Heartbleed関連
- Heartbleed: A History - The Akamai Blog
- ニュース - OpenSSLの「心臓出血」はクライアントにも影響、サーバーに情報を盗まれる:ITpro
- OpenSSLとDNSの件が相当にヤバい雰囲気になっております(山本 一郎) - 個人 - Yahoo!ニュース
- OpenBSDがOpenSSLの大掃除に着手、「OpenOpenSSL」サイトも立ち上がる | スラッシュドット・ジャパン オープンソース
- 世間を騒がす OpenSSL の脆弱性「Heartbleed」!最低限やっておきたい対策まとめ | バシャログ。
- Heartbleed: Security experts reality-check the 3 most hysterical fears | PCWorld
- The Hidden Costs of Heartbleed | CloudFlare Blog
- The Heartbleed Aftermath: all CloudFlare certificates revoked and reissued | CloudFlare Blog
- ニュース - トレンドマイクロのパスワード管理ソフトでOpenSSL脆弱性による漏えいか:ITpro
- バンドルされたOpenSSLライブラリ、モバイルアプリおよびAndroid4.1.1に脆弱性「Heartbleed」の影響を与えることを確認 | トレンドマイクロ セキュリティ ブログ (ウイルス解析担当者による Trend Micro Security Blog)
対策ツール
The teams behind Nessus, Metasploit, Nmap and others have each released utilities for sensing whether or not computers and gadgets are affected by the password-leaking Heartbleed flaw.
- Netcraft adds Heartbleed sniffing to site-scanning browser tool • The Register
- IT 弁護士「Heartbleed の診断チェックは違法に当たるだろう」~倫理的に行動し、最大 10 年の刑務所生活を勝ち取ろう(The Register) | ScanNetSecurity (国際、TheRegisterのニュース)]
- Metasploit: Metasploit's Brand New Heartbleed S... | SecurityStreet
- Bugs in Heartbleed detection scripts.
- Netcraft releases Heartbleed indicator for Chrome, Firefox, and Opera | Netcraft
Crucial military satellite systems are vulnerable to hacking
- [original] IOActive Labs Research: A Wake-up Call for SATCOM Security
- Crucial military satellite systems are vulnerable to hacking, experts say | Technology | theguardian.com
- Vulnerability Note VU#250358 - Various Inmarsat broadband satellite terminals contain multiple vulnerabilities
The latest report from IOActive suggested there were some easily hackable systems, many of which were designed for keeping aircraft, ships and army personnel safe.
SATCOMの認証に脆弱性→米軍が使っててヤバい。
中国のフィッシング詐欺ブーム
China is clearly a massive market for phishing scams. As the nation's economy continues to dominate the world, the internet is steadily penetrating to more and more of its huge population.
Virgin Media、13万人に返信されるメールを誤送信
The problem occurred when one of the company's suppliers mistakenly sent out an email, which when it was replied to was then sent to all the other people in the group.
It meant that anyone clicking 'reply all' was able to message everyone on the mailing list - meaning their personal email addresses were visible.
Facebook Webinject Leads to iBanking Mobile Bot
iBanking is a malicious Android application that when installed on a mobile phone is able to spy on its user’s communications. This bot has many interesting phone-specific capabilities, including capturing incoming and outgoing SMS messages, redirecting incoming voice calls, and even capturing audio using the device’s microphone
According to new report from ESET security researchers, now this iBanking Trojan (Android/Spy.Agent.AF) is targeting Facebook users by tricking them to download a malware application.
脆弱性・アップデート情報
単発記事
3 Million Customer Credit, Debit Cards Stolen in Michaels, Aaron Brothers Breaches — Krebs on Security
Nationwide arts and crafts chain Michaels Stores Inc. said today that two separate eight-month-long security breaches at its stores last year may have exposed as many as 3 million customer credit and debit cards.
Clicking ‘Like’ can cancel your right to sue a company | Naked Security
Downloading that coupon or even clicking "Like" on the cereal maker's Facebook page could cost you the right to sue the company, given the direction US companies are taking.
アメリカの話。Facebookで「いいね!」したりクーポンをダウンロードしたりするとその企業を訴えることができなくなる、ようにlegal termを変えた企業があると。
Zeus/rootkit combo delivered via Starbucks-themed emails
Malware peddlers have been spotted impersonating popular coffeehouse chain Starbucks in order to trick users into downloading a rootkit-equipped variant of the Zeus banking Trojan.
Google MapsのStreet Viewの画像認識アルゴリズムがCAPTCHAのほとんどを解読 | TechCrunch Japan
同社が作った画像認識アルゴリズムはStreet Viewの画像から街区番号(番地など)を相当正確に読み取るので、ユーザにとってはたいへん便利だ。しかしこのアルゴリズムは、CAPTCHAの99%を解読してしまうのだ。
あとで読むかも
- Not If, but When: The case for Advanced Malware Protection Everywhere
- Control Your PC from Anywhere using Chrome Remote Desktop for Android - The Hacker News
- The Economics of Security | FireEye Blog
- 新連載・“シャドーIT”との向き合い方:日本企業をひそかに襲う「シャドーIT」の脅威 - ITmedia エンタープライズ
- It’s Time to Encrypt the Entire Internet | Enterprise | WIRED
- Apple が 明らかにした、A7 Processor の セキュリティ機能とは? | Agile Cat --- in the cloud
- 写真、位置情報、実はダダ漏れ!?便利なGoogle+の盲点!設定を見直して個人情報を守ろう | andronavi スマホアプリが見つかる!
- Internet Explorerの脆弱性により、任意のコードが実行される脆弱性(CVE-2014-0322)に関する検証レポート « (n)