: from unknown (10.1.10.27) by l7.egroups.com with QMQP; 20 Sep 2001 11:19:12 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta2 with SMTP; 20 Sep 2001 11:19:12 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id EAA20058 for iwar@onelist.com; Thu, 20 Sep 2001 04:19:12 -0700 Message-Id: <200109201119.EAA20058@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Thu, 20 Sep 2001 04:19:11 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:REcent.NIPC.assessment.update] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit [FC - According to an Internet maiing list...] The NIPC Daily Report Prepared by WWU 19 September 2001 Significant Changes and Assessment - The National Infrastructure Protection Center (NIPC) issued advisory 01-022 "Mass Mailing Worm W32.Nimda.A@mm." The NIPC received numerous reports that a new worm, named W32.Nimda.A@mm is propagating extensively through the Internet worldwide. The worm is exhibiting many traits of recently successful malicious code attacks such as CODE RED but it is not simply another version of that worm. A computer can become infected through a variety of means ranging from simply viewing an infected Web-page using a browser with no security enabled, to opening a malicious e-mail attachment. The NIPC and several other labs continue to analyze the Nimda worm. Expect additional updates in the near future. Private Sector - In a development that exposes grave risks of news manipulation in a time of crisis, a hacker demonstrated on 18 September, that he could rewrite the text of specific Internet news articles at will, apparently using nothing more than a Web browser and an easily-obtained Internet address. The affected news organization says it has closed the security hole that allowed a 20-year-old hacker to access the portal's web-based production tools and modify a 23 August news story. The hacker says he deliberately chose an old story Tuesday so it would be seen by few readers, while still demonstrating the vulnerability. (Source: SecurityFocus.com, 18 September) One in every 300 e-mails circulating now contains a virus, up from one in every 700 in October last year, according to e-mail security company MessageLabs Ltd. Viruses are growing in sophistication and are thus able to propagate themselves faster and more effectively, the company said on 19 September in a statement regarding the Nimda virus, which surfaced 18 September. (Source: IDG, 19 September) Government - The General Accounting Office (GAO) announced last week that an important Education Department system that supports the department's core financial management functions still contains serious weaknesses that put grants and other financial information at risk of unauthorized access and disclosure. In the past, Education's inspector general has reported serious information system control weaknesses in the department's Central Automated Processing System (EDCAPS), and the department has made progress in addressing those weaknesses, GAO said in a letter on 12 September to the House Education and the Workforce Committee's Select Education Subcommittee. However, GAO still has "identified weaknesses that place critical financial and sensitive grant information at risk of unauthorized access and disclosure, and key operations at risk of disruption," the agency reported. (Source: Federal Computer Weekly, 18 September) International - On 19 September, the W32 Nimda worm attacked Japan, invading computer servers at the Japanese farm ministry and other facilities. The highly infectious bug was found at the agriculture, forestry and fisheries ministry's Web site at 10:00 am (0100 GMT), a ministry official said. "It was the first time a government Web site was attacked by the new virus," said Hidekazu Ito, chief official of the ministry's computer system division. "We have already removed the virus from our site with computer virus vaccine software, but still need to check if there was any secondary damage to our site," The virus also hit a computer server at Yamanashi Gakuin University in Kofu. (Source: Agence France Presse, 19 September) On 18 September, the Ministry of Information and Communication (MIC) issued an alert to Korean Internet servers and the general public that the Nimda virus has struck the country. The MIC and the Korea Information Security Agency (KISA) reported that they had received numerous reports of an "attack" by the virus. The ministry said that there was a patch provided by Microsoft to deal with the Nimda, and advised computer users to download the latest computer vaccines from anti-virus companies. (Source: Seoul Yonhap, 19 September) According to Japanese government sources, on 18 September, Japan, US and other industrialized nations are expected to endorse a draft treaty on preventing cyber crimes when they meet in Strasbourg, France. The treaty, the first international agreement of its kind, is aimed at cooperating to stop cyber attacks and track down perpetrators. It is likely to take effect as early as next summer, rather than Autumn 2002 as expected, following the recent terrorist attacks in the US. The Japanese government is preparing to send bills related to the treaty to the Diet as quickly as possible, authorizing local law-enforcement agencies to punish Japanese nationals found guilty of cyber crimes overseas and penalizing anyone illegally leaking passwords or ID numbers. (Source: Tokyo Nikkei, 18 September) The Hong Kong police force has more than doubled the number of officers dedicated to technology and computer-related crimes. Hong Kong's Commercial Crime Bureau recently set up a new Technology Crime Division led by Senior Superintendent Ng Kam-wing. At least 42 officers within the division will tackle crimes involving the Internet. "The new division, incorporating expanded human and technology resources, will further enhance the Force's IT criminal investigation capabilities, development of accredited computer forensics, legal and technical research related to cyber policing, intelligence gathering and liaison with industry professionals and overseas law enforcement agencies," said Senior Superintendent Ng. (Source: Newsbytes, 19 September) A hacker has cracked a German-based Islamist Web site, publishing on the Web hundreds of e-mail addresses of subscribers to its mailing list, including one of a suspect in last week's terrorist attack on the World Trade Center in New York. The hacker, using the alias "Anonyme Feigling" ("Anonymous Coward"), posted more than 500 addresses to the Swiss news site www.symlink.ch/ on 15 September, unleashing a fierce online debate on the appropriateness of the move. Anonymous Coward also "called the BKA (German criminal police) and reported both the hack and the posting of the list. My name and telephone number are known to them," the hacker wrote. "We're aware of this case and will consider it within the context of our investigation," said a police spokesman. He declined, however, to offer further details or confirm whether police are aware of the hacker's identity. (Source: IDG News Service, 18 September) The new Virus "Nimda" struck Hong Kong and China on 18 September as reported by the Hong Kong Computer Emergency Response Team (HKCERT) and the National Computer Virus Emergency Response Center respectively. (Source: Reuters, 19 September) U.S. SECTOR INFORMATION: Transportation - The Federal Aviation Administration (FAA) plans to take over supervision of airport baggage and passenger screeners from the airlines by the end of the month amid a national outcry for changes to the aviation security system. For the first time, the FAA will certify and fine companies that handle security at airports, the agency has confirmed. "We think this will obviously make the screening companies more accountable," FAA spokesman William Shumann said on 18 September. "They'll have FAA certificates just like airlines do." The agency hasn't yet told airlines or screening companies that supervision is going to change. Some say that airport screening can be improved only by federalizing it, and the new policy moves in that direction. "What this industry needs is a standard certification program, which the federal government could provide. The airlines feel the FAA should be in charge of this security." (Source: Dallas Morning News, 19 September) The Federal Aviation Administration has a plan to create a round-the-clock computer emergency response team that is currently operating. "Instead of going 24-7 in nine months, it is 24-7 now," said Michael F. Brown, director of FAA’s Office of Information Systems Security. Brown said, the FAA would speed up its security research program in conjunction with the Massachusetts Institute of Technology. (Source: Government Computer News, 17 September) Electrical Power - International Atomic Energy Agency experts said nuclear plants across the world are at risk from airborne suicide attacks similar to those which rocked the US last week. There are dozens of different types of nuclear reactors in more than 400 plants worldwide, making them - as well as huge numbers of other targets - very difficult to protect. (Source: Agence France-Presse, 19 September) ------------------------ Yahoo! Groups Sponsor ---------------------~--> Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide! http://us.click.yahoo.com/JNm9_D/33_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:46 PDT