ã¡ãã£ã¢èšäº
å
¥åäžã®å人æ
å ±ãâéä¿¡ãã¿ã³ãæŒãåã«âåéãããŠããåé¡ãçŽ10äžã®Webãµã€ãã調æ»
ããºãææ°ããŒã¯ 320
twitterã³ã¡ã³ã 152ä»¶äž 1ïœ100件
å
¥åäžã®å人æ
å ±ããéä¿¡ãã¿ã³ãæŒãåã«ãåéãããŠããåé¡ãçŽ10äžã®ãŠã§ããµã€ãã調æ»
XHRã§éä¿¡ããŠãã€ãïŒ æå³çãæå³ãããã¯éèŠãªç¹ãLeakInspectorã£ãŠç¢ºãã«ãã£ããã©ãœãŒã¹ã ãã§èªåã§xpiå(zipå§çž®ããã ã)ããå¿
èŠã ã
ãã®èšäºããã¯éžãããã©ãæçµç¢ºèªç»é¢ã§æãæ¢ãŸã£ãŠå¥çŽãæç«ããŠããªããŠã代éãè«æ±ããŠãããœãããŠã§ã¢äŒç€Ÿããã£ãã®ãæãåºããã
ãããã£ããwebç³»ãµãŒãã¹ã§å°å
¥ãããŠãŠãäŒå¡ç»é²éäžã ã£ããæéã¡ãŒã«ãå±ãããšãããð
ãããªããšã£ãŠããã ã
ãµã€ãã®ãã©ãŒã å
¥åã
éä¿¡ãã¿ã³ãæŒãåã«ãå人æ å ±åéã
éäžã§ãããŠãåéã
ç¯çœªãšãªã£ãŠããããžã¿ã«ããŒã±ãã£ã³ã°ã
éä¿¡ãã¿ã³ãæŒãåã«ãå人æ å ±åéã
éäžã§ãããŠãåéã
ç¯çœªãšãªã£ãŠããããžã¿ã«ããŒã±ãã£ã³ã°ã
æ¥æ¬ãå€ããã ãªãŒ
Firefoxã¢ããªã³ãLeakInspectorãå
¥ããŠãããæ¹ããããâŠ(°o°ïŒïŒ
ðä»æ¥ã®æ°ã«ãªãAIãã¥ãŒã¹
ã¡ã¢ãã»ãã¹ã¯ãŒãããéä¿¡åã«åéãããŠãããšã®ããšã§ãðšðŠ
ã¡ã¢ãã»ãã¹ã¯ãŒãããéä¿¡åã«åéãããŠãããšã®ããšã§ãðšðŠ
ããæ¬åœã«ãããã©ãŒã ã«ã¯ããã¿ã«ããŒã¿å
¥åããªãæ¹ãè¯ããã
å
¥åäžã§ãã§ã«å人æ
å ±ãæãããŠãã®ã¯
ã«ãŒã«éåããªãð€
ã«ãŒã«éåããªãð€
æ°ã«ãªãä»æ¥ã®ãã¥ãŒã¹
å¯å£«éã®âæ¿åºèªå®ã¯ã©ãŠãâã«äžæ£ã¢ã¯ã»ã¹ èªèšŒæ å ±ãªã©çãŸããå¯èœæ§ ããŒããã©ã³ãµãŒã®è匱æ§æªçš
å¯å£«éã®âæ¿åºèªå®ã¯ã©ãŠãâã«äžæ£ã¢ã¯ã»ã¹ èªèšŒæ å ±ãªã©çãŸããå¯èœæ§ ããŒããã©ã³ãµãŒã®è匱æ§æªçš
ïŒé©ãã¹ãããšã«ãå€ãã®Webãµã€ããéä¿¡ãã¿ã³ãæŒããŠããªãã®ã«ãããããããããŒã¿ã®äžéšãŸãã¯å
šéšãåéããŠãããšããããŠãŒã¶ãŒãèããå€ããŠãã©ãŒã ãéä¿¡ããã«ãµã€ããå»ã£ãå Žåã§ãããµãŒãããŒãã£...
å
¥åäžã®å人æ
å ±ãâéä¿¡ãã¿ã³ãæŒãåã«âåéããŠããŸãWebãµã€ãã欧米ã§æ°åèŠã€ãã£ããããªãæå³çãªãã®ãšãããã§ãªããã®ããããããããæå³çã§ãªããã®ã®åå ã¯ãªããããããæ¥æ¬ã®Webãµã€ãã§ãçµæ§èŠã€ããããããªãããã
ããããããšãã£ãŠãããšãçµå±ã¯çãæ®ããªãã
ããå
¥åãã§ãã¯ãå«ããã©ããã§ãããåéç®çãå©çšè
ã®å©äŸ¿æ§ã®ãããå¥ãããããªããšãèšããªãïŒ
æµ·å€ã®EFOããŒã«ã§ãçµæçã«ãããã§ããããã«ãªã£ãŠãããšãæãã£ãããã¹ãã³ã°ãããããªããéžã¹ãããã°ããšæã£ãŠäœ¿ãã®ããããããããªæ
å ±æã¡ãããªãã
Fitefoxã®ã¢ããªã³å
¥ããšã |
ãã®åé¡ã®ãã¡ã®æªãã¯ãWebãã©ãŒã ãæ§ç¯ããæ
åœè
ã«ã¯æªæ°ããªãããããåæãåŸãŠååŸããããŒã¿ãšåºå¥ãããŠããªããã°å¥ã®æ
åœè
ãç®çå€å©çšããŠããŸãããããããããšã
â
代衚äŸã«McAfeeã¯ç®èïœ
代衚äŸã«McAfeeã¯ç®èïœ
ããã¯è¡šçŸã®ä»æ¹ãæãæ¹æ¬¡ç¬¬ã®éšåã¯ãããŸãããïŒ
äŒå¡ç»é²ã®åã®ã¡ãŒã«ã¢ãã¬ã¹éè€ãã§ãã¯ãåéãšåŒã¹ãªãã¯ãªãããããã¯å¿ èŠãªè¡çºã§ããã©ãããã
äŒå¡ç»é²ã®åã®ã¡ãŒã«ã¢ãã¬ã¹éè€ãã§ãã¯ãåéãšåŒã¹ãªãã¯ãªãããããã¯å¿ èŠãªè¡çºã§ããã©ãããã
ãªããšãŸã
å«ãªãæåããå
¥åããªããã°ããã ãã§ã¯ïŒããããªãå
¥åããŠããŸã£ãã®ãã
2022. 5.20
ããŒã±ãã£ã³ã°ããŒã«ããŠãŒã¶ãŒã®è¡ã£ããã¹ãŠã®æäœãèšé²ãããããã®åäœã«ãªã£ãŠããã±ãŒã¹ããª
ãŸãããŒ
ã€ãŸãFirefoxã䜿ããšã
ã³ã¬ã¯ã²ã©ããéä¿¡åã«åéãããæ
å ±ã¯äœã«äœ¿ããããã ããã
ãã§ã㯠â
ãããïœé§ç®ãªãã€ããïœïœïœ
ã²ãã£
ããåŸãªããªãããã·ã§ã¯ããïŒ
å²ãšã©ãããããªãåé¡
(Ï)ïŸ
Leaky Forms: A Study of Email and Password Exfiltration Before Form Submission (USENIX Security'22)
ã»ãŒã
ïŒãã©ãŒã ãéä¿¡ããã«ãµã€ããå»ã£ãå Žåã§ãããµãŒãããŒãã£ãŒã«ãã£ãŠåéãããŠããïŒ
ãµãŒããŒãµã€ãã§è€éãªå
¥åãã§ãã¯ã®ããã«éœåºŠ"éä¿¡"ããŠããã±ãŒã¹ãããã®ã§ãäžæŠã«"åé"ãšã¯èšãé£ãã
ããåçŽãªå ¥åãã§ãã¯ãªãããã³ãã§ããã®ãäžè¬çã ãããããçšåºŠã¯"åé"ãæ··ãã£ãŠããã
åã«äœããéãªã ããšãããµã€ããããã ãããã©ã
ããåçŽãªå ¥åãã§ãã¯ãªãããã³ãã§ããã®ãäžè¬çã ãããããçšåºŠã¯"åé"ãæ··ãã£ãŠããã
åã«äœããéãªã ããšãããµã€ããããã ãããã©ã
ããâŠããã
ããŒäœæã§ä»ã®æ
å ±ãµãžã§ã¹ãåœãããšãã¢ãã«ã ãããã§ããªããªããŒãã§å
šéšåå
¥åãã€ã±ãŠç¡ããé£ããããã
æè¡çã«ã¯ç°¡åã«åºæ¥ãããããã£ãŠãã ãããªããšã¯æã£ãŠãã
ãã¹ã¯ãŒããåéããŠãã£ãŠããâ
ãªã³ã©ã€ã³ãã©ãŒã ã«å人æ
å ±ãå
¥åããéã¯ããŒã«ã«ã§äžæžããäœæãããã©ãŒã ã«è²Œãä»ããããã«ããã
ããããéä¿¡ãã¿ã³ãªã©æŒãããšãåéã¯å¯èœã§ãããå°ãªããšãæ¥æ¬ãç±³åœã§ã¯æ³çã«ãéæ³ã§ã¯ãªããããããã¹ã姿ã§ããªãã
æåã¯ãã©ãŒã â確èªâéä¿¡ã®äºããšæã£ããã©ãWEBãµã€ãã®ãã©ãŒã ã«ããŒãã¬ãä»èŸŒãã£ãŠãªããªãé¢çœãäºãããªãã
ã¡ãã£ãšåã«GetããŒãã¬ãŒã¯èŠããã©ãããã¯ã©ãããåããããŠãã®ãç¥ãããã
ã¡ãã£ãšåã«GetããŒãã¬ãŒã¯èŠããã©ãããã¯ã©ãããåããããŠãã®ãç¥ãããã
ãããŒãåæåã«ïŒïŒïŒ
翻蚳ãµã€ãã«å
¥åããæ
å ±ããªãã ãããªã
é°è¬è«ãããªããïŒãšæãããæ¬ç©ã ã£ãããã®è¡æã¯äŒãããªãã¢ãããç¥ããªããWebãµãŒãã¹ã®å±éºãªã»ããã³ã
ããçšåºŠã®æéãçµãŠæ¹åãããããšããããã¹ã¯ãŒãã®åéã¯å¶çºçã«è¡ãããŠããã®ã§ã¯ãªãããšæšæž¬
"é©ãã¹ãããšã«ãå€ãã®Webãµã€ããéä¿¡ãã¿ã³ãæŒããŠããªãã®ã«ãããããããããŒã¿ã®äžéšãŸãã¯å
šéšãåéããŠããâŠããŒããŒããžã®å
¥åãèšé²ããããŒãã¬ãŒã«é¡äŒŒãããšææ"
æ¬äººã®åæãæç«ããªããã¡ã«åéããã®ã¯ããã¡ã§ããã
ããã¯åã
ããçãããã£ãããªâŠå°ãªããšãããªããŒã·ã§ã³ã®ããã«ãã£ã¡ã«ããŒã¿ãéããªããšãããªãå
¥åãããã ãããã
ãä»è©±é¡ã®èšäºðã

ïŒ
ð
âŠ

ïŒ
ð
âŠ
絶察ã«ãã£ãŠãããµã€ãããã ãããªâŠãšæã£ãŠããŸããããããã¯ããã®æãã§ããåºç¯ãªèª¿æ»ãæåŸ
ããŠããŸãã âã
ããŒãããã€ããª
ãïŒ
ç¥ããªãã£ã
ç¥ããªãã£ã
ããã®ãããã®èŠæã¯å¿
èŠã ããŠã¹ãã«ãŒãœã«ã®åãããã§ãã¯ãããŠãããšæã£ãŠããã»ãããããããããŸããããŸããŠãã»ã»ã»ã
ã¯ããåçš®ãã©ãŠã¶çšã®ãããã«ãŒã§ããŠæ¬²ããããéä¿¡ãã¿ã³æŒããŠãªãã®ã«æ
å ±åéãããŠããŸãã
Webã§å
¥åãã£ãŒã«ãã«IDããã¹ã¯ãŒããå
¥åãããéä¿¡ããããªããŠãçžæã¯ãã®ããŒã¿ãã²ããåºæ¥ãããšèšã話ã¯ä»¥åãããã£ãããå®éã«ã©ãã ãã®ãµã€ãããããããŠãããã調ã¹ãçµæãå
¬è¡šãããã
å€ãã®Webãµã€ããéä¿¡ãã¿ã³ãæŒããŠããªãã®ã«é¢ãããããŒã¿ã®äžéšãŸãã¯å
šéšãåéããŠãã
LeakInspector
å人ããŒã¿ã®æŒãããèŠåããã³ä¿è·ããFirefoxã¢ããªã³
LeakInspector
å人ããŒã¿ã®æŒãããèŠåããã³ä¿è·ããFirefoxã¢ããªã³
æªçšããããèŸã_(:3ãâ )_
ãããŒããã¡ãããããªãã§é¢ä¿ãªããšãã«éããããã ïŒ
æ²¹æãéããªããªãã
ãã®ãŠãŒã¶ãŒåã¯æ¢ã«äœ¿çšãããŠããŸããšææããŠããããããæ©èœã¯æçšã ãšæãããããããå
¥åãããŒã¯ãããããšã¯ä»çµã¿çã«é²ãã®ã¯å°é£ã ãããæåå
¥åã¯ç£èŠãããŠãããšããèªèãå
±æããæ¹ãããã®ã§ã¯
ãµã€ãé²èŠ§ããã ãã§é²èŠ§å±¥æŽãæ®ãïŒãµã€ãé²èŠ§å±¥æŽãæŒããŠããïŒ
çŽ10äžã®Webãµã€ããèª¿æ» ã
åããåé¡ãããããªæ°ãããŠãããããã¯ãã§ããã
éä¿¡ããŠããªãã®ã«ããããããããªã³ã©ã€ã³ãã©ãŒã ã§å
¥åããå人æ
å ±ïŒä»åã¯é»åã¡ãŒã«ã¢ãã¬ã¹ãšãã¹ã¯ãŒãïŒãæã¡èŸŒãã ã ãã§åéãããŠããåé¡ã調æ»ãã
. è¿·æã¡ãŒã«ãããã®ã¯ãããçç±ã®äžã€ãªã®ãïŒð€
ãããªâŠãŠãŒã¶ãŒãã©ããŸã§å
¥åããŠè«Šãããã調ã¹ãããã«ä»èŸŒãèŠä»¶ããã£ãæ°ããããªãšãããã§ããããã¯äžèº«ã¯éã£ãŠãªãã£ããã
ããã¯ç¥ããªãã£ã
ããªããŒã·ã§ã³ããµãŒããŒãµã€ãã§è¡ãããã«ãã©ãŒã å
¥åæã«éåæã§éä¿¡ããã®ã¯æ®éã«ãããããªå®è£
ã ãšæãããããNGãšããããšã«ãªã£ãŠããã®ããªã
ãããªãã§ãã...
åéããŠãã®ã¯çŽãããããããã¬ããã€ã³ã·ãã³ããã®ãªã®ã«ããªã¹ã¯é«ãããªããâŠ
âå€ãã®Webãµã€ããéä¿¡ãã¿ã³ãæŒããŠããªãã®ã«ãããããããããŒã¿ã®äžéšãŸãã¯å
šéšãåéããŠãããšãããïŒç¥ïŒããŒããŒããžã®å
¥åãèšé²ããããŒãã¬ãŒã«é¡äŒŒãããšææâ
å
¥åéäžãªã®ã«åéããŠãã£ãŠè©±ãããã
éµäŸ¿çªå·ãéäžãŸã§å
¥ããæç¹ã§äœæãè£å®ãããµã€ããããã©ãããããã®ãããã«åœããã®ããªã
å人æ å ±ãã©ãã©ãæ¡å€§ããããšã§ãå©äŸ¿æ§ãããªãå¶çŽãåãããã
å人æ å ±ãã©ãã©ãæ¡å€§ããããšã§ãå©äŸ¿æ§ãããªãå¶çŽãåãããã
ãã¡ã®ã«ãããããã«ã²ã£ããã£ãäºããïœ( ŽÏ)â
ãŸãã©ã£ãã¯ãã£ãŠããã ãããªãšæã£ãŠãïœãµãŒããŒåŽãªããŠããããšæãã°ããããä»èŸŒãããããªããç»é²ããæ°ã®ãªããµã€ãã«ã¯è¿å¯ããªãã®ãäžçªãã
ããã«ããããããªè©±ã§ã¯ãã
ãµã€ãã«åã蟌ãŸããèšæž¬ã¿ã°ãªã©ããã©ãŒã ã«å
¥åãããã¡ãŒã«ã¢ãã¬ã¹ãªã©ãå€éšã«éä¿¡ããŠãããšãã話ããã£ãããã¹ã¯ãŒããéä¿¡ããŠãããã€ã¯å
šå
¥åæ¬ãéã£ãŠãããšããããšãªã®ã ãããã
éçºããåŽãšããŠã¯ããªããŒã·ã§ã³ã®ããã«ãµãŒããŒåŽã«éãããšãåéãšèšããããå°ããªãšã¯æããåããèŠãŠåºå¥ã§ããã®ããšãããšã©ããªãã ãïŒãšã¯æããã©ã
iPhoneã®äººã¯Appãã©ã€ãã·ãŒã¬ããŒãã確èªããã
> é»åã¡ãŒã«ã¢ãã¬ã¹ãšãã¹ã¯ãŒããæµåºããäžäœãã©ãã«ãŒãã¡ã€ã³ã®ãªã¹ã
> é»åã¡ãŒã«ã¢ãã¬ã¹ãšãã¹ã¯ãŒããæµåºããäžäœãã©ãã«ãŒãã¡ã€ã³ã®ãªã¹ã
ïŒïŒïŒãããŒããããã°ãããã·ãšçŠæ¢ããã°ããã®ãïŒïŒã
ããäºå®ãªã倧åé¡ãããªãïŒð€
åéãããã©ããã¯ãåæãšãè¯å¿ã«å§ãããŠãããã®ã§ãåºæ¬çã«ã¯ãWEBãšã¯ããããããšãå¯èœæ§ãªãã®ã ãšããç解ã¯ããŠãããã»ããè¯ããšæãã
ð.oO( æçµçã«ã©ã解éãããã®ããã»ãã¥ãªãã£ã®æ ãè¶
ããŠã€ã³ã¿ãŒãã§ãŒã¹ãšããŠãèå³æ·±ã )
â¶ïž
â¶ïž
ãããå
¥åè£å®ãšããã£ã¡ã®æ¹ãŸã§æŽŸçããŠèŠå¶ããã£ãããããå«ããããããã¡ããšæ£²ã¿åãããŠã»ãã
ããã£ãŠãã©ãŒã ããã«ãŒãœã«é¢ãããAjaxãšãã§ãªã¯ãšã¹ãéä¿¡ããããã«JSãšãå®è£
ãããŠãã®ããªïŒ
åœãã©ãŒã ã«æªçšããããã ãã©ããã©ãŠã¶åŽã§é²æ¢ãããšãããéåæåŠçãªãŒã«NGãããã察çãªãããããªãã®ããªïŒïŒè©³ãã人ã«è§£èª¬ããŠã»ããã»ã»ã»
åœãã©ãŒã ã«æªçšããããã ãã©ããã©ãŠã¶åŽã§é²æ¢ãããšãããéåæåŠçãªãŒã«NGãããã察çãªãããããªãã®ããªïŒïŒè©³ãã人ã«è§£èª¬ããŠã»ããã»ã»ã»
å©çšããŠãåŽã¯ããã¯æã£ãŠãªãã§ãããããããšæå³ããŠãªããŠããã¡ã€ã«ã®ã¢ããããŒãåšãã¯å©çšè
ã®èªèãšã¯ç°ãªã£ãŠããã§ããã
ããŠãŒã¶ãŒã欧å·ã«ãããšãã«Webãµã€ãã蚪ããå Žåãšç±³åœããWebãµã€ãã蚪ããå Žåã®2ã€ã®ã·ããªãªãæ€èšãããã
èŠãŠã: "
ããèªãã ããµãŒãããŒãã£ãžã®éä¿¡ã®è©±ã
ããŒããžã
ã¡ãã£ãšä¿ç
ãããä»ã®ãã°ã€ã³æ
å ±ããã£ããéããããªããª
è€å¢ãã°ãã以äžã«ãä»ã®ãµã€ãã®ãã°ã€ã³æ å ±ãåéãããããšããŸãã
è€å¢ãã°ãã以äžã«ãä»ã®ãµã€ãã®ãã°ã€ã³æ å ±ãåéãããããšããŸãã
ããã察åŠã®ãããããªããšæããã§ãããããã©ãŒã ã®å
容ãsubmitãæ瀺çã«æŒããããŸã§ååŸããªãããšããã¬ãã«ãŸã§å¶éãããããšããããAjaxã®å®è£
å
šéšãã¡ã«ãªããŸããã
ã
ã
æ¥æ¬ã®ãµã€ãã¯ã©ããªã£ãŠãã ãããããããã
å±±äžè£æ¯
ãããããããããªãšæã£ãŠããã©ãå®éãããããª
ãããããããããªãšæã£ãŠããã©ãå®éãããããª
å㞠次ãž
èšè«ã®èªç±ãã³ã³ãã³ãèŠå¶ãââéææ åãããã§æ¡æ£ãæš¡å£ç¯åŸã絶ãã