¿À´ÃÀÇ Å°¿öµå : bit.ly, ÄÝ·¯, Ÿ±ê °ø°Ý, »ç¹ýºÎ¿Í ÀÔ¹ýºÎ
¾Èµå·ÎÀÌµå »ç¿ëÀÚµé bit.ly ¸µÅ© µé¾î°£ ¹®ÀÚ ¿¾îº¸Áö ¸» °Í
[º¸¾È´º½º ¹®°¡¿ë] ¾Èµå·ÎÀÌµå ¹®ÀÚ¸Þ½ÃÁö, bit.ly¶ó´Â Àα⠴ÜÃà URLÀÌ ¿äÁò ¸Ö¿þ¾î¸¦ µ¥¸®°í ³ÝÀ» µ¹¾Æ´Ù´Ï°í ÀÖ½À´Ï´Ù. ÇÑ´Þ Àü ¹ß°ßµÈ ½©¼îÅ©´Â °è¼ÓÇؼ ÁøÈ ÁßÀÌ¸ç °ø°Ý ¸ñÇ¥µµ ¹Ù²Ù°í ÀÖ½À´Ï´Ù. ÀÎÅͳÝÀ̶õ °ø°£Àº ¸» ±×´ë·Î Á¤±ÛÀÔ´Ï´Ù, Á¤±Û. ±×·¡¼ ¹«°Å¿î ¹ú±Ý¿¡ ¡¿ª±îÁö, »ç¹ý°èµµ Ä®À» »Ì¾Ò½À´Ï´Ù. ´ç¿¬È÷ ÀÔ¹ý°èµµ µû¶ó ¿òÁ÷À̱⠸¶·ÃÀÌÁÒ. ij³ª´Ù¿¡¼´Â ¹ý¾ÈÀ» °³Á¤ÇÏ·Á´Â ¿òÁ÷ÀÓÀÌ ÀÏ°í ÀÖ°í¿ä, »ï¼ºÀº ÀÌ·¡Àú·¡ ³í¶õÀÌ ²÷ÀÌÁö ¾Ê³×¿ä.
¡ã ¾Æ¹« ¹®ÀÚ³ª µû¶ó°¡Áö ¸» °Í.
1. ±¸±Û, ¾Ç¼º ÀÌÀ¯·Î Bit.ly ¸µÅ© ÀϽÃÀûÀ¸·Î Â÷´Ü(Security Week)
http://www.securityweek.com/google-temporarily-flags-bitly-links-malicious
±¸±ÛÀÇ ¼¼ÀÌÇÁ ºê¶ó¿ì¡ ±â´ÉÀÌ µµ¸ÞÀÎ ÁÖ¼Ò¸¦ ª°Ô ¸¸µé¾îÁÖ´Â bit.ly ¸µÅ©µéÀ» ÀüºÎ ¾Ç¼ºÃ³¸®ÇÏ°í ÀÖ½À´Ï´Ù. ¾ÆÁ÷ ±× ÀÌÀ¯´Â Á¤È®È÷ ¹àÇôÁöÁö ¾Ê°í Àִµ¥¿ä, ±¸±Û ÃøÀº 91854°³ÀÇ ÆäÀÌÁö¸¦ ½ÇÇèÇغ» °á°ú 735°³¿¡¼ ¾Ç¼º ¼ÒÇÁÆ®¿þ¾î°¡ ´Ù¿î·Îµå µÇ´Â °É ¹ß°ßÇß´Ù°í ÀÏ´Ü º¸°í¼¸¦ ³Â½À´Ï´Ù. ¾ÆÁ÷Àº bit.ly ¸µÅ©µé¸¸ ÀÌ·± ¹®Á¦¸¦ °Þ°í ÀÖ´Ù°í ÇÏ°í, bit.lyÃøÀº »õ·Î »ý¼ºµÈ ¸µÅ©µéÀ» ÀüºÎ bltly.comÀ¸·Î ´ëüÇÏ°í ÀÖ½À´Ï´Ù.
2. ÄÝ·¯(Koler) ·£¼¶¿þ¾î SMS Ÿ°í ¹øÁö´Â Áß(Threat Post)
http://threatpost.com/new-koler-variant-spreading-through-sms/109026
1¹ø ±â»ç¿¡ ´ëÇÑ ³»¿ëÀÌ ¾²·¹Æ® Æ÷½ºÆ®¿¡¼´Â Á¶±Ý ´õ »ó¼¼ÇÏ°Ô ¹àÇôÁ³½À´Ï´Ù. ÇöÀç ¾Èµå·ÎÀÌµå »ç¿ëÀÚµé »çÀÌ¿¡¼ ¾Ç¼º Äڵ尡 »ðÀÔµÈ ¹®ÀÚ ¸Þ½ÃÁö°¡ ÆÛÁö°í Àִµ¥¿ä, ÀÌ ¾Ç¼º Äڵ尡 bit.ly¸¦ Æ÷ÇÔÇÏ°í ÀÖ´Ù°í ÇÕ´Ï´Ù. Ŭ¸¯ÇÒ °æ¿ì ¾Ç¼º APK°¡ ´Ù¿î·Îµå µÇ°í ȸéÀÌ Àá±ä´Ù°í ÇÕ´Ï´Ù.
3. ¹Ì±¹ Åë½Å¸Á»ç¾÷ÀÚ¿¡°Ô õ¸¸ ºÒ ¹ú±ÝÇü ³»·ÁÁ®(Infosecurity Magazine)
http://www.infosecurity-magazine.com/news/us-operators-fined-10-m-data/
Å׶óÄÞ(TerraCom)°ú À¯¾îÅÚ(YourTel)À̶ó´Â Åë½Å¾÷ü¿¡°Ô ÃÑ Ãµ¸¸ ºÒÀÇ ¹ú±ÝÇüÀÌ ³»·ÁÁ³½À´Ï´Ù. 3½Ê¸¸ ¸íÀÌ ³Ñ´Â °í°´ÀÇ Á¤º¸¸¦ °øÀ¯ Æú´õ¿¡ ÀúÀåÇß´Ù´Â °Ô ¹ú±ÝÀÇ ÀÌÀ¯ÀÔ´Ï´Ù. ÆÛºí¸¯À¸·Î ¼³Á¤µÇ¾î ÀÖ¾úÀ» »Ó ¾Æ´Ï¶ó ±× ¾î¶² º¸¾È Á¶Ä¡¸¦ ÃëÇÏÁö ¾ÊÀº ä¿´´Ù°í ÇÕ´Ï´Ù.
4. ¿¡½ºÅä´Ï¾ÆÀÇ »çÀ̹ö ¹üÁË´Ü µÎ¸ñ 11³âÇü ¼±°í¹Þ¾Æ(Infosecurity Magazine)
http://www.infosecurity-magazine.com/news/estonian-cybercrime-worldpay/
Áö³ 2008³â ¿ùµåÆäÀ̸¦ ÇØÅ·Çؼ 9¹é¸¸ ºÒÀ» Å»ÃëÇÑ »çÀ̹ö ¹üÁË´ÜÀÇ ¸®´õ°¡ 11³â ¡¿ª»ìÀÌ ½Å¼¼°¡ µÇ¾ú½À´Ï´Ù. ¿¡½ºÅä´Ï¾Æ Ãâ½ÅÀÇ ¼¼¸£°ÔÀÌ ´ÏÄݶ󿡺ñÄ¡ Ã߸®ÄÚÇÁ(Sergei Nicolaevich Tsurikov)Àº °»´ÜÀ» À̲ø¾î µ¥ÀÌÅÍ ¾Ïȣȸ¦ ¶Õ°í ¿ùµåÆäÀÌ¿¡ ħÀÔÇØ Ä«µå Á¤º¸¸¦ ÈÉÃij½ ÈÄ ATM µîÀ» ÅëÇØ µ·À» ÈÉÃij´ٰí ÇÕ´Ï´Ù.
5. ij³ª´Ù, µ¥ÀÌÅÍ À¯Ãâ½Ã ¾Ë¸² ¸Þ½ÃÁö Çʼö·Î Á¤ÇÒ µí(Infosecurity Magazine)
http://www.infosecurity-magazine.com/news/canada-mulls-mandatory-data-breach/
ij³ª´Ù¿¡¼´Â ±â¾÷ ¹× Á¶Á÷¿¡¼ À¯Ãâ»ç°í°¡ ¹ß»ýÇßÀ» ¶§ °í°´ ¹× ÇØ´ç °³ÀÎ ¹× ±â°ü¿¡ Çʼö·Î ¾Ë¸®°Ô ÇÏ´Â ¹ý¾ÈÀ» ¸¶·Ã Áß¿¡ ÀÖ½À´Ï´Ù. µðÁöÅÐ ÇÁ¶óÀ̹ö½Ã ¹ýÀÌ Áö±Ý ÇÏ¿øÀÇ¿ø¿¡¼ °ËÅä Áß¿¡ ÀÖ°í, ±×Áß¿¡¼µµ °³ÀÎ Á¤º¸ ¹× ÀüÀÚ ¹®¼¿¡ °üÇÑ ¹ýÀÌ ¹Ù²ð ¼ö ÀÖ´Ù°í ÇÕ´Ï´Ù. »ç¹ý°è¿Í ÀÔ¹ý°èÀÇ ¿òÁ÷ÀÓÀÌ ¹Ù»Þ´Ï´Ù.
6. 2014³âÀº Ÿ±êÇü °ø°ÝÀÇ ÇØ(Infosecurity Magazine)
http://www.infosecurity-magazine.com/news/costly-targeted-attacks-see-sharp/
¹Ì±¹¿¡¼ ½Ç½ÃµÈ Á¶»ç¿¡ µû¸£¸é ¿Ã ÇÑ ÇØ 94%ÀÇ ±â¾÷ÀÌ Àû¾îµµ ÇÑ ¹ø ÀÌ»óÀÇ »çÀ̹ö ¹üÁË¿¡ ´çÇß°í Àû¾îµµ ÇÑ ¹ø ÀÌ»ó »çÀ̹ö ¹üÁË¿¡ ´çÇß´Ù´Â °³ÀÎÀº Áö³ ÇØ 9%¿¡¼ 12%·Î ´Ã¾ú´Ù°í ÇÕ´Ï´Ù. ±× Áß¿¡¼µµ Ÿ±êÇü °ø°ÝÀÌ ¿ÃÇØ´Â ´«¿¡ ¶ç°Ô Áõ°¡Çߴµ¥, Ÿ±êÇü °ø°ÝÀº ¼º°øÇßÀ» °æ¿ì ±× ¾î¶² °ø°Ýº¸´Ù ³ôÀº ÇÇÇظ¦ ÀÔÈù´Ù´Â °á°úµµ ³ª¿Ô½À´Ï´Ù. ´« °¡¸®°í ¹æ¸ÁÀ̸¦ Èֵθ£´Â °Íº¸´Ù ´©±º°¡¸¦ ³ë¸®´Â ÆíÀÌ ½ÇÁ¦·Îµµ ´õ ¸¹Àº »óó¸¦ ÀÔÈ÷±âµµ ÇÏÁÒ.
7. »ï¼º, ³ì½º Ãë¾àÇÏ´Ù´Â º¸°í¼¿¡ Á¤¸é ºÎÁ¤À¸·Î ¸Â¼(The Register)
http://www.theregister.co.uk/2014/10/26/samsung_denies_knox_security_vuln_allegations/
À͸íÀÇ µ¶ÀÏ ºí·Î°Å°¡ »ï¼º ³ì½º¸¦ ºñÆÇÇß¾úÁÒ. ¾ÏȣŰ°¡ ¾àÇÏ°í ¾ÏÈ£¸¦ ±â±â ³»¿¡ ÀúÀå½ÃŲ´Ù´Â °Í ¶§¹®¿¡¿ä. ±×¹Û¿¡µµ ±¸¸ÛÀÌ ¸¹´Ù´Â ÁÖÀåÀ» Çß½À´Ï´Ù. ±×·¡¼ Áö³ ÁÖ¸» ÁîÀ½ÇؼºÎÅÍ´Â ¿©·¯ ¾ð·Ð¿¡¼ »ï¼º ³ì½º°¡ Ãë¾àÇÏ´Ù´Â °É ¾Õ´ÙÅõ¾î º¸µµÇß½À´Ï´Ù. »ï¼ºÀº °ø½Ä ³ì½º ºí·Î±×¸¦ ÅëÇØ ±× ÁÖÀåÀº Ʋ¸®¸ç ¾ÏÈ£ ¹× Å° °ü¸® ½Ã½ºÅÛÀº ÃÖ°í¶ó°í ÁÖÀåÇß½À´Ï´Ù.
8. »ï¼º, ³ì½º Ãë¾àÁ¡¿¡ ´ëÇÑ ÇØ¸í ³ª¼(Threat Post)
http://threatpost.com/samsung-rebuffs-criticism-of-knox-crypto-password-management/109023
»ï¼º ÃøÀº ¡°³ì½º 1.0¿¡¼´Â ¾ÏÈ£ ±â¹Ý Å° À¯µµ ÇÔ¼ö(PBKDF2)°¡ »ç¿ëµÇ¾úÀ¸¸ç ³ì½º 2.0¿¡¼´Â Å° À¯µµ ±â´ÉÀ» °È½ÃÄ×´Ù¡±°í ÇظíÇß½À´Ï´Ù. Á¦ÀÏ Ã³À½ ³ì½º Ãë¾àÁ¡À» º¸°íÇÑ ºí·Î°Åµµ ÀÚ½ÅÀÌ ½ÇÇèÇÑ °Ç 2.0¹öÀüÀÌ ¾Æ´Ï°í ±× ÀÌÀü ¹öÀüÀ̶ó°í ¹àÇû½À´Ï´Ù. ¾ÏÈ£°¡ ±â±â ³»¿¡ ÀúÀåµÇ´Â °Í¿¡ ´ëÇؼ »ï¼ºÀº ¡°»ç½ÇÀÌÁö¸¸ ±â±â³» ÀúÀåµÈ ¾ÏÈ£¿¡ Á¢±ÙÇÏ´Â °Ç ±²ÀåÈ÷ ¾î·Á¿î ÀÏÀÌ°í °·ÂÇÏ°Ô ÅëÁ¦µÇ°í ÀÖ´Ù¡±°í ÇظíÇß½À´Ï´Ù.
9. ½©¼îÅ©, SMTP ¼¹ö¸¦ ÁÖ·Î ³ë¸®´Â °ÍÀ¸·Î ¹àÇôÁ®(Threst Post)
http://threatpost.com/shellshock-exploits-targeting-smtp-servers-at-webhosts/109034
óÀ½ ½©¼îÅ©°¡ µå·¯³ Áö ÇÑ ´ÞÀÌ Áö³µ½À´Ï´Ù. 1´ÞÀÌ Áö³ Áö±Ý °¡Àå ÃÖ±Ù °ø°ÝÀº ÁÖ·Î SMTP ¼¹ö¸¦ »ç¿ëÇÏ´Â À¥ È£½ºÆ®µéÀ» ´ë»óÀ¸·Î ÀÌ·ç¾îÁø´Ù´Â ¿¬±¸ °á°ú°¡ ³ª¿Ô½À´Ï´Ù. Áï ½©¼îÅ©ÀÇ ÃÖ±Ù ±ÙȲÀ» ¾Ë·Á¸é SMTP·Î °¡º¸¶ó´Â ¶æÀÌÁÒ. ½©¼îÅ©´Â ¹ß°ßµÇÀÚ¸¶´Ù ¼ø½Ä°£¿¡ ÇØÄ¿µé »çÀÌ¿¡ ÆÛÁ®¼ Áö±Ý °¡Àå ºó¹øÇÏ°Ô È°¿ëµÇ°í ÀÖ¾î¼, Áö±ÝÀº SMTPÀÌÁö¸¸ ¶Ç ¾î¶»°Ô ¹Ù²ðÁö ¸ð¸£´Â ÀÏÀÔ´Ï´Ù
[±¹Á¦ºÎ ¹®°¡¿ë ±âÀÚ(globoan@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(http://www.boannews.com/) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>