조지아에 살고 있는 19살 Ucha Gobejishvili 군(?)이 곰 플레이어 대한 오버플로우 취약점을 발견하였다. 간단한 동영상을 유튜브를 통해 올려놓았는데.. 코드는 공개하지 않고는 있지만 그레텍에서 이 사실을 알고 조속히 보안 패치를 취해 주었으면 하는 바이다.
Introduction:
=============
GOM Player (Gretech Online Movie Player) is a 32/64-bit media player for Microsoft Windows, distributed by the Gretech Corporation of South Korea.
It is the primary client player for South Korean GOM-TV, and is more popular in South Korea than any other media player. Key strengths inherited from libavcodec include wide ranging ability to play media files, including .flv - without needing to obtain an external codec, and the ability to play some broken media files. Both of those features are present in other projects using libavcodec like VLC and MPlayer, but are absent from some other media software, including Windows Media Player.
Abstract:
=========
.....
2011 has been labeled the "Year of the Hack” or “Epic #Fail 2011”. Hacking has become much easier over the years, which is why 2011 had a lot of hacking for good and for bad. Hackers are coming up with tools as well as finding new methods for hacking faster then companies can increase their security. Every year there are always forward advancements in the tools and programs that can be used by the hackers.
안드로이드용 프리 백신이 공개되었네요. 아직 전 옴니아 유저라 사용해 보진 못했지만 ㅡ_-+
항상 바이러스때문에 안드로이드 폰에 대해 우려하셨던 분들은 사용해 보시길 바랍니다.
현재 적용되는 버젼은 Android 2.1.x, 2.2.x, or 2.3.x 이며 안드로이드 마켓을 이용하시면 됩니다.
고객의 가장 중요한 고급 정보를 지니고 있는 AMEX가 이렇게 웹사이트를 운용하다니 일반인이나 IT인들에게 조롱거리가 되는건 시간 문제겠군요.
트윗을 통해 담당자의 연락처를 알아보고 전달했다는..씁쓸한 얘기였습니다. 그리고
Max Niederhofer의 정보에 의하면..이런 취약점이..-0-;;
빨리 조치되길 바랄뿐 입니다.
[주의] 본 자료는 연구용 및 학습 자료로 사용하길 바라며, 악의적인 사용시 사용자 본인에게 책임이 있음을 명시합니다.
이젠 앱게임을 윈도우에서도 즐길수 있게 되었네요. ㅎㅎ
전세가 역전되는 건가봅니다. 고사양의 스마트폰을 무기로 각종 게임이 나오고 있으니.. 단순하지만 중독성있는 겜을 즐겨봅시다. (보안쪽으로 보면 이제 앱을 PC로 다운받아 실행시켜 개인정보노출 및 코드 결함을 알아볼수 있겠네요..^^;)
We all know about android and big and growing applications market. most of us must be using windows and their operating system. And many of us also must be thing of using this apps on windows machine. BlueStacks will make android run on windows machine.
BlueStacks 관련 데모 영상
BlueStacks 기능
Features of BlueStacks
Play Android apps fast and full-screen
Push your favorite apps from your Android phone to your PC using BlueStacks Cloud Connect
미군의 무인 항공기 프레데터와 랩터 드론이 전쟁지역인 아프칸에서 키로깅 바이러스에 감염되었다는 군요~ ;( 전술 및 전략이 다 노출되었을 가능성이 있네요.
A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones.
The virus, first detected nearly two weeks ago by the military’s Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech’s computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the U.S. military’s most important weapons system.
자세히
“We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”
Military network security specialists aren’t sure whether the virus and its so-called “keylogger” payload were introduced intentionally or by accident; it may be a common piece of malware that just happened to make its way into these sensitive networks. The specialists don’t know exactly how far the virus has spread. But they’re sure that the infection has hit both classified and unclassified machines at Creech. That raises the possibility, at least, that secret data may have been captured by the keylogger, and then transmitted over the public internet to someone outside the military chain of command.
Drones have become America’s tool of choice in both its conventional and shadow wars, allowing U.S. forces to attack targets and spy on its foes without risking American lives. Since President Obama assumed office, a fleet of approximately 30 CIA-directed drones have hit targets in Pakistan more than 230 times; all told, these drones have killed more than 2,000 suspected militants and civilians, according to the Washington Post. More than 150 additional Predator and Reaper drones, under U.S. Air Force control, watch over the fighting in Afghanistan and Iraq. American military drones struck 92 times in Libya between mid-April and late August. And late last month, an American drone killed top terrorist Anwar al-Awlaki — part of an escalating unmanned air assault in the Horn of Africa and southern Arabian peninsula.
But despite their widespread use, the drone systems are known to have security flaws. Many Reapers and Predators don’t encrypt the video they transmit to American troops on the ground. In the summer of 2009, U.S. forces discovered “days and days and hours and hours” of the drone footage on the laptops of Iraqi insurgents. A $26 piece of software allowed the militants to capture the video.
The lion’s share of U.S. drone missions are flown by Air Force pilots stationed at Creech, a tiny outpost in the barren Nevada desert, 20 miles north of a state prison and adjacent to a one-story casino. In a nondescript building, down a largely unmarked hallway, is a series of rooms, each with a rack of servers and a “ground control station,” or GCS. There, a drone pilot and a sensor operator sit in their flight suits in front of a series of screens. In the pilot’s hand is the joystick, guiding the drone as it soars above Afghanistan, Iraq, or some other battlefield.
Some of the GCSs are classified secret, and used for conventional warzone surveillance duty. The GCSs handling more exotic operations are top secret. None of the remote cockpits are supposed to be connected to the public internet. Which means they are supposed to be largely immune to viruses and other network security threats.
But time and time again, the so-called “air gaps” between classified and public networks have been bridged, largely through the use of discs and removable drives. In late 2008, for example, the drives helped introduce the agent.btz worm to hundreds of thousands of Defense Department computers. The Pentagon is still disinfecting machines, three years later.
Use of the drives is now severely restricted throughout the military. But the base at Creech was one of the exceptions, until the virus hit. Predator and Reaper crews use removable hard drives to load map updates and transport mission videos from one computer to another. The virus is believed to have spread through these removable drives. Drone units at other Air Force bases worldwide have now been ordered to stop their use.
In the meantime, technicians at Creech are trying to get the virus off the GCS machines. It has not been easy. At first, they followed removal instructions posted on the website of the Kaspersky security firm. “But the virus kept coming back,” a source familiar with the infection says. Eventually, the technicians had to use a software tool called BCWipe to completely erase the GCS’ internal hard drives. “That meant rebuilding them from scratch” — a time-consuming effort.
The Air Force declined to comment directly on the virus. “We generally do not discuss specific vulnerabilities, threats, or responses to our computer networks, since that helps people looking to exploit or attack our systems to refine their approach,” says Lt. Col. Tadd Sholtis, a spokesman for Air Combat Command, which oversees the drones and all other Air Force tactical aircraft. “We invest a lot in protecting and monitoring our systems to counter threats and ensure security, which includes a comprehensive response to viruses, worms, and other malware we discover.”
However, insiders say that senior officers at Creech are being briefed daily on the virus.
“It’s getting a lot of attention,” the source says. “But no one’s panicking. Yet.”