Best Recent ScoresURLScore Worst Recent ScoresURLScore Comments on our site? Need help securing yours? Contact us at cyh@aspectsecurity.com
ã¼ã就活çããªã¯ããããJRæ±æµ·ã«ãã¬ã¨ã³ããªã¼ãã¦é©ããã â â â JRæ±æµ·ããIDã»ãã¹ã¯ã¼ãã®ãç¥ããâ â â ãã®ã«ãå¢ç° æ§ âãã®ã«ãå¢ç°ããã®ï¼©ï¼¤ã»ãã¹ã¯ã¼ãâ IDï¼12345678 ãã¹ã¯ã¼ãï¼mypassword ããã«ã¡ã¯ï¼ï¼ªï¼²æ±æµ·äººäºé¨ã§ãã ãã®ãã³ã¯å½ç¤¾ã«ãã¬ã¨ã³ããªã¼ãè¡ã£ã¦é ãã¾ãã¦ã èª ã«ãããã¨ããããã¾ããã ãããªã¡ã¼ã«ãå±ããã®ã ãªã«ã«é©ããã£ã¦ï¼ç»é²ç»é¢ã§å ¥åãããã¹ã¯ã¼ããå¹³æã¡ã¼ã«ã«æ¸ããã¦ãã£ã¦ã¨ãã ãmypasswordãã£ã¦æ¸ãã¦ãã¨ããã«ã¼ãã®å¤§äºãªãã¹ã¯ã¼ããæ¸ããã¦ãã®ãGmailã§ã使ã£ã¦ã大åãªãã¤ã åããã¹ã¯ã¼ã使ã£ã¦ãã¼ããç¸å½éæããªãã ãã©ããã¾ã®æ代ããããªãã§ãå¹³æã¡ã¼ã«ã«ãã¹ã¯ã¼ãã¯ãªãã§ããã ã¨ã£ã¦ãæãã£ãã®ã§JRæ±æµ·ã¨Gmailã®ãã¹ã¯ã¼ããå¤æ´ãã¦å¯ã¾ããã ææã¯ããã§çµãããã«ï¼ã¶æå¾ããããªã¡ã¼
â docomo IDãä½ãã¨çã§ãã¹ã¯ã¼ããä¿ç®¡ããã¦ãã¾ã docomo IDã«ã¤ãã¦, NTTãã³ã¢ My docomo-æ°è¦ç»é²ï¼ãç»é²åã®æºå, NTTãã³ã¢ docomo IDãä½ãã¨åæãã¹ã¯ã¼ããçºè¡ãããããããã¯åèªãæç¨ã®ãã¹ã¯ã¼ãã«å¤æ´ãã¦ä½¿ããããã«ãªã£ã¦ããããããªã®ã«ããIDï¼ãã¹ã¯ã¼ãããå¿ãã®æ¹ãã®èª¬æãè¦ãã¨ããã¹ã¯ã¼ããå¿ããã¨ãã¯ãæºå¸¯é»è©±ã§ç¾å¨ã®ãã¹ã¯ã¼ããé²è¦§ã§ããã®ã ã¨ããã ããã¯ãªããããã¹ã¯ã¼ãã¯ç §åããã§ããã°ããã®ã§ãã£ã¦ãä¸å¯éå¤æãã¦æã£ã¦ããã°ååãçã§æã¤*1å¿ ç¶æ§ããªãããã¹ã¯ã¼ãå¿ãã®å ´åã¯ãåçºè¡ããã°æ¸ããã¨ãç¹ã«ããã®å ´åãç»é²æã¨åæ§ã«ãåæãã¹ã¯ã¼ããçæãã¦ç»é¢ã«åºãã°ããã®ã§ãã£ã¦ãä½ãä¸é½åããªãã å¼ç¤¾ãµã¼ãã¹ã§ã¯ãã¹ã¯ã¼ããå¹³æã§ä¿åãã¦ãã¾ããä½ã, AnonymousDiary, 2010å¹´1æ2æ¥
é«æ¨æµ©å æ°ããdocomo IDãä½ãã¨çã§ãã¹ã¯ã¼ããä¿ç®¡ããã¦ãã¾ãï¼ http://takagi-hiromitsu.jp/diary/20100314.html#p01 ï¼ã¨ããè¨äºãæ¸ãã¦ãããdocomoã®ã¤ã³ã¿ã¼ãããã»ãã¥ãªãã£ã«é¢ããã¹ã¸ã®æªãã¯ä½ãªãã§ããããâ¦ã ãã¦ãæè¿ä¼¼ããããªãã¨ã«åºããããã®ã§ãè¨é²ã ä¸ççãªã»ãã¥ãªãã£ä¼ç¤¾ã¨ãã¦æåãªãã«ãã£ã¼ã§ãããã¦ã§ããµã¤ãã®ãã¹ã¯ã¼ãã¯çï¼éå¯éå¤æã§ã¯ãªãå½¢å¼ï¼ã§æã£ã¦ããããã ã 確èªããã®ã¯ããã«ãã£ã¼æ¥æ¬èªãµã¤ãã®å人顧客ã®ããã®ãµã¤ãã確ãããµãã¼ãã¨ããè²·ãç©ã¨ããã¯ã¬ã¸ããã«ã¼ãã§èªåæ´æ°ã®ããã«ãã¢ã«ã¦ã³ããçºè¡ããã¦ããã ã£ãã¨æãã 確èªæé ã¯ä»¥ä¸ã®ã¨ããã ãã°ã¤ã³ãã¼ã¸ï¼ https://home.mcafee.com/Secure/Protected/Login.aspx ï¼ã§ããã¹ã¯ã¼
Webã¢ããªã±ã¼ã·ã§ã³ãæ»æè ã«ä»ãè¾¼ã¾ããèå¼±æ§ã®å¤ãã¯ãè¨è¨è ãéçºè ã®ã¬ãã«ã§æé¤ãããã¨ãã§ãã¾ããå®è£ ã«å¿ããæ¹ããæè¿ããçãããèå¼±æ§ã®ããã10ãç¥ããã¨ã§æã£åãæ©ãæ¦è¦ãç¥ããéçºã®éã«ãã®åå¨ãæèãã¦ã»ãã¥ã¢ãªWebã¢ããªã±ã¼ã·ã§ã³ã«ãã¦ããã ããã°å¹¸ãã§ãã Webã®ä¸çãè ããèå¼±æ§ãé ä½ä»ã OWASPï¼Open Web Application Security Projectï¼ã¯ã主ã«Webã¢ããªã±ã¼ã·ã§ã³ã®ã»ãã¥ãªãã£åä¸ãç®çã¨ããã³ãã¥ããã£ã§ãããã§ã®èª¿æ»ãéçºã®ææç©ã誰ã§ãå©ç¨ã§ããããã«å ¬éãã¦ãã¾ãã ãã®ä¸ã®ãOWASP Top Ten Projectãã¨ããããã¸ã§ã¯ãã§ã¯ãå¹´ã«1åWebã¢ããªã±ã¼ã·ã§ã³ã®èå¼±æ§ããã10ãæ²è¼ãã¦ãã¾ãã2004å¹´çã¯æ¥æ¬èªãå«ãåå½èªçãæä¾ããã¦ãã¾ããã2007å¹´çã¯ç¾å¨ã®ã¨ããè±èªçã®ã¿ãæä¾ã
ããã«ã¡ã¯ããã«ã¡ã¯ï¼ï¼ Webããã°ã©ãã³ã°ãã¦ã¾ããï¼ ãããPHPã¯ã»ãã¥ãªãã£ããã¡ãã¨ãè¨ããã¦ãããã ã§ãããã£ã¦ãã¹ã¤ã«PHPãæªãããããªãã¦ã ãã¶ããã»ãã¥ãªãã£ã¨ãããã¾ã ããããããªã人ãå¤ãã ããªããããªãããªã ããã°ã£ã¦åå¼·ãããã¨æã£ã¦ãããªãã ãé£ããçå±ã並ãã§ãããããããâ¦ã ãªã®ã§ä»æ¥ã¯ãã»ãã¥ãªãã£å¯¾çã«ã¤ãã¦ã ãããã ããã£ã¨ãã°ãããã¨å®å ¨ã«ãªãããã£ã¦ãã¨ããåå¿è ããã«ã大éæã«æ¸ãã¦ã¿ã¾ãï¼ çå±ãããããªãã¦ããæåã¯ã³ããã§ãã ãªã«ããããªãããããã£ãã»ãããã£ã¨ãã·ã«ãªãï¼ 1. XSS対ç åçãªãã®ã表示ããã¨ããå ¨é¨ã¨ã¹ã±ã¼ãããã°okã§ãï¼ (NG) ããªãã®åå㯠<?= $name ?> ã§ããï¼ â (OK) ããªãã®åå㯠<?= htmlspecialchars($name, ENT_QUOTES) ?>
ããã«ã¡ã¯ããã«ã¡ã¯ï¼ï¼ ä»æ¥ã¯iPhoneã®ã¡ãã£ã¨ããã¡ã¢ã§ãï¼ ã¾ãã¯ãã¢ã ã¹ããã§è¦ãã¨ããããï¼â http://bit.ly/wbKXXG ã»iPhoneã®Safariã¯audioè¦ç´ ã使ãã ã»audioè¦ç´ ã¯ãã©ã¦ã¶ä¸ã§é³å£°ãåçã§ãã ã»iPhoneã ã¨ããã¼ã¢ã¼ãã§ãé³å£°ãåçãã ã»ãã ãiPhoneã§èªååçã¯ã§ããªã ã»ãã®ãããã¯ãªãã¯ã¤ãã³ãçµç±ãªã©ã§åçãããã¨ã¯ã§ãã ã¨ãããã¨ã¯â¦ ã»ãã¾ãã¯ãªãã¯ãèªçºãããããªç»é¢ãã¤ãã (ããããªã¼è¦åãã£ããã®ãã¤ã¢ãã°åºãã¨ã) ã»äººã«è´ããã¦ã¯å°ããããªé³å£°ãåãè¾¼ãã§ãã ã»é»è»ã®ä¸ãªã©ã§iPhoneã使ã£ã¦ãã人ãå¤ãæé帯ãçã£ã¦â¦ ãæ¡æ£å¸æã RT @Hamachiya2 ããããããï¼iPhoneã¦ã¼ã¶ã¼å¿ è¦ï¼ï¼ http://bit.ly/wbKXXG ãªã©ã¨twitterã«æµããã¨ã«ãã£ã¦
ããã«ã¡ã¯ããã«ã¡ã¯ï¼ï¼ æå¾ ãããè¦ãããªãã®ã«ããªããã¯ã¦ãªããã°ã使ãã¦ããHamachiya2ã§ãï¼ããã«ã¡ã¯ï¼ æ°ããã¯ã¦ãªããã°ã§ã¯JavaScriptãèªç±ã«ä½¿ããã¦ããããã®ã§ãã¨ããããæ°æ©è½ã®æ´»ç¨ã¨ãããã¨ã§ãéããã ãã§èªåçã«ã¯ã¦ãªã¹ã¿ã¼ãã¤ã便å©æ¥è¨ãã§ãã¾ããã ã¤ããã¹ã¿ã¼ã®ç¢ºèªã¯ãã¡ã â http://s.hatena.ne.jp/mobile/entry?uri=http://hamachiya2.hatenablog.jp/entry/2011/11/07/183544
æ±äº¬ã©ã¼ã¡ã³ã·ã§ã¼2011 ããã¦ã¼ã¼ã¼ï¼ã¿ãªããããã«ã¡ã¯ãnakamura ã§ãã ä»æ¥ã¯ããã°ã©ãã ã£ãããµã¼ã管çè ã ã£ããï¼ãããã¯ãã®ä¸¡æ¹ã ã£ããï¼ããæ¹ã«ãå§ãããããµã¤ãã¨ãã¼ã«ãããã¤ããç´¹ä»ãã¾ããç´°ããèå¼±æ§ã®ãã§ãã¯çã©ããã¦ãæéãæãããã®ãå¤ãã§ãããä»åãç´¹ä»ãããã¼ã«ããã¾ã使ãã¨ãã®è¾ºãã ãã¶å¹çããã§ããã¨æãã¾ããï¼ WEB ã¢ããªã±ã¼ã·ã§ã³é¢é£ XSS Me XSS Me :: Add-ons for Firefox XSS ã®ãã¹ããããç¨åº¦èªååãã¦ããã Firefox ã®ã¢ããªã³ã§ããæ®å¿µãªãã Firefox3.0.* ç³»ã®é ã«éçºãæ¢ã¾ã£ã¦ãã¾ã£ã¦ããããã§ãããåã®ç°å¢ã§ã¯ install.rdf ã®æ¸ãæãã§åé¡ãªãåä½ãã¦ãã¾ããï¼Windows7 64bit + Firefox7.0.1ï¼ SQL Inject Me SQL I
â ãã®ééããã¦ããiframeã¯ããã©ã¦ã¶ã®æåé¢ã«é ç½®ããã¦ãã¾ã â»ã¯ã¦ãªã«ãã°ã¤ã³ãã¦ããã¨ãã©ã®ããã«ãã¿ã³ã被ã£ã¦ããã®ããããããããªãã¾ã
ãã³ãã³åç»ã§ãæåã»ãã¥ãªãã£ã½ããã使ã£ã¦å®éã«ãã«ã¦ã§ã¢ãæ¤åºã§ãããã©ãããå®é¨ããåç»ã話é¡ã¨ãªã£ã¦ããã対象ã¨ãªã£ã¦ããã®ã¯å½å å¤ã®ææã»ç¡æã½ããã®ã»ã¼å ¨ã¦ã注ç®ã®çµæã¯ãå®ã«é©ãã¹ããã®ã«ãªã£ã¦ãããã ãã®åç»ã®æ稿主ã¯ã100ä½ã®ãã«ã¦ã§ã¢ã«ææããç¶æ ã®ãã½ã³ã³ã§ãå社ã»ãã¥ãªãã£ã½ããã使ã£ã¦ã¹ãã£ã³ãè¡ããæ¤åºåãæ¯è¼ããã¨ã®ãã¨ãçµæã¯ä»¥ä¸ã®éãã ã 1ä½ãF-secure internet security 94/100 2ä½ãkaspersky 93/100 3ä½ãa-squared Free 89/100 4ä½ãBitDefender 86/100 5ä½ãã¦ã¤ã«ã¹ãã¹ã¿ã¼ 85/100 6ä½ãGDATA 84/100 6ä½ãCOMODO Internet Security 84/100 8ä½ãMcafee ãã¼ã¿ã«ãããã¯ã·ã§ã³ 83/100 9ä½ãAvi
ãªãªã¼ã¹ãé害æ å ±ãªã©ã®ãµã¼ãã¹ã®ãç¥ãã
ææ°ã®äººæ°ã¨ã³ããªã¼ã®é ä¿¡
å¦çãå®è¡ä¸ã§ã
j次ã®ããã¯ãã¼ã¯
kåã®ããã¯ãã¼ã¯
lãã¨ã§èªã
eã³ã¡ã³ãä¸è¦§ãéã
oãã¼ã¸ãéã
{{#tags}}- {{label}}
{{/tags}}