久保 俊平 @MC_SEC_KB / @bou_san3 @MC_SEC_KB

・MENU ▪ Glossary ：Vulnerability ▪ Glossary ：Exploit ▪ Glossary ：Money/Noodle ▪ Case in Classic ：Time Noodle ▪ Illustrative example ：Time Noodle ▪ Reconsideration ：Time Noodle ▪ Vulnerability 1, 2 ：Time Noodle ▪ Countermeasures 1,2,3：Time Noodle ▪ Conclusion ：Time Noodle

▪ Vulnerability is : ▪ 「Vulnerability refers to the inability (of a system or a unit) to withstand the effects of a hostile environment. A window of vulnerability (WOV) is a time frame within which defensive measures are diminished, compromised or lacking」 ▪ （From Wikipedia「Vulnerability」）

▪ Exploit is : ▪ 「An exploit (from the English verb to exploit, meaning "to use something to one’s own advantage") is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). Such behavior frequently includes things like gaining control of a computer system, allowing privilege escalation, or a denial-of-service (DoS or related DDoS) attack.」 ▪ （From Wikipedia「Exploit」）

▪ In this short story, there is a name of unit of money “Mon” ▪ 1 Mon ≒ 10cent. ▪ And the name of noodle in this story is 2x8 noodle. ▪ because the price of noodle is 16 Mon.

▪ Guest：Entered in noodle shop and ordered 2x8 noodle(priced 16 mon), but having only 15 Mon. So, 1 mon is short for 2x8 noodle . ▪ Guest : ( After completed meal ) How much ? ▪ Master：Fee is 16 Mon. ▪ Guest：OK. But I have only change, please count one by one. ▪ Master：OK. 1,2,3,4,5,6,7,8,,, ▪ Guest：Hey, by the way, what time is it now ? ▪ Master：Yeah, it is 9 . ▪ Guest：Oh, it’s 9. Thanks, and go ahead. ▪ Master：10,11,12,13,14,15,16… ▪ Master：Just 16 mon. Thanks you very much. ▪ Guest：Bye. ▪ Master：（Counting money again）Oh ! 1 mon is short ! Master Guest

Master Guest Fee is 16 Mon. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

Fee is 16 Mon. 9 10 11 12 13 14 15 16 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Master Guest

Fee is 16 Mon. 9 10 11 12 13 14 15 16 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 What time is it now ? Master Guest

Fee is 16 Mon. 10 11 12 13 14 15 16 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 What time is it now ? It is 9 . Master Guest

Fee is 16 Mon. 1 2 3 4 5 6 7 8 9 It is 9. Thanks, and go ahead. 9 10 11 12 13 14 15 10 11 12 13 14 15 16 Master Guest

Fee is 16 Mon. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 9 10 11 12 13 14 15 16 It is 9. Thanks, and go ahead. Master Guest

Fee is 16 Mon. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Verify the price… Master Guest

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Completely match ! Master Guest Fee is 16 Mon. Verify the price…

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Completely match ! Master Guest Just the amount . Fee is 16 Mon. Verify the price…

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Completely match ! Master Guest Just the amount . Bye! Verify the price… Fee is 16 Mon.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Oh! 1 Mon is short !! （Counting money again…） Master Guest is gone .

W H Y ? Master

① Fee is 16 Mon. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 9 10 11 12 13 14 15 16 Master Guest

① Gue st Fee is 16 Mon. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 9 10 11 12 13 14 15 16 Inadequate variables for storing values. （Only one variables count money and time.） Master

② Master Guest Fee is 16 Mon. 10 11 12 13 14 15 16 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 What time is it now ? It is 9 .

② Master Guest Fee is16 Mon. 10 11 12 13 14 15 16 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 What time is it now ? It is 9 . Interruption enabled (While counting, another process can forcefully run.)

Master What should I do ?

① Master Guest Fee is 16 Mon. 10 11 12 13 14 15 16 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 What time is it now ? 9 Currency Time

① 10 11 12 13 14 15 16 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 What time is it now ? It is 9 . 9 Master Guest Fee is 16 Mon. Currency Time

① 10 11 12 13 14 15 16 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 It is 9 . It is 9. Thanks, and go ahead. 9 Master Guest Fee is 16 Mon. Currency Time

① 10 11 12 13 14 15 16 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 It is 9 . It is 9. Thanks, and go ahead. 9 Master Guest Fee is 16 Mon. Currency Time

① 10 11 12 13 14 15 16 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 9 1 Mon is short ! Master Guest Fee is 16 Mon. Currency Time

① Gue st 10 11 12 13 14 15 16 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 9 1 Mon is short ! Inadequate variables for storing values. ↓ Distinguishing between Currency and Time variables Master Fee is 16 Mon. Currency Time

② Fee is 16 Mon. 10 11 12 13 14 15 16 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 What time is it now ? Master Guest

② Fee is 16 Mon. 10 11 12 13 14 15 16 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 What time is it now ? Now I am counting ! Please be quiet ! Master Guest

② Gue st Fee is 16 Mon. 10 11 12 13 14 15 16 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 What time is it now ? Interruption disabled. Now I am counting ! Please be quiet ! Master

③ 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Fee is 16 Mon. Master Guest

③ 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Fee is 16 Mon. Master Guest

③ 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Fee is 16 Mon. What time is it now ? Master Guest

③ 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 What time is it now ? Please put money ! Master Guest

③ 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Not enough money! Master Guest

③ 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 CAUTION ! Master Guest

③ 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 CAUTION ! Master Arrest

③ 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 CAUTION ! Automation Master Arrest

We call it Exploit to misuse the vulnerability in the system.

We call it Exploit to misuse the vulnerability in the system. We shouldn’t to show or overcome the weaknesses. And don't forget the other change.

We call it Exploit to misuse the vulnerability in the system. We shouldn’t to show or overcome the weaknesses. And don't forget the other change. You need to patch the system's vulnerability as if you patch the torn clothes.

We call it Exploit to misuse the vulnerability in the system. We shouldn’t to show or overcome the weaknesses. And don't forget the other change. Getting the OS ready. Don’t turn off your computer. You need to patch the system's vulnerability as if you patch the torn clothes.

We call it Exploit to misuse the vulnerability in the system. We shouldn’t to show or overcome the weaknesses. And don't forget the other change. We couldn’t complete the updates. Undoing changes. Don’t turn off your computer. You need to patch the system's vulnerability as if you patche the rotn clothes.