每日安全简讯(20161129)

1、旧金山市政铁路系统被入侵、数据遭加密勒索
2、恶意代码Speake(a)r可利用耳机实现窃听功能
3、cURL工具及库中被发现远程代码执行严重漏洞
4、微软Azure云平台存在漏洞，可破坏RHEL实例
5、黑客攻击导致德国电信近百万家用路由器中断
6、安全厂商发现1/4WiFi热点缺乏密码保护和加密

【安天】搜集整理（来源：securityaffairs、freebuf、securityweek、theregister、securityweek、silicon）

1、旧金山市政铁路系统被入侵、数据遭加密勒索
标题：Hackers crashed San Francisco’s Municipal railway systems

作者信息：November 28, 2016  By Pierluigi Paganini

//BEGIN
Last week, unknown attackers hacked the computer systems of the San Francisco’s Municipal railway giving riders a free ride all day on Saturday.
上周六，不明黑客攻击了旧金山市政铁路系统的计算机管理系统--主要是卖票系统，导致管理部门不得将入口的闸门处于常开状态，实际上就是让乘客免费乘车。当然对铁路线路本身没有造成破坏。

//END
The same hacker was mentioned in a report published by Morphus Labs in September when researchers linked the crook to a strain of ransomware called Mamba, which employs tactics similar to those demonstrated against MUNI.
Sources confirmed the investigation is ongoing, but at the time I was writing the experts at the transit agency have no idea who is responsible for the cyber attack.
虽然目前细节还不清楚，但是有安全专家称这个手法与以前的一个名为Mamba的勒索软件的手法类似，这个Mamba是在今年的9月份被公布的。当前该事件的细节正在调查中，目前官方并未确认攻击的源头来自何方，虽然屏幕上留下了一个yandex.com的邮箱，而且声称是勒索。

点评：不管是不是勒索软件，建议对重要数据还是备份备份再备份。

2、恶意代码Speake(a)r可利用耳机实现窃听功能
{CHN}
标题：以为禁用麦克风就不会被监听了吗？用耳机也可以哟

作者信息：2016-11-28 By 孙毛毛

//BEGIN
来自以色列Ben Gurion大学的安全专家们创造了一段恶意软件的POC代码，可以将普通耳机转换为麦克风，并且记录房间内的一切对话。这完全就是一个功能齐全的间谍设备了。

//END
Realtek芯片的这个特点是十分致命的，而且不易修复。唯一的解决办法就是重新设计和制作一种芯片作为替代品，但就目前来说，这是非常不切实际的。安全专家们也录制了一个视频来演示Speake(a)r的监听原理。

//下载： Turn Speakers to Microphones for Fun.pdf (2.42 MB, 下载次数: 1112)

2016-11-30 11:22 上传

点击文件名下载附件

文件名：Turn Speakers to Microphones for Fun.pdf
文件大小：2，540，372 bytes
MD5     : 59FF479C59B26E63591DEA2F18E1B0CA

点评：前几天刚公布的内存DRAM的漏洞，也是没办法....不知道下一个没办法的目标或者组件会是哪一个.

3、cURL工具及库中被发现远程代码执行严重漏洞
标题：cURL Security Audit Reveals Several Vulnerabilities

作者信息：November 28, 2016 By Eduard Kovacs

//BEGIN
The latest version of cURL patches nearly a dozen vulnerabilities, more than half of which were discovered as a result of an audit conducted recently by security experts.
cURL is an open source command line tool and library designed for transferring data. cURL is used by thousands of software applications, including networking devices, printers, media equipment, phones, tablets, TVs and even cars.
有着广泛应用的cURL是一个开源的命令行工具和库文件，可以用来在网络上传送数据。就是这个cURL发布了最新版，修复了十多个漏洞，这其中有近一半的漏洞是在进行审计检查时发现的（下面有35页的报告文件，供参考）。

//END
“I applied for the security audit because I feel that we’ve had some security related issues lately and I’ve had the feeling that we might be missing something so it would be really good to get some experts’ eyes on the code,” Stenberg said in a blog post. “Also, as curl is one of the most used software components in the world a serious problem in curl could have a serious impact on tools, devices and applications everywhere. We don’t want that to happen.”
该安全审计活动是由cURL的主要开发人员发起的。根据其描述：感觉到可能会有问题和漏洞，因此自己觉得应该请更专业的安全人员进行检查。结果果然如此，甚至比预想的还要多和严重。鉴于cURL应用的广泛性和重要性，这个工作非常值得做。因为基于cURL开发了很多的工具软件、设备、以及不计其数的应用程序，作为cURL的开发者显然不想因为自身的严重问题，导致这些业内的众多参与者受害。

//下载： Curl-report.pdf (441.12 KB, 下载次数: 725)

2016-11-30 11:27 上传

点击文件名下载附件

文件名：Curl-report.pdf
文件大小：451，709 bytes
MD5     : 2E64962D63DE5A906540D642A81CFF66

点评：为cURL的开发者点赞。

4、微软Azure云平台存在漏洞，可破坏RHEL实例
标题：Microsoft update servers left all Azure RHEL instances hackable
Patch proffered, pen-tester paid

作者信息：28 Nov 2016 00:57 By Darren Pauli

//BEGIN
Microsoft has patched flaws that attackers could exploit to compromise all Azure Red Hat Enterprise Linux (RHEL) instances.
Software engineer Ian Duffy found the flaws while building a secure RHEL image for Microsoft Azure. During that process he noticed an installation script Azure uses in its preconfigured RPM Package Manager contains build host information that allows attackers to find all four Red Hat Update Appliances which expose REST APIs over HTTPS.
微软已经修复了这个能影响Red Hat企业版实例的漏洞。这是由一个安全专家在微软的云平台Azure上创建RHEL实例时发现的。如果成功利用，完全可以控制这个实例。

//END
Duffy says he was paid less than US$3500 for the vulnerability disclosures under Microsoft's bug bounty but did not name a precise figure. ®
该安全专家成收到了微软公司的奖励，大约3000美元。

点评：微软的漏洞进一步延伸延伸，到了Linux.....

5、黑客攻击导致德国电信近百万家用路由器中断
标题：'Likely Hacker Attack' Hits Almost 1 Million German Homes

作者信息：November 28, 2016 By AFP

//BEGIN
Internet service for almost one million households in Germany was disrupted by likely deliberate hacking, provider Deutsche Telekom said Monday.
Around 900,000 customers using specific models of router have been affected since Sunday afternoon, the firm said, with some unable to connect at all while others suffered intermittent problems.
一家德国的电信运营商发现其大约100万用户由于黑客攻击，其上网受到影响。攻击看来是通过路由器进行的。该事件发生在周日的下午。近百万客户要么完全不能上网，要么上网出现间歇性中断。具体的路由器的型号未披露，但是其生产厂家和运营商的工作人员联合工作，逐步恢复用户的上网。

//END
US authorities have accused Russia of orchestrating the leak of emails from the Democratic National Committee that embarrassed candidate Hillary Clinton.
A cyber attack in October also made large portions of the US internet unavailable for millions of users worldwide.
美国大选时的邮件泄露事件，美当局一直声称是来自俄罗斯的黑客们干的。而另外一个今年10月份发生的比较大的事件导致美国东部大约百万用户访问网络中断。

点评：不点名提到了Mirai（未来）.....

6、安全厂商发现1/4WiFi热点缺乏密码保护和加密
标题：One In Four Wi-Fi Hotspots Ripe For Hack Attacks

作者信息：November 28, 2016, 12:53 pm By Roland Moore-Colyer

//BEGIN
Cyber security firm Kaspersky finds that large amounts of Wi-Fi hotspots still lack solid security
Wi-Fi hotspots remain a major security risk with one in four lacking password protection or encryption leaving them ripe for hack attacks, according to Kaspersky.
The cyber security company analysed 31 million Wi-Fi hotspots around the world and discovered that every fourth hotspot, some 28 percent, is unsecured and poses a risk to the data of people connected to them.
卡巴的安全人员分析了全球3100万个WIFI的安全性，发现大约四分之一的是不安全，使用这些WIFI可能导致用户的数据损失，特别是用户的一些金融交易密码和支付信息非常容易被黑客们截获。

//END
Given two thirds of [people cannot tell if a Wi-Fi hotspot is secure or not, the security risks weak or unsecure hotspot present are not likely to go away anytime soon.
有报告称大约三分之二的人对公开的WIFI的安全性认识不足，因此要想短时间内完全避免由于弱密码或者无密码导致的安全问题可能还需时日。

点评：好多酒店的WIFI没密码！不建议使用哈。