Number: IRCNE2015112705
Date: 2015/11/29

According to “computerworlduk”, Microsoft is adding a new opt-in defense for enterprises to block adware, which is often sneakily wrapped into free downloads.
Adware is often classified as a potentially unwanted application, or PUA, an industry term for applications that aren't necessarily malware but could be a security or performance risk.
"These applications can increase the risk of your network being infected with malware, cause malware infections to be harder to identify among the noise, and can waste helpdesk, IT, and user time cleaning up the applications," according to a Microsoft blog post.
The feature, which will be in the company's System Center Endpoint Protection and Forefront Endpoint Protection products, is opt-in, meaning administrators will have to turn it on. PUAs will be blocked and quarantined under the default setup.
The best policy for enterprises is to also warn their users about not downloading PUAs in the first place, Microsoft said.

Number: IRCNE2015112704
Date: 2015/11/29

According to “computerworlduk”, Microsoft has updated several of its security tools to remove two digital certificates installed on some Dell computers that could compromise data.
The updates apply to Windows Defender for Windows 10 and 8.1; Microsoft Security Essentials for Windows 7 and Vista; and its Safety Scanner and Malicious Software Removal tool.
Dell mistakenly included private encryption keys for two digital certificates installed in the Windows root store as part of service tools that made its technical support easier. The tools transmit back to Dell what product a customer is using.
Security experts were alarmed by the mistake. The private keys in both of the digital certificates could be used by attackers to sign malware, create spoof websites and conduct man-in-the-middle attacks to spy on user's data. One of the certificates is named eDellRoot and the other DSDTestProvider.Dell released updates on Tuesday to remove the certificates, and it also described how to remove the certificates manually. Microsoft's tool may help those who for one reason or another haven't either downloaded or received the updates from Dell.

Number: IRCNE2015112703
Date: 2015/11/28

According to “computerworlduk”, thousands of routers, modems, IP cameras, VoIP phones and other embedded devices share the same hard-coded SSH (Secure Shell) host keys or HTTPS (HTTP Secure) server certificates, a study found.
By extracting those keys, hackers can potentially launch man-in-the-middle attacks to intercept and decrypt traffic between users and millions of devices.
Researchers from security firm SEC Consult analyzed firmware images for over 4,000 models of embedded devices from more than 70 manufacturers. In them they found over 580 unique private keys for SSH and HTTPS, many of them shared between multiple devices from the same vendor or even from different ones.
When correlating those 580 keys with data from public Internet scans, they found that at least 230 keys are actively used by over 4 million Internet-connected devices. Around 150 of the HTTPS server certificates they recovered are used by 3.2 million devices and 80 of the SSH host keys are used by 900,000 devices.
The remaining keys might be used by many other devices that cannot be accessed from the Internet, but are still vulnerable to man-in-the-middle attacks inside their respective local area networks.
"Vendors should make sure that each device uses random, unique cryptographic keys," the researchers said. "These can be computed in the factory or on first boot."
Where possible, users should change the SSH host keys and HTTPS certificates on their devices. Unfortunately, this requires technical knowledge beyond that of an average home user and is, in many cases, impossible, especially on devices that have been locked down by ISPs.

شماره: IRCNE2015112702
تاريخ: 09/07/94

محققان مسيرياب منبع بازي را با ويژگي هاي منحصر بفرد طراحي كردند. اين ويژگي ها شامل توانايي به روز رساني خودكار امنيت و تجزيه و تحليل ترافيك بين اينترنت و شبكه ميزبان مي باشد.
اين مسيرياب Turris Omnia نامگذاري شده است و مسيرياب منبع بازي است كه از سيستم عامل رايگان OpenWrt استفاده مي كند. اين سيستم عامل ويژگي هاي يك سرور لينوكسي را براي كاربران فراهم مي كند و هم چنين هر مسيرياب را قادر مي سازد تا خودش را به منظور اصلاح آسيب پذيري ها به روز رساني كند.
در راستاي اين پروژه، كاربران موافق استفاده از مسيرياب Turris به عنوان دروازه وب اصلي خود براي دوره هاي زماني خاص مي باشند.
با توجه به گزارش رسمي وب سايت اين پروژه، اين مسيرياب مي تواند براي شبكه هاي خانگي عملكردهاي ديگري نيز داشته باشد. كاربران مي توانند با استفاده از برخي از ويژگي هاي آن، كنترل داده هاي ارسالي از طريق LTE را در اختيار بگيرند. هم چنين اين مسيرياب مي تواند به عنوان يك DLNA يا سرور پشتيبان گير به خدمت گرفته شود.

شماره: IRCNE2015112701
تاريخ: 09/07/94

در شش ماه گذشته مسائل امنيتي براي سومين بار شركت لنوو را مجبور كرد تا يك به روز رساني ديگر براي ابزارهاي از پيش نصب شده بر روي رايانه هاي شخصي اين شركت منتشر كند.
هفته گذشته، اين شركت نسخه 5.0.7.0019 سيستم به روز رسان لنوو را منتشر كرد. اين ابزار به كاربران كمك مي كند تا درايوهاي رايانه و BIOS را به روز نگه دارند. به روز رساني جديد دو آسيب پذيري افزايش سطح دسترسي را كه توسط محققان شركت امنيتي IOActive شناسايي شده بود برطرف مي كند.
يكي از اين آسيب پذيري ها در سيستم كمك ابزار قرار دارد و به كاربران با حساب كاربري محدود شده اجازه مي دهد تا با كليك كردن بر روي آدرس URL در صفحه كمك، IE را با سطح دسترسي ادمين باز كنند.
آسيب پذيري دوم نيز در رابطه با حساب كاربري موقت ادمين مي باشد و به طور خاص مربوط به راه توليد نام كاربري و رمز عبور آن مي شود. اين امكان براي مهاجم وجود دارد كه نام كاربري يكسان با نام ادمين مبتني بر زماني كه آن حساب كاربري ايجاد شده است را ايجاد كند.
امسال سيستم به روز رسان لنوو دو اصلاحيه امنيتي ديگر را در ماه هاي ژوئيه و اكتبر نيز دريافت كرد. آن اصلاحيه ها، آسيب پذيري هايي را برطرف كردند كه مي تواند به مهاجم اجازه دهند تا از طريق برنامه كاربري يا با جايگزيني به روز رساني هاي معتبر با بدافزار، دستورات را اجرا كند.

شماره: IRCNE2015112700
تاريخ: 09/07/94

كاربران لپ تاپ ها، دستكتاپ ها، تبلت ها و ساير دستگاه هاي مبتني بر ويندوز Dell كه تا قبل از ماه اوت خريداري شده اند بايد در خصوص وجود گواهينامه مخرب eDellRoot كه مي تواند ارتباطات خصوصي را در معرض خطر قرار دهد، بررسي شوند.
اين گواهينامه توسط DFS نصب شده است. DFS نرم افزاري است كه شركت Dell به صورت پيش فرض بر روي تمامي دستگاه هاي خود قرار داده است تا فرآيند عمليات پشتيباني فني و خدمات مشتريان را تسهيل كند.
پس از آنكه اوايل هفته گذشته اين گواهينامه مخرب شناسايي شد، شركت Dell شروع به به روز رساني و ارتقاء گواهينامه ها از طريق DFS كرد. اين اقدام Dell تنها بر روي سيستم هاي عرضه شده از ماه اوت به بعد انجام گرفت در نتيجه بسياري از كاربران بر اين باور بودند كه تنها دستگاه هاي عرضه شده از ماه اوت به بعد تحت تاثير اين مشكل قرار دارند.
اما شركت Dell اعلام كرد كه تمامي دستگاه هايي كه DFS دارند ممكن است اين گواهينامه را داشته باشند و در نتيجه تحت تاثير اين مشكل قرار دارند. البته دستگاه هايي اين گواهينامه را دريافت كرده اند كه گزينه به روز رساني خودكار را هنگام نصب DFS فعال كرده اند.
گواهينامه ديگري با نام DSDTestProvider كه توسط Dell امضاء شده است نيز شناسايي شد. اين گواهينامه بر روي سيستم هايي مشاهده شد كه ابزار DSD را هنگام مشاهده وب سايت پشتيباني Dell نصب كردند.
اين ابزار به صورت پيش فرض بر روي سيستم ها وجود ندارد و تنها كاربراني كه در 20 اكتبر و 24 نوامبر وب سايت پشتيباني Dell را مشاهده كرده اند اين گواهينامه را همزمان با دانلود نسخه به روز شده DSD دريافت كرده اند. اگر كاربري از اين ابزار استفاده مي كند ولي در تاريخ هاي ياد شده وب سايت Dell را مشاهده نكرده است تحت تاثير اين مشكل قرار ندارد زيرا DSD به صورت خودكار به روز رساني دريافت نمي كند.
شركت Dell ابزاري را براي حذف اين گواهينامه عرضه كرده است هم چنين كاربران مي توانند به صورت دستي گواهينامه هاي eDellRoot و DSDTestProvider را حذف نمايند. كاربران مي توانند پس از اجراي كنسول مديريتي مايكروسافت از طريق Trusted Root Certification Authorities و Certificates list فهرست گواهينامه ها را ببينند و بررسي كنند كه آيا اين گواهينامه ها وجود دارد يا خير.

Number: IRCNE2015112702
Date: 2015/11/28

According to “tripwire”, this open source, crowdfunded router boasts a unique set of features, including the ability to update its own security and analyze the traffic between the Internet and the host network.
Based on the Latin word for “tower”, the Turris Omnia router is open source and runs OpenWrt, a free operating system that not only provides Omnia’s users with the capabilities of a regular Linux server but also enables each and every router to patch itself for vulnerabilities whenever one is detected via the care of its developers.
Under the Project, users agree to employ a Turris router as their main web gateway for a specified period of time, with the Omnia Turris the latest project developed by the initiative.
According to its official landing page, the router can serve a variety of other functions for home networks. Pre-loaded with a virtual server, 1 GB of RAM, and an extra cryptochip, it can function as a DLNA or back-up server. Sliding in a SIM card can also enable users to harness LTE data through it.

Number: IRCNE2015112701
Date: 2015/11/28

According to “computerworld”, for the third time in less than six months security issues have forced Lenovo to update one of the tools preloaded on its PCs.
Last week, the company released version 5.07.0019 of Lenovo System Update, a tool that helps users keep their computers' drivers and BIOS up to date and which was previously called ThinkVantage System Update. The new version fixes two local privilege escalation vulnerabilities discovered by researchers from security firm IOActive.
One of the vulnerabilities is located in the tool's help system and allows users with limited Windows accounts to start an instance of Internet Explorer with administrator privileges by clicking on URLs in help pages.
The second vulnerability is also related to the temporary administrator account and particularly to the way in which its name and password are generated.
The username follows the pattern tvsu_tmp_xxxxxXXXXX, where each lowercase x is a randomly generated lower case letter and each uppercase X is a randomly generated uppercase letter. However, the function that's supposed to randomly choose the letters is tied to the current time, making its output predictable.
"It is possible for an attacker to regenerate the same username based on the time the account was created," Talmat said.
Lenovo System Update received two other security patches this year: one in July and one in October. Those updates fixed vulnerabilities that could have allowed attackers to execute commands through the application or to replace legitimate updates with malware.

Number: IRCNE2015112700
Date: 2015/11/28

According to “tripwire”, users of Dell Windows-based laptops, desktops, tablets and other devices that were bought before August should check if their systems have the self-signed eDellRoot certificate that can compromise their private communications.
The certificate was installed by Dell Foundation Services (DFS), an application that Dell preloads on many of its devices in order to ease customer service and technical support functions.
After the certificate's existence came to light earlier this week, Dell said that it started deploying the certificate through a Dell Foundation Services version released in August. This led many people to believe that only Dell devices bought since August were affected.
That's not true. Older devices that had Dell Foundation Services (DFS) installed might also have the certificate, if the tool was configured to receive automatic updates.
"When you install DFS, it asks if you want to receive automatic updates," the representative said. "Our customers who choose 'yes' receive the automatic updates."
A second Dell self-signed root certificate called DSDTestProvider has also been found. This certificate was deployed on computers by the Dell System Detect (DSD) tool that users are prompted to install when they visit the Dell support website and click the "Detect Product" button.
This tool is not preloaded on computers and only users who visited the Dell support website between Oct. 20 and Nov. 24 were potentially prompted to download a DSD version that included the certificate. Even if users had this application installed on their computers from previous visits to the Dell support website, DSD does not update itself automatically without the user visiting the website again and agreeing to install the latest version, according to the Dell representative.
Dell has provided a removal tool and published manual removal instructions for both the eDellRoot and DSDTestProvider. Users can check if they have these certificates on their systems by pressing the Windows key + r, typing certlm.msc and hitting Run. After allowing the Microsoft Management Console to execute, they can look for them in the Trusted Root Certification Authorities > Certificates list.

شماره: IRCNE2015112699
تاريخ: 09/04/94

محققان امنيتي نوعي بدافزار را شناسايي كردند كه با استفاده از مهندسي اجتماعي كاربران را فريب مي دهد تا به طور خودكار برنامه ها را بر روي دستگاه اندرويدشان نصب كنند.
مايكل بنتلي، مدير تحقيقات در وبلاگي تشريح كرد كه بدافزار “trojanized adware” با نام Shedun چگونه مي تواند كنترل Android Accessibility Service را در اختيار بگيرد. اين سرويس براي تعامل كاربر با دستگاه تلفن همراه طراحي شده است.
اين بدافزار سعي دارد تا با ارسال پيام كوتاهي مبني بر فعال كردن “accessibilit features” كاربر را فريب دهد. پس از آنكه بدافزار Shedun كنترل Accessibility Service را در اختيار گرفت، مي تواند هر برنامه اي را كه مي خواهد نصب كند.
اين بدافزار يكي از سه برنامه خانواده Shedun، Shuanet و ShiftyBug است كه در قالب برنامه هاي معتبر ماند فيس بوك، كندي كراش يا برنامه هاي فروشگاه اندرويد ظاهر مي شود. اگر كاربري يكي از اين برنامه ها را نصب كند، Shedun يا يكي از بدافزارهاي ديگر دسترسي root دستگاه را بدست مي آورد و خودش را به عنوان برنامه سيستم نصب مي كند و در نتيجه حذف آن توسط قرباني دشوار مي شود.
به كاربران توصيه مي شود تا هنگام نصب برنامه ها از فروشگاه هاي متفرقه جانب احتياط را رعايت كنند و به خصوص در مورد برنامه هايي كه سعي در در اختيار گرفتن كنترل Accessibility Service دارند هوشيارانه عمل كنند.