TechCrunch | Startup and Technology NewsTechCrunch Daily News Every weekday and Sunday, you can get the best of TechCrunch’s coverage. Startups Weekly Startups are the core of TechCrunch, so get our best coverage delivered weekly.
Let’s Encryptã¨Nginx : ã‚»ã‚ュアãªWebデプãƒã‚¤ãƒ¡ãƒ³ãƒˆã®ç¾çŠ¶ | POSTD
最近ã¾ã§ã€SSLæš—å·åŒ–通信ã¯ã€Œã‚ã‚‹ã¨å¥½ã¾ã—ã„機能ã€ã¨ã„ã†ç¨‹åº¦ã«ã—ã‹è€ƒãˆã‚‰ã‚Œã¦ã„ã¾ã›ã‚“ã§ã—ãŸã€‚ãã®ãŸã‚ã€å®‰å…¨ãªã®ã¯ã‚¢ãƒ—リã®ãƒã‚°ã‚¤ãƒ³ãƒšãƒ¼ã‚¸ã ã‘ã¨ã„ã†ã‚µãƒ¼ãƒ“スãŒæ•°å¤šãå˜åœ¨ã—ã¦ã„ã¾ã—ãŸã€‚ ã—ã‹ã—ã€çŠ¶æ³ã¯è‰¯ã„æ–¹å‘ã¸ã¨å¤‰åŒ–ã—ã¦ã„ã¾ã™ã€‚ç¾åœ¨ã§ã¯æš—å·åŒ–ã¯å¿…é ˆã¨è€ƒãˆã‚‰ã‚Œã€ã»ã¨ã‚“ã©ã®é–‹ç™ºè€…ãŒå°Žå…¥ã‚’義務付ã‘ã¦ã„ã¾ã™ã€‚ã¾ãŸã€å·¨å¤§æ¤œç´¢ã‚¨ãƒ³ã‚¸ãƒ³Googleã§ã¯ã€SSLã®å°Žå…¥ãŒæ¤œç´¢çµæžœã®é †ä½ã‚’決定ã™ã‚‹è¦å› ã«ã•ãˆãªã£ã¦ã„ã¾ã™ã€‚ ã—ã‹ã—ã€SSLãŒåºƒç¯„ã«æ™®åŠã—ã¦ã„ã‚‹ã«ã‚‚é–¢ã‚らãšã€ã‚»ã‚ュアãªWebサービスを構築ã™ã‚‹ã“ã¨ã¯ã€æœªã ã«é¢å€’ã§ã€æ™‚é–“ãŒã‹ã‹ã‚Šã€ã‚¨ãƒ©ãƒ¼ã®åŽŸå› ã«ãªã‚Šã‚„ã™ã„ã¨è€ƒãˆã‚‰ã‚Œã¦ã„ã¾ã™ã€‚ 最近ã“ã®åˆ†é‡Žã§ã¯ã€ Let’s Encrypt ãŒã€SSL証明書をより広ãæ™®åŠã•ã›ã€Webサイトã®ã‚»ã‚ュリティç¶æŒã«ä¿‚るワークフãƒãƒ¼ã‚’大幅ã«ç°¡ç•¥åŒ–ã—よã†ã¨å–り組んã§ã„ã¾ã™ã€‚ 強力ãªWebサーãƒNginxã‚„ã€ä»–ã®ãƒãƒ¼ãƒ‰ãƒ‹ãƒ³ã‚°æ–¹æ³•ã¨çµ„ã¿åˆã‚
SSL証明書ãªã‚‰ã•ãらã®SSL|ã•ãらインターãƒãƒƒãƒˆ
法人・組織ã®ãŠå®¢æ§˜ コーãƒãƒ¬ãƒ¼ãƒˆã‚µã‚¤ãƒˆã«ã¯ä¼æ¥èªè¨¼ï¼ˆOV)ã€ECサイトãªã©å€‹äººæƒ…å ±ã‚’å–ã‚Šåˆã†ã‚µã‚¤ãƒˆã«ã¯EV(Extended Validation)èªè¨¼ã‚’利用ã—ã¾ã™ã€‚
This POODLE bites: exploiting the SSL 3.0 fallback
The latest news and insights from Google on security and safety on the Internet Anonymous said... Does this apply to SSLv2 as well? October 14, 2014 at 7:39 PM Scott Ruebush said... I can't wait to see POODLE take over the internet! Thank goodness we have heroes to save us from the evils of SSL 3.0 and such and such, etc. October 14, 2014 at 8:52 PM Paul said... Not sure how to enable TLS_FALLBACK
我々ã¯ã©ã®ã‚ˆã†ã«ã—ã¦å®‰å…¨ãªHTTPS通信をæä¾›ã™ã‚Œã°è‰¯ã„ã‹ - Qiita
Modern Ciphersuite: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES1
OpenSSL Valhalla Rampage
Many thanks to all of the awesome hackers that have made this release possible. Again, if you like the work that OpenBSD is doing, please donate here Provide a ressl config function that explicitly clears keys. Now that ressl config takes copies of the keys passed to it, the keys need to be explicitly cleared. While this can be done by calling the appropriate functions with a NULL pointer, it is s
LibreSSL
LibreSSL 4.2.1 released Oct 30th, 2025 LibreSSL is a version of the TLS/crypto stack forked from OpenSSL in 2014, with goals of modernizing the codebase, improving security, and applying best practice development processes. Primary development occurs inside the OpenBSD source tree with the usual care the project is known for. On a regular basis the code is re-packaged for portable use by other ope
Chrome users oblivious to Heartbleed revocation tsunami | Netcraft
In the aftermath of Heartbleed, it has become clear that revoking potentially compromised certificates is essential. On Thursday, CloudFlare announced it was reissuing and revoking all of its SSL certificates. The effects of CloudFlare’s mass revocation are evident in a single Certificate Revocation List (CRL) belonging to GlobalSign, which grew by almost 134,000 certificates. So, we @CloudFlare d
Heartbleed hack case sees first arrest in Canada
The Canada Revenue Agency said that more than 900 social insurance numbers had been stolen A 19-year-old Canadian became the first person to be arrested in relation to the Heartbleed security breach. Stephen Arthuro Solis-Reyes from London, Ontario was accused of hacking into the Canadian Revenue Agency (CRA)'s website last Friday by the Royal Canadian Mounted Police. The RCMP say Mr Solis-Reyes t
DeNA Engineering - DeNAエンジニアã®ãƒãƒ¼ã‚¿ãƒ«ã‚µã‚¤ãƒˆ
技術を活ã‹ã—ã€æ–°ã—ã„ä¾¡å€¤ã‚’å‰µé€ ã™ã‚‹ DeNAã®ã‚¨ãƒ³ã‚¸ãƒ‹ã‚¢ã¯ã€æƒ³åƒã‚’超ãˆã‚‹Delightを届ã‘ã‚‹ãŸã‚ã«ä½•ãŒã§ãã‚‹ã‹ã‚’考ãˆã€æŠ€è¡“力ã¨ç™ºæƒ³åŠ›ã§æ–°ã—ã„価値を生ã¿å‡ºã—ã¦ã„ã¾ã™ã€‚ 多様ãªå°‚門性をæŒã£ãŸã‚¨ãƒ³ã‚¸ãƒ‹ã‚¢ãŒåˆ‡ç£‹ç¢ç£¨ã—ã€äº’ã„ã«åˆºæ¿€ã—åˆãˆã‚‹ç’°å¢ƒã‚„制度ãŒã•ã‚‰ãªã‚‹æˆé•·ã¸ã¨ã¤ãªã’ã¾ã™ã€‚
OpenSSL マジヤãƒã„ã£ã™ï¼ ~ Heartbleed 脆弱性を試ã—ã¦ã¿ãŸã‚ˆ - モラトリアムã“ã˜ã‚‰ã›ãŸ
実際ã«ãƒ‡ãƒ¼ã‚¿ãŒæ¼ã‚Œã‚‹æ§˜åを見ãŸã„æ–¹ã¯ã‚³ãƒãƒ©â†’ã‚ã€ä½•ã‹æ¼ã‚Œã¦ã‚‹â€¦ OpenSSL Heartbleed 実験ãã®ï¼’ã¸ã©ã†ãžã€‚ ã•ã¦ ãƒãƒƒãƒˆä¸Šã®é€šä¿¡ã®å¤§éƒ¨åˆ†ã«ãŠã„ã¦ã€Œå®‰å…¨ã€ã‚’æ‹…ä¿ã—ã¦ã„㟠OpenSSL ãªã®ã§ã™ãŒ... ã§ã£ã‹ã„ç©´ ãŒç©ºã„ã¦ã„ãŸã“ã¨ãŒæ˜Žã‚‰ã‹ã«ãªã£ãŸã‚ˆã†ã§ã™ã€‚ã„ã‚ゆる Heartbleed ãƒã‚°ã€‚トホホã§ã™ã€‚ 「ãƒãƒƒãƒˆä¸Šã®ã‚µãƒ¼ãƒ“ス㧠OpenSSL を使ã£ã¦ã„ã‚‹(ã„ãŸ)サイトã¯ã€ã‚‚ã—ã‹ã—ãŸã‚‰ã“ã®ãƒã‚°ã‚’知ã£ã¦ã„ãŸæ‚ªã„人ã‹ã‚‰ã‚µãƒ¼ãƒãƒ¼ä¸Šã®æƒ…å ±ã‚’ç›—ã¾ã‚Œã¦ã„ãŸã‹ã‚‚よ? ã—ã‹ã‚‚ç›—ã‚“ã 形跡ã¯æ®‹ã‚‰ãªã„ã‚“ã ãœï¼Ÿã€ ã¨ã„ã†ã“ã¨ã«ãªã‚Šã¾ã™ã€‚ サーãƒãƒ¼ä¸Šã®æƒ…å ±ã¨ã„ã†ã®ã¯ã€ä¾‹ãˆã° パスワードã€ãƒ¡ãƒ¼ãƒ«ã‚¢ãƒ‰ãƒ¬ã‚¹ 自分ã§ç™»éŒ²ã—ãŸåå‰ã¨ã‹ä½æ‰€ã¨ã‹ ã‚‚ã¡ã‚ん自分ã§å…¥åŠ›ã—ãŸã‚¯ãƒ¬ã‚¸ãƒƒãƒˆã‚«ãƒ¼ãƒ‰ç•ªå·ã¨ã‹â€¦ ãªã©ãªã©ã€‚ Mashableã«ã‚ˆã‚‹ã¨ã€æœ‰åãªã‚µãƒ¼ãƒ“スã§ãƒ¤ãƒã‚¤ã®ã¯ã€ Facebook Tumblr Google Y
Heartbleed hacks hit Mumsnet and Canada's tax agency
The BBC's Rory Cellan-Jones explains what users should do next A leading UK site for parents and the Canadian tax authority have both announced they have had data stolen by hackers exploiting the Heartbleed bug. Mumsnet - which says it has 1.5 million registered members - said that it believed that the cyber thieves may have obtained passwords and personal messages before it patched its site. The
heartbleedã‚’iptablesã§æ¢ã‚ã‚‹ã“ã¨ã«ã¤ã„㦠- yasulib memo
å‰æ›¸ã OpenSSLã®è„†å¼±æ€§ï¼ˆCVE-2014-0160)ãŒå…¬é–‹ã•ã‚Œã¾ã—ãŸã€‚ 詳細ã¯piyokangoã•ã‚“ã®ç´ 晴らã—ã„ã¾ã¨ã‚ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 OpenSSLã®è„†å¼±æ€§ï¼ˆCVE-2014-0160)関連ã®æƒ…å ±ã‚’ã¾ã¨ã‚ã¦ã¿ãŸ - piyolog エフセã‚ュアブãƒã‚°ã«ã¦ã€ãƒˆãƒ¼ãƒžãƒ„ã®å²©äº•ã•ã‚“ãŒæ›¸ã„ãŸèˆˆå‘³æ·±ã„記事ãŒã‚ã‚Šã¾ã—ãŸã€‚ エフセã‚ュアブãƒã‚° : Openssl Heartbleed 攻撃ã®æ¤œçŸ¥ã«ã¤ã„ã¦ ï¼ƒæ ¹æœ¬çš„ãªå¯¾ç–ã§ã¯ãªãã€ã‚ãã¾ã§æ”»æ’ƒæ¤œçŸ¥ã¨ã„ã†æ„味ã§ã€‚ iptables log rules iptables -t filter -A INPUT -p tcp --dport 443 -m u32 --u32 "52=0x18030000:0x1803FFFF" -j LOG --log-prefix "BLOCKED: HEARTBEAT" iptables block rules i
ãªãœTheo de Raadtã¯IETFã«æ¿€æ€’ã—ã¦ã„ã‚‹ã®ã‹
本ã®è™«: OpenBSDã€æ€’ã‚Šã®ã‚³ãƒŸãƒƒãƒˆã§ã€OpenBSDã®Theo de RaadtãŒIETFã«å¯¾ã—ã¦æ¿€æ€’ã—ã¦ã„る。 src/lib/libssl/ssl/Makefile - view - 1.29 Segglemannã®RFC520 heatbeatを無効化。 ã‚ã®ã¾ã¨ã‚‚ãªãƒ—ãƒãƒˆã‚³ãƒ«ã²ã¨ã¤åˆ¶å®šã§ããªã„IETFã®ç„¡èƒ½é›†å›£ãŒã€è¶…é‡è¦ãªãƒ—ãƒãƒˆã‚³ãƒ«ã§64Kã®ç©´ã‚’ã“ã—らãˆã‚‹ã¨ã‹ã€ãƒžã‚¸ã§ã‚ãã‚Œã¦ã‚‚ã®ã‚‚言ãˆãーã‚。奴らã¯ãƒžã‚¸ã“ã®å•é¡Œã‚’本気ã§æ¤œè¨¼ã™ã¹ãã ã‚。ãªã‚“ã§ã“ã‚“ãªã“ã¨ã‚’ã—ã§ã‹ã—ãŸã®ã‹ã€‚ã“ã‚“ãªäº‹æ…‹ã‚’承èªã—ãŸè²¬ä»»ã‚る連ä¸ã‚’全員ã€æ„æ€æ±ºå®šãƒ—ãƒã‚»ã‚¹ã‹ã‚‰å–り除ãå¿…è¦ãŒã‚る。IETFã€ã¦ã‚ーã¯ä¿¡ç”¨ãªã‚“ãã‡ã€‚ ãªãœTheo de Raadtã¯ã€OpenSSLã§ã¯ãªãã€IETFã«å¯¾ã—ã¦æ¿€æ€’ã—ã¦ã„ã‚‹ã®ã‹ã€‚IETFã¨ã„ã†ã®ã¯ã€ã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆä¸Šã®è¦æ ¼åˆ¶å®šã®å›£ä½“ã§ã‚る。今回ã€ä¸–上を騒ãŒã›ã¦ã„ã‚‹Heartbeatå•é¡Œã¯
The Heartbleed Hit List: The Passwords You Need to Change Right Now
It's time to update your passwords to various sites affected by the Heartbleed bug. Credit: Mashable composite. iStockphoto, SoberP An encryption flaw called the Heartbleed bug is already being dubbed one of the biggest security threats the Internet has ever seen. The bug has affected many popular websites and services -- ones you might use every day, like Gmail and Facebook -- and could have quie
ランã‚ング
ランã‚ング
メンテナンス
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
Let's Encrypt
ã•ãらインターãƒãƒƒãƒˆã€å¹´é¡1500円ã§åˆ©ç”¨ã§ãるドメインèªè¨¼SSL「ラピッドSSLã€ã€€
TechCrunch | Startup and Technology News
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
OpenSSLã®â€œå‡ºè¡€ãƒã‚°â€ã‚’抱ãˆã¦ã„るサイトã€ã€Œ.jpã€ã§ã¯HTTPSサイトã®45% 
{{#tags}}- {{label}}
{{/tags}}