いろいろ、、、偽装メール、Windows PDF Library Flaw、Strats2

 ・だから「なりすまし」は防げない (03/22)

　http://itpro.nikkeibp.co.jp/atcl/column/17/031500082/031600002/

『迷惑メール対策推進協議会は総務省と協力し、「DMARCの認証でなりすましメールを削除できるように準備を進めている」（櫻庭氏）。3月20日週にも何らかの結論が出る可能性がある』

・Windows PDF Library Flaw Puts Edge Users at Risk for RCE (2016/08/09)

　https://threatpost.com/windows-pdf-library-flaw-puts-edge-users-at-risk-for-rce/119773/

「“Only Windows 10 systems with Microsoft Edge set as the default browser can be compromised simply by viewing a website.

 The browsers for all other affected operating systems do not automatically render PDF content, so an attacker would have no way to force users to view attacker-controlled content,” Microsoft said in its advisory.

“Instead, an attacker would have to convince users to open a specially crafted PDF document, typically by way of an enticement in an email or instant message or by way of an email attachment.”

Microsoft suggested that organizations could remove Edge from the PDF reader default type association as a temporary workaround.」

Annoying 'Open PDF In Edge' Default Option Puts Windows 10 Users At Risk(2016/08/09)

　https://tech.slashdot.org/story/16/08/09/2229247/annoying-open-pdf-in-edge-default-option-puts-windows-10-users-at-risk

「Even worse, Microsoft has the annoying habit of resetting your personal app preferences once in a blue moon, always reverting Edge as the default browser and the default app to open PDF files.」

・猛威振るうStruts2脆弱性への攻撃、どうすれば防げたか (03/22)

　http://itpro.nikkeibp.co.jp/atcl/column/14/346926/032100893/

「脆弱性の多いソフトウエアやフレームワークの使用を避けるというリスク対策も必要」

事例の一覧も

  ref: http://akasaka-taro.blogspot.jp/2017/03/struts-2-gmo.html  (3/16)