The following query maps item names to the three different guids found within the ResourceAssociation table, allowing you to understand its contents better:

SELECT
vi1.[Guid] AS ResourceAssociatiopnTypeGuid,vi1.Name AS ResourceAssociatiopnType,
vi2.[Guid] AS ParentResourceGuid,vi2.Name AS ParentResource,
vi3.[Guid] AS ChildResourceGuid,vi3.Name AS ChildResource
FROM vItem vi1
JOIN ResourceAssociation ra ON ra.ResourceAssociationTypeGuid = vi1.[Guid]
JOIN vItem vi2 ON vi2.[Guid] = ra.ParentResourceGuid
JOIN vItem vi3 ON vi3.[Guid] = ra.ChildResourceGuid
ORDER BY vi1.Name ASC

10 月の全米サイバーセキュリティ意識向上月間（National Cyber Security Awareness Month）や、2 月のインターネット安心デー（Safer Internet Day）に限らず、日常的にオンラインの安全性を意識することは常に大切です。日常生活へのテクノロジの浸透が進み続けている今、自身の情報やデジタル ID を確実に管理するためのセキュリティ機能や設定を使用してください。

時代はソーシャル
今日のインターネットで最も大きい潮流は、ソーシャルです。今この瞬間にも私の友人たちは、Pinterest に結婚式のアイデアをピンする、Instagram にカフェラテの写真を投稿する、Snapchat で今日の服装を送る、Foursquare でレストランにチェックインする、Vine で飼い猫の動画を投稿する、Facebook で赤ちゃんの写真を共有する、Twitter で『ウォーキング・デッド』プレミアの予想を投稿するといった行為に勤しんでいます。こういったサービスは、人気が高くなればなるほど、詐欺やスパム、フィッシング攻撃の標的となる頻度も高くなります。

設定の確認
シマンテックセキュリティレスポンスは、各種のソーシャルネットワークやソーシャルアプリのプライバシー設定とセキュリティサービスを十分に理解しておくことを推奨しています。

1. 公開か非公開か。デフォルトでは、多くのソーシャルサービスでは更新情報を公開するよう推奨されています。プロフィールを公開にするか非公開にするかを全体設定として選択するサービスがほとんどですが、さらに詳細なオプションで投稿ごとに公開か非公開かを設定できるサービスもあります。投稿する前に、各サービスでプライバシー設定を確認してください。
2. 強いパスワードとパスワードの使い回し。サービスごとに強いパスワードを使い、複数のソーシャルネットワークで同じパスワードを使い回さないようにしてください。
3. 利用できる場合には 2 要素認証を設定。Facebook や Twitter など一部のサービスには、アカウントのセキュリティ強化対策として 2 要素認証が提供されています。サービスにログインするにはパスワードを入力するのが普通ですが、これはユーザーがすでに知っている情報です。2 要素認証を利用すると、ユーザーの手元にある情報も必要になります。通常、これはランダムに生成される数値すなわちトークンの形で提供され、SMS やサービス専用のモバイルアプリ内の乱数生成機能を通じて携帯電話に配信されます。したがって、パスワードが漏えいした場合でも、生成された 2 要素認証トークンがないと犯罪者はログインすることができません。

敵を知る
ソーシャルネットワークやソーシャルアプリのユーザーにとって最大の敵は、ソーシャルアカウントを乗っ取ってスパムを拡散し、アンケートの記入やアプリのインストールを求めてくるスパマーや詐欺師です。

1. 無料提供は無料ではない。詐欺師の多くは、アンケートに答えたり、アプリをインストールしたり、あるいはソーシャルネットワークで投稿を共有したりすると無料のデバイスやギフトカードを獲得できると謳ってユーザーを誘導しようとします。それほどうまい話はあるはずもなく、話に乗ってしまうと、個人情報を与えてしまうことになりかねません。
2. フォロワーや「いいね」を集める。フォロワーや「いいね」の数を増やそうとすれば、その代償を払わされるのが常です。偽フォロワーに対する料金を請求されるか、アカウント情報を差し出してソーシャルボットネットの一部に組み込まれてしまうのがオチです。そこまでする意味のある行為ではありません。
3. 話題のトピックは悪用の温床。スポーツイベントや人気スター、有名人の死亡記事、人気テレビのシーズンまたはシリーズの最終回、あるいは最新製品の発表まで、詐欺師やスパマーは常に話題を先取りし、ユーザーを陥れるための会話にそれを盛り込もうと狙っています。これはもう避けられないものと諦めて、リンクを不要にクリックしないように用心してください。
4. 自分の画像や動画なのか。パスワードを狙う詐欺師は、知らず知らずのうちにパスワードを渡してしまうよう巧みにユーザーを誘います。それがフィッシングです。リンクをクリックして、ソーシャルネットワークサービスのログインページと思われる Web ページに進んだとしても、うっかりパスワードを入力しないでください。アドレスバーをよく見ると、「Twitter」あるいは「Facebook」という単語を含む長い別の URL になっていませんか。ブラウザで新しいタブを開いて、twitter.com や facebook.com と手動で入力し、すでにログインしていないかどうか確認してみてください。たいていの場合は、すでにログイン状態のはずです。

知識は力なり
新しいソーシャルネットワークサービスやソーシャルアプリが人気を集めて主流になったとき、詐欺師やスパマーがそれを黙って見逃すことはありません。手間を惜しまずに、各サービスで提供されているプライバシー設定やセキュリティ機能を理解することが、オンラインでの安全とセキュリティの向上の第一歩です。また、情報を狙っている相手や、情報を狙ってユーザーを欺こうとするそのさまざまな手口を知れば、リンクをクリックするとき、投稿を共有するとき、あるいはパスワードを入力するときのそれぞれで、安全かどうかを適切に判断できます。

各種ソーシャルネットワーク上の友人や家族にもこのブログを共有して、注意を呼び掛けてください。

最新のソーシャルネットワーク詐欺に関する情報は、Twitter で @threatintelをフォローするか、セキュリティレスポンスブログをご購読ください。

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

史上最悪の銀行強盗は、2005 年にブラジルで起きたものです。この事件で、銀行強盗団は鋼鉄と強化コンクリートでできた厚さ 1.1m もの壁に穴を開け、紙幣が保管されている 3.5 トンものコンテナを運び出しました。このとき、約 1 億 6,000 万ブラジルドル（3 億 8,000 万米ドル相当）が盗み出されています。

一方、最近の強盗は壁に穴を開けたりせずに金銭を盗み出します。自宅でコンピュータの前でくつろぎながら銀行を襲えるのです。サイバー犯罪によって、企業は百万ドル単位の財政的な損害を被っています。シマンテックのホワイトペーパー「State of Financial Trojans 2013（金融機関を狙うトロイの木馬の 2013 年における概況）」（英語）でも、オンラインバンキングを狙うトロイの木馬の急増が指摘されています。Zeusや Spyeyeなどの一般的なマルウェアを別にすると、サイバー犯罪者がオンラインバンキングを狙って最近よく使っているのは、Tiylonというマルウェアです。このトロイの木馬は、MITB（Man-in-the-Browser）攻撃を使って、オンラインバンキングサイトでユーザー認証とトランザクション承認を傍受します。

標的型攻撃による最初の感染
Tiylon は、スパム対策フィルタをすり抜けるために、短い電子メールの添付ファイルとして送られてくるのが普通です。オンラインバンキングを狙うトロイの木馬（Zeus など）を使う大部分のスパム攻撃と異なり、Tiylon の電子メールは標的型攻撃の一部となっています。シマンテックの遠隔測定によると、この攻撃では世界のいくつかの地域でオンラインバンキングユーザーが狙われていますが、特に英国、米国、イタリア、オーストラリア、日本に攻撃が集中しています（図 2）。

図 1. 悪質なファイルが添付されている Tiylon の電子メール

この脅威は、ダウンローダ、メインコンポーネントファイル、設定ファイルという 3 種類のファイルで構成されています。

ダウンローダファイル
ダウンローダはロードポイントとして機能し、メインコンポーネントファイルをインストールする機能を持ちます。ダウンローダが実行されると、コンピュータのシリアル番号からシステム情報が構成され、攻撃者が用意したコマンド & コントロール（C&C）サーバーへの接続が確立されます。接続が確立すると、以下のレジストリキーが作成されます。

• Windows XP の場合:
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\“WwYNcov” = “%System%\WwYNcov.exe”
• Windows 7 の場合:
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{905CC2F7-082A-4D1D-B76B-92A2FC7341F6}\“Path” = “\\xxUxqdT”

ダウンローダは次に、explorer.exe と svchost.exe にコードをインジェクトし、悪質な活動を開始します。

メインコンポーネントファイル
メインコンポーネントファイルは、Tiylon のダウンローダファイルによってダウンロードされ、復号されます。このコンポーネントは、C&C サーバーから設定ファイルを収集して、攻撃のパラメータを指定します。また、レジストリ設定を操作してコンピュータとブラウザのセキュリティを低下させる機能も備えています。また、これはユーザーと金融機関の Web サイトとの通信を傍受するコンポーネントでもあります。

主として以下のような機能を持っています。

• Web インジェクション攻撃を実行する
• キーストロークを記録する
• スクリーンショットを取得する
• FTP サーバーと RDP サーバーを起動する
• リモートデスクトッププロトコル（RDP）を開始する
• 証明書を読み取る
• ファイルをダウンロードして実行する
• サービスを作成する
• オペレーティングシステムの API をフックしてネットワークデータを盗み出す
• 他のプロセスにコードをインジェクトする
• ログオフして再起動するか、侵入先のコンピュータをシャットダウンする
• Web ブラウザに対してプロセスインジェクションを実行する

Tiylon は、インストールされているアプリケーションとディレクトリを調べて検出をすり抜けようと試みます。また、コンピュータが仮想マシンかどうかを判定するために、プロセスリストも確認します。C&C サーバーは、悪質な活動を検出できる環境を見つけると、そのコンピュータの IP アドレスを使用禁止扱いとして、他のユーザーへの感染を試みます。検出をすり抜ける確率を高くするために、シマンテック製以外のウイルス対策ソフトウェアに対して強制的に例外を設定する場合もあります。マルウェアのコード自体が不明瞭化されており、複数のパッケージングサイクルがあることからも、解析が困難になっています。

攻撃の発生期間
Tiylon の攻撃が起きたのは、2012 年 1 月 1 日から 2013 年 10 月 1 日の間です。

表 1. Tiylon による攻撃の国別の件数

図 2. Tiylon による攻撃の件数を国別に示したアニメーション

シマンテック製品をお使いのお客様は、以下のウイルス対策定義と IPS 検出定義で Tiylon の攻撃から保護されています。

ウイルス対策:

• Trojan.Tiylon
• Trojan.Tiylon.B

IPS:

• System Infected: Trojan.Tiylon.B Activity 3
• System Infected: Trojan.Tiylon.B Activity

脅威から保護するために、最新のソフトウェアパッチと検出定義を適用することをお勧めします。今回の Tiylon の場合は特に、お使いの電子メールクライアントに対応したスパム対策ソリューションをインストールし、疑わしい添付ファイルは開かないようにしてください。

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

TCPDUMP is extremely useful for monitoring network traffic when debugging applications and performing penetration tests. Unfortunately Android mobile devices do not include the TCPDUMP program. However, do not despair. This blog series will provide step-by-step instructions for cross compiling, installing, and running TCPDUMP on Android mobile devices.

TCPDUMP is extremely useful for monitoring network traffic when debugging applications and performing penetration tests. Unfortunately Android mobile devices do not include the TCPDUMP program. However, do not despair. This blog series will provide step-by-step instructions for cross compiling, installing, and running TCPDUMP on Android mobile devices.

TCPDUMP is extremely useful for monitoring network traffic when debugging applications and performing penetration tests. Unfortunately Android mobile devices do not include the TCPDUMP program. However, do not despair. This blog series will provide step-by-step instructions for cross compiling, installing, and running TCPDUMP on Android mobile devices.

TCPDUMP is extremely useful for monitoring network traffic when debugging applications and performing penetration tests. Unfortunately Android mobile devices do not include the TCPDUMP program. However, do not despair. This blog series will provide step-by-step instructions for cross compiling, installing, and running TCPDUMP on Android mobile devices.

Modern cyberespionage campaigns are regularly defined by their level of sophistication and professionalism. “The Mask”, a cyberespionage group unveiled by Kaspersky earlier today, is no exception. Symantec’s research into this group shows that The Mask has been in operation since 2007, using highly-sophisticated tools and techniques to compromise, monitor, and exfiltrate data from infected targets. The group uses high-end exploits and carefully crafted emails to lure unsuspecting victims. The Mask has payloads available for all major operating systems including Windows, Linux, and Macintosh.

An interesting aspect of The Mask is the fact that they are targeting the Spanish-speaking world and their tools have been specifically designed for this. The targets appear to reside mainly in Europe and South America.

The longevity of the operation, the access to highly sophisticated tools, and the precise and targeted nature of the victims indicate this is a very professional, well organized team with substantial resources.

Targeting the victim
The Mask typically infects the victim with a highly targeted email. Using the lure of a CV (resume) or political content, the attachments observed have been in the form of malicious PDF or Microsoft Word documents. The following is a sample of some of the attachment names used:

• Inspired By Iceland.doc
• DanielGarciaSuarez_cv_es.pdf
• cv-edward-horgan.pdf

Upon opening the document, the recipient is presented with what looks like a legitimate document, however a malicious remote access Trojan (RAT) is also installed, allowing full remote access to the compromised computer. Once compromised, The Mask can then install additional tools for enhanced persistence and cyberespionage activities.

Cyberespionage – a professional suite
The Mask has a suite of tools at its disposal. One tool in particular distinguishes this group from typical cyber operations. Backdoor.WeevilB, a sophisticated cyberespionage tool that is modular in nature, has a plugin architecture and has a myriad of configuration options. This tool is reminiscent of those associated with other sophisticated campaigns such as Duqu, Flamer, and MiniDuke. However there is no evidence that The Mask is associated with these campaigns.

The default install boasts nearly 20 modules purpose built for intercommunication, network sniffing, activity monitoring, exfiltration, and rootkit capabilities.

Figure. Some of The Mask’s modules

The plugin architecture allows for additional modules to be downloaded and loaded on the fly. The Trojan can log activity in all the major browsers and has a comprehensive list of file extensions to gather information on. The types of documents targeted by the Trojan are:

• Word, PDF, Excel
• Encrypted files, PGP keys, encryption keys
• Mobile backup files
• Email archives

The information can then be securely exfiltrated to attacker controlled servers using the HTTPS protocol.

The data-stealing component provides clues as to The Mask’s targets. It searches for documents in Spanish-language pathnames, for example “archivos de programa”, indicating that their targets are running Spanish-language operating systems.

Conclusion
Cyberespionage campaigns conducted by professional teams are increasingly common. Numerous espionage operations spanning years have been highlighted over the last few years. Examples include Flamer, MiniDuke, and Hidden Lynx. The Mask joins this notorious list but also shows how the targets of these sophisticated campaigns are becoming increasingly diverse. Coinciding with these campaigns has been the emergence of companies who develop tools for use in espionage campaigns. Companies such as Hacking Team and Gamma International provide remote access suites that offer sophisticated surveillance capabilities. All of this serves to highlight how the geographical and technical boundaries of cyberespionage are expanding.

Protection
Symantec has the following detection in place for this threat.

• Backdoor.Weevil
• Backdoor.Weevil.B
• WS.SecRiskOther.1
• WS.Reputation.1
• Trojan.Horse

We also provide network protection with the following Intrusion Prevention Signature:

System Infected: Trojan.Weevil Activity

Credit and debit card data theft is one of the earliest forms of cybercrime and persists today. Cybercrime gangs organize sophisticated operations to steal vast amounts of data before selling it in underground marketplaces. Criminals can use the data stolen from a card’s magnetic strip to create clones. It’s a potentially lucrative business with individual cards selling for up to $100.

There are several routes attackers can take to steal this data. One option is to gain access to a database where card data is stored.  Another option is to target the point at which a retailer first acquires that card data – the Point of Sale (POS) system.

Modern POS systems are specially configured computers with sales software installed and are equipped with a card reader. Card data can be stolen by installing a device onto the card reader which can read the data off the card’s magnetic strip. This is a process known as “skimming”. As this requires additional hardware and physical access to the card reader it is difficult to carry out this type of theft on a large scale.

This led to the development of malware which can copy the card data as soon as it’s read by the card reader. The first such attacks of this type were seen in 2005 with a series of campaigns orchestrated by Albert Gonzalez. These attacks led to the theft of over 170 million card numbers. Since then, an industry has developed around attacking POS systems, with tools readily available on the underground marketplace.

Despite improvements in card security technologies and the requirements of the Payment Card Industry Data Security Standard (PCI DSS), there are still gaps in the security of POS systems. This coupled with more general security weaknesses in corporate IT infrastructure means that retailers find themselves exposed to increasingly resourceful and organized cybercriminal gangs.

Symantec’s Security Response team has released a whitepaper reporting on Attacks on Point of Sale Systems including mitigation strategies. This whitepaper can be found here:

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/attacks_on_point_of_sale_systems.pdf

SOC DETECTION CAPABILITIES: 

Emergency response measures have been taken in order to provide MSS customers with early warning and potential escalations for successful exploitations related to this threat. Emergency response signatures may generate false positives and will undergo tuning to ensure enhanced accuracy over time; however, given the nature of the threat, it is prudent to be overly cautious about alerting to potentially related activity. Please contact the SOC’s Analysis team if you have any questions or concerns related to this detection or wish to discuss having such signatures disabled or otherwise adjusted to meet your organization’s needs.

For customers with our IDS/IPS Security Management services, vendor-based signatures will be automatically deployed, as per the vendor’s recommendation.  If you would like further information regarding the signature states on your devices, or would like to request the activation of a specific signature, please contact support@monitoredsecurity.com.

For customers with monitor-only IDS/IPS devices, Symantec MSS stands ready to provide security monitoring for these vulnerabilities once your IDS/IPS vendor releases signatures and those signatures are enabled on your monitored devices.

Symantec MSS SOC Analytics Detection

• [MSS URL Detection] Possible Infostealer.Dexter Outbound Communications
• [MSS URL Detection] Possible InfoStealer.Fysna (ChewBacca) Command and Control Activity

Vendor Detection

Symantec AV:

• Infostealer.Reedum
• Infostealer.Reedum.B
• Infostealer.Reedum.C
• Infostealer.Reedum!g2
• Infostealer.Dexter
• Infostealer.Alina
• Infostealer.Vskim
• Infostealer.Fysna

Symantec IPS:

• System Infected: Trojan.Dexter Communication
• System Infected: Trojan.Dexter Communication 2
• System Infected: Trojan.Dexter Communication 3
• System Infected: Trojan.Alina
• System Infected: Trojan.Vskim
• System Infected: Infostealer.Fysna Activity

Palo Alto:

• spyware[4]/Dexter.POS Command and Control Traffic(13305)

Snort/Sourcefire:

• SID 29421 - MALWARE-CNC Win.Trojan.Reedum BlackPoS outbound FTP connection
• SID 29422 - MALWARE-CNC Win.Trojan.Reedum BlackPoS outbound FTP connection
• SID 25553 - MALWARE-CNC Win.Trojan.Dexter variant outbound connection
• SID 29416 - MALWARE-CNC Win.Trojan.vSkimmer outbound connection
• SID 29440 - MALWARE-CNC Win.Trojan.Chewbacca outbound communication attempt

REFERENCES:

• A Special Report on Attacks on Point of Sales Systems

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/attacks_on_point_of_sale_systems.pdf

• To Protect Your Point of Sale (POS) systems, Add Layers

http://www.symantec.com/connect/blogs/protect-your-pos-add-layers?inid=us_ghp_thumbnail4_computer-security-software

• Symantec Endpoint Protection (SEP) 12 Migration

http://www.symantec.com/page.jsp?id=sep12-migration

• How to Secure Your Mobile Point of Sale Devices

http://www.symantec.com/connect/blogs/how-secure-your-mobile-point-sale-devices

• Demystifying Point of Sale Malware and Attacks

http://www.symantec.com/connect/blogs/demystifying-point-sale-malware-and-attacks

• Infostealer.Reedum

http://www.symantec.com/security_response/writeup.jsp?docid=2013-032914-2036-99

• Infostealer.Reedum.B

http://www.symantec.com/security_response/writeup.jsp?docid=2013-121909-3813-99

• Infostealer.Reedum.C

http://www.symantec.com/security_response/writeup.jsp?docid=2013-121920-1520-99

• Infostealer.Reedum!g2

http://www.symantec.com/security_response/writeup.jsp?docid=2014-013009-4928-99

• Infostealer.Dexter

http://www.symantec.com/security_response/writeup.jsp?docid=2012-121219-2643-99

• Infostealer.Alina

http://www.symantec.com/security_response/writeup.jsp?docid=2013-021112-1503-99

• Infostealer.Vskim

http://www.symantec.com/security_response/writeup.jsp?docid=2013-012807-1646-99

• Infostealer.Fysna

http://www.symantec.com/security_response/writeup.jsp?docid=2013-121813-2446-99

• System Infected: Trojan.Dexter Communication

http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=26265

• System Infected: Trojan.Dexter Communication 2

http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27108

• System Infected: Trojan.Dexter Communication 3

http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27206

• System Infected: Infostealer.Alina

http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=26451

• System Infected: Trojan.Vskim

http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=26651

• System Infected: Infostealer.Fysna Activity

http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27226

We thank you again for choosing Symantec as your Managed Security Services Provider. Should you have any questions or feedback regarding please contact your Services Manager or the Analysis Team, who can be reached by requesting help via phone, e-mail, or visiting the MSS portal at https://mss.symantec.com.

Global Client Services Team, Symantec Managed Security Services

NAM (Herndon, VA) Toll Free +1-888-467-4748 / International +1-703-414-4444

APJ (Sydney, Australia) +61-2-9086-8400 | (Tokyo, JP) +81-3-5114-4700

EMEA (Reading, UK) +44-(0)-207-949-0200

I have progressed the Software Delivery trending tool quite nicely and has it often happen, the (interim) result drives the long term design.

So far I have 2 files for the toolkit: an executable that generate a Javascript output (based on the Evt_AeX_SWD_Execution table) and a web-page to display the java script as line charts (using the Google Chart API as usual).

You'll find a sample output at the end of this blog post.

There are a few design problem that were "solved" in the current build (we are still at version 0):

• All the data is written into a single java script file
• No more than 100 policies will be added to the js file
• Visualization is based on a two column layout
• By default 6 charts are displayed on a page view
• You can set the view to at most 10 charts per page
• Next and Previous Page navigation links allow to scroll thru the full data set
• A home link allows the user to set the view back to default (view page 0 with 6 results per page)

The tight navigation config is due to a couple of requirements I imposed on the UI: minimize scrolling and load time. With 20 charts to render the page (especially if you are tied to Internet Explorer) can be seriously slow to render. And with 20 charts each 350 pixel high your page scroll will be quite long.

Instead I have settled for the 2 column 3 row layout that fits in a 1200x1100 window. This allows (if your screen permits) to comfortably check all charts at once, with the scrolling available at a fix position up left (for the previous page link) and up right (for the next page link).

A view of the beta UI (with default settings applied):

Wednesday, February 19, 2014  |  2:00 pm ET/11:00 am PT  |  Duration: 1 Hour

The use of cloud as a deployment alternative for IT infrastructures, application platforms, and applications has evolved over the past decade from novelty, to proof-of-concept, to pilot, to a fundamental instrument in IT's toolbox. Lately, it seems as if every enterprise has its head in the clouds, and healthcare is right in the mix. IT demands efficiency, business units demand flexibility, and end users demand convenience. Add growing budget and staffing pressures, and it’s easy to understand why we are turning toward cloud computing. But, even as individuals and healthcare organizations realize the potential agility and cost savings benefits of cloud computing, concerns about security and availability of clouds persist.

During this webinar, we will discuss:

• The history and evolution of cloud for healthcare
• Best practices to help healthcare organization achieve security in the cloud
• How to ensure end users have the necessary cloud access to be productive and collaborative
• Changes to Omnibus regulations enabling cloud for healthcare
• How to protect sensitive data in the cloud while providing full security across the data landscape

Register for the webinar >>

Today is the launch of Safer Internet Day, an annual awareness campaign promoting safer and more responsible use of online technology and mobile phones, especially amongst children and young people across the world. In celebration of Safer Internet Day we are featuring a two-part series discussing the importance of this campaign, ways to get involved, and tips for staying safe online. Our first post is from Anne Collier, Editor of NetFamilyNews.org. On Thursday, we’ll hear from Marian Merritt, Symantec’s Director of Cyber Education and Online Safety Programs featuring tips from students on how to stay safe online. 

Join ConnectSafely.org, Symantec, and a whole host of US nonprofit organizations (see list below) and corporations in celebrating the United States’ largest Safer Internet Day (SID) to date on Tuesday, February 11. Started by the European Commission more than a decade ago and now celebrated in more than 100 countries, SID is an awareness raising campaign to promote safer and more responsible use of online technology and mobile phones, especially amongst children and young people across the world.

The campaign hasn't attained a whole lot of awareness in the US until it got a big boost a little over a year ago, when – under then-Sec. Janet Napolitano – the Department of Homeland Security and the European Commission agreed to work together to make the Internet better for youth. Then the Brussels-based Insafe Network, which coordinates SID activities for the EC, appointed ConnectSafely as the United States’ official SID Committee.

There are a number of ways you can join the celebration, from watching our SID event (streamed live on the Web here) to sharing"One Good Thing" you've seen or done to make the Internet, or the world, a better place by using the Internet. ConnectSafely's One Good Thing campaign is our own U.S. version of Europe's theme for SID 2014 – "Let's create a better Internet together"– an opportunity to illustrate how people all over the country are already making the Internet better, one kind word or deed at a time.

A word about the event: At our SID event in Washington, D.C. we'll have two panel discussions: one made up of student leaders who will talk about all aspects of teen life with digital media – positive, negative and neutral – and one made up of social media executives representing Instagram, Google/YouTube, Xbox Live, Tumbler and Twitter. The youth panel will be moderated by Yahoo tech journalist Dan Tynan, and the social media industry panel will be moderated by high school student leader Aidan McDaniel of Warm Springs, W. Va. From the auditorium's first few rows, more than two dozen students from around the country will be helping moderators and panels keep the discussion lively. US Sen. Charles Schumer will wrap up the event with some remarks.

So do join us. Safer Internet Day is an important reminder that it takes all of us – individuals, families, schools, corporations and governments – to make our global, increasingly social and user-driven Internet better.

SID Non-Profit Partners & Corporate Supporters include: Non-profits (National 4-H Council, National PTA, Committee for Children, Common Sense Media, the Family Online Safety Institute, iKeepSafe, the Internet Education Foundation, the National Center for Missing & Exploited Children, and the National Cyber Security Alliance) Corporate (Facebook, Google, LinkedIn, Microsoft, Sprint, Symantec, Trend Micro and Twitter)

Anne Collier is the Editor of NetFamilyNews.org and Co-Director of ConnectSafely.org. 

One of the most popular methods of spamming is snowshoe spam, also known as hit and run spam. This involves spam that comes from many IP addresses and many domains, in order to minimize the effect of antispam filtering. The spammer typically sends a burst of such spam and moves to new IP addresses with new domains. Previously used domains and IP addresses are rarely used again, if ever.

Some spammers like to use a similar pattern across their spam campaigns. This blog discusses a particular snowshoe spam operation that I have labeled “From-Name snowshoe”. While there are other features in the message that allow the campaigns to be grouped into the same bucket, the messages’ most distinct feature is that all of the email addresses that appear in the “from” line use real names as their usernames. 

• From: [REMOVED] <Leila.Day@[REMOVED]>
• From: [REMOVED] <CharlotteTate@[REMOVED]>
• From: [REMOVED] <Diana.Pope@[REMOVED]>
• From: [REMOVED] <SamuelLambert@[REMOVED]>
• From: [REMOVED] <Jackson.Garza@[REMOVED]>
• From: [REMOVED] <JohnathanParsons@[REMOVED]>
• From: [REMOVED] <EliasTaylor@[REMOVED]>

This From-Name snowshoe campaign had two interesting traits. The first was the timing. Over the course of a few months, I have noticed that this spam operation only sent messages on weekdays.

Figure 1. Over 59 million spam messages have been identified since October 16, 2013.

After further investigating this timing, we discovered that the spam is only sent between 6am and 7pm Pacific Time. Coupled with the fact that messages were only sent during weekdays, this suggested that the operation could be part of a business.

The second trait was the IP addresses that were used for this spam run. As noted above, typical snowshoe spam does not return to the same IP addresses. However, analysis into the senders’ IP addresses revealed that the messages were coming from multiple IP addresses that were owned by the same entity. This organization is called “Network Operations Center,” which is based in Scranton, Pennsylvania, and it’s a well-known spam operation.

Last month, this spam operation began to send the same type of spam messages from IP addresses owned by other entities. One of them was “Nth Air, Inc.”. 

Figure 2. Spam sample sent from IP addresses owned by other entities, including “Nth Air, Inc

Figure 3. Email header snippet showing Nth Air, Inc’s IP address

While a simple online search for “Network Operations Center spam” produced many results discussing spam, a similar search for Nth Air did not have as many results. In fact, the company appears to have been a legitimate WiMAX provider in the past, as seen in this press release. I was unable to find news about the company in recent times, which led me to believe that the organization may no longer exist. However, ARIN records indicated that the company was based in San Jose, California, so I decided to visit its offices in the hopes of finding out more information about the organization.

Figure 4. Visiting the building with address listed on Nth Air

I went to the suite that was listed online, but another company was using it.

Figure 5. Suite 70 is now occupied by Sutherland Global Services

I called the phone number listed online to no avail. My email to netops@nthair.com bounced back because, “the recipient does not exist.” Bummer.

Since my visit to “Nth Air, Inc” did not work out as planned, I turned to “LiteUp, Inc”.

Figure 6. Spam sample from LiteUp, Inc’s IP address

Figure 7. Email header snippet showing LiteUp, Inc’s IP address

ARIN listings indicated that the company was located in Berkeley, California, so I went there for a visit. Unfortunately, I was unable to find LiteUp at the listed address.

Figure 8. Address listed by LiteUp. It was a motorcycle store instead.

So that makes two instances of spammers using IP addresses owned by companies that do not exist, at least according to ARIN records.

I was unable to meet the spammers, or those who could be assisting spammers, but we are keeping a close watch to ensure that these spam messages do not reach end users’ inboxes.

Microsoft Security Bulletin

On Tuesday the 11th of FebruaryMicrosoft released the monthly Security Bulletin Summary for February 2014. The summary includes 7 Security Bulletins - 4 are classified as critical; 3 as important:

• MS14-010    Cumulative Security Update for Internet Explorer (2909921)

Vulnerability impact: Critical - Remote Code Execution
Affected Software: Microsoft Windows, Internet ExplorerSumamry

• MS14-011    Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (2928390)

Vulnerability impact: Critical - Remote Code Execution
Affected Software: Microsoft Windows

• MS14-007    Vulnerability in Direct2D Could Allow Remote Code Execution (2912390)

Vulnerability impact: Critical - Remote Code Execution
Affected Software: Microsoft Windows

• MS14-008    Vulnerability in Microsoft Forefront Protection for Exchange Could Allow Remote Code Execution (2927022)

Vulnerability impact: Critical - Remote Code Execution
Affected Software: Microsoft Security Software

• MS14-009    Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2916607)

Vulnerability impact: Important - Elevation of Priviledges
Affected Software: Microsoft Windows, Microsoft .NET Framework

• MS14-005    Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2916036)

Vulnerability impact: Important - Information Disclosure
Affected Software: Microsoft Windows

• MS14-006    Vulnerability in IPv6 Could Allow Denial of Service (2904659)

Vulnerability impact: Important - Denial of Service
Affected Software: Microsoft Windows

For more information refer to:
Microsoft Security Bulletin Summary for February 2014
https://technet.microsoft.com/en-us/security/bulletin/ms14-feb
Symantec product detections for Microsoft monthly Security Advisories -  February 2014
http://www.symantec.com/business/support/index?page=content&id=TECH214861

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing seven bulletins covering a total of thirty-one vulnerabilities. Twenty-five of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

• Install vendor patches as soon as they are available.
• Run all software with the least privileges required while still maintaining functionality.
• Avoid handling files from unknown or questionable sources.
• Never visit sites of unknown or questionable integrity.
• Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the February releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms14-feb

The following is a breakdown of the issues being addressed this month:

1. MS14-010 Cumulative Security Update for Internet Explorer (2909921)

   Internet Explorer Elevation of Privilege Vulnerability (CVE-2014-0268) MS Rating: Important

   An elevation of privilege vulnerability exists within Internet Explorer during the validation of a local file installation and during the secure creation of registry keys.

   VBScript Memory Corruption Vulnerability (CVE-2014-0271) MS Rating: Critical

   A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

   Internet Explorer Cross Domain Information Disclosure Vulnerability (CVE-2014-0293) MS Rating: Important

   An information disclosure vulnerability exists in Internet Explorer that could allow an attacker to gain access to information in another domain or Internet Explorer zone. An attacker could exploit the vulnerability by constructing a specially crafted webpage that could allow an information disclosure if a user viewed the webpage. An attacker who successfully exploited this vulnerability could view content from another domain or Internet Explorer zone.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-0267) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-0269) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-0270) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-0272) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-0273) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-0274) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-0275) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-0276) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-0277) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-0278) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-0279) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-0280) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-0281) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-0283) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-0284) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-0285) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-0286) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-0287) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-0288) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-0289) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-0290) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

2. MS14-011 Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (2928390)

   VBScript Memory Corruption Vulnerability (CVE-2014-0271) MS Rating: Critical

   A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

3. MS14-007 Vulnerability in Direct2D Could Allow Remote Code Execution (2912390)

   Microsoft Graphics Component Memory Corruption Vulnerability (CVE-2014-0263) MS Rating: Critical

   A remote code execution vulnerability exists in the way that affected Windows components handle specially crafted 2D geometric figures. The vulnerability could allow a remote code execution if a user views files containing such specially crafted figures using Internet Explorer. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

4. MS14-008 Vulnerability in Microsoft Forefront Protection for Exchange Could Allow Remote Code Execution (2927022)

   RCE Vulnerability (CVE-2014-0294) MS Rating: Critical

   A remote code execution vulnerability exists in Forefront Protection for Exchange. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the configured service account.

5. MS14-009 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2916607)

   POST Request DoS Vulnerability (CVE-2014-0253) MS Rating: Important

   A denial of service vulnerability exists in Microsoft ASP.NET that could allow an attacker to cause an ASP.NET server to become unresponsive.

   Type Traversal Vulnerability (CVE-2014-0257) MS Rating: Important

   An elevation of privilege vulnerability exists in the Microsoft.NET Framework that could allow an attacker to elevate privileges on the targeted system.

   VSAVB7RT ASLR Vulnerability (CVE-2014-0295) MS Rating: Important

   A security feature bypass exists in a .NET Framework component that does not properly implement Address Space Layout Randomization (ASLR). The vulnerability could allow an attacker to bypass the ASLR security feature, after which the attacker could load additional malicious code in the process in an attempt to exploit another vulnerability.

6. MS14-005 Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2916036)

   MSXML Information Disclosure Vulnerability (CVE-2014-0266) MS Rating: Important

   An information-disclosure vulnerability exists that could allow an attacker to read files on the local file system of a user or read content of web domains where a user is currently authenticated to when the user views specially crafted web content that is designed to invoke MSXML through Internet Explorer.

7. MS14-006 Vulnerability in IPv6 Could Allow Denial of Service (2904659)

   TCP/IP Version 6 (IPv6) Denial of Service Vulnerability (CVE-2014-0254) MS Rating: Important

   A denial of service vulnerability exists in Windows in the IPv6 implementation of TCP/IP. An attacker who successfully exploited this vulnerability could cause the affected system to stop responding.

More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.

Recently I got some information from HIMSS regarding the upcoming HIMSS14 and topics that attendees will be focused on. They had a great infographic that included a section showing what topics people would be looking for at HIMSS. All the usual suspects were there: MU, ICD-10, Analytics, HIE, mHealth, Interoperability, EHR, Privacy and Security . . .
And it is impossible to think of the bigger picture in Health IT without thinking of HIMSS Annual Conference. And it is never bigger than when it is in Orlando!

The purpose of this week’s blog post is to make you aware that not all Managed PKI providers are the same. In fact, there are some pretty significant differences between Symantec’s offerings relative to the competition that you wouldn’t see by comparing data sheets. Symantec’s key advantage is that our Managed PKI was designed as a service from the ground up as opposed to the competition, that have built their service from legacy on premise software. While the data sheets might look similar, over the next few weeks, we will highlight some of the fundamental advantages of Symantec’s Managed PKI.

最近のサイバースパイ活動は、その精巧さと専門性がたびたび明らかになっています。2 月 10 日に Kaspersky 社が報告した「The Mask（ザ・マスク）」と呼ばれるサイバースパイグループも例外ではありません。シマンテックが The Mask について調査したところ、このグループは 2007 年に活動を開始しており、きわめて高度なツールや技術を使って侵入先の標的を危殆化し、監視しながらデータを密かに引き出すことが判明しました。The Mask は非常に高度な悪用コードと巧妙に細工された電子メールを使って、無防備な犠牲者にワナを仕掛けます。The Mask のペイロードは、Windows、Linux、Macintosh など代表的なオペレーティングシステムすべてを対象にしています。

The Mask で興味深いのは、スペイン語圏を標的にしており、ツールもそれを意図して設計されているという点で、標的は主にヨーロッパや南米のユーザーのようです。

活動の息が長いこと、きわめて高度なツールを利用していること、そして的確に被害者を狙っていることから、これは熟練度も組織力も非常に高いグループであり、リソースも潤沢であることが伺えます。

標的の特定
The Mask は通常、高度な標的型電子メールで被害者に感染します。添付が確認されているのは、CV（履歴書）や政治的な内容を餌にした悪質な PDF 文書や Microsoft Word 文書です。添付ファイルに使われているファイル名の例を以下に挙げます。

• Inspired By Iceland.doc
• DanielGarciaSuarez_cv_es.pdf
• cv-edward-horgan.pdf

添付ファイルを開くと、正規の文書に見える内容が表示されますが、実際には悪質なリモートアクセス型のトロイの木馬（RAT）もインストールされ、侵入を受けたコンピュータへの完全なアクセスを許してしまいます。侵入に成功すると、The Mask は追加のツールをインストールし、持続性を強化してサイバースパイ活動を続けられるようになります。

サイバースパイ - 専門的なツール類
The Mask は、自由に使える一連のツール類を所有しています。なかでも、このグループを典型的なサイバー犯罪とかけ隔てている特徴と言えるのが、Backdoor.WeevilBというツールです。これは、モジュール型の性質とプラグインアーキテクチャを備えた高度なサイバースパイツールであり、無数の設定オプションが用意されています。Duqu、Flamer、MiniDukeといった他の高度な攻撃活動を連想させますが、The Mask がそれらの活動と関連している証拠は見つかっていません。

デフォルトで、相互通信、ネットワーク盗聴、活動監視、データ抽出、ルートキット機能などに特化した 20 近いモジュールがインストールされます。

図. The Mask のモジュールの一部

追加モジュールのダウンロードと即時のロードは、プラグインアーキテクチャによって実現されています。Backdoor.WeevilB は主要なブラウザのすべてにおける活動をログに記録し、膨大な拡張子のリストに基づいて情報を収集します。Backdoor.WeevilB の標的となる文書の種類は、以下のとおりです。

• Word、PDF、Excel
• 暗号化ファイル、PGP キー、暗号化キー
• モバイルバックアップファイル
• 電子メールアーカイブ

収集された情報は、HTTPS プロトコルを使って、攻撃者が管理するサーバーに安全に送信されます。

データを盗み出すコンポーネントが、The Mask の標的に関する手掛かりになっています。「archivos de programa」のようなスペイン語のパス名で文書を検索していることから、標的ではスペイン語のオペレーティングシステムが実行されていると考えられます。

まとめ
専門的なチームが展開するサイバースパイ活動は、増加傾向にあります。この数年の間で、Flamer、MiniDuke、Hidden Lynxといった何年間も持続するスパイ活動がいくつも明らかになってきました。The Mask も、こうした名だたるマルウェアに連なるものですが、高度な攻撃活動の標的が多様化していることも示しています。これらの攻撃と時を同じくして、スパイ活動に使われるツールを開発する企業も登場しており、Hacking Team や Gamma International といった企業が、高度な監視機能を持つリモートアクセスツール群を販売しています。こうしたことからも、地理的にも技術的にもサイバースパイ活動が広がりつつあることは明白です。

保護対策
シマンテックは、この脅威に対して以下の検出定義を提供しています。

• Backdoor.Weevil
• Backdoor.Weevil.B
• WS.SecRiskOther.1
• WS.Reputation.1
• Trojan.Horse

また、次の侵入防止シグネチャでネットワーク保護も提供しています。

System Infected: Backdoor.Weevil Activity

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。