群兆資訊-資訊安全新聞

MS12-006 - Important : Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584) - Version: 1.1

2012-01-18T08:00:00Z

Severity Rating: Important
Revision Note: V1.1 (January 18, 2012): Added MS10-085 as a bulletin replaced by the KB2585542 update for Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, and Windows Server 2008 R2 for Itanium-based Systems. This is an informational change only. There were no changes to the detection logic or the update files.
Summary: This security update resolves a publicly disclosed vulnerability in SSL 3.0 and TLS 1.0. This vulnerability affects the protocol itself and is not specific to the Windows operating system. The vulnerability could allow information disclosure if an attacker intercepts encrypted web traffic served from an affected system. TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected.

一般使用者重隱私行動商務要安全也要操作便利

2012-02-20T00:00:00Z

電腦與手機已成為商務人士每天離不開的雙螢幕。行銷人員看準這股趨勢，網路／手機廣告成長率屢創新高。也因此，上週傳出Google迴避Safari的隱私設定，透過cookie提供針對使用者網路瀏覽行為的相對應廣告，引起iphone/ipad使用者不滿。

主管機關應主動協助降低個資法對企業衝擊

2012-02-20T00:00:00Z

個資法2010年4月三讀通過，2011年11月法務部公告施行細則草案，由於新法大幅提昇個人資料保護嚴謹度，與舊法規範差異甚大，企業反彈聲浪不小，尤其2011年11月法務部公告施行細則草案後，民間意見可說如雪片般飛來，其中爭議最多的條文就是，第6條特種個資的定義，與第54條間接蒐集個資的告知義務。

Path自動存取使用者通訊錄手機APP隱私爭議不斷

2012-02-20T00:00:00Z

手機APP私下蒐集使用者個資的案例再添一椿，行動社交應用程式Path被爆在未經使用者同意下，自動存取通訊錄並上傳至Path伺服器中。 ....

個資標準夯　金融業偏愛BS 10012

2012-02-20T00:00:00Z

個資法上路日期愈來愈近，企業因應動作也日益積極，除了採購資安設備外，許多企業也許劃導入相關認證標準，以證實自身的確已善盡管理責任。....

假身分證字號購台鐵票觸偽造文書刑責

2012-02-20T00:00:00Z

近來新竹市有一名歐姓民眾，因為使用偽造的身分證字號在網路上訂購台鐵車票，而遭到6個月判刑，緩刑3年，懲罰需繳交公益金3萬元新台幣。該男子聲稱，在2010年進行台鐵的網路訂票，偶然發現打錯身份證字號仍可訂票，因此對台鐵的安全性存疑，才使用假身分證字號購票8次，此案因警察發現異常才曝光。

為了方便商業使用的驗證，身分證字號的演算法是公開的(見圖)，在網路上也可以找到許多「身份證產生器」。

調查局電腦犯罪防制科調查官錢世傑也說，其實盜用他人身分證字號的案件很多，許多民眾在電子郵件帳號的申請也是這樣，只是很多都在檢方就處理掉了，會到法院判決推測可能是態度問題，也許是堅決不認罪。

防堵釣魚郵件 15家國際網路大廠拱標準

2012-02-20T00:00:00Z

Google、Yahoo!、Microsoft、Linkedin、Facebook、PayPal等，共15家大型網路服務業者、金融服務業等 (如下圖)，不久前一同成立了DMARC.org，一起推動該項標準，服務供應商需經過DKIM（註1）或SPF（註2）標準才能符合DMARC認證，DMARC(Domain-based Message Authentication, Reporting & Conformance)此項認證標準，簡單的來說就是電子郵件的認證系統。

Openfind線上服務部協理李孟秋說，這些聯盟內的網路服務供應商各自有各自的標準來防堵網路釣魚郵件，例如Yahoo!採用的是DomainKeys、Google則是使用SPF，因此聯盟成立的目的便是要建立一個統一的標準，不僅可以彼此分享黑名單資料庫讓大家取用，也可以截長補短、統一陣線。例如各ISP業者擁有許多釣魚郵件的Sample可參考，而一些電子郵件資安廠商可能擁有強力的研發團隊。

Yahoo!的網域認證鑰匙：DomainKeys

Google的SPF：建立SPF記錄

李孟秋認為，國內目前還沒有這樣的聯盟，但如果有一個中立的第三方單位發起，提供一些誘因，例如舉辦活動或提供經費，對於整體資安（尤其是在防堵釣魚信件）當然會有幫助，但這也是與各競爭對手合作、跨公司的合作，因此是否會成功，還需要諸多的溝通與協調，DMARC.org也仍有待時間考驗。

目前DMARC.org正打算將此規格的草案交與網際網路工程任務(IETF, Internet Engineering Task Force)，希望可以變成標準化。李孟秋說，如果屆時真的可以變成標準化，各國廠商也可引用該標準，只是網路釣魚郵件會有區域性，可能會比較缺乏台灣區域的Sample，因此台灣若能也有這樣的標準共享，業界也會相當期待，更有助於台灣資安提升。

註1：根據維基百科的解釋「DKIM是由DomainKeys所改進的協定，大多數的運作方式與DomainKeys相同。在2007年2月時，DKIM被列入互聯網工程工作小組（IETF）的標準提案（Proposed Standard），並於同年5月成為正式標準（Standards Track）。」
註2：SPF(Sender Policy Framework)，可以在域名裡的DNS建立SPF記錄，來告知這個域名只會透過某些主機來發送郵件，可以避免被垃圾郵件發送者冒充發送。

輸入圖片數字

McAfee 開放平台ePO 將資安管理化繁為簡
McAfee邁克菲有限公司

中華數位科技推出APT攻擊解決方案
中華數位科技股份有限公司

透析駭客活動新趨勢–APT 惡意郵件攻擊
Xecure Lab

MS12-008 - Critical : Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2660465) - Version: 1.0

2012-02-14T08:00:00Z

Severity Rating: Critical
Revision Note: V1.0 (February 14, 2012): Bulletin published.
Summary: This security update resolves a privately reported vulnerability and a publicly disclosed vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if a user visits a website containing specially crafted content or if a specially crafted application is run locally. An attacker would have no way to force users to visit a malicious website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website.

哀悼惠尼休斯頓 Whitney Houston 的惡意影片連結,在臉書散播

2012-02-19T03:25:31Z

Skip to article

►

<惠尼休斯頓突如期來的死訊在網路上傳播開來。無數的Twitter推文、Facebook塗鴉牆留言和各種新聞都圍繞在這48歲歌手的過世消息上。因為惠尼休斯頓之死引發了大量的關注，犯罪分子也很快地利用了這一起不幸事件。

趨勢科技在這消息傳出後不久就發現了兩個網頁威脅。一個是在Facebook上發現的點擊劫持攻擊，另一個則是出現在Twitter上的連結。

哀悼「惠尼休斯頓」出現點擊劫持

一個假影片在Facebook散播,主旨是 “I Cried watching this video. RIP Whitney Houston”「看著影片我哭了。哀悼惠尼休斯頓」，加上一個所謂影片的連結。點擊後會被導向到含有影片連結的一個Facebook網頁。但是點擊之後，再經過幾次重新導向，會將使用者騙到一般的問卷調查詐騙網站。

經過對這些重新導向所用到的網域作進一步的調查之後，趨勢科技發現還有另外101個問卷調查詐騙攻擊也用了這些網域所在的同一IP地址。

哀悼惠尼休斯頓推文出現網頁威脅

趨勢科技還發現了有惡意連結的Twitter推文也利用了哀悼惠尼休斯的標籤，因為這標籤已經上了Twitter上的全球流行趨勢榜裡。

上述推文裡包含了一個連結會連到給已故歌手的特定部落格。使用者連上這網頁後會被自動導到另一個網站。隨後出現一個說會提供惠尼休斯頓桌布的網站。一旦使用者想要從這網站下載桌布，就會跳出視窗要求使用者下載一些惠尼休斯頓的鈴聲。

想要離開這網頁或是留著都會被重新導向到一個問卷調查網站來索取手機號碼。

利用新聞事件（像是名人的死訊，包括死亡謠言），是網路犯罪分子常用的誘餌。在過去也有一些攻擊使用類似的手法。

· BBC 報導：「女神卡卡Lady Gaga被發現死在酒店房間」?! 臉書 Facebook 詐騙又來了

· 讓小賈斯汀的演藝生涯劃下句點的影片?利用LinkedIn的Facebook攻擊

· 賓拉登死去活來? 賓拉登處決影片?小心夾帶惡意連結

想知道更多問卷調查詐騙攻擊的資訊，可以參考 – 問卷調查詐騙是跨平台的威脅。

看到Facebook或是Twitter上出現新聞消息，使用者在點之前都要特別小心。想要安全的獲取新資訊，最好還是將可靠的新聞網站加入書籤，以避免落入網路犯罪分子的陷阱。

想知道更多有用的技巧，來更好地保護自己免受這些攻擊的威脅，可以參考我們詳盡的電子書 – 「社群媒體的威脅指南」。

PC-cillin 2012 雲端版用戶不用擔心,惡意連結不敢造次,下載試用並寫下你的 100字試用心得,還可抽PC-cillin 2012防毒軟體和粉絲專屬好禮

＠原文出處：Cybercriminals Leverage Whitney Houston’s Death

@參考推文雲端系！史上最強防毒軟體現身看更多<PC-cillin 真的不一樣>100字推文

◎ 免費下載防毒軟體：歡迎試用下載瞭解與試用NSSLABS 最新防毒軟體測試第一名的防毒軟體PC-cillin 2012即刻免費下載

◎ 歡迎加入趨勢科技社群網站

Whitney Houston, 惠尼休斯頓

Posted by 崔嘻 at 留言(0) 引用(0) 人氣()

Personal Category:遭病毒利用的西方名人
Previous post in this category: CNN 電子報提供格達費的死亡影片?

2009: <你就是這樣上當的>網路詐騙常用騙術之網路銀行確認身份

手機毒窟!!德伺服器驚見1351個網站鎖定Android和Symbian的惡意應用程式

2012-02-18T02:30:00Z

Skip to article

►

趨勢科技最近發現了一個伺服器上代管了大量提供行動惡意軟體的網站，目標針對Android和Symbian作業系統（特別是J2ME平台）。

這個位在德國的伺服器由一個代管服務供應商所管理，它也是眾所皆知的網路犯罪分子常用服務商。

趨勢科技總共在這伺服器上發現了1351個網站，而且根據他們散布惡意軟體的手法可以將這些網站分成五大類：

Android Market應用程式

Opera Mini/Phone最佳化應用程式
色情應用程式（這些網站在檢查時無法使用）
應用程式儲存網站
其他（這些網站在檢查時無法使用）

那些無法使用的網站可能是因為攻擊者還在建置中或是已經停掉了。那些應用程式儲存網站是用來提供其他類網站裡應用程式的功能，所以無法存取。但是那些應用程式還是在的，可以透過Android Market應用程式跟Opera Mini/Phone最佳化應用程式這兩類網站來下載。

Android Market應用程式的網站看起來就像是個正常的合法網站。會出現流行的應用程式像是：WhatsApp、Facebook、Facebook Messenger，條碼掃描器、Skype、Google地圖、Gmail、YouTube和一些其他的軟體。從這些網站所下載的檔案目前已經被偵測為ANDROIDOS_FAKENOTIFY.A。

而另一方面，提供像Opera Mini和Phone最佳化工具下載的網站，最後會提供J2ME_SMSSEND.E，這是在支援MIDlet的手機上運作的惡意軟體。

而在上述這些類別裡比較起來，最多的是提供Opera Mini更新和Phone最佳化應用程式的網站。下面列出各類別的網站數量分佈圖：

從這次特殊的網路犯罪活動可以看到一些有趣的發現。趨勢科技看到攻擊不一定只針對一種平台。而根據目標平台不同，趨勢科技也看到網路犯罪分子會使用不同的社交工程陷阱誘餌。此外，雖然有Android和iOS作業系統的出現和流行，Symbian看起來還是會被當做攻擊的目標。

趨勢科技行動安全防護for Android的使用者（包括Android和Symbian）都已經可以防護這次的威脅。這些惡意網域和檔案都已經被加以偵測和封鎖了。

＠原文出處：Malicious Mobile Apps Found in Server Hosted in Germany

@延伸閱讀:

惡意Android應用程式:看成人影片不付費,威脅公布個資
 安裝手機應用程式前要注意的三件事
 2011年回顧：手機病毒
 深入探討中國的Android第三方軟體商店
 中國第三方應用商店提供下載的手機間諜軟體
 專門設計給手機瀏覽的惡意網站:偽裝成 Opera Mini 瀏覽器的行動裝置惡意程式
 日本色情業者利用行動條碼（QR Code）誘騙付費 Android智慧型手機的惡意程式，半年內增加14.1倍
 Android木馬應用程式 :木馬幫你手機申購加值服務
 保護你的Android智慧型手機5步驟
 Android app 惡意程式：愛情測試、電子書閱讀器、GPS 定位追蹤等應用程式夾帶病毒
 手機成竊聽器!!冒充Google+ 圖示,駭你全都露
<看更多手機病毒/行動威脅>

相關資料：

＠原文出處：3 Truths about Mobile Applications 作者：JM Hipolito

手機防毒不可不知 (蘋果動新聞有影片)

防毒也防失竊趨勢科技行動安全防護軟體測試

[評測]趨勢科技行動安全防護for Android

TMMS 3.75 Stars in PC World AU

◎ 歡迎加入趨勢科技社群網站

app, android, Opera Mini/Phone, Android Market, 手機病毒, 手機失竊, 手機掉了, 手機防毒軟體

Posted by 崔嘻 at 留言(0) 引用(0) 人氣()

Personal Category:Android app 等手機行動裝置威脅
Previous post in this category: 手機應用程式Sexy Ladies-2.apk是益智遊戲,還是廣告點鈔機?

2011: <粉絲專頁精選>7 歲小孩到 eBay 買戰鬥機

MS12-010 - Critical : Cumulative Security Update for Internet Explorer (2647516) - Version: 1.0

2012-02-14T08:00:00Z

Severity Rating: Critical
Revision Note: V1.0 (February 14, 2012): Bulletin published.
Summary: This security update resolves four privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS11-093 - Important : Vulnerability in OLE Could Allow Remote Code Execution (2624667) - Version: 1.0

2011-12-13T08:00:00Z

Severity Rating: Important
Revision Note: V1.0 (December 13, 2011): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in all supported editions of Windows XP and Windows Server 2003. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability. For more information, see the subsection, Affected and Non-Affected Software, in this section. The vulnerability could allow remote code execution if a user opens a file that contains a specially crafted OLE object. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS12-016 - Critical : Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2651026) - Version: 1.2

2012-02-15T00:00:00Z

Severity Rating: Critical
Revision Note: V1.2 (February 15, 2012): Removed erroneous reference to known issues from the Executive Summary.
Summary: This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted web page using a web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS12-015 - Important : Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2663510) - Version: 1.0

2012-02-14T00:00:00Z

Severity Rating: Important
Revision Note: V1.0 (February 14, 2012): Bulletin published.
Summary: This security update resolves five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS12-014 - Important : Vulnerability in Indeo Codec Could Allow Remote Code Execution (2661637) - Version: 1.1

2012-02-22T00:00:00Z

Severity Rating: Important
Revision Note: V1.1 (February 22, 2012): Added a link to Microsoft Knowledge Base Article 2661637 under Known Issues in the Executive Summary.
Summary: This security update resolves one publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .avi file) that is located in the same directory as a specially crafted dynamic link library (DLL) file. An attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS12-013 - Critical : Vulnerability in C Run-Time Library Could Allow Remote Code Execution (2654428) - Version: 1.0

2012-02-14T00:00:00Z

Severity Rating: Critical
Revision Note: V1.0 (February 14, 2012): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted media file that is hosted on a website or sent as an email attachment. An attacker who successfully exploited the vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS12-012 - Important : Vulnerability in Color Control Panel Could Allow Remote Code Execution (2643719) - Version: 1.0

2012-02-14T00:00:00Z

Severity Rating: Important
Revision Note: V1.0 (February 14, 2012): Bulletin published.
Summary: This security update resolves one publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .icm or .icc file) that is located in the same directory as a specially crafted dynamic link library (DLL) file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS12-011 - Important : Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2663841) - Version: 1.0

2012-02-14T00:00:00Z

Severity Rating: Important
Revision Note: V1.0 (February 14, 2012): Bulletin published.
Summary: This security update resolves three privately reported vulnerabilities in Microsoft SharePoint and Microsoft SharePoint Foundation. These vulnerabilities could allow elevation of privilege or information disclosure if a user clicked a specially crafted URL.

MS12-010 - Critical : Cumulative Security Update for Internet Explorer (2647516) - Version: 1.0

2012-02-14T00:00:00Z

MS12-009 - Important : Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege (2645640) - Version: 1.0

2012-02-14T00:00:00Z

Severity Rating: Important
Revision Note: V1.0 (February 14, 2012): Bulletin published.
Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerabilities.

群兆資訊-資訊安全新聞

MS12-006 - Important : Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584) - Version: 1.1

一般使用者重隱私 行動商務要安全也要操作便利

主管機關應主動協助 降低個資法對企業衝擊

Path自動存取使用者通訊錄 手機APP隱私爭議不斷

個資標準夯 金融業偏愛BS 10012

假身分證字號購台鐵票 觸偽造文書刑責

防堵釣魚郵件 15家國際網路大廠拱標準

MS12-008 - Critical : Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2660465) - Version: 1.0

哀悼惠尼休斯頓 Whitney Houston 的惡意影片連結,在臉書散播

手機毒窟!!德伺服器驚見1351個網站鎖定Android和Symbian的惡意應用程式

MS12-010 - Critical : Cumulative Security Update for Internet Explorer (2647516) - Version: 1.0

MS11-093 - Important : Vulnerability in OLE Could Allow Remote Code Execution (2624667) - Version: 1.0

MS12-016 - Critical : Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2651026) - Version: 1.2

MS12-015 - Important : Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2663510) - Version: 1.0

MS12-014 - Important : Vulnerability in Indeo Codec Could Allow Remote Code Execution (2661637) - Version: 1.1

MS12-013 - Critical : Vulnerability in C Run-Time Library Could Allow Remote Code Execution (2654428) - Version: 1.0

MS12-012 - Important : Vulnerability in Color Control Panel Could Allow Remote Code Execution (2643719) - Version: 1.0

MS12-011 - Important : Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2663841) - Version: 1.0

MS12-010 - Critical : Cumulative Security Update for Internet Explorer (2647516) - Version: 1.0

MS12-009 - Important : Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege (2645640) - Version: 1.0

一般使用者重隱私行動商務要安全也要操作便利

主管機關應主動協助降低個資法對企業衝擊

Path自動存取使用者通訊錄手機APP隱私爭議不斷

個資標準夯　金融業偏愛BS 10012

假身分證字號購台鐵票觸偽造文書刑責