|
SecLists.Org Security Mailing List Archive
Any hacker will tell you that the latest news and exploits are not
found on any web site—not even Insecure.Org. No, the cutting edge
in security research is and will continue to be the full
disclosure mailing lists such as Bugtraq. Here we provide web
archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:
Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.
New VA Modules: MSF: 1, Nessus: 21, OpenVAS: 15
New VA Module Alert Service (Dec 06)
This report describes any new scripts/modules/exploits added to Nmap,
Metasploit, Nessus, and OpenVAS since yesterday.
== Metasploit modules (1) ==
e4064279
https://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/fileformat/ms14_060_sandworm.rb
MS14-060 Microsoft Windows OLE Package Manager Code Execution
== Nessus plugins (21) ==
79746 openvpn_2_3_6.nasl...
What is the progress on large-scale scans?
江杰 (Dec 06)
Hi list,
I know that you're endeavouring to speed up Nmap scanning for internet-wide
applications[1],but I didn't find any clues in your changelog and mail
list, so i wanna know what's your guys' plan on this? Optimizing DNS
resolution and resource utilization or adding a new feature to implement a
stateless scan[2] or a distributed scan[3]?
Actually, I was planning to apply for a position on GSoC 2015 to work for
Nmap, but...
Re: Implemented non-repeating "extra_payload"
Andrew Jason Farabee (Dec 05)
This is embarrassing, I guess I should have considered that IDS's that go
as far as looking at the payload would be able to tell a scan was occurring
just based on one IP sending packets to every port.
Also, a forensic team could probably determine when a user started a new
scan based on timing and scan patterns even if "--data-length" isn't used.
The same goes for determining what nmap scripts are looking for. In order
to...
Re: Implemented non-repeating "extra_payload"
Royce Williams (Dec 05)
Andrew, which specific IDS/IPS/etc currently detect scanning based on the
characteristics that your patch changes, and no longer detect nmap scans
when your patch is applied?
Royce
New VA Modules: Nessus: 33
New VA Module Alert Service (Dec 05)
This report describes any new scripts/modules/exploits added to Nmap,
Metasploit, Nessus, and OpenVAS since yesterday.
== Nessus plugins (33) ==
79724 splunk_614.nasl
http://nessus.org/plugins/index.php?view=single&id=79724
Splunk Enterprise 5.0.x < 5.0.10 / 6.1.x < 6.1.4 Multiple
Vulnerabilities
79723 splunk_607.nasl
http://nessus.org/plugins/index.php?view=single&id=79723
Splunk Enterprise 6.0.x < 6.0.7 Multiple...
root priviledges
Mika Yrjönen (Dec 05)
Version: 6.40Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/zenmapGUI/MainWindow.py", line
667, in _save_scan_results_cb self._save(self.scan_interface, filename, selected, format) File
"/usr/lib/python2.7/dist-packages/zenmapGUI/MainWindow.py", line 752, in _save
recent_scans.add_recent_scan(saved_filename) File "/usr/lib/python2.7/dist-packages/zenmapCore/RecentScans.py", line...
NSE: http-google-malware against (IP address) threw an error!
GBytze Bytze (Dec 05)
I am a little stumped here, as to why this is throwing an error and how to
correct it.
I have my own API Key. I have also reloaded and updated all repositories
and even tried using different Linux machines - still throws this error.
Any help would be kindly appreciated.
*Here is the syntax I am using; *
nmap -p80 -–script http-google-malware -–script-args
http-google-malware.api=<MYAPIKEY> <Target>
*Here is the version I am...
ssdp.nse
Ulrik Haugen (Dec 05)
Hello!
I've written another Nmap script for extracting information about a
potential reflector/amplifier. This time it's Simple service discovery
protocol. In scans of our network we've discovered services with
bandwidth amplification factors from 3.6 to 33.4.
A fingerprint for nmap-service-probes might be:
Probe UDP ssdp-msearch q|M-SEARCH *...
Re: Implemented non-repeating "extra_payload"
Fyodor (Dec 05)
On Fri, Nov 21, 2014 at 2:46 PM, Andrew Jason Farabee <afarabee () uci edu>
wrote:
Thanks for the interesting writeup and patch! It's not really clear which
is "better" in general--the current fixed string behavior or choosing new
random packet data for each packet. There are (tiny) advantages and
disadvantages to each. But it is good that your patch is available in case
anyone ever encounters a need for that behavior....
New VA Modules: NSE: 2, MSF: 1, Nessus: 24, OpenVAS: 5
New VA Module Alert Service (Dec 04)
This report describes any new scripts/modules/exploits added to Nmap,
Metasploit, Nessus, and OpenVAS since yesterday.
== Nmap Scripting Engine scripts (2) ==
r33856 targets-ipv6-map4to6 http://nmap.org/nsedoc/scripts/targets-ipv6-map4to6.html
https://svn.nmap.org/nmap/scripts/targets-ipv6-map4to6.nse
Author: Raúl Armando Fuentes Samaniego
This script runs in the pre-scanning phase to map IPv4 addresses onto
IPv6 networks and add them to the...
New VA Modules: Nessus: 31, OpenVAS: 18
New VA Module Alert Service (Dec 03)
This report describes any new scripts/modules/exploits added to Nmap,
Metasploit, Nessus, and OpenVAS since yesterday.
== Nessus plugins (31) ==
79668 cisco_cucm_CSCup88089.nasl
http://nessus.org/plugins/index.php?view=single&id=79668
Cisco Unified Communications Manager Unspecified SQL Injection
79667 cisco-sn-CVE-2014-3399-asa.nasl
http://nessus.org/plugins/index.php?view=single&id=79667
Cisco ASA Software SharePoint RAMFS Integrity...
Re:
Raul Fuentes (Dec 02)
In my humble opinion, begin with the Lua main site (http://www.lua.org/)
and after that with the current NSE library (http://nmap.org/nsedoc/)
Sincerely, Raul Fuentes
2014-12-02 2:32 GMT+01:00 Tom Mody <bug29195 () gmail com>:
Re: certificate_request not handled in tls.lua
Daniel Miller (Dec 02)
David,
Thanks for catching this. I stopped partway through because the structure
of the message has changed between TLS versions (TLS 1.2 includes
information about signature algorithms), and we don't currently have a way
to handle that well. I intend to separate out some of these functions and
then have each TLS version represented by a table of parsers which point to
each function, so when record_read gets to the TLS version, it simply...
Re: NSE scripts for scanning IPv6 sub-nets
Raul Fuentes (Dec 02)
Hello,
Many thanks by taking the time for reviewing the code, I'm more than glad
to answer any question
I'll try to answer to best the question, by the way, from that time to now
I write english documentation for each script in the Google code website,
for the DHCPv6 script this is the link;
https://code.google.com/p/itsis-mx/wiki/DHCPv6
When was looking for DHCPv6 servers implementations I only find Microsoft
version and...
Re: NSE scripts for scanning IPv6 sub-nets
Daniel Miller (Dec 02)
Raúl,
I'm sorry it has taken us a year before your scripts made it into Nmap, but
I can happily say that targets-ipv6-recon-map4to6 was added in r33851.
I'm pretty sure I can work through the others fairly well, but I'm curious
about your technique for interrogating DHCPv6 servers to enumerate subnets.
I'm reading through your thesis paper, but my spanish is poor, especially
in regard to technical topics. I would appreciate...
Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.
Nmap Project Seeking Talented Programmers for Google Summer of Code--Last Day to Apply!
Fyodor (Mar 20)
Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're...
Nmap Team Launches 5-Gigapixel "Icons of the Web" Project
Fyodor (Dec 19)
Fellow Nmap Hackers,
Perhaps you remember in 2010 how we capped off a massive scan of the top
million Internet web sites by creating a giant interactive collage, with
each site scaled by its popularity? Well, I'm happy to report that we
restarted our scanners this year and have launched a brand new and much
improved edition of Icons of the Web at http://nmap.org/favicon/! It's
interesting to see how things have changed in just 3...
Nmap 6.40 Released! New scripts, new signatures, better performance!
Fyodor (Aug 19)
Hi Folks. It has been a while since the last stable Nmap release, but
I'm pleased to release Nmap 6.40 and I think you'll consider it worth
the wait! It includes 14 new NSE scripts, hundreds of new OS and
service detection signatures, a new --lua-exec feature for scripting
Ncat, initial support for NSE and version scanning through a chain of
proxies, improved target specification, many performance enhancements
and bug fixes, and much...
Nmap Project Seeking Talented Programmers for Google Summer of Code
Fyodor (Apr 26)
Hi Folks. I'm happy to announce that the Nmap Project has again been
accepted into the Google Summer of Code program. This innovative and
extraordinarily generous program provides $5,000 stipends to college and
graduate students who spend the summer improving Nmap! They gain valuable
experience, get paid, strengthen their résumés, and write code for millions
of users.
Previous SoC students helped create the Nmap Scripting Engine, Zenmap...
Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. It higher traffic than other lists, but the relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
NASA Orion - Bypass, Persistent Issue & Embed Code Execution Vulnerability
Vulnerability Lab (Dec 05)
Document Title:
===============
NASA Orion - Bypass, Persistent Issue & Embed Code Execution Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1339
[VU#666988] US CERT
Vulnerability Magazine:
http://magazine.vulnerability-db.com/?q=articles/2014/12/05/nasa-mars-orion-program-researcher-reveals-vulnerability-boarding-pass
Reference Article:...
CVE-2014-5462 - Multiple Authenticated SQL Injections In OpenEMR
Portcullis Advisories (Dec 05)
Vulnerability title: Multiple Authenticated SQL Injections In OpenEMR
CVE: CVE-2014-5462
Vendor: OpenEMR
Product: OpenEMR
Affected version: 4.1.2(7) and earlier
Fixed version: N/A
Reported by: Jerzy Kramarz
Details:
SQL injection has been found and confirmed within the software as an authenticated user. A successful attack could
allow an authenticated attacker to access information such as usernames and password hashes that are stored in the...
NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
VMware Security Response Center (Dec 05)
------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2014-0012
Synopsis: VMware vSphere product updates address security
vulnerabilities
Issue date: 2014-12-04
Updated on: 2014-12-04 (Initial Advisory)
CVE number: CVE-2014-3797, CVE-2014-8371, CVE-2013-2877, CVE-2014-0191,
CVE-2014-0015, CVE-2014-0138, CVE-2013-1752 and...
SpoofedMe - Social Login Impersonation Attack
Or Peles (Dec 04)
Hi,
We have discovered an impersonation attack on social login protocols (e.g.
Oauth 1.0 / 2.0 used for authentication) based on a combination of an
implementation vulnerability existing in some identity providers (e.g.
LinkedIn, which has fixed the issue) and a known design problem in the
relying (third-party) website side.
The identity provider vulnerability is allowing the use of un-verified
email in the social login authentication...
Offset2lib: bypassing full ASLR on 64bit Linux
Hector Marco (Dec 04)
Hi,
This is a disclosure of a weakness of the ASLR Linux implementation.
The problem appears when the executable is PIE compiled and it has an
address leak belonging to the executable. We named this weakness:
offset2lib.
In this scenario, an attacker is able to de-randomize all mmapped
areas (libraries, mapped files, etc.) by knowing only an address
belonging to the application and the offset2lib value.
We have built a PoC which bypasses on a...
Re: XSS (in 20 chars) in Microsoft IIS 7.5 error message
Barry Dorrans (Dec 04)
I believe that's the asp.net error page you're seeing (Was it yellow?)
That exception is from Request Validation (which we don't consider a security boundary any more, and we advise folks to
validate themselves, as validation is context specific).
You're seeing the dev error page, which by default is only shown if you're accessing via //localhost. Developers can
override that setting to always show the default...
Positive Hack Days V — Call for Papers
Alexander Lashkov (Dec 03)
Every night when we go to sleep we have a chance to wake up in another universe. At any time, the expanding to infinity
universe may turn back and then rush to the start point. Or maybe finish point. Back to singularity.
The cyber universe has plunged into turmoil. Cyber criminals and special agencies operating beyond the society control
start us thinking whether it is a good decision to live in a cyber world, where threats are real while...
BSidesHH 2014
Daniel Busch (Dec 03)
Re: [The ManageOwnage Series, part IX]: 0-day arbitrary file download in NetFlow Analyzer and IT360
Pedro Ribeiro (Dec 03)
A small correction: the NetFlow vulnerable versions are actually v8.6 to
v10.2 (which is the latest release). I've updated the advisory in the repo.
Regards
Pedro
Re: XSS (in 20 chars) in Microsoft IIS 7.5 error message
A Z (Dec 03)
Thank you all for the replies,
Unfortunately, I can no longer really test this (it was on some internal
network, so for example link shortening wouldn't work), but I wanted to
know if anyone had encountered this stuff before. I should try on a clean
install as suggested - if it works I'll let you know.
For some unknown reason there was no HTML encoding in this error response,
however the payload was truncated to 20 chars. I googled it...
Re: XSS (in 20 chars) in Microsoft IIS 7.5 error message
James Hooker (Dec 03)
You could skip the schema on any includes, and just use '//'. That will
then use the schema provided in the original URL. That will save you 4
characters at least. You can also skip most quotes in tags - that will save
you a few more characters. Link shortening services might also be of use,
however one that generates links short enough might be hard to come by -
more likely, you'll need a 3 character domain, with a 2 character...
Re: XSS (in 20 chars) in Microsoft IIS 7.5 error message
Mark Steward (Dec 03)
I've spotted this before and ignored it because it's all HTML-escaped. You
can actually put as much as you like before the equals, presumably
including script tags. You can also include enough after the equals to
write something like "<iframe src=//xy.co>".
Where are you seeing it unescaped? Is it some third-party handler? Try on a
clean install with just an empty .aspx and a web.config with an empty
configuration...
Re: XSS (in 20 chars) in Microsoft IIS 7.5 error message
waysea (Dec 03)
If you can get a <script> tag in (usually the very first tag to be
blacklisted), you could
1. register a two character domain with a two character TLD (all the
single character domains with two letter TLDs had been taken the last
time I checked)
2. have the root page be an index.js file (instead of index.html)
3. use something like:
A) <script src=//ab.cd>
or
B) <script/src=//ef.gh>
Without knowing more about your specific...
CSRF and XSS vulnerabilities in D-Link DAP-1360
MustLive (Dec 03)
Hello list!
There are Cross-Site Request Forgery and Cross-Site Scripting
vulnerabilities in D-Link DAP-1360 (Wi-Fi Access Point and Router).
In addition to previous Abuse of Functionality, Brute Force, Information
Leakage, Cross-Site Request Forgery and Cross-Site Scripting vulnerabilities
in DAP-1360, which I wrote about earlier.
-------------------------
Affected products:
-------------------------
Vulnerable is the next model: D-Link...
CVE-2014-3809: Reflected XSS in Alcatel Lucent 1830 PSS-32/16/4
Stephan.Rickauer (Dec 03)
#############################################################
#
# SWISSCOM CSIRT ADVISORY - http://www.swisscom.com/security
#
#############################################################
#
# CVE ID: CVE-2014-3809
# Product: 1830 Photonic Service Switch PSS-32/16/4
# Vendor: Alcatel-Lucent
# Subject: Reflected Cross-site Scripting - XSS
# Effect: Remotely exploitable
# Author: Stephan Rickauer (stephan.rickauer _at_ swisscom.com)
#...
Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
NASA Orion Mars Program - Bypass, Persistent Issue & Embed Code Execution Vulnerability (Boarding Pass)
Vulnerability Lab (Dec 05)
Document Title:
===============
NASA Orion - Bypass, Persistent Issue & Embed Code Execution Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1339
[VU#666988] US CERT
Vulnerability Magazine:
http://magazine.vulnerability-db.com/?q=articles/2014/12/05/nasa-mars-orion-program-researcher-reveals-vulnerability-boarding-pass
Reference Article:...
NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
VMware Security Response Center (Dec 05)
------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2014-0012
Synopsis: VMware vSphere product updates address security
vulnerabilities
Issue date: 2014-12-04
Updated on: 2014-12-04 (Initial Advisory)
CVE number: CVE-2014-3797, CVE-2014-8371, CVE-2013-2877, CVE-2014-0191,
CVE-2014-0015, CVE-2014-0138, CVE-2013-1752 and...
Offset2lib: bypassing full ASLR on 64bit Linux
Hector Marco (Dec 05)
Hi,
This is a disclosure of a weakness of the ASLR Linux implementation.
The problem appears when the executable is PIE compiled and it has an
address leak belonging to the executable. We named this weakness:
offset2lib.
In this scenario, an attacker is able to de-randomize all mmapped
areas (libraries, mapped files, etc.) by knowing only an address
belonging to the application and the offset2lib value.
We have built a PoC which bypasses on a...
[security bulletin] HPSBGN03205 rev.1 - HP Insight Remote Support Clients running SSLv3, Remote Disclosure of Information
security-alert (Dec 05)
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04510081
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04510081
Version: 1
HPSBGN03205 rev.1 - HP Insight Remote Support Clients running SSLv3, Remote
Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date:...
[security bulletin] HPSBUX03218 SSRT101770 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
security-alert (Dec 05)
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04517477
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04517477
Version: 1
HPSBUX03218 SSRT101770 rev.1 - HP-UX running Java7, Remote Unauthorized
Access, Disclosure of Information, and Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as...
[SECURITY] [DSA 3090-1] iceweasel security update
Moritz Muehlenhoff (Dec 04)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3090-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
December 04, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : iceweasel
CVE ID : CVE-2014-1587 CVE-2014-1590...
[SECURITY] [DSA 3089-1] jasper security update
Salvatore Bonaccorso (Dec 04)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3089-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
December 04, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : jasper
CVE ID : CVE-2014-9029
Debian Bug :...
[oCERT-2014-009] JasPer input sanitization errors
Andrea Barisani (Dec 04)
#2014-009 JasPer input sanitization errors
Description:
The JasPer project is an open source implementation for the JPEG-2000 codec.
The library is affected by two heap-based buffer overflows which can lead to
arbitrary code execution. The vulnerability is present in functions
jpc_dec_cp_setfromcox() and jpc_dec_cp_setfromrgn().
A specially crafted jp2 file, can be used to trigger the overflows.
Affected version:
JasPer <= 1.900.1
Fixed...
[SECURITY] [DSA 3088-1] qemu-kvm security update
Salvatore Bonaccorso (Dec 04)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3088-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
December 04, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : qemu-kvm
CVE ID : CVE-2014-8106
Paolo Bonzini of...
[SECURITY] [DSA 3087-1] qemu security update
Salvatore Bonaccorso (Dec 04)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3087-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
December 04, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : qemu
CVE ID : CVE-2014-8106
Paolo Bonzini of Red...
Re: Slider Revolution/Showbiz Pro shell upload exploit
assistenz (Dec 04)
Thank you for this information! Is there already a fix?
CVE-2014-9215 - SQL Injection in PBBoard CMS
tien . d . tran (Dec 04)
Vulnerability title: SQL Injection in PBBoard CMS
CVE: CVE-2014-9215
CMS: PBBoard
Vendor: Power bulletin board - http://www.pbboard.info/
Product: http://sourceforge.net/projects/pbboard/files/PBBoard_v3.0.1/PBBoard_v3.0.1.zip/download
Affected version: Version 3.0.1 (updated on 13/09/2014) and before.
Fixed version: Version 3.0.1 (updated on 28/11/2014)
Google dork: intext:Powered By PBBoard
Reported by: Tran Dinh Tien - tien.d.tran () itas vn...
APPLE-SA-2014-12-2-1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1
Apple Product Security (Dec 04)
APPLE-SA-2014-12-3-1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1
Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1 is now available and
addresses the following:
WebKit
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10.1
Impact: Style sheets are loaded cross-origin which may allow for
data exfiltration
Description: An SVG loaded in an img element could load a CSS file
cross-origin. This issue was addressed...
[SECURITY] [DSA 3086-1] tcpdump security update
Salvatore Bonaccorso (Dec 03)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3086-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
December 03, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : tcpdump
CVE ID : CVE-2014-8767 CVE-2014-8769...
Wireless N ADSL 2/2+ Modem Router - DT5130 - Xss / URL Redirect / Command Injection
Crash (Dec 03)
Product: Wireless N ADSL 2/2+ Modem Router
Firmware Version : V2.05.C29GV
Modem Type : ADSL2+ Router
Modem Vendor : Technicolor
Model: DT5130
Bugs:
1- Unauth Xss - CVE-2014-9142
user=teste&password=teste&...
Security Basics — A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.
CFP: 2nd EECEA2015 - International Conference on Electrical, Electronics, Computer Engineering and their Applications
Conference Updates (Nov 04)
The Second International Conference on Electrical, Electronics, Computer
Engineering and their Applications (EECEA2015)
University of Perpetual Help System Dalta, Las Piñas - Manila,
Philippines
February 12-14, 2015
http://sdiwc.net/conferences/eecea2015/
All registered papers will be included in SDIWC Digital Library.
===========================================================
The conference aims to enable researchers build connections...
Advanced Android & iOS Hands-on Exploitation Training at Toorcon San Diego
Aditya Gupta (Oct 03)
Hello everyone,
I'm Aditya from Attify. I'm glad to announce that, I'll be running a
2-day class on Android,
iOS and ARM Hands-on Exploitation at Toorcon 2014 in San Diego this
October. The training will focus on a hands-on approach to find vulns
and exploit them on mobile applications as well as the platform as
well.
All the exercises will be performed on a customised Mobile
Exploitation training distro and on a set of...
Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.
t2’14 Challenge to be released 2014-09-13 10:00 EEST
Tomi Tuominen (Sep 07)
Running assets is always difficult, however this year has been excruciating for t2 infosec. We lost one of our most
prized and well placed deep cover operatives in a foreign three letter agency. Shortly after the CFP, communications
stopped and we have to assume her new assignment is a permanent placement at a black site somewhere in Eastern Europe.
Luckily for us, the person was able to exfiltrate a key piece of an intelligence analysis...
Info Security News — Carries news items (generally from mainstream sources) that relate to security.
Sony Hack Exposed Personal Data of Hollywood Stars
InfoSec News (Dec 05)
http://online.wsj.com/articles/sony-pictures-hack-reveals-more-data-than-previously-believed-1417734425
By BEN FRITZ and DANNY YADRON
The Wall Street Journal
Dec. 4, 2014
The hack at Sony Pictures Entertainment revealed far more personal
information than previously believed, including the Social Security
numbers of more than 47,000 current and former employees along with
Hollywood celebrities like Sylvester Stallone.
An analysis of 33,000...
Cybersecurity Seen as DoD Priority Under Carter
InfoSec News (Dec 05)
http://www.govinfosecurity.com/cybersecurity-seen-as-dod-priority-under-carter-a-7634
By Eric Chabrow
Gov Info Security
December 3, 2014
Ashton Carter is a Ph.D. physicist and an expert in nuclear weaponry and
procurement, but the likely defense secretary nominee understands that
cyberdefense must be a priority in running the Pentagon.
"Cybersecurity won't get lost," says Jane Holl Lute, who as deputy
secretary of the...
Hackers are handpicked and pampered elite in North Korea
InfoSec News (Dec 05)
http://www.reuters.com/article/2014/12/05/us-sony-cybersecurity-northkorea-idUSKCN0JJ08B20141205
By JU-MIN PARK AND JAMES PEARSON
Reuters
Dec 5, 2014
Despite its poverty and isolation, North Korea has poured resources into a
sophisticated cyber-warfare cell called Bureau 121, defectors from the
secretive state said as Pyongyang came under the microscope for a
crippling hack into computers at Sony Pictures Entertainment.
A North Korean...
Judge rules that banks can sue Target for 2013 credit card hack
InfoSec News (Dec 05)
http://arstechnica.com/tech-policy/2014/12/judge-rules-that-banks-can-sue-target-for-2013-credit-card-hack/
By Megan Geuss
Ars Technica
Dec 4, 2014
On Tuesday, a District Court judge in Minnesota ruled [PDF] that a group
of banks can proceed to sue Target for negligence in the December 2013
breach that resulted in the theft of 40 million consumer credit card
numbers as well as personal information on 70 million customers. The banks
alleged...
Dozens of Chinese held in Kenya accused of preparing to raid the country's communications systems
InfoSec News (Dec 05)
http://www.abc.net.au/news/2014-12-05/dozens-of-chinese-held-in-kenya-in-cyber-bust/5945610
abc.net.au
December 4, 2014
Police in Kenya say they are holding 77 Chinese nationals who are accused
of running a cyber crime network and mysterious "command centre" from
upmarket houses in the capital Nairobi.
Kenya's foreign ministry also summoned China's top diplomat in Nairobi as
it sought to establish if Beijing was in...
Inspector: Security Holes Found in IRS Obamacare System
InfoSec News (Dec 03)
http://www.nextgov.com/cybersecurity/2014/12/inspector-security-holes-found-irs-obamacare-system/100286/
By Aliya Sternstein
Nextgov.com
December 2, 2014
A core IRS system for calculating Obamacare fees for health insurers and
drug manufacturer has security weaknesses, according to an internal audit.
Under the Affordable Care Act, insurers must report their net premiums to
the tax agency annually, and pharmaceutical companies must submit...
Whitelisting project helps industrial control systems owners find suspicious files
InfoSec News (Dec 03)
http://www.computerworld.com/article/2854434/whitelisting-project-helps-industrial-control-systems-owners-find-suspicious-files.html
By Lucian Constantin
IDG News Service
Dec 2, 2014
Industrial control systems have been at the center of some scary security
stories recently, but investigating malware infections in such
environments isn't easy because analysts often having a hard time telling
good files from suspicious ones.
Security...
The breach at Sony Pictures is no longer just an IT issue
InfoSec News (Dec 03)
http://www.csoonline.com/article/2854672/business-continuity/the-breach-at-sony-pictures-is-no-longer-just-an-it-issue.html
By Steve Ragan
Salted Hash
CSO
Dec 2, 2014
I'm going to make a prediction.
The breach at Sony Pictures has nothing to do with North Korea, aside form
the fact that the destructive malware believed to be present on Sony's
network is similar to the malware used in South Korea in 2013 - an
incident that was...
The 10 Biggest Bank Card Hacks
InfoSec News (Dec 03)
http://www.wired.com/2014/12/top-ten-card-breaches/
By Kim Zetter
Threat Level
Wired.com
12.02.14
The holiday buying season is upon us once again. Another event that has
arrived along with the buying season is the season of big box retailer
data breaches.
A year ago, the Target breach made national headlines, followed shortly
thereafter by a breach at Home Depot. Both breaches got a lot of
attention, primarily because the number of bank...
Home Depot spent $43M on data breach in one quarter alone
InfoSec News (Nov 26)
http://www.computerworld.com/article/2852179/home-depot-spent-43m-on-data-breach-in-one-quarter-alone.html
By Jeremy Kirk
IDG News Service
Nov 25, 2014
Home Depot spent $43 million in its third quarter dealing with the fallout
of one of the largest ever data breaches, highlighting the costly nature
of security failures.
The retailer said in a regulatory filing on Tuesday that it expects $15
million of that cost will be reimbursed by a $100...
Hackers suggest they had physical access during attack on Sony Pictures
InfoSec News (Nov 26)
http://www.csoonline.com/article/2851649/physical-security/hackers-suggest-they-had-physical-access-during-attack-on-sony-pictures.html
By Steve Ragan
Salted Hash
CSO
Nov 25, 2014
On Monday, Sony Pictures was forced to disable their corporate network
after attackers calling themselves the GOP (Guardians of Peace) hijacked
employee workstations in order to threaten the entertainment giant. Now,
new information suggests that the GOP had...
The branded bug: Meet the people who name vulnerabilities
InfoSec News (Nov 26)
http://www.zdnet.com/the-branded-bug-meet-the-people-who-name-vulnerabilities-7000036140/
By Violet Blue
Zero Day
ZDNet News
November 25, 2014
If the bug is dangerous enough, it gets a name. Heartbleed's branding
changed the way we talk about security, but did giving a bug a logo make
it frivolous... or is this the evolution of infosec?
Criminals, such as bank robbers, are often named because there are too
many to keep track of. Just...
[CFP] WiSec 2015 : The 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks
InfoSec News (Nov 26)
Forwarded from Ming Li <ming.li (at) usu.edu>
*Call For Papers*
------------------------------------------------------------------------------
The 8th ACM Conference on Security and Privacy
in Wireless and Mobile Networks
ACM WiSec '15
New York City, NY, USA
June 22nd — 26th 2015
http://www.sigsac.org/wisec/WiSec2015/
----------------------------------------------------------------------------------------
ACM WiSec 2015...
Highly advanced backdoor trojan cased high-profile targets for years
InfoSec News (Nov 24)
http://arstechnica.com/security/2014/11/highly-advanced-backdoor-trojan-cased-high-profile-targets-for-years/
By Dan Goodin
Ars Technica
Nov 23 2014
Researchers have unearthed highly advanced malware they believe was
developed by a wealthy nation-state to spy on a wide range of
international targets in diverse industries, including hospitality,
energy, airline, and research.
Backdoor Regin, as researchers at security firm Symantec are...
Finally, a New Clue to Solve the CIA’s M ysterious Kryptos Sculpture
InfoSec News (Nov 24)
http://www.wired.com/2014/11/second-kryptos-clue/
By Kim Zetter
Threat Level
Wired.com
11.20.14
In 1989, the year the Berlin Wall began to fall, American artist Jim
Sanborn was busy working on his Kryptos sculpture, a cryptographic puzzle
wrapped in a riddle that he created for the CIA’s headquarters and that
has been driving amateur and professional cryptographers mad ever since.
To honor the 25th anniversary of the Wall’s demise and...
Firewall Wizards — Tips and tricks for firewall administrators
Re: Interesting infographic on the history of firewalls
Darden, Patrick (Aug 04)
I did something similar to this in 1994-5 at Harvard using a version of rot-13 and icmp. Seriously. And it worked.
:-)
--p
-----Original Message-----
From: firewall-wizards-bounces () listserv cybertrust com [mailto:firewall-wizards-bounces () listserv cybertrust com]
On Behalf Of Marcus J. Ranum
Sent: Saturday, July 26, 2014 11:39 AM
To: Firewall Wizards Security Mailing List
Subject: [EXTERNAL]Re: [fw-wiz] Interesting infographic on the...
Re: Interesting infographic on the history of firewalls
Marcus J. Ranum (Aug 01)
Claudio Telmon wrote:
When I was at TIS, in 199?2, I set up Onions' tunnel driver and a couple
shell scripts that uuencoded the packets coming out of the tunnel, and
emailed them to another system user with a .forward file that uudecoded
the packets and injected them into a peer tunnel. With that setup, and its
opposite on both machines, I was able to NFS mount filesystems across
a secure mail guard. (Hint: if you're doing your own...
Re: Interesting infographic on the history of firewalls
Marcus J. Ranum (Aug 01)
It hasn't happened, yet.
mjr.
Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.
Re: File Upload with changed extension
Robin Wood (Dec 04)
No one has mentioned the ability to use the server as a warez server,
that could be a problem if the max upload file size is large enough.
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
Re: File Upload with changed extension
Michal Zalewski (Dec 04)
I can't say I'm convinced about other attacks discussed in this
thread, but if you have a web server that allows arbitrary file
uploads and then serves them back from a sensitive origin without
taking *a lot* of additional precautions (the list of which is long
and ever-changing), then you probably have a problem.
For one, you can load the content via <embed> / <object> on evil.com,
and have it interpreted as Flash,...
Re: File Upload with changed extension
Paul Burbage (Dec 04)
Also,
An extension blacklisting is not preferred - since you can get PHP
execution on the following extensions to name a few:
.PHP (upper case)
.php. (Trailing period)
Furthermore, don't trust the mimetype. It's easy to append PHP to a
GIF header file to bypass mimetype checks:
$ head -c 20 somepic.gif > shell.gif.php; cat c99shell.php >> shell.gif.php
$ file shell.gif.php
GIF Image Data
My two cents...
Cheers,
Paul
This...
Re: File Upload with changed extension
Seth Art (Dec 03)
Tobias - One question about the gif/js thing: As far as I can tell
from Ajin's blog, you need to be able to write a script tag into the
page, in order for it the gif to be interpreted as js. If that is
correct, I would think that just having the ability to upload the gif
with js in it is not enough. Or I am missing something (very
possible)?
Jyotiranjan - Another trick: see if you can bypass the blacklist
preventing the upload of...
Re: File Upload with changed extension
Tobias Wassermann (Dec 03)
Hi,
it could be also a risk on the client for some XSS. There is a existing and very easy scenario to implement: Using a
valid GIF-file to inject JavaScript-code to a page. If the page provides some upload functionality and the uploaded
files will be visible to other users afterwards you can use this for some XSS, as the javascript code is executed
within pages context.
In this scenario for the server its a real gif-file, as a correct...
Re: File Upload with changed extension
Guillermo Caminer (Dec 03)
Hi!
There could be a risk involved, if:
1) The image is uploaded inside the Document Root
2) Have some malicious code inside (ex: a php shell) that is not validated
3) The Web Server somehow executes this malicious code (for example, you can put php code inside a
GIF, after the magic number, and the web app include/require this file in a php script, then the php
engine will execute the php code when it sees the php opening tag, even if it's...
File Upload with changed extension
Jyotiranjan Acharya (Dec 02)
If you are able to upload a file with a changed extension, then will
that be a problem?
For example, you can not ,in any way, upload a .exe or .php/.jsp/.asp
file directly into a web App, but you can by changing their extension
to .JPG. What is the risk in such a case?
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request...
Tizen 2.2.1 WebKit Address Spoofing Vulnerability
Ajin Abraham (Dec 02)
<!--
Title: Tizen 2.2.1 WebKit Address Spoofing Vulnerability
Author: Ajin Abraham | @ajinabraham
Website: http://opensecurity.in
Affected Product: Tizen Default Browser
Affected Version: Tizen 2.2.1
Video Demo: https://www.youtube.com/watch?v=QKbTSxlCX7c
-->
<html>
<head><title>Tizen Browser - Address bar spoofing</title>
<script>
w=window.open('https://facebook.com/');...
RE: [EXT] RE: Social Security Number in Hidden field
Hambleton, Robert F (Nov 24)
I completely agree. Even with just the last 4 digits, the application needs to have a role based security framework,
the pages should be non-caching and SSL should be utilized. This would be for intranet and internet based
applications, traffic can be sniffed on any network.
-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Jeffory Atkinson
Sent: Monday, November 24, 2014...
RE: Social Security Number in Hidden field
Jeffory Atkinson (Nov 24)
In this day in age the SSN should never be a hidden variable. SSN should be treated nearly like a password. If an
application needs the ssn for some sort of operations it should be masked and index on the back end. (Ie. if the
application is providing the ssn number it should look something like xxx-xx-1234 at a min and the variable within the
html should be should be a reference point that translates to the true value on the backend.) The...
Re: concurrent logins
Robin Wood (Nov 24)
Agreed that defending against things like XSS is important but having
a policy on concurrent logins from the start of development is part of
good defence in depth and is something that you can write provable
tests for as opposed to XSS which is harder to do definitive testing
for without getting a tester in.
That is a good measure that helps protect high value areas.
Robin
This list is sponsored by Cenzic
--------------------------------------...
Re: Social Security Number in Hidden field
Antti Virtanen (Nov 24)
For a similar reason I have also implemented such a feature once. The
customer was fully aware that the information is not really safe, but they
wanted to prevent casual observer from seeing such information. In modern
office environments the observer doesn’t need to be in close proximity and
I think this is a valid concern.
In my case the sensitive fields were “encrypted", but with a weak
algorithm. Vulnerable to a malicious admin or...
Re: concurrent logins
Stephen de Vries (Nov 24)
Session hijacking is only possible after some other vulnerability in the site is exploited, e.g. XSS, or lack of HTTPS.
So I would first focus the effort into countermeasures for those vulnerabilities and only afterwards start thinking
about secondary countermeasures against session hijacking itself.
A countermeasure not yet mentioned is to authenticate specific high risk requests with a password, or PIN. E.g. when
initiating a transaction...
Re: Social Security Number in Hidden field
Lorne Kates (Nov 24)
I once coded an admin page like this. Admins had to have access to
SSNs (or SIN, since it was a Canadian company) of applicants. But
they didn't want the SSN on the screen all the time. So a button was
added that de-masked the SSN when clicked.
The company was fully aware that visually hiding the SSN still meant
the information was on the page, in the HTTP request and response, in
View Source, etc. The only thing they were worried about...
Re: Social Security Number in Hidden field
Abhay Rana (Nov 24)
No, putting it in a hidden field is same as showing it to a tech-savvy
admin. Unless admins are supposed to see the SSN (and are authorized
to), there is no reason for it to be in a hidden field.
If you really need it there (for some future requests in the form), it
might be better to instead put the SSN's unique ID from the database
(1,2,3) in the hidden field, and using it to get the SSN in the next
request on the server side.
Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.
OpenCFP Day!
Dave Aitel (Dec 05)
Actually EVERY day is OpenCFP day. That's what I love about it!
http://opencfp.immunityinc.com/cfp/2/
I know we have a couple of talks in the queue to go on the page, but
that doesn't mean you shouldn't vote now! Also you should SUBMIT a talk
so you can come and hang. If you've never been to an INFILTRATE, then
you're missing out! :>
-dave
Pressure Strategies for Nation States against Corporations
Dave Aitel (Dec 04)
<here is an amazing image from SYSCAN 2013 keynote>
So in my Syscan 2013 keynote
<https://prezi.com/dyx9iqfwudve/whats-at-stake-syscan-2013-keynote/>,
(from which the above screenshot is taken) if you were there, we talked
a little bit about how nation states respond to corporations trying to
kick them out, which is suddenly more relevant in the wake of the Sony
hacking. One of their obvious pressure strategies that we discussed is...
Re: Economic Espionage and Regin
Ottenheimer, Davi (Dec 02)
Dave,
I would love to believe you can speak for all motives within a complex and often changing political bureaucracy.
Perhaps you are in a position to explain away concrete evidence of economic espionage by the United States and the
motives detailed by a former director of central intelligence:
(http://online.wsj.com/article/SB95326824311657269.html)
“Why, then, have we spied on you? The answer is quite apparent from the Campbell report...
INNUENDO 1.,1
Dave Aitel (Nov 27)
Happy Thanksgiving Everyone!
Immunity is ALSO happy to announce the general availability of INNUENDO
1.1 <http://immunityinc.com/products/innuendo/>. With the 1.0 release we
talked a lot about the underlying architecture and how it was easy to
create channels, but all we had was the one HTTP/S channel and named
pipes for the internals of networks.
This release adds three more channels - ICMP, Outlook, and IMAP/SMTP.
And since we're...
Re: Machine Learning and Dimensions and stuff
Oleg Kolesnikov (Nov 27)
[TL;DR alert :]
There is definitely a need to design MLA for security with the “adaptable
adversary” assumption in mind to better align with the security attack
detection domain challenges, particularly in terms of its game-theoretic
aspects.
[obvious mode=on] In my experience, as part of developing good long-term ML
defense, it can be critical to understand how attackers act, TTPs they use,
their motivation, and also the...
Re: software security, disclosure, and bug bounties
Dave Aitel (Nov 25)
The "Bugs don't matter" mantra is probably a standard side effect of
people trying to outlaw exploits. Sadly, these people are weirdly doing
so within the auspices of civil liberties.
Of course, it is hard to disagree that the fuzzing and work you've been
doing on FFMPEG and friends is not going to have an impact (I decline to
say positive or negative here ;>). However, it is possible that
something like the...
Economic Espionage and Regin
Dave Aitel (Nov 25)
It's been catchy to look at the Snowden papers and all the trojans
coming out from "Western" governments and think that the 5 Eyes does
espionage in an unrestricted way the way the Chinese and Russian Axis
does. But they don't.
If they did, you'd see crowing reports from Kaspersky and Symantec that
they found information being stolen from Russian banks to aide UK
financial institutions. You'd see evidence in that...
Things you missed at INFILTRATE
Dave Aitel (Nov 25)
First of all, you missed the person who built it talk about the Dual EC
random number generator, which everyone on Twitter claims is "trojaned".
He hung around and talked to people afterwards, so if you wanted to
annoy him about it, then was the time.
You missed a talk about a USB stack written in Python that runs on
Android phones. This is useful for so many things! I don't even like to
talk about all the things it is useful for!...
Re: software security, disclosure, and bug bounties
Michal Zalewski (Nov 25)
Yes; to be perfectly clear - I sent my response somewhat hastily, but
I am not arguing that good design practices, system-level mitigations,
or secure-by-default coding frameworks do not matter. In fact, in many
cases, they matter more than finding bugs.
I can say this from experience; in all the places I worked at so far,
the only scalable way to do security was to make it hard for
developers to shoot themselves in foot; fuzzing and bug-hunting...
Re: software security, disclosure, and bug bounties
Mathias Payer (Nov 24)
I agree with mz on most points. While I agree that finding bugs is an
important problem (and should be done, frequently, and in great depth
and breadth) there are some problems that remain.
Two problems we face are:
a) some residual bugs remain (but at higher cost for an attacker)
b) new code is being written faster than we can reverify/refuzz all
the software, so there will always be some attack surface that stays a
moving target.
We'll...
Re: Machine Learning and Dimensions and stuff
Sven Krasser (Nov 24)
It’s back online here now: http://vimeo.com/channels/crowdcasts/112702666
Re: software security, disclosure, and bug bounties
Michal Zalewski (Nov 24)
I don't think I subscribe to the school of thought that assumes there
is no value in finding bugs in software that is known to be densely
populated with them.
Sure, some software is designed and written better than others, and it
is easier to reason about its security - although tellingly, we're
*really* only comfortable making that assertion after empirically
looking for bugs, not after making a high-brow literary critique of
the...
Regin, more amazing than sliced bread!
Dave Aitel (Nov 24)
http://www.immunityinc.com/products/innuendo/
http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance
"Regin displays a degree of technical competence rarely seen " says
Symantec. Which is ... an unwarranted level or superlative rarely seen.
I mean, it's great work, and was clearly very successful but there's not
a ton in Regin that you can't buy over-the-shelf as a penetration...
software security, disclosure, and bug bounties
Dan Guido (Nov 24)
In reply to an older post:
https://lists.immunityinc.com/pipermail/dailydave/2014-October/000784.html
Before I begin, I have issues with the premise of this argument. Is
there evidence that supports the claim that “zero day attacks have
been on the rise”? By what metric? Are there now more campaigns that
use 0day? Have more computers been hacked with 0day as compared to
click_me.scr in the last 5 years? In my experience, our industry finds...
software security, disclosure, and bug bounties
Dan Guido (Nov 23)
In reply to an older post:
https://lists.immunityinc.com/pipermail/dailydave/2014-October/000784.html
Before I begin, I have issues with the premise of this argument. Is
there evidence that supports the claim that “zero day attacks have
been on the rise”? By what metric? Are there now more campaigns that
use 0day? Have more computers been hacked with 0day as compared to
click_me.scr in the last 5 years? In my experience, our industry finds...
PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.
Re: [Security Weekly] cheap hosting
Robin Wood (Sep 23)
Resurrecting an old thread but they now have an affiliate program and I can
issue my own codes so:
20% off all servers AqUVYbUXag
50% off all big dog (whatever that is) 7E9YRUzEZy
After a month with them, their tech support is OK but not great, the server
has stayed up and not had any problems.
Robin
Re: [Security Weekly] projecting in a bight space
Jeremy Pommerening (Aug 28)
I would look for a projector with at least 6000 ANSI Lumens or better. A darker screen (grey) may also help.
Jeremy Pommerening
________________________________
From: Robin Wood <robin () digi ninja>
To: Security Weekly Mailing List <pauldotcom () mail securityweekly com>
Sent: Sunday, August 3, 2014 3:42 AM
Subject: [Security Weekly] projecting in a bight space
I've been looking at the venue for next year's...
[Security Weekly] Two Firefox security bugs related to HTTPS
ffbugishere (Aug 17)
Hello world!
We need votes for security bugs!
Adding "Security Exception" for self-signed HTTPS sites cannot be done
permanently
https://bugzilla.mozilla.org/show_bug.cgi?id=1050100
Firefox 31 doesn't supports the industry recommended best HTTPS
ciphers
https://bugzilla.mozilla.org/show_bug.cgi?id=1051210
Other browsers should have the same bugs fixed..
p.s.: We are not related to this group, but we think they worth a
penny...
Re: [Security Weekly] Java and Flash decompilers
Will Metcalf (Aug 05)
JPEXS is very nice for flash IMHO.
http://www.free-decompiler.com/flash/
Regards,
Will
Re: [Security Weekly] Java and Flash decompilers
Bradley McMahon (Aug 05)
I've used flare before to pull apart a flash site for a client.
http://www.nowrap.de/flare.html
-Brad
Re: [Security Weekly] SecurityCenter alternative
Steven McGrath (Aug 04)
SC certainly isn’t cheap (as a former SC customer that moved over to Tenable I can attest to that) however I can point
out that the data aggregation, trending, and custom reporting were huge wins in my book. I guess its a time/money
trade-off. How much time do you want to spend either cobbling together a tool or manually aggregating the data when
there is another tool already out there that can do it out of the box.
I can speak in more...
Re: [Security Weekly] Java and Flash decompilers
S. White (Aug 04)
A few I've used in the past:
JAD - http://varaneckas.com/jad/ , http://en.wikipedia.org/wiki/JAD_(JAva_Decompiler)
HP SWFscan
Adobe SWF investigator http://labs.adobe.com/technologies/swfinvestigator/
________________________________
From: Robin Wood <robin () digi ninja>
To: Security Weekly Mailing List <pauldotcom () mail securityweekly com>
Sent: Monday, August 4, 2014 5:54 AM
Subject: [Security Weekly] Java and...
[Security Weekly] DoFler @ BSidesLV
Steven McGrath (Aug 04)
This will be the 3rd year that DoFler (the Dashboard of Fail) will be at BSidesLV. This year I wrote a new spiffy
interface for maximum trolling. Let’s be honest now, everyone loves to surf for various forms of horrible on the
internet at cons :D. Also added this year is a little vulnerability analysis (using Tenable’s PVS). Every year I try
to improve it a bit based on everyone’s input, and am always welcome to more feedback.
DB...
Re: [Security Weekly] cheap hosting
Robin Wood (Aug 04)
Already sorted but thanks for the info.
Re: [Security Weekly] Java and Flash decompilers
Nathan Sweaney (Aug 04)
Here are a few others I've used with varying success in the past:
SWFInvestigator - http://labs.adobe.com/technologies/swfinvestigator/
SWFScan - from Rafal Los at HP, though the link has been deleted. (Careful,
I've seen trojaned copies online.)
Re: [Security Weekly] SecurityCenter alternative
Paul Asadoorian (Aug 04)
Thanks all for the informative discussion!
I know, I'm jumping in late, some closing thoughts on the subject:
- SecurityCenter has the unique advantage of consolidating plugin
updates, meaning you could have hundred of Nessus scanners deployed in
your organization, and the scanners get the plugin feed from your
SecurityCenter system. The removes the requirement of Internet access
(From the scanners), and greatly eases the administration...
Re: [Security Weekly] SecurityCenter alternative
k41zen (Aug 04)
Thanks for all of your help.
We are in discussions with our Tenable contact about solutions for this issue. They’ve helped me out by enabling me to
move forward to at least deploy this into a Pre-Production environment but the costs of SC are a massive stumbling
block; hence my question about something else. Appreciate we have a big Nessus fan base here of which I am a member
too, but just wondered what could be wrapped around it.
I’ll...
Re: [Security Weekly] SecurityCenter alternative
Adrien de Beaupre (Aug 04)
Hi,
I have also written a series of script to collect data from tools such as
nmap and nessus to import into MySQL called OSSAMS:
http://www.ossams.com/wp-content/uploads/2011/10/ossams-parser-SecTor-2011.zip
That leaves report writing as a series of SQL queries.
I also have a series of scripts to kick off scans, as well as a command
like XML-RPC nessus client in python if anyone is interested.
Cheers,
Adrien
Re: [Security Weekly] cheap hosting
sec list (Aug 04)
Hey Robin,
If you're still looking, might want to try out getclouder.com - they
spin up Linux containers in 5 seconds and use distributed storage, which
is pretty awesome. It's still in beta, so they offer 3 months free
service, but it has been pretty stable so far from my experience.
[Security Weekly] Java and Flash decompilers
Robin Wood (Aug 04)
Hi
I'm trying to put together a list of tools for decompiling Flash and Java
apps. From asking on another list I already have:
Java
JD-GUI
Java Decompiler http://jd.benow.ca/jd-gui/downloads/jd-gui-0.3.6.windows.zip.
Java snoop https://code.google.com/p/javasnoop/
Flash
Trillix
Flashbang https://github.com/cure53/Flashbang
Has anyone here got any others they can suggest?
Ideally I'm looking for free stuff but cheap commercial...
Honeypots — Discussions about tracking attackers by setting up decoy honeypots or entire honeynet networks.
Honeypot malware archives
Matteo Cantoni (Feb 14)
Hello everyone,
I would like share with you for educational purposes and without any
commercial purpose, data collected by the my homemade honeypot.
Nothing new, nothing shocking, nothing sensational... but I think can
be of interest to newcomers to the world of analysis of malware,
botnets, etc... maybe for a thesis.
The files collected are divided into zip archives, in alphabetical
order, with password (which must be request via email). Some...
Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.
Microsoft Security Bulletin Advance Notification for December 2014
Microsoft (Dec 04)
********************************************************************
Microsoft Security Bulletin Advance Notification for December 2014
Issued: December 4, 2014
********************************************************************
This is an advance notification of security bulletins that Microsoft
is intending to release on December 9, 2014.
The full version of the Microsoft Security Bulletin Advance
Notification for December 2014 can be found...
Microsoft Security Advisory Notification
Microsoft (Nov 25)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: November 25, 2014
********************************************************************
Security Advisories Updated or Released Today
==============================================
* Microsoft Security Advisory (2755801)
- Title: Update for Vulnerabilities in Adobe Flash Player in
Internet Explorer
-...
Microsoft Security Bulletin Releases
Microsoft (Nov 18)
********************************************************************
Title: Microsoft Security Bulletin Releases
Issued: November 18, 2014
********************************************************************
Summary
=======
The following bulletin has been released.
* MS14-068 - Critical
The following bulletins have undergone a major revision increment.
* MS14-066 - Critical
* MS14-NOV
Bulletin Information:
=====================...
Microsoft Security Bulletin Advance Notification for November 2014
Microsoft (Nov 18)
********************************************************************
Microsoft Security Bulletin Advance Notification for November 2014
Issued: November 18, 2014
********************************************************************
This is an advance notification for one out-of-band security
bulletin that Microsoft will release on November 18, 2014.
The full version of the Microsoft Security Bulletin Advance
Notification for November 18, 2014...
Microsoft Security Bulletin Summary for November 2014
Microsoft (Nov 11)
********************************************************************
Microsoft Security Bulletin Summary for November 2014
Issued: November 11, 2014
********************************************************************
This bulletin summary lists security bulletins released for
November 2014.
The full version of the Microsoft Security Bulletin Summary for
November 2014 can be found at
<https://technet.microsoft.com/library/security/ms14-nov...
Microsoft Security Advisory Notification
Microsoft (Nov 11)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: November 11, 2014
********************************************************************
Security Advisories Updated or Released Today
==============================================
* Microsoft Security Advisory (2755801)
- Title: Update for Vulnerabilities in Adobe Flash Player in
Internet Explorer
-...
Microsoft Security Bulletin Advance Notification for November 2014
Microsoft (Nov 06)
********************************************************************
Microsoft Security Bulletin Advance Notification for November 2014
Issued: November 6, 2014
********************************************************************
This is an advance notification of security bulletins that Microsoft
is intending to release on November 11, 2014.
The full version of the Microsoft Security Bulletin Advance
Notification for November 2014 can be...
Microsoft Security Advisory Notification
Microsoft (Oct 29)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: October 29, 2014
********************************************************************
Security Advisories Updated or Released Today
==============================================
* Microsoft Security Advisory (3009008)
- Title: Vulnerability in SSL 3.0 Could Allow Information
Disclosure
-...
Microsoft Security Advisory Notification
Microsoft (Oct 21)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: October 21, 2014
********************************************************************
Security Advisories Updated or Released Today
==============================================
* Microsoft Security Advisory (3010060)
- Title: Vulnerability in Microsoft OLE Could Allow Remote Code
Execution
-...
Microsoft Security Advisory Notification
Microsoft (Oct 18)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: October 17, 2014
********************************************************************
Security Advisories Updated or Released Today
==============================================
* Microsoft Security Advisory (2949927)
- Title: Vulnerability in SSL 3.0 Could Allow Information
Disclosure
-...
Microsoft Security Advisory Notification
Microsoft (Oct 16)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: October 15, 2014
********************************************************************
Security Advisories Updated or Released Today
==============================================
* Microsoft Security Advisory (3009008)
- Title: Vulnerability in SSL 3.0 Could Allow Information
Disclosure
-...
Microsoft Security Advisory Notification
Microsoft (Oct 14)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: October 14, 2014
********************************************************************
Security Advisories Updated or Released Today
==============================================
* Microsoft Security Advisory (3009008)
- Title: Vulnerability in SSL 3.0 Could Allow Information
Disclosure
-...
Microsoft Security Advisory Notification
Microsoft (Oct 14)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: October 14, 2014
********************************************************************
Security Advisories Updated or Released Today
==============================================
* Microsoft Security Advisory (2755801)
- Title: Update for Vulnerabilities in Adobe Flash Player in
Internet Explorer
-...
Microsoft Security Bulletin Re-Releases
Microsoft (Oct 14)
********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: October 14, 2014
********************************************************************
Summary
=======
The following bulletin has undergone a major revision increment.
Please see the appropriate bulletin for more details.
* MS14-042 - Moderate
Bulletin Information:
=====================
MS14-042 - Moderate
-...
Microsoft Security Bulletin Summary for October 2014
Microsoft (Oct 14)
********************************************************************
Microsoft Security Bulletin Summary for October 2014
Issued: October 14, 2014
********************************************************************
This bulletin summary lists security bulletins released for
October 2014.
The full version of the Microsoft Security Bulletin Summary for
October 2014 can be found at
<https://technet.microsoft.com/library/security/ms14-oct...
Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community
How long has shellshock been exploited?
Bruce Ediger (Dec 03)
I caught this conversation on an IRC channel that's used by some
kind of cheesy Linux perl bot as a C&C channel:
Intruder: :hai"
Intruder: :wait"
Intruder: :1 sec"
Intruder: :i not here for trouble"
Intruder: :not gonna steal your shitty perlbots"
Intruder: :promise"
Admin: :you cant steal my shitty perlbots :))"
Intruder: :cool story bro"
Intruder: :anywho"
Intruder: :y use such...
An iPhone always lands on its camera?
Rob, grandpa of Ryan, Trevor, Devon & Hannah (Dec 02)
Apple has filed a patent on a way to reorient the iPhone when you drop it.
http://www.theregister.co.uk/2014/12/02/apple_invents_the_selfsaving_neversmas
h_iphone
a) OK, which part of the iPhone do you want to hit the ground first?
b) Do we need an AI component to determine the nature of the surface the
iPhone is hurtling toward, so as to modify the answer to question a?
====================== (quote inserted randomly by Pegasus Mailer)...
New virus vector - (for amusement value only)
Rob, grandpa of Ryan, Trevor, Devon & Hannah (Nov 29)
http://www.liveleak.com/view?i=e27_1327440153&t=1
OK, yes, I know that we all use Turing architecture, and therefore there is no
inherent difference between code and data.
And I'm even willing to believe that somebody building a one-off specialty
program would be a bit careless about buffer overflows and such.
And, yes, we used to fool around programming using only printable characters and
other weird restrictions on the code.
But...
Re: GOTCHA: Google caught STRIPPING SSL from BT Wi-Fi users' searches
Reed Loden (Nov 28)
This is the poorest researched article I've seen in a while.
has likely chosen to use Google's 'nosslsearch' functionality in order to
provide some type of filtered search or force safe search functionality
(which is backed up by what agl says). If this is indeed just 'nosslsearch'
(which it likely is), this isn't Google doing anything wrong at all. BT has
made changes using a very old Google method to force...
GOTCHA: Google caught STRIPPING SSL from BT Wi-Fi users' searches
Jeffrey Walton (Nov 28)
http://www.theregister.co.uk/2014/11/20/gotcha_google_caught_stripping_ssl_search_from_bt_wifi_users_searches/
Google's "encryption everywhere" claim has been undermined by Mountain
View stripping secure search functions for BT WiFi subscribers
piggy-backing off wireless connections, sysadmin Alex Forbes has
found.
The move described as 'privacy seppuku' by Forbes (@al4) meant that BT
customer searches were broadcast in...
Oh, bother ...
Rob, grandpa of Ryan, Trevor, Devon & Hannah (Nov 22)
You will be glad to know that the municipal council in Tuszyn, Poland is
protecting it's children from sexually deviant stuffed toys. Specifically, Winnie-
ther-Pooh. (Yes, "ther." Look it up in the first book.)
http://globalnews.ca/news/1686323/polish-town-opposes-winnie-the-pooh-for-
dubious-gender-immodest-clothing/
Since he wears only a shirt, Winnie is "wholly inappropriate for children. (I'm
not sure...
Information integrity on the Internet
Rob, grandpa of Ryan, Trevor, Devon & Hannah (Nov 17)
http://www.mrboffo.com/comicsweb/mrboffoweb/strips/20141106bfo_s_web.jpg
====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
If you don't know what to say ... shut. up. - Preston Manning at
Regent College 20120125, on what Jesus was teaching his disciples
in his handling of `render unto Ceasar.'
victoria.tc.ca/techrev/rms.htm...
Re: Virus that 'makes humans more stupid' discovered
RL Vaughn (Nov 12)
So people who swallow water while swimming in algae-infested water are dumb?
Whodathunk?
Re: Virus that 'makes humans more stupid' discovered
Ned Fleming (Nov 12)
And they say Americans don't do irony.
Re: Virus that 'makes humans more stupid' discovered
Paul Ferguson (Nov 10)
On 11/10/2014 11:52 AM, Rob, grandpa of Ryan, Trevor, Devon & Hannah
wrote:
discovered-9849920.html
Too late -- it has already reeked havoc in the U.S.
- ferg
Virus that 'makes humans more stupid' discovered
Rob, grandpa of Ryan, Trevor, Devon & Hannah (Nov 10)
http://www.independent.co.uk/news/science/virus-that-makes-humans-more-stupid-
discovered-9849920.html
Should probably check for algae around all machine rooms and user work areas ...
====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
The last man on Earth sat alone in a room.
There was a knock on the door.
- Frederick Brown,...
Efficiency
Rob, grandpa of Ryan, Trevor, Devon & Hannah (Nov 10)
I think this applies to a huge number of projects and enterprises.
http://xkcd.com/1445/
(And I particularly think it applies to quantitative risk management and ROSI.)
====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
For wherever our interest lies, our foot is swift, our tongue
apt, our ears attentive ... and the gain of a penny fills us with...
Keys
Rob, grandpa of Ryan, Trevor, Devon & Hannah (Oct 30)
http://www.bbc.com/news/magazine-29817520
I actually can't recall the last time I got a metal key at a hotel ...
====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
Remember, by the rules of the game, I *must* lie.
*Now* do you believe me? - Margaret Atwood
victoria.tc.ca/techrev/rms.htm...
Availability
Rob, grandpa of Ryan, Trevor, Devon & Hannah (Oct 30)
OK, first off quarantine medical workers who are travelling to help with the Ebola
crisis.
https://twitter.com/Nick_Anderson_/status/526843261277581312/photo/1
Then make sure nobody can report on Ebola to the conference on tropical
diseases.
http://news.sciencemag.org/scientific-community/2014/10/been-ebola-affected-
country-stay-away-tropical-medicine-meeting
====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn...
Modem (?) hacking (?!?)
Rob, grandpa of Ryan, Trevor, Devon & Hannah (Oct 28)
Very cute:
http://security.stackexchange.com/questions/56181/hack-into-a-computer-
through-mac-and-ip-address
====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
A teacher is one who makes himself progressively unnecessary.
- Thomas Carruthers
victoria.tc.ca/techrev/rms.htm...
CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.
Alert - Upcoming Mail Delivery Changes
US-CERT Alerts (May 10)
National Cyber Awareness System
US-CERT Alert - Upcoming Mail Delivery Changes
Thank you for being a subscriber to our US-CERT Alerts product. We
are striving to keep our capabilities at the leading edge of
communication. You may have noticed we've redesigned and upgraded our
website recently and as a part of that process, on May 14th, we are
migrating to GovDelivery as our email subscription service. As a
current subscriber you will...
Current Activity - Upcoming Mail Delivery Changes
Current Activity (May 10)
National Cyber Awareness System
Thank you for being a subscriber to our US-CERT Current Activity
product. We are striving to keep our capabilities at the leading edge
of communication. You may have noticed we've redesigned and upgraded
our website recently and as a part of that process, on May 14th, we
are migrating to GovDelivery as our email subscription service. As a
current subscriber you will need to do nothing. You will notice a...
Current Activity - Microsoft Releases Advance Notification for May 2013 Security Bulletin
Current Activity (May 09)
National Cyber Awareness System
Microsoft Releases Advance Notification for May 2013 Security Bulletin
Original release date: May 09, 2013
Microsoft has issued a Security Bulletin Advanced Notification
indicating that its May release will contain 10 bulletins. These
bulletins will have the severity rating of critical and important and
will be for Microsoft Windows, Office, Internet Explorer, .NET
Framework, Lync, and Windows Essentials. These...
Current Activity - Adobe Releases Security Advisory for ColdFusion
Current Activity (May 09)
National Cyber Awareness System
Adobe Releases Security Advisory for ColdFusion
Original release date: May 09, 2013
Adobe has identified a critical vulnerability affecting ColdFusion 10,
9.0.2, 9.0.1, 9.0, and earlier versions for Windows, Macintosh, and
UNIX. This vulnerability (CVE-2013-3336) could permit an unauthorized
user to remotely retrieve files stored on a server. There are reports
that an exploit of this vulnerability is publicly...
Current Activity - Microsoft Releases Security Advisory for Internet Explorer
Current Activity (May 07)
National Cyber Awareness System
Microsoft Releases Security Advisory for Internet Explorer
Original release date: May 07, 2013
Microsoft is investigating public reports of a remote code execution
vulnerability in Internet Explorer 8 and is aware of attacks that
attempt to exploit this vulnerability. This vulnerability may allow an
attacker to execute arbitrary code if a user accesses a specially
crafted website. Microsoft is actively working...
Current Activity - Cisco Releases Security Advisories
Current Activity (Apr 25)
National Cyber Awareness System
Cisco Releases Security Advisories
Original release date: April 25, 2013
Cisco has released three security advisories to address vulnerabilities
affecting Cisco NX-OS-based products, Cisco Device Manager, and Cisco
Unified Computing System. These vulnerabilities may allow an attacker to
bypass authentication controls, execute arbitrary code, obtain sensitive
information, or cause a denial-of-service condition....
Current Activity - Apple Releases Security Updates for Safari
Current Activity (Apr 18)
National Cyber Awareness System
Apple Releases Security Updates for Safari
Original release date: April 18, 2013
Apple has released security updates for Safari 6.0.4 WebKit to address
multiple vulnerabilities. These vulnerabilities could allow a remote
attacker to execute arbitrary code or cause a denial-of-service
condition.
Safari 6.0.4 WebKit updates are available for the following versions:
* OS X Lion v10.7.5
* OS X Lion Server v10.7.5...
Alert TA13-107A: Oracle has released multiple updates for Java SE
US-CERT Alerts (Apr 18)
National Cyber Awareness System
TA13-107A: Oracle has released multiple updates for Java SE
Original release date: April 17, 2013
Systems Affected
* JDK and JRE 7 Update 17 and earlier
* JDK and JRE 6 Update 43 and earlier
* JDK and JRE 5.0 Update 41 and earlier
* JavaFX 2.2.7 and earlier
Overview
Oracle has released a Critical Patch Update (CPU) for Java SE. Oracle
strongly recommends that customers apply CPU fixes as soon as possible....
Current Activity - Scams Exploiting Boston Marathon Explosion
Current Activity (Apr 17)
National Cyber Awareness System
Scams Exploiting Boston Marathon Explosion
Original release date: April 17, 2013
Malicious actors are exploiting the April 15 explosions at the Boston
Marathon in attempts to collect money intended for charities and to
spread malicious code. Fake websites and social networking accounts have
been set up to take advantage of those interested in learning more
details about the explosions or looking to contribute to...
Current Activity - Malicious Actors May Take Advantage of Boston Marathon Explosion
Current Activity (Apr 17)
National Cyber Awareness System
Malicious Actors May Take Advantage of Boston Marathon Explosion
Original release date: April 17, 2013
Historically, scammers, spammers, and other malicious actors capitalize
on major news events by registering domain names related to the events.
Malicious actors may attempt to exploit the April 15, 2013 explosions at
the Boston Marathon in this way. Some may use fake domains to take
advantage of those interested...
Current Activity - Oracle Releases April 2013 Security Advisory
Current Activity (Apr 17)
National Cyber Awareness System
Oracle Releases April 2013 Security Advisory
Original release date: April 17, 2013
Oracle has released its Critical Patch Update for April 2013 to address
128 vulnerabilities across multiple products. This update contains the
following security fixes:
* 4 for Oracle Database Server
* 29 for Oracle Fusion Middleware
* 6 for Oracle E-Business Suite
* 3 for Oracle Supply Chain Products Suite
* 11 for Oracle...
Current Activity - WordPress Sites Targeted by Mass Brute-force Botnet Attack
Current Activity (Apr 15)
National Cyber Awareness System
WordPress Sites Targeted by Mass Brute-force Botnet Attack
Original release date: April 15, 2013
US-CERT is aware of an ongoing campaign targeting the content management
software WordPress, a free and open source blogging tool and web
publishing platform based on PHP and MySQL. All hosting providers
offering WordPress for web content management are potentially targets.
Hackers reportedly are utilizing over 90,000...
Current Activity - Microsoft Releases April 2013 Security Bulletin
Current Activity (Apr 09)
National Cyber Awareness System
Microsoft Releases April 2013 Security Bulletin
Original release date: April 04, 2013 | Last revised: April 09, 2013
Microsoft has released updates to address vulnerabilities in Microsoft
Windows, Office, Internet Explorer, Server Software, and Security
Software as part of the Microsoft Security Bulletin summary for April
2013. These vulnerabilities could allow remote code execution, elevation
of privilege,...
Current Activity - Microsoft Releases Advance Notification for April 2013 Security Bulletin
Current Activity (Apr 04)
National Cyber Awareness System
Microsoft Releases Advance Notification for April 2013 Security Bulletin
Original release date: April 04, 2013
Microsoft has issued a Security Bulletin Advance Notification indicating
that its April release will contain nine bulletins. These bulletins will
have the severity rating of critical and important and will be for
Microsoft Windows, Office, Internet Explorer, Server Software, and
Security Software. These...
Current Activity - Mozilla Releases Multiple Updates
Current Activity (Apr 03)
National Cyber Awareness System
Mozilla Releases Multiple Updates
Original release date: April 03, 2013
The Mozilla Foundation has released updates to address multiple
vulnerabilities. These vulnerabilities could allow an attacker to
initiate a cross-site scripting attack or obtain sensitive information,
enable privilege escalation or execute arbitrary code, or cause a
denial-of-service condition.
Updates to the following products are...
Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community
Re: Offset2lib: bypassing full ASLR on 64bit Linux
Florent Daigniere (Dec 06)
Here's one of the tickets where the information about compiler hardening
flags is centralized... They have an endless supply of excuses not to
enable any (not even -D_FORTIFY_SOURCE=2 or -Wformat-security)!
https://bugzilla.mozilla.org/show_bug.cgi?id=620058
Florent
Re: How GNU/Linux distros deal with offset2lib attack?
Lionel Debroux (Dec 06)
Hi,
As pointed out by spender, this attack is not quite new, given that
PaX/grsec has defended against it for over a decade :)
Indeed, mainline won't accept a ~4 MB, ~130K-line patchset providing
dozens of configuration options and touching a couple thousand files,
even though it repeatedly protects from pretty much every published
privilege escalation exploit involving kernel holes. Often, published
exploits fall afoul both MEMORY_UDEREF...
Re: How GNU/Linux distros deal with offset2lib attack?
lazytyped (Dec 06)
[...]
I think there is quite a bit of sweating on very little.
This attack assumes that the attacker is capable of guessing the load
address of the PIE binary. It basically already bypassed ASLR. It then
"notices" that the PIE .text segment is loaded at a fixed offset from
the shared libraries (BTW: shared libraries are loaded at fixed offsets
among each others) and mounts a ROP attack using the shared library gadgets.
This...
How GNU/Linux distros deal with offset2lib attack?
Shawn (Dec 06)
Hi guys,
As you know Hector Marco disclosured a new attack targeting the
GNU/Linux mitigation defensive technology earlier this week:
http://www.openwall.com/lists/oss-security/2014/12/04/19
http://cybersecurity.upv.es/attacks/offset2lib/offset2lib.html
Paper & slide:
http://cybersecurity.upv.es/attacks/offset2lib/offset2lib-presentation.pdf
http://cybersecurity.upv.es/attacks/offset2lib/offset2lib-paper.pdf
Hector provides 3 possible...
Re: Offset2lib: bypassing full ASLR on 64bit Linux
Daniel Micay (Dec 06)
Desktop files already work fine, so why fix what's not broken? I don't
think it should fall back to executing stuff at all. TBH, inspecting
file content rather than the Windows / OS X method of relying on the
file extension is quite surprising for a GUI file manager.
Everything is executable (by default) on FAT32/NTFS and you'll run into
fun surprises when there aren't proper shebangs. For example, a Python
module beginning...
Re: Offset2lib: bypassing full ASLR on 64bit Linux
Seth Arnold (Dec 06)
A far better mechanism in Nautilus would be to use execve(2) on the
pathname and see if it executes. Nautilus will never be good at guessing
which files are actually executable on a given system and it is ridiculous
for it to try to guess. It should just execute the selected file and if
that fails, report the failure to the user.
One goofy filemanager doing something silly ought not stop Mozilla from
shipping a safer Firefox.
Thanks
Re: Offset2lib: bypassing full ASLR on 64bit Linux
Daniel Micay (Dec 06)
Yup, it's a pretty lame excuse.
Firefox is only looking at using ASLR for the first time in 2014, and it
lost to supporting the workflow of opening Nautilus, navigating to some
directory and double-clicking the binary (could just be a wrapper...)
rather than using the .desktop file (or the CLI, or $LAUNCHER) or
shipping a script for this.
It's sad. Even if GNOME decides to add another hack to make this work,
it'll be 6 months to...
Re: Offset2lib: bypassing full ASLR on 64bit Linux
Daniel Micay (Dec 06)
So why can't you hide away the binary and drop a script or desktop file
in that directory instead? A desktop file would also provide a better
user experience if unpacking it and using it directly from that
directory via a file manager is something you want to support.
You would be even better off making it a self-extracting archive,
dropping itself into $XDG_DATA_HOME / ~/.local/share like Steam (which
uses PIE...), and generating a desktop...
Re: Offset2lib: bypassing full ASLR on 64bit Linux
Reed Loden (Dec 06)
Obviously, some users are running into it (
https://bugzilla.mozilla.org/show_bug.cgi?id=1076892), or it wouldn't have
had to be backed out.
~reed
Re: Re: Offset2lib: bypassing full ASLR on 64bit Linux
Daniel Micay (Dec 06)
There are some libraries like glibc's /usr/lib/libc.so.6 with valid
entry points, so file would still have trouble disambiguating that way.
I don't really think this is a problem for libmagic/file to solve, if
it's really a problem at all. Nautilus could just remove support for
executing traditional executables too... using CLI utilities that way
isn't going to work out and GUI ones have desktop files.
Re: Offset2lib: bypassing full ASLR on 64bit Linux
Andy Lutomirski (Dec 06)
Why does gcc and/or ld write a non-zero entry point? If they didn't,
that would be an easy way to check.
--Andy
Re: Offset2lib: bypassing full ASLR on 64bit Linux
Daniel Micay (Dec 06)
I don't really see how this would prevent Mozilla from shipping a
browser with ASLR. The Tor browser has been shipping a fork of Firefox
built as a position independent executable for ages. It doesn't impact
users because they're either starting it via a .desktop file or the
command-line.
The support for desktop icons in Nautilus is deprecated / disabled by
default with only a hidden dconf preference to enable it. If you really...
Re: Offset2lib: bypassing full ASLR on 64bit Linux
Hanno Böck (Dec 06)
Reported:
http://bugs.gw.com/view.php?id=404
Re: Offset2lib: bypassing full ASLR on 64bit Linux
Pavel Labushev (Dec 06)
Like it's essentially impossible to invoke the target ET_DYN binary via
a shell script or an ET_EXEC executable wrapper.
Re: Offset2lib: bypassing full ASLR on 64bit Linux
Hanno Böck (Dec 06)
I tried to dig into this a bit. I'm not really sure, but based on the
output I assume nautilus is relying on file or libmagic to assess the
file type.
And that's what fails:
$ file --mime-type pie
pie: application/x-sharedlib
It seems there is no really easy way to separate executables from
shared libraries and whether this should be considered a bug in
file/libmagic. The only thing I quickly found that would be possible is
searching...
Secure Coding — The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.
Silver Bullet: Rick Gordon
Gary McGraw (Dec 05)
hi sc-l,
Silver Bullet episode 104 features Rick Gordon, Managing Partner of Mach37, a Virginia-based cybersecurity incubator.
We talk nuclear subs, finance, running startups, and just exactly what an incubator does:
http://www.cigital.com/silver-bullet/show-104/
Your feedback is welcome.
gem
@cigitalgem
medical device security [searchsecurity]
Gary McGraw (Dec 01)
hi sc-l,
Happy belated dead turkey day to everyone in the US. Happy today day to everyone else.
I'm on my way this week to a healthcare and security meeting in San Francisco this week. Just in time for that, this
month's SearchSecurity column focuses on healthcare, asking who is in charge (at healthcare facilities) and whether we
focus too much attention on patient data:...
CFP: Web 2.0 Security and Privacy (W2SP) 2015
Larry Koved (Nov 12)
http://ieee-security.org/TC/SPW2015/W2SP/cfp.html
WEB 2.0 SECURITY AND PRIVACY 2015 WORKSHOP CALL FOR PAPERS
IMPORTANT DATES
Paper submission deadline:January 12th, 2015 (11:59pm US-PST)
Workshop acceptance notification date: February 19th, 2015
Camera Ready deadline: March 5th, 2015 (11:59pm US-PST)
Presentation deadline: March 31st, 2015 (11:59pm US-PST)
Workshop date: Thursday May 21, 2015
Workshop paper submission web site:...
CFP: Mobile Security Technologies (MoST) 2015
Larry Koved (Nov 12)
http://ieee-security.org/TC/SPW2015/MoST/
MOBILE SECURITY TECHNOLOGIES (MOST) 2015
Thursday, May 21, 2015
The Fairmont Hotel, San Jose, CA
Mobile Security Technologies (MoST) brings together researchers,
practitioners, policy makers, and hardware and software developers of
mobile systems to explore the latest understanding and advances in the
security and privacy for mobile devices, applications, and systems. (For
full submission details,...
Silver Bullet: Brian Krebs
Gary McGraw (Oct 31)
hi sc-l,
Silver Bullet episode 103 features Brian Krebs, whose website
http://krebsonsecurity.com is among the leading security reporting sites on
the planet. Brian was once a reporter for the Washington Post, but he went
solo after being let go (too deep for the dinosaur). Krebs broke a number
of important stories in 2014, including the Target and Home Depot breaches
(among others).
In our conversation, we discuss old media vs new media,...
Silver Bullet 102: Richard Danzig
Gary McGraw (Sep 21)
hi sc-l,
The 102nd monthly episode of the Silver Bullet podcast features a conversation with Richard Danzig. Richard is a very
accomplished leader who served as Secretary of the Navy (among other powerful positions). He is currenty a member of
the Board of the Center for a New American Security. Richard is attempting in his recent work to bridge the gap
between technologists and Washington policy makers when it comes to cybersecurity....
IEEE Center for Secure Design [searchsecurity and silver bullet]
Gary McGraw (Aug 27)
hi sc-l,
This evening in SF we are officially launching the IEEE Center for Seure Design with a small event including security
people and press. Jim DelGrosso and I will make a short presentation about the CSD during the launch.
I devoted both of my monthly pieces (Silver Bullet and SearchSecurity) to the CSD this month.
Please check out this article and pass it on:
http://bit.ly/CSD-SS <...
Silver Bullet Episode 100 (!!): Cigital's Principals
Gary McGraw (Jul 23)
hi sc-l,
Thanks for listening to the Silver Bullet Security Podcast for the eight 1/3 years it has been produced. Each episode
has been downloaded over 10,787 times on average with over 1,067,948 downloads for the podcast as a whole. That's lots
of listening!
To celebrate our 100 months in a row landmark, we shot a live video version of Silver Bullet at the Cigital Tech Fair
this month. The episode features Cigital’s Principals,...
Ruxcon 2014 Final Call For Presentations
cfp (Jul 15)
Ruxcon 2014 Call For Presentations
Melbourne, Australia, October 11th-12th
CQ Function Centre
http://www.ruxcon.org.au
The Ruxcon team is pleased to announce the Final Call For Presentations for Ruxcon 2014.
This year the conference will take place over the weekend of the 11th and 12th of October at the CQ Function Centre,
Melbourne, Australia.
The deadline for submissions is the 15th of September, 2014.
.[x]. About Ruxcon .[x].
Ruxcon is...
Re: [External] Re: SearchSecurity: Medical Devices and Software Security
Gary McGraw (Jul 08)
hi sc-l,
FWIW, I wrote about mdeical device security first in 1998 in the book
³Software Fault Injection.² Our little article was merely meant as a
reminder and to let you all know that some medical device manufacturers
are actually doing analysis.
gem
Re: [External] Re: SearchSecurity: Medical Devices and Software Security
Goertzel, Karen [USA] (Jul 07)
Another big frustration: No-one seems to be making any real headway into the problem of actually measuring loss
attributable to doing nothing - or, in other words, losses cradle to grave from operating insufficiently secure
systems. People try to measure "ROI" from security, which is a ridiculous concept because it involves trying to measure
a negative - i.e., this is how many times we DIDN'T lose $n - can't be done - or...
Re: [External] Re: SearchSecurity: Medical Devices and Software Security
Jeffrey Walton (Jul 07)
https://en.wikipedia.org/wiki/Therac-25 FTW!
+1. Dr. Geer has already warned about it at
http://www.lawfareblog.com/2014/04/heartbleed-as-metaphor/. Can you
imagine the IoT, with medical devices and avionics packages, running
around with little to no testing and little more that the browser
security model. Clear the cache to erase the evidence!!!
This is a political problem rooted in software liability laws (or lack
thereof). Too many carrots,...
Re: SearchSecurity: Medical Devices and Software Security
Jeremy Epstein (Jul 07)
Agree with you - there's nothing new in the article. I gave a talk a
couple years ago at a conference on biomedical engineering, and there was
one person in the room (out of a few hundred) who had heard of Therac-25.
(Which I assume is what you were referring to with 1985.)
If the article were instead published in a medical device or biomedical
engineering journal, that would be something different. But as you say,
putting it in on...
Re: [External] Re: SearchSecurity: Medical Devices and Software Security
Goertzel, Karen [USA] (Jul 07)
Ever since I read an article about the challenges of remote laser surgery being done by doctors at the Naval Hospital
in Bethesda, MD, via satellite link on wounded soldiers in Iraq, I've been warning for years about the need to apply
software assurance principles to the development and testing - and SCRM to the acquisition - of medical devices and
their embedded software. I'm delighted to see someone with your influence start...
Re: SearchSecurity: Medical Devices and Software Security
security curmudgeon (Jul 07)
: Chandu Ketkar and I wrote an article about medical device security based
: on a talk Chandu gave at Kevin Fu?s Archimedes conference in Ann Arbor.
: In the article, we discuss six categories of security defects that
: Cigital discovers again and again when analyzing medical devices for our
: customers. Have a look and pass it on:
:
: http://bit.ly/1pPH56p
:
: As always, your feedback is welcome.
Per your request, my feedback:
Why do...
Educause Security Discussion — Securing networks and computers in an academic environment.
Re: Checkpoint 13500 Next Generation Firewall/Security
Ian McDonald (Dec 06)
I've heard various excuses from various manufacturers where they claim that our traffic, or our networks, are somehow
'different' from what they see 'anywhere' else.
It isn't. It's streams of packets. Probably more concurrent streams than their product was designed to handle, but
nevertheless not unusual in networks the world over, in academia and ISP land.
I suspect that in many cases we're taking...
Checkpoint 13500 Next Generation Firewall/Security
Timothy Pierson (Dec 05)
Greetings,
I am not sure if this is the place to post this query, however it seems the
likely place to start. We have purchased Checkpoint's Next Generation
Firewall/Security Appliance. The model is 13500 and we have the 11 software
blade suite with application and DLP services.
Early September we turned the application security blade service on and it
took our internet connection out, dropping the overall throughput from 750
Mbs to...
Brief Cyberbullying Survey - Your Response is Requested
Julie Luker (Dec 05)
Greetings,
My name is Julie Luker. I am a doctoral candidate in the School of
Education at Hamline University in St. Paul, Minnesota. You are invited to
complete an online Cyberbullying Survey* that I am conducting as part of my
dissertation. My dissertation explores perceptions of cyberbullying within
higher education. This study was approved by the Hamline University Human
Subjects Research review board in December of 2014. An assumption that...
cyber security liability insurance
Alex Jalso (Dec 05)
Hello Everyone,
WVU is considering cyber liability insurance. For those of you who have completed such a purchase or are considering
it, I have a few questions where your input is appreciated.
1. Do you currently have cyber security insurance liability insurance coverage? If no, are you planning on
acquiring it?
If the answer to question one is Yes please answer the following:
2. Was the coverage provided by the state's...
IAM Online Dec. 10 - Are Passwords Passe?
Valerie Vogel (Dec 04)
Please consider joining next week’s free webinar with David Walker and Mike Grady discussing passwords and multi-factor
authentication. (If you are not able to participate, a recording will be available following the event.)
___________________________
IAM Online – Wednesday, December 10, 2014
2 pm ET / 1 pm CT / Noon MT / 11 am PT
www.incommon.org/iamonline<http://www.incommon.org/iamonline>
Are Passwords Passé? Deployment...
Job Posting - University of Washington - Teaching position
Scott Barker (Dec 03)
The Information School at the University of Washington (in Seattle) is searching for a Lecturer or Senior Lecturer in
Information Assurance and Cybersecurity.
This position is focused on teaching and does not require a Ph.D. For details please see:
http://ap.washington.edu/ahr/academic-jobs/position/aa7132/
Review of applicants began December 1, but the position is open until filled. If interested, please apply soon.
Scott Barker...
Re: HEISC Update: 2014 Accomplishments & 2015 Priorities
George Farah (Dec 03)
Valerie
I want to second that. Very helpful indeed for the security journey on our respective campuses. I wish you and everyone
on the team a merry Christmas and happy and safe holidays
George Farah, GIAC/GSEC Gold, CRISC, CISA
Queen's University,
Canada k7l 3n6
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Larry
Thomas
Sent: December-03-14 3:27 PM
To: SECURITY () LISTSERV...
Re: HEISC Update: 2014 Accomplishments & 2015 Priorities
Larry Thomas (Dec 03)
Thanks Valerie for all that you do for us.
Best Regards, Larry
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valerie
Vogel
Sent: Wednesday, December 03, 2014 12:27 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] HEISC Update: 2014 Accomplishments & 2015 Priorities
My apologies for the incorrect links in my original message below. Here are the correct URLs....
Re: HEISC Update: 2014 Accomplishments & 2015 Priorities
Valerie Vogel (Dec 03)
My apologies for the incorrect links in my original message below. Here are the correct URLs.
“Outside the Box: Evolution and Ascent of the CISO” article:
https://www.educause.edu/visuals/shared/er/extras/2014/CISO/index.html
Information Security Guide: http://www.educause.edu/security/guide
Martin Holste’s guest blog: http://www.educause.edu/blogs/vvogel/how-protect-yourself-cybercriminals
Thank you,
Valerie
Valerie Vogel Program...
Re: HEISC Update: 2014 Accomplishments & 2015 Priorities
Barrett, Bruce (Dec 03)
Well done, everyone!!
Bruce
Sent from my iPad
This message is posted on behalf of the HEISC co-chairs to provide an update on 2014 activities and 2015 priorities.
(This message was shared with the CIO list yesterday.)
______________________________
Dear Colleagues,
We would like to highlight some of the HEISC (Higher Education Information Security Council) accomplishments in 2014.
1. Participation in the latest EDUCAUSE Review Online...
HEISC Update: 2014 Accomplishments & 2015 Priorities
Valerie Vogel (Dec 03)
This message is posted on behalf of the HEISC co-chairs to provide an update on 2014 activities and 2015 priorities.
(This message was shared with the CIO list yesterday.)
______________________________
Dear Colleagues,
We would like to highlight some of the HEISC (Higher Education Information Security Council) accomplishments in 2014.
1. Participation in the latest EDUCAUSE Review Online transmedia article, “Outside the Box: Evolution...
Evolution and Ascent of the CISO: New EDUCAUSE Review Article
Valerie Vogel (Dec 02)
Security & IDM Discussion Group members,
I am pleased to share this new EDUCAUSE Review Online ³transmedia² article
on CISOs:
Outside the Box: Evolution and Ascent of the CISO
https://www.educause.edu/visuals/shared/er/extras/2014/CISO/index.html
"Over the past decade we've seen increasing executive interest in
understanding risks, protecting privacy, and mitigating the impacts of
cyber threats. As a result, a new range of...
Re: VA TECH SANS ONSITE - Mark your calendars
Ken Connelly (Nov 27)
It is. But. Two years ago (the last time a class was held at VT) the
cost was $1200 and the year before that it was $999. SANS training is
very good, but the pricing has become exorbitant.
- ken
Re: VA TECH SANS ONSITE - Mark your calendars
Ernie Soffronoff (Nov 26)
$1800 is less than $5000 though...
--Ernie
Happy Thanksgiving, everyone. This is a 'mark your calendar" note about the 2015 VA Tech SANS Onsite class we'll be
offering.
WHAT: SEC 511 - Continuous Monitoring and Security Operations -
https://www.sans.org/course/continuous-monitoring-security-operations
WHEN: 3/9-14/2015
WHERE: VA Tech, Blacksburg, VA
COST: $1800/person for EDU (K-12, Community College, Higher Ed),...
VA Tech SANS Onsite - forgot to mention ...
randy (Nov 26)
Sorry, forgot to mention the SEC 511 course VA Tech is hosting in March,
2015 will be available in the vLive (remote online) format as well for the
same price.
-Randy
NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.
Re: A case against vendor-locking optical modules
Chuck Anderson (Dec 06)
Who is Vendor2?
Re: 10Gb iPerf kit?
Saku Ytti (Dec 06)
Maybe something like EXFO or Anritsu. Spirent and Agilent would be best, but
probably too expensive if this is the only use-case.
Not possible on iPerf. Network testing shouldn't be done with TCP, because
then you don't know what you're testing, are you testing TCP stack of the host
or network?
But writing performing UDP software is quite hard. You cannot use UDPSocket
like iperf does, it just does not work, you are lucky if you...
Re: A case against vendor-locking optical modules
Saku Ytti (Dec 06)
Your points are valid, I actually prefer 3rd party, even if it's more
expensive than 1st party, just to have simpler sparing reducing OPEX.
On RFP all vendors consistently have replied that they won't forbid using 3rd
party optics, and won't deny support contract because of them. They may add
that if optic is suspected, we need to replace it to 1st party, before TAC
continues to work on a case.
1st party does do more testing on...
Re: ARIN's RPKI Relying agreement
Alex Band (Dec 06)
If ARIN (or another other RIR) went offline or signed broken data, all signed prefixes that previously has the RPKI
status "Valid", would fall back to the state "Unknown", as if they were never signed in the first place. The state
would NOT be "Invalid".
What is the likelihood of Joe's Basement ISP being filtered by anyone because their BGP announcements are RPKI
"Unknown", as if they weren't...
Re: Juniper MX Sizing
Shawn Hsiao (Dec 06)
MX480 is also not instantaneous, so the same problem applies. Brad, do you have the number for MX480 for comparison?
What we decided was, given both models suffer the same problems, just different duration, we decided to mitigate the
problem and not spending the money.
Thanks.
Re: ARIN's RPKI Relying agreement
Randy Bush (Dec 06)
if it works, it is scary and must be stopped! and arin is doing such a
great job of that.
randy
Re: Juniper MX Sizing
Shawn Hsiao (Dec 06)
Is your sizing concern just for the RIB, or also for FIB to sync up? The latter was a problem for us, but not the
former. We also have inline-jflow turned on and that is still a work-in-progress in terms of impacting performance.
We are using MX104 for similar purposes for many months now, and with some tweaks in our procedures and configurations
we found it to be acceptable. MX104 may not be able to process routes as fast as MX480, but...
Re: Cisco CCNA Training (Udemy Discounted Training)
Lester VanBrunt (Dec 06)
I would be interested in these as well.
Re: Juniper MX Sizing
Youssef Bengelloun-Zahr (Dec 06)
Hi,
Running MLXe with MR2 and/or CER-RT as MPLS PEs depending on POP size. We also run the later as route reflectors.
They behave beautifully when it comes to churning BGP full feeds, convergence is around 30-45s (full RAM). Routing
capacity is also amazing.
I'm particularly amazed by the CER-RT from a price/performance/footprint perspective. So I would advice it unless the
OP has some specific technical requirements (flowspec support,...
BGP Update Report
cidr-report (Dec 05)
BGP Update Report
Interval: 27-Nov-14 -to- 04-Dec-14 (7 days)
Observation Point: BGP Peering with AS131072
TOP 20 Unstable Origin AS
Rank ASN Upds % Upds/Pfx AS-Name
1 - AS23752 294408 6.0% 2247.4 -- NPTELECOM-NP-AS Nepal Telecommunications Corporation, Internet
Services,NP
2 - AS9829 289126 5.9% 157.7 -- BSNL-NIB National Internet Backbone,IN
3 - AS3816 89250 1.8% 97.5 --...
The Cidr Report
cidr-report (Dec 05)
This report has been generated at Fri Dec 5 21:14:20 2014 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org/2.0 for a current version of this report.
Recent Table History
Date Prefixes CIDR Agg
28-11-14 525097 291796
29-11-14 525194 291783
30-11-14 524970 291808...
Re: Juniper MX Sizing
Brad Fleming (Dec 05)
We have both Brocade CER and XMR (predecessor to the MLXe) in our environment today. We find both platforms attractive
from a price and power consumption standpoint. They will both handle the IPv4 and IPv6 unicast routing tables today.*
The MLXe with MR2 cards is quite a formidable box; lots of power and pretty light-weight OS (compared to Junos). We
found our XMR nodes with original mgmt cards and Gen1 line cards converge pretty quick;...
Re: Juniper MX Sizing
Brad Fleming (Dec 05)
We haven’t received the MX480 gear yet (POs just went in about a week ago). But we tested MX960s with the same
RE-S-1800x4 w/ 16GB RAM RIB+FIB convergence time was roughly 45sec. We never worried about getting a super accurate
time for the MX960 because even an “eye test” showed it was fast enough for our application and we were much more
concerned with other parts of the box. Also, we had inline-flow reporting configured on the MX960....
Re: Juniper MX Sizing
Ammar Zuberi (Dec 05)
What’s a cheaper alternative to the MX104s?
We take a full BGP table and are on the AMS-IX and DE-CIX and are looking for a new router. The MX series looks a bit
out of budget but we’re currently looking into the Brocade MLX series. We push under 10Gbps, but we do need 10Gbps
routing due to capacity issues during attacks.
Sorry for being a bit off-topic here.
Ammar
This email and any files transmitted with it are confidential and...
Re: Juniper MX Sizing
Brad Fleming (Dec 05)
Then you should look for something other then the MX104.
In our testing an MX104 running Junos 13.3R4 with a single, full feed took about 4min 25sec to (1) converge the RIB
from a router sitting 0.5ms RTT away and (2) update the FIB with all entries. This performance was observed with single
RE and dual RE and without any excess services running. If we added inline-flow sampling to the device full convergence
took closer to 5min 45sec in our...
Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating
The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.
Risks Digest 28.40
RISKS List Owner (Dec 06)
RISKS-LIST: Risks-Forum Digest Friday 5 December 2014 Volume 28 : Issue 40
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.40.html>
The current issue can be...
Risks Digest 28.39
RISKS List Owner (Nov 28)
RISKS-LIST: Risks-Forum Digest Friday 28 November 2014 Volume 28 : Issue 39
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.39.html>
The current issue can be...
Risks Digest 28.38
RISKS List Owner (Nov 25)
RISKS-LIST: Risks-Forum Digest Tuesday 25 November 2014 Volume 28 : Issue 38
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.38.html>
The current issue can...
Risks Digest 28.37
RISKS List Owner (Nov 22)
RISKS-LIST: Risks-Forum Digest Friday 21 November 2014 Volume 28 : Issue 37
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.37.html>
The current issue can be...
Risks Digest 28.36
RISKS List Owner (Nov 17)
RISKS-LIST: Risks-Forum Digest Monday 17 November 2014 Volume 28 : Issue 36
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.36.html>
The current issue can be...
Risks Digest 28.35
RISKS List Owner (Nov 13)
RISKS-LIST: Risks-Forum Digest Thursday 13 November 2014 Volume 28 : Issue 35
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.35.html>
The current issue can...
Risks Digest 28.34
RISKS List Owner (Nov 07)
RISKS-LIST: Risks-Forum Digest Thursday 6 November 2014 Volume 28 : Issue 34
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.34.html>
The current issue can...
Risks Digest 28.33
RISKS List Owner (Nov 04)
RISKS-LIST: Risks-Forum Digest Tuesday 4 November 2014 Volume 28 : Issue 33
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.33.html>
The current issue can be...
Risks Digest 28.32
RISKS List Owner (Oct 31)
RISKS-LIST: Risks-Forum Digest Friday 31 October 2014 Volume 28 : Issue 32
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.32.html>
The current issue can be...
Risks Digest 28.31
RISKS List Owner (Oct 24)
RISKS-LIST: Risks-Forum Digest Friday 24 October 2014 Volume 28 : Issue 31
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.31.html>
The current issue can be...
Risks Digest 28.30
RISKS List Owner (Oct 23)
RISKS-LIST: Risks-Forum Digest Thursday 23 October 2014 Volume 28 : Issue 30
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.30.html>
The current issue can be...
Risks Digest 28.29
RISKS List Owner (Oct 09)
RISKS-LIST: Risks-Forum Digest Thursday 9 October 2014 Volume 28 : Issue 29
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.29.html>
The current issue can be...
Risks Digest 28.28
RISKS List Owner (Sep 30)
RISKS-LIST: Risks-Forum Digest Tuesday 30 September 2014 Volume 28 : Issue 28
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.28.html>
The current issue can...
Risks Digest 28.27
RISKS List Owner (Sep 15)
RISKS-LIST: Risks-Forum Digest Monday 15 September 2014 Volume 28 : Issue 27
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.27.html>
The current issue can...
Risks Digest 28.26
RISKS List Owner (Sep 11)
RISKS-LIST: Risks-Forum Digest Thursday 11 September 2014 Volume 28 : Issue 26
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.26.html>
The current issue can...
Data Loss — Data Loss covers large-scale personal data loss and theft incidents. This archive combines the main list (news releases) and the discussion list.
Why cyber thieves love health care--and what you can do about it
Audrey McNeil (Dec 03)
http://www.propertycasualty360.com/2014/12/01/why-cyber-thieves-love-health-care--and-what-you-c?t=erm
Technology has left an indelible imprint on health care delivery, improving
the accuracy and accessibility of patient information, but what about the
risks? Consider the following scenarios:
A hospital nurse lost an iPad containing the names, social security
numbers, medical conditions and other protected health information for
25,000 patients...
Thieves still selling credit card numbers stolen from Target
Audrey McNeil (Dec 03)
http://www.sfgate.com/nation/article/Thieves-still-selling-credit-card-numbers-stolen-5917667.php
One year after thieves infiltrated Target’s cash registers, a website
openly sells millions of credit and debit card numbers stolen in that data
breach and many others.
Anyone can log on to the site, rescator.cc, and shop for cards by ZIP code.
This illegal marketplace is the most glaring reminder that no one has been
brought to justice in the...
Home Depot spent $43 million on data breach in just one quarter
Audrey McNeil (Dec 03)
http://www.networkworld.com/article/2852473/home-depot-spent-43-million-on-data-breach-in-just-one-quarter.html
Home Depot spent US$43 million in its third quarter dealing with the
fallout of one of the largest ever data breaches, highlighting the costly
nature of security failures.
The retailer said in a regulatory filing on Tuesday that it expects $15
million of that cost will be reimbursed by a $100 million network security
and privacy...
Security and the user - taking on the great balancing act
Audrey McNeil (Dec 03)
http://www.information-age.com/technology/security/123458682/security-and-user-taking-great-balancing-act
The rapid evolution of computing devices has enabled 24/7 access to
information and services almost everywhere. However, the abundance of
technology has introduced a wealth of data security concerns that need to
be addressed. The problem is that security measures impact the usefulness
of data; too much will make systems unusable, while too...
How Long Can Healthcare Data Breaches Affect Facilities?
Audrey McNeil (Dec 03)
http://healthitsecurity.com/2014/11/26/long-can-healthcare-data-breaches-affect-facilities/
Healthcare data breaches are unfortunately becoming a common scenario for
hospitals, health systems and individual care providers. The ramifications
of a security breach can be far-reaching, and organizations might have to
work to prove themselves once again capable of keeping patients’protected
health information (PHI) secure.
But just how long can...
IT Security: It's All About Damage Control
Audrey McNeil (Dec 03)
http://www.baselinemag.com/security/it-security-its-all-about-damage-control.html/
The October edition of the *Harper's Magazine* Index included this doozy of
a statistic: The average global company in 2013 was subjected to 16,856
cyber-attacks.
Granted, many of those attacks were minor nuisances, but the sheer volume
speaks to just how important information security has become to
business—and what a struggle it is to stay on top of...
Manufacturers Must Prepare for the Inevitable Data Breach
Audrey McNeil (Dec 02)
http://www.industryweek.com/technology/manufacturers-must-prepare-inevitable-data-breach
IT security is a growing threat for businesses of every type, and the
manufacturing industry is no exception.
Last year, U.S. consumer cyber-attacks came at a price of $38 billion,
according to the 2013 Norton Cybercrime Report by ZDNet and USA TODAY.
That number has undoubtedly risen in 2014, with The Home Depot, Best Buy,
and most recently JP Morgan...
A year after Target data breach, aftershocks finally end
Audrey McNeil (Dec 02)
http://www.twincities.com/shopping/ci_27004429/year-after-target-data-breach-aftershocks-finally-end.html
One year later, the Target data breach has been a costly crime for everyone
involved -- everyone but consumers.
The theft of 40 million credit and debit card numbers came as a shock to
Target shoppers, but analysts say that in the end, almost no consumer
suffered a financial loss.
"It was pretty scary," said Avivah Litan, a...
3 Questions to Ask Vendors When Securing POS
Audrey McNeil (Dec 02)
http://www.databreachtoday.com/blogs/3-questions-to-ask-vendors-when-securing-pos-p-1774
Retailers have what cybercriminals want - a never-ending supply of payment
card data. Unfortunately, as a number of headline-grabbing breaches show,
many well-known retailers have failed to stop attackers from gaining access
to their payment data systems.
Why are attackers so successful at compromising companies in the retail
sector?
Competitive Pressures...
Fortifying Data Privacy and Security in Law Firms and Courts
Audrey McNeil (Dec 02)
http://www.lawtechnologynews.com/id=1202677111995/Fortifying-Data-Privacy-and-Security-in-Law-Firms-and-Courts?slreturn=20141021181858
The Georgetown Law Advanced E-Discovery Institute at The Ritz-Carlton
inTysons Corner, McLean, Va., featured a popular panel entitled “Data
Privacy and Security: Substantive Claims and E-Discovery Issues Abound.” It
was standing room only. The panelists covered data protection policies at
law firms, vendors...
Avoid security breaches during reorganis ation and mergers
Audrey McNeil (Dec 02)
http://www.scmagazineuk.com/avoid-security-breaches-during-reorganisation-and-mergers/article/381130/
When companies reorganise or are brought closer together through merger or
acquisition, the primary focus will nearly always be on the financial and
legal aspects of the process, and questions over security are usually low
down on everyone's list of priorities.
More often than not we all – company employees and customers alike –tend to...
JPMorgan Hacking Raises Alarm About Banks ’ Cyber Defences
Audrey McNeil (Dec 02)
http://businessweekme.com/Bloomberg/newsmid/190/newsid/286
Hackers are testing the financial system’s cyber defences, and they can
boast of some alarming success. Let’s start with what we know. JPMorgan
Chase & Co. says a breach of its computer systems exposed the personal
information of 76 million households and 7 million small businesses. The
intrusion lasted from June until sometime in August, so hackers had more
than a month to nose...
Using company devices for personal activities leads to data loss
Audrey McNeil (Dec 01)
http://www.net-security.org/secworld.php?id=17671
GFI Software released the findings of an independent study into how workers
use company provided computers and laptops for personal activities, and the
direct impact that personal use can have on the organization.
The survey revealed that the employers of 40% of those surveyed had
suffered a major IT disruption cased by staff visiting questionable and
other non-work related web sites with...
Court Upholds $1.4 Million Privacy Verdict
Audrey McNeil (Dec 01)
http://www.govinfosecurity.com/court-upholds-14-million-privacy-verdict-a-7567
A second state court ruling in recent weeks calls attention to how
incidents involving alleged patient privacy violations can lead to
negligence lawsuits that invoke HIPAA as a benchmark.
In the most recent case, the Indiana appellate court has upheld a $1.4
million jury verdict awarded in 2013 to a customer that alleged her privacy
was violated by a Walgreens...
Cyber threats demand executive not just IT skills
Audrey McNeil (Dec 01)
http://fedscoop.com/commentary-cyber-threats-demand-executive-skills/
It seems that every week we read about another cyber incident or data
breach on the front pages of online or print news publications. While
breaches of banks and retailers are now routinely part of that news, so are
more worrisome threats.
Consider the latest acknowledgement from the Department of Homeland
Security that Trojan software has successfully penetrated the critical...
Metasploit — Development discussion for Metasploit, the premier open source remote exploitation tool
Re: Is there a users mailing list?
Tod Beardsley (Oct 20)
These days, people use the forums at http://community.rapid7.com for user talk. Or #metasploit on Freenode IRC.
Is there a users mailing list?
Jon Molesa (Oct 20)
This was the only one google returned. I noticed this is the developers
list.
Re: help
Jon Molesa (Oct 20)
Sorry about this. I was trying to hurry the mail server to try a resend
after subscription. It was meant to bump my grey listing.
I was attempting to interact with the mailman server as seen here
http://www.list.org/mailman-member/node41.html.
I'm fine otherwise. :-P
Re: help
Tod Beardsley (Oct 20)
If this is an emergency, dial 911 (or your country's emergency services number).
Re: How-to update host information
HD Moore (Oct 20)
Hi Jon,
You can edit a host via psql or just the irb console in Metasploit. For example, just do: msf> irb
From this prompt, you can do:
irb> host = Mdm::Host.where(address: '1.1.1.1'); host.hostname = 'BugServer'; host.save!
Keep in mind we normally split up things by workspace, so if you have multiple projects/workspaces:
irb> host = framework.workspace.hosts.where(address: '1.1.1.1')
Hope this...
How-to update host information
Jon Molesa (Oct 20)
Hello,
I'm new here. Could someone please tell me how I can update information
for a host? I haven't tried importing it via a csv, but right now I just
want to know if it is possible to do in msfconsole.
I have a hostname for an IP address that I have previously imported. I
would like to update the record for that IP to include the hostname.
hosts -h doesn't reveal support for updating a host record.
Lastly, if the answer is to...
help
Jon Molesa (Oct 20)
help
Re: ERROR: invalid input when using new Credential API
Pedro Ribeiro (Oct 08)
If I try to attack a domain and set RHOST to a hostname, I get the same error:
[-] Auxiliary failed: ActiveRecord::StatementInvalid
PG::InvalidTextRepresentation: ERROR: invalid input syntax for type
inet: "domain.com"
(domain.com was actually a valid and reachable domain)
I understand that the credential API is new, but this is very clearly a bug.
Regards,
Pedro
Re: ERROR: invalid input when using new Credential API
Pedro Ribeiro (Oct 03)
Isn't that too limiting? What if you are collecting the creds for a host
which is inside a private network, but you can only see the externally
facing host?
Or in other words, what would you do in this case? The host name might be
the same as the rhost, but not on all cases and we can't know that from the
exploit.
Regards
Pedro
reported credential with an address field needs to have an associated IP
(or the hostname must resolve).
a...
Re: ERROR: invalid input when using new Credential API
HD Moore (Oct 03)
The database is keyed off IP addresses, so you are correct in that any reported credential with an address field needs
to have an associated IP (or the hostname must resolve).
-HD
ERROR: invalid input when using new Credential API
Pedro Ribeiro (Oct 02)
Hi,
I'm building an aux module that gets the SQL database credentials from
a target. These credentials are provided in the form
hostname-username-password. I'm using the new Credential API and doing
the following:
service_data = {
address: loot[database_server_name].split('\\')[0],
# port is 0 because we can't get it from the packet_reply
port: 0,
service_name: loot[database_type],...
g.kassaras () googlemail com has indicated you're a friend. Accept?
g . kassaras (Sep 27)
Hi,
g.kassaras () googlemail com wants to follow you.
****** Is g.kassaras () googlemail com you friend? ******
If Yes please follow the link below:
http://invites.flipmailer.com/signup_e.html?fullname=&email=framework () spool metasploit
com&invitername=g.kassaras () googlemail
com&inviterid=31175062&userid=0&token=0&emailmasterid=db05a8fc-3a7b-4f3d-827d-842eb601aa28&from=g.kassaras
()...
Re: vim syntax highlighting for rc files
Tod Beardsley (Sep 07)
We don't do this because it's easy, we do it because it's hard. :)
Re: vim syntax highlighting for rc files
Robin Wood (Sep 07)
Wouldn't have thought it was easy but not being easy doesn't normally stop
people.
Robin
Re: vim syntax highlighting for rc files
Tod Beardsley (Sep 07)
They're nearly always a mix of console commands and chunks of ruby. Sometimes they have bash/OS commands, too. So,
you're looking at two and maybe three intermixed styles. Not trivial?
Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.
Re: Need Your Support on Reassembling of packets
Huffman, Joseph (Dec 04)
I had problems with this too.
In doc/README.dissector do a search for “desegment_” for the documentation.
As an example see the function set_pinfo_desegment(), the calls to it, and the comments in
epan/dissectors/packet-alljoyn.c for my solution. This may not be the best example but it seems to work.
From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Raj sekar
Sent: Wednesday,...
Re: Removing Inaccessable Gerrit Account
Stalley, Sean (Dec 04)
Is there someone I should direct this request to?
Thanks,
Sean
From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Stalley, Sean
Sent: Friday, November 14, 2014 2:03 PM
To: wireshark-dev () wireshark org
Subject: [Wireshark-dev] Removing Inaccessable Gerrit Account
Hello All,
I no longer have access to the gmail account that I have associated with my work email address in gerrit.
Is there...
Need Your Support on Reassembling of packets
Raj sekar (Dec 03)
Hi All,
greetings!
Iam Developing Custom Dissector and i have almost finished and got stuck in
Reassemble of packets.
I have been posting question on wireshark website and could not get the
solution.
PLEASE HELP ME ON THIS !
My code is below and do not know whats wrong in this. Reassembly TVB itself
not created.
I have also posted questions here
https://ask.wireshark.org/questions/38292/reassemble-length...
Re: Toolbar icons without text -- know issue in Qt?
Gerald Combs (Dec 01)
The necessary plumbing from the preferencesChanged signal to a slot that
calls main_ui_->mainToolBar->setToolButtonStyle doesn't currently exist,
but it should be easy enough to add.
Re: The possibility of a curses based Wireshark
Stephen Fisher (Dec 01)
Wow! I didn't know that existed. Thanks.
Re: The possibility of a curses based Wireshark
Stephen Fisher (Dec 01)
Ah, the good oll' days. And I had no idea it was open source now!
Re: Gtk3 ugliness (Was: --without-gtk3 doesn't imply --with-qt)
Jeff Morriss (Dec 01)
That certainly looks usable (a big improvement from what's there now).
:-) I guess it's just a question of when I upgrade to a Fedora version
with the new Gtk3.
Hmm it works well with Gtk2 though: I get a nice green icon when I can
capture and a nice gray icon (with the same shape) when I can't capture.
Do you mean for Gtk3 we need to ship 2 icons (one for enabled and one
for disabled) or are we disabling the icons the wrong...
Re: --without-gtk3 doesn't imply --with-qt
Bálint Réczey (Dec 01)
Hi Jeff,
2014-12-01 18:59 GMT+01:00 Jeff Morriss <jeff.morriss.ws () gmail com>:
Yes, the active and inactive tabs look almost the same, because there
is no theme installed for GTK+ and the default look was pretty ugly.
Adwaita became the built-in standard theme from GTK+3.14 thus the default look
should change to something similar to what I attached on every system.
I can hardly fix that in GTK+3, it is the the icon shipped with...
Re: --without-gtk3 doesn't imply --with-qt
Jeff Morriss (Dec 01)
(I generally build on Fedora though what I push to my users is for
RHEL/CentOS.)
I think what really did it for me was the Decode-As window:
https://www.wireshark.org/lists/wireshark-dev/201307/msg00198.html
I can (still) barely tell which tab I'm on.
Looking at it more I think another thing that bothers me even on the
home page is that the (disabled - because in my build environment I
don't have capture privs) "start...
Re: [RANAP truncated] - 1.10.5
Pascal Quantin (Nov 30)
2014-11-29 12:59 GMT+01:00 Michal Mazurek (mimazure) <mimazure () cisco com>:
Hi Michal,
from what I can see in the SCCP dissector source code, you should use a
Long Unitdata SCCP message (and not a Unitdata SCCP message) if you want
to code the payload length on 2 bytes.
Regards,
Pascal.
Re: The possibility of a curses based Wireshark
Edwin Groothuis (Nov 30)
I would totally make this with TurboVision as the TUI.
Edwin
Re: PSA: QString.toUtf8().constData() pattern is unsafe
Peter Wu (Nov 29)
Ah cool, I did not know this. I assumed that the pointer became invalid
after the (sub)expression is evaluated rather than after the statement.
This is exactly what I encountered, and due to the previous assumption I
made, I extended it to other uses of the pattern (including the provided
example).
What actually crashed was the code that saves Recent files (because it
stores a pointer to a const char*), and a UAT change handler
(Preferences...
[RANAP truncated] - 1.10.5
Michal Mazurek (mimazure) (Nov 29)
Hello,
While trying to create a fake RANAP packet I experience a problem that if a RANAP packet is longer than 1 octet (i.e.
RANAP SCCP parameter is longer than 1 octet) Wireshark fails to decode the whole RANAP content.
It does not take into account 2 octet length 017A, dissector is provided only with 7A length and only this gets
decoded. Long data SCCP parameter shall be working.
Is there any coding issue from my side while dumping the...
Re: Support dissecting REAL (BER) data values
Maarten Bezemer (Nov 29)
Hi,
I noticed that the function was indeed used by packet-ber.c as well. I do not
have means to test whether my changes are compatible with PER.
But if the encoding indeed is identical, it should be working... Although the
dissect_per_real() function (or what ever its name is), does probably need
some updates, as I did for the BER variant.
A disadvantage of putting the code in asn1.c is that it does not have means to
add decoding...
Re: --without-gtk3 doesn't imply --with-qt
Bálint Réczey (Nov 29)
Hi Jeff,
2014-11-26 19:26 GMT+01:00 Jeff Morriss <jeff.morriss.ws () gmail com>:
Could you please share a screenshot about what you find horrible in GTK3?
I'm using the Debian package which looks quite good to me and I
managed to get the OS X version to be nice as well:
http://balintreczey.hu/blog/beautiful-wireshark-on-os-x-using-homebrew-and-gtk3quartz/
The only platform to receive a facelift left is Win32/Win64 which
Pascal had...
Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.
Re: Ignoring Backups - TCP Stateful?
Doug Burks (Dec 06)
Replies inline.
<snip>
PRADS creates session data and asset data.
Snort creates alert data.
Those are three different types of data.
sancp_agent and pads_agent take the session data and asset data
(respectively) from PRADS and send it to sguild to be stored in the
Sguil database.
Take a look at the Presentation link on our site:
https://docs.google.com/uc?export=download&id=0BzQ65xrcMwNEVnhYZ0pOeXB4ejA
Slide 5 contains an...
Re: pf_ring, openfpc, snort and snorby
Matheus Condi'ez (Dec 06)
So Kevin yeh I love bro and will be rrunning it as a guest vm (probably as
a secon sensor).
OK so this is my new plan (no pf_ring)
Redhat server running openfpc and v box.
Fedora guest running snort (with this new app ID thing!)
Seconion guest running bro.
I'm gonna put a splunk forwarder on the guests and also get snort to write
to snorby db.
------------------------------------------------------------------------------
Download BIRT...
Re: pf_ring, openfpc, snort and snorby
Matheus Condi'ez (Dec 06)
Leon,
Thanks for the interest and reply.
Firstly I have decided to park Pf _ RING for now as it seemed like too
much work for a performance rather than utility reward - I Wana focus on
pcaps.
So Leon, I've been interested in openfpc for a while now, finally got some
time to have a crack at building it.
Now all the build docs seem to be Ubuntu which is fine cos Ubuntu is
usually a lot easier to get packages for but the goal for me is to...
Re: Ignoring Backups - TCP Stateful?
Colony.Three (Dec 05)
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk...
Re: Ignoring Backups - TCP Stateful?
Doug Burks (Dec 05)
Replies inline.
Disabling the services listed below will help some, but 3GB RAM may
still cause swapping if you're planning on running snort, netsniff-ng,
Bro, Snorby, and ELSA. Disable any unneeded services as shown here:
https://code.google.com/p/security-onion/wiki/DisablingProcesses
OR re-run Setup, choose Advanced Setup, Standalone, and then choose to
disable the processes there.
Xubuntu has a System Load Monitor that you can add to...
Re: Ignoring Backups - TCP Stateful?
Colony.Three (Dec 05)
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk...
Re: Ignoring Backups - TCP Stateful?
Doug Burks (Dec 05)
Replies inline.
Snorby wasn't designed to monitor sniffing processes. It was designed
to monitor IDS alerts.
In addition to the bpf syntax error I mentioned in my previous email,
I also see the following Snort error:
ERROR: The dynamic detection library
"/usr/local/lib/snort_dynamicrules/file-image.so" version 1.0 compiled
with dynamic engine library version 2.1 isn't compatible with the
current dynamic engine library...
Re: Ignoring Backups - TCP Stateful?
Doug Burks (Dec 05)
Replies inline.
netsniff-ng and snort are failed, most likely due to a bad BPF. I
didn't notice the "tcp host" in your BPF previously, loading it into
tcpdump causes an error. Changing it to the following works:
not(host 192.168.1.4 and tcp port 8027)
Your sensor only has 2GB RAM and is using lots of swap:
Mem: 2049604k total, 1891388k used, 158216k free, 6808k buffers
Swap: 3119900k total, 1579156k used, 1540744k...
Re: Ignoring Backups - TCP Stateful?
Colony.Three (Dec 05)
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk...
Re: Ignoring Backups - TCP Stateful?
Colony.Three (Dec 05)
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk...
Re: Ignoring Backups - TCP Stateful?
Doug Burks (Dec 05)
Replies inline.
"sudo sostat" can help you with this. If you need help interpreting
the sostat output, please run the following command:
sudo sostat-redacted
There will be a lot of output, so you may need to increase your
terminal's scroll buffer OR redirect the output of the command to a
file:
sudo sostat-redacted > sostat-redacted.txt 2>&1
sostat-redacted will automatically redact any IPv4/IPv6/MAC addresses,
but...
Re: Snort.org
Michael Wisniewski (Dec 05)
Thanks; I was wondering what was going on. Is there an ETA when it
will be back up? I just finished an install and waiting to pull the
rules down through pulledpork to finish testing.
Thanks!
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native...
Re: Ignoring Backups - TCP Stateful?
Colony.Three (Dec 05)
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk...
Re: Error 500 today?
Jeremy Hoel (Dec 05)
Joel posted to the list earlier that they where moving g snort.org around
and there might be some issues.
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for...
Error 500 today?
Andre DiMino (Dec 05)
Everything worked fine up until this morning. Now I see:
"Checking latest MD5 for snortrules-snapshot-2962.tar.gz....
Error 500 when fetching
https://www.snort.org/reg-rules/snortrules-snapshot-2962.tar.gz.md5 at
/home/xxx/xxx/pulledpork-0.7.0/pulledpork.pl line 463.
main::md5file('my_oinkcode', 'snortrules-snapshot-2962.tar.gz', '/tmp/', '
https://www.snort.org/reg-rules/') called at...
We also maintain archives for these lists (some are currently inactive):
Read some old-school private security digests such as Zardoz at SecurityDigest.Org
We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.
|