ID: IRCNE2011081235
Date: 2011-08-30

According to “ComputerWorld”, hackers have obtained a digital certificate good for any Google website from a Dutch certificate provider. Criminals could use the certificate to conduct "man-in-the-middle" attacks targeting users of Gmail, Google's search engine or any other service operated by Google.
"[Attackers] could poison DNS, present their site with the fake cert and bingo, they have the user's credentials," said Andrew Storms, director of security operations at nCircle Security.
Man-in-the-middle attacks could also be launched via spam messages with links leading to a site posing as, say, the real Gmail. If recipients surfed to that link, their account login username and password could be hijacked.
Details of the certificate were posted on Pastebin.com last Saturday. Pastebin.com is a public site where developers -- including hackers -- often post source code samples.
According to Schouwenberg, a researcher at Kaspersky Lab, the SSL (secure socket layer) certificate is valid, and was issued by DigiNotar, a Dutch certificate authority.
Security researcher and Tor developer Jacob Applebaum confirmed that the certificate was valid, as did noted SSL researcher Moxie Marlinspike on Twitter. "Yep, just verified the signature, that pastebin *.google.com certificate is real," said Marlinspike. Because the certificate is valid, a browser would not display a warning message if its user went to a website signed with the certificate.
It's unclear whether the certificate was obtained because of a lack of oversight by DigiNotar or through a breach of the company's certificate issuing website. Schouwenberg urged the company to provide more information as soon as possible. "Given their ties to the government and financial sectors it's extremely important we find out the scope of the breach as quickly as possible," Schouwenberg said.
The situation was reminiscent of a breach last March, when a hacker obtained certificates for some of the Web's biggest sites, including Google and Gmail, Microsoft, Skype and Yahoo. In that time, browser makers, including Google, Microsoft and Mozilla, rushed out updates that added the stolen certificates to their applications' blacklists.
The google.com certificate was issued July 10, but was not revoked -- the first step in blocking its use -- until today at 1 p.m. EDT.

ID: IRCNE2011081234
Date: 2011-08-30

According to "computerworld", A new Windows worm is working its way through company networks by taking advantage of weak passwords, security researchers said over the weekend.
The worm, dubbed "Morto" by Microsoft and Helsinki-based F-Secure, has been circulating since at least last week. The Morto worm spreads by logging in to Remote Desktop servers using weak passwords like "abc123."
Windows PCs infected with Morto scan the local network for other machines that have RDC switched on, then try to log in to a Remote Desktop server using a pre-set list of common passwords, said F-Secure. If one of the passwords works, the worm then downloads additional malware components to the just-victimized server and kills security software to remain hidden.
Morto's purpose may be to crank out denial-of-service attacks against hacker-designated targets, said Microsoft in the write-up published Sunday.
Although Microsoft patched RDP just three weeks ago as part of August's monthly security update, Morto does not exploit that vulnerabilitys.

ID: IRCNE2011081233
Date: 2011-08-30

According to “ITPRO”, Nokia's developer website has been hit by an SQL injection attack. The Finnish mobile firm warned a significant number of members from the mobile giant’s developer community forum had their details accessed.
The site has been taken down as a precautionary measure. The vulnerability exploited to attack the forum has been addressed, Nokia confirmed.
“During our ongoing investigation of the incident we have discovered that a database table containing developer forum members' email addresses has been accessed, by exploiting a vulnerability in the bulletin board software that allowed an SQL Injection attack,” a post on the developer.nokia.com/community discussion forum read at the time of publication.
“Initially we believed that only a small number of these forum member records had been accessed, but further investigation has identified that the number is significantly larger.”
As for what data could have been swiped by the intruders, Nokia said email addresses were compromised. For a small proportion of users who chose to include such information in their public profile, birth dates and usernames for Web 2.0 sites including MSN, Skype and Yahoo were accessed.
“They do not contain sensitive information such as passwords or credit card details and so we do not believe the security of forum members’ accounts is at risk. Other Nokia accounts are not affected,” Nokia added.
“We are not aware of any misuse of the accessed data, but we are communicating with affected forum members, though we believe the only potential impact to them may be unsolicited email. Nokia apologises for this incident.”

شماره: IRCNE2011081232
تاريخ: 6/6/90

يك شركت امنيتي نشان داده است كه چگونه مي­توان با مهندسي معكوس يك اصلاحيه مايكروسافت، يك حمله انكار سرويس را بر روي يك سرور DNS ويندوز صورت داد.
اثبات اين شركت گام­هايي را كه هكرها بايد براي حمله به ويندوز طي كنند نشان مي­دهد و اهميت به كار گرفتن اصلاحيه هاي مايكروسافت با حداكثر سرعت ممكن پس از سه شنبه اصلاحيه هر ماه را خاطر نشان مي­سازد.
اصلاحيه اي كه شركت امنيتي Qualys مورد استفاده قرار داده است، دو حفره امنيتي را در سرور DNS ويندوز برطرف كرده و در رده امنيتي «بسيار مهم»، يعني جدي­ترين رده امنيتي مايكروسافت قرار داشت. مايكروسافت اعلام كرده است كه انتظار نداشت اين آسيب پذيري در اين ماه توسط مهاجمان مورد سوء استفاده قرار گيرد، ولي اثبات شركت Qualys نشان مي­دهد كه چنين سوء استفاده هايي ممكن است.
به گفته يكي از مهندسين امنيتي آسيب پذيري در Qualys، آنها اقدام به مهندسي معكوس اصلاحيه كرده اند تا درك بهتري از مكانيزم آسيب پذيري به دست آورند و در نتيجه متوجه شده اند كه اين آسيب پذيري با استفاده از گام­هاي ساده و معدودي قابل سوء استفاده است. به گفته وي، در حالي كه اثبات اين شركت يك حمله انكار سرويس را نمايش مي­دهد، مهاجماني با مقاصد خرابكارانه ممكن است قادر به اجراي كد باشند.
شركت Qualys از يك ابزار binary-diffing به نام TurboDiff براي مقايسه نسخه هاي اصلاح شده و اصلاح نشده فايل­هاي سرور DNS استفاده كرده است. اين مساله به متخصصان امنيتي كمك مي­كند متوجه شوند كه تغييرات ايجاد شده براي ترميم اين آسيب پذيري­ها توسط اين اصلاحيه در چه قسمت­هايي اعمال شده اند. اين ابزار همچنين به افراد خرابكار كمك مي­كند ياد بگيرند كه چگونه از اين آسيب پذيري سوء استفاده كرده و آن را بر عليه سيستم­هاي اصلاح نشده به كار گيرند.
زماني كه اين آسيب پذيري­ها شناسايي شدند، Qualys دو سرور DNS را در آزمايشگاه تنظيم كرده و با وارد كردن دستورات كمي در كار يكي از آنها اختلال ايجاد كرد. از آنجايي كه اجراي اين حمله شامل گام­هاي معدودي است، Qualys توصيه كرده است كه كامپيوترهاي اين شركت توسط نرم افزار امنيتي QualysGuard اسكن شده و اين به روز رساني امنيتي را هر چه سريعتر اعمال نمايند.
اين اصلاحيه سرور DNS ويندوز يكي از دو اصلاحيه بسيار مهم اين ماه بود كه توسط مايكروسافت عرضه شد. اصلاحيه دوم هفت حفره امنيتي را در IE برطرف مي­كرد. مايكروسافت در مورد اصلاحيه IE هشدار داده بود كه كاربران احتمالا ظرف مدت 30 روز سوء استفاده هاي مربوط به آسيب پذيري­هاي اصلاح شده در آن را مشاهده خواهند كرد. حتي يكي از متخصصين امنيتي شركت Lumension ادعا كرده بود كه پس از انتشار اصلاحيه، ظرف مدت 24 ساعت منتظر مشاهده كد سوء استفاده كننده هستند.
نكته آخر اينكه روزهاي پس از سه شنبه اصلاحيه، فرصت مناسبي براي هكرهاست كه به سيستم­هاي اصلاح نشده حمله كنند، بنابراين متخصيين IT بايد به روز رساني­هاي امنيتي را هر چه سريعتر اعمال نمايند.

مطالب مرتبط:
سه شنبه اصلاحيه ماه آگوست

ID: IRCNE2011081232
Date: 2011-08-28

According to “ComputerWorldUK”, a security company has demonstrated how to reverse engineer a Microsoft patch in order to launch a denial-of-service attack on a Windows DNS Server.
The proof-of-concept shows the steps hackers could take to attack Windows and highlights the importance of deploying Microsoft patches as soon as possible after their monthly Patch Tuesday release.
The patch that Qualys used closed two holes in Windows DNS Server and was rated critical, Microsoft's most severe security rating. Microsoft said it did not expect the vulnerability to be exploited by attackers this month, but the Qualys proof-of-concept shows such exploits would be possible.
"We reverse engineered the patch to get a better understanding of the mechanism of the vulnerability and found this vulnerability can be triggered with a few easy steps," Qualys vulnerability security engineer Bharat Jogi writes. "While the proof of concept described below demonstrates a denial of service, attackers with malicious intent may be able to get reliable code execution."
Qualys used a "binary-diffing" tool called TurboDiff to compare the unpatched and patched versions of the affected DNS Server files. This helps security experts "understand the changes that were made in order to fix the vulnerabilities by this patch," but could also help bad guys learn how to exploit the vulnerability and use it against systems that haven't received the security update.
Once the vulnerabilities were identified, Qualys set up two DNS servers in the lab and crashed one of them by typing in a few commands. Since executing the attack takes only a few steps, Qualys recommended that its own customers perform a scan with the QualysGuard security software and "apply this security update as soon as possible."
The Windows DNS Server patch was one of two critical patches released this month by Microsoft. The other fixed seven holes in Internet Explorer. For the IE patch, Microsoft warned that customers were "likely to see reliable exploits developed within the next 30 days." Lumension security expert Paul Henry went even further, saying, "We are working in a 24 hour window [after patch releases] for expecting to see exploit code in the wild."
The bottom line: The days after Patch Tuesday provide opportunity for hackers to attack unpatched systems, so Windows IT pros should deploy security updates as quickly as they can.

Related Links:
August Patch Tuesday

شماره: IRCNE2011081231
تاريخ: 5/6/90

موسسه متن باز Apache در مورد يك ابزار حمله هشدار داده است كه براي يك آسيب پذيري جدي در Apache HTTPD Web Server عرضه شده است.
ابزار حمله «killapache» در حال حاضر به طور گسترده اي در حال انتشار است. Apache هشدار داده است كه استفاده فعال از اين ابزارها مشاهده شده است.
بنا بر يك راهنمايي امنيتي كه يك نقص انكار سرويس را در نصب پيش فرض Apache HTTPD مستند مي­كند، اين حمله مي­تواند از راه دور انجام شده و با تعداد كمي درخواست، حافظه و پردازشگر مركزي سرور را به شدت مشغول نمايد.
اين گروه اين مساله را به عنوان يك آسيب پذيري انكار سرويس توصيف كرده و چندين روش براي محدود كردن خسارات ناشي از يك حمله انكار سرويس خرابكار پيشنهاد كرده است.
به گفته Apache، كاربران Apache HTTPD كه نگران يك حمله انكار سرويس عليه سرور خود هستند بايد يكي از راهكارهاي پيشنهادي را به كار بندند.
انتظار مي­رود كه يك عرضه جديد apache براي Apache 2.0 و Apache 2.2 اين هفته منتشر گردد.

شماره: IRCNE2011081230
تاريخ: 5/6/90

سيستم عامل لينوكس Ubuntu براي برطرف كردن چندين رخنه امنيتي WebKit كه كاربران را در معرض حملات مخرب هكرها قرار مي داد، به روز رساني شد.
با توجه به راهنماي امنيتي Ubuntu، رخنه امنيتي WebKit باندازه اي خطرناك است كه مي تواند منجر به حملات اجراي كد دلخواه شود. 22 آسيب پذيري مختلف كه توسط Ubuntu مستند شده اند، بر روي Ubuntu نسخه 10.10 و LTS 10.04 تاثير مي گذارند.
يك آسيب پذيري جداگانه در اين سيستم عامل متن باز نيز براي مسدود كردن عاملي كه به مهاجمان اجازه مي داد تا از eCryptf براي حذف كردن موقعيت هاي دلخواه استفاده كنند و يك موقعيت انكار سرويس ايجاد كنند، برطرف شد. آسيب پذيري ecryptf-util بر روي Ubuntu نسخه 11.04 و 10.10 و LTS 10.04 تاثير مي گذارد.

شماره: IRCNE2011081229
تاريخ: 5/6/90

محققان مايكروسافت بدون سر و صدا اقدام به پيدا كردن و رفع نقايص امنيتي در محصولات ساخته شده توسط شركت­هاي ديگر از جمله Apple و گوگل مي­نمايند.
در اين ماه، گروه تحقيقاتي آسيب پذيري­هاي امنيتي مايكروسافت (MSVR) تعدادي راهنمايي امنيتي براي مستندسازي آسيب پذيري­هايي در WordPress و مرورگر Safari متعلق به شركت Apple عرضه كرده است و در ماه جولاي نيز، تعدادي نقص نرم افزاري در Google Picasa و فيس بوك كشف و ترميم شدند.
برنامه MSVR كه از دو سال پيش آغاز شده است، به محققان مايكروسافت اين آزادي را مي­دهد تا كدهاي نرم افزارهاي شركت­هاي ديگر را بررسي كرده و با همكاري با اين شركت­ها، پيش از عمومي شدن يك مساله امنيتي به ترميم شدن آن كمك كنند.
كار اين گروه در سال 2009 و زماني كه يك حفره امنيتي خطرناك در Google Chrome Frame كشف و ترميم شد نمايان شد، اما هنوز بسياري نمي­دانند كه اين گروه در سال گذشته صدها مشكل امنيتي را در نرم افزارهاي شركت­هاي ديگر كشف كرده است.
مايكروسافت اعلام كرده است كه گروه MSVR از جولاي 2010 تا كنون، 109 آسيب پذيري نرم افزاري مختلف را كه متعلق به 38 شركت مختلف بودند شناسايي و معرفي كرده است.
به گفته مايكروسافت، بيش از 93 درصد از آسيب پذيري­هاي محصولات شركت­هاي ديگر كه از جولاي 2010 تا كنون توسط MSVR شناسايي شده اند در رده امنيتي «بسيار خطرناك» يا «خطرناك» قرار داشته اند.
به گزارش مايكروسافت، شركت­ها به اين حركت مايكروسافت پاسخ گفته و در 97 درصد از تمام آسيب پذيري­هاي گزارش شده، همكاري كرده اند. 29 درصد از آسيب پذيري­هايي كه از جولاي 2010 تا كنون كشف شده اند ترميم شده اند و هيچ يك از آسيب پذيري­هاي ترميم نشده نيز در هيچ حمله اي مشاهده نشده اند.
در كشفيات اين هفته MSVR، يك آسيب پذيري در روش مديريت انواع محتواي خاص توسط Safari وجود دارد. يك مهاجم مي­تواند با سوء استفاده از اين آسيب پذيري، منجر به اجراي محتواي اسكريپت و افشاي اطلاعات حساس توسط Safari گردد. مهاجمي كه به شكل موفقيت آميز از اين آسيب پذيري سوء استفاده نمايد به اطلاعات حساسي دست خواهد يافت كه مي­تواند در حملات آتي مورد استفاده قرار گيرد.
يك آسيب پذيري نيز در روش پياده سازي محافظت در برابر اسكريپت­هاي بين سايتي و اعتبار سنجي نوع محتوا در WordPress كشف شده است. يك مهاجم مي­تواند با سوء استفاده از اين آسيب پذيري، اقدام به اجراي اسكريپت نمايد.

ID: IRCNE2011081231
Date: 2011-08-27

According to “ZDNET”, the open-source Apache Foundation has warned that attack tool has been released for a serious vulnerability in the Apache HTTPD Web Server.
The ‘killapache’ attack tool is currently circulating in the wild. “Active use of this tools has been observed, Apache warned.
“The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server,” according to an advisory that documents a denial-of-service flaw in the default Apache HTTPD installation.
The group described the issue as a range header DoS vulnerability and offered several pre-patch mitigations to limit the damage from a malicious denial-of-server attack.
“Apache HTTPD users who are concerned about a DoS attack against their server should consider implementing any of the mitigations,” Apache said.
A patch or new apache release for Apache 2.0 and 2.2 is expected later this week.

According to "zdnet", the Ubuntu Linux operating system has been refreshed to fix multiple WebKit flaws that expose users to malicious hacker attacks.
According to an Ubuntu security alert, the flaws are dangerous enough to cause arbitrary code execution attacks. Ubuntu documents 22 different vulnerabilities affecting Ubuntu 10.10 and Ubuntu 10.04 LTS.
A separate vulnerability in the open-source operating system was also fixed to block an issue that lets attackers use eCryptfs to unmount arbitrary locations and cause a denial-of-service condition.
The ecryptfs-utils vulnerability affects Ubuntu 11.04, Ubuntu 10.10 and Ubuntu 10.04 LTS.