SecLists.Org Security Mailing List Archive

Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:

Insecure.Org Lists

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

CVE-2010-2861 - NSE for ColdFusion locale Directory Traversal Submission Micah (Feb 10)
First time poster here. I created an NSE for the CVE-2010-2861 ColdFusion
locale dir traversal. It takes an IP and port and will look (if it is
HTTP/HTTPS) for the 4 locations where the password.properties file could
be. It'll return the salt and password hash both scraped from the response
page.

This is my first NSE attempt and I'm sure that the code can be optimized,
but it does work. There was 1 more step I wanted to take with this...

New VA Modules: OpenVAS: 14, MSF: 2, Nessus: 14 New VA Module Alert Service (Feb 10)
This report describes any new scripts/modules/exploits added to Nmap,
OpenVAS, Metasploit, and Nessus since yesterday.

== OpenVAS plugins (14) ==

r12701 103414 gb_base_51874.nasl
http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_base_51874.nasl?root=openvas&view=markup
BASE 'base_qry_main.php' SQL Injection Vulnerability

r12703 802607 gb_phpmyadmin_url_param_uri_redirect_vuln.nasl...

Re: [nmap-svn] r28044 - nmap Henri Doreau (Feb 10)
2012/2/10 David Fifield <david () bamsoftware com>:

Hi David,

I wasn't sure what to do here. Because although they're two different
products I think that keeping them under a same ESX class makes sense.
To the best of my knowledge ESXi is a specific version designed to
fulfill different needs but both are similar VMWare hypervisors...

If someone has an opinion about what would be best just speak up.

Regards.

Re: [nmap-svn] r28044 - nmap David Fifield (Feb 10)
Based on what you wrote, it seems we should also add a new Nmap class
"ESXi" (instead of "ESX Server")? If you think so, would you do that
too?

David Fifield

Re: [NSE] redirect support in http.lua David Fifield (Feb 09)
How about instead of no_follow_redirect, passing a redirect_ok function
as an option. The default value of redirect_ok would be the built-in
sensible default in http.lua. To turn off redirect following, you could
pass a function that always returns false, but it should also accept
this as a synonym:
redirect_ok = false

(Generally I hate turning off options by saying "no_option = true"
rather than "option = false".)...

Re: [NSE] redirect support in http.lua Lauri Kokkonen (Feb 09)
If it is configurable why allow only two options? On the other hand I don't
even have a use case to point to :)

Lauri

GSoC 2012 Zisis Sialveras (Feb 09)
Hello everyone. :)

I don't know if i post on the correct list - if it is not, my bad. ;-/
I am interested to participate in Google Summer of Code this year and I
want - if it is possible - to have a chat with the potential mentors. :-)

Have fun
Z

Re: [NSE] redirect support in http.lua Michael Kohl (Feb 09)
Very nice! When I wrote http-generator I wondered how to deal with
redirects and noticed that there are quite a few different ad hoc
solutions (I'm guilty of adding my own). I thought having a canonical
way would be very nice, but didn't feel up for the task.

Cheers,
Michael

New VA Modules: OpenVAS: 2, Nessus: 6 New VA Module Alert Service (Feb 09)
This report describes any new scripts/modules/exploits added to Nmap,
OpenVAS, Metasploit, and Nessus since yesterday.

== OpenVAS plugins (2) ==

r12678 103412 gb_zenphoto_51916.nasl
http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_zenphoto_51916.nasl?root=openvas&view=markup
Zenphoto Multiple Security Vulnerabilities

r12678 103411 gb_samba_51713.nasl...

Re: nmap's bundled libpcre and automake Johannes Nixdorf (Feb 09)
I have to admit that the reason I didn't notice the error was that the bundled
libpcre isn't actually built on my system as the build system uses the system
one.

The reason we have to run autoreconf is that we apply the patch from
http://seclists.org/nmap-dev/2012/q1/1 to the build system and since
autoreconf runs recursively it still fails even though we don't change
anything for libpcre.

Could I convince you to add the...

[NSE] redirect support in http.lua Patrik Karlsson (Feb 09)
Hi all,

I'm attaching a patch that I would like to apply to the http library. It
adds support for HTTP redirects to the http.get and http.head functions.
The default behavior will be to follow 5 levels of redirects before bailing
out. The no_follow_redirect can be passed as an option to disable redirect
support.
The new functionality checks whether it should follow redirects or not
based on code from http-title that I've modified...

Suggestion syntax (was:Script suggestions, take #3) Martin Holst Swende (Feb 09)
Hi list,
Changing the topic, let's ignore the under-the-hood stuff for now.

I'd like to get feedback on the proposed syntax for script-suggest.
Right now,
we have two different versions.
1. --script-suggest <rules> and -sCS working in parallell with and
identical to --script <rules> and -sC
2. --script <rules>,$<rules> , where $ (or whatever character we
choose) is a flag meaning "use this rule for...

Re: nmap's bundled libpcre and automake David Fifield (Feb 08)
I tried this patch, but then after "autoreconf", I get an error with
"make":

Makefile:15: *** missing separator. Stop.

The patch seems to leave the SET_MAKE substitution undefined. Do you see
the same? What are your circumstances that you have to run autoreconf?

David Fifield

Re: [NSE] ms-sql-info: dependency on ms-sql-discover David Fifield (Feb 08)
I guess the dependency should be changed to ms-sql-info? I'm assuming
that the other scripts will use the information that ms-sql-info finds
through mssql.Helper.GetDiscoveredInstances.

David Fifield

nmap's bundled libpcre and automake Johannes Nixdorf (Feb 08)
Hi,

the way you modify the copy of libpcre you distribute is confuses
autoreconf into thinking automake can be run because configure.ac still
uses the AM_INIT_AUTOMAKE macro, which fails since you removed Makefile.am
from it.

I attached a patch fixing this by removing AM_INIT_AUTOMAKE from
libpcre's configure.ac

Best regards,

Johannes Nixdorf

diff -r -u nmap-5.51.orig/libpcre/configure.ac nmap-5.51/libpcre/configure.ac
---...

Nmap Hackers — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.

Updates on Download.Com caught adding malware to Nmap installer Fyodor (Dec 06)
Hi Folks. A lot has happened since yesterday's email about
Download.com's antics (http://seclists.org/nmap-hackers/2011/5) and I
wanted to send a quick update.

First of all, several people complained about my angry tone and my
telling Download.com to "F*ck" themselves. I appologize to anyone
offended. But if you ever spend more than 14 years creating free
software as a gift to the community, only to have it used as bait by...

C|Net Download.Com is now bundling Nmap with malware! Fyodor (Dec 05)
Hi Folks. I've just discovered that C|Net's Download.Com site has
started wrapping their Nmap downloads (as well as other free software
like VLC) in a trojan installer which does things like installing a
sketchy "StartNow" toolbar, changing the user's default search engine
to Microsoft Bing, and changing their home page to Microsoft's MSN.

The way it works is that C|Net's download page (screenshot attached)...

SecTools.Org relaunched based on your survey responses! Fyodor (Nov 04)
Hi folks! Remember the latest Nmap survey that almost 3,000 of you
filled out? Well, it took a while, but I'm happy to report that we've
tabulated the results and launched a new version of the SecTools.Org
top security tools list! In addition to updating the data, we've
dramatically improved the site. It now includes user ratings and
reviews, tracks release dates, offers searching and sorting, and even
lets you nominate your...

Nmap 5.59BETA1 Released! Fyodor (Jun 30)
Hi Folks. Other than the recent informal IPv6 commemorative edition,
we haven't had a real Nmap release in more than four months since
5.51. That is in part because we've been so busy with seven (!)
full-time Google Summer of Code students cranking out tons of
excellent code! But I think we've pulled this together into a release
we can be proud of, and I'm happy to announce Nmap 5.59BETA1!

This version includes:
o 40 new...

Happy World IPv6 Day From the Nmap Project! Fyodor (Jun 08)
Hi Folks. You have probably heard that today is World IPv6 Day, with
sites like Google, Facebook, and Yahoo publishing IPv6 records for
their main web sites. I'm happy to report that the Nmap Project is
celebrating in several ways:

==Scanme Updated to IPv6==

You probably know that we run the machine scanme.nmap.org as a system
people are allowed to use as a target for test scans and the like.
That system now has native IPv6 support. So...

Nmap 5.51 and SoC Opportunity Fyodor (Apr 05)
Hi Folks! I'm happy to report that the Nmap 5.50 release was a big
success, with nearly 300,000 downloads in the first two weeks. That
much attention inevitably uncovers some bugs, so we released Nmap 5.51
in February to address them. You can find the release notes at
(http://seclists.org/nmap-dev/2011/q1/518) and the downloads at
http://nmap.org/download.html.

I also wanted to let you know about a serious potential competitive
threat to...

Nmap 5.50: Now with Gopher protocol support! Fyodor (Jan 28)
Hi folks! It has been a year since the last Nmap stable release
(5.21) and six months since development version 5.35DC1, so I'm
pleased to release Nmap 5.50! I'm sure you'll find that it was worth
the wait!

A primary focus of this release is the Nmap Scripting Engine, which
has allowed Nmap to expand up the protocol stack and take network
discovery to the next level. Nmap can now query all sorts of
application protocols,...

Nmap Defcon Release: Version 5.35DC1 Fyodor (Jul 16)
Hi folks. It has been 3.5 months since the last Nmap release
(5.30BETA1 on March 29), and anyone following the nmap-dev list knows
that we've been very busy during that time. So I'm pleased to release
Nmap version 5.35DC1 containing the fruits of that labor. The Defcon
name is because that conference is awesome! And also because David
Fifield and I have an exciting Nmap talk planned there and at Black
Hat in a couple weeks (see...

Nmap News and Last Chance to Take the Survey Fyodor (Apr 30)
Hi Folks. I have some Nmap news to share with you:

First off, I'm delighted to introduce the 2010 Nmap/Google Summer of
Code Team! Google has sponsored eight student developers to spend
this summer enhancing the Nmap Security Scanner and related projects,
so you can expect great things in coming months. Ithilgore and Luis
MartinGarcia are returning to improve Ncrack and Nping, new students
Drazen Popovic and Djalal Harouni will be...

Survey Reminder Fyodor (Apr 14)
Hi folks, I have a quick question for you:

Q: What do the Nmap Scripting Engine, Ndiff, and the Zenmap Topology
Mapper have in common?

A: They're all features which were added after you asked for them in
the 2006 Nmap Survey!

With that in mind, I'd like to thank the 1,013 people who have already
taken the 2010 survey. We just need 1,987 more and we can close this
survey up, tabulate and share results, choose the prize winners,...

Nmap/SecTools Survey and GSoC Deadline Fyodor (Apr 07)
Hello everyone. I hope you're enjoying the 5.30BETA1 release. So far
it has proven stable and functional, so don't let the BETA name scare
you. You can get it at http://nmap.org/download.html. Meanwhile, I
have some great news, and I'm also asking for your help on two things.

The first is that the Nmap Project was again accepted for the Google
Summer of Code program, so we'll have full time coding help this
summer! SoC...

Nmap 5.30BETA1 Released w/37 new scripts and new Apple vuln Fyodor (Mar 29)
Hi folks! It has been two months since the 5.21 release and we've
been very busy during that time! I hope you're happy with the results,
which is a new 5.30BETA1 release made today. Top features include:

o 37 new NSE scripts, bringing the total to 117! New scripts cover
SNMP, SSL, Postgress, MySQL, HTTP, LDAP, NFS, DB2, AFS, and many
more. Also check out the clever host scripts qscan and
ipidseq. Learn about them all at...

Nmap 5.21 released Fyodor (Jan 27)
Hello everyone. I'm pleased to release Nmap 5.21, which contains zero
exciting new features! It is a bug-fix only release instead,
addressing about a dozen issues discovered since 5.20. Thanks for all
the testing and bug reports! None of the bugs are critical, but we
wanted to polish things up since 5.21 may be the latest stable version
for a while. That gives us time to tackle and stabilize big
development projects. If you want to...

Lots of Nmap News Fyodor (Jan 22)
Hi folks. I'm happy to report that the 5.20 release went well. But
with this many improvements, there will always be a few bugs found.
We're planning to round those up with a bugfix-only 5.21 release next
week. So please test out 5.20 and report any problems you experience:

Download Page: http://nmap.org/download.html
Bug Report Instructions: http://nmap.org/book/man-bugs.html

If you're running from a build of the latest SVN...

Nmap 5.20 Released Fyodor (Jan 20)
Happy new year, everyone. I'm happy to announce Nmap 5.20--our first
stable Nmap release since 5.00 last July! It offers more than 150
significant improvements, including:
o 30+ new Nmap Scripting Engine scripts
o enhanced performance and reduced memory consumption
o protocol-specific payloads for more effectie UDP scanning
o a completely rewritten traceroute engine
o massive OS and version detection DB updates (10,000+ signatures)...

Other Excellent Security Lists

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

[ MDVSA-2012:016 ] glpi security (Feb 10)
_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:016
http://www.mandriva.com/security/
_______________________________________________________________________

Package : glpi
Date : February 10, 2012
Affected: Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A File Inclusion...

CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability YGN Ethical Hacker Group (Feb 10)
1. OVERVIEW

The CubeCart 3.0.20 and lower versions are vulnerable to Open URL Redirection.

2. BACKGROUND

CubeCart is an "out of the box" ecommerce shopping cart software
solution which has been written to run on servers that have PHP &
MySQL support. With CubeCart you can quickly setup a powerful online
store which can be used to sell digital or tangible products to new
and existing customers all over the world.

3. VULNERABILITY...

Kloxo LxCenter Server CP v6.1.10 - Multiple Web Vulnerabilities research () vulnerability-lab com (Feb 10)
Title:
======
Kloxo LxCenter Server CP v6.1.10 - Multiple Web Vulnerabilities

Date:
=====
2012-02-10

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=429

VL-ID:
=====
429

Introduction:
=============
Scriptable, distributed and object oriented Hosting Platform. Manage
Clients, Resellers,
Domains, Backups, Stats, Mails and Databases. Manage everything!

(Copy of the Vendor Homepage: http://www.lxcenter.org/)...

Dolibarr CMS v3.2.0 Alpha - SQL Injection Vulnerabilities research () vulnerability-lab com (Feb 10)
Title:
======
Dolibarr CMS v3.2.0 Alpha - SQL Injection Vulnerabilities

Date:
=====
2012-02-09

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=427

VL-ID:
=====
427

Introduction:
=============
Dolibarr ERP & CRM is a modern software to manage your company or foundation activity (contacts, suppliers,
invoices, orders, stocks, agenda, ...). It s an opensource free software designed for small and medium...

OnxShop CMS v1.5.0 - Multiple Web Vulnerabilities research () vulnerability-lab com (Feb 10)
Title:
======
OnxShop CMS v1.5.0 - Multiple Web Vulnerabilities

Date:
=====
2012-02-08

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=426

VL-ID:
=====
426

Introduction:
=============
Onxshop is not only great CMS offering integrated in-context editing and full design freedom without the constraints
of limiting templates, but it s also stable ecommerce platform used in production environment since 2006. Flexible...

Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities research () vulnerability-lab com (Feb 10)
Title:
======
Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities

Date:
=====
2012-02-07

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=428

VL-ID:
=====
428

Introduction:
=============
Dolibarr ERP & CRM is a modern software to manage your company or foundation activity (contacts, suppliers,
invoices, orders, stocks, agenda, ...). It s an opensource free software designed for small and medium
companies,...

[Suspected Spam] eFront Community++ v3.6.10 - Multiple Web Vulnerabilities research () vulnerability-lab com (Feb 09)
Title:
======
eFront Community++ v3.6.10 - Multiple Web Vulnerabilities

Date:
=====
2012-02-09

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=421

VL-ID:
=====
421

Introduction:
=============
Tailored with larger organizations in mind, eFront Community ++ offers solutions for the management of companies most
valued asset - the people. Based on a coherent approach to human capital management which keeps the...

[SECURITY] CVE-2011-4367 Apache MyFaces information disclosure vulnerability Leonardo Uribe (Feb 09)
--------------------------------------------------------------------------------------------------

CVE-2011-4367: Apache MyFaces information disclosure vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
MyFaces Core 2.0.1 to 2.0.11
MyFaces Core 2.1.0 to 2.1.5
Earlier versions are not affected

Description:

MyFaces JavaServer Faces (JSF) allows relative paths in the...

[ MDVSA-2012:015 ] wireshark security (Feb 09)
_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:015
http://www.mandriva.com/security/
_______________________________________________________________________

Package : wireshark
Date : February 9, 2012
Affected: 2011.
_______________________________________________________________________

Problem Description:

Multiple file parser and NULL...

[SECURITY] [DSA 2407-1] cvs security update Florian Weimer (Feb 09)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2407-1 security () debian org
http://www.debian.org/security/ Florian Weimer
February 09, 2012 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : cvs
Vulnerability : heap overflow
Problem type : remote...

ZDI-12-031 : Novell iPrint Server attributes-natural-language Remote Code Execution Vulnerability ZDI Disclosures (Feb 08)
ZDI-12-031 : Novell iPrint Server attributes-natural-language Remote
Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-031
February 8, 2012

-- CVE ID:
CVE-2011-4194

-- CVSS:
9, AV:N/AC:L/Au:N/C:P/I:P/A:C

-- Affected Vendors:

Novell

-- Affected Products:

Novell iPrint

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine...

ZDI-12-030 : IBM Rational Rhapsody BBFlashBack.Recorder.1 TestCompatibilityRecordMode Remote Code Execution Vulnerability ZDI Disclosures (Feb 08)
ZDI-12-030 : IBM Rational Rhapsody BBFlashBack.Recorder.1
TestCompatibilityRecordMode Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-030
February 8, 2012

-- CVE ID:
CVE-2011-1388

-- CVSS:
9, AV:N/AC:L/Au:N/C:P/I:P/A:C

-- Affected Vendors:

IBM

-- Affected Products:

IBM Rational Rhapsody

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this...

ZDI-12-029 : IBM Rational Rhapsody BBFlashBack.Recorder.1 InsertMarker Remote Code Execution Vulnerability ZDI Disclosures (Feb 08)
ZDI-12-029 : IBM Rational Rhapsody BBFlashBack.Recorder.1 InsertMarker
Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-029
February 8, 2012

-- CVE ID:
CVE-2011-1391

-- CVSS:
9, AV:N/AC:L/Au:N/C:P/I:P/A:C

-- Affected Vendors:

IBM

-- Affected Products:

IBM Rational Rhapsody

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital...

ZDI-12-028 : IBM Rational Rhapsody BBFlashBack.FBRecorder.1 Control Multiple Remote Code Execution Vulnerabilities ZDI Disclosures (Feb 08)
ZDI-12-028 : IBM Rational Rhapsody BBFlashBack.FBRecorder.1 Control
Multiple Remote Code Execution Vulnerabilities
http://www.zerodayinitiative.com/advisories/ZDI-12-028
February 8, 2012

-- CVE ID:
CVE-2011-1392

-- CVSS:
9, AV:N/AC:L/Au:N/C:P/I:P/A:C

-- Affected Vendors:

IBM

-- Affected Products:

IBM Rational Rhapsody

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by...

ZDI-12-027 : IBM SPSS VsVIEW6.ocx ActiveX Control SaveDoc Method Remote Code Execution Vulnerability ZDI Disclosures (Feb 08)
ZDI-12-027 : IBM SPSS VsVIEW6.ocx ActiveX Control SaveDoc Method
Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-027
February 8, 2012

-- CVE ID:
CVE-2012-0189

-- CVSS:
7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P

-- Affected Vendors:

IBM

-- Affected Products:

IBM SPSS

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine...

Full Disclosure — A lightly moderated high-traffic forum for disclosure of security information. Fresh vulnerabilities sometimes hit this list many hours before they pass through the Bugtraq moderation queue. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. Unfortunately, most of the posts are worthless drivel, so finding the gems takes patience.

Re: Linksys Routers still Vulnerable to Wps vulnerability. Dan Kaminsky (Feb 10)
If you've got the skill to install DD-WRT, you've got the skill to manually
set up WPA2.

Note, by the way, the core concept of WPS (that setup should be easy) was
absolutely correct, and we have hard data that it worked.

Re: Linksys Routers still Vulnerable to Wps vulnerability. Valdis . Kletnieks (Feb 10)
On Fri, 10 Feb 2012 14:41:37 EST, Dan Kaminsky said:

The sort of people that run DD-WRT probably consider that a feature, not a bug. ;)

Re: Linksys Routers still Vulnerable to Wps vulnerability. james (Feb 10)
Waidaminnit... Didn't you try to sell me a belkin the other day?

Conflict of interest there
Sent from my BlackBerry® wireless device

-----Original Message-----
From: Valdis.Kletnieks () vt edu
Sender: full-disclosure-bounces () lists grok org uk
Date: Fri, 10 Feb 2012 11:06:49
To: <farthvader () hush ai>
Cc: <full-disclosure () lists grok org uk>
Subject: Re: [Full-disclosure] Linksys Routers still Vulnerable to Wps...

Re: Linksys Routers still Vulnerable to Wps vulnerability. Dan Kaminsky (Feb 10)
According to the Reaver people, DD-WRT doesn't support WPS at all :)

Re: Linksys Routers still Vulnerable to Wps vulnerability. Zach C. (Feb 10)
Solution: use DD-WRT? Or is that vulnerable too? (Or are there worse
problems? :))

[ MDVSA-2012:016 ] glpi security (Feb 10)
_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:016
http://www.mandriva.com/security/
_______________________________________________________________________

Package : glpi
Date : February 10, 2012
Affected: Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A File Inclusion...

New Android Malware Botnet Reversed/Uncovered Adam Behnke (Feb 10)
Hello, one of InfoSec Institute's security researchers reverse engineered a
new botnet that is active for the Android platform. RootSmart has some
unique features that make it newsworthy:

. Takes advantage of Gingerbreak exploit to take control of Android device
. The main malware payload is a rootkit that hides itself inside of legit
app
. The rootkit hooks itself into the legit app as a boot service
. The rootkit installs its own shell...

[Off-Spanish] Webinario gratuito - Ataques DoS en latino america runlvl (Feb 10)
Fecha y hora: Sabado, Febrero 11 2012 - 18:00 PM ( Hora Argentina GMT - 3:00 )

En el webinario veremos de forma practica y teorica como se ejecutan
los ataques de denegacion de servicio,
haremos pruebas contra ambientes reales que los asistentes propogan
usando botnets y exploits.

Orador: Juan Sacco
Software a utilizar: Exploit Pack
Organizador: http://exploitpack.com

Link de registracion: http://www.anymeeting.com/PIID=EC50DD89874F

Duracion:...

Multiple CSRF, DoS and XSS vulnerabilities in D-Link DAP 1150 MustLive (Feb 10)
Hello list!

I want to warn you about new security vulnerabilities in D-Link DAP 1150
(Wi-Fi Access Point and Router).

These are Cross-Site Request Forgery, Denial of Service and Cross-Site
Scripting vulnerabilities. This is my fourth advisory from series of
advisories about vulnerabilities in D-Link products.

SecurityVulns ID: 12076.

These vulnerabilities are in device admin panel in Access Point mode. In
Router mode there are many new...

Re: Linksys Routers still Vulnerable to Wps vulnerability. Dan Kaminsky (Feb 10)
"Fixing a vulnerability like this with all the bureoucratic, QA and legal process wouldn't take no more than 2 weeks"

If bureaucratic, QA, and legal issues emerge, you can't even get the names of the people you need to speak to in less
than 2 weeks, let alone schedule a conference call. Fixing? Heh.

Aside from rate limiting WPS, there isn't much of a fix, and you can't turn it off either.

Sent from my iPhone

Zen-Cart Admin CSRF/XSRF - Delete / Disable Products | UPS-2011-0018 | CVE-2011-4403 upsploit advisories (Feb 10)
*Advisory Information*

Title: Zen-Cart Admin CSRF/XSRF - Delete / Disable Products
Date published: 2012-02-10 01:59:45 AM
upSploit Ref: UPS-2011-0018

CVE REF: CVE-2011-4403

*Advisory Summary*

An attacker can force an administrator to delete or disable products from
within his store.

*Vendor*

Zen-Cart

*Affected Software*

Zen-Cart v1.3.9h

Zen Cart™ truly is the art of e-commerce; free, user-friendly, open source
shopping cart software....

CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability YGN Ethical Hacker Group (Feb 10)
1. OVERVIEW

The CubeCart 3.0.20 and lower versions are vulnerable to Open URL Redirection.

2. BACKGROUND

CubeCart is an "out of the box" ecommerce shopping cart software
solution which has been written to run on servers that have PHP &
MySQL support. With CubeCart you can quickly setup a powerful online
store which can be used to sell digital or tangible products to new
and existing customers all over the world.

3. VULNERABILITY...

Re: Linksys Routers still Vulnerable to Wps vulnerability. Valdis . Kletnieks (Feb 10)
On Fri, 10 Feb 2012 07:40:03 GMT, farthvader () hush ai said:

Nice sound bite there.

So tell us - what alternative brand should we buy instead? Include in your
discussion a proof that the alternative doesn't have other, even worse,
security issues.

Re: Bug 718066 - [meta] Add feature to submit anonymous product metrics to Mozilla Martijn Broos (Feb 10)
Hi,

I can imagine that developers want to have a clue what they need to repair.
I only have a problem the way they do it and the way my behavior is exposed without possible influence.

Let's say for the sake of argument, that 20% on similar hardware have a problem with loading times and the developers
have the metrics to prove so (waiting times, load times, scripts I use, etc...)
Would the conclusion be, that Firefox is at fault?
- What...

Re: Bug 718066 - [meta] Add feature to submit anonymous product metrics to Mozilla Valdis . Kletnieks (Feb 10)
On Fri, 10 Feb 2012 03:51:53 GMT, Nick Boyce said:

"Quality high" is always a nice concept. But there's always 5 quality issues and
resources to fix only 3. Obviously, you want to fix the 3 that matter most to
your users - but which 3 are they? You really can't rely on bug reports or
surveys, because those tend to have a major self-selection bias. Think about
it - how many people do you know that use Firefox? How many of...

Security Basics — A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.

Re: CISSP CPEs Ivan .Heca (Feb 10)
some ideas here

http://www.cisspzone.com/2011/04/10-ways-to-get-free-cpes/

great talks here which earn you CPEs

https://isc2.brighttalk.com/upcoming-events

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your...

Celebrate with PenTest Magazine maciej . kozuszek (Feb 10)
Celebrate with PenTest Magazine

To celebrate the transformation of PenTest StarterKit edition into Auditing & Standards PenTest, we've decided to give
everyone access to 4 full PenTest issues for free

All you need to do to download them is create a free account. Sign up as a free member here:

http://pentestmag.com/subscribe/

And after you activate your account, download all the issues here (click "Full version download"...

Re: CISSP online training Clement Dupuis (Feb 10)
Good day,

I agree with all of the book recommendations that were done already.

You can find some Security+ questions at:

https://www.freepracticetests.org/quiz/index.php?page=dashboard

See my tips and tricks on how to become a CISSP at:

http://www.cccure.org/article1477.html

Enjoy!

Clement

Clement Dupuis, CD
President/Founder/Chief Security Evangelist
The CCCure Family of Portals...

Re: SECURITY TOOLS TREE Christopher Siedlecki (Feb 10)
I think everybody in a security community tried at least once in their
lifetime to put all their favorite tools into a nice organized
fashion. It is a daunting experience, but worthwhile. There is a quite
a good book which might be of your interest "Digital Forensics with
Open Source Tools" ISBN-10: 1597495867.

Christopher Siedlecki
IT-Security Consultant
Phone: +1.847.261.4549
E-mail: christopher.sied () gmail com
Home Page:...

RE: CISSP online training David Gillett (Feb 10)
I wouldn't try to do this on the basis of ANY single book -- even though
Shon Harris' are generally very good.

If I recall correctly, my preparations included not only book and online
study, but also a security course at a local college and a series of ten
evening sessions (one per domain) with different experts, organized by our
local ISSA chapter. There were domains I knew well from personal
experience, and domains that I had to...

CISSP CPEs krymson (Feb 10)
I noticed a recent thread about CISSP studying, and thought I'd ask what those of you who have CISSPs commonly do to
satisfy the annual CPE requirements.

I'm not really asking what you *can* do, but what do you actually do and claim in their CPE portal. Books, conferences,
webinars, training, writing, podcasts...?

Personally, just looking for more ideas on maintaining my own....

RE: firewall change request Bahrs, Art (Feb 09)
I bounced this idea off our Firewall Team and here is a response from one of our best...

My opinion (after creating several firewall change processes),

There are really four critical role components of the change process:
1. the requester
2. the implementer (tech)
3. the business approver
4. the service approver

In small shops, it isn't unheard of for the implementer and service approver to be the same person. They are usually
the one...

Re: SECURITY TOOLS TREE Vedantam Sekhar (Feb 09)
I was working on this some time back. probably you can see the mind
map version of my work here

https://docs.google.com/leaf?id=0Byob_Y-G0OZxYTQ2N2Q2YzgtMzRlOC00MzA3LWEzZTQtNmZkYjNhMDA3N2Y3&hl=en_US

Thanks,

Sekhar

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look...

Re: Directory Scanner Vedantam Sekhar (Feb 09)
Hi,

Probably you can implement authentication to these pages, if you want
specific users can access these pages.
or probably, you can block the IP for specific time period after un
successfull requests to non-eisting files.

Thanks,

Sekhar

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL...

Re: CISSP online training Vedantam Sekhar (Feb 09)
Hi,

cccure helps us to do a practice on time management which is critical
in cissp. i used to take dialy a moc exam with every chapter i have
finished. after completing the second chapter, i used to exam again
with mixture of these completed chapters.We must also go through
CISSP's official CBK. Video material of ShawnHarris also helped.

Hope this helps,

Sekhar

------------------------------------------------------------------------...

Re: SECURITY TOOLS TREE gold flake (Feb 09)
A bit dated but good info here:
http://www.iwar.org.uk/comsec/resources/sa-tools/

http://www.vulnerabilityassessment.co.uk/Penetration Test.html

http://www.security-database.com/toolswatch/

You will have to look around here for specific tools:
http://www.professionalsecuritytesters.org/

https://www.evilfingers.com/tools/index.php

http://projects.webappsec.org/w/page/13246988/Web Application Security
Scanner List...

Re: Re: CISSP online training V3t0r0 (Feb 08)
Shon Harris is excellent,you must read fifth edition cover to
cover(see isc2.org for changes that have been happens since January
2012) , quick review CISSP official guide 2nd edition(more focus on
software chapter and physical) is good.and if you have time, read
testking for preparing not DUMPing!! because don't work
because it has broad domain it is important you don't force you
reading in small period of time ,i prefer 3 month is...

Re: Re: CISSP online training kartik . netsec (Feb 08)
CISSP official guide 2nd edition is very good book to read.

Thanks,
Kartik, CISSP, CISM

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test,...

Re: firewall change request kartik . netsec (Feb 08)
Since I am not aware of the hierarchy and size of your organization. Not sure if the below points would help but
still.....

"Infosec Dpt. shift which is small org unit , doesn't cover full business hours in part because they don't operate IT
infrastructure." >>The Change requests can be scheduled to be approved twice or thrice a week. This will solve the
problem of working hour.

Answer to the rest of the question:...

Re: SECURITY TOOLS TREE sanaka . venkat (Feb 08)
http://www.securitytube.net/
http://securitytube-tools.net/

Cheers
Venkat

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,...

Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.

Re: Bypass grub edit protection password Mark (Feb 10)
However if it DOES use any function key, via serial they often don't
work (for me). Try Esc,2 (the number two, not F2).

My BIOS wants F4 when I use the serial port. Pressing F4 has no effect
but Esc followed by 4 does work.

Thanks for the giggle. This was exactly how I used to enter my
teacher's login combination with a 90% success rate. It was some
arcane DOS application back in the 90s.

Of course he failed me once he saw me do it....

Re: Bypass grub edit protection password Juan Pablo (Feb 10)
What have you found in ethernet ports?

Anything ussable?
Maybe a web interfase, it could have some bugs and enter by there.
Or try to analize each port independently, first identify what
protocol is working on each one, then, order your self, to try with
each port as an independently machine.

Did you got the manuals? or have you access to them? what sort of
mecanisms did it use to configure, or to setup the equipment.

Don't think in a...

Re: Bypass grub edit protection password Carlos Pantelides (Feb 10)
________________________________

From: Justin Rogosky <jrogosky () gmail com>

if there is no sshd running and if the device has usb ports, you can try a teensy to run the dictionary attacks

www.pjrc.com/teensy/

I don't think that Magic_SysRq_key could be helpfull, but, who knows?

http://en.wikipedia.org/wiki/Magic_SysRq_key

Carlos Pantelides
-----------------
http://seguridad-agile.blogspot.com/...

Re: Bypass grub edit protection password Justin Rogosky (Feb 10)
I would attempt to locate the manual online (assuming it is a
commercial product).
Some other avenues might be (after a port scan)
-SNMP
-guessing strings (password reuse)

-SMTP
-vulnerabilities
- VRFY (user name guessing)
- Alternate route to bruteforce accounts

-SSH - as mentioned above (be careful of account lockout)

Also just from experience the BIOS access keys I have seen are F1, F2,
F12, Esc, and Del

--Justin...

Re: Bypass grub edit protection password Carlos Pantelides (Feb 09)
Have you access to any other account? Is there any network service running? Being centos 4.1 (2005-Oct-21 says the
mirror) if it is unpatched perhaps you can find a vulnerability and gain more access.

nmap it, is sshd running? try 500 most common passwords. Do you have time? try a bigger dictionary.

Carlos Pantelides

-----------------

http://seguridad-agile.blogspot.com/...

Re: Bypass grub edit protection password Shohn Trojacek (Feb 09)
It may have some sort of dial home capability - listen to outbound
traffic when it first fires up and see what it tries to talk to. Then
you could possibly act as a bit of a middle man.

Shohn

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test....

Re: Bypass grub edit protection password Ian Hayes (Feb 09)
I'm assuming that you can't open the box... if F2 doesn't work, you
can try DEL or some other special keys- not all BIOS uses F2... you
can also try facerolling the keyboard. By that, I mean just mashing as
many keys at once repeatedly while it's POSTing. You may either annoy
it enough that it does something new, it it thinks there is a keyboard
error and will halt....

Re: Bypass grub edit protection password Adrián Puente Z. (Feb 09)
Nik,

Some Bios works with other than F2 try escape or supr. Those have worked for me. If that didn't work out try clicking
slowly one by one all the Fs some Bios are slower than others. Also you can check in the device manual to see if there
other way to tweak the BIOS

Some devices by default boot trying the PXE (Preboot eXecution Environment). If you are able to manipulate the NIC you
can create a one on one network with your pentest...

Creating backdoors using SQL Injection Adam Behnke (Feb 09)
An InfoSec Institute Review on Creating backdoors using SQL Injection:

http://resources.infosecinstitute.com/backdoor-sql-injection/

A novel technique that highlights the risk of not chrooting your SQL
servers.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a...

Bypass grub edit protection password Nik (Feb 09)
Hello list!

I'm doing a physical pentest of the blackbox network security device
and need your help in it :).

Device is a hardware protected linux box with serail and ethernet
ports available. It is running on Intel platform.

Conditions of the testing is that I need to receive privilege (root)
access to the box, but I cannot open it and get direct access to the
hard drives.

Form the serial connection, while booting I've got...

[HITB-Announce] Reminder: HITB2012AMS Call For Papers Closing Soon Hafez Kamal (Jan 27)
This is a gentle reminder that the Call for Papers for the third annual
HITBSecConf in Europe closes on the 18th of February! Send in your
submissions now!

http://cfp.hackinthebox.org/

---

This year, we're moving to a new, bigger and better venue -- the
award winning Okura Hotel right in middle of Amsterdam with easy access
via public transportation. #HITB2012AMS will be a quad-track conference
featuring keynote speakers Andy Ellis (Chief...

DoS attacks using Exploit Pack noreply (Jan 22)
DoS attacks by using Exploit Pack
What is this? Exploit Pack is a next generation tool to assist you
while you perform penetration testing to your workstations or servers.
Make your workstation safe by testing its security. Before hackers do.

Take a look of this tool while we perform a denial of service to a test
site.
http://www.youtube.com/watch?v=1dBa2jBu1XE

Exploit Pack Team
Juan Sacco
Dev Lead
http://exploitpack.com...

Technology Neutral Healthcheck cribbar (Jan 19)
Can I ask if any of you have roles as security admins or managers if you have
a sort of baseline checklist you use for when departments in your company
come calling saying they need a new payroll system, or a new procurement
system or whatever. I am in a very jnr role in a risk section but I thought
it wouldnt do any harm to see the kind of checks or questions you'll ask any
3rd party offering a solution/application for you that will give...

Re: Goofile 1.0 - Command line google search for files by domain James Condron (Jan 18)
Tom,

You can do this in about five lines with the Google REST interface

http://code.google.com/apis/customsearch/v1/using_rest.html

In much the same way the ld JSON interface worked (prior to
deprecation a year or two ago, though it does still work to an
extent).

Additionally you're passing the variable 'cant' to run(); where is
this being used? And why, by using a global with a maximum of 100 and
then having this value set to...

Exploit Pack - New release noreply (Jan 18)
Exploit Pack is a Security Tool that will assist you while you test the
security of your workstations or networks. With a friendly and easy to
use interface, it has an update manager to keep you up to date and an
IDE for develop or modify it’s modules. Also we provide you with
technical support if you need it. Try it out and purchase a subscription
now. Make your computer safe using Exploit pack.

Make your workstation safe by testing it...

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

Firewall Wizards — Tips and tricks for firewall administrators

Ruxcon 2011 Final Call For Papers cfp (Aug 21)
Ruxcon 2011 Final Call For Papers

The Ruxcon team is pleased to announce the final call for papers for the seventh annual Ruxcon conference.

This year the conference will take place over the weekend of 19th and 20th of November at the CQ Function Centre,
Melbourne, Australia.

The deadline for submissions is the 15th of October.

* What is Ruxcon?

Ruxcon is the premier technical computer security conference in the Australia-Pacific region....

Re: Securing email by inhibiting urls Paul D. Robertson (Aug 12)
The mail server isn't the target, the desktop is- that's where your
protection needs to be.

Which is it? Attachments, or links? Those are two different issues.
Seems to me like not letting encrypted attachments through would be a
good start. It also seems that not letting most MIME types through the
HTTP proxy would be a good second step. Exceptions on a by-domain basis
tend to take about a week to get cleared up if you do it...

Re: Securing email by inhibiting urls Marcus Ranum (Aug 12)
Jean-Denis Gorin writes:

I saw a company that did that, years ago. They had all incoming mail go
through
mimedefang and all URLs got converted to https:-URL pointing to their proxy
server, which required a login. They also had a whitelist ruleset in the
rewrite,
so that some URLs didn't get rewritten on a case-by-case basis. Anything
with
metacharacters or on a blacklist got rewritten to a warning. That was
the first
layer.

The other...

Re: Securing email by inhibiting urls Chris (Aug 12)
Thanks for the response.

1. We block china but that doesnt stop mail being sourced from a
hacked American company

2. We don't allow any webmail access from our site. For business
reasons we are not allowed to block mail from anything but "freemail" sites
like gmail, hotmail etc.

3. We have Brightmail, Juniper IDS, ISS IDS and Symantec Antivirus
protecting all mail servers.

We don't have issues with...

Re: Securing email by inhibiting urls Jean-Denis Gorin (Aug 12)
----- Marcus Ranum <mjr () ranum com> a écrit :

There might be a way *evil grin*
1- convert ALL incoming email to text/plain format (all those HTML formated emails from outside are bullshit: SPAM,
commercials from vendors, invitations to shiny conferences, etc.)
2- substitute ALL URL with 'that link was removed for security reason [*]', with [*] stating: 'if access to that link
is needed, please contact the sender of the...

Re: Securing email by inhibiting urls Ilias - (Aug 11)
Hi,

I'm using MailMarshal with blended threat module, which also protect against zero day exploit URL's.

Take a look at the PDF :
http://www.m86security.com/documents/pdfs/datasheets/email_security/DS_Blended_Threats_Module.pdf

If you want some further information about this solution and how you can use this.. Send me an (direct) message.

Best regards,
Ilias
Send from my Blackberry

-----Original Message-----
From: Raphael Rivera...

Re: Securing email by inhibiting urls Timothy Shea (Aug 11)
You are focusing on the wrong problem. If desktops are being infected then
your desktop, anti-spam, and web browsing controls are all weak.
Eliminating "links" in e-mail is going to accomplish nothing.

A commercial web content filter for web browsing will go a long way to
resolving your issues. Most commercial content filters are continuously
updated throughout the day and much can be filtered out via categories. We
went from...

Re: Securing email by inhibiting urls Victor Williams (Aug 11)
Cisco Ironport or McAfee's two offerings: Email & Web Security Appliance or
Email Gateway.

The McAfee products used to be Secure Computing's Ironmail appliances, but
were bought with the Secure Computing acquisition.

Additionally, you should implement a true URL and content filtering service.
Even if an email gets through here or there, clicking on the link in it
will do more or less nothing if you have a "good"...

Re: Securing email by inhibiting urls Marcus Ranum (Aug 11)
Chris wrote:

Stupid users, too much connectivity, good security - you can have
any two.

I'm guessing that when you say "trusted source" what you mean
is "apparently trustworthy source" - not that you actually have a
list somewhere of trusted sources. If you had a list of trusted
sources then you could put in a firewall that did URL filtering
then have 2 group policies: "users who click on bad URLs"
and...

Re: Securing email by inhibiting urls Mark E. Donaldson (Aug 11)
You need to re-think how you handle mail. Two things:

1. Take out all Chinese IP addresses at the firewall. Nothing of value comes out of China. 99% of it is toxic.
Why let them even have a chance?

2. Direct webmail over the internet is dangerous at best. You need to set up an SMTP mail proxy on your system
that receives, processes, and either accepts or rejects all incoming email. Use Sendmail + MailScanner + SpamAssassin +...

Re: Securing email by inhibiting urls Raphael Rivera (Aug 11)
Chris,

Have you all tried barracuda spam firewall?

Sent from my iPhone

Re: Securing email by inhibiting urls Chris (Aug 11)
I'll check out Ironport. We looked at this earlier but there was something about it at the time that caused us to not
buy it. Time to revisit...

Thanks

-----Original Message-----
From: Kaas, David D [mailto:David_D_Kaas () RL gov]
Sent: Thursday, August 11, 2011 12:06 AM
To: 'chughes () l8c com'; 'Firewall Wizards Security Mailing List'; 'firewall-wizards () listserv cybertrust com'
Subject: RE: [fw-wiz]...

Re: Securing email by inhibiting urls Chris (Aug 11)
Should have mentioned that this is a MS Exchange environment. Spam filters are MS based currently MS based but that’s
up for grabs if we can replace them with something that provides the same functionality in place now. Currently using
Brightmail and other than disabling/replacing urls in email it is working pretty good.

-----Original Message-----
From: Kurt Buff [mailto:kurt.buff () gmail com]
Sent: Thursday, August 11, 2011 1:32 AM
To:...

Re: Securing email by inhibiting urls Chris (Aug 11)
This wont work. This site is under constant attack from China and randomly
hacked domains that are used as relays are not on any watch lists. We are
talking zero day here. There are no signatures for the payload if a user
clicks these links. Right now user awareness is our best line of defense
and we all know how reliable that is.

Until I can disable a users ability to click a url in an email that appears
to come from a trusted source,...

Re: Securing email by inhibiting urls Kurt Buff (Aug 11)
Which is why I use a mail gateway for $WORK.

Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

Re: Apache Killer - take 2? Anestis Bechtsoudis (Jan 23)
Apache byte-range killer use many small byte-range chunks in a single
request. So no, your attached request is not related to such an attack.

At latest Apache stable release (2.2.21) -1 is not a valid
entity-length, resulting in a full size 200 response (and not a 206
partial content response) despite the requested range.

For better understanding take a look at modules/http/byterange_filter.c
at apache sources.

I attach a simple perl PoC to...

Re: Apache Killer - take 2? Damiano Bolzoni (Jan 23)
You are right, I didn't write it down properly...what I meant is
"doesn't it look like a clumsy way to exhaust resources (due to the +inf
number that should result from 1024/-1)".

Perhaps another web server is vulnerable? This kind of "checks" are
usually performed randomly by scanners...

It just really weird that a client sends that header value, I searched
around but couldn't find any other example......

Apache Killer - take 2? Damiano Bolzoni (Jan 22)
Hi all,
today we saw a weird HTTP header in a request that came to a web server
we are monitoring:

HEAD /contact HTTP/1.1
Content-Range: bytes 1-1024/-1
User-Agent: Opera/9.80 (Windows NT 5.1; U; pl) Presto/2.5.22 Version/10.51
Host: www.xyz.nl
Accept: */*

The offending IP is not in any blacklist, and the intent is kind of
clear...the server is Apache, but I have no detailed information about
the version/patching level. The server went ahead...

CarolinaCon-8/2012 - Final Announcement/Call for Papers/Presenters/Speakers Vic Vandal (Jan 12)
h4x0rs, InfoSec professionals, international spies, script kidz, and posers,

CarolinaCon-8 will occur on May 11th-13th 2012 in Raleigh NC (USA). We are now officially accepting speaker/paper/demo
submissions for the event.

If you are somewhat knowledgeable in any interesting field of hacking, technology, robotics, science, global
thermonuclear war, etc. (but mostly hacking), and are interested in presenting at CarolinaCon-8, we cordially...

OWASP AsiaPac 2012 - Sydney Australia CFP and CFT Andrew van der Stock (Jan 11)
Colleagues,

In 2012, OWASP is holding Global AppSec AsiaPac Conference in Sydney Australia! OWASP Asia Pacific is the foremost
Application Security conference for the region, and brings together the community in a central meeting for 4 days to
discuss and present on recent and current Application Security related topics. In previous years the conference has
been held on the Gold Coast Australia, in 2012 the event has been moved to Sydney, and...

RE: Application Security Milind Nanal (Jan 11)
Reference on the subject. Members view on these points how they are managing similar
Requirement. Information on tools etc.

Regards,

Milind Nanal

-----Original Message-----
From: Yiannis Koukouras [mailto:ikoukouras () gmail com]
Sent: Wednesday, January 11, 2012 6:33 PM
To: Milind Nanal
Cc: security-basics () securityfocus com; webappsec () securityfocus com; pen-test () securityfocus com
Subject: Re: Application Security

Hi,

Not sure...

Re: Application Security Yiannis Koukouras (Jan 11)
Hi,

Not sure what you are actually looking for...

Are you looking for references on those subjects or are you looking to
recruit people to perform this tasks?

BR,
Ioannis (Yiannis) Koukouras
CISSP, CISA, CISM, OSCP
MSc in Computer Systems Security
BEng in Electronic Engineering
http://www.linkedin.com/in/ikoukouras

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally...

Application Security Milind Nanal (Jan 08)
Hi Mailing list,

Seeking help below scenario :

1) The organization software development life cycle where in application security needs to be plugged in as focused
approach.
2) Deployment & planning on roles & responsibilities of dedicated 4-5 members as apps tester & an apps test manager
from info sec apps testing.
3) Plan for training developers, quality staff & apps testing team on various info sec aspect of application...

Re: stacking proxies Robin Wood (Jan 08)
I know this is what he was talking about and I've got the chain that
Jason suggested, what I'm after is what chains other people use and
why.

When chaining proxies there is a chance of the two interfering with
each other so you have to make sure they are in the right order, for
example Burp through Ratproxy might work but Rat through Burp may
fail.

Chaining may be used to improve efficiency due to lack of time or just
to improve the...

AppSec DC 2012 CFP EXTENDED! AppSec DC (Jan 08)
All,

Many of you have written to us asking about the requirement for a
paper in our CFP hosted on EasyChair. Due to an unforseen change in
the way EasyChair works, you are no longer able to configure a
submission to require only an abstract as we thought we had done, and
done in the past. To be clear, we are ***NOT*** requiring papers with
our CFP submissions. As we have already started the CFP and can not
move the platform we ask that...

Arachni v0.4 has been released (Open Source Web Application Security Scanner Framework) Tasos Laskos (Jan 08)
Hi guys,

This is just to let you know that there's a new version of Arachni.

Arachni is a high-performance (Open Source) Web Application Security
Scanner Framework written in Ruby.

This version includes lots of goodies, including:
* A new light-weight RPC implementation (No more XMLRPC)
* High Performance Grid (HPG) -- Combines the resources of multiple
nodes for lightning-fast scans
* Updated WebUI to provide access to HPG...

Re: stacking proxies Jamie Riden (Jan 03)
To be honest, I just use Burp (Pro).

I've seen people route sqlmap through Burp as well though, if it's not
immediately obvious how to exploit the issue - helps with analysis.

cheers,
Jamie

Re: stacking proxies Robert Hajime Lanning (Jan 03)
I am putting together: (in this order)Nginx (ssl)Varnish
(caching)Haproxy (load balancing/fail over)

Re: stacking proxies Robin Wood (Jan 03)
Most of my clients like to know where the attack will be coming from
so they can monitor it in their logs. I do some attacks through either
tor or from a different IP so I can see if they have enabled/disabled
anything special for the IP I told them I was using.

Robin

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request...

stacking proxies Robin Wood (Dec 31)
I watched Jason Haddix talk at BruCon and he talked about stacking
proxy servers when doing web app tests so that you could get the best
out of each one.

I've been meaning to ask for a while, what proxies do people use when
stacking and in what order?

Robin

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours...

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

Morning hilarity Dave Aitel (Feb 09)
So I'm talking at RSA - which I've never been to. From what I can tell RSA
is less about the talks than the furious "back to back" meetings people set
up during the conference. I've never participated in said debauchery but I
am adding some content to the talk, and I think I hint at it in the below
MPEG-Layer-3 audio file.

Podcast:...

publication opportunity dan (Feb 08)
For those of you who want to get into a real argument:

Jerry Brito & Tate Watkins have published an article in the
Harvard National Security Journal asking for "a better justification
for the increased resources devoted to cyber threats" (see below
for a full summary and a link to the complete article). The
National Security Journal would like to publish short pieces
(1,000-5,000 words) providing such a...

Re: SyScan 2012 Singapore - Speaker Selection Fyodor (Feb 07)
This post should have started with free-beer and free-whiskey con
announcement. and then the rest. Affirmative - free booze
availability at the con has been thorough verified and the con has
been awarded with SVC certification in recognition of its standardized
free-booze best practices and highly effective free-booze provision
infrastructure.

Amen :-)

SyScan 2012 Singapore - Speaker Selection Ben Nagy (Feb 06)
Denizens of DailyDave,

Because I am not good at internets, I am just going to leave this here
and let the cool kids disseminate it with twitter or whatever the hell
you use these days.

On behalf of the selection committee (Thomas Lim, Dave and Halvar) and
the advisory adjunct (researchers of COSEINC) it gives me extreme
pleasure to announce the speakers for this year's SyScan Singapore.
Some of you may be unaware that 2012 was announced to...

Anyone else wondering... Isaac Dawson (Feb 04)
How hard of a time the FBI is going to have with removing anonymous from
their networks now? This whole leaked conference call recording reminded me
of an email Dave sent out (which I can't seem to find) where he mentioned
the longer an attacker is ingrained in your network, the harder they are to
remove.
-Isaac

CFP for LEET dan (Feb 04)
FYI. It is a good meeting.

--dan

------- Forwarded Message Body

I'm writing to remind you that the submissions deadline for the 5th
USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '12)
is just under three weeks away.

Please submit your work by Thursday, February 23, 2012, 11:59 p.m. PST.
http://www.usenix.org/leet12/cfpb

Now in its fifth year, LEET continues to provide a unique forum for the
discussion of...

More grist for the mill Dave Aitel (Jan 30)
Democratic Cyber Security Plan (to be voted on this week or something):
http://www.opencongress.org/bill/112-s413/show
Today's Republican response (which can be summed up to "I don't think
so", but the "regulation" angle is a continuing tough one here):
http://www.politico.com/news/stories/0112/72120.html

Also, the WSJ posted an opinion piece this weekend on cyber-security:...

Cyber Politics By Other Means Dave Aitel (Jan 27)
Dear DD - attached is some red meat. :>
-dave

Introduction

It is, of course, very possible that hackers will get to help choose
America's next president. Possibly not in the most direct way (aka,
attacking the electoral system directly, the candidates, or the super
PACs that support their campaigns), although this did happen to some
extent last time around
<...

Alligators Dave Aitel (Jan 19)
INFILTRATE 2012 is over (as of an hour from now). I will say that all
the talks, especially the keynotes, exceeded our expectations. That's a
good thing - we had high expectations even of Thomas Lim!

Here is one review:
http://blog.opensecurityresearch.com/2012/01/infiltrate-wrap-up.html

Immunity gave two talks ourselves. We'll release Leo's later, but you
should read Mark's now:
And here is Mark's Prezi:...

Open Bars Dave Aitel (Jan 09)
So we ordered quite a few open bars for INFILTRATE people - one of which
is the night before the conference (see below). Also, as a reminder, the
Master Class and Unethical Hacking classes DO start on Sunday. That's
SUNDAY. Not MONDAY. You can ask me why during one of the many open bars! :>

Also if you are on the twitterz you should probably follow
@InfiltrateCon (https://twitter.com/#!/infiltratecon
<...

Security Event Horizons Dave Aitel (Jan 09)
Every so often you see a ton of effort from a security person go into a
platform or protocol that most people ignore. For example, X405, or
MSRPC or DCERPC or HTTP or the BlackBerry Playbook. I don't have a good
way to explain it, but there's an event horizon where once you've
understood a platform enough, the only way to secure it against you is
to turn it off or tunnel it completely under something that provides its
own...

New Paper - Acquisition and Analysis of Volatile Memory from Android Devices Andrew Case (Jan 09)
We are writing to announce that our paper on Android memory forensics has
just been published in the Journal of Digital Investigation. Please see the
following blog post for complete details and the paper:

http://dfsforensics.blogspot.com/2012/01/new-paper-acquisition-and-analysis-of.html

If you have any questions or comments please reply to this Email or comment
on the blog.

Thanks,
Andrew

Re: Symantec AV source compromised and the questions it raises Michal Zalewski (Jan 06)
This reminds me of the wise words of the chairman of Trend Micro:

"Android is open-source, which means the hacker can also understand
the underlying architecture and source code. We have to give credit to
Apple, because they are very careful about it. It's impossible for
certain types of viruses to operate on the iPhone."

Shortly thereafter, Kaspersky "joined" the open source community, and
now looks like Symantec will,...

Symantec AV source compromised and the questions it raises Mohammad Hosein (Jan 06)
"Sadly, we'll likely never know the answer."
how come ? attackers can easily post details on how they compromised the
targets and to whom they belong and considering there could be a couple of
names and , perhaps , some phones or emails included in such leak , it
shouldnt be hard to connect the dots . the cybergames between Pakistani and
Indian groups is going on for a very long time now and although people in
forums and tweets are...

Symantec AV source compromised and the questions it raises William Arbaugh (Jan 06)
Security Week ran a story that Symantec's AV source was obtained (and soon to be released) via a compromise of an
Indian Military Intelligence server.
http://www.securityweek.com/symantec-investigating-possible-theft-norton-av-source-code

Symantec issued a statement that the compromise and eventual release of the source does not place customers at risk
since the source is 4+ years old....

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

Re: Webshell if anyone want's to look at it xgermx (Feb 09)
http://www.secday.com/vdb/TT/WebShell/PHPShell-1.txt
:)

[Announcement] ClubHack Magazine Issue 25, Feb 2012 Released Abhijeet Patil (Feb 07)
Dear All,

ClubHack Magazine's Issue-25, Feb 2012 is released. The theme for this
issue is Network Exploitation and Security.

This issue covers following articles:-

0x00 Tech Gyan - Exploiting Remote System without Being Online
0x01 Tool Gyan - Cain and Abel: The Black Art of ARP Poisoning
0x02 Mom's Guide - Firewall 101
0x03 Legal Gyan - Liability of Intermediaries under the Information
Technology Act
0x04 Matriux Vibhag -...

Definition of a bug Ben Pratt (Feb 07)
Greetings, I am currently going through old episodes looking for a quote
but I hope someone here will read this and help to reduce my "work" of
listening to old episodes.

Some time ago (I believe at least 1 year ago but maybe not) a guest was
interviewed on the podcast and he defined a bug as when software doesn't
do something it is supposed to do or does something that wasn't in the
design. I'd really like to track...

Re: Webshell if anyone want's to look at it Larry Pesce (Feb 07)
Adrian, et al:

@Vyrus001 (vyrus () dc949 org) took a crack at it and asked that I forward
this along to the group:

"attached is your web shell mostly unpacked

the other segmants are just base64'ed so if u want to see the imgs or
the src code examples u can look. Its a pretty lame shell overall,
upload / download, sql tools, a dll exploit priv esc, typical shell
utils, and a decent file grepper. I didn't bother to look at the...

Re: ShmooCon Firetalks 2012 Videos David3 Gonnella (Feb 07)
A BIG THANK you from me Adrian! ...and to all speakers of course.

*it's something priceless*

Davide

Exploit Pack - Hacking Microsoft Word and Excel noreply (Feb 05)
This video shows how to exploit a vulnerability in Microsoft Word and
Excel by using Exploit Pack 2.1.7. Get you own copy of Exploit Pack
from: http://exploitpack.com

Check it out: http://www.youtube.com/watch?v=4n0J6DXFQI0

Exploit Pack Team
Juan Sacco
http://exploitpack.com

Re: Remote Management & Monitoring, Remote Connect (VNC, Logmein, etc) & Data Sharing tools list Tim Krabec (Feb 05)
Thanks

ShmooCon Firetalks 2012 Videos Adrian Crenshaw (Feb 05)
ShmooCon Firetalks 2012 Videos

These are the videos I have for the ShmooCon Firetalks 2012.

http://www.irongeek.com/i.php?page=videos/shmoocon-firetalks-2012

Thanks to:
http://novahackers.blogspot.com
http://georgiaweidman.com
http://www.irongeek.com

Night 1

“How Do You Know Your Colo Isn’t “Inside” Your Cabinet, A Simple Alarm
Using Teensy” by David Zendzian

“Bending SAP Over & Extracting What You Need!” by Chris John...

Re: Remote Management & Monitoring, Remote Connect (VNC, Logmein, etc) & Data Sharing tools list xgermx (Feb 05)
Don't forget Dameware Mini Remote Control
http://www.dameware.com/Products/Mini-Remote-Control/Product-Overview.aspx

ShmooCon Epilogue 2012 Talks Adrian Crenshaw (Feb 05)
These are the videos I have for ShmooCon Epilogue 2012. Georgia
recorded the live parts, and my rig was used for the slides. Sorry that
there are some missing talks, Georgia may have them on her site.

Thanks to:
http://novahackers.blogspot.com
http://georgiaweidman.com
http://www.irongeek.com

Resurrection of Ettercap: easy-creds, Lazarus & Assimilation
Eric Milam - (Brav0Hax) &
Emilio Escobar

Media Hype and Hacks...

Remote Management & Monitoring, Remote Connect (VNC, Logmein, etc) & Data Sharing tools list Tim Krabec (Feb 05)
I've started a google doc listing as many of these programs, locations,
exe's as I can find (still working on it now), and figured it'd be a great
tool for the community

I plan to eventually get a script to check for them.

Any help would be appreciated

https://docs.google.com/spreadsheet/ccc?key=0Ah42Oi5038y4dHpRdFdGMkREdmNfZGJ4cVVWNFlGWmc

email me if you want write access.

Webshell if anyone want's to look at it Adrian Crenshaw (Feb 05)
Hi all,
I found this little dingle berry hanging off a shared host box I
control. Not 100% sure how it got there, and the damn logs don't go far
enough back. I plan to have a coworker translate what I think is Chinese
later. Figured I'd give it to you all to have analytical fun with.

Adrian

Re: Capturing HTTPS traffic from iPhone/iPad Dimitrios Kapsalis (Feb 04)
Hi Josh,

The application has not yet been submitted to the App Store. I'll have to
run a strings on it or see if I can get the source code to understand if
some attribute of the certificate is being checked in the application that
prevents the self-signed cert from working.

Thanks,
Jim

Re: Capturing HTTPS traffic from iPhone/iPad Joshua Wright (Feb 04)
It's possible the application is checking the common name on the
certificate, or explicitly matching other certificate elements prior to
accepting the connection. I think this is an iOS API violation, but
maybe Apple App Store ninjas didn't notice.

Is this an app from the app store? I can grab it and test it here and
let you know if I get the same result.

-Josh

Re: Capturing HTTPS traffic from iPhone/iPad Dimitrios Kapsalis (Feb 04)
Hi Josh,

I did extract the certificate from burp and added it to my devices trusted
store by emailing the certificate to myself.

In the settings it shows that the certificate is now trusted. Can you send
the serial number of the cert to confirm I have the correct one?

Additionally, I tried another application, at first it did not work. After
installing the burp cert I can capture its traffic. The original
application still fails.

Thanks,
Jim

Honeypots — Discussions about tracking attackers by setting up decoy honeypots or entire honeynet networks.

2012 Honeynet Project Security Workshop Guillaume Arcas (Feb 02)
Hi.

The Honeynet Project holds its second Public Event on March 19 - 20,
2012 at Facebook HQ, SF Bay Area, Ca (USA).

Public event consists on a one-day technical presentations and a one-day
hands-on tutorial trainings.

All details available here:
https://honeynet.org/SecurityWorkshops/2012_SF_Bay_Area

Regards,

Guillaume Arcas
-------------------------
PR - The Honeynet Project

[HONEYPOTS] Cyber Warfare / Network Defense Simulation Teóphilo Athos Brauns (Jan 24)
Hi,

I would like to ask if you guys have any suggestions (including
articles, references, books, sites, ideas, anything) on how to build a
"Poor man's Cyber Warfare / Network Defense Simulation" for:

1 - study
2 - forensic analysis
3 - vulnerabilities replication
4 - worm/virus spreading
5 - DLP (data leak/loss prevention) study

For my first attempts I used a dual-quad xeon server with 32GB ram and
managed to create a whole...

Cyber Warfare / Network Defense Simulation Teóphilo Athos Brauns (Jan 24)
Hi,

I would like to ask if you guys have any suggestions (including
articles, references, books, sites, ideas, anything) on how to build a
"Poor man's Cyber Warfare / Network Defense Simulation" for:

1 - study
2 - forensic analysis
3 - vulnerabilities replication
4 - worm/virus spreading
5 - DLP (data leak/loss prevention) study
6 - ???

For my first attempts I used a dual-quad xeon server with 32GB ram and
managed to create a...

CanSecWest 2012 Mar 7-9; 2nd call for papers, closes next week, Monday. Dec 5 2011 Dragos Ruiu (Dec 01)
So after a dozen years or so organizing conferences, you
get the urge to pull levers and try experimenting with
things. So this year I sent out the CanSecWest CFP
only over Twitter, and G+ publicly. Just curious as to the
adoption and information dispersion rate, and some
estimate of the attention these newer channels are getting.

So after this experiment I hear about people having
submissions and missing the CFP. So for my control set,...

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

Microsoft Security Bulletin Advance Notification for February 2012 Microsoft (Feb 10)
********************************************************************
Microsoft Security Bulletin Advance Notification for February 2012
Issued: February 9, 2012
********************************************************************

This is an advance notification of security bulletins that
Microsoft is intending to release on February 14, 2012.

The full version of the Microsoft Security Bulletin Advance
Notification for February 2012 can be found...

Microsoft Security Bulletin Minor Revisions Microsoft (Feb 01)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: February 1, 2012
********************************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS11-098 - Important
* MS11-100 - Critical

Bulletin Information:
=====================

*...

Microsoft Security Bulletin Minor Revisions Microsoft (Jan 27)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: January 27, 2012
********************************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS12-004 - Critical
* MS12-JAN

Bulletin Information:
=====================

* MS12-004 -...

Microsoft Security Bulletin Minor Revisions Microsoft (Jan 24)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: January 24, 2012
********************************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS11-025 - Important
* MS11-049 - Important

Bulletin Information:
=====================...

Microsoft Security Bulletin Minor Revisions Microsoft (Jan 18)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: January 18, 2012
********************************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS11-049 - Important
* MS11-JUN
* MS12-006 - Important

Bulletin Information:...

Microsoft Security Bulletin Minor Revisions Microsoft (Jan 17)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: January 17, 2012
********************************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS11-100 - Critical

Bulletin Information:
=====================

* MS11-100 - Critical

-...

Microsoft Security Bulletin Minor Revisions Microsoft (Jan 16)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: January 16, 2012
********************************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS12-007 - Important

Bulletin Information:
=====================

* MS12-007 - Important...

Microsoft Security Bulletin Re-Releases Microsoft (Jan 11)
********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: January 11, 2012
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS12-007 - Important
* MS12-JAN

Bulletin Information:
=====================

* MS12-007 -...

Microsoft Security Bulletin Minor Revisions Microsoft (Jan 11)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: January 11, 2012
********************************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS12-004 - Critical

Bulletin Information:
=====================

* MS12-004 - Critical

-...

Microsoft Security Bulletin Summary for January 2012 Microsoft (Jan 10)
********************************************************************
Microsoft Security Bulletin Summary for January 2012
Issued: January 10, 2012
********************************************************************

This bulletin summary lists security bulletins released for
January 2012.

The full version of the Microsoft Security Bulletin Summary for
January 2012 can be found at
http://technet.microsoft.com/security/bulletin/ms12-jan.

With...

Microsoft Security Advisory Notification Microsoft (Jan 10)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: January 10, 2012
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (2588513)
- Title: Vulnerability in SSL/TLS Could Allow
Information Disclosure
-...

Microsoft Security Bulletin Minor Revisions Microsoft (Jan 10)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: January 10, 2012
********************************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS11-099 - Important

Bulletin Information:
=====================

* MS11-099 - Important...

Microsoft Security Bulletin Advance Notification for January 2012 Microsoft (Jan 08)
********************************************************************
Microsoft Security Bulletin Advance Notification for January 2012
Issued: January 5, 2012
********************************************************************

This is an advance notification of security bulletins that
Microsoft is intending to release on January 10, 2012.

The full version of the Microsoft Security Bulletin Advance
Notification for January 2012 can be found at...

Microsoft Security Bulletin Minor Revisions Microsoft (Dec 30)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: December 30, 2011
********************************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS11-100 - Critical

Bulletin Information:
=====================

* MS11-100 - Critical...

Microsoft Security Advisory Notification Microsoft (Dec 29)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: December 29, 2011
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (2659883)
- Title: Insecure Library Loading Could Allow Remote Code
Execution
-...

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

Re: WTF? Cyber bill to put US in charge of global cyber security Valdis . Kletnieks (Feb 10)
On Wed, 08 Feb 2012 20:55:18 PST, Paul Ferguson said:

A Facebook representative said all that with a straight face? Reallly? A *FACEBOOK* rep? :)

Re: WTF? Cyber bill to put US in charge of global cyber security Drsolly (Feb 10)
Name and shame, yes, that'll work.

I'm outraged! Rob, grandpa of Ryan, Trevor, Devon & Hannah (Feb 09)
Keith Lacey, Editor and Website Editor of the Osooyoos Times newspaper, felt
strongly enough about an incident of police harrassment to write an editorial about
it:
http://webcache.googleusercontent.com/search?q=cache:GFtUccQK3aMJ:www.osoy
oostimes.com/news/2012/02/08/self-righteous-cops-who-treats-innocent-
taxpayers-like-criminals-is-
unacceptable/+osoyoos+times+keith+lacey+rcmp&cd=2&hl=en&ct=clnk&gl=ca&c
lient=safari

or...

Goodnight iPad Rob, grandpa of Ryan, Trevor, Devon & Hannah (Feb 09)
For those who would like a little rest from the infoglut age ...

http://www.youtube.com/watch?v=-ouOwpYQqic

====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
Gordon, remember Emily Martin, 20020514
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/...

Patenting the Web Rob, grandpa of Ryan, Trevor, Devon & Hannah (Feb 09)
An interesting article on Tim Berners-Lee testifying in the case.

What really caught my eye, though, was one of the comments:

"Let Eolas win.

The article already mentions that software patents are specific to US. And the
case is exceptional in that it carries enough magnitude to make history. What
happens next is the following:

1. All web companies will have to move their servers abroad, preferably to the EU.
2. Eolas could try to...

WTF? Cyber bill to put US in charge of global cyber security Paul Ferguson (Feb 08)
Cyber bill to put US in charge of global cyber security
Matthew Hall

February 9, 2012 - 12:18PM

In the wake of the SOPA outcry, another controversial bill that puts
the US in charge of global cyber dealings is simmering.

While industry and public uproar has stalled the controversial online
anti-piracy bills known as SOPA and PIPA, American legislators are
maintaining an aggressive stance on cybercrime, preparing to vote on a
new bill that, if...

Re: Porn uncopyrightable? michael.blanchard (Feb 07)
"science" and "useful arts" surely does not include ANY movie made in the last 100 years.... Except for some science
documentaries.... So, "How's it Made?" and "factory made" are all set.... But ANYthing else isn't...

Funny thing though... as it would include Disney in the non-copywritable area.... BUT, the gov keeps pushing the
ending date of the compywrite out whenever Disney's...

Re: Porn uncopyrightable? Kyle Creyts (Feb 07)
It almost notably leaves out works of expression.

Re: Porn uncopyrightable? Kyle Creyts (Feb 07)
Pop music, too, probably... And the Twilight books.

Re: Porn uncopyrightable? Brance Amussen (Feb 07)
Or for that matter most of modern day cinema... IMHO...

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Rob, grandpa of Ryan, Trevor,
Devon & Hannah
Sent: Tuesday, February 07, 2012 2:28 PM
To: funsec () linuxbox org
Subject: [funsec] Porn uncopyrightable?

http://arstechnica.com/tech-policy/news/2012/02/can-porn-be-copyrighted-one-
file-sharing-defendant-says-no.ars

An...

Porn uncopyrightable? Rob, grandpa of Ryan, Trevor, Devon & Hannah (Feb 07)
http://arstechnica.com/tech-policy/news/2012/02/can-porn-be-copyrighted-one-
file-sharing-defendant-says-no.ars

An odd case, but an interesting point ...

(If decided for the defendant, might this mean that Disney movies were
uncopyrightable, too? Since when did they help "science" and "useful arts"? :-)

====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca...

Re: isc2 down? michael.blanchard (Feb 07)
That'a an awesome site ;-) I just found out about it today :-)

Michael P. Blanchard
Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE
Office of Information Security & Risk Management
EMC ² Corporation
32 Coslin Drive
Southboro, MA 01772

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Rob, grandpa of Ryan, Trevor,
Devon & Hannah
Sent: Tuesday, February 07,...

Re: isc2 down? Rob, grandpa of Ryan, Trevor, Devon & Hannah (Feb 07)
From: michael.blanchard () emc com
Date sent: Tue, 07 Feb 2012 10:57:05 -0500

I can't get through, and neither can http://www.downforeveryoneorjustme.com/

====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
The world will little note, nor long remember, what we say here
- Abraham Lincoln,...

isc2 down? michael.blanchard (Feb 07)
I just tried to get out to https://www.isc2.org and it appears there isnt' a DNS entry for them and I "cant get there
from here".... Anyone else have the same issue?

I'm a bit behind in my $85 dues... maybe they *really* needed that eighty-five bucks! LOL

Michael P. Blanchard
Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE
Office of Information Security & Risk Management
EMC ² Corporation
32 Coslin Drive...

Re: [Full-disclosure] Key Internet operator VeriSign hit by hackers [DNS] steve pirk [egrep] (Feb 05)
I was born at night, but not last night.

Well, Verisign did offload the SSL business to Symantec in August 2010, so
that makes me think something happened.
That was also around the time the Chinese (theoretically) hacked all those
gmail accounts. I think it was later discovered that some sites had not
processed CRLs correctly and still had old revoked certs for companies like
Google.

I am not saying any of the above is/was probable, but it sure...

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

Current Activity - Google Releases Chrome 17.0.963.46 Current Activity (Feb 08)
US-CERT Current Activity

Google Releases Chrome 17.0.963.46

Original release date: February 8, 2012 at 3:16 pm
Last revised: February 8, 2012 at 3:16 pm

Google has released Chrome 17.0.963.46 for Linux, Mac, Windows, and
Google Chrome Frame to address multiple vulnerabilities. These
vulnerabilities may allow an attacker to execute arbitrary code and
cause a denial-of-service condition.

US-CERT encourages users and administrators to review the...

Current Activity - US Tax Season Phishing Scams and Malware Campaigns Current Activity (Feb 08)
US-CERT Current Activity

US Tax Season Phishing Scams and Malware Campaigns

Original release date: February 8, 2012 at 11:10 am
Last revised: February 8, 2012 at 11:10 am

In the past, US-CERT has received reports of an increased number of
phishing scams and malware campaigns that take advantage of the United
States tax season. Due to the upcoming tax deadline, US-CERT reminds
users to remain cautious when receiving unsolicited email that could...

Current Activity - Apple Releases Multiple Security Updates Current Activity (Feb 02)
US-CERT Current Activity

Apple Releases Multiple Security Updates

Original release date: February 2, 2012 at 12:15 pm
Last revised: February 2, 2012 at 12:15 pm

Apple has released security updates for Apple OS X Lion 10.7 to
10.7.2, OS X Lion Server 10.7 to 10.7.2, Mac OS 10.6.8, and Mac OS X
Server v 10.6.8 to address multiple vulnerabilities. These
vulnerabilities may allow an attacker to execute arbitrary code, cause
a denial-of-service...

Current Activity - Mozilla Releases Firefox 10 and 3.6.26 Current Activity (Feb 01)
US-CERT Current Activity

Mozilla Releases Firefox 10 and 3.6.26

Original release date: February 1, 2012 at 9:50 am
Last revised: February 1, 2012 at 9:50 am

The Mozilla Foundation has released Firefox 10 and Firefox 3.6.26 to
address multiple vulnerabilities. These vulnerabilities may allow an
attacker to execute arbitrary code, cause a denial-of-service
condition, obtain sensitive information, or perform a cross-site
scripting attack....

TA12-024A -- "Anonymous" DDoS Activity US-CERT Technical Alerts (Jan 24)
National Cyber Alert System

Technical Cyber Security Alert TA12-024A

"Anonymous" DDoS Activity

Original release date: January 24, 2012
Last revised: --
Source: US-CERT

Overview

US-CERT has received information from multiple sources about
coordinated distributed denial-of-service (DDoS) attacks with
targets that included U.S. government agency and entertainment
industry...

Current Activity - Denial-of-Service Malware Campaign Current Activity (Jan 24)
US-CERT Current Activity

Denial-of-Service Malware Campaign

Original release date: January 24, 2012 at 5:35 pm
Last revised: January 24, 2012 at 5:35 pm

US-CERT is aware of public reports of ongoing distributed
denial-of-service attacks against entities in the government and
private sector. According to the reports, these attacks are being
attributed to the hacker group Anonymous.
US-CERT encourages users and administrators to do the following...

Current Activity - Google Releases Chrome 16.0.912.77 Current Activity (Jan 24)
US-CERT Current Activity

Google Releases Chrome 16.0.912.77

Original release date: January 24, 2012 at 1:03 pm
Last revised: January 24, 2012 at 1:03 pm

Google has released Chrome 16.0.912.77 for Linux, Mac, Windows, and
Chrome Frame to address multiple vulnerabilities. These
vulnerabilities may allow an attacker to execute arbitrary code or
cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Google...

Current Activity - Symantec pcAnywhere Hotfix Current Activity (Jan 24)
US-CERT Current Activity

Symantec pcAnywhere Hotfix

Original release date: January 24, 2012 at 11:30 am
Last revised: January 24, 2012 at 11:30 am

Symantec has released an update for pcAnywhere to address multiple
vulnerabilities for the following software versions running on
Windows:
* pcAnywhere 12.5 SP3
* pcAnywhere Solutions 7.1 GA, SP 1, and SP 2

US-CERT encourages users and administrators to review the Symantec
pcAnywhere hot fix...

Current Activity - Best Practices for Recovery from the Malicious Erasure of Files Current Activity (Jan 19)
US-CERT Current Activity

Best Practices for Recovery from the Malicious Erasure of Files

Original release date: January 19, 2012 at 3:43 pm
Last revised: January 19, 2012 at 3:43 pm

Cyber criminals can damage their victim's computer systems and data by
changing or deleting files, wiping hard drives, or erasing backups to
hide some or all of their malicious activity and tradecraft. By
wiping, or "zeroing out," the hard disk...

Current Activity - Oracle Releases Critical Patch Update for January 2012 Current Activity (Jan 18)
US-CERT Current Activity

Oracle Releases Critical Patch Update for January 2012

Original release date: January 18, 2012 at 10:58 am

Oracle has released its Critical Patch Update for January 2012 to address
78 vulnerabilities across multiple products. This update contains the
following security fixes:

* 2 for Oracle Database Server
* 1 for Oracle Fusion Middleware
* 3 for Oracle E-Business Suite
* 1 for Oracle Supply Chain Products Suite...

Current Activity - Phishing Campaign Using Spoofed US-CERT Email Addresses Current Activity (Jan 11)
US-CERT Current Activity

Phishing Campaign Using Spoofed US-CERT Email Addresses

Original release date: January 10, 2012 at 2:06 pm
Last revised: January 11, 2012 at 4:58 pm

On January 10, 2012, US-CERT received reports of a phishing campaign
that is spoofing US-CERT email to deliver a variant of the Zeus/Zbot
Trojan known as Ice-IX. This campaign appears to be targeting a large
number of private sector organizations as well as federal, state,...

Current Activity - Adobe Releases Security Advisory for Adobe Reader and Acrobat Current Activity (Jan 10)
US-CERT Current Activity

Adobe Releases Security Advisory for Adobe Reader and Acrobat

Original release date: January 10, 2012 at 4:40 pm
Last revised: January 10, 2012 at 4:40 pm

Adobe has released a Security Advisory for Adobe Reader and Acrobat to
address multiple vulnerabilities affecting the following software
versions:
* Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and
Macintosh
* Adobe Reader 9.4.7 and earlier...

Current Activity - Microsoft Releases January Security Bulletin Current Activity (Jan 10)
US-CERT Current Activity

Microsoft Releases January Security Bulletin

Original release date: January 5, 2012 at 1:24 pm
Last revised: January 10, 2012 at 3:09 pm

Microsoft has released updates to address vulnerabilities in Microsoft
Windows and Microsoft Developer Tools and Software as part of the
Microsoft Security Bulletin Summary for January 2012. These
vulnerabilities may allow an attacker to execute arbitrary code,
operate with elevated...

TA12-010A -- Microsoft Updates for Multiple Vulnerabilities US-CERT Technical Alerts (Jan 10)
National Cyber Alert System

Technical Cyber Security Alert TA12-010A

Microsoft Updates for Multiple Vulnerabilities

Original release date: January 10, 2012
Last revised: --
Source: US-CERT

Systems Affected

* Microsoft Windows
* Microsoft Developer Tools and Software

Overview

There are multiple vulnerabilities in Microsoft Windows and
Microsoft Developer Tools and Software....

Current Activity - Phishing Campaign Using Spoofed US-CERT E-mail Addresses Current Activity (Jan 10)
US-CERT Current Activity

Phishing Campaign Using Spoofed US-CERT E-mail Addresses

Original release date: January 10, 2012 at 1:32 pm
Last revised: January 10, 2012 at 1:32 pm

US-CERT has received reports of a phishing email campaign that uses
spoofed US-CERT email addresses. This campaign appears to be targeting
a large number of private sector organizations as well as federal,
state, and local governments. US-CERT began receiving reports of...

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

Re: imagemagick invalid validation DoS CVE-2012-0247 and CVE-2012-02478 Vincent Danen (Feb 10)
* [2012-02-10 11:51:57 -0700] Vincent Danen wrote:

Sorry, I do see it in 6.5.4 as well, so between 6.2.8 and 6.5.4.

Re: imagemagick invalid validation DoS CVE-2012-0247 and CVE-2012-02478 Vincent Danen (Feb 10)
* [2012-02-10 13:36:24 +0200] Henri Salo wrote:

Do we know when this was introduced? At a quick glance here, I don't
see magick/property.c in 6.2.8, but I do see it in 6.6.5, so somewhere
between those two versions that file and functionality was added.

[vs] CVE-2012-1037 GLPI <= 0.80.61 LFI/RFI Emilien Girault (Feb 10)
Hi,

I found a File Inclusion vulnerability in GLPI <= 0.80.61. I contacted the project team;
the bug is now patched and a new version is available (0.80.7).

I've published the advisory on fulldisclosure:

http://seclists.org/fulldisclosure/2012/Feb/157 <http://seclists.org/fulldisclosure/2012/Feb/157>

CVE-2012-1037: GLPI <= 0.80.61 LFI/RFI

Severity: Important

Vendor: GLPI - http://www.glpi-project.org

Versions Affected...

imagemagick invalid validation DoS CVE-2012-0247 and CVE-2012-02478 Henri Salo (Feb 10)
Concerning ImageMagick 6.7.5-0 and earlier:

CVE-2012-0247: When parsing a maliciously crafted image with incorrect offset and count in the ResolutionUnit tag in
EXIF IFD0, ImageMagick copies two bytes into an invalid address.
CVE-2012-0248: When parsing a maliciously crafted image with an IFD whose all IOP tags' value offsets point to the
beginning of the IFD itself. As a result, ImageMagick parses the IFD structure indefinitely, causing...

Re: MySQL 0-day - does it need a CVE? Henri Salo (Feb 10)
Sory for not being clear. I am not sure what the CVE-identifier is as I told in my last email to this thread. New cases
I have seen: http://security-tracker.debian.org/tracker/CVE-2011-2262
http://security-tracker.debian.org/tracker/CVE-2012-0492 latter link with a list of "a different vulnerability than". I
do NOT have any facts about these vulnerabilities. I hope Oracle coordinates issues like these with MITRE/US-CERT and
adds...

Re: CVE request: surf Kurt Seifried (Feb 09)
So for surf suckless (http://surf.suckless.org/) please use CVE-2012-0842

I'll need advisories or code commits, or links to the vuln code to
assign CVE's (I need more information). Thanks!

CVE request: surf Florian Weimer (Feb 09)
surf does not protect its cookie jar against access read access from
other local users, as reported by Jakub Wilk in this Debian bug:

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659296>

Could someone please assign a CVE for this?

uzbl <http://uzbl.org/> (in the uzbl-browser wrapper script) and
netsurf <http://www.netsurf-browser.org/> (the nsgtk_check_homedir
function creates the dot directory with world-readable...

Re: MySQL 0-day - does it need a CVE? Yves-Alexis Perez (Feb 09)
Can't MITRE request a little more information from vendors?

Regards,

Re: MySQL 0-day - does it need a CVE? Kurt Seifried (Feb 09)
There's nowhere near enough information available to validate that the
new(?) issue reported by ImmunitySec matches up to CVE-2012-0492.
Hopefully ImmunitySec/Oracle can comment on this and clear it up for
users/vendors.

Unfortunately CVE only works as well as the vendors using it decide it
will. A biased example: Red Hat provides links to security reports with
details, bugzilla entries, code commit information, and so on. Vendors
that fail...

Re: MySQL 0-day - does it need a CVE? Yves-Alexis Perez (Feb 09)
Note that the initial immunity mail doesn't say anything about the
vulnerability itself, so it might just be a DoS.

Yeah, me too…

Re: MySQL 0-day - does it need a CVE? Solar Designer (Feb 09)
Why this one?

The table at the bottom of:

http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html

lists 27 MySQL vulnerabilities, all with CVE IDs and CVSS scoring - but
little other info. CVE-2012-0492 is one of them, but it does not stand
out. (And I have no idea what it actually is, just like I have no idea
about the remaining 26.)

"This Critical Patch Update contains 27 new security fixes for Oracle
MySQL. 1 of...

Re: MySQL 0-day - does it need a CVE? Henri Salo (Feb 09)
Oracle MySQL Server CVE-2012-0492 Remote MySQL Server Vulnerability – http://www.securityfocus.com/bid/51516

- Henri Salo

Re: MySQL 0-day - does it need a CVE? Henri Salo (Feb 09)
No idea. I don't see this in MITRE's CVE-list yet and it seems that some information is going around Internet, but
nobody is telling exact facts.

- Henri Salo

MySQL 0-day - does it need a CVE? Kurt Seifried (Feb 09)
Hi,

We are releasing a working MySQL 5.5.20 remote 0day exploit with this
update.The exploit has been tested with mysql-5.5.20-debian6.0-i686.deb
on Debian 6.0.

Best,
Intevydis Ltd.

Re: Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access) Djalal Harouni (Feb 09)
Yes it seems that it does not require a password, and this is an
arbitrary /proc/<pid>/ info leak (at least for some of the files), I've
also experienced this.

In this case the config of /usr/bin/chsh will help, since we avoid the
lseek() which will fail on arbitrary files.

Secure Coding — The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.

RSA Panel on Tech Transfer Gary McGraw (Feb 09)
hi sc-l,

Like many of you, I will be at RSA in a couple of weeks. One of the two panels I will be on this year is about
Technology Transfer, Innovation, and Entrepreneurship. A recent (yesterday) special issue of Computing Now leads in to
our panel discussion: http://www.computer.org/portal/web/computingnow/archive/february2012?src=cnhome-v1

Panel promo:...

MoST 2012 CFP - Mobile Security Technologies (MoST) 2012 Workshop Larry Koved (Feb 08)
On behalf of the workshop co-chairs and program chair, we would like to
invite you participate in the Mobile Security Technologies (MoST)
Workshop.

MoST is co-located with the IEEE Security & Privacy Symposium.
Mobile Security Technologies (MoST) brings together researchers,
practitioners, policy makers, and hardware and software developers
of mobile systems to explore the latest understanding and advances
in the security and privacy...

MetriSec 2012 CFP International Workshop on Security Measurements and Metrics James Walden (Feb 08)
MetriSec 2012
8th International Workshop on
SECURITY MEASUREMENTS AND METRICS

Affiliated with the International Symposium on
Empirical Software Engineering and Measurement (ESEM)

September 21, 2012
Lund, Sweden

WORKSHOP OVERVIEW

Quantitative assessment is a major stumbling block for software and system
security. Although some security metrics exist, they are rarely adequate.
The engineering importance of metrics is intuitive: you cannot...

Silver Bullet 70: Ross Anderson Reprise Gary McGraw (Feb 03)
hi sc-l,

Ross Anderson's first Silver Bullet episode (episode 13) has consistently led the download totals since its release way
back when. Over 25,000 people have listened to the episode and it remains very popular (either that or Ross is
clicking on it an awful lot himself). In order to compete with Ross's record, we brought in a heavy hitter, Ross
Anderson for episode 70. So, can Ross surpass Ross? Only time will tell....

informIT: vBSIMM revised Gary McGraw (Jan 26)
hi sc-l,

Third party software is a major risk category in most modern organizations (see Third-Party Software and
Security<http://www.informit.com/articles/article.aspx?p=1809143>). We have been working on a BSIMM derivative called
the vBSIMM to help manage third party software risk. Today we published a second, revised version of the vBSIMM.
Instead of focusing on an individual applications, the vBSIMM approach focuses on software...

Only 7 Days Left: SANS AppSec 2012 CFP SANS AppSec CFP (Jan 24)
Hi everyone,

This is the final CFP reminder for SANS AppSec 2012 being held in Las
Vegas, Nevada on April 30 - May 1, 2012.

The call for papers ends in seven days on February 1, 2012 so submit today!

============

The theme for this conference is "Application Security at Scale".

Billions of records in the cloud. Millions of smart mobile devices.
Millions of developers writing new code. Hundreds of apps in your
enterprise. Untold...

OWASP AsiaPac 2012 - Sydney, Australia: CFP and call for trainers Andrew van der Stock (Jan 12)
Colleagues,

In 2012, OWASP is holding Global AppSec AsiaPac Conference in Sydney Australia! OWASP Asia Pacific is the foremost
Application Security conference for the region, and brings together the community in a central meeting for 4 days to
discuss and present on recent and current Application Security related topics. In previous years the conference has
been held on the Gold Coast Australia, in 2012 the event has been moved to Sydney, and...

Re: informIT: BSIMM versus SAFECode Kevin W. Wall (Jan 02)
Gary,
Hope you and other SC-L readers had a safe and happy holidays. I had a few
comments on your InformIT article referenced here.

First, you take exception of SAFECode of calling out BSIMM as a "methodology".
After quickly skimming their paper which you referenced, I think that
perhaps you
and Sammy are overreacting a bit. (Maybe you are misconstruing their
misconstruing? ;-)

Specifically, the SAFECode _Fundamental Practices_ paper...

Silver Bullet 69: Steve Myers Gary McGraw (Dec 31)
happy new year sc-l,

The 69th episode of Silver Bullet is an interview with professor Steve Myers from Indiana University. Steve is a
cryptographer who works on Phishing, but he also teaches the security engineering course at IU. Among other topics, we
discuss the challenge of keeping academic research both scientific and relevant to practitioners.

http://www.cigital.com/silver-bullet/show-069/

As always, we welcome your feedback on the...

informIT: BSIMM versus SAFECode Gary McGraw (Dec 31)
Lets try that again, this time with the proper email address…

From: gem <gem () cigital com<mailto:gem () cigital com>>
Date: Tue, 27 Dec 2011 16:32:56 -0500
To: "sc-l-bounces () securecoding org<mailto:sc-l-bounces () securecoding org>" <sc-l-bounces () securecoding
org<mailto:sc-l-bounces () securecoding org>>

hi sc-l,

How about a little software security controversy for the tweener holiday week?...

ANNOUNCEMENT: SecAppDev 2012, Leuven, Belgium Kenneth Van Wyk (Dec 22)
We are pleased to announce SecAppDev 2012, an intensive one-week
course in secure application development. The course is organized by
secappdev.org, a non-profit organization that aims to broaden security
awareness in the development community and advance secure software
engineering practices. The course is a joint initiative with K.U.
Leuven and Solvay Brussels School of Economics and Management.

SecAppDev 2012 is the 8th edition of our widely...

MoST 2012 CFP - Mobile Security Technologies (MoST) 2012 Workshop Larry Koved (Dec 22)
On behalf of the workshop co-chairs and program chair, we would like to
invite you participate in the Mobile Security Technologies (MoST)
Workshop.

MoST is co-located with the IEEE Security & Privacy Symposium.
Mobile Security Technologies (MoST) brings together researchers,
practitioners, policy makers, and hardware and software developers
of mobile systems to explore the latest understanding and advances
in the security and privacy...

W2SP 2012 CFP - Web 2.0 Security and Privacy 2012 Workshop Call for Papers Larry Koved (Dec 22)
W2SP 2012 CFP - Web 2.0 Security and Privacy 2012 Workshop Call for Papers

On behalf of the workshop co-chairs and program chair, we would like to
invite you participate in the 5th annual workshop on Web 2.0 Security
and Privacy. Started in 2007, this successful series of workshops has
attracted participation from both academia and industry, and participants
from around the world.

W2SP is co-located with the IEEE Security & Privacy...

SANS AppSec 2012 CFP reminder SANS AppSec CFP (Dec 01)
Hi everyone,

It's been over a month since we first announced the CFP for the SANS
AppSec Summit being held in Las Vegas, Nevada on April 30 - May 1, 2012.

We've received a number of great submissions so far but there's only two
months left until the deadline on February 1, 2012. If you'd like to
speak please get your submission in as soon as possible.

Hope to see you in Vegas!

============

The theme for this conference...

Silver Bullet 68 Gary McGraw (Nov 30)
hi sc-l,

I am pleased to announce that episode 68 of the Silver Bullet Security Podcast is an interview of Cigital's own John
Steven. jOHN (or jS) as he is know around here is a well-respected technologist and software security practitioner.
He served a stint editing the Building Security In column for IEEE S&P magazine along with Gunnar Peterson. He is also
a very active OWASP participant. I have worked closely with jS for many...

Educause Security Discussion — Securing networks and computers in an academic environment.

Not so Nice Net Jeff Moore (Feb 10)
Michael - Sorry If I myself came across negatively. I completely understand
being passionate about such things. It just speaks to how much you love
what you do. I can certainly appreciate that. I may have misinterpreted
your email just as you did mine. Sorry for that Michael. I do tend to get a
little passionate myself when I feel that peoples openness and
communication is being criticized in a public arena. I really feel that
everyone has...

Re: Not so Nice Net Mike Lococo (Feb 10)
It's worth noting that Michael Sinatra is an active and respected member
of the higher-ed community (with a handsome first name if I do say so
myself). Even if his tone can occasionally be terse, he has a long
history of appropriate and professional behavior on list.

I think his tone was simply a result of passionate advocacy on an issue
that he feels is commonly misunderstood. I happen to agree with him
that many folks don't...

Re: Not so Nice Net Michael Sinatra (Feb 10)
I wasn't reading it on a bad day, but I have had many many bad days
caused by very good and talented security professionals assuming that
netblocks were divided on octet boundaries. That being said, let me
state in as friendly and constructive way as can be inferred in email:
It is much better to be as precise as possible when discussing issues
regarding malicious activities. I don't feel that "91.x.x.x" is very...

Re: Not so Nice Net Jeff Moore (Feb 10)
First - Thank you all for responding to my question. It has made it clear
that what we were seeing was not crazy but that you all have been seeing
similar things. Thanks everyone!!

Second - Michael Sinatra - I am assuming you must have read this on a bad
day. I am sorry for any problems you are having. From what I have read from
folks on this thread I assume that folks are quite intelligent and that
none of them assume that the internet is still...

Re: Not so Nice Net Michael Sinatra (Feb 10)
As a general rule, PLEASE DO NOT ASSUME THAT THE INTERNET IS STILL
CLASSFUL. It isn't.

For example, it's correct that some of 91.0.0.0/8 is Deutsche Telekom.
But some of it belongs to a provider in Iran. Some of it is Russian.
Those are pretty big differences.

Now, when people say that they have been scanned by "everything" in
91.0.0.0/8, do they really mean that they have been scanned by all 16.7
million unique IP...

Re: Not so Nice Net Brian Helman (Feb 10)
Funny you should bring this up. I've blocked several /24's in the 91.x.x.x range over the last couple weeks, including
1 this morning, because of comprehensive network scanning... mostly looking for FTP hosts.

-Brian

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Heath
Barnhart
Sent: Thursday, February 09, 2012 12:19 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject:...

IDS and SIEM Adam Glick (Feb 10)
Hello all,

We are in the process of evaluating and allocating funding for a new IDS
and SIEM. Would anyone be able to, on or off list, share some insight as
to vendors you particularly like/dislike and features you do and do not
like within an IDS and SIEM?

Thank you,

Adam

*Adam S. Glick***

IT Security Engineer

Brown University

Providence, RI 02912

*Note:* CIS staff will *NEVER* ask you for your password, nor will Brown
send you email...

Re: Self-service password reset approaches Steve Werby (Feb 09)
Dave,

It's good to see others considering the progressive approach that other
industries have already adopted. Security questions are fraught with
problems and put the users' accounts with other organizations at risk.

We've been designing and developing a system to move from password
resets via answering security questions to resets via unique code sent
to an alternate email address or mobile phone number via SMS. It's...

Re: Question about SPF email filtering John Ladwig (Feb 09)
SPF and DKIM seem to be getting a refresh/update under dmarc.orc, complete with new Internet-draft:

http://www.dmarc.org/draft-dmarc-base-00-01.html

There's been a bunch of press releases last couple of weeks from the DMARC organization.

-jml

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Derek
Diget
Sent: Thursday, February 09, 2012 12:38 PM...

Re: Question about SPF email filtering Derek Diget (Feb 09)
=>I'm just curious to see how many of you have enabled SPF filtering on
=>your email systems?

We quarantine on SPF "fail". (There is plans to SMTP reject.)

=>We recently enabled this, and the result is that we have many support
=>tickets from users who no longer receive mail from rejected senders.
=>These senders are legitimate, however, they have "bad" SPF records.

We did this a could of years ago....

Re: Question about SPF email filtering David Pirolo (Feb 09)
We implemented this a few years ago. It is integrated with our email
filter and helped eliminate quite a noticeable amount of spam and
spoofing. Rather than just rejecting all the email, known bad is
rejected, and questionable has the subject modified with the status.
This took some configuring in the filter. The business mail systems we
work with most frequently had to have there IPs added to our SPF record.

You may need to contact the senders...

Re: Question about SPF email filtering Jason Todd (Feb 09)
We're using it but we only tag the message as possible spam if SPF fails. SPF doesn't work well with e-mail forwarding.

Jason Todd
Network Security Officer
Western University of Health Sciences

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dye, Jan
Sent: Thursday, February 09, 2012 9:17 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Question about SPF email...

Re: Question about SPF email filtering Dye, Jan (Feb 09)
Sorry about the duplicate posts, everyone.

Jan Dye
Messaging Services

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dye, Jan
Sent: Thursday, February 09, 2012 11:17 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Question about SPF email filtering

I'm just curious to see how many of you have enabled SPF filtering on your email systems?

We recently enabled this,...

Question about SPF email filtering Dye, Jan (Feb 09)
I'm just curious to see how many of you have enabled SPF filtering on your email systems?

We recently enabled this, and the result is that we have many support tickets from users who no longer receive mail
from rejected senders. These senders are legitimate, however, they have "bad" SPF records.

We're wondering how other institutions are handling this, and if SPF checking is really worth it.

If I've posted this on the...

Question about SPF filtering Dye, Jan (Feb 09)
I'm just curious to see how many of you have enabled SPF filtering on your email systems?

We recently enabled this, and the result is that we have many support tickets from users who no longer receive mail
from rejected senders. These senders are legitimate, however, they have "bad" SPF records.

We're wondering how other institutions are handling this, and if SPF checking is really worth it.

If I've posted this on the...

Internet Issues and Infrastructure

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

Re: couple of questions regarding 'lifeline' and large scale nat... Leo Bicknell (Feb 10)
In a message written on Fri, Feb 10, 2012 at 03:19:24PM -0600, Eric J Esslinger wrote:

Comcast has a program with some of the best marketing around it right
now, their Internet Essentials service: http://www.internetessentials.com/

$9.95/month, 1.5Mbps down, 384kbps up.

Carriers do not want to run NAT's. You can go read the archives of the
CGN (Carrier Grade NAT) discussions where folks are looking at moving
the NAT into the service...

Re: PGP, S/MIME + SSL cross-reference (Was: Dear RIPE: Please don't encourage phishing) Leo Bicknell (Feb 10)
In a message written on Fri, Feb 10, 2012 at 04:15:19PM -0500, William Herrin wrote:

You're reply is along the lines of what several other folks have
told me privately, and I think they all miss the mark of where I
am going with my suggestion.

Hypothetically, I get an e-mail from ripe.ca, which uses some trick
(perhaps as simple as HTML text and link that go to different places)
to visually show me ripe.net and actually sends me to...

couple of questions regarding 'lifeline' and large scale nat... Eric J Esslinger (Feb 10)
We're toying with the idea of a low bitrate 'lifeline' internet on our cable system, maybe even bundled with a certain
level of cable service.

First question, if you happen to be doing something like this, what bit rates are you providing.
Second question, though 'real' internet customers all get real IP's, what would you think of doing something like this
with 'large scale' nat instead. Understand,...

Re: PGP, S/MIME + SSL cross-reference (Was: Dear RIPE: Please don't encourage phishing) William Herrin (Feb 10)
The problem space is that most folks won't catch the difference
between an email and link from ripe.net, ripe.org and ripe.ca. The
game is lost long before a purely technical version of validating the
message source becomes an issue.

Regards,
Bill Herrin

Re: Dear RIPE: Please don't encourage phishing Jay Ashworth (Feb 10)
----- Original Message -----

"Just because people say you're paranoid, that doesn't mean that there
*aren't* people out to get you."

Cheers,
-- jra

Re: Dear RIPE: Please don't encourage phishing Steven Bellovin (Feb 10)
The really hard parts are (a) getting the users to pay attention to the
validation state (or, more precisely, the lack thereof on a phishing
email, and (b) get them to do it *correctly*.

Some of the browser password managers have protection against phishing as
a very useful side-effect: if they don't recognize the URL, they won't pony
up the correct login and password. That's much better than hoping that
someone notices the...

Re: Dear RIPE: Please don't encourage phishing Steven Bellovin (Feb 10)
Yup -- I wrote about that a while back (https://www.cs.columbia.edu/~smb/blog/2011-10/2011-10-02.html)

What's the line -- "I know I'm paranoid, but am I paranoid enough?"

--Steve Bellovin, https://www.cs.columbia.edu/~smb

Re: PGP, S/MIME + SSL cross-reference (Was: Dear RIPE: Please don't encourage phishing) Leo Bicknell (Feb 10)
In a message written on Fri, Feb 10, 2012 at 11:11:18AM -0800, Ryan Malayter wrote:

You are correct that I maligned Windows in a way I shouldn't have
done. Indeed, I've been very impressed with the software they make
to manage certificates in the enterprise before, making it quite
easy to roll out per user certificates for VPN's or E-Mail and dump
it in the certificate store.

I think my view was incorrectly colored by the fact...

Re: Iran blocking essentially all encyrpted protocols Marshall Eubanks (Feb 10)
And in response

http://www.forbes.com/sites/andygreenberg/2012/02/10/as-iran-cracks-down-online-tor-tests-undetectable-encrypted-connections/

(quoting) :

“Basically, say you want to look like an XMPP chat instead of SSL,” he
writes to me, referring to a protocol for instant messaging as the
decoy for the encrypted SSL communications. “Obfsproxy should start
up, you choose XMPP, and obfsproxy should emulate XMPP to the point
where even a...

Re: Dear RIPE: Please don't encourage phishing Jay Ashworth (Feb 10)
----- Original Message -----

I don't know that we would have any way to know that a demised company went
down due to a spearphish... but yes, I was exaggerating.

Cheers,
-- jr 'hyperbole and a half!' a

Re: Dear RIPE: Please don't encourage phishing Valdis . Kletnieks (Feb 10)
On Fri, 10 Feb 2012 14:44:29 EST, Jay Ashworth said:

Has this ever been spotted in the wild? Serious question - most of the well-publicized
spearphishing attacks lately the victim company is still around.

Re: Dear RIPE: Please don't encourage phishing Jay Ashworth (Feb 10)
----- Original Message -----

The problem is you need the 3rd visual...

a picture of an abandoned factory, with the doors flapping in the wind,
bceause the company went out of business because someone got spearphished.

Cheers,
-- jra

Re: Dear RIPE: Please don't encourage phishing Rich Kulawiec (Feb 10)
I agree. Training your customers/clients to click on URLs in email
messages is precisely equivalent to training them to be phish victims.

I teach people to (carefully!) bookmark the sites that they use which
require passwords, and to always use those bookmarks -- that is, *never*
to use the links in any mail message or on any web page.

(Of course, an attacker in control of their browser could manipulate the
bookmarks, but there is little...

Re: Dear RIPE: Please don't encourage phishing JC Dill (Feb 10)
Freakonomics recently aired a story about the problem of getting Doctors
to follow hand hygiene rules and wash their hands as frequently as they
are supposed to (upon entering and leaving each patient's room) to avoid
spreading disease. One of the biggest problems with changing behavior
with doctors (and with technical people) is that the smarter people are,
the more they chafe at being told they aren't doing things the correct...

Re: PGP, S/MIME + SSL cross-reference (Was: Dear RIPE: Please don't encourage phishing) Ryan Malayter (Feb 10)
Windows has had its own centralized certificate store and APIs since
NT 4.0's release in 1996.

Firefox and Java are the only mainstream software can think of on
Windows that insists on using their own certificate stores (really
just a "pile of world-readable files") instead of the built-in per-
machine+per-user certificate store on Windows.

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

Risks Digest 26.70 RISKS List Owner (Jan 02)
RISKS-LIST: Risks-Forum Digest Monday 2 January 2012 Volume 26 : Issue 70

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/26.70.html>
The current issue can be...

Risks Digest 26.69 RISKS List Owner (Dec 29)
RISKS-LIST: Risks-Forum Digest Thursday 29 December 2011 Volume 26 : Issue 69

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/26.69.html>
The current issue can...

Risks Digest 26.68 RISKS List Owner (Dec 28)
RISKS-LIST: Risks-Forum Digest Weds 28 December 2011 Volume 26 : Issue 68

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/26.68.html>
The current issue can be...

Risks Digest 26.67 RISKS List Owner (Dec 20)
RISKS-LIST: Risks-Forum Digest Tuesday 20 December 2011 Volume 26 : Issue 67

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/26.67.html>
The current issue can...

Risks Digest 26.66 RISKS List Owner (Dec 06)
RISKS-LIST: Risks-Forum Digest Tuesday 6 December 2011 Volume 26 : Issue 66

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/26.66.html>
The current issue can be...

Risks Digest 26.65 RISKS List Owner (Nov 29)
RISKS-LIST: Risks-Forum Digest Tuesday 29 November 2011 Volume 26 : Issue 65

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/26.65.html>
The current issue can...

Risks Digest 26.64 RISKS List Owner (Nov 26)
RISKS-LIST: Risks-Forum Digest Saturday 26 November 2011 Volume 26 : Issue 64

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/26.64.html>
The current issue can...

Risks Digest 26.63 RISKS List Owner (Nov 22)
RISKS-LIST: Risks-Forum Digest Tuesday 22 November 2011 Volume 26 : Issue 63

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/26.63.html>
The current issue can...

Risks Digest 26.62 RISKS List Owner (Nov 18)
RISKS-LIST: Risks-Forum Digest Friday 18 November 2011 Volume 26 : Issue 62

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/26.62.html>
The current issue can be...

Risks Digest 26.61 RISKS List Owner (Nov 13)
RISKS-LIST: Risks-Forum Digest Sunday 13 November 2011 Volume 26 : Issue 61

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/26.61.html>
The current issue can be...

Risks Digest 26.60 RISKS List Owner (Nov 11)
RISKS-LIST: Risks-Forum Digest Friday 11 November 2011 Volume 26 : Issue 60

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/26.60.html>
The current issue can be...

Risks Digest 26.59 RISKS List Owner (Oct 23)
RISKS-LIST: Risks-Forum Digest Sunday 23 October 2011 Volume 26 : Issue 59

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/26.59.html>
The current issue can be...

Data Loss — Data Loss covers large-scale personal data loss and theft incidents. This archive combines the main list (news releases) and the discussion list.

Alleged Foxconn hack allowed bogus orders to be placed for vendors security curmudgeon (Feb 10)
---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.appleinsider.com/articles/12/02/09/alleged_foxconn_hack_allowed_bogus_orders_to_be_placed_for_vendors.html

By Josh Ong
Apple Insider
February 9, 2012

A "Greyhat" hacking group announced this week that it had successfully
hacked contract manufacturer Foxconn and released usernames and passwords
for vendors that could be used to...

BREACH: Intuit Spearphishing attack Corey Quinn (Feb 08)
I received an interesting email yesterday to a tagged address given only to Intuit for tax purposes two years ago (link
removed):

Dear Account Holder,

With intent to ensure that precise information is being sustained on our systems, as well as to provide you better
quality of service; INTUIT INC. has taken part in the Internal Revenue Service [IRS] Name and TIN Matching Program.

It appears that your name and/or Social Security Number, that...

Report: Data breaches from unencrypted devices up 525% in 2011 security curmudgeon (Feb 08)
---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.fiercehealthit.com/story/report-data-breaches-unencrypted-devices-525-2011/2012-02-01

By Dan Bowman
FierceHealthIT
February 1, 2012

Healthcare organizations need to "serve as their own watchdog" to increase
security and decrease data breaches, a new report from IT security audit
firm Redspin concludes. The increase in "bring...

follow-up: Midlothian Council fined for personal data breaches security curmudgeon (Feb 01)
http://www.bbc.co.uk/news/uk-scotland-edinburgh-east-fife-16780239

29 January 2012 Last updated at 19:03 ET

Midlothian Council fined for personal data breaches

Midlothian Council has been fined £140,000 for sending sensitive personal
data about children and their carers to the wrong people.

It is the first Scottish organisation to be served with such a penalty by
the Information Commissioner's Office.

The local authority made errors...

Breaches, like history, repeat themselves security curmudgeon (Jan 31)
---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.csoonline.com/article/699021/breaches-like-history-repeat-themselves

By George V. Hulme
CSO
January 30, 2012

Two recent studies show that if organizations simply focused on IT
security basics, they'd make great strides in reducing their risk of
embarrassing, avoidable and often costly data breaches.

Security firm Imperva examined...

Rite Aid Agrees to Pay $1 Million to Settle HIPAA Privacy Case Jake Kouns (Jan 30)
http://www.databreaches.net/?p=12716

Rite Aid Corporation and its 40 affiliated entities (RAC) have agreed
to pay $1 million to settle potential violations of the Health
Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy
Rule, the U.S. Department of Health and Human Services (HHS) announced
today. In a coordinated action, RAC also signed a consent order with
the Federal Trade Commission (FTC) to settle potential violations of...

Six-Year-Old Breach Comes Back To Haunt Symantec Jake Kouns (Jan 30)
http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/232500587/six-year-old-breach-comes-back-to-haunt-symantec.html

Security firm warns users to halt use of pcAnywhere until it finishes
patching it, but says older Norton products not at risk from
previously 'inconclusive' 2006 security incident

There are security advisories and there are patches, but rarely are
there outright warnings from a software vendor...

Are You at Risk? What Cybercriminals Do With Your Personal Data Jake Kouns (Jan 30)
http://www.networkworld.com/news/2012/012612-are-you-at-risk-what-255369.html?hpg1=bn

When Zappos notified its customers that their names, email addresses,
billing and shipping addresses, phone numbers and the last four digits
of their credit card numbers may have been exposed during a data
breach earlier this month, the online shoe retailer emphasized that
"critical credit card and other payment data was NOT affected or
accessed."...

White House Presses For New Cybersecurity Laws Jake Kouns (Jan 30)
The White House is urging Congress to pass President Obama's
cybersecurity legislation in 2012 to give officials the authority they
need to combat "growing and increasingly sophisticated cyberthreats,"
according to the leading U.S. cybersecurity official.

White House Cybersecurity Coordinator Howard Schmidt called for
legislators to "modernize" outdated laws surrounding cybersecurity by
supporting the broad legislative...

Univ. of Hawaii settles with 98, 000 over five breaches Jake Kouns (Jan 30)
http://www.scmagazine.com/univ-of-hawaii-settles-with-98000-over-five-breaches/article/225158/

The University of Hawaii (UH) has settled a class-action data breach
lawsuit brought by nearly 100,000 students, faculty, alumni and staff,
according to the plaintiffs' lawyers.

The suit relates to five breaches in all, including one involving the
inadvertent posting online of personal information by a faculty member
who accidentally uploaded...

US Security Chief Calls EU 24 -Hour Data Breach Notification Rule ‘Unworkable ’ Jake Kouns (Jan 30)
http://www.techweekeurope.co.uk/news/us-security-chief-calls-eu-24-hour-data-breach-notification-rule-absolutely-unworkable-56752

New data privacy regulations being considered by the European Union
will present serious complications for US companies doing business in
Europe, according to Bob Quinn, an AT&T security and data privacy
executive who took part in a panel at the George Washington University
School of Law in Washington, DC.

For...

Firms face tough new EU fines for data breaches Jake Kouns (Jan 30)
NEWS
Businesses may be fined two percent of turnover for serious data
breaches under tough new data-protection rules proposed by the
European Commission.

EU commissioner Viviane Reding has said firms could be fined up to two
percent of turnover for serious data breaches, under new proposals.

Firms should inform national data-protection authorities within a day
of serious exposure of personal data, justice commissioner Viviane
Reding told a...

Data breach exposes info on NY utility customers Jake Kouns (Jan 30)
http://gcn.com/articles/2012/01/25/agg-ny-utilities-data-breach.aspx

Nearly 2 million customers of two New York-based utility companies
have had personal data compromised in a data breach, Threat Post
reports.

The New York State Public Service Commission said Jan. 23 that it was
looking into an incident in which a software consulting firm employee
gained unauthorized access to the databases of New York State Electric
& Gas and Rochester Gas...

IT Pros Believe Data Breach Harm Assessment Is More Valuable Than Victim Notification, Study Says Jake Kouns (Jan 30)
http://www.pcworld.com/businesscenter/article/248724/it_pros_believe_data_breach_harm_assessment_is_more_valuable_than_victim_notification_study_says.html

IT professionals believe that assessing the potential harm caused by
data breaches is more useful to mitigating the effects of such
incidents than notifying affected individuals, according to a survey
published on the day the European Union's proposed a 24-hour deadline
for data breach...

fringe: O2 apology for disclosing mobile phone numbers online security curmudgeon (Jan 30)
http://www.bbc.co.uk/news/technology-16725531

25 January 2012 Last updated at 13:29 ET

O2 apology for disclosing mobile phone numbers online

O2 has apologised for a technical problem which caused users' phone
numbers to be disclosed when using its mobile data.

The company said it normally only passed numbers to "trusted partners".

A problem during routine maintenance meant that from 10 January numbers
could have been seen by...

Open Source Tool Development

Metasploit — Development discussion for Metasploit, the premier open source remote exploitation tool

leet generator Carlos Pantelides (Feb 10)
Hi:

I've made a ruby script that given a word generates leet transformations to stdout or a file. Perhaps it could be
useful to feed some modules.

If it sounds interesting to you, tell me. I'll paste it and make any needed changes, if I can.

Carlos Pantelides

-----------------
http://seguridad-agile.blogspot.com/

Re: Using sudo as root cons0ul (Feb 09)
Hi,

Maybe this is not an issue but I think worth to mention
http://ubuntuforums.org/showthread.php?t=1501339

cheers,
cons0ul
--------------------------------------------------------------------------------------------------------------------------
one liner - while true;do SEED=`rand`;zzuf -s$SEED -r0.01 <seed.file

seed.log;done

[Announcement] ClubHack Magazine Issue 25, Feb 2012 Released Abhijeet Patil (Feb 07)
Dear All,

ClubHack Magazine's Issue-25, Feb 2012 is released. The theme for this
issue is Network Exploitation and Security.

This issue covers following articles:-

0x00 Tech Gyan - Exploiting Remote System without Being Online
0x01 Tool Gyan - Cain and Abel: The Black Art of ARP Poisoning
0x02 Mom's Guide - Firewall 101
0x03 Legal Gyan - Liability of Intermediaries under the Information
Technology Act
0x04 Matriux Vibhag -...

Re: problems using SMB_enumshares on Windows 2008R2? HD Moore (Feb 07)
By default windows 2008 will use SMB2, but its not mandatory. Can you
look at a pcap of the metasploit module?

problems using SMB_enumshares on Windows 2008R2? Mee, John H (Feb 02)
I cannot get a list of known shares on a Windows 2008R2 Datacenter
edition. I get messages indicating that it successfully scanned the
server (this is test server in my lab), and I can get to a known share
via "net use" and nMap shows it is alive and well, but likewise, it does
not return any shares.

Based on the .pcap files, it appears that smb_enumshares uses lanman and
2008R2 uses smb2 queries.

Are there any alternatives, fixes,...

Fwd: against EMET? Joshua Smith (Feb 02)
Oops, forgot to include the list...
-Josh

Re: against EMET? Joshua Smith (Feb 01)
Tho if u r just talking about binary payloads you'll want to google around, scriptjunkie has a nice write up on it from
a while back (scriptjunkie.us). Has to do with the stub msf uses to generate the binary iirc

-Josh

Re: against EMET? Joshua Smith (Feb 01)
In the case you specified you would get caught because you are using psexec, just like many AVs might detect use of the
sysinternals version. MSF's psexec is fundamentally different from most other MSF exploit mods, with psexec u are
exploiting your knowledge of creds or hashes. A regular exploit payload would not usually be an exe as the payload is
being injected into a running process.

-Josh

Re: against EMET? Chip (Feb 01)
It is my understanding that although Metapsloit can create custom
payloads as such:

msf > use exploit/windows/smb/psexec
msf exploit(psexec) > set EXE::Custom /tmp/mypayload.exe
EXE::Custom => /tmp/mypayload.exe

these would generally be detected by AV (correct me if I'm wrong).

Is there someplace on the net where we can learn how to generate "real"
custom payloads that can then be folded into Metapsloit?

Thanks.

Re: against EMET? HD Moore (Feb 01)
The stager is used for both EXE generation and normal payloads
(in-memory). AV detection is usually due to the EXE generator's output
template hitting known signatures or the mechanics of the stager being
detected encoded on disk (but the former is much more common). Getting
some experience writing custom payloads of any type (whether its a
stager, stage, or single in metasploit terms) will help with HIPS, IDS,
and AV evasion.

-HD

Re: against EMET? Stephen Haywood (Feb 01)
Is the stager typically caught by the AV because it gets written to disk
but the payload doesn't get caught because it is in memory? If that is the
case, then learning how to write custom stagers is a good skill to have for
bypassing AV right?

Re: against EMET? HD Moore (Jan 31)
The problem is a bit of cat-and-mouse - no plans now to rework payloads
and stagers to avoid it, but we may do so if it becomes default at some
point. The previous EAF and other hook filters were easy to bypass, but
even between 2.0 and 2.1 changes were made to how the hooks were done.

If you want to get started, the stager code is likely your best bet -
once its been modified to do whatever is needed for EMET-$current, you
can use the rest of...

Re: framework Digest, Vol 48, Issue 15 PCanyi (Jan 31)
http://technet.microsoft.com/en-us/security/gg524265

These are some words in the page as bellows:

This mitigation has proved to be quite effective, and even the author of the metasploit module for this vulnerability
suggests installing EMET so it will be harder to successfully exploit the vulnerability.

Mandatory ASLR it just one of the six mitigations bundled with EMET version 2.0. To read more about EMET, including a
link to the...

against EMET? Jun Koi (Jan 30)
hi,

i am wondering how we are doing against EMET (running on Windows XP, for ex)?
is it true that most (or even all?) exploits in Metasploit fail against EMET?

if so, is there any plan to fix the problem?

many thanks,
Jun

Re: Using sudo as root Tod Beardsley (Jan 29)
I'm not entirely sure what the difference is that Danux escreveu is
describing -- two different msfconsole's maybe? But regardless:

To retain your environment, and if BT5 has rvm, you can either

rvmsudo msfconsole

or if not:

sudo -s -E msfconsole

and the -E should keep your old env settings.

-todb

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

Re: rs232 dissection? Guy Harris (Feb 10)
As long as the 64-bit packets are written in a file format that Wireshark can understand, it should be possible to make
Wireshark dissect the packets.

To *capture* the packets in Wireshark would require some more work.

As for the file format, you could:

use one of the USERn link-layer type values in a pcap or pcap-NG file, and set up your dissector to handle that
USERn type;

get a link-layer header type value officially...

rs232 dissection? eymanm (Feb 10)
I'm looking into using wireshark to dissect rs232 trafic. No Ethernet. Data
is organised in 64-bit packets. Can somebody weigh if this is doable, and
if so, suggest a brief implementation plan?

Thx'
-ME

Re: SSL decryption breaks after retransmission Max Dmitrichenko (Feb 10)
2012/2/10 Martin Wilck <martin.wilck () ts fujitsu com>

It will not work "out of the box". A higher level dissector has to assist
this and needs a patch.

Actually the problem is that TCP is not a datagram but stream protocol. A
subdissector for any protocol over TCP should not ignore this fact.

In general, there are following cases.

0) Any TCP based dissector should be prepared to receive a TVB containing
more than one logical...

Re: SSL decryption breaks after retransmission Martin Wilck (Feb 10)
I built wireshark with this patch applied, but it didn't solve my
problem. I still need to tell wireshark manually to ignore the
retransmitted packets in order to get proper SSL decryption of the
follow-up SSL stream.

Martin

Re: SSL decryption breaks after retransmission Max Dmitrichenko (Feb 10)
2012/2/10 Martin Wilck <martin.wilck () ts fujitsu com>

Yep!

Re: SSL decryption breaks after retransmission Martin Wilck (Feb 10)
Thanks - I assume you're talking about
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5971 ?

Martin

Re: SSL decryption breaks after retransmission Max Dmitrichenko (Feb 10)
2012/2/10 Martin Wilck <martin.wilck () ts fujitsu com>

I have made a patch and put it into the bug tracker about half a year ago.
Now I think it could be implemented better than it is, but I have not
discussed it with core developers and I've made it in a way to not break
anything existing. It is done in the TCP desegment layer but needs some
assistance from upper layer.

AMR Raw Output from Wireshark not playing in players NITIN GOYAL (Feb 10)
Hi

I have an issue related to the AMR codec in RTP.

I have RTP capture in pcap form having the AMR-NB and AMR-WB codecs.

Now, using the RTP stream analysis, i have extracted the raw output but I
am not able to play that extracted raw output in any of the player.

Is there any way i can play that raw output or decode it and it save it raw
format or re-encode it to some other format?

Regards
Nitin

SSL decryption breaks after retransmission Martin Wilck (Feb 10)
Hello,

I just stumbled upon the known problem "SSL decryption breaks after
retransmission"
(http://www.wireshark.org/lists/wireshark-dev/200805/msg00067.html) with
wireshark 1.6.5.

I wonder if a patch for this issue is available? Is anybody working on this?

Martin

Re: Logical error in r37159 Joerg Mayer (Feb 09)
Applied to trunk: Committed revision 40951.

Thanks!
Jörg

Logical error in r37159 Sean Bright (Feb 09)
In r37159, the following change was made to ui/gtk/rtp_player.c:

@@ -1654,9 +1636,7 @@
GtkWidget *dialog;

/* we should never be here if we are in PLAY and !PAUSE */
- if(!rtp_channels->stop&& !rtp_channels->pause){
- exit(10);
- }
+ g_assert(!rtp_channels->stop&& !rtp_channels->pause);

The logic, however, was not negated properly. The correct assertion should be:...

Re: 1.7.1 bug? tcp.flags == 0x8c2 Christopher Maynard (Feb 09)
Lanell Allen <blanellallen () > writes:

Well first off, that filter is incorrect if you're trying to match packets with
only the SYN, ECN and CWR bits set. The only way it would work is if the
high-order bit of the 3-bit reserved field also happens to be set, which I
doubt. In your case, I think the proper filter should be: "tcp.flags == 0x0c2".

That aside, since the nonce and reserved bits were added to the TCP flags...

1.7.1 bug? tcp.flags == 0x8c2 Lanell Allen (Feb 09)
[SYN, ECN, CWR]

Re: [Wireshark-commits] rev 40877: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-dns.c Jeff Morriss (Feb 09)
Joerg Mayer wrote:

I (have now) tried a one-loop approach (see attached) but it is,
interestingly, many times slower than the 3-loop approach (I've seen
from ~3-20 *times* slower). My regexps book gives some hints, when
explaining non-capturing parenthesis, that capturing parenthesis can be
expensive, but wow... (Then again, I guess there _are_ lots of variable
assignments that lead to false matches of the first half of that...

Re: Adding name resolution blocks in Wireshark Guy Harris (Feb 08)
For privacy reasons?

Are there situations where you don't mind sending somebody a capture file with IP and MAC addresses from your network
but you would mind sending them a capture file with that *and* an address-to-host-name mapping? If not, perhaps
anonymizers need to strip NRBs from pcap-ng files (note that any anonymizer that uses libpcap will automatically remove
NRBs, because the libpcap code to read a pcap-ng file ignores NRBs,...

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

Re: initial Patches for compiling snort 2.9.2 and daq 0.6.2 on solaris Russ Combs (Feb 10)
Thanks, we'll have a look. Something is broken with sf_types.h.

------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/_______________________________________________...

Initial Patches to compile snort 2.9.2 in Solaris Luis (Feb 10)
Hi all:

following on this thread, I attempted to make a 'patch' to compile snort
2.9.2 on Solaris (Sparc). attached.

did a brief test of uncompressing the original tar file, applying the
patch, configure and gmake. it seems to work. (had to exclude the
Makefiles and other files that get changed by the build process. also, I
did not compile with --enable-ipv6 by the way. (not yet)...

also, to compile the daq, here's a patch...

initial Patches for compiling snort 2.9.2 and daq 0.6.2 on solaris Luis (Feb 10)
howdy:

Attempted to make 'patch' files to compile snort 2.9.2 on Solaris
(Sparc). attached.

did a brief test of uncompressing the original tar file, applying the
patch, configure and gmake. it seems to work. (had to exclude the
Makefiles and other files that get changed by the build process. also, I
did not compile with --enable-ipv6 by the way. (not yet)...

also, to compile the daq, here's a patch (also attached) of a...

Re: on snort Joel Esler (Feb 10)
Here's my dilemma.... help you troubleshoot this, or point to the warning
in the start up:

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! WARNING: The database output plugins are considered deprecated as
!! of Snort 2.9.2 and will be removed in Snort 2.9.3.
!! The recommended approach to logging is to use unified2 with
!! barnyard2 or similar....

on snort Jagan Mohan Reddy D (Feb 10)
While running the following command, i got some database errors.

I was configured with Mysql+BASE+ Barnyard2

$ sudo /usr/local/snort/bin/snort -i eth0 --daq-dir=/usr/local/lib/daq -l
/var/log/snort -c /usr/local/snort/etc/snort.conf

Running in IDS mode

--== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file "/usr/local/snort/etc/snort.conf"
PortVar...

Re: Basics of setting up an inline snort installation Dave Kelly (Feb 09)
Thanks Lynemose and Russ, hopefully that'll be enough to get me going.

I'd tried googling snort inline and have read the manual but couldn't
quite make it work in my head. It's clicked, talking about bridging.
I'll be playing with that now, and I'm sure I'll be back with more
questions :-)

------------------------------------------------------------------------------
Virtualization & Cloud Management...

Re: Some notes about today's VRT Rule release for 02/09/2012 Joel Esler (Feb 09)
What do they mean?
I think I did a blog post on it, let me go check.. <checks> Yes. I talked about them here:
http://blog.snort.org/2012/01/importance-of-pulledpork.html

So, what we've done is made the default "out of the box" experience for everyone (oinkmaster, plain download, or
pulledpork without policy specification) the same. Everyone is running rules in the "balanced-ips" policy, unless,
you've...

Re: Some notes about today's VRT Rule release for 02/09/2012 Joel Esler (Feb 09)
I see what you are saying. I usually don't send an email to the list. Usually the list only gets the email from
research with the direct link that I pointed out before. (of course, after which you have to select the version of
Snort you are running, So, yes, two clicks).

But I thought it important enough that I send a one off email so the community know the awesome change we made in the
rule build.

J...

Re: Some notes about today's VRT Rule release for 02/09/2012 waldo kitty (Feb 09)
erk! Aug 2011, not 2001 :?

http://seclists.org/snort/2011/q3/229

------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/

Re: Some notes about today's VRT Rule release for 02/09/2012 waldo kitty (Feb 09)
yes, i've seen those but they mean nothing to me or anything i know of that we
use with snort... i did actually go digging about and found a post by you back
in aug 2001, on the 4th or 11th i think, where you did explain a bit of this...

ok... i'm still not sure what "playing field", though ;)

understood and i thank you... but i'm not sure, yet, how it is going to effect
my setup... i'll find out soon enough if...

Re: Some notes about today's VRT Rule release for 02/09/2012 Miso Patel (Feb 09)
Thank you Joel. Actually I was hoping to have the information in the email
itself. Sorry to not be clear on that.

I figure if I already get an email then I don't need to go to a web page.
Although but apparently I do. What ends up happening is I have to go
digging thru multiple web pages since after the first web page, I has to
access more URIs since the details on what was updated is not there either
on the first page. SO you have...

Re: Some notes about today's VRT Rule release for 02/09/2012 Joel Esler (Feb 09)
field. "policy connectivity-ips, policy balanced-ips, and policy
security-ips"

This change will not affect Oinkmaster at all. In fact, those of you that
were using things other than PulledPork that didn't have flowbit
auto-resolution or policy enforcement are now running the exact same
policies (and dependancies) that those that are. That's what we mean by
"leveling the playing field".

Actually, Waldo, you were...

Re: Some notes about today's VRT Rule release for 02/09/2012 Joel Esler (Feb 09)
The changes for each release are posted here:

http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2012-02-09.html

All you have to do, technically, is change the date, this the page that I
link from the blog entires.

All the changelogs are found here: http://www.snort.org/vrt

I don't think we need to publish a further detail of the update within the
rule package itself.

J

Re: Some notes about today's VRT Rule release for 02/09/2012 waldo kitty (Feb 09)
[trim]

ok...

ok...

what policy? i've understood most things up to here... we do not use any
"policy" rules in our configuration... at least nothing specifically... i don't
believe that we even include the policy.rules file(s)... so one has to ask, what
policy? where can one see this policy? does this change blow things up like
oinkmaster's disablesid option?...

Re: Some notes about today's VRT Rule release for 02/09/2012 Miso Patel (Feb 09)
It it possible to have the "VRT" rule updates actually contain a synopsis
of what was updated so people don't have to wade thru multiple web pages
just to see them?

Thanks!1

Miso, CISO

------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to...

OpenVAS — Development and announcements regarding OpenVAS, a free network security scanner which forked from Nessus. This is a combination of the English openvas-announce, openvas-devel, openvas-discuss, and openvas-plugins lists.

Re: Special exit code to mark non-vulnerable Jan-Oliver Wagner (Feb 10)
no, its independent of report_paranoia.
A NVT can always decide to report 99 when the test it must
do shows no vulnerability. It is up to the manager do help
user judge about the worth of this information.
It is also in conjunction with the test type.

We comitted this for a number of NVTs. It has no effect
for OpenVAS users but we can experiment now with the results
to elaborate the best use cases.

Best

Jan

Re: Breaking up NVT Description Jan-Oliver Wagner (Feb 10)
how about this approach:
We add a scanner preference "tags_added_to_desc"
which contains a list like "xrefs, cve, solution".
In other words, a list of tag names that are then
added by the scanner when sending the result text.
Like before it was done with CVE/BID.

So, users can specify what they want to have in the results
even after we broke up the descriptions.

We can even backport easily to OpenVAS-4 so that those users...

Re: Breaking up NVT Description Jan-Oliver Wagner (Feb 10)
Chandra,

thats a good idea. Can you find out the elements as used by OVAL that
might fit our needs and purposes?

Best

Jan

Re: file:///mnt/Server/repodata/repomd.xml: [Errno 5] OSError: [Errno 2] No such file or directory: '/mnt/Server/repodata/repomd.xml' Morne Fourie (Feb 10)
HI.

I was able to get an old machine working with openvas. Now I need to figure out how to get all the modules loaded so as
to be able to do a scan on a remote machine. I will read the documentation. Thanks for your help.

Regards,

Morne Fourie
IT Manager
AMARA Tech (Pty) Ltd

Mobile:          +27 83 283 5893
Office:          +27 21 551 8501
Fax:             +27 21 552 9965

www.amaragroup.co.za
...

Re: file:///mnt/Server/repodata/repomd.xml: [Errno 5] OSError: [Errno 2] No such file or directory: '/mnt/Server/repodata/repomd.xml' Michael Meyer (Feb 10)
*** Morne Fourie <morne () amaratech co za> wrote:

doesn't look like you have _full_ connectivity to the internet. Rsync
is at port 873/tcp. Try "openvas-nvt-sync --wget". Maybe thats working
for you.

Micha

Re: file:///mnt/Server/repodata/repomd.xml: [Errno 5] OSError: [Errno 2] No such file or directory: '/mnt/Server/repodata/repomd.xml' Morne Fourie (Feb 10)
HI.

Yes, I am behind a firewall but the machine has full connectivity to the internet.

Regards,

Morne Fourie
IT Manager
AMARA Tech (Pty) Ltd

Mobile:          +27 83 283 5893
Office:          +27 21 551 8501
Fax:             +27 21 552 9965

www.amaragroup.co.za
http://www.amaragroup.co.za/Disclaimer.aspx

-----Original Message-----
From: openvas-discuss-bounces () wald intevation org [...

Re: libgnutls.so.26 Morne Fourie (Feb 10)
HI.

I did try bot of these with no luck. I don’t want to pay for assistance until I am sure this is the product we will be
going with.

Regards

Morne Fourie
IT Manager
AMARA Tech (Pty) Ltd

Mobile:          +27 83 283 5893
Office:          +27 21 551 8501
Fax:             +27 21 552 9965

www.amaragroup.co.za
http://www.amaragroup.co.za/Disclaimer.aspx

-----Original Message-----
From:...

overrides not working :-( Reindl Harald (Feb 09)
hi

last month i marked all low-threats where running services was
found as override to low with "result 364dabde-a79d-4e70-9c34-33f130004ea2"
or whatever hash there was instead of "any" to get really only notified
if the result will change

currently the monthly scan is running and i get all them again
example attached

what is going wrong here?

Re: Call for vote: CR59 (NVT Feed message consolidation) Jan-Oliver Wagner (Feb 09)
thanks for the votes. I've marked the CR as "in progress" now.

All the best

Jan

Re: rename debug_message to error_message Jan-Oliver Wagner (Feb 09)
yeah, thats one of the next stept to complete the error handling.
Not sure yet how to solve it best.

Guess, we'll see after we started the use of error_message.

Best

Jan

Re: rename debug_message to error_message Jan-Oliver Wagner (Feb 09)
yes, thats a good option. Logs may get very big for big scans, though.

Thats the idea ;-)

Best

Jan

Scanning process hanging at the end Derek Wuelfrath (Feb 09)
hi there,

I have some kind of intermitent issue.
When triggering scan, there's a new openvassd process forked from the
main one which usually run smoothly and end correctly.
But sometimes, the process is hanging at the end of the scan and using a
strace on the hanged process result in getting the following: recvfrom(6,

(I'm using escalators at end of the scan task with HTTP get)

If needed i'll join more of the stack trace....

Nikto output Allon Moritz - First Security (Feb 09)
Hello

I'm trying to include nikto into an openvas scan on a centos host running
the latest openvas versions from atomic. Nikto is also installed trough yum
and when I execute the following command I'm getting also a result.

date;openvas-nasl -t xx.xx.xx.xx/var/lib/openvas/plugins/nikto.nasl -X;date

Thu Feb 9 14:32:46 UTC 2012

Here is the Nikto report:

- Nikto v2.1.4...

gsd (desktop client) : Not able to save any report (it used to work) Morgan Cox (Feb 09)
Hi.

For the last few months I have not been get into the web gui
(https:ip:9392) - so we have been using the gsd (desktop) client to control
openvas.

I now can't save any report - in any format ...

- I can choose directory, etc - however when I save nothing happens.

I have had issue since starting openvas 4.x (openvas 3.x just worked all
the time..) I am sure it has to be server related as I have tried using gsd
on an old desktop that...

Re: Frequently unable to login to GSA (web gui) - unable to login at all now - please help. Morgan Cox (Feb 09)
Hi.

Sorry to re-open this - however I am still having the same issue ...

Its not a browser/firewall issue - I have tried 4 different browsers
(konqueror,chrome,firefox,opera)

If I go to https://IP:9392 I get the certificate warning, I accept it,
then it never logs in - just hangs...

Can anyone help debug this issue ?

I am running Debian stable (6)

Regards

On 25 November 2011 14:48, Matthew Mundell <matthew.mundell () greenbone...

More Lists

Related Resources

We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.