ãããããµã¤ããç¥ããªããµã¤ãã訪ããåã«ãURLãå ¥åããã ãã§ãµã¤ãèæ¯æ å ±ã調æ»ããããè¿·æã¡ã¼ã«ã®éä»çµè·¯ã表示ããããããã¨ãåºæ¥ã¾ãã
ãããããµã¤ããç¥ããªããµã¤ãã訪ããåã«ãURLãå ¥åããã ãã§ãµã¤ãèæ¯æ å ±ã調æ»ããããè¿·æã¡ã¼ã«ã®éä»çµè·¯ã表示ããããããã¨ãåºæ¥ã¾ãã
Webã¢ããªã®ã»ãã¥ãªãã£ãæ¤è¨ãããWebã¢ããªã±ã¼ã·ã§ã³ã»ãã¥ãªãã£ãã©ã¼ã©ã (WASForum)ãã5æ22æ¥ãèªè¨¼ã¨èªå¯ã«é¢ããã¤ãã³ããéå¬ããããã®ä¸ã§æºå¸¯é»è©±ã®ããããããã°ã¤ã³ãã®ã»ãã¥ãªãã£ã«é¢ãã¦è¬æ¼ãè¡ãããã WASFã¯ããã¨ãã¨PCã®ä¸è¬çãªã¤ã³ã¿ã¼ãããã®ã»ãã¥ãªãã£ã対象ã«ãã¦ããããæ¨ä»ã®ã¹ãã¼ããã©ã³ã®æµè¡ãªã©ã§æºå¸¯é»è©±ãããé常ã®ã¤ã³ã¿ã¼ããããé »ç¹ã«å©ç¨ãããããã«ãªã£ããã¨ãããä»åã®ãããªèå¯ãè¡ãããã¨ããã ãããããã°ã¤ã³ã«é¢ãã¦è¬æ¼ãããã®ã¯ãHASHã³ã³ãµã«ãã£ã³ã°ã®å¾³ä¸¸æµ©æ°ã¨ãç£æ¥æè¡ç·åç 究æ(ç£ç·ç )ã®é«æ¨æµ©å æ°ã ãã³ãã©ã®ç®±ãéãããã£ãªã¢ æºå¸¯é»è©±ã®Webãµã¤ã(æºå¸¯Web)ã§ä¸è¬çã«å©ç¨ãããããããããã°ã¤ã³ãã¯ãiã¢ã¼ã(NTTãã³ã¢)ãEZweb(au)ãYahoo!ã±ã¼ã¿ã¤(ã½ãããã³ã¯ã¢ãã¤ã«)ã§å©ç¨ããã¦ãããã°
æè¿è³¼å ¥ããPHPÃæºå¸¯ãµã¤ã å®è·µã¢ããªã±ã¼ã·ã§ã³éãèªãã§ãã¦å¦ãªæããããã®ã§ããã®æè¦ã¯ãªãã ããã¨æã£ã¦ãããããã®çç±ã«æ°ã¥ãããæ¬æ¸ã«åºã¦ããã¢ããªã±ã¼ã·ã§ã³ã¯ãPHPã®ã»ãã·ã§ã³ç®¡çæ©æ§ã使ã£ã¦ããªãã®ã ããããªé¦¬é¹¿ãªã¨æã£ãããç®æ¬¡ã«ãç´¢å¼ã«ããã»ãã·ã§ã³ãããsessionãã¨ããèªã¯åºã¦ããªãããµã³ãã«ããã°ã©ã ã®CD-ROMä¸ã§ session ãæ¤ç´¢ãã¦ãåºã¦ããªãã®ã§ãã»ãã·ã§ã³ã¯ã©ãã§ã使ã£ã¦ããªãã®ã ããã ããã¯è¨ã£ã¦ããæ¬æ¸ã«ã¯ããã°ãSNSãªã©èªè¨¼ãå¿ è¦ãªã¢ããªã±ã¼ã·ã§ã³ãç»å ´ãããæ¬æ¸ã§æ¡ç¨ãã¦ããèªè¨¼æ¹å¼ã¯ããã ã æºå¸¯é»è©±ã®åä½èå¥çªå·ãç¨ãããããããããããããã°ã¤ã³ãã®ã¿ã使ã èªè¨¼ç¶æ ãã»ãã·ã§ã³ç®¡çæ©æ§ã§ç¶æããªããå ¨ã¦ã®ãã¼ã¸ã§æ¯åèªè¨¼ãã ãã®ããããiã¢ã¼ãIDããªã©ãã¦ã¼ã¶ã«ç¢ºèªããã«èªåçã«éä¿¡ãããIDãç¨ãã ã¤ã¾ããå ¨ã¦
1. 8ä¸ã®ã«ã¼ãæ å ±ãå«ã65ä¸äººã®å人æ å ±ãæ¼æ´©ãï¼ã»ãã¥ãªãã£ããã¡ããè¦ç´ãã 2. æ¼æ´©ãå¤æããç´å¾ã¯å»¶ã¹20人ã3æ¥éï¼å¤ãå¾¹ãã¦ä½æ¥ã«å½ãã£ã 3. ã«ã¼ãæ å ±ã®ç®¡çã第ä¸è ã«ä»»ãï¼WAFãå°å ¥ãããªã©å®å ¨æ§ãé«ãã ãããããã¨ã«ãªã£ã¦ãã¾ã£ããè¦æããªããããªãã 2008å¹´7æ10æ¥ã®æ·±å¤ã®ãã¨ãã¢ã¦ããã¢ç¨åãé£ãå ·ã®è²©å£²ã§å¹´é40ååã売ãä¸ããECãµã¤ããããã¥ã©ã ããéå¶ããããã«ã´ã¡ã»ãã¼ã«ãã£ã³ã°ã¹ï¼å½æã®ç¤¾åã¯ããã¥ã©ã ï¼8æ1æ¥ã«æã¡æ ªä¼ç¤¾ã¨ãã¦æ¹ç§°ï¼ã®ä¸å³¶æ浩æ°ï¼ä»£è¡¨åç· å½¹ä¼é·å ¼ç¤¾é·CEOï¼ã¯ï¼åµæ¥ä»¥æ¥ã®å±æ©ã«ç´é¢ãã¦ãããããã¥ã©ã ã®ãµã¤ãããï¼ã¯ã¬ã¸ããã«ã¼ãæ å ±ãå«ãå人æ å ±ãã»ã¼ç¢ºå®ã«æ¼æ´©ãã¦ãããã¨ãå¤æããã®ã ã大éªå¸ä¸å¤®åºã®æ¬ç¤¾ä¼è°å®¤ã«éã¾ã£ãã¡ã³ãã¼ã¯çéããã¦ããã ã¾ãåãçµãã ã®ã¯è¢«å®³ã®æ¡å¤§ãé²ããã¨ï¼å³1ï¼ã丸3æ¥éã§ä¸æ°ã«å¯¾
2008å¹´12æ05æ¥ ã¯ã¬ã¸ããã«ã¼ãæ代ã®çµãã (9) ã«ãã´ãªï¼éæ ååä¸ãæ¨å¤ããã®çç¡ã®ããªãã ã¨ã¡ããã«èµ·ããããã ãé»è©±ããã ç¸æï¼ãã¡ãï¼ï¼ï¼ï¼ã«ã¼ããæ å½ã®ï¼ï¼ã§ãã ç§ï¼ã¯ãã ç¸æï¼æ¨æ¥ãã客æ§ã®å£åº§ããä¸æ£ãããå¼ãåºããããã確èªã®é»è©±ã§ãã ç§ï¼ãã£ãä¸æ£å¼ãåºãï¼ï¼ ç¸æï¼ã½ãã¼ã¨ã³ã¿ã¼ãã¤ã¡ã³ãã20ä¸åãã¹ã¤ã«èªã¿åãã3ä¸åããã¡ãã«è¦ãã¯ãããã¾ããã ç§ï¼ãã¼ã¼ããã¤ãã¤ãã¤ãå ¨ç¶ãªãããã ç¸æï¼ããã§ã¯ä¿éºæ å½ããå度ãé»è©±ããã¦é ãã¾ãã®ã§ãã°ãããå¾ ã¡ãã ããã ãã°ãããã¦ã ç¸æï¼ç§ãä¿éºæ¯æããæ å½ãã¦ãã¾ãï¼ï¼ã§ãã ç§ï¼ã¯ã¼ã¼ã ç¸æï¼æ©éã§ãããã«ã¼ãã¯ã¯ãã¿ãå ¥ãã¦ç ´æ£ãã ãããä¸é±éå¾ã«æ°è¦ï¼®ï¼¯ã®ã«ã¼ããçºè¡ãã¾ããã客æ§ã®æ失é¡ã¯å½ç¤¾ã®ä¿éºã§ã«ãã¼ããã¾ããã客æ§ã®ä½¿ç¨å±¥æ´ãè¦ã¾ãã¨ãï¼¹ï½ï½ï½ï½ãï¼³ï½ï½ï½ï½ï½ï½ï½ãª
ã¦ã¤ã«ã¹ãæ¤ç¥ããå社ã®ã¦ã¤ã«ã¹å¯¾çã½ããã¯å¸¸é§ãããã¨ã¦ã¤ã³ãã¦ãºå ¨ä½ãã¯ã³ãã³ãé ãããããªéããæãããããå¹´æãçµéããã«ã¤ãã¦ãªããã©ãã©ãéããå¢ãã¦ããå¶æªãªã½ãããå¤ãã®ã§ããããã®ãNOD32ã¢ã³ãã¦ã¤ã«ã¹ãã¯å§åçãªã¾ã§ã®è»½ããã¦ãªã軽ãããã¨è¨ã£ã¦æ©è½ãä½ãããã§ã¯ãªãããããéã§ããVirus Bulletinãã«ããã¦æ¨©å¨ãããã¦ã¤ã«ã¹æ¤åºç100ï¼ AWARDãï¼Virus Bulletin 100ï¼ ã¢ã¯ã¼ãï¼ãæ°è¨é²ã¨ãªãæ¥çæå¤ã®51åç²å¾ï¼2008å¹´8ææç¹ï¼ãä¾¡æ ¼ã³ã äºä»¶ã«ããã¦ããã¥ã¼ãªã¹ãã£ãã¯æ©è½ã§å¯ä¸æ¤ç¥ã§ããã½ããã¨ãã¦ãã®å®åããããä¸ã«ã¨ã©ãããããã¯ã¿ã¼ã®ç¬¬10åããã¬ã¸å¤§è³ãåè³ã売ãä¸ãã©ã³ãã³ã°ã¯å¸¸ã«ä¸ä½ã§ãNo.1ããã¼ã¯ãããã¨ãããã¾ãã æ©è½ãåªç§ã ããã¨ãã£ã¦è¤éæªå¥ãªè¨å®ãå¿ è¦ã¨ããããã§ã¯ãªããã¤ã³ã¹ãã¼ã«æã®åæè¨å®ã®
ããããäºåinãXSSãããã¡ãã£ããããã§ããï¼ ä½¿ãå¤ãããææ³ï¼ ãã¾ã©ãã¨ã¹ã±ã¼ãå¦çãããã¦ãªãã¦ããµãï¼ é¢é£ã®è¨äºã«å¯¾ãã¦ãã¯ã¦ãªããã¯ãã¼ã¯ã§ãè²ã è¨ããã¦ãããã http://b.hatena.ne.jp/t/%E4%BA%88%E5%91%8A.in?threshold=1 ãã¥ã¼ã¹ãµã¤ãã§ãããããªç ½ãè¨äºãæ¸ããã¦ãããããããã©â¦ ä»åã®ä»¶ã«ã¤ãã¦ITä¼æ¥ã«å¤ããã¨ã³ã¸ãã¢ã«èãã¦ã¿ãã¨ã ãããã¯åæ©ä¸ã®åæ©ãXSSã³ã¼ãæ¸ããæ¹ã10åãæãã£ã¦ãªããããããäºåã«å¯¾çãã¦ãªãã£ãäºåinã«ã¯ãã£ã¨ããã¯ãªã ãã©ãããç´ äººãªã®ï¼ã ã¨èªãã äºåinã»ãã¥ãªãã£èå¼±æ§ãçã£ãã³ã¼ã!?ããäºåinéçºè ã¯ç´ 人ã http://news.livedoor.com/article/detail/3759632/ ããã£ã¦ã©ãã ãããã GoogleãAmazo
ã»ãã¥ãªãã£ã½ããã®æ¯è¼æ¤è¨¼ãè¡ãç¬ç«æ©é¢ã®æ大æãAV-Test.orgãã«ããã¢ã³ãã¦ã¤ã«ã¹ã½ããã®æ¤åºåã©ã³ãã³ã°2008å¹´6æ11æ¥çãçºè¡¨ããã¾ãããä¸ä½ã©ã®ãããªçµæã«ãªã£ã¦ããã®ã§ããããï¼æ°ã«ãªããã¹ã10ãè¦ã¦ã¿ã¾ãããã ã©ã³ãã³ã°ã¯ä»¥ä¸ããã ãã¤ãAV-Test調ã¹ã«ããã2008å¹´6æ11æ¥ç¾å¨ã®æ¤åºçé ä½ 1ä½ï¼G DATA ã¢ã³ãã¦ã¤ã«ã¹2008ï¼99.21ï¼ ï¼ 2ä½ï¼Kaspersky ã¢ã³ãã¦ã¤ã«ã¹7.0ï¼98.96ï¼ ï¼ 3ä½ï¼Norton ã¢ã³ãã¦ã¤ã«ã¹2008ï¼98.89ï¼ ï¼ 4ä½ï¼Windows Live OneCareï¼98.53ï¼ ï¼ 5ä½ï¼F-Secure ã¤ã³ã¿ã¼ãããã»ãã¥ãªã㣠2008ï¼98.09ï¼ ï¼ 6ä½ï¼McAfee ã¦ã¤ã«ã¹ã¹ãã£ã³ãã©ã¹ï¼95.77ï¼ ï¼ 7ä½ï¼ã¦ã¤ã«ã¹ãã¹ã¿ã¼2008ï¼92.42ï¼ ï¼ 8ä½ï¼ã¦ã¤ã«ã¹ã»ãã¥ãªã㣠Z
æè¿ããããåç´ããã°ã©ãã¼ãåæ¥ã§ããæå¿ãã®ãããªãã®ãæãã¦ãããããããã³ã¼ããèªã¿æ¸ãããã®ã楽ããã¦ãããããªã段éã«ãªã£ã¦ã¾ããã¾ããã ããããã¨ããRubyã¯åå¿è ã«ããããããã©ãä¸éããã°ã©ãã¾ã§ãä¸ã®ã¹ãã¼ã¸ãç¨æããã¦ãããããªãã¾ãã§èªç¶è¨èªã®ãããªãªããããã»ããªãããããã£ã¦ãã»ãã¼ãã¨ãã¾ãããã¶ã¤ã³ã®ç¾ãããã®ã«è§¦ãã¦ããã¨ãã«ã¯äººéã¯ãããªã«ã幸ãã«ãªããã®ããã¨ããæãã§ãããã¨ãã«ãä»åã®ããã°ãã¿ã¯ããã¶ã¤ã³ã®æªããã®ã«åºä¼ãã¨ãããªã«ãæ°åãæªããªãã®ããã¨ãã話ãªã®ã§ããã ãªããæ°ããã¸ã§ã¯ãã§ã¯ãã¶ã¤ãã¼ã®ã¯ãªã¹ã®å§ãã§Hamlã使ããã¨ã«ããããã¢ã¼ããã¯ãã®ããã¼ã®è¨è¨ã§Javascriptã«Publish-Subscribeåã®ï¼ã¤ã¾ãä¸å¯¾å¤ã®ï¼ã³ã¼ã«ããã¯ã®ãã¬ã¼ã ã¯ã¼ã¯ãä½ã£ã¦ã¿ãããReallySimpleHistoryã使ã
ãã°ã¤ã³ãå¿ è¦ãªãµã¤ãã®å¤ãã¯ãIDã¨ãã¹ã¯ã¼ããå ¥åãããã©ã¼ã ãè¨ç½®ããã¦ãã¾ãã é常ããã®ãããªãã©ã¼ã å ã®ãã¹ã¯ã¼ãé¨åã«å ¥åããæåã¯çã¿è¦é²æ¢ã®ãããã********ãã®ãããªã¢ã¹ã¿ãªã¹ã¯ã«ãªã£ã¦æåãé ãããããã«ãªã£ã¦ãã¾ããããã°ãã°ããã®å ¥åãããã¹ã¯ã¼ãã確èªãããç¶æ³ã«ãªãå ´åãå°ãªãããã¾ããã ãã®ãããªã±ã¼ã¹ã«å½¹ç«ã¤ããã¯ã®ç´¹ä»ã 以ä¸ã®JavaScriptãã¢ãã¬ã¹ãã¼ã«å ¥åããã¨ã次ã®ãããªãã¤ã¢ãã°å ã«ãã¹ã¯ã¼ãã表示ããã¾ãã javascript:(function(){var s,F,j,f,i; s = ""; F = document.forms; for(j=0; j<F.length; ++j) { f = F[j]; for (i=0; i<f.length; ++i) { if (f[i].type.toLowerCase() ==
telnetã§ãªã¯ã¨ã¹ããæã¤ã®ã¯é¢åâ¦â¦ ã¯ã¦ãããã¼ããããã©ãããâ¦â¦ã ã¸ã¥ã³ããã«Webã¢ããªã¨ã³ã¸ãã¢ã¨ãã¦éè¦ãªåºç¤ãHTTPã®ããã¿ãæãã¦ããã£ãã¯ã¦ã¯ãå¼ãç¶ãHTTPã¨æ ¼éä¸ã ã ã¯ã¦ã¯ã¸ã¥ã³ããã«æãã£ãã¨ããtelnetã使ã£ã¦HTTPãåå¼·ãã¦ãããããããtelnetã§éçãã¡ã¤ã«ã®é²è¦§ãªã©ã¯æ¯è¼çç°¡åã«ã§ããã®ã ããèå¿ã®Webã¢ããªã±ã¼ã·ã§ã³ã®é²è¦§ãè¡ãã«ã¯é常ã«é¢åã§ãã£ãã ã¦ã¦ã¤ããã©ãããã®ï¼ã ã¯ã¦ããHTTPã®åå¼·ãããã¨æã£ããã ãã©ãã³ãã³ãããã¡ãã¡æã¡è¾¼ãã®å¤§å¤ãªãã ããâ¦â¦ã ã¦ã¦ã¤ãããªããããããã®ãç°¡åã«ã§ãããã¼ã«ããããããªãã®ï¼ã ã¯ã¦ãããããããããããèãããããããã®ããããã ããã¡ãã£ã¨æ¢ãã¦ã¿ãã£ã¨ã ã¦ã¦ã¤ããã¾ããããã¯ããã¨ãã¦ã ãæ¨æ¥é ¼ãã§ãããè³æã£ã¦ã©ããªã£ãï¼ã ã¯ã¦ããããã£ããããï¼ å ±æãµã¼
CAPTCHAããåç¥ã§ããããã ã¹ãã é²æ¢ã®ããã«æªãã æåã¨ããå ¥åããããã¢ã¬ã®ãã¨ãªã®ã§ããã ã¯ã¦ãªã®CAPTCHAã®å¼·åº¦ãå¦ã«ä½ãæããã®ã§æ¤è¨¼ãã¦ã¿ã¾ããã CAPTCHAã¨ããã®ã¯ããããéãã¥ã¼ãªã³ã°ãã¹ãã¨ãã奴ã§ã 人éã«ã¯å¯è½ã ãæ©æ¢°ã«ã¯å¦çãã«ãããã¨ãããããã¨ã§ã ããããã«ããæä½ãå¼¾ããã¨ãããã®ã§ãã ãã¨ãã°ãGmailã®ã¦ã¼ã¶ç»é²ã«ã¯ä»¥ä¸ã®ãããªç»åã表示ããã 表示ããã¦ããæåãå ¥åãããã¨ãæ±ãããã¾ãã CAPTCHAã®å¼·åº¦ ä¾ãã°ã¹ãã ãéãããã«å¤§éã®Gmailã¢ã«ã¦ã³ããå¾ããã¨ãã¦ã人ãããã¨ãã¾ãã æä½æ¥ã§Gmailãç»é²ããã®ã¯éª¨ãæããã ããã§ããã°ã©ã ã«ããæ©æ¢°åã試ã¿ããã¨ã«ãªãããã§ãã ãã®éãéå£ã¨ãªãã®ããã®CAPTCHAãªã®ã§ãã ãã®ç»åããæ£è§£ã§ããæåå"vittac"ãå¾ããã¨ã¯æ©æ¢°ã«ã¯é£ããã ãã
Windowsã®å種ã¦ã¼ã¶ã¼ã¢ã«ã¦ã³ãã®ãã¹ã¯ã¼ãã解æãã¦è¡¨ç¤ºãããã¨ãã§ãããªã¼ãã³ã½ã¼ã¹ã½ãããOphcrackãã使ã£ã¦ã¿ã¾ãããWindows Vistaã«ã対å¿ãã¦ãããç·å½ããã§è§£æããã®ã§ã¯ãªããããé常ã«ç´ æ©ã解æã§ããã®ãç¹å¾´ãæ°åç¨åº¦ã®æéã§è§£æã§ãã¦ãã¾ãã¾ããä»åã®å®é¨ã§ã¯ã¸ã£ã¹ã3åã§Administratorã®ãã¹ã¯ã¼ãã表示ããã¦ãã¾ãã¾ãããã·ã§ãã¯ã é常ã¯ISOã¤ã¡ã¼ã¸ãCDã«ç¼ãã¦CDãã¼ãã§èµ·åããã®ã§ãããä»åã¯USBã¡ã¢ãªããèµ·åãã¦ã¿ã¾ãããå®éã«èµ·åãã¦ããçµäºããã¾ã§ã®æ§åã®ã ã¼ãã¼ãããã¾ãã ã¨ããããã§ä½¿ãæ¹ãªã©ã®è§£èª¬ã¯ä»¥ä¸ããã â»ããã¾ã§ãèªåã®ãã¹ã¯ã¼ãã®å¼±ãããã§ãã¯ããããã®ã½ãããªã®ã§ã使ç¨ããéã«ã¯èªå·±è²¬ä»»ã§ãé¡ããã¾ã Ophcrack http://ophcrack.sourceforge.net/ ãã¦ã³ãã¼ãã¯
ä½æ ä¸çºãã¿ããã·ã¥ã¢ãããä½ã人ã®å¤ãã¯å ¥åããID/PASSã®æ±ãã«ã¤ãã¦ã®åææãæ¸ããªãã®ã ããã ææãããç´ãã¦ãããã®ã§ã©ãã©ãææããããã«ã¯ãã¦ããã©ã俺ã¿ãããªã¨ã³ãã¦ã¼ã¶ããææãããæç¹ã§çµãã£ã¦ãæ°ãããã ä¼ç¤¾ååºãã¦ããã¡ã¯ã»ãã¥ãªãã£æèã®ãªãæ°äººããã¾ããã¼ãã£ã¦ããèªèãã¿ãªã®ã ãããã twitterã«ããã°ã®æ´æ°æ å ±ãåæ ã§ããï¼twitbacker | 製å/ãããã¯ã | ä¸çãå·¡ãFool on the web | ãããªãBLOG
Webã¢ããªã±ã¼ã·ã§ã³ãæ»æè ã«ä»ãè¾¼ã¾ããèå¼±æ§ã®å¤ãã¯ãè¨è¨è ãéçºè ã®ã¬ãã«ã§æé¤ãããã¨ãã§ãã¾ããå®è£ ã«å¿ããæ¹ããæè¿ããçãããèå¼±æ§ã®ããã10ãç¥ããã¨ã§æã£åãæ©ãæ¦è¦ãç¥ããéçºã®éã«ãã®åå¨ãæèãã¦ã»ãã¥ã¢ãªWebã¢ããªã±ã¼ã·ã§ã³ã«ãã¦ããã ããã°å¹¸ãã§ãã Webã®ä¸çãè ããèå¼±æ§ãé ä½ä»ã OWASPï¼Open Web Application Security Projectï¼ã¯ã主ã«Webã¢ããªã±ã¼ã·ã§ã³ã®ã»ãã¥ãªãã£åä¸ãç®çã¨ããã³ãã¥ããã£ã§ãããã§ã®èª¿æ»ãéçºã®ææç©ã誰ã§ãå©ç¨ã§ããããã«å ¬éãã¦ãã¾ãã ãã®ä¸ã®ãOWASP Top Ten Projectãã¨ããããã¸ã§ã¯ãã§ã¯ãå¹´ã«1åWebã¢ããªã±ã¼ã·ã§ã³ã®èå¼±æ§ããã10ãæ²è¼ãã¦ãã¾ãã2004å¹´çã¯æ¥æ¬èªãå«ãåå½èªçãæä¾ããã¦ãã¾ããã2007å¹´çã¯ç¾å¨ã®ã¨ããè±èªçã®ã¿ãæä¾ã
â ãã°ã¤ã³æåæã®ãªãã¤ã¬ã¯ãå ã¨ãã¦ä»»æãµã¤ãã®æå®ãå¯è½ã§ãã£ã¦ã¯ãããªã ããããèå¼±æ§ãã¨ãã¦åæããããã©ããããããªãã£ãããè å¨ã¨å¯¾çãã¾ã¨ãã¦IPAã«å±ãåºã¦ã¿ãã¨ãããåçãããå½è©²ãµã¤ãï¼è¤æ°ï¼ã¯ä¿®æ£ãããã以ä¸ããã®åé¡ãã©ããããã®ã§ãã©ãããã¹ããªã®ããã¯ã¦ãªã®ã±ã¼ã¹ãä¾ã«æ¸ãã¦ããã 4æã«ãããªè©±ãçãä¸ãããè¦ãã¦ããã*1 ã½ã¼ã·ã£ã«ããã¯ãã¼ã¯ã¦ã¼ã¶ã¼ã®IDã¨PASSããã¨ãç°¡åã«æãåãæå£, ãã¼ã ãã¼ã¸ãä½ã人ã®ãã¿å¸³, 2007å¹´4æ6æ¥ ï¼¢ãã¿ã³ãã£ãã·ã³ã°ã¨ã¯ä½ï¼ è¨äºã®æå¾ã«ã¯ç§ã®ããã°ã§ãããªãã¿ã®ãã¯ã¦ãªããã¯ãã¼ã¯ã¸è¿½å ãã¿ã³ãããã¶ã¼ã«ã®ããã¯ãã¼ã¯ãã¿ã³ï¼ï¼¢ãã¿ã³ï¼ãè¨ç½®ãã¦ããããã°ãæè¿è¯ãè¦ããããä½æ°ãªãç§ã¯ãããå©ç¨ããããã¦ãããï¼ç¥ï¼ãããï¼ã»ãã·ã§ã³ããããã®ããªãã¨æããèªåã®IDã¨ãã¹ã¯ã¼ããå ¥ãã¦ãã°ã¤ã³ã
KCCSã¯Webèå¼±æ§è¨ºæãµã¼ãã¹ãå¼·åããSNSãããã°ãªã©ã§çããããèå¼±æ§ãæ¤æ»ãããWeb 2.0対å¿ãã©ã³ãã追å ããã 京ã»ã©ã³ãã¥ãã±ã¼ã·ã§ã³ã·ã¹ãã ï¼KCCSï¼ã¯2æ22æ¥ãWebèå¼±æ§è¨ºæãµã¼ãã¹ãå¼·åãããWeb 2.0対å¿ãã©ã³ãã追å ãããSNSï¼ã½ã¼ã·ã£ã«ã»ãããã¯ã¼ãã³ã°ã»ãµã¼ãã¹ï¼ãããã°ãªã©ã§çããããèå¼±æ§ãéç¹çã«è¨ºæããã KCCSã§ã¯ããã¾ã§ããWebã¢ããªã±ã¼ã·ã§ã³ã対象ã¨ããèå¼±æ§è¨ºæãµã¼ãã¹ãæä¾ãã¦ãããã¯ãã¹ãµã¤ãã¹ã¯ãªããã£ã³ã°ãSQLã¤ã³ã¸ã§ã¯ã·ã§ã³ããã£ã¬ã¯ããªãã©ãã¼ãµã«ãªã©ãã¦ã¼ã¶ã¼ã®å人æ å ±æµåºãªã©ã«ã¤ãªãããããã®ããèå¼±æ§ãããã¼ã«ã¨å°é家ã«ããæä½æ¥ã®è¨ºæãã½ã¼ã¹ã³ã¼ãã®è§£æãéãã¦çºè¦ããå ±åããã Web 2.0対å¿ãã©ã³ã§ã¯ãSNSãããã°ãªã©ãã¦ã¼ã¶ã¼åå åã®Webãµã¤ãã§çºçããããèå¼±æ§ã«ã¤ãã¦ãããã¾ã§ã®ãã¦
ãã¹ã¯ã¼ããç ´ã£ã¦FTPãµã¼ãã¼ãSSHãµã¼ãã¼ã«ä¸æ£ä¾µå ¥ãããã¨ããæ»æãå¾ã絶ããªããIBM ISSã®ã»ãã¥ãªãã£ãªãã¬ã¼ã·ã§ã³ã»ã³ã¿ã¼ï¼SOCï¼ã§ãå¤æ°æ¤ç¥ãã¦ãããæ¬ç¨¿ã§ã¯ãã¹ã¯ã¼ã解æã®è å¨ãåèªèãã¦ããã ãããã«ï¼ããã¼ããã[注1]ã使ã£ã調æ»çµæãåºã«ï¼ãã®å®éã®æå£ã解説ãããã 注1ãããã¼ãããã¨ã¯ï¼æ»æè ãã¯ã¼ã ãªã©ããã³ãå¯ãï¼ä¾µå ¥å¾ã«ã©ããªè¡åãã¨ãããç£è¦ã»è¦³å¯ããããã®ã·ã¹ãã ã®ãã¨ï¼ç¨èªè§£èª¬ï¼ãä»å使ç¨ããããã¼ãããç°å¢ã§ã¯ï¼ä¾µå ¥ããæ»æè ãæªç¨ã§ããªãããã«ã¢ã¯ã»ã¹å¶éãæ½ãï¼å¤é¨ã¸ã®ä¸æ£ãªãã±ãããå¶å¾¡ããã ä¾µå ¥å¾ã®æ¯ãèã ããã¼ãããã«ãã調æ»æéã¯2006å¹´9æ1æ¥ãã9æ25æ¥ã以ä¸ã§ã¯ï¼å®éã«ãã¹ã¯ã¼ããç ´ããã¦ä¾µå ¥ãããäºä¾ãç´¹ä»ããã ã·ã¹ãã ã»ãã°ã確èªããã¨ããï¼ãã®äºä¾ã§ã¯ï¼SSHãµã¼ãã¹ã«å¯¾ããèªè¨¼ãç¹å®ã®IPã¢ãã¬ã¹ãã3
ãé¢é£è¨äºã æ¬å 容ã«ã¤ãã¦ã®ã¢ãããã¼ãè¨äºãå ¬éãã¦ãã¾ãããããã¦ã確èªãã ããï¼ç·¨éé¨ï¼ Security&Trustã¦ã©ããï¼60ï¼ ä»å¤ãããããå®å ¨ãªSQLã®å¼ã³åºãæ¹ ï½ é«æ¨æµ©å æ°ã«èãã¦ã¿ã http://www.atmarkit.co.jp/fsecurity/column/ueno/60.html Webã¢ããªã±ã¼ã·ã§ã³ã«å¯¾ããæ»æææ³ã®1ã¤ã§ããSQLã¤ã³ã¸ã§ã¯ã·ã§ã³ã®åå¨ã¯ãããªãåºãç¥ãããããã«ãªã£ãããããããã®å¯¾çã¯ã¾ã æ¬å½ã«ç解ããã¦ããªãããã«æããããã©ã¼ã ãã渡ãããå¤ã®ç¹æ®æåãã¨ã¹ã±ã¼ãããããPHPã®magic_quotes_gpcã¨ãã£ãèªåã¨ã¹ã±ã¼ãæ©è½ããªã³ã«ããã ãã§å¯¾çããã¤ããã«ãªã£ã¦ããªãã ãããã åºæ¬ã¯ãã¡ãããã»ã«ã³ããªã¼ãã¼SQLã¤ã³ã¸ã§ã¯ã·ã§ã³ããã«ããã¤ãæåãå©ç¨ããSQLã¤ã³ã¸ã§ã¯ã·ã§ã³ã®æ»æãã¿ã¼ã³ãããã®å¯¾
ãªãªã¼ã¹ãé害æ å ±ãªã©ã®ãµã¼ãã¹ã®ãç¥ãã
ææ°ã®äººæ°ã¨ã³ããªã¼ã®é ä¿¡
å¦çãå®è¡ä¸ã§ã
j次ã®ããã¯ãã¼ã¯
kåã®ããã¯ãã¼ã¯
lãã¨ã§èªã
eã³ã¡ã³ãä¸è¦§ãéã
oãã¼ã¸ãéã
{{#tags}}- {{label}}
{{/tags}}