« July 2014 | Main | September 2014 »

2 posts from August 2014

Aug 11, 2014

The 26th FIRST Annual Conference in Boston

It's been quite a while. This is Taki again and I will be writing about my experiences at the 26th FIRST Annual Conference in Boston that I attended from June 23 - 27.

(Trinity Church - Photo by Hiroshi Kobayashi)

 

 

This year, I attended the conference with 3 colleagues, Yurie Ito, Koichiro (Sparky) Komiyama and Hiroshi Kobayashi. Having attended the conference on a few occasions in the past, it was a good time to catch-up with people that work in the industry and to discuss current work and how we may be able to collaborate going forward.

 

Hiroshi presented JPCERT/CC's activities related to the "Open DNS Resolver Check Site". He explained how the site works and gave an update on the achievement after APRICOT 2014 in February, where this topic was also covered. After the talk, we fielded some questions from a few CSIRTs and began some discussions about how to tackle the issue globally.

 

Also, JPCERT/CC participated in the VRDX-SIG meeting held then. VRDX stands for Vulnerability Reporting and Data eXchange. Membership is made up from administrators of vulnerability databases such as JVN, CERT Vulnerability Notes Database (CERT/CC). JPCERT/CC has served as the secretariat for the SIG and helps in facilitating discussions within the group. I regret not being able to share in detail what was discussed, but what I can promise is, as information becomes available from the SIG, the information should be useful to any organization that utilizes or searches for vulnerability information on the web.

 

Last but certainly not least, Koichiro (Sparky) Komiyama was elected to the Board of Directors for FIRST.Org, Inc. during the Annual General Meeting. His term is for 2 years, and we at JPCERT/CC will be supporting his activities in FIRST.

 

That is it for now.

Thanks for taking the time to read.

(Photo by Hiroshi Kobayashi)

 

-Taki Uchiyama

Aug 01, 2014

English Version of HTML5 Investigation Report Now Available!!

Hi! I’m Takuho Mitsunaga from Watch and Warning Group.

 

I am pleased to announce that JPCERT/CC has just released a report "Investigation Report Regarding Security Issues of Web Applications Using HTML5 (English version)."

 

As mentioned in the previous posts - JPCERT/CC at “CODE BLUE” and Presenting HTML5 security at OWASP AppSec APAC 2014, through publishing a report (Japanese version), we have worked to point out the issues and raise awareness for the local community. Today, the report became available in English for overseas partners!!

 
JPCERT/CC compiled this report with the aim to provide organized material which could serve as a basis for technical documentation and guideline on how HTML5 migration may affect web application security. I hope that overseas partners, particularly web security researchers and web application developers, find this report useful upon developing web applications.

Full report can be downloaded here:

https://www.jpcert.or.jp/english/pub/sr/HTML5-20140730_en.pdf

If you have any inquiries or feedbacks on the report, please contact us at ww-info(at)jpcert.or.jp.

Thank you!

 

- Takuho Mitsunaga