ã¯ã¦ãªãƒ–ックマークã§ã‚ã‘ã®ã‚ã‹ã‚‰ãªã„スターãŒã¤ã‘られã¦ã„ã‚‹å ´åˆã€ç›¸æ‰‹ã¯ã‚¹ãƒ‘マーã‹ã‚‚ã—ã‚Œãªã„。
ä¸é€”åŠç«¯ãªè‹±èªžä½¿ã„ãŒè‹±å›½ã‹ã‚‰ã®ãƒ‹ãƒ¥ãƒ¼ã‚¹ã‚’æ±äº¬ã§èªã¿ã€ã‚ã¡ã“ã¡ãµã‚‰ãµã‚‰ã†ã‚ã†ã‚。時々嘘。 ã¯ã¦ãƒ– = http://b.hatena.ne.jp/nofrills Twitter = http://twitter.com/nofrills Twitterã®ãƒã‚° = http://twilog.org/nofrills ◆「ãªãœã€ã‚¤ã‚¹ãƒ©ãƒ 教徒ã¯ã€ã‚¤ã‚¹ãƒ©ãƒ éŽæ¿€æ´¾ã®ãƒ†ãƒã‚’éžé›£ã—ãªã„ã®ã‹ã€ã¨ã„ã†å•ã„ã¯ã€ãªãœã€Œå·®åˆ¥ã€ãªã®ã‹ã€‚(2014å¹´12月) ◆「陰謀論ã€ã¨ã€ã€Œé™°è¬€ã€ã«ã¤ã„ã¦ã€‚ãã—ã¦äººãŒæ»å‚·ã•ã›ã‚‰ã‚Œã¦ã„ã‚‹ã“ã¨ã¸ã®ã‚·ãƒ‹ã‚·ã‚ºãƒ ã«ã¤ã„ã¦ã€‚(2014å¹´11月) ◆知らãªã„人ã«æ°—軽ã«è©±ã—ã‹ã‘ã‚‹ã“ã¨ã®ã§ãã‚‹å ´ã§ã€çŸ¥ã‚‰ãªã„人ã‹ã‚‰è©±ã—ã‹ã‘られãŸã¨ãã«å¿œç”ã™ã‚‹ã“ã¨ã‚’ã‚„ã‚ã¾ã—ãŸã€‚ã¾ãŸã€çŸ¥ã‚‰ãªã„人ã‹ã‚‰è©±ã—ã‹ã‘られã¦ã„ã‚‹ã‹ã‚‚ã—ã‚Œãªã„å ´æ‰€ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ã“ã¨ã‚‚ã‚„ã‚ã¾ã—ãŸã€‚ã‚ãªãŸã®ä¸»å¼µã¯ã€ç§ã‚’å·»ãè¾¼ã¾ãšã«ã€ã‚ãªãŸãŒã‚„ã£ã¦ãã ã•ã„
High-Tech Bridge | Web Security Company
Organizations face incremental need to assure their internal and external stakeholders that their data protection and privacy practices meet various international standards, such as PCI DSS, ISO 27001 or NIST Cybersecurity Framework. High-Tech Bridge has over a decade of experience in security auditing of organizations of all sizes. Our reports are composed of a technical part, tailored for cybers
Chrome ㌠Symantec ã®è¨¼æ˜Žæ›¸ã«å¯¾ã™ã‚‹ä¿¡é ¼ã‚’ç ´æ£„ã™ã‚‹äºˆå®šã«ã¤ã„ã¦
.app 1 .dev 1 #11WeeksOfAndroid 13 #11WeeksOfAndroid Android TV 1 #Android11 3 #DevFest16 1 #DevFest17 1 #DevFest18 1 #DevFest19 1 #DevFest20 1 #DevFest21 1 #DevFest22 1 #DevFest23 1 #hack4jp 3 11 weeks of Android 2 A MESSAGE FROM OUR CEO 1 A/B Testing 1 A4A 4 Accelerator 6 Accessibility 1 accuracy 1 Actions on Google 16 Activation Atlas 1 address validation API 1 Addy Osmani 1 ADK 2 AdMob 32 Ads
ã‚»ã‚ュリティã®éƒ½å¸‚ä¼èª¬ã‚’æš´ã
2. アジェンダ • ã‚»ã‚ュリティã®éƒ½å¸‚ä¼èª¬ã¨ã¯ • ã‚»ã‚ュリティã®éƒ½å¸‚ä¼èª¬ã•ã¾ã–㾠– パスワードã®ãƒžã‚¹ã‚¯è¡¨ç¤º – IDã¾ãŸã¯ãƒ‘スワードãŒé•ã„ã¾ã™ – パスワードã®æœ‰åŠ¹æœŸé–“ – autocompleteã®åœæ¢ – 戻るボタンã®å•é¡Œ • ã¾ã¨ã‚ 2 3. 徳丸浩ã®è‡ªå·±ç´¹ä»‹ • çµŒæ´ â€“ 1985å¹´ äº¬ã‚»ãƒ©æ ªå¼ä¼šç¤¾å…¥ç¤¾ – 1995å¹´ äº¬ã‚»ãƒ©ã‚³ãƒŸãƒ¥ãƒ‹ã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã‚·ã‚¹ãƒ†ãƒ æ ªå¼ä¼šç¤¾(KCCS)ã«å‡ºå‘ãƒ»è»¢ç± â€“ 2008å¹´ KCCS退è·ã€HASHã‚³ãƒ³ã‚µãƒ«ãƒ†ã‚£ãƒ³ã‚°æ ªå¼ä¼šç¤¾(ç¾ç¤¾å:EGã‚»ã‚ãƒ¥ã‚¢ã‚½ãƒªãƒ¥ãƒ¼ã‚·ãƒ§ãƒ³ã‚ºæ ªå¼ä¼š 社)è¨ç«‹ • 経験ã—ãŸã“㨠– 京セラ入社当時ã¯CADã€è¨ˆç®—幾何å¦ã€æ•°å€¤ã‚·ãƒŸãƒ¥ãƒ¬ãƒ¼ã‚·ãƒ§ãƒ³ãªã©ã‚’担当 – ãã®å¾Œã€ä¼æ¥å‘ã‘パッケージソフトã®ä¼ç”»ãƒ»é–‹ç™ºãƒ»äº‹æ¥åŒ–を担当 – 1999å¹´ã‹ã‚‰ã€æºå¸¯é›»è©±å‘ã‘インフラã€ãƒ—ラットフォームã®ä¼ç”»ãƒ»é–‹ç™ºã‚’担当 Webアプリケーションã®ã‚»ã‚ュリティå•é¡Œã«ç›´é¢ã€
Cobalt Strike | Adversary Simulation and Red Team Operations
Software for Adversary Simulations and Red Team Operations Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network. While penetration tests focus on unpatched vulnerabilities and misconfigurations, these assessments benefit security operations and incident response. Why Cobalt Strike? Cobalt Strike gives
CVE Details
Vulnerability intelligence and core features CVEdetails.com offers a complete CVE database enhanced with additional information including advisories, exploits, tools, source code changes and much more. CVEs in CISA KEV catalog give users quick access to a list of vulnerabilities exploited in the wild. EPSS scores provides users with a list of vulnerabilities with increased risk. Set up email alert
HTTP Headers ã¨ã„ㆠ5万人ãŒä½¿ã£ã¦ã„ã‚‹ Chrome æ‹¡å¼µã®ãƒžãƒ«ã‚¦ã‚§ã‚¢ç–‘惑。セッション盗ã¾ã‚Œã¦ BTC ã‚‚ç›—ã¾ã‚Œãã†ã«ãªã£ãŸè©±ã€‚ - clock-up-blog
疑惑ã©ã“ã‚ã‹ 99.99% ãらã„é»’ãªè©±ã€‚ (後記:セッション盗ã¾ã‚ŒãŸã¨æ€ã£ã¦ãŸã‘ã©ã€ã‚ˆãよã考ãˆç›´ã—ã¦ã¿ã‚‹ã¨ç”Ÿãƒ‘スワードã”ã¨ç›—ã¾ã‚Œã¦ã‚‹å¯èƒ½æ€§ã‚‚ã‚ã‚‹ã—ã‚„ã°ã„) è¿½è¨˜ï¼šç¶šå ± 11月3æ—¥ 今回指摘ã—㟠HTTP Headers 以外ã«ã‚‚ã€ã€ŒTab Managerã€ã€ŒGive Me CRXã€ã€ŒLive HTTP Headersã€ç‰ã§åŒæ§˜ï¼ˆï¼Ÿï¼‰ã®å•é¡ŒãŒå ±å‘Šã•ã‚Œã¦ã„ã¾ã™ã€‚第三者ãŒå…ƒã®ä½œè€…ã‹ã‚‰ã‚½ãƒ•ãƒˆã‚¦ã‚§ã‚¢æ¨©åˆ©ã‚’è²·ã„å–ã£ã¦æ‚ªç”¨ã™ã‚‹ã€ã¨ã„ã†ã‚±ãƒ¼ã‚¹ãŒå‰²ã¨ã‚る模様(?)。皆ã•ã¾æƒ…å ±ã‚ã‚ŠãŒã¨ã†ã”ã–ã„ã¾ã™ã€‚ 11月4æ—¥ Zaif ã«ã¤ã„ã¦ã¯ã€ã€Œä¸æ£ãª Chrome æ‹¡å¼µã€ã¨ã€Œã‚¹ã‚¯ãƒªãƒ—トã‹ã‚‰ä¿è·ã•ã‚Œã¦ã„ãªã‹ã£ãŸã‚¯ãƒƒã‚ーã€ã®ã‚³ãƒ³ãƒœã«ã‚ˆã‚Šã‚»ãƒƒã‚·ãƒ§ãƒ³ãŒç›—ã¾ã‚Œã¦ã„ãŸå¯èƒ½æ€§ã‚り。 Zaif ã®ã‚»ãƒƒã‚·ãƒ§ãƒ³æƒ…å ±ãŒç›—ã¾ã‚ŒãŸåŽŸå› ã®ã²ã¨ã¤ã«ã¤ã„ã¦ã€‚JavaScript ã‹ã‚‰ã‚¯ãƒƒã‚ー値をå–å¾—ã•ã›ãªã„方法。 - clock-up-blog
Firefox - Same-Origin Policy bypass (CVE-2015-7188)
In this post I will explain the Same-Origin policy bypass (CVE-2015-7188) in Firefox I reported to Mozilla last year. The root cause of that issue was a minor nuance in IP address parsing in some of the most popular OS-es. The final working exploit, however, additionally needed Flash installed and activated on the victim's machine. Another limitation was that it only worked to http protocol. Howev
Two-factor authentication for Apple ID - Apple Support
Two-factor authentication for Apple ID Two-factor authentication is designed to make sure that you're the only person who can access your account. Learn how it works and how to turn on two-factor authentication. Two-factor authentication is an extra layer of security for your Apple ID, designed to make sure that you're the only one who can access your account—even if someone else knows your passwo
Chromium Security
The Chromium security team aims to provide Chrome and Chrome OS users with the most secure platform to navigate the web, and just generally make the Internet a safer place to hang out. We work on solutions for the biggest user / ux security problems, drive secure architecture design and implementation projects for the Chromium platform, find and help fix security bugs, help developers to create mo
証明書ã®é€æ˜Žæ€§(CT)ã¨ã¯ä½•ã§ã™ã‹ï¼Ÿ | デジサート㮠FAQ
デジタルトラスト製å“/サービス一覧: エンタープライズ ITã€PKIã€ID DigiCert® Trust Lifecycle Manager ウェブサイト&サーãƒãƒ¼ DigiCert CertCentral TLS/SSL Manager コード&ソフトウェア DigiCert® Software Trust Manager 文書&署å DigiCert® Document Trust Manager IoT&コãƒã‚¯ãƒ†ãƒƒãƒ‰ãƒ‡ãƒã‚¤ã‚¹ DigiCert® Device Trust Manager Matter ã«ã‚ˆã‚‹ IoT デãƒã‚¤ã‚¹èªè¨¼ DigiCert® TrustCore SDK
Windows 10: Wi-Fi センサー (Wi-Fi Sense) ã¨ã¯? æ£ã—ãç†è§£ã—ã¦ä½¿ç”¨ã—ã¦ã¿ã‚ˆã† | MSRC Blog | Microsoft Security Response Center
This blog post is older than a year. The information provided below may be outdated. Wi-Fi センサーã¯ã€Windows 10 ã§å®Ÿè£…ã•ã‚ŒãŸæ©Ÿèƒ½ã§ (Windows Phone 8.1 ã§ã‚‚利用å¯èƒ½)ã€Windows 10 デãƒã‚¤ã‚¹ã« Microsoft アカウントã§ã‚µã‚¤ãƒ³ã‚¤ãƒ³ã—ã¦ã„ã‚‹å ´åˆã«åˆ©ç”¨ã§ãã¾ã™ã€‚ Wi-Fi センサーを使ã†ã¨ä»¥ä¸‹ã®äº‹ãŒã§ãã¾ã™ã€‚ 外出時ãªã©ã€æ¤œå‡ºã•ã‚ŒãŸæŽ¨å¥¨ã•ã‚Œã‚‹ã‚ªãƒ¼ãƒ—ン Wi-Fi ホットスãƒãƒƒãƒˆã«è‡ªå‹•çš„ã«æŽ¥ç¶šã™ã‚‹ ã“れを行ã†ã«ã¯ã€Wi-Fi センサーã®è¨å®š*1 ã§ã€ [推奨ã•ã‚ŒãŸã‚ªãƒ¼ãƒ—ン ホットスãƒãƒƒãƒˆã«æŽ¥ç¶šã™ã‚‹] をオンã«ã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚オンã«ã—ãŸå ´åˆã€Wi‑Fi センサーã¯ã€ä½ç½®æƒ…å ±ã‚’ä½¿ã£ã¦å‘¨å›²ã®æŽ¨å¥¨ã•ã‚Œã‚‹ã‚ªãƒ¼ãƒ—ン Wi‑Fi ホットスãƒãƒƒãƒˆã‚’検索ã—ã€è‡ªå‹•çš„ã«æŽ¥ç¶šã—ã¾
Sakurity
At Mixpanel, we obsess about security and we found the Sakurity team phenomenal to work with for a contracted penetration test of Mixpanel. Sakurity identified holes that our previous security audit had missed and their turnaround time was great. We plan to continue to partner with Sakurity for the foreseeable future. As a payments company, security is core to everything Stripe does. I've worked w
Let's Encrypt
A nonprofit Certificate Authority providing TLS certificates to 450 million websites. Read all about our nonprofit work this year in our 2023 Annual Report. From our blog Jul 23, 2024 Intent to End OCSP Service Moving to a more privacy-respecting and efficient method of checking certificate revocation. Read more Jun 24, 2024 More Memory Safety for Let’s Encrypt: Deploying ntpd-rs NTP is critical t
OpenSSLã®è„†å¼±æ€§(CVE-2014-3511)ã§TLSプãƒãƒˆã‚³ãƒ«ã®åŸºç¤Žã‚’å¦ã¶ - ã¼ã¡ã¼ã¡æ—¥è¨˜
1. ã¯ã˜ã‚ã«ã€ 昨日 OpenSSLã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚¢ãƒƒãƒ—ãŒã‚¢ãƒŠã‚¦ãƒ³ã‚¹ã•ã‚Œã€ï¼™ã¤ã®è„†å¼±æ€§ãŒå…¬é–‹ã•ã‚Œã¾ã—ãŸã€‚ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚¢ãƒƒãƒ—ã®æ•°æ—¥å‰ã«OpenSSLã®æ¬¡æœŸãƒªãƒªãƒ¼ã‚¹äºˆå‘ŠãŒã‚¢ãƒŠã‚¦ãƒ³ã‚¹ã•ã‚Œã¦ã„ã¾ã—ãŸãŒã€ã¡ã‚‡ã†ã© BlackHat 開催åˆæ—¥ã«ã‚ãŸã‚‹ã“ã¨ã‚‚ã‚ã‚Šã€ãªã‚“ã‹ã¾ãŸé‡å¤§ãªè„†å¼±æ€§ã®ä¿®æ£ãŒå…¥ã‚‹ã‚“ã˜ã‚ƒãªã„ã‹ã¨ãƒ‰ã‚ドã‚ã—ã¦ã„ã¾ã—ãŸã€‚è“‹ã‚’é–‹ã‘ã¦ã¿ã‚‹ã¨HeatBleed程ã®å¤§äº‹ã§ã¯ãªãホットã²ã¨å®‰å¿ƒã§ã™ã€‚ 昨日公開ã•ã‚ŒãŸOpenSSLã®ï¼™ã¤ã®è„†å¼±æ€§ã®ã†ã¡ã€TLS プãƒãƒˆã‚³ãƒ«ãƒ€ã‚¦ãƒ³ã‚°ãƒ¬ãƒ¼ãƒ‰æ”»æ’ƒ (CVE-2014-3511)ã®ä¿®æ£ã‚’見ã¦ã„ãŸã¨ã“ã‚ã€ã“ã‚Œã¯TLSプãƒãƒˆã‚³ãƒ«ã‚’å¦ã¶ã„ã„é¡Œæã«ãªã‚‹ãªãã¨ãµã¨æ€ã„ã¤ãã€è©¦ã—ã«ã“ã®Opensslã®è„†å¼±æ€§ã®è©³ç´°ã‚’TLSプãƒãƒˆã‚³ãƒ«ã®åŸºç¤Žã«åˆã‚ã›ã¦æ›¸ã„ã¦ã¿ã¾ã—ãŸã€‚ ã¡ã‚‡ã£ã¨é•·ã„ã§ã™ãŒã€TLSプãƒãƒˆã‚³ãƒ«ã®ä»•çµ„ã¿ï¼ˆã®ä¸€éƒ¨ï¼‰ã‚’知りãŸã„æ–¹ã¯ãŠèªã¿ãã ã•ã„。 2. OpenSSLã®è„†å¼±æ€§
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
https://media.defense.gov/2020/Apr/24/2002288652/-1/-1/0/CSI-SELECTING-AND-USING-COLLABORATION-SERVICES-SECURELY-LONG-FINAL.PDF
ã¯ã¦ãªID
[PDF]WEB予約サービスä¸æ£ã‚¢ã‚¯ã‚»ã‚¹ã«é–¢ã™ã‚‹èª¿æŸ»å ±å‘Šæ›¸ï¼ˆè§£æžç·¨ï¼‰ | 2018å¹´3月28æ—¥ ä¹å·žå•†èˆ¹æ ªå¼ä¼šç¤¾
https://www.apple.com/business/docs/iOS_Security_Guide.pdf/
SSL Server Test (Powered by Qualys SSL Labs)
{{#tags}}- {{label}}
{{/tags}}