Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

[RFC] Remove 6/8 and 7/8 as reserved networks for -iR Daniel Miller (Jan 05)
List,

I was checking through the -iR feature and decided to look into the
ip_is_reserved function in libnetutil/netutil.cc, which is used to filter
the raw random addresses before scanning. Most of the stuff is still valid:
RFC 1918, IANA reserved stuff, multicast, etc. But there are also these two
lines, referring to the first octet:

case 6: /* USA Army ISC */
case 7: /* used for BGP protocol */...

Re: Nmap crashing Dan Baxter (Jan 05)
​Great. Here are the outputs of the requested runs. Sorry about not
CC'ing the list. I missed that the first time.

​

Starting Nmap 7.00 ( https://nmap.org ) at 2016-01-04 11:15 Eastern
Standard Time
Winpcap present, dynamic linked to: WinPcap version 4.1.3 (packet.dll
version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b
(20091008)
NPF service is already running.
Fetchfile found C:\Program Files (x86)\Nmap/nmap.xsl
The...

suppress NSOC INFO? Mike . (Jan 04)
just a quick question. when using the d2 debug flag, i notice alot of NSOCK INFO activity for read/write to sockets. if
i go to0 low with using 1, i don't get the info i want (watching what payload lines are sent doing a version query).
anyway we can still use d2 or above and suppress all that socket activity?

Mike

Re: nmap scanning of IPv6 hosts Craig Miller (Jan 04)
Hi Dan,

Good news, I moved to an embedded machine runing Arch which has a newer
version of nmap (v7.01). And the updated nse script runs.
[root@alarm scripts]# time nmap -6 -F -v --script-args newtargets --script
targets-ipv6-multicast-mld

Starting Nmap 7.01 ( https://nmap.org ) at 2016-01-04 21:19 UTC
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 21:19
Completed NSE at 21:19, 10.08s elapsed
Pre-scan script...

Re: nmap scanning of IPv6 hosts Daniel Miller (Jan 04)
Craig,

I'm not sure what could be causing the delay. You can use -d to increase
debugging output level, and at -d2 and higher, you will get a Lua stack
trace of all running threads when you press any key during execution. That
output would be helpful to diagnose the problem. Unfortunately, running
Nmap 6.40 under "sudo" makes this interaction impossible. We fixed that bug
in 6.49BETA1. I would still encourage you to upgrade Nmap...

Re: nmap scanning of IPv6 hosts Craig Miller (Jan 04)
Thanks Daniel,

I gave the new MLD script a try, and there is something not right.

cvmiller@hau:/usr/share/nmap/scripts$ time sudo nmap -6 -F -v --script-args newtargets --script
targets-ipv6-multicast-mld

Starting Nmap 6.40 ( http://nmap.org ) at 2015-12-31 17:26 PST
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 17:26
NSE Timing: About 50.00% done; ETC: 17:27 (0:00:31 remaining)
NSE Timing: About 50.00% done;...

Re: Nmap crashing Daniel Miller (Jan 04)
Gisle,

Thanks for the analysis. I applied a change in r35551 that uses a different
OpenSSL error reporting function that does not return NULL
(ERR_error_string). This has the added benefit of producing a more verbose
error string in this very unusual case.

You say that "a proper implementation" should handle a NULL pointer, but as
far as I can tell, POSIX just refers back to the ISO C standard, which does
not define a behavior in this...

Re: Nmap crashing Gisle Vanem (Jan 04)
Daniel Miller wrote:

I can confirm the following crashes (on Win-10):
nmap -Pn -d2 --script-trace --script "safe" scanme.nmap.org

This seems to be due to OpenSSL's ERR_reason_error_string()
(in __nsock_log_internal()) returns a NULL which Nmap's append_string()
doesn't handle. The call-stack:
nmap!append_string+0x20
nmap!xyzprintf+0x223
nmap!vasnprintf+0x4f
nmap!vasprintf+0x13
nmap!__nsock_log_internal+0x47...

Re: Nmap crashing Daniel Miller (Jan 04)
Of course it helps if I actually attach the script.

Re: Nmap crashing Daniel Miller (Jan 04)
Dan,

This is promising, since only one script was started before crashing. That
*should* mean that that script is solely responsible for the crash. We can
verify by selecting it by name: nmap -Pn -d2 --script mrinfo -sn

I also copied the relevant portions of the script (up until the first debug
statement that does not appear) into a separate script, test_crash.nse,
which I attached to this message. If you can run this script with the same...

Re: Nmap crashing Daniel Miller (Jan 04)
Dan,

Thanks for the bug report. This may be similar to a bug that has been
reported a couple times before ([1] and [2]). One user tracked this down to
something related to the -S feature, but I need to determine which script
is the trigger. If you can provide the full output of the following command
up until it crashes, that would be ideal:

nmap -Pn -d2 --script-trace --script "discovery and safe" -sn

If this does not actually crash...

Nmap crashing Dan Baxter (Jan 04)
Hi,

I'm running Nmap 7.00 on a Windows 8.1 x64 system. Every time I run a scan
with "Safe" scripts enabled, the Nmap will crash during the Script
Pre-scanning stage. I can run other script flags, such as Default, Vuln,
Malware, but Safe or Discovery will cause it to die.

C:\windows\system32>nmap -Pn -v --script "safe" scanme.nmap.org

Starting Nmap 7.00 ( https://nmap.org ) at 2015-12-31 10:12 Eastern
Standard Time...

Re: nmap scanning of IPv6 hosts Daniel Miller (Dec 31)
Craig,

I see you are using Nmap 6.40, released in July 2013. IPv6 support was one
of the biggest areas of improvement in the recent Nmap 7.00 release, so I
would encourage you to upgrade.

Regarding the MLD script specifically, we just fixed a bug and improved
detection [1], but the fix has not yet been released. You can get it by
downloading the script from the NSEdoc page [2] as well as the
multicast.lua library [3].

Dan

[1]...

Re: nmap scanning of IPv6 hosts Craig Miller (Dec 31)
Thanks again, David.

You are right, of course, the scripts are in /usr/share/nmap/scripts/

But I am still having trouble, the mld script detects no hosts:

cvmiller@hau:/usr/share/nmap/scripts$ nmap -6 -vv --script targets-ipv6-multicast-slaac.nse

Starting Nmap 6.40 ( http://nmap.org ) at 2015-12-31 11:17 PST
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 1) scan.
NSE: Script Post-scanning.
NSE:...

Re: nmap scanning of IPv6 hosts David Fifield (Dec 31)
Maybe I don't understand you. The scripts *are* part of Nmap. They are
included in the Ubuntu/Debian packages. You don't have to install
anything separately. Just try running the example command line I showed.

There are other IPv6 discovery scripts you might want to try.
nmap --script-help 'targets-ipv6-*'
https://nmap.org/nsedoc/scripts/targets-ipv6-map4to6.html...

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.

• Previous Year
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Nmap 7 Released! Fyodor (Nov 19)
Hi folks! After 3.5 years of work by more than 100 contributors and 3,200
code commits since Nmap 6, we're delighted to announce Nmap 7! Compared to
Nmap 6, we now have 171 new NSE scripts, mature IPv6 support for everything
from host discovery to port scanning to OS detection, better
infrastructure, significant performance improvements, and a lot more!

For the top 7 improvements in Nmap 7, see the release notes:

https://nmap.org/7

Or...

Nmap 6.49BETA6: 10 new NSE scripts, hundreds of new OS and version detection, GSoC improvements, and more! Fyodor (Nov 03)
Hi folks! I'm happy to announce the release of Nmap 6.49BETA6 with many
great improvements! This includes a lot of work from our Summer of Code
students as well as our regular crew of developers. The release has 10 new
NSE scripts, hundreds of new IPv4 and IPv6 OS detection signatures, and a
bunch of new version detection sigs bringing our total above 10,000! There
are dozens of other improvements as well.

As usual, Nmap 6.49BETA5...

Nmap GSoC 2015 Success Report Fyodor (Oct 19)
Nmap hackers:

I'm pleased to report the successful completion of our 11th Google Summer
of Code. And this year all five of our students passed! They added many
great features and improvements which Nmap users are sure to enjoy. Much
of their work has already been integrated in the Nmap 6.49BETA5 release
last month, and we're working to integrate even more in the upcoming stable
version. Let's look at their accomplishments...

Nmap Project News: 6.49BETA5 release, 18th Birthday, Movie Star, Summer of Code success, Shwag, etc Fyodor (Sep 25)
Hi folks. I know I haven't posted to this Nmap Announcement lists since
June, but we've had a very busy summer and I'm going to try and catch you
up in one go!

First of all, we've had four new releases since then, including today's
release of Nmap 6.49BETA5. They are all stability-focused releases to fix
all the bugs and problems we can find in preparation for a big upcoming
stable release in October (I hope).

As...

Nmap 6.49BETA1 released! New scripts, new signatures, new ASCII art! Fyodor (Jun 03)
Hi Folks. I'm happy to announce the release of Nmap 6.49BETA1. This
version has hundreds of improvements, including:

* 25 new NSE scripts (total is now 494)

* Integrated all of your latest OS detection and version/service detection
submissions (including IPv6). This allows Nmap to properly identify Linux
3.18, Windows 8.1, OS X 10.10, Android 5, etc. We now have more than 10,000
service detection signatures!

* Infrastructure...

Introducing the 2015 Nmap/Google Summer of Code Team! Fyodor (May 07)
Hello everyone. Google has agreed to sponsor five amazing students to
spend this summer enhancing the Nmap Security Scanner and I'm proud to
introduce our 2015 team:

*Andrew Farabee* will be working to refactor parts of the Nmap codebase in
ways which enable more functionality while also improving performance and
hopefully easing code maintenance too! His first task involves adding a
SOCKS proxy name resolution feature to enable scanning...

Nmap Project Seeking Talented Programmers for Google Summer of Code Fyodor (Mar 24)
Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're...

Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

• Current Month
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Buffer Overflow at password field in Advanced Encryption Package Software vishnu raju (Jan 05)
Dear List,

Greetings from vishnu (@dH4wk)

1. Vulnerable Product

- Advanced Encryption Package
- Company http://www.aeppro.com/

2. Vulnerability Information

(A) Buffer OverFlow
Impact: Attacker gains administrative access
Remotely Exploitable: No
Locally Exploitable: Yes

3. Vulnerability Description
A 1006 byte causes the overflow. It is due to the inefficient/improper
handling of exception. This is an SEH based...

Buffer Overflow in Advanced Encryption Package Software vishnu raju (Jan 05)
Dear List,

Greetings from vishnu (@dH4wk)

1. Vulnerable Product

- Advanced Encryption Package
- Company http://www.aeppro.com/

2. Vulnerability Information

(A) Buffer OverFlow
Impact: Attacker gains administrative access
Remotely Exploitable: No
Locally Exploitable: Yes

3. Vulnerability Description
The vulnerability resides in the registration part of the product The
product exhibits no input length check and uses...

CALL FOR PAPERS - NUIT DU HACK - 02/03 july 2016 freeman (Jan 05)
CALL FOR PAPERS - NUIT DU HACK - 02/03 JULY 2016

If you’re reading this, you know what NDH and a CFP stands for, so I
won’t bother you that long.

Conference format: 45min, including 5 to 10min of Q&A

Submission: submit.hackerzvoice.net

Deadline: April 10th

Announcement: April 25th

Beer, kudos, awkward hugs, travel expenses, and many more for the lucky
ones.

If you’re not familiar with all this, let us present you Le French...

CVE-2015-7944, CVE-2015-7945 - Ganeti Security Advisory (DoS, Unauthenticated Info Leak) Pierre Kim (Jan 05)
## Advisory Information

Title: Ganeti Security Advisory (DoS, Unauthenticated Info Leak)
Advisory URL: https://pierrekim.github.io/advisories/2016-ganeti-0x00.txt
Blog URL: https://pierrekim.github.io/blog/2016-01-05-Ganeti-Info-Leak-DoS.html
Date published: 2016-01-05
Vendors contacted: Google, MITRE
Organization contacted: Riseup
Release mode: Released
CVE: CVE-2015-7944, CVE-2015-7945
CNNVD: no current CNNVD

## Product Description

Ganeti is...

Confluence Vulnerabilities Sebastian Perez (Jan 05)
[Systems Affected]
Product : Confluence
Company : Atlassian
Versions (1) : 5.2 / 5.8.14 / 5.8.15
CVSS Score (1) : 6.1 / Medium (classified by vendor)
Versions (2) : 5.9.1 / 5.8.14 / 5.8.15
CVSS Score (2) : 7.7 / High (classified by vendor)

[Product Description]
Confluence is team collaboration software, where you create, organize and
discuss work with your team. it is developed and marketed by Atlassian.

[Vulnerabilities]
Two vulnerabilities...

Vulnerabilities in Office Document Reader for iOS MustLive (Jan 05)
Hello list!

Happy New Year!

There are multiple vulnerabilities in Office Document Reader for iOS. There
are Cross-Site Scripting and Cross-Site Request Forgery vulnerabilities.
Earlier I've informed developer of Office Document Reader about this and
other his software.

-------------------------
Affected products:
-------------------------

Vulnerable are Office Document Reader 5.1.13 for iOS and previous versions.
Vulnerable as paid,...

Possible vulnerability in F5 BIG-IP LTM - Improper input validation of the HTTP version number of the HTTP reqest allows any payload size and conent to pass through Eitan Caspi (Jan 05)
Initial note: The vendor has graded this issue as a vulnerability graded as "High" in my email exchange with it, but
eventually posted the issue as a "Know Issue", so some of this issue's characteristic that follows can be treated as
initial ones, as I ask the IS community to look into this issue and give a "second opinion" about it. Thank you.

Suggested severity level: High (per the vendor's initial...

Executable installers/self-extractors are vulnerable^WEVIL (case 17): Kaspersky Labs utilities Stefan Kanthak (Jan 05)
Hi @ll,

quite some utilities offered for free by Kaspersky Lab load and execute
rogue/bogus DLLs (UXTheme.dll, HNetCfg.dll, RichEd20.dll, RASAdHlp.dll,
SetupAPI.dll, ClbCatQ.dll, XPSP2Res.dll, CryptNet.dll, OLEAcc.dll etc.)
eventually found in the directory they are started from (the "application
directory").

For software downloaded with a web browser the application directory is
typically the user's "Downloads"...

Alcatel Lucent Home Device Manager - Management Console Multiple XSS Uğur Cihan KOÇ (Jan 05)
Document Title:
===============
Alcatel Lucent Home Device Manager - Management Console Multiple XSS

CVE-Number:
===========
CVE-2015-8687

Release Date:
=============
03 Jan 2016

Abstract Advisory Information:
=============================
Ugur Cihan Koc discovered ten Reflected XSS
vulnerabilities Alcatel Lucent Home Device Manager - Management Console

Vulnerability Disclosure Timeline:
==================================
10 Dec 2015 Bug...

Executable installers are vulnerable^WEVIL (case 16): Trend Micro's installers allows arbitrary (remote) code execution Stefan Kanthak (Dec 31)
Hi @ll,

TrendMicro_MAX_10.0_US-en_Downloader.exe (available from
<http://trial.trendmicro.com/US/TM/2016/TrendMicro_MAX_10.0_US-en_Downloader.exe>)
loads and executes ProfAPI.dll and UXTheme.dll (and other DLLs
too) eventually found in the directory it is started from
(the "application directory").

For software downloaded with a web browser the application
directory is typically the user's "Downloads" directory:...

Re: Executable installers are vulnerable^WEVIL (case 15):F-SecureOnlineScanner.exe allows arbitrary (remote) codeexecution and escalation of privilege Stefan Kanthak (Dec 31)
Mitja Kolsek <lists () acrossecurity com> wrote:

About 4 years earlier Microsoft published
<https://technet.microsoft.com/en-us/library/953818.aspx> in response
to <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2540>,
and Will Dormann from CERT/CC published
<https://insights.sei.cmu.edu/cert/2008/09/carpet-bombing-and-directory-poisoning.html>
a little later.

I'd rather say that Microsoft didn't...

Re: Executable installers are vulnerable^WEVIL (case 15):F-SecureOnlineScanner.exe allows arbitrary (remote) codeexecution and escalation of privilege lists (Dec 30)
Hi Stefan and all,

While we finally did get CVE-2000-0854 the overdue attention, we apparently
didn't promote this enough:
http://blog.acrossecurity.com/2012/02/downloads-folder-binary-planting.html
(presented at Source Boston in 2012). So now you'll have to do it - good
luck :)

BTW, Stefan, soon you'll be able to create your own patches for these, and
many other bugs, with http://0patch.com. You're welcome.

Cheers,
Mitja...

Netduma R1 Router CSRF Josh Chaney (Dec 30)
## Introduction

Affected Product:      Netduma R1 Router
Affected Version(s):   1.03.4 and 1.03.5
Link:                  http://www.netduma.com/firmware/R1-v-1-03-4.sig
Vendor Website:        https://netduma.com/
Vulnerability Type:   CSRF
Remote Exploitable:    Yes
Reported to vendor:    11/19/2015
Disclosed to public:   12/29/2015
Credits:               @joshchaney

##...

Vulnerabilities in Mobile Safari MustLive (Dec 29)
Hello list!

There are multiple vulnerabilities in Mobile Safari. There are Denial of
Service and Cross-Site Scripting vulnerabilities.

In the middle of December I checked all exploits for different browsers,
which I published and non-published since 2006, in Mobile Safari for iOS
6.0.1 and 8.4.1. This is the first part of vulnerabilities.

-------------------------
Affected products:
-------------------------

Vulnerable are Mobile Safari 6.0.1...

Local root vulnerability in DeleGate v9.9.13 Larry W. Cashdollar (Dec 29)
Title: Local root vulnerability in DeleGate v9.9.13
Author: Larry W. Cashdollar, @_larry0
Date: 2015-12-17
Advisory: http://www.vapidlabs.com/advisory.php?v=159
Download Sites: http://delegate.hpcc.jp/delegate/
http://delegate.org/delegate/
Vendor: National Institute of Advanced Industrial Science and Technology
Vendor Notified: 2015-12-17
Vendor Contact: y.sato () delegate org ysato () etl go jp
Description: DeleGate is a multipurpose proxy...

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

• Current Month
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

[SECURITY] [DSA 3434-1] linux security update Ben Hutchings (Jan 05)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3434-1 security () debian org
https://www.debian.org/security/ Ben Hutchings
January 05, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2015-7513 CVE-2015-7550...

[SECURITY] [DSA 3435-1] git security update Laszlo Boszormenyi (GCS) (Jan 05)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3435-1 security () debian org
https://www.debian.org/security/ Laszlo Boszormenyi (GCS)
January 05, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : git
CVE ID : CVE-2015-7545

Blake Burkhart...

CVE-2015-7944, CVE-2015-7945 - Ganeti Security Advisory (DoS, Unauthenticated Info Leak) Pierre Kim (Jan 04)
## Advisory Information

Title: Ganeti Security Advisory (DoS, Unauthenticated Info Leak)
Advisory URL: https://pierrekim.github.io/advisories/2016-ganeti-0x00.txt
Blog URL: https://pierrekim.github.io/blog/2016-01-05-Ganeti-Info-Leak-DoS.html
Date published: 2016-01-05
Vendors contacted: Google, MITRE
Organization contacted: Riseup
Release mode: Released
CVE: CVE-2015-7944, CVE-2015-7945
CNNVD: no current CNNVD

## Product Description

Ganeti is...

Confluence Vulnerabilities Sebastian Perez (Jan 04)
[Systems Affected]
Product : Confluence
Company : Atlassian
Versions (1) : 5.2 / 5.8.14 / 5.8.15
CVSS Score (1) : 6.1 / Medium (classified by vendor)
Versions (2) : 5.9.1 / 5.8.14 / 5.8.15
CVSS Score (2) : 7.7 / High (classified by vendor)

[Product Description]
Confluence is team collaboration software, where you create,
organize and discuss work with your...

Executable installers/self-extractors are vulnerable^WEVIL (case 17): Kaspersky Labs utilities Stefan Kanthak (Jan 04)
Hi @ll,

quite some utilities offered for free by Kaspersky Lab load and execute
rogue/bogus DLLs (UXTheme.dll, HNetCfg.dll, RichEd20.dll, RASAdHlp.dll,
SetupAPI.dll, ClbCatQ.dll, XPSP2Res.dll, CryptNet.dll, OLEAcc.dll etc.)
eventually found in the directory they are started from (the "application
directory").

For software downloaded with a web browser the application directory is
typically the user's "Downloads"...

[SECURITY] [DSA 3433-1] samba security update Salvatore Bonaccorso (Jan 03)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3433-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
January 02, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : samba
CVE ID : CVE-2015-3223 CVE-2015-5252...

Open Audit SQL Injection Vulnerability Rahul Pratap Singh (Jan 03)
#Exploit Title : Open Audit SQL Injection Vulnerability
#Exploit Author : Rahul Pratap Singh
#Date : 2/Jan/2016
#Home page Link : https://github.com/jonabbey/open-audit
#Website : 0x62626262.wordpress.com
#Twitter : @0x62626262
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94

1. Description

"id" field in software_add_license.php is not properly sanitized, that
leads to SQL Injection...

[SECURITY] CVE-2015-5349: Apache Directory Studio command injection vulnerability Stefan Seelmann (Jan 03)
CVE-2015-5349: Apache Directory Studio command injection vulnerability

Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected:
- Apache LDAP Studio 0.6.0 to 0.8.1
- Apache Directory Studio 1.0.0 to 2.0.0-M9

Description:
The CSV export didn’t escape the fields properly. Malicious users can
put specially crafted values into the LDAP server. When a user exports
that data into CSV formatted file, and subsequently opens it...

OSS-2016-02: Weak authentication in NXP Hitag S transponder allows an attacker to read, write and clone any tag Ralf Spenneberg (Jan 01)
OS-S Security Advisory 2016-02

Date: January 1st, 2016
Updated: January 1st, 2016
Authors: Oguzhan Cicek, Hendrik Schwartke, Ralf Spenneberg
CVE: Not yet assigned
CVSS: 6.2 (AV:L/AC:L/Au:S/C:C/I:C/A:N)
Title: Weak authentication in NXP Hitag S transponder allows an attacker to
read, write and clone any tag
Severity: Critical. All applications relying only on the Hitag S security are
broken.
Ease of Exploitation: Trivial
Vulnerability: Weak...

OSS-2016-03: Insufficient Integrity Protection in Winkhaus Bluesmart locking systems using Hitag S Ralf Spenneberg (Jan 01)
OS-S Security Advisory 2016-03

Date: January 1st, 2016
Updated: January 1st, 2016
Authors: Oguzhan Cicek, Hendrik Schwartke, Ralf Spenneberg
CVE: Not yet assigned
CVSS: 6.2 (AV:L/AC:L/Au:S/C:C/I:C/A:N)
Title: Insufficient Integrity Protection in Winkhaus Bluesmart locking systems
using Hitag S
Severity: Critical. The locking permissions may be restored by the attacker
after modification by the system
Ease of Exploitation: Trivial...

[SECURITY] [DSA 3431-1] ganeti security update Moritz Muehlenhoff (Jan 01)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3431-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 01, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ganeti
CVE ID : CVE-2015-7944 CVE-2015-7945

Pierre...

OSS-2016-01: Insufficient integrity checks in Uhlmann & Zacher Clex prime locking systems using 125 kHz EM4450 transponders Ralf Spenneberg (Jan 01)
OS-S Security Advisory 2016-01

Date: January 1st, 2016
Updated: January 1st, 2016
Authors: Hendrik Schwartke, Ralf Spenneberg
CVE: Not yet assigned
CVSS: 6.2 (AV:L/AC:L/Au:S/C:C/I:C/A:N)
Title: Insufficient integrity checks in Uhlmann & Zacher Clex prime locking
systems using 125 kHz EM4450 transponders
Severity: Critical. The locking permissions may be arbitrarily manipulated and
extended.
Ease of Exploitation: Trivial
Vulnerability:...

[SECURITY] [DSA 3432-1] icedove security update Moritz Muehlenhoff (Jan 01)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3432-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 01, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : icedove
CVE ID : CVE-2015-7201 CVE-2015-7205...

Joomla 1.5.x to 3.4.5 Object Injection Exploit (golang) irancrash (Dec 31)
package main

/*
**************************************************************************
* Exploit Title: Joomla 1.5.x to 3.4.5 Object Injection Exploit
* Exploit Author: Khashayar Fereidani ( http://fereidani.com )
* Version: 1.5.x to 3.4.5
* CVE : CVE-2015-8562
**************************************************************************
* THIS EXPLOIT PUBLISHED ONLY FOR EDUCATIONAL PROPOSES ANY ILLEGAL USAGE
* IS ON YOUR...

Executable installers are vulnerable^WEVIL (case 16): Trend Micro's installers allows arbitrary (remote) code execution Stefan Kanthak (Dec 31)
Hi @ll,

TrendMicro_MAX_10.0_US-en_Downloader.exe (available from
<http://trial.trendmicro.com/US/TM/2016/TrendMicro_MAX_10.0_US-en_Downloader.exe>)
loads and executes ProfAPI.dll and UXTheme.dll (and other DLLs
too) eventually found in the directory it is started from
(the "application directory").

For software downloaded with a web browser the application
directory is typically the user's "Downloads" directory:...

Security Basics — A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Reminder - SecurityXploded Cyber Security Meetup – 10th October 2015, Bangalore, India Monnappa KA (Oct 01)
Hi All,

Friendly reminder for the upcoming SecurityXploded cyber security
community meet on 10th October 2015 in Bangalore, India. This meet is
completely free and doesn’t require any registration or any other
formalities to attend. The meet will start at 10 AM IST.

http://securitytrainings.net/sx-meet-10th-october-2015/

Here is Schedule of Security Talks:

10:00-10:45 – Partial Homomorphic Encryption – Sreelakshmy and Mythily...

Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.

• Previous Month
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Faraday 1.0.16: (Group vulns by fields, Filter false-positives, Canvas plugin) Francisco Amato (Dec 21)
We are proud to present Faraday v1.0.16!

This version comes with major changes to our Web UI, including the
possibility to mark vulnerabilities as false positives. If you have a
Pro or Corp license you can now create an Executive Report using only
confirmed vulnerabilities, saving you even more time.

A brand new feature that comes with v1.0.16 is the ability to group
vulnerabilities by any field in our Status Report view. Combine it
with bulk...

Call for Papers -YSTS X - Information Security Conference, Brazil Luiz Eduardo (Dec 21)
Hello Pen-test readers and sorry for the possible cross-postings you
might see, on behalf of the conference's organization team I would
like to let you know that YSTS X's CFP is currently opened.

==

YSTS 10th Edition

Where: Sao Paulo, Brazil

When: June 13th, 2016

Call for Papers Opens: December 13th, 2015

Call for Papers Close: March 1st, 2016

http://www.ysts.org

@ystscon

INTRODUCTION

This is the celebratory 10th edition of...

[HITB-Announce] HITB2016AMS Call for Papers Hafez Kamal (Dec 02)
The Call for Papers for the 7th annual Hack In The Box Security
Conference in The Netherlands is now open!

Call for Papers: http://cfp.hackinthebox.org/
Event Website: http://conference.hitb.org/hitbseccconf2016ams/

HITBSecConf has always been an attack oriented deep-knowledge research
event aimed at not only bringing the security community together, but
one that also highlights and showcases cutting edge research from up and
coming talent. If...

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

• Current Month
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Call for Papers - YSTS X - Information Security Conference, Brazil InfoSec News (Jan 01)
Forwarded from: Luiz Eduardo <le (at) ysts.org>

Hello ISN readers and sorry for the possible cross-postings you might see, on
behalf of the conference's organization team I would like to let you know that
YSTS X's CFP is currently opened.

Call for Papers - YSTS X - Information Security Conference, Brazil

YSTS 10th Edition

Where: Sao Paulo, Brazil

When: June 13th, 2016

Call for Papers Opens: December 13th, 2015

Call for...

A looming anniversary, and a special offer InfoSec News (Jan 01)
https://www.cerias.purdue.edu/site/blog/post/a_looming_anniversary_and_a_special_offer/

[This was posted on Twitter Thursday by Gene Spafford - @TheRealSpaf
and I figured I should share this with the list. Please check out the
above link for complete details, history, and the special offer! - WK]

Sunday, December 06, 2015 by spaf

It may seem odd to consider June 2016 as January approaches, but I try to think
ahead. And June 2016 is a...

[CFP] Speak About Your Cyberwar at PHDays VI InfoSec News (Dec 18)
Forwarded fFrom: Alexander Lashkov <ALashkov (at) ptsecurity.com>

Positive Hack Days VI, the international forum on practical information
security, opens Call for Papers. Our international program committee
consisting of very competent and experienced experts will consider every
application, whether from a novice or a recognized expert in information
security, and select the best proposals.

Now, more than ever before, cybersecurity...

DNC: Sanders campaign improperly accessed Clinton voter data InfoSec News (Dec 18)
https://www.washingtonpost.com/politics/dnc-sanders-campaign-improperly-accessed-clinton-voter-data/2015/12/17/a2e2e14e-a522-11e5-b53d-972e2751f433_story.html

By Rosalind S. Helderman, Anne Gearan and John Wagner
The Washington Post
December 17, 2015

Officials with the Democratic National Committee have accused the
presidential campaign of Sen. Bernie Sanders of improperly accessing
confidential voter information gathered by the rival...

When the Internet of Things Starts to Feel Like the Internet of Shit InfoSec News (Dec 18)
http://motherboard.vice.com/read/when-the-internet-of-things-starts-to-feel-like-the-internet-of-shit

By LORENZO FRANCESCHI-BICCHIERAI
STAFF WRITER
Motherboard.vice.com
December 17, 2015

If you listen to tech companies’ marketing reps, the future is made of
internet connected devices that seamlessly talk to each other, as well as
your smartphone, and turn your good-old house into a truly sci-fi-esque
smart home where you don’t even need...

Civilian found living in barracks on Fort Bragg InfoSec News (Dec 18)
http://www.fayobserver.com/military/civilian-found-living-in-special-forces-barracks-on-fort-bragg/article_dfe374fe-846e-5dfd-9459-bb73a6d27fbe.html

By Drew Brooks
Military Editor
fayobserver.com
December 17, 2015

Investigators are looking into how a civilian was able to move into
barracks reserved for Fort Bragg's 3rd Special Forces Group.

A spokesman for the group confirmed the unit discovered a civilian living
in the barracks on...

"Unauthorized code" in Juniper firewalls decrypts encrypted VPN traffic InfoSec News (Dec 18)
http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/

By Dan Goodin
Ars Technica
Dec 17, 2015

An operating system used to manage firewalls sold by Juniper Networks
contains unauthorized code that surreptitiously decrypts traffic sent
through virtual private networks, officials from the company warned
Thursday.

It's not clear how the code got there or how long it has been there....

Global Payments to Buy Heartland for $4.3 Billion InfoSec News (Dec 17)
http://www.bankinfosecurity.com/global-payments-to-buy-heartland-for-43-billion-a-8753

By Tracy Kitten
@FraudBlogger
Bank Info Security
December 16, 2015

Two leading payments processors that each suffered massive data breaches
are consolidating. Atlanta-based Global Payments Inc. plans to buy its
smaller rival, Princeton, N.J.-based Heartland Payment Systems Inc., for
$4.3 billion.

The deal that is expected to close during the fiscal fourth...

Police make arrest in hack of toymaker VTech, which exposed data on 6 million kids InfoSec News (Dec 17)
http://www.chicagotribune.com/business/ct-vtech-toy-hack-20151216-story.html

By Andrea Peterson
The Washington Post
December 16, 2015

Police in Britain arrested a 21-year-old man Tuesday as part of an
investigation into the massive hack against Hong Kong-based toymaker
VTech.

VTech sells popular toys for young children, including smartwatches and
tablets. The November breach of several company databases exposed
information about...

Agencies Get Marching Orders for Filling 'Major' Cyber Talent Shortage InfoSec News (Dec 17)
http://www.nextgov.com/cybersecurity/2015/12/agencies-get-marching-orders-filling-major-cyber-talent-shortage/124520/

By Jack Moore
Nextgov.com
December 15, 2015

Federal agencies face a rapidly approaching deadline to identify
cybersecurity workforce shortages.

Boosting the government’s information security workforce is a key part of
the Obama administration’s long-term strategy for securing federal
networks. It follows a 30-day rapid...

Over 650 terabytes of data up for grabs due to publicly exposed MongoDB databases InfoSec News (Dec 17)
http://www.networkworld.com/article/3015999/over-650-terabytes-of-data-up-for-grabs-due-to-publicly-exposed-mongodb-databases.html

By Lucian Constantin
IDG News Service
Dec 16, 2015

There are at least 35,000 publicly accessible and insecure MongoDB
databases on the Internet, and their number appears to be growing.
Combined they expose 684.8 terabytes of data to potential theft.

Matherly originally sounded the alarm about this issue back in...

Cybersecurity Researchers Are Hunted from All Sides InfoSec News (Dec 17)
http://motherboard.vice.com/read/cybersecurity-researchers-are-hunted-from-all-sides

By Andrada Fiscutean
Motherboard.vice.com
December 14, 2015

Cybersecurity researcher Peter Kruse, founder of CSIS Security Group in
Denmark, thought his mother was calling. Her number appeared on his phone,
but when he answered, it wasn't her. Instead, a male voice told him to
stop what he was doing as a computer expert.

"They checked my family...

When a single e-mail gives hackers full access to your network InfoSec News (Dec 17)
http://arstechnica.com/security/2015/12/when-a-single-e-mail-gives-hackers-full-access-to-your-network/

By Dan Goodin
Ars Technica
Dec 16, 2015

When you're a Fortune 500 company that's a favorite target of
sophisticated hackers, it often makes sense to install security appliances
at the outer edges of your network to stop attacks before they get far.
Now, researchers say they have uncovered a vulnerability in such a product
from...

Defense Secretary Conducted Some Official Business on a Personal Email Account InfoSec News (Dec 17)
http://www.nytimes.com/2015/12/17/us/politics/defense-secretary-ashton-carter-conducted-some-official-business-on-a-personal-email-account.html

By MICHAEL S. SCHMIDT
The New York Times
DEC. 16, 2015

WASHINGTON -- Defense Secretary Ashton B. Carter relied on a personal
email account to conduct a portion of his government business during his
first months at the Pentagon, according to White House and Defense
Department officials and copies of...

Hacked at sea: Researchers find ships’ data recorders vulnerable to attack InfoSec News (Dec 14)
http://arstechnica.com/information-technology/2015/12/hacked-at-sea-researchers-find-ships-data-recorders-vulnerable-to-attack/

By Sean Gallagher
Ars Technica
Dec 10, 2015

When the freighter El Faro was lost in a hurricane on October 1, one of
the goals of the salvage operation was to recover its voyage data recorder
(VDR)—the maritime equivalent of the "black box" carried aboard airliners.
The VDR, required aboard all large...

Firewall Wizards — Tips and tricks for firewall administrators

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Re: Interesting infographic on the history of firewalls Darden, Patrick (Aug 04)
I did something similar to this in 1994-5 at Harvard using a version of rot-13 and icmp. Seriously. And it worked.
:-)

--p

-----Original Message-----
From: firewall-wizards-bounces () listserv cybertrust com [mailto:firewall-wizards-bounces () listserv cybertrust com]
On Behalf Of Marcus J. Ranum
Sent: Saturday, July 26, 2014 11:39 AM
To: Firewall Wizards Security Mailing List
Subject: [EXTERNAL]Re: [fw-wiz] Interesting infographic on the...

Re: Interesting infographic on the history of firewalls Marcus J. Ranum (Aug 01)
Claudio Telmon wrote:

When I was at TIS, in 199?2, I set up Onions' tunnel driver and a couple
shell scripts that uuencoded the packets coming out of the tunnel, and
emailed them to another system user with a .forward file that uudecoded
the packets and injected them into a peer tunnel. With that setup, and its
opposite on both machines, I was able to NFS mount filesystems across
a secure mail guard. (Hint: if you're doing your own...

Re: Interesting infographic on the history of firewalls Marcus J. Ranum (Aug 01)
It hasn't happened, yet.

mjr.

IDS Focus — Technical discussion about Intrusion Detection Systems. You can also read the archives of a previous IDS list

• Archived Posts
•  RSS Feed
•  About List

Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

• Previous Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Faraday v1.0.16: (Group vulns by fields, Filter false-positives, Canvas plugin) Francisco Amato (Dec 21)
We are proud to present Faraday v1.0.16!

This version comes with major changes to our Web UI, including the
possibility to mark vulnerabilities as false positives. If you have a
Pro or Corp license you can now create an Executive Report using only
confirmed vulnerabilities, saving you even more time.

A brand new feature that comes with v1.0.16 is the ability to group
vulnerabilities by any field in our Status Report view. Combine it
with bulk...

Re: Whitepaper: SMTP Injection via recipient email addresses Amit Klein (Dec 17)
Well done, Takeshi. And very nice research, BTW.

Best,
-Amit

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

Re: Whitepaper: SMTP Injection via recipient email addresses Takeshi Terada (Dec 17)
Dear Amit Klein and all,

Thanks for letting me know previous researches.
I was not aware of Insomnia's paper mentioning injection to RCPT.
I added the links to the works you mentioned to the paper.
Revised version is available at the same URL:
http://www.mbsd.jp/Whitepaper/smtpi.pdf
I really appreciate your feedback.

Regards,
Takeshi Terada

2015-12-17 5:27 GMT+09:00 Amit Klein <aksecurity () gmail com>:

IoT Authentication Saghar Estehghari (Dec 17)
Hi,

Recently, I've started an IoT project with my team. We are trying to
implement cyber-security functions into embedded device in a way to
reduce the load on such devices. Currently, authentication is our
case of study. We are looking for a solution that applies to a small
group of embedded devices and doesn't require PKI certificates. So my
questions are as follows:

1) Do you think that authentication with PSK is a good idea ?
2)...

Re: Whitepaper: SMTP Injection via recipient email addresses Amit Klein (Dec 16)
Dear Takeshi Terada

Thanks for sharing your paper. I'd like to draw your attention to the following:

Injection into RCPT is mentioned in
https://www.insomniasec.com/downloads/publications/Common_Application_Flaws.ppt
(see slides 15-16) released November 2008 (see
https://www.insomniasec.com/releases).

The general concept of injecting into SMTP commands (in this case,
into the DATA command, terminating the DATA command and escaping into...

Whitepaper: SMTP Injection via recipient email addresses Takeshi Terada (Dec 16)
Dear all,

MBSD released a whitepaper titled "SMTP Injection via recipient email
addresses."
http://www.mbsd.jp/Whitepaper/smtpi.pdf

The paper discusses SMTP Injection attacks via malformed recipient
email addresses in some email libraries in Ruby, Java and PHP.

TOC
1. Introduction
2. How the attack works
3. Vulnerability examples
3.1. Ruby's Mail
3.2. JavaMail
3.3. PHPMailer
3.4. Other platforms
4.Further attack possibility...

SiteWIX - (edit_photo2.php id) SQL Injection Exploit ZoRLu Bugrahan (Oct 21)
#!/usr/bin/env python
#-*- coding:utf-8 -*-

#Title : SiteWIX - (edit_photo2.php id) SQL Injection Exploit
#Author : ZoRLu / zorlu () milw00rm com
#Website : milw00rm.com / milw00rm.net / milw00rm.org / milw0rm.info
#Twitter : https://twitter.com/milw00rm or @milw00rm
#Test : Windows7 Ultimate
#Discovery : 19/10/15
#Publish : 20/10/15
#Thks : exploit-db.com, packetstormsecurity.com,...

Re: hsecscan v0 (https://github.com/riramar/hsecscan) Robin Wood (Oct 20)
Have you seen this project by Scott?

https://securityheaders.io/

Similar to yours except works from a website rather than cli.

Robin

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

Re: hsecscan v0 (https://github.com/riramar/hsecscan) Ricardo Iramar dos Santos (Oct 20)
Yes, I saw Scott's website and other interesting stuff.
We changed some twitters
(https://twitter.com/Scott_Helme/status/639756303376773120).

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

Re: hsecscan v0 (https://github.com/riramar/hsecscan) Ricardo Iramar dos Santos (Oct 20)
Make sense. I'll include your suggestion in my TODO list.
My first goal for the version 0 was construct a simple "platform" and
make it usable.
One of the goals for version 1 is improve the database with users
feedback like yours.
Thanks!

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!...

Re: hsecscan v0 (https://github.com/riramar/hsecscan) Robin Wood (Oct 20)
I'd say both of those were references not recommendations, the
recommendation should be something along the lines of:

Ensure cookies protecting important data, such as session tokens, are
correctly protected (httponly and secure flags).
Beware session fixation

I may add ensure good entropy on session tokens but that is more in
session management than cookies.

For the security comment, what would you write about cookies in a test
report?...

Re: hsecscan v0 (https://github.com/riramar/hsecscan) Ricardo Iramar dos Santos (Oct 20)
Thanks for your advise and opinion.
Have you seen the recommendations field?
Do you have a suggestion for a better security description?

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

Re: hsecscan v0 (https://github.com/riramar/hsecscan) Robin Wood (Oct 20)
I can see what they are trying to say but the snippet you include in
the results takes it out of context and doesn't really represent their
message. I'd be careful giving results you don't fully understand from
your tools, without the context they could cause problems for users
who don't do additional research.

Robin

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!...

Re: hsecscan v0 (https://github.com/riramar/hsecscan) Ricardo Iramar dos Santos (Oct 19)
Hi Robin Wood,

This security description came from here
https://tools.ietf.org/html/rfc6265#section-8 so we could ask your
question to the author.
But IMO the RFC author is saying the HTTPS is insufficient because of
attacks like described here
https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/zheng.
I don't know any other HTTP State Management Mechanism than cookies
for web applications accessible by...

hsecscan v0 (https://github.com/riramar/hsecscan) Ricardo Iramar dos Santos (Oct 17)
Hi All,

I started to develop in python a dumb tool called hsecscan
(https://github.com/riramar/hsecscan). I'll appreciate any feedback.
:)
It's a security scanner for HTTP response headers. Just finished the
usable version 0 with a few features.

$ ./hsecscan.py
usage: hsecscan.py [-h] [-P] [-p] [-u URL] [-R]

A security scanner for HTTP response headers.

optional arguments:
-h, --help show this help message and exit
-P,...

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Re: iPhone Security Kristian Erik Hermansen (Jan 05)
The TL;DR version is that the mail client is not validating the
SSL/TLS certificate. In older versions of iOS, when testing, I felt
this was a weak area of the platform. I notified Apple Security of the
issue, but received no response from them about it. However, in later
versions of iOS 8/9 (?) a new option / enforcement was added to the
platform for certificate validation. I never trusted Apple would
completely fix this, or they may have a...

iPhone Security Dave Aitel (Jan 05)
http://immunityproducts.blogspot.com/2016/01/the-danger-of-other-on-iphone.html

So the blog above tells a short story about some things we've been
learning on Wireless penetration tests. People used to seem to have some
sort of partial amnesia when it came to WiFi - about how much it
pervaded their environment and security posture. We have another article
coming out about what happens when you finally buck up and do the
assessments. Because...

Java is also Wide Open Dave Aitel (Dec 29)
http://immunityservices.blogspot.com/2015/12/wide-open-to-interpretation-java.html

You may or may not find that post funny. We do a lot of classes on Java
security for Banks and also for Federal Contractors, where Java is more
common than OPM "your account has been hacked" letters.

-dave

Wide Open to Interpretation, PHP Edition Dave Aitel (Dec 28)
This note is a bit salesly, but you will probably still find it funny. :)

http://immunityservices.blogspot.com/2015/12/wide-open-to-interpretation-php.html

-dave

Re: More Wassenaar, Sorry Charisse Castagnoli (Dec 28)
Dave -

I'm still very unclear on the difference between what the 2013 agreement states (export controls on intrusion software
and IP surveillance systems) and how this control is going to be effectively implemented via a enforcement mechanisms.

In the US, I thought BIS (through updates to EAR) was designated to "enforce" the agreement (not just cyber but other
devices as well)
Even though EAR is statutory, I think BIS has the...

More Wassenaar, Sorry Dave Aitel (Dec 28)
I feel like every time anyone mentions Wassenaar they should have to
apologize, like when you're discussing the Star Wars prequels or spawn
camping in an online game.

Anyways, let me drop some bad news: Although everyone says Metasploit
(the free version) would not be effected by the proposed wording of the
Agreement - that's only true for the finished product. Of course, as you
are building Metasploit core or modules, you are...

YSTS X - CFP Luiz Eduardo (Dec 28)
YSTS 10th Edition

Where: Sao Paulo, Brazil

When: June 13th, 2016

Call for Papers Opens: December 13th, 2015

Call for Papers Close: March 1st, 2016

http://www.ysts.org

@ystscon

INTRODUCTION

This is the celebratory 10th edition of the well-known information
security conference “you Sh0t the Sheriff”
and we are sending this CFP out so you share with us the coolest stuff
you've been working on.

The conference will be happening on...

DUAL_EC Question of the Day Dave Aitel (Dec 22)
"Know yourself, blah blah blah, always win" - Sun Tzu

So all big companies have a problem - they want to strongly encrypt
their local network, but they also don't want to move ALL of their
network inspection to the endpoints because that scales terribly.
Likewise, you don't want to implement a per-protocol key escrow service,
because that becomes impossible to maintain.

DUAL_EC-aware intrusion detection and analysis systems...

Re: Reminder: I attend painful meetings so you don't have to Mara Tam (Dec 21)
Chris,

While I take your point, my experience is that the technical explanations for why regulatory and policy regimes may not
be fit for purpose absolutely do matter.

The Wassenaar Arrangement in particular is a regime whose coherence and efficacy derive from technical precision. It
has been necessary to demonstrate both the formal (technical) and functional (economic) failings of the 2013 Plenary
Agreements over the past 7 months of...

Re: Reminder: I attend painful meetings so you don't have to James Gannon (Dec 21)
+1 +1 +1
We as a community either need to learn to be able to speak the language of the people we are trying to influence or we
need to identify those that can and allow/encourage/support/defend those that are willing to step into the world of
policy and lawmaking, its a different beast and one that I know many feel shouldn’t interfere, but the reality is that
over the coming years being able to play in this area is going o be increasingly...

Re: Reminder: I attend painful meetings so you don't have to Chris Rohlf (Dec 21)
Im going to go against the grain here. With all due respect to those on
this list/reply, this is why things rarely go our way when it comes to
policy and regulation. In general, the government proposes something they
believe is sane. In response, the industries loudest voices respond in ways
that devolve into threads about LangSec. I don't want to spoil the ending
for you but *No One Cares*.

Yes this is just a thread on Daily Dave but its...

Re: Cyber Norms and the Juniper backdoor Darkpassenger (Dec 20)
let me point out that you are mixing two whole different area of
decision making here -- Cyber Policy and Warfare Strategy .

dont know anything about Juniper shit , but , your stress on "legal"
behavior norm of usg is the root of the evil in your point of view .
osint on sensible data out there simply proves usg and allies have
been doing very shady jobs when there is strategic value in a move
whether it is legal or not -- whatever we...

Re: Reminder: I attend painful meetings so you don't have to dan (Dec 20)
Andrew writes:
| > Dr. Sergey Bratus did an excellent job of looking at how there is NO
| WAY TO DEFINE THE STANDARD EXECUTION PATH OF A PROGRAM.
|
| Really?

Search term for this: LANGSEC

Or simply go to http://langsec.org

Papers from last workshop: http://spw15.langsec.org/papers.html

CFP for next workshop: http://spw16.langsec.org/

--dan

[enterprise] security architecture is snake oil Konrads Smelkovs (Dec 20)
Hello,

I hereby want to poke some sharp sticks/throw stones in a glasshouse into
what is known as security architecture and profession of a security
architect, esp. it's "enterprise" variant. My accusation is as follows:
there isn't anything in enterprise security architecture that can't be
summed up as "DMZ-esque" or "be suspicious of things that traverse security
boundaries". Before I list a few...

Re: Cyber Norms and the Juniper backdoor Arrigo Triulzi (Dec 18)
Well, at least you have the courage to call them professional backdoors and focusing on the fact that this was not
exactly your TalkTalk hack. I think they’ve been there a little longer than 2012.

Now I would recommend they also take a peek at the firmware running on the NICs they ship, just saying.

Arrigo

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Re: [Security Weekly] cheap hosting Robin Wood (Sep 23)
Resurrecting an old thread but they now have an affiliate program and I can
issue my own codes so:

20% off all servers AqUVYbUXag
50% off all big dog (whatever that is) 7E9YRUzEZy

After a month with them, their tech support is OK but not great, the server
has stayed up and not had any problems.

Robin

Re: [Security Weekly] projecting in a bight space Jeremy Pommerening (Aug 28)
I would look for a projector with at least 6000 ANSI Lumens or better.  A darker screen (grey) may also help.
 
Jeremy Pommerening

________________________________
From: Robin Wood <robin () digi ninja>
To: Security Weekly Mailing List <pauldotcom () mail securityweekly com>
Sent: Sunday, August 3, 2014 3:42 AM
Subject: [Security Weekly] projecting in a bight space

I've been looking at the venue for next year's...

[Security Weekly] Two Firefox security bugs related to HTTPS ffbugishere (Aug 17)
Hello world!

We need votes for security bugs!

Adding "Security Exception" for self-signed HTTPS sites cannot be done
permanently
https://bugzilla.mozilla.org/show_bug.cgi?id=1050100

Firefox 31 doesn't supports the industry recommended best HTTPS
ciphers
https://bugzilla.mozilla.org/show_bug.cgi?id=1051210

Other browsers should have the same bugs fixed..

p.s.: We are not related to this group, but we think they worth a
penny...

Re: [Security Weekly] Java and Flash decompilers Will Metcalf (Aug 05)
JPEXS is very nice for flash IMHO.

http://www.free-decompiler.com/flash/

Regards,

Will

Re: [Security Weekly] Java and Flash decompilers Bradley McMahon (Aug 05)
I've used flare before to pull apart a flash site for a client.
http://www.nowrap.de/flare.html

-Brad

Re: [Security Weekly] SecurityCenter alternative Steven McGrath (Aug 04)
SC certainly isn’t cheap (as a former SC customer that moved over to Tenable I can attest to that) however I can point
out that the data aggregation, trending, and custom reporting were huge wins in my book. I guess its a time/money
trade-off. How much time do you want to spend either cobbling together a tool or manually aggregating the data when
there is another tool already out there that can do it out of the box.

I can speak in more...

Re: [Security Weekly] Java and Flash decompilers S. White (Aug 04)
A few I've used in the past:

JAD - http://varaneckas.com/jad/ , http://en.wikipedia.org/wiki/JAD_(JAva_Decompiler)

HP SWFscan 

Adobe SWF investigator http://labs.adobe.com/technologies/swfinvestigator/

________________________________
From: Robin Wood <robin () digi ninja>
To: Security Weekly Mailing List <pauldotcom () mail securityweekly com>
Sent: Monday, August 4, 2014 5:54 AM
Subject: [Security Weekly] Java and...

[Security Weekly] DoFler @ BSidesLV Steven McGrath (Aug 04)
This will be the 3rd year that DoFler (the Dashboard of Fail) will be at BSidesLV. This year I wrote a new spiffy
interface for maximum trolling. Let’s be honest now, everyone loves to surf for various forms of horrible on the
internet at cons :D. Also added this year is a little vulnerability analysis (using Tenable’s PVS). Every year I try
to improve it a bit based on everyone’s input, and am always welcome to more feedback.

DB...

Re: [Security Weekly] cheap hosting Robin Wood (Aug 04)
Already sorted but thanks for the info.

Re: [Security Weekly] Java and Flash decompilers Nathan Sweaney (Aug 04)
Here are a few others I've used with varying success in the past:

SWFInvestigator - http://labs.adobe.com/technologies/swfinvestigator/
SWFScan - from Rafal Los at HP, though the link has been deleted. (Careful,
I've seen trojaned copies online.)

Re: [Security Weekly] SecurityCenter alternative Paul Asadoorian (Aug 04)
Thanks all for the informative discussion!

I know, I'm jumping in late, some closing thoughts on the subject:

- SecurityCenter has the unique advantage of consolidating plugin
updates, meaning you could have hundred of Nessus scanners deployed in
your organization, and the scanners get the plugin feed from your
SecurityCenter system. The removes the requirement of Internet access
(From the scanners), and greatly eases the administration...

Re: [Security Weekly] SecurityCenter alternative k41zen (Aug 04)
Thanks for all of your help.

We are in discussions with our Tenable contact about solutions for this issue. They’ve helped me out by enabling me to
move forward to at least deploy this into a Pre-Production environment but the costs of SC are a massive stumbling
block; hence my question about something else. Appreciate we have a big Nessus fan base here of which I am a member
too, but just wondered what could be wrapped around it.

I’ll...

Re: [Security Weekly] SecurityCenter alternative Adrien de Beaupre (Aug 04)
Hi,

I have also written a series of script to collect data from tools such as
nmap and nessus to import into MySQL called OSSAMS:
http://www.ossams.com/wp-content/uploads/2011/10/ossams-parser-SecTor-2011.zip
That leaves report writing as a series of SQL queries.
I also have a series of scripts to kick off scans, as well as a command
like XML-RPC nessus client in python if anyone is interested.

Cheers,
Adrien

Re: [Security Weekly] cheap hosting sec list (Aug 04)
Hey Robin,

If you're still looking, might want to try out getclouder.com - they
spin up Linux containers in 5 seconds and use distributed storage, which
is pretty awesome. It's still in beta, so they offer 3 months free
service, but it has been pretty stable so far from my experience.

[Security Weekly] Java and Flash decompilers Robin Wood (Aug 04)
Hi
I'm trying to put together a list of tools for decompiling Flash and Java
apps. From asking on another list I already have:

Java
JD-GUI
Java Decompiler http://jd.benow.ca/jd-gui/downloads/jd-gui-0.3.6.windows.zip.

Java snoop https://code.google.com/p/javasnoop/

Flash
Trillix
Flashbang https://github.com/cure53/Flashbang

Has anyone here got any others they can suggest?

Ideally I'm looking for free stuff but cheap commercial...

Honeypots — Discussions about tracking attackers by setting up decoy honeypots or entire honeynet networks.

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Honeypot malware archives Matteo Cantoni (Feb 14)
Hello everyone,

I would like share with you for educational purposes and without any
commercial purpose, data collected by the my homemade honeypot.
Nothing new, nothing shocking, nothing sensational... but I think can
be of interest to newcomers to the world of analysis of malware,
botnets, etc... maybe for a thesis.

The files collected are divided into zip archives, in alphabetical
order, with password (which must be request via email). Some...

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Microsoft Security Advisory Notification Microsoft (Jan 05)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: January 5, 2016
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (2755801)
- Title: Update for Vulnerabilities in Adobe Flash Player in
Internet Explorer and Microsoft Edge...

Microsoft Security Advisory Notification Microsoft (Dec 29)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: December 29, 2015
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (2755801)
- Title: Update for Vulnerabilities in Adobe Flash Player in
Internet Explorer and Microsoft Edge...

Microsoft Security Bulletin Minor Revisions Microsoft (Dec 23)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: December 23, 2015
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS15-082
* MS15-DEC

Bulletin Information:...

Microsoft Security Bulletin Minor Revisions Microsoft (Dec 18)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: December 18, 2015
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS15-131

Bulletin Information:
=====================

MS15-131...

Microsoft Security Bulletin Minor Revisions Microsoft (Dec 17)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: December 17, 2015
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS15-NOV

Bulletin Information:
=====================

MS15-NOV...

Microsoft Security Bulletin Minor Revisions Microsoft (Dec 16)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: December 16, 2015
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS15-124 - Critical
* MS15-125 - Critical
* MS15-DEC...

Microsoft Security Bulletin Releases Microsoft (Dec 10)
********************************************************************
Title: Microsoft Security Bulletin Releases
Issued: December 10, 2015
********************************************************************

Summary
=======

The following bulletins have undergone a major revision increment.

* MS15-131 - Critical

Bulletin Information:
=====================

MS15-131 - Critical

- Title: Security Update for Microsoft Office to Address Remote...

Microsoft Security Bulletin Summary for December 2015 Microsoft (Dec 08)
********************************************************************
Microsoft Security Bulletin Summary for December 2015
Issued: December 8, 2015
********************************************************************

This bulletin summary lists security bulletins released for
December 2015.

The full version of the Microsoft Security Bulletin Summary for
December 2015 can be found at
<https://technet.microsoft.com/library/security/ms15-dec...

Microsoft Security Advisory Notification Microsoft (Dec 08)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: December 8, 2015
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (3123040)
- Title: Inadvertently Disclosed Digital Certificate Could Allow
Spoofing
- Originally...

Microsoft Security Bulletin Minor Revisions Microsoft (Dec 01)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: December 1, 2015
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS15-AUG

Bulletin Information:
=====================

MS15-AUG...

Microsoft Security Advisory Notification Microsoft (Dec 01)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: November 30, 2015
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (3119884)
- Title: Inadvertently Disclosed Digital Certificates Could Allow
Spoofing
-...

Microsoft Security Bulletin Minor Revisions Microsoft (Nov 30)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: November 30, 2015
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS15-109

Bulletin Information:
=====================

MS15-109...

Microsoft Security Bulletin Releases Microsoft (Nov 12)
********************************************************************
Title: Microsoft Security Bulletin Releases
Issued: November 12, 2015
********************************************************************

Summary
=======

The following bulletins have undergone a major revision increment.

* MS15-115 - Critical

Bulletin Information:
=====================

MS15-115 - Critical

- Title: Security Update for Microsoft Windows to Address Remote...

Microsoft Security Bulletin Minor Revisions Microsoft (Nov 11)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: November 11, 2015
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS15-NOV

Bulletin Information:
=====================

MS15-NOV...

Microsoft Security Bulletin Releases Microsoft (Nov 10)
********************************************************************
Title: Microsoft Security Bulletin Releases
Issued: November 10, 2015
********************************************************************

Summary
=======

The following bulletins have undergone a major revision increment.

* MS15-099 - Critical
* MS15-SEP

Bulletin Information:
=====================

MS15-099 - Critical

- Title: Vulnerabilities in Microsoft Office Could...

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Wanted: Cryptography Products for Worldwide Survey Jeffrey Walton (Jan 01)
(http://www.schneier.com/crypto-gram/archives/2015/1215.html):

In 1999, Lance Hoffman, David Balenson, and others published a survey
of non-US cryptographic products. The point of the survey was to
illustrate that there was a robust international market in these
products, and that US-only export restrictions on strong encryption
did nothing to prevent its adoption and everything to disadvantage US
corporations. This was an important contribution...

What Happened With Crypto This Year? 2015 in Review Jeffrey Walton (Dec 29)
http://www.eff.org/deeplinks/2015/12/technical-crypto-2015-review

Under the glare of the modern surveillance state, EFF's long-held goal
of encrypting the web has only grown more pressing. And crypto remains
on the march, with promising developments ranging from the public beta
launch of the Let's Encrypt project, to the expansion of CloudFlare's
Universal SSL program, or the Facebook announcement of PGP-encrypted
notifications....

M-209 Cipher (or, "THE HAGELIN CIPHER MACHINE (M-209): Cryptanalysis from Ciphertext Alone") Jeffrey Walton (Dec 23)
MACHINE (M-209): Cryptanalysis from Ciphertext Alone",
http://cryptome.org/2015/12/ReedsTheHagelinCipherBellLabs1978.pdf.

The M-209 cipher is historically significant because it was
essentially the first crypt program used on Unix to digest password.

In "Password Security: A Case History"
(http://cs-www.cs.yale.edu/homes/arvind/cs422/doc/unix-sec.pdf),
Morris and Thompson discuss Hagelin's patent for the cipher and being...

Three Felonies a Day Ned Fleming (Dec 17)
Three Felonies a Day

tl;dr: "Under the English common law we inherited, a crime
requires intent. This protection is disappearing. From the
1930s, Congress has delegated to various administrative
agencies the task of writing the regulations. even as
'Congress has demonstrated a growing dysfunction in crafting
legislation that can in fact be understood.' Prosecutors
identify defendants to go after instead of finding a law that
was...

cnn breaking news? Ned Fleming (Dec 17)
This is what CNN thinks is "breaking" news -- that the
malevolent will try to hide their nefarious intent. Shocking!
Somebody do something! Anything!

Of course it's not "breaking," but it is a part of the
rataplan for security back doors.

When in danger,
when in doubt,
run in circles,
scream and shout.

China wants help censoring the Internet Rob, grandpa of Ryan, Trevor, Devon & Hannah (Dec 16)
http://www.usnews.com/news/business/articles/2015-12-
16/chinas-xi-calls-for-cooperation-on-internet-regulation

"Chinese President Xi Jinping called Wednesday for governments to cooperate in
regulating Internet use.

"Speaking at a government-organized conference attended by executives of global
and Chinese Internet companies, Xi called for creating a global "governance
system" to reflect the "wishes and interests...

Google tears Symantec a new one over rogue SSL certs Jeffrey Walton (Dec 13)
http://www.theregister.co.uk/2015/10/29/google_symantec_dodgy_certs/

Google has read the riot act to Symantec, scolding the security biz
for its slapdash handling of highly sensitive SSL certificates.

In September it emerged that Symantec's subsidiary Thawte generated a
number of SSL certs for internal testing purposes.

One of these certificates masqueraded as a legit cert for Google.com,
meaning it could be used to trick web browsers...

Kazakhtelecom JSC notifies on introduction of National security certificate from 1 January 2016 Jeffrey Walton (Dec 02)
http://telecom.kz/en/news/view/18729

From 1 January 2016 pursuant to the Law of the Republic of Kazakhstan
«On communication» Committee on Communication, Informatization and
Information, Ministry for investments and development of the Republic
of Kazakhstan introduces the national security certificate for
Internet users.

According to the Law telecom operators are obliged to perform traffic
pass with using protocols, that support coding using...

Fwd: Time to act on TPP is now: Rallies against TPP in Washington D.C. November 14-18 Jeffrey Walton (Nov 09)
FYI...

---------- Forwarded message ----------
From: Free Software Foundation <info () fsf org>
Date: Mon, Nov 9, 2015 at 5:42 PM
Subject: Time to act on TPP is now: Rallies against TPP in Washington D.C.
November 14-18
To: Jeffrey Walton <noloader () gmail com>

[image: Free Software Foundation]

Dear Jeffrey Walton,

The FSF has been warning users of the dangers of the Trans-Pacific
Partnership (TPP) for many years now. The TPP is...

Re: Rachel and Lenny walk into a bar... Steve Pirk (Nov 05)
Does anyone remember the "future" episode of WKRP in Cincinnati where a
receptionist bot answer a call from a telemarketing sales bot and they
pleasantly tell each other that they really don't need their services
today, thank you very much. How long before the entire financial system
consists of nothing but a bunch of bots trading with each other (happening
now :)

Damn you Valdis! Now you have me trying to remember my old ICQ...

Re: Rachel and Lenny walk into a bar... Rob, grandpa of Ryan, Trevor, Devon & Hannah (Nov 05)
Date sent: Thu, 5 Nov 2015 16:37:41 -0700 (MST)
From: Bruce Ediger <bediger () stratigery com>

Oh! Oh! We already have the API and site for Siri, and I'm sure it could be
patched in. But it might be even more fun to hack the API for "Hello Barbie" and
redirect them there!

====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca...

Re: Rachel and Lenny walk into a bar... Valdis . Kletnieks (Nov 05)
On Thu, 05 Nov 2015 16:37:41 -0700, Bruce Ediger said:

Wait, what? ICQ is still a thing?

Rachel and Lenny walk into a bar... Bruce Ediger (Nov 05)
Apparently someone has put some simply code for a voice response unit that acts
as a time-waster for telemarketers:

<http://toao.net/595-lenny>

It's worth a listen to one or two of Lenny's greatest hits on youtube.

My questions:

How many Lenny's would it take to make telemarketers give up? It reads like
there's at least 2 out there, so the answer right now is "more than 2".

As another related question, how...

National Geographic risk analysis Rob, grandpa of Ryan, Trevor, Devon & Hannah (Nov 04)
Lauren Weinstein, in the Network Neutrality Squad mailing list
(nnsquad () nnsquad org, http://www.nnsquad.org ) has pointed out that Rupert
Murdoch, having bought National Geographic, has started the process of cutting
staff and reducing quality (in the name of profit).

------- Forwarded message follows -------
Date sent: Tue, 3 Nov 2015 20:17:24 -0800
From: Lauren Weinstein <lauren () vortex com>...

Re: Greetings from your scary Canadian neighbours, eh? Jeffrey Walton (Oct 30)
I've noticed the US politicians use that sort of misdirection, too.

When they want to distract us, US's Central Media starts bringing the
immigration debate to the fore front. That get's us fighting among
ourselves over a poor Mexican immigrant who wants better for his
family and is here to pick fruit because most US workers won't perform
the labor...

Alabama and Georgia engaged in a neat little experiment... They acted
and...

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Alert - Upcoming Mail Delivery Changes US-CERT Alerts (May 10)
National Cyber Awareness System
US-CERT Alert - Upcoming Mail Delivery Changes

Thank you for being a subscriber to our US-CERT Alerts product. We
are striving to keep our capabilities at the leading edge of
communication. You may have noticed we've redesigned and upgraded our
website recently and as a part of that process, on May 14th, we are
migrating to GovDelivery as our email subscription service. As a
current subscriber you will...

Current Activity - Upcoming Mail Delivery Changes Current Activity (May 10)
National Cyber Awareness System

Thank you for being a subscriber to our US-CERT Current Activity
product. We are striving to keep our capabilities at the leading edge
of communication. You may have noticed we've redesigned and upgraded
our website recently and as a part of that process, on May 14th, we
are migrating to GovDelivery as our email subscription service. As a
current subscriber you will need to do nothing. You will notice a...

Current Activity - Microsoft Releases Advance Notification for May 2013 Security Bulletin Current Activity (May 09)
National Cyber Awareness System
Microsoft Releases Advance Notification for May 2013 Security Bulletin

Original release date: May 09, 2013

Microsoft has issued a Security Bulletin Advanced Notification
indicating that its May release will contain 10 bulletins. These
bulletins will have the severity rating of critical and important and
will be for Microsoft Windows, Office, Internet Explorer, .NET
Framework, Lync, and Windows Essentials. These...

Current Activity - Adobe Releases Security Advisory for ColdFusion Current Activity (May 09)
National Cyber Awareness System
Adobe Releases Security Advisory for ColdFusion

Original release date: May 09, 2013

Adobe has identified a critical vulnerability affecting ColdFusion 10,
9.0.2, 9.0.1, 9.0, and earlier versions for Windows, Macintosh, and
UNIX. This vulnerability (CVE-2013-3336) could permit an unauthorized
user to remotely retrieve files stored on a server. There are reports
that an exploit of this vulnerability is publicly...

Current Activity - Microsoft Releases Security Advisory for Internet Explorer Current Activity (May 07)
National Cyber Awareness System
Microsoft Releases Security Advisory for Internet Explorer

Original release date: May 07, 2013

Microsoft is investigating public reports of a remote code execution
vulnerability in Internet Explorer 8 and is aware of attacks that
attempt to exploit this vulnerability. This vulnerability may allow an
attacker to execute arbitrary code if a user accesses a specially
crafted website. Microsoft is actively working...

Current Activity - Cisco Releases Security Advisories Current Activity (Apr 25)
National Cyber Awareness System
Cisco Releases Security Advisories

Original release date: April 25, 2013

Cisco has released three security advisories to address vulnerabilities
affecting Cisco NX-OS-based products, Cisco Device Manager, and Cisco
Unified Computing System. These vulnerabilities may allow an attacker to
bypass authentication controls, execute arbitrary code, obtain sensitive
information, or cause a denial-of-service condition....

Current Activity - Apple Releases Security Updates for Safari Current Activity (Apr 18)
National Cyber Awareness System
Apple Releases Security Updates for Safari

Original release date: April 18, 2013

Apple has released security updates for Safari 6.0.4 WebKit to address
multiple vulnerabilities. These vulnerabilities could allow a remote
attacker to execute arbitrary code or cause a denial-of-service
condition.

Safari 6.0.4 WebKit updates are available for the following versions:
* OS X Lion v10.7.5
* OS X Lion Server v10.7.5...

Alert TA13-107A: Oracle has released multiple updates for Java SE US-CERT Alerts (Apr 18)
National Cyber Awareness System
TA13-107A: Oracle has released multiple updates for Java SE

Original release date: April 17, 2013

Systems Affected

* JDK and JRE 7 Update 17 and earlier
* JDK and JRE 6 Update 43 and earlier
* JDK and JRE 5.0 Update 41 and earlier
* JavaFX 2.2.7 and earlier

Overview

Oracle has released a Critical Patch Update (CPU) for Java SE. Oracle
strongly recommends that customers apply CPU fixes as soon as possible....

Current Activity - Scams Exploiting Boston Marathon Explosion Current Activity (Apr 17)
National Cyber Awareness System
Scams Exploiting Boston Marathon Explosion

Original release date: April 17, 2013

Malicious actors are exploiting the April 15 explosions at the Boston
Marathon in attempts to collect money intended for charities and to
spread malicious code. Fake websites and social networking accounts have
been set up to take advantage of those interested in learning more
details about the explosions or looking to contribute to...

Current Activity - Malicious Actors May Take Advantage of Boston Marathon Explosion Current Activity (Apr 17)
National Cyber Awareness System
Malicious Actors May Take Advantage of Boston Marathon Explosion

Original release date: April 17, 2013

Historically, scammers, spammers, and other malicious actors capitalize
on major news events by registering domain names related to the events.
Malicious actors may attempt to exploit the April 15, 2013 explosions at
the Boston Marathon in this way. Some may use fake domains to take
advantage of those interested...

Current Activity - Oracle Releases April 2013 Security Advisory Current Activity (Apr 17)
National Cyber Awareness System
Oracle Releases April 2013 Security Advisory

Original release date: April 17, 2013

Oracle has released its Critical Patch Update for April 2013 to address
128 vulnerabilities across multiple products. This update contains the
following security fixes:
* 4 for Oracle Database Server
* 29 for Oracle Fusion Middleware
* 6 for Oracle E-Business Suite
* 3 for Oracle Supply Chain Products Suite
* 11 for Oracle...

Current Activity - WordPress Sites Targeted by Mass Brute-force Botnet Attack Current Activity (Apr 15)
National Cyber Awareness System
WordPress Sites Targeted by Mass Brute-force Botnet Attack

Original release date: April 15, 2013

US-CERT is aware of an ongoing campaign targeting the content management
software WordPress, a free and open source blogging tool and web
publishing platform based on PHP and MySQL. All hosting providers
offering WordPress for web content management are potentially targets.
Hackers reportedly are utilizing over 90,000...

Current Activity - Microsoft Releases April 2013 Security Bulletin Current Activity (Apr 09)
National Cyber Awareness System
Microsoft Releases April 2013 Security Bulletin

Original release date: April 04, 2013 | Last revised: April 09, 2013

Microsoft has released updates to address vulnerabilities in Microsoft
Windows, Office, Internet Explorer, Server Software, and Security
Software as part of the Microsoft Security Bulletin summary for April
2013. These vulnerabilities could allow remote code execution, elevation
of privilege,...

Current Activity - Microsoft Releases Advance Notification for April 2013 Security Bulletin Current Activity (Apr 04)
National Cyber Awareness System
Microsoft Releases Advance Notification for April 2013 Security Bulletin

Original release date: April 04, 2013

Microsoft has issued a Security Bulletin Advance Notification indicating
that its April release will contain nine bulletins. These bulletins will
have the severity rating of critical and important and will be for
Microsoft Windows, Office, Internet Explorer, Server Software, and
Security Software. These...

Current Activity - Mozilla Releases Multiple Updates Current Activity (Apr 03)
National Cyber Awareness System
Mozilla Releases Multiple Updates

Original release date: April 03, 2013

The Mozilla Foundation has released updates to address multiple
vulnerabilities. These vulnerabilities could allow an attacker to
initiate a cross-site scripting attack or obtain sensitive information,
enable privilege escalation or execute arbitrary code, or cause a
denial-of-service condition.

Updates to the following products are...

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Re: Re: CVE Request: Linux kernel: privilege escalation in user namespaces Serge Hallyn (Jan 05)
Quoting Eric W. Biederman (ebiederm () xmission com):

I could be wrong but think you are misunderstanding the cve.

IIRC the situation was: if you setns(some-userns); setresgid(0,0);
setresuid(0,0); then between the setns and the setuids the container
can ptrace your task and do things using the host uids. That's bad.

You can't stop the container from messing with you in general (by
ptracing later - though as you say we could set...

Re: Re: CVE Request: Linux kernel: privilege escalation in user namespaces Eric W. Biederman (Jan 05)
cve-assign () mitre org writes:

My mind is boggling at some of the logic involved here.

There is no potentially gaining access outside of the namespace when it
is access to things that were put inside the namespace.

The discussion was about how to make it easier for userspace not to do
stupid things, not how to fix a bug in the kernel.

The code we have been discussing most definitely does not make it safe
for a arbitrary root owned processes...

CVE request -- linux kernel: nfs: kernel panic occurs at nfs client when nfsv4.2 migration is executed Vladis Dronov (Jan 05)
Hello,
If possible, we would like to obtain a CVE-ID for the following issue which we
believe is a security one. I was not able to find an already-assigned CVE-ID
for this.

A flaw was found in the Linux kernel in the NFSv4.2 migration code that can cause
a panic of the NFS client due to improperly initialized kernel structure.

References:

Red Hat public Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1295802

An upstream patch:...

Re: Re: CVE Request: cacti: SQL injection vulnerability in graphs_new.php Andreas Stieger (Jan 05)
Hello,

Thanks for the clarification,
Andreas

CVE request for radicale Yves-Alexis Perez (Jan 05)
Hi,

multiple security fixes were done in radicale (a calendar/contact server) 1.1,
released on dec 31st:

https://github.com/Kozea/Radicale/pull/343
http://radicale.org/news/#2015-12-31@11:54:03
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809920

Can CVE be assigned for those issues?

Thank in advance,

Re: Re: CVE Request: cacti: SQL injection vulnerability in graphs_new.php Salvatore Bonaccorso (Jan 05)
Hi Andreas,

Theree are two different vulnerabilities here, see second comment in
http://bugs.cacti.net/view.php?id=2652 which describe both, the
CVE-2015-8377 and the new assigned one (CVE-2015-8604).

Does this helps?

Regards,
Salvatore

CVE Request: netfilter-persistent: (local) information leak due to world-readable rules files Salvatore Bonaccorso (Jan 05)
Hi,

iptables-persistent (in Debian) is a loader for netfilter configuration
using a plugin-based architecture.

iptables-persistent is vulnerable to a (local) information leak due to
world-readable rules files. It was reported in Debian in

https://bugs.debian.org/764645

And fixed via

https://anonscm.debian.org/cgit/collab-maint/iptables-persistent.git/commit/?id=37905034f07e94c4298a1762b39b7bbd4063c0df

Could you assign a CVE for this issue?...

Re: Re: CVE Request: cacti: SQL injection vulnerability in graphs_new.php Andreas Stieger (Jan 05)
Hello,

Check against a possible duplicate assignment with CVE-2015-8377?

http://seclists.org/fulldisclosure/2015/Dec/att-57/cacti_sqli%281%29.txt

https://bugzilla.redhat.com/show_bug.cgi?id=1291222
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8377
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8377

Andreas

Re: CVE Request: python-rsa signature forgery cve-assign (Jan 04)
Use CVE-2016-1494.

Remote Command Injection in Ruby Gem colorscore <=0.0.4 Reed Loden (Jan 04)
Title: Remote Command Injection in Ruby Gem colorscore <=0.0.4

Description: Finds the dominant colors in an image and scores them against
a user-defined palette, using the CIE2000 Delta E formula.

Homepage: https://github.com/quadule/colorscore

Download: https://rubygems.org/gems/colorscore

Affected versions: All (<=0.0.4 currently)

Vulnerability:
The contents of the `image_path`, `colors`, and `depth` variables generated
from possibly...

CVE Request: python-rsa signature forgery Filippo Valsorda (Jan 04)
Hello,

please assign a CVE to this signature forgery vulnerability in
python-rsa. It allows an attacker to fake signatures for arbitrary
messages for any key with low exponent "e" (like the common 3).

Writeup:
https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/
Fix:
https://bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by/diff
Project: https://pypi.python.org/pypi/rsa...

Re: CVE Request: cacti: SQL injection vulnerability in graphs_new.php cve-assign (Jan 04)
http://bugs.cacti.net/view.php?id=2652 is CVE-2015-8604.

CVE Request: cacti: SQL injection vulnerability in graphs_new.php Salvatore Bonaccorso (Jan 04)
Hi,

Another SQL injection vulnerability via graphs_new.php in cacti was
found, reported to the bug http://bugs.cacti.net/view.php?id=2652 .

No upstream commit to fix the issue is available yet.

This seems different to CVE-2015-8377, which was assigned for
http://seclists.org/fulldisclosure/2015/Dec/att-57/cacti_sqli%281%29.txt

Can you assign a CVE for this issue?

Regards,
Salvatore

Re: CVE request Qemu: net: vmxnet3: reading IMR registers leads to a crash cve-assign (Jan 04)
Use CVE-2015-8745.

Re: CVE request Qemu: net: vmxnet3: incorrect l2 header validation leads to a crash cve-assign (Jan 04)
Use CVE-2015-8744.

Secure Coding — The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.

• Previous Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Silver Bullet 117: Jamie Butler Gary McGraw (Dec 26)
hi sc-l,

The current episode of the Silver Bullet Security Podcast features Jamie Butler, CTO of Endgame. Jamie and I talk
rootkits (he wrote the book with Greg Hoglund), attack patters, defense and offense. Jamie has a long career in
security (17 years) spanning early days at Fort Meade, through Mandiant, to Endgame.

Have a listen: http://bit.ly/SB-butler

And happy holidays from Silver Bullet!

gem

company www.cigital.com
book...

Silver Bullet 116: Doug Maughan Gary McGraw (Dec 01)
hi sc-l,

Doug Maughan is one of the very good people who somehow works in the federal government at DHS (I know). He has been
funding reasonable science in computer security since his early DARPA days and even once funded some of our work at
cigital. We talk about science, research, tech transfer, the research valley of death, and why computer security is so
badly broken in the federal government.

Have a listen: http://bit.ly/SB-maughan...

CFP: Mobile Security Technologies (MoST) 2016 Larry Koved (Nov 04)
http://ieee-security.org/TC/SPW2016/MoST/cfp.html

Mobile Security Technologies (MoST) 2016
co-located with
The 34th IEEE Symposium on Security and Privacy (IEEE S&P 2016)
an event of
The IEEE Computer Society's Security and Privacy Workshops (SPW 2016)
The Fairmont Hotel
San Jose, CA, USA
Thursday May 26, 2016

Mobile Security Technologies (MoST) brings together researchers,
practitioners, policy makers, and hardware and software...

Silver Bullet 115: mudge Gary McGraw (Oct 29)
hi sc-l,

Cigital just posted Silver Bullet 115 which features an interview with mudge (a.k.a., Peiter Zatko).

https://www.cigital.com/podcasts/show-115-peiter-mudge-zatko/

We talk l0pht, cult of the dead cow, early security days, testifying before Congress, why the government is so confused
about security, DARPA, DoD, Google, and current doings. Mudge is one of the original hackers from days gone by who
took his hobby and turned it into a...

BSIMM6 Gary McGraw (Oct 19)
hi sc-l,

Today Cigital published Release 6 of the Building Security In Maturity Model (BSIMM). The BSIMM now represents eight
years of bringing science to the software security. We have directly measured over 104 companies across multiple
industries (BSIMM6 covers 78 of them). BSIMM6 also includes the addition of healthcare as a one of the
well-represented verticals (10 firms or more).

Opinion is rife in computer security, and software...

MQ Series and Middleware security Gunnar Peterson (Oct 08)
As the saying goes, a Unix server goes down and you have a bad weekend. A Mainframe goes down and the earth stops
rotating on its axis. To the latter point, MQ Series and other messaging systems that communicate with Mainframes and
heritage(*) systems get next to no attention from the security community, however they are critical. Here is a chat
with T. Rob Wyatt on that subject...

SearchSecurity: Seven Myths of Software Security Gary McGraw (Oct 06)
hi sc-l,

You’ve heard these before I’m sure. Working on expanding or improving your software security initiative? Here are
seven of the most common objections we see all the time (and what to say in response).

Please read this article: http://bit.ly/swsec-myths

Hopefully you will all find this useful in getting thinking back on track when it comes to software security.

As always, your feedback is welcome. Let me know what you think!...

Educause Security Discussion — Securing networks and computers in an academic environment.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Re: Happy New Year! HEISC 2015 Year in Review Barrett, Bruce (Jan 05)
Great job, Valerie and the group. Thank you.

Bruce

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valerie
Vogel
Sent: Tuesday, January 05, 2016 10:37 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Happy New Year! HEISC 2015 Year in Review

Dear Security Discussion list members,

Happy new year! We would like to take a moment to highlight the many accomplishments of...

Happy New Year! HEISC 2015 Year in Review Valerie Vogel (Jan 05)
Dear Security Discussion list members,

Happy new year! We would like to take a moment to highlight the many accomplishments of our Higher Education
Information Security Council (HEISC) volunteers in 2015. http://er.educause.edu/blogs/2015/12/heisc-2015-year-in-review

Next up is Data Privacy Day on January 28 and will be sharing resources soon. We also hope that you’ll share any
suggestions for new (or improved) resources that you may have a...

Re: Juniper backdoor password now public (plus bonus Shodan .edu search) Alex Keller (Dec 21)
It's already achieved legendary status, in no small part because of the intense speculation it is NOBUS ('Nobody But
Us') handiwork. This discovery comes at a time when current events have catalyzed a feeding frenzy by the proponents of
"exceptional access" for National Security and LEOs.

Indeed the scope right now is specific versions of ScreenOS, but there is little doubt that 2016 will usher in deep
dive code...

Re: Juniper backdoor password now public (plus bonus Shodan .edu search) Brian Helman (Dec 21)
This is a serious vulnerability, but before it becomes Internet legend, this issue does not impact the entire line of
Juniper products. It "only" impacts Juniper ScreenOS systems, not JunOS (that we know of at this time). Netscreen
products include the NS and SSG VPN/Firewall chassis. SRX next-gen systems as well as EX and MX gear run JunOS.

There are patched versions of the firmware available.

-Brian

-----Original...

Juniper backdoor password now public (plus bonus Shodan .edu search) Shawn Merdinger (Dec 20)
fyi

https://community.rapid7.com/community/infosec/blog/2015/12/20/cve-2015-7755-juniper-screenos-authentication-backdoor

https://gist.github.com/hdm/18c8818d8623c2053e5c#file-19b-19-diff-L466

[ 83 hits ] -- https://www.shodan.io/search?query=org%3Auniversity+netscreen
[ 16 hits ] -- https://www.shodan.io/search?query=org%3Acollege+netscreen

Thanks,
--scm

Re: Anyone is using KnowBe4 for information security and phishing awareness training? Mitcham, Zachery S. (Dec 18)
Securing the Human and Phish Me are good products.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jeff Choo
Sent: Friday, December 18, 2015 3:53 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Anyone is using KnowBe4 for information security and phishing awareness training?

Hi All,

Thank you for your replies. At the end we decided to stay with SANS for user...

Re: Anyone is using KnowBe4 for information security and phishing awareness training? Jeff Choo (Dec 18)
Hi All,

Thank you for your replies. At the end we decided to stay with SANS for user training. While the pricing for KnowBe4
is very competitive and I think their training portal management GUI is much better designed than SANS STH, the
training courses provided however don’t provide the topic depth we needed in regards to various compliances including
HIPAA and Gramm Leach Bliley. However we are signing up with them on the Compliance...

Re: Data Loss Prevention Velislav K Pavlov (Dec 18)
Thank you for the responses! One of the challenges was whether or not MS provides DLP currently. We can't see DLP
option inside the compliance manager. It can may very well be tied to the type of license we have applied.

Vel Pavlov | Sr. IT Security Analyst
M.Sc., CISSP, C|EH, C)PTE, Security+,
CNA, MPCS, ITIL, A+

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Pfaff,
Anthony...

Re: Data Loss Prevention Pfaff, Anthony W (Dec 18)
Hi all,

Microsoft includes DLP as part of the Rights Management Suite you get when you license someone with an "Enterprise"
O365 license. It used to be you had to pay for these particular types of licenses, and our institution did pay for a
handful in cases where litigation holds were needed, but Microsoft now appears to be providing these at no cost to
higher ed. Testing O365's DLP is still on our to-do list however, so I...

Amazon credential compromise Emily Harris (Dec 18)
We had an interesting incident regarding the capturing of credentials. We
are still investigating the incident and we are rather short on theories as
to how the login/password combination was breached. Our best guess is an
infected web browser on a PC which was used on Tuesday. I am curious if
anyone else has had credentials captured this way? We have not yet scanned
the machine but have quarantined it for the time being while we consider...

Re: Data Loss Prevention Jeff Choo (Dec 18)
Hi Vel,

We are currently testing O365 DLP by setup a test policy to capture any potential positives but haven't enforced the
policy in O365 Exchange. My understanding is DLP feature is free with your faculty/staff O365 licenses but I don't
know and haven't heard anything if this will change in the long run.

I have talked with several 3rd party vendors about integration with O365 - all of them said they will launch new...

Information Security Architect job posting Keir Novik (Dec 17)
I'm pleased to say that we have a position open for an Information Security Architect at Simon Fraser University in
beautiful metro Vancouver, BC. The job posting (competition #566) is at

https://www.sfu.ca/human-resources/prospective-employees/current-job-postings.html

We have a small team but it's a great place to work (SFU is ranked as one of Canada's Top 100 Employers), and this is a
real opportunity to take things to the...

Data Loss Prevention Velislav K Pavlov (Dec 17)
Good afternoon,

Anyone using Office365 DLP for email, sharepoint, OneDrive? We are getting mixed messages about the availability of
this service for education. What about Digital Guardian for enterprise and endpoint DLP and advanced threat protection?

Vel Pavlov | Sr. IT Security Analyst
M.Sc., CISSP, C|EH, C)PTE, Security+,
CNA, MPCS, ITIL, A+

Re: File and Folder Encryption Kyle Crain (Dec 17)
Hi Vel,

We are using it in some areas at Penn State and have gone through some
trials to get things working. We found quite a few different issues we had
to overcome but do have it protecting data.

Let me know if you would like to chat.

Thanks,

Kyle

Kyle Crain

Systems and Network Security Analyst

Office of Information Security

The Pennsylvania State University

Phone: 814-863-7863

http://security.psu.edu

From: The EDUCAUSE Security...

File and Folder Encryption Velislav K Pavlov (Dec 17)
Good afternoon,

Anyone using WinMagic SecureDoc File and Folder Encryption? We have trouble getting FFE implemented and wondered if
anyone else has the same trouble or perhaps already implemented this solution and feature. Thank you.

Vel Pavlov | Sr. IT Security Analyst
M.Sc., CISSP, C|EH, C)PTE, Security+,
CNA, MPCS, ITIL, A+

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

• Current Month
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Re: TransPacific Partnership tglassey () earthlink net (Jan 05)
I wouldn't worry about it every byte if the surveillance data is tied to the patent fraud around Us6370629 imho.

Sent from my HTC

----- Reply message -----
From: "Matt Hoppes" <mhoppes () indigowireless com>
To: "Tom Berryman" <Tom () connectivityit com au>
Cc: <nanog () nanog org>
Subject: TransPacific Partnership
Date: Sun, Jan 3, 2016 16:07

My understanding was if it all goes through here in the US...

Re: Another Big day for IPv6 - 10% native penetration Mansoor Nathani (Jan 05)
Aren't IBM and Softlayer one and the same these days?

Re: [NANOG] IPv4 subnets for lease? Javier J (Jan 05)
Is there anyone who leases to companies in the US?

Re: Another Big day for IPv6 - 10% native penetration Jared Mauch (Jan 05)
Yes, the echo chamber of NANOG, that sometimes makes it out further :)

I’ve heard rumblings that Amazon is slowly making progress in the IPv6 front
and others are marching forward here. I think this will largely be driven
by the mobile marketing machine. There’s a lot of things converging at once
and I expect 2016 to see major shifts in “IP Classic” -> IPv6 traffic. We
saw a doubling of IPv6 bitrate on our network just by the iOS...

Re: Another Big day for IPv6 - 10% native penetration Owen DeLong (Jan 05)
Yes and no…

Yes, IBM bot Softlayer.

No, IBM datacenters that predate Softlayer still can’t spell IPv6.
Softlayer datacenters all had IPv6 before IBM got to them.

Owen

GPON vs. GEPON nanog-isp (Jan 05)
Hello all,

For those of you with optical last mile networks that are familiar with both GPON and GEPON, would you mind sharing
experiences of the differences between GPON and GEPON, especially from an operative perspective?

For arguments sake let's assume bitrate, split ratio, cross vendor compatibility and purchase price differences aren't
of major interest.

Thanks,

Jared

Possible Level3 Latency and Packet Loss Eric Rogers (Jan 05)
I have several customers that have contacted us about VoIP quality, and
I have moved BGP away from Level3, and even through Cogent and/or HE to
try and bypass but it still goes back into Level3's network.

Is there any way I can get an engineer from Level3 to contact me to help
troubleshoot this? The NOC will not talk with me as I am not a Customer
of Record.

Eric Rogers

www.pdsconnect.me

(317) 831-3000 x200

Re: Another Big day for IPv6 - 10% native penetration Owen DeLong (Jan 05)
I bet if more people moved to clouds that have IPv6 support such as:

Host Virtual vr.org <http://vr.org/>
Softlayer softlayer.com <http://softlayer.com/>
Linode linode.com <http://linode.com/>

Places like Amazon and Google and IBM would get the message faster than
from people complaining on this list.

Owen

Re: Another Big day for IPv6 - 10% native penetration George, Wes (Jan 05)
*start*?
https://www.flickr.com/photos/n3pb/sets/72157634324914351/

:-)

Wes

Anything below this line has been added by my company’s mail server, I
have no control over it.
-----------

________________________________

This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged,
confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the...

Re: Another Big day for IPv6 - 10% native penetration James Hartig (Jan 05)
I would hope that Google would first fix the fact that "Compute Engine
networks do not support IPv6 at all."[1] before doing anything with SEO.

[1] https://cloud.google.com/compute/docs/networking

RE: Another Big day for IPv6 - 10% native penetration Steve Mikulasik (Jan 05)
They don't need to actually implement it, just say IPv6 increases ranking. SEO is mostly BS anyways, I doubt anyone
would notice.

-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Baldur Norddahl
Sent: Monday, January 04, 2016 4:33 PM
To: nanog () nanog org
Subject: Re: Another Big day for IPv6 - 10% native penetration

We just need Google to announce that IPv6 enabled sites will get a slight bonus in...

Re: Another Big day for IPv6 - 10% native penetration Mikael Abrahamsson (Jan 05)
Why? IPv6 only with IPv4 transported over it is clearly the way to go for
the future, it makes more sense to have Apple support this mode once for
their devices, than it is for every mobile provider to have to support
IPv4v6 with all the drawbacks, and then migrate people again to IPv6+AFTR
solution in a few years.

Re: Another Big day for IPv6 - 10% native penetration Owen DeLong (Jan 05)
Except that the only mode of translation Cameron is willing to support is the one which isn’t available in iOS, so we
have a religious war between T-Mo and Apple where T-Mo says “Support 464Xlat or suffer” and Apple says “No, you support
one of the mechanisms already supported in iOS”.

Good that one of them is finally backing down on the previous stupidity, but for a variety of reasons, I wish it had
been T-mo.

Owen

Re: Another Big day for IPv6 - 10% native penetration Owen DeLong (Jan 05)
I haven’t been involved in a single executive briefing where hex or the length
of the addresses came up as an issue.

This is a total red herring.

Decision makers aren’t paying attention to what the addresses look like. Most of
them likely wouldn’t recognize an IPv4 address if you showed them one.

Owen

Re: Another Big day for IPv6 - 10% native penetration Bruce Curtis (Jan 05)
This page is fun to play with. The 3rd order polynomial currently results in the most optimistic projection and 700
days in the future is enough for a good view of the results. The page is for the US.

https://www.vyncke.org/ipv6status/project.php?metric=q&country=us

---
Bruce Curtis bruce.curtis () ndsu edu
Certified NetAnalyst II 701-231-8527
North Dakota State University

Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating

• Archived Posts
•  RSS Feed
•  About List

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Risks Digest 29.20 RISKS List Owner (Jan 05)
RISKS-LIST: Risks-Forum Digest Tuesday 5 January 2016 Volume 29 : Issue 20

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.20.html>
The current issue can be...

Risks Digest 29.19 RISKS List Owner (Dec 28)
RISKS-LIST: Risks-Forum Digest Monday 28 December 2015 Volume 29 : Issue 19

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.19.html>
The current issue can be...

Risks Digest 29.18 RISKS List Owner (Dec 24)
RISKS-LIST: Risks-Forum Digest Thursday 24 December 2015 Volume 29 : Issue 18

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.18.html>
The current issue can...

Risks Digest 29.17 RISKS List Owner (Dec 15)
RISKS-LIST: Risks-Forum Digest Tuesday 15 December 2015 Volume 29 : Issue 17

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.17.html>
The current issue can...

Risks Digest 29.16 RISKS List Owner (Dec 14)
RISKS-LIST: Risks-Forum Digest Monday 14 December 2015 Volume 29 : Issue 16

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.16.html>
The current issue can be...

Risks Digest 29.15 RISKS List Owner (Dec 09)
RISKS-LIST: Risks-Forum Digest Wednesday 9 December 2015 Volume 29 : Issue 15

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.15.html>
The current issue can...

Risks Digest 29.14 RISKS List Owner (Dec 02)
RISKS-LIST: Risks-Forum Digest Wednesday 2 December 2015 Volume 29 : Issue 14

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.14.html>
The current issue can...

Risks Digest 29.13 RISKS List Owner (Nov 26)
RISKS-LIST: Risks-Forum Digest Thursday 26 November 2015 Volume 29 : Issue 13

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.13.html>
The current issue can...

Risks Digest 29.12 RISKS List Owner (Nov 25)
RISKS-LIST: Risks-Forum Digest Wednesday 25 November 2015 Volume 29 : Issue 12

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.12.html>
The current issue can...

Risks Digest 29.10 RISKS List Owner (Nov 17)
RISKS-LIST: Risks-Forum Digest Tuesday 17 November 2015 Volume 29 : Issue 10

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.10.html>
The current issue can...

Risks Digest 29.09 RISKS List Owner (Nov 13)
RISKS-LIST: Risks-Forum Digest Friday 13 November 2015 Volume 29 : Issue 09

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.09.html>
The current issue can be...

Risks Digest 29.08 RISKS List Owner (Nov 09)
RISKS-LIST: Risks-Forum Digest Monday 9 November 2015 Volume 29 : Issue 08

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.08.html>
The current issue can be...

Risks Digest 29.07 RISKS List Owner (Nov 03)
RISKS-LIST: Risks-Forum Digest Tuesday 3 November 2015 Volume 29 : Issue 07

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.07.html>
The current issue can be...

Risks Digest 29.06 RISKS List Owner (Oct 30)
RISKS-LIST: Risks-Forum Digest Friday 30 October 2015 Volume 29 : Issue 06

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.06.html>
The current issue can be...

Risks Digest 29.05 RISKS List Owner (Oct 26)
RISKS-LIST: Risks-Forum Digest Monday 26 October 2015 Volume 29 : Issue 05

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.05.html>
The current issue can be...

Data Loss — Data Loss covers large-scale personal data loss and theft incidents. This archive combines the main list (news releases) and the discussion list.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

5 sins cybersecurity executives should avoid Audrey McNeil (Jan 05)
http://www.csoonline.com/article/3018743/security/5-sins-cybersecurity-executives-should-avoid.html

With the advent of 2016, I was tempted to touch upon my thoughts on what
the future of the cyberlandscape will hold, prognosticating trends and
shifts and what the next big threat would be. However, upon deeper
reflection and further review of 2015, I’ve decided to focus on what we as
cybersecurity executives have control of and can influence,...

When hacking got personal in 2015 Audrey McNeil (Jan 05)
http://www.thenational.ae/business/technology/when-hacking-got-personal-in-2015

If there is any lesson that using the internet in 2015 taught us, it’s that
it’s getting increasingly difficult to avoid having our personal data
stolen by hackers.

brokerages, virtually no one was safe from malicious breaches. And, if
anything, hacking became a little more personal – and a little meaner – in
2015.

In June, hackers stole the records of at...

6 cyber best practices for the new year Audrey McNeil (Jan 05)
https://washingtontechnology.com/articles/2016/01/04/insights-griffin-security-resolutions.aspx?admgarea=TC_Contracts

Happy 2016, everyone!

The new year is a great time to set new personal and professional goals,
but as a security professional, I also believe this is the perfect time to
assess your company’s current practices for preventing insider threats to
your security.

One of the biggest security threats to your business is now coming...

Cyber insurance 2015: Inside a robust and rapidly changing market Audrey McNeil (Jan 04)
http://www.propertycasualty360.com/2016/01/01/cyber-insurance-2015-inside-a-robust-and-rapidly-c

2015 will be remembered as the year the Cyber insurance market began to
really take shape. The market remains robust and continues to present for
insurers opportunities for unprecedented growth. However, the market
conditions for large and small to medium-size enterprises differs greatly.
That is because, in part, insurers are targeting small and...

The Need for Private-Public Partnerships Against Cyber Threats -- Why A Good Offense May be Our Best Defense. Audrey McNeil (Jan 04)
http://www.huffingtonpost.com/daniel-garrie/the-soft-power-war-isis-d_b_8818866.html

The Internet has delivered on its promise of social and economic progress.
Unfortunately, it has also delivered unprecedented opportunities for
scaling global conflict, terrorism, criminal activity, state and industrial
espionage and vandalism. These risks continue to expand.

Cybersecurity is a multidimensional problem that transcends the risk
management and...

Incident Response Tip: Five Ways to Improve Information Security and Reduce the Impact of a Data Breach Audrey McNeil (Jan 04)
http://www.jdsupra.com/legalnews/incident-response-tip-five-ways-to-88472/

The new year will arrive in a few short days and when the bell tolls, it
will mark the end of another extremely active year of data breaches.
High-profile breaches such as Anthem, Ashley Madison, and the Office of
Personnel Management serve as a reminder that it is a matter of when, not
if, your organization experiences a data breach. Here are a few relatively
simple ways...

Five Keys To Crafting A Cybersecurity Policy For Your Business Audrey McNeil (Jan 04)
http://www.wilmingtonbiz.com/insights/kara_gansmann/five_keys_to_crafting_a_cybersecurity_policy_for_your_business/1005

The New Year – and particularly 2016 – is a perfect time to review your
company’s cybersecurity policies and make necessary changes. From
governmental entities, to nonprofits who collect donations by credit card,
to the health care industry’s collection of health data, to employers who
store employees’ social security...

Vishing and smishing: The rise of social engineering fraud Audrey McNeil (Jan 04)
http://www.bbc.com/news/business-35201188

Most of us like to think we're too clever to be caught out by email and
telephone scams, but in fact any of us can get caught out by fraudsters.

Their tricks have gone far beyond the infamous fax from a "Nigerian prince"
you've never heard of asking you for money.

Now frauds are increasingly sophisticated and you are much more likely to
hear from someone you trust.

Fraudsters dupe...

2016 – The Year of the Cyber Exploit Audrey McNeil (Jan 04)
http://www.infosecurity-magazine.com/opinions/2016-the-year-of-the-cyber-exploit/

2015 has been another ‘year of the breach’ with almost weekly compromises
becoming the norm. Cyber-criminals seemed often to be one step ahead of the
security industry, using an evolving arsenal of cyber-attack techniques to
successfully breach networks.

New Vulnerabilities

2016 will be considered the ‘year of the exploit’ as we will see a shift to
higher...

Why Your Company Must Have Firm Operational Boundaries Audrey McNeil (Dec 31)
http://www.inc.com/ric-edelman/why-your-company-must-have-firm-operational-boundaries.html

What happens in your company when issues such as the following arise?

One of your products loses a significant percentage of market share.
The company fails to respond to a customer's complaint or rectify a privacy
breach within a designated period.
You lose a sale or customer to a competitor.

Well-run companies don't let issues like these...

JD Wetherspoon breach: three data management mistakes that could have been avoided Audrey McNeil (Dec 31)
http://www.scmagazineuk.com/jd-wetherspoon-breach-three-data-management-mistakes-that-could-have-been-avoided/article/460792/

Mistake No 1: JD Wetherspoon didn't build in a plan for the removal of
information when its old website was no longer needed.

As an article in WIRED explains, data is a renewable resource (similar to
crude oil) and it's vital to maximise its value. But doing that isn't
always an easy or quick process....

Experienced a Breach? Here Are Four Tips for Incident Response Audrey McNeil (Dec 31)
http://www.circleid.com/posts/20151230_experienced_a_breach_here_are_four_tips_for_incident_response/

The threat level has never been higher for organizations charged with
protecting valuable data. In fact, as recent headlines will attest, no
company or agency is completely immune to targeted attacks by persistent,
skilled adversaries. The unprecedented success of these attacks against
large and well-equipped organizations around the world has...

Ashley Madison is a wake-up call for all marketers on data retention Audrey McNeil (Dec 30)
http://www.cmo.com.au/blog/data-driven-marketing/2015/12/29/ashley-madison-is-a-wake-up-call-for-all-marketers-on-data-retention/

The recent Ashley Madison hack is a wake-up call not only for consumers,
but also for marketers and companies – many of which still do not take
their customers’ privacy or data security seriously enough.

There have been other, bigger, high-profile data breaches. But somehow they
have seemed more remote and...

In TalkTalk aftermath, it's time for companies to pay higher price for breaches Audrey McNeil (Dec 29)
http://www.zdnet.com/article/in-talktalk-aftermath-its-time-for-companies-to-pay-price-for-breaches/

After Target's breach, its stock was fine. Home Depot's stock prices showed
no noticeable impact of its big hack attack. JPMorgan Chase's investors
didn't even blink when the company was revealed to be the target of the
largest-ever theft of customer data from a US financial institution (and
one of the biggest breaches to...

15 Cybersecurity Lessons We Should Have Learned From 2015, But Probably Didn't Audrey McNeil (Dec 29)
http://www.darkreading.com/attacks-breaches/15-cybersecurity-lessons-we-should-have-learned-from-2015-but-probably-didnt/d/d-id/1323704

As is the case every year in the cybersecurity field, 2015 was full of
lessons to be learned. Some brand new, others that it's absurd we haven't
learned yet.

1. Pay For Your Room In Cash.

Retailers were in hit hard in 2014, but in 2015 point-of-sale hacks really
moved over to the hospitality sector....

Metasploit — Development discussion for Metasploit, the premier open source remote exploitation tool

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

nullcon se7en CFP is open nullcon (Aug 25)
Dear Friends,

Welcome to nullcon se7en!

$git commit -a <sin>

<sin> := wrath | pride | lust | envy | greed | gluttony | sloth

nullcon is an annual security conference held in Goa, India. The focus
of the conference is to showcase the next generation of offensive and
defensive security technology. We happily open doors to researchers
and hackers around the world working on the next big thing in security
and request...

Ruxcon 2015 Final Call For Presentations cfp (Jul 05)
Ruxcon 2015 Final Call For Presentations
Melbourne, Australia, October 24-25
CQ Function Centre

http://www.ruxcon.org.au

The Ruxcon team is pleased to announce the first round of Call For Presentations for Ruxcon 2015.

This year the conference will take place over the weekend of the 24th and 25th of October at the CQ Function Centre,
Melbourne, Australia.

The deadline for submissions is the 15th of September, 2015.

.[x]. About Ruxcon .[x]....

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

• Current Month
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Re: radiotap_info Guy Harris (Jan 05)
It's used by listeners for the "radiotap" tap.

There are no listeners for that tap in the Wireshark source; the only listeners out there would either be plugins or
versions in private/forked versions of Wireshark.

If it were to be replaced by a tap that, for example, passes on the struct ieee_802_11_phdr structure - or if the
"wlan" tap were to be changed to pass that structure on - that would be an improvement, as,...

radiotap_info Simon Barber (Jan 05)
Is this used by anyone? I don't see any reference to it. Any reason I can't
remove it?

Simon

Re: How Wireshark supports monitor mode for WLAN 802.11 adapter in Windows? Guy Harris (Jan 04)
...

It fails because Wireshark doesn't link directly with WinPcap; it's built to load WinPcap at run time, so that we don't
need to ship separate versions of Wireshark, one built with WinPcap (to use if you want to capture traffic and are
willing to install WinPcap) and one not built with WinPcap (if you don't need to capture traffic and don't want WinPcap
installed).

Therefore, Wireshark has its own versions...

Re: Add plugin_if_get_framenr() Paul Offord (Jan 04)
Sorry for the typo - I meant:

WS_DLL_PUBLIC void plugin_if_get_cf_status(_cf_status *status_info);

From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Paul Offord
Sent: 04 January 2016 17:52
To: Developer support list for Wireshark <wireshark-dev () wireshark org>
Subject: Re: [Wireshark-dev] Add plugin_if_get_framenr()

Hi Roland,

To avoid a plugin corrupting any of the main...

Re: Add plugin_if_get_framenr() Paul Offord (Jan 04)
Hi Roland,

To avoid a plugin corrupting any of the main Wireshark structures, I’d like to use a mechanism just like Plugin IF.
The more I look at it I realise that I would basically need to create all the same functionality as Plugin IF, and so
duplicate things like the callback registration function etc. I’d like to re-use what you have done if I could and so
my revised proposal is:

1. Add a structure type to plugin_if.h to contain...

802.11 monitor interfaces created by Wireshark do not have otherbss flag set Roger James (Jan 04)
Hi,

Whenever I use the wireshark wireless toolbar to set up a monitor mode
interface, I only ever see broadcast frames, multicast frames (and
unicast frames if they are addressed to the BSS that the monitor
interface is sitting on). It appears that after the introduction of
monitor mode flags in nl80211 that default for monitor (virtual)
interfaces is to leave the driver BSS filter active. The filter is only
disabled if the...

Re: Add plugin_if_get_framenr() Paul Offord (Jan 04)
Thanks for the prompt response Roland.

Your proposed way sounds better, so I’ll rethink it in the way you describe.

Thanks and regards…Paul

From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Roland Knall
Sent: 04 January 2016 15:43
To: Developer support list for Wireshark <wireshark-dev () wireshark org>
Subject: Re: [Wireshark-dev] Add plugin_if_get_framenr()

Hi

The plugin_if...

Re: Add plugin_if_get_framenr() Roland Knall (Jan 04)
Hi

The plugin_if functionality exists, because methods called by plugins run
in a different thread context than the gui. Therefore, if you want to gui
to act in a certain way, you have to somehow cross the context to achieve
whatever you want to do.

Your proposed idea goes in the other direction. You just want the gui to
provide you with information about the currently selected frame nr. The
approach here would be to add such a functionality in...

Add plugin_if_get_framenr() Paul Offord (Jan 04)
Hi,

I'd like to add a new Plugin IF function to get the currently displayed frame number. I believe I can do it like this:

1. Create the function that does the work in main_window.cpp
* static guint32 plugin_if_mainwindow_get_framenr()
2. Create plugin_if hook in main_window.cpp
* plugin_if_register_gui_cb(PLUGIN_IF_GET_FRAMENR, plugin_if_mainwindow_get_framenr);
3. Add an entry to the typedef enum for...

Re: How Wireshark supports monitor mode for WLAN 802.11 adapter in Windows? Anders Broman (Jan 04)
-----Original Message-----
From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Guy Harris
Sent: den 1 januari 2016 21:00
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] How Wireshark supports monitor mode for WLAN 802.11 adapter in Windows?

*And* means the libpcap code in NPcap isn't changed in a way that breaks libpcap; the ultimate goal should be to have
NPcap...

Re: rrc-lte over udp Karunkaran Kumar (Jan 04)
Hi Pascal,

Okay great! Thank you very much for your time and support!
I will go with the first alternative. \o/

with regards,
k kumar

Re: rrc-lte over udp Pascal Quantin (Jan 03)
Hi,

2016-01-04 0:18 GMT+01:00 Karunkaran Kumar <skam4kumar () gmail com>:

No, using a user specific DLT the way I suggested or the Wireshark Upper
PDU DLT means that you will not have a IP/UDP encapsulation. If this is
required for your environment, you should go with a simple dissector
(plugin or not) + a 1 byte header indicating the PDU type.

My second alternative consists in building a PDU following the TLV encoding
specified in the...

Re: rrc-lte over udp Karunkaran Kumar (Jan 03)
Hi Pascal,

Thank you very much for the reply. :) I am trying to learn how to write
plugin dissectors from the developers guide.
I (atleast conceptually, i think) understood the first and the last point.

However, could you kindly elaborate on the second point. I am new to
wireshark-dev and i just started learning about its internal workings.
Thus, the pointer you had given is probably too concise. I just wanted to
know what did you mean....

Re: Duplicate heuristic short_name "XYZ" Guy Harris (Jan 03)
Most - but not all! - protocols that run over both TCP and UDP have a different encapsulation over TCP, as a packet
length field has to be added when running over TCP (as the service TCP offers is a byte stream service, not a packet
service).

But if you have a protocol that runs over multiple lower-level protocols, and *doesn't* require different
encapsulations when run over different protocols, it *really* shouldn't be described as...

Re: Duplicate heuristic short_name "XYZ" Michael Mann (Jan 03)
To make Decode As less confusing, Wireshark is enforcing unique protocols for each table so duplicate entries don't
show up in a Decode As list. This was a bigger problem with TCP and UDP were 1 protocol would have multiple dissectors
that would do drastically different dissection, but you couldn't tell which was which from the dialog.

As a result, you can't register two dissection functions associated with the same protocol...

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Snort Subscriber Rules Update 2016-01-05 Research (Jan 05)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the exploit-kit,
file-flash, malware-cnc and server-webapp rule sets to provide coverage
for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Re: Snort-users Digest, Vol 116, Issue 1 Carlos Rodriguez Hernandez (Jan 05)
Hello,

To use Snort you must install various libraries, including libtool:

yum install gcc binutils m4 flex bison zlib zlib-devel libpcap
libpcap-devel pcre pcre-devel libdnet libdnet-devel tcpdump openssl
openssl-devel libss libss-devel zlib zlib-devel autoconf libtool gcc-c++

After checking that you have all, do the following:

cd /home/user/Downloads/
wget...

Re: (no subject) Aurimas Rudinskis (Jan 04)
user@snort01:~$ printenv LUA_PATH
/opt/snort/include/snort/lua/\?.lua;
user@snort01:~$ ls -la /opt/snort/include/snort/lua/
total 56
drwxr-xr-x 2 root root 4096 Dec 17 21:45 .
drwxr-xr-x 22 root root 4096 Dec 17 21:46 ..
-rw-r--r-- 1 root root 6234 Dec 17 21:45 lua_arg.h
-rw-r--r-- 1 root root 1802 Dec 17 21:45 lua.h
-rw-r--r-- 1 root root 6951 Dec 17 21:45 lua_iface.h
-rw-r--r-- 1 root root 1355 Dec 17 21:45 lua_ref.h
-rw-r--r-- 1 root...

Re: (no subject) Russ (Jan 04)
What do you get with:

user@snort-01:~$ printenv LUA_PATH

Does |/opt/snort/include/snort/lua/||snort_config.lua exist?
|

------------------------------------------------------------------------------

(no subject) Aurimas Rudinskis (Jan 04)
Hi all,

I've created LUA_PATH and SNORT_LUA environment variables, but when
starting snort it complains that module 'snort_config' not found. What else
is missing?

export LUA_PATH=/opt/snort/include/snort/lua/\?.lua\;\;
export SNORT_LUA_PATH=/opt/snort/etc/snort

sudo sh -c "echo 'LUA_PATH=/opt/snort/include/snort/lua/\?.lua\;\;' >>
/etc/environment"
sudo sh -c "echo...

Re: Re Rule SID 15451 Patrick Mullen (Jan 03)
Anshuman,

Thank you for the report. Sorry for the delay due to the holidays.

The rule you cite hasn't been in any policies for many years because as you
can probably guess, it alerts on German Web browsers. It was a stopgap
from when Conficker was released to provide coverage until we reverse
engineered the DGA and used that for detection.

You can (and should) leave the rule disabled.

Thanks,

Patrick...

Re: Re Rule SID 15451 Anshuman Anil Deshmukh (Dec 31)
Waiting for somebody to check this.

Regards,
Anshuman
anshuman () cybage com<mailto:anshuman () cybage com>

From: Anshuman Anil Deshmukh [mailto:anshuman () cybage com]
Sent: Thursday, December 24, 2015 10:51 AM
To: Snort-sigs
Subject: Re: [Snort-sigs] Re Rule SID 15451

Please let me know if any other information is required on this.

Regards,
Anshuman
anshuman () cybage com<mailto:anshuman () cybage com>

From: Anshuman Anil...

Re: Missing Sanity Check for segment_calloc() in snort-3.0.0 Alpha 3 Nageswara Rao A.V.K (navk) (Dec 31)
Thanks Bill,
We will apply this patch to snort-3.0.0
Best Regards,
-ANR

From: Bill Parker [mailto:wp02855 () gmail com]
Sent: Friday, January 01, 2016 3:52 AM
To: snort-devel () lists sourceforge net
Subject: [Snort-devel] Missing Sanity Check for segment_calloc() in snort-3.0.0 Alpha 3

Hello All,

In reviewing source code in sub-directory 'src/network_inspectors/reputation'
file 'reputation_parse' in...

Re: Add strdup() sanity checks to DAQ 2.0.6 Nageswara Rao A.V.K (navk) (Dec 31)
Thanks Bill,
We will apply this patch to DAQ module.
Best Regards,
-ANR

From: Bill Parker [mailto:wp02855 () gmail com]
Sent: Friday, January 01, 2016 3:48 AM
To: snort-devel () sourcefire com; snort-devel () lists sourceforge net
Subject: [Snort-devel] Add strdup() sanity checks to DAQ 2.0.6

Hello All,

In reviewing code in DAQ 2.0.6, I found some instances where
calls to strdup() are not checked for a return value of NULL,...

Missing Sanity Check for segment_calloc() in snort-3.0.0 Alpha 3 Bill Parker (Dec 31)
Hello All,

In reviewing source code in sub-directory
'src/network_inspectors/reputation'
file 'reputation_parse' in function 'IpListInit' there is a call to
segment_calloc() which is not checked against variable/constant 'nullptr'
which could lead to additional issues in the white/black list entries.

The patch file below should address/correct this issue:

--- reputation_parse.cc.orig 2015-12-31...

Add strdup() sanity checks to DAQ 2.0.6 Bill Parker (Dec 31)
Hello All,

In reviewing code in DAQ 2.0.6, I found some instances where
calls to strdup() are not checked for a return value of NULL,
indicating failure. These were found in daq-2.0.6/os-daq-modules,
in files 'daq_dump.c', 'daq_nfq.c', and 'daq_ipq.c'.

The patch files below should address/correct the above issues:

--- daq_dump.c.orig 2015-12-31 10:12:49.658673025 -0800
+++ daq_dump.c 2015-12-31...

Snort Subscriber Rules Update 2015-12-28 Research (Dec 28)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the and malware-cnc
rule sets to provide coverage for emerging threats from these
technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Re: barnyard installation issue Diogene Laerce (Dec 28)
Hi again,

Le 27/12/2015 22:45, Giuseppe Triolo a écrit :

Sorry I read your command wrongly. ^^

So, as it is the same in the tuto I would suggest that maybe you don't
have all requirements installed. And as libtool is required to link
some useful libraries, maybe verify that first.

Kind regards,

Re: barnyard installation issue Diogene Laerce (Dec 28)
Hi,

Le 27/12/2015 22:45, Giuseppe Triolo a écrit :

This tutorial found here :

http://symmetrixtech.com/snort-and-snort-report-installation-guide/

Worked for me. Hope it helps..

Kind regards,

barnyard installation issue Giuseppe Triolo (Dec 27)
I followed the Jason Weir snort guide for the Debian OSpart 4. Install & configure Barnyard2 # cd /usr/src && wget
https://github.com/firnsy/barnyard2/archive/master.tar.gz # tar -zxf master.tar.gz && cd barnyard2-* # autoreconf -fvi
-I ./m4but i am having issues when i run the command:autoreconf -fvi -I ./m4look here what type of error i
have.:/usr/src/barnyard2-master# autoreconf -fvi -I ./m4autoreconf: Entering...