ãã©ãŠã¶ãŠã£ã³ããŠã«ããå°ããªå京é ã¯ãéè¡ãé»åã¡ãŒã«ãšå®å
šã«éä¿¡ããŠããããšã瀺ããã®ã§ãããå¿
ãããæå³ãããã®ã§ã¯ãããŸããã
éåžžããŠãŒã¶ãŒããã³ã¯ãªãã¢ã¡ãªã«ãGmailãPayPalãeBayãªã©ã®å®å
šãªWebãµã€ãã«ã¢ã¯ã»ã¹ãããšããã©ãŠã¶ãŒã¯Webãµã€ãã®èšŒææžãåæããŠãã®ä¿¡é Œæ§ãæ€èšŒããŸãã
ããããæè¿ã®ãªã¹ãã³ã°äŒè°ã§ãã»ãã¥ãªãã£ç 究è
ã®ã¯ãªã¹ã»ãœãŽã€ã¢ã³ã¯ãå°ããªäŒç€Ÿããæå·åãç Žãããšãªãæ¬ç©ã®ãŠã§ããµã€ãã§ã¯ãªãåœã®ã»ãã¥ãªãã£èšŒææžã䜿çšããã¡ãã»ãŒãžãã€ã³ã¿ãŒã»ããããé£éŠã¹ãã€ããã€ã¹ãæäŸããŠããããšãçºèŠããŸããå®å
šãªæ¥ç¶ã確èªããããã«äœ¿çšãããŸãã ããã€ã¹ã䜿çšããã«ã¯ãæ¿åºã¯100ãè¶
ããä¿¡é Œã§ããèªèšŒå±ã®ããããããåœã®èšŒææžã賌å
¥ããå¿
èŠããããŸãã
æ»æã¯å€å
žçãªäžéè
æ»æã§ãããã¢ãªã¹ã¯ãããšçŽæ¥è©±ããŠãããšèããŸããã代ããã«ãããªãŒã¯äžéã«å
¥ããã¡ãã»ãŒãžãéåä¿¡ããæ¹æ³ãèŠã€ããã®ã§ãã¢ãªã¹ãšããã¯åœŒå¥³ãããã«ããããšãç¥ããŸããã
ãã³ã·ã«ããã¢å€§åŠã®ã³ã³ãã¥ãŒã¿ãŒãµã€ãšã³ã¹ææã§ããäž»èŠãªæå·åã®å°é家ã§ãã
ããããã¬ã€ãºã«ãããšãææ¡ããã補åã®ååšã¯ãæ
å ±ã«é£¢ããŠããæ¿åºã ãã§ãªãæªçšãããå¯èœæ§ãããè匱æ§ã瀺ããŠããŸãã
ãäŒç€Ÿããããæ³å·è¡æ©é¢ãagencieså ±æ©é¢ã«è²©å£²ããå Žåãããã¯ä»ã®ããå€ãã®éªæªãªäººã
ãããã掻çšããæ¹æ³ã詳现ã«éçºãããšããçµè«ãžã®å€§ããªé£èºã§ã¯ãããŸããããšãã¬ãŒãºã¯èšããŸãã
Packet ForensicsãšããŠç¥ãããå瀟ã¯ãäžè¬ã«å ±éæ©é¢ã§ã¯èš±å¯ãããŠããªãããªã¹ãã³ã°ã«é¢ããã¯ã·ã³ãã³ã®äŒè°ã§ããIntelligent Systems Support ConferenceïŒ
ISS ïŒã§é
åžããããã³ãã¬ããã®åœ¢ã§ãæ°ããMan-In-The-Middleæ©èœã宣äŒããŸããã Soghianã¯ã³ã³ãã³ã·ã§ã³ã«åºåžãããªã¹ãã³ã°ããã€ã¹ã«å¯Ÿããæ¿åºã®èšå€§ãªæ³šæã«ã€ããŠã
ãæç²ããããã¹ããªã³ããããŒãžã£ãŒã«ç®ã«èŠãã圢ã§èªç€ºããŸããã
ãã©ã·ã«ãããšïŒããŠãŒã¶ãŒã¯åãåã£ãæ£åœãªããŒã®ã³ããŒãïŒããããæ³å»·ã§ïŒã€ã³ããŒããããããé¡äŒŒã®ãããŒãçæããŠèªåã®ä¿¡é Œæ§ã«èª€ã£ãèªä¿¡ãäžããããšãã§ããŸããã ãã®è£œåã¯æ¿åºã®èª¿æ»å¡ã«æšå¥šãããŸãããIPéä¿¡ã¯æå·åããããã©ãã£ãã¯ãèªç±ã«èª¿ã¹ãå¿
èŠããããŸãããããŠãŒã¶ãŒã¯Webãé»åã¡ãŒã«ããŸãã¯VOIPæå·åã«ãã£ãŠæäŸããã誀ã£ãã»ãã¥ãªãã£ã«æºè¶³ããŠããéã調æ»å¡ãæè¯ã®èšŒæ ãåéããŸãã
Packet Forensicsã¯Webãµã€ãã§è£œåã宣äŒããŠããŸãããWired.comããå°ãããããšãã圌ãã¯ã©ããã£ãŠãããèŠã€ããã®ããå°ããŸããã ã¬ã€ã»ãµãŠãªãŒãã®åºå ±æ
åœè
ã¯åœåããã®è£œåã®ååšãšèª°ã«ãã䜿çšãæåŠããŸããã ããããç¿æ¥ã«é»è©±ãããããšããœãªãŒãã¯ç«å Žãå€ããŸããã
ãåœç€Ÿã®è£œåã§äœ¿çšããŠããæè¡ã¯ãªã³ã©ã€ã³ãã©ãŒã©ã ã§èªç±ã«è°è«ãããŠãããç¹å¥ãªãã®ããŠããŒã¯ãªãã®ã¯äœããããŸããããšSolinoæ°ã¯èšããŸãã ãç§ãã¡ã®ã¿ãŒã²ãããªãŒãã£ãšã³ã¹ã¯ãæ³å·è¡å®ã§ããã
Blaiseã¯ããã®è匱æ§ããæå·åèªäœãžã®æ»æãšããŠã§ã¯ãªããSSLã䜿çšããŠWebãã©ãã£ãã¯ãæå·åããã¢ãŒããã¯ãã£ãæªçšãããšèª¬æããŸããã httpSãšããŠç¥ãããŠããSSLãã¯ãããžãŒã«ããããã©ãŠã¶ãŒã¯å®å
šãªæå·åã䜿çšããŠãµãŒããŒãšéä¿¡ã§ããããããã©ãŠã¶ãŒãšäŒç€Ÿã®ãµãŒããŒéã§èª°ãããŒã¿ããªãã¹ã³ã§ããŸããã éåžžã®HTTPãã©ãã£ãã¯ã¯ããããã€ããŒãšãããã€ããŒã®ãªãã¹ã³ããã€ã¹ããŸãã¯ä¿è·ãããŠããªãWiFiæ¥ç¶ã®å Žåã¯ç°¡åãªãã±ãããã£ããã£ããŒã«ã䜿çšãããŠãŒã¶ãŒã«ãã£ãŠããŠãŒã¶ãŒãšãµã€ãã®éã®èª°ã§ãèªã¿åãããšãã§ããŸãã
SSLã¯ããã©ãã£ãã¯ã®æå·åã«å ããŠããã©ãŠã¶ãæ¥ç¶å
ã®æ£ç¢ºãªãµã€ããšéä¿¡ããŠããããšã確èªããŸãã ãã®ç®çã®ããã«ããã©ãŠã¶éçºè
ã¯ã蚌ææžãçºè¡ããåã«ãµã€ãéå¶è
ãšããããã£ã®è³æ Œæ
å ±ã確èªããããšãçŽæããå€æ°ã®èªèšŒæ©é¢ãä¿¡é ŒããŠããŸãã ä»æ¥ã®ç°¡åãªèšŒææžã¯50ãã«æªæºã§ãWebãµã€ããµãŒããŒã§ãã¹ããããŠãããããBankofAmerica.comãå®éã«ãã³ã¯ãªãã¢ã¡ãªã«ã«ææãããŠããŸãã ãã©ãŠã¶ã¯äžçäžã§1,000以äžã®èªèšŒæ©é¢ãèªå®ããŠããããããããã®äŒæ¥ãçºè¡ãã蚌ææžã¯ãã¹ãŠæå¹ãªãã®ãšããŠåãå
¥ããããŸãã
ãã±ãããã©ã¬ã³ãžãã¯ããã€ã¹ã䜿çšããã«ã¯ãæ³å·è¡æ©é¢ãŸãã¯ç¹å¥ãªãµãŒãã¹ããããã€ããŒããããã€ã¹ãã€ã³ã¹ããŒã«ããèªèšŒæ©é¢ã®1ã€ã«-ãéãè
è¿«ããŸãã¯èšŽèšã®å©ããåããŠ-ã¿ãŒã²ãããµã€ãã«åœã®èšŒææžãçºè¡ããå¿
èŠããããŸãã ãã®åŸããŠãŒã¶ãŒåãšãã¹ã¯ãŒããååããã€ã³ã¿ãŒãããäžã§è¡ããã¹ãŠã®æäœã確èªã§ããŸãã
Electronic Frontier Foundationã®æè¡è
ã¯ããã®åé¡å
šäœã解決ããææ¡ã«åãçµãã§ãããããã«ãŒã¯ããªãã®ãéããã¹ã¯ãŒããçãããã«åæ§ã®æ¹æ³ã䜿ãããšãã§ãããšèšã£ãã ãã®å Žåãæ»æè
ã¯ã2人ã®ã»ãã¥ãªãã£ç 究è
ããã¡ã€ã³åã®ç¹æ®æåã®å©ããåããŠã€ã³ã¿ãŒãããäžã®ä»»æã®ãã¡ã€ã³ã®èšŒææžãååŸããæ¹æ³ãå®èšŒããæšå¹Žã®ããã«ã蚌ææžã®çºè¡ã§èªèšŒå±ã欺ãå¯èœæ§
ããããŸã ã
ããããã®æ»æã¯ããã»ã©è€éã§ã¯ãããŸããããšEFFã®æè¡è
ã§ããã»ã¹ã·ã§ãŒã³ã¯è¿°ã¹ãŠããŸãã ãã»ãã¥ãªãã£æ奜家ãšå°äžåŽåè
ã®éã§ããããèªååãããœãããŠã§ã¢ïŒæ»æïŒãç¡æã§é
åžãããŠããŸãã
åäœå¶æŽŸãããããã®æŽ»å家ãã¹ãã€ããããšã§ç¥ãããŠããäžåœã¯ãäžåœã®ãã¡ã€ã¢ãŠã©ãŒã«ã®æ€é²ãééããããã«äžè¬çã«äœ¿çšãããä»®æ³ãã©ã€ããŒããããã¯ãŒã¯ïŒVPNïŒãå«ããããããå®å
šãªãµãŒãã¹ã®ãŠãŒã¶ãŒã«å¯Ÿãããã®ãããªæ»æã䜿çšã§ããŸããã 圌ããããå¿
èŠãããã®ã¯ãèªèšŒå±ã«åœã®èšŒææžãçºè¡ãããã説åŸããããšã ãã§ãã MozillaãäžåœäŒæ¥ã§ããChina Internet Network Information Centerãä»å¹ŽFirefoxã®ä¿¡é Œã§ããèªèšŒæ©é¢ãšããŠè¿œå ãããšãããã
ã¯è«äºã®åµãåŒãèµ·ãã ãäžåœæ¿åºãæ¿åºç£èŠãæ¯æŽããããã«åœã®èšŒææžãçºè¡ããããäŒç€Ÿã説åŸããããšãã§ããã ãããšããæžå¿µãåŒãèµ·ãããŸããã
Mozilla Firefoxã«ã¯ã144ã®ã«ãŒãã»ã³ã¿ãŒã®ç¬èªã®ãªã¹ãããããŸãã ä»ã®ãã©ãŠã¶ã¯ãMicrosoftã264ãAppleã166ã«éãããªãã¬ãŒãã£ã³ã°ã·ã¹ãã ã®ã¡ãŒã«ãŒãæäŸãããªã¹ãã«äŸåããŠããŸãã ãããã®ã«ãŒãã»ã³ã¿ãŒã¯ãããã«ç¢ºèªã§ããã»ã«ã³ããªã»ã³ã¿ãŒãèªèšŒããããšãã§ããŸãããããã®ã»ã³ã¿ãŒã¯ãã¹ãŠããã©ãŠã¶ã«ãã£ãŠåçã«ä¿¡é ŒãããŠããŸãã
ä¿¡é Œãããã«ãŒãã»ã³ã¿ãŒã®ãªã¹ãã«ã¯ãæšå¹Žå€ã«ãã©ãã¯ããªãŒããã€ã¹ã«10äžäººã®é¡§å®¢ã«
ã¹ãã€ãŠã§ã¢ã
å¯ãã«ããŠã³ããŒãããã®ãèŠã€ããã¢ã©ãéŠé·åœé£éŠã®Etilisatãå«ãŸããŠã
ãŸã ã
Seghianã¯ãåœã®èšŒææžã¯ã蚪åããããžãã¹ãã³ããç¥ç財ç£ãçãããšãæãã§ããåœã«ãšã£ãŠçæ³çãªã¡ã«ããºã ã§ãããšèšããŸãã ç 究è
㯠ãä»é±æ°Žææ¥ã«ãªã¹ã¯ããã¥ã¡ã³ãïŒ.pdfïŒãå
¬éãããµã€ãã®èšŒææžããŠãŒã¶ãŒã®ãã©ãŠã¶ããµã€ãããåãå
¥ããæåŸã®èšŒææžãããå€åœã®æ©é¢ã«ãã£ãŠçºè¡ãããå ŽåããŠãŒã¶ãŒã«éç¥ããFirefoxã¢ããªã³ãããã«ãªãªãŒã¹ãããšçŽæããŸããã
EFFã®Shenã¯ãååã§ããæè¡è
ã®Peter Eckersleyãšã»ãã¥ãªãã£ã®å°é家ã§ããChris Palmerãšãšãã«ãããã«æ±ºå®ãäžããæçµçã«ãã©ãŠã¶ãŒãèªä¿¡ãæã£ãŠèŠåã§ããããã«ãWebã®ããŸããŸãªéšåã®æ
å ±ã䜿çšããããšèããŠããŸãããŠãŒã¶ãŒãåœã®èšŒææžã䜿çšããŠæ»æãããå Žåã çŸåšããã©ãŠã¶ã¯ãŠãŒã¶ãŒããµã€ãã«å±ããŠããªã蚌ææžã«ééãããšèŠåããŸãããå€ãã®äººã
ã¯ããã€ãã®èŠåã«ãããããããããã¯ãªãã¯ããŸãã
ãäž»ãªããšã¯ãçŸç¶ã«äºéãã§ãã¯ããªãã責任ããªãããšã§ãããšã·ã§ãŒã³ã¯èšããŸããããã ãããããèªèšŒå±ããã¹ãã§ãªãããšãããã°ãã ããç¥ããªãã ãããã誰ãæ°ä»ããªãã§ãããã 2å確èªããå¿
èŠããããŸããã
EFFã¯ãå蚌ææžãèªèšŒããç¬ç«ããå
¬èšŒäººã®ç¬¬2ã¬ãã«ã«äŸåããã¢ãŒãããŸãã¯TorããŒããä»ããŠå¿ååºå£ã䜿çšããŠã€ã³ã¿ãŒãããäžã®ããŸããŸãªå Žæããåã蚌ææžãçŸåšäœ¿çšãããŠããããšã確èªããèªååã¡ã«ããºã ã«äŸåããã¢ãŒããæäŸããŸããŠãŒã¶ãŒã®ãããã€ããŒãç¯çœªè
ãæ¿åºããŸãã¯ãã±ãããã©ã¬ã³ãžãã¯ããã€ã¹ã®ãããªãã®ã䜿çšããæ¿åºæ©é¢ã«ãã£ãŠäŸµå®³ãããå Žåã
ãã±ãããã©ã¬ã³ãžãã¯ãæèµ·ããæãèå³æ·±ã質åã®1ã€ã¯ãæ¿åºããããã®æè¡ãšäžäœã®èªèšŒæ©é¢ã䜿çšããé »åºŠã§ãã SSL蚌ææžã®æ倧ã®çºè¡è
ã®1ã€ã§ããGoDaddyã®é¡§ååŒè·å£«ã§ããChristine Jonesã¯ã8幎éã®éå¶ãéããŠæ¿åºãããã®ãããªèŠæ±ãåãåã£ãŠããªããšè¿°ã¹ãŠããŸãã ãåŠåãèªãã§ããã®æŠå¿µã«ã€ããŠçè«åããæŒèª¬ãèããããåœã®SSL蚌ææžãçºè¡ããããšã¯æ±ºããŠãªãããšãžã§ãŒã³ãºã¯ãããã¯SSLç£æ»åºæºã«éåããèªèšŒã倱ããªã¹ã¯ã«ããããããšè¿°ã¹ãã ãçè«çã«ã¯ãããã¯æ©èœããã¯ãã§ãããäºå®ãç§ãã¡ã¯æ¯æ¥æ³å·è¡æ©é¢ãããªã¯ãšã¹ããåãåã£ãŠããŸãããããŸã§ãã£ãšãæ³å·è¡æ©é¢ãäžé©åãªããšãããããã«èŠæ±ããããšã¯äžåºŠããããŸããã§ãããã
æ倧ã®èªèšŒå±ã§ããVeriSignã¯ã³ã¡ã³ããæåŠããŸããã
Matt Blazeã¯ãå°å
ã®æ³å·è¡æ©é¢ã¯åçŽãªå¬åç¶ã«ãã£ãŠAmazonã®è³Œå
¥ãªã©ã®å€ãã®ææžãååŸã§ããããåœã®SSL蚌ææžãååŸããããšã¯ç¢ºãã«ãããã®èšŒæãšæè¡çå°é£ã®ã¯ããã«å€§ããªè² æ
ã«é¢é£ä»ãããããšææããŸããåãããŒã¿ã
Intelligenceå ±æ©é¢ã¯ãåœã®èšŒææžãããæçšã§ãããšæ°ä»ããšåœŒã¯ä»ãå ããã NSAãGmailã®åœã®èšŒææžãåãåããšïŒãã°ã€ã³ã§ã¯ãªãããã¹ãŠã®ã¡ãŒã«ã»ãã·ã§ã³ã§ããã©ã«ãã®SSLã䜿çšããããã«ãªããŸããïŒãã¢ãã¬ãã¹ã¿ã³ãªã©ã®ãããã€ããŒãããã±ãããã©ã¬ã³ãžãã¯ããã€ã¹ã®1ã€ãå¯ãã«ã€ã³ã¹ããŒã«ã§ããŸãããã¹ãŠã®é¡§å®¢ããã®Gmailã¡ãã»ãŒãžãèªãããšãã§ããŸãã ãã ãããã®ãããªæ»æã¯å°ãã®ãæãäžããã§æ€åºã§ããNSAã¯äœãçºèŠãããããç¥ãããšãã§ããŸããã
è匱æ§ã«ãããããããå°é家ã¯ãããå€ãã®ãµã€ããSSLã®ãã¹ãŠã®ã»ãã·ã§ã³ã®ããã±ãŒãžã³ã°ã§Gmailã«åå ãããšäž»åŒµããŠããŸãã
ãããŒãªãã§éããããšãã§ãããšããã£ãŠããŠãããŸã ãã¢ãéããŠããŸãããšãã¬ã€ãºã¯èšããŸããã