[B! security] iwazerã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

iwazer id:iwazer

securityã«é–¢ã™ã‚‹iwazerã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (105)

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

${{author_name}}$
{{author_name}}{{created}}
{{ #comment }}{{ comment }}{{ /comment }}
- {{ label }}

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

ã¯ã˜ã‚ã«ï½œDeserialization on Rails
iwazer 2022/03/03
ã‚ã¨ã§èªã‚€

rails

security
ãƒªãƒ³ã‚¯
Let's Encryptã®ãƒ«ãƒ¼ãƒˆCAæœŸé™åˆ‡ã‚Œã§ OpenSSL 1.0.2ãŒæ€ã‚ã¬äº‹æ•…ã‚’èµ·ã“ã™ä»¶
ã“ã‚Œã¯ã€Let's Encryptã‚’æ”¯ãˆã‚‹ã“ã®äºŒäººã®ãƒ«ãƒ¼ãƒˆCAã¨ OpenSSLã®ç‰©èªžã§ã‚ã‚‹ã€‚ DST Root CA X3 (2000-2021) ISRG Root X1 (2015-2035) ã€œ2021å¹´1æœˆã€œ ISRG Root X1ã€Œã„ã¾ã¾ã§ä¸€ç·’ã«ã‚„ã£ã¦ããŸDST Root CA X3ã•ã‚“ã®å¯¿å‘½ãŒé–“è¿‘ãƒ»ãƒ»ãƒ»ã“ã®ã¾ã¾ã ã¨åƒ•ã‚’ä¿¡é ¼ã—ã¦ãã‚Œã¦ã„ãªã„ãƒ™ãƒ†ãƒ©ãƒ³ã®ï¼ˆå…·ä½“çš„ã«ã„ã†ã¨2016å¹´ãã‚‰ã„ã¾ã§ã®ï¼‰å¤ã„ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆãŸã¡ã¯ Let's Encryptã•ã‚“ã‚’ä¿¡ç”¨ã—ã¦ãã‚Œãªããªã£ã¡ã‚ƒã†ãƒ»ãƒ»ãƒ»ã©ã†ã—ã‚ˆã†ã€ DST Root CA X3ã€Œã©ã‚Œã€ã‚ã—ãŒæ»ã¬å‰ã«(æœ‰åŠ¹æœŸé™ãŒåˆ‡ã‚Œã‚‹å‰ã«)ãŠå‰ãŒä¿¡é ¼ã«å€¤ã™ã‚‹æ—¨ã‚’ä¸€ç†æ›¸ã„ã¦æ®‹ã›ã°ã„ã„ã˜ã‚ƒã‚ã†ã€‚ã‚µãƒ©ã‚µãƒ©ã€ Issuer: O = Digital Signature Trust Co., CN = DST Root CA X3 Validity Not Bef
iwazer 2021/10/04
ssl

network

security
ãƒªãƒ³ã‚¯
è²¬ä»»å…±æœ‰ãƒ¢ãƒ‡ãƒ« | AWS
ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã¨ã‚³ãƒ³ãƒ—ãƒ©ã‚¤ã‚¢ãƒ³ã‚¹ã¯ AWS ã¨ãŠå®¢æ§˜ã®é–“ã§å…±æœ‰ã•ã‚Œã‚‹è²¬ä»»ã§ã™ã€‚ã“ã®å…±æœ‰ãƒ¢ãƒ‡ãƒ«ã¯ã€AWS ãŒãƒ›ã‚¹ãƒˆã‚ªãƒšãƒ¬ãƒ¼ãƒ†ã‚£ãƒ³ã‚°ã‚·ã‚¹ãƒ†ãƒ ã¨ä»®æƒ³åŒ–ãƒ¬ã‚¤ãƒ¤ãƒ¼ã‹ã‚‰ã€ã‚µãƒ¼ãƒ“ã‚¹ãŒé‹ç”¨ã•ã‚Œã¦ã„ã‚‹æ–½è¨ã®ç‰©ç†çš„ãªã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã«è‡³ã‚‹ã¾ã§ã®è¦ç´ ã‚’ AWS ãŒé‹ç”¨ã€ç®¡ç†ã€ãŠã‚ˆã³åˆ¶å¾¡ã™ã‚‹ã“ã¨ã‹ã‚‰ã€ãŠå®¢æ§˜ã®é‹ç”¨ä¸Šã®è² æ‹…ã‚’è»½æ¸›ã™ã‚‹ãŸã‚ã«å½¹ç«‹ã¡ã¾ã™ã€‚ãŠå®¢æ§˜ã«ã¯ã€ã‚²ã‚¹ãƒˆã‚ªãƒšãƒ¬ãƒ¼ãƒ†ã‚£ãƒ³ã‚°ã‚·ã‚¹ãƒ†ãƒ (æ›´æ–°ã¨ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ãƒ‘ãƒƒãƒã‚’å«ã‚€)ã€ãã®ä»–ã®é–¢é€£ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã‚½ãƒ•ãƒˆã‚¦ã‚§ã‚¢ã€ãŠã‚ˆã³ AWS ãŒæä¾›ã™ã‚‹ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã‚°ãƒ«ãƒ¼ãƒ—ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«ã®è¨å®šã«å¯¾ã™ã‚‹è²¬ä»»ã¨ç®¡ç†ã‚’æ‹…ã£ã¦ã„ãŸã ãã¾ã™ã€‚ä½¿ç”¨ã™ã‚‹ã‚µãƒ¼ãƒ“ã‚¹ã€ãã‚Œã‚‰ã®ã‚µãƒ¼ãƒ“ã‚¹ã® IT ç’°å¢ƒã¸ã®çµ±åˆã€ãŠã‚ˆã³é©ç”¨ã•ã‚Œã‚‹æ³•å¾‹ã¨è¦åˆ¶ã«ã‚ˆã£ã¦è²¬ä»»ãŒç•°ãªã‚‹ãŸã‚ã€ãŠå®¢æ§˜ã¯é¸æŠžã—ãŸã‚µãƒ¼ãƒ“ã‚¹ã‚’æ…Žé‡ã«æ¤œè¨Žã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚ã¾ãŸã€ã“ã®è²¬ä»»å…±æœ‰ãƒ¢ãƒ‡ãƒ«ã®æ€§è³ªã«ã‚ˆã£ã¦æŸ”è»Ÿæ€§ãŒå¾—ã‚‰ã‚Œã€ãŠå®¢æ§˜ãŒãƒ‡ãƒ—ãƒã‚¤ã‚’çµ±åˆ¶ã§ãã¾ã™
iwazer 2021/01/25
security

aws
ãƒªãƒ³ã‚¯
ã‚¯ãƒ¬ã‚¸ãƒƒãƒˆã‚«ãƒ¼ãƒ‰ã®å½æ±ºæ¸ˆç”»é¢ãŒç¨¼åƒã—ã¦ã„ãŸã‚µãƒ¼ãƒãƒ¼ã«ã¤ã„ã¦èª¿ã¹ã¦ã¿ãŸ - piyolog
2019å¹´6æœˆ8æ—¥å¤œã€ã‚¯ãƒ¬ã‚¸ãƒƒãƒˆã‚«ãƒ¼ãƒ‰ã®æƒ…å ±çªƒå–ã‚’ç›®çš„ã¨ã—ãŸãƒšãƒ¼ã‚¸ãŒç¨¼åƒã—ã¦ã„ãŸã¨æƒ…å ±ã‚’ã„ãŸã ãã¾ã—ãŸã€‚å½ãƒšãƒ¼ã‚¸ãŒç¨¼åƒã—ã¦ã„ãŸãƒ‰ãƒ¡ã‚¤ãƒ³ã‚„IPã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’èª¿ã¹ãŸã¨ã“ã‚ã€ã„ãã¤ã‹èˆˆå‘³æ·±ã„æƒ…å ±ãŒç¢ºèªã§ããŸãŸã‚ã€èª¿ã¹ãŸå†…å®¹ã‚’ã“ã“ã§ã¯ã¾ã¨ã‚ã¾ã™ã€‚ å½æ±ºæ¸ˆç”»é¢ã ã‚‰ã‘ã®ã‚µãƒ¼ãƒãƒ¼ æƒ…å ±æä¾›é ‚ã„ãŸURLã§ã¯ã‚¯ãƒ¬ã‚¸ãƒƒãƒˆã‚«ãƒ¼ãƒ‰æƒ…å ±ã‚’çªƒå–ã™ã‚‹ã“ã¨ã‚’ç›®çš„ã¨ã—ãŸå½æ±ºæ¸ˆç”»é¢ãŒç¨¼åƒã—ã¦ã„ãŸã€‚ ã‚µãƒ–ãƒ‰ãƒ¡ã‚¤ãƒ³ã«ã¯æ±ºæ¸ˆä»£è¡Œã‚µãƒ¼ãƒ“ã‚¹ã®ãƒšã‚¤ã‚¸ã‚§ãƒ³ãƒˆã«ä¼¼ã›ãŸæ–‡å—åˆ—ãŒç”¨ã„ã‚‰ã‚Œã¦ã„ãŸã€‚ å½æ±ºæ¸ˆç”»é¢ã¯ãƒ¯ã‚¤ãƒ³è²©å£²ã‚’è¡Œã£ã¦ã„ã‚‹ä¼šç¤¾åãŒãƒ•ã‚©ãƒ¼ãƒ ä¸Šéƒ¨ï¼ˆãƒ¢ã‚¶ã‚¤ã‚¯éƒ¨ï¼‰ã«æŽ²è¼‰ã€‚ ã“ã®ä¼šç¤¾ã¯2019å¹´2æœˆã«Webã‚µã‚¤ãƒˆã®æ”¹ä¿®ã‚’ç›®çš„ã¨ã—ã¦ä¸€æ™‚é–‰éŽ–ã™ã‚‹ã¨æ¡ˆå†…ã€‚ 6æœˆã«æ–°ãƒ‰ãƒ¡ã‚¤ãƒ³ã§ECã‚µã‚¤ãƒˆå†é–‹ã€‚æ–°ãƒ‰ãƒ¡ã‚¤ãƒ³ã¸ç§»è¡Œã—ãŸç†ç”±ã¯ã€Œè«¸äº‹æƒ…ã«ã‚ˆã‚Šã€ã¨ã®ã¿èª¬æ˜Žã€‚ å•é¡Œã®ãƒ‰ãƒ¡ã‚¤ãƒ³search-hot.comã‚’èª¿ã¹ã‚‹ å•é¡Œã®ãƒšãƒ¼ã‚¸ãŒç¨¼åƒã—ã¦ã„ãŸãƒ‰ãƒ¡ã‚¤ãƒ³search-hot.co
iwazer 2019/06/10
security

credit
ãƒªãƒ³ã‚¯
WebAuthnã§ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ãƒ¬ã‚¹ãªã‚µã‚¤ãƒˆã‚’ä½œã‚‹ã€‚å®‰å…¨ãªã‚ªãƒ³ãƒ©ã‚¤ãƒ³èªè¨¼ã‚’å°Žå…¥ã™ã‚‹FIDOã®åŸºæœ¬ - ã‚¨ãƒ³ã‚¸ãƒ‹ã‚¢Hubï½œWebã‚¨ãƒ³ã‚¸ãƒ‹ã‚¢ã®ã‚ãƒ£ãƒªã‚¢ã‚’è€ƒãˆã‚‹ï¼
WebAuthnã§ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ãƒ¬ã‚¹ãªã‚µã‚¤ãƒˆã‚’ä½œã‚‹ã€‚å®‰å…¨ãªã‚ªãƒ³ãƒ©ã‚¤ãƒ³èªè¨¼ã‚’å°Žå…¥ã™ã‚‹FIDOã®åŸºæœ¬ FIDOï¼ˆFastÂ IDentityÂ Onlineï¼‰ã¨ã¯ã€å…¬é–‹éµèªè¨¼æ–¹å¼ã‚’å¿œç”¨ã—ã€ã‚ªãƒ³ãƒ©ã‚¤ãƒ³çµŒç”±ã§èªè¨¼ã‚’è¡Œã†ä»•çµ„ã¿ã§ã™ã€‚ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰èªè¨¼ã®å®‰å…¨æ€§ã¯é™ç•ŒãŒæŒ‡æ‘˜ã•ã‚Œã‚‹ãªã‹ã€Webã‚µã‚¤ãƒˆã«ãŠã„ã¦ã‚‚ç”Ÿä½“èªè¨¼ãªã©ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ãƒ¬ã‚¹ãªä»•çµ„ã¿ã‚’å°Žå…¥ã™ã‚‹ä¼æ¥ãŒå¢—ãˆã¦ãŠã‚Šã€ã“ã®FIDOã‚„WebAuthnã«æ³¨ç›®ãŒé›†ã¾ã£ã¦ã„ã¾ã™ã€‚Capyæ ªå¼ä¼šç¤¾ã§æƒ…å ±ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã«é–¢ã™ã‚‹ç ”ç©¶é–‹ç™ºã‚„åˆ†æžãªã©ã«æºã‚ã‚‹ã€æ¾æœ¬æ‚¦å®œã•ã‚“ã®è§£èª¬ã§ã™ã€‚ ã“ã‚“ã«ã¡ã¯ã€æ¾æœ¬æ‚¦å®œï¼ˆ@ym405nmï¼‰ã§ã™ã€‚ FIDOï¼ˆãµãã„ã©ï¼‰ã«é–¢ã—ã¦ã¯ã€æ˜¨å¹´ï¼ˆ2018å¹´ï¼‰ã‹ã‚‰å¤šãã®ãƒ¡ãƒ‡ã‚£ã‚¢ã‚„æŠ€è¡“ãƒ–ãƒã‚°ã§å–ã‚Šä¸Šã’ã‚‰ã‚Œã€å°Žå…¥ã™ã‚‹Webã‚µã‚¤ãƒˆã‚‚å¢—ãˆã¦ã„ã¾ã™ã€‚ FIDO2ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã«ãŠã„ã¦è©±é¡Œã«ãªã£ãŸWebAuthnï¼ˆWeb Authentication APIï¼‰ã«ã¤ã„ã¦ã‚‚ã€ä¸»ãªW
iwazer 2019/05/22
security

auth
ãƒªãƒ³ã‚¯
å¾³ä¸¸æµ©ã®æ—¥è¨˜: ECã‚µã‚¤ãƒˆã‹ã‚‰ã‚¯ãƒ¬ã‚¸ãƒƒãƒˆã‚«ãƒ¼ãƒ‰æƒ…å ±ã‚’ç›—ã¿å‡ºã™æ–°ãŸãªæ‰‹å£
ã‚¨ã‚°ã‚¼ã‚¯ãƒ†ã‚£ãƒ–ã‚µãƒžãƒª è–æ•™æ–°èžç¤¾ãŒé‹å–¶ã™ã‚‹é€šè²©ã‚µã‚¤ãƒˆã€ŒSOKAã‚ªãƒ³ãƒ©ã‚¤ãƒ³ã‚¹ãƒˆã‚¢ã€ã‹ã‚‰2,481ä»¶ã®ã‚¯ãƒ¬ã‚¸ãƒƒãƒˆã‚«ãƒ¼ãƒ‰æƒ…å ±ãŒæ¼æ´©ã—ãŸã€‚ãƒªãƒªãƒ¼ã‚¹ã«ã‚ˆã‚‹ã¨ã€æ¼æ´©ã«ä½¿ã‚ã‚ŒãŸæ‰‹å£ã¯å¾“æ¥ã¨ã¯ç•°ãªã‚‹ã‚‚ã®ã§ã€æ”¹æ£å‰²è³¦è²©å£²æ³•ã®å®Ÿå‹™ä¸Šã®ã‚¬ã‚¤ãƒ‰ãƒ©ã‚¤ãƒ³ã§ã‚ã‚‹ã€Œã‚¯ãƒ¬ã‚¸ãƒƒãƒˆã‚«ãƒ¼ãƒ‰æƒ…å ±éžä¿æŒåŒ–ã€ã§ã¯å¯¾ç–ã§ããªã„ã‚‚ã®ã§ã‚ã£ãŸã€‚ ã¯ã˜ã‚ã« ä»Šå¹´ã®9æœˆ4æ—¥ã«è–æ•™æ–°èžç¤¾ã®é€šè²©ã‚µã‚¤ãƒˆSOKAã‚ªãƒ³ãƒ©ã‚¤ãƒ³ã‚¹ãƒˆã‚¢ã‹ã‚‰ã‚¯ãƒ¬ã‚¸ãƒƒãƒˆã‚«ãƒ¼ãƒ‰æƒ…å ±æ¼æ´©ã®å¯èƒ½æ€§ãŒãƒªãƒªãƒ¼ã‚¹ã•ã‚Œã¾ã—ãŸã€‚ä»¥ä¸‹ã¯è–æ•™æ–°èžç¤¾ã‹ã‚‰é‹å–¶å§”è¨—ã•ã‚Œã¦ã„ã‚‹ãƒˆãƒ©ãƒ³ã‚¹ã‚³ã‚¹ãƒ¢ã‚¹æ ªå¼ä¼šç¤¾ã®ãƒªãƒªãƒ¼ã‚¹ã§ã™ã€‚ ã€Œï¼³ï¼¯ï¼«ï¼¡ã‚ªãƒ³ãƒ©ã‚¤ãƒ³ã‚¹ãƒˆã‚¢ã€ã®ä»¶ ã“ã®ãŸã³ã€å¼Šç¤¾ãŒè–æ•™æ–°èžç¤¾æ§˜ã‚ˆã‚Šé‹å–¶ã‚’å§”è¨—ã•ã‚Œã¦ã„ã‚‹ã€Œï¼³ï¼¯ï¼«ï¼¡ã‚ªãƒ³ãƒ©ã‚¤ãƒ³ã‚¹ãƒˆã‚¢ã€ã«ãŠã„ã¦ã€ã‚¯ãƒ¬ã‚¸ãƒƒãƒˆã‚«ãƒ¼ãƒ‰æƒ…å ±ã‚’å…¥åŠ›ã—ã¦å•†å“ã‚’ã”æ³¨æ–‡ã„ãŸã ã„ãŸä¸€éƒ¨ã®ãŠå®¢ã•ã¾ã®ã‚¯ãƒ¬ã‚¸ãƒƒãƒˆã‚«ãƒ¼ãƒ‰æƒ…å ±ãŒã€ç¬¬ä¸‰è€…ã«ã‚ˆã£ã¦ä¸æ£ã«å–å¾—ã•ã‚ŒãŸå¯èƒ½æ€§ãŒã‚ã‚‹ã“ã¨ãŒç™ºè¦šã„ ãŸã—ã¾ã—ãŸã€‚ http
iwazer 2018/10/16
security
ãƒªãƒ³ã‚¯
Let's encryptã¨SSL/TLSã«é–¢ã™ã‚‹èª¤è¬¬ - Chienomi
å…¨ãä»¥ã¦æ„å‘³ä¸æ˜Žãªèª¤è¬¬ãŒã¯ã³ã“ã£ã¦ã„ãŸä¸Šã«ã€ã‚„ãŸã‚‰ä¸Šã‹ã‚‰ç›®ç·šã ã£ãŸã®ã§ã€æ¶ˆç«ã—ã¦ãŠã“ã†ã¨æ€ã†ã€‚ ãã‚‚ãã‚‚SSL, TLSã¨ã¯ä½•ã‹ SSL/TLSã¯æš—å·åŒ–æŠ€è¡“ã§ã‚ã‚‹ã€‚ SSL/TLSã®ãƒ‡ãƒ¼ã‚¿é€šä¿¡è‡ªä½“ã¯å¯¾ç§°æš—å·ã§ã‚ã‚‹ã€‚ãŸã ã—ã€æš—å·åŒ–ã«åˆ©ç”¨ã™ã‚‹æš—å·éµã¯ä½¿ã„æ¨ã¦ã‚‹ã€‚ Cipherã¯ã‹ãªã‚Šè‰²ã€…ä½¿ãˆã‚‹ã®ã ã‘ã©ã€ã ã„ãŸã„ã¯Triple DES (3DES)ã‹AESãŒä½¿ã‚ã‚Œã‚‹ã€‚ ãã®æ‰‹é †ã¯ <- HelloRequest -> ClientHello <- ServerHello <- ServerCertificate <- ServerKeyExchange <- ServerHelloDone -> ClientKeyExchange -> Finished -> ChangeCipherSpec <- Finished <- ChangeChiperSpec <-> Application Dat
iwazer 2018/06/08
tls

security

ssl
ãƒªãƒ³ã‚¯
Engadget | Technology News & Reviews
The sustainable tiny home trend at CES 2025 revived my dream of building a compoundAmid the chaos of CES we got to retreat to the well-appointed calm of sustainable pods, electric trailers and EV RVs.
iwazer 2018/04/12
security

life
ãƒªãƒ³ã‚¯
ã‚¼ãƒå¹…æ–‡å—ã«ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã—ãŸéš ã—æƒ…å ±ã§ã€æ–‡æ›¸ã‚’ãƒªãƒ¼ã‚¯ã—ãŸãƒ¡ãƒ³ãƒãƒ¼ã‚’ç‰¹å®š | ç§‹å…ƒ@ã‚µã‚¤ãƒœã‚¦ã‚ºãƒ©ãƒœãƒ»ãƒ—ãƒã‚°ãƒ©ãƒžãƒ¼ãƒ»ãƒ–ãƒã‚°
ã¨ã‚ã‚‹ä¼šå“¡åˆ¶æŽ²ç¤ºæ¿ã‹ã‚‰ã®æ–‡æ›¸ã®æµå‡ºã«å›°ã£ãŸé‹å–¶è€…ãŒã€ãƒ¦ãƒ‹ã‚³ãƒ¼ãƒ‰ã®è¦‹ãˆãªã„æ–‡å—ã€Œã‚¼ãƒå¹…æ–‡å—(Zero-Width characters)ã€ã‚’ä½¿ã£ã¦æµå‡ºã•ã›ãŸãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚’ç‰¹å®šã—ãŸã€ã¨ã„ã†è©±ãŒå‡ºã¦ã„ã¾ã—ãŸã€‚ æ•°å¹´å‰ã®è©±ã€Tomã€€ã•ã‚“ãŒæ‰€å±žã—ã¦ã„ãŸç«¶æŠ€ãƒ“ãƒ‡ã‚ªã‚²ãƒ¼ãƒ ã®ãƒãƒ¼ãƒ ã§ã¯ã€ãƒã‚°ã‚¤ãƒ³ãŒå¿…è¦ãªãƒ—ãƒ©ã‚¤ãƒ™ãƒ¼ãƒˆã®æŽ²ç¤ºæ¿ã‚’ä½¿ã£ã¦é€£çµ¡ã—ã¦ã„ã¾ã—ãŸã€‚ãã®æŽ²ç¤ºæ¿ã«æ›¸ã‹ã‚ŒãŸç§˜å¯†æƒ…å ±ã‚„æˆ¦è¡“ã«é–¢ã™ã‚‹é‡å¤§ã‚¢ãƒŠã‚¦ãƒ³ã‚¹ãªã©ãŒã—ã°ã—ã°æŽ²ç¤ºæ¿å¤–ã®ã‚¦ã‚§ãƒ–ã«ã‚³ãƒ”ãƒšã•ã‚Œã€ãƒãƒ¼ãƒ ã«ã¨ã£ã¦å¤§ããªå•é¡Œã¨ãªã£ã¦ã„ãŸãã†ã§ã™ã€‚ å¤–éƒ¨ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®æ”»æ’ƒã§ä¸èº«ãŒæ¼ã‚ŒãŸã¨ã„ã†ã‚ˆã‚Šã¯ã€ãƒ¡ãƒ³ãƒãƒ¼ã®èª°ã‹ãŒã‚³ãƒ”ãƒ¼ã—ã¦ã„ã‚‹ã®ã§ã¯ã€ã¨è€ƒãˆãŸ Tom ã•ã‚“ã¯ã€å½“æ™‚æ°—ã«ãªã£ã¦ã„ãŸãƒ¦ãƒ‹ã‚³ãƒ¼ãƒ‰ã®ã‚¼ãƒå¹…æ–‡å—ã‚’ä½¿ã£ãŸãƒˆãƒªãƒƒã‚¯ã‚’ä»•æŽ›ã‘ãŸãã†ã§ã™ã€‚ ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚’ç‰¹å®šã™ã‚‹æƒ…å ±ã‚’ã€è¦‹ãˆãªã„æ–‡å—ã«å¤‰æ›ã—ã¦åŸ‹ã‚è¾¼ã‚€ ãƒã‚°ã‚¤ãƒ³ä¸ã®ãƒã‚°ã‚¤ãƒ³ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼IDã‚’ã€ä¸€å®šã®ãƒ«ãƒ¼ãƒ«ã«ã‚ˆã£ã¦ã‚¼ãƒå¹…æ–‡å—
iwazer 2018/04/10
hack

security
ãƒªãƒ³ã‚¯
#faq
Key Reinstallation Attacks Breaking WPA2 by forcing nonce reuse Discovered by Mathy Vanhoef of imec-DistriNet, KU Leuven, 2017 Introduction We discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack
iwazer 2017/10/17
security

wifi
ãƒªãƒ³ã‚¯
ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£è¨ºæ–ãƒ»æ¤œæŸ»ã®GMOã‚µã‚¤ãƒãƒ¼ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ byã‚¤ã‚¨ãƒ©ã‚¨
çµ„ç¹”å†…ã§ä¹±ç«‹ã™ã‚‹Webã‚µã‚¤ãƒˆã‚’ç‹™ã†æ”»æ’ƒãŒå¢—åŠ æƒ…ã‚·ã‚¹ãŒå®Ÿè·µã™ã¹ãã€Œè„†å¼±æ€§ç®¡ç†ã€ã¨ã¯ï¼Ÿ å¤–éƒ¨ITè³‡ç”£ã®å¯è¦–åŒ–ã«ãŠã‘ã‚‹èª²é¡Œã‚„ASMã®é‡è¦æ€§ã¨å®Ÿè¡Œæ–¹æ³•ã‚’ã€ASMã«é–¢ã™ã‚‹å…·ä½“çš„ãªæ‰‹æ³•ã‚’äº¤ãˆã¦4ã¤ã®ã‚¹ãƒ†ãƒƒãƒ—ã§åˆ†ã‹ã‚Šã‚„ã™ãè§£èª¬ã—ã¾ã™ã€‚
iwazer 2017/07/14
security

auth
ãƒªãƒ³ã‚¯
CDNåˆ‡ã‚Šæ›¿ãˆä½œæ¥ã«ãŠã‘ã‚‹ã€Webç‰ˆãƒ¡ãƒ«ã‚«ãƒªã®å€‹äººæƒ…å ±æµå‡ºã®åŽŸå› ã«ã¤ãã¾ã—ã¦ - Mercari Engineering Blog
æœ¬æ—¥ã‚³ãƒ¼ãƒãƒ¬ãƒ¼ãƒˆã‚µã‚¤ãƒˆã§ãŠçŸ¥ã‚‰ã›ã—ãŸé€šã‚Šã€Webç‰ˆã®ãƒ¡ãƒ«ã‚«ãƒªã«ãŠã„ã¦ä¸€éƒ¨ã®ãŠå®¢ã•ã¾ã®å€‹äººæƒ…å ±ãŒä»–è€…ã‹ã‚‰é–²è¦§ã§ãã‚‹çŠ¶æ…‹ã«ãªã£ã¦ã„ãŸã“ã¨ãŒåˆ¤æ˜Žã—ã¾ã—ãŸã€‚åŽŸå› ã¯ã™ã§ã«åˆ¤æ˜Žã—ã¦ä¿®æ£ãŒå®Œäº†ã—ã¦ãŠã‚Šã¾ã™ã€‚ã¾ãŸã€å€‹äººæƒ…å ±ã‚’é–²è¦§ã•ã‚ŒãŸå¯èƒ½æ€§ã®ã‚ã‚‹ãŠå®¢ã•ã¾ã«ã¯ã€ãƒ¡ãƒ«ã‚«ãƒªäº‹å‹™å±€ã‚ˆã‚Šã€ãƒ¡ãƒ«ã‚«ãƒªå†…ã®å€‹åˆ¥ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã«ã¦ã”é€£çµ¡ã•ã›ã¦ã„ãŸã ãã¾ã—ãŸã€‚ ãŠå®¢ã•ã¾ã®å¤§åˆ‡ãªå€‹äººæƒ…å ±ã‚’ãŠé ã‹ã‚Šã—ã¦ã„ã‚‹ã«ã‚‚é–¢ã‚ã‚‰ãšã€ã“ã®ã‚ˆã†ãªäº‹æ…‹ã«è‡³ã‚Šã€æ·±ããŠè©«ã³ã‚’ç”³ã—ä¸Šã’ã¾ã™ã€‚ æœ¬ã‚¨ãƒ³ãƒˆãƒªã§ã¯æŠ€è¡“çš„è¦³ç‚¹ã‹ã‚‰è©³ç´°ã‚’ãŠä¼ãˆã•ã›ã¦ã„ãŸã ãã¾ã™ã€‚ 2017å¹´6æœˆ27æ—¥ã€€CDNã®ã‚ãƒ£ãƒƒã‚·ãƒ¥ã®å‹•ä½œã«ã¤ã„ã¦ã€CDNãƒ—ãƒãƒã‚¤ãƒ€ã¨ä»•æ§˜ã«ã¤ã„ã¦ç¢ºèªã—æ¤œè¨¼ã‚’è¡Œã„ã¾ã—ãŸã€‚ãã®çµæžœä¸€éƒ¨è¨˜è¿°ã«å®Ÿéš›ã¨ç•°ãªã‚‹ç®‡æ‰€ãŒã‚ã‚Šã€åŠ ç†ä¿®æ£ã„ãŸã—ã¾ã—ãŸã€‚ æ¦‚è¦ ãƒ¡ãƒ«ã‚«ãƒªWebç‰ˆã®ã‚³ãƒ³ãƒ†ãƒ³ãƒ„ã‚ãƒ£ãƒƒã‚·ãƒ¥ã‚’ã—ã¦ã„ã‚‹CDNã®ãƒ—ãƒãƒã‚¤ãƒ€åˆ‡ã‚Šæ›¿ãˆã‚’è¡Œã„ã¾ã—ãŸã€‚ ãã®éš›æœ¬æ¥ã‚ãƒ£ãƒƒã‚·ãƒ¥ã•ã‚Œã‚‹ã¹ãã§ãªã„
iwazer 2017/06/23
security

nginx

web

cache

cdn

knowledge
ãƒªãƒ³ã‚¯
SHAttered
Physical Address 304 North Cardinal St. Dorchester Center, MA 02124
iwazer 2017/02/24
security
ãƒªãƒ³ã‚¯
https://e-algorithm.xyz/vulnerability/
iwazer 2016/10/18
security

web
ãƒªãƒ³ã‚¯
ImageMagickã®è„†å¼±æ€§(CVE-2016-3714ä»–)ã«ã¤ã„ã¦ã¾ã¨ã‚ã¦ã¿ãŸã€€2016-05-04 - piyolog
ç”»åƒå‡¦ç†ã‚½ãƒ•ãƒˆImageMagickã«è¤‡æ•°ã®è„†å¼±æ€§ãŒå˜åœ¨ã™ã‚‹ã¨ã—ã¦2016å¹´5æœˆ3æ—¥é ƒã€CVE-2016-3714ä»–ã®è„†å¼±æ€§æƒ…å ±ãŒå…¬é–‹ã•ã‚Œã¾ã—ãŸã€‚ã“ã“ã§ã¯é–¢é€£æƒ…å ±ã‚’ã¾ã¨ã‚ã¾ã™ã€‚ ImageMagick é–‹ç™ºãƒãƒ¼ãƒ ã®æƒ…å ± 2016å¹´5æœˆ3æ—¥ ImageMagick Security Issue è„†å¼±æ€§æƒ…å ± å¯¾è±¡ ImageMagick CVE CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 å½±éŸ¿ RCE é‡è¦åº¦ CVE-2016-3714ï¼šImportant(Redhat)/ç·Šæ€¥(JPCERT/CC) PoC PoCå…¬é–‹ã‚ã‚Šã€‚ in the wildã¨ã®æƒ…å ±ã‚‚ã‚ã‚Šã€‚ CVSS(v2) CVE-2016-3714ï¼š6.8(Redhat)/9.3(CERT/CC) ç™ºè¦‹è€… Nikolay Ermishki
iwazer 2016/05/06
imagemagick

security

check
ãƒªãƒ³ã‚¯
GHOST è„†å¼±æ€§ã¯å¦‚ä½•æ§˜ã«ä½¿ã†ã®ã‹ | Webã‚·ã‚¹ãƒ†ãƒ é–‹ç™ºï¼æ•™è‚²ã‚½ãƒªãƒ¥ãƒ¼ã‚·ãƒ§ãƒ³ã®ã‚¿ã‚¤ãƒ ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ¡ãƒ‡ã‚£ã‚¢
å…ˆæ—¥ GHOST ã¨å‘¼ã°ã‚Œã‚‹ glibc ã®è„†å¼±æ€§ãŒç™ºè¡¨ã•ã‚ŒãŸã€‚ãªã‚“ã§ã‚‚ã€ã€Œãƒªãƒ¢ãƒ¼ãƒˆã‹ã‚‰ä»»æ„ã®ã‚³ãƒ¼ãƒ‰ã‚’å®Ÿè¡Œã§ãã‚‹å¯èƒ½æ€§ãŒã‚ã‚‹ã€ã‚‰ã—ã„ã§ã¯ãªã„ã‹ã€‚ã—ã‹ã‚‚æ§˜ã€…ãªãƒ—ãƒã‚°ãƒ©ãƒ ã§åˆ©ç”¨ã•ã‚Œã¦ã„ã‚‹ãƒ©ã‚¤ãƒ–ãƒ©ãƒªéƒ¨åˆ†ã®å•é¡Œã¨ã‚ã£ã¦ã€å½±éŸ¿ç¯„å›²ãŒã¨ã¦ã‚‚åºƒã„ã€‚ãªã‹ãªã‹åŽ„ä»‹ãªã“ã¨ã§ã‚ã‚‹ã€‚ ã¯ã¦ã€ã—ã‹ã—ä¸€ä½“å…¨ä½“ã©ã†ã‚„ã£ã¦ãƒªãƒ¢ãƒ¼ãƒˆã‹ã‚‰ä»»æ„ã®ã‚³ãƒ¼ãƒ‰ã‚’å®Ÿè¡Œã—ã‚ˆã†ã¨ã„ã†ã®ã ã‚ã†ï¼Ÿ è©±ã‚’èžãã«ã€ãŸã‹ãŒæ•°ãƒã‚¤ãƒˆã®æƒ…å ±ã‚’ç¯„å›²å¤–ã®ãƒ¡ãƒ¢ãƒªã«æ›¸ãè¾¼ã‚ã‚‹å¯èƒ½æ€§ãŒã‚ã‚‹ã ã‘ã ã¨ã„ã†ã€‚å®Ÿéš›ãã‚Œã ã‘ã®ã“ã¨ã§ã‚µãƒ¼ãƒãƒ¼ã®ä¹—ã£å–ã‚Šãªã©ã§ãã‚‹ã‚‚ã®ãªã®ã ã‚ã†ã‹ã€‚ãã‚“ãªã‚ã‘ã§ã€ãã®ç–‘å•ã«ç”ãˆã‚‹ã¹ãã€æœ¬è¨˜äº‹ã§ã¯ä»¥ä¸‹ã® URL ã§è§£èª¬ã•ã‚Œã¦ã„ã‚‹å®Ÿéš›ã®æ”»æ’ƒæ–¹æ³•ã‚’è‹¥å¹²ç«¯æŠ˜ã£ã¦ç´¹ä»‹ã—ã¦ã¿ã‚ˆã†ã¨æ€ã†ã€‚ http://www.openwall.com/lists/oss-security/2015/01/27/9 ãªãŠã€æœ¬è¨˜äº‹ã¯ã“ã®è„†å¼±æ€§ãã®ã‚‚ã®ã«å¯¾ã™ã‚‹ç·Šæ€¥åº¦ãªã©ã«ã¤ã„ã¦è¨€
iwazer 2015/01/30
security

hack
ãƒªãƒ³ã‚¯
https://jp.techcrunch.com/2014/11/19/20141118mozilla-eff-and-others-band-together-to-provide-free-ssl-certificates/
iwazer 2014/11/20
æœŸå¾…

security

network

ssl
ãƒªãƒ³ã‚¯
OpenSSLã®è„†å¼±æ€§ã§æƒ³å®šã•ã‚Œã‚‹ãƒªã‚¹ã‚¯ - ã‚ã‚‚ãŠãã°
JVNã‚„JPCERT/CCã®è¨˜äº‹ãŒã‚ã¾ã‚Šã«ã‚‚ã•ã‚‰ã£ã¨æ›¸ã‹ã‚Œã¦ã„ã¦ã€å…·ä½“çš„ãªãƒªã‚¹ã‚¯ãŒæƒ³åƒã—ã¥ã‚‰ã„ã¨æ€ã†ã®ã§èª¬æ˜Žã—ã¾ã™ã€‚ ä»ŠåŒ—ç”£æ¥ (ä»Šãƒ‹ãƒ¥ãƒ¼ã‚¹è¦‹ã¦æ¥ãŸã‹ã‚‰ä¸‰è¡Œã§æ•™ãˆã¦æ¬²ã—ã„ã¨ã„ã†äººå‘ã‘ã®ã¾ã¨ã‚) ã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆä¸Šã®ã€Œæš—å·åŒ–ã€ã«ä½¿ã‚ã‚Œã¦ã„ã‚‹OpenSSLã¨ã„ã†ã‚½ãƒ•ãƒˆã‚¦ã‚§ã‚¢ãŒ2å¹´é–“å£Šã‚Œã¦ã„ã¾ã—ãŸã€‚ ã“ã®ã‚½ãƒ•ãƒˆã‚¦ã‚§ã‚¢ã¯ä¾¿åˆ©ãªã®ã§ã€Facebookã ã¨ã‹YouTubeã ã¨ã‹ã€ã‚ã¡ã“ã¡ã®ã‚¦ã‚§ãƒ–ã‚µã‚¤ãƒˆã§ä½¿ã£ã¦ã„ã¾ã—ãŸã€‚ ä»–ã®äººã®å…¥åŠ›ã—ãŸIDã¨ã‹ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ã¨ã‹ã‚¯ãƒ¬ã‚«ç•ªå·ã¨ã‹ã‚’ã€æ‚ªã„äººãŒè¦‹ã‚‹ã“ã¨ãŒã§ãã¦ã—ã¾ã„ã¾ã™ã€‚(å®Ÿéš›ã«æ¼ã‚Œã¦ã‚‹ä¾‹) ä»–ã«ã‚‚è‰²ã€…æ¼ã‚Œã¦ã¾ã™ãŒã€ã¨ã‚Šã‚ãˆãšã‚¨ãƒ³ã‚¸ãƒ‹ã‚¢ä»¥å¤–ã®äººãŒè¦šãˆã¦ãŠãã¹ãã¯ã“ã“ã¾ã§ã§OKã§ã™ã€‚ã‚‚ã†å°‘ã—åˆ†ã‹ã‚Šã‚„ã™ã„æƒ…å ±ãŒä»¥ä¸‹ã«ã‚ã‚Šã¾ã™ã€‚ OpenSSL ã®è„†å¼±æ€§ã«å¯¾ã™ã‚‹ã€ã‚¦ã‚§ãƒ–ã‚µã‚¤ãƒˆåˆ©ç”¨è€…ï¼ˆä¸€èˆ¬ãƒ¦ãƒ¼ã‚¶ï¼‰ã®å¯¾å¿œã«ã¤ã„ã¦ ã¾ã ç›´ã£ã¦ã„ãªã„ã‚¦ã‚§ãƒ–ã‚µã‚¤ãƒˆã‚‚ã‚ã‚Œã°ã€å…ƒã€…å£Šã‚Œã¦ã„ãªã„ã‚¦ã‚§ãƒ–
iwazer 2014/04/11
security

ssl

summary
ãƒªãƒ³ã‚¯
CVE-2014-0160 OpenSSL Heartbleed è„†å¼±æ€§ã¾ã¨ã‚ - ã‚ã‚‚ãŠãã°
å¿…è¦ãªæƒ…å ±ã¯ http://heartbleed.com/ ã«ã¾ã¨ã¾ã£ã¦ã„ã‚‹ã®ã§ã™ãŒã€è‹±èªžã ã—é•·ã„ã—ã£ã¦äººã®ãŸã‚ã«æ‰‹çŸã«ã¾ã¨ã‚ã¦ãŠãã¾ã™ã€‚ ã©ã†ã™ã‚Œã°ã„ã„ã®ã‹ OpenSSL 1.0.1ã€œ1.0.1fã‚’ä½¿ã£ã¦ã„ãªã‘ã‚Œã°ã‚»ãƒ¼ãƒ• ã‚ã¦ã¯ã¾ã‚‹å ´åˆã«ã¯ã€ä¸€åˆ»ã‚‚æ—©ããƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚¢ãƒƒãƒ—ã—ã¦ã€ã‚µãƒ¼ãƒã”ã¨å†èµ·å‹•(ã‚ã‹ã‚‹ã²ã¨ã¯ã‚µãƒ¼ãƒ“ã‚¹å˜ä½ã§ã‚‚OKã€ãŸã ã—reloadã§ã¯ã ã‚ãªã“ã¨ã‚‚) SSLè¨¼æ˜Žæ›¸ã§ã‚µãƒ¼ãƒã‚’å…¬é–‹ã—ã¦ã„ã‚‹ãªã‚‰ã€ç§˜å¯†éµã‹ã‚‰ä½œã‚Šç›´ã—ã¦è¨¼æ˜Žæ›¸ã‚’å†ç™ºè¡Œã—ã€éŽåŽ»ã®è¨¼æ˜Žæ›¸ã‚’å¤±åŠ¹ã•ã›ã‚‹(æœ«å°¾ã«é–¢é€£ãƒªãƒ³ã‚¯ã‚ã‚Š)ã€‚ ã‚µãƒ¼ãƒã‚’å…¬é–‹ã—ã¦ã„ãªã„å ´åˆã‚‚ã€å¤–éƒ¨ã¸ã®SSLé€šä¿¡ãŒã‚ã‚Œã°å½±éŸ¿ã‚’å—ã‘ã‚‹ã®ã§ã€è©³ã—ãç²¾æŸ»ã™ã‚‹ã€‚ PFS(perfect forward secrecy)ã‚’åˆ©ç”¨ã—ã¦ã„ãªã„å ´åˆã€éŽåŽ»ã®é€šä¿¡å†…å®¹ã‚‚å¾©å·ã•ã‚Œã‚‹å¯èƒ½æ€§ãŒã‚ã‚‹ãŸã‚ã€è©³ã—ãç²¾æŸ»ã™ã‚‹ã€‚ æ¼æ´©ã™ã‚‹æƒ…å ±ã®å…·ä½“ä¾‹ã¯ã€OpenSSLã®è„†å¼±æ€§ã§æƒ³å®šã•ã‚Œã‚‹ãƒªã‚¹ã‚¯ã¨ã—ã¦
iwazer 2014/04/09
ssl

security
ãƒªãƒ³ã‚¯
ngrok - secure introspectable tunnels to localhost
Want to route traffic based on headers, paths, subdomains or other attributes? Check out internal endpoints. â†’
iwazer 2014/03/11
network

security

tunnel
ãƒªãƒ³ã‚¯
1 2 3 4 5 6 æ¬¡ã®ãƒšãƒ¼ã‚¸