ID: IRCNE2012091622
Date: 2012-09-21

According to "cnet", a researcher showed today that Oracle's databases could be hacked with brute-force attacks using only the database's name and a username, according to Kaspersky Lab Security News.
Esteban Martinez Fayo, who works for AppSec Inc., was demonstrating his discovery at a security conference in Argentina and said that within just five hours on a regular PC using a special tool he could hack through easy passwords and access users' data.
"It's pretty simple," Martinez Fayo told the security blog Dark Reading. "The attacker just needs to know a valid username in the database, and the database name. That's it."
Martinez Fayo says he discovered cryptographic flaws in Oracle's password authentication that allows for an easy brute-force hack.
Martinez Fayo said that his team first told Oracle about the bugs in May 2010 and the company fixed them in 2011. However, he said, they didn't fix the current version, which leaves 11.1 and 11.2 still susceptible to attacks. The company's newly released version 12 does fix the problem.
This isn't the first time that security flaws have been found on Oracle databases. In January, the company squashed 78 software bugs in a major patch that stemmed from a flaw that allowed hackers into its databases remotely. And, just last month, new vulnerabilities that can be exploited to run arbitrary code were discovered in Oracle's latest Java 7 update.
Martinez Fayo said there are workarounds for the flaw. "Disable the protocol in Version 11.1 and start using older versions like Version 10g," which is not vulnerable, he said. "It is vital for organizations that deploy Oracle databases affected by these vulnerabilities to administer strong workarounds to prevent an attack."

ID: IRCNE2012091621
Date: 2012-09-21

According to "computerworld", Microsoft today released an emergency patch for Internet Explorer (IE) to stymie active attacks that have been exploiting a bug in the browser, finishing a job it started only Monday.
Today's update, labeled MS12-063, fixes five flaws, including one revealed by a security researcher last weekend that hackers have been using to infect Windows PCs with malware.
Microsoft has published an advisory (on Monday), confirmed the vulnerability and issued a "Fixit," one of its automated configuration tools, to block the known exploits (Wednesday).
Users who have already enabled the shim do not have to uninstall it -- or disable the Fixit -- when they patch today, Microsoft said.
Today's update was rated "critical" by Microsoft, the company's highest threat ranking.
Of the four non-zero-day vulnerabilities, three were limited to IE9, the edition that debuted in March 2011. The fourth impacted only IE7 and IE8. All five vulnerabilities patched by MS12-063 today, including the zero-day, were tagged as critical.
MS12-063 applies to all supported editions of Windows -- XP, Vista and Windows 7 -- and affects IE6, IE7, IE8 and IE9. Only IE10, the browser bundled with Windows 8, is immune.
Friday's "out-of-band" -- security-speak for an emergency update outside the usual monthly Patch Tuesday schedule -- will be the first that Microsoft has released this year and only the second since September 2010. It was also the first emergency patch of an IE zero-day vulnerability since January 2010.
Windows users can obtain MS12-063 via the Microsoft Update and Windows Update services, as well as through the enterprise-grade WSUS (Windows Server Update Services).

شماره: IRCNE2012091620
تاريخ: 29/06/91

ديروز مايكروسافت اعلام كرد كه به زودي براي رخنه امنيتي اينترنت اكسپلورر، يك ترميم منتشر خواهد كرد. اين رخنه كاربران اينترنت اكسپلورر نسخه هاي 6 تا 9 را تحت تاثير قرار مي دهد.
اين رخنه امنيتي كه اواخر هفته گذشته كشف شده است، به افراد خرابكار اجازه مي دهد تا كنترل كامپيوترهاي كاربراني را كه از وب سايت هاي مخرب بازديد مي كنند، در اختيار بگيرند. اين رخنه به طور فعال براي ارسال يك تروجان راه نفوذ مخفي با عنوان "Poison Ivy" مورد سوء استفاده قرار مي گيرد.
شركت مايكروسافت در راهنمايي امنيتي اظهار داشت كه در روزهاي آينده يك راه حل براي اين رخنه منتشر خواهد شد.
مايكروسافت اعلام كرد كه اين ترميم يك راه حل آسان را ارائه مي دهد كه تنها با يك كليك قابل نصب است و هر كاربر اينترنت اكسپلورر مي تواند به راحتي آن را نصب نمايد. مايكروسافت به كاربران خود اين اطمينان را مي دهد تا زماني كه اصلاحيه هاي مايكروسافت منتشر شود، اين ترميم كاربران را در برابر اين مشكل محافظت نمايد.
اين شركت در بيانيه اي به كاربران خود توصيه مي كند كه تا زمان انتشار اين ترميم از آنتي ويروس هاي به روز شده، ضد بدافزارهاي به روز شده و فايروال استفاده نمايند، هم چنين ابزار Enhanced Mitigation Experience Toolkit را نصب نمايند.

ID: IRCNE2012091620
Date: 2012-09-19

According to "cnet", Microsoft said yesterday it will issue a fix soon for a security flaw that affects users of Internet Explorer versions 6 through 9.
Uncovered this past weekend, the security hole could compromise the PCs of IE users who surf to a malicious Web site. The flaw is being actively exploited to deliver a back-door trojan known as "Poison Ivy."
The software giant said in a security advisory this afternoon that a solution to the flaw would be released in the next few days.
Microsoft said the fix would be an "easy-to-use, one-click, full-strength solution" that any IE user could install, promising "it will provide full protection against this issue until an update is available."
While it works on a fix for the flaw, Microsoft issued a security advisory offering several recommendations to help IE users avoid being victims of the zero-day exploit. In addition to running updated antivirus and antispyware software and using a firewall, Microsoft suggests installing its Enhanced Mitigation Experience Toolkit, which tries to ward off attacks on software holes by putting up a wall of security obstacles that the malware writers must circumvent.

شماره: IRCNE2012091619
تاريخ: 28/06/91

محققان هشداد داده اند كه يك حفره امنيتي ناشناخته به طور فعال در اينترنت اكسپلورر نسخه 7، 8 و 9 به منظور ارسال يك تروجان راه نفوذ مخفي با نام "Poison Ivy" مورد سوء استفاده قرار مي گيرد.
در حال حاضر كارشناسان امنيتي يك ابزار تست آسيب پذيري را با عنوان ماژول Metasploit براي اينترنت اكسپلورر نسخه هاي 7، 8 و 9 براي ويندوزهاي XP، ويستا و 7 عرضه كرده اند.
مايكروسافت در حال بررسي اين مشكل است و براي محافظت در برابر اينگونه حملات، در بيانيه زير توصيه هايي را ارائه مي دهد:
"ما از حملات هدفمندي كه به طور بالقوه برخي از نسخه هاي اينترنت اكسپلورر را تحت تاثير قرار مي دهند، مطلع هستيم. لازم به ذكر است كه اينترنت اكسپلور نسخه 10 تحت تاثير اين مشكل قرار ندارد. به مشتريان خود توصيه مي كنيم تا Microsoft's Enhanced Mitigation Experience Toolkit نسخه 3.0 را ارتقاء دهند. اين ابزار بدون تحت تاثير قرار دادن كارهاي مرورگر، حفاظت هاي موثري را فراهم مي كند. ما تحقيقات خود را در رابطه با اين مشكل دنبال كرده و راه هاي مناسب را ارائه مي دهيم."
در اين بيانيه زمان انتشار اصلاحيه براي اين آسيب پذيري ذكر نشده است.

ID: IRCNE2012091619
Date: 2012-09-18

According to "cnet", a previously unknown security hole in Internet Explorer 7, 8 and 9 is being actively exploited to deliver a back door trojan known as "Poison Ivy," researchers warned.
Security experts have already developed a vulnerability-testing tool known as a Metasploit module for IE 7, 8 and 9 on Windows XP, Vista and 7.
Microsoft has been looking into the matter and has some advice for protecting against an attack. Here's Yunsun Wee, director of Microsoft Trustworthy Computing, in an e-mail statement:
We're aware of targeted attacks potentially affecting some versions of Internet Explorer.... We have confirmed that Internet Explorer 10 is not affected by this issue. We recommend customers deploy Microsoft's Enhanced Mitigation Experience Toolkit (EMET) 3.0, which provides effective protections without affecting the Web browsing experience. We will continue to investigate this issue and take further actions as appropriate.
Wee didn't say when Microsoft hoped to have a fix for the vulnerability.

شماره: IRCNE2012091618
تاريخ: 27/06/91

يك جزء هسته‌اي و اساسي امنيت شركت‌هاي جديد، سيستم جلوگيري از نفوذ (IPS) است. شركت HP در حال توسعه سيستم جلوگيري از نفوذ TippingPoint با پلتفورم جديد NX مي‌باشد كه به گفته اين شركت، قادر به گذردهي داده‌هاي بازرسي IPS با سرعت 13 گيگابيت در ثانيه است. اين پلتفورم ماژولار، مديران سيستم‌ها و مديران شبكه‌ها را قادر مي‌سازد كه پورت‌هاي جديد يا انواع مختلفي از پورت‌ها را به كار بگيرند. سيستم عامل اين سيستم، همان سيستم عامل TippingPoint است، و جعبه آن يك جعبه جعبه جديد با سيليكون دلخواه است كه اين اطمينان را ايجاد مي‌كند كه بهترين بازدهي را به دست خواهيم آورد.
NX همچنين به عنوان يك سيستم جلوگيري از نفوذ نسل بعد (NGIPS) شناخته مي‌شود. NGIPS در بازار رقيب سيستم جلوگيري از نفوذ IBM است. پلتفورم IBM Security Network Protection XGS 5000 كه در ماه جولاي معرفي شد، قادر است ترافيك را تا 2.5 گيگابيت بر ثانيه مديريت نمايد.
همچنين محصول HP داراي يك فيد اعتبار است كه TippingPoint را قادر مي‌سازد دسترسي به آدرس‌هاي آي‌پي بد را مسدود نمايد.

شماره: IRCNE2012091617
تاريخ: 27/06/91

بنا بر گزارشي از شركت امنيت موبايل Duo Security، بيش از نيمي از دستگاه‌هاي اندرويد در برابر نقايص امنيتي شناخته شده‌ آسيب پذير هستند. اين نقايص امنيتي مي­توانند توسط برنامه‌هاي خرابكار مورد سوء استفاده قرار گيرند تا دسترسي كامل به سيستم عامل و داده‌هاي ذخيره شده بر روي دستگاه را فراهم آورند.
اين نتايج مبتني بر اسكن‌هايي است كه ظرف چند ماه گذشته توسط X-Ray كه يك ابزار ارزيابي آسيب‌پذيري‌هاي اندرويد است، توسط Duo Security انجام شده است. X-Ray دستگاه‌ها را در مورد آسيب‌پذيري‌هاي شناخته شده افزايش حق دسترسي كه در نسخه‌هاي مختلف سيستم عامل موبايل وجود دارد، اسكن مي‌نمايد.
به گفته يك محقق امنيتي در Duo Security، از زمان راه‌اندازي X-Ray، نتايج از بيش از 20 هزار دستگاه اندرويد در سراسر جهان جمع‌آوري شده است.
آسيب‌پذيري‌هاي افزايش حق دسترسي مي­توانند توسط كاربران براي به دست آوردن حق دسترسي مديريتي (root) بر روي دستگاه‌ها مورد سوء استفاده قرار گيرند و براي جايگزين كردن سفت‌افزار ارائه شده توسط توليد كننده با يك سفت‌افزار دلخواه استفاده گردند.
اين آسيب‌پذيري‌ها همچنين مي‌توانند توسط بدافزارها براي مقاصد خرابكارانه مورد سوء استفاده قرار گيرند و در طول سال‌هاي گذشته، موارد متعددي از اين نوع بدافزارهاي اندرويدي شناسايي شده‌اند.
به گفته يك تحليل‌گر ارشد تهديدات الكترونيكي در شركت امنيتي BitDefender، از زمان آغاز به كار مجموعه امنيتي موبايل اين شركت، سوء استفاده‌هاي با حق دسترسي root يكي از معمول‌ترين تهديدات بوده‌اند.
براي مثال در طول سه ماهه اول 2012، 10 تهديد برتر اندرويد شامل «Rage Against The Cage»، «GingerBreak»، «Exploid» و «Asroot» بوده‌اند.
ممكن است برخي از اين تهديدات توسط كاربراني ايجاد شده باشند كه سعي كرده‌اند به دستگاه خود حق دسترسي root داشته باشند. ساير تهديدات نيز توسط برنامه‌هاي خرابكار ايجاد شده‌اند.
اعمال ديرهنگام و كند اصلاحيه‌هاي امنيتي اندرويد، مشكلي است كه سال‌هاست شناخته شده است.

ID: IRCNE2012091618
Date: 2012-09-17

According to “InternetNews”, a core component of modern enterprise security is the IPS (Intrusion Prevention System). HP is now advancing its TippingPoint IPS portfolio with the new NX platform, which it says can deliver as much as 13 Gigabits per second of IPS inspection throughput. The purpose-built, modular platform enables administrators to plug in new ports or different types of ports. "The operating system is the TippingPoint Operating system, and the box is a custom built box with custom silicon to make sure we get the best performance," Callahan said.
The NX is also what is known as a Next Generation IPS (NGIPS), device as it bundles in application awareness. The NGIPS market is a competitive one, with rivals like IBM debuting its own system. The IBM Security Network Protection XGS 5000platform, announced in July, can handle up to 2.5 Gbps of inspected traffic.
HP's product includes a reputation feed, which enables the TippingPoint IPS to block access to known bad IP addresses, whether outbound or inbound.

ID: IRCNE2012091617
Date: 2012-09-17

According to “ComputerWorld”, over half of Android devices are vulnerable to known security flaws that can be exploited by malicious applications to gain complete access to the operating system and the data stored on it, according to a report from mobile security firm Duo Security.
This conclusion is based on scans performed during the last couple of months with X-Ray, a free Android vulnerability assessment tool developed by Duo Security. X-Ray scans devices for known privilege escalation vulnerabilities that exist in various versions of the mobile operating system.
"Since we launched X-Ray, we've already collected results from over 20,000 Android devices worldwide," security researcher Jon Oberheide, who is co-founder and CTO of Duo Security, said Wednesday in a blog post.
Privilege vulnerabilities can be exploited willingly by users in order to gain administrator (root) access on their devices and, for example, replace the firmware provided by the manufacturer with a custom-built one.
However, they can also be exploited by malware for malicious purposes and there have been multiple documented cases of Android malware that incorporated root exploits over the years.
"Since the launch of our mobile security solution, root exploits have been some of the most frequently encountered threats," Bogdan Botezatu, a senior e-threat analyst at antivirus vendor BitDefender, said Friday via email.
For example, during the first quarter of 2012, the top 10 detected Android threats included the "Rage Against The Cage" exploit, the "GingerBreak" exploit, the "Exploid" exploit and the "Asroot" exploit, Botezatu said.
Some of those cases might have been caused by users who were attempting to "root" their devices. However, others were likely generated by malicious apps that used those exploits, Botezatu said.
The slow deployment of security patches to Android devices is a problem that has been known of for years.