¿À´ÃÀÇ Å°¿öµå : ±¸±Û, ÆäÀ̽ººÏ, ¼Ò´Ï ÇÈó½º, ·ç½ÃÆ÷½º
±¸±Û, »õ·Î¿î ÀÎÁõ ½Ã½ºÅÛ °³¹ß ¹× PCI DSS Ãëµæ
ÆäÀ̽ººÏ ¶Ç ´Ù¸¥ ¹é½Å ȸ»ç¿Í ÆÄÆ®³Ê½Ê, ¿ÃÇظ¸ ¼¼ ¹ø°
[º¸¾È´º½º ¹®°¡¿ë] Æí¸®¼º°ú º¸¾È¼ºÀ» µ¿½Ã¿¡ ÀâÀ¸·Á´Â ±¸±ÛÀÇ °í¹ÎÀÌ ±í¾ú¾ú³ª º¾´Ï´Ù. À̹ø¿¡ »õ·Î ³ª¿Â ĸÂ÷ ½Ã½ºÅÛÀº ±âÁ¸ ĸÂ÷ÀÇ º¸¾È¼ºÀº °¡Á®¿ÀµÇ ºÒÆíÇÔÀº ½ï Á¦°ÅÇÑ °ÍÀ̶ó°í ÇÕ´Ï´Ù. Ŭ¸¯ ÇÑ ¹øÀ¸·Î ±ÛÀÚ¸¦ Çص¶ÇÏ´Â »ç¿ëÀÚÀÇ ³ë·ÂÀ» ´ëü½ÃÄ״µ¥¿ä, ÀÌ°Ô ´õ °·ÂÇÒÁö ¾Æ´ÒÁö´Â µÎ°í ºÁ¾ß ÇÏ°Ú½À´Ï´Ù. ¶ÇÇÑ ±¸±Û Ç÷§ÆûÀÌ ½Å¿ëÄ«µå ȸ»çµé¿¡°Ô ¹ß±ÞµÇ´ø ÀÎÁõ¼¸¦ ÃëµæÇß½À´Ï´Ù. ÁöºÒ ½ÃÀå¿¡ ¶Ç ´Ù¸¥ º¯¼ö°¡ »ý±ä °ÍÀ¸·Î ºÐ¼®µË´Ï´Ù.
¡ã Æí¸®¼ºÀÌ³Ä Âü¿© À¯µµ³Ä, ±×°ÍÀÌ ¹®Á¦·Î´Ù.
ÀÌ·¸°Ô ¡®º¯¼ö¡¯°¡ °è¼ÓÇؼ »ý±â´Â °¡¿îµ¥, ¶Ç ´Ù¸¥ POS ¸Ö¿þ¾î°¡ »õ·Î ³ªÅ¸³ª ¾÷°è¸¦ ±äÀå½ÃÅ°°í ÀÖ½À´Ï´Ù. Áö³ ¹ø Ÿ±ê »çŸ¦ ÀÏÀ¸Å² ¸Ö¿þ¾î¿Í ¸Å¿ì ºñ½ÁÇÏ´Ù°í Çؼ ´õ ±×·¸½À´Ï´Ù. ±× ¿ÍÁß¿¡ ÆäÀ̽ººÏÀº ¶Ç ´Ù¸¥ º¸¾È ¾÷ü¿Í ÆÄÆ®³Ê½ÊÀ» ¸Î¾î ¸Ö¿þ¾î °¨Áö¿¡ ¹ÚÂ÷¸¦ °¡Çߴµ¥¿ä, ±×·¡µµ ÀÌ·¸°Ô Å« ¼ÕµéÀÌ ¿òÁ÷¿© ÁÖ°í ÀÖ¾î¼ ´ÙÇàÀÎ °Íµµ °°°í, Å« ¼ÕµéÀº ÀÚ±ÝÀ̳ª ±â¼ú¿¡ ¿©À¯°¡ ÀÖ¾î º¸¾È¼º »Ó ¾Æ´Ï¶ó Æí¸®¼º±îÁö °°ÀÌ Ãß±¸ÇÒ ¼ö ÀÖ¾î »ç¿ëÀÚÀÇ °æ°¢½ÉÀ» ÀÏÀ¸Å°´Â µ¥¿¡´Â ¿ÀÈ÷·Á ¹æÇØ°¡ µÉ °Íµµ °°°í ±×·¸½À´Ï´Ù. Á¤º¸º¸¾È, »ç¿ëÀÚµµ Âü¿©½ÃÅ°´Â °Ô ¸ÂÀ»±î¿ä, ¾Æ´Ï¸é ÀǽÄÀûÀ¸·Î Âü¿©ÇÏÁö ¾Ê¾Æµµ µÇ°Ô²û Æí¸®ÇÏ°Ô ¸¸µå´Â °Ô ¸ÂÀ»±î¿ä?
1. ±¸±Û, »õ·Î¿î ĸÂ÷ ½Ã½ºÅÛ °³¹ß °ø°³(Threat Post)
http://threatpost.com/google-no-captcha-simple-for-humans-tough-on-bots/109707
±¸±Û, ĸÂ÷ ´ë½Å ´õ °£´ÜÇÑ ÀýÂ÷ °³¹ß(The Register)
http://www.theregister.co.uk/2014/12/03/google_moves_beyond_text_puzzles_with_no_captcha_recaptcha/
½ºÆÔ È¤Àº ÀÚµ¿ ȸ¿ø°¡ÀÔ ÇÁ·Î±×·¥À» ¸·À¸·Á´Â ÇÁ·Î±×·¥, ĸÂ÷, ´Ùµé ¾Æ½ÃÁÒ? »ç¶÷ÀÇ ´«ÀÌ ¾Æ´Ï¸é Àбâ Èûµé Á¤µµ·Î ¸ð¾çÀ» À̸® Àú¸® ¹Ù²Û ±ÛÀÚµéÀ» »ç¿ëÇØ »ç¶÷ÀÎÁö ¾Æ´ÑÁö ±¸ºÐÇÏ´Â ÀÏÁ¾ÀÇ ÀÎÁõ ½Ã½ºÅÛÀä, ÀÌ ¿ª½Ã ½Ã°£ÀÌ Áö³ª¸é¼ »ç¶÷ ¾Æ´Ñ °Íµéµµ Á¶±Ý¾¿ ÀÐÀ» ¼ö ÀÖ°Ô µÇ¾ú½À´Ï´Ù. ±×·¡¼ ĸÂ÷¿¡ ³ª¿Â ±ÛÀÚµéÀº ´õ ²¿¿©¸¸ °¬°í, Áö±ÝÀº »ç¶÷µµ ´«À» ºÎ¸¨¶°¾ß ¾Ë¾Æº¼ ¼ö ÀÖÀ» Á¤µµ°¡ µÇ¾ú½À´Ï´Ù. ±×·¡¼ ±¸±Û¿¡¼ »õ·Î¿î ¡®³ëĸÂ÷ ¸®Ä¸Â÷¡¯¶ó´Â ½Ã½ºÅÛÀ» °³¹ßÇß´Ù°í ÇÕ´Ï´Ù. ¸ð¾çÀÌ ´Ù Èð¾îÁ®¹ö¸° ±ÛÀÚ´Â ¾ø¾îÁö°í ¡°I'm not a robot¡±À̶ó´Â ¹®±¸ Çϳª¸¸ ³ª¿É´Ï´Ù. ±× ¿· ¹Ú½º¿¡ Ŭ¸¯ ÇÑ ¹øÀ¸·Î üũ¸¸ ÇØÁÖ¸é ÀÎÁõ ÀýÂ÷°¡ ³¡³ª´Âµ¥¿ä, »ç¿ëÇϱ⿣ ¹«Ã´ °£´ÜÇѵ¥ º¿ÀÌ ¶Õ±â¿¡´Â ±²ÀåÈ÷ º¹ÀâÇÏ´Ù°í ÇÕ´Ï´Ù. ´õ ÁöÄѺÁ¾ß ÇÏ°ÚÁö¸¸, º¸¾Èµµ Àâ°í »ç¿ë¼º(Æí¸®¼º)µµ ÇÔ²² ÀâÀ¸·Á´Â °í¹ÎÀÌ ±²ÀåÈ÷ °í¸¿³×¿ä.
2. ±¸±Û Ŭ¶ó¿ìµå Ç÷§Æû, PCI DSS ÀÎÁõ¼ ȹµæ(Infosecurity Magazine)
http://www.infosecurity-magazine.com/news/google-cloud-platform-gets-pci-dss/
±¸±Û Ŭ¶ó¿ìµå Ç÷§Æû PCI DSS Áؼö ÀÎÁõ¼ ¾ò´Ù(Security Week)
http://www.securityweek.com/google-cloud-platform-receives-pci-dss-compliance-certification
±¸±ÛÀÇ Å¬¶ó¿ìµå Ç÷§ÆûÀÌ ÀÌÁ¦´Â ÁöºÒÄ«µå »ê¾÷ µ¥ÀÌÅÍ º¸¾È Ç¥ÁØ ÀÎÁõÀ» ¹Þ¾Ò½À´Ï´Ù. PCI DSS¶ó´Â °ÍÀÌ Ä«µå Á¤º¸¸¦ ´Ù·ç´Â ȸ»çµé¿¡°Ô ÁÖ·Î ¹ß±ÞµÇ´Â °ÍÀ̾ú´Âµ¥¿ä, ±¸±Û Ŭ¶ó¿ìµå Ç÷§Æû¿¡ ÀÌ ÀÎÁõ¼°¡ ÀÖ´Ù´Â °Ç »ç¿ëÀÚµéÀÌ Ä«µå °ü·Ã Á¤º¸¸¦ ÀúÀåÇÏ°í ó¸®ÇÏ°í ±³È¯ÇÒ ¼ö ÀÖ°Ô µÇ¾ú´Ù´Â ¶æÀÔ´Ï´Ù. ÀÌ·Î½á °¡¶àÀ̳ª Å« Áö°¢º¯µ¿À» °Þ°í ÀÖ´Â ¹Ì±¹ ÁöºÒ ½ÃÀå¿¡ ¶Ç ´Ù¸¥ °Å´ë º¯¼ö°¡ »ý±â°Ô µÇ¾ú½À´Ï´Ù. ±¸±Û Ŭ¶ó¿ìµå Ç÷§ÆûÀ» È°¿ëÇÑ ¾ÖÇø®ÄÉÀÌ¼Ç °³¹ßÀÚµéÀÇ È°µ¿ Æøµµ ´õ ³Ð¾îÁø °ÍÀÌ°í¿ä. ƯÈ÷ ¹Ì±¹ÀÇ °áÁ¦ ¼ºñ½º Á¦°ø ¾÷üÀÎ À§ÆäÀÌ(WePay)°¡ ÀÌ ¼Ò½ÄÀ» ±²ÀåÈ÷ ¹Ý°å´Ù°í ÇÕ´Ï´Ù.
3. ÆäÀ̽ººÏ, ¸Ö¿þ¾î °¨Áö °È À§ÇØ ESET¿Í Çù·Â(The Register)
http://www.theregister.co.uk/2014/12/04/facebook_cosies_up_to_eset_for_malware_detection/
ÆäÀ̽ººÏ, ESET°úÀÇ ÆÄÆ®³Ê½Ê ¸Î¾î ¸Ö¿þ¾î °¨Áö °°ú(Information Week)
http://www.informationweek.com/software/social/facebook-tackles-malware-with-eset-partnership/d/d-id/1317865
¿ÃÇØ ÃÊ ¿¡ÇÁ½ÃÅ¥¾î(F-Secure) ¹× Æ®·»µå ¸¶ÀÌÅ©·Î(Trend Micro) µî°ú ÆÄÆ®³Ê½ÊÀ» ¸Î°í ¸Ö¿þ¾î °¨Áö¿¡ ¹ÚÂ÷¸¦ °¡Çß´ø ÆäÀ̽ººÏÀÌ À̹ø¿¡´Â ESET¶ó´Â ½½·Î¹ÙÅ°¾Æ ¾÷ü¿Í ¶Ç ¼ÕÀ» Àâ¾Ò½À´Ï´Ù. ESET´Â ¹é½Å ¼ÒÇÁÆ®¿þ¾î Á¦°ø¾÷ü·Î ÆäÀ̽ººÏ°ú ¼Õ ÀâÀº ¼¼ ¹ø° º¸¾È °ü·Ã ȸ»ç°¡ µÇ¾ú½À´Ï´Ù. ±¸±Û°ú ÆäÀ̽ººÏ, Å« ¼ÕµéÀÇ º¸¾È °ü·Ã ¿òÁ÷ÀÓÀÌ Á¡Á¡ »¡¶óÁö°í ÀÖ½À´Ï´Ù.
4. ¼Ò´Ï ÇÈó½º À¯Ãâ »ç°í·Î Á÷¿øµéÀÇ ¿¬ºÀ Á¤º¸ ³ëÃâµÅ(SC Magazine)
http://www.scmagazine.com/sony-breach-extends-to-deloitte/article/386548/
¼Ò´Ï ÇÈó½º, Á÷¿øµé »ó¼¼ Á¤º¸ À¯ÃâµÇ¾î °ïȤ(The Register)
http://www.theregister.co.uk/2014/12/03/sony_staff_details_knicked/
¼Ò´Ï À¯Ãâ »ç°í·Î Á÷¿øµé ÀÇ·áÁ¤º¸, ±Þ¿© Á¤º¸µµ À¯Ãâ(Threat Post)
http://threatpost.com/employee-healthcare-salary-info-leaked-in-sony-breach/109691
¼Ò´Ï ÇÈó½ºÀÇ ¼ö»ç°¡ °è¼Ó ÁøÇàµÇ´Â °¡¿îµ¥ »õ·Î Ãâ½ÃµÈ ȤÀº Ãâ½ÃµÉ ¿µÈµé¸¸ À¯ÃâµÈ °ÍÀÌ ¾Æ´Ï¶õ °Ô µå·¯³µ½À´Ï´Ù. Á÷¿øµéÀÇ ±Þ¿© ¹× ÀÇ·á Á¤º¸°¡ ÀüºÎ À¯ÃâµÈ °ÍÀ¸·Î ¹àÇôÁ³±â ¶§¹®ÀÔ´Ï´Ù. ´ÜÁö ¿µÈ¸¸ À¯ÃâµÈ °Ç ¾Æ´Ò °ÍÀ̶ó´Â ÃßÃøÀº ¸¹Àº Àü¹®°¡ ¹× ¼ö»ç°ü°èÀÚµéÀÌ ÇؿԴµ¥, Á¤È®ÇÑ Áõ°Å°¡ µå·¯³ °Ç ¾îÁ¦°¡ óÀ½À̾ú´Ù°í ÇÕ´Ï´Ù. ÇöÀç Á÷¿øµéÀÇ ÀÌ·± Á¤º¸µéÀº Å䷻Ʈ »çÀÌÆ®¸¦ µ¹¾Æ´Ù´Ï°í ÀÖÀ¸¸ç ¿ë·®ÀÌ 25±â°¡¹ÙÀÌÆ®¿¡ ´ÞÇÑ´Ù°í ÇÕ´Ï´Ù. ÀÌ¿¡´Â 6800¿©¸íÀÇ ÇöÀç ¹× °ú°Å Á÷¿øµéÀÇ Á¤º¸°¡ ÀüºÎ µé¾î ÀÖ´Ù°í ÇÕ´Ï´Ù.
5. »õ·Î¿î ·ç½ÃÆ÷½º ¸Ö¿þ¾î, Å丣¸¦ C&C ¼¹ö·Î È°¿ë(Security Week)
http://www.securityweek.com/new-lusypos-malware-uses-tor-cc-communications
·ç½ÃÆ÷½º ¸Ö¿þ¾î ¾Ï½ÃÀå¿¡ µîÀå(SC Magazine)
http://www.scmagazine.com/new-malware-sells-for-2000/article/386540/
¿¬¸» ¿¬½Ã Ư¼ö¸¦ ³ë¸®´Â ÇØÄ¿µéÀÇ ¿òÁ÷ÀÓ¿¡´Â ³¡ÀÌ ¾ø´Â °Í °°½À´Ï´Ù. Ãë¾àÇÏ´Ù°í ³Î¸® ¾Ë·ÁÁ® ÀÖ´Â POS ½Ã½ºÅÛÀÌÁö¸¸ ±×¿¡ ´ëÇÑ ´ëó·Î ÁøÇàµÇ°í ÀÖ´Â ÁöºÒ ½Ã½ºÅÛÀÇ º¯È´Â ¾Æ¹«·¡µµ ½Ã°£ÀÌ °É¸®±â ¸¶·ÃÀ̶ó ÇØÄ¿µéÀÌ °è¼ÓÇؼ ±â½ÂÀ» ºÎ¸®°í ÀÖ´Â »óÅÂÀ̱⵵ ÇÕ´Ï´Ù. ·ç½ÃÆ÷½º(LucyPOS)¶ó´Â »õ·Î¿î ¸Ö¿þ¾î°¡ ¶Ç µîÀåÇØ ÇöÀç ¾Ï½ÃÀå¿¡¼ 2000 ´Þ·¯¿¡ °Å·¡µÇ°í ÀÖ´Ù°í ÇÕ´Ï´Ù. ÀÌ ¸Ö¿þ¾î´Â Ÿ±êÀ» °ø°ÝÇÑ ¸Ö¿þ¾î¿Í ºñ½ÁÇÏ´Ù°í Çϳ׿ä. ¼Ò´Ï ÇÈ󽺸¦ °ø°ÝÇÑ ¸Ö¿þ¾î°¡ 6.25 »çÀ̹öÅ×·¯ ¶§ »ç¿ëµÈ ¸Ö¿þ¾î¿Í ºñ½ÁÇÏ´Ù°íµµ Çϴµ¥, ·ç½ÃÆ÷½º°¡ Á¦2ÀÇ Å¸±êÀ» ¸¸µéÁö ¾Ê¾ÒÀ¸¸é ÇÕ´Ï´Ù.
[±¹Á¦ºÎ ¹®°¡¿ë ±âÀÚ(globoan@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(http://www.boannews.com/) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>