ID: IRCNE2011101301
Date: 2011-10-30

According to "zdnet", Security researchers from multiple companies, have spotted a new Mac OS X malware. Dubbed ‘Tsunami’, the malware’s primary goal is to act as platform for executing distributed denial of service (DDoS) attacks.
What’s particularly interesting about this backdoor, is the fact that malware coders have ported the malware bot from Linux to Mac OS X in an attempt to enter the Mac OS X market segment.
In addition to enabling DDoS attacks, the backdoor can enable a remote user to download files, such as additional malware or updates to the Tsunami code. The malware can also execute shell commands, giving it the ability to essentially take control of the affected machine. In terms of functionality, the Mac variant of the backdoor is similar to its older Linux brother. The malware is currently detected as OSX/Tsunami-A.

ID: IRCNE2011101300
Date: 2011-10-30

According to "computerworld", It's been more than two months since Research In Motion (RIM) reported a BlackBerry smartphone or BlackBerry Enterprise Server (BES) security flaw, but the Canadian company has announced a handful of recently discovered vulnerabilities in its BlackBerry 6 handheld OS and BES for IBM Lotus Notes and Microsoft Exchange.
First, RIM reports that three newly discovered vulnerabilities in the BlackBerry 6 Webkit browser could allow a hacker to access and/or modify data stored within a BlackBerry 6 smartphone's internal storage.
The flaws affect a number of BlackBerry smartphones running the BlackBerry 6 OS, including the Bold 9650, Bold 9700, Bold 9780, Curve 9300, Pearl 9100, Style 9670, and Torch 9800 handhelds.
RIM recommends updating your BlackBerry 6 smartphone's OS to v6.0.0.522 for the Bold 9650, Curve 9330 smartphone, and Style 9670 smartphones; and to v6.0.0.566 for the remaining affected devices.
Secondly, RIM reports a new BES flaw that could affect organisations that employ Microsoft's Office Communications Server (OCS) 2007 R2 and/or the Microsoft Lync Server 2010 BlackBerry IM Client with certain versions of RIM's BES for Lotus Notes and BES for Microsoft Exchange.
To address the issue, RIM released new security updates for BES in the form of a BES 5.0.3.

شماره: IRCNE2011101299
تاريخ: 7/08/90

يك متخصص تست نفوذ توانسته است يك نقص امنيتي در فيس بوك را شناسايي كند كه به هكر اجازه مي دهد برنامه هاي خرابكار را براي هر كاربري در فيس بوك ارسال كند.
بنا بر گفته هاي اين متخصص امنيتي فيس بوك در حالت عادي اجازه ارسال فايلهاي اجرايي در قالب پيغام را نمي دهد. روش فيس بوك براي جلوگيري از ارسال فايلهاي اجرايي تجزيه نام فايل در دستور POST مرورگر است، اما در صورتي كه هكر يك فاصله اضافي در انتهاي نام فايل قرار دهد، به راحتي مي تواند يك فايل اجرايي را به عنوان پيوست پيغام خود قرار دهد.
از آنجايي كه فيس بوك اجازه مي دهد هر كاربر براي كاربر ديگر صرف نظر از اينكه در ليست دوستانش باشد يا خير، پيغام بفرستد، بنابراين يك هكر با استفاده از اين روش مي تواند برنامه هاي خرابكار خود را براي همه كاربران فيس بوك ارسال كند.

ID: IRCNE2011101299
Date: 2011-10-29

IDG News Service - A security penetration tester discovered a major flaw in Facebook that could allow a person to send anyone on the social-networking site malicious applications.
Nathan Power, a senior security penetration tester at technology consultancy CDW, discovered the vulnerability and publicly disclosed it Thursday on his blog. The flaw was reported to Facebook on Sept. 30, which acknowledged the issue on Wednesday, he wrote.
Power, who could not immediately be reached, wrote that Facebook does not normally allow a person to send an executable attachment using the "Message" tab. If you try to do that, it returns the message "Error Uploading: You cannot attach files of that type."
Power wrote that an analysis of the browser's "POST" request sent to Facebook's servers showed that a variable called "filename" is parsed to see if a file should be allowed. But by simply by modifying the POST request with a space just after the file name, an executable could be attached to the message.
"This was enough to trick the parser and allow our executable file to be attached and sent in a message," Power wrote.
A person would not have to be an approved friend of the sender, as Facebook allows people to send those who are not their friends messages. The danger is that a hacker could use social engineering techniques to coax someone to launched the attachment, which could potentially infect their computer with malicious software.
Facebook representatives contacted in London did not have an immediate response on Thursday afternoon.

شماره: IRCNE2011101298
تاريخ: 3/08/90

كارشناسان از فروشنده امنيتي ESET هشدار دادند كه TDL4، يكي از پيچيده ترين قطعات بدافزار در جهان، به منظور افزايش انعطاف پذيري كشف آنتي ويروس، بازنويسي شده است .
ديويد هارلي، مدير شركت هوش مخرب اعلام كرد: محققان ESET بات نت TDL4 را براي يك مدت طولاني بررسي كردند و در حال حاضر ما در تكامل آن متوجه يك فاز جديدي شده ايم.
او اشاره كرد: بر اساس تجزيه و تحليل هاي اجزاء آن مي توانيم بگوييم كه برخي از اجزاي آن ( درايو مد هسته و خروجي مد كاربر) از اول بازنويسي شده اند و برخي(مخصوصا، برخي از اجزاء bootkit) به همان صورت نسخه هاي قبلي باقي مانده اند.
تعدادي از فروشندگان انتي ويروس مانند كسپرسكي، بيت ديفندر يا AVAST، براي حذف TDL4 و روت كيت هاي مشابه آن ابزارهاي مستقل رايگاني را پيشنهاد مي دهند. با اين حال به منظور اجتناب از آلوده شدن، در وهله اول كاربران بايد يك آنتي ويروس را نصب نمايند كه سطوح پيشرفته اي از حفاظت را فراهم مي كند.

شماره: IRCNE2011101297
تاريخ: 3/08/90

هكرها يك برنامه را عرضه كرده اند كه به يك كامپيوتر اجازه مي دهد تا با استفاده از يك ارتباط امن به يك سرور وب آسيب برساند. ابزار THC - SSL - DOS، كه روز دوشنبه منتشر شد، ظاهرا از يك رخنه در مذاكره مجدد پروتكل لايه سوكت هاي امن (SSL) كه توسط اصرار سيستم با درخواست هاي متعدد براي ارتباطات امن صورت مي گيرد، سوء استفاده مي كند. مذاكره مجدد SSL به وب سايت ها اجازه مي دهد تا بر روي ارتباط SSL اي كه مستقر شده است، يك كليد امنيتي جديد ايجاد كند.
يك گروه آلماني معروف به Hacker Choice اظهار داشت: اين ابزار سوء استفاده براي جلب توجه به رخنه هاي SSL منتشر شده است.
يك فرد ناشناس از اين گروه گفت: ما اميدواريم كه به اين رخنه هاي امنيتي در SSL بي توجهي نشود.
اين صنعت بايد براي برطرف نمودن اين مشكل اقدام كند به طوري كه شهروندان دوباره امن و مطمئن باشند. SSL يك روش قديمي براي حفاظت از داده هاي خصوصي است و براي قرن 21 نامناسب است.
اين برنامه بر روي سرورهايي كه نياز به مذاكره مجدد براي داشتن SSL را ندارند نيز كار مي كند اما نياز به كمي تغييرات و كامپيوترهاي بيشتري دارد. اين ابزار در قالب كد باينري ويندوز و يونيكس در دسترس است.

ID: IRCNE2011101298
Date: 2011-10-25

According to " techworld ", Experts from security vendor ESET warn that TDL4, one of the most sophisticated pieces of malware in the world, is being rewritten and improved for increased resilience to antivirus detection.
"ESET researchers have been tracking the TDL4 botnet for a long time, and now we have noticed a new phase in its evolution," announced David Harley, the company's director of malware intelligence.
"Based on the analysis of its components we can say that some of those components have been rewritten from scratch (kernel-mode driver, user-mode payload) while some (specifically, some bootkit components) remain the same as in the previous versions," he noted.
Several antivirus vendors like Kaspersky, BitDefender or AVAST, offer free stand-alone tools that can remove TDSS and similar rootkits. However, in order to avoid getting infected in the first place users should install an antivirus solution that provides advanced layers of protection.

ID: IRCNE2011101297
Date: 2011-10-25

According to "cnet", Hackers have released a program they say will allow a single computer to take down a Web server using a secure connection.
The THC-SSL-DOS tool, which was released Monday, purportedly exploits a flaw in Secure Sockets Layer (SSL) renegotiation protocol by overwhelming the system with multiple requests for secure connections. SSL renegotiation allows Web sites to create a new security key over an already established SSL connection.
A German group known as Hackers Choice said it released the exploit to bring attention to flaws in SSL.
"We are hoping that the fishy security in SSL does not go unnoticed," an unidentified member of the group said. "The industry should step in to fix the problem so that citizens are safe and secure again. SSL is using an aging method of protecting private data which is complex, and not fit for the 21st century."
The exploit still works on servers that don't have SSL renegotiation enabled, the group said, but requires some modification and more computers. The tool is available in Unix and Windows binary code.

شماره: IRCNE2011101296
تاريخ: 2/08/90

محققان اظهار داشتند: يك ضعف در رمزگذاري XML مي تواند براي رمزگشايي اطلاعات حساس مورد سوء استفاده قرار بگيرد.
رمزگذاري XML براي امن سازي ارتباطات بين سرويس هاي وب توسط بسياري از شركت ها از جمله IBM، مايكروسافت و Red Hat استفاده مي شود. محققان جوراج سوموروفسكي و تيبور جاگر از دانشگاه بوهر بوخوم(RUB) در آلمان، حمله اي را اختراع كردند كه داده هاي امن شده با DES ( استاندارد رمزگذاري داده) يا AES (استاندارد رمزگذاري پيشرفته) در مد CBC را رمزگشايي مي كند.
با توجه به اظهارات Jrj Schwenk، مهندس برق و فناوري اطلاعات در RUB، تمامي الگوريتم هاي رمزگذاري داده به كار رفته در استاندارد رمزگذاري XML تحت تاثير اين حمله قرار گرفتند.
اخيرا، محققان يك حمله جداگانه شبيه حمله فوق در برابر پياده سازي SSl\TLS كه در مد CBC استفاده مي شد را نشان دادند.
Schwenk با توجه به توصيه هاي رمزگذاري XML گفت: " زماني كه تمامي اين الگوريتم ها از مد CBC استفاده مي كنند، در برابر اين حملات آسيب پذير هستند. بنابراين تمامي پياده سازي هاي اين استاندارد بايد تحت تاثير قرار بگيرند."
محققان ادعا مي كنند كه هيچ ترميم ساده اي براي اين مشكل وجود ندارد و استاندارد بايد عوض شود.

ID: IRCNE2011101296
Date: 2011-10-24

According to "computerworld", A weakness in XML Encryption can be exploited to decrypt sensitive information, researchers say.
XML Encryption is used for securing communications between Web services by many companies, including IBM, Microsoft and Red Hat. Researchers Juraj Somorovsky and Tibor Jager from the Ruhr University of Bochum (RUB) in Germany, devised an attack that decrypts data secured with the DES (Data Encryption Standard) or the AES (Advanced Encryption Standard) in CBC mode.
According to Jrg Schwenk who teaches of Electrical Engineering and Information Technology at RUB, all data encryption algorithms recommended in the XML Encryption standard are affected by this attack.
More recently, the researchers demonstrated a separate attack against SSL/TLS (Secure Sockets Layer/Transfer Layer Security) implementations that use CBC mode, much like this one.
"All of these algorithms are vulnerable to the attacks since they use the CBC mode. So all implementations of the standard should be affected," Schwenk said, referring to the XML Encryption recommendations.
The researchers claim that there is no simple fix for the problem and the standard needs to be changed.