http://support.microsoft.com/kb/299648/ko
1. 날짜 및 시간 스탬프에 대한 파일 속성
파일의 속성을 변경하지 않는 한 파일의 수정한 날짜/시간과 만든 날짜/시간은 변경되지 않는다.
2. 날짜 및 시간 스탬프에 대한 폴더 속성
Description:
Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.
The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.
The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.
Features:
16 x 4294967295 = 68.719.476.720 (68GB) 16 x 68719476720 = 1.099.511.627.520 (1TB) 16 x 1099511627520 = 17.592.186.040.320 (17TB) 16 x 17592186040320 = 281.474.976.645.120 (281TB) 16 x 281474976645120 = 4.503.599.626.321.920 (4,5PB)
The supervisor who spoke with me was not sure how this software ended up in the new laptop thus put me on hold. He confirmed that yes, Samsung did knowingly put this software on the laptop to, as he put it, "monitor the performance of the machine and to find out how it is being used."
번역하자면 고객지원 담당자는 이 소프트웨어(키로거)를 노트북에 포함하였으며, "기기의 성능을 모니터링하고 어떻게 사용하는지 파악하기 위해서"라고 이유를 설명했습니다.
이런 응대를 했던 직원은 당장 짤릴게 뻔하군요..
삼성에서는 확인 중이라고 하는데 어떤 결과가 나올지 대충 짐작은 갑니다.
"직원의 실수였다.."
"대화 중 의미가 와전된 것 같다.."
등등
머 아무튼 피바람 한번 불겠군요..
최근 코모도에서 해킹사건이 있었고 이를 통해 가짜 인증서가 발급되었었습니다.
Rogue SSL certificates ("case comodogate")
http://www.f-secure.com/weblog/archives/00002128.html
가짜로 발급된 인증서는 아래 사이트들에 접속할 때 영향을 받습니다.
mail.google.com (GMail)
login.live.com (Hotmail et al)
www.google.com
login.yahoo.com (three certificates)
login.skype.com
addons.mozilla.org (Firefox extensions)
"Global Trustee"
Phishing이나 MITM(Man in the Middle) 공격에 악용될 수 있다고 하는데요.
아래 그림은 가짜로 발급된 인증서와 정상 인증서 모습입니다. (가짜는 벌새님 블로그에서~)
가짜 인증서는 발급자가 UTN-USERFirst-Hardware로 되어 있다고 하니 위 사이트에 접속하셔서 확인하신 후
Microsoft에서 제공하는 긴급 업데이트를 적용하시면 되겠습니다.
Microsoft Security Advisory (2524375) - Fraudulent Digital Certificates Could Allow Spoofing
http://www.microsoft.com/technet/security/advisory/2524375.mspx
New Adobe Zero-Day [CVE-2011-0609]
2011/03/15 - [0x06 vul info] - New Adobe Zero-Day [CVE-2011-0609]
Security update available for Adobe Flash Player
http://www.adobe.com/support/security/bulletins/apsb11-05.html
Adobe recommends all users of Adobe Flash Player 10.2.152.33 and earlier versions upgrade to the newest version 10.2.153.1 by downloading it from the Adobe Flash Player Download Center. Windows users can install the update via the auto-update mechanism within the product when prompted.
Users of Flash Player for Android version 10.1.106.16 and earlier can update to Flash Player version 10.2.156.12 by browsing to the Android Marketplace on an Android phone.
Google Chrome users can update to Chrome version 10.0.648.134 or later.
Adobe AIR
Adobe recommends all users of Adobe AIR 2.5.1 and earlier versions update to the newest version 2.6 by downloading it from the Adobe AIR Download Center.
Security updates available for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb11-06.html
Adobe recommends users update their software installations by following the instructions below:
Adobe Reader
Users on Windows and Macintosh can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
Adobe Reader 9.x users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows.
Adobe Reader users on Macintosh can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh.
Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, we are planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011
Adobe Acrobat
Users can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.
Acrobat Standard and Pro users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows.
Acrobat Pro Extended users on Windows can also find the appropriate update here:http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows.
Acrobat Pro users on Macintosh can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh.