ockeghemã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ / 2013å¹´12æœˆ6æ—¥ - ã¯ã¦ãªãƒ

å¤§ä¸¸æ¾å‚å±‹ã‚ªãƒ³ãƒ©ã‚¤ãƒ³ã‚¹ãƒˆã‚¢ã€å…¬å¼é€šè²©ã€‘

ãƒšãƒ¼ã‚¸ãŒè¦‹ã¤ã‹ã‚Šã¾ã›ã‚“ ãŠæŽ¢ã—ã®ãƒšãƒ¼ã‚¸ã¯æŽ²è¼‰ã‚’çµ‚äº†ã—ã¦ã„ã‚‹ã€ã‚‚ã—ãã¯URLãŒå¤‰æ›´ã«ãªã£ãŸå¯èƒ½æ€§ãŒã”ã–ã„ã¾ã™ã€‚ ãŠè²·ã„ç‰©ã‚’ãŠæ¥½ã—ã¿ãã ã•ã„ å¤§ä¸¸æ¾å‚å±‹ã‚ªãƒ³ãƒ©ã‚¤ãƒ³ã‚¹ãƒˆã‚¢TOPã¸

ockeghem 2013/12/06

CAPTCHAã§æ€ã„å‡ºã—ãŸã‘ã©ã€å¤§ä¸¸æ¾å‚å±‹ã‚ªãƒ³ãƒ©ã‚¤ãƒ³ã«ã‚‚ã€é«™å³¶å±‹ã¨åŒã˜ã‚ˆã†ãªã€Œãƒ¢ã‚°ãƒ©å©ãã€ãŒã‚ã‚Šã¾ã™

ãƒªãƒ³ã‚¯

Capy CAPTCHAã¯ä¸€çž¬ã§çªç ´ã§ãã‚‹ - ç´ äººãŒãƒ—ãƒã‚°ãƒ©ãƒŸãƒ³ã‚°ã‚’å‹‰å¼·ã—ã¦ã„ãŸãƒ–ãƒã‚°

Capy CAPTCHA æ—©é€Ÿã€å®Ÿè¨¼ã‚³ãƒ¼ãƒ‰ãŒ(CAPY IS A VERY READABLE CAPTCHA)å‡ºãŸã‚ˆã†ã ã€‚ã“ã®ã‚ˆã†ã«ä¸€çž¬ã§çªç ´ã•ã‚Œã¦ã—ã¾ã„æ„å‘³ãŒãªã„ã€‚ ã•ãã»ã©ã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆã‚’è¦‹ã¦ã„ãŸã‚‰ã‚¹ãƒ‘ãƒ é˜²æ¢ç”¨ã®ã€Œèªã¿ã¥ã‚‰ã„ç”»åƒèªè¨¼ã€ã«ã€æ—¥æœ¬äººãŒçµ‚æ¢ç¬¦ã‚’æ‰“ã£ãŸæŠ€è¡“ãŒæ–¬æ–°éŽãŽã‚‹ï¼çµŒç”±ã§ã€Capy - ä½Žã‚³ã‚¹ãƒˆã§å°Žå…¥ã‚‚ç°¡å˜ãªä¸æ£ãƒã‚°ã‚¤ãƒ³å¯¾ç–ã¨ã„ã†ã€ãƒ‘ã‚ºãƒ«ã‚’ä½¿ã£ãŸæ–°ã—ã„æ–°ã—ããªã„CAPTCHAã‚’çŸ¥ã£ãŸã€‚ ã‚³ãƒ³ãƒ†ã‚¹ãƒˆã«å„ªå‹ã™ã‚‹ãªã©è‚¯å®šçš„ãªåå¿œãŒå¤šã„ã®ã§ã€ã“ã®è¨˜äº‹ã§ã¯ã€ã“ã®CAPTCHAã®ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ä¸Šã®å•é¡Œç‚¹ã«ã¤ã„ã¦ç°¡å˜ã«æ›¸ã„ã¦ãŠã“ã†ã¨æ€ã†ã€‚ ã¾ãšã€Capy - ãƒ‡ãƒ¢ã«ãƒ‡ãƒ¢ãŒä¹—ã£ã¦ã„ã‚‹ã®ã§ã€ã‚¿ã‚¤ãƒ—åˆ¥ã«å•é¡Œç‚¹ã‚’ç¤ºã™ã€‚ ãƒ‘ã‚ºãƒ«ã‚¿ã‚¤ãƒ—ã®ç ´ã‚Šæ–¹ ã‚¸ã‚°ã‚½ãƒ¼ãƒ‘ã‚ºãƒ«ã®ç©ºç™½ã‚’åŸ‹ã‚ã‚‹ã‚¿ã‚¤ãƒ—ã®CAPTCHAã§ã‚ã‚‹ã€‚è©±ã«ãªã‚‰ãªã„ã€‚ ã¾ãšã€ç¸¦æ¨ªãŒ5pxã”ã¨ã«å¸ã„ä»˜ãã‚ˆã†ã«ãªã£ã¦ã„ã‚‹ã®ã§ã€ç¸¦æ¨ª400px*300pxã ã¨

ockeghem 2013/12/06

ç¢ºã‹ã«ãã†ã ã‘ã‚Œã©ã€ç”¨é€”æ¬¡ç¬¬ã ã¨æ€ã„ã¾ã™ã

ãƒªãƒ³ã‚¯

https://jp.techcrunch.com/2013/12/06/20131205who-is-the-real-satoshi-nakamoto-one-researcher-may-have-found-the-answer/

ockeghem 2013/12/06

ãƒªãƒ³ã‚¯

ç¬¬0å›žã€€é–‹æ¥ã®ã”ã‚ã„ã•ã¤ï¼ˆè¨ºæ–ã™ã‚‹PHPã‚³ãƒ¼ãƒ‰ã‚‚å¤§å‹Ÿé›†ï¼ï¼‰ | gihyo.jp

PHPã¯å®Ÿç”¨çš„ãªè¨€èªž ã“ã‚“ã«ã¡ã¯ã€‚æ–°åŽŸã¨ç”³ã—ã¾ã™ã€‚æœ¬é€£è¼‰ã§ã¯ã€PHPãƒ—ãƒã‚°ãƒ©ãƒŸãƒ³ã‚°è¨ºæ–å®¤ã¨ã„ã†ã“ã¨ã§ã€ä¸–ã®PHPã‚³ãƒ¼ãƒ‰ãŒå¥å…¨ã«ãªã‚‹ã¹ãã€è¨ºæ–ã—ã¦ã„ããŸã„ã¨æ€ã„ã¾ã™ã€‚ã‚ˆã‚ã—ããŠé¡˜ã„ã—ã¾ã™ã€‚ PHPã‚’é–‹ç™ºã—ãŸRasmus Lerdorfæ°ã¯ã€ã€Œâ PHPã¯æ¯ãƒ–ãƒ©ã‚·ã®ã‚ˆã†ãªã‚‚ã®ã ã€ã¨PHPã‚’è¡¨ã—ã¦ã„ã¾ã™ã€‚æ¯ãƒ–ãƒ©ã‚·ã¯æ¯Žæ—¥ä½¿ã†ã‚‚ã®ã§ã€ãã‚Œã¯ä»•äº‹ã§ã‚ã‚Šã€ã‚·ãƒ³ãƒ—ãƒ«ãªé“å…·ã§ã‚ã‚‹ã€ã¨ã€‚ç†è€…ã¯ã“ã®ç™ºè¨€ã‚’çŸ¥ã£ãŸã¨ãã«PHPã‚’ç«¯çš„ã«è¡¨ã—ãŸè‰¯ã„è¡¨ç¾ã ã¨æ„Ÿã˜ã¾ã—ãŸã€‚ãã†ã€PHPã¯ã‚·ãƒ³ãƒ—ãƒ«ãªé“å…·ã‚†ãˆã«èª°ã‚‚ãŒç°¡å˜ã«ä½¿ã„å§‹ã‚ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚HTMLã®ä¸ã«åŸ‹ã‚è¾¼ã‚“ã§ã€å‹•çš„ã«HTMLã‚’ç”Ÿæˆã™ã‚‹ã®ã¯ã¨ã¦ã‚‚ç°¡å˜ã§ã™ã€‚ã¾ãŸã€ã‚³ãƒ¼ãƒ‰ã‚‚æŸ”è»Ÿã«æ›¸ãã“ã¨ãŒã§ãã€ãƒ¦ãƒ‹ãƒ¼ã‚¯ãªæ›¸ãæ–¹ã‚’ã—ã¦ã‚‚ãã‚Œãªã‚Šã«å‹•ã„ã¦ãã‚Œã¾ã™ã€‚ PHPã¯ã€ã“ã‚Œã¾ã§ã¨ã¦ã‚‚å¤šãã®ãƒ¦ãƒ¼ã‚¶ã‚’ç²å¾—ã—ã¦ãã¾ã—ãŸã€‚ç‰¹ã«ç‰¹å¾´çš„ãªã®ãŒã€ãƒ—ãƒã‚°ãƒ©ãƒŸãƒ³ã‚°ã‚’è¡Œã†äººï¼ˆãƒ—ãƒã‚°ãƒ©ãƒžã§ã™ãï¼‰ã ã‘ã§ã¯ãªãã€

ockeghem 2013/12/06

ã“ã‚Œã¯é¢ç™½ãã†ã ã€‚æ–°åŽŸã•ã‚“ã«æœŸå¾…!

ãƒªãƒ³ã‚¯

è±šçŠ¬(ãƒˆãƒ³ã‚±ãƒ³)ã¨ã¯ï¼Ÿ æ„å‘³ã‚„ä½¿ã„æ–¹ - ã‚³ãƒˆãƒãƒ³ã‚¯

ã€˜ åè©ž ã€™â‘ ãƒ–ã‚¿ã¨ã‚¤ãƒŒã€‚ã€”å›½èªžâ€æ¥šèªžä¸Šã€•â‘¡ äººä¸¦ã¿ã§ãªã„ã“ã¨ã€‚æ„šã‹ã§å½¹ã«ç«‹ãŸãªã„äººã€‚[åˆå‡ºã®å®Ÿä¾‹]ã€Œäººå½˜åƒå¹´å·²é…¸é¼» è‡ªå± äºŒè±šçŠ¬ä¸€æ›´ä½•å¿ƒã€(å‡ºå…¸ï¼šå±±é™½éºç¨¿ï¼ˆ1841ï¼‰è©©é›†ãƒ»äºŒãƒ»å°¼å°†è»)[ãã®ä»–ã®æ–‡çŒ®]ã€”å‘‰å¿—æ³¨â€å«æ¨©ä¼ã€•â‘¢ è‡ªåˆ†ã®åã©ã‚‚ã‚’ä»–äººã«å¯¾ã—ã¦ã¸ã‚Šãã ã£ã¦ã„ã†èªžã€‚è±šå…ã€‚ã€”å¸ƒä»¤å—å¼ï¼ˆ1868â€72ï¼‰ã€•

ockeghem 2013/12/06

ã€Žè‡ªåˆ†ã®åä¾›ã‚’ã¸ã‚Šãã ã£ã¦ã„ã†èªžã€‚è±šå…ã€<è±šå…ã¯æ™‚ã€…è¦‹ã‚‹ã‘ã©ã€è±šçŠ¬ã¯çŸ¥ã‚‰ãªã‹ã£ãŸã€‚æˆ‘ãŒåã¨ã¯ã„ãˆåˆ¥äººæ ¼ãªã®ã ã‹ã‚‰ã€ã“ã®ç¨®ã®è¨€è‘‰ã¯æ»…ã‚“ã§æ¬²ã—ã„

ãƒªãƒ³ã‚¯

Ruby on Railsã«XSSã€DoSæ”»æ’ƒã®è„†å¼±æ€§ - ã‚¢ãƒƒãƒ—ãƒ‡ãƒ¼ãƒˆã®3.2.16/4.0.2ãŒé…å¸ƒ

Ruby on Railsã®3.2.16ã€4.0.2ãŒ12æœˆ3æ—¥(ç¾åœ°æ™‚é–“)ã«é…å¸ƒã•ã‚ŒãŸã€‚ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆã‚¹ã‚¯ãƒªãƒ—ãƒ†ã‚£ãƒ³ã‚°(XSS)ã¨DoSæ”»æ’ƒã®è„†å¼±æ€§ã‚’ä¿®æ£ã™ã‚‹ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã‚¢ãƒƒãƒ—ãƒ‡ãƒ¼ãƒˆç‰ˆã§ã€ã™ã¿ã‚„ã‹ã«ã‚¢ãƒƒãƒ—ã‚°ãƒ¬ãƒ¼ãƒ‰ã™ã‚‹ã‚ˆã†æ±‚ã‚ã¦ã„ã‚‹ã€‚ 3.2.16ã§ã¯ã€éŽåŽ»ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã§è¦‹ã¤ã‹ã£ãŸ4ã¤ã®è„†å¼±æ€§(CVE-2013-4491ã€CVE-2013-6415ã€CVE-2013-6414ã€CVE-2013-6417)ã‚’ä¿®æ£ã—ã¦ã„ã‚‹ã€‚ã“ã®ã†ã¡å‰2è€…ãŒXSSã®è„†å¼±æ€§ã«é–¢ã™ã‚‹ã‚‚ã®ã§ã€3ã¤ã‚ãŒDoSæ”»æ’ƒã€4ã¤ã‚ã¯éŽåŽ»ã«ä¿®æ£ã•ã‚ŒãŸè„†å¼±æ€§(CVE-2013-0155)ã‚’è¿‚å›žã§ãã‚‹è„†å¼±æ€§ã¨ãªã‚‹ã€‚ 4.0.2ã§ã¯ã€ã“ã‚Œã‚‰ã«åŠ ãˆã€ã•ã‚‰ã«ã‚‚ã†1ã¤ã®XSSè„†å¼±æ€§(CVE-2013-6416)ã‚’åŠ ãˆãŸ5ã¤ã®è„†å¼±æ€§ã‚’ä¿®æ£ã—ã¦ã„ã‚‹ã€‚ Railsã¯ã€Rubyå‘ã‘ã®ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³é–‹ç™ºãƒ•ãƒ¬ãƒ¼ãƒ ãƒ¯ãƒ¼ã‚¯ã€‚Huluã€Scribdã€GitHu

ockeghem 2013/12/06

ãƒªãƒ³ã‚¯

websec-room.comÂ -Â websec room ãƒªã‚½ãƒ¼ã‚¹ãŠã‚ˆã³æƒ…å ±

This webpage was generated by the domain owner using Sedo Domain Parking. Disclaimer: Sedo maintains no relationship with third party advertisers. Reference to any specific service or trade mark is not controlled by Sedo nor does it constitute or imply its association, endorsement or recommendation.

ockeghem 2013/12/06

ã”æŒ‡æ‘˜ã®ã‚ˆã†ã«ModSecurityã®å°Žå…¥ãƒ»é‹ç”¨ã¯å¤§å¤‰ã§ã™ã

ãƒªãƒ³ã‚¯

å¼Šç¤¾ã®ãƒ›ãƒ¼ãƒ ãƒšãƒ¼ã‚¸ã«Content Security Policy(CSP)ã‚’å°Žå…¥ã—ã¾ã—ãŸ

å¼Šç¤¾ã®ãƒ›ãƒ¼ãƒ ãƒšãƒ¼ã‚¸ã«CSP(Content Security Policy)ã‚’å°Žå…¥ã—ã¾ã—ãŸã€‚CSPã«ã¤ã„ã¦ã¯ã€ã¯ã›ãŒã‚ã‚ˆã†ã™ã‘æ°ã®ã‚¹ãƒ©ã‚¤ãƒ‰ã€Œ5åˆ†ã§ã‚ã‹ã‚‹CSPã€ãŒã‚ã‹ã‚Šã‚„ã™ã„ã¨æ€ã„ã¾ã™ã€‚ä»¥ä¸‹ã«ã‚¹ãƒ©ã‚¤ãƒ‰ã®ä¸€éƒ¨ã‚’å¼•ç”¨ã—ã¾ã™ã€‚ å…·ä½“çš„ã«ã¯ã€ä»¥ä¸‹ã®ã‚ˆã†ã«æŒ‡å®šã—ã¦ä½¿ã„ã¾ã™ã€‚ Content-Security-Policy: default-src 'self' ã“ã®çµæžœã€ä»¥ä¸‹ã®ã‚ˆã†ã«JavaScriptã®è¨˜è¿°ãŒåˆ¶é™ã•ã‚Œã¾ã™ã€‚ å¤–éƒ¨ã®JavaScriptã®èªã¿è¾¼ã¿ã¯ç¦æ¢ HTMLã‚½ãƒ¼ã‚¹ã«è¨˜è¿°ã—ãŸ<script>...</script>ã®JavaScriptã¯ç¦æ¢ ã‚¤ãƒ™ãƒ³ãƒˆå±žæ€§(onload="xxxx"ãªã©)ã¯ç¦æ¢ ä½•ã‚‚æ›¸ã‘ãªããªã‚‹ã˜ã‚ƒãªã„ã‹ã¨æ€ã‚ã‚Œã‚‹ã‹ã‚‚ã—ã‚Œã¾ã›ã‚“ãŒã€JavaScriptã¯å…¨ã¦*.jsãƒ•ã‚¡ã‚¤ãƒ«ã«è¨˜è¿°ã™ã‚Œã°ã‚ˆã„ã€ã¨ã„ã†ã“ã¨ã§ã™ã€‚ CSPã¯ã€JavaScriptã®ã‚³ãƒ¼ãƒ‰ã¨ãƒ‡ãƒ¼ã‚¿ã‚’åˆ†é›¢ã—ã¦

ockeghem 2013/12/06

ä¼šç¤¾ãƒ–ãƒã‚°ã«æ›¸ãã¾ã—ãŸ

ãƒªãƒ³ã‚¯

ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

ã‚¿ã‚°

2013å¹´12æœˆ6æ—¥ã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (8ä»¶)

å¤§ä¸¸æ¾å‚å±‹ã‚ªãƒ³ãƒ©ã‚¤ãƒ³ã‚¹ãƒˆã‚¢ã€å…¬å¼é€šè²©ã€‘

Capy CAPTCHAã¯ä¸€çž¬ã§çªç ´ã§ãã‚‹ - ç´ äººãŒãƒ—ãƒã‚°ãƒ©ãƒŸãƒ³ã‚°ã‚’å‹‰å¼·ã—ã¦ã„ãŸãƒ–ãƒã‚°

https://jp.techcrunch.com/2013/12/06/20131205who-is-the-real-satoshi-nakamoto-one-researcher-may-have-found-the-answer/

ç¬¬0å›žã€€é–‹æ¥ã®ã”ã‚ã„ã•ã¤ï¼ˆè¨ºæ–ã™ã‚‹PHPã‚³ãƒ¼ãƒ‰ã‚‚å¤§å‹Ÿé›†ï¼ï¼‰ | gihyo.jp

è±šçŠ¬(ãƒˆãƒ³ã‚±ãƒ³)ã¨ã¯ï¼Ÿ æ„å‘³ã‚„ä½¿ã„æ–¹ - ã‚³ãƒˆãƒãƒ³ã‚¯

Ruby on Railsã«XSSã€DoSæ”»æ’ƒã®è„†å¼±æ€§ - ã‚¢ãƒƒãƒ—ãƒ‡ãƒ¼ãƒˆã®3.2.16/4.0.2ãŒé…å¸ƒ

websec-room.comÂ -Â websec room ãƒªã‚½ãƒ¼ã‚¹ãŠã‚ˆã³æƒ…å ±

å¼Šç¤¾ã®ãƒ›ãƒ¼ãƒ ãƒšãƒ¼ã‚¸ã«Content Security Policy(CSP)ã‚’å°Žå…¥ã—ã¾ã—ãŸ

ãŠçŸ¥ã‚‰ã›

ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ã—ãŸã‚¨ãƒ³ãƒˆãƒªãƒ¼ã®ã‚¿ã‚¤ãƒˆãƒ«å¤‰æ›´æ©Ÿèƒ½ã®æä¾›ã‚’ä¸€æ™‚çš„ã«åœæ¢ã—ã¾ã™

ã€å¾©æ—§æ¸ˆã€‘ã€Œãƒžã‚¤ãƒ›ãƒƒãƒˆã‚¨ãƒ³ãƒˆãƒªãƒ¼ã€ã€ŒãŠæ°—ã«å…¥ã‚Šã€ã€Œé–¢å¿ƒãƒ¯ãƒ¼ãƒ‰ã€ãŒåˆ©ç”¨ã§ããªã„éšœå®³ãŒç™ºç”Ÿã—ã¦ã„ã¾ã—ãŸ

ä»Šé€±ã®ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚ãƒ³ã‚°ï¼ˆ2025å¹´1æœˆç¬¬3é€±ï¼‰

å…¬å¼Twitter

ã‚ãƒ¼ãƒœãƒ¼ãƒ‰ã‚·ãƒ§ãƒ¼ãƒˆã‚«ãƒƒãƒˆä¸€è¦§

ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

å…¬å¼Twitter

ã¯ã¦ãªã®ã‚µãƒ¼ãƒ“ã‚¹

ã‚¿ã‚°

2013å¹´12æœˆ6æ—¥ã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (8ä»¶)

ãŠçŸ¥ã‚‰ã›

ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ã—ãŸã‚¨ãƒ³ãƒˆãƒªãƒ¼ã®ã‚¿ã‚¤ãƒˆãƒ«å¤‰æ›´æ©Ÿèƒ½ã®æä¾›ã‚’ä¸€æ™‚çš„ã«åœæ­¢ã—ã¾ã™

ä»Šé€±ã®ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚­ãƒ³ã‚°ï¼ˆ2025å¹´1æœˆç¬¬3é€±ï¼‰

å…¬å¼Twitter

ã‚­ãƒ¼ãƒœãƒ¼ãƒ‰ã‚·ãƒ§ãƒ¼ãƒˆã‚«ãƒƒãƒˆä¸€è¦§

å…¬å¼Twitter

ã¯ã¦ãªã®ã‚µãƒ¼ãƒ“ã‚¹

2013å¹´12æœˆ6æ—¥ã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (8ä»¶)

ãŠçŸ¥ã‚‰ã›

ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ã—ãŸã‚¨ãƒ³ãƒˆãƒªãƒ¼ã®ã‚¿ã‚¤ãƒˆãƒ«å¤‰æ›´æ©Ÿèƒ½ã®æä¾›ã‚’ä¸€æ™‚çš„ã«åœæ¢ã—ã¾ã™

ä»Šé€±ã®ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚ãƒ³ã‚°ï¼ˆ2025å¹´1æœˆç¬¬3é€±ï¼‰

å…¬å¼Twitter

ã‚ãƒ¼ãƒœãƒ¼ãƒ‰ã‚·ãƒ§ãƒ¼ãƒˆã‚«ãƒƒãƒˆä¸€è¦§

å…¬å¼Twitter

ã¯ã¦ãªã®ã‚µãƒ¼ãƒ“ã‚¹