ã¹ããã¢ããªã®å¸å ´æ¡å¤§ã«ä¼´ããç´æ¥SSL/TLSã©ã¤ãã©ãªã使ç¨ããããã°ã©ã ãæ¸ãæ©ä¼ãå¢ãã¦ãã¦ããä»æ¥ãã®é ãã¨æãã¾ãã SSL/TLSã©ã¤ãã©ãªã使ãéã«ã¯ãæ¥ç¶ç¢ºç«æã«ãµã¼ãã®èªè¨¼ãæ£ããè¡ãå¿ è¦ãããã¾ããå ·ä½çã«ã¯ãã¯ã©ã¤ã¢ã³ãããã°ã©ã ã§ä»¥ä¸ã®ï¼ç¨®é¡ã®æ¤è¨¼ãè¡ããã¨ã«ãªãã¾ãã SSL/TLSã©ã¤ãã©ãªããµã¼ãã®è¨¼ææ¸ã®æ¤è¨¼ã«æåããã㨠ãµã¼ãã®è¨¼ææ¸ã«å«ã¾ããã³ã¢ã³ãã¼ã 注1ãæ¥ç¶ãããã¨ãããµã¼ãã¨åä¸ã§ããã㨠åè ã«ã¤ãã¦ã¯ãOpenSSLã®å ´åã¯SSL_CTX_set_verifyã®å¼æ°ã«SSL_VERIFY_PEERãæå®ãããªã©ãã¦ãã©ã¤ãã©ãªå´ã§å¦çãè¡ããããã¨ãå¯è½ã§ãï¼è¨¼ææ¸ã®æ¤è¨¼ã«å¤±æããå ´åã¯SSL_connectãã¨ã©ã¼ãè¿ãã¾ãï¼ã ä¸æ¹ãå¾è ã«ã¤ãã¦ã¯SSL/TLSã©ã¤ãã©ãªã«ãã£ã¦å·®ããããæ¤è¨¼æ©è½ãæå¹ã«ããããã«ç¹å¥ãªå¼åºãå¿ è¦ã ã£
寺ç°ããã®ããã°ã¨ã³ããªãä»äººã®Cookieãæä½ãããã«ã¯ãéä¿¡è·¯ä¸ã®æ»æè ãããå ´åã¯ãSSLã使ã£ã¦ããCookieã®çè´ãé²ããã¨ã¯ã§ããããCookieã®æ¹å¤ãé²ããã¨ã¯ã§ããªãã¨ææããã¦ãã¾ããããã«ã寺ç°ãããããç°¡ã«ãã¦è¦ãå¾ãã¨ã³ããªã§ãããã«ä»ãå ãããã¨ã¯ãã¾ããªãã®ã§ãããæ®å¿µãªããã¾ã èªãã§ããªã人ãå¤ããã ã¨è¨ããã¨ã¨ãããåºãèªè ã«åãã¦å ·ä½çã«èª¬æããæ¹ãããã ããã¨èãã¾ããã ããã§ãéä¿¡è·¯ä¸ã«æ»æè ãããå ¸åä¾ã¨ãã¦ãå ¬è¡ç¡ç·LANã®å½APï¼ã¢ã¯ã»ã¹ãã¤ã³ãï¼ãããã±ã¼ã¹ãé¡æã¨ãã¦ããHTTPSã使ã£ã¦ãCookieã®æ¹å¤ã¯é²ããªãããã¨ã説æãã¾ãï¼Secureå±æ§ä½¿ãã¨çè´ã¯é²ãã¾ãããæ¹å¤ã¯é²ãã¾ããï¼ãé·ãã¨ã³ããªãªã®ã§çµè«ãå ã«æ¸ãã¦ããã¾ãã Secureå±æ§ããªãCookieã¯HTTPSã§ãçè´ã§ãã Cookieã®æ¹å¤ã«ã¤ãã¦ã¯Se
æ¢ã«å ±éããã¦ããããã«ãããªãããï¼ã¬ã³ã¿ã«ãµã¼ãã¼ã«å¯¾ããæ¹ããæ»æã«ããã被害ãåããã¦ã¼ã¶ã¼æ°ã¯8428件ã«ã®ã¼ãã¨ãããã¨ã§ããããã¾ã§å½±é¿ã大ãããªã£ãåå ã¯ãå ±éã«ããã¨ã(1)ãWordPressã®ãã©ã°ã¤ã³ããã¼ãã®èå¼±æ§ãå©ç¨ãããä¸æ£ãªãã¡ã¤ã«ãã¢ãããã¼ããããã(2)ãã¼ããã·ã§ã³è¨å®ã®ä¸åãæªç¨ããã¦è¢«å®³ãæ¡å¤§ãããã¨ãããã¨ã®ããã§ãã 29æ¥å¤ã®æç¹ã§ã¯ãæ»æè ã®æ¹ããææ³ã«ã¤ãã¦ãWordPressã®ãã©ã°ã¤ã³ããã¼ãã®èå¼±æ§ãå©ç¨ãããä¸æ£ãªãã¡ã¤ã«ãã¢ãããã¼ãããã¦ãwp-config.phpã®ãã®è¨å®æ å ±ãæãåºãããã¨èª¬æãã¦ãããã30æ¥åå¾7æéãã®èª¬æã§ããã®èå¼±æ§ãä¾µå ¥çµè·¯ã¨ãªã£ã¦å社ã®ãã¼ããã·ã§ã³è¨å®ã®ä¸åãæªç¨ããããã¨ãåå ã ã£ããã¨ãæããã«ããã ãããªããããã®WordPressãµã¤ãæ¹ãã被害ãåå ã¯ãã¼ããã·ã§ã³è¨å®ä¸å
ã©ã³ãã³ã°
ã©ã³ãã³ã°
ã©ã³ãã³ã°
ãªãªã¼ã¹ãé害æ å ±ãªã©ã®ãµã¼ãã¹ã®ãç¥ãã
ææ°ã®äººæ°ã¨ã³ããªã¼ã®é ä¿¡
å¦çãå®è¡ä¸ã§ã
j次ã®ããã¯ãã¼ã¯
kåã®ããã¯ãã¼ã¯
lãã¨ã§èªã
eã³ã¡ã³ãä¸è¦§ãéã
oãã¼ã¸ãéã
{{#tags}}- {{label}}
{{/tags}}