{"id":30,"date":"2014-11-10T09:23:07","date_gmt":"2014-11-10T00:23:07","guid":{"rendered":"http:\/\/cloudsecurityalliance.jp\/newblog\/?p=30"},"modified":"2014-11-10T09:23:07","modified_gmt":"2014-11-10T00:23:07","slug":"%e9%81%8e%e5%8e%bb%e3%83%96%e3%83%ad%e3%82%b0%ef%bc%9a%e3%80%80poodle%ef%bc%9a%e3%80%80%e3%81%a9%e3%82%8c%e3%81%8f%e3%82%89%e3%81%84%e6%82%aa%e3%81%84%e3%82%82%e3%81%ae%e3%81%aa%e3%81%ae%e3%81%8b","status":"publish","type":"post","link":"https:\/\/cloudsecurityalliance.jp\/newblog\/2014\/11\/10\/%e9%81%8e%e5%8e%bb%e3%83%96%e3%83%ad%e3%82%b0%ef%bc%9a%e3%80%80poodle%ef%bc%9a%e3%80%80%e3%81%a9%e3%82%8c%e3%81%8f%e3%82%89%e3%81%84%e6%82%aa%e3%81%84%e3%82%82%e3%81%ae%e3%81%aa%e3%81%ae%e3%81%8b\/","title":{"rendered":"\u904e\u53bb\u30d6\u30ed\u30b0\uff1a\u3000Poodle\uff1a\u3000\u3069\u308c\u304f\u3089\u3044\u60aa\u3044\u3082\u306e\u306a\u306e\u304b"},"content":{"rendered":"<h3>2014\/10\/20\uff08\u6708\u66dc\u65e5\uff09<\/h3>\n<p style=\"text-align: right;\">\u65e5\u672c\u30af\u30e9\u30a6\u30c9\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a2\u30e9\u30a4\u30a2\u30f3\u30b9\u3000\u7406\u4e8b\u3000\u8af8\u89d2\u3000\u660c\u5b8f<\/p>\n<p>CSA Blog\u306b\u300cPoodle \u2013 How Bad Is Its Bite? (Here\u2019s the Data)\u300d\u306e\u8a18\u4e8b\u304c\u30a2\u30c3\u30d7\u3055\u308c\u307e\u3057\u305f\u306e\u3067\u3001\u305d\u306e\u6982\u8981\u3092\u7d39\u4ecb\u3057\u307e\u3059\u3002\uff082014\u5e7410\u670817\u65e5\uff09\u3002\u8a18\u4e8b\u306b\u3064\u3044\u3066\u306f\u3001\u4ee5\u4e0b\u306eURL\u3092\u53c2\u7167\u3057\u3066\u4e0b\u3055\u3044\u3002<a href=\"https:\/\/blog.cloudsecurityalliance.org\/2014\/10\/17\/poodle-how-bad-is-its-bite-heres-the-data\/\">https:\/\/blog.cloudsecurityalliance.org\/2014\/10\/17\/poodle-how-bad-is-its-bite-heres-the-data\/<\/a><\/p>\n<p>POODLE (Padding Oracle on Downgraded Legacy Encryption)\u306f\u300110\u670814\u65e5\u306b\u5831\u544a\u3055\u308c\u305f\u8106\u5f31\u6027\u3067\u3001\u30af\u30e9\u30a6\u30c9\u30b5\u30fc\u30d3\u30b9\u306b\u5927\u304d\u306a\u5f71\u97ff\u3092\u4e0e\u3048\u308b\u3082\u306e\u3067\u3059\u3002Poodle\u306e\u8a73\u7d30\u306a\u30ec\u30dd\u30fc\u30c8\u304c\u3001Google\u306e3\u4eba\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a2\u30ca\u30ea\u30b9\u30c8\uff08Bodo Moller, Thai Duong, Krzysztof Kotowicz\uff09\u306b\u3088\u3063\u3066\u4f5c\u6210\u3055\u308c\u307e\u3057\u305f\u3002\u30ec\u30dd\u30fc\u30c8\u306f\u4ee5\u4e0b\u306eURL\u3088\u308a\u5165\u624b\u53ef\u80fd\u3067\u3059\u306e\u3067\u3001Poodle\u306e\u8a73\u7d30\u3092\u7406\u89e3\u3057\u305f\u3044\u4eba\u306f<a href=\"https:\/\/www.openssl.org\/~bodo\/ssl-poodle.pdf\">\u3053\u3061\u3089<\/a>\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<p>Poodls\u306f\u3001SSL v3\u3042\u308b\u3044\u306fSecure Sockets Layer\u30d7\u30ed\u30c8\u30b3\u30ebVersion3\u306b\u5f71\u97ff\u3092\u4e0e\u3048\u308b\u3082\u306e\u3067\u3001\u653b\u6483\u8005\u304ccookie\u3092\u30cf\u30a4\u30b8\u30e3\u30c3\u30af\u307e\u305f\u306f\u5fa9\u53f7\u5316\u3067\u304d\u3066\u3057\u307e\u3046\u3082\u306e\u3067\u3059\u3002\u3053\u308c\u306b\u3088\u308a\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u306a\u3057\u306b\u30a2\u30ab\u30a6\u30f3\u30c8\u3084\u30bb\u30c3\u30b7\u30e7\u30f3\u3092\u4e57\u3063\u53d6\u308b\u3053\u3068\u304c\u3067\u304d\u3066\u3057\u307e\u3044\u307e\u3059\u3002 SSL V3\u81ea\u4f53\u306f\u3001\u3059\u3067\u306b\u53e4\u3044\u3082\u306e\u3067\u3001TLS\u306b\u7f6e\u304d\u63db\u3048\u3089\u308c\u3066\u3044\u307e\u3059\u304c\u3001\u4e0b\u4f4d\u4e92\u63db\u6027\u306e\u305f\u3081\u306bApache\u7b49\u306e\u30a6\u30a8\u30d6\u30fc\u30b5\u30fc\u30d0\u3067\u30b5\u30dd\u30fc\u30c8\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u30d5\u30a9\u30fc\u30eb\u30d0\u30c3\u30af\u6a5f\u80fd\u306b\u3088\u308a\u3001TLS\u3067\u63a5\u7d9a\u3067\u304d\u306a\u304b\u3063\u305f\u5834\u5408\u306b\u3001SSL v3\u3067\u63a5\u7d9a\u3055\u308c\u3066\u3057\u307e\u3046\u3053\u3068\u306b\u306a\u308a\u3001\u3053\u306e\u8106\u5f31\u6027\u306e\u5f71\u97ff\u3092\u53d7\u3051\u308b\u3053\u3068\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<p>\u89e3\u6c7a\u7b56\u3068\u3057\u3066\u306f\u3001\u30b5\u30fc\u30d0\u5074\u3067SSL V3\u30d7\u30ed\u30c8\u30b3\u30eb\u3092\u7121\u52b9\u306b\u3057\u3001TLSv1.0\u4ee5\u4e0a\u3067\u63a5\u7d9a\u3059\u308b\u3088\u3046\u306b\u3059\u308b\u3053\u3068\u3067\u3059\u3002\u3082\u30461\u3064\u3001\u4f01\u696d\u306e\u30d6\u30e9\u30a6\u30b6\u304a\u3088\u3073\u30d7\u30ed\u30ad\u30b7\u30fc\uff08\u30d5\u30a9\u30ef\u30fc\u30c9\u30d7\u30ed\u30ad\u30b7\u30fc\uff09\u3067\u3001SSL v3\u3092\u7121\u52b9\u306b\u3057\u3001TLSv1.0\u4ee5\u4e0a\u3092\u8a31\u53ef\u3059\u308b\u3088\u3046\u306b\u3059\u308b\u3053\u3068\u3067\u3059\u3002\u5225\u306e\u5bfe\u7b56\u3068\u3057\u3066\u3001OpenSSL\u304c\u51fa\u3057\u3066\u3044\u308b\u30d1\u30c3\u30c1\uff08CVE-2014-3566\uff09\u3092\u9069\u7528\u3057\u3001TLS_FALLBACK_SCSV\u3092\u6709\u52b9\u306b\u3059\u308b\u65b9\u6cd5\u304c\u3042\u308a\u307e\u3059\u3002\u305f\u3060\u3057\u3001\u3053\u306e\u30d1\u30c3\u30c1\u306f\u3001\u30b5\u30fc\u30d0\u3068\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u4e21\u65b9\u306b\u9069\u7528\u3055\u308c\u3066\u3044\u308b\u5834\u5408\u306b\u6709\u52b9\u306b\u306a\u308b\u305f\u3081\u3001\u3069\u3061\u3089\u304b\u304c\u9069\u7528\u3055\u308c\u3066\u3044\u306a\u3044\u5834\u5408\u306b\u306fSSL v3\u306b\u30c0\u30a6\u30f3\u30b0\u30ec\u30fc\u30c9\u3057\u3066\u3057\u307e\u3046\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u3057\u305f\u304c\u3063\u3066\u3001\u3053\u308c\u306fTLS\u306b\u5bfe\u5fdc\u3057\u3066\u3044\u306a\u3044\uff08SSL v3\u3067 \u63a5\u7d9a\u3057\u306a\u3051\u308c\u3070\u306a\u3089\u306a\u3044\uff09\u30b5\u30fc\u30d0\u306b\u3069\u3046\u3057\u3066\u3082\u30a2\u30af\u30bb\u30b9\u3057\u306a\u3051\u308c\u3070\u306a\u3089\u306a\u3044\u30b1\u30fc\u30b9\u3067\u3001\u793e\u5185\u30b7\u30b9\u30c6\u30e0\u7b49\u3067\u653b\u6483\u8005\u304b\u3089\u72d9\u308f\u308c\u308b\u53ef\u80fd\u6027\u306e\u7121\u3044\u74b0\u5883\u3067\u3042\u308b\u5834\u5408\u306e\u51e6\u7f6e \u3068\u8003\u3048\u305f\u65b9\u304c\u826f\u3044\u3088\u3046\u3067\u3059\u3002\u3053\u308c\u306f\u3001\u30d1\u30c3\u30c1\u3092\u9069\u7528\u3059\u308b\u5fc5\u8981\u304c\u7121\u3044\u3068\u3044\u3046\u3053\u3068\u3067\u306f\u306a\u304f\u3001\u30d1\u30c3\u30c1\u3092\u9069\u7528\u3059\u308b\u3053\u3068\u306f\u63a8\u5968\u3055\u308c\u307e\u3059\u304c\u3001\u6839\u672c\u7684\u306a\u5bfe\u5fdc\u306f\u3001\u3042\u304f\u307e\u3067SSL v3\u3092\u7121\u52b9\u306b\u3059\u308b\u3053\u3068\u3067\u3059\uff08\u3053\u306e\u30d1\u30c3\u30c1\u306e\u5185\u5bb9\u7b49\u306b\u3064\u3044\u3066\u306f\u3001<a href=\"http:\/\/askubuntu.com\/questions\/537196\/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566\">\u3053\u3061\u3089<\/a>\u306eubuntu\u306e\u60c5\u5831\u3092\u53c2\u7167\uff09\u3002<\/p>\n<p>\u73fe\u6642\u70b9\uff08\u8a18\u4e8b\u304c\u51fa\u3055\u308c\u305f\u6642\u70b9\uff09\u3067\u3001\u307e\u306061%\u306e\u30af\u30e9\u30a6\u30c9\u30b5\u30fc\u30d3\u30b9\u304cPoodle\u306e\u8106\u5f31\u6027\u306b\u5bfe\u5fdc\u3057\u3066\u3044\u306a\u3044\u3068\u3044\u3046\u3053\u3068\u3067\u3059\u3002\u30af\u30e9\u30a6\u30c9\u30d7\u30ed\u30d0\u30a4\u30c0\u306e\u65e9\u6025\u306a\u5bfe\u7b56\u304c\u5fc5\u8981\u3068\u306e\u3053\u3068\u3067\u3059\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>2014\/10\/20\uff08\u6708\u66dc\u65e5\uff09 \u65e5\u672c\u30af\u30e9\u30a6\u30c9\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a2\u30e9\u30a4\u30a2\u30f3\u30b9\u3000\u7406\u4e8b\u3000\u8af8\u89d2\u3000\u660c\u5b8f CSA Blog\u306b\u300cPoodle \u2013 How Bad Is Its Bite? (Here\u2019s the Data)\u300d\u306e\u8a18\u4e8b\u304c\u30a2\u30c3\u30d7\u3055 [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-30","post","type-post","status-publish","format-standard","hentry","category-1"],"_links":{"self":[{"href":"https:\/\/cloudsecurityalliance.jp\/newblog\/wp-json\/wp\/v2\/posts\/30","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudsecurityalliance.jp\/newblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudsecurityalliance.jp\/newblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudsecurityalliance.jp\/newblog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudsecurityalliance.jp\/newblog\/wp-json\/wp\/v2\/comments?post=30"}],"version-history":[{"count":1,"href":"https:\/\/cloudsecurityalliance.jp\/newblog\/wp-json\/wp\/v2\/posts\/30\/revisions"}],"predecessor-version":[{"id":31,"href":"https:\/\/cloudsecurityalliance.jp\/newblog\/wp-json\/wp\/v2\/posts\/30\/revisions\/31"}],"wp:attachment":[{"href":"https:\/\/cloudsecurityalliance.jp\/newblog\/wp-json\/wp\/v2\/media?parent=30"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudsecurityalliance.jp\/newblog\/wp-json\/wp\/v2\/categories?post=30"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudsecurityalliance.jp\/newblog\/wp-json\/wp\/v2\/tags?post=30"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}