YAPC::Hakodate 2024ã§ã®çºè¡¨å 容ã§ãã https://yapcjapan.org/2024hakodate/
ããã«ã¡ã¯ï¼ã¤ã¼ã´ãªã§ãã AWS ã«ã¨ã£ã¦ãã¯ã©ã¦ãã®ã»ãã¥ãªãã£ã¯æåªå äºé ã§ãã(AWSå ¬å¼ãã¼ã¸) AWSç°å¢ã®ã»ãã¥ãªãã£å¯¾çã¨ãã¦AWSãµã¼ãã¹ã解説ããããããã¾ãã¯AWSç°å¢ã®æé©ãªè¨è¨ã«ã¤ãã¦èããå¿ è¦ãããã¾ããAWS Well-Architected Frameworkãèæ ®ããªããã®è¨è¨ãæ¨å¥¨ãã¾ããAWS Well-Architected Frameworkãå ¨é¨è©³ããèªããã¨ããããããã¾ããããã®è¨äºã§ã¯å人çã«ä¸çªéè¦ã ã¨æãç¹ã«ã¤ãã¦è¨è¼ãã¾ãã ã¨ã¦ããã£ãã説æãã¾ãã¨ãAWS Well-Architected Frameworkã¨ã¯ãã¯ã©ã¦ãã·ã¹ãã ã®æé©ãªè¨è¨æ¹æ³ãæä¾ããAWSã®ã¬ã¤ãã©ã¤ã³ã§ã6ã¤ã®æ±ãããã¾ãããã®è¨äºã§ã¯åºæ¬çã«ãã»ãã¥ãªãã£ãã®æ±ãæè¡ç観ç¹ããè¦ã¦ã¿ããã¨æãã¾ãã AWS Well-Architected Framew
By Ruian Duan and Daiping Liu October 16, 2023 at 1:38 AM Category: Malware Tags: Advanced URL Filtering, Cobalt Strike, Cortex XDR, Decoy Dog malware, DNS security, dns tunneling, DNSTT, FinCounter, next-generation firewall, VPN This post is also available in: English (è±èª) æ¦è¦ æ¬ç¨¿ã¯ãDNS (ãã¡ã¤ã³ ãã¼ã ã·ã¹ãã ) ã®ãã³ããªã³ã°æè¡ãéç㧠(in the wild) ã©ã®ãããªçç±ã¨æ¹æ³ã§å©ç¨ããã¦ããã®ãã«é¢ããç 究ããç´¹ä»ãã¾ããã¾ããã®ç 究çµæã«åºã¥ãã¦ããã³ããªã³ã° ãã¡ã¤ã³ããã¼ã«ããã£ã³ãã¼ã³
ããã«ã¡ã¯ãæ¬ããã°ã«åãã¦è¨äºãæ¸ããæ ªå¼ä¼ç¤¾ Flatt Security ã»ãã¥ãªãã£ã¨ã³ã¸ãã¢ã® Azara(@a_zara_n)ã§ããæ®æ®µã¯ Web ããã©ãããã©ã¼ã ã®è¨ºæãã¯ã©ã¦ãå¨ãã®èª¿æ»ãTwitter ã§ã¯ã飯ã®ç»åãæµãä»äºããã¦ãã¾ãããããããé¡ããã¾ãã ã¯ã©ã¦ããµã¼ãã¹ãçºå±ãç¶ããä»æ¥ãã®é ãå¤ãã®ä¼æ¥ããããªãã¯ã¯ã©ã¦ãããã©ã¤ãã¼ãã¯ã©ã¦ããªã©ãé§ä½¿ã顧客ã¸ãµã¼ãã¹æä¾ãã¦ããã®ãç®ã«ãã¾ãããã®ãããªä¸ã§ããµã¼ãã¹ãå©ç¨ããã¯ã©ã¦ãã«ããã¦è¨å®ä¸åãæå³ããªãå ¥åãæ§æã®ä¸åã«ãã顧客æ å ±ã IAM ãã¯ããã¨ããèªè¨¼æ å ±ãè ããããã±ã¼ã¹ãå¤ã ããã¾ãã æ¬è¨äºã§ã¯ããã®ãããªè å¨ã®ä¸ä¾ããã¨ã«ã¯ã©ã¦ããµã¼ãã¹ãããå ç¢ã§å®å ¨ã«å©ç¨ããä¸å©ã«ãªãã°ã¨ãæ»æææ³ã対çãªã©ã«ã¤ãã¦è§£èª¬ããã¦ããã¾ãã ã¾ããç§ã®æå±ãã æ ªå¼ä¼ç¤¾ Flatt Secur
ã´ã¼ã«ãã³ã¦ã£ã¼ã¯ã®ã¯ããï¼4æ29æ¥ï¼ã«æ稿ããã以ä¸ã®ãã¤ã¼ãã§ããã5æ7æ¥20æã«ããã¦ã1,938.8ä¸ä»¶ã®è¡¨ç¤ºã¨ãããã¨ã§ãé常ã«æ³¨ç®ããã¦ãããã¨ãåããã¾ãã æãåã¯ã¢ã·ã¿ã«ï¼ã¹ã¿ãã®FreeWi-Fiã使ããªããä¼ç¤¾ã®æ©å¯æ å ±ãæ±ãä»äºããã¦ããå ¨é¨æããããã©ãããã°ããï¼ pic.twitter.com/e26L1Bj32Z â ã¹ã¿ãã§Macãéãã¨ã³ã¸ã㢠(@MacopeninSUTABA) April 29, 2023 ããã«å¯¾ãã¦ãç§ã¯ä»¥ä¸ã®ããã«ãã¤ã¼ããã¾ãããã ããå ¥ç¤¾è©¦é¨ã®åé¡ã«ãããããªããã¹ã¿ãã®FreeWi-Fiã使ããªããä¼ç¤¾ã®æ©å¯æ å ±ãæ±ãä»äºããã¦ããå ¨é¨æããããã¨è¨ãäºè±¡ã«è³ãç¾å®çã«ããããè å¨ã説æãããçµæ§é£ããã¨æãã¾ããã https://t.co/LH21zphCTV â 徳丸 浩 (@ockeghem) April
SPAèªè¨¼ãã¼ã¯ã³ãã©ãã«ä¿åãããã¯è«äºã絶ãã¾ãããlocalStorageãCookieããã使ããã¾ãããAuth0ã¯éãæ¹æ³ãæ¡ç¨ãã¦ãã¾ãããã®è¨äºã§ã¯ãAuth0ã®ãã¼ã¯ã³ç®¡çã®æ¹å¼ãç解ã§ãããã¼ã¯ã³ç®¡çä¸ã®ã»ãã¥ãªãã£ã¸ã®ç解ãæ·±ãããã¨ãã§ãã¾ãã SPAã®èªè¨¼ãã¼ã¯ã³ãã©ãã«ä¿åããã ãã©ã¦ã¶ã§ãã¼ã¯ã³ãä¿åã§ããå ´æ ä¿åå ´æã®æ¯è¼ ã¡ãªããã»ãã¡ãªãã Auth0ã®ã¢ããã¼ã ãã¼ã¯ã³ã¯ã¤ã³ã¡ã¢ãªã«ä¿å OpenID Connectæºæ ã¨ãã¼ã¯ã³åå¾ã®UI/UXã®æªååé¿ãä¸¡ç« Auth0ã®jsã©ã¤ãã©ãª ãã°ã¤ã³ ã¢ã¯ã»ã¹ãã¼ã¯ã³ã®ï¼åï¼åå¾ å³è§£ ãã°ã¤ã³ ã¢ã¯ã»ã¹ãã¼ã¯ã³ã®ï¼åï¼åå¾ èªãµã¼ãã¹å ã®èªè¨¼ã ãã®ãã£ã¨ç°¡æãªæ§æ ãã°ã¤ã³ IDãã¼ã¯ã³åå¾ ã¾ã¨ã SPAã®èªè¨¼ãã¼ã¯ã³ãã©ãã«ä¿åããã React ãVueã§èªè¨¼ä»ãSPAï¼Single Pa
ãµã㪠DNSãªãã¤ã³ãã£ã³ã°ãæè¿æ³¨ç®ããã¦ãããGoogle Chromeã¯æè¿ã«ãªã£ã¦ãã¼ã«ã«ãããã¯ã¼ã¯ã¸ã®ã¢ã¯ã»ã¹å¶éæ©è½ã追å ãã¦ããããã®ç®çã®ä¸ã¤ãDNSãªãã¤ã³ãã£ã³ã°å¯¾çã«ãªã£ã¦ãããGoogleãæä¾ããWiFiã«ã¼ã¿Google Nest WiFiã¯ããã©ã«ãã§DNSãªãã¤ã³ãã£ã³ã°å¯¾çæ©è½ãæå¹ã«ãªã£ã¦ããã DNSãªãã¤ã³ãã£ã³ã°å¯¾çã¯ãæ»æ対象ã¢ããªã±ã¼ã·ã§ã³ã§è¡ãã¹ããã®ã§ãããããã©ã¦ã¶ãPROXYãµã¼ãã¼ããªã¾ã«ãçã§ãä¿è·æ©è½ãçµã¿è¾¼ã¾ãã¦ãããæ¬ç¨¿ã§ã¯ããã対çæ©è½ã®ç¶æ³ã¨å¯¾çã®èãæ¹ã«ã¤ãã¦èª¬æããã DNSãªãã¤ã³ãã£ã³ã°ï¼DNS Rebindingï¼ã¨ã¯ DNSãªãã¤ã³ãã£ã³ã°ã¯DNSåãåããã®æéå·®ãå©ç¨ããæ»æã§ããDNSã®TTLï¼ãã£ãã·ã¥æå¹æéï¼ã極ãã¦çãããä¸ã§ã1åç®ã¨2åç®ã®åãåããçµæãå¤ãããã¨ã«ãããIPã¢ãã¬ã¹ã®ã
[2021å¹´ç]AWSã»ãã¥ãªãã£å¯¾çå ¨é¨çã[åç´ããä¸ç´ã¾ã§] ã¨ããã¿ã¤ãã«ã§DevelopersIO 2021 Decadeã«ç»å£ãã¾ãã #devio2021 DevelopersIO 2021 Decadeã§ç»å£ããåç»ãè³æãæ²è¼ã解説ããã¦ãã¾ããAWSã®ã»ãã¥ãªãã£ã«ã¤ãã¦ç¶²ç¾ çã«æ±ã£ã¦ãã¾ããã¡ãã¼é·ãã®ã§ã注æãã ããã«ã¡ã¯ãè¼ç°ã§ãã ã¿ãªãããAWSã®ã»ãã¥ãªãã£å¯¾çãã¦ã¾ããï¼(æ¨æ¶ ã¤ãã«ãã£ã¦ã¾ããã¾ãããDevelopersIO 2021 Decadeï¼ç§ã¯ã[2021å¹´ç]AWSã»ãã¥ãªãã£å¯¾çå ¨é¨çã[åç´ããä¸ç´ã¾ã§]ãã¨ãããã¼ãã§ç»å£ãã¾ããã åç»ã¨è³æã¨è§£èª¬ããã®ããã°ã§ãã£ã¦ããã¾ãã åç» è³æ 解説 åç»ã¯ã¡ãã£ã±ãã§åã£ã¦ããã®ã§ã解説ã¯ä¸å¯§ãã«ãã£ã¦ããã¾ãã ã¿ã¤ãã«ä»ãã®èæ¯ ä»åä½åããããªã¼ã£ã¦æã£ã¦ããã2å¹´åã®Deve
æ¦è¦ è¦ç´ 詳細 èæ¯ åæ ã¤ã³ã¿ã¼ãããä¸ã«å ¬éãããdnsmasq LANå ã®ãã·ã³ãæ»æè ã®æ¯é ä¸ã«ãã LANå ã®ãã·ã³ã«æ»æè 管çã®Webãµã¤ããé²è¦§ããããã¨ãã§ãã å½±é¿ ä¸éè æ»æ æ±ææ¡å¤§ DDoS/Reverse DDoS CVE-2020-25684: ãã¼ãã®å¤éå CVE-2020-25685: èå¼±ãªCRC32ã®å©ç¨ CVE-2020-25686: åä¸ãã¡ã¤ã³åã«å¯¾ããè¤æ°ã¯ã¨ãªçºè¡ DNSãã©ã¯ã¼ãã«ãããã¬ã¹ãã³ã¹ã®æªæ¤è¨¼ çµã¿åããã ãã¡ã¤ã³åã®ç»é² ã½ã¼ã¹IPã¢ãã¬ã¹ã®å½è£ CRC32ã®è¡çª æ»æã®æµã ãã©ã¦ã¶ããã®æ»æ æ¤è¨¼ç«¯æ« æ»æã®æå確ç PoC fowarder cache attacker 大éã¯ã¨ãªã®éä¿¡ å½è£ ã¬ã¹ãã³ã¹ã®éä¿¡ é«éåã®è©± å®è¡ 対çã»ç·©åç ä½è« ã¾ã¨ã æ¦è¦ å æ¥DNSpooqã¨ããèå¼±æ§ãå ¬éããã¾ããã ww
æ»æã«ç«ã¡åããã¤ãããThe English version is available here. ã¿ã¤ãã«è¨æ£: ãèªä½ãµã¼ãã¹ãã«ãâãããDDoSæ»æããã話ããããã¯DDoSã§ã¯ãªããã¨ããææã«é¢ãã¦æ«å°¾ã«è¿½è¨ (6/18)SaaSãéçºãã¦ããã¨æ¬å½ã«ããããªäºãèµ·ããã¾ãããããã¯æã«éçºè ã«åã³ãæ²ãã¿ãæããæè¬ãè½èãè奮ãããã¾ããæãè¿ãã¦ã¿ãã°çµå±ã¯ã¿ããªããæãåºã«ãªããã®ã§ããå é±æ«ã«ãæä½ã®å°ããªã¦ã§ããµã¼ãã¹ãDDoSæ»æãåãã¾ãããè¨ãããããªãæªãåºæ¥äºã§ããæ¬ç¨¿ã§ã¯ãã®äºæ ãã©ããªãã®ã ã£ãã®ããã©ããã£ã¦å¯¾å¦ããã®ãã«ã¤ãã¦ã話ãã¾ãã ã©ããTAKUYAã§ããåã¯Inkdropã¨ããã¯ãã¹ãã©ãããã©ã¼ã ãªMarkdownãã¼ãã¢ããªãç¬ãã§3年以ä¸éçºã»éç¨ãã¦ãã¾ããã¦ã¼ã¶æ°2ä¸äººä»¥ä¸ã®ã¨ã¦ãããããªSaaSã§ãåã¯ãã®ãµã¼ãã¹ã§çè¨ãç«
CVE-2019-5736ãè¦ãã¦ãã¾ããï¼ä»å¹´ã®2æã«è¦ã¤ãã£ãruncï¼Dockerãããã©ã«ãã§å©ç¨ãã¦ããã³ã³ããã®ã©ã³ã¿ã¤ã ï¼ã®èå¼±æ§ã§ããã¹ãã®runcãã¤ããªã好ãåæã«ã³ã³ããå é¨ããæ¸ãæãããã¨ãã§ããã¨ãããã®ã§ãã èå¼±æ§ã®ä»çµã¿ã«èå³ããã£ãã®ã§èª¿ã¹ãã¨ãããã³ã³ãããæ»æããæ¹æ³ã¨ããã®ã¯ä»ã«ããããããã£ã¦ãruncã¯é å¼µã£ã¦ãããå¡ãã§ããããã§ããããã¾ã¨ããã¨é¢ç½ããããã¨æã£ãã®ã§ä»¥ä¸ã®ãããªããã¡ããä½ãã¾ããã Drofuneã¯ç°¡åãªã³ã³ããã©ã³ã¿ã¤ã ã§ããdrofune runã¨ãdrofune execãªã©ã§ã³ã³ãããèµ·åããããå ¥ã£ãããããã¨ãã§ãã¾ããã¨ããã°æ³åãã¤ãã§ããããã ããã ãã§ã¯ä½ãé¢ç½ããªãã®ã§ãDrofuneã¯ããã¨å®å ¨ã§ãªãå®è£ ã«ãªã£ã¦ãã¾ãããªã®ã§ãä»åçºè¦ãããCVE-2019-5736ãå©ç¨ããæ»æãæç«ãã¾ã
SSRF(Server Side Request Forgery)ã¨ããèå¼±æ§ãªããæ»æææ³ãæè¿æ³¨ç®ããã¦ãã¾ãã以ä¸ã¯ããã3ã¶æã«SSRFã«ã¤ãã¦è¨åãããè¨äºã§ãã EC2ä¸ã®AWS CLIã§ä½¿ããã¦ãã169.254ã«ã¤ã㦠SSRFèå¼±æ§ãå©ç¨ããGCE/GKEã¤ã³ã¹ã¿ã³ã¹ã¸ã®æ»æä¾ SSRFãå©ç¨ããã¡ã¼ã«éä¿¡ãã¡ã¤ã³ã®ä¹ã£åã ãCODE BLUE 2018ãåå ã¬ãã¼ãï¼å²©éç·¨ï¼ ãã®ã空åã®SSRFãã¼ã ãã«ä¾¿ä¹ãã¦ãSSRFã¨ããæ»æææ³ããã³èå¼±æ§ã«ã¤ãã¦èª¬æãã¾ãã SSRFæ»æã¨ã¯ SSRFæ»æã¨ã¯ãæ»æè ããç´æ¥å°éã§ããªããµã¼ãã¼ã«å¯¾ããæ»æææ³ã®ä¸ç¨®ã§ããä¸å³ã«SSRFæ»æã®æ§åã示ãã¾ãã æ»æè ããã¯ãå ¬éãµã¼ãã¼ï¼203.0.113.2ï¼ã«ã¯ã¢ã¯ã»ã¹ã§ãã¾ãããå é¨ã®ãµã¼ãã¼ï¼192.168.0.5ï¼ã¯ãã¡ã¤ã¢ã¦ã©ã¼ã«ã§éé¢ããã¦ããããå¤é¨ããç´æ¥
ã¯ããã« Webãµã¼ããã»ãã¥ã¢ã«ä¿ã¤çºãå人çã«è¡ã£ã¦ããè¨å®ããã£ããã¾ã¨ãã¦ã¿ã¾ããã è¨å®å 容ã¯Apache 2.4ã§ã®éç¨ãæ³å®ãã¦ãã¾ãã®ã§ãä»ã®HTTPdãã使ãã®æ¹ã¯é©å®èªã¿æ¿ãã¦ãã ããã åè¨å®é ç®ã¯ä»¥ä¸ã®ãªã³ã©ã¤ã³ãã¹ããµã¤ãã§A+ç¸å½ãåããã¨ãç®æãã¦ãã¾ãã è¨å®ãã¡ã¤ã«çæ Mozilla SSL Configuration Generator ãªã³ã©ã¤ã³ãã¹ã Mozilla Observatory Qualys SSL Server Test åææ¡ä»¶ 以ä¸ã§è¨å®ããé ç®ã¯ç¹ã«HTTPSæ¥ç¶ãæ»æé²æ¢ã«é¢ãããã®ã«ãªãã¾ãã HTTPdãã®ãã®ã«é¢ããåºæ¬è¨å®ã«ã¤ãã¦ã¯å¥è¨äºããåç §ãã ããã SSLProtocol å±æ®åããå¤ããããã³ã«ãæå¹ã«ãã¦ããå ´åãå¤ããããã³ã«ãæ¨çã¨ãããã¦ã³ã°ã¬ã¼ãæ»æçãåããå¯è½æ§ãããçºãæ°ãããããã³ã«ã®ã¿ãæ
Linuxã襲ãä¸æ£ã¢ã¯ã»ã¹ãæ°´éã§æ¢ããã»ãã¥ãªãã£æ©æ§ãSELinuxï¼ã¨ã¹ã¤ã¼ãªããã¯ã¹ï¼ããLinuxã®ã¢ã¯ã»ã¹å¶å¾¡ã¨ã¯å¥ã®é²å¾¡å£ã¨ãã¦åä½ããçµã¿è¾¼ã¿ããã¯ã©ã¦ãã¾ã§å¹ åºã浸éãã¦ãã¾ããããããããã¤ã¹ãã¤ã³ã¿ã¼ãããã«ã¤ãªããIoTæ代ã«é¿ãã¦ã¯éããªãæè¡ã®ä¸ã¤ã§ããSELinuxã使ãããªãããã®ç¥èãåºç¤ãã解説ãã¾ãã ãã¤ã³ã¹ãã¼ã«å¾ã«ããç¡å¹ãã¯ãªãããããSELinuxã®ãããã ãIoTæ代ã®ææ°SELinuxå ¥éãé£è¼ãä»åãæå¾ã«ãªãã¾ããé£è¼ã®æå¾ã«ãSELinuxã®ç¾å¨ã®éçºã®ç¶æ³ã¨ãä»å¾ã©ã®ãããªæ¹åã«éçºãé²ãã§ããã®ããéå»ã®ä¾ããèãã¦ã¿ã¾ãããã 2017.08.24 æ°ããªèå¼±æ§ãSELinuxã§å®ããããã¹ã ååã¯SELinuxã®æ©è½ãå©ç¨ãããã¡ã¤ã³ãä½æããå¶å¾¡ããæ¹æ³ãç´¹ä»ãã¾ããããã®éãããªã·ã¼ã追å ãã許å¯ã®è¦/ä¸è¦ãåå³ã
0. ã¯ããã« æ¬è¨äºã¯ãLinuxã対象ã¨ããã«ã¼ãã«ã¨ã¯ã¹ããã¤ãã®å ¥éè¨äºã§ãã ã«ã¼ãã«ã¨ã¯ã¹ããã¤ãã¨ããã®ã¯ãLinuxã*BSDãWindowsãå§ãã¨ããã«ã¼ãã«èªèº«ã®èå¼±æ§ãçªãã¨ã¯ã¹ããã¤ãã§ãã åºæ¬çã«ã«ã¼ãã«ã¯ã·ã¹ãã å ã§æé«æ¨©éãæã¤ç¹æ¨©ã¢ã¼ãã§åä½ãã¦ããã®ã§ããããæªç¨ãããã¨ã·ã¹ãã ã®å¤§é¨å(ã»ã¼å ¨ã¦)ãææ¡ããã¦ãã¾ãã¾ãã ã¨ã¯ã¹ããã¤ãã¨è¨ãã¨ãæ®éã¯ã¦ã¼ã¶ã¼ç©ºéã§åä½ãã¦ããã¢ããªã±ã¼ã·ã§ã³ã®ãã°ãã¤ãç©ãå¤ãã§ãããããã ã¨éãããã¬ãã«ã®æ¨©éãã奪ãã¾ããã SELinuxãjailãå§ãã¨ãããOSã¬ãã«ã§ã®ä¿è·æ©æ§ã«é»ã¾ããã¨ãã¡ã¾ã¡å¹åã失ã£ãããã¾ãã ããããã«ã¼ãã«èªä½ã®èå¼±æ§ãã¤ãã«ã¼ãã«ã¨ã¯ã¹ããã¤ããå©ç¨ããã¨æé«æ¨©éã§ã®ä»»æã³ã¼ãå®è¡ãå¯è½ãªããã大æµã®ä¿è·æ©æ§ã¯ãã®ã¨ããã¾ããã ãã®ã«ã¼ãã«ã¨ã¯ã¹ããã¤ããç¹ã«å¹åãçºæ®
CentOS7ã«epelãªãã¸ããªã§æä¾ããã¦ããClamAVï¼ã¢ã³ãã¦ã¤ã«ã¹ã½ããï¼ãã¤ã³ã¹ãã¼ã«ããæé ã§ãã ã2017.04.20追è¨ã freshclamã®è¨å®ä½æ¥ã«æ¼ãããã£ãã®ã§è¿½è¨ãã¾ããã対象ãã¡ã¤ã«ã¯ã/etc/freshclam.confãã/etc/sysconfig/freshclamãã«ãªãã¾ãã ã2017.11.03ä¿®æ£ã ã¦ã¤ã«ã¹ã¹ãã£ã³ç¨ã¹ã¯ãªããã®ä¿®æ£ãè¡ãã¾ããã åææ¡ä»¶ ãepelããªãã¸ããªã«ããclamavãã¤ã³ã¹ãã¼ã«ããã®ã§ããepelããªãã¸ããªã使ç¨ã§ããããã«è¨å®ãã¦ããã¦ãã ããã epelãªãã¸ããªã®è¿½å æ¹æ³ã¯ãã¡ãã®ãã¼ã¸ã§èª¬æãã¦ãã¾ãã ClamAVã¤ã³ã¹ãã¼ã« ä»åã¯ãepelããªãã¸ããªã§æä¾ããã¦ããClamAVã®ã¤ã³ã¹ãã¼ã«ãè¡ããclamd@scanããã¼ã¢ã³ã¨ãã¦èµ·åãããããã¨é£æºããclamdscanã使ç¨
2024å¹´12æ9æ¥ãé£è¦å¸ç«ç é¢ã¯é¢å ã§å©ç¨ãã¦ãããã¼ãã¦ã§ã¢é害ã«ããã診çå¶éãçãã¦ããã¨å ¬è¡¨ãã¾ããããã®å¾é害åå ï¼å¾©é»å¾ã®éé»æµã«ãããã¼ãã¦ã§ã¢æ éï¼ãç¹å®ãããåæ10æ¥8æã¾ã§ã«å¶éã¯è§£é¤ããã¦ãã¾ããããã§ã¯é¢é£ããæ å ±ãã¾ã¨ãã¾ãã é»æ°è¨åã®æ³å®ç¹æ¤å¾ã«ä¸é¨ãããã¯ã¼ã¯æ©å¨æ é ã·ã¹ãã é害ãçºçããã®ã¯é£è¦å¸ç«ç é¢ã®é»åã«ã«ãåã³ç»åè£ ç½®ã®ä¸é¨ãåæ8æ¥15æé ãããããã¯ã¼ã¯æ¥ç¶ã«ä¸å ·åãçãããã¨ã§ãåæ9æ¥å¤ããç¿10æ¥8æã¾ã§å°å ç§ãå«ãå¤éææ¥ã®ä¸æä¼æ¢ãè¡ããªã©å»çãµã¼ãã¹ã®æä¾ã«å½±é¿ãåãã ããªãã12æ9æ¥ååã«åä»ãè¡ã£ãä¸è¬å¤æ¥ã«å¯¾ãã¦ã¯ãåé¢ã¯ç´ã«ã«ãã§ç·æ¥å¯¾å¿ãè¡ã£ããåä»ã®å¶éãè¡ãããã*1 å診ãå ¥é¢äºå®ã®æ£è ã«å¯¾ãã¦ã¯åé¢ããåå¥é£çµ¡ãè¡ã£ã¦ãããé»è©±ãªã©ã§åãåãããè¡ããã¨ã¯æ§ããããå¼ã³ãããè¡ã£ãã*2 ã¾ãæ¤æ»ãäºå®ã
ããã«ã¡ã¯ã大éªã®å¸ç°ã§ãã ä»åã¯ãä¸è¨ã®ããã°ã®å 容ãå ã«ãè¸ã¿å°ãµã¼ãçµç±ã®SSHã»ãã·ã§ã³ãè¨é²ããæ¹æ³ããç´¹ä»ãã¾ãã How to Record SSH Sessions Established Through a Bastion Host | AWS Security Blog å°ãè¸ã¿å°ãµã¼ãã¯Amazon Linuxãæ³å®ãã¦ãã¾ãã ãã¤ã³ã ãã®è¨äºã®ãã¤ã³ãã¯ä¸è¨ã§ãã OpenSSHã®è¨å®ã®ä¿®æ£ scriptã³ãã³ãã®å©ç¨ è¸ã¿å°ãµã¼ãã¦ã¼ã¶ã®æ¨©éå¶é ãã°ãã¡ã¤ã«ã®S3ä¿ç®¡ S3ã«ããè¸ã¿å°ãµã¼ãã¦ã¼ã¶ã®èªå管ç SSHã®ã¨ã¼ã¸ã§ã³ããã©ã¯ã¼ãå©ç¨ CloudFormationã§ç°å¢æ§ç¯ ããã§ã¯é ã«èª¬æãã¦ããããã¨æãã¾ãã æ§æ æ³å®ã®æ§æã¯ä¸è¨ã®éãã§ãã ãã°ãã¡ã¤ã«ã®ãã£ã¬ã¯ããªä½æ ã¾ãã¯ãè¸ã¿å°ãµã¼ãã«ãã°ã®ä¿åãã£ã¬ã¯ããªãä½æããã¢ã¯ã»ã¹å¶é
0. çãã¾ã¨ã OpenSSL-1.1.0dã«èå¼±æ§(CVE-2017-3733)ãè¦ã¤ãããEncrypt-Then-Mac 㨠renegotiation ãçµã¿åãã㦠crashããããã¨ãã§ãã¾ããã ãã®èå¼±æ§ã¯ãä»æ§ã®æºæ ä¸è¶³ãä¸é©åãªå¤æ°ã® cast ãªã©ãåå ã§ããã TLS1.3ã§ã¯ããããè½ã¨ãç©´ãå°ãªããªãããæ©è½ã®æ ¹æ¬çãªè¦ç´ããè¡ããã¦ãã¾ãã 1. ã¯ããã« å é± OpenSSL-1.1.0d ã«å¯¾ãã¦ã»ãã¥ãªãã£ã¢ãããã¼ããããã Encrypt-Then-Mac renegotiation crash (CVE-2017-3733)ã¨ããèå¼±æ§(Severity: High)ãå ¬éããã¾ããã 対象ã¨ãªã£ã 1.1.0 ã¯ãæ¨å¹´2016å¹´8æã«ãªãªã¼ã¹ãããOpenSSLã®æ°ãããªãªã¼ã¹ãã©ã³ãã§ãã1.1.0ã§ã¯APIã®å¤§å¹ å¤æ´ããããã¾ã ãã¾ãæ®å
ãªãªã¼ã¹ãé害æ å ±ãªã©ã®ãµã¼ãã¹ã®ãç¥ãã
ææ°ã®äººæ°ã¨ã³ããªã¼ã®é ä¿¡
å¦çãå®è¡ä¸ã§ã
j次ã®ããã¯ãã¼ã¯
kåã®ããã¯ãã¼ã¯
lãã¨ã§èªã
eã³ã¡ã³ãä¸è¦§ãéã
oãã¼ã¸ãéã
{{#tags}}- {{label}}
{{/tags}}