¿À´ÃÀÇ Å°¿öµå : À̽½¶÷, ¹Ì±¹, ÇÁ¶û½º, ¿À¹Ù¸¶, ÄÚ·¼, MS, ±¸±Û
¿À¹Ù¸¶´Â °·ÂÇÑ »ç°í º¸°í ü°è ¿øÇÏ°í, ±º ºÎ´ë´Â ÇØÅ· ´çÇÏ°í
MS¿Í ±¸±Û »çÀÌ¿¡ À̾îÁö´Â ½Å°æÀü, ±× »çÀÌ·Î ÄÚ·¼ Ãë¾àÁ¡ ¹ß°ß
[º¸¾È´º½º ¹®°¡¿ë] Áö±Ý ¼¼°è´Â À̽½¶÷ ±Ø´ÜÁÖÀÇ ¼¼·Â°úÀÇ ÀüÀï ÁßÀÔ´Ï´Ù. À̽½¶÷ ±Ø´ÜÁÖÀÇ ¼¼·ÂµéÀº ¾ÆÁ÷µµ ÇÁ¶û½ºÀÇ À¥ »çÀÌÆ®¸¦ °ø°ÝÇÏ°í ÀÖ°í ¹Ì±¹ÀÇ Áߺλç·ÉºÎ Æ®À§ÅÍ °èÁ¤±îÁöµµ ÈÉÃij½À´Ï´Ù. ¼Ò´Ï »ç°Ç±îÁö ¾ó¸¶ Àü¿¡ °ÞÀº ¿À¹Ù¸¶ ´ëÅë·ÉÀÇ ¹ß°ÉÀ½ÀÌ ´õ¿í ¹ÙºüÁö°í ÀÖ½À´Ï´Ù. ƯÈ÷ ÀÌÁ¦ºÎÅÍ´Â »ç°í¸¦ ´çÇÑ »ç¶÷Àº öÀúÇÏ°Ô »ç°í ³»¿ëÀ» º¸°íÇϵµ·Ï ¹ýÀ» ¸¸µé°Ú´Ù°í ³ª¼°í ÀÖ½À´Ï´Ù. ½ÊÀÚ±º ½Ã´ëµµ ¾Æ´Ï°í ÀϺΠÀ̽½¶÷ ±Ø´ÜÁÖÀÇÀÚµé°ú ¼¾ç ±¹°¡µéÀÇ ÀÌ·± ´ëÄ¡ »óȲÀ» º¸°í ÀÖÀÚ´Ï »ç¶÷Àº ±×³É »õ·Î¿î À常 ¸¸µé¾î ³õÀ¸¸é(¿©±â¼´Â ÀÎÅͳÝ) Çß´ø ÁþÀ» ¶È°°ÀÌ ¹Ýº¹ÇÏ´Â °Í¹Û¿¡´Â ¾È µÇ´Â±¸³ª, ÇÏ´Â »ý°¢ÀÌ µì´Ï´Ù.
¡ã ¹Ì Áߺλç·ÉºÎ Æ®À§ÅÍ °èÁ¤ ù ȸé
ÇÑÆí MS¿Í ±¸±ÛÀÇ ½Å°æÀüÀÌ °è¼ÓµÇ°í ÀÖ½À´Ï´Ù. ±¸±ÛÀº ¡®¿ì¸®°¡ 90ÀÏ ¾È¿¡ °ø°³ÇÑ´Ù¸é ÇÏ´Â °Å´Ï±î ¾Æ½¬¿ì¸é ³Ê³×°¡ 90ÀÏ ¾È¿¡ ÆÐÄ¡¸¦ ¹èÆ÷ÇØ¡¯¶ó´Â ÀÔÀåÀÌ°í MS´Â ¡®ÆÐÄ¡º¸´Ù Ãë¾àÁ¡ÀÌ ¸ÕÀú °ø°³µÇ¸é ´©±º°¡ ÆÐÄ¡°¡ ³ª¿Ã ¶§±îÁö ±× Ãë¾àÁ¡À» ÅëÇÑ °ø°ÝÀ» °¨ÇàÇÒ ÅÙµ¥ »ç¿ëÀÚ ÀÔÀåÀº ¾î¼¸é ±×·¸°Ô »ý°¢À» ¸øÇϴ°¡¡¯¶ó¸ç ºñ³ÇÏ°í ÀÖ½À´Ï´Ù. ±¸±ÛÀÌ 90ÀÏÀ̶ó´Â ¡®³»ºÎ ±ÔÁ¤¡¯À» ¿ÜºÎ¿¡µµ Àû¿ëÇÏ´Â °Ô ¿À¸¸ÇØ º¸À̱⵵ ÇÏÁö¸¸ ¸Ö¸® º¸¸é Ãë¾àÁ¡À» Á¶±Ý ´õ »¡¸® ¾ø¾Ö´Â µ¥ µµ¿òÀÌ µÉ °Í °°±âµµ Çؼ ÆÇ´ÜÀÌ ½±Áö´Â ¾Ê½À´Ï´Ù. MS ¸»´ë·Î µÎ °í·¡ÀÇ ½Î¿ò¿¡ »ç¿ëÀÚÀÇ »õ¿ìµî¸¸ ÅÍÁöÁö´Â ¾Æ´Ò±î °ÆÁ¤µË´Ï´Ù.
1. ¹Ì±¹ Áߺλç·ÉºÎÀÇ °èÁ¤ ÇØÅ·´çÇÏ´Ù(CU Infosecurity)
http://www.cuinfosecurity.com/us-central-commands-accounts-hacked-a-7779
ISIS ÁöÁö ¼¼·Âµé, ¹Ì±¹ Áߺλç·ÉºÎÀÇ Æ®À§ÅÍ¿Í À¯Æ©ºê °èÁ¤ Å»Ãë(SC Magazine)
http://www.scmagazine.com/us-central-command-social-media-accounts-hacked/article/392128/
¹Ì±¹ Áߺλç·ÉºÎ Æ®À§ÅÍ Çǵå ÇØÅ·ÇÑ »çÀ̹ö ÁöÇϵå(CSOOnline)
http://www.csoonline.com/article/2867561/disaster-recovery/u-s-centcom-twitter-feed-compromised-by-cyber-jihadists.html
ISIS ÁöÁö ¼¼·Âµé, ¹Ì±¹ Áߺλç·ÉºÎÀÇ Æ®À§ÅÍ ¹× À¯Æ©ºê °èÁ¤ Å»Ãë(Security Week)
http://www.securityweek.com/pro-isis-hackers-compromise-us-centcom-twitter-youtube-accounts
¡®°¢¿ÀÇ϶ó, ¹Ì±ºµé¡¯ ¹Ì±¹ Áߺλç·ÉºÎ Æ®À§ÅÍ °èÁ¤ Å»Ãë´çÇØ(The Register)
http://www.theregister.co.uk/2015/01/12/us_centcom_twitter_account_hacked/
¾îÁ¦ ¹Ì±¹ÀÇ ±º¼Ò ¹× ÁÖ·ù ¾ð·Ð»çÀÇ ¿©·¯ °èÁ¤µéÀ» ÇØÅ·ÇÏ´Â °ÍÀ¸·Î ¾Ë·ÁÁø »çÀ̹öÄ®¸®ÆäÀÌÆ®(CyberCaliphate)¶ó´Â ÇØÄ¿ ´Üü¿¡ ´ëÇÑ Å¬¸®ÇÎ ±â»ç°¡ ³ª°¬¾úÁÒ. ±× ´Üü°¡ FBIÀÇ µ¥ÀÌÅͺ£À̽º±îÁö ¼ÕÀ» ´ò´Ù°í È£¾ðÀå´ãÇÏ´Â °É µÎ°í ºÐ¼®°¡µéÀº ¡®Å°º¸µå ¿ö¸®¾î¡¯ÁþÀ̶ó°í ÆÇ´ÜÇߴµ¥¿ä, ±× Å°º¸µå ¿ö¸®¾îÁþÀÌ ¹Ì±¹ÀÇ Áߺλç·ÉºÎÀÇ Æ®À§ÅÍ °èÁ¤±îÁöµµ ½Ï Åоú´Ù°í ÇÕ´Ï´Ù. ¾îÁ¦±îÁö ³«°üÇÏ´Â ÀÚ¼¼·Î »çŸ¦ °ü¸ÁÇÏ´ø ºÐ¼®°¡µéÀÇ ¾ó±¼ Ç¥Á¤ÀÌ ±Ã±ÝÇϱ⵵ ÇÕ´Ï´Ù. ¹Ì±¹ ÃøÀº ±×Àú ¼Ò¼È¹Ìµð¾î °èÁ¤ ¸î °³°¡ Åи° °Í»ÓÀÌ¸ç ±º»ç ºñ¹Ð¿¡ À̸£°Ô ÇÏ´Â ³×Æ®¿öÅ©±îÁö´Â ¾ÆÁ÷ ±¦Âú´Ù°í ¹ßÇ¥Çß½À´Ï´Ù. ÇöÀç ÀÎÅͳݿ¡ À¯Æ÷µÇ°í ÀÖ´Â ±º»ç ±â¹Ð Á¤º¸µéÀº ÀüºÎ °¡Â¥À̸ç ÇØÄ¿µéÀÌ Áø¥ó·³ º¸À̱â À§ÇØ ¸®ÆÐŰ¡ ÇÑ °Í»ÓÀ̶ó°í ÇÕ´Ï´Ù. ±×·¯¸é¼ ¶Ç ÀÌ ¸ðµç ÀϵéÀÌ ´Ü¼øÈ÷ ¡°Çù¹Ú ÇàÀ§¡±ÀÏ °ÍÀ̶ó°í ºÐ¼®Çߴµ¥, ÀÌ°Ç ¾ÈÀÌÇÑ °É±î¿ä ¾Æ´Ï¸é ±àÁ¤ÀÇ ¿ÕÀÎ °É±î¿ä.
2. ¿À¹Ù¸¶ ´ëÅë·É, À¯Ãâ »ç°í º¸°í ¹× ÆÐÄ¡ ¹ýÀ¸·Î ÅëÀÏ ¿ä±¸(Infosecurity Magazine)
http://www.infosecurity-magazine.com/news/obama-to-unify-breach-reporting/
¿À¹Ù¸¶ ´ëÅë·É À¯Ãâ Å뺸 Ç¥ÁØ Á¦¾È(Threat Post)
http://threatpost.com/president-proposes-national-breach-notification-standard/110363
À¯Ãâ »ç°í°¡ ÀÖ¾ú´Ù°í? ±×·¯¸é ¾ó¸¥ ¸»ÇؾßÁö - ¿À¹Ù¸¶(The Register)
http://www.theregister.co.uk/2015/01/12/obama_pushes_mandatory_breach_disclosure_laws/
¿À¹Ù¸¶ ´ëÅë·É, ±¹°¡ À¯Ãâ »ç°í Å뺸 ¹ý°ú Çлý ÇÁ¶óÀ̹ö½Ã ¹ý Á¦¾È(SC Magazine)
http://www.scmagazine.com/state-of-the-union-speech-will-outline-privacy-and-data-protection/article/392127/
¿À¹Ù¸¶ ´ëÅë·É À¯Ãâ Å뺸 ¹ýÁ¦È Çϱ⠿øÇØ(CU Infosecurity)
http://www.cuinfosecurity.com/obama-seeks-to-nationalize-breach-notification-a-7774
¿À¹Ù¸¶ ´ëÅë·É, ±¹°¡ Á¤º¸ À¯Ãâ Å뺸 ¹ý Á¦¾ÈÇØ(Security Management)
https://sm.asisonline.org/Pages/Obama-Calls-for-Federal-Data-Breach-Notification-Law.aspx
¾îÁ¦ Àá±ñ Ŭ¸®ÇÎ µÈ ±â»ç ³»¿ëÀÔ´Ï´Ù. ´Ù¸¸ ¾îÁ¦´Â ºñ°ø½ÄÀûÀÎ ·çÆ®¸¦ ÅëÇØ À͸íÀÇ ¹é¾Ç°ü °ü°èÀÚ°¡ Á¦º¸ÇØÁØ ³»¿ëÀ̾ú°í, ¿À´ÃÀº ±×°Ô ¿À¹Ù¸¶ ´ëÅë·ÉÀÌ °ø½Ä ¼®»ó¿¡¼ Á¤½ÄÀ¸·Î ¹ßÇ¥Çß´Ù´Â Â÷ÀÌ°¡ ÀÖ½À´Ï´Ù. °á±¹ °³ÀÎ À¯Ãâ »ç°í ½Ã Å뺸 ¹× º¸È£¹ýÀ» Åë°ú½ÃÅ°°Ú´Ù´Â ÀÇÁö¸¦ Ç¥¸íÇÑ °ÍÀÔ´Ï´Ù. ¾îÁ¦ ÀÚÆ÷½º¶ó´Â ÀÇ·ù ¾÷ü°¡ ´ë±Ô¸ð Á¤º¸ À¯Ãâ »ç°í¿¡ ÀÖ¾î ¾î´À Á¤µµ Ã¥ÀÓÀ» Á®¾ß ÇÑ´Ù´Â ÆÇ°áÀÌ ÀÖ¾ú´Âµ¥¿ä, ¿À¹Ù¸¶ ´ëÅë·ÉÀÇ ÀÌ ¹ý¾ÈÀÌ Åë°úµÇ°í ³ª¸é ÀÌÁ¦ Á¤º¸¸¦ °ü¸®ÇÏ´Â ÀÚÀÇ Ã¥ÀÓ»Ó ¾Æ´Ï¶ó ½Èµç ÁÁµç ÀÚ½ÅÀÌ µµ³´çÇÏÁö ¾ÊÀ» Ã¥ÀÓÀ» ´Ù ÇÏÁö ¸øÇß´Ù´Â »ç½Ç±îÁöµµ ¾î¿ ¼ö ¾øÀÌ °øÀ¯ÇØ¾ß ÇÕ´Ï´Ù. ¿À¹Ù¸¶ ´ëÅë·ÉÀº ÇлýµéÀÇ ÇÁ¶óÀ̹ö½Ã ¹ý±îÁöµµ ÇÔ²² Á¦¾ÈÇÔÀ¸·Î½á ÇÁ¶óÀ̹ö½Ã¿¡ ´ëÇÑ ±ÕÇüµµ Àß ¸ÂÃß¾ú´Âµ¥¿ä, Âü ´É¼ö´É¶õÇÕ´Ï´Ù.
3. »çÀ̹ö ÁöÇϵåµé, ¼ö¹é °³ÀÇ ÇÁ¶û½º À¥ »çÀÌÆ® °ø°Ý(Security Week)
http://www.securityweek.com/cyberjhadists-hack-hundreds-french-websites
ÇÁ¶û½º¿¡¼ À̽½¶÷ ±Ø´ÜÁÖÀÇ ¼¼·Â°úÀÇ Ãæµ¹ÀÌ °è¼ÓÇؼ ÀϾ°í ÀÖ½À´Ï´Ù. »þ¸¦¸£ »çÅ¿¡ À̾î ÇÁ¶û½ºÀÇ À¥ »çÀÌÆ® ¼ö¹é °³°¡ ±Ø´ÜÁÖÀÇ¿¡ ºüÁø À̽½¶÷ ÇØÄ¿µé¿¡°Ô ħÅõ ´çÇØ Áö±Ý ÇÁ¶û½º À¥»çÀÌÆ®µé¿¡´Â ¡°½ÅÀº ¾ø°í ¿ÀÁ÷ ¾Ë¶ó¸¸ÀÌ ÀÖ´Ù¡±¶ó°Å³ª ¡°ÇÁ¶û½º¿¡°Ô Á×À½À»¡±À̶ó´Â ¹®±¸°¡ ¿©±âÀú±â¼ µîÀåÇÑ´Ù°í ÇÕ´Ï´Ù. ÀÌ·± °ø°ÝÀÌ ÇϳªÀÇ ´Üü¿¡¼ °¨ÇàÇÏ´Â °ÍÀÌ ¾Æ´Ï¶ó ºü¸£°Ô ¹¶ÃÆ´Ù°¡ ´Ù½Ã Èð¾îÁö´Â, ¸¶Ä¡ °Ô¸±¶ó °°Àº ÇØÄ¿ ±×·ìÀÌ ÇÏ°í Àֱ⠶§¹®¿¡ ¼ö»ç ¹× üÆ÷¿¡ ¾î·Á¿òÀÌ ¸¹´Ù´Â °ÍÀÌ ÇÁ¶û½º »çÀ̹ö °æÂûÀÇ ¼³¸íÀÔ´Ï´Ù. ¶ÇÇÑ ÂªÀº ±â°£ ¾È¿¡ ÀÌ Á¤µµ·Î ±Ô¸ð°¡ Å« ÇØÅ· Ä·ÆäÀεµ óÀ½À̶ó°í ÇÕ´Ï´Ù. ÇÁ¶û½º°¡ »õ·Î¿î »çÀ̹öÀüÀÇ ¹«´ë°¡ µÇ°í ÀÖ½À´Ï´Ù.
4. MS, À©µµ¿ì Ãë¾àÁ¡ °ø°³ÇÑ ±¸±Û¿¡ ¾´ ¼Ò¸®(Infosecurity Magazine)
http://www.infosecurity-magazine.com/news/microsoft-hits-back-in-row-over/
MS, ±¸±ÛÀÇ À©µµ¿ì Ãë¾àÁ¡ °ø°³¿¡ °ßÃ¥(Threat Post)
http://threatpost.com/microsoft-censures-google-for-publishing-windows-vulnerability/110347
¾î¶»°Ô ±×·²¼ö°¡! MS, ±¸±Ûº¸°í ÀÔÀÌ ½Î´Ù°í ºñ³(The Register)
http://www.theregister.co.uk/2015/01/12/google_microsoft_coordinated_vulnerability_disclosure_policy_battle/
MS, Ãë¾àÁ¡ °ø°³ÇÑ ±¸±Û¿¡ °ÅÄ£ Ç׺¯(CSOOnline)
http://www.csoonline.com/article/2867534/vulnerabilities/microsoft-blasts-google-for-vulnerability-disclosure-policy.html
¾ó¸¶Àü ±¸±ÛÀÌ À©µµ¿ì Ãë¾àÁ¡À» ¹ß°ß ÈÄ 90Àϸ¸¿¡ ´ëÁß¿¡°Ô °ø°³ÇÑ ÀÏÀÌ ÀÖ¾ú½À´Ï´Ù. ±×¸®°í Áö³ 11ÀÏ ±¸±ÛÀÇ ÇÁ·ÎÁ§Æ® Á¦·Î(Project Zero)¿¡¼ ¶Ç ´Ù½Ã ÇÑ ´Þµµ ¾È µÈ ±â°£ ³»¿¡ À©µµ¿ì 8.1ÀÇ Ãë¾àÁ¡À» °ø°³Çß½À´Ï´Ù. ¿ª½Ã³ª ¹ß°ß ¹× MS Ãø¿¡ Å뺸 ÈÄ 90Àϸ¸¿¡ °ø°³ÇÑ °ÍÀ̶ó°í ÇÕ´Ï´Ù. MS´Â ÇØ´ç Ãë¾àÁ¡¿¡ ´ëÇÑ ÆÐÄ¡¸¦ 13ÀÏ¿¡ ÁøÇàÇÒ ¿¹Á¤À̾ú´Ù°í ÇÕ´Ï´Ù. MS´Â ºí·Î±×¸¦ ÅëÇØ ¡°°°ÀÌ ÀÏÀ» Çغ¸·Á°í ÇÏÁö¸¸ ±¸±Û¿¡¼´Â ÀÚ±âµéÀÇ ¹æħ¸¸ °íÁýÇÑ´Ù¡±¶ó¸ç ¡°Æ¯º°È÷ ¹ßÇ¥ ½Ã±â¸¦ ´ÊÃç »ç¿ëÀÚµéÀ» Á¶±ÝÀÌ¶óµµ ´õ º¸È£ÇØ´Þ¶ó°í ¿äûÀ» Çߴµ¥, ±× ¸çÄ¥À» ±â´Ù¸®Áö ¸øÇß´Ù¡±¸ç ºñ³Çß½À´Ï´Ù. Ãë¾àÁ¡ÀÌ °ø°³µÇ´Â ³¯°ú °íÃÄÁö´Â ³¯ »çÀÌ¿¡ ¹ß»ýÇÏ´Â ÇØÅ· ½Ãµµ¸¦ ¿øõ Â÷´ÜÇÏÀÚ´Â ÃëÁö¸¦ ±¸±Û Ãø¿¡¼ ÀÌÇظ¦ ¸øÇÑ´Ù´Â °ÍÀÔ´Ï´Ù. ¡°±¸±ÛÀÌ ¸Â´Ù°í Çؼ ¸ðµç »ç¿ëÀÚ¿¡°Ô ¸Â´Â °ÍÀº ¾Æ´Ï¸ç, ±¸±ÛÀº Á» ´õ »ç¿ëÀÚ ÀÔÀå¿¡¼ »ý°¢ÇÒ ÇÊ¿ä°¡ ÀÖ´Ù¡±°í ÀÏħÀ» ²Å±âµµ Çß½À´Ï´Ù.
5. ÄÚ·¼ Á¦Ç°¿¡¼ Á¦·Îµ¥ÀÌ Ãë¾àÁ¡ ¹ß°ß(Threat Post)
http://threatpost.com/0-days-exposed-in-several-corel-applications/110348
ÄÚ·¼ ¼ÒÇÁÆ®¿þ¾î Á¦Ç°µé¿¡ º¸¾È ¿À·ùµé ¹ß°ßµÅ(Security Week)
http://www.securityweek.com/core-security-discloses-security-vulnerabilities-corel-software-products
±¹³»¿¡´Â ÄÚ·¼µå·Î¿ì·Î À¯¸íÇÑ ÄÚ·¼ÀÇ Á¦Ç°¿¡¼ DLL Å»Ãë Ãë¾àÁ¡ÀÌ ¹ß°ßµÇ¾ú´Ù°í ÇÕ´Ï´Ù. ÇØÄ¿µéÀº DLLÀ» Å»ÃëÇØ ¿ø°Ý¿¡¼ ÀÓÀÇ Äڵ带 ½ÇÇàÇÒ ¼ö ÀÖ°Ô µÇ´Âµ¥¿ä, ¾ÆÁ÷ ÄÚ·¼¿¡¼´Â ÀÌ¿¡ ´ëÇÑ ÀÀ´äÀÌ ¾ø´Ù°í ÇÕ´Ï´Ù. ´ç¿¬È÷ ÆÐÄ¡µµ ¾ÆÁ÷±îÁö ³ª¿ÀÁö ¾ÊÀº »óÅ°í¿ä. Áö±Ý À§Çè »óÅ¿¡ ÀÖ´Â Á¦Ç°µéÀº ÄÚ·¼µå·Î¿ì X7, ÄÚ·¼ Æ÷ÅäÆäÀÎÆ® X7, ÄÚ·¼ ÆäÀÎÆ®¼¥ÇÁ·Î X7, ÄÚ·¼ CAD 2014, ÄÚ·¼ ÆäÀÎÅÍ 2015, ÄÚ·¼ PDF Ç»Àü, ÄÚ·¼ ºñµð¿À½ºÆ©µð¿À ÇÁ·Î X7, ÄÚ·¼ ÆнºÆ®Çø¯À̶ó°í ÇÕ´Ï´Ù.
[±¹Á¦ºÎ ¹®°¡¿ë ±âÀÚ(globoan@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(http://www.boannews.com/) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>