Return-Path: <sentto-279987-2110-1000984754-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Thu, 20 Sep 2001 04:21:10 -0700 (PDT)
Received: (qmail 9424 invoked by uid 510); 20 Sep 2001 11:19:37 -0000
Received: from n33.groups.yahoo.com (216.115.96.83) by 204.181.12.215 with SMTP; 20 Sep 2001 11:19:37 -0000
X-eGroups-Return: sentto-279987-2110-1000984754-fc=all.net@returns.onelist.com
Received: from [10.1.4.53] by ei.egroups.com with NNFMP; 20 Sep 2001 11:19:14 -0000
X-Sender: fc@big.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_3_2_2); 20 Sep 2001 11:19:13 -0000
Received: (qmail 21424 invoked from network); 20 Sep 2001 11:19:12 -0000
Received: from unknown (10.1.10.27) by l7.egroups.com with QMQP; 20 Sep 2001 11:19:12 -0000
Received: from unknown (HELO big.all.net) (65.0.156.78) by mta2 with SMTP; 20 Sep 2001 11:19:12 -0000
Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id EAA20058 for iwar@onelist.com; Thu, 20 Sep 2001 04:19:12 -0700
Message-Id: <200109201119.EAA20058@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Thu, 20 Sep 2001 04:19:11 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:REcent.NIPC.assessment.update]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
[FC - According to an Internet maiing list...]
The NIPC Daily Report
Prepared by WWU
19 September 2001
Significant Changes and Assessment - The National Infrastructure
Protection Center (NIPC) issued advisory 01-022 "Mass Mailing Worm
W32.Nimda.A@mm." The NIPC received numerous reports that a new worm,
named W32.Nimda.A@mm is propagating extensively through the Internet
worldwide. The worm is exhibiting many traits of recently successful
malicious code attacks such as CODE RED but it is not simply another
version of that worm. A computer can become infected through a variety
of means ranging from simply viewing an infected Web-page using a
browser with no security enabled, to opening a malicious e-mail
attachment. The NIPC and several other labs continue to analyze the
Nimda worm. Expect additional updates in the near future.
Private Sector - In a development that exposes grave risks of news
manipulation in a time of crisis, a hacker demonstrated on 18 September,
that he could rewrite the text of specific Internet news articles at
will, apparently using nothing more than a Web browser and an
easily-obtained Internet address. The affected news organization says
it has closed the security hole that allowed a 20-year-old hacker to
access the portal's web-based production tools and modify a 23 August
news story. The hacker says he deliberately chose an old story Tuesday
so it would be seen by few readers, while still demonstrating the
vulnerability. (Source: SecurityFocus.com, 18 September)
One in every 300 e-mails circulating now contains a virus, up from one
in every 700 in October last year, according to e-mail security company
MessageLabs Ltd. Viruses are growing in sophistication and are thus
able to propagate themselves faster and more effectively, the company
said on 19 September in a statement regarding the Nimda virus, which
surfaced 18 September. (Source: IDG, 19 September)
Government - The General Accounting Office (GAO) announced last week
that an important Education Department system that supports the
department's core financial management functions still contains serious
weaknesses that put grants and other financial information at risk of
unauthorized access and disclosure. In the past, Education's inspector
general has reported serious information system control weaknesses in
the department's Central Automated Processing System (EDCAPS), and the
department has made progress in addressing those weaknesses, GAO said in
a letter on 12 September to the House Education and the Workforce
Committee's Select Education Subcommittee. However, GAO still has
"identified weaknesses that place critical financial and sensitive grant
information at risk of unauthorized access and disclosure, and key
operations at risk of disruption," the agency reported. (Source:
Federal Computer Weekly, 18 September)
International - On 19 September, the W32 Nimda worm attacked Japan,
invading computer servers at the Japanese farm ministry and other
facilities. The highly infectious bug was found at the agriculture,
forestry and fisheries ministry's Web site at 10:00 am (0100 GMT), a
ministry official said. "It was the first time a government Web site
was attacked by the new virus," said Hidekazu Ito, chief official of the
ministry's computer system division. "We have already removed the virus
from our site with computer virus vaccine software, but still need to
check if there was any secondary damage to our site," The virus also hit
a computer server at Yamanashi Gakuin University in Kofu. (Source:
Agence France Presse, 19 September)
On 18 September, the Ministry of Information and Communication (MIC)
issued an alert to Korean Internet servers and the general public that
the Nimda virus has struck the country. The MIC and the Korea
Information Security Agency (KISA) reported that they had received
numerous reports of an "attack" by the virus. The ministry said that
there was a patch provided by Microsoft to deal with the Nimda, and
advised computer users to download the latest computer vaccines from
anti-virus companies. (Source: Seoul Yonhap, 19 September)
According to Japanese government sources, on 18 September, Japan, US and
other industrialized nations are expected to endorse a draft treaty on
preventing cyber crimes when they meet in Strasbourg, France. The
treaty, the first international agreement of its kind, is aimed at
cooperating to stop cyber attacks and track down perpetrators. It is
likely to take effect as early as next summer, rather than Autumn 2002
as expected, following the recent terrorist attacks in the US. The
Japanese government is preparing to send bills related to the treaty to
the Diet as quickly as possible, authorizing local law-enforcement
agencies to punish Japanese nationals found guilty of cyber crimes
overseas and penalizing anyone illegally leaking passwords or ID
numbers. (Source: Tokyo Nikkei, 18 September)
The Hong Kong police force has more than doubled the number of officers
dedicated to technology and computer-related crimes. Hong Kong's
Commercial Crime Bureau recently set up a new Technology Crime Division
led by Senior Superintendent Ng Kam-wing. At least 42 officers within
the division will tackle crimes involving the Internet. "The new
division, incorporating expanded human and technology resources, will
further enhance the Force's IT criminal investigation capabilities,
development of accredited computer forensics, legal and technical
research related to cyber policing, intelligence gathering and liaison
with industry professionals and overseas law enforcement agencies," said
Senior Superintendent Ng. (Source: Newsbytes, 19 September)
A hacker has cracked a German-based Islamist Web site, publishing on the
Web hundreds of e-mail addresses of subscribers to its mailing list,
including one of a suspect in last week's terrorist attack on the World
Trade Center in New York. The hacker, using the alias "Anonyme
Feigling" ("Anonymous Coward"), posted more than 500 addresses to the
Swiss news site www.symlink.ch/ on 15 September, unleashing a fierce
online debate on the appropriateness of the move. Anonymous Coward also
"called the BKA (German criminal police) and reported both the hack and
the posting of the list. My name and telephone number are known to
them," the hacker wrote. "We're aware of this case and will consider it
within the context of our investigation," said a police spokesman. He
declined, however, to offer further details or confirm whether police
are aware of the hacker's identity. (Source: IDG News Service, 18
September) The new Virus "Nimda" struck Hong Kong and China on 18
September as reported by the Hong Kong Computer Emergency Response Team
(HKCERT) and the National Computer Virus Emergency Response Center
respectively. (Source: Reuters, 19 September)
U.S. SECTOR INFORMATION:
Transportation - The Federal Aviation Administration (FAA) plans to take
over supervision of airport baggage and passenger screeners from the
airlines by the end of the month amid a national outcry for changes to
the aviation security system. For the first time, the FAA will certify
and fine companies that handle security at airports, the agency has
confirmed. "We think this will obviously make the screening companies
more accountable," FAA spokesman William Shumann said on 18 September.
"They'll have FAA certificates just like airlines do." The agency hasn't
yet told airlines or screening companies that supervision is going to
change. Some say that airport screening can be improved only by
federalizing it, and the new policy moves in that direction. "What this
industry needs is a standard certification program, which the federal
government could provide. The airlines feel the FAA should be in charge
of this security." (Source: Dallas Morning News, 19 September)
The Federal Aviation Administration has a plan to create a
round-the-clock computer emergency response team that is currently
operating. "Instead of going 24-7 in nine months, it is 24-7 now," said
Michael F. Brown, director of FAA’s Office of Information Systems
Security. Brown said, the FAA would speed up its security research
program in conjunction with the Massachusetts Institute of Technology.
(Source: Government Computer News, 17 September)
Electrical Power - International Atomic Energy Agency experts said
nuclear plants across the world are at risk from airborne suicide
attacks similar to those which rocked the US last week. There are
dozens of different types of nuclear reactors in more than 400 plants
worldwide, making them - as well as huge numbers of other targets - very
difficult to protect. (Source: Agence France-Presse, 19 September)
------------------------ Yahoo! Groups Sponsor ---------------------~-->
Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide!
http://us.click.yahoo.com/JNm9_D/33_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->
------------------
http://all.net/
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:46 PDT