SecLists.Org Security Mailing List Archive

Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:

Insecure.Org Lists

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

New VA Modules: Nessus: 23 New VA Module Alert Service (Oct 20)
This report describes any new scripts/modules/exploits added to Nmap,
Metasploit, Nessus, and OpenVAS since yesterday.

== Nessus plugins (23) ==

78580 oraclelinux_ELSA-2014-3083.nasl
http://nessus.org/plugins/index.php?view=single&id=78580
Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3083)

78579 oraclelinux_ELSA-2014-3082.nasl
http://nessus.org/plugins/index.php?view=single&id=78579
Oracle Linux 5 / 6 : Unbreakable...

Nmap crashes on win8.1 64bit Saro Hayan (Oct 19)
I have nmap 6.47 on a win8.1 64 bit machine. Using cygwin/mintty, it
immediately kicks a segfault. I've also tried in windows command shell, it
crashes without the segfault message.

$ nmap -d9 192.168.1.1

Starting Nmap 6.47 ( http://nmap.org ) at 2014-10-19 17:06 ric
Fetchfile found C:\Program Files (x86)\Nmap/nmap-services
PORTS: Using top 1000 ports found open (TCP:1000, UDP:0, SCTP:0)
Trying to initialize WinPcap
Winpcap present,...

New VA Modules: NSE: 1, MSF: 6 New VA Module Alert Service (Oct 19)
This report describes any new scripts/modules/exploits added to Nmap,
Metasploit, Nessus, and OpenVAS since yesterday.

== Nmap Scripting Engine scripts (1) ==

r33739 http-avaya-ipoffice-users http://nmap.org/nsedoc/scripts/http-avaya-ipoffice-users.html
https://svn.nmap.org/nmap/scripts/http-avaya-ipoffice-users.nse
Author: Paulino Calderon <calderon () websec mx>
Attempts to enumerate users in Avaya IP Office systems 7.x.

== Metasploit...

STACK TRACE: zenmap Michael P. Curran (Oct 19)
Below is the stack trace for zenmap i received. Also, the config or other file made the user/root create a directory
within /usr/local/bin which is not clean at all. The GUI was looking for /usr/local/bin/share/zenmap/config, while
this directory should go in /usr/local/share/ .. Please let me know if you plan on cleaning or know how I could change
this pointer...

Version: 6.47SVN
Traceback (most recent call last):
File...

Re: Simple NSE script for Docker API fingerprinting Claudio Criscione (Oct 19)
Ah, fantastic, thank you Daniel. I suspected that the ordering was not hard
enforced, but I never saw anything but the one I reported :-(
Good thing to have a fallback - I'm looking forward to see your code.

Thanks a lot!

2014-10-16 5:57 GMT+02:00 Daniel Miller <bonsaiviking () gmail com>:

New VA Modules: Nessus: 42, OpenVAS: 59 New VA Module Alert Service (Oct 18)
This report describes any new scripts/modules/exploits added to Nmap,
Metasploit, Nessus, and OpenVAS since yesterday.

== Nessus plugins (42) ==

78557 cisco-sn-CSCte27874-nxos.nasl
http://nessus.org/plugins/index.php?view=single&id=78557
Cisco MDS 9000 VRRP DoS (CSCte27874)

78556 php_5_6_0.nasl
http://nessus.org/plugins/index.php?view=single&id=78556
PHP 5.6.0 Development Releases CDF File NULL Pointer Dereference DoS

78555...

Re: [NSE] ASUS RT-N10U addition to http-default-accounts-fingerprints Paulino Calderon (Oct 18)
Hey,

I’ve included the new signatures in r33736. Thanks for submitting them and sorry for the late response!

Cheers.

New VA Modules: Nessus: 33 New VA Module Alert Service (Oct 17)
This report describes any new scripts/modules/exploits added to Nmap,
Metasploit, Nessus, and OpenVAS since yesterday.

== Nessus plugins (33) ==

78515 drupal_7_core_sqli.nasl
http://nessus.org/plugins/index.php?view=single&id=78515
Drupal Database Abstraction API SQLi

78514 hp_sprinter_hpsbmu03110.nasl
http://nessus.org/plugins/index.php?view=single&id=78514
HP Sprinter Remote Code Execution

78512...

New VA Modules: MSF: 1, Nessus: 99, OpenVAS: 12 New VA Module Alert Service (Oct 16)
This report describes any new scripts/modules/exploits added to Nmap,
Metasploit, Nessus, and OpenVAS since yesterday.

== Metasploit modules (1) ==

534a5d96 https://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/local/bthpan.rb
BthPan.sys Privilege Escalation

== Nessus plugins (99) ==

78482 oracle_java_cpu_oct_2014_unix.nasl
http://nessus.org/plugins/index.php?view=single&id=78482
Oracle Java SE...

Re: Simple NSE script for Docker API fingerprinting Daniel Miller (Oct 16)
Claudio,

I just committed your probe and three matchlines as r33731. After
doing a little research, it looks like the order of the elements is
not guaranteed, so I took your alphabetical ordering as the best-case
scenario, extracting OS information. As a fallback, it tries to match
ApiVersion and Version in either order, then falls back to just
Version for API 1.11 and older. The API spec does not list OS or
KernelVersion under /version but...

Re: Simple NSE script for Docker API fingerprinting Claudio Criscione (Oct 15)
Hi Daniel,
thanks for the followup!

Here is the output of the run (I only have an HTTP version handy but the
SSL version should just have an stunnel in front so no difference for the
fingerprint I believe):

SF-Port2375-TCP:V=6.40%I=9%D=10/15%Time=543ED08B%P=x86_64-pc-linux-gnu%r(d
SF:ocker,114,"HTTP/1\.1\x20200\x20OK\r\nContent-Type:\x20application/json\
SF:r\nJob-Name:\x20version\r\nDate:\x20Wed,\x2015\x20Oct\x202014\x2019:52:...

Re: Simple NSE script for Docker API fingerprinting Daniel Miller (Oct 15)
Claudio,

Thanks for taking the time to contribute! Your script looks pretty good,
but as you pointed out, it's rather small to be a standalone script. We
will try using the service probe you wrote, but if that doesn't work out,
the best fit for it would instead be a fingerprint in our
nselib/data/http-fingerprints.lua database, probably under the MANAGEMENT
heading.

Just so we can be sure there's not a better regex match to use,...

Re: Is db2-discover.nse redundant? Daniel Miller (Oct 15)
I removed the script in r33728

Dan

Re: [Patch] nse_fs.cc Daniel Miller (Oct 15)
Gisle,

I removed the large files support in r33671, which also removed this
include. Have you had any compilation problems recently, or did this
address the issue?

Dan

Re: [NSE] A few fixes for http-rfi-spider.nse Daniel Miller (Oct 15)
nnposter,

Thanks again for a great improvement. This one is r33727, and greatly
appreciated.

Dan

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.

Nmap Project Seeking Talented Programmers for Google Summer of Code--Last Day to Apply! Fyodor (Mar 20)
Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're...

Nmap Team Launches 5-Gigapixel "Icons of the Web" Project Fyodor (Dec 19)
Fellow Nmap Hackers,

Perhaps you remember in 2010 how we capped off a massive scan of the top
million Internet web sites by creating a giant interactive collage, with
each site scaled by its popularity? Well, I'm happy to report that we
restarted our scanners this year and have launched a brand new and much
improved edition of Icons of the Web at http://nmap.org/favicon/! It's
interesting to see how things have changed in just 3...

Nmap 6.40 Released! New scripts, new signatures, better performance! Fyodor (Aug 19)
Hi Folks. It has been a while since the last stable Nmap release, but
I'm pleased to release Nmap 6.40 and I think you'll consider it worth
the wait! It includes 14 new NSE scripts, hundreds of new OS and
service detection signatures, a new --lua-exec feature for scripting
Ncat, initial support for NSE and version scanning through a chain of
proxies, improved target specification, many performance enhancements
and bug fixes, and much...

Nmap Project Seeking Talented Programmers for Google Summer of Code Fyodor (Apr 26)
Hi Folks. I'm happy to announce that the Nmap Project has again been
accepted into the Google Summer of Code program. This innovative and
extraordinarily generous program provides $5,000 stipends to college and
graduate students who spend the summer improving Nmap! They gain valuable
experience, get paid, strengthen their résumés, and write code for millions
of users.

Previous SoC students helped create the Nmap Scripting Engine, Zenmap...

Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. It higher traffic than other lists, but the relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

Mozilla mozilla.org Two Sub-Domains ( Cross Reference) XSS Vulnerability ( All URLs Under the Two Domains) Jing Wang (Oct 20)
Domains:
http://lxr.mozilla.org/
http://mxr.mozilla.org/
(The two domains above are almost the same)

Websites information:
lxr.mozilla.org, mxr.mozilla.org are cross references designed to display
the Mozilla source code. The sources displayed are those that are currently
checked in to the mainline of the mozilla.org CVS server, Mercurial Server,
and Subversion Server; these pages are updated many times a day, so they
should be pretty close to...

CVE-2014-7292 Newtelligence dasBlog Open Redirect Vulnerability Jing Wang (Oct 20)
Exploit Title: Newtelligence dasBlog Open Redirect Vulnerability
Product: dasBlog
Vendor: Newtelligence
Vulnerable Versions: 2.3 (2.3.9074.18820) 2.2 (2.2.8279.16125)
2.1(2.1.8102.813)
Tested Version: 2.3 (2.3.9074.18820)
Advisory Publication: OCT 15, 2014
Latest Update: OCT 15, 2014
Vulnerability Type: Open Redirect [CWE-601]
CVE Reference: CVE-2014-7292
Risk Level: Low
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Credit: Wang Jing...

Re: CVE request: remote code execution in Android CTS Jann Horn (Oct 20)
Is this file on the android device or on the PC?

This causes calc.exe to be run on the PC, right?

Re: [oss-security] CVE request: remote code execution in Android CTS David Daynard (Oct 20)
Compliance Test Suite is one portion of the process OEMs use to certify
Android builds on shipping devices. I cannot think of any instance where
the average user would run the suite (which takes several hours to do and
is a fairly complicated process
https://source.android.com/compatibility/cts-intro.html )
Even if someone is building Android at home, there is no reason to run CTS
on home builds. I'm not saying this file shouldn't be...

Re: [oss-security] CVE request: remote code execution in Android CTS Grond (Oct 20)
Before trying to sweep this thing under the carpet, you might want to
ask yourself two simple questions:
Is this kind of file ever *intended* to be used as an executable script?
If the answer is "no"; then you should apply fixes.
And:
Which is more expensive? Spending a couple of hours to fix this now,
or having someone chain this together with another (unforeseeable)
bug enabling easy exploitation a few years down the road, allowing...

Re: Cyanogenmod MITM: proven, despite cyanogenmod's public denail Jeffrey Walton (Oct 19)
Its not clear to me where its been proven. I think your post is
missing some information, like the smoking gun. (It may exist, you
just didn't make it clear).

If I am reading the check-in correctly, it does not look like its a
MitM. Checking the CN to ensure a hostname match should be OK. But I
should probably read a bit more about the DistinguishedNameParser.

However, it is a policy violation of both the IETF and CA/Browser
Forums. Both...

Re: [oss-security] CVE request: remote code execution in Android CTS Nick Kralevich (Oct 19)
Nick from the Android Security team here.

In the future, please feel free to send these kinds of reports to
security () android com Please see
http://developer.android.com/guide/faq/security.html#issue for contact
information.

Android's Compatibility Test Suite (CTS) is an executable software
package intended to be downloaded and run from your computer. Please
see https://source.android.com/compatibility/cts-intro.html for more...

Re: CVE request: remote code execution in Android CTS Lord Tuskington (Oct 19)
I disagree with Nick Kralevich's response. An attacker who has the ability
to locally modify an XSL file should not be able to leverage this to
achieve code execution. This crosses a trust boundary.

As for why I didn't report this to security () android com, when Google starts
paying corporate tax instead of dodging it, I will report issues privately.

Lord Tuskington
Chief Financial Taxdodger
Google

On Sun, Oct 19, 2014 at 7:28 PM,...

Re: Cyanogenmod MITM: proven, despite cyanogenmod's public denail Lord Tuskington (Oct 19)
The exploit is the same as for this issue:

http://mail-archives.apache.org/mod_mbox/www-announce/201408.mbox/CVE-2014-3577

i.e.:

It parsed the entire subject distinguished name (DN)
for the occurrence of any <CN=> substring (regardles of field).

Therefore a DN of with a O field such as

O="foo,CN=www.apache.org”

and a CN of "www.evil.org” and ordered such that the O appears prior to
the CN field would...

CVE request: remote code execution in Android CTS Lord Tuskington (Oct 19)
CTS parses api-coverage.xsl without providing the FEATURE_SECURE_PROCESSING
option. See lines 60-67 of
cts/tools/cts-api-coverage/src/com/android/cts/apicoverage/HtmlReport.java:

InputStream xsl =
CtsApiCoverage.class.getResourceAsStream("/api-coverage.xsl");
StreamSource xslSource = new StreamSource(xsl);
TransformerFactory factory = TransformerFactory.newInstance();
Transformer transformer = factory.newTransformer(xslSource);...

Re: Cyanogenmod: multiple flaws in dependencies, including RCE Артур Истомин (Oct 19)
Very interesting. What about AOSP (android open source project)? They merge
them to their branch? I think Cyanogenmod team monitors only google's
branch and nothing more.

Cyanogenmod: multiple flaws in dependencies, including RCE Lord Tuskington (Oct 19)
Cyanogenmod does not seem to be capable of maintaining their external
dependencies with security patches. There are many unpatched flaws,
including the CVE-2014-0107 RCE flaw in Xalan-J. For more details, see:

http://lordtuskington.blogspot.com/2014/10/more-cyanogenmod-flaws-in-dependencies.html

Lord Tuskington
Chief Financial Pinniped
TuskCorp

Cyanogenmod MITM: proven, despite cyanogenmod's public denail Lord Tuskington (Oct 19)
After reading el reg's article regarding a cyanogenmod MITM flaw, I started
looking through the code to see if I could find it. It didn't take long.
This finding was not what users are led to believe by cyanogenmod's blog
post:

http://www.cyanogenmod.org/blog/in-response-to-the-register-mitm-article

I reported the issue to cyanogenmod, but got a rather unsatisfactory reply.
They didn't seem willing to modify the blog post to...

Fonality trixbox CE remote root exploit Simo Ben youssef (Oct 17)
#!/usr/bin/perl
#
# Title: Fonality trixbox CE remote root exploit
# Author: Simo Ben youssef
# Contact: Simo_at_Morxploit_com
# Discovered & Coded: 2 June 2014
# Published: 17 October 2014
# MorXploit Research
# http://www.MorXploit.com
# Software: trixbox CE
# Version: trixbox-2.8.0.4.iso
# Vendor url: http://www.fonality.com/
# Download: http://sourceforge.net/projects/asteriskathome/files/trixbox%20CE/
# Vulnerable file:...

Multiple unauthenticated SQL injections and unauth enticated remote command injection in Centreon <= 2.5.2 and Centreon Enterprise Server <= 2.2|3.0 yoloswag (Oct 17)
# Multiple unauthenticated SQL injections and unauthenticated remote
command injection in Centreon <= 2.5.2 and Centreon Enterprise Server <=
2.2|3.0
#
# Product link: http://www.centreon.com/
# CVE references
# |- CVE-2014-3828: Unauthenticated SQL injections
# |- CVE-2014-3829: Unauthenticated remote command injection
# CERT/CC reference: VU#298796
# Author: MaZ...

Other Excellent Security Lists

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

[SECURITY] [DSA 3050-1] iceweasel security update Moritz Muehlenhoff (Oct 20)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3050-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
October 15, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : iceweasel
CVE ID : CVE-2014-1574 CVE-2014-1576...

Re: LiveZilla 5.3.0.7 Security Issue Henri Salo (Oct 20)
CVE OpenSource Request HOWTO can be located at:

http://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html

As "Live!Zilla" product is open-source you can request CVE in public
oss-security mailing list:

http://oss-security.openwall.org/wiki/
http://www.openwall.com/lists/oss-security/

You should include following details to your request if available:

- Software and vendor name
- Type of vulnerability
- Link to vulnerable...

Elastix Multiple vulnerabilities (Remote Command Execution, XSS, CSRF) simo (Oct 20)
Title: Elastix Multiple vulnerabilities (Remote Command Execution, XSS, CSRF)
Author: Simo Ben youssef
Contact: Simo_at_Morxploit_com
Discovered: September 1 2014
Published: October 17 2014
MorXploit Research
http://www.MorXploit.com
Software: Elastix
Version: Elastix 2.4.0 Stable
Vendor url: http://elastix.org/
Vulnerable file: modules/backup_restore/index.php

Description:

1- Remote Command Execution

modules/backup_restore/index.php suffers...

APPLE-SA-2014-10-16-5 OS X Server v2.2.5 Apple Product Security (Oct 17)
APPLE-SA-2014-10-16-5 OS X Server v2.2.5

OS X Server v2.2.5 is now available and addresses the following:

Server
Available for: OS X Mountain Lion v10.8.5
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of SSL
3.0 when a cipher suite uses a block cipher in CBC mode. An attacker
could force the use of SSL 3.0, even when the server would support a
better TLS version,...

APPLE-SA-2014-10-16-4 OS X Server v3.2.2 Apple Product Security (Oct 17)
APPLE-SA-2014-10-16-4 OS X Server v3.2.2

OS X Server v3.2.2 is now available and addresses the following:

Server
Available for: OS X Mavericks v10.9.5 or later
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of SSL
3.0 when a cipher suite uses a block cipher in CBC mode. An attacker
could force the use of SSL 3.0, even when the server would support a
better TLS...

APPLE-SA-2014-10-16-6 iTunes 12.0.1 Apple Product Security (Oct 17)
APPLE-SA-2014-10-16-6 iTunes 12.0.1

iTunes 12.0.1 is now available and addresses the following:

iTunes
Available for: Windows 8, Windows 7, Vista, XP SP2 or later
Impact: A man-in-the-middle attack while browsing the iTunes Store
via iTunes may lead to an unexpected application termination or
arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory...

APPLE-SA-2014-10-16-3 OS X Server v4.0 Apple Product Security (Oct 17)
APPLE-SA-2014-10-16-3 OS X Server v4.0

OS X Server v4.0 is now available and addresses the following:

BIND
Available for: OS X Yosemite v10.10 or later
Impact: Multiple vulnerabilities in BIND, the most serious of which
may lead to a denial of service
Description: Multiple vulnerabilities existed in BIND. These issues
were addressed by updating BIND to version 9.9.2-P2
CVE-ID
CVE-2013-3919
CVE-2013-4854
CVE-2014-0591

CoreCollaboration...

APPLE-SA-2014-10-16-2 Security Update 2014-005 Apple Product Security (Oct 17)
APPLE-SA-2014-10-16-2 Security Update 2014-005

Security Update 2014-005 is now available and addresses the
following:

Secure Transport
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of SSL
3.0 when a cipher suite uses a block cipher in CBC mode. An attacker
could force the use of SSL 3.0, even when...

APPLE-SA-2014-10-16-1 OS X Yosemite v10.10 Apple Product Security (Oct 17)
APPLE-SA-2014-10-16-1 OS X Yosemite v10.10

OS X Yosemite v10.10 is now available and addresses the following:

802.1X
Impact: An attacker can obtain WiFi credentials
Description: An attacker could have impersonated a WiFi access
point, offered to authenticate with LEAP, broken the MS-CHAPv1 hash,
and used the derived credentials to authenticate to the intended
access point even if that access point supported stronger
authentication methods....

[CORE-2014-0007] -SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability CORE Advisories Team (Oct 17)
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability

1. **Advisory Information**

Title: SAP Netweaver Enqueue Server Trace Pattern Denial of Service
Vulnerability
Advisory ID: CORE-2014-0007
Advisory URL:
http://www.coresecurity.com/advisories/sap-netweaver-enqueue-server-trace-pattern-denial-service-vulnerability
Date published: 2014-10-15
Date of last...

[SECURITY] [DSA 3053-1] openssl security update Thijs Kinkhorst (Oct 17)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3053-1 security () debian org
http://www.debian.org/security/ Thijs Kinkhorst
October 16, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openssl
CVE ID : CVE-2014-3513 CVE-2014-3566...

Cisco Security Advisory: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability Cisco Systems Product Security Incident Response Team (Oct 17)
Cisco Security Advisory: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20120126-ironport

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120126-ironport

Revision 2.0

Last Updated 2014 October 16 13:40 UTC (GMT)

For Public Release 2012 January 26 17:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco...

[SECURITY] [DSA 3052-1] wpa security update Michael Gilbert (Oct 16)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3052-1 security () debian org
http://www.debian.org/security/ Michael Gilbert
October 15, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wpa
CVE ID : CVE-2014-3686
Debian Bug : 765352...

[security bulletin] HPSBMU03126 rev.1 - HP Operations Manager (formerly OpenView Communications Broker), Remote Cross-site Scripting (XSS) security-alert (Oct 16)
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04472444

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04472444
Version: 1

HPSBMU03126 rev.1 - HP Operations Manager (formerly OpenView Communications
Broker), Remote Cross-site Scripting (XSS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....

[security bulletin] HPSBHF03125 rev.1 - HP Next Generation Firewall (NGFW) running Bash Shell, Remote Code Execution security-alert (Oct 16)
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04471538

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04471538
Version: 1

HPSBHF03125 rev.1 - HP Next Generation Firewall (NGFW) running Bash Shell,
Remote Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...

Security Basics — A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.

Advanced Android & iOS Hands-on Exploitation Training at Toorcon San Diego Aditya Gupta (Oct 03)
Hello everyone,

I'm Aditya from Attify. I'm glad to announce that, I'll be running a
2-day class on Android,
iOS and ARM Hands-on Exploitation at Toorcon 2014 in San Diego this
October. The training will focus on a hands-on approach to find vulns
and exploit them on mobile applications as well as the platform as
well.

All the exercises will be performed on a customised Mobile
Exploitation training distro and on a set of...

SecurityXploded 2nd Quarterly Meet Presentations and Video demos Monnappa KA (Sep 29)
Hi All,

The presentations and video demos from our recently concluded Second
‘SecurityXploded Quarterly Meet’ is now online. Thanks to all people
who took time out of their busy schedule and attended the meet.
Special thanks to ThoughtWorks for providing us with the venue.

Link to the presentations
http://securitytrainings.net/securityxploded-2nd-quarterly-meet-27th-sep-2014/

Thanks,
Monnappa...

Upcoming SecurityXploded Meet - 27th September, Bangalore, India Monnappa KA (Sep 24)
Hi All,

Friendly Reminder,

Upcoming SecurityXploded community meet on 27th
September 2014 in Bangalore, India. This meet is completely free and
doesn’t require any registration or any other formalities to attend.
The meet will start at 10 AM IST.

After the meet, we will upload the presentations/videos for our online
users to our website.

Talks:

10:00-10:30 – Introduction – SecurityXploded Team
10:30-11:15 – Dissecting BetaBot –...

Deadline Approaching: InfoSec2014 - Information Security and Cyber Forensics - Malaysia jackie (Sep 11)
The International Conference on Information Security and Cyber Forensics
(InfoSec2014)

Universiti Sultan Zainal Abidin (UniSZA), Kuala Terengganu, Malaysia
October 8-10, 2014 | infosec () sdiwc net
http://sdiwc.net/conferences/2014/infosec2014/

All registered papers will be included in the publisher's Digital
Library.
================================================================

The conference aims to enable researchers build...

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

CFP COMCOM, Elsevier: Special Issue on Security and Privacy in Unified Communications: Challenges and Solutions, Manuscript Due October 31, 2014 Georgios Karopoulos (Oct 07)
[Apologies if you receive multiple copies of this message]

========================================================================

*Call for Papers*

Computer Communications Journal, Elsevier
(Current Impact Factor: 1.352)

Special Issue on:
Security and Privacy in Unified Communications: Challenges and Solutions

Direct Link:...

OWASP Xenotix XSS Exploit Framework v6 Released Ajin Abraham (Sep 15)
Hi All,
Xenotix provides Zero False Positive XSS Detection by
performing the Scan within the browser engines where in real world,
payloads get reflected. Xenotix Scanner Module is incorporated with 3
intelligent fuzzers to reduce the scan time and produce better
results. If you really don't like the tool logic, then leverage the
power of Xenotix API to make the tool work like you wanted it to be.

See What's new!...

t2’14 Challenge to be released 2014-09-13 10:00 EEST Tomi Tuominen (Sep 07)
Running assets is always difficult, however this year has been excruciating for t2 infosec. We lost one of our most
prized and well placed deep cover operatives in a foreign three letter agency. Shortly after the CFP, communications
stopped and we have to assume her new assignment is a permanent placement at a black site somewhere in Eastern Europe.

Luckily for us, the person was able to exfiltrate a key piece of an intelligence analysis...

Arachni v1.0 (WebUI v0.5) has been released (Open Source Web Application Security Scanner Framework) Tasos Laskos (Sep 01)
Hey folks,

There's a new version of Arachni, an Open Source, modular and high-performance
Web Application Security Scanner Framework written in Ruby.

This release makes Arachni the first F/OSS system to have support for a browser
environment, allowing it to handle modern web applications which make use of
technologies such as HTML5/DOM/JavaScript/AJAX.

The new scan engine has been benchmarked (WIVET v3 and WAVSEP v1.5) higher than
even...

IJDSN - Special Issue on Research Advances in Security and Privacy for Smart Cities Georgios Kambourakis (Aug 08)
International Journal of Distributed Sensor Networks (IF 0.923)
Special Issue on Research Advances in Security and Privacy for Smart Cities

*** SUBMISSION DEADLINE EXTENDED TO Sept. 19, 2014 ***

Security for smart cities is considered to embrace both urban security
subsystems and infrastructure security ones. So, while urban security
and privacy are mostly concerned with the prevention of crime and the
facilitation of services provided to...

nullcon CFP is open nullcon (Aug 07)
Dear Security Gurus,

6th year | CFP opens on 6th Aug 2014 | conference on 6th Feb 2015.

Welcome to nullcon 666! Bring out the beast in you.
http://en.wikipedia.org/wiki/666_(number)

we are happy to open the CFP. Time to tickle your gray cells and
submit your research.
Training: 4th-5th Feb 2015
Conference: 6th-7th Feb 2015

CFP 666
=======
Website - http://nullcon.net

Submit under any of the below options
Papers (40 mins - 1 hr)
Events...

6 new vulnerabilities Mark Litchfield123 (Jul 29)
I have released details of six new Bug Bounty vulnerabilities, 5 of
which resulted in total payouts of $33,217.00 Usual write ups with step
by step screen shots detailed.

I have chosen to move the content from securatary.com to now be hosted
on https://www.uzbey.com/bbp-funding the reasons for doing so are
listed on http://www.securatary.com/vulnerabilities

I will follow up over the next couple of days with some more.

All the best

Mark...

Ruxcon 2014 Final Call For Presentations cfp (Jul 15)
Ruxcon 2014 Call For Presentations
Melbourne, Australia, October 11th-12th
CQ Function Centre

http://www.ruxcon.org.au

The Ruxcon team is pleased to announce the Final Call For Presentations for Ruxcon 2014.

This year the conference will take place over the weekend of the 11th and 12th of October at the CQ Function Centre,
Melbourne, Australia.

The deadline for submissions is the 15th of September, 2014.

.[x]. About Ruxcon .[x].

Ruxcon is...

IJDSN SI on Research Advances in Security and Privacy for Smart Cities Georgios Kambourakis (Jul 13)
*Deadline is approaching*

International Journal of Distributed Sensor Networks (Impact factor: 0.727)
*Special Issue on Research Advances in Security and Privacy for Smart
Cities*
Online version of CFP: http://www.hindawi.com/journals/ijdsn/si/239803/cfp/

Security for smart cities is considered to embrace both urban security
subsystems and infrastructure security ones. So, while urban security
and privacy are mostly concerned with the...

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

Things That Have Already Happened - Cyber Pearl Harbor Dave Aitel (Oct 17)
Huawei is in the news again for trying to hack the NSA. I love this. I
wear my Huawei shirt proudly and often. And fellow DD subscriber Bill
Plummer has this beautiful Zen Koan to say:

“While Huawei <http://www.washingtontimes.com/topics/huawei/> is
challenged to respond to The Washington Times’ vague inquiry, the
suggestion that a globally-proven and trusted $40 billion vender of
commercial telecommunications gear would risk its very...

Re: The Blue Pill of Threat Intelligence Matthew Wollenweber (Oct 17)
Foremost, I love your observation that: "[threat intel products] offers
malware analysis, even though the massively expensive undertaking helps
nobody but the threat intelligence company, as it resells that information
to other customers. I find that who system/approach to be unethical and my
best to keep my employer out of those systems. However, threat intel can be
useful to enterprises in a variety of mechanisms. First, it provides...

Re: The Blue Pill of Threat Intelligence Zack Payton (Oct 17)
Happens all the time, we call it shiny object syndrome.
Some sexy new concept emerges claiming to be a silver bullet and the whole
industry shifts. I hear about people wanting to get access to threat intel
w/o even being able to do basic logging/patching/firewall management. In
reality, the majority of the work is setting up your environments to data
collectors with appropriate sources. Most people go down the road of
trying to shoehorn in...

Re: The Blue Pill of Threat Intelligence al bell (Oct 17)
I wonder how many organizations go down the (expensive and time consuming)
road of consuming external threat feeds before they have fully instrumented
their own internal high fidelity threat feeds.

Al

Re: The Blue Pill of Threat Intelligence Zack (Oct 15)
Let me start with the statement that I have mad love for Dave. While I loved the article Dave and mostly agree with
you, I wanted to note a few things. To be completely fair, your article was written by someone selling something that
competes for budget dollars with av products and this email post is written by someone who consumes consumes data feeds
from an array of 'sensors' whether those sensors are vuln reports written by...

The Blue Pill of Threat Intelligence Dave Aitel (Oct 15)
http://www.fierceitsecurity.com/story/threat-intelligence-problem/2014-10-13

In this article I go over "Threat Intelligence". And I'm a little hard
on it because I think it has to make a choice, and soon. In one hand, is
a pill that takes it down the road to AV-like financial success, but
strategic failure. And in the other hand, the current models are only
stepping stones towards offerings that provide true strategic
situational...

INFILTRATE: Speaker Profit Sharing Dave Aitel (Oct 15)
Every year we innovate the INFILTRATE <http://infiltratecon.org/>
conference itself - from mandatory speaker dry runs, to an OpenCFP that
lets the community decide on the speakers, to a Master Class that is
truly for masters.

This year we have more in store: we are going to give the speakers
13.37% of the profits from the Conference. We know that you as speakers
put in a lot of work to help the offensive information security
community,...

Announcing the first selected speaker for SyScan'15 Thomas Lim (Oct 15)
dear readers of DailyDave

I'm very pleased to announce the first selected speaker of SyScan'15.

James Forshaw of Project Zero will be presenting "A Link to the Past:
Abusing Symbolic Links on Windows"

** <https://twitter.com/SyScan>

Re: IMAP C&C channels have some massive advantages for attackers and penetration testers Curt Wilson (Oct 11)
We came across a short-lived SMTP-based C2 and/or exfil point from what
looked like a targeted ransomware campaign not long ago. However in this
case they simply used base64 which of course is the weak link
detection-wise.

Re: OT: Scorpion TV show on CBS -- Tonight -- See real hacking tools in Hollywood Erik Pace Birkholz (Oct 11)
InfoSec Family,

Regardless if Hollywood got their BJJ hooks in and choked the hacking out
of the show; IMHO it's still a fun tv show and worth the space on your DVR.

I'd like to give a shout out; expressing my appreciation for the
significant effort Kristian spent trying to advise and educate television
writers/directors on the non-trivial realities of what we as an industry do
for a living.
He put a lot of work into creating...

IMAP C&C channels have some massive advantages for attackers and penetration testers Dave Aitel (Oct 10)
INNUENDO IMAP CHANNEL DIAGRAM IS HERE IN HTML EMAILS

One thing you know about the future of cyber security is that malware is
being used right now that is far more advanced than what you read about
in various exciting threat reports titled "NAVY PANDA" or "EXCITED BEAR"
or "TINY-MINI-FLAME 2.0.1.2.3 rc4 found!". There's been some almost
embarrassingly good results from people scanning the whole Internet for...

Training registration for SyScan'15 Thomas Lim (Oct 07)
Hi DD

Registration for SyScan'15 training classes has started. There are a
total of 9 classes including Bruce Dang's "Windows Kernel Rootkits
Techniques and Analysis"

Please check out the details at http://www.syscan.org

Shellshocking Infiltrate Dave Aitel (Oct 07)
It's October and that means the feds have their budgets (right? :>) and
that means everyone should be signing up for next year's INFILTRATE
<http://infiltratecon.org/>at the early bird price. You don't HAVE TO
SIGN UP EARLY. But it's financially prudent. And we have additional
classes <http://infiltratecon.org/training.html> this year. And the new
classes are a bit different and we moved the conference a little...

Re: Soap and showers Ron Gula (Sep 29)
Machines that invoke bash from httpd pose a risk. Same thing goes for
machines that have had a core dump of bash in the last few days. You
can get that sort of data from a variety of methods, but in organizations
where the scanner team doesn’t know the SIM/logging team, good luck.

I also find a strong correlation in security teams that were looking for
a single non-credentialed “heartbleed” style check for this vulnerability
and a lack of...

Soap and showers Dave Aitel (Sep 26)
So most of the bash bug solutions I've seen/talked to people about look
at "Vulnerability Management" as just that: essentially an extension to
your patching program. But in this case, nearly every machine is
vulnerable. However, almost NO machines pose a real risk. Everyone has
soap in their shower, and yet so few people slip to their death in the
morning!

This weird dichotomy between things that are vulnerable, and things that...

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

Re: [Security Weekly] cheap hosting Robin Wood (Sep 23)
Resurrecting an old thread but they now have an affiliate program and I can
issue my own codes so:

20% off all servers AqUVYbUXag
50% off all big dog (whatever that is) 7E9YRUzEZy

After a month with them, their tech support is OK but not great, the server
has stayed up and not had any problems.

Robin

Re: [Security Weekly] projecting in a bight space Jeremy Pommerening (Aug 28)
I would look for a projector with at least 6000 ANSI Lumens or better. A darker screen (grey) may also help.

Jeremy Pommerening

________________________________
From: Robin Wood <robin () digi ninja>
To: Security Weekly Mailing List <pauldotcom () mail securityweekly com>
Sent: Sunday, August 3, 2014 3:42 AM
Subject: [Security Weekly] projecting in a bight space

I've been looking at the venue for next year's...

[Security Weekly] Two Firefox security bugs related to HTTPS ffbugishere (Aug 17)
Hello world!

We need votes for security bugs!

Adding "Security Exception" for self-signed HTTPS sites cannot be done
permanently
https://bugzilla.mozilla.org/show_bug.cgi?id=1050100

Firefox 31 doesn't supports the industry recommended best HTTPS
ciphers
https://bugzilla.mozilla.org/show_bug.cgi?id=1051210

Other browsers should have the same bugs fixed..

p.s.: We are not related to this group, but we think they worth a
penny...

Re: [Security Weekly] Java and Flash decompilers Will Metcalf (Aug 05)
JPEXS is very nice for flash IMHO.

http://www.free-decompiler.com/flash/

Regards,

Will

Re: [Security Weekly] Java and Flash decompilers Bradley McMahon (Aug 05)
I've used flare before to pull apart a flash site for a client.
http://www.nowrap.de/flare.html

-Brad

Re: [Security Weekly] SecurityCenter alternative Steven McGrath (Aug 04)
SC certainly isn’t cheap (as a former SC customer that moved over to Tenable I can attest to that) however I can point
out that the data aggregation, trending, and custom reporting were huge wins in my book. I guess its a time/money
trade-off. How much time do you want to spend either cobbling together a tool or manually aggregating the data when
there is another tool already out there that can do it out of the box.

I can speak in more...

Re: [Security Weekly] Java and Flash decompilers S. White (Aug 04)
A few I've used in the past:

JAD - http://varaneckas.com/jad/ , http://en.wikipedia.org/wiki/JAD_(JAva_Decompiler)

HP SWFscan

Adobe SWF investigator http://labs.adobe.com/technologies/swfinvestigator/

________________________________
From: Robin Wood <robin () digi ninja>
To: Security Weekly Mailing List <pauldotcom () mail securityweekly com>
Sent: Monday, August 4, 2014 5:54 AM
Subject: [Security Weekly] Java and...

[Security Weekly] DoFler @ BSidesLV Steven McGrath (Aug 04)
This will be the 3rd year that DoFler (the Dashboard of Fail) will be at BSidesLV. This year I wrote a new spiffy
interface for maximum trolling. Let’s be honest now, everyone loves to surf for various forms of horrible on the
internet at cons :D. Also added this year is a little vulnerability analysis (using Tenable’s PVS). Every year I try
to improve it a bit based on everyone’s input, and am always welcome to more feedback.

DB...

Re: [Security Weekly] cheap hosting Robin Wood (Aug 04)
Already sorted but thanks for the info.

Re: [Security Weekly] Java and Flash decompilers Nathan Sweaney (Aug 04)
Here are a few others I've used with varying success in the past:

SWFInvestigator - http://labs.adobe.com/technologies/swfinvestigator/
SWFScan - from Rafal Los at HP, though the link has been deleted. (Careful,
I've seen trojaned copies online.)

Re: [Security Weekly] SecurityCenter alternative Paul Asadoorian (Aug 04)
Thanks all for the informative discussion!

I know, I'm jumping in late, some closing thoughts on the subject:

- SecurityCenter has the unique advantage of consolidating plugin
updates, meaning you could have hundred of Nessus scanners deployed in
your organization, and the scanners get the plugin feed from your
SecurityCenter system. The removes the requirement of Internet access
(From the scanners), and greatly eases the administration...

Re: [Security Weekly] SecurityCenter alternative k41zen (Aug 04)
Thanks for all of your help.

We are in discussions with our Tenable contact about solutions for this issue. They’ve helped me out by enabling me to
move forward to at least deploy this into a Pre-Production environment but the costs of SC are a massive stumbling
block; hence my question about something else. Appreciate we have a big Nessus fan base here of which I am a member
too, but just wondered what could be wrapped around it.

I’ll...

Re: [Security Weekly] SecurityCenter alternative Adrien de Beaupre (Aug 04)
Hi,

I have also written a series of script to collect data from tools such as
nmap and nessus to import into MySQL called OSSAMS:
http://www.ossams.com/wp-content/uploads/2011/10/ossams-parser-SecTor-2011.zip
That leaves report writing as a series of SQL queries.
I also have a series of scripts to kick off scans, as well as a command
like XML-RPC nessus client in python if anyone is interested.

Cheers,
Adrien

Re: [Security Weekly] cheap hosting sec list (Aug 04)
Hey Robin,

If you're still looking, might want to try out getclouder.com - they
spin up Linux containers in 5 seconds and use distributed storage, which
is pretty awesome. It's still in beta, so they offer 3 months free
service, but it has been pretty stable so far from my experience.

[Security Weekly] Java and Flash decompilers Robin Wood (Aug 04)
Hi
I'm trying to put together a list of tools for decompiling Flash and Java
apps. From asking on another list I already have:

Java
JD-GUI
Java Decompiler http://jd.benow.ca/jd-gui/downloads/jd-gui-0.3.6.windows.zip.

Java snoop https://code.google.com/p/javasnoop/

Flash
Trillix
Flashbang https://github.com/cure53/Flashbang

Has anyone here got any others they can suggest?

Ideally I'm looking for free stuff but cheap commercial...

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

Microsoft Security Advisory Notification Microsoft (Oct 18)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: October 17, 2014
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (2949927)
- Title: Vulnerability in SSL 3.0 Could Allow Information
Disclosure
-...

Microsoft Security Advisory Notification Microsoft (Oct 16)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: October 15, 2014
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (3009008)
- Title: Vulnerability in SSL 3.0 Could Allow Information
Disclosure
-...

Microsoft Security Advisory Notification Microsoft (Oct 14)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: October 14, 2014
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (3009008)
- Title: Vulnerability in SSL 3.0 Could Allow Information
Disclosure
-...

Microsoft Security Advisory Notification Microsoft (Oct 14)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: October 14, 2014
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (2755801)
- Title: Update for Vulnerabilities in Adobe Flash Player in
Internet Explorer
-...

Microsoft Security Bulletin Re-Releases Microsoft (Oct 14)
********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: October 14, 2014
********************************************************************

Summary
=======
The following bulletin has undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS14-042 - Moderate

Bulletin Information:
=====================

MS14-042 - Moderate

-...

Microsoft Security Bulletin Summary for October 2014 Microsoft (Oct 14)
********************************************************************
Microsoft Security Bulletin Summary for October 2014
Issued: October 14, 2014
********************************************************************

This bulletin summary lists security bulletins released for
October 2014.

The full version of the Microsoft Security Bulletin Summary for
October 2014 can be found at
<https://technet.microsoft.com/library/security/ms14-oct...

Microsoft Security Bulletin Advance Notification for October 2014 Microsoft (Oct 09)
********************************************************************
Microsoft Security Bulletin Advance Notification for October 2014
Issued: October 9, 2014
********************************************************************

This is an advance notification of security bulletins that Microsoft
is intending to release on October 14, 2014.

The full version of the Microsoft Security Bulletin Advance
Notification for October 2014 can be found at...

Microsoft Security Bulletin Minor Revisions Microsoft (Oct 09)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: October 8, 2014
********************************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS14-051 - Critical
* MS14-AUG

Bulletin Information:
=====================

MS14-051 -...

Microsoft Security Bulletin Minor Revisions Microsoft (Oct 02)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: October 2, 2014
********************************************************************

Summary
=======
The following bulletin has undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS14-030 - Important

Bulletin Information:
=====================

MS14-030 - Important

-...

Microsoft Security Bulletin Minor Revisions Microsoft (Sep 25)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: September 24, 2014
********************************************************************

Summary
=======
The following document has undergone a minor revision increment.
Please see the bulletin for more details.

* MS14-049 - Important

Bulletin Information:
=====================

MS14-009 - Important

-...

Microsoft Security Bulletin Minor Revisions Microsoft (Sep 25)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: September 24, 2014
********************************************************************

Summary
=======
The following document has undergone a minor revision increment.
Please see the bulletin for more details.

* MS14-049 - Important

Bulletin Information:
=====================

MS14-009 - Important

-...

Microsoft Security Bulletin Minor Revisions Microsoft (Sep 24)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: September 24, 2014
********************************************************************

Summary
=======
The following documents have undergone a minor revision increment.
Please see the appropriate bulletin or summary for more details.

* MS14-009 - Important
* MS14-feb

Bulletin Information:
=====================...

Microsoft Security Bulletin Re-Releases Microsoft (Sep 23)
********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: September 23, 2014
********************************************************************

Summary
=======
The following bulletin has undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS14-055 - Important

Bulletin Information:
=====================

MS14-055 - Important

-...

Microsoft Security Advisory Notification Microsoft (Sep 23)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 23, 2014
********************************************************************

Security Advisories Updated or Released Today
==============================================
* Microsoft Security Advisory (2755801)
- Title: Update for Vulnerabilities in Adobe Flash Player in
Internet Explorer
-...

Microsoft Security Bulletin Minor Revisions Microsoft (Sep 19)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: September 19, 2014
********************************************************************

Summary
=======
The following bulletin has undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS14-046 - Important

Bulletin Information:
=====================

MS14-046 - Important...

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

Top secret US space craft returns after two years Rob, grandpa of Ryan, Trevor, Devon & Hannah (Oct 18)
http://www.telegraph.co.uk/science/space/11171389/Top-secret-US-space-drone-
returns-to-Earth-after-two-year-orbit.html

At least, that's what they'd *like* us to think ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
For any number X which is less than 2^N (for any N), a maximum of
(N + log(N) + log (log(N)))/8 bytes is necessary to...

CarolinaCon-11 call for papers/presenters Vic Vandal (Oct 07)
h4x0rs, stuff breakers, InfoSec pros, g33k girls, international spies, and script kidz,

CarolinaCon-11, also referred to as "The Last CarolinaCon As We Know It", will occur on March 20th-22nd 2015 in Raleigh
NC (USA). We are now officially accepting speaker/paper/demo submissions for the event.

If you are somewhat knowledgeable in any interesting field of hacking, technology, robotics, science, global
thermonuclear war, etc. (but...

The "integrity" side of the triad ... Rob, grandpa of Ryan, Trevor, Devon & Hannah (Oct 04)
Interesting variant on Snopes:

http://www.vancouversun.com/news/Fact+fiction+Website+wants+record+straight/1
0260059/story.html

====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
How good bad music and bad reasons sound when we march against an
enemy. - Friedrich Nietzsche
victoria.tc.ca/techrev/rms.htm...

We the people want our money safer than our selfies... Jeffrey Walton (Sep 18)
"PayPal mocks Apple's cloud security in S.F. newspaper ad",
http://www.bizjournals.com/sanfrancisco/blog/2014/09/paypal-attacks-apple-over-cloud-security-in-s-f.html

PayPal has fired a high-profile salvo at Apple in the high-tech
companies' battle over mobile payments.

In a newspaper advertisement Monday, PayPal used a little humor to
attack Apple over the well-publicized security breach in its cloud
system, according to a...

Phony cell towers are the next big security risk Jeffrey Walton (Sep 18)
http://www.theverge.com/2014/9/18/6394391/phony-cell-towers-are-the-next-big-security-risk

Last month, a Mr. Li in Shenyang, China, received a text from his
bank's customer service number, notifying him that his credit card had
accumulated reward points and telling him how to cash them in. When he
followed the link and logged in, the site went dead. An hour later, he
noticed more than $650 missing from his account. Only then did he
realize...

Painter demands Google remove search results Rob, grandpa of Ryan, Trevor, Devon & Hannah (Sep 13)
OK, this is something of a new twist on the "right to be forgotten" ...

Painter demands Google remove search results for *positive* news story

http://www.poynter.org/latest-news/mediawire/269167/google-forced-by-european-
law-to-remove-positive-article/

====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
All truth is one. In this light,...

Re: Kafka would have been proud ... Daniel Preussker (Sep 12)
+1

Ask foreigners what the most hated country is, I'm sure most of them will answer with "USA".

Their attitude of self called "World Police" is going on everybody's nuts - no wonder there is so much anti-american
propaganda out there.

The recent radicalization of the moderates regarding military actions against the IS in Syria and Iran just because
some bloke got beheaded shows it again.

Unpolitical people that...

Re: Kafka would have been proud ... Mark Seiden (Sep 11)
this speaks well of her, in my book, as a human.

there’s a story terry winograd tells about when he was a grad student at MIT AI Lab, interested in natural language.
marvin minsky wanted his students to work on natural language to demonstrate that the AI approaches were as good as
parsing as those of the MIT Linguists.

When he ran into grad students of Noam Chomsky’s at parties, and said he was working at the AI Lab they would turn the...

Re: Kafka would have been proud ... Jeffrey Walton (Sep 11)
Well, its not clear to me she knew the affiliated organization (M19CO)
was a terrorist group. Its the first I've heard of them, but I was
pre-teen in the 1970s.

Lets call a pot and a kettle both black... Ronald Reagan was a
terrorist (and illegal arms dealer to boot!). George Bush was a
terrorist. Barack Obama is a terrorist... Just look at all the
violence these folks use to terrorize innocent victims in other
countries...

Article]] ......

Re: Kafka would have been proud ... Bill Terwilliger (Sep 11)
Based on this paragraph, it seems that she is not worthy of passing her background check:

“””
Barr maintains that she had been truthful throughout both interviews, and that “there was no material fact about these
organizations for me to omit.” Barr says she was casually acquainted with two of the convicted murderers, Judith Clark
and Kuwasi Balagoon (née Donald Weems) but had no prior knowledge of their criminal activities. Clark...

Kafka would have been proud ... Rob, grandpa of Ryan, Trevor, Devon & Hannah (Sep 11)
http://news.sciencemag.org/people-events/2014/09/researcher-loses-job-nsf-after-
government-questions-her-role-1980s-activist

====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
He who asks is a fool for five minutes. He who does not ask
remains a fool forever.
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links...

Re: Fake Cell Phone Towers Discovered Grabbing Signals Valdis . Kletnieks (Sep 09)
On Tue, 09 Sep 2014 09:23:53 +0200, PsychoBilly said:

You'd be amazed what you can use to detect that somebody is trying
something nefarious. Some co-workers of mine wrote code that was not
only able to tell when a mobile device was being hit with an nmap scan
or other attack, but identify what sort of nmap scan or attack it was...

... based on the drain pattern on the device battery....

Re: Fake Cell Phone Towers Discovered Grabbing Signals PsychoBilly (Sep 09)
"The fake towers force phones to slow down to 2G from 4G, so a sudden decrease in download speed may be a clue that a
phone is being tapped."

That's f#ing hilarious statement...

[[ Jeffrey Walton ]] @ [[ 05/09/2014 20:22 ]]--------------------------------------------------

Re: Fake Cell Phone Towers Discovered Grabbing Signals David Harley (Sep 06)
It's unlikely that these are static towers: more likely to be Stingray or
similar mobile technology.

D.

-----Original Message-----
From: funsec [mailto:funsec-bounces () linuxbox org] On Behalf Of Bruce Ediger
Sent: 07 September 2014 00:06
To: FunSec List
Subject: Re: [funsec] Fake Cell Phone Towers Discovered Grabbing Signals

Has anyone been able to track down the real locations of these fake cell
towers? I couldn't get find a...

Re: Fake Cell Phone Towers Discovered Grabbing Signals Bruce Ediger (Sep 06)
Has anyone been able to track down the real locations of these fake cell
towers? I couldn't get find a source any more detailed than the Popular Science
article.

That Popular Science article just has Google Maps "teardrops" in various large
cities. There's a teardrop in Denver, where I live. If I had the actual
location (street address or latitude/longitude) I'd go look at it, take
pictures, read signage, see if my...

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

Alert - Upcoming Mail Delivery Changes US-CERT Alerts (May 10)
National Cyber Awareness System
US-CERT Alert - Upcoming Mail Delivery Changes

Thank you for being a subscriber to our US-CERT Alerts product. We
are striving to keep our capabilities at the leading edge of
communication. You may have noticed we've redesigned and upgraded our
website recently and as a part of that process, on May 14th, we are
migrating to GovDelivery as our email subscription service. As a
current subscriber you will...

Current Activity - Upcoming Mail Delivery Changes Current Activity (May 10)
National Cyber Awareness System

Thank you for being a subscriber to our US-CERT Current Activity
product. We are striving to keep our capabilities at the leading edge
of communication. You may have noticed we've redesigned and upgraded
our website recently and as a part of that process, on May 14th, we
are migrating to GovDelivery as our email subscription service. As a
current subscriber you will need to do nothing. You will notice a...

Current Activity - Microsoft Releases Advance Notification for May 2013 Security Bulletin Current Activity (May 09)
National Cyber Awareness System
Microsoft Releases Advance Notification for May 2013 Security Bulletin

Original release date: May 09, 2013

Microsoft has issued a Security Bulletin Advanced Notification
indicating that its May release will contain 10 bulletins. These
bulletins will have the severity rating of critical and important and
will be for Microsoft Windows, Office, Internet Explorer, .NET
Framework, Lync, and Windows Essentials. These...

Current Activity - Adobe Releases Security Advisory for ColdFusion Current Activity (May 09)
National Cyber Awareness System
Adobe Releases Security Advisory for ColdFusion

Original release date: May 09, 2013

Adobe has identified a critical vulnerability affecting ColdFusion 10,
9.0.2, 9.0.1, 9.0, and earlier versions for Windows, Macintosh, and
UNIX. This vulnerability (CVE-2013-3336) could permit an unauthorized
user to remotely retrieve files stored on a server. There are reports
that an exploit of this vulnerability is publicly...

Current Activity - Microsoft Releases Security Advisory for Internet Explorer Current Activity (May 07)
National Cyber Awareness System
Microsoft Releases Security Advisory for Internet Explorer

Original release date: May 07, 2013

Microsoft is investigating public reports of a remote code execution
vulnerability in Internet Explorer 8 and is aware of attacks that
attempt to exploit this vulnerability. This vulnerability may allow an
attacker to execute arbitrary code if a user accesses a specially
crafted website. Microsoft is actively working...

Current Activity - Cisco Releases Security Advisories Current Activity (Apr 25)
National Cyber Awareness System
Cisco Releases Security Advisories

Original release date: April 25, 2013

Cisco has released three security advisories to address vulnerabilities
affecting Cisco NX-OS-based products, Cisco Device Manager, and Cisco
Unified Computing System. These vulnerabilities may allow an attacker to
bypass authentication controls, execute arbitrary code, obtain sensitive
information, or cause a denial-of-service condition....

Current Activity - Apple Releases Security Updates for Safari Current Activity (Apr 18)
National Cyber Awareness System
Apple Releases Security Updates for Safari

Original release date: April 18, 2013

Apple has released security updates for Safari 6.0.4 WebKit to address
multiple vulnerabilities. These vulnerabilities could allow a remote
attacker to execute arbitrary code or cause a denial-of-service
condition.

Safari 6.0.4 WebKit updates are available for the following versions:
* OS X Lion v10.7.5
* OS X Lion Server v10.7.5...

Alert TA13-107A: Oracle has released multiple updates for Java SE US-CERT Alerts (Apr 18)
National Cyber Awareness System
TA13-107A: Oracle has released multiple updates for Java SE

Original release date: April 17, 2013

Systems Affected

* JDK and JRE 7 Update 17 and earlier
* JDK and JRE 6 Update 43 and earlier
* JDK and JRE 5.0 Update 41 and earlier
* JavaFX 2.2.7 and earlier

Overview

Oracle has released a Critical Patch Update (CPU) for Java SE. Oracle
strongly recommends that customers apply CPU fixes as soon as possible....

Current Activity - Scams Exploiting Boston Marathon Explosion Current Activity (Apr 17)
National Cyber Awareness System
Scams Exploiting Boston Marathon Explosion

Original release date: April 17, 2013

Malicious actors are exploiting the April 15 explosions at the Boston
Marathon in attempts to collect money intended for charities and to
spread malicious code. Fake websites and social networking accounts have
been set up to take advantage of those interested in learning more
details about the explosions or looking to contribute to...

Current Activity - Malicious Actors May Take Advantage of Boston Marathon Explosion Current Activity (Apr 17)
National Cyber Awareness System
Malicious Actors May Take Advantage of Boston Marathon Explosion

Original release date: April 17, 2013

Historically, scammers, spammers, and other malicious actors capitalize
on major news events by registering domain names related to the events.
Malicious actors may attempt to exploit the April 15, 2013 explosions at
the Boston Marathon in this way. Some may use fake domains to take
advantage of those interested...

Current Activity - Oracle Releases April 2013 Security Advisory Current Activity (Apr 17)
National Cyber Awareness System
Oracle Releases April 2013 Security Advisory

Original release date: April 17, 2013

Oracle has released its Critical Patch Update for April 2013 to address
128 vulnerabilities across multiple products. This update contains the
following security fixes:
* 4 for Oracle Database Server
* 29 for Oracle Fusion Middleware
* 6 for Oracle E-Business Suite
* 3 for Oracle Supply Chain Products Suite
* 11 for Oracle...

Current Activity - WordPress Sites Targeted by Mass Brute-force Botnet Attack Current Activity (Apr 15)
National Cyber Awareness System
WordPress Sites Targeted by Mass Brute-force Botnet Attack

Original release date: April 15, 2013

US-CERT is aware of an ongoing campaign targeting the content management
software WordPress, a free and open source blogging tool and web
publishing platform based on PHP and MySQL. All hosting providers
offering WordPress for web content management are potentially targets.
Hackers reportedly are utilizing over 90,000...

Current Activity - Microsoft Releases April 2013 Security Bulletin Current Activity (Apr 09)
National Cyber Awareness System
Microsoft Releases April 2013 Security Bulletin

Original release date: April 04, 2013 | Last revised: April 09, 2013

Microsoft has released updates to address vulnerabilities in Microsoft
Windows, Office, Internet Explorer, Server Software, and Security
Software as part of the Microsoft Security Bulletin summary for April
2013. These vulnerabilities could allow remote code execution, elevation
of privilege,...

Current Activity - Microsoft Releases Advance Notification for April 2013 Security Bulletin Current Activity (Apr 04)
National Cyber Awareness System
Microsoft Releases Advance Notification for April 2013 Security Bulletin

Original release date: April 04, 2013

Microsoft has issued a Security Bulletin Advance Notification indicating
that its April release will contain nine bulletins. These bulletins will
have the severity rating of critical and important and will be for
Microsoft Windows, Office, Internet Explorer, Server Software, and
Security Software. These...

Current Activity - Mozilla Releases Multiple Updates Current Activity (Apr 03)
National Cyber Awareness System
Mozilla Releases Multiple Updates

Original release date: April 03, 2013

The Mozilla Foundation has released updates to address multiple
vulnerabilities. These vulnerabilities could allow an attacker to
initiate a cross-site scripting attack or obtain sensitive information,
enable privilege escalation or execute arbitrary code, or cause a
denial-of-service condition.

Updates to the following products are...

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

Re: [FD] [oss-security] CVE request: remote code execution in Android CTS Mario Vilas (Oct 20)
Seems to me like it was. Also, wouldn't a user who can edit those files
also be able to, for example, patch the executable files as well? I haven't
actually checked the file permissions but it seems like a reasonable
assumption.

CVE request for vulnerability in OpenStack Nova Tristan Cacqueray (Oct 20)
A vulnerability was discovered in OpenStack (see below). In order to
ensure full traceability, we need a CVE number assigned that we can
attach to further notifications. This issue is already public, although
an advisory was not sent yet.

Title: Nova VMware instance in resize state may leak
Reporter: Zhu Zhu (IBM)
Products: Nova
Versions: up to 2014.1.3

Description:
Zhu Zhu from IBM reported a vulnerability in Nova VMware driver. If an...

RE: attacking hsts through ntp Bendler, Ehren (Oct 20)
The symmetric schemes do work, but due to data structure sizing only MD5 and SHA-1 hashed PSKs are supported:
http://bugs.ntp.org/show_bug.cgi?id=2039

They imply in the comments that it will take a new version of the NTP RFCs to get support for stronger hashing schemes.

-----Original Message-----
From: Stephen Röttger [mailto:stephen.roettger () gmail com]
Sent: Monday, October 20, 2014 5:17 AM
To: oss-security () lists openwall com
Subject:...

Re: attacking hsts through ntp Stephen Röttger (Oct 20)
The protocol from RFC 5906 is completely broken:
http://www.eecis.udel.edu/~mills/security.html
http://zero-entropy.de/autokey_analysis.pdf

The symmetric schemes are probably fine but hard to set up. But it looks
like the NIST provides authenticated NTP:
http://www.nist.gov/pml/div688/grp40/auth-ntp.cfm

CVEs request: Incorrect temporary file handling && silent code execution in Tomb, a commandline tool to easily operate encryption of secret data Michael Scherer (Oct 20)
Hi,

While looking around, I stumbled accross this :

https://github.com/dyne/Tomb/blob/master/tomb#L153
https://github.com/dyne/Tomb/blob/master/tomb#L59

so the tool is using a predictible filename in /tmp ( albeit not easy to predict ),
and it is used without verification if the file exist already.

So a attacker could pre-create the file with proper r/w acl for his own user,
and then wait until the script use the file. Since the code is run...

Re: [FD] [oss-security] CVE request: remote code execution in Android CTS Grond (Oct 20)
Before trying to sweep this thing under the carpet, you might want to
ask yourself two simple questions:
Is this kind of file ever *intended* to be used as an executable script?
If the answer is "no"; then you should apply fixes.
And:
Which is more expensive? Spending a couple of hours to fix this now,
or having someone chain this together with another (unforeseeable)
bug enabling easy exploitation a few years down the road, allowing...

Re: CVE request: remote code execution in Android CTS Lord Tuskington (Oct 19)
I disagree with Nick Kralevich's response. An attacker who has the ability
to locally modify an XSL file should not be able to leverage this to
achieve code execution. This crosses a trust boundary.

As for why I didn't report this to security () android com, when Google starts
paying corporate tax instead of dodging it, I will report issues privately.

Lord Tuskington
Chief Financial Taxdodger
Google

On Sun, Oct 19, 2014 at 7:28 PM,...

Re: Fwd: Non-upstream patches for bash Chet Ramey (Oct 19)
That's not actually an exploit, or even a bug.

This is exactly the opposite of what is happening. The test in the link
(message 226439) shows that bash and ksh are properly reading valid
multibyte characters in the input and not treating backslashes that are the
second byte of a multibyte character as escape characters. The other
shells, presumably not multibyte-character-aware at all, incorrectly allow
that backslash to escape the...

Re: CVE request: Cyanogenmod MITM Mike O'Connor (Oct 19)
If an opensource project explicitly designates a "stable" release
train, is the reasonable expectation that the stable release gets
minimally-invasive pertinent backported security fixes from its
development tree? I think most of the users would say yes and
most of the developers would rather work on the latest code. :)

In the Cyanogenmod case, as of today, 10.2 is labelled as "stable".
Judging from the updates I've...

Re: CVE request: remote code execution in Android CTS Nick Kralevich (Oct 19)
Nick from the Android Security team here.

In the future, please feel free to send these kinds of reports to
security () android com Please see
http://developer.android.com/guide/faq/security.html#issue for contact
information.

Android's Compatibility Test Suite (CTS) is an executable software
package intended to be downloaded and run from your computer. Please
see https://source.android.com/compatibility/cts-intro.html for more...

CVE request: Cyanogenmod MITM Lord Tuskington (Oct 19)
After reading el reg's article regarding a cyanogenmod MITM flaw, I started
looking through the code to see if I could find it. It didn't take long.
This finding was not what users are led to believe by cyanogenmod's blog
post. I reported the issue to cyanogenmod, but got a rather unsatisfactory
reply. They didn't seem willing to modify the blog post to more accurately
reflect the problem. Below is my email exchange with...

CVE request: remote code execution in Android CTS Lord Tuskington (Oct 19)
CTS parses api-coverage.xsl without providing the FEATURE_SECURE_PROCESSING
option. See lines 60-67 of
cts/tools/cts-api-coverage/src/com/android/cts/apicoverage/HtmlReport.java:

InputStream xsl =
CtsApiCoverage.class.getResourceAsStream("/api-coverage.xsl");
StreamSource xslSource = new StreamSource(xsl);
TransformerFactory factory = TransformerFactory.newInstance();
Transformer transformer = factory.newTransformer(xslSource);...

Re: Re: CVE request: TYPO3-EXT-SA-2014-014 and TYPO3-EXT-SA-2014-015 Marcus Krause (Oct 18)
Dears,

some information for clarification:

----- Original Message -----

TYPO3 CMS Core already provides such update check. This is either triggered
manually or automatically on regular bases (cron like).

This works by retrieving a complete dataset of available third-party plugins
and their versions from typo3.org infrastructure. Then a TYPO3 CMS installation
on its own determines whether an update is available. So the only information
is the...

Re: CVE request: TYPO3-EXT-SA-2014-014 and TYPO3-EXT-SA-2014-015 cve-assign (Oct 18)
Use CVE-2014-8327.

Use CVE-2014-8328.

This is within the scope of CVE because TYPO3 has published a Security
Bulletin indicating that it's a vulnerability from their perspective.
The Credits section says "Credits go to Georg Ringer who discovered
and reported the issue and Armin Vieweg who quickly responded &
resolved this issue," where Armin Vieweg is apparently the author of
the extension:...

Re: attacking hsts through ntp Yves-Alexis Perez (Oct 18)
What about RFC 5906 and the current authentication schemes
(http://www.eecis.udel.edu/~mills/ntp/html/authentic.html) ?

I'm unsure they really used (usable) in a non-controlled environment but
at least there's already something in place.

Regards,

Secure Coding — The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.

Silver Bullet 102: Richard Danzig Gary McGraw (Sep 21)
hi sc-l,

The 102nd monthly episode of the Silver Bullet podcast features a conversation with Richard Danzig. Richard is a very
accomplished leader who served as Secretary of the Navy (among other powerful positions). He is currenty a member of
the Board of the Center for a New American Security. Richard is attempting in his recent work to bridge the gap
between technologists and Washington policy makers when it comes to cybersecurity....

IEEE Center for Secure Design [searchsecurity and silver bullet] Gary McGraw (Aug 27)
hi sc-l,

This evening in SF we are officially launching the IEEE Center for Seure Design with a small event including security
people and press. Jim DelGrosso and I will make a short presentation about the CSD during the launch.

I devoted both of my monthly pieces (Silver Bullet and SearchSecurity) to the CSD this month.

Please check out this article and pass it on:
http://bit.ly/CSD-SS <...

Silver Bullet Episode 100 (!!): Cigital's Principals Gary McGraw (Jul 23)
hi sc-l,

Thanks for listening to the Silver Bullet Security Podcast for the eight 1/3 years it has been produced. Each episode
has been downloaded over 10,787 times on average with over 1,067,948 downloads for the podcast as a whole. That's lots
of listening!

To celebrate our 100 months in a row landmark, we shot a live video version of Silver Bullet at the Cigital Tech Fair
this month. The episode features Cigital’s Principals,...

Ruxcon 2014 Final Call For Presentations cfp (Jul 15)
Ruxcon 2014 Call For Presentations
Melbourne, Australia, October 11th-12th
CQ Function Centre

http://www.ruxcon.org.au

The Ruxcon team is pleased to announce the Final Call For Presentations for Ruxcon 2014.

This year the conference will take place over the weekend of the 11th and 12th of October at the CQ Function Centre,
Melbourne, Australia.

The deadline for submissions is the 15th of September, 2014.

.[x]. About Ruxcon .[x].

Ruxcon is...

Re: [External] Re: SearchSecurity: Medical Devices and Software Security Gary McGraw (Jul 08)
hi sc-l,

FWIW, I wrote about mdeical device security first in 1998 in the book
³Software Fault Injection.² Our little article was merely meant as a
reminder and to let you all know that some medical device manufacturers
are actually doing analysis.

gem

Re: [External] Re: SearchSecurity: Medical Devices and Software Security Goertzel, Karen [USA] (Jul 07)
Another big frustration: No-one seems to be making any real headway into the problem of actually measuring loss
attributable to doing nothing - or, in other words, losses cradle to grave from operating insufficiently secure
systems. People try to measure "ROI" from security, which is a ridiculous concept because it involves trying to measure
a negative - i.e., this is how many times we DIDN'T lose $n - can't be done - or...

Re: [External] Re: SearchSecurity: Medical Devices and Software Security Jeffrey Walton (Jul 07)
https://en.wikipedia.org/wiki/Therac-25 FTW!

+1. Dr. Geer has already warned about it at
http://www.lawfareblog.com/2014/04/heartbleed-as-metaphor/. Can you
imagine the IoT, with medical devices and avionics packages, running
around with little to no testing and little more that the browser
security model. Clear the cache to erase the evidence!!!

This is a political problem rooted in software liability laws (or lack
thereof). Too many carrots,...

Re: SearchSecurity: Medical Devices and Software Security Jeremy Epstein (Jul 07)
Agree with you - there's nothing new in the article. I gave a talk a
couple years ago at a conference on biomedical engineering, and there was
one person in the room (out of a few hundred) who had heard of Therac-25.
(Which I assume is what you were referring to with 1985.)

If the article were instead published in a medical device or biomedical
engineering journal, that would be something different. But as you say,
putting it in on...

Re: [External] Re: SearchSecurity: Medical Devices and Software Security Goertzel, Karen [USA] (Jul 07)
Ever since I read an article about the challenges of remote laser surgery being done by doctors at the Naval Hospital
in Bethesda, MD, via satellite link on wounded soldiers in Iraq, I've been warning for years about the need to apply
software assurance principles to the development and testing - and SCRM to the acquisition - of medical devices and
their embedded software. I'm delighted to see someone with your influence start...

Re: SearchSecurity: Medical Devices and Software Security security curmudgeon (Jul 07)
: Chandu Ketkar and I wrote an article about medical device security based
: on a talk Chandu gave at Kevin Fu?s Archimedes conference in Ann Arbor.
: In the article, we discuss six categories of security defects that
: Cigital discovers again and again when analyzing medical devices for our
: customers. Have a look and pass it on:
:
: http://bit.ly/1pPH56p
:
: As always, your feedback is welcome.

Per your request, my feedback:

Why do...

Silver Bullet 99: Michael Hicks Gary McGraw (Jul 03)
hi sc-l,

Silver Bullet Security Podcast number 99 (99 months in a row!!) was just posted. This episode features a programming
languages smorgasbord with Michael Hicks, professor of CS and security at University of Maryland. We talk type safety,
closure, why C is bad, what makes dynamic languages like Javascript problematic, and so on. If you like programming
languages talk, you’ll dig this episode.

Have a listen:...

SearchSecurity: Medical Devices and Software Security Gary McGraw (Jul 03)
hi sc-l,

Chandu Ketkar and I wrote an article about medical device security based on a talk Chandu gave at Kevin Fu’s Archimedes
conference in Ann Arbor. In the article, we discuss six categories of security defects that Cigital discovers again
and again when analyzing medical devices for our customers. Have a look and pass it on:

http://bit.ly/1pPH56p

As always, your feedback is welcome.

gem

company www.cigital.com
podcast...

Educause Security Discussion — Securing networks and computers in an academic environment.

Re: Who manages your antivirus. Williams, Matthew (wilmh) (Oct 18)
At UC, Information Security administers the McAfee ePO Application, but unit level administrators are responsible for
desktop management of the systems within their container. We use ePO to manage antivirus, full-disk encryption and we
plan to roll out other products such as HIDS and DLP in the near future.

* The Server Administration team supports the OS and Application level updates. They also support the repository in
the DMZ.
*...

Re: Who manages your antivirus. King, Ronald A. (Oct 17)
The Security Team manage the management server and are able to push/manage
the clients from it. In the event we are not able to resolve the issue
remotely, we put a ticket into our support system for desktop support.

There are times I think it is better managed at the desktop support level,
and times it is better in our hands, but, I have to agree with another
response that AV is not as important as it used to be.

Got a Phish (email)? Forward...

Re: Who manages your antivirus. Knights, John (Oct 16)
Security “owns” endpoint protection from a budgetary standpoint, but the operational duties fall between infrastructure
(servers and AD) and the desktop support teams (images and distribution). Security provides policy recommendations and
requirements based on risk and compliance.

-John

From: Jeff Borton <jborton () SCHOOLCRAFT EDU<mailto:jborton () SCHOOLCRAFT EDU>>
Reply-To: The EDUCAUSE Security Constituent Group Listserv...

Re: POODLE: SSLv3.0 vulnerability (CVE-2014-3566) Keller, Alex (Oct 16)
Nmap will work for building a quick list of SSLv3 enabled hosts. This syntax only checks 443, but you can add other
ports as needed. Substitute your CIDR range for 10.10.10.0/22:

nmap -sT -Pn -p 443 10.10.10.0/22 --script ssl-enum-ciphers.nse | grep "SLv3:.$" -B 5 -A 15 > SSLv3_hosts.txt

For those just catching up with their POODLES; relevant synopsis from the research paper "This POODLE Bites: Exploiting
The SSL 3.0...

Re: Who manages your antivirus. Mike Cunningham (Oct 16)
At Penn College it is a joint task of server group and desktop group. The server group manages the server, gets new
signature files (which is automated), and monitors the logs for issues that get reported back from clients and issues
tickets to the desktop group when sometime is discovered. Desktop installs and configures the clients, and does the
cleanup work when someone gets infected. Our server group also includes our data security person....

Re: Who manages your antivirus. Renee Peters (Oct 16)
This role has changed hands over the past several years due to strategic realignments in our technology area. The
Server team used to manage the enterprise console, with Technical team supporting the clients (Security team was
non-existant). Now, the Technical team has more involvement in the management console, with the Server team supporting
the OS. Since our Security department is a new focus and was just created 6 months ago, our approach...

Re: Who manages your antivirus. David Seidl (Oct 16)
We originally ran AV as part of our security team's efforts. In general, we
found that we were distanced from the day-to-day desktop support for the
University, and that caused issues in our support model. Driving regular
maintenance and monitoring from information security, rather than a desktop
management partnership inserted a gap

We have since switched to managing AV in our platform services team -
they're responsible for third...

Who manages your antivirus. Jeff Borton (Oct 16)
I am trying to find a good balance of what the security team should be focusing on so my question to this group is:

For those of you who you who use enterprise antivirus management, is this managed by your Info security team, or other
teams such as server or technical support at your organizations?

Jeff Borton
Executive Director of Information Security & Networking
jborton () schoolcraft edu<mailto:jborton () schoolcraft edu>...

Re: POODLE: SSLv3.0 vulnerability (CVE-2014-3566) Alan Amesbury (Oct 16)
While probably useless to those studying veterinary medicine, there's a poodle prober publicly available:

https://github.com/jeffmurphy/poodle-prober/blob/master/sslv3check.py

Re: ISO27002 vs ISO27006 Leon DuPree (Oct 15)
Question does anyone use Qradar Dashboards Reporting for Complaince to
HIPAA & Sox?
It looks like those together would provide me with a Baseline to satify CMS
and IRS Compliance for capturing log events

Leon DuPree

Fwd: POODLE: SSLv3.0 vulnerability (CVE-2014-3566) Paul Howell (Oct 15)
Hi,

Given the large deployment of perfSONAR in our environments, I wanted to share the following.

Regards.
Paul Howell
Chief Cyberinfrastructure Security Officer
Internet2

Begin forwarded message:

From: Jason Zurawski <zurawski () es net<mailto:zurawski () es net>>
Subject: POODLE: SSLv3.0 vulnerability (CVE-2014-3566)
Date: October 15, 2014 at 11:01:17 AM EDT
To: perfsonar-user <perfsonar-user () internet2 edu<...

Re: Sharing Files Securely with External Parties Knights, John (Oct 15)
Thanks for all the replies. We’ll investigate the different options.

Thanks,
John

From: "Kevin P. Sale" <Kevin.Sale () KAUST EDU SA<mailto:Kevin.Sale () KAUST EDU SA>>
Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY ()
LISTSERV EDUCAUSE EDU>>
Date: Tuesday, October 14, 2014 at 9:51 AM
To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY...

NCSAM 2014: Mid-Month Update Valerie Vogel (Oct 14)
Greetings,

National Cyber Security Awareness Month (NCSAM) is in full swing! Here are the latest resources, including two upcoming
webinars.

Webinars

* Today (10/14) at 1 pm ET: Free EDUCAUSE Live! webinar, CIO Insights on
Cybersecurity<http://www.educause.edu/events/educause-live-cio-insights-cybersecurity>. Please join us for a discussion
about the big InfoSec questions keeping 3 CIOs – and you – up at night. We want to hear...

Re: Sharing Files Securely with External Parties Kevin P. Sale (Oct 14)
Hi John,

We went with a start-up out of Atlanta called SafelyLocked (http://www.safelylocked.com/) for a secure, zero knowledge
sending & collaboration solution. The sending function (SafelySendIt) allows sending to external parties without the
need for them to register, and the collaboration part (SafelyShareIt) is great for internal and external collaboration
for sensitive information.

Kind regards,
Kevin.

From: The EDUCAUSE Security...

Risk Based Authentication Pardonek, Jim (Oct 13)
Greetings,

I'm looking to see if anyone has deployed RSA's risk based 2 factor authentication product and if you have would you
share your experiences? We are looking at using this product for our VPN and possibly for other systems.

Thanks,

Jim

James Pardonek, MS, CISSP, CEH
Information Security Officer
Loyola University Chicago
1032 W. Sheridan Road | Chicago, IL 60660

*: (773) 508-6086

Internet Issues and Infrastructure

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

Re: Why is .gov only for US government agencies? Stephen Satchell (Oct 20)
It's a dollar thing -- show me a substantial return on the investment
and I'll back it all the way. Notice that nowhere in the litany do the
terms "LAMP" or "Linux" show up.

Adobe and Microsoft would *love* the increased revenue from updates that
would have to be applied to all those old servers. And what about those
sites that were made using Front Page? Talk about a nightmare. A
costly one.

"A billion...

Re: Why is .gov only for US government agencies? shawn wilson (Oct 20)
Well yeah, there's tons of possible bad here.
1. Some contractor would get millions over a few years for doing this
2. Spending time to maintain old code that no one cares about just to
make stuff work is kinda annoying (both for those maintaining the code
and #1)
3. I don't want to see the report on how many Allaire ColdFusion with
NT 3.5 .gov sites are out there

.... any other reasons not to do this? Maybe, but here's the real...

Re: Why is .gov only for US government agencies? Valdis . Kletnieks (Oct 20)
On Mon, 20 Oct 2014 05:58:01 -0400, shawn wilson said:

You say that like it's a bad thing....

Re: Why is .gov only for US government agencies? Rob Seastrom (Oct 20)
Nick Hilliard <nick () foobar org> writes:

Government's got to keep on its feet.

-r

Re: Why is .gov only for US government agencies? ITechGeek (Oct 20)
The name of the game is you create it, you set your own rules. The United
States Gov't was involved w/ the Internet before people thought about it
being more than just a US gov't system.

As far as the SOA, someone probably copied and pasted another SOA not
really knowing what they were doing (or copied pasted, saved, modified,
forgot to hit save)....

Re: ISP Shaping Hardware Skeeve Stevens (Oct 20)
I know and feel the same way Roland. Just trying to figure out the best
way to get these users with a scare resource under control.

...Skeeve

*Skeeve Stevens - *eintellego Networks Pty Ltd
skeeve () eintellegonetworks com ; www.eintellegonetworks.com

Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve

facebook.com/eintellegonetworks ; <http://twitter.com/networkceoau>
linkedin.com/in/skeeve

experts360:...

RE: Keeping Track of Data Usage in GB Per Port Frank Bulk (Oct 20)
For GPON and Ethernet it's just SNMP counters.

Frank

-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Colton Conor
Sent: Sunday, October 19, 2014 5:35 PM
To: Livingood, Jason
Cc: NANOG
Subject: Re: Keeping Track of Data Usage in GB Per Port

So it looks like DOCSIS cable has a great solution with IPDR, but what
about DSL, GPON, and regular Ethernet networks?

It was mentioned that DSL uses radius, but...

Re: ISP Shaping Hardware Nurul Islam Roman (Oct 20)
Used following two product to shape traffic on packet level (L3). Had no
issue with several thousand customer.

Allot
http://www.allot.com/netenforcer.html

ET
http://www.etinc.com/

Found "Allot" is very popular for satellite based Internet specially in
south pacific island countries.

-R

Re: ISP Shaping Hardware Nick Hilliard (Oct 20)
for satellite, no.

s/headache/nightmare/

The high latency and bandwidth costs on satellite connections are a world
of pain. It should show how awful things are when you can actually improve
things by installing inline bandwidth accelerators and traffic shapers.

Nick

Re: Why is .gov only for US government agencies? Nick Hilliard (Oct 20)
incidentally, why does the .gov SOA list usadotgov.net in its SOA? The web
site for the domain looks like it's copied from drjanicepostal.com. Has
USGOV decided to open a new executive branch for podiatry?

Nick

Re: ISP Shaping Hardware Roland Dobbins (Oct 20)
I have a client which has thousands of customers on Satellite and needs to
restrict some users who are doing a lot.

Is QoS in the network infrastructure coupled with strictly-enforced quotas
insufficient to needs?

These permanently-inline boxes and blades that dork around with general
Internet traffic to/from eyeball networks can be a support/troubleshooting
headache . . .

-----------------------------------
Roland Dobbins <rdobbins ()...

Re: Why is .gov only for US government agencies? shawn wilson (Oct 20)
Bad idea. I'm betting we'd find half of gov web sites down due to not being
able to reboot and issues in old coldfusion and IIS and the like (and
needing to fix static links and testing etc). No, if it ain't broke don't
fix it.

Re: Why is .gov only for US government agencies? William Allen Simpson (Oct 20)
# Gee, someone should alert NANOG management that the list has fallen
# through a wormhole into 1996.
#

Which is circa 1994.

The real answer is that although fed.us is used by some agencies,
the overall requirement was stripped out of the Telecommunications
Act of 1996. Basically, the DC area incumbent provider of .gov and
.com was making so insanely much money per registration, they were
able to <s>buy off</s> persuade enough...

ISP Shaping Hardware Skeeve Stevens (Oct 20)
Hey all,

Just wondering what/if people are using any shaping hardware/appliances
these days, and if so, what.

I have a client which has thousands of customers on Satellite and needs to
restrict some users who are doing a lot.

So I wanted to see what the current popular equipment out there is.

...Skeeve

*Skeeve Stevens - *eintellego Networks Pty Ltd
skeeve () eintellegonetworks com ; www.eintellegonetworks.com

Phone: 1300 239 038; Cell +61...

Re: Keeping Track of Data Usage in GB Per Port Mikael Abrahamsson (Oct 20)
If you're measuring per month, there is no reason you can't use SNMP, poll
that 64bit counter once per day or something, and then add the values up
each month. It'll be accurate enough. SNMP isn't sampled, if you poll the
IfOctet counter, it just counts upwards and if you're not worried about
the switch rebooting, you could poll it once per month and be accurate.
I'd say polling it once or a few times a day...

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

Risks Digest 28.29 RISKS List Owner (Oct 09)
RISKS-LIST: Risks-Forum Digest Thursday 9 October 2014 Volume 28 : Issue 29

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.29.html>
The current issue can be...

Risks Digest 28.28 RISKS List Owner (Sep 30)
RISKS-LIST: Risks-Forum Digest Tuesday 30 September 2014 Volume 28 : Issue 28

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.28.html>
The current issue can...

Risks Digest 28.27 RISKS List Owner (Sep 15)
RISKS-LIST: Risks-Forum Digest Monday 15 September 2014 Volume 28 : Issue 27

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.27.html>
The current issue can...

Risks Digest 28.26 RISKS List Owner (Sep 11)
RISKS-LIST: Risks-Forum Digest Thursday 11 September 2014 Volume 28 : Issue 26

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.26.html>
The current issue can...

Risks Digest 28.25 RISKS List Owner (Sep 09)
RISKS-LIST: Risks-Forum Digest Tuesday 9 September 2014 Volume 28 : Issue 25

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.25.html>
The current issue can...

Risks Digest 28.24 RISKS List Owner (Sep 04)
RISKS-LIST: Risks-Forum Digest Weds 4 September 2014 Volume 28 : Issue 24

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.24.html>
The current issue can be...

Risks Digest 28.23 RISKS List Owner (Aug 28)
RISKS-LIST: Risks-Forum Digest Thursday 28 August 2014 Volume 28 : Issue 23

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.23.html>
The current issue can be...

Risks Digest 28.22 RISKS List Owner (Aug 27)
RISKS-LIST: Risks-Forum Digest Wednesday 27 August 2014 Volume 28 : Issue 22

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.22.html>
The current issue can...

Risks Digest 28.21 RISKS List Owner (Aug 26)
RISKS-LIST: Risks-Forum Digest Tuesday 26 August 2014 Volume 28 : Issue 21

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.21.html>
The current issue can be...

Risks Digest 28.20 RISKS List Owner (Aug 24)
RISKS-LIST: Risks-Forum Digest Sunday 24 August 2014 Volume 28 : Issue 20

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.20.html>
The current issue can be...

Risks Digest 28.19 RISKS List Owner (Aug 21)
RISKS-LIST: Risks-Forum Digest Thursday 21 August 2014 Volume 28 : Issue 19

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.19.html>
The current issue can be...

Risks Digest 28.18 RISKS List Owner (Aug 18)
RISKS-LIST: Risks-Forum Digest Monday 18 August 2014 Volume 28 : Issue 18

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.18.html>
The current issue can be...

Risks Digest 28.17 RISKS List Owner (Aug 14)
RISKS-LIST: Risks-Forum Digest Thursday 14 August 2014 Volume 28 : Issue 17

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.17.html>
The current issue can be...

Risks Digest 28.16 RISKS List Owner (Aug 12)
RISKS-LIST: Risks-Forum Digest Tuesday 12 August 2014 Volume 28 : Issue 16

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.16.html>
The current issue can be...

Risks Digest 28.15 RISKS List Owner (Aug 12)
RISKS-LIST: Risks-Forum Digest Monday 11 August 2014 Volume 28 : Issue 15

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.15.html>
The current issue can be...

Data Loss — Data Loss covers large-scale personal data loss and theft incidents. This archive combines the main list (news releases) and the discussion list.

Open Source Tool Development

Metasploit — Development discussion for Metasploit, the premier open source remote exploitation tool

Re: Is there a users mailing list? Tod Beardsley (Oct 20)
These days, people use the forums at http://community.rapid7.com for user talk. Or #metasploit on Freenode IRC.

Is there a users mailing list? Jon Molesa (Oct 20)
This was the only one google returned. I noticed this is the developers
list.

Re: help Jon Molesa (Oct 20)
Sorry about this. I was trying to hurry the mail server to try a resend
after subscription. It was meant to bump my grey listing.

I was attempting to interact with the mailman server as seen here
http://www.list.org/mailman-member/node41.html.

I'm fine otherwise. :-P

Re: help Tod Beardsley (Oct 20)
If this is an emergency, dial 911 (or your country's emergency services number).

Re: How-to update host information HD Moore (Oct 20)
Hi Jon,

You can edit a host via psql or just the irb console in Metasploit. For example, just do: msf> irb

From this prompt, you can do:

irb> host = Mdm::Host.where(address: '1.1.1.1'); host.hostname = 'BugServer'; host.save!

Keep in mind we normally split up things by workspace, so if you have multiple projects/workspaces:

irb> host = framework.workspace.hosts.where(address: '1.1.1.1')

Hope this...

How-to update host information Jon Molesa (Oct 20)
Hello,

I'm new here. Could someone please tell me how I can update information
for a host? I haven't tried importing it via a csv, but right now I just
want to know if it is possible to do in msfconsole.

I have a hostname for an IP address that I have previously imported. I
would like to update the record for that IP to include the hostname.

hosts -h doesn't reveal support for updating a host record.

Lastly, if the answer is to...

help Jon Molesa (Oct 20)
help

Re: ERROR: invalid input when using new Credential API Pedro Ribeiro (Oct 08)
If I try to attack a domain and set RHOST to a hostname, I get the same error:

[-] Auxiliary failed: ActiveRecord::StatementInvalid
PG::InvalidTextRepresentation: ERROR: invalid input syntax for type
inet: "domain.com"

(domain.com was actually a valid and reachable domain)

I understand that the credential API is new, but this is very clearly a bug.

Regards,
Pedro

Re: ERROR: invalid input when using new Credential API Pedro Ribeiro (Oct 03)
Isn't that too limiting? What if you are collecting the creds for a host
which is inside a private network, but you can only see the externally
facing host?

Or in other words, what would you do in this case? The host name might be
the same as the rhost, but not on all cases and we can't know that from the
exploit.

Regards
Pedro

reported credential with an address field needs to have an associated IP
(or the hostname must resolve).

a...

Re: ERROR: invalid input when using new Credential API HD Moore (Oct 03)
The database is keyed off IP addresses, so you are correct in that any reported credential with an address field needs
to have an associated IP (or the hostname must resolve).

-HD

ERROR: invalid input when using new Credential API Pedro Ribeiro (Oct 02)
Hi,

I'm building an aux module that gets the SQL database credentials from
a target. These credentials are provided in the form
hostname-username-password. I'm using the new Credential API and doing
the following:

service_data = {
address: loot[database_server_name].split('\\')[0],
# port is 0 because we can't get it from the packet_reply
port: 0,
service_name: loot[database_type],...

g.kassaras () googlemail com has indicated you're a friend. Accept? g . kassaras (Sep 27)
Hi,

g.kassaras () googlemail com wants to follow you.

****** Is g.kassaras () googlemail com you friend? ******
If Yes please follow the link below:
http://invites.flipmailer.com/signup_e.html?fullname=&email=framework () spool metasploit
com&invitername=g.kassaras () googlemail
com&inviterid=31175062&userid=0&token=0&emailmasterid=db05a8fc-3a7b-4f3d-827d-842eb601aa28&from=g.kassaras
()...

Re: vim syntax highlighting for rc files Tod Beardsley (Sep 07)
We don't do this because it's easy, we do it because it's hard. :)

Re: vim syntax highlighting for rc files Robin Wood (Sep 07)
Wouldn't have thought it was easy but not being easy doesn't normally stop
people.

Robin

Re: vim syntax highlighting for rc files Tod Beardsley (Sep 07)
They're nearly always a mix of console commands and chunks of ruby. Sometimes they have bash/OS commands, too. So,
you're looking at two and maybe three intermixed styles. Not trivial?

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

Gerrit StartSSL OpenID provider Peter Wu (Oct 19)
Hi,

Has anyone tried to link a StartSSL identity in Gerrit? I just tried to do so,
but get a 401 Unauthorized back in Gerrit.

Although not available in the UI, you can chose your own OpenID provider by
hitting one of the provider buttons (e.g. StartSSL), then cancel by hitting Esc
(Stop). Use Firebug to disable the submit event on the form and edit the hidden
form, then submit.

In my case, I chose for https://lekensteyn.startssl.com/ but now I...

Re: wireshark seems to not correctly follow WPA2 rekeying Alexis La Goutte (Oct 19)
Avery,

it is possible to create a new issue with your pcap sample ?

Re: ARM Build Graham Bloice (Oct 18)
Maybe not so easy, I tried using CMake (3.02) but got the following in the
error log where CMake tries to identify the compiler:

Build started 18/10/2014 15:41:44.
Project
"E:\Wireshark\build2013arm\CMakeFiles\3.0.2\CompilerIdC\CompilerIdC.vcxproj"
on node 1 (default targets).
C:\Program Files
(x86)\MSBuild\Microsoft.Cpp\v4.0\V120\Platforms\ARM\PlatformToolsets\v120\Toolset.targets(36,5):
error MSB8022: Compiling Desktop applications...

Re: ARM Build Alexis La Goutte (Oct 18)
Hi Guy,

Thanks, now build without error on ARM hf :-)

@Graham,
May be a good idea to try also with VS2013 on ARM too...

Re: Functioning of FCS checkbox in IEE802.11 prot Guy Harris (Oct 18)
On Oct 17, 2014, at 8:25 AM, "Emburey Samrex Edward -X (emedward - EMBED UR SYSTEMS at Cisco)" <emedward () cisco com>
wrote:

There are three flavors of 802.11 packet provided to the 802.11 dissector:

1) packets from sources that indicate whether the packet includes the FCS, such as some capture file formats;

2) packets that include metadata that indicates whether the FCS is included, such 802.11+radiotap...

Functioning of FCS checkbox in IEE802.11 prot Emburey Samrex Edward -X (emedward - EMBED UR SYSTEMS at Cisco) (Oct 18)
Hi Team,

Thanks for your attention!

This is regd the FCS representation in the 802.11 frames.

Most of the Cisco APs do have the last 4-byte of FCS, which is rightly represented in the wireshark captures.

Whereas, in a recent AP, we do not include this 4byte FCS.
So we go for the option in 'Edit-->Preferences-->Protocol-->IEEE 802.11-->Assume packets have FCS'
But still, wireshark treats the last 4-bytes as FCS; as a...

Re: ARM Build Guy Harris (Oct 16)
The compiler's wrong, but I redid the code a bit so that rapid_description will always be set. That's not an ARM
issue, except perhaps to the extent that the dataflow analysis has architecture-specific parts, with the ARM version
not recognizing that this isn't a problem (or with other versions not having the chance to incorrectly decide it is a
problem).

I've checked a change into the trunk, which simplifies the code a...

Re: ARM Build Guy Harris (Oct 16)
http://msdn.microsoft.com/en-us/library/0w6ke344.aspx

"Type char

Visual Studio 2013 Other Versions 1 out of 1 rated this helpful - Rate this topic

The char type is used to store the integer value of a member of the representable character set. That integer value is
the ASCII code corresponding to the specified character.

Microsoft Specific

Character values of type unsigned char have a range from 0 to 0xFF...

Re: ARM Build Guy Harris (Oct 16)
The warning was due to unsigned 8-bit values always being <= 0xFF.

A better fix is to extract the upper and lower nibbles and to make sure they're both >= 0xA, as a nibble is always <=
0xF (fewer tests, no special-casing of 0xFF). I checked that in, with the nibble extractions casting the result to
guchar to make sure no sign-extension is done on platforms with *signed* characters.

Checked into the trunk and backported to 1.12...

Re: ARM Build Graham Bloice (Oct 16)
On 15 October 2014 19:03, Alexis La Goutte <alexis.lagoutte () gmail com>
wrote:

Visual Studio (VS2013 at least) as 32 & 64 bit ARM compilers. I've never
fired them up though. I wonder if CMake can be persuaded to make solution
files that include ARM compilation options.

Re: ARM Build Guy Harris (Oct 15)
...which may be running a compiler in which "char" is unsigned; I seem to remember that issue coming up with some
software in the past couple of months (possibly Wireshark, possibly libpcap or tcpdump).

We should probably make "s" a "const guchar *", and do the appropriate cast.

"static const char str_to_nibble[]" should be "static const gint8 str_to_nibble[]", and "char c, d" should...

ARM Build Alexis La Goutte (Oct 15)
Hi,

I have try to build wireshark on ARM(v7) Machine (Using the new cloud
from Online.net[1])

I have try to build lasted trunk/master of wireshark (to test speed..)
but don't build :

ftype-pcre.c: In function 'raw_flag_needed':
ftype-pcre.c:64:13: error: comparison is always true due to limited
range of data type [-Werror=type
-limits]
(s[i] >= '\xFA' && s[i] <= '\xFF'))...

Re: < 25 Warnings on Clang Scan Build Bálint Réczey (Oct 15)
2014-10-14 21:41 GMT+02:00 Alexis La Goutte <alexis.lagoutte () gmail com>:

Great news!

Cheers,
Balint

Re: Thanks for the Manual Stig Bjørlykke (Oct 15)
Thank you for the report.

This will be fixed in the next release.

Thanks for the Manual Emre Baris (Oct 15)
Nice software, works great on the back of the tahr (3.13.0-24-gen)
Clear and pure manual, thanks.

Some typos
In 1.2. System Requirements, files no mor than a few hundred MB
In 4.9.2. Remote Capture Settings, an interface other then the interface
connecting back to Wireshark

~emre

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

Re: SNORT version lifecycle Hanson.Webster (Oct 20)
I am running 2.9.5.5, which according to the website went EOL back in February. So now I have to update to 2.9.6.2.
It appears that the two previous versions 2.9.6.0 and 2.9.6.1 went EOL 6 months after they were released. So I was just
assuming that most releases last 6 months?

Is there an easy procedure for keeping the SNORT versions up to date? Even if we have to do it once a year, that is a
lot of overhead maintenance for us to perform...

Re: SNORT version lifecycle Joel Esler (jesler) (Oct 20)
EOL has nothing to do with “time” per say.

As is listed on the EOL page (www.snort.org/eol <http://www.snort.org/eol>), we support the latest patch version of the
current major version and the latest patched version of the prior major version (So 2.9.6.2, 2.9.5.6) (The third
number being the major version). When we introduce a new version (2.9.6.2), we support the last minor revision for 90
days, then it is EOL.

So, for...

Re: Port problems in a rule Kurzawa, Kevin (Oct 20)
Wireshark shows a packet from local to testmyids.com where "Host: testmyids.com" appears in a GET request. It is indeed
port 80. This was triggered via browsing to the URI testmyids.com.

It appears I'm not as familiar with what exactly the "content" looks at vs what the "pcre" looks at. The snort manual
didn't really clear things up for me. I thought they were two ways to search for the same stuff....

SNORT version lifecycle Hanson.Webster (Oct 20)
Looking at the EOL table it appears that SNORT versions go end of life after 6 months. 2.9.6 was valid from 1/2014
until 7/2014 and 2.9.61 was valid from 4/2014 until 10/2014. Should I assume that 2.9.6.2 will go EOL in February of
2015?

What is the procedure for updating SNORT? Is it required to update it twice a year?

Snort Version

Released

EOL

Snort 2.9.5.6

2013-11-18

TBD**

Snort 2.9.6.0

2014-01-23

2014-07-23

Snort 2.9.6.1...

Re: Unable to update Snort signatures Joel Esler (jesler) (Oct 17)
You are attempting to download a file that doesn't exist anymore as a result of EOL. 2950 eol'ed more than a two years
ago.

Re: Unable to update Snort signatures Shirkdog (Oct 17)
Oinkcode, and you need to use a supported version.

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists...

Unable to update Snort signatures Hanson.Webster (Oct 17)
Getting the following error when I try to update Snort signatures:
Error 422 when fetching https://www.snort.org/rules/snortrules-snapshot-2950.tar.gz.md5 at
/usr/local/snort/pulledpork/pulledpork.pl line 453

Has something changed?

________________________________
Hanson M. Webster | Network and Security Analyst | Salem Five Bank | 210 Essex Street, Salem MA 01970 | Tel: 978.720.
5230 | Fax: 978.498.0230 | www.salemfive.com<...

Re: Unable to update Snort signatures lists () packetmail net (Oct 17)
["oinkcode required"]

Cheers,
Nathan

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho

Re: Unable to update Snort signatures James Lay (Oct 17)
End of life:

https://www.snort.org/eol

James

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho

Re: Port problems in a rule waldo kitty (Oct 17)
how are you attempting to trigger these rules?

do you have a pcap for this? i suspect that you are seeing this trigger on
something other than http traffic which your other two rules appear to be
looking for... maybe DNS traffic here when the browser looks up the domain to
find out which IP to connect to...

aside from that, you should perhaps capture the traffic to a pcap with wireshark
or tcpdump... that way you can more easily see what...

Unable to update Snort signatures Hanson.Webster (Oct 17)
Getting the following error when I try to update Snort signatures:
Error 422 when fetching https://www.snort.org/rules/snortrules-snapshot-2950.tar.gz.md5 at
/usr/local/snort/pulledpork/pulledpork.pl line 453

Has something changed?

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile...

Port problems in a rule Kurzawa, Kevin (Oct 17)
The port variable doesn't seem to like me. I recently started playing with rules and found an unexpected problem.
Wondering what I'm doing wrong.

# works
alert tcp any any -> any any (msg: "LOCAL-RULE Test for TestMyIDS.com"; content: "testmyids.com";
classtype:misc-activity; sid:1000001; rev:1;)

# doesn't work
#alert tcp any any -> any 80 (msg: "LOCAL-RULE Test for TestMyIDS.com"; content:...

Re: Regular Expression Matching in Snort Rules Venkataramesh Bontupalli (Oct 17)
Dear Mitesh,

That was really informative..
Thanks a lot..
Appreciated

Thanks and Regards,
VenkataRamesh

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho...

Re: Regular Expression Matching in Snort Rules Mitesh Jadia (Oct 17)
Different search methods are available in snort.

AC* methods will build DFA for all contents written in signature (largest
content based on length will be taken for each signature).
Now to match all eligible signatures on a packet. Packet data buffer
(p->data) will be given to DFA and if DFA find any of the content registerd
with it then it calls corresponding signature evaluator function.

So, with this technique we can reduce the processing...

Snort and core rules Muhammad Ridwan Zalbina (Oct 17)
hey, morning here, my name is m. ridwan zalbina and i'm a comp.eng student
i want to ask something about NIDS (snort) and how to cooperate to modsecurity ?? is there away to do that in http
inspect preprocessor ?? if so, would you tell me about this ?

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS,...

More Lists

Related Resources

We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.