トリコロールな猫/セキュリティ

思いついたことをぼちぼち書いてます。

20140418 セキュリティ情報まとめ

本日のまとめ

Heartbleed関連

対策ツール

The teams behind Nessus, Metasploit, Nmap and others have each released utilities for sensing whether or not computers and gadgets are affected by the password-leaking Heartbleed flaw.

Crucial military satellite systems are vulnerable to hacking

The latest report from IOActive suggested there were some easily hackable systems, many of which were designed for keeping aircraft, ships and army personnel safe.

SATCOMの認証に脆弱性→米軍が使っててヤバい。

Facebook

標的型攻撃

中国のフィッシング詐欺ブーム

China is clearly a massive market for phishing scams. As the nation's economy continues to dominate the world, the internet is steadily penetrating to more and more of its huge population.

Virgin Media、13万人に返信されるメールを誤送信

The problem occurred when one of the company's suppliers mistakenly sent out an email, which when it was replied to was then sent to all the other people in the group.

It meant that anyone clicking 'reply all' was able to message everyone on the mailing list - meaning their personal email addresses were visible.

コメント欄で、VirginのSMTPサーバがブラックリスト入りしてるって言ってる人がいる。

Facebook Webinject Leads to iBanking Mobile Bot

iBanking is a malicious Android application that when installed on a mobile phone is able to spy on its user’s communications. This bot has many interesting phone-specific capabilities, including capturing incoming and outgoing SMS messages, redirecting incoming voice calls, and even capturing audio using the device’s microphone

According to new report from ESET security researchers, now this iBanking Trojan (Android/Spy.Agent.AF) is targeting Facebook users by tricking them to download a malware application.

脆弱性・アップデート情報

Apache Struts2

サイボウズ リモートサービスマネージャーにおけるセッション固定の脆弱性

サイボウズ リモートサービスマネージャーにおけるサービス運用妨害 (DoS) の脆弱性

単発記事

3 Million Customer Credit, Debit Cards Stolen in Michaels, Aaron Brothers Breaches — Krebs on Security

Nationwide arts and crafts chain Michaels Stores Inc. said today that two separate eight-month-long security breaches at its stores last year may have exposed as many as 3 million customer credit and debit cards.

Clicking ‘Like’ can cancel your right to sue a company | Naked Security

Downloading that coupon or even clicking "Like" on the cereal maker's Facebook page could cost you the right to sue the company, given the direction US companies are taking.

アメリカの話。Facebookで「いいね!」したりクーポンをダウンロードしたりするとその企業を訴えることができなくなる、ようにlegal termを変えた企業があると。

Zeus/rootkit combo delivered via Starbucks-themed emails

Malware peddlers have been spotted impersonating popular coffeehouse chain Starbucks in order to trick users into downloading a rootkit-equipped variant of the Zeus banking Trojan.

Google MapsのStreet Viewの画像認識アルゴリズムがCAPTCHAのほとんどを解読 | TechCrunch Japan

同社が作った画像認識アルゴリズムはStreet Viewの画像から街区番号(番地など)を相当正確に読み取るので、ユーザにとってはたいへん便利だ。しかしこのアルゴリズムは、CAPTCHAの99%を解読してしまうのだ。

あとで読むかも