SecLists.Org Security Mailing List Archive

Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:

Insecure.Org Lists

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

Re: [Patch] KRAD Ascii Art (A short and sweet patch) Daniel Miller (Mar 19)
I don't have a problem with this, but in my testing using original-awk,
mawk, and gawk, both methods had similar distributions when choosing
random numbers between 1 and 5. Interestingly, mawk was about twice as
fast as gawk, which was about twice as fast as original-awk in this
(mostly useless) test.

Dan

Re: [Patch] KRAD Ascii Art (A short and sweet patch) Jay (Mar 19)
Jacek,

That does make sense... I did that and put an if at the end to prevent
it from messing up if there is no such file. (And I rewrote the comments
-- just personal opinion that saying that it "makes it more random" than
"supposed to make it more random" seems more like a definitive statement
where we know what we are doing :-) )

Seems to look nice and work well now.

# Randomly store the name of one of the ASCII...

Re: [Patch] KRAD Ascii Art (A short and sweet patch) Jacek Wielemborek (Mar 19)
19/03/2014 23:31:46 Jay Bosamiya <jaybosamiya () gmail com>:

Okay, now it seriously begs for being broken down into a few instructions. How
about something like:

# print a random ASCII art in a way that works on non-GNU systems as well.
FILENAME=`ls docs/leet-nmap-ascii-art*.txt 2>/dev/null | awk '
BEGIN {
srand();
}

{
lines[++d] = $0
}

END {
# This is supposed to make AWKs random...

Re: [Patch] KRAD Ascii Art (A short and sweet patch) Jay Bosamiya (Mar 19)
I added the docs/leet-nmap-ascii-art*.txt 2>/dev/null needed to make the
code look at the necessary files.
The other 2>/dev/null at the end stops it from throwing an error if no
docs/leet-nmap-ascii-art*.txt file exists.
Thus the command becomes into

cat $(ls docs/leet-nmap-ascii-art*.txt 2>/dev/null | awk
'BEGIN{srand();}{lines[++d]=$0}END{print lines[int(1+rand()*d)]}')
2>/dev/null

This works pretty well...

[Patch] Resubmitting: Upgrade libpcap to 1.5.3 Jay Bosamiya (Mar 19)
No message preview for long message of 1063104 bytes.

Re: [Patch] KRAD Ascii Art (A short and sweet patch) Daniel Miller (Mar 19)
Jacek,

Not sure if this is what you meant, but this turns out to be better
(avoids the whole sort issue and has fewer processes):

cat $(ls | awk 'BEGIN{srand();}{lines[++d]=$0}END{print
lines[int(1+rand()*d)]}')

Dan

Re: [Patch] KRAD Ascii Art (A short and sweet patch) Jacek Wielemborek (Mar 19)
19.03.2014 15:49, Daniel Miller:

I'd personally break it down into a few instructions.

Re: [Patch] KRAD Ascii Art (A short and sweet patch) Daniel Miller (Mar 19)
Jay,

sort -R is a GNU extension, so this will break on non-GNU systems like
OS X, Solaris, *BSD, etc. Here's an alternative shuffle that uses
POSIX-specified awk and sort, as well as avoiding the non-POSIX (though
widely supported) "tail -[0-9]*" syntax:

cat $(ls docs/leet-nmap-ascii-art*.txt 2>/dev/null | awk
'BEGIN{srand();}{print rand()"\t"$0}' | sort | head -n 1 | cut -f 2-)

Thanks for the patch!...

Re: [Patch] Resubmitting: Upgrade libpcap to 1.5.3 Jay Bosamiya (Mar 19)
I sent the mail (the one below) earlier but it is not showing up on the
archives. Maybe something with the patch being too large (800 KB) or
something?

I have made the patch into a github gist [1]. Please look into the same.

Regards,
Jay Bosamiya

[1] https://gist.github.com/jaybosamiya/69268d3055f3fd05b386

Re: [Patch] KRAD Ascii Art (A short and sweet patch) Jay Bosamiya (Mar 19)
Oops...

Attached is the patch (as a txt file)... Also, if it doesn't come
through this time as an attachment, I've put it up as a github gist [1].

Regards,
Jay

[1] https://gist.github.com/jaybosamiya/e2cecc305b4055cb7776
Index: configure
===================================================================
--- configure (revision 32783)
+++ configure (working copy)
@@ -9392,7 +9392,6 @@
fi

# Krad ASCII ART#!# () $!@#$
-if test...

Re: [Patch] KRAD Ascii Art (A short and sweet patch) Fyodor (Mar 19)
On Mon, Mar 17, 2014 at 12:14 PM, Jay Bosamiya <jaybosamiya () gmail com>wrote:

Hi Jay. I'm afraid we didn't get the patch--perhaps the list blocked it
due to the content type. Some mailers like to label files without
extensions as application/*, which the list blocks to avoid malware. Can
you try either giving it a .txt extension and resending, or post the patch
somewhere and send us a link?

Thanks,
Fyodor

[GSoC] Script code coverage tool Nemanja Stošić (Mar 18)
So I thought about applying for the GSoC with Nmap with the following idea:
- Create a tool that would inform the user of Nmap about his/her script
performance upon running with certain parameters. Info included should be
logic conditions passed, logic conditions failed, handled requests,
unhandled requests, possible illegal operations...
So my question is what would you like to see in the finished project i.e.
what feedback do you want to...

Re: Gsoc suggestion Robin Wood (Mar 17)
Useful to know.

Robin

[Patch] KRAD Ascii Art (A short and sweet patch) Jay Bosamiya (Mar 17)
I have always liked the fact that ASCII art is ready to greet you at
the end of the `./configure` and I'm pretty sure you all have too.
However, it gets a little monotonous if you are running `./configure`
all the time, so when I saw the ascii art randomization thing near the
end of the TODO list, I felt that should do it.

Attached is the patch.

I have patched the configure file as well as have added two ascii arts
(one by Gary G Nass[1]...

Re[2]: NSE Script: delete host from output Anton Konvalyuk (Mar 17)
Hello John,

thank you for your answer. It is a nice solution. U nfortunately , I cannot use it, because of some architecture
features.
I didn't find any function in nmap library too.

Fri, 14 Mar 2014 15:24:42 +0100 от John Bond <john.r.bond () gmail com>:

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.

Nmap Team Launches 5-Gigapixel "Icons of the Web" Project Fyodor (Dec 19)
Fellow Nmap Hackers,

Perhaps you remember in 2010 how we capped off a massive scan of the top
million Internet web sites by creating a giant interactive collage, with
each site scaled by its popularity? Well, I'm happy to report that we
restarted our scanners this year and have launched a brand new and much
improved edition of Icons of the Web at http://nmap.org/favicon/! It's
interesting to see how things have changed in just 3...

Nmap 6.40 Released! New scripts, new signatures, better performance! Fyodor (Aug 19)
Hi Folks. It has been a while since the last stable Nmap release, but
I'm pleased to release Nmap 6.40 and I think you'll consider it worth
the wait! It includes 14 new NSE scripts, hundreds of new OS and
service detection signatures, a new --lua-exec feature for scripting
Ncat, initial support for NSE and version scanning through a chain of
proxies, improved target specification, many performance enhancements
and bug fixes, and much...

Nmap Project Seeking Talented Programmers for Google Summer of Code Fyodor (Apr 26)
Hi Folks. I'm happy to announce that the Nmap Project has again been
accepted into the Google Summer of Code program. This innovative and
extraordinarily generous program provides $5,000 stipends to college and
graduate students who spend the summer improving Nmap! They gain valuable
experience, get paid, strengthen their résumés, and write code for millions
of users.

Previous SoC students helped create the Nmap Scripting Engine, Zenmap...

Nmap 6.25 holiday season release! 85 new scripts, better performance, Windows 8 enhancements, and more Fyodor (Nov 30)
Hi folks. It has been more than five months since the Nmap 6.01
release, and I'm pleased to announce a new version for you to enjoy
during the holidays! Nmap 6.25 contains hundreds of improvements,
including 85 new NSE scripts, nearly 1,000 new OS and service
detection fingerprints, performance enhancements such as the new
kqueue and poll I/O engines, better IPv6 traceroute support, Windows 8
improvements, and much more! It also includes...

Nmap 6.01 Released Fyodor (Jun 22)
Hi folks! I'm happy to report that the Nmap 6.00 release
(http://nmap.org/6 ) last month was a huge success, with hundreds of
thousands of downloads and a bunch of positive articles and reviews.
But any release this big is going to uncover a few issues, so we've
released Nmap 6.01 to address them. This should also appease the more
conservative users who always wait for the first patch update before
installing a major software release....

Nmap 6 Released! Fyodor (May 21)
Hi folks! After almost three years of work, 3,924 code commits, and
more than a dozen point releases since Nmap 5, I'm delighted to
announce the release of Nmap 6! It includes a more powerful Nmap
Scripting Engine, 289 new scripts, better web scanning, full IPv6
support, the Nping packet prober, faster scans, and much more!

For the top 6 improvements in Nmap 6, see the release notes:

http://nmap.org/6

Or you can go straight to the...

Last Chance to Apply for the Nmap/Google Summer of Code! Fyodor (Apr 04)
Hi Folks. I'm happy to announce that the Nmap Project has again been
accepted into the Google Summer of Code program. This innovative and
extraordinarily generous program provides $5,000 stipends to college
and graduate students who want to spend the summer improving Nmap!
They gain valuable experience, get paid, strengthen their résumé, and
write code for millions of users.

Previous SoC students helped create the Nmap Scripting Engine,...

Nmap 5.61TEST5 released with 43 new scripts, improved OS & version detection, and more! Fyodor (Mar 09)
Hi folks! We've been working hard for the last 2 months since
5.61TEST4, and I'm pleased to announce the results: Nmap 5.61TEST5.
This release has 43 new scripts, including new brute forcers for http
proxies, SOCKS proxies, Asterisk IAX2, Membase, MongoDB, Nessus
XMLRPC, Redis, the WinPcap remote capture daemon, the VMWare auth
daemon, and old-school rsync. Better check that your passwords are
strong! Some other fun scripts are...

Other Excellent Security Lists

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

Cisco Security Advisory: Cisco AsyncOS Software Code Execution Vulnerability Cisco Systems Product Security Incident Response Team (Mar 19)
Cisco AsyncOS Software Code Execution Vulnerability

Advisory ID: cisco-sa-20140319-asyncos

Revision 1.0

For Public Release 2014 March 19 16:00 UTC (GMT)

Summary
=======

Cisco AsyncOS Software for Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) contain
a vulnerability that could allow an authenticated remote attacker to execute arbitrary code with the privileges of the
root user.

Cisco has released...

[SECURITY] [DSA 2881-1] iceweasel security update Moritz Muehlenhoff (Mar 19)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2881-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
March 19, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : iceweasel
CVE ID : CVE-2014-1493 CVE-2014-1497...

Cross-Site Scripting (XSS) in CMSimple High-Tech Bridge Security Research (Mar 19)
Advisory ID: HTB23205
Product: CMSimple
Vendor: Preben Bjorn Biermann Madsen
Vulnerable Version(s): 3.54 and probably prior
Tested Version: 3.54
Advisory Publication: February 26, 2014 [without technical details]
Vendor Notification: February 26, 2014
Vendor Patch: February 26, 2014
Public Disclosure: March 19, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-2219
Risk Level: Medium
CVSSv2 Base Score: 4.3...

(CFP) LACSEC 2014: Cancun, Mexico. May 7-8, 2014 (EXTENDED DEADLINE) Fernando Gont (Mar 19)
---- cut here ----
***********************************************************************
CALL FOR PRESENTATIONS
***********************************************************************
LACSEC 2014
9th Network Security Event for Latin America and the Caribbean
May 4-9, 2014, Cancun, Mexico
http://www.lacnic.net/en/web/eventos/lacnic21

LACNIC (...

ESA-2014-018: EMC Connectrix Manager Converged Network Edition Information Disclosure Vulnerability Security Alert (Mar 19)
ESA-2014-018: EMC Connectrix Manager Converged Network Edition Information Disclosure Vulnerability

EMC Identifier: ESA-2014-018

CVE Identifier: CVE-2014-2276

Severity Rating: CVSS v2 Base Score: CVSS: 5 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Affected products:
EMC Connectrix Manager Converged Network Edition (CMCNE) 12.1.2

Summary:
EMC Connectrix Manager Converged Network Edition (CMCNE) may be vulnerable to information disclosure of...

2014 World Conference on IST - Madeira Island, April 15-17 ML (Mar 18)
========================= WorldCIST'14 =============================
The 2014 World Conference on Information Systems and Technologies
April 15-17, Madeira Island, Portugal
http://www.aisti.eu/worldcist14/
====================================================================

Program available at:
http://www.aistic.org/wcist2014/oc14/modules/request.php?module=oc_program&action=program.php&p=program

Best...

=?utf-7?Q?Microsoft Forefront Protection for Exchange Server detected a virus?= ForefrontServerProtection (Mar 18)
Microsoft Forefront Protection for Exchange Server has detected a virus.

Virus name: "Trojan.JS.DoS.a"
File name: "Body of Message"
State: "Removed"
Subject line: "MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service"
Sender: "submit () cxsec org"
Scan job: "Transport"
Location: "Microsoft//SMTP05 (SMTP Messages)"

[SECURITY] [DSA 2880-1] python2.7 security update Moritz Muehlenhoff (Mar 17)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2880-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
March 17, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : python2.7
CVE ID : CVE-2013-4238 CVE-2014-1912...

[ MDVSA-2014:063 ] x2goserver security (Mar 17)
_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:063
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : x2goserver
Date : March 17, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...

[ MDVSA-2014:064 ] udisks security (Mar 17)
_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:064
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : udisks
Date : March 17, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...

[ MDVSA-2014:062 ] webmin security (Mar 17)
_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:062
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : webmin
Date : March 17, 2014
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________

Problem...

Open-Xchange Security Advisory 2014-03-17 Martin Braun (Mar 17)
Product: Open-Xchange AppSuite
Vendor: Open-Xchange GmbH

Internal reference: 31065
Vulnerability type: Cross Site Scripting (CWE-80)
Vulnerable version: 7.4.1 and 7.4.2
Vulnerable component: frontend
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 7.4.1-rev10, 7.4.2-rev8
Vendor notification: 2014-02-11
Solution date: 2014-02-28
Public disclosure: 2014-03-17
CVE reference: CVE-2014-2077
CVSSv2: 5.7...

MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service submit (Mar 17)
MacOSX Safari Firefox Kaspersky RegExp Remote/Local Denial of Service
http://cxsecurity.com/

YouTube (Kaspersky PoC):
https://www.youtube.com/watch?v=joa_9IS7U90

---- 0. Where is the problem? ----
Some time ago I have reported vulnerabilities in regcomp() in BSD implementation (CVE-2011-3336) and GNU libc
implementation (CVE-2010-4051 CVE-2010-4052).
Now is the time for MacOSX and other software and It seems that the problem is still in their...

exploit for old rlpdaemon bug Nomen Nescio (Mar 17)
#!/opt/perl5/bin/perl -w

# HP-UX rlpdaemon local exploit
# Bulletin HPSBUX0111-176 (November 2001)
#
# For use only on machines where you have legitimate root.
# This attempts to add junk (including "localhost +") to /.rhosts.
# Obvious variants could include /etc/passwd.

use IO::Socket;

$PORT = 9000; # pick something not in use

$pid=fork;
die("fork: $!") unless (defined($pid));

if (0 == $pid) {
# child - server,...

[slackware-security] php (SSA:2014-074-01) Slackware Security Team (Mar 17)
[slackware-security] php (SSA:2014-074-01)

New php packages are available for Slackware 14.0, 14.1, and -current to
fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.4.26-i486-1_slack14.1.txz: Upgraded.
This update fixes a flaw where a specially crafted data file may cause a
segfault or 100% CPU consumption when a web page uses fileinfo() on it.
For more...

Full Disclosure — A lightly moderated high-traffic forum for disclosure of security information. Fresh vulnerabilities sometimes hit this list many hours before they pass through the Bugtraq moderation queue. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. Unfortunately, most of the posts are worthless drivel, so finding the gems takes patience.

Administrivia: The End John Cartwright (Mar 19)
Hi

When Len and I created the Full-Disclosure list way back in July 2002,
we knew that we'd have our fair share of legal troubles along the way.
We were right. To date we've had all sorts of requests to delete
things, requests not to delete things, and a variety of legal threats
both valid or otherwise. However, I always assumed that the turning
point would be a sweeping request for large-scale deletion of
information that some...

USSD Sender Hacktool 1.0 AWeber Test (Mar 19)
What is USSD?
USSD stands for Unstructured Supplementary Service Data and it's mostly use to make requests to a mobile operator. If
you want to check how much money you have on your mobile sim card you can use a USSD Command for that. Entering for
example *#100# to the vodafone network, you will receive an USSD message as a result.

USSD Sender Hacktool is a complex tool that let any web user to send a text message in a USSD command to any...

Re: [SPAM] [Bayesian][bayesTestMode] Re: Google vulnerabilities with PoC Leutnant Steiner (Mar 19)
http://thehackernews.com/2014/03/watch-out-scammers-targeting-google.html

2014-03-17 20:44 GMT+01:00 The Doctor <drwho () virtadpt net>:

Kaspersky 14.0.0.4651 RegExp Remote Denial of Service PoC2 [CXSEC] (Mar 19)
Kaspersky has released updated for first PoC presented here

http://www.youtube.com/watch?v=joa_9IS7U90 (
http://seclists.org/fulldisclosure/2014/Mar/166)

but there are still many combinations of evil patterns. For exmaple next
PoC2 is available here

https://www.youtube.com/watch?v=9PYtL0zck3I

code:
https://devilteam.pl/regex2.html

------
<HTML>
<HEAD>
<TITLE>RegExp Resource Exhaustion </TITLE>
</HEAD>
<BODY...

All your PLC are belong to us (2) scadastrangelove (Mar 19)
Fixes for Siemens S7 1500 PLC are published.
Thanks to Yury Goltsev <https://twitter.com/ygoltsev>, Ilya Karpov, Alexey
Osipov <https://twitter.com/GiftsUngiven>, Dmitry
Serebryannikov<https://twitter.com/dsrbr>and Alex
Timorin <https://twitter.com/atimorin>.
There are a lot of, but Authentication bypass (INSUFFICIENT
ENTROPY/CVE-2014-2251) is the best.

Links:...

Re: Bank of the West security contact? Jeffrey Walton (Mar 18)
I might just stand corrected here (if it withstands appeal):

http://www.slyck.com/story2351_Data_Breach_Settlement_Class_Action_Lawsuit_Wins_Appeal_in_Court:

With so many recent data breaches and lacking security measures in
place, we know that there are likely to be many more lawsuits
forthcoming. However, in what’s believed to be a first win for a class
action lawsuit as a result of a data breach where none of the
plaintiffs suffered...

Re: Bank of the West security contact? Florian Weimer (Mar 18)
* Kristian Erik Hermansen:

Is this an issue with their online banking? Then here's a hint:

/**********************************************************
* *
* Copyright ©2005 Corillian Corporation *
* *
* All rights reserved. *
*...

McAfee Cloud SSO and McAfee Asset Manager vulns Brandon Perry (Mar 18)
1. Cloud SSO is vuln to unauthed XSS in the authentication audit form:
2.

1. https://twitter.com/BrandonPrry/status/445969380656943104
2.

1.
2. McAfee Asset Manager v6.6 multiple vulnerabilities
3.
4. http://www.mcafee.com/us/products/asset-manager.aspx
5.
6. Authenticated arbitrary file read
7. An unprivileged authenticated user can download arbitrary files with
the permissions of the web server using the...

[Quantum Leap Advisory] #QLA140216 - VLC Reflected XSS vulnerability Francesco Perna (Mar 18)
=== Executive Summary ===
Using a specially crafted HTTP request, it is possible to exploit a lack
in the neutralization[1] of the error pages output which includes the
user submitted content. Successful exploitation of the vulnerabilities,
results in the execution of arbitrary HTML and script code in user?s
browser in context of the vulnerable website trough a ?Reflected XSS?

=== Proof of Concept ===
It has been discovered a reflected XSS...

(CFP) LACSEC 2014: Cancun, Mexico. May 7-8, 2014 (EXTENDED DEADLINE) Fernando Gont (Mar 18)
---- cut here ----
***********************************************************************
CALL FOR PRESENTATIONS
***********************************************************************
LACSEC 2014
9th Network Security Event for Latin America and the Caribbean
May 4-9, 2014, Cancun, Mexico
http://www.lacnic.net/en/web/eventos/lacnic21

LACNIC (...

CEbot: disasm from your Twitter account Capstone Engine (Mar 18)
Hi,

We are running CEbot, a tool that lets you reverse hexcode from your own
Twitter!

How? Do this in 2 easy steps:

- Tweet your hex string with either hashtag #2ce (read as:
"To-Capstone-Engine"), or #cebot.
- Wait 1~2 seconds, the assembly code will be sent back, also via Twitter.
Be sure to check the "Notifications" tab if you do not see it soon enough.

Few examples on tweets accepted by CEbot:

x32 909090 #2ce...

Re: [SPAM] [Bayesian][bayesTestMode] Re: Google vulnerabilities with PoC The Doctor (Mar 18)
While this inspiring and amusing thread has been going on, what
happened that we missed because we were too busy watching the fur fly?

Emergency patch for ShadowIRCd versions 6.3+ and Elemental-IRCd 6.5+ Sam Dodrill (Mar 18)
Emergency patch for ShadowIRCd versions 6.3+ and Elemental-IRCd 6.5+

A vulnerability has been discovered in Elemental-IRCd/ShadowIRCd all the
way back to version 6.3. If a client does a SASL authentication before the
server is ready for it, a race condition will be met and the ircd will
segfault to an address out of bounds error. The attached exploit, ku.py is
pasted below:

#!/usr/bin/python2
# Live exploit for ShadowIRCd 6.3+, remote...

[SECURITY] [DSA 2880-1] python2.7 security update Moritz Muehlenhoff (Mar 17)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2880-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
March 17, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : python2.7
CVE ID : CVE-2013-4238 CVE-2014-1912...

Re: Garage4Hackers Ranchoddas Series - Part 2 on Reverse Engineering - Free Webinar Sandeep Kamble (Mar 17)
Dear All, There has been a issue with hangout service as the Google
servers. Hence use below given link to join the webinar. Apologies for the
inconvenience and delay.

We have changed webcast link.

please join us : http://www.twitch.tv/gyndream/

On Fri, Mar 7, 2014 at 5:35 PM, Sandeep Kamble <sandeepk.l337 () gmail com>wrote:

Security Basics — A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.

Re: Metrics for Ethical Hack Vic Vandal (Mar 17)
Hi Monika,

There are tools that will run 20,000-30,000 multi-threaded string attacks on an entire crawled website within a couple
of hours. How fast can you type web requests and analyze web responses in comparison? (heh)

You also wrote "review code" in your message. If you're reviewing source code, how fast can you read and interpret
thousands and thousands of lines of code and compare it to say a dozen common coding...

Metrics for Ethical Hack mc (Mar 14)
Hi All
I am interested to know if there is any metric used to measure amount of
time it takes to manually review code vs. using a tool. Any opinion will be
appreciated.
Thanks
Monika Chakraborty

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how...

CarolinaCon-10 - May 2014 - FINAL ANNOUNCEMENT Vic Vandal (Mar 14)
CarolinaCon-10 will be held on May 16th-18th, 2014 in Raleigh NC. For the cheap price of your average movie admission
with popcorn and a drink ($20) YOU could get a full weekend of talks, hacks, contests, and parties.

We've selected as many presentations as we can fit into the lineup. Here they are, in no particular order:

- Bypassing EMET 4.1 - Jared DeMott
- Password Cracking for noobs - smrk3r
- AV Evasion with the Veil Framework -...

IMAP STARTTLS sniff tool bezrin (Mar 06)
Hi all.
We managed succesfully to sniff inside POP3S, SMTPS, IMAPS & HTTPS tunnels using arpspoof, iptables & sslsplit to make
MITM.
Now we want to sniff inside STARTTLS tunnels (specifically IMAP) but unfortunately sslsplit doesn't supports STARTTLS.
Is there/do you know another SSL/TLS tool supporting IMAP over STARTTLS to make MITM?

Many thanks
B.

------------------------------------------------------------------------...

Looking for reading material on incident management and response Pranav Lal (Mar 03)
Hi all,

I am going to be a part of the incident management team at my employer's.
The policies and procedures a are already in place. Most of my experience
has been in the attacker side of things. Can anyone suggest a set of books
that I can read to better understand defensive security? See the list below.

1. Computer Security Incident Handling
By Stephen Northcutt
2. Incident Response and Computer Forensics, Third Edition
by Chris...

[HITB-Announce] Haxpo CFP Hafez Kamal (Feb 20)
As part of our all new HITB Haxpo or 'hacker expo', we are calling on
the community of hackers, makers, builders and breakers to send us their
30 minute talk abstracts for consideration to be included in the 3-day
single-track agenda.

Taking place at De Beurs van Berlage on the 28th, 29th and 30th of May,
this single track, like the Haxpo itself, is completely FREE TO ATTEND
and we are encouraging everyone to come! If you're in...

[MailServer Resend] Resending quarantined email -- use caution when opening.Damn Vulnerable IOS App v1.0 launched spamadmin (Feb 07)
----- Original Message Header -----
Subject: Damn Vulnerable IOS App v1.0 launched
From: prateek.searchingeye () gmail com;
To: pen-test () securityfocus com; security-basics () securityfocus com;
webappsec () securityfocus com;
Cc:
-----------------------------------

Warning: Attachment contains virus code or meets the filtering/blocking
rules. Use caution when accessing the contents....

PETS 2014 Call For Papers - deadline February 13, 2014, 23:59 GMT Carmela Troncoso (Feb 07)
========================================================
PETS 2014: 14th Privacy Enhancing Technologies Symposium
July 16-18, 2014, Amsterdam, Netherlands
http://petsymposium.org/
CALL FOR PAPERS
========================================================

The Privacy Enhancing Technologies Symposium (PETS) aims to advance the
state of the art and foster a world-wide community of researchers and
practitioners to discuss innovation and new...

Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.

SAP post exploitation Brian Milliron (Mar 14)
Recently I ran across some vulnerable AIX SAP servers on a test and
managed to get admin access on the Web GUI. However, I know very little
about SAP and was unable to leverage SAP admin to get access to the
Oracle DB (it uses a separate credential store) or root on the OS.
Looking through all the available commands for both the web interface
and the SAP telnet interface I didn't see much that looked useful or
interesting. If I find myself...

IMAP STARTTLS sniff tool Bob Ezrin (Mar 07)
Hi all.
We managed succesfully to sniff inside POP3S, SMTPS, IMAPS & HTTPS tunnels using:

arpspoof -r DEFAULT_GATEWAY -t VICTIM

iptables -t nat -A PREROUTING -p tcp --dport ORIGIN_PORT -j REDIRECT --to-port REDIRECT_PORT

sslsplit SOME_PARAMS ssl 0.0.0.0 REDIRECT_PORT

to make man-in-the-middle.

Now we want to sniff inside STARTTLS tunnels (specifically IMAP) but unfortunately sslsplit doesn't supports STARTTLS.
Here there is the...

IMAP STARTTLS sniff tool Bob Ezrin (Mar 07)
Hi all.
We managed succesfully to sniff inside POP3S, SMTPS, IMAPS & HTTPS tunnels using arpspoof, iptables & sslsplit to make
MITM.
Now we want to sniff inside STARTTLS tunnels (specifically IMAP) but unfortunately sslsplit doesn't supports STARTTLS.
Is there/do you know another SSL/TLS tool supporting IMAP over STARTTLS to make MITM?

Many thanks
B.

------------------------------------------------------------------------...

[Tool] GoLismero 2.0 beta 3 cr0hn (Feb 13)
Hello everybody,

From GoLismero project, we pleased to announce the new beta release of GoLismero: GoLismero 2.0 beta 3.

GoLismero is an open source framework for security testing. It's currently geared towards web security, but it
can easily be expanded to other kinds of scans. The most important feature is that it can run external tools and
feedback their results.

Strictly speaking, GoLismero doesn't...

Damn Vulnerable IOS App v1.0 launched Prateek Gianchandani (Feb 04)
Hi All,

It gives me great pleasure to announce v1.0 of Damn Vulnerable IOS =

Application http://damnvulnerableiosapp.com

Damn Vulnerable IOS App (DVIA) is an IOS application that is damn =

vulnerable. Its main goal is to provide a platform to mobile security =

enthusiasts/professionals or students to test their IOS penetration =

testing skills in a legal environment. This application covers all the =

common vulnerabilities found in IOS...

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

Firewall Wizards — Tips and tricks for firewall administrators

Re: Quote cybersecurity unquote Anton Chuvakin (Nov 10)
On Wed, Oct 2, 2013 at 7:00 PM, Stephen P. Berry <spb () meshuggeneh net>wrote:

Actually, "the whole cyber thing" is even more interesting that that. At a
recent event (called - please don't laugh - "World Cyberspace Cooperation
Summit"), I've heard sentiment similar to the following: "'cyber risk
mitigation' is now a board-level priority, [while the infosec is not]" The
world has gone...

Re: Quote cybersecurity unquote David Lang (Nov 07)
the problem is that your 3K systems may all be running the same vulnerable code.
You need a sysadmin to create and maintain your template that you then run
everywhere.

And you do need these systems to log, and if you have logs, you need to worry
about rotation, retention, etc.

Far too many people make the exact same mistake in thinking that since it
"Cloud" you no longer need all the infrastructure tools to manage things. The...

Re: Quote cybersecurity unquote Marcin Antkiewicz (Nov 07)
[..]

Hold on. There are multiple trends in security here that you lump into the
same bag:
- "Cloud" describes little more than a billing model (subscription O&M),
and a form of provisioning (the "elasticity"), and some business glue.
Amazon sells you a slice of a hypervisor, Google used to sell managed
python execution containers, SalesForce lets you build a CRM-related
applications as plugins into their data and...

Re: Quote cybersecurity unquote David Lang (Nov 06)
unfortunantly you are misinterpreting what they are leaving up to Amazon and
Google.

They aren't outsourceing the system administration, all they are outsourcing is
the hardware administration.

In the process they are deciding that system administrators aren't needed and
just get in the way. The developers can take over doing everything because it is
easy enough that any developer can get a cloud system online.

This is the same...

Re: Quote cybersecurity unquote mjr (Nov 05)
Paul D. Robertson wrote:

Add to that, The Cloud. I finally realized that The Cloud is a good
thing. What
it means is that those who cannot do IT are going to stop trying. If
they can't
do system administration or system operations, they're going to step away
from the plate and let Amazon or Google or whoever do it. Overall, this is
probably for the best.

That leaves the home users. Shiny eye-grabbing mac stuff and iPad stuff are...

Re: Quote cybersecurity unquote Paul D. Robertson (Nov 05)
Stephen P. Berry wrote:

I completely missed it, but I'm considering doing another advocacy thing
like Personal Firewall Day, but longer- but it won't be in November, and
it hopefully won't be under the radar.

I don't know about the job market, but I assume all this pen testing
hoopla has someone actually doing the remediation, though I guess it may
the the companies doing the testing- that's certainly my...

Quote cybersecurity unquote Stephen P. Berry (Nov 01)
It is apparently national cyber security awareness month, a fact which
I was made aware of by a bunch of fluff news pieces.

This got me thinking: is network/information security, in the sense that
long-time readers of firewall-wizards have practiced it, a dying profession?
In the aforementioned news coverage there's prominent discussion of
so-called hackers for hire, but none whatsoever of the sort of systems and
infrastructure-focused...

Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

Administrivia: Excessive CC's Andrew van der Stock (Mar 15)
Hi there,

There's a really useful question that I've rejected (along with a
great answer) as the question has about one bazillion security lists
in the To list.

I'd love to publish more discussions here and revitalise the list, but
not by by accepting a massive DDoS mail loop in the making, or
requiring all the other list admins to agree with my moderation
policy.

So if you want to publish a question here, please go ahead, but...

Hacking in Schools Pete Herzog (Feb 25)
How to teach hacking in school and open up education:

https://opensource.com/education/14/2/teach-hacking-schools-open-education

Sincerely,
-pete.

Google XXE Vulnerability Mark Litchfield (Feb 22)
Hi All,

There was an XML external entity vulnerability within Googles Public
data explorer. This was submitted to Google as part of their Bug Bounty
Program.

For the full write up with screen shots -
http://www.securatary.com/vulnerabilities

44CON 2014 September 11th - 12th CFP Open Steve (Feb 21)
44CON is the UK's largest combined annual Security Conference and
Training event. Taking place on the 11th and 12th of September at the
ILEC Conference Centre near Earls Court, London, we will have a fully
dedicated conference facility, including catering, private bar and daily
Gin O’Clock break.
_ _
/_//_// / //\ / Goes | 11th - 12th September 2014
/ //_,/_// / Fourth | ILEC Conference Centre, London

-=-...

PHP wrapper question Mark Litchfield (Feb 19)
Reaching out for some help / ideas.

I have an XXE that works but when processing large files it fails

For example, the below attack will work sending to my instance of Netcat
the base64 encoded string of win.ini. A nice POC, but not exactly what
I am looking. (We are using base64 to ensure any line feeds are removed
or other data that would cause XML processing errors)

<!ENTITY % payload SYSTEM...

Shopify (Bug Bounty) - XML External Entity Vulnerability Mark Litchfield (Feb 17)
Shopify suffered from an XXE attack within their online stores domain -
*.myshopify.com

They were extremely quick in confirming and fixing the issue (even
though it was a Sunday).

Full details with the usual screen shots can be found at
http://www.securatary.com

OWASP Xenotix XSS Exploit Framework V5 Released Ajin Abraham (Feb 13)
Hello,
Happy Valentines day wishes. I am glad to inform that, OWASP
Xenotix XSS Exploit Framework V5 is Released.

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site
Scripting (XSS) vulnerability detection and exploitation framework. It
provides Zero False Positive scan results with its unique Triple
Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is
claimed to have the world's 2nd largest XSS Payloads of...

Ebay, Inc Bug Bounty - GoStoreGo Administrative Authentication Bypass to all online stores Mark Litchfield (Feb 12)
This attack allowed for a cross store (so essentially unauthenticated,
as we have not authenticated to our target store) privilege escalation
attack creating an administrative user on any *.gostorego.com store.

As indicated by their own website, there are over 200,000 active
stores.This attack allows access to 200,000 x Customers x data = Y.Due
to the nature of the attack, it would trivial to automate an attack that
would give us an...

International Journal of Distributed Sensor Networks (IF 0.727): Special Issue on Research Advances in Security and Privacy for Smart Cities Georgios Kambourakis (Feb 10)
[My apologies if you receive multiple copies of this message.]

Call for articles for International Journal of Distributed Sensor
Networks (IF 0.727)

Special Issue on
Research Advances in Security and Privacy for Smart Cities

http://www.hindawi.com/journals/ijdsn/si/239803/cfp/

Security for smart cities is considered to embrace both urban security
subsystems and infrastructure security ones. So, while urban security
and privacy are mostly...

Damn Vulnerable IOS App v1.0 launched Prateek Gianchandani (Feb 05)
Hi All,

It gives me great pleasure to announce v1.0 of Damn Vulnerable IOS =

Application http://damnvulnerableiosapp.com

Damn Vulnerable IOS App (DVIA) is an IOS application that is damn =

vulnerable. Its main goal is to provide a platform to mobile security =

enthusiasts/professionals or students to test their IOS penetration =

testing skills in a legal environment. This application covers all the =

common vulnerabilities found in IOS...

SmarterMail All Versions - Stealing other Users Emails Mark Litchfield (Feb 04)
This attack allows an authenticated SmarterMail user to read other users
emails.

I tried to contact Smartmail with the usual security email aliases,
apparently they do not have any. I posted to their forum for a contact
and all I got was an email stating check you are running the latest
version then if you like please contact us at sales () smartertools com

I personally do not want to run around here and there on my own time.
Maybe they...

RE: Smarter Mail All Versions - Privilege Escalation Martin O'Neal (Feb 04)
Hi Mark,

These probably don't need to be cross posted to all the lists. How about jut keeping it to bugtraq where most people
drop their vulns?

Martin...

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

Smarter Mail All Versions - Privilege Escalation Mark Litchfield (Feb 04)
This attack will allow a regular SmarterMail user to elevate their
privileges to Domain Administrator.

I tried to contact Smartmail with the usual security email aliases,
apparently they do not have any. I posted to their forum for a contact
and all I got was an email stating check you are running the latest
version then if you like please contact us at sales () smartertools com

I personally do not want to run around here and there on my...

Ektron CMS TakeOver Part (2) - PaylPal-Forward.com demonstration Mark Litchfield (Feb 03)
As previously stated, I would post an update for Ektron CMS bypassing
the security fix.

A full step by step with the usual screen shots can be found at -
http://www.securatary.com/vulnerabilities

In this example, we use www.paypal-forward.com as a demonstration site.
I would like to say that PayPal fixed this issue with their own
workaround extremely quickly. Excellent work by their security / dev team.

All the best

Mark Litchfield...

Ektron CMS Take Over - Hijacking Accounts Mark Litchfield (Feb 01)
I have detailed a vulnerability within Ektron CMS that allows an
unauthenticated user to hijack any account. The clear targets of choice
for this CMS would be the builtin or admin account.

Whilst I found this issue back in 2012, it appears that around 65% are
still vulnerable and should be patching their systems. I did notify
Ektron about this and I know a patch was made, but I did not bother
releasing an advisory. Why now... Way to...

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

Science of Security dan (Mar 18)
[ The deadline draws nigh --dan ]

http://www.nsa.gov/public_info/press_room/2013/2013_best_cybersecurity_paper_competition.shtml

The National Security Agency is seeking nominations for the 2013 Annual
Best Scientific Cybersecurity Paper Competition. The competition is for
scientific papers that were published between October 1, 2012, and
December 31, 2013, and that show an outstanding contribution to
cybersecurity science. Deadline for...

Re: causus belli Arrigo Triulzi (Mar 14)
You are something like two weeks late? We have been making fun of Kaspy on Twitter for ages about them blaming VUPEN
for everything. I believe we had conclusively proven that the APT was from Andorra due to the sophisticated Spanish
and French "styles" combo.

Poor little Kaspy is all sad because VUPEN did Chrome in at pwn2own without even using Flash so there goes his excuse
for 2014.

Arrigo "because VUPEN"

causus belli Dave Aitel (Mar 14)
So I enjoyed very much the latest post from Kaspersky's Securelist.
<https://www.securelist.com/en/blog/8191/Agent_btz_a_source_of_inspiration>
In it they managed to attempt to say that the latest Russian trojan to
be caught was just a worm not targeted at the US AT ALL, and hey, let's
see if we can connect it to various other country's trojans in any way
with a super misleading diagram? I love the blue arrows for "no...

Re: APT David Maynor (Mar 14)
I'm kinda sad no mentioned Mr. Bejtlich's example from Air Force history.
In support if his point he mentions the Air Force became focused on tools
and tactics at the cost of strategic thinking.

He stopped there because the example fits his point. Dave and other
offensive firms are the tools and tactics focused crowd and lack the
strategic understanding he has as network a network defender.

Continuing forward in Air Force history a...

Request for Information (RFI): Cyber Attack Data dan (Mar 14)
http://www.iarpa.gov/RFI/rfi_cad.html

Synopsis

Request for Information (RFI): Cyber Attack Data

The Intelligence Advanced Research Projects Activity (IARPA) is seeking
information on data sources for evaluation of cyber attack detection
tools and methods. This request for information (RFI) is issued solely
for information gathering and planning purposes; this RFI does not
constitute a formal solicitation for proposals. The following sections...

Re: APT Moses Hernandez (Mar 12)
Something caught my eye:

"He emphasizes the role of encryption to defeat many defensive tools, but
ignores that security and information technology architects regularly
make deployment decisions to provide visibility in the presence of
encryption."

Meta Data matters, even just the patterns that are used in transmitting
data could matter. There potentially could even be signature matching on
protocols like voip that could give...

Re: APT Brett Watson (Mar 12)
Indeed, a little disappointing. I think in the same position, I would have taken the stance of, “To add to what Dave
said in his post, I would say you might also consider <insert Richard’s opinions here>.” He kind of through Dave under
the bus, which was certainly not called for. We’re all in this together in the security field, from my perspective.

-b

Re: APT Andreas Lindh (Mar 11)
As a defender working in the *real* world, I have to say that it sounds like a lot of what Richard is saying comes from
a somewhat utopic view of what playing defense is really like and I’d like to counter some of his statements.

"He emphasizes the role of encryption to defeat many defensive tools, but ignores that security and information
technology architects regularly make deployment decisions to provide visibility in the presence...

Re: APT Wim Remes (Mar 11)
Lieutenant-General Van Riper agrees :
http://en.wikipedia.org/wiki/Millennium_Challenge_2002

"[The Red Force, led by Van Riper] adopted an
asymmetric<http://en.wikipedia.org/wiki/Asymmetric_warfare> strategy,
in particular, using old methods to evade Blue's sophisticated electronic
surveillance <http://en.wikipedia.org/wiki/Surveillance> network. Van Riper
used motorcycle <http://en.wikipedia.org/wiki/Motorcycle...

Re: APT Justin Seitz (Mar 11)
Weird I couldn't see Richard's response through all the marketing for
his products and books. Must have been the thick cloud of big data APT
threat intelligence in the way.

I guess I also find it funny that there are a number of defense folks
who love to use/paraphrase this statement Richard makes:

"First, I recognized that it's written by someone who is not responsible
for defending any network of scale or...

Re: APT J. Oquendo (Mar 11)
"I never read any treatises on strategy... When we fight,
we do not take any books with us." Mao Tse-Tung

Working in an MSP/MSSP I *have* deployed defenses, working
in the malware analysis arena, I *know* about encryption
tactics used by bad actors, performing network analysis
functions for over 14 years (http://seclists.org/incidents/2000/Aug/278)
I think I can qualify myself to chip in my .02.

I will counter-argue some of Mr....

Re: APT toby (Mar 11)
I don't think that the "avoid all systems with HIPS" had anything to do
with being sufficiently advanced. That looked like a decision to avoid
complexity because the people following that decision tree weren't skilled
enough to handle attacking those systems and the default toolset wasn't
designed to handle evasion on those systems.

I have no doubt that the NSA has all the tools necessary to exploit or
evade HIPS but...

APT Dave Aitel (Mar 11)
So the thing about being advanced enough is that you don't really have
to be persistent in any normal sense of the word. Nobody has pointed out
how the first stage of the NSA shellcode (as leaked by "backgrounded by
the Constitution and definitely not at all a narcissist" Snowden) just
avoids executing anything on systems protected by HIPS. Imagine if you
were so good at your job you could ignore targets you already had
execution...

NotSoSecure CTF [April 18th to 20th 2014] Sumit Siddharth (Mar 11)
Hello all,

After the huge success of our first CTF, I am pleased to announce that we
will be hosting the 2nd public CTF in April.
More details and registration page can be found here:
http://ctf.notsosecure.com/

Happy Hacking!

Sid
NotSoSecure Limited,
http://www.notsosecure.com
twitter: @notsosecure
---
Upcoming NotSoSecure events:
Black Hat 2014, Las Vegas:
http://blackhat.com/us-14/training/the-art-of-exploiting-injection-flaws.htm
l

Give it a WHRL: Web Hacking Language Review Alex McGeorge (Mar 06)
Hello again List,

Web application vulnerabilities like padding oracle can be difficult to
get a handle on. This is doubly true if you're struggling with some of
the underlying concepts and languages in use. We've decided to address
this by providing a whole day to review: HTTP Protocol, Linux command
line fundamentals, Python 2.X programming, JavaScript and MySQL queries.
This knowledge directly supports the things you learn in the web...

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

[Security Weekly] monitoring google index George Moore (Mar 12)
Greetings,
Indiana University recently disclosed a breach where SSN among other things appeared on search engines such as google.

I was wondering if anyone had a recommendation on how to monitor search engine indexes. Ideally I would like email when
new pages appear for a queries like:

site:mydomain.com FTP
site:mydomain.com ssn
site:mydomain.com filetype:xls password

I recall google alerts doing this years ago but it looks like they took...

Re: [Security Weekly] Computer inventory software Tyler Robinson (Mar 10)
We have used metalan from hammersoftware its pretty good, we also have
spent a lot of time for several clients using spiceworks the community and
dev on it keeps getting better and supports multiple remote sites now so
its getting to be really applicable.

Re: [Security Weekly] Re-Branding Daniel Jorge (Mar 10)
Hey guys,

I've been working on an Android app to exchange secure SMS.
If you can, try it out!

Here the link for the Google Play store page:
https://play.google.com/store/apps/details?id=pt.danielf.ssmsafe

Daniel

2014-01-22 16:23 GMT+00:00 Robin Wood <robin () digininja org>:

Re: [Security Weekly] Computer inventory software Tim Krabec (Mar 08)
Looks cool

Re: [Security Weekly] Computer inventory software Zate (Mar 08)
Another vote here for LanSweeper.

Zate

Re: [Security Weekly] Computer inventory software Aaron (Mar 08)
Yep, second the recommendation for LanSweeper. I've used others and like it
the best (for a reasonably priced software). Spiceworks is okay and if you
really want to put some work into it, Glpi + OCS works pretty well too.

Aaron

Re: [Security Weekly] Small Business Design - Security from Day 0 Jamil Ben Alluch (Mar 08)
Hello,

It all depends on the requirements and priorities of the company - There
isn't one single way to design a SMB network.

The first consideration I would take into account is budget: the reason why
I pick this first is that designing a network with expensive equipment from
the get go is pointless if they don't have the money for it - you can
design the best network in the world, but if it going to cost 100 grand to
the SMB, it...

Re: [Security Weekly] Computer inventory software Andrew Todd (Mar 08)
Tumblr open-sourced their Collins tool a while back:

http://tumblr.github.io/collins/

Re: [Security Weekly] Computer inventory software Tim Krabec (Mar 04)
We're looking for something very very light weight, we're probably going to
do an in house web form + db.
then we can do simple reports

Tim Krabec
tkrabec.com
Bio

[Security Weekly] Small Business Design - Security from Day 0 systmkor (Mar 04)
Dear All,

If tomorrow you were given a small programming/hardware startup network to architect, with a couple of months before it
would be built, how would you architect it? What would be your priority list of things to do? What key software,
processes, policies, or services would you utilize. I understand this is a big question but any reply would be
appreciated.

systmkor

Re: [Security Weekly] Multiple video box Robin Wood (Feb 28)
I've already got one of those which is part of the problem, it works
fine in Windows and I can drive all three desktop screens and laptop
screen but the Linux X drivers are a bit flaky and for some reason get
unloaded as soon as the Intel drivers load. It is a known issue so I'm
trying to ditch it and merge all three screens so I can drive them off
the internal card.

Robin

Re: [Security Weekly] Computer inventory software gold flake (Feb 28)
You may also like to take a look at Symantec's Altiris Suite of IT
Management as long as you are looking at paid stuff.

Re: [Security Weekly] Computer inventory software Moses Hernandez (Feb 28)
Tim,
Haven’t spoken in a bit, been traveling and the like. We’ve had many conversations about tools like ‘puppet’, ‘chef’,
PowerShell ‘DSC’, and now Ansible. I would say that if you have already deployed one of these tools you can use that as
your CMDB source. For example if you had puppet enterprise you would have a CMDB already, or if you had Puppet
OpenSource you could use PuppetDB to start building your own CMDB. PuppetDB...

Re: [Security Weekly] Security Cameras Moses Hernandez (Feb 27)
I've heard good things about dropcam.

Re: [Security Weekly] Security Cameras njarendt tds.net (Feb 27)
Call me put one in our house and deal with security systems design.
608.345.1412

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

Microsoft Security Advisory Notification Microsoft (Mar 11)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: March 11, 2014
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (2755801)
- Title: Update for Vulnerabilities in Adobe Flash Player
in Internet Explorer
-...

Microsoft Security Bulletin Summary for March 2014 Microsoft (Mar 11)
********************************************************************
Microsoft Security Bulletin Summary for March 2014
Issued: March 11, 2014
********************************************************************

This bulletin summary lists security bulletins released for
March 2014.

The full version of the Microsoft Security Bulletin Summary for
March 2014 can be found at
https://technet.microsoft.com/security/bulletin/ms14-mar.

With the...

Microsoft Security Bulletin Advance Notification for March 2014 Microsoft (Mar 06)
********************************************************************
Microsoft Security Bulletin Advance Notification for March 2014
Issued: March 6, 2014
********************************************************************

This is an advance notification of security bulletins that
Microsoft is intending to release on March 11, 2014.

The full version of the Microsoft Security Bulletin Advance
Notification for March 2014 can be found at...

Microsoft Security Advisory Notification Microsoft (Feb 28)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: February 28, 2014
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (2862152)
- Title: Vulnerability in DirectAccess and IPsec Could Allow
Security Feature Bypass
-...

Microsoft Security Bulletin Minor Revisions Microsoft (Feb 28)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: February 28, 2014
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS13-090
* MS13-095
* MS13-098
* MS14-005
* MS14-007
* MS14-009

Bulletin Information:...

Microsoft Security Advisory Notification Microsoft (Feb 27)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: February 27, 2014
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (2871690)
- Title: Update to Revoke Non-compliant UEFI Modules
-...

Microsoft Security Advisory Notification Microsoft (Feb 20)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: February 20, 2014
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (2755801)
- Title: Update for Vulnerabilities in Adobe Flash Player in
Internet Explorer
-...

Microsoft Security Advisory Notification Microsoft (Feb 19)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: February 19, 2014
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (2934088)
- Title: Vulnerability in Internet Explorer Could Allow Remote
Code Execution
-...

Microsoft Security Bulletin Minor Revisions Microsoft (Feb 13)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: February 13, 2014
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS14-feb

Bulletin Information:
=====================

* MS14-feb

-...

Microsoft Security Bulletin Minor Revisions Microsoft (Feb 13)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: February 12, 2014
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS14-feb

Bulletin Information:
=====================

* MS14-feb

-...

Microsoft Security Bulletin Summary for February 2014 Microsoft (Feb 11)
********************************************************************
Microsoft Security Bulletin Summary for February 2014
Issued: February 11, 2014
********************************************************************

This bulletin summary lists security bulletins released for
February 2014.

The full version of the Microsoft Security Bulletin Summary for
February 2014 can be found at
https://technet.microsoft.com/security/bulletin/ms14-feb....

Microsoft Security Advisory Notification Microsoft (Feb 11)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: February 11, 2014
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (2862973)
- Title: Update for Deprecation of MD5 Hashing Algorithm for
Microsoft Root Certificate Program...

Microsoft Security Bulletin Advance Notification for February 2014 Microsoft (Feb 10)
********************************************************************
Microsoft Security Bulletin Advance Notification for February 2014
Issued: February 10, 2014
********************************************************************

This is a revised advance notification of security bulletins that
Microsoft is intending to release on February 11, 2014. This version
replaces the advance notification originally issued on Thursday,
February 6, 2014....

Microsoft Security Bulletin Advance Notification for February 2014 Microsoft (Feb 06)
********************************************************************
Microsoft Security Bulletin Advance Notification for February 2014
Issued: February 6, 2014
********************************************************************

This is an advance notification of security bulletins that
Microsoft is intending to release on February 11, 2014.

The full version of the Microsoft Security Bulletin Advance
Notification for February 2014 can be...

Microsoft Security Advisory Notification Microsoft (Feb 04)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: February 4, 2014
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (2755801)
- Title: Update for Vulnerabilities in Adobe Flash Player in
Internet Explorer
-...

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

Never change your password when angry ... Rob, grandpa of Ryan, Trevor, Devon & Hannah (Mar 18)
http://safr.kingfeatures.com/idn/ck2/content.php?file=aHR0cDovL3NhZnIua2luZ2
ZlYXR1cmVzLmNvbS9aaXRzLzIwMTQvMDMvWml0cy4yMDE0MDMxM183N
jAuZ2lm

or

http://is.gd/Hy7MGW

(Then again, most of those words wouldn't be in the dictionary ...)

====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
Good, fast, cheap: pick two...

Re: Steering wheel camera 'detects angry drivers' Blanchard, Michael (InfoSec) (Mar 17)
I can see the future....

Driver got bad news and is pissed off....
Car automatically limits itself to 30 MPH top speed
<automated voice>
"... Driver 4958203, I've detected you're in an emotional state, please correct this condition..."
"... until this condition is corrected, your vehicle will be limited to 30 MPH..."

Isn't that the definition of Big Brother... oh geeze!

Michael P. Blanchard
Principal...

Steering wheel camera 'detects angry drivers' Rob, grandpa of Ryan, Trevor, Devon & Hannah (Mar 14)
http://www.bbc.com/news/technology-26549273

OK, when can we get it for Webcams and keyboards?

====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
Whoever walks in integrity walks securely, but whoever follows
perverse ways will be found out. - Proverbs 10:9
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links...

Re: MH370 Martin Hepworth (Mar 14)
The engines talk to Rolls Royce in the UK - take a look at the youtube "how
to build a jet engine" for some good info on this

Also reports in the uk havent shown any extra data since radar contact was
list

Martin

Server Name Indicator - feaure in 2014? (Or bug if its not present?) Jeffrey Walton (Mar 14)
I was reading through http://hg.python.org/cpython/rev/846c0e1342d0/,
and wanted to get some feed back...

I'm using Debian 7.3 (fully patched). I struggled trying to get SNI to
work for a few hours and finally came across the patch above. It seems
that Debian provides Python 2, and the Python folks did not backport
to Python 2 in 2010 because they considered it a feature.

Should lack of SNI support in 2014 be considered a security bug?

MH370 Rob, grandpa of Ryan, Trevor, Devon & Hannah (Mar 13)
(In honour of all those of our ilk who manage to generate panic at the slightest
sign of a possible, potential threat ...)

(I'm at CanSecWest, and some of the talks are getting pretty far out there ...)

In the shifting worries about the loss of flight MH370, one fact is getting
lost.

American authorities have information that MH370 flew on for several hours,
even after radio, radar, and transponder access was lost. This is because the...

Mark Zuckerberg 'confused and frustrated' by US spying Rob, grandpa of Ryan, Trevor, Devon & Hannah (Mar 13)
http://www.bbc.com/news/technology-26571018

Does anyone else find this the least bit ironic?

http://www.pinterest.com/pin/33917803416956320/

====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
The pessimist sees difficulty in every opportunity, an optimist
sees the opportunity in every difficulty. - Winston Churchill...

CarolinaCon-10 - May 2014 - FINAL ANNOUNCEMENT Vic Vandal (Mar 13)
CarolinaCon-10 will be held on May 16th-18th, 2014 in Raleigh NC. For the cheap price of your average movie admission
with popcorn and a drink ($20) YOU could get a full weekend of talks, hacks, contests, and parties.

We've selected as many presentations as we can fit into the lineup. Here they are, in no particular order:

- Bypassing EMET 4.1 - Jared DeMott
- Password Cracking for noobs - smrk3r
- AV Evasion with the Veil Framework -...

CIA accused of spying on U.S. Senate Jeffrey Walton (Mar 13)
Oh, the irony.... Its OK for the US government to spy on US citizens,
and citizens across the world. But the the US senate cries foul when
they are spied upon....

http://www.reuters.com/article/2014/03/11/us-usa-cia-interrogations-idUSBREA2A0XY20140311

Re: license plate scanners as deployed by the repo industry Silent1 (Mar 06)
This is happening on a massive scale in England too, repo companies buy ANPR
equipment, fit it to their vans and have a database of cars they are looking
for.
Some of them also do work for the police and are given access to the
government registration database so they can go looking for cars without
road tax, this has led to abuse of the data and the companies illegally
retaining it to augment their own data and then selling it on to other repo...

license plate scanners as deployed by the repo industry Jerry (Mar 06)
http://betaboston.com/news/2014/03/05/a-vast-hidden-surveillance-network-runs-across-america-powered-by-the-repo-industry/

I am curious who the company in Texas is that appears to be consolidating much
of the data?

Jerry

We can't tell you how invasive we are because we promised not to ... Rob, grandpa of Ryan, Trevor, Devon & Hannah (Mar 04)
http://arstechnica.com/tech-policy/2014/03/police-hid-use-of-cell-phone-tracking-
device-from-judge-because-of-nda/

====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
Santorum knows in his heart that elderly Dutch people are
routinely euthanized against their will by doctors. He believes
this to be true, no matter what the elite media tries to tell...

TSA agents demand bag-search to look for "Bitcoins" Rob, grandpa of Ryan, Trevor, Devon & Hannah (Mar 02)
http://boingboing.net/2014/03/01/tsa-agents-propose-secondary-s.html

It is to weep ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
She is trying that rarest of all strategies, telling the truth,
and making it sound plausible. - `Wicked'
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links...

Once hacked is an accident, twice hacked is a coincidence, three times ... Rob, grandpa of Ryan, Trevor, Devon & Hannah (Feb 26)
So, from now on, when we see CEH on a resume, do we throw it away?

====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
Pravda ne isvestia i isvestia ne pravda!
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade

Facebook irony? Rob, grandpa of Ryan, Trevor, Devon & Hannah (Feb 25)
Two items showed up in my Twitter feed, one after the other, from BBC news.

First:
Zuckerberg's plan to widen web access
https://twitter.com/BBCTech/status/438092725003771904
http://www.bbc.co.uk/news/technology-26330023
(BBC video links generally do work pretty much anywhere ...)

Second:
Facebook quietly ends email service
https://twitter.com/BBCTech/status/438092727339999232
http://www.bbc.co.uk/news/technology-26332191

(Actually,...

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

Alert - Upcoming Mail Delivery Changes US-CERT Alerts (May 10)
National Cyber Awareness System
US-CERT Alert - Upcoming Mail Delivery Changes

Thank you for being a subscriber to our US-CERT Alerts product. We
are striving to keep our capabilities at the leading edge of
communication. You may have noticed we've redesigned and upgraded our
website recently and as a part of that process, on May 14th, we are
migrating to GovDelivery as our email subscription service. As a
current subscriber you will...

Current Activity - Upcoming Mail Delivery Changes Current Activity (May 10)
National Cyber Awareness System

Thank you for being a subscriber to our US-CERT Current Activity
product. We are striving to keep our capabilities at the leading edge
of communication. You may have noticed we've redesigned and upgraded
our website recently and as a part of that process, on May 14th, we
are migrating to GovDelivery as our email subscription service. As a
current subscriber you will need to do nothing. You will notice a...

Current Activity - Microsoft Releases Advance Notification for May 2013 Security Bulletin Current Activity (May 09)
National Cyber Awareness System
Microsoft Releases Advance Notification for May 2013 Security Bulletin

Original release date: May 09, 2013

Microsoft has issued a Security Bulletin Advanced Notification
indicating that its May release will contain 10 bulletins. These
bulletins will have the severity rating of critical and important and
will be for Microsoft Windows, Office, Internet Explorer, .NET
Framework, Lync, and Windows Essentials. These...

Current Activity - Adobe Releases Security Advisory for ColdFusion Current Activity (May 09)
National Cyber Awareness System
Adobe Releases Security Advisory for ColdFusion

Original release date: May 09, 2013

Adobe has identified a critical vulnerability affecting ColdFusion 10,
9.0.2, 9.0.1, 9.0, and earlier versions for Windows, Macintosh, and
UNIX. This vulnerability (CVE-2013-3336) could permit an unauthorized
user to remotely retrieve files stored on a server. There are reports
that an exploit of this vulnerability is publicly...

Current Activity - Microsoft Releases Security Advisory for Internet Explorer Current Activity (May 07)
National Cyber Awareness System
Microsoft Releases Security Advisory for Internet Explorer

Original release date: May 07, 2013

Microsoft is investigating public reports of a remote code execution
vulnerability in Internet Explorer 8 and is aware of attacks that
attempt to exploit this vulnerability. This vulnerability may allow an
attacker to execute arbitrary code if a user accesses a specially
crafted website. Microsoft is actively working...

Current Activity - Cisco Releases Security Advisories Current Activity (Apr 25)
National Cyber Awareness System
Cisco Releases Security Advisories

Original release date: April 25, 2013

Cisco has released three security advisories to address vulnerabilities
affecting Cisco NX-OS-based products, Cisco Device Manager, and Cisco
Unified Computing System. These vulnerabilities may allow an attacker to
bypass authentication controls, execute arbitrary code, obtain sensitive
information, or cause a denial-of-service condition....

Current Activity - Apple Releases Security Updates for Safari Current Activity (Apr 18)
National Cyber Awareness System
Apple Releases Security Updates for Safari

Original release date: April 18, 2013

Apple has released security updates for Safari 6.0.4 WebKit to address
multiple vulnerabilities. These vulnerabilities could allow a remote
attacker to execute arbitrary code or cause a denial-of-service
condition.

Safari 6.0.4 WebKit updates are available for the following versions:
* OS X Lion v10.7.5
* OS X Lion Server v10.7.5...

Alert TA13-107A: Oracle has released multiple updates for Java SE US-CERT Alerts (Apr 18)
National Cyber Awareness System
TA13-107A: Oracle has released multiple updates for Java SE

Original release date: April 17, 2013

Systems Affected

* JDK and JRE 7 Update 17 and earlier
* JDK and JRE 6 Update 43 and earlier
* JDK and JRE 5.0 Update 41 and earlier
* JavaFX 2.2.7 and earlier

Overview

Oracle has released a Critical Patch Update (CPU) for Java SE. Oracle
strongly recommends that customers apply CPU fixes as soon as possible....

Current Activity - Scams Exploiting Boston Marathon Explosion Current Activity (Apr 17)
National Cyber Awareness System
Scams Exploiting Boston Marathon Explosion

Original release date: April 17, 2013

Malicious actors are exploiting the April 15 explosions at the Boston
Marathon in attempts to collect money intended for charities and to
spread malicious code. Fake websites and social networking accounts have
been set up to take advantage of those interested in learning more
details about the explosions or looking to contribute to...

Current Activity - Malicious Actors May Take Advantage of Boston Marathon Explosion Current Activity (Apr 17)
National Cyber Awareness System
Malicious Actors May Take Advantage of Boston Marathon Explosion

Original release date: April 17, 2013

Historically, scammers, spammers, and other malicious actors capitalize
on major news events by registering domain names related to the events.
Malicious actors may attempt to exploit the April 15, 2013 explosions at
the Boston Marathon in this way. Some may use fake domains to take
advantage of those interested...

Current Activity - Oracle Releases April 2013 Security Advisory Current Activity (Apr 17)
National Cyber Awareness System
Oracle Releases April 2013 Security Advisory

Original release date: April 17, 2013

Oracle has released its Critical Patch Update for April 2013 to address
128 vulnerabilities across multiple products. This update contains the
following security fixes:
* 4 for Oracle Database Server
* 29 for Oracle Fusion Middleware
* 6 for Oracle E-Business Suite
* 3 for Oracle Supply Chain Products Suite
* 11 for Oracle...

Current Activity - WordPress Sites Targeted by Mass Brute-force Botnet Attack Current Activity (Apr 15)
National Cyber Awareness System
WordPress Sites Targeted by Mass Brute-force Botnet Attack

Original release date: April 15, 2013

US-CERT is aware of an ongoing campaign targeting the content management
software WordPress, a free and open source blogging tool and web
publishing platform based on PHP and MySQL. All hosting providers
offering WordPress for web content management are potentially targets.
Hackers reportedly are utilizing over 90,000...

Current Activity - Microsoft Releases April 2013 Security Bulletin Current Activity (Apr 09)
National Cyber Awareness System
Microsoft Releases April 2013 Security Bulletin

Original release date: April 04, 2013 | Last revised: April 09, 2013

Microsoft has released updates to address vulnerabilities in Microsoft
Windows, Office, Internet Explorer, Server Software, and Security
Software as part of the Microsoft Security Bulletin summary for April
2013. These vulnerabilities could allow remote code execution, elevation
of privilege,...

Current Activity - Microsoft Releases Advance Notification for April 2013 Security Bulletin Current Activity (Apr 04)
National Cyber Awareness System
Microsoft Releases Advance Notification for April 2013 Security Bulletin

Original release date: April 04, 2013

Microsoft has issued a Security Bulletin Advance Notification indicating
that its April release will contain nine bulletins. These bulletins will
have the severity rating of critical and important and will be for
Microsoft Windows, Office, Internet Explorer, Server Software, and
Security Software. These...

Current Activity - Mozilla Releases Multiple Updates Current Activity (Apr 03)
National Cyber Awareness System
Mozilla Releases Multiple Updates

Original release date: April 03, 2013

The Mozilla Foundation has released updates to address multiple
vulnerabilities. These vulnerabilities could allow an attacker to
initiate a cross-site scripting attack or obtain sensitive information,
enable privilege escalation or execute arbitrary code, or cause a
denial-of-service condition.

Updates to the following products are...

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

Re: CVE Request: rack-ssl rubygem: XSS in error page cve-assign (Mar 19)
Use CVE-2014-2538.

The basis of this CVE assignment is that the rack-ssl product is
apparently accepting some level of responsibility for the behavior of
adapters. The commit message in 2013 wasn't really worded in the form
of a vulnerability-fix announcement. There's another interpretation in
which it would be categorized as security hardening to work around XSS
vulnerabilities in adapters. The commit message mentions jruby-rack....

Re: [OT] FD mailing list died. Time for new one gremlin (Mar 19)
> Hosting? That's what the cloud is for.

Not for any sensitive data. And vulnerability descriptions are very
sensitive...

> I have no idea who runs
> https://groups.google.com/group/FullDisclosure
> but they seem modeled after original fd charter.

Modelling a charter is easy... But I bet they'll fail on gathering
all previous FD members.

> I trust Google as a neutral third party more than I would trust
> most...

Re: [OT] FD mailing list died. Time for new one Georgi Guninski (Mar 19)
you MUST ask m$ for money or at least for a free game...

Re: [OT] FD mailing list died. Time for new one Georgi Guninski (Mar 19)
I claim it is true, if you don't believe it consider
consulting something better than the emacs doctor:

http://tools.ietf.org/html/draft-christey-wysopal-vuln-disclosure-00

Internet Engineering Task Force Steve Christey
INTERNET-DRAFT

**MITRE**

Valid for six months Chris Wysopal
Category: Best Current Practice @stake, Inc....

Re: [OT] FD mailing list died. Time for new one Chris Steipp (Mar 19)
It would be great to know something about what it took to host the old
list, if anyone knows. There are certainly existing organizations who run
large mailing lists, have lawyers to deal with takedowns, and believe in
free access to knowledge.

Or if anyone has seen another place where this is being discussed by the FD
community, I'd welcome a pointer.

Re: [OT] FD mailing list died. Time for new one Solar Designer (Mar 19)
Whether that is true or not, this has absolutely nothing to do with
whether the technical content of the "CVE request" messages and
follow-ups to them is valuable or not. I think it is valuable.

Also, if you're concerned of MITRE possibly providing non-public
vulnerability feeds to somewhere, that concern obviously does not apply
to the public CVE requests made on this list.

Regarding new FD:

I think it's reasonable to...

TigerVNC 1.3.1 fixes ZRLE decoding bounds checking issue Tomas Hoger (Mar 19)
Hi!

New release of TigerVNC fixes an issue with boundary checks in the ZRLE
decoding. Boundary checks existed in the code in form of assert()s,
which were removed in builds with NDEBUG defined. That is default for
release builds done by cmake, which is used by TigerVNC. This could
possibly allow malicious server to compromise vncviewer.

The same problem may affect related *VNC implementations if built with
NDEBUG.

CVE-2014-0011 was assigned...

Re: [OT] FD mailing list died. Time for new one Dean Pierce (Mar 19)
Also, just for kicks I created
https://groups.google.com/group/responsible-disclosure :-)

Will hand over mod privileges to any reasonably responsible group of
people with time to moderate such things.

- DEAN

Re: [OT] FD mailing list died. Time for new one Dean Pierce (Mar 19)
Hosting? That's what the cloud is for.

I have no idea who runs https://groups.google.com/group/FullDisclosure

but they seem modeled after original fd charter. I trust Google as a
neutral third party more than I would trust most security researchers.
They already host all the old newsgroup archives. It's also free,
easily consumable, and most importantly, babysat for security issues
in a way that even a team of skilled volunteers...

Re: [OT] FD mailing list died. Time for new one Georgi Guninski (Mar 19)
What is the number of email addresses who
posted on FD?

(to roughly estimate cost of hosting)

Re: [OT] FD mailing list died. Time for new one Georgi Guninski (Mar 19)
I am pretty sure someone () mitre was coauthor of the
"responsibility RFC" which shows whose servants
mitre are.

Is it reasonable to use a public service for the list --
outsourcing legal stuff?

Running a mirror/torrent is much easier than running
a mailing list, so even if stuff gets deleted it will
be in the mirrors.

Re: [OT] FD mailing list died. Time for new one Solar Designer (Mar 19)
Sure. Even though most threads in here mention CVE, they also contain
plenty of technical info that is desirable regardless of one's opinion
of CVE. So you could consider treating or ignoring your CVE allergy
(just skip the mentions of CVE, look at the rest of what the same
messages say), and then you might find the content in here useful and/or
worth commenting on (just except for the CVE aspects, which are
obviously not your type). ;-)...

Re: CVE request for a bug in gnu coreutils 8.22 Solar Designer (Mar 19)
I think you posted the same message a few days ago and got a reply
requesting more info:

http://www.openwall.com/lists/oss-security/2014/03/14/7

I guess maybe you're posting without being subscribed and this is why
you didn't see the reply? If so, please note for next time that you
should either be subscribed or clearly state that you are not.

Alexander

Re: [OT] FD mailing list died. Time for new one Georgi Guninski (Mar 19)
I suggested this about year ago:

http://seclists.org/fulldisclosure/2013/Mar/11

CVE request for a bug in gnu coreutils 8.22 Qixue Xiao (Mar 19)
I am not sure whether this needs a CVE.

this bug will result an illegal memory access, which may be leak
information without authority.

and the author had fixed it after my report.

please see:
http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16855

### Bug overview

shuf -er or shuf -eer [ segment fault]
impact [coreutils 8.22 ]

```
[15:03:59]xqx <at> server:~/data/xqx/projects/coreutils-8.22$
./obj-gcov/src/shuf -er
Segmentation...

Secure Coding — The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.

CFP: WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS - Deadline extension to March 5 Larry Koved (Mar 09)
WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS

IMPORTANT DATES
Paper submission deadline: March 5, 2014 (11:59pm US-PST)
Workshop acceptance notification date: March 29, 2014
Workshop date: Sunday, May 18, 2014
Workshop paper submission web site:
https://www.easychair.org/conferences/?conf=w2sp2014

W2SP brings together researchers, practitioners, web programmers, policy
makers, and others interested in the latest understanding...

CFP: Mobile Security Technologies (MoST) 2014 - Deadline extended to March 10 Larry Koved (Mar 09)
http://mostconf.org/2014/cfp.html

Mobile Security Technologies (MoST) 2014

co-located with
The 34th IEEE Symposium on Security and Privacy (IEEE S&P 2014)
an event of
The IEEE Computer Society's Security and Privacy Workshops (SPW 2014)

Mobile Security Technologies (MoST) brings together researchers,
practitioners, policy makers, and hardware and software developers of
mobile systems to explore the latest understanding and...

Silver Bullet 95: Charlie Miller Gary McGraw (Feb 28)
hi sc-l,

Greetings from RSA, where the show gets underway today. I hope to see some sc-l readers out here. (Come see us duing
the show https://www.cigital.com/blog/2014/01/rsa-2014/.)

Episode 95 of silver bullet features a conversation with Charie Miller, who now works at Twitter as a security
engineer. Charlie is well known for his spectacular Apple hacks. Lately, he has turned his attention to cars. We
talk about fuzzing, exploit...

CFP: Mobile Security Technologies (MoST) 2014 Larry Koved (Feb 19)
http://mostconf.org/2014/cfp.html

Mobile Security Technologies (MoST) 2014

co-located with
The 34th IEEE Symposium on Security and Privacy (IEEE S&P 2014)
an event of
The IEEE Computer Society's Security and Privacy Workshops (SPW 2014)

Mobile Security Technologies (MoST) brings together researchers,
practitioners, policy makers, and hardware and software developers of
mobile systems to explore the latest understanding and...

Final CFP: WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS Larry Koved (Feb 19)
WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS

IMPORTANT DATES
Paper submission deadline: February 26, 2014 (11:59pm US-PST)
Workshop acceptance notification date: March 29, 2014
Workshop date: Sunday, May 18, 2014
Workshop paper submission web site:
https://www.easychair.org/conferences/?conf=w2sp2014

W2SP brings together researchers, practitioners, web programmers, policy
makers, and others interested in the latest understanding...

FYI: OWASP CISO Survey Report 2013 Released Tobias (Feb 14)
Hello dear secure coding fellows,

just fyi: OWASP just released the OWASP CISO Survey Report 2013 Version
1.0 <https://www.owasp.org/index.php/OWASP_CISO_Survey>.
/Among application security stakeholders, Chief Information Security
Officers (CISOs),are responsible for application security from
governance, compliance and risk perspectives. The OWASP CISO Survey
provides tactical intelligence about security risks and best practices
to help...

FYI: OWASP AppSec Europe 2014 - Call For Papers - submission deadline Mar-21 Tobias (Feb 14)
Hello dear secure coding fellows,

fyi: we just opened the Call for Papers for the upcoming OWASP AppSec
Europe in Cambridge in June 2014.
Closing deadline: March 21st
Please be invited to submit your papers, presentations, research papers
and training proposals.
https://2014.appsec.eu/call-for-training-call-for-papers-january/

Best regards, Tobias

CFP: WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS Larry Koved (Feb 13)
2 weeks until the submission deadline

WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS

IMPORTANT DATES
Paper submission deadline: February 26, 2014 (11:59pm US-PST)
Workshop acceptance notification date: March 29, 2014
Workshop date: Sunday, May 18, 2014
Workshop paper submission web site:
https://www.easychair.org/conferences/?conf=w2sp2014

W2SP brings together researchers, practitioners, web programmers, policy
makers, and others...

IR/Application Security Tom Brennan - OWASP (Feb 10)
In this episode Karl Sigler sit's down with Grayson Lenik, a forensic expert for Trustwave SpiderLabs. We talk about
Point-of-Sale malware, including common web application security attack vectors as well as remediation steps to help
protect businesses using POS systems.

http://blog.spiderlabs.com/2014/01/spiderlabs-radio-january-23-2014.html

Enjoy!

CFP: WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS - February 26 submission deadline Larry Koved (Feb 08)
WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS

IMPORTANT DATES
Paper submission deadline: February 26, 2014 (11:59pm US-PST)
Workshop acceptance notification date: March 29, 2014
Workshop date: Sunday, May 18, 2014
Workshop paper submission web site:
https://www.easychair.org/conferences/?conf=w2sp2014

W2SP brings together researchers, practitioners, web programmers, policy
makers, and others interested in the latest understanding...

CFP: Mobile Security Technologies (MoST) 2014 - March 3 submission deadline Larry Koved (Feb 08)
http://mostconf.org/2014/cfp.html

Mobile Security Technologies (MoST) 2014

co-located with
The 34th IEEE Symposium on Security and Privacy (IEEE S&P 2014)
an event of
The IEEE Computer Society's Security and Privacy Workshops (SPW 2014)

Mobile Security Technologies (MoST) brings together researchers,
practitioners, policy makers, and hardware and software developers of
mobile systems to explore the latest understanding and...

Cfp: IEEE S&P Workshop on Cyber Crime 2014 wmazurczyk (Feb 08)
Dear Collegues,
Please consider submitting papers to IWCC (International Workshop on Cyber Crime) 2014 which is is part of the IEEE CS
Security & Privacy Workshops (SPW 2014), an event of the IEEE CS Technical Committee on Security and Privacy and
like last year will be co-located with IEEE S&P 2014 in the Fairmont Hotel, San Jose, CA, USA, May 17-18, 2014.

CALL FOR PAPERS - deadline in 6 days!

Submission page:...

Silver Bullet 94: Ming Chow (Tufts) Gary McGraw (Feb 03)
hi sc-l,

Episode 94 (in a row) of Silver Bullet features a conversation with Ming Chow, a developer who got interested in
security and accidentally became a software security guy teaching at Tufts. We talk about that. We talk about
exploiting online games (and using that as a teaching mechanism). And mostly we wonder how to get real developers more
interested in software security. Have a listen:...

SearchSecurity: Scaling Automated Code Review Gary McGraw (Jan 29)
hi sc-l,

The latest monthy SearchSecurity article was co-authored with Jim Routh, CSO of Aetna. What Jim is doing for his fifth
(!!) software security initiative is very interesting. So interesting that we decided to write about it.

In particular pay attention to Jim's use of a light weight IDE-based static analysis tool. This is important for two
reasons: 1) because it runs on all dev desktops (and thus scales) and 2) because it...

CFP: WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS Larry Koved (Jan 27)
WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS

IMPORTANT DATES
Paper submission deadline: February 26, 2014 (11:59pm US-PST)
Workshop acceptance notification date: March 29, 2014
Workshop date: Sunday, May 18, 2014
Workshop paper submission web site:
https://www.easychair.org/conferences/?conf=w2sp2014

W2SP brings together researchers, practitioners, web programmers, policy
makers, and others interested in the latest understanding...

Educause Security Discussion — Securing networks and computers in an academic environment.

Re: Palo Alto Firewalls Chris Golden (Mar 19)
We are using OSPF on the PAN 5020’s but not BGP. We have some Brocade CER’s for that.

-Chris

From: Peter Setlak <psetlak () COLGATE EDU<mailto:psetlak () COLGATE EDU>>
Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY ()
LISTSERV EDUCAUSE EDU>>
Date: Tuesday, March 18, 2014 at 10:44 AM
To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY ()...

Re: Palo Alto Firewalls Peter Setlak (Mar 18)
It was suggested to us by the sales Engineer that while the Palo Alto CAN
do BGP, it should not be used for it as it is not built to handle a large
convergence. We use separate edge routers built for BGP which gives us the
performance we want and some added protection, for instance, ACLs on
certain subnets that can keep some traffic from ever hitting the PA in the
first place.

Student Account Questions Thomas Carter (Mar 18)
I'm reviewing our processes related to student accounts and when and how they are created. I've created a quick survey
here:
https://www.surveymonkey.com/s/NHPVH87
and would appreciate any input you can provide. I will give a summary of the answers to the list.

Thomas Carter
Network and Operations Manager
Austin College
903-813-2564
[cid:image001.gif@01CF428D.3C1F4D20]

Re: Palo Alto Firewalls Dan Brisson (Mar 18)
+1

-dan

Dan Brisson
Network Engineer
University of Vermont

Re: Palo Alto Firewalls Bradley, Stephen (Mar 18)
I learned a long time ago that you let a box do what it does best. If you
want routing use a router.

One of the best things we did after I got here was to move our BGP out to
real routers, not big switches that "can" route or firewalls that "can"
route but to devices that do what they do best.

Just my opinion though YMMV.

steve

(We do have PANs and no, they do not route.)

Re: Palo Alto Firewalls Jeremiah Cherwien (Mar 18)
Not looking to hijack this thread, but have any of you running the Palo's
used the BGP feature?

We're mid implementation with a 3020, and the last slated item is to enable
BGP on the Palo to take the place of several linux boxes that are running
Quagga (Our routers). Seeing this thread makes me wonder the wisdom in
this, so I'm curious for other's thoughts/results.

Miah

Re: Palo Alto Firewalls Aaron Smith (Mar 18)
A very timely question. We just last week went live on a pair of 5020's.

1.) How many Palo Alto Firewalls did you purchase?

Two Palo Alto 5020's replacing an aging pair of Cisco ASA 5550's.

2.) If you purchased just one, what do you have in place in case of a failure?
3.) If you purchased two for failover capability, are you using them active active, or active passive?

Active/passive.

4.) If you advertise or use...

Re: Palo Alto Firewalls King, Ronald A. (Mar 18)
1.) How many Palo Alto Firewalls did you purchase? - We purchased 2
5060s last quarter of 2012.

2.) If you purchased just one, what do you have in place in case of a
failure? - I don't know if we ever considered just one. We had a pair of
Cisco ASAs, so, a pair was considered from the start. I will say that a
pair has been quite a benefit when other gear fails and/or for PANOS
upgrades. If you need the nines, a pair is a must. If...

Re: Palo Alto Firewalls Will Froning (Mar 18)
Hello Shayne,

These PA questions come up a lot, if you haven't checked the archives
you might find some gems. I've also CC'd the Palo Alto Network's EDU
list that was created a couple years back.

We have a pair of 4050s and 5060s. We are looking to upgrade the 4050s
as they are 5 years old.

We always go for a pair.

Active-Passive. We've considered going active-active (A-A), but there's
always a fear it will...

Re: Palo Alto Firewalls Nathaniel Hall (Mar 18)
Shayne,

I previously worked as a consultant for a Palo Alto vendor and in
education, so I understand your battle between money and redundancy.
That said, I have a few comments.

If you need 99.999% uptime, I would not recommend *any* solution without
a failover device. Sometimes you have to reboot a device. If you need to
perform a device upgrade, your 99.999% uptime is shot because it takes
longer than 5 minutes to boot. Get the failover...

Palo Alto Firewalls T. Shayne Ghere (Mar 18)
Hello,

I'm just putting this out there as a question for those that use the Palo
Alto PA-5050 (or 5020) firewall appliance. We have been a complete Cisco
shop since before I started 16 years ago, but times are changing and other
solutions are being looked at. Right now we have two Cisco Firewall
Service Modules (FWSM's) that are nearing end of life/service. We have two
for failover capability and it's worked great for us since...

Policy for corporate owned phones and tablets. MDM at an academic health Center hospital. David Grisham (Mar 11)
I'd like an off line conversation with anyone who has implemented MDM for a hospital system. We are starting with
corporate owned devices. Depending on our results, we will review BYOD in a year.
We know there will be some hard questions about wiping, users wanting apps, funding of devices and phone plans, etc.
Thanks in advance.

Cheers --grish
David D. Grisham
David Grisham, Ph.D., CISM, CRISC
Manager, IT Security,
UNM Hospitals, IT...

Hiring Information Security Officer Rick Lesniak (Mar 11)
Colleagues,

We would appreciate assistance in spreading the word on our search for an
Information Security Officer at The State University of New York at Buffalo.
Details on the search can be viewed at:

http://www.buffalo.edu/ubit/about-us/ISO-search.html

Thanks,
Rick

REN-ISAC ALERT: NTP-Based Distributed Denial of Service Attacks Doug Pearson (Mar 10)
March 10, 2014

To: IT Security Staff and Network and System Administrators
(A CIO version of this Alert is available at [6])

REN-ISAC ALERT: NTP-Based Distributed Denial of Service Attacks -
Prevent your institution from being an unwitting partner in these
attacks

The REN-ISAC [1] wants to raise awareness and drive change
concerning common network time protocol (NTP) and network
configurations that fall short of best practices and...

HEISC Strategic Priorities Update: March 2014 Valerie Vogel (Mar 07)
I would like to share the following message on behalf of the HEISC co-chairs. (Apologies for the cross-posting if you
are also subscribed to the CIO list.)
Thank you,
Valerie

=======================

Dear Colleagues,

As we shared in a previous e-mail, the 2014 Higher Education Information Security Council (HEISC) Strategic Priorities
include: Strengthening Foundations, Continuing to Build the Information Security Profession, and Advancing...

Internet Issues and Infrastructure

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

Re: Customer Support Ticketing Chris Lane (Mar 19)
Hey paul

We use Netsuite with OpenNms ~ as an ISP i think you will always be stuck
with alot of customization ~ unless you build your own

Good luck
Chris

Re: Customer Support Ticketing Nick (Mar 19)
Paul,

My past two job, I used Kayako. I like it so much I bought a copy for my
side project. I feel work flow with kayako is will thought out for tech
minded people. Having easy access to staff notes while still able to see
the ticket is a big deal for me. Its someway easy to customize allowing
you to pull extra info about the customer into the ticket.

At my current day job. We use OTRS and are working to replace it. I
think its worthless...

Re: Level 3 blames Internet slowdowns on ISPs’ refusal to upgrade networks | Ars Technica Patrick W. Gilmore (Mar 19)
The devil on my left shoulder wants to laugh at L3 for their hypocrisy.

The angle on my right shoulder wants to congratulate a "tier one" (whatever the F that means) provider for finally
admitting, in writing, in public, from a lawyer, what the rest of us have known for decades.

In the middle is me being afraid of the gov't actually regulating something that _is_ a problem, but because they are
the gov't, doing it in a way...

Level 3 blames Internet slowdowns on ISPs’ refusal to upgrade networks | Ars Technica Jay Ashworth (Mar 19)
L3 escalates on Peering/CDN/Neutrality.

http://arstechnica.com/information-technology/2014/03/level-3-blames-internet-slowdowns-on-isps-refusal-to-upgrade-networks/

Re: L6-20P -> L6-30R William Herrin (Mar 19)
Hi Chuck,

Same article where you got your facts: "Up to a theoretical 51 watts
is available for a device." Though technically it's newer PoE
standards than AF which hit 51 watts.

Electrocution is a heart attack induced when alternating current
disrupts the heart's normal sinus rhythm. DC can burn you but it won't
disrupt your heart rhythm, hence it won't electrocute you. That was
the basis Edison's theater...

Re: L6-20P -> L6-30R Lamar Owen (Mar 19)
802.3af is limited to 15.4W, and 802.3at to 25.5W. The limits for Class
2 and 3 circuits are found in Chapter 9, Table 11 (A and B), of the NEC
(Table 11(B) for DC circuits, and for a power source of 30 to 60 volts a
Class 2 circuit can have, for a 44VDC supply power, up to 3.4A available
(a max nameplate rating of 100VA). For AC, Table 11(A) tells me that a
120VAC circuit, to meet Class 2, must be current-limited to 5mA.

BICSI has a good...

Re: L6-20P -> L6-30R Chuck Anderson (Mar 19)
I don't know where you are getting your facts, but 802.3af maxes out
at 15.4W and 802.3at at 34.2W, and DC can electrocute you just as well
as AC.

http://en.wikipedia.org/wiki/Power_over_Ethernet#Standard_implementation

Re: L6-20P -> L6-30R Lamar Owen (Mar 19)
[Whee. This discussion is good for me, as I need to refresh my memory
on the relevant code sections for some new data center
clients.....thanks, Bill, you're a great help!]

The NFPA thinks so. They also allow interoperability between a 20A
T-slot receptacle and a 15A plug (so that a 2-15P can work in a T-slot
2-20R, or a 5-15P can work in a 5-20R, etc). Things are different above
20A, at least in the NFPA's view. NFPA 75 is...

Re: L6-20P -> L6-30R William Herrin (Mar 19)
Hi Jay,

50 watts DC. It won't electrocute you (that's AC) but it's the same
power that makes a 40 watt bulb burning hot.

Regards,
Bill Herrin

Re: L6-20P -> L6-30R Jay Ashworth (Mar 19)
Fair point.

PoE is 48V and current limited, though, precisely to keep it what the Code calls Low Voltage.

RE: L6-20P -> L6-30R Alex Rubenstein (Mar 19)
Just because you say the debate should be ended doesn't mean it's true, or that you are even correct.

Your staff electrician missed half the answer, which would be to replace the breaker AND the receptacle. But you make
sound as if the OP has that option readily available to him, and it's doesn't answer is original question.

Really, a mismatched outlet on a breaker size not intended for it? That seems like a good idea....

Re: L6-20P -> L6-30R William Herrin (Mar 19)
There are no power cords coming from the power supply that the PC
power cable plugs in to?

http://www.ul.com/global/eng/pages/solutions/services/certification/

The 802.3af voip phone on my desk must be powered by magic.

Regards,
Bill Herrin

Re: L6-20P -> L6-30R Aaron (Mar 19)
To end the debate, my staff master electrician says just replace the
breaker. You can leave the outlet if you want or replace it too.
Doesn't matter. The 30A circuit should be 10 gauge which is fine for 20amp.

And to Jay: Network cables most certainly do carry power.

Re: L6-20P -> L6-30R William Herrin (Mar 19)
Safe. Enough.

Good advice.

Regards,
Bill Herrin

Re: L6-20P -> L6-30R Jay Ashworth (Mar 19)
----- Original Message -----

It is exactly that: no one says you *can't* wire a 20A branch circuit with
#10.

It is even *possible*, though unlikely, that if you did so, you wouldn't
have to derate it to 80%. I would have to reread the Code to be sure.

Cheers,
-- jra

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

Risks Digest 27.80 RISKS List Owner (Mar 18)
RISKS-LIST: Risks-Forum Digest Monday 17 March 2014 Volume 27 : Issue 80

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.80.html>
The current issue can be...

Risks Digest 27.79 RISKS List Owner (Mar 06)
RISKS-LIST: Risks-Forum Digest Thursday 6 March 2014 Volume 27 : Issue 79

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.79.html>
The current issue can be...

Risks Digest 27.78 RISKS List Owner (Mar 04)
RISKS-LIST: Risks-Forum Digest Monday 3 March 2014 Volume 27 : Issue 78

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.78.html>
The current issue can be...

Risks Digest 27.77 RISKS List Owner (Feb 28)
RISKS-LIST: Risks-Forum Digest Friday 28 February 2014 Volume 27 : Issue 77

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.77.html>
The current issue can be...

Risks Digest 27.76 RISKS List Owner (Feb 25)
RISKS-LIST: Risks-Forum Digest Tuesday 25 February 2014 Volume 27 : Issue 76

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.76.html>
The current issue can...

Risks Digest 27.75 RISKS List Owner (Feb 21)
RISKS-LIST: Risks-Forum Digest Friday 21 February 2014 Volume 27 : Issue 75

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.75.html>
The current issue can be...

Risks Digest 27.74 RISKS List Owner (Feb 16)
RISKS-LIST: Risks-Forum Digest Saturday 15 February 2014 Volume 27 : Issue 74

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.74.html>
The current issue can...

Risks Digest 27.73 RISKS List Owner (Jan 29)
RISKS-LIST: Risks-Forum Digest Tuesday 28 January 2014 Volume 27 : Issue 73

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.73.html>
The current issue can be...

Risks Digest 27.72 RISKS List Owner (Jan 28)
RISKS-LIST: Risks-Forum Digest Monday 27 January 2014 Volume 27 : Issue 72

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.72.html>
The current issue can be...

Risks Digest 27.71 RISKS List Owner (Jan 24)
RISKS-LIST: Risks-Forum Digest Thursday 23 January 2014 Volume 27 : Issue 71

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.71.html>
The current issue can...

Risks Digest 27.70 RISKS List Owner (Jan 21)
RISKS-LIST: Risks-Forum Digest Tuesday 21 January 2014 Volume 27 : Issue 70

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.70.html>
The current issue can be...

Risks Digest 27.69 RISKS List Owner (Jan 07)
RISKS-LIST: Risks-Forum Digest Monday 6 January 2014 Volume 27 : Issue 69

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.69.html>
The current issue can be...

Risks Digest 27.68 RISKS List Owner (Jan 03)
RISKS-LIST: Risks-Forum Digest Friday 3 January 2014 Volume 27 : Issue 68

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.68.html>
The current issue can be...

Risks Digest 27.67 RISKS List Owner (Jan 01)
RISKS-LIST: Risks-Forum Digest Wednesday 1 January 2014 Volume 27 : Issue 67

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.67.html>
The current issue can...

Risks Digest 27.66 RISKS List Owner (Dec 26)
RISKS-LIST: Risks-Forum Digest Thursday 26 December 2013 Volume 27 : Issue 66

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.66.html>
The current issue can...

Data Loss — Data Loss covers large-scale personal data loss and theft incidents. This archive combines the main list (news releases) and the discussion list.

Open Source Tool Development

Metasploit — Development discussion for Metasploit, the premier open source remote exploitation tool

iOS payload for metasploit Anwar Mohamed (Mar 18)
Hello All,

I have managed to make an ios payload for metasploit and I am stuck at
understanding how posix payload goes on at meterpreter repo.

I have two options:
1- to compile the posix one using ios toolchain
2- implement a new one under xcode specially for macosx and ios both
(already started in that part but with little progress)

what do you think ?

Re: Metasploit running on a pineapple Tod Beardsley (Mar 18)
The mkV has enough oomph to run real Ruby, yes? I don't know if it does or
not. Tbh the Rpineapple may be a better choice.

Metasploit running on a pineapple Dan Tentler (Mar 17)
I'm curious if anybody has ever tried this before.
I have a Mark5 and I'd like to put a small number of modules/payloads on
the thing to be run from the pineapple gui (or automatically), like
exploiting ms08_067, finding null sessions, and using psexec to run
something like dynamic_exe and lob the subsequent shells back to a real
host running framework/pro.

At the moment my approach is to basically create rc script skeletons and
have...

Re: resetting git Michael Schierl (Mar 17)
Am 17.03.2014 20:02, schrieb Tod Beardsley:

It does not allow you to push changes elsewhere, though (except
patches), and when trying to update it, weird things may happen.

And BTW, I *do* care about the past :)

Therefore I think it is enough to fetch the past once :)

But probably enough off-topic discussion on this list now.

Regards,

Michael

Re: resetting git Tod Beardsley (Mar 17)
git clone --depth 1 is nice. Very shallow if you don't care about the past
too much.

Re: resetting git Michael Schierl (Mar 17)
Am 16.03.2014 22:52, schrieb Robin Wood:

Depending on what branch you were one before, you might have to reset
the freshly checked out master branch again, if you follow this route.

Sorry, did not think about that :-(

Another alternative (which is also handy in case you want to temporarily
checkout some different branch to test something there, without either
discarding or committing your changes first) is

$ git stash save

which puts your...

Re: resetting git Robin Wood (Mar 17)
metasploit-framework locally, nuke your own origin, refork on GitHub, and
reclone locally. That'll get you all the latest and none of the old and
crusty branches.

I did think about doing that but thought there would be nice way to do it
through git as I'm trying to learn how to use it properly. I'm still not
100% sure why things do what they do but it is making slightly more sense
each time I learn something like this.

Robin...

Re: resetting git Tod Beardsley (Mar 16)
TBH if you don't care about your local stuff you can just rm -rf
metasploit-framework locally, nuke your own origin, refork on GitHub, and
reclone locally. That'll get you all the latest and none of the old and
crusty branches.

Re: resetting git Robin Wood (Mar 16)
Should have elaborated, when I did it your way it complained about a
conflict that needed resolving before I could continue. Doing the
reset seemed to fix that so the checkout could complete.

Robin

Re: resetting git Robin Wood (Mar 16)
All seemed to work except I had to do these in the other order:

$ git reset --hard upstream/master
$ git checkout master

Thanks

Robin

Re: Metasploit - error in opcodes.rb Tod Beardsley (Mar 16)
We recently updated our local copy of metasm so I'm sure that's the crux of
the problem. Can I get you to open a bug on our redmine instance?
Dev.metasploit.com .

Metasploit - error in opcodes.rb Fancy Hawaii (Mar 15)
Hi everybody,

anybody else noticed this error after the latest upgrade?
Or is it just me having this prob?
NB: before the latest upgrade all worked fuine :-(

root () kali:~/# msfconsole
/opt/metasploit/apps/pro/msf3/lib/metasm/metasm/cpu/ia32/opcodes.rb:27:in `[]=':
can't convert Symbol into Integer (TypeError)
from
/opt/metasploit/apps/pro/msf3/lib/metasm/metasm/cpu/ia32/opcodes.rb:27:in `block
in init_cpu_constants'...

Re: resetting git Robin Wood (Mar 08)
Thanks, will give that a try in the morning.

Robin

Re: resetting git Michael Schierl (Mar 08)
Hello Robin,

Am 08.03.2014 09:24, schrieb Robin Wood:

I assume you have a local repo already on your disk, which has two
remotes pointing to your local github repo and to the upstream repo:

$ git remote -v
origin git () github com:schierlm/metasploit-framework.git (fetch)
origin git () github com:schierlm/metasploit-framework.git (push)
upstream git://github.com/rapid7/metasploit-framework.git (fetch)
upstream...

resetting git Robin Wood (Mar 08)
I've a fork of the git repo that I did following the official
Metasploit instructions but I've not touched it for a couple of years
and it is a mess, I've a couple of branches and some commits and I
don't care about any of them. How do I reset my repo and get it back
in sync with the current trunk? I tried a while ago and just got
conflicts and problems so gave up.

I want to be back at a point where I can branch my own fork...

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

Re: my traffic not captured David Sheats, Friendly Computer Service (Mar 19)
Ohhh, I see what I did. It was a network byte-ordering problem. I wanted
it to connect to port 2022 (07e6 hex), but it was switching the bytes around
such that I was actually connecting to port 58887 (e607 hex). My eye had
been skipping right past the captured packets because I assumed they were
for some other protocol!

Thanks for you the help, Guy and Anne.

(I am relatively new to using email lists such as this- will Anne also get
this...

Re: my traffic not captured Guy Harris (Mar 19)
Is it capturing other traffic *between the client and server in question*?

Re: my traffic not captured Guy Harris (Mar 19)
If you're running Wireshark on Windows (which he's probably doing, given the "winsock2.h" in his comment), you might
not *have* a loopback interface, or it might not do what somebody used to UN*Xes thinks it does:

http://wiki.wireshark.org/CaptureSetup/Loopback

However, I infer from

Also, it doesn't seem to make a difference whether I'm running Wireshark on the client or the server side of
the...

Development project ideas Anders Broman (Mar 19)
Hi,
On the Wiki on the development page http://wiki.wireshark.org/Development I have started a section Design ideas. The
purpose is that
Someone interested could pick up on the ideas and anyone could add implementation sketches or pointers on how to
implement the idea
To help implementing it. Comments are also welcome.
Best regards
Anders

Re: my traffic not captured Anne Blankert (Mar 19)
It would surprise me if your software would be able to bypass Wireshark.
Are you sure you are capturing on the same interface as your client or
server is listening on?

If client and server on the same host and you are using 'localhost', you
should capture the loopback interface.
If client and server are on different machines, you should capture on
the same interface that client (or server) is using. Maybe you have
multiple network...

my traffic not captured David Sheats, Friendly Computer Service (Mar 19)
Hi folks,

I am writing a program that makes use of Windows Sockets, and I thought I might use Wireshark to watch the traffic
go back and forth across my network. However, the Shark doesn't seem to capture the packets generated by my program.
I send data from the client computer to the server computer using a regular TCP connection onto port 2022 of the
server. I know the server is receiving the information, because it is...

Path to NSIS in config.nmake Graham Bloice (Mar 19)
A recent question on Ask Wireshark (
http://ask.wireshark.org/questions/30890/makensis-makensis-path)

Gerald made a change (
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commitdiff;h=dc87fa2d68a5dbc7693b5cc93e044a62af5ce39c)
to set the NSIS path, but I'm a bit puzzled by it.

On all the 64 bit systems I have, the env var PROGRAMW6432 is set to
"%SystemDrive%\Program Files", so it appears to me that the change,...

Re: I want to add a menuitem in statistics menu, what should i do? ?????????? (Mar 18)
and I modified the name of other menuitem both place,it appears to be the same as before.

------------------ Original ------------------
From: "Anders Broman";<anders.broman () ericsson com>;
Date: Tue, Mar 18, 2014 11:37 PM
To: "Developer support list for Wireshark"<wireshark-dev () wireshark org>;

Subject: Re: [Wireshark-dev] I want to add a menuitem in statistics menu,what should i do?

Hi,

By the file...

Re: I want to add a menuitem in statistics menu, what should i do? ?????????? (Mar 18)
I use the wireshark-1.6.5 edtion,and i am sure that they match.

------------------ Original ------------------
From: "Anders Broman";<anders.broman () ericsson com>;
Date: Tue, Mar 18, 2014 11:37 PM
To: "Developer support list for Wireshark"<wireshark-dev () wireshark org>;

Subject: Re: [Wireshark-dev] I want to add a menuitem in statistics menu,what should i do?

Hi,

By the file names it sounds like you...

Re: I want to add a menuitem in statistics menu, what should i do? Anders Broman (Mar 18)
Hi,
By the file names it sounds like you are working against an older release that stuff is now in
Ui/gtk/ main_menubar.c

I don't remember when we got rid of the deprecated ...factory.. stuff but assuming it's

static const GtkActionEntry main_menu_bar_entries[] = {

make sure the action name

static const char *ui_desc_menubar =
"<ui>\n"
" <menubar name ='Menubar'>\n"
" <menu name=...

I want to add a menuitem in statistics menu, what should i do? ?????????? (Mar 18)
I just want to add a menuitem in statistics menu,what should i do?I modified the ui_desc_menubar string in gtk/menus.c
and a item in main_menu_bar_entries in gtk/menus.c,but it din't function well,what should i do ?___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe:...

Re: Regarding Plugin attachment Anders Broman (Mar 18)
Hi,
Does the file packet-foo.h exist in epan/dissectors?

From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Nilesh Nayak
Sent: den 18 mars 2014 12:03
To: Hadriel Kaplan; wireshark-dev () wireshark org; Peter Wu
Subject: Re: [Wireshark-dev] Regarding Plugin attachment

I have the following error while compiling each time my dissector using 'make' command.

make[5]: Entering...

Re: Packet counter in live tshark captures Pascal Quantin (Mar 18)
2014-03-18 0:24 GMT+01:00 Jan Larres <jan () majutsushi net>:

Hi Jan,

the commit you are referring to is only present in the development branch,
and not in the 1.10.X branch. You might want to give a try to the 1.11.2
development build found on Wireshark website (or a more recent bleeding
edge nightly build found here: http://www.wireshark.org/download/automated/).

Pascal.

Re: Regarding Plugin attachment Nilesh Nayak (Mar 18)
I have the following error while compiling each time my dissector using
'make' command.

make[5]: Entering directory
`/home/nileshnayak/Desktop/wireshark-1.10.5/epan/dissectors'
make[5]: *** No rule to make target `packet-foo.h', needed by `all-am'.
Stop.
make[5]: Leaving directory
`/home/nileshnayak/Desktop/wireshark-1.10.5/epan/dissectors'
make[4]: *** [all-recursive] Error 1
make[4]: Leaving directory...

Re: Regarding Plugin attachment Nilesh Nayak (Mar 18)
I have the following error while compiling each time my dissector using
'make' command.

Couldn't really figure out what the problem is actually..
Any help is greatly appreciated.

Thanks and Regards,
Nilesh Nayak

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

Re: Snort Inline mode with iptables problems on Ubuntu 12.04 Shivaramakrishnan Vaidyanathan (Mar 19)
But when i try to run with daq as nfq,I get daq module nfq not found.
Though I see them built,when i use ./configure in daq.

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available....

Re: Unexpected results with reputation preprocessor James Lay (Mar 19)
Are you logging to unified? Would be interesting to see the output of
that offlist perhaps if it's sensitive.

James

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available....

Re: Snort Inline mode with iptables problems on Ubuntu 12.04 James Lay (Mar 19)
Gotta assign the queue a number and point snort to it:

snort -Q --daq nfq --daq-var device=br0 --daq-var queue=1 -c
/etc/snort/snort.conf
iptables -I FORWARD -j NFQUEUE --queue-num 1

As I understand it, you only get one queue, so choose wisely. I could
be wrong as I'm in the early stages of converting from IDS to IPS.

James

------------------------------------------------------------------------------
Learn Graph Databases - Download...

Re: Snort Inline mode with iptables problems on Ubuntu 12.04 Shivaramakrishnan Vaidyanathan (Mar 19)
Hi,
I have installed the latest version of snort and want to run in inline
mode and I have been having problems in accessing the machine once I change
the iptables entries.I am able to start the snort with no issues.But as
soon as I change the iptables, I am no longer able to access it.Here is the
iptables commands that I use.

iptables -A INPUT -i lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -o lo -s 127.0.0.1 -d 127.0.0.1 -j...

output alert_fast: is not anymore a pipe? Juan Camilo Valencia (Mar 19)
Hi Guys,

I'm upgrading snort from 2.9.3 to snort 2.9.6, previously I was using
barnyard2 to create the output alert_fast: alert file using unified2 format
form snort. Now I upgraded to 2.9.6, I decide to not use barnyard2 for now
and only use the feature
output alert_fast: directly from snort, and what snort does is create a
normal file. What I want to know if this feature changes a long time ago,
if is possible ti have that feature back...

Re: Unexpected results with reputation preprocessor Dave Corsello (Mar 19)
My last sentence was unclear. I should have said that the preprocessor
seems to be reporting a non-existent outbound HTTP packet for each
blocked inbound _HTTP_ packet.

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the...

Re: Unexpected results with reputation preprocessor Dave Corsello (Mar 19)
Thanks Joel and James. The problem is that according to my maillog the
preprocessor did its job--the inbound traffic never made it to my
server, so there was no outbound response traffic. It looks to me like
for each inbound packet that the preprocessor reports, it's also
reporting a second, non-existent packet with all of the same
information, including timestamp, except that the source and destination
addresses are reversed. I also see...

Snort Inline mode with iptables problems on Ubuntu 12.04 Shiva (Mar 19)
Hi,
I have installed the latest version of snort in inline mode and I have been having problems in accessing the machine
once I change the iptables entries.I am able to start the snort with no issues.But as soon as I change the iptables, I
am no longer able to access it.Here is the iptables commands that I use.

iptables -A INPUT -i lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -o lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A...

Re: Unexpected results with reputation preprocessor James Lay (Mar 19)
People that run mail servers with realtime blocklists will most likely
see a fair amount of these.

James

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free...

Re: Unexpected results with reputation preprocessor Joel Esler (jesler) (Mar 19)
You could suppress by destination IP.

But I’d warrant that if you have an internal host going outbound to an externally reputation blocked IP, then that’s a
problem too!

Re: Unexpected results with reputation preprocessor Dave Corsello (Mar 19)
Folks,

Any ideas on how to prevent the reputation preprocessor from producing
alerts on both inbound and outbound traffic in cases where there is only
inbound traffic? Trying to determine whether the traffic was inbound or
outbound can be time consuming. Apologies for assuming that Snort is in
error in my last message. I certainly could be doing something wrong.

Thanks,
Dave...

Re: Snort Configuration Nanda Vardhan (Mar 19)
1. My snort version is 2.9.2
2. public user
3. I dont know what NIC is, as I mentioned am a newbie
4. connected wirelessly through wifi router.

- trying to sniff packets through wlan0 interface

My problem is that am unable to sniff the packets of other devices
connected to my wifi router. when I run snort am getting packets of the
device on which snort was running. How to configure so that it sniffs the
packets of other devices connected to...

Re: Snort Configuration Russ Combs (rucombs) (Mar 19)
Hi Nanda,

I'm not clear on the problem you are experiencing but it sounds like you want to sniff packets that are not going to
your Snort interface. It could be that you need to configure additional interfaces or perhaps add a tap in your
network to get the packets of interest.

In any case, please redirect your question to the snort-users list. There are many users who have gone through these
same issues and they are better able to...

Re: Snort Configuration waldo kitty (Mar 19)
1. what version of snort?
2. what user:group are you running snort as?
3. is your NIC properly being set to promiscuous mode?
4. how it your device connected? wire or cable?
4a. if wire, to a router/switch or hub?
4a1. if router/switch, is the port mirroring all traffic on all ports?

that should work for now but you should read the FAQ on how to ask a good
question and provide the necessary data for a good and reasonable response...

PS: note...

Snort Configuration Nanda Vardhan (Mar 19)
Hello

I am a new user of snort. I installed it on ubuntu and running it for
packet capturing on wlan0 interface. My problem is that am unable to packet
information of other devices on the network. I was just getting
information of ip address that is assigned to the device on which snort was
running.

I tried configuring HOME_NET variable but of no use. please kindly help me.

Thanks in Advance...

More Lists

Related Resources

We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.