每日安全简讯(20161114)

1、安全专家担心俄黑客影响英国脱欧投票
2、美指控Florida黑客与攻击摩根大通有关
3、俄罗斯调查Windows 10防毒软件垄断问题
4、Facebook错误使全部用户显示“纪念账户”
5、特朗普当选导致加密邮件服务申请翻倍
6、D-Link被发现可获root权限的HNAP漏洞

【安天】搜集整理（来源：mirror、reuters、arstechnica、securityaffairs、easyaq、computerworld）

1、安全专家担心俄黑客影响英国脱欧投票
标题：Fears Russian hackers will target Parliament Brexit vote after Trump success

作者信息：09:34, 13 NOV 2016 BY MARC WALKER

//BEGIN
Kremlin hackers who attacked the Hilary Clinton campaign will turn their attention to influencing politics in Europe
Donald Trump was Russia's preferred candidate in the US election. Russian hackers are accused of sabotaging rival Hilary Clinton's campaign in the run-up to the vote.
Russian hackers who helped get Donald Trump elected will turn their attention to influencing Britain's possible Parliament vote on Brexit, cyber security experts fear.
美国的网络安全专家称俄罗斯的黑客通过入侵总统候选人希拉里的邮件系统，进而侧面帮助了其所想要的特总统当选。如今他们的目的已经达到(不管原因是不是如此)，现在他们的目光转向了欧洲，想故伎重演，特别是针对英国的议会关于脱欧的投票。

//END
Dmitri Alperovitch, from security firm Crowdstrike, which identified Russia as the Democrat party hackers, said: “They've continued their attempted intrusions of political entities pretty much unabated."
He added: “They’ve had success beyond their wildest dreams.”
Mr Alperovitch said he has met with senior government officials across Europe ahead of key elections in France and Germany and Britain's parliamentary vote on Brexit .
He said: “They’re concerned that the blueprint used now against the US will be used against them in upcoming election cycles.
“They’re concerned that the precedent that’s been set is that you can do this against the US, and if so, that they’ll be walked all over by Russia.”
A referendum held in June resulted in 52% of Brits voting to leave the European Union, but a legal challenge has forced a vote in Parliament before Article 50 can be triggered and the UK officially cuts ties with Brussels.
英国的脱欧还需要得到议会根据Article 50的规定的投票许可，这样才能正式进入脱欧程序。其他的欧洲国家也有重要的选举要举行，因此特别希望能从这次美国大选的进程中得到启发，尤其是关于网络攻击的一些细节和技术特征，这样就能更加安全保护整个选举过程，以防止那些别有用心的黑客的阴谋得逞。

点评：这个文章的前2个单词好过瘾呀.....

2、美指控Florida黑客与攻击摩根大通有关
标题：U.S. charges Florida man in case linked to JPMorgan hacking probe

作者信息：Thu Nov 10, 2016 6:12pm EST By Nate Raymond

//BEGIN
A Florida man is the latest individual to face criminal charges in connection with what U.S. prosecutors say was an illegal bitcoin exchange
owned by an Israeli accused of being behind hacking attacks on companies including JPMorgan Chase & Co.
一个美国佛罗里达州的男子被控与攻击JPMorgan Chase & Co.等公司有关，可能因非法比特币交易而面临起诉。这个交易可能与一个以色列人相关。

//END
The complaint against Hill said that he and others profited from numerous bitcoin transactions conducted on behalf of victims of schemes involving ransomware, which locks up computer systems and then demands payments to remove the restriction.
这个犯罪团伙采用勒索软件加密攻击对象的数据和文件，并向用户勒索钱财，并采用比特币交易。收到比特币后，才会给用户解锁。

点评：对付勒索软件，建议还是备份备份再备份。

3、俄罗斯调查Windows 10防毒软件垄断问题
标题：Kaspersky accuses Microsoft of anticompetitive bundling of antivirus software

作者信息：11/12/2016, 10:00 PM By PETER BRIGHT

//BEGIN
In some situations, Windows 10 will disable third party anti-malware products.
Billionaire Russian anti-virus developer Eugene Kaspersky has penned an angry blog post titled "That's It. I've Had Enough!" to complain about Microsoft and Windows 10. Specifically, Kaspersky argues that the way Microsoft bundled Defender with Windows 10 is anti-competitive: he says that Microsoft has created obstacles to third-party products and is acting against the interests of the developers of third-party security software.
Accordingly, Kaspersky says that he has filed complaints with competition authorities in the EU and Russia. He asks that they force Microsoft to cease the behavior he feels is anti-competitive.
俄罗斯的反病毒软件巨头Kaspersky撰文猛烈抨击了Windows10的最新升级策略：强力推荐了MS自身的Defender反病毒软件，并称真是够够的了！
卡巴称微软的Windows 10 捆绑Windows Defender是不正当竞争，同时还制造了很多的障碍，以使得用户不方便使用其他第三方的安全软件，对于第三方开发者而言也是百般阻挠。其并称已经正式向欧盟和俄罗斯当局报告，历数微软妨碍竞争的种种实例，并督促官方阻止其的不当行为。
我们知道从Windows 8开始，MS的操作系统内置了反病毒软件Windows Defender，其目的是使得每一个操作系统的用户都有一个基本的反病毒能力，而不需要安装任何第三方的反病毒软件。其策略是当检测到系统中安装了任何一款杀毒软件后，会自动暂停自身的运行。这样做的一个目的是为了讨好那些OEM厂商。因为通常OEM厂商都会默认携带一种反病毒软件在其安装包中。但是一旦第三方的安全软件过期或者失效，那么Windows 系统会自动提示用户几天的时间，一旦过了这个期限，用户还没采取任何行动，那么这个用户安装的过期的安全软件会自动被停止工作，取而代之的是Windows自己的Defender，它会自动运行。卡巴在其撰文中指出几个值得商榷之处：
首先：操作系统升级到Windows 10后，操作系统会自动检测其未支持或兼容的杀毒软件，并会自动卸载这些杀毒软件，这个卸载动作作为其升级的一个专门步骤。即使在升级选项中，用户选择了保留自身的个人文件以及安装文件，反病毒软件也不会被完整保留。另外一点值得指出的是每次Windows 10的升级补丁发布，提供给安全厂商的修复或者适配时间过短，以至于安全厂商没有足够的时间来开发相关的兼容代码。

//END
As well as calling for regulators to take action, Kaspersky calls for independent software developers to "form a united front and all fight together" against
Microsoft.
除了给主管当局谏言，并希望当局采取行动制止微软的不当行为。另外卡巴还呼吁安全厂商联合起来，建立一个统一联盟以对抗微软的不当行为。

//下载： Kaspersky accuses Microsoft of anticompetitive bundling of antivirus software.pdf (146.95 KB, 下载次数: 26)

2016-11-14 16:25 上传

点击文件名下载附件

文件名：Kaspersky accuses Microsoft of anticompetitive bundling of antivirus software.pdf
文件大小：150，477 bytes
MD5     : 05A6B7721A55396CED49B81B6F9715A7

点评：抵制MS，不止一次了。希望反病毒软件不会成为下一个Netscape浏览器.

4、Facebook错误使全部用户显示“纪念账户”
标题：A Facebook glitch declared all its users are dead, including Zuckerberg

作者信息：November 12, 2016  By Pierluigi Paganini

//BEGIN
Facebook users who logged on to their accounts discovered that their accounts turned to a “memorialized account,” due to their alleged death.
上周五的FB用户登录会显示其账户（包括CEO扎克的）已经进入“长眠”模式，该模式是2015年开发的，专用用来给哪些已经离世的人开辟，其家人和好友依然可以留言等。

//END
But Facebook is magic, and he has given us new life once it has solved the problem.
We resurrected!
Let’s remind that users can opt to have their account completely delete after their death or turn into a memorial page. The page allows friends and families to leave messages and share memories on their profile.
FB很神奇，很快解决了该问题，使得一众用户复活。
当然也提醒了人们，如果确实不用该账号，可以选择彻底删除，或者就是进入一种“长眠”模式。

点评：FB也能让人“出生入死”。虽然“神奇”，但是也很无奈。

5、特朗普当选导致加密邮件服务申请翻倍
{CHN}
标题：特朗普当选后 用户涌向加密邮件服务商

作者信息：2016-11-12 09:35 By cnbeta

//BEGIN
据外媒报道，唐纳德·特朗普的意外当选对于提供终端到终端的加密邮件服务的公司来说或许是个好消息。 瑞士Protonmail公司今天宣布，在特朗普出乎意料地赢得美国总统大选后，该公司这周的注册人数较平时一周的注册人数增长了近两倍。不过该公司尚未透露具体的注册人数。

//END
Protonmail公司CEO Andy Yen今天发文表示：“无论你支持哪个政治派别，特朗普对美国国家安全局（NSA）的控制将是一个不争的事实，因此我们认为应该仔细考虑这意味着什么。”Protonmail是世界最大的加密电子邮件服务提供商之一，目前已拥有超过200万用户。ProtonMail提供端对端的邮件加密方案。该公司部分运营资金一直依靠基金会或相关机构提供支持。不过Protonmail公司在去年曾遭到了DDoS攻击。

点评：不论谁当选都应该选更安全的通信方式。

6、D-Link被发现可获root权限的HNAP漏洞
标题：Another HNAP flaw in D-Link routers

作者信息：Nov 11, 2016 2:26 PM PT By Michael Horowitz

//BEGIN
CERT recently issued an advisory about a flaw in D-Link routers, specifically, in the parsing of HNAP messages. The advisory warns that "A remote, unauthenticated attacker may be able to execute arbitrary code with root privileges." That's as bad as it gets.
美国CERT发布警告称DLink路由器在解析HNAP信息时存在漏洞，可以导致远程非授权访问和攻击。

//END
On RouterSecurity.org, I argue against buying any consumer grade router. Situations like this just re-inforce this opinion.
有关专家曾经建议不要购买家用级的路由器，这次的发现是一个佐证。

//HNAP全称是Home Network Administration Protocol是一个2007年发布的网络设备管理协议。2008年思科从一家网络公司购得。
相关文章：20161110 3、研究人员警告：D-Link路由器存在RCE漏洞
https://bbs.antiy.cn/forum.php?mo ... &extra=page%3D1

点评：可能不光存在于Dlink路由器中。