I'n Blog 之萬象真藏

By Steven J. Vaughan-Nichols
October 2, 2007

軍方爆發文件洩密案，再次突顯資訊控管慎防漏洞的重要性，資安專家說。

根據媒體報導，因國防部小兵違反規定，將未能切碎的機密文件賤賣給民間回收業者，導致軍事機密被一一拼湊出。令平時強調保密防諜、且投入巨資購買設備的軍方資訊外洩，最後敗在看似不起眼的疏漏。

值得注意的是，這已不是第一次軍方資訊外洩的新聞。專家指出，資訊安全工作繁複，科技、人、流程都是可能的資訊漏洞所在。

網頁應用程式安全評估專家、網頁應用程式安全聯盟(Web Application Security Consortium, WASC)創辦人、WhiteHat技術長Jeremiah Grossman今(27)日應OWASP(開放Web軟體安全計劃)台灣分會之邀，來台參與OWASP亞洲年會並發表演說。

網頁應用程式安全專家認為，商業流程中可能隱藏的小缺失，在進入Web情境後，其風險將會被擴大，影響更多人。

Secunia Advisory:	SA26942
Release Date:	2007-09-27
Critical:	Moderately critical
Impact:	DoS System access

Secunia Advisory:	SA26948
Release Date:	2007-09-27
Critical:	Not critical
Impact:	Security Bypass
Where:	From remote

Secunia Advisory:	SA26988
Release Date:	2007-09-27
Critical:	Not critical
Impact:	Security Bypass
Where:	From local network

Secunia Advisory:	SA26986
Release Date:	2007-09-27
Critical:	Less critical
Impact:	Security Bypass

There are a high number of reports for Trojan-Downloader.Win32.Banload.DRS today.

It's very similar to August 16th's run of Agent.BRK.

Running Firefox or Opera as a default browser won't save you from unpatched Internet Explorer vulnerabilities—a fact made explicit when a researcher showed how easy it is to put HTML inside files supported by Windows Media Player.

Researcher Petko D. Petkov said in a Sept. 18 blog posting that he's found that a fully patched Windows XP Service Pack 2 system running Internet Explorer 6 or 7 along with Windows Media Player 9—the default, although the media player is now up to Version 11—will open any page of an attacker's choice even if the default browser is not Internet Explorer.

A researcher has published details of how he and a colleague broke into a MacBook via a flaw in its wireless drivers at Black Hat last year.

Errata Security Chief Technology Officer David Maynor published the details in an article in the September issue of Uninformed, an online security research magazine.

A zero-day PDF vulnerability in Adobe's Acrobat Reader has come to light that can lead to Windows boxes getting taken over completely and invisibly, according to a security researcher.

"All it takes is to open a [maliciously rigged] PDF document or stumble across a page which embeds one," said researcher Petko D. Petkov, aka pdp, in a blog posting on Sept. 20.

Petkov said he's closing the season with this highly critical flaw—a season that's included, at least in the past two weeks, his discovery of a slew of serious vulnerabilities in meta media files: a QuickTime flaw that can be used to hijack Firefox and Internet Explorer; a simple method of loading HTML files into Windows Media Player files; and an easy, six-step method by which to penetrate Second Life accounts with an IE bug.

If you hacked your iPhone to run other applications or use it on other networks, the iPhone Dev Team wants you to wait before installing Apple's forthcoming software update. The group credited with opening up the iPhone to both application development and networks other than AT&T's says it will have a fix out next week that will allow you to restore that iPhone to its factory settings, according to a statement attributed to the group that was posted on The Unofficial Apple Weblog. On Monday Apple warned iPhone users who had installed software for unlocking their phones that an iPhone update expected later this week could potentially break their phones, and that just downloading the unlocking software voids the iPhone warranty. However, the iPhone Dev Team took issue with Apple's statement. "The removal of the lock, a bug, was a major step forward in the iPhone development. ...The removal of those firmware problems, which were built in in (sic) favor for AT&T, does not cause "damage" as they want to make us believe." The group promised to have a fix out next week that would relock the phones, which would ostensibly cover your tracks and let you bring your iPhone in for warranty service. But the statement also seemed to indicate that the hackers would immediately set upon Apple's iPhone update and find a way to make the unlocking software work with the update. Apple doesn't really want you using the iPhone on networks other than AT&T's, or the European carriers announced last week. Part of it is to maintain the stability of its latest baby, but a good deal of it is probably related to the revenue-sharing deals Apple has struck with its carriers. If you don't use AT&T's network to download data, Apple doesn't see as much revenue. The individuals behind the iPhone Dev Team, who prefer to remain anonymous for obvious reasons, feel that they should be allowed to do whatever they want with the iPhone, since they bought it. "Apple now announces that the next firmware update, expected later this week, will possibly break the handset of all of us free users in the World. It speaks of 'damage' done to the firmware and 'unauthorized access' to our own property," the group said in the statement. It's not clear how many people have hacked their iPhones. Apple said earlier this month that it had sold 1 million since it was introduced June 29. The iPhone Dev Team said "several hundred thousand" iPhone users had hacked their phones, based on downloading statistics. But that seems awfully high, according to Shaw Wu of American Technology Research.

台灣鹽博物館網站遭駭，在這裡要注意的是這個網站有可能被植入惡意連結或惡意程式碼，所以，他們的網管應該要找出系統或軟體的安全漏洞，然後，儘快修補這些漏洞，而不是只是移除/修改那些遭駭的檔案。

詳文請按 rogerspeaking.blogspot.com/2007/09/blog-post_651.html

臺灣文學年鑑資料庫網站被植入惡意連結，此惡意程式為 TROJ_DELF.HYF 或 Trojan-PSW.Win32.Maran.kf，最近有瀏覽這個網頁的網友，應該要盡速檢查自己的電腦，請各位暫時不要瀏覽這個網站，以免中毒。

詳文請按 rogerspeaking.blogspot.com/2007/09/blog-post_25.html

哈日第一台 JET TV 網站又被植入惡意連結，此惡意程式為 Possible_Infostl，最近有瀏覽這個網頁的網友，應該要盡速檢查自己的電腦，請各位暫時不要瀏覽這個網站，以免中毒。

詳文請按 rogerspeaking.blogspot.com/2007/09/jet-tv.html

主題酷網站被植入惡意連結，此惡意程式為 Possible_Infostl，最近有瀏覽這個網頁的網友，應該要盡速檢查自己的電腦，請各位暫時不要瀏覽這個網站，以免中毒。(Credit: Wayne)
詳情請按 rogerspeaking.blogspot.com/2007/09/blog-post_26.html

KimoG 奇檬子心情留言網被植入惡意連結，此惡意程式為 TROJ_DLOADER.PMG，最近有瀏覽這個網頁的網友，應該要盡速檢查自己的電腦，請各位暫時不要瀏覽這個網站，以免中毒。

詳情請按 rogerspeaking.blogspot.com/2007/09/kimog.html

VIP生活網被植入惡意連結，此惡意程式為 Trojan-PSW.Win32.OnLineGames.dky，最近有瀏覽這個網頁的網友，應該要盡速檢查自己的電腦，請各位暫時不要瀏覽這個網站，以免中毒。

詳情請按 rogerspeaking.blogspot.com/2007/09/vip.html

開南大學應用日語學系網站被植入惡意連結，此惡意程式為 WORM_RBOT.GBG，最近有瀏覽這個網頁的網友，應該要盡速檢查自己的電腦，請各位暫時不要瀏覽這個網站，以免中毒。

詳情請按 rogerspeaking.blogspot.com/2007/09/blog-post_8192.html

北京信息安全測評中心、金山毒霸聯合發佈2007年9月17日熱門病毒。 　　 　　
    今日提醒用戶特別注意以下病毒：
    "AUTO病毒18032"(Win32.Troj.Agent.18032)和"網遊盜竊者xd"(Win32.Troj.OnlineGames.xd.31232)。 "AUTO病毒18032"   (Win32.Troj.Agent.18032)這是一個木馬程序。  "網遊盜竊者xd"(Win32.Troj.OnlineGames.xd.31232)這是一個盜號木馬。