SecLists.Org Security Mailing List Archive

Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:

Insecure.Org Lists

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

Re: Reworking pcap__switch_to_buffer Daniel Miller (Apr 29)
Varunram,

The libpcap code is not "ours," so we do not make or accept modifications
to it. If you want to work on this code, check out the upstream repository
[1] and make your changes to their development branch. We are currently a
version or two behind the latest release from them, so it is possible this
has already been addressed.

Dan

[1] https://github.com/the-tcpdump-group/libpcap

Reworking pcap__switch_to_buffer Varunram Ganesh via dev (Apr 29)
Greetings List,

I was going through the source of libpcap when I came across this function call with a TODO statement [1]. It involves
deleting the present body of pcap__switch_to_buffer and replacing it with calls to pcap_pop_bufffer_state and
pcap_push_buffer_state. These two functions seem to handle the work of the statements currently in
pcap__switch_to_buffer, so I don't find any problem with deleting them. What are your opinions...

Re: nmap python dll mishandled Varunram Ganesh via dev (Apr 28)
Hi Tal,
As Dan rightly pointed out over at [1], removing the PATH variable would be a temporary fix to the reported problem,
till we can restructure the installation package.

[1] https://github.com/gpodder/gpodder/issues/286

Cheers,
Varunram _______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Re: Performance Improvement Request - Stop a host currently being scanned through runtime interaction Daniel Miller (Apr 27)
Sam,

Thanks for the suggestion. We have considered various interactive options
for affecting scan time, but nothing has gained traction. As a general
suggestion, if you find this happening frequently, identify what part of
the scan is actually taking up the time. If it's NSE scripts, add
--script-timeout to your scans to prevent any particular script from taking
too much time. This is pretty safe, since you would only lose the output of
the...

Re: erronous sorting of traceroute path Daniel Miller (Apr 27)
Chris,

nnposter has answered the second question pretty well already. I'll only
add that the responses are sorted according to the outgoing TTL of the
packet that prompted the result, meaning that it's not a time-distance but
a discrete number of hops distant from your network position.

Regarding the first question, I notice that in the one case where the
router is not shown, the probe used for traceroute is ICMP Echo Request. In
the...

Re: Nmap Pingscan - ignore reset Daniel Miller (Apr 27)
Simon,

Thanks for the question. Nmap doesn't currently have an option for this,
but we are collecting ideas for detecting RST spoofing like this over at
Github [#595]. In the meantime, using other -P* options like -PE (ICMP Echo
Request) or -PA (TCP ACK) could help, depending on what the firewall will
actually respond to and let through. There is also the manual step of first
doing a minimal port scan (only 80 and 443, for example), then...

Re: Ping scan misses my ASUS router, but nmap finds it Daniel Miller (Apr 27)
Dan,

Thanks for the report. We have been tracking an issue with ARP host
discovery on fast networks on Github for a long time [#92], but haven't
gotten any good leads on what might be causing this. I hope you can
participate over there. I would be particularly interested in answers to
the following questions:

1. Does Nmap (Zenmap) consistently miss this host, or does it sometimes
find it?
2. Does Nmap miss other hosts on the network, too?...

Re: Please add better demarcation between hosts in nmap output Daniel Miller (Apr 27)
The output for a single host is everything from "Nmap scan report for"
until the next "Nmap scan report for" line. Adding blank lines could be
helpful, and when the scan is anything but -sn or -sL, there is a blank
line there. But there's also more output, so the blank line doesn't add
that much relative whitespace. With -sn, there are as few as 2 lines per
host (1 line for -sL), so adding a blank line is a 50%...

Re: erronous sorting of traceroute path nnposter (Apr 27)
The latency is calculated from how long it took the original packet to
reach the hop where it expired *and* how long it took the ICMP type 11
notification to come back.

Some routers tend to prioritize routing packets over internal functions
(such as sending the above-mentioned ICMP response). This way it is
possible for an ICMP message from hop N+1 to arrive faster than from hop
N because the response from N+1 is treated like a routed packet by...

Re: snmp-ios-config script argument problem Daniel Miller (Apr 27)
Sorry for the delay in getting this message through to the mailing list.
You reported this separately on Github [1], and I believe we satisfactorily
resolved it there:

1. Corrected examples in NSEdoc to reflect the creds.snmp script-arg in use
for several versions now.
2. Improved snmp.lua's retrieval of credentials to understand strings
provided without a ":" separator.

Dan

[1] https://github.com/nmap/nmap/issues/862

Re: snmp-ios-config script argument problem nnposter (Apr 27)
The script arguments have changed. Please try

--script-args creds.snmp=:private

Cheers,
nnposter

erronous sorting of traceroute path C H (Apr 27)
hi there,

i am using nmap with the zenmap frontend. I regularly get results for the
'quick traceroute' that i do not understand:

*Starting Nmap 7.01 ( https://nmap.org <https://nmap.org> ) at 2017-04-26
22:15 CESTNmap scan report for www.heise.de <http://www.heise.de>
(193.99.144.85)Host is up (0.025s latency).Other addresses for www.heise.de
<http://www.heise.de> (not scanned):...

Performance Improvement Request - Stop a host currently being scanned through runtime interaction Sam Hamid (Apr 27)
Request:
Is it possible to add a feature to allow users to stop\skip, or maybe even add, a specific host after a scan is
initiated?

For example: Similar to pressing d or v to increase the debugging or verbosity levels while a scan is running, maybe
pressing a key (s for example) followed by an IP address to stop scanning that specified IP address and a key (a for
example) followed by an IP address to add that IP to the list of hosts to scan....

nmap python dll mishandled Tal Tamir (Apr 27)
please take a look at this issue on gpodder
https://github.com/gpodder/gpodder/issues/286
This issue is specifically caused by nmap doing something wrong with its
python dll. Note that I have many programs on my computer that include a
python27.dll in their install folder, but only nmap causes this issue.

Nmap Pingscan - ignore reset Simon Gfeller (Apr 27)
Hello together,

I had a problem with the pingscan already a few times when I had to
discover hosts in a subnet. I use -PS with a few top ports like 80, 443
etc.
But sometimes, if there is a firewall which sends tcp resets on specific
ports even if there is no host, I have a lot of fals positives, because
nmap recognises hosts with a tcp reset as online.

Is there a way to ignore reset packages during a ping/discovery scan? If
not, is it...

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.

Nmap Project Seeking Talented Programmers for GSoC 2017 Fyodor (Mar 27)
Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're one...

Nmap GSoC 2016 Success Report Fyodor (Feb 07)
Happy belated new year from the Nmap Project! I'd like to take this
opportunity to send you the belated results from our 2016 Summer of Code
team. I was going to send them right after the program finished, but some
of the students were still finishing some great things so I decided to
wait. As you may recall from the team intro mail (
http://seclists.org/nmap-announce/2016/2), we had 5 students last year and
I'm happy to report that...

Nmap 7.40 Holiday Release: a dozen new NSE scripts, hundreds of new fingerprints, new Npcap, faster brute forcing, and more... Fyodor (Dec 20)
Happy holidays from the Nmap Project! In case your Christmas break plans
involve a lot of port scanning, we're delighted to announce our holiday
Nmap 7.40 release! This version stuffs your stockings with dozens of new
features, including:

- 12 new NSE scripts
- Hundreds of updated OS and version detection detection signatures
- Faster brute force authentication cracking and other NSE library
improvements
- A much-improved...

Nmap 7.31 stability-focused point release Fyodor (Oct 21)
Hi folks. I'm happy to report that the big Nmap 7.30 release last month
was a great success. We didn't even see as many bugs as expected for such
a large release, but we have collected and fixed the ones which did arise
in the last few weeks into a new 7.31 point release. It includes the
latest updates to our new Npcap driver, a fix for Nping on Windows, and
more.

Nmap 7.31 source code and binary packages for Linux, Windows, and Mac...

Nmap 7.30 Released with new NSE scripts, new Npcap, new Fingerprints, etc. Fyodor (Sep 29)
Hi folks! You may have noticed that we've only been releasing Nmap betas
for the last 6 months because we've had so much new code and so many
features to integrate thanks to hard work from both our regular team and
the 5 Google Summer of Code summer interns. But we spent the last month
focused on stability and I'm pleased to announce Nmap 7.30--our first
stable release since 7.12 back in March.

Even though it's a stable...

Nmap 7.25BETA2 Birthday Release Fyodor (Sep 01)
Hi folks! I'm happy to report that today is Nmap's 19th birthday and
instead of cake, we're celebrating open source style with a new release!
Nmap 7.25BETA1 includes dozens of performance improvements, bug fixes, and
new features. The full list is below, and includes a major LUA upgrade for
NSE scripts, a new overlapped I/O engine for better Windows performance, a
much-improved version of our new Npcap packet capturing driver,...

Nmap 7.25BETA1 Released with our new Npcap driver, 6 new NSE scripts, and more! Fyodor (Jul 19)
Hi folks! As you may know, we've been working for the last 3 years on an
improved Windows packet capturing library named Npcap. It's based on the
original WinPcap (which hasn't been maintained in years), but we rewrote
the driver to use modern APIs (NDIS 6) for better performance. It also
improves security and enables new features. For example, Npcap allows Nmap
to do raw scans (including SYN scans and OS detection) of localhost...

Introducing the 2016 Nmap/Google Summer of Code Team! Fyodor (May 09)
Hello everyone. Google has agreed to sponsor five amazing students to
spend this summer enhancing the Nmap Security Scanner and I'm proud to
introduce our 2015 team:

*Abhishek Singh* will be working as a Feature Creeper and Bug Hunter,
making improvements throughout the Nmap codebase. The project hasn't even
started yet and he's already found and fixed several NSE script bugs and
has other code changes in the works. Abhishek is...

Nmap 7.10 released: 12 new scripts, hundreds of OS/version fingerprints, bug fixes, and more! Fyodor (Mar 17)
Hi Folks! Before I tell you about today's new Nmap release, I wanted to
share some Summer of Code news:

Google posted a fantastic story by one of our Summer of Code alumni about
how the program helped take him from rural China to a full-ride scholarship
at the University of Virginia graduate school! His mentor David and I had
the chance to meet him in San Francisco:...

Nmap Project Seeking Talented Programmers for Google Summer of Code 2016 Fyodor (Feb 29)
Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're one...

Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

360 security android app snoops data to China Unicom network via insecure HTTP seclists (Apr 30)
I have a further update on the issue. After uninstalling the 360 security android app, I found after repeated checks of
Network Info on my phone via the Ping & DNS app that even then the HTTP connection to IP address 123.125.114.8 still
frequently showed up. So, I monitored the network connections on my phone via the Network Connections app
(https://play.google.com/store/apps/details?id=com.antispycell.connmonitor) and found that this time...

PRL and CSRF vulnerabilities in D-Link DAP-1360 MustLive (Apr 30)
Hello list!

After previous Cross-Site Request Forgery and Cross-Site Scripting
vulnerabilities, here are new ones. There are Predictable Resource Location
and Cross-Site Request Forgery vulnerabilities in D-Link DAP-1360 (Wi-Fi
Access Point and Router).

-------------------------
Affected products:
-------------------------

Vulnerable is the next model: D-Link DAP-1360, Firmware 1.0.0. This model
with other firmware versions also must be...

CVE-2017-7981: Tuleap Remote OS Command Injection Ben N (Apr 30)
# Tuleap - Command Injection in Project Wiki

CVE: CVE-2017-7981

CVSSv3: 9.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C)

Versions affected: >= 8.3 and <= 9.6.99.86

## Introduction

Tuleap is a Libre suite to plan, track, code and collaborate on software
projects. Tuleap helps development teams to build awesome applications,
better, faster, easier.

## Background

Tuleap uses PHPWiki as a plugin to provide a weak feature...

SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options Securify B.V. (Apr 29)
------------------------------------------------------------------------
SyntaxHighlight MediaWiki extension allows injection of arbitrary
Pygments options
------------------------------------------------------------------------
Yorick Koster, February 2017

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A vulnerability was found in the...

Local privilege escalation vulnerability in HideMyAss Pro VPN client v3.x for macOS Securify B.V. (Apr 29)
------------------------------------------------------------------------
Local privilege escalation vulnerability in HideMyAss Pro VPN client
v3.x for macOS
------------------------------------------------------------------------
Han Sahin, April 2017

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A local privilege escalation vulnerability...

Multiple local privilege escalation vulnerabilities in HideMyAss Pro VPN client v2.x for OS X Securify B.V. (Apr 29)
------------------------------------------------------------------------
Multiple local privilege escalation vulnerabilities in HideMyAss Pro VPN
client v2.x for OS X
------------------------------------------------------------------------
Han Sahin, April 2017

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
Multiple local privilege...

Apple iOS 10.2 & 10.3 - Control Panel Denial of Service Vulnerability Vulnerability Lab (Apr 28)
Document Title:
===============
Apple iOS 10.3 - Control Panel Denial of Service Vulnerability

References:
===========
https://www.vulnerability-lab.com/get_content.php?id=2059

Video: https://www.youtube.com/watch?v=MSscCLATxPQ

Release Date:
=============
2017-04-27

Vulnerability Laboratory ID (VL-ID):
====================================
2059

Common Vulnerability Scoring System:
====================================
3.3

Vulnerability Class:...

Security Issues in Alerton Webtalk (Auth Bypass, RCE) David Tomaschik via Fulldisclosure (Apr 27)
Security Issues in Alerton Webtalk
==================================

Introduction
------------

Vulnerabilities were identified in the Alerton Webtalk Software supplied by
Alerton. This software is used for the management of building automation
systems. These were discovered during a black box assessment and therefore
the
vulnerability list should not be considered exhaustive. Alerton has
responded
that Webtalk is EOL and past the end of its...

SEC Consult SA-20170425-0 :: Portrait Display SDK Service Privilege Escalation SEC Consult Vulnerability Lab (Apr 25)
SEC Consult Vulnerability Lab Security Advisory < 20170425-0 >
=======================================================================
title: Privilege Escalation due to insecure service configuration
product: Portrait Display SDK Service
vulnerable version: mutliple, see PoC
fixed version: multiple, see solution
CVE number: CVE-2017-3210
impact: critical
homepage:...

SSD Advisory – HPE OpenCall Media Platform (OCMP) Multiple Vulnerabilities Maor Shwartz (Apr 25)
Link: https://blogs.securiteam.com/index.php/archives/3087

SSD Advisory – HPE OpenCall Media Platform (OCMP) Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: ssd () beyondsecurity com

Vulnerabilities Summary
The following advisory describes Reflected Cross-Site Scripting (XSS)
vulnerabilities and a Remote File Inclusion vulnerability that when
combined can lead to Code Execution, were found in...

Dell Customer Connect 1.3.28.0 Privilege Escalation Kacper Szurek (Apr 25)
# Exploit Dell Customer Connect 1.3.28.0 Privilege Escalation
# Date: 25.04.2017
# Software Link: http://www.dell.com/
# Exploit Author: Kacper Szurek
# Contact: https://twitter.com/KacperSzurek
# Website: https://security.szurek.pl/
# Category: local

1. Description

DCCService.exe is running on autostart as System.

This service has auto update functionality.

Basically it periodically checks https://otbs.azurewebsites.net
looking for new...

Samsung Smart TV Wi-Fi Direct Improper Authentication Info (Apr 25)
Samsung Smart TV Wi-Fi Direct Improper Authentication

--------------------------------------------------------------------------------
1. Advisory Information

Title: Samsung Smart TV Wi-Fi Direct Improper Authentication
Advisory ID: NESESO-2017-0313
Advisory URL: http://neseso.com/advisories/NESESO-2017-0313.pdf <http://neseso.com/advisories/NESESO-2017-0313.pdf>
Date published: 2017-04-19
Date of last update: 2017-03-13
Vendors...

Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Dawid Golunski (Apr 25)
Hi Filippo,

I'm re-sending my reply I sent on the weekend as it seems my reply to
the list got returned with a
delivery error.

I received a reply from MITRE regarding which CVE to use in this
situation. Here is the reply I received:

'CVE-2017-7692 is now correct.

CVE-2017-5181 is no longer a valid ID number according to our
http://cve.mitre.org/cve/cna/CNA_Rules_v1.1.pdf policy. We fully
recognize that you made an earlier report of...

Flyspray 'real_name' Cross Site Scripting Vulnerability HTTPCS (Apr 25)
HTTPCS Advisory : HTTPCS160

Product : Flyspray

Version : 1.0-rc4

Date : 2017-04-24

Criticality level : Less Critical

Description : A vulnerability has been discovered in Flyspray , which can be
exploited by malicious people to conduct cross-site scripting attacks. Input
passed via the 'real_name' parameter to '/index.php?do=myprofile' is not
properly sanitised before being returned to the user. This can be exploited...

OXATIS 'EMail' Cross Site Scripting Vulnerability HTTPCS (Apr 25)
Dear Sir or Madam,
A vulnerability has been discovered in OXATIS, which can be exploited by malicious people to conduct cross-site
scripting attacks. Input passed via the 'EMail' parameter to '/PBSubscribe.asp' is not properly sanitised before being
returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in
context of an affected site.

HTTPCS Advisory :...

Other Excellent Security Lists

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

[security bulletin] HPESBHF03738 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution security-alert (Apr 28)
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03738en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03738en_us
Version: 1

HPESBHF03738 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote
Code Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2017-04-27...

[SECURITY] [DSA 3838-1] ghostscript security update Salvatore Bonaccorso (Apr 28)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3838-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
April 28, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ghostscript
CVE ID : CVE-2016-10219 CVE-2016-10220...

Apple iOS 10.2 & 10.3 - Control Panel Denial of Service Vulnerability Vulnerability Lab (Apr 28)
Document Title:
===============
Apple iOS 10.3 - Control Panel Denial of Service Vulnerability

References:
===========
https://www.vulnerability-lab.com/get_content.php?id=2059

Video: https://www.youtube.com/watch?v=MSscCLATxPQ

Release Date:
=============
2017-04-27

Vulnerability Laboratory ID (VL-ID):
====================================
2059

Common Vulnerability Scoring System:
====================================
3.3

Vulnerability Class:...

Live Helper Chat - Cross-Site Scripting Advisories (Apr 28)
#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/en/research/advisories/
#############################################################
#
# CSNC ID: CSNC-2017-004
# Product: Live Helper Chat [1]
# Vendor: Live Helper Chat
# Subject: Cross-Site Scripting - XSS
# Risk: High
# Effect: Remotely exploitable
# Author: Sylvain Heiniger (sylvain.heiniger ()...

[SECURITY] [DSA 3836-1] weechat security update Salvatore Bonaccorso (Apr 27)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3836-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
April 27, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : weechat
CVE ID : CVE-2017-8073
Debian Bug :...

FreeBSD Security Advisory FreeBSD-SA-17:04.ipfilter FreeBSD Security Advisories (Apr 27)
=============================================================================
FreeBSD-SA-17:04.ipfilter Security Advisory
The FreeBSD Project

Topic: ipfilter(4) fragment handling panic

Category: contrib
Module: ipfilter
Announced: 2017-04-27
Credits: Cy Schubert
Affects: All supported versions of FreeBSD....

CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability Chris Douglas (Apr 26)
CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions affected: Hadoop 2.6.x and earlier

Description:
HDFS clients interact with a servlet on the DataNode to browse the
HDFS namespace. The NameNode is provided as a query parameter that is
not validated.

Mitigation:
Users of Apache Hadoop 2.6.x and earlier should upgrade to Hadoop
2.7.0 or later.

Credit:
This issue was...

April 2017 - Confluence - Security Advisory David Black (Apr 26)
CVE ID:

* CVE-2017-7415.

Product: Confluence.

Affected Confluence product versions:

6.0.0 <= version < 6.0.7

Fixed Confluence product versions:

* for 6.0.x, Confluence 6.0.7 has been released with a fix for this issue.

Summary:
This advisory discloses a critical severity security vulnerability
that was introduced in version 6.0.0 of Confluence. Versions of
Confluence starting with version 6.0.0 but less than 6.0.7 (the fixed
version...

[SECURITY] [DSA 3834-1] mysql-5.5 security update Salvatore Bonaccorso (Apr 26)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3834-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
April 25, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mysql-5.5
CVE ID : CVE-2017-3302 CVE-2017-3305...

[slackware-security] mozilla-firefox (SSA:2017-114-01) Slackware Security Team (Apr 25)
[slackware-security] mozilla-firefox (SSA:2017-114-01)

New mozilla-firefox packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-52.1.0esr-i586-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

[SECURITY] [DSA 3833-1] libav security update Moritz Muehlenhoff (Apr 25)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3833-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
April 24, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libav
CVE ID : CVE-2016-9821 CVE-2016-9822

Several...

KL-001-2017-009 : Solarwinds LEM Database Listener with Hardcoded Credentials KoreLogic Disclosures (Apr 25)
KL-001-2017-009 : Solarwinds LEM Database Listener with Hardcoded Credentials

Title: Solarwinds LEM Database Listener with Hardcoded Credentials
Advisory ID: KL-001-2017-009
Publication Date: 2017.04.24
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-009.txt

1. Vulnerability Details

Affected Vendor: Solarwinds
Affected Product: Log and Event Manager Virtual Appliance
Affected Version: v6.3.1...

KL-001-2017-008 : Solarwinds LEM Management Shell Arbitrary File Read KoreLogic Disclosures (Apr 25)
KL-001-2017-008 : Solarwinds LEM Management Shell Arbitrary File Read

Title: Solarwinds LEM Management Shell Arbitrary File Read
Advisory ID: KL-001-2017-008
Publication Date: 2017.04.24
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-008.txt

1. Vulnerability Details

Affected Vendor: Solarwinds
Affected Product: Log and Event Manager Virtual Appliance
Affected Version: v6.3.1
Platform: Embedded...

KL-001-2017-007 : Solarwinds LEM Management Shell Escape via Command Injection KoreLogic Disclosures (Apr 25)
KL-001-2017-007 : Solarwinds LEM Management Shell Escape via Command Injection

Title: Solarwinds LEM Management Shell Escape via Command Injection
Advisory ID: KL-001-2017-007
Publication Date: 2017.04.24
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-007.txt

1. Vulnerability Details

Affected Vendor: Solarwinds
Affected Product: Log and Event Manager Virtual Appliance
Affected Version: v6.3.1...

KL-001-2017-006 : Solarwinds LEM Privilege Escalation via Sudo Script Abuse KoreLogic Disclosures (Apr 25)
KL-001-2017-006 : Solarwinds LEM Privilege Escalation via Sudo Script Abuse

Title: Solarwinds LEM Privilege Escalation via Sudo Script Abuse
Advisory ID: KL-001-2017-006
Publication Date: 2017.04.24
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-006.txt

1. Vulnerability Details

Affected Vendor: Solarwinds
Affected Product: Log and Event Manager Virtual Appliance
Affected Version: v6.3.1...

Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.

[HITB-Announce] HITB GSEC 2017 CFP Closes April 30th Hafez Kamal (Apr 19)
FINAL CALL!

CFP for the 3nd annual Hack In The Box GSEC conference in Singapore
closes on the 30th of April!

Call for Papers: http://gsec.hitb.org/cfp/
Event Website: http://gsec.hitb.org/sg2017/

HITB GSEC is a 2-day deep knowledge security conference where attendees
get to vote on the final agenda of talks and and to meet with the
speakers they voted for.

We are looking for 60-minute, offensive and defensive focused
deep-knowledge...

[DefenseCode WhitePaper]: BroadCom UPnP Format String Preauth Root Exploit Aftermath (Few Years Later) DefenseCode (Apr 06)
Hi,

Few years ago, we have discovered a remotely exploitable preauth Format
String vulnerability in Broadcom UPnP implementation used in popular
routers.
Vendors were notified and advisory was published -
http://defensecode.com/public/DefenseCode_Broadcom_Security_Advisory.pdf .
Broadcom fixed the vulnerability in their UPnP implementation and some
router vendors did it also.

Vulnerability was initially discovered on Cisco Linksys (now Belkin)...

Faraday v2.4: Collaborative Penetration Test and Vulnerability Management Platform Francisco Amato (Mar 21)
March is already rolling and so is our work. Today we feel so happy to
share a new release, Faraday v2.4!

Before preparing an upcoming release, we try to focus not only on
improving the product but also on perfecting the user experience. We
want to go beyond optimizing your everyday work, inspiring you to do
more!

Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in...

[ERPSCAN-16-041] SAP NETWEAVER DIRECTORY CREATION OUTSIDE OF THE JVM ERPScan inc (Mar 21)
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver AS JAVA UMEADMIN component
Vendor URL: http://SAP.com
Bugs: Directory traversal
Reported: 04.12.2015
Vendor response: 05.12.2015
Date of Public Advisory: 13.12.2016
Reference: SAP Security Note 2310790
Author: Mathieu Geli (ERPScan)

Description

1. ADVISORY INFORMATION
Title: [ERPSCAN-16-041] SAP NETWEAVER DIRECTORY CREATION OUTSIDE OF THE JVM
Advisory ID: [ERPSCAN-16-041]
Risk: medium...

SpiderFoot 2.9 released Steve Micallef (Mar 15)
Hi all,

SpiderFoot 2.9.0 is now out, totaling almost 60 data collection/analysis
modules for your reconnaissance, footprinting and OSINT needs.

Here's what's new since 2.7.0 was announced here..
- *9* new modules:
- Base64 string finder
- Binary string searches (identifies file meta data)
- Censys.io data collection (device info)
- Cymon.io data collection (threat intel)
- Hunter.io...

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

Ruxcon 2017 Call For Presentations cfp (Apr 20)
Ruxcon 2017 Call For Presentations
Melbourne, Australia, October 21-22
CQ Function Centre

http://www.ruxcon.org.au

The Ruxcon team is pleased to announce the first round of Call For Presentations for Ruxcon 2017.

This year the conference will take place over the weekend of the 21st and 22nd of October at the CQ Function Centre,
Melbourne, Australia.

The deadline for submissions is the 30th of June, 2017.

.[x]. About Ruxcon .[x].

Ruxcon is...

Faraday v2.4: Collaborative Penetration Test and Vulnerability Management Platform Francisco Amato (Mar 21)
March is already rolling and so is our work. Today we feel so happy to
share a new release, Faraday v2.4!

Before preparing an upcoming release, we try to focus not only on
improving the product but also on perfecting the user experience. We
want to go beyond optimizing your everyday work, inspiring you to do
more!

Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in...

SpiderFoot 2.9 released Steve Micallef (Mar 16)
Hi all,

SpiderFoot 2.9.0 is now out, totaling almost 60 data collection/analysis
modules for your reconnaissance, footprinting and OSINT needs.

Here's what's new since 2.7.0 was announced here..
- *9* new modules:
- Base64 string finder
- Binary string searches (identifies file meta data)
- Censys.io data collection (device info)
- Cymon.io data collection (threat intel)
- Hunter.io...

Arachni Framework v1.5 & WebUI v0.5.11 have been released (Web Application Security Scanner) Tasos Laskos (Feb 01)
Hey folks,

There's a new version of Arachni, a modular and high-performance Web Application Security Scanner Framework.

The highlights of this release are:

* Added arachni_reproduce utility allowing issues in reports to be reproduced.
* Browser updated to the latest PhantomJS version for improved support of modern webapps.
* New SAX based HTML parser allowing for much faster and lightweight parsing.
* Improved XSS, SQL injection,...

Faraday v2.3: Collaborative Penetration Test and Vulnerability Management Platform Francisco Amato (Jan 31)
We are very proud to present the first 2017 edition of the Faraday
Platform! Faraday v2.3 is ready to download!

Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email....

RVAsec 2017 Call for Presentations (CFP Sullo (Jan 23)
The CFP for RVAsec 2017 is underway!

____________________________________
RVAsec // June 8-9th, 2017 // Richmond, VA

RVAsec is a Richmond, VA based security convention that brings top
industry speakers to the midatlantic region. In its fourth year,
RVAsec 2016 attracted nearly 400 security professionals from across
the country.

Talks must be 50 minutes in length, and submissions will need to
select from one of two tracks: business or...

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

Re: DARPA CGC Recap David Manouchehri (Apr 24)
Thanks Chris!

I'll pull up my old notes and put them on GitHub this weekend as a starting
point.

Ryan Hileman's usercorn is a great way to lower the entry bar for getting
CGC ELFs running. https://github.com/lunixbochs/usercorn (I know this isn't
news to any of you in the conversation, it's for the mail list lurkers.)

Related topic: Is anyone willing to mirror about ~1 TB of CTF PCAPs for
long term archival? Give me a ping...

Re: Question re: Juniper Laurens Vets (Apr 21)
If you're talking about the Dual_EC stuff in ScreenOS, yes, allegedly
Juniper completely removed that RNG:

https://arstechnica.com/security/2016/01/juniper-drops-nsa-developed-code-following-new-backdoor-revelations/_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

Re: DARPA CGC Recap Chris Eagle (Apr 21)
As far as I know there is no official document that describes the layout of that file. I can probably cobble together
something unofficial.

Re: DARPA CGC Recap David Manouchehri (Apr 21)
Step 0.5: Figure out how to sanely sort and parse several thousand weird
CGC binaries.

e.g. CGC_Extended_Application.pdf is appended to the challenge binaries.
https://github.com/CyberGrandChallenge/cb-testing/blob/master/cgc-cb.mk#L194-L197

Chris: Is there any official notes on the directory/file structure
of cfe-submissions.tgz?

Re: Question re: Juniper Dave Aitel (Apr 21)
No I want to know if they fixed the backdoor or simply restored it to the
original owner :)

Re: Question re: Juniper Joshua (Apr 21)
Why are you asking Dave? Do you have a database of traffic you need to decrypt for a customer?

Sent from [ProtonMail](https://protonmail.ch), encrypted email based in Switzerland.

-------- Original Message --------
Subject: [Dailydave] Question re: Juniper
Local Time: April 20, 2017 3:37 PM
UTC Time: April 20, 2017 7:37 PM
From: dave.aitel () gmail com
To: dailydave () lists immunityinc com <dailydave () lists immunityinc com>

Did...

CGC vs Common Sense Dave Aitel (Apr 20)
A snippet of a conversation I had today with Bob the Hacker (B):

B: AFL totally fucked that competition from a diversity point of view
D: Well maybe that's a problem? I feel like someone should be asking these
questions.
B: Well, it is a problem
B: The entire CGC sidetracked many of the most productive program analysis
teams in the world and all we learned is that lcamtuf is good at computers
D: Can I quote you on that?
B: One upside is...

Re: DARPA CGC Recap Dave Aitel (Apr 20)
Ok, so the questions I have are still unanswered I think, possibly because
it's a lot of work. But I think they're important.

1. Was there any REAL difference between the competitors? Everyone is all
"oooh, ahh" about mayhem. But are there bugs or bugclasses it can find that
open source shellphish or the ToB work cannot? I.E. Is the final score
essentially noise for the thing we actually care about?
2. Is adding the SMT...

Question re: Juniper Dave Aitel (Apr 20)
Did Juniper actually fix the many bugs that led to the potential for
backdoor access via the trojaned random number generator, or just change
the key back to the original?

In other words, if I have the private key, can I still decrypt Juniper VPN
traffic, or no?

-dave

The 2017 Volatility Plugin Contest is live! Andrew Case (Apr 20)
We are very excited to announce that the 5th annual Volatility Plugin
Contest is now live, and we are accepting submissions until October 1st,
2017. We are giving away over $2,000 in prizes and swag - so get coding!!!

Full details on our blog post:

https://volatility-labs.blogspot.com/2017/04/the-5th-annual-2017-volatility-plugin.html

Please let us know if you have any questions and good luck to all!

Unicorn Emulator v1.0.1 is out! Nguyen Anh Quynh (Apr 20)
Greetings,

We are excited to announce version 1.0.1 for Unicorn CPU Emulator framework!

Full source code & precompiled binaries are now available at
http://www.unicorn-engine.org/Version-1.0.1

This is a stable release, in which we fixed some issues in the core, added
some features on Arm, Arm64, Mips & X86. Bindings for Python & Haskell were
also updated.

Finally, don't forget to check out a list of excited security tools...

SyScan360 in Seattle Thomas (Apr 18)
hi all

maybe some of you are not aware but there will be a SyScan360 in Seattle
(May 30-31, 2017). www.syscan360.org.

The speakers are:

1. Gong Guang (Qihoo360) = Butterfly Effect and Program Mistake -
Exploit an "Unexploitable" Chrome Bug.

2. Haifei Li and Bing Sun (McAfee) = Moniker Magic: Running Scripts
Directly in Microsoft Office.

3. Li Kang (University of Georgia) = Enhancing Symbolic Fuzzing with
Machine Learning Discovery....

Re: DARPA CGC Recap Ryan Stortz (Apr 18)
Notably missing are:
* The kernel they ran the final event on
* The code they used to measure scores

This prevents a lot of analysis.

c0c0n X August 17-19, 2017 Call for Papers Open c0c0n-X - The CyOps Conference (Apr 18)
___ ___ __ __
/ _ \ / _ \ \ \ / /
___| | | | ___| | | |_ __ _____\ V /
/ __| | | |/ __| | | | '_ \______> <
| (__| |_| | (__| |_| | | | | / . \
\___|\___/ \___|\___/|_| |_| /_/ \_\

#################################################################
c0c0n X | The cy0ps c0n - Call For Papers & Call For Workshops...

Re: DARPA CGC Recap Chris Eagle (Apr 18)
If you want to be able to do all of the performance measurements then yes that code is missing. If you want to study
the successful PoVs then that code is not required. Most of them can be replayed on the publicly available VMs. However
some of them depend on the specific CPUID values returned by the CFE hardware which you might need to emulate somehow.
Even if all the code used to run the final event was released, the CPUID issue would...

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

Re: [Security Weekly] cheap hosting Robin Wood (Sep 23)
Resurrecting an old thread but they now have an affiliate program and I can
issue my own codes so:

20% off all servers AqUVYbUXag
50% off all big dog (whatever that is) 7E9YRUzEZy

After a month with them, their tech support is OK but not great, the server
has stayed up and not had any problems.

Robin

Re: [Security Weekly] projecting in a bight space Jeremy Pommerening (Aug 28)
I would look for a projector with at least 6000 ANSI Lumens or better. A darker screen (grey) may also help.

Jeremy Pommerening

________________________________
From: Robin Wood <robin () digi ninja>
To: Security Weekly Mailing List <pauldotcom () mail securityweekly com>
Sent: Sunday, August 3, 2014 3:42 AM
Subject: [Security Weekly] projecting in a bight space

I've been looking at the venue for next year's...

[Security Weekly] Two Firefox security bugs related to HTTPS ffbugishere (Aug 17)
Hello world!

We need votes for security bugs!

Adding "Security Exception" for self-signed HTTPS sites cannot be done
permanently
https://bugzilla.mozilla.org/show_bug.cgi?id=1050100

Firefox 31 doesn't supports the industry recommended best HTTPS
ciphers
https://bugzilla.mozilla.org/show_bug.cgi?id=1051210

Other browsers should have the same bugs fixed..

p.s.: We are not related to this group, but we think they worth a
penny...

Re: [Security Weekly] Java and Flash decompilers Will Metcalf (Aug 05)
JPEXS is very nice for flash IMHO.

http://www.free-decompiler.com/flash/

Regards,

Will

Re: [Security Weekly] Java and Flash decompilers Bradley McMahon (Aug 05)
I've used flare before to pull apart a flash site for a client.
http://www.nowrap.de/flare.html

-Brad

Re: [Security Weekly] SecurityCenter alternative Steven McGrath (Aug 04)
SC certainly isn’t cheap (as a former SC customer that moved over to Tenable I can attest to that) however I can point
out that the data aggregation, trending, and custom reporting were huge wins in my book. I guess its a time/money
trade-off. How much time do you want to spend either cobbling together a tool or manually aggregating the data when
there is another tool already out there that can do it out of the box.

I can speak in more...

Re: [Security Weekly] Java and Flash decompilers S. White (Aug 04)
A few I've used in the past:

JAD - http://varaneckas.com/jad/ , http://en.wikipedia.org/wiki/JAD_(JAva_Decompiler)

HP SWFscan

Adobe SWF investigator http://labs.adobe.com/technologies/swfinvestigator/

________________________________
From: Robin Wood <robin () digi ninja>
To: Security Weekly Mailing List <pauldotcom () mail securityweekly com>
Sent: Monday, August 4, 2014 5:54 AM
Subject: [Security Weekly] Java and...

[Security Weekly] DoFler @ BSidesLV Steven McGrath (Aug 04)
This will be the 3rd year that DoFler (the Dashboard of Fail) will be at BSidesLV. This year I wrote a new spiffy
interface for maximum trolling. Let’s be honest now, everyone loves to surf for various forms of horrible on the
internet at cons :D. Also added this year is a little vulnerability analysis (using Tenable’s PVS). Every year I try
to improve it a bit based on everyone’s input, and am always welcome to more feedback.

DB...

Re: [Security Weekly] cheap hosting Robin Wood (Aug 04)
Already sorted but thanks for the info.

Re: [Security Weekly] Java and Flash decompilers Nathan Sweaney (Aug 04)
Here are a few others I've used with varying success in the past:

SWFInvestigator - http://labs.adobe.com/technologies/swfinvestigator/
SWFScan - from Rafal Los at HP, though the link has been deleted. (Careful,
I've seen trojaned copies online.)

Re: [Security Weekly] SecurityCenter alternative Paul Asadoorian (Aug 04)
Thanks all for the informative discussion!

I know, I'm jumping in late, some closing thoughts on the subject:

- SecurityCenter has the unique advantage of consolidating plugin
updates, meaning you could have hundred of Nessus scanners deployed in
your organization, and the scanners get the plugin feed from your
SecurityCenter system. The removes the requirement of Internet access
(From the scanners), and greatly eases the administration...

Re: [Security Weekly] SecurityCenter alternative k41zen (Aug 04)
Thanks for all of your help.

We are in discussions with our Tenable contact about solutions for this issue. They’ve helped me out by enabling me to
move forward to at least deploy this into a Pre-Production environment but the costs of SC are a massive stumbling
block; hence my question about something else. Appreciate we have a big Nessus fan base here of which I am a member
too, but just wondered what could be wrapped around it.

I’ll...

Re: [Security Weekly] SecurityCenter alternative Adrien de Beaupre (Aug 04)
Hi,

I have also written a series of script to collect data from tools such as
nmap and nessus to import into MySQL called OSSAMS:
http://www.ossams.com/wp-content/uploads/2011/10/ossams-parser-SecTor-2011.zip
That leaves report writing as a series of SQL queries.
I also have a series of scripts to kick off scans, as well as a command
like XML-RPC nessus client in python if anyone is interested.

Cheers,
Adrien

Re: [Security Weekly] cheap hosting sec list (Aug 04)
Hey Robin,

If you're still looking, might want to try out getclouder.com - they
spin up Linux containers in 5 seconds and use distributed storage, which
is pretty awesome. It's still in beta, so they offer 3 months free
service, but it has been pretty stable so far from my experience.

[Security Weekly] Java and Flash decompilers Robin Wood (Aug 04)
Hi
I'm trying to put together a list of tools for decompiling Flash and Java
apps. From asking on another list I already have:

Java
JD-GUI
Java Decompiler http://jd.benow.ca/jd-gui/downloads/jd-gui-0.3.6.windows.zip.

Java snoop https://code.google.com/p/javasnoop/

Flash
Trillix
Flashbang https://github.com/cure53/Flashbang

Has anyone here got any others they can suggest?

Ideally I'm looking for free stuff but cheap commercial...

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

Microsoft Security Bulletin Releases Microsoft (Apr 12)
This mailer has been re-released with an updated PGP signature.
********************************************************************
Title: Microsoft Security Bulletin Releases
Issued: April 11, 2017
********************************************************************

Summary
=======

The following bulletins have undergone a major revision increment.

* MS16-037 - Critical
* MS17-013 - Critical
* MS17-014 - Important
* MS17-021 - Important

*...

Microsoft Security Update Summary for April 2017 Microsoft (Apr 12)
This mailer has been re-released with an updated PGP signature.
********************************************************************
Microsoft Security Update Summary for April 2017
Issued: April 11, 2017
********************************************************************

This summary lists security updates released for April 2017.

Complete information for the April 2017 security update release can
Be found at
<...

Microsoft Security Update Summary for April 2017 Microsoft (Apr 11)
********************************************************************
Microsoft Security Update Summary for April 2017
Issued: April 11, 2017
********************************************************************

This summary lists security updates released for April 2017.

Complete information for the April 2017 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>.

Critical Security Updates...

Microsoft Security Bulletin Releases Microsoft (Apr 11)
********************************************************************
Title: Microsoft Security Bulletin Releases
Issued: April 11, 2017
********************************************************************

Summary
=======

The following bulletins have undergone a major revision increment.

* MS16-037 - Critical
* MS17-013 - Critical
* MS17-014 - Important
* MS17-021 - Important

* MS16-APR
* MS17-MAR

Bulletin Information:
=====================...

Microsoft Security Bulletin Minor Revision Microsoft (Mar 24)
********************************************************************
Title: Microsoft Security Bulletin Minor Revision
Issued: March 24, 2017
********************************************************************

Summary
=======
The following bulletin has undergone a minor revision increment.

* MS17-013

Bulletin Information:
=====================

MS17-013

- Title: Security Update for Microsoft Graphics Component
-...

Microsoft Security Bulletin Minor Revisions Microsoft (Mar 17)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: February 23, 2017
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-084
* MS16-JUL

Bulletin Information:...

Microsoft Security Bulletin Summary for March 2017 Microsoft (Mar 14)
********************************************************************
Microsoft Security Bulletin Summary for March 2017
Issued: March 14, 2017
********************************************************************

This bulletin summary lists security bulletins released for
March 2017.

The full version of the Microsoft Security Bulletin Summary for
March 2017 can be found at
<https://technet.microsoft.com/library/security/ms17-mar>....

Microsoft Security Advisory Notification Microsoft (Mar 14)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: March 14, 2017
********************************************************************

Security Advisories Released or Updated Today
==============================================

* Microsoft Security Advisory 3123479
- Title: SHA-1 Hashing Algorithm for Microsoft Root Certificate
Program
-...

Microsoft Security Bulletin Minor Revisions Microsoft (Feb 23)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: February 23, 2017
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-155

Bulletin Information:
=====================

MS16-155...

Microsoft Security Bulletin Minor Revisions Microsoft (Feb 23)

Microsoft Security Bulletin Summary for February 2017 Microsoft (Feb 21)
********************************************************************
Microsoft Security Bulletin Summary for February 2017
Issued: February 21, 2017
********************************************************************

This bulletin summary lists security bulletins released for
February 2017.

The full version of the Microsoft Security Bulletin Summary for
February 2017 can be found at
<https://technet.microsoft.com/library/security/ms17-feb...

Microsoft Security Advisory Notification Microsoft (Jan 27)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: January 27, 2017
********************************************************************

Security Advisories Released or Updated Today
==============================================

* Microsoft Security Advisory 4010983
- Title: Vulnerability in ASP.NET Core MVC 1.1.0 Could Allow Denial of
Service
-...

Microsoft Security Advisory Notification Microsoft (Jan 10)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: January 10, 2017
********************************************************************

Security Advisories Released or Updated Today
==============================================

* Microsoft Security Advisory 3214296
- Title: Vulnerabilities in Identity Model Extensions Token Signing
Verification
-...

Microsoft Security Bulletin Summary for January 2017 Microsoft (Jan 10)
********************************************************************
Microsoft Security Bulletin Summary for January 2017
Issued: January 10, 2017
********************************************************************

This bulletin summary lists security bulletins released for
January 2017.

The full version of the Microsoft Security Bulletin Summary for
January 2017 can be found at
<https://technet.microsoft.com/library/security/ms17-jan>....

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

Verizon: 1.5M of Contact Records Stolen, Now on Sale Jeffrey Walton (Mar 26)
http://www.mobipicker.com/verizon-1-5m-contact-records-stolen-now-sale/:

A business to business telecommunication giant,
Verizon Enterprise Solutions, a Basking Ridge,
New Jersey-based company, has been the latest
victim of a cyber crime that stole 1.5 million contact
records of the customers of Verizon...

I don't quite understand this double talk. Could someone explain to me:

A spokesperson from Verizon said that...

Statement on Lavabit Citation in Apple Case Jeffrey Walton (Mar 16)
(From John Young on another list):
http://www.facebook.com/KingLadar/posts/10156714933135038

As many of you already know, the government cited the Lavabit case in
a footnote. The problem is their description insinuates a precedent
that was never created. Obviously I was somewhat disturbed by their
misrepresentation. So I decided to draft a statement. And keep in
mind, these are the same people who say "trust us." Click continue to
read...

The NSA's back door has given every US secret to our enemies Jeffrey Walton (Feb 29)
http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2

Deng Xiaoping, in 1979 - his second year as supreme leader of China -
perceived a fundamental truth that has yet to be fully grasped by most
Western leaders: Software, if properly weaponized, could be far more
destructive than any nuclear arsenal.

Under Deng’s leadership, China began one of the most ambitious and
sophisticated meta- software...

Can Spies Break Apple Crypto? Jeffrey Walton (Feb 27)
Here's an interesting exchange between Cryptome and Michael Froomkin,
Law Professor at University of Miami, on the All Writs Act
(http://cryptome.org/2016/02/can-spies-break-apple-crypto.htm):

-----

A. Michael Froomkin:

The factual posture in the key Supreme Court precedent, New York
Telephone, involved a situation where only the subject of the order
was capable of providing the assistance at issue. This is the basis
for Apple's...

The FBI's iPhone Problem: Tactical vs. Strategic Thinking Jeffrey Walton (Feb 23)
http://www.technewsworld.com/story/83130.html

I'm an ex-sheriff, and I've been in and out of security jobs for much
of my life, so I've got some familiarity with the issues underlying
the drama between the FBI and Apple. FBI officials -- and likely those
in every other three-letter agency and their counterparts all over the
world -- would like an easier way to do their jobs. Wouldn't we all?

If they could put cameras in...

Wanted: Cryptography Products for Worldwide Survey Jeffrey Walton (Jan 01)
(http://www.schneier.com/crypto-gram/archives/2015/1215.html):

In 1999, Lance Hoffman, David Balenson, and others published a survey
of non-US cryptographic products. The point of the survey was to
illustrate that there was a robust international market in these
products, and that US-only export restrictions on strong encryption
did nothing to prevent its adoption and everything to disadvantage US
corporations. This was an important contribution...

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

Educause Security Discussion — Securing networks and computers in an academic environment.

Security Analyst Positions - Medical University of South Carolina (Charleston, SC) Richard H Gadsden (Apr 30)
We are seeking qualified candidates for two open positions within our
infoec program. One position is focused on network security monitoring and
incident response, and the other is a team lead position in endpoint
security. For anyone who would like to learn more, please look for me if
you're in Denver this week, or feel free to contact me at any time.

About MUSC:

The Medical University of South Carolina (MUSC) has grown from a small...

Re: [EXTERNAL] [SECURITY] Palo Alto Panorama Logging Bradley, Stephen (Apr 28)
File format is the killer in legacy mode.

Our SE mentioned they went to a similar format as Splunk for the speed.

I can't wait.

Re: [EXTERNAL] [SECURITY] Palo Alto Panorama Logging Brandon Dixon (Apr 28)
Yeah, I noticed the legacy mode setting. When I read up on that, all I
could find was legacy mode meant you stored the logs 'locally' versus on
a separate collector. I have a meeting with them today, I'll ask them
more about what you've mentioned. Thanks!

Re: [EXTERNAL] [SECURITY] Palo Alto Panorama Logging Bradley, Stephen (Apr 28)
You must run your Panorama in Panorama mode (yeah it sounds funny). If it
says legacy mode on the dashboard (gen info window) then it is the old
version compatibility.

Once you go to 8 you can't go back without losing all your logs according
to our SE.

Also, if running the VM version of Panorama there is a significant increase
in the VM requirements.

steve

Re: [EXTERNAL] [SECURITY] Palo Alto Panorama Logging Brandon Dixon (Apr 28)
Thanks for all the responses. We recently upgraded to 8.x but did not
see a significant performance improvement while still having some of the
same issues.

Re: [EXTERNAL] [SECURITY] Palo Alto Panorama Logging Klein Keane, Justin (Apr 28)
Hello,

We’ve had great luck just sending Palo logs off via syslog to an external host and doing analysis in Splunk or a free
ELK server, or even just OSSEC. Panorama can be really slow and unresponsive and is essentially a passive tool.

Cheers,

Justin C. Klein Keane, MA MCIT CEPT C|EH
Security Architect
Enterprise Architecture and Security
Main Line Health Information Technology
https://www.mainlinehealth.org/
klein_keanej () mlhs org...

Re: Palo Alto Panorama Logging Nathaniel Hall (Apr 27)
I implement a lot of Palo Alto devices for a variety of companies in a
variety of industries. In nearly every instance I see either Splunk or
Firemon implemented as a supplement to Panorama.

Re: Palo Alto Panorama Logging Everett, Alex D (Apr 27)
We primarily use syslog to Splunk for firewall logs.

Occasionally, we will use Panorama, but not often.

Sincerely,

Alex Everett

University of North Carolina at Chapel Hill

________________________________
From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of JR Ramirez
<jrramirez30 () GMAIL COM>
Sent: Thursday, April 27, 2017 7:49:59 PM
To: SECURITY () LISTSERV EDUCAUSE EDU...

Re: Palo Alto Panorama Logging JR Ramirez (Apr 27)
We do a combination of Splunk and sending logs to a MySQL server for quicker searches.

JR

Re: Palo Alto Panorama Logging Bradley, Stephen (Apr 27)
We also send to ELK and certain things to a Splunk server. Panorama 8.X is
up to 30x faster. New format.

Steve

Palo Alto Panorama Logging Brandon Dixon (Apr 27)
We have been running Palo Alto's Panorama central management & logging
platform for a little over a year now. We have a couple of 10Gb
firewalls and a 1Gb firewall that it manages and collects logs from.
We've had issues since we set it up that we've been working with TAC to
try and resolve and have not been able to. But even despite those, I
find the log search to be pretty weak and cumbersome when it comes to
trying...

Senior Network Security Engineer Position Borinski, Jason (Apr 26)
Hi all,

I'm reaching out for assistance from this community in recruiting a Senior Network Security Engineer with expertise in
network security (firewall, IDS, VPN, SIEM, application proxies, etc..), scripting (in Perl or Python) and Linux.

The position is responsible for designing, deploying and managing the core campus security infrastructure for a
100,000-node network, one of the largest in San Diego. We have a number of major...

Reminder to Vote by 4/27: Quarterly HEISC Survey on Current Risks & Top Issues Valerie Vogel (Apr 26)
Friendly reminder to please complete our HEISC survey for Q2 by tomorrow, April 27.

* For question 2, you may vote for 3 items
*
Questions 3 and 4 are new and unique to this survey

We appreciate the community’s input!

Thank you,
Valerie

Valerie Vogel Senior Manager, Cybersecurity Program

EDUCAUSE
Uncommon Thinking for the Common Good
direct: 202.331.5374 | main: 202.872.4200 | twitter: @HEISCouncil | educause.edu<...

Re: Internet Copyright Infringement Complaint (ICIC) dropoff in 2017. Anyone else seeing similar results? Hall, Rand (Apr 26)
Our dropoff happened several years ago. I attribute it to the maturation of
streaming services like Spotify and Netflix and our investment in the
additional bandwidth to support streaming vs download-and-play.

2011: 31
2012: 23
2013: 11
2014: 3
2015: 3
2016: 4
2017: 0

Rand

Rand P. Hall
Director, Network Services askIT!
Merrimack College
978-837-3532
rand.hall () merrimack edu

If I had an hour to save the world, I would spend...

Re: Internet Copyright Infringement Complaint (ICIC) dropoff in 2017. Anyone else seeing similar results? Valdis Kletnieks (Apr 25)
On Tue, 25 Apr 2017 14:08:55 -0400, randy said:

I don't think there's been *that* much growth in music download services
over the past year.

Didn't one of the enforcement companies get their feet held to the fire a while
ago by some judge, who ordered them to make sure their notices were legally
compliant? Apparently they were issuing notices with insufficient specificity,
and sometimes for material they were in fact not legally...

Internet Issues and Infrastructure

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

Re: What services do you control at your org? LHC (k9m) (Apr 29)
I'm a teenager.

For my personal systems, the answers are:

I am the networking group, but my work is nonexistent. Myself. NEETery. I'm mostly concerned with maintaining the white
noise generators. And since I am talking about my personal systems, yes.

Re: AWS us-west-2 routed through Europe from NY? Phillip McGuire (Apr 29)
Hey Florin,

Do you have a traceroute showing the issue? FYI, you can test against any
of the IPs listed here under US-West-2, they all respond to ICMP requests.

http://ec2-reachability.amazonaws.com/

-Phil

New Trusted Reporters list Anne P. Mitchell, Esq. (Apr 29)
All,

Over on another email admin list, a discussion when a participant posted a spam sample, and was told "this isn't the
place to post spam samples", led to our forming a private, confidential group where people *can* share spam samples,
and discuss related matters.

So, we have created that list, which we are calling the Trusted Reporters list.

TR is *not* a list for reporting spam *to abuse desks*. It is *not* intended as a...

Re: AWS us-west-2 routed through Europe from NY? Florin Andrei (Apr 28)
Sorry. Here's one source: 104.163.180.188

Re: AWS us-west-2 routed through Europe from NY? Niels Bakker (Apr 28)
* florin () andrei myip org (Florin Andrei) [Fri 28 Apr 2017, 21:12 CEST]:

Can you be a little bit more vague in your problem description?
While ommitting the source networks from where you tried, you
still included the destination. The list expects better.

-- Niels.

AWS us-west-2 routed through Europe from NY? Florin Andrei (Apr 28)
I've seen a few strange instances where IP addresses in the AWS
us-west-2 region (Oregon) are routed through Europe if you start the
traceroute from some providers in the northern East Coast (Quebec, New
York). Any idea what's going on? I assume it's temporary.

Weekly Routing Table Report Routing Analysis Role Account (Apr 28)
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.

The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG,
MENOG, SAFNOG, SdNOG, BJNOG, CaribNOG and the RIPE Routing WG.

Daily listings are sent to bgp-stats () lists apnic net

For historical data, please see http://thyme.rand.apnic.net.

If you have any comments please contact Philip Smith <pfsinoz ()...

Re: PSN (Playstation Network) security team Josh Luthman (Apr 28)
If you're referring to me, yes.

I received a message from a person in the last few minutes and before that
what I understand now is an automated message. I was told they use the
ARIN Abuse contact for automated notification. The job runs daily (I got
mine around 9PM Eastern yesterday) and will batch IP addresses.

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

Re: PSN (Playstation Network) security team Justin Paine via NANOG (Apr 28)
Sounds like you already received a reply.

____________
Justin Paine
Head of Trust & Safety
Cloudflare Inc.
PGP: BBAA 6BCE 3305 7FD6 6452 7115 57B6 0114 DE0B 314D

RE: PSN (Playstation Network) security team Aaron Gould (Apr 28)
That's a good word Andrew

-Aaron

-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Andrew Kirch
Sent: Thursday, April 27, 2017 11:47 PM
To: John A. Kilpatrick <john () hypergeek net>
Cc: NANOG list <nanog () nanog org>
Subject: Re: PSN (Playstation Network) security team

Arrogance almost always proceeds humiliation.

Andrew

Re: ipv6 accepted & announcement size upto /48 or longer than /48 ? Yuya KAWAKAMI (Apr 28)
https://tools.ietf.org/html/bcp194

Re: PSN (Playstation Network) security team valdis . kletnieks (Apr 27)
On Fri, 28 Apr 2017 00:47:23 -0400, Andrew Kirch said:

PSN being the counter-example?

Re: PSN (Playstation Network) security team Andrew Kirch (Apr 27)
Arrogance almost always proceeds humiliation.

Andrew

Re: PSN (Playstation Network) security team John A. Kilpatrick (Apr 27)
Which is kinda funny when you think about it.

--
John A. Kilpatrick
john () hypergeek net Email| http://www.hypergeek.net/
john-page () hypergeek net Text pages| ICQ: 19147504
remember: no obstacles/only challenges

Re: SD-WAN for enlightened Colton Conor (Apr 27)
So who are the big SD-WAN players out there?

On Mon, Apr 17, 2017 at 10:31 AM, Doug Marschke <doug () sdnessentials com>
wrote:

Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

Risks Digest 30.26 RISKS List Owner (Apr 30)
RISKS-LIST: Risks-Forum Digest Sunday 30 April 2017 Volume 30 : Issue 26

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.26>
The current issue can also be...

Risks Digest 30.25 RISKS List Owner (Apr 18)
RISKS-LIST: Risks-Forum Digest Tuesday 18 April 2017 Volume 30 : Issue 25

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.25>
The current issue can also be...

Risks Digest 30.24 RISKS List Owner (Apr 15)
RISKS-LIST: Risks-Forum Digest Saturday 15 April 2017 Volume 30 : Issue 24

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.24>
The current issue can also be...

Risks Digest 30.23 RISKS List Owner (Apr 06)
RISKS-LIST: Risks-Forum Digest Thursday 6 April 2017 Volume 30 : Issue 23

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.23>
The current issue can also be...

Risks Digest 30.22 RISKS List Owner (Apr 03)
RISKS-LIST: Risks-Forum Digest Monday 3 April 2017 Volume 30 : Issue 22

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.22>
The current issue can also be...

Risks Digest 30.21 RISKS List Owner (Apr 01)
RISKS-LIST: Risks-Forum Digest Saturday 1 April 2017 Volume 30 : Issue 21

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.21>
The current issue can also be...

Risks Digest 30.20 RISKS List Owner (Mar 30)
RISKS-LIST: Risks-Forum Digest Thursday 30 March 2017 Volume 30 : Issue 20

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.20>
The current issue can also be...

Risks Digest 30.19 RISKS List Owner (Mar 21)
RISKS-LIST: Risks-Forum Digest Tuesday 21 March 2017 Volume 30 : Issue 19

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.19>
The current issue can also be...

Risks Digest 30.18 RISKS List Owner (Mar 15)
RISKS-LIST: Risks-Forum Digest Wednesday 15 March 2017 Volume 30 : Issue 18

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.18>
The current issue can also be...

Risks Digest 30.17 RISKS List Owner (Mar 04)
RISKS-LIST: Risks-Forum Digest Saturday 4 March 2017 Volume 30 : Issue 17

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.17>
The current issue can also be...

Risks Digest 30.16 RISKS List Owner (Feb 26)
RISKS-LIST: Risks-Forum Digest Sunday 26 February 2017 Volume 30 : Issue 16

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.16>
The current issue can also be...

Risks Digest 30.15 RISKS List Owner (Feb 21)
RISKS-LIST: Risks-Forum Digest Tuesday 21 February 2017 Volume 30 : Issue 15

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.15>
The current issue can also...

Risks Digest 30.14 RISKS List Owner (Feb 17)
RISKS-LIST: Risks-Forum Digest Friday 17 February 2017 Volume 30 : Issue 14

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.14>
The current issue can also be...

Risks Digest 30.13 RISKS List Owner (Feb 07)
RISKS-LIST: Risks-Forum Digest Tuesday 7 February 2017 Volume 30 : Issue 13

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.13>
The current issue can also be...

Risks Digest 30.12 RISKS List Owner (Feb 01)
RISKS-LIST: Risks-Forum Digest Wednesday 1 February 2017 Volume 30 : Issue 12

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.12>
The current issue can also...

BreachExchange — BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.

Open Source Tool Development

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

Re: So why does building stuff in the docbook directory use DocBook URLs *and* disable fetching stuff over the net? Guy Harris (Apr 30)
...or there *is* no built-in packaging system.

There is none in macOS, and not everybody has installed any of the third-party packaging systems; we don't require them.

Oracle provides a packaging system for Solaris 11, but older versions don't have it.

HP-UX doesn't have one, as far as I know; the best you have is the HP-UX Porting and Archive Centre.

AIX doesn't have one, either, as far as I know.

The *BSDs have...

Re: So why does building stuff in the docbook directory use DocBook URLs *and* disable fetching stuff over the net? Jeff Morriss (Apr 30)
On RedHat/Fedora asciidoc depends on docbook-style-xsl which provides
the files in question.

I guess that either the former doesn't always require the latter or, on
some systems, the dependencies are broken (or the packaging system in
question doesn't support dependencies--do any of those exist any more?).

Re: packet-ixveriwave.c: 'mgmt_byte' may be used uninitialized in this function [-Werror=maybe-uninitialized] jungle boogie (Apr 30)
Yep, all better! Thanks for the quick fix.

Re: packet-ixveriwave.c: 'mgmt_byte' may be used uninitialized in this function [-Werror=maybe-uninitialized] Guy Harris (Apr 30)
Should be fixed by 0e2ce1d3e0ca5c6c685a267b2ea741789d4f5f7b.

Re: So why does building stuff in the docbook directory use DocBook URLs *and* disable fetching stuff over the net? Guy Harris (Apr 30)
And what about Red Hat, Solaris, AIX, HP-UX, FreeBSD, NetBSD, OpenBSD, DragonFly BSD, Joe Bob's Shiny New Linux, etc.,
etc., etc.?

Documenting this on a platform-by-platform basis isn't the right answer.

Re: Devices in tshark versus dumpcap Gisle Vanem (Apr 30)
I wrote:

That was the problem, Changing this into:
raw_list = g_strsplit(data, "\n", 0);

things work as normal!

Re: So why does building stuff in the docbook directory use DocBook URLs *and* disable fetching stuff over the net? Peter Wu (Apr 30)
For the Debian (and Cygwin/Windows) setup, installation of said file is specified (see for example the file list in the
suggested package: https://packages.debian.org/jessie/all/docbook-xml/filelist).

If this is missing in the macOS instructions, then that needs fixing.

In any case, don't remove the --nonet option, it makes the build process nondeterministic (e.g. when network is
unavailable).

Kind regards,
Peter
https://lekensteyn.nl...

Re: Devices in tshark versus dumpcap Gisle Vanem (Apr 30)
I wrote:

> The is for sure a problem in how lines of text are generated in dumpcap.exe
> and how tshark is interpreting them. I'm not even sure the lines have
> "\r\n" terminations since from dumpcap.c:
> #ifdef _WIN32
> /* set output pipe to binary mode, to avoid ugly text conversions */
> _setmode(2, O_BINARY);
>
> And in capchild/capture_ifinfo.c:
> raw_list =...

Re: Devices in tshark versus dumpcap Gisle Vanem (Apr 30)
Graham Bloice wrote:

'master' it seems. But I tried to resolve the issue myself.
First by trying w/o HAVE_EXTCAP (to exclude any problems with that). But
that is impossible. E.g.:
capture_sync.c(521): error C2039: 'extcap_fifo': is not a member of 'interface_options_tag'
etc. etc.

The is for sure a problem in how lines of text are generated in dumpcap.exe
and how tshark is interpreting them. I'm not even...

packet-ixveriwave.c: 'mgmt_byte' may be used uninitialized in this function [-Werror=maybe-uninitialized] jungle boogie (Apr 29)
Hi All,

Sorry, I don't know how to do a blame on the file packet-ixveriwave.c
with the git interface at
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=tree

Getting a build failure...

CC packet-ixveriwave.lo
packet-ixveriwave.c: In function 'dissect_ixveriwave':
packet-ixveriwave.c:1588:14: error: 'mgmt_byte' may be used
uninitialized in this function [-Werror=maybe-uninitialized]
log_mode =...

Re: So why does building stuff in the docbook directory use DocBook URLs *and* disable fetching stuff over the net? Guy Harris (Apr 29)
This appears to be making an assumption that the relevant file is, in fact, already installed on the system on which
the toolchain runs.

That assumption will be true only if someone or something has installed it. What either 1) causes it to be installed
as part of the Wireshark setup or build process or 2) explicitly indicates that installing it is a requirement for
building the AsciiDoc documents?

Re: So why does building stuff in the docbook directory use DocBook URLs *and* disable fetching stuff over the net? Jaap Keuter (Apr 29)
Hi,

Well, the local resource is the relevant file already installed on the system on which the toolchain runs.
This way the toolchain can execute without relying on a networked service, much may not always be available.

Thanks,
Jaap

Devices in tshark versus dumpcap Gisle Vanem (Apr 29)
I'm on Win-10 and have now troubles sniffing on anything except
BlueTooth! This is the list of interfaces I expect to get:

dumpcap.exe -D
1. \Device\NPF_{C25DD2C2-2E05-4337-A847-84EF6CAB86BF} (Bluetooth-nettverkstilkobling)
2. \Device\NPF_{F92984E3-5D40-4AD9-B054-41288EAE699F} (Wi-Fi 2)
3. \Device\NPF_{3A46ACA0-CBED-44BC-A239-6AEA3D0C451D} (Ethernet)
4. \\.\airpcap00 (AirPcap USB wireless capture adapter nr. 00)

But with...

Re: Devices in tshark versus dumpcap Graham Bloice (Apr 29)
The plan is to upgrade after 2.4 is released, but as VS2013 currently works
well there has been no pressing need to upgrade as doing so requires effort
to upgrade buildbots, docs etc.

Which branch though, master or master-2.2?

Re: Devices in tshark versus dumpcap Gisle Vanem (Apr 29)
Graham Bloice wrote:

Really. MSVC-2015 is much better regarding C99 conformance etc.

The one from a 'git clone https://code.wireshark.org/review/wireshark'.
Should be the latest?

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

Re: Snort -Problem with rule - Al Lewis (allewi) (Apr 30)
Replay the pcap file into snort with the -r option.

Check the manual for more info. http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node8.html

Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi () cisco com<mailto:allewi () cisco com>

From: Joe Bowes <joebowes50 () yahoo com<mailto:joebowes50 () yahoo com>>
Reply-To: "joebowes50 () yahoo com<mailto:joebowes50 ()...

Patch to allow newlines in BPF filter file snort-devel (Apr 30)
Our BPF filter is rather long with about 70 combined expressions. We currently have to keep all of that on one line
otherwise the bps filter that read in doesn’t properly handle the newlines (it does something like '!host 1.2.3.4%012’
and functionally doesn’t work right). We’d like to make the file more readable by better handling newlines as well as
better handling comments. The idea is to convert all newlines to spaces the same...

Re: Snort -Problem with rule - Joe Bowes (Apr 30)
Hello.....i am working on a class assignment.....having a hard time....need to learn how to export packets from
wireshark into Snort.....any help greatly appreciated.

Sent from Yahoo Mail on Android

On Sun, Apr 30, 2017 at 4:26 PM, Al Lewis (allewi)<allewi () cisco com> wrote: Hello,

It may be easier to get help if you included a pcap of the traffic.

Thanks.

Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc....

Re: Snort -Problem with rule - Al Lewis (allewi) (Apr 30)
Hello,

It may be easier to get help if you included a pcap of the traffic.

Thanks.

Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi () cisco com

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

Snort -Problem with rule - younes.abderrahmane31 (Apr 28)
Hello everyone
I am trying to test SQLI with a snort
I have two machines:
1- Where I installedSNORT, and the application dvwa (to test sql injection)
2- The machine which is going to make the attack Sqli injection on the dvwa application

So in the first machine I added this rule (in local.rule), To detect Sqli
(https://www.linkedin.com/pulse/detecting-sql-injections-real-time-mission-impossible-val-smirnov)...

(no subject) Сергей Филоненко (Apr 28)
confirm cf905cea00b82532c4fe726d007b542296eef225

Snort in Linux Mint Kde LORETO FRALLON (Apr 28)
Hello,

Is there any way to uninstall or remove all files of snort in linux mint?

Because I installed the snort-2.9.9.0.tar.gz and it gives me a lot of error
and I don't know how to do it right. I just follow the steps in the
https://www.snort.org <https://rb.tc/-UF2#https://www.snort.org> to install
the snort.

Can anyone help me?
------------------------------------------------------------------------------
Check out the vibrant...

Question on TCP session creating process Mingyu Jun (Apr 27)
Hello,

I’m analyzing the snort source codes for personal interest.

I have some questions, though I’m not sure if here’s a right place to ask
about.

I’m now at the stream6 preprocessor and seeing how TCP sessions are
created. (snort_stream_tcp.c)

However, I’m confused whether if snort is making a TCP session per
direction(so it will make two TCP sessions per connection), or just one TCP
session per connection.

I tried debugging...

Snort Subscriber Rules Update 2017-04-27 Research (Apr 27)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the browser-ie,
exploit-kit, file-pdf, malware-cnc, os-windows, protocol-ftp,
server-mysql and server-webapp rule sets to provide coverage for
emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

(no subject) Tidiane Seck (Apr 27)
Patspro92 () gmail com
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

(no subject) Tidiane Seck (Apr 27)
879984d9b13ea381f1f9f16568c97915c99c214c

Papa Amadou Tidiane seck
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

Snort Subscriber Rules Update 2017-04-25 Research (Apr 25)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-identify,
file-image, file-other, file-pdf, indicator-compromise, malware-cnc,
os-windows, policy-other, protocol-scada and server-webapp rule sets to
provide coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:...

Re: Cant download preprocessors rules Joel Esler (jesler) (Apr 25)
Did you download the registered ruleset? Or just community?

Cant download preprocessors rules Barbora Čelesová (Apr 25)
Hi...

I want to use Snort but when I download Snort and community-rules there
arent etc, preproc_rules, rules and so_rules...
I was trying to install it as it was in the tutorial but i miss these
files...

Can you give me an advice what am I doing wrong ?
B.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org!...

Re: Problem with autoreconf in FreeBSD Sec Aficionado (Apr 24)
The problem turned out to be a missing pkgconf package. After installing it and redoing all the other steps, snort
built and installed correctly.

Sent from my mobile

________________________________
From: Sec Aficionado <secaficionado () gmail com>
Sent: Friday, April 21, 2017 11:35:57 AM
To: hyperscan () lists 01 org
Subject: Fwd: Problem with autoreconf in FreeBSD

Hi there,

I'm confident this is not a hyperscan issue, but...

More Lists

Related Resources

We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.