ID: IRCNE2012081593
Date: 2012-08-21

According to "techworld", LibreOffice plans to more swiftly quash its toughest software bugs through a new program that aims to improve cooperation between its quality assurance team and developers.
On Monday it announced the HardHacks program, in which the QA team will identify the five most critical and annoying bugs, said Björn Michaelsen, a member of the Engineering Steering Committee and board of The Document Foundation, the company behind LibreOffice, in a blog post detailing the plans. These bugs will be handed over to a team of the most experienced core LibreOffice developers.
All HardHack bugs that are selected by the QA team should be in one of LibreOffice's Most Annoying Bug (MAB) lists, Michaelsen said. In general, MABs are problems that impact a large number of users, or make the use of LibreOffice more difficult because they require a work-around that is not easily accessible to all users, said Italo Vignoli, director at The Document Foundation.
LibreOffice has always focused on hard bugs, according to Vignoli. "But now that we have a larger development community it is quite logical that core developers ... can spend some more time on these tasks," he said. Core developers in the past have spent a lot of time helping new developers get up to speed, he said.
Changing the way critical bugs are dealt with is a process of a growing and developing community, said Vignoli. LibreOffice is also going to focus on other areas such as certification, marketing and the development of local communities in the near future.

ID: IRCNE2012081592
Date: 2012-08-21

According to “UberGizmo”, white hatters working for Intel’s McAfee security division are taking the lead in protecting computers and electronic communications systems that are built into every modern car. Although there have been no reports so far of violent computer attacks targeted at cars, security experts believe that automakers have so far failed to “adequately protect its systems.” This leaves its customers vulnerable to hacks by attackers who are planning to steal cars, eavesdrop on conversations, or even harm passengers by causing vehicles to crash.
“If your laptop crashes you’ll have a bad day, but if your car crashes that could be life threatening,” said Bruce Snell, a McAfee executive. “I don’t think people need to panic now. But the future is really scary,” he added. In 2010, a group of U.S. computer scientists conducted a study that revealed how viruses could indeed damage cars. They also identified ways as to how computer worms and Trojans are transmitted to automobiles, either via on-board diagnostics systems, wireless connections and even tainted CDs played on radios systems.
However, they did not mention which car company specifically had the vulnerability. On the other hand, Ford said that the car company has already assigned security engineers to make its sync in-vehicle communications and entertainment system as resistant as possible to attacks. Meanwhile, top automakers Toyota, Honda, and Hyundai declined to comment about any security vulnerability on its cars.

ID: IRCNE2012081591
Date: 2012-08-21

According to “ITPro”, Apple has hit back at claims that its iPhone smartphones are prone to a vulnerability that allows hackers to spoof messages pretending to be from a bank or credit card company.
A security researcher, dubbed “pod2g” said that the vulnerability bypasses Apple’s checks on third-party apps.
As the flaw does not execute code, a hacker doesn’t need to get malicious code pass Apple, which has final say on all mobile apps that appear on its App Store.
The security researcher said that the bug is so severe; it affects all current versions of iOS including the latest, unreleased version iOS 6 beta 4.
"I am pretty confident that other security researchers already know about this hole, and I fear some pirates as well," the researcher said on their blog.
The problem involves the header of a text message, which comprises of both the originating number of the message and the reply-to number. When the user writes a message, it is converted to PDU (Protocol Description Unit) by the mobile and passed to the baseband for delivery.
In the text payload, a section called UDH (User Data Header) is optional but defines lot of advanced features not all mobiles are compatible with. One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer to the text, he will not respond to the original number, but to the specified one.
“Most carriers don't check this part of the message, which means one can write whatever he wants in this section, a special number like 911, or the number of somebody else,” said Pod2g.
The researcher said that in good implementation of this feature, the receiver would see the original phone number and the reply-to one. “On iPhone, when you see the message, it seems to come from the reply-to number, and you lose track of the origin,” said Pod2g.
Apple released a statement and said that it took “security very seriously”.
"When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks."
"One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they're directed to an unknown website or address over SMS," it added.

ID: IRCNE2012081590
Date: 2012-08-21

According to "techworld", reports have emerged from China of an ingenious new backdoor Android malware attack that has infected hundreds of thousands of subscribers and can prove difficult to de-install without technical support.
Dubbed Trojan!SMSZombie.A – ‘SMSZombie’ for short - by one of the companies reporting on it, the malware is said to have spread through the largest Chinese Android marketplace.
The innovation is the use of a backdoor to install itself before the payload is downloaded. This makes detection harder, said the company that detected it, TrustGo.
The malware becomes active once it has been selected as the smartphone’s wallpaper, after which it asks to download additional files in the form of what claims to be an ‘Android system service.’
It then asks for administrator privileges (pressing the cancel button for this request simply throws up a dialog box each time), after which the user cannot disable the app using Android’s ‘uninstall app’ function.
Beyond the fact that the criminals have control of the device and can intercept messages, the purpose is to defraud the user of money via payments exploiting an unspecified flaw in the China Mobile SMS Payment System.
Noticed as long ago as 25 July, TrustGo said that it believed the malware had infected more than 500,000 smartphones.
SMSZombie is unlikely to affect subscribers in countries such as the US and UK, but its design indicates that attackers are thinking of ways to beat new layers of security added to protect Android systems.
SMSZombie can be de-installed manually by following the instructions posted by TrustGo.

ID: IRCNE2012081589
Date: 2012-08-21

According to “ComputerWorld”, McAfee is expanding its mobile security software for Android tablets and smartphones, as it sees an increase in threats targeting Android devices, the Intel subsidiary announced on Monday.
The new Mobile Security software has features that help ensure that apps are not accessing personal information without the user's knowledge, and reports on apps that may be sending personal data to risky sites such as adware and spyware networks, McAfee said in a news release. The software should also protect customers against financial fraud, identity theft and viruses, it said.
This summer, McAfee has seen an increase in threats targeting Android devices, the company said. "The Android operating system continues to be the most popular target for writers of mobile malware--including SMS-sending malware, mobile botnets, spyware, and destructive Trojans," according to McAfee. To steer clear from malicious apps, users should research apps and app publishers and check ratings before they decide to install the software, it said.
As security firms concentrate more and more on mobile offerings, adding new features such as privacy controls is very important, in particular to protect the user from banking fraud or identity theft, said Ben Wood, director of research at CCS Insight.
But the problem for security companies is that most users don't regard mobile security problems as a big threat, he said. "Turning mobile security into a meaningful product has proven to be difficult," he said.
McAfee's mobile security software recently surpassed one million downloads on Google Play, the Android app store. This proves that consumers are not really concerned, said Wood, who added that one million downloads is a fairly small number if you keep in mind that there are tens of millions of Android devices sold.
"There are a lot of companies in the mobile security space," Wood said, who reckoned that there is a big potential in the mobile security market. But to convince consumers that there is a need for mobile security software, there first has to be a disastrous mobile security problem that affects many users so they become aware of the threat, he said. "Then everybody rushes off to buy it," he added.
Other security companies as F-Secure, AVG and Lookout Mobile Security are also betting on a growing mobile security market, and they hope that one day the mobile security market will become as big as the security market for PCs, said Wood. Most consumers understand how important security as a virus scanner and firewall are when using a PC, he said.
McAfee offers its mobile security software package for US$29.99 for a one-year subscription, and it is also available for BlackBerry and Symbian devices. The company did not immediately reply to a request to comment on any plans to expand the privacy enhancements of its Android product to their Symbian and BlackBerry offerings.

ID: IRCNE2012081588
Date: 2012-08-21

According to "eweek", Advanced Micro Devices is the latest major company to be victimized by hackers, shutting down its blog site Aug. 19 after a group calling itself r00tbeer apparently defaced the site and stole a database containing information of AMD staff.
The attackers reportedly announced the hack on its Twitter account after putting their logo and a link to the Twitter account on the site.
The chip maker has since shut down the site, initially saying it was being taken offline for “routine maintenance,” then posting a message that said its blog site “is temporarily unavailable. We apologize for the inconvenience. This area will be back online as soon as possible.”
In a statement emailed to eWEEK, an AMD spokesperson said the blog site was attacked Aug. 19 and that the company immediately took the site offline and changed all passwords.
“We believe that the attackers posted less than 200 registered usernames and salted password hashes to a hacker Website,” the statement said. “AMD uses salted password hashes, which is an industry best practice for encryption and extremely difficult to crack. … AMD remains committed to data security and user privacy and has launched an investigation into this matter.”
According to reports, AMD uses the WordPress blogging tool as the foundation of its blog site, which includes postings on everything from the company’s consumer and enterprises chip technologies to its cloud efforts and corporate information. The r00tbeer attackers apparently stole a user database from the site that contained information of almost 190 internal accounts.
Sophos’ Ducklin said that in terms of its size, the AMD hack was relatively minor, but that any hack is a cause for concern.

شماره: IRCNE2012081587
تاريخ: 30/05/91

با توجه به بررسي هاي انجام شده توسط GreenSQL، بيش از 65 درصد از شركت ها داده هاي حساس موجود در پايگاه داده را به منظور عدم دسترسي كارمندان و مشاوران غيرمجاز محافظت نمي كنند.
مدير فناوري GreenSQL، David Maman اظهار داشت: بسياري از سازمان ها اطلاعات موجود در پايگاه داده را كنترل نمي كنند. به عنوان يك مدير پايگاه داده، بايد به منظور نگهداري پايگاه داده كنترل كاملي بر روي آن داشته باشند. در صورت افشاء شدن پايگاه داده، مي توان هر گونه اطلاعات در پايگاه داده را مشاهده كرد.
با توجه به اين بررسي، تنها 12 درصد از داده هاي پويا در محيط هاي حفاظت شده نگهداري مي شوند.
David Maman توضيح داد كه راه حل هاي پوشش داده شده براي داده هاي پويا، قواعدي را براي اجراي دسترسي اعمال مي كنند و اطمينان مي دهند كه تنها كساني كه نياز به دسترسي به بخش هاي خاص و داده هاي حساس دارند، به آن بخش ها دسترسي مي يابند و كساني كه مجوز دسترسي ندارند نمي توانند به آن وارد شوند. اين قواعد تضمين مي كنند كه داده ها هرگز به شكل اصلي خود از پايگاه داده خارج نمي شوند و اين كار باعث جلوگيري از سرقت اطلاعات مي شود.

شماره: IRCNE2012081586
تاريخ: 28/05/91

به گزارش سازمان مبارزه با هرزنامه Spamhaus، پس از از كار افتادن يك بت نت اصلي ارسال هرزنامه به نام Grum در ماه جولاي، Festi كه بت نت نسبتا جديدي محسوب مي­شود جاي آن را پر كرده است.
بت نت Festi كه با نام Spamnost نيز شناخته مي­شود، از زمان مرگ Grum شروع به نمايش خود كرده است. Spamhaus حداقل 250 هزار آدرس آي پي يكتا را شمارش كرده است كه نشانه هايي از آلودگي به Festi را با خود دارند. اين تعداد در زمان از كار افتادن Grum، 20 هزار آدرس آي پي يكتا بود.
از ابتداي جولاي، Spamhaus شاهد افزايشي جدي در فعاليت­هاي هرزنامه اي Festi بوده است. در اوج اين فعاليت، در طول يك 24 ساعت Spamhaus توانسته است در ميان يك ميليون آدرس آي پي آلوده به يكي از انواع بت نت­هاي هرزنامه اي، نزديك به 300 هزار آدرس آي پي را شناسايي نمايد كه توسط Festi آلوده شده بودند.
Festi كه در دسامبر 2011 توسط سايمانتك شناسايي شده است، اكنون به رقيب Cutwail در زمينه ارسال هرزنامه تبديل شده است. افزايش فعاليت Festi از يك الگوي آشنا پيروي مي­كند: همانطور كه محققان و قانون به موفقيت­هايي در زمينه از كار انداختن برخي بت نت­ها دست پيدا مي­كنند، خرابكاران نيز به سرعت به بت نت­هاي جديد تغيير موضع مي­دهند.
Grum كه روزانه 18 ميليارد هرزنامه را ارسال مي­كرد، آخرين بت نت مهمي بود كه از كار افتاد. سرورهاي دستور و كنترل Grum در پاناما و هلند از كار انداخته شدند. سازندگان Grum به سرعت سرورهاي دستور و كنترل جديدي را در اوكراين راه اندازي كردند كه از يكي از سرورهاي باقي مانده در روسيه استفاده مي­كردند.

شماره: IRCNE2012081585
تاريخ: 28/05/91

سايمانتك يك حفره امنيتي را در سرويس Norton Online Backup برطرف كرده است كه به طور غيرعمدي به برخي كاربران اجازه مي­داد داده هاي ساير مشتريان Norton Online Backup را مشاهده كرده و مورد دسترسي قرار دهند.
سايمانتك روز گذشته اعلام كرد كه در روز 30 جولاي و به عنوان بخشي از پروسه نگهداري سرور، اين شركت تغييري در روش cache كردن فايل­هاي HTML خاص و ساير دارايي­هاي استاتيك ايجاد كرد كه به علت يك پيكربندي اشتباه، ممكن است منجر به اين شده باشد كه برخي كاربران اشتباها كوكي­هاي نشست­هاي ساير كاربران را دريافت كرده باشند. زماني كه كاربر به حساب Norton Online Backup خود وارد مي­شود، اين كوكي­ها بر روي داده هايي كه براي وي نمايش داده مي­شوند تأثير مي­گذارند.
اين مسأله توسط يكي از كاربران Norton Online Backup به اطلاع سايمانتك رسيده بود كه تصور كرده بود با يك نشت اطلاعاتي روبرو شده است. وي به صورت تصادفي به فايل­هاي يكي ديگر از كاربران اين سرويس دسترسي پيدا كرده بود. به گفته وي، زماني كه او وارد حساب خود شده بود، آيكون و نام مربوط به وي براي يك لحظه نمايش داده شد و پس از آن، اين نام و آيكون با نام و آيكون شخص ديگري جايگزين شده بود.
سايمانتك اظهار داشت كه در روز 7 آگوست شروع به تحقيق در مورد اين مساله كرده است و ظرف مدت 24 ساعت با بازگرداندن به سرور به آخرين وضعيت قبل از بروز اين مشكل، مساله را حل كرده است.

شماره: IRCNE2012081584
تاريخ: 28/05/91

مايكروسافت قابليت تشخيص بدافزار Bafruz را به ليست تهديدهاي شناخته شده در ابزار Malicious Software Removal Tool اضافه كرد. اين بدافزار يك تروجان راه نفوذ مخفي است كه قادر است كنترل برخي از فعاليت ها را بر روي كامپيوترهاي قرباني در اختيار بگيرد.
مركزMalware Protection مايكروسافت گفت: بدافزار Bafruz مي تواند كنترل حساب هاي كاربري بر روي سايت هاي شبكه اجتماعي مانند فيس بوك و Vkontakte را در اختيار بگيرد، حملات انكار سرويس توزيع شده را راه اندازي نمايد، Bitcoin mining را هدايت نمايد، بدافزارهاي ديگري را نصب نمايد و محصولات امنيتي مانند آنتي ويروس ها را غيرفعال نمايد .
اين بدافزار ابتدا ليستي از فرآيندهاي امنيتي خاتمه يافته را نمايش مي دهد. سپس به كاربر هشدار مي دهد كه به منظور حذف يك ويروس، سيستم را دوباره راه اندازي نمايد. زماني كه كاربر سيستم را دوباره راه اندازي كند، كامپيوتر در حالت امن بالا مي آيد و به اين بدافزار اجازه مي دهد تا نرم افزار آنتي ويروس را غيرفعال نمايد. پس از آن بدافزار مي تواند بدافزارهاي ديگري را در پس زمينه دانلود كند.