Number: IRCNE2013091965
Date: 2013/09/20

According to “zdnet”, On Wednesday, Robert Hoover wrote on the official Windows Phone blog that Windows Phone 8 has reached an "important new security milestone" which could make the platform a prospect for governments and organizations that require high security and encryption on their networks and communication platforms.
The U.S. government has granted the platform the FIPS 140-2 (.pdf) security accreditation. FIPS 140-2 is used to scrutinize and assign a level of security to devices including tablets and smartphones which use cryptographic algorithms to protect sensitive data stored within.
In total, Windows Phone 8 has received FIPS 140-2 validation for nine cryptographic certificates. The full list of Windows 8 Phone accredited certificates are below:

• Kernel Mode Cryptographic Primitives Library (CNG.SYS)
• Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)
• Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)
• Enhanced Cryptographic Provider (RSAENH.DLL)
• Boot Manager
• BitLocker Windows OS Loader (WINLOAD)
• Code Integrity (CI.DLL)
• BitLocker Windows Resume (WINRESUME)
• BitLocker Dump Filter (DUMPFVE.SYS)

The accreditation was awarded by the Cryptographic Module Validation Program. In addition to the announcement, Microsoft has also updated its Windows Phone 8 Security Guide to cover policy and EAS firewall settings.

Number: IRCNE2013091964
Date: 2013/09/20

According to “zdnet”, just one day after Apple's latest mobile operating system iOS 7 was released to the public, one user discovered a security vulnerability in the software's lock screen.
In a video posted online, Canary Islands-based soldier Jose Rodriguez detailed the flaw, which allowed him to access the multitasking view of the software without entering a passcode. With this, it's apparent which apps are open and how many notifications there are, as well as the device's home screen.
All devices were exploited in the same way with the lock screen bypass technique, and all devices acted in exactly the same fashion.
However, upon further examination, it's possible to access an array of photos under the Camera Roll, and thus access to sharing features — including Twitter.
Despite the flaw, iOS 7 patches 80 security vulnerabilities, according to ZDNet's Larry Seltzer.
Rodriguez also found a bug in iOS 6.1.3, which allowed potential hackers to access an iPhone running vulnerable software by ejecting the SIM card tray.
Until Apple issues an official fix, iOS 7 users can simply disabling access to the Control Center on the lock screen.

Number: IRCNE2013091963
Date: 2013/09/20

According to “zdnet”, Microsoft is reporting an unpatched vulnerability in all versions of Internet Explorer. All versions of IE, other than those running on Windows Server, are vulnerable. This includes Internet Explorer 11 on Windows 8.1 and RT.
The vulnerability comes from a memory corruption bug which could lead to remote code execution. Microsoft says that they are aware of targeted attacks exploiting this vulnerability on Internet Explorer 8 and 9. Exploits such as these are often version-specific, even if the vulnerability affects multiple versions.
Attacks may be blocked by running a Microsoft "Fix it" solution for an earlier vulnerability: CVE-2013-1347 MSHTML Shim Workaround.
The company has not decided how to respond to the vulnerability. Certainly they will write a patch, but whether they schedule it for a Patch Tuesday or go "out of band" is not yet clear.
Microsoft's advisory also says that EMET (the Enhanced Mitigation Experience Toolkit) may be used to mitigate against the vulnerability.

Number: IRCNE2013091962
Date: 2013/09/20
According to “zdnet”, it's not the flashiest improvement in iOS 7, but the new version fixes 80 security vulnerabilities that presumably remain in iOS 6.
The list is very big, even for Apple, which is known for such large updates. Also typical of Apple, the updates include several for vulnerabilities that are quite old.
The bugs could allow many undesirable behaviors:

• Malicious code execution
• Determination of the user's passcode by an app
• The ability to persist malicious code execution across reboots
• background applications could inject user interface events into the foreground application
• The ability to intercept data protected with IPSec Hybrid Auth
• A person with physical access to the device may be able to bypass the screen lock
• Sandboxed apps could send tweets without user interaction or permission
• Malicious apps could interfere with or control telephony functionality

What would seem to be the oldest bug in the list is labeled as CVE-2011-2391. It is described as kernel bug which could allow a DOS, via high CPU load, when an attacker sends specially-crafted IPv6 ICMP packets.
But the update also fixes several bugs from 2012 and one from 2011 in the libxml library. The bugs were reported to Apple from dozens of outside sources including Microsoft and Fortinet. 24 of the 80 were reported to Apple by Google.

Number: IRCNE2013091961
Date: 2013/09/19

According to “zdnet”, Mozilla has released new versions of Firefox and the Thunderbird email client. The new version adds many new features and fixes many serious vulnerabilities.
10 Critical vulnerabilities, 4 rated High and 6 rated Moderate are fixed in this version. Nine of the critical vulnerabilities are memory management errors and one an integer overflow; all could lead to malicious code execution.
Many of the vulnerabilities technically apply to Thunderbird, but in practice cannot be exploited because they require features, like scripting, which are disabled in email.Version 24 also adds several new features.
Version 24 also removes support for Certificate Revocation Lists (CRLs), the original method for certificate authorities to advertise the revocation of a digital certificate, typically for SSL/TLS. CRLs are static lists of certificate IDs; they can get large and be cumbersome to manage. Google Chrome already does not support them, nor does Firefox Mobile.

شماره: IRCNE2013091960
تاريخ: 25/06/92

چند به‌روز رساني از مجموعه آخر به‌روز رساني‌هاي مايكروسافت كه روز سه‌شنبه 10 سپتامبر عرضه شد، از خطاي تشخيص رنج مي‌بردند: در مورد بسياري از كاربران، حتي پس از پذيرش و نصب به‌روز رساني، همچنان پيشنهاد نصب اين به‌روز رساني‌ها از طريق به‌روز رساني ويندوز، سرويس‌هاي به‌روز رساني ويندوز سرور (WSUS) يا مدير پيكربندي مركزي سيستم (SCCM) ارائه مي‌شد.
اين شركت براي رفع اين مشكل، اصلاحيه‌هاي زير را مجدداً عرضه كرده است:

• MS13-067 (حياتي): آسيب‌پذيري‌هايي در Microsoft SharePoint Server كه مي‌تواند منجر به اجراي كد از راه دور گردد (2834052)
• MS13-072 (مهم): آسيب‌پذيري‌هايي در Microsoft Office كه مي‌تواند منجر به اجراي كد از راه دور گردد (2845537)
• MS13-073 (مهم): آسيب‌پذيري‌هايي در Microsoft Excel كه مي‌تواند منجر به اجراي كد از راه دور گردد (2858300)
• MS13-074 (مهم): آسيب‌پذيري‌هايي در Microsoft Access كه مي‌تواند منجر به اجراي كد از راه دور گردد (2848637)

به گفته مايكروسافت، اصل اين به‌روز رساني‌ها تغييري نكرده است و صرفاً تشخيص آنها بر روي سيستم تغيير يافته است. مشترياني كه اين به‌روز رساني‌ها را با موفقيت تصب كرده‌اند نيازي به نصب مجدد آنها ندارند.
اما بسياري از كاربران به‌روز رساني را پنهان كرده‌اند تا از شر اين پيغام‌ها خلاص شوند. اين كاربران بايد به‌روز رساني را از حالت مخفي خارج كرده و اين به‌روز رساني‌ها را نصب نمايند.

مطالب مرتبط:
انتشار اصلاحيه هاي مايكروسافت

ID: IRCNE2013091960
Date: 2013-09-16

According to “ZDNet”, one of the many problems Microsoft has had lately with their software updates is that several of the updates in the last group, released on Tuesday September 10, had a detection error: For many users, even after apparently accepting and installing the update, several would keep offering for install in Windows Update, Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM).
The company has reissued the following patches to address the problem:

• MS13-067 (Critical) — Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052)
• MS13-072 (Important) — Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537)
• MS13-073 (Important) — Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2858300)
• MS13-074 (Important) — Vulnerabilities in Microsoft Access Could Allow Remote Code Execution (2848637)

Microsoft says that there are no changes in the actual updates, just in the detection of the update on the system. Customers who have already successfully installed the update need not take any action.
Many users hid the update in order to avoid the notifications. These users should unhide the update and install.

Related Posts:
Severe flaw in Outlook 2007/2010 patched

شماره: IRCNE2013091959
تاريخ:24/06/92

نوع جديدي از بدافزار Tibet براي OS X كشف شده است. اين بدافزار از يك آسيب پذيري كه اخيرا در جاوا اصلاح شده است استفاده مي كند تا يك سرويس راه نفوذ مخفي را در سيستم هاي هدف نصب نمايد و به هكر اجازه دهد تا از راه دور وارد سيستم شده و فايل ها را به سرقت ببرد.
اين بدافزار در يك فايل ZIP يا در قالب برنامه هاي كاربردي به عنوان تصاوير يا انواع ديگر فايل ها بسته بندي مي شود. هنگامي كه اين فايل ها اجرا مي شود يك راه نفوذ مخفي را نصب مي كند كه به كاربر راه دور اجازه مي دهد تا وارد سيستم شده و اطلاعات شخصي را به سرقت ببرد.
در حال حاضر بدافزار Tibet سه نوع شناخته شده دارد كه آخرين نوع آن يك سال پيش كشف شده است. در نسخه هاي قديمي، اين بدافزار در قالب نصب كننده هاي فايل منتشر شده يا از آسيب پذيري هاي موجود در برنامه هاي كاربردي آفيس سوء استفاده كرده است. اما نسخه جديد اين بدافزار از يك آسيب پذيري كه اخيرا در جاوا اصلاح شده است براي نصب خود استفاده مي كند. زماني كه اين بدافزار نصب شد، برنامه كاربردي پنهان زير اجرا مي شود:

/Library/Audio/Plug-Ins/Components/AudioService
/Library/LaunchAgents/com.apple.AudioService.plist

با توجه به ماهيت كد سوء استفاده جاوا كه در اين حمله استفاده مي شود، اين فايل هاي خرابكار بدون رمز عبور نصب مي شوند.
براي بررسي و حذف اين بدافزار، به سادگي در سيستم خود به پوشه هاي بالا رفته و فايل هاي مربوطه را در صورت وجود حذف مي نماييد و سپس سيستم خود را دوباره راه اندازي نماييد تا هر نمونه از بدافزار كه در پس زمينه در حال اجراست پاك شود.
اين بدافزار هنوز گسترش نيافته است و اگر چه اوراكل رخنه هاي موجود در جاوا را برطرف كرده است و اپل نيز به روز رساني هايي براي سرويس XProtect خود منتشر كرده است ممكن است بدافزارهاي ديگري از كدهاي سوء استفاه مشابه استفاده كرده باشند. بنابراين براي حفاظت از خود در برابر چنين حملاتي مي توانيد اقدامات ذيل را انجام دهيد:
1. سيستم خود را به روز رساني نماييد.
2. جاوا را غيرفعال نماييد.
3. عوامل و پوشه هاي مربوط به راه اندازي سيستم را نظارت نماييد.

ID: IRCNE2013091959
Date: 2013-09-14

According to "cnet", a new variant of the Tibet malware for OS X has been found. This variant uses a recently patched Java exploit to install a backdoor service in targeted systems and allow a remote hacker to log in and steal files.
The malware has been packaged in ZIP files, or as applications disguised as images or other file types. When run, it installs a backdoor program that allows a remote user to log in and steal personal information.
This so-called Tibet malware has until now there had three known variants, the last of which was found over a year ago.
While prior versions of the malware disguised installers as benign files, or exploited vulnerabilities in Office applications, this new variant uses a recently patched Java exploit to install the malware. When done, the following hidden application runs, as well as a corresponding global launch agent that keeps the application running in the background:
/Library/Audio/Plug-Ins/Components/AudioService
/Library/LaunchAgents/com.apple.AudioService.plist
Given the nature of the Java exploit used for this attack, these malicious files are installed without any prompt for a password.
To check for and remove this malware, simply go to the above folders in your system and remove the corresponding files, if they exist, and then restart your system to clear any instances of the malware that are running in the background.
This malware is by no means widespread, and even though Oracle has fixed the flaws for this vulnerability in Java and Apple has issued updates to its XProtect service that force the use of the latest Java versions in OS X, there may be some who might encounter either it or other malware that uses similar exploits. Therefore, to help protect yourself from such attacks there are several things you can do.
1. Update your system
2. Disable Java
3. Monitor launch agent and launch daemon folders

شماره: IRCNE2013091958
تاريخ: 23/06/92

اوراكل ويژگي جديدي را به جاوا اضافه كرده است كه به شركت‌ها اجازه مي‌دهد كنترل كنند كه كدام اپلت‌هاي خاص جاوا مجوز اجرا بر روي كامپيوترهاي آنها را داشته باشند. اين ويژگي به شركت‌ها كمك مي‌كند كه خطرهاي امنيتي جاوا را بهتر مديريت نمايند.
اين ويژگي جديد با نام Deployment Rule Set شناخته شده و در جاوا 7 به‌روز رساني 40 (Java 7u40) كه روز سه‌شنبه عرضه شد، افزوده شده است.
بسياري از كاربران خانگي مي‌توانند با غيرفعال كردن پلاگين جاوا در مرورگرها يا حذف اين نرم‌افزار به طور كلي، خود را در برابر حملات عليه جاوا محافظت نمايند. اما اغلب شركت‌ها نمي‌توانند اين كار را انجام دهند، چرا كه كارمندان آنها نياز به دسترسي به برنامه‌هاي مبتني بر وب دارند كه بايد جاوا را پشتيباني نمايند.
بسياري از شركت‌ها به دليل عدم سازگاري، نمي‌توانند به نسخه‌هاي جديدتر جاوا به‌روز رساني نمايند كه اين موضوع، خطر سوء استفاده از كامپيوترهاي آنها از طريق آسيب‌پذيري‌هاي جاوا را افزايش مي‌دهد.
در گذشته محققان امنيتي اوراكل را به دليل عدم افزودن ويژگي ليست سفيد به جاوا مورد سرزنش قرار مي‌دادند. اكنون به نظر مي‌رسد كه اين شركت به اين موضوع توجه كرده است و ويژگي جديد Deployment Rule Set مي‌تواند به اين منظور مورد استفاده قرار گيرد.
اين ويژگي اين امكان را در اختيار مديران سيستم قرار مي‌دهد كه يك فايل XML با قوانيني براي نحوه مديريت اپلت‌هاي شناخته شده توسط پلاگين جاوا تعريف كنند. به اين ترتيب كنترل مناسبي براي اجراي اپلت‌هاي جاوا در اختيار مدير سيستم قرار مي‌گيرد و صرفاً اپلت‌هاي مجاز جاوا امكان اجرا بر روي سيستم‌هاي تحت كنترل را دارا خواهند بود.