¿À´ÃÀÇ Å°¿öµå : ¼Ò´Ï Ç÷¹À̽ºÅ×À̼Ç, ±¸±Û ¾Û ¿£Áø, VMWare
¼Ò´Ï ÇÈó½º »çÅÂ, Ç÷¹À̽ºÅ×ÀÌ¼Ç ÂÊÀ¸·Î È®´ë
VMWare ÆÐÄ¡ µÇ°í, ±¸±Û ¾Û ¿£Áø¿¡¼ Ãë¾àÁ¡ ¹ß°ßµÇ°í
[º¸¾È´º½º ¹®°¡¿ë] ¼Ò´Ï ÇÈó½º »çÅÂÀÇ ºÒ¶ËÀÌ Ç÷¹À̽ºÅ×À̼ÇÀ¸·Î±îÁö Æ¢´Â °Í °°½À´Ï´Ù. ¹°·Ð ÇÈ󽺸¦ °ø°ÝÇÑ ±×·ì°ú Ç÷¹À̽ºÅ×À̼ÇÀ» °ø°ÝÇÑ ´Üü´Â ¼·Î ´Ù¸¥ °ÍÀ¸·Î º¸À̱ä ÇÕ´Ï´Ù¸¸, ÇÈó½º »çÅ·ΠǮ¸° ¿©·¯ °¡Áö ºñ¹Ð Á¤º¸µéÀ» °¡Áö°í Ç÷¹À̽ºÅ×ÀÌ¼Ç °ø°ÝÀÌ °¨ÇàµÈ °ÍÀ¸·Î º¸ÀÔ´Ï´Ù. ºÏÇÑÀº µÚ·Î ¹Ú¼öÄ¡°í ¾ÕÀ¸·Î´Â ¾Æ´Ï¶ó°í ¼Õ»ç·¡¸¦ Ä¡°í Àִµ¥, ½ÇÁ¦ ºÏÇÑÀÌ °³ÀԵǾî ÀÖ´ÂÁö, ±×·¸´Ù¸é ¾ó¸¶³ª ±íÀÌ °ü¿©Çß´ÂÁö, ¼Ò´Ï¶ó´Â ȸ»ç¸¦ Á¤¸»·Î ¸ÁÇÏ°Ô ÇÒ ¼ö ÀÖÀ»Áö ÁöÄѺ¸°Ô µË´Ï´Ù.
±¸±ÛÀÇ ¾Û ¿£Áø¿¡¼µµ Ãë¾àÁ¡ÀÌ ´Ù¼ö ¹ß°ßµÇ°í ÀÖ°í, Áö³ ÁÖ¸»¿¡ ³ª¿Â VM¿þ¾î °ü·Ã ÆÐÄ¡µµ ¹Ù·Î¹Ù·Î ³ª¿À°í ÀÖ½À´Ï´Ù. ¶ÇÇÑ ½Ì°¡Æ÷¸£¿¡¼´Â ÃѸ®ÀÇ À¥ ÆäÀÌÁö°¡ ¶Õ·Á ¹üÀÎÀÌ 6°³¿ù Çü¿¡ óÇß½À´Ï´Ù. ±×·±µ¥µµ ÀÏ¹Ý »ç¿ëÀÚµéÀÇ º¸¾È ÀÇ½Ä ¼öÁØÀº 20³âÀ̳ª µÚ¶³¾îÁ® ÀÖ´Ù´Â ¿¬±¸°á°ú°¡ ³ª¿Í ³î¶ø½À´Ï´Ù. µÚÃÄÁø °ÍÀÌ¾ß ¾Ë¾ÒÁö¸¸ ±× ¼¼¿ùÀÇ Â÷ÀÌ°¡ ¹«·Á 20³âÀ̶ó´Ï...
1. ¼Ò´Ï ÇØÅ· »çÅÂÀÇ °¡Àå ÃÖ±Ù ÇÇÇØÀÚ´Â Ç÷¹À̽ºÅ×ÀÌ¼Ç ½ºÅä¾î(Infosecurity Magazine)
http://www.infosecurity-magazine.com/news/playstation-store-sony-hacks/
¼Ò´Ï ÇÈó½ºÀÇ CEO, Á÷¿øµé¿¡°Ô °Ý·Á ÂÊÁö Àü´Þ(The Register)
http://www.theregister.co.uk/2014/12/08/sony_pictures_issues_dont_sue_me_bro_memo_to_staff/
¼Ò´Ï, ¶Ç ´Ù¸¥ °ø°Ý¿¡ ³ëÃâ(CU Infosecurity)
http://www.cuinfosecurity.com/sony-suffers-further-attacks-a-7650
¼Ò´Ï ÇÈó½º °ø°ÝÇÑ ÇØÄ¿µé, ¡°ºÏÇÑ °ü·Ã ¿µÈ Ãë¼Ò¡± Çù¹Ú(Security Week)
http://www.securityweek.com/hackers-urge-sony-pull-north-korea-comedy-film-reports
ºÏÇÑ : ¼Ò´Ï ÇÈó½º »çÅÂ, ºÏÇÑ Á¤ºÎ ÁöÁöÀÚ ¼ÒÇàÀÎÁöµµ(SC Magazine)
http://www.scmagazine.com/north-korea-sony-pictures-hack-may-be-work-of-govt-supporters/article/387207/
À̹ø ¼Ò´Ï ÇÈó½º ÇØÅ· »çŸ¦ ÁÖµµÇÑ °ÍÀ¸·Î º¸ÀÌ´Â GOP°¡ Çù¹Ú ÆíÁö¸¦ º¸³½ °ÍÀ¸·Î º¸Àδٴ ¼Ò½ÄÀÌ ¾îÁ¦ ³ª¿Ô½À´Ï´Ù. ¹°·Ð ÁøÂ¥·Î GOP°¡ º¸³½ °ÇÁö´Â È®ÀÎµÈ ¹Ù°¡ ¾øÁö¸¸, ¼Ò´Ï ³»ºÎ Á÷¿øµé »çÀÌ¿¡¼´Â È¥¶õÀ» ÃæºÐÈ÷ ¾ß±âÇß´Ù°í ÇÏÁÒ. ±×¿¡ ¸Â¼·Á´Â µí ¼Ò´Ï ÇÈó½ºÀÇ CEOÀÎ ¸¶ÀÌŬ ¸°ÅÏ(Michael Lynton)ÀÌ ¡°ÀÌ·± È¥¶õ ¼Ó¿¡¼µµ ÀÚ¸®¸¦ ÁöÄÑÁÖ°í ¸ÅÀÏ ¿ì¸®ÀÇ ÇÒ °ÍµéÀ» ¿Ï¼öÇØÁ༠°¨»çÇÏ´Ù¡±´Â ³»¿ëÀÇ ÂÊÁö¸¦ Á÷¿øµé¿¡°Ô µ¹¸° °ÍÀ¸·Î ÀüÇØÁ³½À´Ï´Ù. ÇÏÁö¸¸ ½ÇÁ¦ ¼ö»ç³ª ´ëó »óȲ¿¡´Â º°´Ù¸¥ ÁøôÀÌ ¾ø´Â °ÍÀ¸·Î º¸ÀÔ´Ï´Ù.
±×·¯´Â ÇÑÆí ¼Ò´Ï ÇÈ󽺿¡ ´ëÇÑ °ø°ÝÀÌ ¼Ò´Ï Ç÷¹À̽ºÅ×ÀÌ¼Ç ÂÊÀ¸·Îµµ ¹øÁ®°£ °ÍÀ¸·Î º¸ÀÌ´Â Á¤È²ÀÌ ³ªÅ¸³µ½À´Ï´Ù. ¼Ò´Ï Ç÷¹À̽ºÅ×ÀÌ¼Ç ³×Æ®¿öÅ©¿¡ µðµµ½º °ø°ÝÀÌ µé¾î¿Â °ÍÀÌÁÒ. Ç÷¹À̽ºÅ×ÀÌ¼Ç ³×Æ®¿öÅ©¿¡ Á¢¼ÓÇØ °ÔÀÓ°ú ¿µÈ¸¦ Áñ±â´ø »ç¿ëÀÚµéÀº ¡°Page Not Found¡±¶ó´Â ¿¡·¯ ¸Þ½ÃÁö¸¸ ÁÖ±¸Àåâ º¸°Ô µÇ¾ú°í, Áö±Ý ¼Ò´Ï´Â À̸¦ ÇØ°á Áß¿¡ ÀÖ½À´Ï´Ù. ÇÑÆí À̹ø µðµµ½º °ø°ÝÀº ¸®ÀÚµå ½ºÄõµå(Lizard Squad)¶ó´Â ÇØÅ· ±×·ìÀÇ ÁþÀÎ °ÍÀ¸·Î º¸ÀÔ´Ï´Ù.
ÇÑÆí ºÏÇÑÀº Á¤ºÎÀÇ °³ÀÔÀº °ÇÏ°Ô ºÎÀÎÇϸé¼, ÀڽŵéÀÇ Ã¼Á¦¸¦ ¿ËÈ£ÇÏ´Â ´©±º°¡°¡ ¹úÀÎ ÀÏ °°´Ù¸ç, ¾ÆÁÖ Àß ÇÑ ÀÏ, ¸¶¶¥È÷ ÀÖ¾ú¾î¾ß ÇÏ´Â ÀÏÀ̶ó°íµµ Çß½À´Ï´Ù. ´« °¡¸®°í ¾Æ¿õ °°Áö¸¸, ¾ÆÁ÷ Áõ°Å°¡ ¾øÀ¸´Ï ¸ðµç °ÍÀÌ ½ÉÁõÀÇ ´Ü°è¿¡ ¸Ó¹°·¯ ÀÖ½À´Ï´Ù. °Ô´Ù°¡ ¼Ò´Ï ÇÈ󽺿¡ ºÏÇÑ °ü·Ã ¿µÈÀÇ »ó¿µ °èȹÀ» Ãë¼ÒÇ϶ó´Â Çù¹ÚÀÌ GOP·ÎºÎÅÍ µé¾î¿Ô´Ù´Â ¼Ò½Äµµ ÀÖ¾ú½À´Ï´Ù. ±×·±µ¥ ÀÌ Çù¹Ú ¸ÞÀÏ¿¡ »ç¿ëµÈ ¿µ¾î°¡ ¾î¼³Ç °ÍÀ¸·Î º¸¾Æ ¿µ¾î¸¦ ¸ð±¹¾î·Î ÇÏÁö ¾Ê´Â ´ÜüÀÎ °ÍÀ¸·Î º¸Àδٰí ÇÕ´Ï´Ù. ³×, Á¤È²ÀÌ Á¡Á¡ ºÏÇÑÂÊÀ¸·Î ½ò¸®°í ÀÖÁö¸¸ ¾ÆÁ÷ ¸ðµç °ÍÀÌ ±×Àú ½ÉÁõÀÏ »ÓÀÔ´Ï´Ù.
2. °¡Á¤¿ë ¿ÍÀÌÆÄÀÌ º¸¾È ¡°¾ÆÁ÷ 90³â´ë PC ½ÃÀý¿¡ ¸Ó¹°·¯¡±(Infosecurity Magazine)
http://www.infosecurity-magazine.com/news/home-wifi-security-pcs-90s-avast/
°¡Á¤¿ë ¿ÍÀÌÆÄÀÌ º¸¾È 90³â´ë PC º¸¾È ¼öÁØ°ú ´Ù¸§¾ø¾î(The Register)
http://www.theregister.co.uk/2014/12/08/wi_fi_security_lax_survey/
¾Æ¹Ù½ºÆ®(Avast)¿¡¼ ÃÖ±Ù ¹Ì±¹°ú ¿µ±¹¿¡¼ °¢°¢ 2000°¡±¸¸¦ ´ë»óÀ¸·Î ¿ÍÀÌÆÄÀÌ º¸¾ÈÀÇ ½ÇŸ¦ Á¶»çÇß½À´Ï´Ù. ±× °á°ú ´ëºÎºÐÀÌ ±²ÀåÈ÷ »·ÇÏ°í ½¬¿î ID ¹× ¾ÏÈ£¸¦ °®Ãß°í ÀÖ´Ù´Â »ç½ÇÀÌ µå·¯³µ½À´Ï´Ù. admin/adminÀ̶óµçÁö, admin/password¶óµçÁö, ½ÉÁö¾î ¾ÏÈ£¸¦ ¾Æ¿¹ ¼³Á¤ÇÏÁö ¾ÊÀº °æ¿ì°¡ ¸¹¾Ò´Ù°í ÇÕ´Ï´Ù. 23%´Â Áý ÁÖ¼Ò, ÀüȹøÈ£, °Å¸®¸í µî ÃßÃøÀÌ ±²ÀåÈ÷ ½¬¿î °É ¾ÏÈ£·Î ÇÏ´Â °æ¿ì¿´´Ù°í ÇÕ´Ï´Ù. ÀÌ´Â ¸¶Ä¡ ¹ÙÀÌ·¯½º³ª ¸Ö¿þ¾î°¡ ÇÑâ ÆÛÁö°í´Â ÀÖÁö¸¸ Á¤ÀÛ PC »ç¿ëÀÚµéÀº º¸¾È¿¡ ´ëÇÑ °³³äÀÌ ÀüÇô ¾ø´ø 90³â´ë¸¦ ¶°¿Ã¸®°Ô ÇÑ´Ù°í ¾Æ¹Ù½ºÆ®´Â ²¿Áý¾ú½À´Ï´Ù. ±â°è¸¸ ¹ßÀüÇßÁö ÀÎ½Ä ¼öÁØÀº ¾ÆÁ÷ 20³âÀ̳ª µÚÃÄÁ® ÀÖ´Ù´Â °Çµ¥, µüÈ÷ ¹Ý¹ÚÇÒ ¸»ÀÌ ¾ø½À´Ï´Ù.
3. ±¸±Û ¾Û ¿£Áø¿¡¼ Ãë¾àÁ¡ ¹ß°ß(Threat Post)
http://threatpost.com/several-vulnerabilities-found-in-google-app-engine/109749
±¸±Û ¾Û ¿£Áø¿¡¼ Ãë¾àÁ¡ ¼ö½Ê °³ ¹ß°ß(Security Week)
http://www.securityweek.com/google-app-engine-plagued-tens-vulnerabilities-researchers
Æú¶õµåÀÇ º¸¾ÈÀü¹®°¡µéÀÌ ±¸±ÛÀÇ ¾Û ¿£Áø¿¡¼ Ãë¾àÁ¡À» 30°³ Á¤µµ ¹ß°ßÇß´Ù°í ÇÕ´Ï´Ù. ÀÌÁß¿¡´Â ÄÚµå ½ÇÇàÀ» °¡´ÉÇÏ°Ô ÇØÁְųª »÷µå¹Ú½º Å»ÃâÀ» µ½´Â Ãë¾àÁ¡µµ Æ÷ÇԵǾî ÀÖ½À´Ï´Ù. ±¸±Û ¾Û ¿£ÁøÀº °í°´µéÀÌ ÀڽŵéÀÌ ¸¸µç ¾ÛÀ» ±¸±ÛÀÇ ´ë±Ô¸ð Ŭ¶ó¿ìµå ÀÎÇÁ¶ó¿¡¼ ½ÇÇàÇÏ°Ô ÇØÁÖ´Â Ç÷§ÆûÀ¸·Î ÆÄÀ̼±À̳ª ÀÚ¹Ù µî ¾ð¾îµµ ´Ù¾çÇÏ°Ô Áö¿øÇÕ´Ï´Ù. ÀÌ Ç÷§ÆûÀÇ °¡Àå Å« ÀåÁ¡Àº »ç¿ëÀÚ°¡ ¼¹ö °ü¸® µîÀÇ ¹®Á¦¸¦ ÀüÇô ½Å°æ ¾²Áö ¾Ê¾Æµµ µÈ´Ù´Â °ÍÀ̾úÁÒ. ÀÌ Àü¹®°¡µéÀÇ ¼öÀåÀÎ ¾Æ´ã °í¿ìµð¾Ç(Adam Gowdiak)Àº ÀÌ »çÀÌÆ®¸¦ ÅëÇØ ¼¼ºÎ »çÇ×À» °ø°³Çß½À´Ï´Ù.
4. ½Ì°¡Æ÷¸£ ÇØÄ¿, ÃѸ® À¥ »çÀÌÆ® ÇØÅ·ÇØ 6°³¿ù Çü(Security Week)
http://www.securityweek.com/singaporean-jailed-hacking-prime-ministers-website
½Ì°¡Æ÷¸£ ÇØÄ¿, ÃѸ®ÀÇ À¥ »çÀÌÆ® ÇØÅ·ÇØ 6°³¿ù ¼±°í ¹Þ¾Æ(SC Magazine)
http://www.scmagazine.com/mohammad-azhar-tahir-sentenced-for-xss-attack/article/387215/
Á¦¸ñ ±×´ë·ÎÀÔ´Ï´Ù. µÎ ¸ÅüÀÇ Á¦¸ñÀÌ ½ÉÁö¾î º°·Î ´Ù¸£Áöµµ ¾ÊÁÒ. ÀÌ·² ¶© ½Ì°¡Æ÷¸£ÀÇ ÃѸ®°¡ ¸®¼¾·îÀ̶ó´Â ½Ã»ç »ó½Ä Çϳª ¾Ë¾ÆµÎ°í °¡¸é À̵æÀÔ´Ï´Ù. Ãß°¡·Î ÇØÅ·¹üÀº ¸ðÇÏ¸Þµå ¾ÆÀÚ¸£ ºó ŸÈ÷¸£(Mohammad Azhar bin Tahir)¶ó´Â ¹«Á÷ÀÇ Àι°À̾ú°í ¾î³ª´Ï¸Ó½ºÀÇ ½É¹ú°ú XSS Ãë¾àÁ¡À» »ç¿ëÇÑ °ÍÀ¸·Î ¾Ë·ÁÁ® ÀÖ½À´Ï´Ù.
5. VMWare, XSS Ãë¾àÁ¡ ¹× ÀÎÁõ¼ ¹®Á¦ ÆÐÄ¡(Threat Post)
http://threatpost.com/vmware-patches-xss-certificate-validation-issues/109753
VMWare XSS ½ºÅ©¸³Æà ¹ö±× °æ°í(The Register)
http://www.theregister.co.uk/2014/12/05/vmware_warns_of_vcenter_crosssitescripting_bug/
VM¿þ¾î¿¡¼ Áö³ ÁÖ ±Ý¿äÀÏ¿¡ XSS Ãë¾àÁ¡ ¹× ¹ö±×¿¡ ´ëÇÑ °æ°í¸¦ Çß¾ú´Âµ¥¿ä, ÁÖ¸» µ¿¾È À̸¦ °íÃÄ ÆÐÄ¡¸¦ ³»³ù½À´Ï´Ù. °¡Àå Å« Ãë¾àÁ¡Àº CVE-2014-3797À̾ú°í, »ç¿ëÀÚ°¡ ¾Ç¼º ¸µÅ©¸¦ Ŭ¸¯Çϰųª ¾Ç¼º ÆäÀÌÁö¿¡ Á¢¼ÓÇÏ´Â ¼ø°£ ¹ßµ¿µÇ´Â Á¾·ù¿´´Ù°í ÇÕ´Ï´Ù. ±× ´ÙÀ½À¸·Î´Â CVE-2014-8371 Ãë¾àÁ¡À¸·Î Áß°£ÀÚ °ø°ÝÀ» °¡´ÉÇÏ°Ô ÇÏ´Â Ãë¾àÁ¡À̾ú½À´Ï´Ù. ±×¹Û¿¡ ³× °¡Áö Ãë¾àÁ¡ÀÌ Ãß°¡ÀûÀ¸·Î ÆÐÄ¡µÇ¾ú´Ù°í ÇÏ´Ï, ¾ó¸¥ ¹Þ¾Æ¼ ÆÐÄ¡ÇϽñ⠹ٶø´Ï´Ù.
[±¹Á¦ºÎ ¹®°¡¿ë ±âÀÚ(globoan@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(http://www.boannews.com/) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>