ããã«ã¡ã¯ãã·ãã¯ã¹ã»ã¢ãã¼ãã®é«æ©ã§ãã å æ¥ã6æ25æ¥ï¼åï¼ã竹æ©ã®æ¯æ¥ã³ãã¥ãã±ã¼ã·ã§ã³ãºæ¬ç¤¾ã§ããMovable Type 5.1ãããã®ç¾å ´ã®ä»äºè¡ãã®çºåãè¨å¿µãã¦ãæ¸ç±ã®èè é£ãè¬å¸«ã®ã»ããã¼ãMTDDC Meetup Tokyo 2011ããéå¬ããã¾ããã ï¼ãMovable Type 5.1ãããã®ç¾å ´ã®ä»äºè¡ãã®èè é£éåï¼ å½æ¥ã¯æºå¸ã120å以ä¸ã®æ¹ã«ãè¶ãããã ãã¾ããã åå è å ¨å¡ã«ãå½æ¥æç¹ã§ã¾ã çºå£²åã®ããMovable Type 5.1ãããã®ç¾å ´ã®ä»äºè¡ããé å¸ããã¾ãããã ã¾ããå½æ¥ã®Twitterã®ããã·ã¥ã¿ã°#mtddcã@herl_SaGaãããtogetterã«ã¾ã¨ãã¦ããã¾ããï¼ Togetter - ãMTDDC Meetup Tokyo 2011(2011å¹´6æ25æ¥)ãã¾ã¨ãã ä¸çªåãã«ã·ãã¯ã¹ã»ã¢ãã¼ãã®é¢ããéä¼ã®ãæ¨æ¶ãæ¬
WordPressã®å ¬å¼ãã©ã°ã¤ã³ãã£ã¬ã¯ããªã§ã»ãã¥ãªãã£ã®ã¿ã°ãä»ãã¦ãããã©ã°ã¤ã³ãããã¼ãããã®ããç´¹ä»ã ããã¯ããã¯ããï¼åãããç´¹ä»ããã¤ããã調ã¹åºãããèå³æ·±ããã©ã°ã¤ã³ãããããã¨ï½ã èªåã§ä½¿ã£ã¦ãã®ã¯Login LockDownã¨AntiVirusããããªãã§ããã²ä½¿ãå¿å°ãã³ã¡ã³ãã§ãç¥ãããã ããï¼ ã¾ããä»ã«ãè¯ããããªã®ããã£ãããç¥ãããã ããï¼ WordPress File Monitor Plus WordPressã®ãã¡ã¤ã«ãæ¹å¤ã追å ãåé¤ããããã¡ã¼ã«ã§ç¥ããã¦ããããã©ã°ã¤ã³ã Force Strong Passwords WordPressã®ããã©ã«ãã§ã¯ãã¹ã¯ã¼ãå¤æ´æã«ãã®ãã¹ã¯ã¼ãã®å¼·åº¦ã表示ãã¦ãããããå¼±ãï¼ç°¡åãªï¼ãã¹ã¯ã¼ããåãä»ããªãããã«ããããã§ã¯ãªãããã®ãã©ã°ã¤ã³ã¯ãã¹ã¯ã¼ãã®å¤æ´æã«ä¸å®ä»¥ä¸ã®å¼·åº¦ã®ãã¹ã¯ã¼ãã§ã¯ãªã
}w\ï¾æ gk-ï¾bMHfZæ£émuï¾å¤ カ,, å·FçォRåUu=$å§/é· ï½¤zゥJï½¥æ¹ï½³ï¾# Cï¾2ヲ cç¶ï½¼ )*w液ァ{ ï¾(&ï¾!)&ï¾ï¾é© ï½³ é{Cï½²ï¾$åZ Iu éï½³ï¾>{çºjï¾'m{[{é§ï¾ #!ï½kçµ ï½ZcSsâï½ï¾ï¾m=mï¾ï¾ï¾{ï¾6ï½®ï¾ï¾ç0 é。è·ï¾Fï½q(äºï¾ï¾ï¾ï½¯ï½³ï½³: mLmï½±ï¾?ï¾:ï¾ï½µï¾ï¾ ï¾V$ ï¾ b#z ,V8 $9&|、ア ッå¹y LYH :2ï¾ ï¾ædP ï¾^ A P[ï¾ ï¾#ï¾ï¾ z?ï¾ï½¢~カï¾ï½¼ "åï¾ï½²ï¾_ï½·nï¾ ï½¶% 'æ£SG3\pï½±tï¾ï½©k ï½®|cï¾è²®ï¾æ²ï½¿Y^ï½£ g 9é½% vャ}褪 ï¾G ï¾ çªº S~G uï¾æw ZAa.ï¾ï½¢ï½²1 幡ï¾Hféゥï¾æï¾ {クm0 81 .ç²ï½¿ ï½³i è·µ(ï½®ï¾}~ï½¬è «.gSL'Cæ¢ $#zb(ã ?`ï¾å 69è¡ï¾C P#ï¾ï½®ï½¡?ï½®7Jï¾ Mï¾è 67カèï¾ï¾ï½¶fjï¾ï¾tTï¾ï¾`P 4% 羽ク
以ä¸ã¯ãWEBããã°ã©ãã¼ç¨ã®WEBèå¼±æ§ã®åºç¤ç¥èã®ä¸è¦§ã§ãã WEBããã°ã©ãã¼ã®äººã¯ãããèªãã°WEBèå¼±æ§ã®åºç¤ããã¹ã¿ã¼ãã¦WEBããã°ã©ã ãæ¸ããã¨ãã§ããããã«ãªã£ã¦ããããã§ãã ã¾ããWEBèå¼±æ§ã®ç°¡æãªãã¡ã¬ã³ã¹ã¨ãã¦ãå°ãå©ç¨ã§ããããããã¾ããã WEBã¢ããªã±ã¼ã·ã§ã³ãéçºããã«ã¯ãéçºè¦ä»¶æ¸ãããã°ã©ã ä»æ§æ¸éãã«éçºããã°è¯ãã¨ããããã«ã¯ããã¾ããã ãããWEBèå¼±æ§ãçãæªæã®ã¦ã¼ã¶ã«ã対å¦ããªãã¨ãããªãã®ã§ãã ä»åãWEBã¢ããªã±ã¼ã·ã§ã³ãéçºã«ããã£ã¦ã®WEBèå¼±æ§ãã以ä¸ã®ä¸è¦§ã«ã¾ã¨ãã¦ã¿ã¾ããã ãã®ã¾ã¨ããWEBã¢ããªã±ã¼ã·ã§ã³éçºã®åèã«ãªãã°å¹¸ãã§ãã ã¤ã³ã¸ã§ã¯ã·ã§ã³ ã¯ãã¹ãµã¤ãã»ã¹ã¯ãªããã£ã³ã° ã»ãã·ã§ã³ã»ãã¤ã¸ã£ã㯠ã¢ã¯ã»ã¹å¶å¾¡ãèªå¯å¶å¾¡ã®æ¬ è½ ãã£ã¬ã¯ããªã»ãã©ãã¼ãµã«(Directory Traversal) CSRFï¼
åç §å (ãªãã¡ã©) ãé®æãããWeb ãµã¤ããæ£ãã表示ãããªã (Norton Internet Security 2003/Norton Personal Firewall 2003) Norton Internet Security ã Norton Personal Firewall ã§ã¯ã©ã®ãã¼ã¸ãã移åãã¦ãããã¨ããåç §å (ãªãã¡ã©) æ å ±ãé®æããããã«è¨å®ããã¦ãã¾ããããããã¼ã ãã¼ã¸ã«ãã£ã¦ã¯ãåç §å æ å ±ãå¿ è¦ãªå ´åãããã¾ãã åç §å æ å ±ãé®æãã¦ãããã¨ã«ãã£ã¦ããã¼ã ãã¼ã¸ãæ£å¸¸ã«è¡¨ç¤ºãããªããããªå ´åã¯ããã® Web ãµã¤ãã«å¯¾ãã¦åç §å æ å ±ãé®æããªãããã«è¨å®ãã¦ãã ããã
å æ¥ãAmebaãªããCSRFã¨ããé常ã«ããã¥ã©ã¼ãªèå¼±æ§ãæ«é²ãããã¨æã£ãããããæ°æ¥ã¯ã»ãã³ãããã·ã§ããã³ã°ã§XSSã®èå¼±æ§ã¨ãIDæ¨æ¸¬ã«ããä»ã¦ã¼ã¶ã®å人æ å ±é²è¦§ã®åé¡ãçºçãã¦ããã¨ããåãæµãã¦ãã¾ãã ã¦ã¼ã¶ã®æ å ±ãé ãã£ã¦ãããªãããåºæ¬çãªã»ãã¥ãªãã£ã®å¯¾çãã§ãã¦ããªãã¨ããã®ã¯ãéè¡ã«ä¾ãããªãããéãé ãããã¨ããæã«ããéã¯é ããã¾ããã¡ããã¨ä¿ç®¡ãã¾ããã§ãè¦åã¯ãã¾ãããªãã®ã§çã¾ãããã¹ã¤ãã»ã³ãã¨è¨ããããããªãã®ã ã¨æãã è¦åã«ç©´ããã£ãã¨ããã®ã§ã¯ãªããã¾ã¨ãã«è¦åãã¦ã¾ããã§ãããã¨ããã®ã¯ãããã«ããããªããã¨ã§ãã ããã§ãéè¯WEBããã°ã©ãã§ããç§ãç¥ã£ã¦ããèå¼±æ§ãåæãã¦ã¿ãã ç§ã¯ããã°ã©ãã§ãã£ã¦ã»ãã¥ãªãã£ã®å°é家ã§ã¯ãªãã§ãããããä»å¹´ã®æ¥è¾ºããããã£ã¨å¤åãã®WEBããã°ã©ã ã¯çµãã§ã¾ããã ãã®äººéãç¥ã£ã¦ãããã®ã並ã¹
SQLãç¨ãã¦ãã¼ã¿ãã¼ã¹ãæ±ãWebã¢ããªã±ã¼ã·ã§ã³ã¯ãSQLæ³¨å ¥ã許ããªãããã«ããå¿ è¦ããããSQLæ³¨å ¥æ»æ対çã®ãã¡ãã¾ãã¯å®è£ ã«ããã対çã«ã¤ãã¦è¿°ã¹ãã æèã«å¿ããç¹æ®è¨å·å¯¾çã¯ã³ãã³ãæ³¨å ¥æ»æ対çã¨åæ§ã§ãããå ãã¦ãããªãã¢ã¼ãã¹ãã¼ãã¡ã³ãã®ä½¿ç¨ãè¨èªã®é¸æã«ãã対çã説æããã ãSQLæ³¨å ¥ï¼SQL injectionï¼ãã¯ããã©ã¡ã¼ã¿ãåãè¾¼ãã§SQLæãçµã¿ç«ã¦ãå ´åããã®ãã©ã¡ã¼ã¿ã«ç¹æ®è¨å·ï¼è¨å·ï¼ãå«ã¾ããSQLã³ãã³ããä¸ãããã¨ã«ãã£ã¦ããã¼ã¿ãã¼ã¹ã®ä¸æ£æä½ãå¯è½ã¨ãªã£ã¦ãã¾ãåé¡ã§ããã åèï¼ CWE-89: Improper Neutralization of Special Elements used in an SQL Commandï¼æ¥æ¬èªè¨³ï¼ SQLæ³¨å ¥æ»æã®ã¡ã«ããºã ããã«ã次ã®ãããªSQLæã使ç¨ãããã°ã¤ã³å¤å®ããã°ã©ã ãããã¨ãã
馬鹿ãããªãã®ãããã®ãããªã»ãã¥ãªãã£ã«é¢ããæ å ±å ¬éãã¼ã¸ã¯ https:// ã§æä¾ããï¼é²è¦§è ãæãã° https:// ã§ãé²è¦§ã§ããããã«ããï¼ã®ãå½ç¶ãªã®ã«ãæºå¸¯é»è©±ä¼ç¤¾ã¨ãããããã®ããããããããã£ã¦ãããªèªèãªã®ã ã ï¼8æ2æ¥è¿½è¨: ã½ãããã³ã¯ã¢ãã¤ã«ã«ã¤ãã¦ã¯ã7æ27æ¥ã®æ¥è¨ã«è¿½è¨ãåç §ã®ãã¨ãï¼ ãããã¾ããã±ã¼ã¿ã¤Webé¢ä¿è ã®èª°ã²ã¨ããçåã®å£°ãããã¦ããªããã¨ãã¾ããä¿¡ãé£ããä½ã®çåãæ±ããã«ããããã®ã¾ã¾è¨å®ãã¦ããã®ã ããã ãããªç¶æ ã§ã¯ãã±ã¼ã¿ã¤Webã®éå¶è ã¯ãDNSãã¤ã¾ãã³ã°çã§å½ãã¼ã¸ãé²è¦§ããããã¦ããæ°ä»ããã«ãå½ã¢ãã¬ã¹å ¥ãã®å¸¯å表ãä¿¡ãã¦ãã¾ãã ããã ã¤ã¾ãããã¨ãã°ãexample.jp ã¨ããã±ã¼ã¿ã¤ãµã¤ããéå¶ãã¦ããä¼ç¤¾ã example.co.jp ã§ããã¨ãã«ãæ»æè ã¯ãexample.co.jp ã®DNSãµã¼ãã«
ãã°ã¤ã³æ©è½ãæã¤ã¢ãã¤ã«ãµã¤ãã§ã¯ã»ãã·ã§ã³ãå¿ è¦ä¸å¯æ¬ ã«ãªããããã®ã»ãã¥ãªãã£åé¡ã«ã¤ãã¦ã®åå¿é²ã 以ä¸ãåé¡ã«é¢ãã¦ã®åèãµã¤ãã ke-tai.org - PHPã§æºå¸¯ããã»ãã·ã§ã³ã使ãå ´åã®è¨å®æ¹æ³ maru.cc@ã¯ã¦ãª - auã®SSLã§cookieã®æåããããã maru.cc@ã¯ã¦ãª - auãSoftBankã§SSLã§Cookieã»ãã·ã§ã³ã使ç¨ããå ´åã®åé¡ç¹ [DoCoMo] DoCoMoã®ç«¯æ«ã¯Cookieã使ããªãã®ã§ãã»ãã·ã§ã³ã使ãã«ã¯å¿ ç¶çã«Apacheã®session.use_trans_sidã使ãäºã«ãªãï¼URLã®ä¸ã«ã»ãã·ã§ã³IDãåãè¾¼ãæ¹å¼ï¼ã ãã®æåé¡ã«ãªãã®ã¯2ç¹ã ã¾ãURLã®æµåºã«ããã»ãã·ã§ã³ãã¤ã¸ã£ãã¯ãæºå¸¯ã¯PCã«æ¯ã¹ããã®åé¡ã表é¢åãããããããã¯ãåéã«ãµã¤ããæãããã¨ä»è¦ã¦ãããã¼ã¸ã®URLããã®ã¾ã¾ã¡ã¼ã«ã§é
ã¤ã³ã¿ã¼ãããã¢ããªã±ã¼ã·ã§ã³ãéçºããéã«ã¯ãå種ã»ãã¥ã¢ãããã³ã«ã«ã¤ãã¦ã®ç¥èãå¿ è¦ã§ãã ã¤ã³ã¿ã¼ãããã»ãã¥ãªãã£ã«é¢ãã RFC RFCï¼Request for Commentsï¼ã¯ãIETFï¼The Internet Engineering Task Forceï¼ã«ãããã¤ã³ã¿ã¼ãããæ¨æºåæ´»åã«ãã£ã¦å ¬è¡¨ãããä¸é£ã®å ¬å¼ææ¸ã§ããã»ãã¥ã¢ãããã³ã«ã®å®è£ ãä¿é²ãããããã¤ã³ã¿ã¼ãããã»ãã¥ãªãã£ã«é¢ããRFCãæ²ããéè¦ãª RFCã«ã¤ãã¦ã¯ãæ¥æ¬èªã«ç¿»è¨³ãã¦æä¾ãã¦ãã¾ãã ã¢ã¤ãã³ãã£ãã£ç®¡çæè¡è§£èª¬ åºç¾©ã®ã¢ã¤ãã³ãã£ãã£ç®¡çæè¡ã®åéã«ããã¦ãã¤ã³ã¿ã¼ããããããã³ã«ã使ããã¦ãã¾ããçµç¹å ã®ã¢ã«ã¦ã³ã管çã«ããã¦ä½¿ãããã®ã¿ãªãããã¤ã³ã¿ã¼ãããä¸ã«ãããã¦ã¼ã¶èªè¨¼ãå±æ§æ å ±äº¤æãã¢ã¯ã»ã¹èªå¯ã«ããã¦ãå¤ç¨®å¤æ§ãªãããã³ã«ãå©ç¨ããã¾ãã PKI é¢é£æè¡æ å ± PK
ç¬ç«è¡æ¿æ³äºº æ å ±å¦çæ¨é²æ©æ§ã»ãã¥ãªãã£ã»ã³ã¿ã¼ï¼IPA/ISECï¼ããã³æé責任ä¸éæ³äºº JPCERT ã³ã¼ãã£ãã¼ã·ã§ã³ã»ã³ã¿ã¼ï¼JPCERT/CCï¼ã¯4æ24æ¥ãã·ãã¯ã¹ã»ã¢ãã¼ããæä¾ããããã°ã·ã¹ãã ãMovable Typeãã«ã¯ãã¹ãµã¤ãã¹ã¯ãªããã£ã³ã°ã®èå¼±æ§ãåå¨ããã¨å ¬è¡¨ããããã®åé¡ã¯ãéå»ã«å ¬è¡¨ãããèå¼±æ§ã¨ã¯ç°ãªããã®ã ã¨ããã ä»å確èªãããèå¼±æ§ã¯ããMovable Type 4.24ï¼Professional PackãCommunity Packãå梱ï¼ããMovable Type Commercial 4.24ï¼Professional Packãå梱ï¼ããMovable Type 4.24 EnterpriseããMovable Type 4.24ï¼Open Sourceï¼ãã«åå¨ãããã¾ããMovable Type 4.25ãã§ããã°ãã¼ãã«ãã³ã
ã¤ã³ã¹ãã¼ã«ãçµäºããéã«ãã»ãã¥ãªãã£ä¸åé¤ããã»ããè¯ããã¡ã¤ã«ã¯ããã¾ãããã¾ãããã¼ããã·ã§ã³ãå¤æ´ããæ¹ãè¯ããã¡ã¤ã«ã¯ããã¾ããã A. 以ä¸ã® CGI ãã¡ã¤ã«ã«ã¤ãã¦ã¯ãMovable Type ã®ã¤ã³ã¹ãã¼ã«ä½æ¥ã®çµäºå¾ãå®è¡ãããã¨ã¯ããã¾ããã ã»ãã¥ãªãã£ä¸å¿ è¦ãªå ´åã«ã¯ããã¼ããã·ã§ã³ãå¤æ´ãã¦å¤é¨ããã®å®è¡ãè¡ããªãããã«ãããããããã¯ã¦ã§ããµã¼ãã¼ããåé¤ãã¦ãã ããã mt-check.cgimt-wizard.cgimt-testbg.cgimt-upgrade.cgi
è¨äºãã¼ã¿ æ稿è ææçç´ æ稿æ¥æ 2005-05-13T21:05+09:00 ã¿ã° CSRF htaccess mixi Movable Type ã¾ã¨ã ã»ãã¥ãªã㣠èå¼±æ§ æ¦è¦ MT ãã¤ã³ã¹ãã¼ã«ãããçã£å ã«è¡ãã¹ãã»ãã¥ãªãã£å¯¾çã®æ¹è¨çã§ããæ£ããèªèã¨é©åãªå¯¾å¦ãããã¨ããã¯ã¢ãããèã ã¨æãã¾ãã ãªãã©ã¤ 12 件ã®ãªãã©ã¤ãããã¾ãã ãã®è¨äºã®èª¬æããã³ããã MT ãã¤ã³ã¹ãã¼ã«ãããçã£å ã«è¡ãã¹ãã»ãã¥ãªãã£å¯¾çã¨ããè¨äºã 2004 å¹´ 9 æã«æ¸ãã¾ããããå½æ㯠Movable Type 2.661 ã®ç°å¢ãæ³å®ãã¦æ¸ãããã®ã§æ å ±ã¨ãã¦ã¯å¤ããã¾ãå¤ãã®ãã©ãã¯ããã¯ãããã ãããããã§è¿½å æ å ±ãå¾ãããã¨ãããã¨ããããæ°ãã«ã¾ã¨ãç´ãã¦ã¿ããã¨æãã¾ããã MT ãã¤ã³ã¹ãã¼ã«ãããçã£å ã«è¡ãã¹ãã»ãã¥ãªãã£å¯¾çãæ¢ã«èªã¾ããæ¹ã¯ãããã¤
ãªãªã¼ã¹ãé害æ å ±ãªã©ã®ãµã¼ãã¹ã®ãç¥ãã
ææ°ã®äººæ°ã¨ã³ããªã¼ã®é ä¿¡
å¦çãå®è¡ä¸ã§ã
j次ã®ããã¯ãã¼ã¯
kåã®ããã¯ãã¼ã¯
lãã¨ã§èªã
eã³ã¡ã³ãä¸è¦§ãéã
oãã¼ã¸ãéã
{{#tags}}- {{label}}
{{/tags}}