hasegawayosukeã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ / 2012å¹´2æœˆ17æ—¥

Masato Kinugawa Security Blog: ãƒ–ãƒ©ã‚¦ã‚¶ã®XSSä¿è·æ©Ÿèƒ½ã‚’ãƒã‚¤ãƒ‘ã‚¹ã™ã‚‹

Chromeã‚„Safariã«ã¯XSS Auditorã€IE 8ä»¥ä¸Šã«ã¯XSSãƒ•ã‚£ãƒ«ã‚¿ãƒ¼ã¨ã„ã†ã€XSSã‚’æ¤œçŸ¥ã—ã¦ãƒ–ãƒãƒƒã‚¯ã™ã‚‹æ©Ÿèƒ½ãŒãã‚Œãžã‚Œã‚ã‚Šã¾ã™ã€‚ ä»Šå›žã¯ã€ã“ã‚Œã‚’å›žé¿ã—ã¦ã¿ãŸè¨˜éŒ²ã§ã™ã€‚ ãƒ»Chromeã§ãƒã‚¤ãƒ‘ã‚¹ ã¯ã„ï¼ã¤ã„ãŠã¨ã¨ã„å ±å‘Šã—ãŸã‚„ã¤ã§ã™ï¼ XSS Auditor bypass with U+2028/2029 https://bugs.webkit.org/show_bug.cgi?id=78732 ãªãœã‹Safariã§ã¯ãƒ–ãƒãƒƒã‚¯ã•ã‚Œã‚‹(ä¸ã®äººã‚‚ç†ç”±ãŒã‚ã‹ã‚‰ãªã„ã¨è¨€ã£ã¦ã„ãŸ)ã‚“ã ã‘ã©ã€Chromeã§ã¯å‹•ãã¾ã™ã€‚ä»¥ä¸‹ã§è©¦ã—ã¦ã¿ã¦ãã ã•ã„ã€‚ http://vulnerabledoma.in/char_test?charset=utf-8&xss=1&body=%3Cscript%3E//%E2%80%A8alert(1)%3C/script%3E http://vulnerabled

hasegawayosuke 2012/02/17

Cool!

ãƒªãƒ³ã‚¯

Developers Summit 2012ã«è¡Œã£ã¦ããŸï¼ï¼ˆ1æ—¥ç›®ï¼‰ - ã‘ã‚ã®æ—¥è¨˜

åŽ»å¹´ã«ç¶šãä»Šå¹´ã‚‚è¡Œã£ã¦ãã¾ã—ãŸã€‚ä»Šå¹´10å¹´ç›®ã«å¯¾ã—ã¦2å¹´ç›®(2å›žç›®)ã®å‚åŠ ãªã®ã§ã¾ã ã¾ã æ–°å‚è€…ã ã‘ã©è‰¯ã„ç†±æ°—ã‚’è²°ãˆã¾ã—ãŸã€‚ å†…å®¹ã®ã¾ã¨ã‚ã‚’æ›¸ã‘ã‚‹ã»ã©å€‹ã€…ã®å†…å®¹ã«é€šã˜ã¦ã„ãªã„ã®ã§ã€å°è±¡ã«æ®‹ã£ãŸã“ã¨ã¨æ„Ÿæƒ³ã‚’ã–ã£ãã°ã‚‰ã‚“ã«æ›¸ã„ã¦ã¿ã¾ã—ãŸã€‚ æ£ç¢ºãªæƒ…å ±ã¯é †æ¬¡SlideShareã«ã‚¢ãƒƒãƒ—ã•ã‚Œã¦ã„ã‚‹è³‡æ–™ã‚„å„ã‚¹ãƒ”ãƒ¼ã‚«ãƒ¼ã•ã‚“ã®ãƒ–ãƒã‚°ãªã©ã‚’ã”å‚ç…§ãã ã•ã„ã€‚ 16-C-1 HTML5ã®ä»Šã¨æœªæ¥ï½žHTML5ã¨ã®æ£ã—ã„ã¤ãã‚ã„æ–¹ï½ž HTML5ã®ä»•æ§˜ã¯ãƒžãƒ¼ã‚¯ã‚¢ãƒƒãƒ—è¨€èªžã®éƒ¨åˆ†ã‚ˆã‚Šã‚‚APIã®éƒ¨åˆ†ã®æ–¹ãŒåœ§å€’çš„ã«å¤§ãã„ã€‚ HTML4.01ãŒå‡ºã¦ã‹ã‚‰10å¹´ä»¥ä¸Šã€ãã®é–“ã‚‚ã‚¦ã‚§ãƒ–ã¯é€²æ©ã—ã¦ããŸãŒå®Ÿã¯ãã‚Œã¯Flashãªã©ãƒ—ãƒ©ã‚°ã‚¤ãƒ³ã®é€²æ©ã«ã‚ˆã‚‹ã‚‚ã®ã ã£ãŸã€‚ HTML5ã«ã¯å…¨ãæ–°ã—ã„æ©Ÿèƒ½ã‚‚ã‚ã‚‹ãŒã€ã“ã‚Œã¾ã§ãƒ—ãƒ©ã‚°ã‚¤ãƒ³ãŒæä¾›ã—ã¦ããŸæ©Ÿèƒ½ã‚’"æ¨™æº–"ã¨ã—ã¦æä¾›ã™ã‚‹æ„å‘³ã‚‚å¤§ãã„ã€‚ ç‰¹ã«ãƒ¢ãƒã‚¤ãƒ«ç«¯æœ«ã§ã¯æ§˜ã€…ãªè¦å› ã‹ã‚‰ãƒ—ãƒ©ã‚°ã‚¤ãƒ³ã§å®Ÿç¾ã—ã¦ããŸã‚‚ã®ãŒ

hasegawayosuke 2012/02/17

devsumi2012

ãƒªãƒ³ã‚¯

Developers Summit 2012: 1æ—¥ç›® - ã™ãŽã‚ƒãƒ¼ã‚“ãƒ¡ãƒ¢

å…¥ç¤¾2æ—¥ç›®ã ã‘ã©ã€è¨±å¯ã‚’ã„ãŸã ã„ãŸã®ã§ãƒ‡ãƒ–ã‚µãƒŸã«è¡Œã£ã¦ããŸã€‚ 10å¹´å¾Œã‚‚ä¸–ç•Œã§é€šã˜ã‚‹ã‚¨ãƒ³ã‚¸ãƒ‹ã‚¢ã§ã‚ã‚‹ãŸã‚ã« Developers Summit 2012 è´ã„ã¦å›žã£ãŸã‚»ãƒƒã‚·ãƒ§ãƒ³ã®æ–ç‰‡çš„ãƒ¡ãƒ¢ã€‚é–“é•ã„ã‚„èª¤è§£é‡ˆãªã©ã‚ã‚Šã¾ã—ãŸã‚‰ã”æŒ‡æ‘˜ã„ãŸã ã‘ã‚‹ã¨å¬‰ã—ã„ã§ã™ã€‚ ã€16-A-1ã€‘è¦‹ã‚‹å‰ã«ç¿”ã¹ ã€œã‚®ãƒ¼ã‚¯ã®å·¥å¤«ã§ç¤¾ä¼šã‚’å¤‰ãˆã‚ˆã†ã€œ (@takorattaã•ã‚“) Launch & Iterate ãƒ†ãƒ¼ãƒžãƒ»æ–¹å‘æ€§ æ©Ÿèƒ½ã‚’add/removeã™ã‚‹ã¨ãã®åˆ¤æ–åŸºæº–ã¨ãªã‚‹ ãƒ—ãƒãƒ€ã‚¯ãƒˆã‚¢ã‚¦ãƒˆã¨ãƒžãƒ¼ã‚±ãƒƒãƒˆã‚¤ãƒ³ ã€Œè‰¯ã„ã ã‚ã†ã¨æ€ã†ã‚‚ã®ã‚’ä¸–ã«å‡ºã™ã€<->ã€Œé¡§å®¢ã®è¦æœ›ã‹ã‚‰å¿…è¦ãªã‚‚ã®ã‚’ä½œã‚‹ã€ ä»Šæ—¥ã®ãƒ¦ãƒ¼ã‚¶ã®ãŸã‚ã®æ©Ÿèƒ½ æ˜Žæ—¥ã®ãƒ¦ãƒ¼ã‚¶ã®ãŸã‚ã®æ©Ÿèƒ½ å‰è€…ã«å›šã‚ã‚Œã™ãŽãš å¾Œè€…ã‚’ã¡ã‚ƒã‚“ã¨è€ƒãˆã¦ ã‚¤ãƒŽãƒ™ãƒ¼ã‚·ãƒ§ãƒ³ã®ã‚¸ãƒ¬ãƒ³ãƒž æ€è€ƒå®Ÿé¨“ãƒ»ç§‘å¦åå¿œ ã€16-C-2ã€‘å¤§è¦æ¨¡åŒ–ã™ã‚‹ãƒ”ã‚°ãƒ©ã‚¤ãƒ•ã‚’æ”¯ãˆã‚‹ã‚¤ãƒ³ãƒ•ãƒ© ã€œMongo DBã¨Chefã«ã¤ã„ã¦ã€œ (@ku

hasegawayosuke 2012/02/17

devsumi2012

ãƒªãƒ³ã‚¯

Developers summit 2012 1æ—¥ç›® å‚åŠ ãƒ¡ãƒ¢ ãã®1 - katz's adversaria

[16-C-1] HTML5ã®ä»Šã¨æœªæ¥ ã€œHTML5ã¨ã®æ£ã—ã„ã¤ãã‚ã„æ–¹ã€œ (ç¾½ç”°é‡Žå¤ªå·³æ°) 2012/02/16 ãƒ‡ãƒ–ã‚µãƒŸ2012ã€16-C-1ã€‘HTML5ã®ä»Šã¨æœªæ¥ ã€œHTML5ã¨ã®æ£ã—ã„ã¤ãã‚ã„æ–¹ã€œ #devsumiC - Togetter HTML5 = Markup + API ã»ã¨ã‚“ã©ãŒAPIã®å¡Š ã‚¦ã‚§ãƒ–æ¨™æº–ã¯10å¹´ä»¥ä¸Šé€²åŒ–ã›ãšã‚¦ã‚§ãƒ–ã®é€²åŒ–ã¯ãƒ—ãƒ©ã‚°ã‚¤ãƒ³(Flash, Silverlightãªã©ã®RIA)ã«ã‚ˆã£ã¦ã‚‚ãŸã‚‰ã•ã‚ŒãŸ iPhone, iPadãªã©ã®ç™»å ´ã§ãƒªãƒƒãƒãƒ»ã‚³ãƒ³ãƒ†ãƒ³ãƒ„ã‚’HTML5ã§ä½œã‚‰ã–ã‚‹ã‚’å¾—ãªã„çŠ¶æ³ã« ç¾çŠ¶Androidã§ã¯Flashã‚’ã‚µãƒãƒ¼ãƒˆã—ã¦ã„ã‚‹ãŒChrome for Androidã¯Flashéžã‚µãƒãƒ¼ãƒˆã€MSã¯Windows8ã§Flashã€Sliverlightã‚’ã‚µãƒãƒ¼ãƒˆã—ãªã„ã€‚ APPåŸºç›¤ã¨ãªã‚‹ã‚¦ã‚§ãƒ–æŠ€è¡“ ãƒžãƒ«ãƒãƒ¡ãƒ‡ã‚£ã‚¢å†ç”Ÿ 2D/3Dã‚°ãƒ©ãƒ•ã‚£ãƒƒã‚¯ã‚¹ ã‚¹ãƒ¬

hasegawayosuke 2012/02/17

devsumi2012

ãƒªãƒ³ã‚¯

ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

ã‚¿ã‚°

2012å¹´2æœˆ17æ—¥ã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (4ä»¶)

Masato Kinugawa Security Blog: ãƒ–ãƒ©ã‚¦ã‚¶ã®XSSä¿è·æ©Ÿèƒ½ã‚’ãƒã‚¤ãƒ‘ã‚¹ã™ã‚‹

Developers Summit 2012ã«è¡Œã£ã¦ããŸï¼ï¼ˆ1æ—¥ç›®ï¼‰ - ã‘ã‚ã®æ—¥è¨˜

Developers Summit 2012: 1æ—¥ç›® - ã™ãŽã‚ƒãƒ¼ã‚“ãƒ¡ãƒ¢

Developers summit 2012 1æ—¥ç›® å‚åŠ ãƒ¡ãƒ¢ ãã®1 - katz's adversaria

ãŠçŸ¥ã‚‰ã›

ä»Šé€±ã®ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚ãƒ³ã‚°ï¼ˆ2024å¹´12æœˆç¬¬4é€±ï¼‰

ã€Œã‚ã¨ã§èªã‚€ã€ã‚¿ã‚°ã§æŒ¯ã‚Šè¿”ã‚‹2024å¹´ ã€œä»Šå¹´ã®ã€Œã‚ã¨ã§èªã‚€ã€ã€ä»Šå¹´ã®ã†ã¡ã«ã€œ

ä»Šé€±ã®ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚ãƒ³ã‚°ï¼ˆ2024å¹´12æœˆç¬¬3é€±ï¼‰

å…¬å¼Twitter

ã‚ãƒ¼ãƒœãƒ¼ãƒ‰ã‚·ãƒ§ãƒ¼ãƒˆã‚«ãƒƒãƒˆä¸€è¦§

ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

å…¬å¼Twitter

ã¯ã¦ãªã®ã‚µãƒ¼ãƒ“ã‚¹

ã‚¿ã‚°

2012å¹´2æœˆ17æ—¥ã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (4ä»¶)

Masato Kinugawa Security Blog: ãƒ–ãƒ©ã‚¦ã‚¶ã®XSSä¿è­·æ©Ÿèƒ½ã‚’ãƒã‚¤ãƒ‘ã‚¹ã™ã‚‹

Developers Summit 2012ã«è¡Œã£ã¦ããŸï¼ï¼ˆ1æ—¥ç›®ï¼‰ - ã‘ã‚ã®æ—¥è¨˜

Developers Summit 2012: 1æ—¥ç›® - ã™ãŽã‚ƒãƒ¼ã‚“ãƒ¡ãƒ¢

Developers summit 2012 1æ—¥ç›® å‚åŠ ãƒ¡ãƒ¢ ãã®1 - katz's adversaria

ãŠçŸ¥ã‚‰ã›

ä»Šé€±ã®ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚­ãƒ³ã‚°ï¼ˆ2024å¹´12æœˆç¬¬4é€±ï¼‰

ã€Œã‚ã¨ã§èª­ã‚€ã€ã‚¿ã‚°ã§æŒ¯ã‚Šè¿”ã‚‹2024å¹´ ã€œä»Šå¹´ã®ã€Œã‚ã¨ã§èª­ã‚€ã€ã€ä»Šå¹´ã®ã†ã¡ã«ã€œ

ä»Šé€±ã®ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚­ãƒ³ã‚°ï¼ˆ2024å¹´12æœˆç¬¬3é€±ï¼‰

å…¬å¼Twitter

ã‚­ãƒ¼ãƒœãƒ¼ãƒ‰ã‚·ãƒ§ãƒ¼ãƒˆã‚«ãƒƒãƒˆä¸€è¦§

ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

å…¬å¼Twitter

ã¯ã¦ãªã®ã‚µãƒ¼ãƒ“ã‚¹

2012å¹´2æœˆ17æ—¥ã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (4ä»¶)

Masato Kinugawa Security Blog: ãƒ–ãƒ©ã‚¦ã‚¶ã®XSSä¿è·æ©Ÿèƒ½ã‚’ãƒã‚¤ãƒ‘ã‚¹ã™ã‚‹

Developers Summit 2012ã«è¡Œã£ã¦ããŸï¼ï¼ˆ1æ—¥ç›®ï¼‰ - ã‘ã‚ã®æ—¥è¨˜

Developers Summit 2012: 1æ—¥ç›® - ã™ãŽã‚ƒãƒ¼ã‚“ãƒ¡ãƒ¢

Developers summit 2012 1æ—¥ç›® å‚åŠ ãƒ¡ãƒ¢ ãã®1 - katz's adversaria

ãŠçŸ¥ã‚‰ã›

ä»Šé€±ã®ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚ãƒ³ã‚°ï¼ˆ2024å¹´12æœˆç¬¬4é€±ï¼‰

ã€Œã‚ã¨ã§èªã‚€ã€ã‚¿ã‚°ã§æŒ¯ã‚Šè¿”ã‚‹2024å¹´ ã€œä»Šå¹´ã®ã€Œã‚ã¨ã§èªã‚€ã€ã€ä»Šå¹´ã®ã†ã¡ã«ã€œ

ä»Šé€±ã®ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚ãƒ³ã‚°ï¼ˆ2024å¹´12æœˆç¬¬3é€±ï¼‰

å…¬å¼Twitter

ã‚ãƒ¼ãƒœãƒ¼ãƒ‰ã‚·ãƒ§ãƒ¼ãƒˆã‚«ãƒƒãƒˆä¸€è¦§

ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

å…¬å¼Twitter

ã¯ã¦ãªã®ã‚µãƒ¼ãƒ“ã‚¹