شماره: IRCNE2014042150
تاريخ:19 /01/93

كارشناسان امنيت رايانه به ادمين ها توصيه مي كنند تا رخنه جدي موجود در يك كتابخانه نرم افزاري كه توسط ميليون ها وب سايت براي رمزگذاري ارتباطات حساس استفاده مي شود را اصلاح نمايند.
اين رخنه با نام مستعار "Heartbleed" در چندين نسخه از OpenSSL وجود دارد. OpenSSL يك كتابخانه رمزگذاري است كه رمزگذاري هاي SSL و TLS را ارائه مي دهد. اكثر وب سايت ها براي رمزگذاري از SSL و TLS استفاده مي كنند كه در مرورگرها با علامت قفل نشان داده مي شود.
اين رخنه كه براي اولين بار در دسامبر سال 2011 معرفي شد در OpenSSL نسخه 1.0.1g اصلاح شده است. نسخه هاي آسيب پذير OpenSSL، نسخه هاي 1.0.1 تا 1.0.1f مي باشد البته در اين ميان نسخه هاي 1.0.0 و 0.9.8 تحت تاثير اين رخنه قرار ندارند.
در صورت سوء استفاده موفقيت آميز از اين آسيب پذيري، مهاجمان مي توانند تمامي اطلاعات ردو بدل شده بين كاربر و يك ارائه دهنده خدمات وب را مشاهده نمايند و يا حتي مي توانند ترافيك هاي جمع آوري شده را رمزگشايي كنند. هم چنين مهاجمان مي توانند ارتباطات را استراق سمع كنند، داده ها را به طور مستقيم از كاربران و وب سايت ها به سرقت ببرند و يا حتي هويت كاربر و سرويس را جعل كنند.
اين رخنه توسط سه محقق از شركت امنيتي Codenomicon و Neel Mehta از شركت گوگل كشف شده است. دامنه اين مشكل وسيع است و تمامي سيستم عامل هاي امروزي ممكن است نسخه اي آسيب پذير از OpenSSL را داشته باشند. سيستم عامل هايي كه ممكن است تحت تاثير يك نسخه آُسيب پذير از OpenSSL قرار داشته باشند عبارتند از: Debian Wheezy، Ubuntu 12.04.4 LTS، CentOS 6.5، Fedora 18، OpenBSD 5.3، FreeBSD 8.4، NetBSD 5.0.2 و OpenSUSE 12.2.
اين كتابخانه در دو وب سرور معروف آپاچي و nginx مورد استفاده قرار مي گيرد. هم چنين براي حفاظت از سرورهاي پست الكترونيكي، سرورهاي چت، شبكه هاي خصوصي مجازي و ساير لوازم شبكه از اين كتابخانه استفاده مي شود.
به مديران شبكه توصيه مي شود تا آخرين نسخه SSL را اعمال نمايند، كليدهايي كه ممكن است با مشكل مواجه شده باشند را لغو نموده و كليدهاي جديدي ايجاد نمايند.

شماره: IRCNE2014042149
تاريخ:19 /01/93

Jim Clausing از موسسه SANS اظهار داشت كه كمپين اخير هرزنامه بيش از انتظار هوشمند است. Clausing يك پست الكترونيكي مشكوك از نوعي كه چند هفته گذشته پخش شده بود را مورد بررسي قرار داد. اين پست الكترونيكي حاوي لينكي است كه هنگامي بر روي اكثر سيستم عامل ها اجرا مي شود، يك نوع سايت هرزنامه را باز مي كند. زماني كه بر روي اندرويد باز شود، يك بدافزار اندرويدي را توزيع مي كند.
Clausing ادامه داد هنگامي كه اين آدرس URL را از مرورگر كروم بر روي يك رايانه شخصي باز كردم يك سايت داروخانه كانادايي را نشان داد و زماني كه اين آدرس را از مرورگر كروم بر روي دستگاه اندرويدي باز كردم، به سمت سايت مركزي فروش دامنه هدايت شدم. اما در حال حاضر دستگاه من حاوي هيچگونه بدافزاري نيست. بنابراين به نظر مي رسد كه بدافزار خودش را از بين برده است.
به گفته Clausing اين بدافزار آخرين نسخه "DroidNotCompatible" مي باشد. به نظر مي رسد اين بدافزار با نام "NotCompatible" نيز خوانده مي شود و در فايلي با نام update.apk قرار دارد.
به منظور راه اندازي يك حمله، بايد امكان نصب از منابع نامعتبر در تنظيمات اندرويد وجود داشته باشد و هم چنين دستگاه قادر باشد تا APK را از فولدر دانلودها اجرا نمايد. اما نكته جالب آن است كه اين بدافزار تنها بر روي دستگاه هاي اندرويد دانلود مي شود.

Number:IRCNE2014042151
Date: 2014-04-08

According to “computerworld”, BlackBerry is promoting an upcoming end-to-end encrypted messaging service called BBM Protected for industries that need the highest levels of security. It will launch sometime in the summer.
BBM Protected was first announced in late February as part of the eBBM Suite, an upcoming family of products that works with BlackBerry's Messenger, its smartphones and Enterprise Server (BES) as well as BlackBerry Enterprise Service 10 servers.
BlackBerry Protected and the entire eBBM Suite appear to be part of the company's strategy to hold onto its BES customers, many of which are in the government and securities sectors. Blackberry continues to face problems selling smartphones and attracting more customers to its BES 10 servers.
A company spokeswoman said Friday that BlackBerry has nearly 33,000 BES 10 commercial and test services installed globally.
White said BBM for consumers is now available for Android and iOS smartphones as well as BlackBerry. He said BBM Protected will be available first for BlackBerry phones, followed by iPhone and Android phones and eventually Windows Phones.
Jack Gold, an analyst at J. Gold Associates, said BlackBerry's move to open consumer-grade BBM to Android and iOS shows the company sees the need for a cross-platform approach. He said BBM Protected also needs to be available for non-BES shops to be successful.
The BBM Protected approach will allow workers to communicate over an automatically created end-to-end encrypted link with other workers as well as others outside of their organization.
Microsoft and Cisco both offer secure real-time messaging services, but "they are limited to communications inside an organization, unless you set up a complex federation of servers," White said. "This ability to communicate [securely] inside and outside is critical to a user."
Last December, BlackBerry said that BBM is used by 85% of BES-enabled organizations using BlackBerry smartphones. IT administrators in many regulated industries must keep records of messages sent and received by employees, and BBM allows IT shops to log, archive and audit all BBM text messages and access the metadata for BBM voice and video messages.

Number:IRCNE2014042150
Date: 2014-04-08

According to “techworld”, computer security experts are advising administrators to patch a severe flaw in a software library used by millions of websites to encrypt sensitive communications.
The flaw, nicknamed "Heartbleed," is contained in several versions of OpenSSL, a cryptographic library that enables SSL (Secure Sockets Layer) or TLS (Transport Security Layer) encryption. Most websites use either SSL or TLS, which is indicated in browsers with a padlock symbol.
The flaw, which was introduced in December 2011, has been fixed in OpenSSL 1.0.1g, which was released on Monday.
The vulnerable versions of OpenSSL are 1.0.1 through 1.0.1f with two exceptions: OpenSSL 1.0.0 branch and 0.9.8, according to a special website set up by researchers who found the problem.
If exploited, the flaw could allow attackers to monitor all information passed between a user and a Web service or even decrypt past traffic they've collected.
"This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users," the researchers wrote.
The bug was discovered by three researchers from Codenomicon, a computer security company, and Neel Mehta, who works on security for Google.
The scope of the problem is vast, as many modern operating systems are suspected as having an affected OpenSSL version.
Operating systems that may have a vulnerable version of OpenSSL include Debian Wheezy, Ubuntu 12.04.4 LTS, CentOS 6.5, Fedora 18, OpenBSD 5.3, FreeBSD 8.4, NetBSD 5.0.2 and OpenSUSE 12.2, they wrote.
OpenSSL also underpins two of the most widely used Web servers, Apache and nginx. The code library is also used to protect email servers, chat servers, virtual private networks and other networking appliances, they wrote.
The problem, CVE-2014-0160, is a missing bounds check in the handling of the TLS heartbeat extension, which can then be used to view 64K of memory on a connected server, according to another advisory.
It allows attackers to obtain the private keys used to encrypt traffic. With those keys, it is also possible for attackers to decrypt traffic they've collected in the past.
The attackers can only access 64K of memory during one iteration of the attack, but the attackers can "keep reconnecting or during an active TLS connection keep requesting arbitrary number of 64 kilobyte chunks of memory content until enough secrets are revealed," according to the website.
It's unclear if attackers have been exploiting the flaw over the last two years, which was just publicly revealed on Monday. But attacks using the flaw "leaves no traces of anything abnormal happening to the logs," the researchers wrote.
Administrators are advised to apply the up-to-date version of SSL, revoke any compromised keys and reissue new keys.

Number:IRCNE2014042149
Date: 2014-04-08

According to “zdnet”, a recent spam campaign exhibits more than the usual amount of cleverness, as described by Jim Clausing at the SANS Institute.
Clausing investigated a suspicious email of a type that was spreading several weeks ago. It contained a link which, when followed on most platforms, went to a typical spam site. When followed on Android, it distributed Android malware.
When I test the URL from Chrome on a PC, I am redirected to a Canadian pharmacy site, a classic spam target as Clausing says. When I test it from Chrome on Android, I am redirected to the root of the domain, which says that the domain is for sale. I am not served any malware. So the malware itself has been taken down.
The malware itself, according to Clausing, was the latest version of "DroidNotCompatible." Based on some Googling, this appears to be the malware usually called "NotCompatible" and which comes in a file named update.apk.
In order to run the attack, one must first enable installs from untrusted sources in Android settings and then choose to run the APK from the downloads folder. So it's far from a true drive-by, but it's still interesting that it downloads only on Android devices.

شماره: IRCNE2014042148
تاريخ:18 /01/93

شركت مايكروسافت معيارهاي خود را براي دسته بندي برنامه ها به عنوان تبليغ افزار تغيير داده است و به توسعه دهندگان سه ماه فرصت داده است تا برنامه هاي خود را با اصول جديد مطابقت دهند در غير اينصورت برنامه هاي آن ها توسط محصولات امنيتي اين شركت مسدود مي شود.
مهم ترين تغيير در سياست هاي اين شركت آن است كه برنامه هاي تبليغ افزار به صورت پيش فرض از اول ژوئيه مسدود خواهند شد. در گذشته اين برنامه ها مي توانستند اجرا شوند.
جالب توجه است كه مايكروسافت با اين سياست قصد دارد تا براي راحتي كار ابزار يكساني را براي برنامه هاي تبليغاتي توليدكنندگان بر روي ويندوز 8.1 و ويندوز فون ارائه دهد.
يكي از اعضاي مركز حفاظفت بدافزار مايكروسافت اظهار داشت كه اين شركت براي طبقه بندي برنامه هاي كاربردي به عنوان تبليغ افزار بر اساس آن كه كاربران بايد قادر به انتخاب و كنترل چه اتفاقاتي بر روي رايانه خود باشند، عمل مي كند.
اول از همه، برنامه هايي كه براي تبليغ محصولات و خدمات در داخل برنامه هاي ديگر مانند مرورگرها نمايش داده مي شوند بايد به عنوان برنامه هاي تبليغي ناخواسته بررسي شوند. اگر برنامه اي تبليغات ها را در محدوده خود نمايش دهد نيازي به ارزيابي ندارد.
علاوه بر پيروي از دستورالعمل هاي نمايش تبليغات، برنامه ها بايد يك روش حذف استاندارد را در پنل كنترلي ويندوز يا واسط مديريت افزونه مرورگر ارائه دهند. ورودي هاي حذف مربوطه بايد شامل نام همان برنامه كه در تبليغ توليد شده نمايش داده شده است باشد.
يكي از اعضاي مركز حفاظت بدافزار مايكروسافت گفت: ما اعتقاد داريم كه اين تغييرات، كار توليدكنندگان نرم افزار را براي استفاده از تبليغات راحت تر مي كند و هم چنين در همان زمان به كاربران اين اختيار داده مي شود تا كارها و تجربيات خود را كنترل كنند.
برنامه هاي تبليغي مزاحم به طور معمول كار جستجو در وب را تحت تاثير قرار مي دهد. محققان شركت امنيتي Avast در سال 2013 نوارابزارها و الحاقات ناخواسته مرورگر را به عنوان يكي از بزرگترين مشكلات كاربران معرفي كرد. اغلب براي عموم كاربران دشوار و يا حتي ناممكن است كه چنين نوار ابزارهايي را به طور كامل پاك نمايند زيرا اين نوارها نام كاربران و شناسه آن ها را بر روي رايانه جديد تغيير مي دهند تا تشخيص داده نشوند و توسط محصولات امنيتي حذف نگردند.

Number:IRCNE2014042148
Date: 2014-04-07

According to “techworld”, microsoft has toughened its criteria for classifying programs as adware and gave developers three months to conform with the new principles or risk having their programs blocked by the company's security products.
The most important change in Microsoft's policy is that adware programs will be blocked by default starting July 1. In the past such programs were allowed to run until users chose one of the recommended actions offered by the company's security software.
Interestingly, Microsoft's crackdown on adware comes as it introduces tools to make it easier for developers to incorporate advertising into Windows 8.1 and Windows Phone apps.
The company has re-evaluated its criteria for classifying applications as adware based on the principle that users should be able to choose and control what happens on their computers, according to Michael Johnson, a member of the Microsoft Malware Protection Center.
First of all, only programs that display ads promoting goods and services inside other programs -- for example, browsers -- will be evaluated as possible unwanted adware applications, Johnson said Thursday in a blog post. "If the program shows advertisements within its own borders it will not be assessed any further."
In addition to following these ad display guidelines, programs need to provide a standard uninstall method in the Windows control panel or the browser add-on management interface, if the program operates as a browser extension or toolbar. The corresponding uninstall entries must contain the same program names as displayed in the generated ads.
"We believe that it will make it easy for software developers to utilize advertising while at the same time empowering users to control their experience."
Adware programs typically affect the Web browsing experience and have been a nuisance for years.Researchers from antivirus vendor Avast named unwanted browser toolbars and extensions as one of the biggest problems for users in 2013. Such toolbars are often difficult or even impossible for average users to fully uninstall because they change their names and identifiers on almost every new computer to prevent detection and removal by security products, they said in a blog post at the end of December.

شماره: IRCNE2014042147
تاريخ:17 /01/93

شركت مايكروسافت اعلام كرد كه در سه شنبه اصلاحيه ماه آوريل، چهار به روز رساني امنيتي را منتشر خواهد كرد. اين به روز رساني ها شامل آخرين اصلاحيه ها براي رخنه هاي موجود در ويندوز XP و آفيس 2003 مي باشد و پس از آن اين برنامه ها ديگر به روز رساني نخواهند شد.
از ميان اين چهار به روز رساني، دو به روز رساني در رده امنيتي "بحراني" و دو به روز رساني در رده امنيتي "مهم" قرار دارند.
تمامي اين به روز رساني ها مربوط به آسيب پذيري هاي اجراي كد از راه دور مي باشند كه مهاجمان مي توانند در صورت سوء استفاده موفقيت آميز از آسيب پذيري ها، كنترل يك دستگاه به روز نشده را در اختيار بگيرند.
يكي از اين اصلاحيه ها به طور مستقيم ويندوز XP را تحت تاثير قرار مي دهد. در اين اصلاحيه ها آسيب پذيري هاي موجود در تمامي نسخه هاي IE از جمله IE 6 نسخه قديمي IE بر روي ويندوز XP و IE8 محبوب ترين نسخه مرورگر IE بر روي ويندوز XP برطرف خواهند شد.
در اصلاحيه هاي روز سه شنبه تمامي نسخه هاي ورد شامل Word 2003، Word 2007، Word 2013 و Word 2013 RT بر روي ويندوز و Word 2011 بر روي OS X به روز رساني خواهند شد.
شركت مايكروسافت به كاربران توصيه مي كند تا در اسرع وقت به روز رساني هاي IE را اعمال نمايند.
بولتن 1 علاوه بر دارا بودن به روز رساني هاي ورد، نرم افزارهاي SharePoint Server 2010 و SharePoint Server 2013 را تحت تاثير قرار خواهد داد. زيرا سرورهاي SharePoint سرويسس با عنوان "Word Automation Services" را اجرا مي نمايند كه به طور خودكار اسنادي با فرمت هاي مختلف از جمله فرمت RTF را باز مي كند.
يكي از متخصصان امنيت مايكروسافت گفت: پس از اتمام پشتيباني، كساني كه هم چنان از سيستم عامل XP استفاده خواهند كرد براي مهاجمان به يك قرباني مناسب تبديل مي شوند. مهاجمان مي توانند با استفاده از مهندسي معكوس آسيب پذيري هاي موجود در ويندوز XP را شناسايي نموده و در صورت موفقيت، اين توانايي را دارند تا با استفاده از كدهاي سوء استفاده قربانيان خود را آلوده نمايند.
متخصصان امنيت به كاربران ويندوز XP توصيه مي كنند تا در اسرع وقت سيستم خود را به نسخه بالاتر ارتقاء دهند. اما اگر برخي از كاربران چاره اي جز استفاده از ويندوز XP ندارند، بايد تمامي به روز رساني هايي كه تاكنون براي اين نسخه منتشر شده است را اعمال نمايند و در صورتي كه به اينترنت نياز ندارند، آن را قطع كرده تا خطر ابتلا به بدافزارهاي جديد كاهش يابد. هم چنين يكي ديگر از روش هاي حفاظتي استفاده از يك برنامه آنتي ويروس خوب مي باشد. اغلب برنامه هاي آنتي ويروس خوب حداقل براي دو سال آينده ويندوز XP را پشتيباني خواهند كرد.

Number:IRCNE2014042147
Date: 2014-04-06

According to “computerworld”, microsoft today said it will ship four security updates to customers next week that will include the final public fixes for flaws in Windows XP and Office 2003, both slated for retirement from security support on Tuesday.
Of the four updates, two were tagged "critical," Microsoft's most serious threat rating, and the other pair was marked "important," the next step down in the firm's four-part scoring system.
All four, however, were labeled in today's advance notification with the phrase "remote code execution," meaning that attackers could hijack an unpatched PC if they managed to exploit the vulnerabilities.
One of the quartet will directly affect Windows XP -- all versions of Windows, actually, including the newest, Windows 8.1 -- while another will also impact the 13-year-old OS because it will patch all editions of Internet Explorer, including IE6, which faces retirement, too, and IE8, the most popular Microsoft browser for XP.
All versions of Word -- Word 2003, Word 2007, Word 2013 and Word 2013 RT on Windows, and Word 2011 on OS X -- will be patched next week to quash the bug.
He recommended that Microsoft customers apply the IE update as soon as possible. "It's almost always 'IE first,'" he said. "Then, no question -- apply that Word fix pronto."
Bulletin 1, the update that will patch Word, will also affect SharePoint Server 2010 and SharePoint Server 2013, the collaboration software many enterprises have deployed to support Office. Because SharePoint Server runs a service called "Word Automation Services," which automatically opens documents in several formats, including RTF, it could also be exploited, potentially spreading attack code throughout a company.

Number:IRCNE2014042146
Date: 2014-04-04

According to “computerworld”, a 5-year-old San Diego boy has been commended by Microsoft for his security skills after finding a vulnerability in the company's Xbox games console.
Kristoffer Von Hasssel's parents noticed earlier this year that he was logged into his father's Xbox Live account and playing games he was not supposed to.
He hadn't stolen his father's password. Instead, he stumbled upon a very basic vulnerability that Microsoft is said to have now fixed.
After typing an incorrect password, Kristoffer was taken to a password verification screen. There, he simply tapped the space bar a few times, hit "enter" and was let into his father's account.
The password allowed him to access not only the games but everything else on the Xbox, including a non-age-restricted YouTube account, his father, Robert Davies, said by telephone Friday.
Kristoffer's name is now listed among Microsoft's March list of security researchers who have disclosed vulnerabilities in its products.