In this book of Weekend Reading, we’ve got a blog post from Microsoft Chairman Bill Gates on event for girl and other news from a World Economic Forum in Davos, Switzerland as good as stories on Data Privacy Day, a Kelihos botnet, Windows Phone and Office 365. Don’t skip any of them!
Bill Gates says immature people will change a world. At a World Economic Forum today, Bill Gates participated in a roundtable focused on event for youth, a theme about that he is deeply passionate. To get a rest of this story, review today’s post from Bill on The Official Microsoft Blog. Microsoft General Counsel Brad Smith also participated in a roundtable, and we can review his thoughts on girl and a Opportunity Divide in this post on Microsoft on a Issues.
Microsoft names new suspect in Kelihos case. In an amended complaint filed progressing this week with a U.S. District Court for a Eastern District of Virginia, Microsoft purported that Andrey N. Sabelnikov, a citizen of Russia, is obliged for a operations of a Kelihos botnet. For some-more detail, review this Monday post on The Official Microsoft Blog.
Microsoft partners with D.C. on digital preparation and mercantile growth initiative. The universe is changing fast, driven by changes like globalization and a fast adoption of new technologies. These changes benefaction outrageous opportunities, though they direct new skills and capabilities, generally in a area of scholarship and technology. To assistance District residents navigate these opportunities and challenges, D.C. Mayor Vincent Gray on Wednesday announced a partnership with Microsoft designed to urge a region’s mercantile competitiveness by creation technology, preparation and training some-more permitted to residents and internal businesses. Read this Wednesday post on Microsoft on a Issues for some-more detail.
Microsoft Data Privacy Day: Put your best digital feet forward. In tact of Data Privacy Day 2012, Microsoft is releasing new information about consumer behaviors online and is charity superintendence and tips to assistance people improved conduct their online profiles and say a certain reputation. In an increasingly connected world, all people do online, from responding to emails and texts to clicking a “like” and “retweet” buttons on favorite Web pages, uploading photos and creation purchases online, contributes to their online reputation. Read this press release and this Tuesday post from Microsoft Chief Privacy Officer Brendon Lynch on The Official Microsoft Blog for some-more detail.
UL embraces Microsoft cloud capability services. To assistance emanate a enlightenment of stronger partnership and communication worldwide, Underwriters Laboratories Inc. (UL) has begun deploying Microsoft Office 365, powered by Microsoft Exchange Online, Microsoft SharePoint Online and Microsoft Lync Online, to a 50 offices worldwide, Microsoft announced Wednesday. UL, a tellurian eccentric reserve scholarship company, provides solutions for safer products, processes and work environments for some-more than 66,000 customers. Read this press recover on a Microsoft News Center for a rest of a story.
echoecho: Solving a ‘where are you?’ problem. “Where are you?” is one of a many entire phrases in content messages and phone calls. A series of location-based apps have attempted to assistance mobile users residence a question, though usually Microsoft BizSpark startup echoecho has combined an easy, discerning resolution that works anywhere in a world, regulating any heading smartphone. The mobile app helps users find their friends simply and easily, while assisting strengthen their remoteness as good as their device battery life — and but carrying to join nonetheless another amicable network. Want a rest of a story? Read this feature story on a Microsoft News Center.
Switch from Gmail to Hotmail in 3 easy steps. Hotmail’s come a prolonged way and we really consider it’s value giving Hotmail another look. We’ve started to see some folks make a move from Gmail to Hotmail, and so we wish to share with we how to do this. Read this Thursday post on a Inside Windows Live Blog for some of a tip reasons because people are creation a pierce from Gmail to Hotmail. Also in Hotmail news this week, check out this Tuesday post announcing that Hotmail is now accessible for a Kindle Fire.
February Must Have Xbox LIVE games for Windows Phone. Earlier this week, we announced a Feb line adult of “Must Have Xbox LIVE” games for Windows Phone, including “BulletAsylum,” “Chickens Can’t Fly,” and “Tom Clancy’s Splinter Cell Conviction,” among others. Check ‘em out!
That’s a hang for this book of Weekend Reading! Thanks for interlude by The Official Microsoft Blog!
Posted by Jeff Meisner
Editor, The Official Microsoft Blog
Related Posts:
January 28th, 2012 in
Microsoft |
No Comments
Google has updated a Chrome web browser for three high-risk vulnerabilities, bringing a module to chronicle series 16.0.912.77. Google’s recover records indicate out that one of a bugs, per Safe Browsing navigation, “was bound in 16.0.912.75 though incidentally released from a recover notes,” so this recover indeed mentions 4 vulnerabilities, though usually indeed fixes 3 of them.
The Chrome browser auto-updates on Mac OS X, so we don’t have to worry about downloading a new version.
Related Posts:
Cisco has warned of a disadvantage in a telnet server used in a IronPort Email Security Appliances (ESA) and IronPort Security Management Appliances (SMA) monitoring solutions. The disadvantage could be exploited by an assailant to remotely govern formula on a complement by promulgation a specifically crafted authority to a telnet daemon (telnetd).
A aegis crawl in a encrypt_keyid() duty causes a server to govern a injected formula with complement privileges. Cisco has nonetheless to yield a business with a patch. Users who wish to forestall their systems from being compromised need to deactivate a Telnet server – instructions for doing so can be found in a advisory.
The vulnerability in telnetd was initial described in mid-December of final year in tie with FreeBSD. Shortly afterward it became transparent that a disadvantage could also be exploited underneath Linux. Few systems are expected to still be using telnet servers, however.
Updates are accessible for many distributions, including Red Hat and Debian. Kerberos 5 (krb5-appl) adult to and including chronicle 1.0.2 and Heimdal adult to and including chronicle 1.5.1 are also affected. The disadvantage is already being actively exploited and an exploit for a disadvantage is openly available.
See also:
(ehe)
Related Posts:
Symantec Security Response is wakeful of in-the-wild malware exploiting a Microsoft Windows Media Player ‘winmm.dll’ MIDI File Parsing Remote Buffer Overflow Vulnerability (BID 51292). Microsoft has already issued a patch opposite this vulnerability in a monthly patch recover this January. Applying a patch is strongly recommended.
There are several components concerned in this live attack:
- a.exe
- baby.mid
- i.js
- mp.html
Symantec products detect mp.html and i.js as Trojan.Malscript. The exposed baby.mid record is rescued as Trojan Horse and a end-result file, a.exe, is flagged as Downloader.Darkmegi. The Downloader.Darkmegi showing also covers a integrate of forsaken files: com32.dll and com32.sys.
On a IPS side, i.js is blocked by a Web Attack: Malicious JavaScript signature while a initial feat try is blocked by a Web Attack: Malicious JavaScript Heap Spray Generic signature.
Related Posts:
January 28th, 2012 in
Symantec |
No Comments
By Andrew Wild, CSO, Qualys
January 28th 2012 has been designated “Data Privacy Day.” This is an internationally famous day determined to boost recognition of remoteness and a hurdles that a technologically advanced, “big data” methodical universe poise to a notions about privacy.
It is wholly suitable that everybody should take a few mins to cruise a emanate of remoteness on Data Privacy Day. Technology and a poignant changes to how we promulgate and share information in a Internet age have essentially altered a bargain of privacy. The dual biggest threats to a remoteness currently are endless online amicable networking, and poignant improvements in information analytics.
Continue reading during news.qualys.com/data-privacy-day-2012.html
Related Posts:
January 28th, 2012 in
Qualys |
No Comments
I tend not to try to contest with sites like Facecrooks that specialize in tracking malware issues: however, they’ve usually flagged a fraud that has apparently already duped around 300,000 Facebook users into Liking a fraud page, and are appealing for people to news it to Facebook in a wish of removing a fraud site taken down.
Of course, it’s adult to we either we indeed news it, though it’s evidently a bad suspicion to click on links in messages along a lines of this one:
wooow now we have seen how many hours we spend on Facebook…to find your time click here
Evidently a distant some-more effective offshoot than I’d have thought,…
According to a detailed Facecrooks description, a couple leads to a antagonistic Facebook page that exposes we to several brute Facebook apps and Profile Peeker scams. Going along with it will not usually outcome in your friends being spammed with fraud messages, though display your FB information to other misuse. If you’ve already been bitten by one of these, a Facecrooks essay creates some suggestions as regards how to repair it.
David Harley CITP FBCS CISSP
ESET Senior Research Fellow
.
Related Posts:
January 28th, 2012 in
Eset |
No Comments
Jan. 28 is Data Privacy Day. Microsoft observes it by providing superintendence to assistance consumers some-more safely control their information online. While 2012 is still new, we suggest that people make a fortitude to actively guard and guarantee their online reputation.
As record becomes some-more integrated into people’s lives and a series of connected inclination grows, it is critical to weigh either your online life mirrors a repute we wish others to see.
A person’s interactions online – travelling calm that we emanate and share online and calm that others post about we – are deliberate partial of an online profile. Different people and organizations are means to see opposite collection of a altogether picture. As we go by your day e-mailing, texting, pity information and photos online, creation purchases and more, all these activities can minister to a opinions others form about you.
While a lot depends on who has entrance to a data, any square of personal information that exists online about we – either posted by we or by others – has a intensity to impact how we are viewed by family and friends, an employer, a debt lender and more. Unfortunately, many of us are unknowingly of a accumulative mural combined by this online data.
We are releasing information from a Microsoft-commissioned consult in 5 countries (the U.S., Canada, Germany, Ireland and Spain) that examined peoples’ attitudes and behaviors per their online profiles, and how that information impacts their repute and a reputations of others. As partial of a research, we also wanted to learn how friends, family members or other people competence have shabby a participant’s online form and reputation. The investigate unclosed some engaging results, that are incorporated into this infographic.
· While 91 percent of people have finished something to control their altogether online form during some point, 67 percent feel in control of their online reputation, and 44 percent of adults actively consider about a long-term consequences of their online activities.
· 14 percent of people trust they have been negatively impacted by a online activities of others, even unintentionally so. Of those, 21 percent believed it led to being dismissed from a job, 16 percent being refused health care, 16 percent being incited down for a job, and 15 percent being incited down for a mortgage.
The consult information suggests people in opposite collection of a universe could advantage from larger laxity with accessible remoteness collection and some-more preparation about how a information they share online has suggestive impact on their online profiles and reputations and those of others. To assistance people put their best digital feet forward, we offer a few suggestions about how to improved control online activities that competence impact one’s reputation.
· Stay observant and control your possess “reputation report” from time to time.
o Search all variations of your name in Bing and other renouned hunt engines, and weigh either a formula simulate a repute you’d like to share with a world, including stream or destiny employers, colleagues, friends and family members. Our investigate found that 37 percent of adults never do this.
o If we find information about yourself that is false or reduction than favorable, respectfully ask that a chairman who posted it mislay it or scold an error.
· Consider separating your veteran and personal profiles.
o When we are pursuit hunting, requesting to a propagandize or looking for new word or a loan, remember that your picture online can be a last cause for employing managers and focus reviewers. Be certain to use opposite e-mail addresses, shade names, referring blogs and websites for any profile, and equivocate cross-referencing personal sites.
o Fifty-seven percent of adults consider about holding stairs to keep their work and personal profiles private. However, 17 percent pronounced information dictated to sojourn private had inadvertently been done open online.
o Be prudent about adding personal information to your veteran profile. Only embody information suitable in a veteran context.
· Adjust your remoteness settings.
o In Internet browsers, amicable networking sites, personal blogs and other places where we say personal data, use remoteness settings to assistance control who can see your form or photos, how people can hunt for you, who can criticism and how to retard neglected access. According to a research, 49 percent of adults do not use remoteness settings on amicable networking sites.
o Take advantage of Internet Explorer 9’s tracking protection, that helps retard neglected tracking by third parties. Learn some-more by visiting a Tracking Protection List website. You can also use Internet Explorer’s “InPrivate” browsing mode.
o Learn about your personalized promotion choices around http://choice.live.com/privacy/
o Periodically examination who has entrance to your content. It’s OK to mislay people whom we feel no longer need access.
· Think before we share.
o Think about what we post (particularly personal photos and videos), who we share a information with, and how it reflects on your reputation. Let others know what we do and do not wish shared, and ask them to mislay anything we don’t wish disclosed.
o Our investigate showed that usually 38 percent of adults and 39 percent of kids actively consider about a long-term impact their online activities competence have on someone else’s reputation.
· Be a good digital citizen.
o Always uncover honour for those with whom we rivet directly. It reflects on both we and them, and becomes engrained in your particular online reputations.
The some-more proactively we control your information online, a some-more opportunities we will have to safeguard your online repute creates we proud. For additional guidance, go to www.microsoft.com/security, or review this press release on a Microsoft News Center.
Posted by Brendon Lynch
Chief Privacy Officer, Microsoft
Related Posts:
January 27th, 2012 in
Microsoft |
No Comments
The Opera web browser has been updated to repair a high-risk cross-scripting vulnerability, as good as a low-risk JavaScript issue. Version 11.61 also improves stability. In addition, Opera has combined an auto-update mechanism. When rising chronicle 11.60, users see an ascent notice, and a summary indicates that, “You will never have to ascent manually again, since a newest chronicle of Opera contains an auto-update mechanism.”
Related Posts:
In a center of final week, Symantec certified that a source formula for a series of a products, including pcAnywhere, was stolen in 2006. Now a association has published a white paper
in that it warns opposite regulating a remote PC control module during all, given antagonistic parties could use a source formula to brand and feat confidence vulnerabilities to concede PCs that use a program.
In addition, an assailant with cryptography trust could control man-in-the-middle attacks on encrypted connectors and emanate unapproved connectors to remote machines, thereby potentially gaining entrance to whole networks.
Symantec skeleton to exterminate a famous vulnerabilities in pcAnywhere step by step. A patch was expelled progressing this week, though it doesn’t repair a problem described above. Those who positively need a product should make certain to always have a latest updates and follow a security recommendations in a white paper.
The warnings advise that poignant tools of a source formula have frequency been altered given a theft. Source formula for Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities and Norton GoBack was also stolen, though Symantec assumes that a versions formed on that source formula are no longer in unchanging use and therefore does not trust that a business are during an increasing risk.
Cris Paden, a Symantec spokesman, told Wired’s Threat Level blog that a association “knew there was an occurrence in 2006,” though that “it was vague during a time as to either or not tangible formula was taken or that someone had tangible formula in their hands”. Following claims that a Indian hacking organisation “Lords of Dharmaraja” had stolen Symantec source code, Paden pronounced that a association went behind by a logs and “put 2 and 2 together that there was a source formula theft,” adding that he wasn’t certain how a signs were missed in 2006.
(crve)
Related Posts:
数カ月前から執拗に続く Sykipot による攻撃は、さまざまな業種を標的としていますが、その大部分は軍需産業です。どの攻撃も、何文字かのアルファベットに日付が続く一意の ID がトロイの木馬本体にハードコードされているという特徴があります。数字の前のキーワードが、利用されている Web サーバーのサブドメインのフォルダ名になっている場合もあります。これまでの攻撃で見つかったサンプルを以下に示します。
- alt20111215
- auto20110413
- auto20110420
- be20111010
- chk20111219
- chksrv20111122
- easy20110720w
- easy20110926n
- good20110627
- help20110908
- help20110926
- info20111025
- info20111028
- info20111031G
- insight20111122
- pretty20111101
- pretty20111122
- pub2011124x
- server20111212
- webmail20111122
- world20111205
攻撃者はこの一意の ID を目印にして、業種別、組織別に攻撃を関連付けられるようになっています。
これ以外にも、狙ったユーザーに新しいバイナリを送信する前に使われる、テスト用のステージングサーバーと思しきものを考察する手がかりが残されていました。また、このサーバーは、一定期間コマンド コントロール(CC)サーバーとしても使われていたことが確認されています。サーバーは中国の北京地域に置かれ、中国の大手 ISP 上で稼働していましたが、攻撃者のひとりが浙江省から接続していたケースもあります。このサーバーでは、過去数カ月間で 100 を超える悪質なファイルがホストされ、その多くが Sykipot による攻撃に使われていました。
このサーバー上で見つかったファイル名の例を以下に示します。
- 12-holiday-tips-usagov.pdf
- 12-holiday-tips-usagov.pdf
- be20111010.exe
- fedgovtbenefits.pdf
- fy12 troops compensate draft scanned copy.scr
- fy12-military-pay-chart.pdf
- happy20111025.exe
- info20111025.exe
- inmarsat-financial-info.pdf
- inmarsatpricing.doc
- inmarsatpricing.pdf
- insight20111122.exe
- nui-comisaf silver guidance.pdf
- nwc associate newsletter.pdf
- oem7f7.exe
- president’s summary inside.pdf
- scanned copy.scr
- webmail20111122.exe
- webmail20111205.exe
- world20111205.exe
- world20111205z.exe
各ファイルは、カスタマイズされた Sykipot のバイナリ PDF ファイルで構成され、その中に Skyipot を投下する悪用コードが含まれています。それが大部分を占めますが、ほかにも、パスワードハッシュをコンピュータからダンプするときに使われる ‘gsecdump’ など、侵入に成功した後で動作するツールも発見されました。Microsoft Office の RTF ファイルに存在するスタックバッファオーバーフローの脆弱性(BID 44652)を利用するためのテンプレートも見つかっています。これらのファイルの多くは、システム上で直接生成されるのではなく、別の場所で作成されてシステムにコピーされるようです。FTP 経由でコンピュータにダウンロードされたファイルや、リムーバブルドライブから転送されたファイルがあることも確認されました。
アジアで広く普及しているインスタントメッセージクライアントを使って特定の連絡先から受信され、コンピュータに保存されるファイルもありましたが、この連絡先番号をたどって特定の人物を突き止めるには至りませんでした。
同じグループに属すると思われる別のコンピュータを突き止めることができたことも重要です。このコンピュータでは、検出をくぐり抜けるためにファイルを自動的に変更するツールが利用されていました。以下に、ファイル名の例を示します。
- pdf-miansha2011-12-13-cve-2011-2462-pdfbundletool2011-12-13-cve-2011-2462-pdfbundletoolfenxiint3-1.pdf
- pdf-miansha2011-12-13-cve-2011-2462-pdfbundletool2011-12-13-cve-2011-2462-pdfbundletoolms-77393-req.pdf
- miansha0000eb0_0000005e.bin
- miansha0000f6c_0000005e.bin
- miansha0000fca_0000005e.bin
- miansha00012ba_0000005e.bin
- miansha0001f36_0000005e.bin
- miansha00020ae_0000005e.bin
- miansha00022e2_0000005e.bin
ここで注目すべき点は 2 つあります。1 つ目は、悪質なPDF ファイルの作成に使うツールがすでに広く流通しているということ、2 つ目は、パス名に ‘miansha’ という文字列が含まれていることです。大ざっぱに訳すと「ベール」という意味で、これは検出をくぐり抜ける目的でファイルを変更することを表すときにハッカーが使う隠語です。’fenxi’ という語も見られますが、これは「解析」という意味の中国語です。
こうしたツールが出回っている以上、CVE-2011-2462 の脆弱性を悪用する攻撃がこれからも続くことは間違いありません。
最後になりましたが、前回のブログで挙げたリストに加えて、以下のドメインが Sykipot 攻撃に関与していることが判明しています。
- altchksrv.hostdefence.net
- data.wilsoncallcenter.com
- help.newcarstyle.com
- info.capestonecounty.com
- info.facebook-support.org
- info.wilsoncallcenter.com
- live.tech-att.com
- mail.sixnationtalk.com
- service.1inkedin.net
- bodyshowworld.com
- capestonecounty.com
- welldone123.net
- yahoo-security-center.vicp.net
これらのドメインのなかには、侵入を受けて攻撃に利用されていたものもありますが、ほとんどは Sykipot 攻撃ネットワークの一部として機能することだけを目的として登録されていました。上述の CC ドメインをホストしている同じサーバーから悪質な電子メールが送信されているケースも少なからずあったので、ネットワーク管理者の方は、この情報を利用して攻撃とデータ漏えいに目を光らせておく必要があります。
Sykipot による攻撃は、複数の業種を対象として長期化しています。今回の考察から、攻撃者は中国語に詳しく、中国の国内にあるコンピュータリソースを利用しているものと考えられます。新たな脆弱性を利用し、セキュリティ製品さえくぐり抜けるために自らの「作品」を常に改良し続けていることから、攻撃者が集団であることは明らかであり、Sykipot による攻撃は今後も続くとシマンテックは予測しています。
* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/ja にアクセスしてください。
Related Posts:
January 27th, 2012 in
Symantec |
No Comments
