|
I hope that this is an appropriate forward to the group. I got it from star base in Evansville Indiana which is the *BASE/400 users group. It may need to be cleaned up at some point to remove the e-mail addresses of the previous forwarders. MacWheel99@aol.com (Alister Wm Macintyre) (Al Mac)
- Subject: FW: NIPC Advisory 00-060
- From: "David Titzer" <dtitzer@xxxxxxxxxxxxx>
- Date: Tue, 5 Dec 2000 10:55:11 -0600
- Delivered-To: starbase_club@bigrivers.com
- Disposition-Notification-To: "David Titzer" <dtitzer@bigrivers.com>
- Importance: Normal
Fellow members, The following is warning from the NIPC (National Infrastructure Protection Center) as is relates to the Internet. Dave Titzer -----Original Message----- From: Marshall D. Bissonnette [mailto:mbissohq@bigrivers.com] Sent: Tuesday, December 05, 2000 9:56 AM To: Dave Titzer Subject: Fw: NIPC Advisory 00-060 -----Original Message----- From: NIPC Watch <nipc.watch@fbi.gov> To: undisclosed-recipients: ; <undisclosed-recipients: ;> Date: Friday, December 01, 2000 1:09 PM Subject: NIPC Advisory 00-060 >Subject: National Infrastructure Protection Center >Advisory 00-060 >"E-Commerce Vulnerabilities" >30 November 2000 > >Based on FBI investigations and other information, the NIPC has observed >that there has recently been an increase in hacker activity specifically >targeting U.S. systems associated with e-commerce and other >internet-hosted sites. The majority of the intrusions have occurred on >Microsoft Windows NT systems, although Unix based operating systems have >been victimized as well. The hackers are exploiting at least three >known system vulnerabilities to gain unauthorized access and download >propriety information. Although these vulnerabilities are not new, this >recent activity warrants additional attention by system administrators. >In most cases, the hacker activity had been ongoing for several months >before the victim became aware of the intrusion. The NIPC strongly >recommends that all computer network systems administrators check >relevant systems and apply updated patches as necessary. Specific >emphasis should be placed on systems related to e-commerce or >e-banking/financial business. The following types of exploits have been >observed: > >Unauthorized Access to IIS Servers through Open Database Connectivity >(ODBC) Data Access with Remote Data Service (RDS): > >Systems Affected: Windows NT running IIS with RDS enabled. >Details: Microsoft Security Bulletin MS99-025, > > NIPC CyberNotes 99-22 >http://www.microsoft.com/technet/security/bulletin/ms99-025.asp, >or >http://www.nipc.gov/warnings/advisories/1999/99-027.htm >http://www.nipc.gov/cybernotes/cybernotes.htm >Summary: This vulnerability allows a malicious remote user to use a web >browser to force a Windows NT server to return information from >Structured Query Language (SQL) databases or to run system commands. > >SQL Query Abuse Vulnerability >Affected Software Versions: Microsoft SQL Server Version 7.0 and >Microsoft Data Engine (MSDE) 1.0 >Details: Microsoft Security Bulletin MS00-14, > NIPC CyberNotes 20-05 >http://www.nipc.gov/cybernotes/cybernotes.htm >http://www.microsoft.com/technet/security/bulletin/ms00-014.asp >Summary: This vulnerability could allow the remote author of a >malicious SQL query to take unauthorized actions on a SQL Server or MSDE >database. > >Registry Permissions Vulnerability >Systems Affected: Windows NT 4.0 Workstation, Windows NT 4.0 Server >Details: Microsoft Security Bulletin MS00-008, > NIPC CyberNotes 20-08 and 20-22 >http://www.microsoft.com/technet/security/bulletin/ms00-008.asp >http://www.nipc.gov/cybernotes/cybernotes.htm >Summary: Users can modify certain registry keys such that: > >• a malicious user could specify code to launch at system crash >• a malicious user could specify code to launch at next login >• an unprivileged user could disable security measures > > > The NIPC is conducting further analysis of this hacker activity and >will provide additional information as it becomes available. > >Please report any illegal or malicious activities to your local FBI >office or the NIPC, and to your military or civilian computer incident >response group, as appropriate. Incidents may be reported online at >www.nipc.gov/incident/cirr.htm. > >
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
