{"id":14885,"date":"2017-12-10T09:00:18","date_gmt":"2017-12-10T00:00:18","guid":{"rendered":"http:\/\/www.techscore.com\/blog\/?p=14885"},"modified":"2018-11-14T16:33:42","modified_gmt":"2018-11-14T07:33:42","slug":"phishing","status":"publish","type":"post","link":"https:\/\/www.techscore.com\/blog\/2017\/12\/10\/phishing\/","title":{"rendered":"\u91e3\u308a\u304b\u3088 !!\uff08\u30d5\u30a3\u30c3\u30b7\u30f3\u30b0\u8a50\u6b3a\u3042\u308c\u3053\u308c\uff09"},"content":{"rendered":"

\"\"
\n\uff08Yanik Chauvin \/ Shutterstock.com\uff09<\/span><\/p>\n

\u3053\u3093\u306b\u3061\u306f\u3001\u4e2d\u5c71\u3067\u3059\uff08\u5199\u771f\u306f\u79c1\u3067\u306f\u3042\u308a\u307e\u305b\u3093\uff09\u3002
\n\u3053\u308c\u306f TECHSCORE Advent Calendar 2017<\/a> \u306e 10 \u65e5\u76ee\u306e\u8a18\u4e8b\u3067\u3059\u3002<\/p>\n

\u4ee5\u524d\u3001\u3042\u308f\u3088\u304f\u3070\u3068 Google \u306e\u8106\u5f31\u6027\u5831\u511f\u91d1\u30d7\u30ed\u30b0\u30e9\u30e0\u306b\u5fdc\u52df\u3057\u305f\u3053\u3068\u304c\u3042\u308a\u307e\u3059\u3002
\n\u3053\u3061\u3089\u304c\u5f53\u6642 Google \u306b\u5831\u544a\u3057\u305f\u5185\u5bb9\u3067\u3059\u3002<\/p>\n

\nGoogle ad serviece has a security issue.
\n(open-redirection)<\/p>\n

Steps to reproduce the vulnerability:
\n1. http:\/\/pagead2.googlesyndication.com\/pagead\/imgad?id=CICAgIDQp961eBDYBRhaMggPIKH46gXDKg&clickTAG=https:\/\/evil.com\/
\n2. click ad
\n3. move to https:\/\/evil.com\/\n<\/p><\/blockquote>\n

\u78ba\u8a8d\u3057\u305f\u3068\u3053\u308d 2017\/11\/26 \u6642\u70b9\u3067\u3082\u4e0a\u8a18\u624b\u9806\u306f\u518d\u73fe\u53ef\u80fd\uff08Flash \u3092\u6709\u52b9\u306b\u3057\u3066\u3044\u308b\u5834\u5408\uff09\u3067\u3057\u305f\u3002<\/p>\n

\"\"<\/p>\n

Google \u306e\u4fdd\u6301\u3059\u308b\u30c9\u30e1\u30a4\u30f3\u3068 Google \u306e\u81ea\u793e\u7a3f\u306e\u4fe1\u983c\u6027\u306b\u4fbf\u4e57\u3057\u3001\u60aa\u610f\u3042\u308b\u30da\u30fc\u30b8\u306b\u8a98\u5c0e\uff08\u3044\u308f\u3086\u308b Phishing\uff09\u53ef\u80fd\u3067\u3042\u308b\u3001\u3068\u3044\u3046\u6307\u6458\u3067\u3059\u3002
\n\u3053\u308c\u306b\u5bfe\u3059\u308b\u56de\u7b54\u306f\u4ee5\u4e0b\u306e\u901a\u308a\u3067\u3057\u305f\u3002<\/p>\n

\nThanks for your email.
\nIn this particular case, we believe the usability and security benefits of a well-implemented and carefully monitored URL redirector tend to outweigh the perceived risks.
\nFor a more detailed explanation, check the URL redirection section here: http:\/\/www.google.com\/about\/appsecurity\/reward-program\/#notavuln\n<\/p><\/blockquote>\n

\u3068\u3044\u3046\u308f\u3051\u3067\u3001\u6b8b\u5ff5\u306a\u304c\u3089\u5831\u916c\u91d1\u306f\u30b2\u30c3\u30c8\u3067\u304d\u307e\u305b\u3093\u3067\u3057\u305f\uff08\u7b11\uff09\u3002
\n\u79c1\u306e\u6307\u6458\u306f\u3001\u3042\u308a\u304c\u3061\u306a\u4f4e\u30ea\u30b9\u30af\u554f\u984c\u3068\u306e\u3053\u3068\u3067\u3059\u3002<\/p>\n

\u9077\u79fb\u5148\u3092\u4f5c\u308a\u8fbc\u3093\u3060 Google \u306e\u507d\u30da\u30fc\u30b8\u306b\u3059\u308b\u3053\u3068\u3067\u3001\u9a19\u3055\u308c\u308b\u30b1\u30fc\u30b9\u304c\u3042\u308b\u306e\u3067\u306f\u3068\u8003\u3048\u307e\u3057\u305f\u304c\u3001\u5e83\u544a\u30d7\u30ed\u30c0\u30af\u30c8\u306b\u4f7f\u308f\u308c\u308b pagead2.googlesyndication.com \u30c9\u30e1\u30a4\u30f3\u3067\u306f\u78ba\u304b\u306b\u4f4e\u30ea\u30b9\u30af\u3067\u3059\u306d\u3002
\n\u305d\u3093\u306a\u308f\u3051\u3067\u3001\u4eca\u56de\u306f Phishing \u306b\u95a2\u3059\u308b\u8003\u5bdf\u3092\u8ff0\u3079\u305f\u3044\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n

Phishing x pushState<\/h2>\n

\u4ee5\u4e0b\u306e\u3088\u3046\u306a\u30da\u30fc\u30b8\u9077\u79fb\u306e\u5834\u5408\u3001\u591a\u304f\u306e\u4eba\u306f\u4fe1\u983c\u3067\u304d\u308b\u30da\u30fc\u30b8\u306b\u623b\u308b\u3053\u3068\u3092\u671f\u5f85\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n