投稿時間:2022-06-16 18:27:36 RSSフィード2022-06-16 18:00 分まとめ(34件)

カテゴリー等	サイト名等	記事タイトル・トレンドワード等	リンクURL	頻出ワード・要約等/検索ボリューム	登録日
IT	ITmedia 総合記事一覧	[ITmedia News] ありがとう、Internet Explorer　Twitterで飛び交う“はなむけの言葉”	https://www.itmedia.co.jp/news/articles/2206/16/news173.html	internetexplorer	2022-06-16 17:46:00
IT	ITmedia 総合記事一覧	[ITmedia ビジネスオンライン] 「Internet Explorer」サポート終了に自治体「なんで急に」報道　Twitterで「さすがに草」などの声	https://www.itmedia.co.jp/business/articles/2206/16/news172.html	internetexplorer	2022-06-16 17:45:00
IT	ITmedia 総合記事一覧	[ITmedia News] スパコン富岳がミニチュアに　カプセルトイがきょう発売　本物の再現には216個必要	https://www.itmedia.co.jp/news/articles/2206/16/news175.html	itmedia	2022-06-16 17:35:00
IT	ITmedia 総合記事一覧	[ITmedia PC USER] MicrosoftがWindows 11「Build 25140」をDevチャネルで公開　ユーフェミア書体に新たなグリフを追加	https://www.itmedia.co.jp/pcuser/articles/2206/16/news167.html	build	2022-06-16 17:15:00
Azure	Azureタグが付けられた新着投稿 - Qiita	Azure Machine LearningのAutoMLで時系列予測を試してみた~②モデル評価編~	https://qiita.com/tmiyata/items/47e9b9f55242c1c548d1	automl	2022-06-16 17:43:57
技術ブログ	Developers.IO	AWS CodePipeline で S3 バケットにデプロイする index.html ファイル等の zip ファイルへの変換を防ぐ方法	https://dev.classmethod.jp/articles/tsnote-aws-codepipeline-how-to-prevent-the-index-html-file-from-being-zipped/	awscodepipeline	2022-06-16 08:13:55
技術ブログ	Developers.IO	AWS Step FunctionsでDynamoDBに対して小数点2桁の数値の入出力や足し算をしてみた	https://dev.classmethod.jp/articles/inputoutput-and-calculation-of-decimal-values-to-dynamodb-with-aws-step-functions/	awsstepfunctions	2022-06-16 08:06:27
技術ブログ	Developers.IO	iperfを使用してEC2間のネットワーク帯域幅をテストしてみる	https://dev.classmethod.jp/articles/test-network-bandwidth-between-ec2-instances/	developersio	2022-06-16 08:04:45
海外TECH	DEV Community	All You should know about HTTP Host Header Injection	https://dev.to/nathan20/all-you-should-know-about-http-host-header-injection-18il	All You should know about HTTP Host Header InjectionYou probably did not hear about this injection because it is not too popular despite the fact that attacks can be very impactful In this story I will explain briefly what the host header is how vulnerabilities can arise then give several examples Finally we will see how to protect against them What is a Host header A Host header is a standard HTTP header field that is used to specify the domain name of the website that a user is trying to access The Host header is used by the web server to determine which website to show the user For example when a user types in www example com the web server will look at the Host header to figure out which website to show the user If the Host header is set to www example com the web server will show the user the website that is associated with that domain name The Host header is also used by the web server to determine which website to show the user when the user types in an IP address For example if the user types in the web server will look at the Host header to figure out which website to show the user How Host Header is relevant Today with the growth of cloud computing it is common that one IP address does not point to a single domain In other words multiple websites or resources can be accessed by the IP address The host header comes here to help reach the right component the client wants Host header can be vulnerable An HTTP Host header attack is a type of attack where the attacker sends a request to a server with a fake Host header This can be used to trick the server into thinking the request is coming from a different domain or to redirect the request to a different website An attacker can even inject a malicious payload that manipulates server side behavior This can potentially lead to several others attacks SSRFWeb cache poisoningSQL code execution In order to test for this type of vulnerability the first step is to supply an arbitrary domain via the host header To make this attack possible you need to use a proxy that differentiates between the host header and the target IP Then you can send an arbitrary host header while sending the request to the relevant website The behavior of the target website can vary You should inspect it attentively For example some servers are configured with a fallback if the domain name is not recognized This case is pretty good for us In other scenarios if there is a firewall CDN or even a load balancer they may not know where to forward the request and that can result in an error Your request will be unable to reach the website s server Even though the host header is handled more securely depending on the configuration of the servers that process incoming requests the host can theoretically be overridden by injecting other headers Sometimes website owners are unaware that certain headers are supported by default and as a result they may not be viewed with the same amount of attention Keep in mind many of these vulnerabilities are caused by unsecured configuration of one or more components in the linked infrastructure rather than by insecure code These setup concerns can arise when websites include third party technology into their architecture without fully comprehending the setting options and their security consequences How to test your Application This section requires you to be more aware of server behavior You need to understand how the website filters the host header You should enter into hacker mode and try various techniques For example try to bypass by using a malicious sub domain or different port Your goal is to reach the target application When systems dispute which header is accurate it might lead to inconsistencies that you may be able to exploit Duplicate Host headers Add a second Host header can be a possible method if the website return a status code the case can be investigate further When systems dispute on which header is accurate it might lead to inconsistencies that you may be able to exploit Full URL By supply a absolute URL you can cause an unusual website behavior GET HTTP Host malicious payloadLine wrapping Try to indent a line with the malicioussite in the Host header GET example HTTP Host malicioussiteHost vulnerable website comSome website may block request with multiple host headers but you can try to bypass this by indenting Looking for a response Inject host override headers The X Forwarded Host is used to identify the original request made by the client You can sometimes use X Forwarded Host to inject your malicious input while circumventing any validation on the Host header itself How to exploit this misconfiguration HTTP Host header vulnerabilities are often caused by the incorrect belief that the header is not controlled by the user This provides implicit trust in the Host header resulting in insufficient validation or escaping of its value Reset password functionality If the application includes the host header while creating a new password reset links an attacker can modify the host header with a domain that behind his control Web cache poisoning If the Host header is reflected in the response markup without HTML encoding or even used directly in script imports GET HTTP Host attacker comThe following will be served from the web cache when a victim visits the vulnerable application SSRF Sometimes vulnerable host header can lead to Server side Forgery Look for a status code and investigate further How to prevent There are a few different ways to remediate host header injection vulnerabilities Use a web application firewall WAF to detect and block malicious requests Validate user input before processing it This can be done using a whitelist of allowed characters or by using a regular expression to check the format of the input This should include comparing it to a whitelist of allowed domains and rejecting or forwarding any requests for unknown sites Use HTTPS to encrypt all communication between the user and the server This will prevent attackers from being able to view or modify the data in transit Don t support Host override headers If you appreciate reading my posts don t hesitate to follow me Join our discord server	2022-06-16 08:21:29
海外TECH	Engadget	Tesla hikes prices across all of its models by up to $6,000	https://www.engadget.com/tesla-boosts-prices-across-its-lineup-up-to-6000-084010241.html?src=rss	Tesla hikes prices across all of its models by up to Tesla has significantly boosted prices across its EV lineup according to changes in its online configurator spotted by Electrek Most of the models affected are long range versions with the Model X AWD Long Range jumping the most up from to It s the latest in a series of price hikes for Tesla EVs this year nbsp The AWD Long Range Model S price also increased significantly by from to The Model Y Long Range and Performance prices went up by and to and respectively Just one Model version was effected the Long Range jumping from to The Elon Musk owned company didn t explain the changes but high inflation electronics shortages and other issues could be to blame Last week CEO Elon Musk reportedly said he might reduce Tesla s workforce due to to high inflation Other EV manufacturers like Rivian and Lucid have also boosted prices recently GM however significantly lowered the price of its Bolt EV last week to nbsp	2022-06-16 08:40:10
海外TECH	Engadget	The Boring Company will build a 34-mile tunnel network underneath Las Vegas	https://www.engadget.com/the-boring-company-tunnel-expansion-las-vegas-080509791.html?src=rss	The Boring Company will build a mile tunnel network underneath Las VegasThe Boring Company s underground transportation system will be more expansive than what it originally planned It has just received approval from the city to bring its underground transportation system called the Vegas Loop to city limits When Clark County Commissioners first approved the Vegas Loop it was supposed to be a mile tunnel network connecting stations Now the network will span miles and have a total of stations including ones that will serve the Harry Reid International Airport and the Allegiant Stadium According to the Las Vegas Review Journal Boring Co President Steve Davis said tunneling in downtown Las Vegas could begin in quot This is step two and there are eight steps for us to be opening There s a long way to go and a lot of work to do But if I were to guess on the spot I would guess we d have machines in the ground next calendar year quot According to the publication the downtown stations include the Strat Fremont Street Experience the Slotzilla attraction the Garage Mahal at the Circa Resort and the Plaza Hotel Boring could add other stations in the future as well with each one costing anything in between to million to build nbsp Davis also said a ride from Fremont Street Experience downtown to Reid International would cost about and take around eight or nine minutes Before Boring s monorail system could shuttle people to and from downtown Las Vegas though it has to secure a bunch of permits and design approvals first As The Verge notes only miles of the Vegas Loop are operational at the moment underneath the Las Vegas Convention Center LVCC That said Las Vegas Convention and Visitors Authority CEO Steve Hill said he expects more portions serving parts of the Resort Corridor to be operational sometime in Thanks to the entire team at the City of Las Vegas Great discussion today and TBC is excited to build a safe convenient and awesome transportation system in the City ーThe Boring Company boringcompany June	2022-06-16 08:05:09
医療系	医療介護 CBnews	「ICUなど1桁台」が3分の1強、日医総研-1都3県の急性期病院「集約不可欠」	https://www.cbnews.jp/news/entry/20220616172835	急性期病院	2022-06-16 17:50:00
医療系	医療介護 CBnews	感染症の危機対応、平時から情報共有・連携が必須-政府のコロナ有識者会議報告書	https://www.cbnews.jp/news/entry/20220616163104	情報共有	2022-06-16 17:30:00
金融	RSS FILE - 日本証券業協会	証券会社が仲介するプライベートプレイスメントに関する情報交換会	https://www.jsda.or.jp/about/gyouji/20220421101612.html	証券会社	2022-06-16 09:00:00
金融	金融庁ホームページ	「金融商品取引法施行令第六条の二第二項の規定に基づき、電子情報処理組織を指定する件の一部を改正する件」について公表しました。	https://www.fsa.go.jp/news/r3/shouken/20220616-2/20220616-2.html	情報処理	2022-06-16 10:00:00
海外ニュース	Japan Times latest articles	Dengue fever a growing threat in Asia	https://www.japantimes.co.jp/news/2022/06/16/asia-pacific/science-health-asia-pacific/dengue-fever-asia/	global	2022-06-16 17:31:54
海外ニュース	Japan Times latest articles	Business license of disgraced Hokkaido tour boat firm revoked	https://www.japantimes.co.jp/news/2022/06/16/national/shiretoko-yuransen-business-license-revoked/	license	2022-06-16 17:29:12
ニュース	BBC News - Home	Lord Geidt quits: No 10 urged to release resignation letter to PM	https://www.bbc.co.uk/news/uk-politics-61822998?at_medium=RSS&at_campaign=KARANGA	geidt	2022-06-16 08:56:21
ニュース	BBC News - Home	Asos shoppers return more as rising prices hit	https://www.bbc.co.uk/news/business-61822539?at_medium=RSS&at_campaign=KARANGA	inflationary	2022-06-16 08:39:29
ニュース	BBC News - Home	Premier League fixtures: Man City away to West Ham, Liverpool at Fulham, Forest at Newcastle	https://www.bbc.co.uk/sport/football/61795955?at_medium=RSS&at_campaign=KARANGA	season	2022-06-16 08:40:08
ビジネス	不景気.com	米化粧品メーカー「レブロン」が破産法申請、負債4946億円 - 不景気com	https://www.fukeiki.com/2022/06/revlon-chapter11.html	化粧品メーカー	2022-06-16 08:41:20
ビジネス	不景気.com	神奈川・箱根の元旅館経営「静峰閣 照本」に破産開始決定 - 不景気com	https://www.fukeiki.com/2022/06/terumoto-gora.html	有限会社	2022-06-16 08:17:29
北海道	北海道新聞	同姓同名の別人に３１年課税　蘭越町　固定資産税６４万２２００円返還	https://www.hokkaido-np.co.jp/article/694295/	固定資産税	2022-06-16 17:08:36
北海道	北海道新聞	ＬＧＢＴＱ擁護へ大統領令　バイデン氏「自分でいて」	https://www.hokkaido-np.co.jp/article/694298/	lgbtq	2022-06-16 17:08:00
北海道	北海道新聞	１７日の予告先発　日本ハムは上沢	https://www.hokkaido-np.co.jp/article/694270/	予告先発	2022-06-16 17:06:55
北海道	北海道新聞	日銀、円安や資源高の影響点検　決定会合、政策修正を慎重に議論	https://www.hokkaido-np.co.jp/article/694296/	金融政策決定会合	2022-06-16 17:05:00
北海道	北海道新聞	北海道内９０２人感染、１人死亡　新型コロナ	https://www.hokkaido-np.co.jp/article/694247/	北海道内	2022-06-16 17:04:15
北海道	北海道新聞	わいせつ疑いで慶大生逮捕、千葉　公園で８歳女児被害	https://www.hokkaido-np.co.jp/article/694293/	千葉公園	2022-06-16 17:01:00
マーケティング	MarkeZine	LINE、デジタル店頭POPソリューション「LINE POP Media」を開始　ローソンなどで展開	http://markezine.jp/article/detail/39230	linepopmedia	2022-06-16 17:15:00
IT	週刊アスキー	無数の恐竜がプレイヤーを襲う！対戦型PvE『エグゾプライマル』の実機プレイ映像（日本語版）が公開	https://weekly.ascii.jp/elem/000/004/094/4094970/	日本語版	2022-06-16 17:50:00
IT	週刊アスキー	日本語UI＆日本語版Miroverseもお目見え！　「Miro」が大幅にパワーアップ	https://weekly.ascii.jp/elem/000/004/094/4094804/	miroverse	2022-06-16 17:30:00
IT	週刊アスキー	スシロー、こども限定で3皿相当額が無料に！「大創業祭」第3弾開催中	https://weekly.ascii.jp/elem/000/004/094/4094895/	静岡県	2022-06-16 17:30:00
IT	週刊アスキー	スマホやダブレットでいつでもどこでも！『A列車で行こう はじまる観光計画』がクラウドゲームアプリになって配信開始	https://weekly.ascii.jp/elem/000/004/094/4094966/	appstore	2022-06-16 17:10:00
マーケティング	AdverTimes	「人間らしくやりたいナ」を現代版に サントリー「トリス」原点回帰のCM公開	https://www.advertimes.com/20220616/article387021/	原点回帰	2022-06-16 08:31:22