Researches on software vulerabilities
Today, vulnerabilities in the software used on/for the Internet are becoming a serious security problem. We work on such situation by collecting daily information, analyzing the real cause of the problems from the scientific point of view, to propose a resolution, guideline, software fixes, and the verification methods.
For each vulnerabilities found during the research, we cooperate with software developers, IPA, JPCERT/CC, CERT/CC and other organizations to fix the problem.
- Yutaka Oiwa
- Hiromitsu Takagi
- Hajime Watanabe
- Kazukuni Kobara
- Y. Oiwa, K. Kobara and H. Watanabe, ``A New Variant for an Attack Against RSA Signature Verification Using Parameter Field,'' Proceedings of EuroPKI 2007 (4th European PKI Workshop: Theory and Practice), LNCS 4582, pp.143--153, Palma de Mallorca, Spain, June 2007.
Some of reported vulnerabities
- tDiary program code injection using session riding
- Hiki cross-site scripting
- FreeStyleWiki arbitrary command invocation
- Design and implementation issues for safety restrictions of Ruby
- Mozilla, Opera XMLHTTP request splitting/concatenating vulnerability
- OpenSSL SSL version rollback
- GNUTLS, Mozilla certification verification vulnerability (using Parameters field)