SP 800-219, Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP) | CSRC
Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS A lock ( Locked padlock icon ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
SSH Tips & Tricks
Experience SSH certificates for yourself in <5minâš¡! Here are some of our best tips & tricks for using SSH more effectively. This post will cover how to: Add a second factor to your SSH login Use agent forwarding safely Exit from stuck SSH sessions Keep a persistent terminal open Share a remote terminal session with a friend (without Zoom!) Add a second factor to your SSH Here's five different ways
NIST Special Publication 800-63B
NIST Special Publication 800-63B Digital Identity Guidelines Authentication and Lifecycle Management Paul A. Grassi James L. Fenton Elaine M. Newton Ray A. Perlner Andrew R. Regenscheid William E. Burr Justin P. Richer Privacy Authors: Naomi B. Lefkovitz Jamie M. Danker Usability Authors: Yee-Yin Choong Kristen K. Greene Mary F. Theofanos This publication is available free of charge from: https://
ARM ベースãŠã‚ˆã³ Intel CPU ã®æŠ•æ©Ÿçš„実行ã®è„†å¼±æ€§ã«ã¤ã„㦠- Apple サãƒãƒ¼ãƒˆ (日本)
ARM ベースãŠã‚ˆã³ Intel CPU ã®æŠ•æ©Ÿçš„実行ã®è„†å¼±æ€§ã«ã¤ã„㦠Apple ã§ã¯ã€Meltdown ã®å½±éŸ¿ç·©å’Œç–を盛り込んã macOS Sierra ãŠã‚ˆã³ El Capitan å‘ã‘ã®ã‚»ã‚ュリティアップデートをリリースã—ã¾ã—ãŸã€‚ Apple ã§ã¯ã€Spectre 対ç–ã«åŠ¹æžœçš„㪠iOSã€macOS High Sierraã€Sierra ã‚„ El Capitan ã® Safari å‘ã‘ã®ã‚¢ãƒƒãƒ—デートをリリースã—ã¾ã—ãŸã€‚ Apple Watch 㯠Meltdown 㨠Spectre ã®ã©ã¡ã‚‰ã®å½±éŸ¿ã‚‚å—ã‘ã¾ã›ã‚“。 最近ã€è¤‡æ•°ã®ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ç ”ç©¶è€…ãŒã€ŒMeltdownã€ã€ŒSpectreã€ã¨ã„ㆠ2 ã¤ã®åå‰ã§çŸ¥ã‚‰ã‚Œã‚‹è„†å¼±æ€§ã‚’公表ã—ã¾ã—ãŸã€‚ã“れらã®è„†å¼±æ€§ã¯ã™ã¹ã¦ã®ãƒ¢ãƒ€ãƒ³ CPU ã«å˜åœ¨ã—ã€ã»ã¼ã™ã¹ã¦ã®ã‚³ãƒ³ãƒ”ューティングデãƒã‚¤ã‚¹ã‚„オペレーティングシステムãŒãã®å½±éŸ¿ã‚’å—ã‘ã¾ã™ã€‚Mac シス
Meltdown and Spectre
Meltdown and Spectre Vulnerabilities in modern computers leak passwords and sensitive data. Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spec
Windows標準ã®æ©Ÿèƒ½ã‚’使用ã—ãŸæ¨™çš„型攻撃ã®å¯¾ç– #ssmjp /ssmjp1507
2015å¹´7月31æ—¥ #ssmjp ã§ã®è³‡æ–™ã§ã™ã€‚
The Laws of Vulnerabilities: The GHOST Vulnerability | Qualys Community
The GHOST vulnerability is a serious weakness in the Linux glibc library. It allows attackers to remotely take complete control of the victim system without having any prior knowledge of system credentials. CVE-2015-0235 has been assigned to this issue. Qualys security researchers discovered this bug and worked closely with Linux distribution vendors. And as a result of that we are releasing this
dmarc.org – Domain Message Authentication Reporting & Conformance
What is DMARC? DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformanceâ€, is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:â€) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and mo
OS X bash Update 1.0 – OS X Mavericks - Apple Support
System Requirements: OS X Mavericks v10.9.5 or later File Size: 3.4 MB Download This update fixes a security flaw in the bash UNIX shell. See this article for details on how to verify the authenticity of this download. For more information on the security content of this update, see http://support.apple.com/kb/HT1222. Supported Languages: Bahasa Indonesia, British English, Crna Gora, Dansk, Deutsc
Bash specially-crafted environment variables code injection attack
This article was originally published on the Red Hat Customer Portal. The information may no longer be current. Update 2014-09-30 19:30 UTC Questions have arisen around whether Red Hat products are vulnerable to CVE-2014-6277 and CVE-2014-6278. We have determined that RHSA-2014:1306, RHSA-2014:1311, and RHSA-2014:1312 successfully mitigate the vulnerability and no additional actions need to be ta
BASHã®è„†å¼±æ€§ã§CGIスクリプトã«ã‚¢ãƒ¬ã•ã›ã¦ã¿ã¾ã—ãŸ
環境変数ã«ä»•è¾¼ã¾ã‚ŒãŸã‚³ãƒ¼ãƒ‰ã‚’実行ã—ã¦ã—ã¾ã†BASHã®è„†å¼±æ€§ãŒ CGIスクリプトã«å½±éŸ¿ã‚’与ãˆã‚‹ã‹è©¦ã—ã¦ã¿ãŸã‚‰çµæžœã¯æ‚²æƒ¨ãªæ„Ÿã˜ã« Tweet 2014å¹´9月25æ—¥ 嶋田大貴 ã“ã®è¨˜äº‹ã¯2014å¹´ã®ã‚‚ã®ã§ã™ æœã‹ã‚‰ Bash specially-crafted environment variables code injection attack ãªã‚‹ã‚‚ã®ã§é¨’ãŽã«ãªã£ã¦ã„ãŸã®ã§ã€ã•ã£ãã手元㮠Apacheã§è©¦ã—ã¦ã¿ã¾ã—ãŸã€‚ /hoge.cgiã¨ã„ã†URIã§å®Ÿè¡Œã•ã‚Œã‚‹ã‚ˆã†ã«ã€ä¸€è¡Œã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’出力ã™ã‚‹ã ã‘ã® CGIスクリプトをè¨ç½®ã—ã¾ã™ã€‚ã„ã£ã‘ã‚“ã€ãªã‚“ã®å…¥åŠ›ã‚‚クライアントå´ã‹ã‚‰å—ã‘付ã‘ã¦ã„ãªã„ãŸã‚å±é™ºã®ã‚りよã†ã‚‚ãªã見ãˆã¾ã™ã€‚ #!/bin/sh echo "Content-type: text/plain" echo echo "Hi! I'm an ordinary CGI script w
OpenSSLã®ã€ŒHeartbleedã€è„†å¼±æ€§ã¯2å¹´å‰ã‹ã‚‰å˜åœ¨ã€ã€Œæœ€æ‚ªã®ã‚±ãƒ¼ã‚¹ã‚’想定ã—ã¦å¯¾å‡¦ã‚’ã€ã¨å°‚門家
OpenSSLã®ã€ŒHeartbleedã€è„†å¼±æ€§ã¯2å¹´å‰ã‹ã‚‰å˜åœ¨ã€ã€Œæœ€æ‚ªã®ã‚±ãƒ¼ã‚¹ã‚’想定ã—ã¦å¯¾å‡¦ã‚’ã€ã¨å°‚門家:ãƒã‚§ãƒƒã‚¯æ–¹æ³•ã¾ã¨ã‚ オープンソースã®SSL/TLS実装「OpenSSLã€ã«è¦‹ã¤ã‹ã£ãŸæƒ…å ±æ¼ãˆã„ã«ã¤ãªãŒã‚‹è„†å¼±æ€§ã®å½±éŸ¿ãŒæ‹¡å¤§ã€‚専門家ã¯ã€Œæœ€æ‚ªã®ã‚±ãƒ¼ã‚¹ã€ã¤ã¾ã‚Šç§˜å¯†éµã®æ¼ãˆã„を想定ã—ã¦å¯¾å‡¦ã™ã¹ãã€ã¨è¿°ã¹ã¦ã„る。 オープンソースã®SSL/TLS実装「OpenSSLã€ã«è¦‹ã¤ã‹ã£ãŸæƒ…å ±æ¼ãˆã„ã«ã¤ãªãŒã‚‹è„†å¼±æ€§ã®å½±éŸ¿ãŒæ‹¡å¤§ã—ã¦ã„る。OSやクラウドサービスã€ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯æ©Ÿå™¨ã®ä¸ã«ã¯ã€è„†å¼±æ€§ã®ã‚ã‚‹OpenSSLを利用ã—ã¦ã„ã‚‹ã‚‚ã®ãŒå¤šæ•°ã‚ã‚Šã€ãƒ™ãƒ³ãƒ€ãƒ¼å„社ãŒç¢ºèªãƒ»å¯¾å¿œã‚’進ã‚ã¦ã„る。国内ã§ã‚‚ã“ã®è„†å¼±æ€§ã®å½±éŸ¿ã‚’å—ã‘るサイトãŒç¢ºèªã•ã‚Œã¦ãŠã‚Šã€ä¸ã«ã¯ä¸€æ™‚çš„ã«ã‚µãƒ¼ãƒ“スをåœæ¢ã—ã€å¯¾å‡¦ã‚’優先ã—ãŸã‚µãƒ¼ãƒ“スもã‚る。 ã“ã®è„†å¼±æ€§ã¯ã€OpenSSL ãƒãƒ¼ã‚¸ãƒ§ãƒ³1.0.1ï¼1.0.2ç³»ã«å˜åœ¨ã™ã‚‹ã€‚Heartbeatæ‹¡å¼µã®å®Ÿè£…ã«è¦‹ã¤ã‹
CVE-2014-0160 OpenSSL Heartbleed 脆弱性ã¾ã¨ã‚ - ã‚ã‚‚ãŠãã°
å¿…è¦ãªæƒ…å ±ã¯ http://heartbleed.com/ ã«ã¾ã¨ã¾ã£ã¦ã„ã‚‹ã®ã§ã™ãŒã€è‹±èªžã ã—é•·ã„ã—ã£ã¦äººã®ãŸã‚ã«æ‰‹çŸã«ã¾ã¨ã‚ã¦ãŠãã¾ã™ã€‚ ã©ã†ã™ã‚Œã°ã„ã„ã®ã‹ OpenSSL 1.0.1〜1.0.1fを使ã£ã¦ã„ãªã‘ã‚Œã°ã‚»ãƒ¼ãƒ• ã‚ã¦ã¯ã¾ã‚‹å ´åˆã«ã¯ã€ä¸€åˆ»ã‚‚æ—©ããƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚¢ãƒƒãƒ—ã—ã¦ã€ã‚µãƒ¼ãƒã”ã¨å†èµ·å‹•(ã‚ã‹ã‚‹ã²ã¨ã¯ã‚µãƒ¼ãƒ“スå˜ä½ã§ã‚‚OKã€ãŸã ã—reloadã§ã¯ã ã‚ãªã“ã¨ã‚‚) SSL証明書ã§ã‚µãƒ¼ãƒã‚’公開ã—ã¦ã„ã‚‹ãªã‚‰ã€ç§˜å¯†éµã‹ã‚‰ä½œã‚Šç›´ã—ã¦è¨¼æ˜Žæ›¸ã‚’å†ç™ºè¡Œã—ã€éŽåŽ»ã®è¨¼æ˜Žæ›¸ã‚’失効ã•ã›ã‚‹(末尾ã«é–¢é€£ãƒªãƒ³ã‚¯ã‚ã‚Š)。 サーãƒã‚’公開ã—ã¦ã„ãªã„å ´åˆã‚‚ã€å¤–部ã¸ã®SSL通信ãŒã‚ã‚Œã°å½±éŸ¿ã‚’å—ã‘ã‚‹ã®ã§ã€è©³ã—ã精査ã™ã‚‹ã€‚ PFS(perfect forward secrecy)を利用ã—ã¦ã„ãªã„å ´åˆã€éŽåŽ»ã®é€šä¿¡å†…容も復å·ã•ã‚Œã‚‹å¯èƒ½æ€§ãŒã‚ã‚‹ãŸã‚ã€è©³ã—ã精査ã™ã‚‹ã€‚ æ¼æ´©ã™ã‚‹æƒ…å ±ã®å…·ä½“例ã¯ã€OpenSSLã®è„†å¼±æ€§ã§æƒ³å®šã•ã‚Œã‚‹ãƒªã‚¹ã‚¯ã¨ã—ã¦
書ãæ›ãˆäº‹ä»¶ã§ã‚‚使ã‚ã‚ŒãŸï¼Ÿ WordPressプラグインã®è„†å¼±æ€§ã¨ã‚·ãƒ³ãƒœãƒªãƒƒã‚¯ãƒªãƒ³ã‚¯
書ãæ›ãˆäº‹ä»¶ã§ã‚‚使ã‚ã‚ŒãŸï¼Ÿ WordPressプラグインã®è„†å¼±æ€§ã¨ã‚·ãƒ³ãƒœãƒªãƒƒã‚¯ãƒªãƒ³ã‚¯ï¼šè©¦ã—ã¦ã¿ãªã‘りゃ分ã‹ã‚‰ãªã„? å¤ã„Webアプリã®è„†å¼±æ€§ï¼ˆ4)(1/4 ページ) å‰å›žã®è¨˜äº‹ã€ŒCMSã«æ®‹ã‚‹åå°„åž‹XSSを使ã£ãŸã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚¤ã‚¸ãƒ£ãƒƒã‚¯ã€ã§ã‚‚紹介ã—ãŸã¨ãŠã‚Šã€CMS(Contents Management System)ã®è„†å¼±æ€§ã‚’ç‹™ã£ãŸæ”»æ’ƒãŒå¾Œã‚’絶ãŸãªã„よã†ã 。 ä¸ã§ã‚‚話題ã¨ãªã£ã¦ã„ãŸã®ãŒã€å…±ç”¨ãƒ¬ãƒ³ã‚¿ãƒ«ã‚µãƒ¼ãƒã‚’ç‹™ã£ãŸåºƒç¯„囲ã®æ›¸ãæ›ãˆæ”»æ’ƒã 。「共用ã€ã¨ã„ã†æ€§è³ªã‚‚ã‚ã£ã¦ã€åŒä¸€ã®ã‚µãƒ¼ãƒã‚’使用ã—ã¦ã„ãŸè¤‡æ•°ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ãƒ‡ãƒ¼ã‚¿ãŒæ¨ªæ–çš„ã«æ›¸ãæ›ãˆã‚‰ã‚ŒãŸç‚¹ãŒã€2010年代ã«ã¯é€†ã«æ–°ã—ã„。ã“ã®äº‹ä»¶ã§ã€å¿˜ã‚Œã‹ã‘ã¦ã„ãŸæ˜”ã®è¨å®šæ–¹æ³•ã‚’æ€ã„出ã—ãŸæ–¹ã‚‚多ã‹ã£ãŸã®ã§ã¯ãªã‹ã‚ã†ã‹ã€‚ã©ã†ã‚„らã“ã®äº‹ä»¶ã‚’èµ·ã“ã—ãŸã®ã¯æ„‰å¿«çŠ¯ã ã£ãŸã‚‰ã—ãã€æ›¸ãæ›ãˆä»¥å¤–ã«å¤§ããªå®Ÿå®³ã¯ãªã‹ã£ãŸã‚ˆã†ã ãŒã€ãã‚Œã§ã‚‚今ã•ã‚‰ãªãŒã‚‰ã€å…±ç”¨ãƒ¬ãƒ³ã‚¿ãƒ«ã‚µãƒ¼ãƒã®æ€–ã•ã«æ°—ã¥ã„
Japan Vulnerability Notes
JVNVU#93188600: UDPベースã®ã‚¢ãƒ—リケーション層プãƒãƒˆã‚³ãƒ«å®Ÿè£…ã«ãŠã‘るサービスé‹ç”¨å¦¨å®³ (DoS) ã®è„†å¼±æ€§ã€€[2024/03/21 16:00] JVNVU#93571422: Franklin Electric製EVO 550ãŠã‚ˆã³5000ã«ãŠã‘ã‚‹'/../filedir'ã«é–¢ã™ã‚‹ãƒ‘ストラãƒãƒ¼ã‚µãƒ«ã®è„†å¼±æ€§ã€€[2024/03/21 11:30] JVNVU#90671953: Sangoma Technologies製CG/MG family driver cg6kwin2k.sysã«ãŠã‘ã‚‹IOCTLã«å¯¾ã™ã‚‹ä¸å分ãªã‚¢ã‚¯ã‚»ã‚¹åˆ¶å¾¡ã®è„†å¼±æ€§ã€€[2024/03/21 11:00] JVNVU#99690199: 三è±é›»æ©Ÿè£½MELSEC-Q/LシリーズCPUユニットã«ãŠã‘る複数ã®è„†å¼±æ€§ã€€[2024/03/18 18:00] JVNVU#96145466: 複数ã®ä¸‰è±é›»æ©Ÿè£½FA製å“
OWASP Foundation, the Open Source Foundation for Application Security | OWASP Foundation
This website uses cookies to analyze our traffic and only share that information with our analytics partners. Accept Who is the OWASP® Foundation? The Open Worldwide Application Security Project® (OWASP) is a nonprofit foundation that works to improve the security of software. Through community-led open-source software projects, hundreds of local chapters worldwide, tens of thousands of members, a
「地方公共団体ã«ãŠã‘ã‚‹æƒ…å ±ã‚·ã‚¹ãƒ†ãƒ ã‚»ã‚ュリティè¦æ±‚仕様モデルプラン(Webアプリケーション)ã€ã‚’一般公開ã—ã¾ã—㟠- 財団法人 åœ°æ–¹è‡ªæ²»æƒ…å ±ã‚»ãƒ³ã‚¿ãƒ¼ï¼ˆLASDEC)
ç¾åœ¨ä½ç½®ï¼š ホーム >Â æƒ…å ±ã‚»ã‚ュリティ 対ç–æ”¯æ´ > 自治体セã‚ュリティ支æ´å®¤ã‹ã‚‰ã®ãŠçŸ¥ã‚‰ã› > 「地方公共団体ã«ãŠã‘ã‚‹æƒ…å ±ã‚·ã‚¹ãƒ†ãƒ ã‚»ã‚ュリティè¦æ±‚仕様モデルプラン(Webアプリケーション)ã€ã‚’一般公開ã—ã¾ã—㟠背景 æƒ…å ±ã‚·ã‚¹ãƒ†ãƒ ã¯ä½æ°‘å‘ã‘ã®ã‚µãƒ¼ãƒ“ス基盤ã¨ã—ã¦æ¬ ã‹ã›ãªã„å˜åœ¨ã§ã™ãŒã€æƒ…å ±ã‚·ã‚¹ãƒ†ãƒ ã‚’å®‰å…¨ã«åˆ©ç”¨ã™ã‚‹ä¸Šã§é¿ã‘ã¦ã¯é€šã‚Œãªã„å•é¡ŒãŒã‚ã‚Šã¾ã™ã€‚ãã‚ŒãŒã€Œè„†å¼±æ€§ã€ã«é–¢ã™ã‚‹å•é¡Œã§ã™ã€‚  脆弱性ã¨ã¯æƒ…å ±ã‚»ã‚ュリティ上ã®å¼±ç‚¹ã®ã“ã¨ã§ã‚ã‚Šã€è„†å¼±æ€§ã®å•é¡Œã‚’放置ã™ã‚‹ã¨ã€æƒ…å ±ã®æµå‡ºã‚„ã€ãƒ›ãƒ¼ãƒ ページç‰ã‚³ãƒ³ãƒ†ãƒ³ãƒ„ã®æ”¹ã–ã‚“ã€ã‚µãƒ¼ãƒ“スã®åœæ¢ãªã©ã®å•é¡Œã‚’引ãèµ·ã“ã™å¯èƒ½æ€§ãŒã‚ã‚Šã¾ã™ã€‚一見ã™ã‚‹ã¨å®‰å®šã—ã¦å‹•ä½œã—ã¦ã„るよã†ã«è¦‹ãˆã¦ã„ã¦ã‚‚脆弱性ãŒå†…在ã™ã‚‹ã“ã¨ã‚‚ã‚ã‚Šã€æƒ…å ±ã‚·ã‚¹ãƒ†ãƒ ã®èª¿é”・構築・é‹ç”¨ã«ã‚ãŸã£ã¦ã“ã®å¯¾å‡¦ã‚’ã‚らã‹ã˜ã‚決ã‚ã¦ãŠãã“ã¨ã¯å®‰å®šçš„ãªé‹ç”¨ã«æ¬ ã‹ã›ãªã„ã“ã¨ã§ã™ã€‚  特ã«è¿‘å¹´ã§ã¯Webアプリケーションã®è„†å¼±æ€§
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
OpenSSL Security Advisory [5 July 2022]
Today's CPU vulnerability: what you need to know
iPass – Channel Technologies
{{#tags}}- {{label}}
{{/tags}}