TEAMCR@K

6가지의 주제정도로 2010년에 유행할 공격에 대해서 정리를 해놨네요.

P2P나 파일 공유 사이트, 휴대폰(모바일) 경유를 통한 감염 등이 이슈로 나오고 있습니다.

http://www.net-security.org/secworld.php?id=8643&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

1. A rise in attacks originating from file sharing networks.

2. An increase in mass malware epidemics via P2P networks.

3. Continuous competition for traffic from cybercriminals.

4. A decline in fake anti-virus programs.

5. An interest in attacking Google Wave.

6. An increase in attacks on iPhone and Android mobile platforms.

아이폰 Botnet으로 한참 시끌했던 iKee.B (Duh)에 대해서 자세히 분석을 한 사이트 입니다.

http://mtc.sri.com/iPhone/#Javox
 

웹 어플리케이션 취약점 점검 도구를 잘 정리해 놓았네요.

출처 : http://projects.webappsec.org

The following list of products and tools provide web application security scanner functionality.  Note that the tools on this list are not being endorsed by the Web Application Security Consortium - any tool that provides web application security scanning functionality will be listed here.  If you know of a tool that should be added to this list, please contact Brian Shura at bshura73@gmail.com.

Commercial Tools

• Acunetix WVS by Acunetix
• AppScan by IBM
• Burp Suite Professional by PortSwigger
• Hailstorm by Cenzic
• MileScan Web Security Auditor by MileSCAN Technologies
• N-Stalker by N-Stalker
• Nessus by Tenable Network Security
• NetSparker by Mavituna Security
• NeXpose by Rapid7
• NTOSpider by NTObjectives
• Retina Web Security Scanner by eEye Digital Security
• WebApp360 by nCircle
• WebInspect by HP
• WebKing by Parasoft  

Software-as-a-Service Providers

• AppScan OnDemand by IBM
• ClickToSecure by Cenzic
• QualysGuard Web Application Scanning by Qualys
• Sentinel by WhiteHat
• Veracode Web Application Security by Veracode
• WebInspect by HP
• WebScanService by Elanize KG

Free / Open Source Tools

• Grabber by Romain Gaucher
• Grendel-Scan by David Byrne and Eric Duprey
• Paros by Chinotec
• Powerfuzzer by Marcin Kozlowski
• SecurityQA Toolbar by iSEC Partners
• W3AF by Andres Riancho
• Wapiti by Nicolas Surribas

관련 정보 : http://www.darkreading.com/vulnerability_management/security/attacks/showArticle.jhtml?articleID=222001558&subSection=Attacks/breaches

Scansafe 사에서 이와 관련해서 글을 올려놓았네요.
http://blog.scansafe.com/journal/2009/12/9/318x-sql-injection-claims-125000.html

자세한 공격형태는 정보를 수집해야 할거 같습니다. 후에 분석이 이루어지면 포스팅 하도록 하겠습니다.