Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
2
âã¯ããã«æ¬ææžã¯ãæ ªåŒäŒç€Ÿæ¥ç«ã·ã¹ãã 㺠ã»ãã¥ãªãã£ãªãµãŒãã»ã³ã¿ãéå¶ããã»ãã¥ãªãã£æ å ±ãµã€ããS.S.R.C.(Shield Security Research Center) ã®å ¬éè³æã§ããæ¬ãµã€ãã§ã¯ãæ¬ææžã®ããã¯ãã³ããŒãã¯ãããS.S.R.C. ã«ãããªãµãŒãçµæãªã©ãéæå ¬éããŠããŸããS.S.R.C. http://www.shield.ne.jp/ssrc/
âãå©çšæ¡ä»¶æ¬ææžå ã®æç« çãã¹ãŠã®æ å ±æ²èŒã«åœãããŸããŠãæ ªåŒäŒç€Ÿæ¥ç«ã·ã¹ãã ãºïŒä»¥äžããåœç€ŸããšãããŸããïŒãšèŽããŸããŠã现å¿ã®æ³šæãæã£ãŠãããŸããããã®å 容ã«èª€ããæ¬ é¥ããã£ãå Žåã«ãããããªãä¿èšŒããããã®ã§ã¯ãããŸãããæ¬ææžããå©çšããã ããããšã«ããçããæ害ã«ã€ããŸããŠããåœç€Ÿã¯äžå責任ãè² ããããŸããæ¬ææžã«èšèŒããäŒç€Ÿåã»è£œååã¯å瀟ã®åæšãŸãã¯ç»é²åæšã§ããæ¬ææžã«æ²èŒãããŠããæ å ±ã¯ãæ²èŒããæç¹ã®ãã®ã§ããæ²èŒããæç¹ä»¥éã«å€æŽãããå ŽåããããŸãã®ã§ãããããããäºæ¿ãã ãããæ¬ææžã®äžéšãŸãã¯å šéšãèäœæš©æ³ãå®ããç¯å²ãè¶ ããŠè€è£œã»è»¢èŒããããšãçŠããŸãã
© Hitachi Systems, Ltd. 2015. All rights reserved.
T A B L E O F C O N T E N T S
竹迫è¯ç¯ã€ã³ã¿ãã¥ãŒ âŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠ 3
ã»ãã¥ãªãã£ã€ãã³ãã¢ã©ãŠã³ãã¶ã¯ãŒã«ã eCrime2015ïŒã¹ãã€ã³ã»ãã«ã»ããïŒïŒPHDays2015ïŒãã·ã¢ã»ã¢ã¹ã¯ã¯ïŒ âŠâŠâŠâŠâŠ 9
ThreatScope âŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠâŠ13
3
SECCONå®è¡
å§å¡é·ã«
æ¥æ¬ã®ã»ãã¥
ãªãã£äººæè²
æã«ã€ããŠ
çŽæåæ !!
Yosinori TakesakoYosinori Takesako
竹 è¿« è¯ ç¯ç«¹ è¿« è¯ ç¯ã€ã³ã¿ãã¥ãŒã€ã³ã¿ãã¥ãŒ
æ¥æ¬æ倧èŠæš¡ã®ã»ãã¥ãªãã£ã³ã³ãã¹ãã§ãã CTFã2014 幎床ã«ã¯äžçååœã®ããã«ãŒãã¡ãéçµããåœé倧äŒãžãšå€§ããªçºå±ãéããããã㊠2015 幎ãä»å¹ŽåºŠã®å€§äŒãããããã¹ã¿ãŒããåãããšãšãªã£ããã»ãã¥ãªãã£äººæã®äžè¶³ãå«ã°ããäžãSECCON ã¯äººæè²æã«ã©ã®ãããªå¹æãããããã®ã ããããå®è¡å§å¡é·ã®ç«¹è¿«æ°ã«è©±ã䌺ã£ãã
åæã»æã»æ®åœ±ïŒæè€å¥äž
4
æ¥æ¬åã®åœé倧äŒãšãªã£ã SECCON2014
æè€ïŒä»¥äž ïŒïŒæ¬æ¥ã¯ãå¿ãããšããæéãå²ããŠããã ãããããšãããããŸããã話ã䌺ãããããŒããšããŠã¯ãSECCONãã»ãã¥ãªãã£äººæè²æããèªèº«ã«ã€ããŠããªã©ãèããŠããŸãããããããé¡ãããŸãã竹迫ïŒä»¥äž ïŒïŒãã¡ããããããããé¡ãããŸãã
æ©éã§ãããSECCON 2014 ã«ã€ããŠäŒºããŸããæ¬å¹Ž 2 æã«è¡ããã決åæŠã§ã¯ãåªåããŒã ã«DEFCON CTF ãžã®ã·ãŒãæš©ãäžããããããšããããæµ·å€ããå€æ°ã®åå ããããŸããã竹迫ãããèªèº«ã¯åœŒããã SECCON ã®å°è±¡ãªã©ãèãããã®ã§ããã
ã¯ããå®ã¯å€§äŒçµäºåŸã«æµ·å€ããŒã ã®äººãã¡ãšèŠ³å ã«è¡ããŸããããã®ãšãã圌ãã«æ£çŽãªææ³ãèãããŠã»ãããšé Œãã ãšãããå€ãã®äººãã
ã楜ããã£ãããšããçããè¿ã£ãŠããŸããã 倧äŒã®åé¡ã«ã€ããŠãäœãæèŠã¯åºãŸãããã æµ·å€å¢ããè©å€ãè¯ãã£ãã®ããæå·è§£èªã®å
é¡ã§ããããã¯ä»ã® CTF 倧äŒã«ã¯èŠãããªãæ°ããã¿ã€ãã®åé¡ã ã£ãããã§ã圌ããæ°ã«å ¥ã£ãŠãããŸããã
åé¡ã«ã€ããŠç°¡åã«çŽ¹ä»ããŠããã ããŸããã åºé¡çšã®ãµãŒããŒã«ã¯äœãããã®ã¢ã«ãŽãªãºã
ã§æå·åãããããã¹ãããããŸããåããŒã ã¯
ãã®æå·ã埩å·ããã®ã§ãããæåãããšãä»åºŠã¯èªåãã¡ãèããæå·ã¢ã«ãŽãªãºã ã® Pythonããã°ã©ã ããµãŒããŒã«ã¢ããããŒãã§ããããã«ãªããŸãããã®æå·ãç Žãããªããã°ãµãŒããŒãæ»å®ã§ããŸãããç ŽãããŠããŸãã°æ»å®é転ãšãªããŸããããããã°é£åãåæŠã®ãããªãã®ã§ãã
ãªãã»ã©ã æå·è§£èªã®æ¹æ³ãšããŠã¯ãå°éãªç·åœããæ»æ
ãããµãŒããŒåŽã®ããã°ã©ã èªäœã®ãã°ãçªãæ¹æ³ãªã©ããããŸãããåæ¥ã¯çãŸããã«æå·ã解èªããããšããŠããã®ã§ããã2 æ¥ç®ã«ãªããšããµãŒããŒåŽã®ããã°ã©ã èªäœã«ãã°ãããããšãç¥ãæž¡ããåæ¥ãš 2 æ¥ç®ã§ã¯ã競æã®æ¹åæ§ãå€ãã£ããšããã®ã楜ããã®èŠå ã ã£ãã®ãããããŸããã
ããããšãããããŸãããšããã§ãSECCON 2014 ã¯å€§äŒå²äžåã®åœé倧äŒãšãªããŸããããéå¶ã§ã¯ã©ã®ãããªç¹ã§èŠåŽãããŸãããã
åã®è©Šã¿ã§ãäœããããææ¢ãç¶æ ã§äžå®ããããŸããããè±èªãã€ãã£ãã®æ¹ã«ã¹ã¿ããã«å ãã£ãŠããã ããªã©ããŠå¯Ÿå¿ããŸãããèŠåŽããç¹ã¯ã競æã®å ¬å¹³ããä¿ã€ããšã§ãããæ¥æ¬ããŒã ã ããæå©ã«ãªããªããããããããã競æã«ãŒã«ããã¡ããšææžåããè±èªã«ç¿»èš³ããŠäºåã«åããŒã ã«é åžããŸããããŸãã競æäžã®ã«ãŒã«éåã«ã€ããŠããã«ãŒã«ã®ãã®éšåã«æµè§ŠããŠããããšãå³æ Œã«å¯ŸåŠã§ããããæºåã«åªããŸããã
å®éã«äœãã«ãŒã«éåã¯ãããŸãããã é倧ãªã«ãŒã«éåãªã©ã¯ãããŸããã§ããã
CTF ã¯ããæå³ã¹ããŒãã§ããããã©ã®ããŒã ãæ£ã å ã ãšãã¬ã€ããŠãããšæããŸãã
SECCON2015 ã®å€§äŒæŠèŠãæ±ºå® !
åŒãç¶ã SECCON 2015 ã«ã€ããŠäŒºããããšæããŸãããããŸã§ã®å€§äŒãšæ¯èŒããŠäœãæ°ããªè©Šã¿ãªã©ã¯ããã®ã§ããããã
2014 㯠å ã® åœ é 倧 äŒ ã§ ã ã ãã æ® å¿µ 㪠ãããæ¥æ¬ããŒã ãåªåããããšã¯ã§ããŸããã§ã ãã1 äœ é åœïŒTOEFL BeginnerïŒã2 äœ å° æ¹Ÿ
ïŒHITCONïŒã3 äœ ç±³ åœïŒPPPïŒ ãš ã ã çµ æ ã§ã æ¥
â竹迫è¯ç¯ïŒããããã»ããã®ãïŒ1995 幎åºå³¶åžç«å€§åŠæ å ±ç§åŠéšå ¥åŠã倧åŠäŒåŠäžã«ã¢ã«ãã€ã㧠Web ã¢ããªã EC ãµã€ãã®æ§ç¯æ¥åã«æºããã2004 幎ã«ã¯ãPerl ã¯ãã¯ããã¯ç¬¬ 2 çïŒãªã©ã€ãªãŒåïŒã®ç£èš³ãæ åœã2005 幎ããµã€ããŠãºã»ã©ãã«å ¥ç€ŸãçŸè·ã2012 幎ãã SECCON ã®å®è¡å§å¡é·ãåããŠããã
5
æ¬ããŒã 㯠binja ã® 4 äœãæé«äœã§ãããã®ãŸãŸåœé倧äŒãç¶ããŠãããšãæ¥æ¬ããŒã ãèçž®ããŠåå ããªããªãã®ã§ã¯ãªããããšããæžå¿µããããŸããããã㧠2015 ã§ã¯ããããŸã§ã®åœé倧äŒ
ïŒinternationalïŒã«å ãã察象ãæ¥æ¬ã®åŠçã«éå®ãã倧äŒïŒintercollegeïŒãéå¬ããããšã«ããŸããïŒè¡šåç §ïŒã
決åæŠã 2 åè¡ããããšããããšã§ããããã ãã®ãšããã§ããåŠç倧äŒã®æ¹ã¯ãåŠæ ¡å¥ã®å¯Ÿ
ææŠã«ããããšèããŠããŸãã éå»ã® SECCON ã§ã¯å°æ¹å€§äŒãè¡ãããŠããã
å倧äŒã®åªåããŒã ã決åæŠã«é²ããŸããããã®ä»çµã¿ãå€ããã®ã§ããããã
ã¯ããããã€ãã®å°æ¹å€§äŒããåŠçéå®ã®ãã®ã«ãªããŸããããããã§åªåããããŒã ã¯åŠç倧äŒãžé²ãããšãšãªããŸããåŠçã»ç€ŸäŒäººãšãã«åå ã§ããå°æ¹å€§äŒããªã³ã©ã€ã³äºéžã«ãããŠããåŠæ ¡åã§ããŒã ç»é²ããŠäžäœå ¥è³ãæãããã°ãåŠç倧äŒã«é²ãããšãã§ããŸãããŸããäŒæŽ¥å€§åŠã§è¡ãããçŠå³¶å€§äŒã¯ããµã€ããŒç²ååããšéæã¡ã18 æ³ä»¥äžã®åŠçéå®ãšããŸãããç§ãã¡ã®äžä»£ã¯ã瀟äŒäººã«ãªã£ãŠããæ¥åäžã®çç±ãªã©ã§ãã»ãã¥ãªãã£ã®å匷ãå§ãã人ãã»ãšãã©ã§ãããçŸåšã§ã¯ãã£ãšæ©ãææããã»ãã¥ãªãã£ã«ã€ããŠåŠãã§ã»ãããšèããŠããŸããã§ãããããã®å€§äŒãè¥ã人ãã¡ã«ãšã£ãŠã倧åŠã倧åŠé¢ãª
ã©ã§ã»ãã¥ãªãã£ãå°æ»ãããã£ããã«ãªã£ãŠããããšããããæããŸãã
ãšããã§ã倧äŒæ¥çšãæèŠãããšãçŠå³¶å€§äŒã®ç¿æ¥ã«å€§éªå€§äŒãéå¬ããããªã©ãããªãã¿ã€ããªã¹ã±ãžã¥ãŒã«ã§ãããå®è¡å§å¡ã®æ¹ã ã¯ããããã®å€§äŒã«åæ£ããããšæããŸãããèšè æ³£ããã ãšæããŸãïŒç¬ïŒã
å®ã¯åãææã« CTF for ãã®ããŒãºïŒä»¥äžãã®ããŒãºïŒå€§éªå€§äŒãéå¬ãããã®ã§ã3 ã€ã®ã€ãã³ããã»ãŒåæã«éå¬ãããšããããšã«ãªããŸã
ïŒç¬ïŒãå®è¡å§å¡ã®ã¡ã³ããŒãä»å¹Žã¯ 40 åãè¶ ããå±€ãåããªã£ãŠããŸããããã3 ã€åæã§ãéå¶ã§ããããã«ãªããŸãããååããŠããã ããŠããå®è¡å§å¡ã®æ¹ã ã«ã¯æ¬åœã«æè¬ããŠããŸãã
ä»ã«ãããã®ããŒãºã®å€§äŒæ°ãå¢ããŠããŸãããããã 2015 ã®ç¹åŸŽã® 1 ã€ãªã®ã§ããããã
ã¯ãããããŸã§ã®ãã®ããŒãºã¯ãSECCON ã«åå ããåŠçæå¿ã«ããå匷äŒãšããäœçœ®ä»ãã§ããããä»å¹Žãã㯠SECCON ã®å ¬åŒã€ãã³ããšããŠåãçµãã§ããããšã«ããŸãããä»å¹Žã¯æ°ãã«ãæ»é²æŠïŒAttack & DefenseïŒãäœéšã§ããæŒç¿ãçšæããŸããã
SECCON å°æ¹å€§äŒã®ç«¶æå 容ããã®ããŒãºã®æŒç¿å 容ã¯ã©ã®ããã«æ±ºããããŠããã®ã§ããããã
å®è¡å§å¡ã®äžã§ã®è©±ãåãã«ãã£ãŠæ±ºãŸããŸããããç±è¡ã·ã§ã«ã³ãŒããã®ããã«ãå§å¡ã®åŒ·
SECCON2015éå¬ã¹ã±ãžã¥ãŒã«æ¥çš éå¬å€§äŒ äŒå Ž 競æå 容
2015 幎 8 æ 26 æ¥ SECCON 2015 暪æµå€§äŒ ãã·ãã£ã³æšªæµ CEDEC CHALLENGE10 æ 24 æ¥ SECCON 2015 åºå³¶å€§äŒ åºå³¶åžç«å€§åŠ ç±è¡ã·ã§ã«ã³ãŒã11 æ 7 æ¥ SECCON 2015 çŠå³¶å€§äŒ äŒæŽ¥å€§åŠ ãµã€ããŒç²ååã18 æ³ä»¥äžã»åŠçéå®ã11 æ 8 æ¥ SECCON 2015 倧éªå€§äŒ ã°ã©ã³ããã³ãå€§éª CSIRT æŒç¿11 æ 28 æ¥ SECCON 2015 ä¹å·å€§äŒ ä¹å·å·¥æ¥å€§åŠ Attack & DefenseãåŠçéå®ã12 æ 5 æ¥ ã»6 æ¥ SECCON 2015 ãªã³ã©ã€ã³äºéž ã€ã³ã¿ãŒããã CTF äºéžïŒè±èªã»æ¥æ¬èª
2016 幎 1 æ 30 æ¥ SECCON 2015 決åæŠïŒ intercollege æ±äº¬é»æ©å€§åŠ CTF 決åæŠïŒæ¥æ¬èª1 æ 31 æ¥ SECCON 2015 決åæŠïŒ international æ±äº¬é»æ©å€§åŠ CTF 決åæŠïŒè±èª
CTFforãã®ããŒãºéå¬ã¹ã±ãžã¥ãŒã«æ¥çš éå¬å€§äŒ äŒå Ž æŒç¿å 容
2015 幎 6 æ 7 æ¥ CTF for ãã®ããŒãº 2015 åå€ å¯å£«éæ ªåŒäŒç€Ÿ Attack & DefenseãåŠçéå®ã6 æ 14 æ¥ CTF for ãã®ããŒãº 2015 æå¹ æå¹åžç£æ¥æ¯èã»ã³ã¿ãŒ Binary, Web, CTF7 æ 4 æ¥ CTF for ãã®ããŒãº 2015 æ±äº¬ æ±äº¬é»æ©å€§åŠ Binary, Network, Web, CTF7 æ 5 æ¥ CTF for ãã®ããŒãº 2015 é·é æ ªåŒäŒç€Ÿé»ç® Binary, Network, Web, CTF9 æ 12 æ¥ CTF for ãã®ããŒãº 2015 çæ¬ æ±æµ·å€§åŠ Network, Web, CTF
10 æ 3 æ¥ CTF for ãã®ããŒãº 2015 æ»è³ ç«åœé€šå€§åŠ Binary, Network, Web, CTF10 æ 17 æ¥ CTF for ãã®ããŒãº 2015 å¥è¯ å¥è¯å 端ç§åŠæè¡å€§ Attack & DefenseãåŠçéå®ã11 æ 7 æ¥ CTF for ãã®ããŒãº 2015 å€§éª å€§éªå枯 ATC CTF in Kansai Open Forum
6
ãåžæã§å®æœããããã®ããããŸããæšå¹Žã¯ x86ãªã¢ãŒã Exploit ã®æŒç¿ãè¡ããŸããããä»å¹Žã¯x86 ã«éãããARM ãã¯ãããšããä»ã®ã¢ãŒããã¯ãã£ãŒãæ±ãããã«ããŸããã
確ãã«ãARM ã¢ãŒããã¯ãã£ãŒã¯ãä»ã® CTF倧äŒã§ããã䜿ãããŸããããã
暪æµå€§äŒã®ãCEDEC CHALLENGEãã倧ããå€ãããŸãããã®å€§äŒã¯ã²ãŒã éçºè åãã® CEDECãšããã«ã³ãã¡ã¬ã³ã¹ãšææºããŠããã®ã§ããã競æã§ã¯ãåå è ã«ã²ãŒã ã®ããŒãã«ææŠããŠãããããšèããŠããŸããåå è ã«ãããã³ã°ïŒé£èªåïŒããã Android ã¢ããªãé åžããã³ãŒãã«å«ãŸããè匱æ§ãæ¢ããŠããŒãããŠããããŸãããã¡ããæ åœã®å®è¡å§å¡ã®æ¹ãäžå¿ãšãªã£ãŠããŸãã
ç§èªèº«ã2 幎ã»ã©åã«æšªæµå€§äŒãåæããããšããããŸãããã®ãšãã¯ã«ã³ãã¡ã¬ã³ã¹ã®äžè§ã䜿ã£ãã²ãŒã 倧äŒãšãã£ãå°è±¡ãæã£ãã®ã§ãããä»å¹Žã®å€§äŒæŠèŠãèããŠãããã«ã³ãã¡ã¬ã³ã¹ãšã®èŠªåæ§ãå¢ããããã«æããŸããã
ããã¯ã²ãŒã æ¥çãåãå·»ãç°å¢ã®å€åã圱é¿ããŠãããšæããŸãããªã³ã©ã€ã³ã²ãŒã ã®ããŒãåé¡ã¯ä»¥åããååšããŠããŸããããåã¡ãŒã«ãŒãšãéå ¬éã§ç¬èªã®å¯Ÿå¿ãããŠããŸãããããããçŸåšã«ãããŠã¯åé¡ã倧ãããªããããã¡ãŒã«ãŒå士ãå調ããŠå¯Ÿçãè¡ãå¿ èŠæ§ãåºãŠããŠããã®ã ãšæããŸãã
SECCON2015 ã«èŸŒããå®è¡å§å¡äŒã®æã
次ã«èŠç¹ãå€ããŠè³ªåããŸããä»å¹Žã® SECCONã§ã¯ããããŸã§éå¶ãããŠããŠåŸãåçãæèšãªã©ã掻ãããç¹ãªã©ã¯ãããŸããã
å®è¡å§å¡äŒãææ ®ããŠããã®ã¯ãã¯ãããŠåºå Žããåå è ãã倧äŒã§äœãã§ããªããŸãŸç«¶æãçµããŠããŸãããšã§ããããã§ã¯ãã®åŸã®ã¹ãããã«ã€ãªãã£ãŠãããŸããããã倧äŒåã«äºç¿ã§ããå 容ã«ããããšèããŸããããããŸã§ã¯ãåœæ¥ã«çŸå°ã«è¡ããªããšäœãããã®ãããããªãç¶æ³ã§ããããä»å¹Žããåå è ã«åããŠç«¶æå 容ãåç¥ããŠãããããšèããŠããŸãã暪æµå€§äŒãäŸã«æããã°ãããããæ°ãµæåã«åé¡ãå ¬éããŠãåå è ã«äºåã«æ»ç¥ããŠãããã倧äŒã§ã¯ãã®çµ
æããã¬ãŒã³ããŒã·ã§ã³ããŠãããäºå®ã§ãã ãšããããšã¯ããã¬ãŒã³ããŒã·ã§ã³ã®åªå£ãå
æãåãããšããããšã«ãªãã®ã§ããã ãã®ãšããã§ããå®ã¯ããã«ã¯äºç¿ãããŠãã
ãããšä»¥å€ã®çãããããŸããåå è ã®å€ãã¯æè¡ç³»ã®æ¹ã ã§ãããããããã¯æè¡ã«è©³ãããªã人ã«åããŠããµã€ããŒè åšãªã©ãããããããäŒããèœåãæ±ããããŠãããšæã£ãŠããã®ã§ãã
å®åè ãšäŒç€Ÿã®çµå¶å±€ãªã©ãã€ãªã人æã®è²æãéèŠã ãšèšãããŠããŸãããããã¬ãŒã³ããŒã·ã§ã³ã審æ»ãããšããã®ã¯ãèå³æ·±ãåãçµã¿ã ãšæããŸããã¡ãªã¿ã«ãSECCON ã®åå è ãäž»ã«åŠçã®æ¹ã«ãªããšæãã®ã§ããã倧äŒåŸã«ã»ãã¥ãªãã£æ¥çãžå°±è·ããäŸãªã©ã¯ããã®ã§ããããã
ã¯ãã2012 幎ã«åå ããæ¹ãåè³äŒæ¥ã«å°±è·ããäºäŸãèããŠããŸããä»ã®äŸãšããŠã¯ããã¯ã 2012 幎ã«åå ããæ¹ã§ããããµã€ããŠãºã® QA
ïŒQuality AssuranceïŒå質管çïŒéšéã«å°±è·ãã補åã®è匱æ§ã調æ»ããããä»æ§ã©ããåäœããããã§ãã¯ãè¡ã£ããããŠããŸããSECCON ã§ã¯ãã·ã«ããŒã¹ãã³ãµãŒä»¥äžã®äŒæ¥åãã«ãåå è ãžã®ã€ã³ã¿ãŒã·ããã®æ¡å ããæ芪äŒãªã©åå è ãšã®äº€æµã®å ŽãæäŸããŠããŸããããããããã£ãããšãªã£ãçŸåšé²è¡åœ¢ã®å°±è·æŽ»åã®è©±ãè³ã«ããŠããŸãã
人æè²æãšããŠã® CTF
次ã«ã»ãã¥ãªãã£äººæã®è²æã«ã€ããŠäŒºããããšæããŸããå ã»ã©ã®ãµã€ããŒç²ååã§ã倧åŠã»å€§åŠé¢ã§ã»ãã¥ãªãã£ãåŠã¶ãšãã話é¡ãåºãŸããããã»ãã¥ãªãã£åéã«ããã倧åŠæè²ããããæ°å¹Žã§ã©ã®çšåºŠå€åããŠããã®ãããåãã§ããã°æããŠããã ããŸããã
倧ãã 2 ã€ã®åãçµã¿ããããšæããŸãã1 ã€ã¯åŠçã®ã»ãã¥ãªãã£ãªãã©ã·ãŒãåäžãããåãçµã¿ããã 1 ã€ã¯å®è·µçãªã»ãã¥ãªãã£ãåŠã¶åãçµã¿ã§ããåè ã®äŸãšããŠã¯ä¹å·å€§ãã»ãã¥ãªãã£ãæé€èª²çšã®ã«ãªãã¥ã©ã ã«åãå ¥ããŠããŸãã岡山çç§å€§åŠã§ã SECCON ã®æ¯äœã§ããJNSAïŒæ¥æ¬ãããã¯ãŒã¯ã»ãã¥ãªãã£åäŒïŒã®æè²éšäŒãšé£æºããŠææ¥ãè¡ã£ãŠããŸãã
ãªãã»ã©ã äžæ¹ãã»ãã¥ãªãã£ã®å®è·µçãªæè²ã®å Žã¯å€§
7
åŠé¢ã«ãªãããšæããŸããæéšç§åŠçã®åãçµã¿ã® 1 ã€ã« enPiTïŒãšã³ãããïŒâ» 1 ãšããããã°ã©ã ããããŸããããã¯ãæå 端ã®æ å ±æè¡ãå®è·µçã«æŽ»çšã§ãã人æè²æãç®æããæè²ãããã¯ãŒã¯åœ¢æäºæ¥ã§ããã¯ã©ãŠãã³ã³ãã¥ãŒãã£ã³ã°ãçµèŸŒã¿ã·ã¹ãã ãªã©ãšå ±ã«ãã»ãã¥ãªãã£ã®åéã察象ãšãªã£ãŠããŸããå¥è¯å 端ç§åŠæè¡å€§åŠé¢å€§åŠãæ ¶å¿å€§åŠãæ±å倧åŠãªã© 5 ã€ã®å€§åŠãäžå¿ãšãªã£ãŠããã®ã§ãããæè¿ã§ã¯ãããã®å€§åŠä»¥å€ã®åŠçã§ãåè¬ã§ããããã«ãªããŸãããSECCON ã®åå è ã®äžã«ãåè¬è ããããçãäžãã£ãŠãããšãã話ãèããŠããŸãã
ããã¯ããåãçµã¿ã§ããåŒãç¶ãã«ãªããŸããããçŸåšã»ãã¥ãªãã£æè¡è ã 8 äžäººäžè¶³ããŠããããšãããCTF ã人æè²æã«åœ¹ç«ã€ããšãã£ããã¥ãŒã¹ããæ°èçŽé¢ããã¥ãŒã¹ãªã©ã§å ±ããããŠããŸãããã ãæ±ããããæè¡è ã®å ·äœçãªã¹ãã«ãCTF ã®æè²å¹æãªã©ãããã«æãäžããèšäºãªã©ãç®ã«ããããšããªããå人çã«ã¯å°ãã¢ã€ã¢ã€ããŠããŸãã竹迫ãããèªèº«ã¯ SECCON ãéå¶ããŠããŠãCTF ã®å¹æãã©ã®ããã«èŠãŠããŸããã
ãŸããCTF ãšããåãçµã¿ã¯æ¥æ¬ã«éã£ããã®ã§ã¯ãªããäžçååœã§è¡ãããŠããŸããæåã® CTF 㯠20 幎 ã» ã© å ã«ã ç±³ åœ ã® DEFCON 㧠è¡ããããšèããŸããäŒå Žã«ã¯ãã®åœæææ°ã ã£ãWindows ãã·ã³ã眮ãããåå è ããã®ãã·ã³ã®è匱æ§ãæ¢ãåºããã®ã ã£ãããã§ããåœæãããèªç§°ããã«ãŒãã¯çžåœããããã§ãCTF ã¯ãããã«ãŒã®èœåãæ°å€åããããšãç®çã«å§ãããããšãããŸãã
確ãã«ãããã«ãŒã®èœåã枬ãåºæºãšããã®ã¯ãããŸãããããã
ãŸããã¯ã€ãºåœ¢åŒã® CTF ã§ã¯ãåé¡ã¯ãžã£ã³ã«ããšã«åãããŠããŸããã§ããããäŸãã°ãªããŒã¹ãšã³ãžãã¢ãªã³ã°ã«åŒ·ãããŒã ããããã¯ãŒã¯ã«è©³ããããŒã ããšãã£ãåŸåãªã©ãèŠããŠããŸããããããæå³ã§ CTF ãšã¯ãèªåã®çŸåšã®ãããã³ã°èœåãã©ã®ãããã«ããã®ãããã 1 ã€ã®åºæºã§ããããã以äžã§ããã以äžã§ããªãããš
ç§ã¯èããŠããŸãã æ¹ããŠèããŠã¿ãã°ããã£ããããšããã§ããã
å人çã«ã¯ãCTF ã人æãæè²ããæ段㮠1 ã€ã«ãããªãã®ã§ã¯ãªããããšèããŠããŸããæ¥æ¬ã§èŠãã°ãä»ã«ã Hardening Project â» 2 ãçœæµã·ã³ããžãŠã ã§éå¬ãããæ å ±å±æ©ç®¡çã³ã³ãã¹ãâ» 3 ãªã©ããããŸããã§ãããçŸç¶ã§ã¯ CTF ã°ããããã¹ã³ãã«åãäžããããCTF ã®ç¹åŸŽã§ããæ»æè èŠç¹ã®ã²ãŒã æ§ãããè°è«ãããã¬æ¹åã«åãã£ãŠããããã«ãæããŸãããã ããã®ç¹ã«ã€ããŠã¯ãèªæã蟌ããŠãäŒããåŽã®è²¬ä»»ããããšæã£ãŠããŸãããã¹ã³ãã¯ãã£ãšã»ãã¥ãªãã£äººæè²æã®å šäœåãèŠããã¹ãã§ããã
ç§ã CTF ã ãããã»ãã¥ãªãã£æ¥çã§ã®ãã£ãªã¢ãã¹ã決ãããã®ã§ã¯ãªããšæããŠããŸããSECCON ã§ã¯ä»ã®ã³ã³ãã¹ããšã®é£æºã匷åããŠããŸãã2014 ã§ã¯ããªã³ã©ã€ã³äºéžã§ 1 äœééããããŒã ããæ å ±åŠçåŠäŒãäž»å¬ãããã«ãŠã§ã¢è§£æã³ã³ãã¹ãã§ãã MWS Cup â» 4 ã«æŽŸé£ãã ãã é ã« MWS Cup ã® åª å ã ㌠ã ã SECCONã®æ±ºåæŠã«æãžããããããŸãããHardening Project ã«ã€ããŠãã6 æã«è¡ããã倧äŒã« binjaãåºå Žããäºå®ã§ããããŸããŸãªæ§è³ªã®ã³ã³ãã¹ãã«åå ããŠã¿ãŠãä»åŸèªåã身ã«ã€ãããæè¡ãšã¯äœããèãããã£ããã«ãªããšããã§ããã
æ» é² æŠ ã® çµ éš å€ ã® é« ã binja 㮠人 ã ã¡ ããHardening Project ã§ã©ããŸã§å®ããã®ãã泚ç®ããããšæããŸããããŠãç§èªèº«ããããŸã§ã®åæã§èå³æ·±ããšæããã®ããSECCON å šåœå€§äŒã«ã³ãã¡ã¬ã³ã¹ã§è¡ããããå¯å£«éã®äœ³å±±æ°ã NTTã³ã ã»ãã¥ãªãã£ã®çŸœç°æ°ã®è¬æŒã§ãããã©ã¡ãã®è¬æŒãã瀟å 㧠CTF ãè¡ã£ããšãããæ å ±ã»ãã¥ãªãã£ã«å¿ èŠãªã¹ãã«ã»ãããæã£ã人æãçºæããããšãã§ããããšããå 容ã§ããã
確ãã«å€§äŒæ¥ã«ãªããšç€Ÿå¡ã®æ¹ã倧å¢ããŸãããã瀟å ã§ã»ãã¥ãªãã£äººæã確ä¿ããªããŠã¯ãªããªãå Žåããããã£ãã¹ãã«ã»ãããæã£ã瀟å¡ãæ¢ãåºæºã尺床ã¯ãããŸã§ãããŸããã§ãããã§ãããã瀟å ã§ã»ãã¥ãªãã£ã³ã³ãã¹ã
â» 1 enPiTãhttp://www.enpit.jp/â» 2 HardeningProjectãhttp://wasforum.jp/hardening-project/â» 3 第 19 åãµã€ããŒç¯çœªã«é¢ããçœæµã·ã³ããžãŠã ïŒç¬¬ 10 åæ å ±å±æ©ç®¡çã³ã³ãã¹ããhttp://www.riis.or.jp/symposium19/â» 4 ãã«ãŠã§ã¢å¯Ÿçç 究人æè²æã¯ãŒã¯ã·ã§ãã2014ãhttp://www.iwsec.org/mws/2014/
8
ããã£ãŠã¿ããšãããäŸãã°ã¹ãŒããŒã³ã³ãã¥ãŒã¿ãŒã®éçºã«æºãã人ããããã¯ãŒã¯éçšã«æºãã£ãŠãã人ãªã©ã瀟å ã®æãã¬éšçœ²ã«ããã人æãããããšãªã©ãããã£ãããã§ããããã¯CTF ã®é¢çœãå¹æã ãšæããŸãã
è¥ã人ãã¡ãã»ãã¥ãªãã£ã«ã€ã㊠åŠã¹ãç°å¢ãäœããã !
æåŸã«ç«¹è¿«ããå人ã«ã€ããŠäŒºããããšæããŸããççŽã«ã竹迫ããã¯ãã»ãã¥ãªãã£ã®äººããªã®ã§ããããããããšãããªãŒãã³ãœãŒã¹ã®äººããªã®ã§ããããããèªèº«ã§ã¯ã©ããèããªã®ã§ããã
ç§èªèº«ã¯å ã ããã°ã©ããŒã§ããæå±ããµã€ããŠãºã»ã©ãã§ããããã»ãã¥ãªãã£ã«æºããããšã«ãã£ãŠçŽæ¥çãªå©çã«çµã³ã€ãããã§ã¯ãããŸããããã®æå³ãããããšãã»ãã¥ãªãã£ã®äººã§ã¯ãªããšèããŠããŸãã
竹迫ãããã»ãã¥ãªãã£ãšé¢ãããæã€ããã«ãªã£ããã£ããã¯äœã ã£ãã®ã§ããããã
2005 幎ã«è¬åž«ãšããŠåå ãããåºå³¶ã®ãã»ãã¥ãªãã£ãã¿ããâ» 5 ãšããå匷äŒããã£ããã§ãããã®ãšããåç°æ°ïŒçŸãµã€ããŒå€§åŠææïŒãšãäŒãããŠãã»ãã¥ãªãã£ãã£ã³ãã®è¬åž«ã«èªã£ãŠããã ãã2006 幎ããè¬åž«ãåããããšã«ãªããŸããã
ã»ãã¥ãªãã£ãã¿ãã§ã¯ã©ã®ãããªè¬æŒããããã®ã§ããããã
åœæãå šææ€çŽ¢ã·ã¹ãã ã® Namazu ãããžã§ã¯ãã«åå ããŠããã®ã§ããããŠãŒã¶ãŒãªã©ããææãããè匱æ§ã®ãã³ããªã³ã°ã·ã¹ãã ã«ã€ããŠè©±ãããŸãããä»ã§ããåœããåã®è©±é¡ã§ã¯ãããŸãããåœæã®ãªãŒãã³ãœãŒã¹ã³ãã¥ããã£ãšããŠã¯åã®åãçµã¿ã ã£ããšæããŸãã
竹迫ãã㯠SECCON 以å€ã«ãããªãŒãã³ãœãŒã¹ã³ãã¥ããã£ã® Shibuya Perl Mongers â» 6 ã«ãæ·±ãæºãã£ãŠããããŸããã»ãã¥ãªãã£ãšãªãŒãã³ãœãŒã¹ããã® 2 ã€ã®ã³ãã¥ããã£ã«äœãéãã
æããŸããã 倧ããªéãã¯ã¡ã³ããŒã®å¹Žéœ¢å±€ã§ãããªãŒãã³
ãœãŒã¹ã®ã³ãã¥ãã£ã«ã¯å€ãã® 20 代ãããŸãããã»ãã¥ãªãã£ã³ãã¥ãã£ã®äžå¿ã¯ 40 代ã®æ¹ã ã§ãããã®ç¹ã«å±æ§ãæããŸããã
確ãã«ã ããã§ãè¥ã人ãã¡ãã»ãã¥ãªãã£ã«è§Šããæ©
äŒãäœããããšèããé«ç¥é«å°ã®å çæ¹ãšååããŠãã»ãã¥ãªãã£ã»ãžã¥ãã¢ãã£ã³ã in é«ç¥ãâ» 7
ãšããã€ãã³ããéå¬ããããšã«ããŸããã2 æ¥éã®å宿è¬åº§ã®æ¹ã¯äžåŠçã察象ã§ãã
ãªãã»ã©ãåæ©ã¯ SECCON ãšåããªã®ã§ããããã¡ãã«ã€ããŠãã話ã䌺ãããã®ã§ãããã€ã³ã¿ãã¥ãŒã®æéãæ®ãå°ãªããªã£ãŠããŸããã®ã§ãæ©äŒãæ¹ããããŠããã ããŸããããŠãæåŸã®è³ªåã«ãªããŸããã竹迫ããã®ä»åŸã®ç®æšãªã©ããèãããã ããã
äžè¬è«ãšããŠãæ¥æ¬ã¯äžçããèŠãŠã»ãã¥ãªãã£ã®åŒ±ãåœãšããå°è±¡ãæãããŠããŸããå æ¥ã®æ¥æ¬å¹Žéæ©æ§ã®äºä»¶ãªã©ãäžçã§å ±ããããŠããŸããããµã€ããŒã»ãã¥ãªãã£ã®è£œåãããã®ã»ãšãã©ãæµ·å€è£œãšããã®ãçŸç¶ã§ããã ãããšãã£ãŠãæ¥æ¬ã«ã¯å®ããæè¡è ãããªãããšèšãã°ããã§ã¯ãããŸãããSECCON ã®éå¶ãéããŠãæ¥æ¬ã«ã¯åªç§ãªåŠçã瀟äŒäººã®æ¹ãæ°å€ãããããšãããããŸãããããã§ããããã£ã人ãã¡ã®ååšãäžçã«äŒããŠãããããšæã£ãŠããŸããä»ã«ããã»ãã¥ãªãã£äººæè²æãæè²ãšãé¢é£ããŸãããæç§æžã«ã¯èŒã£ãŠããªãæ°ããªåé¡ã«ã€ããŠãã©ã®ããã«æããŠãããããããã¯ãã©ã®ããã«èªåã§åŠç¿ã§ããä»çµã¿ãäœã£ãŠãããã課é¡ã ãšæã£ãŠããŸãããã®æå³ã§ãæ¥æ¬ã®è¥ã人ãã¡ãåŠã¹ãç°å¢ãåŠæ ¡ä»¥å€ã§äœã£ãŠãããããšæã£ãŠããŸããCTF ãã»ãã¥ãªãã£ãã£ã³ããªã©ã¯åŠæ ¡ã§ã¯æããããŸãããããã
ä»åã®ã€ã³ã¿ãã¥ãŒã§ã¯ããŸããŸãªè©±é¡ã«ã€ããŠäŒºããŸããããåã ã®ã話㯠1 æ¬ã®çŽç·ãšããŠã€ãªãã£ãŠããã®ã§ãããæ¬æ¥ã¯ã©ããããããšãããããŸããã
â» 5 ã»ãã¥ãªãã£ãã¿ããhttp://d.hatena.ne.jp/sec-momiji/â» 6 ShibuyaPerlMongersãhttp://shibuya.pm.org/â» 7 ã»ãã¥ãªãã£ã»ãžã¥ãã¢ãã£ã³ãiné«ç¥ãhttp://www.security-camp.org/event/kochi2015.html
9
ã»ãã¥ãªãã£ã€ãã³ãã¢ã©ãŠã³ãã¶ã¯ãŒã«ãeCrime2015ïŒã¹ãã€ã³ã»ãã«ã»ããïŒïŒPHDays2015ïŒãã·ã¢ã»ã¢ã¹ã¯ã¯ïŒ
æ = ç¯ ç°äœ³å¥
eCrime2015å称ïŒSymposium on Electronic Crime ResearchïŒeCrime 2015ïŒ æ¥çšïŒ2015 幎 5 æ 26 æ¥ïœ 29 æ¥äŒå ŽïŒã¹ãã€ã³ã»ãã«ã»ãã - ã«ã€ã·ã£ãã©ãŒã©ã çŸè¡é€šïŒCaixa ForumïŒ äž»å¬ïŒAPWG ïŒ APWG.EUURLïŒhttps://apwg.org/apwg-events/ecrime2015/
ãµã€ããŒç¯çœªå¯Ÿçã®åœéäŒè°
ããµã€ããŒç¯çœªå¯Ÿçé¢ä¿è ã®åœéé£åäœã§ããAPWG ã¯ã2015 幎 5 æ 26 æ¥ ïœ 29 æ¥ ã® 4 æ¥ éãå€ãã®èŠ³å 客ã§è³ããã¹ãã€ã³åºå Žæå¯ãã®ã«ã€ 㷠㣠ã 㩠㌠㩠ã çŸ è¡ é€š ã« ãŠãSymposium on Electronic Crime Research (eCrime 2015) ãéå¬ããŸããããeCrime 2015 ã§ã¯ããµã€ããŒç¯çœªå¯Ÿçã«ããããç£å®åŠã®é¢ä¿è ãåœå®¶ã®å£ãè¶ ããŠäžå ã«äŒããååœã®è åšã®ç¶æ³ãç 究ææããŸãããã©ã¬ã³ãžãã¯ã®æåäŸãšãã£ãã±ãŒã¹ã¹ã¿ãã£ãªã©ã玹ä»ãããŸããããè¿å¹Žããµã€ããŒç¯çœªã¯å¢å ã®äžéããã©ãããã®æå£ãå·§åŠåããŠããŸããeCrime2015 ã§ã¯ãæ¥éãªæ®åã§æ³šç®ã济ã³ããããã³ã€ã³ããã¢ãã€ã«ãã€ã¡ã³ãã·ã¹ãã ãªã©æ°ããªæ±ºæžã·ã¹ãã ã䜿ã£ãç¯çœªãžã®å¯Ÿçãæ¥åãšããŠåè°ããããš
ãšãã«ãç¯çœªææ¢ã«ã€ãªããå ¬å ±æè²ããå€æ§ãªçµç¹éã®ååã¢ãã«ãªã©ãè°é¡ã«äžãããŸããã
APWG ãšã¯
ãeCrime ãäž»å¬ãã APWG ã¯ãæ¥çã»æ¿åºã»èŠå¯ã暪æçã«çµã³ããµã€ããŒç¯çœªå¯Ÿçã«é¢ããå ±é課é¡ã解決ããããã«çµç¹ãããåœéçé£åäœã§ããããµã€ããŒç¯çœªã«å¯Ÿå¿ããçŸå Žãšãã¢ã«ãããã¯ãªç 究è ãšãæ¶è²»è ã®ã®ã£ãããæå°éã«ãã¹ãåªåããŠããŸããã2003 幎ãAPWG ã¯ã¢ã³ããã£ãã·ã³ã°ã¯ãŒãã³ã°ã°ã«ãŒããšããŠç±³åœã§çãŸããç¿å¹Ž 6 æã«ç¬ç«ããéå¶å©æ³äººãšãªããŸããããŸãã2013 幎ã«ã¯ã¹ãã€ã³ã®ãã«ã»ããã«éå¶å©ãªç 究åºç€ãšã㊠APWG.EU ãèšç«ããŸããããAPWG ã«ã¯ãICANNã欧å·å§å¡äŒããµã€ããŒç¯çœªã«é¢ãã欧å·æ¡çŽã®åè°äŒãè¬ç©ç¯çœªã®åœé£äºåæã欧å·å®å šä¿èšŒååæ©æ§ãªã©ã2000 ãè¶ ããåœéè²è±ããªæ©é¢ãã¡ã³ããŒãšããŠå çããŠãããAPWG èªäœããã€ã®ãªã¹ã®é£éŠãµã€ããŒç¯çœªã€ãã·ã¢ãã£ãã®å§å¡ãšããŠæŽ»åããŠããŸãã
ããŒã¿ãŒã»ãã£ã·ãã£ïŒPeterCassidyïŒ APWG äºåç·é·ãžã®ã€ã³ã¿ãã¥ãŒ
ã--APWG èšç«ã®ç®ç㯠?ããã㊠APWG.EU ãèšç«ããçµç·¯ã¯ ?
ãããŒã¿ãŒã»ãã£ã·ãã£æ°ïŒä»¥äž PïŒïŒæ»æã«é¢ããæ å ±ãç¥ã£ãŠããã°è¿ éã«å¯Ÿå¿ããããšãå¯èœeCrime 2015 ã®äŒå Žã®æ§å
10
ã§ãããããŠãæ¥çã«ã¯æ å ±ãå ±æããä»çµã¿ãå¿ èŠã§ãããAPWG ã®æåã®ææã¯ãäŒæ¥ã ISPãªã©ããé£çµ¡ãåãããã£ãã·ã³ã°å ±åãã¢ã³ããŠã€ã«ã¹äŒæ¥ãã»ãã¥ãªãã£ãœããäŒæ¥ããã©ãŠã¶ãŒéçºäŒæ¥ãšå ±æããããã« FTP ãµãŒããŒãèšçœ®ããããšã§ããããAPWG.EU ã¯ããããŸã§ã® APWG ã®çµéšãæ¥çžŸãèžãŸããEU åå ã®ãµã€ããŒç¯çœªã€ã³ã·ãã³ã察å¿ã«ããããæ¥çã倧åŠã®ç 究ãä¿é²ããç®çã§èšç«ãããŸãããã¹ãã€ã³ã®ã©ã»ã«ã€ã·ã£éè¡ã®ãžã§ã«ãã£ã»ãŽã£ã©ïŒJordi VilaïŒæ°ã¯ãEU åæ倧ã®ç 究ã»çºæããã°ã©ã ã§ãã Horizon2020ã財æ¿æ¯æŽãåããŠããããã«ããšãŒãããã«ãããŠæ·±å»ãªãµã€ããŒç¯çœªãç 究ãã人ãã¡ãéãå£äœã«ã財æ¿çãªæŽå©ãå¿ èŠã ãšæãã2009 幎ç§ãç±³åœã·ã¢ãã«å·ã®åœéäŒè°éå¬ã®éãç§ã«ååãæ±ããŠããŸãããããã®ããã 8 æéåŸããããªã³å€§åŠã®ææãããæ¥æ¥ãã¢ã€ã«ã©ã³ãã®ãããªã³ã§ãµã€ããŒç¯çœªç 究è ãšææ»å®ãšã®äŒåãèšããªããããšæ蚺ãåããã®ã§ããããã¯äœãã®å¶ç¶ãªã®ãããããšãéåœãªã®ããç§ã¯ãã®å¶ç¶æ§ã«äžæè°ãªãã®ãæããŸããããã® 2 幎åŸãšãªã 2011 幎æ¥ãAPWG ã¯ãµã€ããŒç¯çœªã«ç¹åããåœéäŒè°
ãeCrime Sync-Upãããããªã³å€§åŠã«ãŠéå¬ããŸãããAPWG.EU ã®èšç«ã¯ãã® 2 幎åŸã«ãªããŸãã
ã--APWG ã¯ãã©ã®ãããªäººã ã«ãã©ã®ãããªäŸ¡å€ãæäŸããŠããŸãã ?
ãPïŒæ¥ã ã€ã³ã·ãã³ã察å¿ãããæ¹ã ãææ»å®ãã¡ã¯ãäœããããŸããæ¥åéè¡ã®ããã«æ å ±ãå¿ èŠã§ããããã«éèŠãªã®ã¯ãã§ããéãè¿ éãªãã£ãã·ã³ã°ã®å ±åã§ããAPWG ã¯ããã£ãã·ã³ã°å ±åã®é床ããããããã«ãç£å®åŠã暪æããå€ãã®äŒæ¥ã»å£äœãšååããå°ççèŠæš¡ã®ãµã€ããŒç¯çœªæ å ±äº€æãã©ãããã©ãŒã ãæäŸããŠããŸãã
ã--APWG ã®ç®æšã¯ ?
ãPïŒã€ã³ã¿ãŒãããã¯ã€ã³ã¿ãŒãããèªèº«ãé²åŸ¡ããªããã°ãªããªããšèããŸããAPWG ãšé¢ä¿å£äœã¯ãæ å ±äº€æã®å®å šèªååãé²ããæ å ±äº€æã®ã¹ããŒããäžããŠããå¿ èŠããããŸããããããããã¯äººéã®çµéšãšå€æãèªååããããã°ã©ã ãå¿ èŠãšããŸãããµã€ããŒç¯çœªã¯ããèªååãããã©ãã ãã®äººéãæå ¥ããŠãããªããªãã»ã©ãæåã§ã®å¯Ÿå¿ãè¿œãã€ããªããšãããŸã§æ¥ãŠããŸãããããã£ãŠãæ»æãã©ã®ããã«èªåçã«æ€åºã»ç¡å¹åããã®ãããŸãããµã€ããŒç¯çœªã®æ害ãã©ã®ããã«èªåçã«ç£æ»ããã®ããã¹ããããã€ã¹ãããã§ç 究ãé²ããææã«ã€ãªããŠãããããšèããŠããŸãã
PHDays2015å称ïŒPositive Hack Days 2015ïŒPHDays 2015ïŒ æ¥çšïŒ2015 幎 5 æ 26 æ¥ïœ 27 æ¥äŒå ŽïŒãã·ã¢ã»ã¢ã¹ã¯ã¯ - ã¯ã©ãŠã³ãã©ã¶ããã«ã»ã¢ã¹ã¯ã¯ã»ã¯ãŒã«ããã¬ãŒãã»ã³ã¿ãŒ äž»å¬ïŒPositive TechnologiesURLïŒhttp://www.phdays.com/
ãã·ã¢æ倧ã®ã»ãã¥ãªãã£ã€ãã³ã
ã2015 幎 5 æ 26 æ¥ïœ 27 æ¥ã® 2 æ¥éããã·ã¢ã®ã»ãã¥ãªãã£äŒæ¥ã§ãã Positive Technologies äž»å¬ ã® Positive Hack Days 2015 (PHDays 2015) ãããã·ã¢ã®ã¢ã¹ã¯ã¯ã«ãŠéå¬ãããŸããããPositive Technologies ã¯ã2002 幎ã«èšç«ããããã·ã¢çºã®æ å ±ã»ãã¥ãªãã£äŒæ¥ã§ãäž»èŠãªäºæ¥ã¯æ å ±ã»ãã¥ãªãã£è£œåã®éçºãšãã»ãã¥ãªãã£ã³ã³ãµã«ãã£ã³ã°ãªã©ã§ãã2015 幎çŸåšã§ã¯ãã€ã®ãªã¹ã»ã€ã³ãã»ã€ã¿ãªã¢ã»ã¢ã©ãéŠé·åœé£éŠã
ã¢ã¡ãªã«ã»ãã¥ããžã¢ã»éåœã«æ ç¹ãæ§ãæ¥æé·ããã°ããŒãã«äŒæ¥ã§ãããæ¯å¹Ž 5 æã«éå¬ããã PHDays ã¯ã2010 幎ã«æåŸ å¶ã®ã€ãã³ããšããŠå§ãŸããŸããã2013 幎ããã¯çŸåšã®äŒå Žãžãšç§»ããããå€ãã®äººãåå ã§ãããããã±ãã販売ãåãå ¥ããçŸåšã§ã¯æ°å人ãéã圌ãã®ä»£è¡šçäºæ¥ã® 1 ã€ãšãªããŸãããã«ã³ãã¡ã¬ã³ã¹ã¯ 6 ãã©ãã¯ã®æ§æã§ã2 æ¥éã§60 以äžã®ã»ãã·ã§ã³ãè¡ããããã·ã¢èªãšè±èªã®åæéèš³ãçšæãããŠããŸããæ¥æ¬äººåºåžè ã¯ç§ä»¥å€ã« 1 人ã ããããšèããŠããŸãã
11
PHDays ã§è¡ãããããŸããŸãªã€ãã³ã
ãå€çš®å€æ§ãªã³ã³ãã¹ãã PHDays2015 ã®èŠã©ããã® 1 ã€ã§ãã以äžããã®äžéšãç°¡åã«çŽ¹ä»ããŸãã
ã»$natchïŒãªã³ã©ã€ã³ãã³ã¯ãŠã§ããµãŒãã¹ã®ãšã¯ã¹ããã€ã競æ
ã»2drunk2hackïŒ5 åããã«ãŠã©ãã«ã·ã§ããã飲ã¿ãªãã WAF ã«å®ããã Web ã¢ããªãããã¯ãã競æ
ã»Hash RunnerïŒãã¹ã¯ãŒãããã·ã¥ã®ã¯ã©ããã³ã°ç«¶æ
ã»2600ïŒã³ã€ã³åŒã®å ¬è¡é»è©±ã®ããªãŒãã³ã°ç«¶æã»HackQuizïŒæ©æŒãã¯ã€ãºãæ£è§£è ã«æ¬¡ã®åé¡ã®
éžææš©ãããã»WAF BypassïŒäºåã«è匱æ§ãä»èŸŒãã Positive
Technologies 補 WAF ã® ã 〠ã ã¹ ã 競 ã 競 æãã¢ããªã®ãœãŒã¹ã³ãŒããšã¢ããªã±ãŒã·ã§ã³ã€ã³ã¹ãã¯ã¿ãŒã®ã¬ããŒããæäŸããã
ã»Competitive IntelligenceïŒãããããæ£ç¢ºã§äœ¿ããæ å ±ãè¿ éã«èŠã€ãã競æ
ã»Leave ATM AloneïŒATM ããšã¯ã¹ããã€ããã競æ
ã»PHDays Cybersecurity Project CompetitionïŒ ãµã€ããŒã»ãã¥ãªãã£ã®ã¹ã¿ãŒãã¢ãããããžã§ã¯ãã®å¯©æ»ãè¡ããAlmaz Capital äž»å¬ã§åªåè³éã 150 äžã«ãŒãã«ïŒçŽ 330 äžåïŒã
ã»Advantech against cyber geniusesïŒç£æ¥èªåæ©æ¢°ãããã¯ãã競æãç§å¯åºå°ã«ãããã±ããçºå°æ©ã®æšçãå€æŽããŠçºå°ããããšããã·ããªãª
ã»DIGITAL SUBSTATION TAKEOVER by iGRIDSïŒ ç«¶æçšã«éçºããã IEC61850 æºæ ã®å€é»èšåæ©åšãããã¯ãã競æ
ååœã®ã»ãã¥ãªãã£ã«ã³ãã¡ã¬ã³ã¹ äž»å¬è ãããã«ã§éçµ
ããŸããPositive Technologies ã® CTO ã§ããã£ãã»ã«ã²ã€ã»ãŽã«ãã£ãã§ã¯ïŒSergey GordeychikïŒæ°ããããããªã¹ãã® 1 人ãšããŠãæãžããããŸãããããã«ã®ããŒãã¯ãåœéçãã¯ã€ãããã
ã³ãã¥ããã£ã®æ§ç¯ããäŒå Žã«ã¯ãCCCïŒChaos Communication CongressïŒã CanSecWest ãšãã£ãäžçã«åã ããã»ãã¥ãªãã£ã«ã³ãã¡ã¬ã³ã¹ã®äž»å¬è ãã¡ãéçµããèªåããã®å Žã«ããŠããã®ããšæçž®ããŠããŸãã»ã©ã§ãããããã«ã¯ãã»ã«ã²ã€æ°ã®è³ªåã«å¯ŸããŠãããªã¹ããé ã«åçãã圢åŒã§è¡ãããŸããã質åã¯ãã·ã¢èªããè±èªã«ç¿»èš³ãããŠäŒããããã®ã§ãæå³ã解éããã®ã«èŠåŽããéšåããããŸãããã
ãã«ã³ãã¡ã¬ã³ã¹ã®æå³ã¯ ?ããšãã質åã«å¯Ÿããããããã®ãããªã¹ãã®åçãèããçã人ãšäººãšãåºäŒãããšã§äŸ¡å€ãçã¿åºãããšããèãæ¹ãæ ¹åºã«ããããšãããããŸããããã€ã³ã·ãã³ã察å¿ããããšããªã©ã¯ãæè¡çãªæ å ±ä»¥å€ã«ã人çãããã¯ãŒã¯ãå¿ èŠã§ãã«ã³ãã¡ã¬ã³ã¹ã§ç¥ãåã£ã人ãã¡ãšæ å ±äº€æããããšã§å šäœåãèŠããè¿ éãªè§£æ±ºã«ã€ãªãã£ããšããäŸã¯ææã«ããšãŸããããŸããããã«ã³ãã¡ã¬ã³ã¹ã§ç¥ãåã£ãåå è å士ãçµå©ããäŸãªã©ã
Leave ATM Alone ã®ç«¶æäŒå Ž
Advantech against cyber geniuses ã®ç«¶æã«äœ¿ããããžãªã©ã
12
玹ä»ãããŸãããããŸããã楜ãããããåºæ¿ããšãã£ãèŠçŽ ãã«ã³ãã¡ã¬ã³ã¹ã®åååã«ãªã£ãŠããããšã«ãæ°ã¥ãããŠãããŸãããã¯ãéãããšã楜ãããekoparty ã«ã¯ããµãã«ãŒããã¬ã€ããã³ãŒããŒããããäœãæ ç±ãæãŠããªããããã¯ã§ãã»ãã¥ãªãã£ã§ããµã€ããŒãããªããŠãããããšçºèšããŠããŸãããŸããZeroNights ã®ã¢ã¬ããµã³ããŒã»ãã€ã³ãŽïŒAlexander PolyakovïŒæ°ã¯ãååã®æåŸã®ã»ãã·ã§ã³ã§ãŒããã€ãé£ç¶ã§çºè¡šãããã®
ã¯å§å·»ã ã£ãããšèšããCCC ã®ããŒã°ã»ã¢ã³ãã¬ã¢ïŒBogk AndreasïŒæ°ã¯ãå€æ§æ§ãåãå ¥ããŠæ¥œãããå€ãã®åºæ¿ãåãããããšèªããŸããããåç±³ããã¢ãžã¢ã»æ¬§å·ãŸã§å€ãã®å°åã®ã»ãã¥ãªãã£ã«ã³ãã¡ã¬ã³ã¹ã®äž»å¬è ãäžå ã«éçµããããšã¯çããããšã§ãç§ãã¡ã¯æéãå¿ããŠèªãæãããŸãããããã次ã®ã€ãªãããç£ãã§ãããããšãæåŸ ããŠããŸããæ©äŒããããã»ã«ã²ã€æ°ãš PHDays ã«å¿ããæè¬ããŸãã
ããã«åå è ïŒåçå·ŠåŽããïŒ ã»ã«ã²ã€ã»ãŽã«ãã£ãã§ã¯ïŒSergeyGordeychikïŒâ SCADA Strangeloveããã·ã¢ïŒäž»å¬åŽïŒïŒç¯ ç°äœ³å¥ïŒKanaShinodaïŒ â CodeBlueãæ¥æ¬ïŒããŒã°ã»ã¢ã³ãã¬ã¢ïŒBogkAndreasïŒâ Chaos Communication Congressããã€ãïŒã¢ã¬ããµã³ããŒã»ãã€ã³ãŽïŒAlexanderPolyakovïŒ â ZeroNightsããã·ã¢ïŒãã§ããªã³ã»ãã«ã·ã¥ããŠã ïŒFedericoKirschbaumïŒ- ekopartyãã¢ã«ãŒã³ãã³ïŒãŽã¡ã³ãžã§ãªã¹ïŒVangelisïŒ â Power of CommunityãéåœïŒãããªã³ã»ãã©ã³ã³ïŒRodrigoBrancoïŒ â H2HCããã©ãžã«ïŒãã©ãŽã¹ã»ã«ãžã¥ïŒDragosRuiua.k.a.DojoMama-SanïŒâ CanSecWestãã«ãã
13
ããã«ãŒãã»ãã¥ãªãã£ã«ãŸã€ãããã¥ãŒã¹ãç¬èªã®èŠç¹ããæããæäºã³ã©ã
ThreatScopeThreatScope#08培åºçãªãªã¹ã¯åæãšæé·å¯èœãªã»ãã¥ãªãã£å¯Ÿç
æ = ãšã«ã»ã±ã³ã¿ããŠ
çµç¹ãå人ããªã¹ã¯ãèæ ®ããè¡åãå¿ èŠ
ãæ¥æ¬å¹Žéæ©æ§ãæ±äº¬åå·¥äŒè°æã®äºäŸãªã©ãåœå ã«ãããŠå€§èŠæš¡ãªå人æ å ±æµåºäºä»¶ãå€çºããŠããããããã¯æ¥æ¬ã ãã«ãšã©ãŸããªããç±³åœã§ãæ¿åºè·å¡ 400 äžååã®å人æ å ±ãæµåºããäºä»¶ãçºçãããªã©ãäžççã«èŠãŠãå¢å åŸåã«ããããå€ãã®äºä»¶ã«ãããŠããã®åå ã¯çµç¹å éšã®äººéã«ããç¯è¡ã§ã¯ãªããæšçåæ»æãªã©ã«ãããã®ã ãšããã®ãç¹åŸŽã ãšèšããã ãããã çµ ç¹ ã 管 ç ã ㊠ã ã æ å ± ã å€ éš ã« æŒ ã ã ã100% å®ãããæ¹æ³ãªã©ãçŸåšã®æè¡ã瀟äŒæ§é ã§ã¯å°åºå®çŸã§ãããã®ã§ã¯ãªããšãã»ãã¥ãªãã£æ¥çé¢ä¿è ã®ã¿ãªããå€ãã®äººãåæããŠããããåå·ã®èšäºã§ã觊ãããã³ã»ã®ã¢æ°ã®ã倱æãé»æ®ºãããªãèãæ¹ãã§ã¯ãçŸåšã»ãã¥ãªãã£æ¥çã§äž»æµãšãªã£ãŠããèŠç¯èªäœã®ã·ãããæå±ãããŠããããµã€ããŒç©ºéã«ãããŠã¯ãåžžã«ãªã¹ã¯ãèžãŸããäžã§ã®è¡åãå¿ èŠäžå¯æ¬ ãšãªã£ãŠãããããã®è¡åã¯ããã¡ããäžè¬ãŠãŒã¶ãŒã«ãåœãŠã¯ 㟠ãã ã 㣠ã 㷠㳠㰠察 ç ã® åœ é å£ äœ ã§ ã ãAPWGïŒAnti-phishing Working GroupïŒ ã§ ã¯ã
ãStop,Think,ConnectïŒäžåºŠç«ã¡æ¢ãŸã£ãŠç¶æ³ãç解ãçµæãèããŠè¡åããããã¢ãããŒã«ã»ãã¥ãªãã£ãšåãåããšããèãæ¹ïŒããæå±ããŠãããäžè¬ãŠãŒã¶ãŒã«å¯ŸããŠãªã¹ã¯ã®å¯èœæ§ãèæ ®ãããããå©çšã®å¿ èŠæ§ã匷調ããŠããã
ãããå©çšãšé転å èš±ãååã«èªãããšã¯ å¯èœãªã®ã !?
ãæ¬å¹Ž 5 æãã¹ãã€ã³ã»ãã«ã»ããã§éå¬ããã
APWG äž»å¬ã®ãµã€ããŒç¯çœªå¯ŸçåœéäŒè°ãeCrime 2015ãã§ã¯ããŸããŸãªè¬æŒãè¡ãããååœã®è åšã®ç¶æ³ãèªããããæçµæ¥ã«ã¯ãäžè¬ãŠãŒã¶ãŒãã»ãã¥ãªãã£ãšã©ã®ããã«åãåããããšããããŒãã§ããã«ãã£ã¹ã«ãã·ã§ã³ãè¡ããããããã®ããã«ã§åºãæèŠã«ãèªåè»ã®é転å èš±ãšã€ã³ã¿ãŒãããã®å©çšæ¹æ³ãæ¯èŒããè°è«ãå€ããããã®æ¯èŒã¯å¿ ãããæ£ãããªãããšãããã®ããã£ããäž¡è ãæ¯èŒããè°è«ã§ã¯ãäžå®ã®å¹Žéœ¢ã«éãã人ãé転æè¡ãç¿åŸãããšåæã«äº€éã«ãŒã«ãåŠã¶ããšã«ããå 蚱蚌ã亀ä»ããããã€ã³ã¿ãŒããããé転å èš±ãšåæ§ã«ãåå æã«ã»ãã¥ãªãã£ã«ã€ããŠæè²ãè¡ãã¹ãã ãšäž»åŒµããæèŠãããããäžæ¹ã§ãéè·¯ã®æž¡ãæ¹ãèªåè»ã®å±éºæ§ãšãã£ãã亀éã«é¢ããå®å šæè²ã¯åäŸã®ããããè¡ãããŠãããå èš±ãååŸãããããšãã£ãŠãæ¥ã«äº€éå®å šæè²ãåããããã§ã¯ãªããšãæ¯èŒè«ã«å察ããæèŠããããã€ãŸããçŸåšã®æ å¢ã§ã¯ã»ãã¥ãªãã£ãèãã以åãããªã¹ã¯ã«ã€ããŠã¯èããã¹ãã ãšããèŠè§£ã ããå°æ¥èµ·ãããããªã¹ã¯ã®åæãäºæž¬ã«ã€ããŠã¯ãã€ã³ã¿ãŒããããç»å Žãã以åãããæ¿æ²»ã»è»äºã»éèã»å·¥åŠãªã©ããŸããŸãªåéã§ç 究ãããŠãããåŠåãšããŠãæçããŠãããããµã€ããŒã»ãã¥ãªãã£ãžã®é©çšã«é¢ããŠã¯ãããŸã 確ãããã®ãçŸããŠããªãã®ãçŸç¶ã ãšèšããã ããã
NASA ã«åŠã¶ãªã¹ã¯åæãšã»ãã¥ãªãã£å¯Ÿå¿
ã話ã¯ãããããSF æ ç»ãªã©ã§ã¯å®å®è¹ã«äœããã®é害ãçºçããã¢ã©ãŒããçºããããå®å®é£è¡å£«ãäºæ ãææ¡ã§ããã«æ ãŠãŠããŸãã窮å°ã«é¥ããšããã·ãŒã³ãããç®ã«ãããããããNASAïŒç±³èªç©ºå®å®å±ïŒã®é¢ä¿è ã«ããã°ããããã£ãäºæ
14
ã¯å®éã«ã¯ããåŸãªãã®ã ããã ããšããã®ããNASA ã§ã¯ãå®å®é£è¡å£«ã®ãã¬ãŒãã³ã°ã®å€ãããšã©ãŒåŠçã«è²»ãããŠãããã·ã¹ãã ã®ãšã©ãŒç¶æ³ãçç¥ããè ã ããå®å®é£è¡å£«ãšããŠä»»åã«å°±ãããšãèš±ãããããã ããå®å®ç©ºéãšããæªç¥ã®é åã§ãããŸããŸãªãªã¹ã¯ãšé·ãã«ãããåãåã£ãŠãã NASA ã®å¯Ÿå¿ã¯ããµã€ããŒç©ºéã§èµ·ããããè åšãšåãåãã»ãã¥ãªãã£æ¥çã§ãèŠç¿ãã¹ãç¹ã¯å€ãã¯ãã ãã1986 幎ã«çºçããã¹ããŒã¹ã·ã£ãã«ã»ãã£ã¬ã³ãžã£ãŒå·ã®ççºäºæ 以æ¥ãNASA ã§ã¯ç¢ºçè«çãªã¹ã¯è©äŸ¡ïŒPRAïŒãæ¡çšããŠãããå®å®ã§ã®æŽ»åã«ãããããŸããŸãªé害ã®å¯èœæ§ãæ°å€åããå±éºæ§ã®é«ãç°å¢äžã§ããªã¹ã¯ã®äœæžããã³éåžžäºæ çºçæã®å¯Ÿå¿ãææåããŠããããNASA ã® PRA ã¬ã€ãããã¯ã¯ NASA ã®ãªã¹ã¯å¯Ÿçèšç·Žææã® 1 ã€ã«ããéããªããã431 ããŒãžã«ããããæ©æã®ãã©ãã«ãã人çºçãªãšã©ãŒãŸã§ãããŸããŸãªãªã¹ã¯ãæ°åŠçã«åæããŠããããŸããåœéå®å®ã¹ããŒã·ã§ã³ïŒISSïŒã§ã¯ããã·ã¢ãšå ±åã§éçºããå»çã¬ã€ãããã¯ãæ¡çšãããŠããããã®äžã«ã¯ææ¯ããç¥çµã®è¡°åŒ±ã«ããç°åžžãªè¡åããšãå®å®é£è¡å£«ãžã®å¯ŸåŠæ¹æ³ãŸã§ã1051ããŒãžã«ãããã¶å¯ŸåŠãã©ã³ã綿å¯ã«èšèŒãããŠãããã泚ç®ãã¹ãã¯ããããã£ã NASA ã®ãªã¹ã¯å¯Ÿçãã決ããŠå®å®éçºäºæ¥ãéå§ãã以åããäœããããã®ã§ã¯ãªããéçºäºæ¥ãé²ããäžã§åŸãçµéšã«åºã¥ããŠçå®ãããŠãããšããç¹ã ãNASAã§ã¯ãå®æçãªäººå¡ã»éçšããã»ã¹ã®èšç·Žã掻åã®äžç°ãšããŠçµã¿èŸŒãã§ããããšããã®ãããã®
æ¥é ã®èšç·Žããããªã¹ã¯äœæžã«å€§ãã«åœ¹ç«ã€ããã ã
æé·å¯èœãªã»ãã¥ãªãã£å¯Ÿçãšã¯ ? ãåžžã«è åšã®ç¶æ³ãå€åãããµã€ããŒç©ºéã«ãããŠã NASA ãšåæ§ã«ãçºçããäºæ¡ãå ã«ããå®å šãªç°å¢äœãããªã¹ã¯ã®äœæžãæäºã®éã®å¯Ÿå¿åäžãªã©ãçã¿åºãå®åžžçãã€ç·åçãªã»ãã¥ãªãã£å¯Ÿçãæ±ããããããçŸåšã®ã€ã³ã·ãã³ãåŠçã¯ãäºä»¶çºçåŸã«èºèµ·ã«ãªã£ãŠç«æ¶ãã«åã察ççæ³çãªãã®ã ãšèšããããåŸãªããç掻ç¿æ £ã®æ¹åãå¥åº·ãžã®éã®ãã§ããã®ãšåãããã«ãæ°ããªè åšãåžžã«äºæž¬ããªãããèŠå ããªãœãŒã¹ã®åæã蚱容å¯èœãªãªã¹ã¯çã®èšç®ãæäºçºçãæ³å®ããèšç·Žã®æ¥åžžåãªã©ãããŸããŸãªèŠçŽ ãçµã¿åããããã€ããããã®èŠçŽ ãç¶æ³ã«å¿ããŠã¢ããããŒãã§ãããããã°ãæé·å¯èœãªå¯Ÿçããä»æ±ããããã»ãã¥ãªãã£æŠç¥ãªã®ã§ã¯ãªãã ããã ?ãç¹ã«ãã«ãŒã«äœãã«ãšã©ãŸãããã«ãŒã«ã«æ²¿ã£ãéå¶äœå¶ã®èšç·Žãéçšäœå¶ã®ãã§ãã¯ã¯éèŠã ãæ¥æ¬å¹Žéæ©æ§ã®äºæ¡ã§ã¯ãæ¬æ¥åºç€å¹Žéçªå·ãªã©ã®å人æ å ±ã¯æ å ±ç³»ã·ã¹ãã ã®ãããã¯ãŒã¯ãšã¯åãé¢ãããåºå¹¹ã·ã¹ãã ã§ç®¡çãããããšãšãªã£ãŠããããéçšã®ã«ãŒã«ã«åŸãããå®æã«æ å ±ç³»ã·ã¹ãã ã®ãã¡ã€ã«ãµãŒããŒã«ä¿åããŠããŸã£ãããšãæ ¹æ¬çãªåå ã ãšèšãããŠãããæ®å¿µãªããšã§ã¯ããããæ¥æ¬å¹Žéåºéã®äºæ¡ã¯ããããã®å¯Ÿçãæ ã£ãæªããäŸãšããŠããããããèªãããããšã«ãªãã ããã
âåè URLã»ProbabilisticRiskAssessmentProceduresGuideforNASAManagersandPractitioners http://www.hq.nasa.gov/office/codeq/doctree/SP20113421.pdfã»NASARisk-InformedDecisionMakingHandbook,NASA/SP-2010-576,April2010. http://www.hq.nasa.gov/office/codeq/doctree/NASA_SP2010576.pdfã»NASA'sRiskManagementApproach http://www.cresp.org/RASDMU/Presentations/27_Dezfuli_NASA_presentation.pdfã»InvestigationoftheChallengerAccident:ReportoftheCommitteeonScienceandTechnology,HouseReport99-1016, http://www.gpo.gov/fdsys/pkg/GPO-CRPT-99hrpt1016/pdf/GPO-CRPT-99hrpt1016.pdfã»Post-ChallengerEvaluationofSpaceShuttleRiskAssessmentandManagement http://ntrs.nasa.gov/archive/nasa/casi.ntrs.nasa.gov/19880010818.pdfã»StarCrazy:Plansdealwithbreakdownsinspace http://www.nbcnews.com/id/17300028/ns/technology_and_science-space/t/star-crazy-plans-deal-breakdowns-space/#.
VXT0WmCxFH0