Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

PR + request for high priority work Vincent Dumont (Dec 11)
Hey guys,

I've sent a PR (#1076) a few days ago aiming to fix Issue #839:
https://github.com/nmap/nmap/pull/1076.
Please tell me if anything's wrong with the modifications. If it can be
merged to the SVN repo, I would be glad to do it since I still have my
credentials to do so.

Also, I am now looking at the issues list to see what I could work on next.
Any ideas? Any high priority tasks I can work on?

Cheers,

Vincent Dumont

Telnet fingerprint NSE script Daniel Roberson (Dec 09)
Hello.

I've written an NSE script to fingerprint Telnet services. Please see the
following PR:

https://github.com/nmap/nmap/pull/1083

This is my first NSE script and first time working with Lua, so I may have
goofed something up. As far as I can tell this meets the style guidelines.
If anything needs to be changed, let me know.

Kind regards.
Daniel

NMAP SCRIPT ERROR oshikhena follorunsho (Dec 07)
Dear Dev tram,
When i execute the commanf
nmap -sT -sV -p 1521 --script=oracle-sid-brute 192.168.43.157
on system i get the error output below. My system runs windows 8 and i have
oracle 11g express edition on it

Starting Nmap 6.46 ( http://nmap.org ) at 2017-12-07 10:39 W. Central
Africa Standard Time

Nmap scan report for AMAVAL (169.254.0.66)

Host is up (0.0020s latency).

Other addresses for AMAVAL (not scanned): 192.168.43.157

PORT...

Re: Nmap Decoy Fingerprinting Fyodor (Dec 07)
Hi S. Thanks for the note. The issue you describe is that, if you do an
Nmap SYN scan against a target, the target will send a SYN/ACK back from
each open port that you probe. The TCP stack of the host doing the
scanning sees this SYN/ACK and doesn't know what it relates to (since Nmap
sent the raw packet rather than using the sockets API), and so the scanning
host sends a RST/ACK back to the target to say "I didn't expect this...

ncat: add AF_VSOCK support (PR#1075) Stefan Hajnoczi (Dec 06)
Hi,
I have sent a pull request adding AF_VSOCK address family support to
ncat:

https://github.com/nmap/nmap/pull/1075

Here is the pull request summary for your convenience:

This pull request adds support for the AF_VSOCK address family that
has been in Linux since 3.9. AF_VSOCK facilitates host<->guest
communication for VMware, KVM, and Hyper-V hypervisors. Addresses are
represented as <u32 cid, u32 port> pairs. Both...

Updates to tso-enum, tso-brute, cics-info and cics-enum Phil (Dec 05)
A while ago a change was made to the ‘find’ function in the tn3270 library. These changes broke the scrips tso-enum,
two-brute, cics-info and cics-enum.

I’ve created a pull request to address these fixes: https://github.com/nmap/nmap/pull/1078
<https://github.com/nmap/nmap/pull/1078>

Re: Is there a separate Mailing list for nmap users (and not developers)? Daniel Miller (Dec 01)
Ben,

There is the nmap-announce list for announcements of general interest to
Nmap users, and we welcome all forms of discussion about Nmap here on
nmap-dev. You can also get in touch with Nmap users on our IRC channel,
#nmap on Freenode IRC, or on Reddit on /r/nmap.

Dan

Crash Report Shahid Malik (Dec 01)
Version: 7.60
Traceback (most recent call last):
File "zenmapGUI\ScanInterface.pyo", line 828, in
service_host_selection_changed
File "zenmapGUI\ScanInterface.pyo", line 869, in build_host_details
File "zenmapGUI\ScanHostDetailsPage.pyo", line 145, in __init__
AttributeError: 'NoneType' object has no attribute 'get_hostname'

<smalik () albion edu>

ncat: add AF_VSOCK support (PR#1075) Stefan Hajnoczi (Dec 01)
Hi,
I have sent a pull request adding AF_VSOCK address family support to
ncat:

https://github.com/nmap/nmap/pull/1075

Here is the pull request summary for your convenience:

This pull request adds support for the AF_VSOCK address family that
has been in Linux since 3.9. AF_VSOCK facilitates host<->guest
communication for VMware, KVM, and Hyper-V hypervisors. Addresses are
represented as <u32 cid, u32 port> pairs. Both...

Nmap Decoy Fingerprinting Who Am I? (Dec 01)
Hey there.

I was playing around with the decoy directive (the -D option) when I
noticed something about the packets. When close to the end of the scan, the
victim's IP address always sends multiple TCP packets with the RST and ACK
flags set back to the real scanner's address.
Basically, if someone were to scan me with Nmap and use decoy addresses,
then I could conclude which address is the real address by looking at the
packets sent...

Re: Dear Nmap community Paulino Calderon (Nov 25)
Hey Vincent,

It is good to hear you are back! Looking forward for your upcoming patches. I've spent the last couple of days labeling
issues/PRs so hopefully it will make it easier to find the macos issues.

Cheers!

Dear Nmap community Vincent Dumont (Nov 24)
Hey guys,

It's Vincent Dumont from last year GSoC. After a long year and a half, I am
now writing to you all to inform you that I'm back to open source
development, in particular on Nmap. I will be glad to help and get helped
so don't hesitate to contact me at this email address or on Github
(@WoNaNoW). I'm gonna have a look at the MacOS opened tickets to start with
and I'll keep you updated.

Quick hi to bonsaiviking,...

npcap loopback adapter blocking wifi in windows 10 Sukumar Ghorai (Nov 23)
Hi,

I have install npcap-0.96 (with loopback mode), with Wireshark.

Working fine with LAN connected. Now I disconnect the LAN and trying to connect the Wifi and it does not allow or not
connecting to Wifi.

Thx

Sukumar

Is there a separate Mailing list for nmap users (and not developers)? Ben Stover via dev (Nov 22)
Is there a separate Mailing list for nmap users (and not developers)?

Or is the "developers" mailing list intended for both nmap groups?

Re: Too many retries... nnposter (Nov 13)
The assumed need to use brute.retries=NNN, where NNN is some huge number
is likely off mark. The retries are meant to protect against transient
connectivity hiccups. You might be instead experiencing some fundamental
throttling, blocking or resource exhaustion on the target.

Also, there is no brute.timeout parameter implemented by the brute library.

So...

First, make sure that your brute driver is truly working as expected.
When valid...

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.

• Current Year
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Nmap GSoC 2017 Success Reports Fyodor (Oct 10)
Hello Nmap Community,

Nmap celebrated its 20th birthday last month and we also just completed our
13th Google Summer of Code. We focused on a fairly small team of four
students this year (http://seclists.org/nmap-announce/2017/2), and I'm
happy to report that every one passed! And they all have code integrated
into Nmap 7.60 already, with even more to follow for the next release.
Also this year, for the first time, every student wrote a...

Nmap 7.60 released! SSH support, SMB2/SMB3 improvements, 14 more scripts, new Npcap, GSoC work, and more Fyodor (Aug 01)
Hello everyone. I'm back from Defcon and excited to announce the new Nmap
7.60 release! It has only been a month and a half since 7.50, but we still
packed a lot into this one. Mostly because we have such an awesome GSoC
team of 8 students and mentors working on so many cool projects. The
program hasn't even ended yet, but much of their work has already been
integrated into this release.

One of the things I'm most excited...

Nmap 7.50 Released! 14 new NSE scripts, 300+ fingerprints, new Npcap, and more Fyodor (Jun 13)
Dear Nmap Community:

The Nmap project is delighted to announce the release of Nmap 7.50! It is
our first big release since last December and has hundreds of improvements
that we hope you will enjoy.

One of the things we have been worked the hardest on recently is our Npcap
packet capturing driver and library for Windows (https://nmap.org/npcap/).
It is a replacement for WinPcap, which served us well for many years, but
is no longer maintained....

Introducing the 2017 Nmap/Google Summer of Code Team! Fyodor (May 18)
Nmap community:

Thanks for all of your applications and referrals of talented students to
the Summer of Code program. Google has agreed to sponsor four students to
spend this summer enhancing the Nmap Security Scanner and I'm proud to
introduce our 2017 team! We normally mentor coders working all over the
Nmap/Zenmap/Ncat/Nping spectrum, but this year we're doubling down on the
Nmap Scripting Engine component. All four of our...

Nmap Project Seeking Talented Programmers for GSoC 2017 Fyodor (Mar 27)
Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're one...

Nmap GSoC 2016 Success Report Fyodor (Feb 07)
Happy belated new year from the Nmap Project! I'd like to take this
opportunity to send you the belated results from our 2016 Summer of Code
team. I was going to send them right after the program finished, but some
of the students were still finishing some great things so I decided to
wait. As you may recall from the team intro mail (
http://seclists.org/nmap-announce/2016/2), we had 5 students last year and
I'm happy to report that...

Nmap 7.40 Holiday Release: a dozen new NSE scripts, hundreds of new fingerprints, new Npcap, faster brute forcing, and more... Fyodor (Dec 20)
Happy holidays from the Nmap Project! In case your Christmas break plans
involve a lot of port scanning, we're delighted to announce our holiday
Nmap 7.40 release! This version stuffs your stockings with dozens of new
features, including:

- 12 new NSE scripts
- Hundreds of updated OS and version detection detection signatures
- Faster brute force authentication cracking and other NSE library
improvements
- A much-improved...

Nmap 7.31 stability-focused point release Fyodor (Oct 21)
Hi folks. I'm happy to report that the big Nmap 7.30 release last month
was a great success. We didn't even see as many bugs as expected for such
a large release, but we have collected and fixed the ones which did arise
in the last few weeks into a new 7.31 point release. It includes the
latest updates to our new Npcap driver, a fix for Nping on Windows, and
more.

Nmap 7.31 source code and binary packages for Linux, Windows, and Mac...

Nmap 7.30 Released with new NSE scripts, new Npcap, new Fingerprints, etc. Fyodor (Sep 29)
Hi folks! You may have noticed that we've only been releasing Nmap betas
for the last 6 months because we've had so much new code and so many
features to integrate thanks to hard work from both our regular team and
the 5 Google Summer of Code summer interns. But we spent the last month
focused on stability and I'm pleased to announce Nmap 7.30--our first
stable release since 7.12 back in March.

Even though it's a stable...

Nmap 7.25BETA2 Birthday Release Fyodor (Sep 01)
Hi folks! I'm happy to report that today is Nmap's 19th birthday and
instead of cake, we're celebrating open source style with a new release!
Nmap 7.25BETA1 includes dozens of performance improvements, bug fixes, and
new features. The full list is below, and includes a major LUA upgrade for
NSE scripts, a new overlapped I/O engine for better Windows performance, a
much-improved version of our new Npcap packet capturing driver,...

Nmap 7.25BETA1 Released with our new Npcap driver, 6 new NSE scripts, and more! Fyodor (Jul 19)
Hi folks! As you may know, we've been working for the last 3 years on an
improved Windows packet capturing library named Npcap. It's based on the
original WinPcap (which hasn't been maintained in years), but we rewrote
the driver to use modern APIs (NDIS 6) for better performance. It also
improves security and enables new features. For example, Npcap allows Nmap
to do raw scans (including SYN scans and OS detection) of localhost...

Introducing the 2016 Nmap/Google Summer of Code Team! Fyodor (May 09)
Hello everyone. Google has agreed to sponsor five amazing students to
spend this summer enhancing the Nmap Security Scanner and I'm proud to
introduce our 2015 team:

*Abhishek Singh* will be working as a Feature Creeper and Bug Hunter,
making improvements throughout the Nmap codebase. The project hasn't even
started yet and he's already found and fixed several NSE script bugs and
has other code changes in the works. Abhishek is...

Nmap 7.10 released: 12 new scripts, hundreds of OS/version fingerprints, bug fixes, and more! Fyodor (Mar 17)
Hi Folks! Before I tell you about today's new Nmap release, I wanted to
share some Summer of Code news:

Google posted a fantastic story by one of our Summer of Code alumni about
how the program helped take him from rural China to a full-ride scholarship
at the University of Virginia graduate school! His mentor David and I had
the chance to meet him in San Francisco:...

Nmap Project Seeking Talented Programmers for Google Summer of Code 2016 Fyodor (Feb 29)
Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're one...

Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

• Current Month
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Follow-up on CVE-2017-8769 - WhatsApp Issues with Media Files Nightwatch Cybersecurity Research (Dec 08)
[https://wwws.nightwatchcybersecurity.com/2017/05/17/advisory-whatsapp-for-android-privacy-issues-with-handling-of-media-files-cve-2017-8769/]

We reported an issue earlier this year to WhatsApp / Facebook, where
after deleting chats the media files would be retained on the device.
The vendor fixed the issue by adding an option of deleting these
files. HOWEVER, our testing now shows that the fix doesn't always work
and the vendor...

APPLE-SA-2017-12-6-4 tvOS 11.2 Apple Product Security (Dec 08)
APPLE-SA-2017-12-6-4 tvOS 11.2

tvOS 11.2 addresses the following:

IOSurface
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13861: Ian Beer of Google Project Zero

Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able...

APPLE-SA-2017-12-6-3 watchOS 4.2 Apple Product Security (Dec 08)
APPLE-SA-2017-12-6-3 watchOS 4.2

watchOS 4.2 addresses the following:

IOSurface
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-13861: Ian Beer of Google Project Zero

Kernel
Available for: All Apple Watch models
Impact: An application may be able to execute arbitrary code with...

APPLE-SA-2017-12-6-2 iOS 11.2 Apple Product Security (Dec 08)
APPLE-SA-2017-12-6-2 iOS 11.2

iOS 11.2 addresses the following:

IOKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: Multiple memory corruption issues were addressed through
improved state management.
CVE-2017-13847: Ian Beer of Google Project Zero

IOMobileFrameBuffer
Available for: iPhone 5s and later, iPad...

APPLE-SA-2017-12-6-1 macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan Apple Product Security (Dec 08)
APPLE-SA-2017-12-6-1 macOS High Sierra 10.13.2, Security Update
2017-002 Sierra, and Security Update 2017-005 El Capitan

macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and
Security Update 2017-005 El Capitan are now available and address
the following:

apache
Available for: macOS High Sierra 10.13.1, macOS Sierra 10.12.6, OS X
El Capitan 10.11.6
Impact: Processing a maliciously crafted Apache configuration
directive may result in...

macOS High Sierra 10.13.1 insecure cron system Mark Wadham (Dec 08)
Recently I was working on an security issue in some other software that
has yet
to be disclosed which created a rather interesting condition. As a
non-root
user I was able to write to any file on the system that was not
SIP-protected
but the resulting file would not be root-owned, even if it previously
was.

This presented an interesting challenge for privilege escalation - how
would you
exploit this to obtain root access? The obvious first...

CVE-2017-16930 - Claymore's Dual Ethereum Miner unauth stack buffer overflow in remote management interface oststrom (public) (Dec 05)
VuNote
===================

Author: <github.com/tintinweb>
Ref:
https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-16930

https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-16929

Version: 0.2
Date: Nov 30th, 2017

Tag: claymore dual ethereum decred crypto currency miner

Overview
--------

Name: Claymore's Dual ETH + DCR/SC/LBC/PASC GPU Miner
Vendor:...

Amazon Audible Software CVE-2017-17069 Privilege Escalation Vulnerability Himanshu Mehta (Dec 05)
Aloha,

*Introduction:*
Vendor: Amazon
Affected Product: Audible Software for Windows PC
Fixed in: Latest Version released by the vendor
Vendor Website: https://www.audible.com/
<https://www.audible.com/sw?pageFlowType=PC_WIZARD>
Vulnerability Type: Privilege Escalation
CVE: CVE-2017-17069
Credit: Himanshu Mehta (@LionHeartRoxx)...

SSD Advisory – Coredy CX-E120 Repeater Multiple Vulnerabilities Maor Shwartz (Dec 05)
SSD Advisory – Coredy CX-E120 Repeater Multiple Vulnerabilities

Full report: https://blogs.securiteam.com/index.php/archives/3556
Twitter: @SecuriTeam_SSD
Weibo: SecuriTeam_SSD

Vulnerabilities Summary
The following advisory describes two (2) vulnerabilities found in Coredy
CX-E120 Repeater.

The Coredy CX-E120 WiFi Range Extender is “a network device with
multifunction, which can be using for increasing the distance of a WiFi
network by...

Owning VirtualBox via MITM Mark Wadham (Dec 05)
VirtualBox downloads extension pack updates over plain HTTP, providing a
potential vector for MITM and remote code execution when updating the
extension pack.

Full writeup here:

https://m4.rkw.io/blog/owning-virtualbox-via-mitm.html

Mark

CVE-2017-16895 Local root privesc in Arq Backup <= 5.9.7 Mark Wadham (Dec 05)
As well as the other bugs affecting Arq <= 5.9.6 there is also another
issue
with the suid-root restorer binaries in Arq for Mac. There are three of
them
and they are used to execute restores of backed up files from the
various
cloud providers.

After reversing the inter-app protocol I discovered that the path to the
restorer binary was specified as part of the data packet sent by the UI.
After
receiving this, the restorer binaries then...

CVE-2017-15357 Local root privesc in Arq Backup <= 5.9.6 Mark Wadham (Dec 05)
Arq Backup from Haystack Software is a great application for backing up
macs and
windows machines. Unfortunately versions of Arq for mac before 5.9.7 are
vulnerable to a local root privilege escalation exploit.

The updater binary has a "setpermissions" function which sets the suid
bit and
root ownership on itself but it suffers from a race condition that
allows you to
swap the destination for these privileges using a symlink.

We...

[CFP] BSides San Francisco - April 2018 BSidesSF CFP via Fulldisclosure (Dec 05)
BSides SF is soliciting papers and presentations for the 2018 annual BSides
SF conference.

CFP: https://bsidessf.org/cfp.html

** Topics **

All topic areas related to reliability, network security, privacy,
cryptography, and information security are of interest and in scope.

Let us help you get the word out on The Next Big Thing!

** Theme **

Steampunk!

** Submission **

https://bsidessf.org/cfp.html

** Dates and Deadlines **

December 1,...

Re: Edward Snowden free speech at JBFone - Future, Data Security & Privacy Vulnerability Lab (Dec 05)
UPDATE

Reference(s):
http://www.focus.de/digital/handy/iphone/apple-edward-snowden-warnt-vor-iphone-x-besonders-eine-funktion-ist-gefaehrlich_id_7921720.html
http://www.chip.de/news/Beruehmtester-Hacker-der-Welt-warnt-Im-iPhone-X-steckt-eine-gefaehrliche-Funktion_128162181.html
http://www.t-online.de/digital/handy/id_82783158/iphone-x-edward-snowden-warnt-vor-apples-face-id.html...

SEC Consult SA-20171130-1 :: OS Command Injection & Reflected Cross Site Scripting in OpenEMR SEC Consult Vulnerability Lab (Dec 02)
SEC Consult Vulnerability Lab Security Advisory < 20171130-1 >
=======================================================================
title: OS Command Injection & Reflected Cross Site Scripting
product: OpenEMR
vulnerable version: 5.0.0
fixed version: 5.0.0 Patch 2 or higher
CVE number: -
impact: Critical
homepage: http://www.open-emr.org/
found:...

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

• Current Month
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Advisory - Fisheye and Crucible - CVE-2017-14591 Atlassian (Dec 11)
This email refers to the advisory found at
https://confluence.atlassian.com/x/qVcGO and
https://confluence.atlassian.com/x/plcGO .

CVE ID:

* CVE-2017-14591.

Product: Fisheye and Crucible.

Affected Fisheye and Crucible product versions:

version < 4.4.3
4.5.0 <= version < 4.5.1

Fixed Fisheye and Crucible product versions:

* for 4.4.x, Fisheye 4.4.3 has been released with a fix for this issue.
* for 4.4.x, Crucible 4.4.3 has been...

[SECURITY] [DSA 4062-1] firefox-esr security update Moritz Muehlenhoff (Dec 11)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4062-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
December 10, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2017-7843

It discovered...

[SECURITY] [DSA 4061-1] thunderbird security update Moritz Muehlenhoff (Dec 11)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4061-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
December 10, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : thunderbird
CVE ID : CVE-2017-7826 CVE-2017-7828...

[SECURITY] [DSA 4060-1] wireshark security update Moritz Muehlenhoff (Dec 11)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4060-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
December 09, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wireshark
CVE ID : CVE-2017-11408 CVE-2017-13766...

[slackware-security] openssl (SSA:2017-342-01) Slackware Security Team (Dec 11)
[slackware-security] openssl (SSA:2017-342-01)

New openssl packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/openssl-1.0.2n-i586-1_slack14.2.txz: Upgraded.
This update fixes security issues:
Read/write after SSL object in error state
rsaz_1024_mul_avx2 overflow bug on x86_64
For more information, see:...

FreeBSD Security Advisory FreeBSD-SA-17:12.openssl FreeBSD Security Advisories (Dec 11)
=============================================================================
FreeBSD-SA-17:12.openssl Security Advisory
The FreeBSD Project

Topic: OpenSSL multiple vulnerabilities

Category: contrib
Module: openssl
Announced: 2017-12-09
Affects: All supported versions of FreeBSD.
Corrected: 2017-12-07 18:04:48 UTC...

CISTI'2018 -- Doctoral Symposium -- Call for contributions ML (Dec 11)
------------------------------------------------------------------
Doctoral Symposium of CISTI'2018
13th Iberian Conference on Information Systems and Technologies
13 - 16 June 2018, Caceres, Spain
http://www.cisti.eu/
---------------------------------------------------------------------------

The purpose of CISTI'2018’s Doctoral Symposium is to provide graduate students a setting where they can, informally,
expose and discuss their...

[SECURITY] [DSA 4059-1] libxcursor security update Salvatore Bonaccorso (Dec 11)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4059-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
December 08, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libxcursor
CVE ID : CVE-2017-16612
Debian Bug :...

Secunia Research: LibRaw Multiple Denial of Service Vulnerabilities Secunia Research (Dec 11)
======================================================================

Secunia Research 2017/12/08

LibRaw Multiple Denial of Service Vulnerabilities

======================================================================
Table of Contents

Affected Software....................................................1...

[SECURITY] [DSA 4058-1] optipng security update Salvatore Bonaccorso (Dec 11)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4058-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
December 08, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : optipng
CVE ID : CVE-2017-16938 CVE-2017-1000229...

[SECURITY] [DSA 4057-1] erlang security update Moritz Muehlenhoff (Dec 07)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4057-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
December 08, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : erlang
CVE ID : CVE-2017-1000385

It was discovered...

[SECURITY] [DSA 4056-1] nova security update Sebastien Delafond (Dec 07)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4056-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
December 07, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : nova
CVE ID : CVE-2017-16239
Debian Bug :...

[SECURITY] [DSA 4050-1] xen security update Moritz Muehlenhoff (Dec 01)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4050-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
November 28, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : xen
CVE ID : CVE-2017-14316 CVE-2017-14317...

Advisory - Hipchat Data Center, Hipchat Server - CVE-2017-14585 Matthew Hart (Dec 01)
This email refers to the advisory found at
https://confluence.atlassian.com/x/MXEGO .

CVE ID: CVE-2017-14585.

Products: Hipchat Data Center, Hipchat Server

Affected Hipchat Data Center product versions: 3.0.0 <= version < 3.1.0
Affected Hipchat Server product versions: 2.2.0 <= version < 2.2.6

Fixed Hipchat Data Center product versions: Hipchat Data Center 3.1.0
has been released with a fix for this issue.
Fixed Hipchat Server...

Advisory - Remote code execution in HipChat for Mac desktop client - CVE-2017-14586 Matthew Hart (Dec 01)
This email refers to the advisory found at
https://confluence.atlassian.com/x/NXEGO .

CVE ID:

* CVE-2017-14586.

Product: Hipchat for Mac desktop client.

Affected Hipchat for Mac desktop client product versions:

4.0 <= version < 4.30

Fixed Hipchat for Mac desktop client product versions:

* Hipchat for Mac desktop client 4.30 has been released with a fix for this
issue.

Summary:
This advisory discloses a critical severity security...

Security Basics — A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

[HITB-Announce] HITB2017AMS CFP - FINAL CALL Hafez Kamal (Dec 16)
This is the FINAL CALL to submit your research papers to the 8th annual
Hack In The Box Security Conference in The Netherlands. CFP is closing
December 31st @ 23:59 CET!

Call for Papers: https://cfp.hackinthebox.org/
Event Website: https://conference.hitb.org/hitbsecconf2017ams/

HITBSecConf has always been an attack oriented deep-knowledge research
event aimed at not only bringing the security community together, but
one that also highlights...

CfP and Special Session :: CyberSec2017 Jackie Blanco (Nov 01)
You are invited to participate in the following conference:

THE FIFTH INTERNATIONAL CONFERENCE ON CYBER SECURITY, CYBER WELFARE AND
DIGITAL FORENSIC (CyberSec2017)

Venue: St. Mary's University, Addis Ababa, Ethiopia
Dates: April 22-24, 2017
URL:
http://sdiwc.net/conferences/6th-international-cyber-security-cyber-welfare-digital-forensic/

The conference aims to enable researchers build connections between
different digital applications...

Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.

• Previous Month
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Faraday v2.7: Collaborative Penetration Test & Vulnerability Management Platform Francisco Amato (Nov 13)
Faraday is the Integrated Multiuser Risk Environment you have always
been looking for! It maps and leverages all the data you generate in
real time, letting you track and understand your audits. Our dashboard
for CISOs and managers uncovers the risks and impacts and risks being
assessed by the audit in real-time without a single email. Developed
with a specialized set of functionalities that helps users improve
their own work, the main purpose is...

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Newly Fired CEO Of Norse Fires Back At Critics InfoSec News (Feb 05)
http://www.darkreading.com/threat-intelligence/newly-fired-ceo-of-norse-fires-back-at-critics-/d/d-id/1324195

By Jai Vijayan
DarkReading.com
2/4/2016

Critics maintain that Norse Corp. is peddling threat data as threat
intelligence.

A massive and potentially company-ending shakeup at security vendor Norse
Corp. in recent weeks amid controversy over its practices may be a signal
that the threat intelligence industry is finally maturing....

How to secure containers and microservices InfoSec News (Feb 05)
http://www.infoworld.com/article/3029772/cloud-computing/how-to-secure-containers-and-microservices.html

By Jim Reno
InfoWorld.com
Feb 4, 2016

A few weeks ago on a Saturday morning I tried to pay a medical bill online
and received the following message:

Sorry! In order to serve you better, our website will be down for
scheduled maintenance from Friday 6:00 PM to Sunday 6:00 PM.

OK, I get it. Stuff happens. However, the following week I...

The Former Federal Employee Who Tried to Launch a Cyberattack on Nuclear Scientists InfoSec News (Feb 05)
http://www.nextgov.com/cybersecurity/2016/02/former-federal-employee-who-tried-launch-cyberattack-nuclear-scientists/125694/

By Kaveh Waddell
The Atlantic
February 4, 2016

A nuclear scientist formerly employed by the federal government admitted
Tuesday that he tried to infect the computers of about 80 government
employees whom he believed had access to nuclear materials and weapons.

According to court documents released by the Justice...

New centre to help Singapore boost cyber security InfoSec News (Feb 05)
http://www.straitstimes.com/singapore/new-centre-to-help-spore-boost-cyber-security

By Lim Yan Liang
The Straits Times
Feb 4, 2016

Singapore will face more cyber attacks as technology is increasingly used
in everyday life, from smart traffic lights and driverless trains to the
ubiquitous smartphones.

The greater risk, which is inevitable as Singapore pushes to be a Smart
Nation, was flagged yesterday by the managing director of the Infocomm...

IoT risks raise concerns among IT specialists in central and eastern Europe InfoSec News (Feb 05)
http://www.computerweekly.com/news/4500272253/IoT-risks-raise-concerns-among-IT-specialists-in-CEE

By Krzysztof Polak
ComputerWeekly.com
04 Feb 2016

The internet of things (IoT) has gone from an industry buzzword to a
highly promising phenomenon in central and eastern Europe – but IT
specialists are concerned about how to protect networks from the extra
strain of new connected devices.

The driving force behind IoT is the desire to gain...

Firewall Wizards — Tips and tricks for firewall administrators

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Revival? Paul Robertson (Sep 11)
Since the last few attempts to revive the list have failed, I'm going to attempt a Facebook group revival experiment.
It'll be a bit broader in scope, but I'm hoping we can discuss technical security matters. The new group is
Security-Wizards on Facebook.

Paul

IDS Focus — Technical discussion about Intrusion Detection Systems. You can also read the archives of a previous IDS list

• Archived Posts
•  RSS Feed
•  About List

Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Faraday v2.7: Collaborative Penetration Test & Vulnerability Management Platform Francisco Amato (Nov 14)
Faraday is the Integrated Multiuser Risk Environment you have always
been looking for! It maps and leverages all the data you generate in
real time, letting you track and understand your audits. Our dashboard
for CISOs and managers uncovers the risks and impacts and risks being
assessed by the audit in real-time without a single email. Developed
with a specialized set of functionalities that helps users improve
their own work, the main purpose is...

Faraday v2.6: Collaborative Penetration Test and Vulnerability Management Platform Francisco Amato (Jul 24)
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that helps users improve their
own work, the main purpose is to...

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

The Tower and the Town Jordan Wiens (Dec 11)
There's long been a bit of friction (some real, some manufactured) between
academic security research in the Ivory Tower and much of the rest of our
community practicing in the field.

Many many people have spent long hours paving the road from the tower to
the town and vice-versa. Bratus in particular seems to have dedicated his
career to the cause (thanks, Sergey!).

Some security cons have adopted a bit of needed rigor from the academic...

Re: Cows Jared DeMott (Dec 05)
I make this point a lot also - to folks feeling overwhelmed - keeping the
pace with info overload is new. It's a very interesting challenge. :)

Cows Dave Aitel (Dec 04)
So for a while it was like being on a  treadmill trying to keep up with
the security communities technical advances. These days, it's like being
a guy on a skateboard while several fireman shoot you with firehoses
from different directions. Even staying current on one platform seems
impossible for super-experts.

I say this, because I noted someone pointing out that the DirtyCow patch
maybe didn't work, and maybe didn't work in an...

Re: Ants in your pants Kyle Creyts (Dec 01)
I think commodity malware have come much further than legitimate tools in
some regards, and are much further behind in others.

Notably, almost all commodity criminal implants have an specificity of
mission not commonly found in the group of attack frameworks you highlight.

The typical level of specificity is "I want to make money off this implant"
and one typical outcome of this ambiguity is having N ways to make money:
through...

Ants in your pants Dave Aitel (Dec 01)
Recently at RPISEC and on Twitter people have asked me what the design
differences are between INNUENDO and something like Meterpreter. I think
these are quite large really, and worth trying to explain. Really it boils
down to a fundamentally different algorithmic approach to distributed
computation.

So the following chart talks about various types of algorithms and how they
might apply to our world. An Emergent algorithm is one where lots of...

Biofilms Dave Aitel (Dec 01)
So let's say you are attacking a large network, and you have a number of
implants on that network. At some point, some of those implants get
coopted by the defenders (or by another attacker). You want to change
the behavior of your implants if enough of them are compromised or killed.

There are biological problems very similar to this: in particular,
biofilms <https://www.livescience.com/57295-biofilms.html>. A key
question of the...

The results of the 2017 Volatility Plugin Contest are in! Andrew Case (Nov 28)
We are excited to announce that the results of the 2017 Volatility Plugin Contest are in:

https://volatility-labs.blogspot.com/2017/11/results-from-5th-annual-2017-volatility.html
<https://volatility-labs.blogspot.com/2017/11/results-from-5th-annual-2017-volatility.html>

We had many novel submissions this year across a wide variety of operating systems, malware detection strategies, and
userland application artifacts.

Thanks to...

Technical Details on OceanLotus' Attacks Targeting ASEAN, Asian Nations, the Media, and Human Rights Groups Andrew Case (Nov 06)
We just published a blog post detailing the infrastructure, initial
infection strategies, and payloads of the resurgent OceanLotus threat group:

https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/

A follow up post detailing the phishing activity and malware
infrastructure is coming soon.

Comments welcome!

We live in predictable times Dave Aitel (Nov 06)
Direct Prezi Link: http://prezi.com/oca976u3y3sw/

The whole point of a CTO in any of the security companies we all live in
is that you have a phased array radar constantly pointing at the future.
For what it's worth, the screenshot below is from the T2 Keynote a
couple weeks ago, pointing pretty clearly at Twitter as a strategic
target (in several ways). The video of the talk is not out yet, but if
you annoy the T2 staff they'll...

CFP and CFT for SyScan360 in Singapore 2018 Thomas (Nov 06)
hi readers of DD

SyScan360 in Singapore 2018 will be held March 17 - 23, 2018. It will be
a single track, 2-day conference with WhiskeyCon on the last day of the
conference. Training classes (3-day, 4-day and 5-day) will be held
before the conference.

The Call for Training (CFT) and Call for Papers (CFP) is opened.

The closing date for CFT is 15th November 2017.

The closing date for CFP is 31st November 2017.

Please visit...

IoT bill in US congress Charisse Castagnoli (Nov 03)
The IoT protection part of this bill is not interesting, but the amendments to the Computer Fraud and Abuse Act and the
DMCA are useful for researchers of IoT vulnerabilities

Feel free to write or call in support.

https://www.congress.gov/bill/115th-congress/senate-bill/1691/text
<https://www.congress.gov/bill/115th-congress/senate-bill/1691/text>

Relevant sections:
(2) COMPUTER FRAUD AND ABUSE ACT.—Section 1030 of title 18, United...

Re: Keynotes Moses Hernandez (Oct 30)
I have always wondered at what point does the CEO stop thinking strategy and start thinking culture. Does it happen all
at once, throughout the day, or does it come in shifts? Unless you believe CEO is all about strategy and not culture.
Does the culture in the company become a strategic and immutable (no pun intended) asset? I’ve been torn on this
concept in leadership, maybe because strategy and culture are actually two sides of the same...

Keynotes dave aitel (Oct 16)
So I'm about to do V6 of my T2 keynote - usually it takes about 10 full
runs until a keynote is good. This is why we are very very careful about
asking people to do keynotes. They typical first run of a keynote gets
feedback like "This is terrible. Just terrible. Awful". (Except Halvar's).

In any case, I've sent out versions of it to lots of different people
for feedback and I've noticed a few things. Probably the...

Re: Eulogy Ryan Duff (Oct 10)
Yeah he was. The tragedy is how few will know everything he's done for his
country. But that's how it is.

He'll definitely be remembered by anyone who had the pleasure of working
with him.

-Ryan

Re: Eulogy Matt Georgy (Oct 06)
He was a great guy and a real patriot. He will be missed.

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Re: [Security Weekly] cheap hosting Robin Wood (Sep 23)
Resurrecting an old thread but they now have an affiliate program and I can
issue my own codes so:

20% off all servers AqUVYbUXag
50% off all big dog (whatever that is) 7E9YRUzEZy

After a month with them, their tech support is OK but not great, the server
has stayed up and not had any problems.

Robin

Re: [Security Weekly] projecting in a bight space Jeremy Pommerening (Aug 28)
I would look for a projector with at least 6000 ANSI Lumens or better.  A darker screen (grey) may also help.
 
Jeremy Pommerening

________________________________
From: Robin Wood <robin () digi ninja>
To: Security Weekly Mailing List <pauldotcom () mail securityweekly com>
Sent: Sunday, August 3, 2014 3:42 AM
Subject: [Security Weekly] projecting in a bight space

I've been looking at the venue for next year's...

[Security Weekly] Two Firefox security bugs related to HTTPS ffbugishere (Aug 17)
Hello world!

We need votes for security bugs!

Adding "Security Exception" for self-signed HTTPS sites cannot be done
permanently
https://bugzilla.mozilla.org/show_bug.cgi?id=1050100

Firefox 31 doesn't supports the industry recommended best HTTPS
ciphers
https://bugzilla.mozilla.org/show_bug.cgi?id=1051210

Other browsers should have the same bugs fixed..

p.s.: We are not related to this group, but we think they worth a
penny...

Re: [Security Weekly] Java and Flash decompilers Will Metcalf (Aug 05)
JPEXS is very nice for flash IMHO.

http://www.free-decompiler.com/flash/

Regards,

Will

Re: [Security Weekly] Java and Flash decompilers Bradley McMahon (Aug 05)
I've used flare before to pull apart a flash site for a client.
http://www.nowrap.de/flare.html

-Brad

Re: [Security Weekly] SecurityCenter alternative Steven McGrath (Aug 04)
SC certainly isn’t cheap (as a former SC customer that moved over to Tenable I can attest to that) however I can point
out that the data aggregation, trending, and custom reporting were huge wins in my book. I guess its a time/money
trade-off. How much time do you want to spend either cobbling together a tool or manually aggregating the data when
there is another tool already out there that can do it out of the box.

I can speak in more...

Re: [Security Weekly] Java and Flash decompilers S. White (Aug 04)
A few I've used in the past:

JAD - http://varaneckas.com/jad/ , http://en.wikipedia.org/wiki/JAD_(JAva_Decompiler)

HP SWFscan 

Adobe SWF investigator http://labs.adobe.com/technologies/swfinvestigator/

________________________________
From: Robin Wood <robin () digi ninja>
To: Security Weekly Mailing List <pauldotcom () mail securityweekly com>
Sent: Monday, August 4, 2014 5:54 AM
Subject: [Security Weekly] Java and...

[Security Weekly] DoFler @ BSidesLV Steven McGrath (Aug 04)
This will be the 3rd year that DoFler (the Dashboard of Fail) will be at BSidesLV. This year I wrote a new spiffy
interface for maximum trolling. Let’s be honest now, everyone loves to surf for various forms of horrible on the
internet at cons :D. Also added this year is a little vulnerability analysis (using Tenable’s PVS). Every year I try
to improve it a bit based on everyone’s input, and am always welcome to more feedback.

DB...

Re: [Security Weekly] cheap hosting Robin Wood (Aug 04)
Already sorted but thanks for the info.

Re: [Security Weekly] Java and Flash decompilers Nathan Sweaney (Aug 04)
Here are a few others I've used with varying success in the past:

SWFInvestigator - http://labs.adobe.com/technologies/swfinvestigator/
SWFScan - from Rafal Los at HP, though the link has been deleted. (Careful,
I've seen trojaned copies online.)

Re: [Security Weekly] SecurityCenter alternative Paul Asadoorian (Aug 04)
Thanks all for the informative discussion!

I know, I'm jumping in late, some closing thoughts on the subject:

- SecurityCenter has the unique advantage of consolidating plugin
updates, meaning you could have hundred of Nessus scanners deployed in
your organization, and the scanners get the plugin feed from your
SecurityCenter system. The removes the requirement of Internet access
(From the scanners), and greatly eases the administration...

Re: [Security Weekly] SecurityCenter alternative k41zen (Aug 04)
Thanks for all of your help.

We are in discussions with our Tenable contact about solutions for this issue. They’ve helped me out by enabling me to
move forward to at least deploy this into a Pre-Production environment but the costs of SC are a massive stumbling
block; hence my question about something else. Appreciate we have a big Nessus fan base here of which I am a member
too, but just wondered what could be wrapped around it.

I’ll...

Re: [Security Weekly] SecurityCenter alternative Adrien de Beaupre (Aug 04)
Hi,

I have also written a series of script to collect data from tools such as
nmap and nessus to import into MySQL called OSSAMS:
http://www.ossams.com/wp-content/uploads/2011/10/ossams-parser-SecTor-2011.zip
That leaves report writing as a series of SQL queries.
I also have a series of scripts to kick off scans, as well as a command
like XML-RPC nessus client in python if anyone is interested.

Cheers,
Adrien

Re: [Security Weekly] cheap hosting sec list (Aug 04)
Hey Robin,

If you're still looking, might want to try out getclouder.com - they
spin up Linux containers in 5 seconds and use distributed storage, which
is pretty awesome. It's still in beta, so they offer 3 months free
service, but it has been pretty stable so far from my experience.

[Security Weekly] Java and Flash decompilers Robin Wood (Aug 04)
Hi
I'm trying to put together a list of tools for decompiling Flash and Java
apps. From asking on another list I already have:

Java
JD-GUI
Java Decompiler http://jd.benow.ca/jd-gui/downloads/jd-gui-0.3.6.windows.zip.

Java snoop https://code.google.com/p/javasnoop/

Flash
Trillix
Flashbang https://github.com/cure53/Flashbang

Has anyone here got any others they can suggest?

Ideally I'm looking for free stuff but cheap commercial...

Honeypots — Discussions about tracking attackers by setting up decoy honeypots or entire honeynet networks.

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Honeypot malware archives Matteo Cantoni (Feb 14)
Hello everyone,

I would like share with you for educational purposes and without any
commercial purpose, data collected by the my homemade honeypot.
Nothing new, nothing shocking, nothing sensational... but I think can
be of interest to newcomers to the world of analysis of malware,
botnets, etc... maybe for a thesis.

The files collected are divided into zip archives, in alphabetical
order, with password (which must be request via email). Some...

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Microsoft Security Update Summary for December 7, 2017 Microsoft (Dec 07)
********************************************************************
Microsoft Security Update Summary for December 7, 2017
Issued: December 7, 2017
********************************************************************

This summary lists security updates released for December 7, 2017.

Complete information for the December 2017 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>.

Critical...

Microsoft Security Update Summary for December 6, 2017 Microsoft (Dec 06)
********************************************************************
Microsoft Security Update Summary for December 6, 2017
Issued: December 6, 2017
********************************************************************

This summary lists security updates released for December 6, 2017.

Complete information for the December 2017 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>.

Critical...

Microsoft Security Advisory Notification Microsoft (Dec 01)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: December 1, 2017
********************************************************************

Security Advisories Released or Updated Today
==============================================

Please note that the URL for Microsoft security documents has changed.

* Microsoft Security Advisory 4053440

- Title: Securely opening...

Microsoft Security Update Minor Revisions Microsoft (Dec 01)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: November 29, 2017
********************************************************************

Summary
=======

The following CVEs have been revised in the October 2017 or the
November 2017 Security Updates.

* CVE-2017-8718
* CVE-2017-11870
* CVE-2017-11873
* CVE-2017-11882

Revision Information:
=====================...

Microsoft Security Update Releases Microsoft (Nov 28)
********************************************************************
Title: Microsoft Security Update Releases
Issued: November 28, 2017
********************************************************************

Summary
=======

The following CVE and security advisory have been revised in the
November 2017 Security Updates.

* CVE-2017-11882
* ADV170020

Revision Information:
=====================

CVE-2017-11882

- Title: CVE-2017-11882 |...

Microsoft Security Update Minor Revisions Microsoft (Nov 28)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: November 28, 2017
********************************************************************

Summary
=======

The following CVEs has been revised in the
November 2017 Security Updates.

* CVE-2017-11770

Revision Information:
=====================

CVE-2017-11770

- Title: CVE-2017-11770 | .NET CORE Denial Of Service...

Microsoft Security Update Minor Revisions Microsoft (Nov 22)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: November 21, 2017
********************************************************************

Summary
=======

The following CVE has been revised in the November 2017 Security
Updates.

* CVE-2017-11882

Revision Information:
=====================

CVE-2017-11882

Title: CVE-2017-11882 | Microsoft Office Memory Corruption...

Microsoft Security Update Releases Microsoft (Nov 16)
********************************************************************
Title: Microsoft Security Update Releases
Issued: November 16, 2017
********************************************************************

Summary
=======

The following security advisory has been revised in the October 2017
Security Updates.

* ADV170012

Revision Information:
=====================

ADV170012

- Title: ADV170012 | Vulnerability in TPM could allow Security...

Microsoft Security Update Minor Revision Microsoft (Nov 16)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: November 16, 2017
********************************************************************

Summary
=======

The following CVEs and Security Advisory have been revised in the
November 2017 Security Updates.

* CVE-2017-8700
* CVE-2017-11883
* ADV170020

Revision Information:
=====================

CVE-2017-8700

- Title:...

Microsoft Security Update Summary for November 2017 Microsoft (Nov 14)
********************************************************************
Microsoft Security Update Summary for November 2017
Issued: November 14, 2017
********************************************************************

This summary lists security updates released for November 2017.

Complete information for the November 2017 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>.

Critical...

Microsoft Security Update Releases Microsoft (Nov 09)
********************************************************************
Title: Microsoft Security Update Releases
Issued: November 9, 2017
********************************************************************

Summary
=======

The following CVE has been revised in the July 2017
Security Updates.

* CVE-2017-8585

Revision Information:
=====================

CVE-2017-8585

- Title: CVE-2017-8585 | .NET Denial of Service Vulnerability
-...

Microsoft Security Advisory Notification Microsoft (Nov 08)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: November 8, 2017
********************************************************************

Security Advisories Released or Updated Today
==============================================

* Microsoft Security Advisory 4053440
- Title: Securely opening Microsoft Office documents that contain
Dynamic Data Exchange (DDE) fields...

Microsoft Security Update Minor Revisions Microsoft (Nov 01)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: November 1, 2017
********************************************************************

Summary
=======

The following CVE has been revised in the October 2017
Security Updates.

* CVE-2017-11826

Revision Information:
=====================

CVE-2017-11826

- Title: CVE-2017-11826 | Microsoft Office Memory Corruption...

Microsoft Security Update Minor Revisions Microsoft (Oct 26)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 26, 2017
********************************************************************

Summary
=======

The following advisory has been revised in the October 2017 Security
Updates.

* ADV170012

Revision Information:
=====================

ADV170012

- Title: ADV170012 | Vulnerability in TPM could allow Security...

Microsoft Security Update Minor Revisions Microsoft (Oct 20)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 20, 2017
********************************************************************

Summary
=======

The following advisory and security bulletin have undergone a
minor revision increment.

* ADV170012
* MS14-085

Revision Information:
=====================

ADV170012

- Title: ADV170012 | Vulnerability in TPM could...

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Verizon: 1.5M of Contact Records Stolen, Now on Sale Jeffrey Walton (Mar 26)
http://www.mobipicker.com/verizon-1-5m-contact-records-stolen-now-sale/:

A business to business telecommunication giant,
Verizon Enterprise Solutions, a Basking Ridge,
New Jersey-based company, has been the latest
victim of a cyber crime that stole 1.5 million contact
records of the customers of Verizon...

I don't quite understand this double talk. Could someone explain to me:

A spokesperson from Verizon said that...

Statement on Lavabit Citation in Apple Case Jeffrey Walton (Mar 16)
(From John Young on another list):
http://www.facebook.com/KingLadar/posts/10156714933135038

As many of you already know, the government cited the Lavabit case in
a footnote. The problem is their description insinuates a precedent
that was never created. Obviously I was somewhat disturbed by their
misrepresentation. So I decided to draft a statement. And keep in
mind, these are the same people who say "trust us." Click continue to
read...

The NSA's back door has given every US secret to our enemies Jeffrey Walton (Feb 29)
http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2

Deng Xiaoping, in 1979 - his second year as supreme leader of China -
perceived a fundamental truth that has yet to be fully grasped by most
Western leaders: Software, if properly weaponized, could be far more
destructive than any nuclear arsenal.

Under Deng’s leadership, China began one of the most ambitious and
sophisticated meta- software...

Can Spies Break Apple Crypto? Jeffrey Walton (Feb 27)
Here's an interesting exchange between Cryptome and Michael Froomkin,
Law Professor at University of Miami, on the All Writs Act
(http://cryptome.org/2016/02/can-spies-break-apple-crypto.htm):

-----

A. Michael Froomkin:

The factual posture in the key Supreme Court precedent, New York
Telephone, involved a situation where only the subject of the order
was capable of providing the assistance at issue. This is the basis
for Apple's...

The FBI's iPhone Problem: Tactical vs. Strategic Thinking Jeffrey Walton (Feb 23)
http://www.technewsworld.com/story/83130.html

I'm an ex-sheriff, and I've been in and out of security jobs for much
of my life, so I've got some familiarity with the issues underlying
the drama between the FBI and Apple. FBI officials -- and likely those
in every other three-letter agency and their counterparts all over the
world -- would like an easier way to do their jobs. Wouldn't we all?

If they could put cameras in...

Wanted: Cryptography Products for Worldwide Survey Jeffrey Walton (Jan 01)
(http://www.schneier.com/crypto-gram/archives/2015/1215.html):

In 1999, Lance Hoffman, David Balenson, and others published a survey
of non-US cryptographic products. The point of the survey was to
illustrate that there was a robust international market in these
products, and that US-only export restrictions on strong encryption
did nothing to prevent its adoption and everything to disadvantage US
corporations. This was an important contribution...

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

• Current Year
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Mozilla Releases Security Updates US-CERT (Dec 07)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

Mozilla Releases Security Updates [
https://www.us-cert.gov/ncas/current-activity/2017/12/07/Mozilla-Releases-Security-Updates ] 12/07/2017 06:50 PM EST
Original release date: December 07, 2017

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. A remote attacker could
exploit these vulnerabilities to take control of an...

Microsoft Releases Security Updates for its Malware Protection Engine US-CERT (Dec 07)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

Microsoft Releases Security Updates for its Malware Protection Engine [
https://www.us-cert.gov/ncas/current-activity/2017/12/07/Microsoft-Releases-Security-Updates-its-Malware-Protection-Engine
] 12/07/2017 05:52 PM EST
Original release date: December 07, 2017

Microsoft has released updates to address a vulnerability in Microsoft Malware Protection Engine...

Google Releases Security Update for Chrome US-CERT (Dec 06)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

Google Releases Security Update for Chrome [
https://www.us-cert.gov/ncas/current-activity/2017/12/06/Google-Releases-Security-Update-Chrome ] 12/06/2017 05:08 PM
EST
Original release date: December 06, 2017

Google has released Chrome version 63.0.3239.84 for Windows, Mac, and Linux. This version addresses vulnerabilities
that an attacker could exploit to take...

Apple Releases Security Updates US-CERT (Dec 06)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

Apple Releases Security Updates [
https://www.us-cert.gov/ncas/current-activity/2017/12/06/Apple-Releases-Security-Updates ] 12/06/2017 05:15 PM EST
Original release date: December 06, 2017

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit
some of these vulnerabilities to take control of an...

Securing Mobile Devices During Holiday Travel US-CERT (Dec 05)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

Securing Mobile Devices During Holiday Travel [
https://www.us-cert.gov/ncas/current-activity/2017/12/05/Securing-Mobile-Devices-During-Holiday-Travel ] 12/05/2017
04:12 PM EST
Original release date: December 05, 2017

As the holiday season begins, many people will travel with their mobile devices. Although these devicessuch as smart
phones, tablets, and...

Alert (TA14-017A) – UDP-Based Amplification Attacks US-CERT (Dec 04)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

TA14-017A: UDP-Based Amplification Attacks [ https://www.us-cert.gov/ncas/alerts/TA14-017A ]

Original release date: January 17, 2014

Updated on: December 4, 2017

Systems Affected

Certain application-layer protocols that rely on the User Datagram Protocol (UDP) have been identified as potential
attack vectors. These include

* Domain Name System (DNS),
*...

Mozilla Releases Security Update for Firefox US-CERT (Dec 04)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

Mozilla Releases Security Update for Firefox [
https://www.us-cert.gov/ncas/current-activity/2017/12/04/Mozilla-Releases-Security-Update-Firefox ] 12/04/2017 07:32 PM
EST
Original release date: December 04, 2017

Mozilla has released a security update to address multiple vulnerabilities in Firefox 57. A remote attacker could
exploit these vulnerabilities to take...

Apache Software Foundation Releases Security Updates US-CERT (Dec 04)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

Apache Software Foundation Releases Security Updates [
https://www.us-cert.gov/ncas/current-activity/2017/12/04/Apache-Software-Foundation-Releases-Security-Updates ]
12/04/2017 06:18 PM EST
Original release date: December 04, 2017

The Apache Software Foundation has released security updates to address vulnerabilities in Apache Struts versions 2.5
to 2.5.14. A...

Intel Firmware Vulnerability US-CERT (Nov 21)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

Intel Firmware Vulnerability [ https://www.us-cert.gov/ncas/current-activity/2017/11/21/Intel-Firmware-Vulnerability ]
11/21/2017 11:02 AM EST
Original release date: November 21, 2017

Intel has released recommendations to address vulnerabilities in the firmware of the following Intel products:
Management Engine, Server Platform Services, and Trusted Execution...

Symantec Releases Security Update US-CERT (Nov 21)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

Symantec Releases Security Update [
https://www.us-cert.gov/ncas/current-activity/2017/11/21/Symantec-Releases-Security-Update ] 11/21/2017 07:40 AM EST
Original release date: November 21, 2017

Symantec has released an update to address a vulnerability in the Symantec Management Console. A remote attacker could
exploit this vulnerability to take control of an...

Windows ASLR Vulnerability US-CERT (Nov 20)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

Windows ASLR Vulnerability [ https://www.us-cert.gov/ncas/current-activity/2017/11/20/Windows-ASLR-Vulnerability ]
11/20/2017 10:57 AM EST
Original release date: November 20, 2017

The CERT Coordination Center (CERT/CC) has released information on a vulnerability in Windows Address Space Layout
Randomization (ASLR) that affects Windows 8, Windows 8.1, and Windows...

Holiday Scams and Malware Campaigns US-CERT (Nov 16)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

Holiday Scams and Malware Campaigns [
https://www.us-cert.gov/ncas/current-activity/2017/11/16/Holiday-Scams-and-Malware-Campaigns ] 11/16/2017 08:41 PM EST
Original release date: November 16, 2017

US-CERT reminds users to remain vigilant when browsing or shopping online this holiday season. Emails and ecards from
unknown senders may contain malicious links. Fake...

ST17-001: Securing the Internet of Things US-CERT (Nov 16)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

ST17-001: Securing the Internet of Things [ https://www.us-cert.gov/ncas/tips/ST17-001 ] 11/16/2017 04:52 PM EST
Original release date: November 16, 2017

The Internet of Things refers to any object or device that sends and receives data automatically through the Internet.
This rapidly expanding set of things includes tags (also known as labels or chips that...

Oracle Releases Security Alert US-CERT (Nov 16)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

Oracle Releases Security Alert [
https://www.us-cert.gov/ncas/current-activity/2017/11/16/Oracle-Releases-Security-Alert ] 11/16/2017 04:39 PM EST
Original release date: November 16, 2017

Oracle has released a security alert to address multiple vulnerabilities in Oracle Tuxedo. A remote attacker could
exploit these vulnerabilities to take control of an affected...

Cisco Releases Security Update US-CERT (Nov 15)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

Cisco Releases Security Update [
https://www.us-cert.gov/ncas/current-activity/2017/11/15/Cisco-Releases-Security-Update ] 11/15/2017 12:24 PM EST
Original release date: November 15, 2017

Cisco has released a security update to address a vulnerability in its Voice Operating System software platform.
Exploitation of this vulnerability could allow a remote attacker...

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Xen Security Advisory 251 - improper bug check in x86 log-dirty handling Xen . org security team (Dec 12)
Xen Security Advisory XSA-251
version 2

improper bug check in x86 log-dirty handling

UPDATES IN VERSION 2
====================

Public release.

Provide information for Xen 4.10-in-preparation branch in .meta.

ISSUE DESCRIPTION
=================

Memory sharing, available to x86 HVM guests only, uses a special value
in the global machine to physical address translation table (M2P)....

Xen Security Advisory 248 - x86 PV guests may gain access to internally used pages Xen . org security team (Dec 12)
Xen Security Advisory XSA-248
version 2

x86 PV guests may gain access to internally used pages

UPDATES IN VERSION 2
====================

Public release.

Provide metadata file.

ISSUE DESCRIPTION
=================

Memory management for PV guests builds on page ownership and page
attributes. A domain can always map, at least r/o, pages of which it
is the owner. Certain fields in the...

Xen Security Advisory 250 - improper x86 shadow mode refcount error handling Xen . org security team (Dec 12)
Xen Security Advisory XSA-250
version 2

improper x86 shadow mode refcount error handling

UPDATES IN VERSION 2
====================

Public release.

Provide metadata file.

ISSUE DESCRIPTION
=================

Pages being used to run x86 guests in shadow mode are reference counted
to track their uses. When another reference cannot be acquired, the
corresponding page table entry must...

Xen Security Advisory 249 - broken x86 shadow mode refcount overflow check Xen . org security team (Dec 12)
Xen Security Advisory XSA-249
version 2

broken x86 shadow mode refcount overflow check

UPDATES IN VERSION 2
====================

Public release.

Provide metadata file.

ISSUE DESCRIPTION
=================

Pages being used to run x86 guests in shadow mode are reference counted
to track their uses. Unfortunately the overflow check when trying to
obtain a new reference used a mask...

[ANN] [APACHE STRUTS] Security Bulletin S2-055: impact increased to High (related to CVE-2017-7525 - JSON Jackson library) Lukasz Lenart (Dec 12)
Hi,

After further clarification we increased impact of a vulnerability
reported to us and described as S2-055 to High. The vulnerability
exists in a JSON Jackson library and it's registered under
CVE-2017-7525. Please read the bulletin [1] and apply possible
solutions. This vulnerability impacts anyone using the vulnerable
Jackson JSON library (not only Struts users).

[1] https://cwiki.apache.org/confluence/display/WW/S2-055

Regards

Qualys Security Advisory - Buffer overflow in glibc's ld.so Qualys Security Advisory (Dec 11)
Qualys Security Advisory

Buffer overflow in glibc's ld.so

========================================================================
Contents
========================================================================

Summary
Memory Leak
Buffer Overflow
Exploitation
Acknowledgments

========================================================================
Summary
========================================================================

We have...

Jenkins Script Security Plugin 1.36 and earlier arbitrary file read vulnerability Daniel Beck (Dec 11)
Jenkins is an open source automation server which enables developers around
the world to reliably build, test, and deploy their software. The following
plugin releases contain fixes for security vulnerabilities:

* Script Security Plugin 1.37

Users of these plugins should upgrade them to the indicated versions.

Descriptions of the vulnerabilities are below. Some more details,
severity, and attribution can be found here:...

Re: PowerDNS Security Advisory 2017-08 Remi Gacogne (Dec 11)
The correct link is:

https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-08.html

Sorry!

PowerDNS Security Advisory 2017-08 Remi Gacogne (Dec 11)
Hello everybody,

We just released PowerDNS Recursor 4.0.8, fixing a security issue
(CVE-2017-15120) affecting PowerDNS Recursor from 4.0.0 up to and
including 4.0.7. PowerDNS Recursor 3.7.4 and 4.1.0 are not affected. The
full security advisory can be found below and at
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-08.html

The issue is a parsing error while handling authoritative answers
containing a CNAME of...

Re: Re: Recommendations GnuPG-2 replacement Phil Pennock (Dec 10)
Prior art to consider and inform your decisions:

* 0x9710B89BCA57AD7C -- PGP Global Directory Verification Key
+ Now part of Symantec; upload key, do verification steps via email,
get signature
* 0x2BAE3CF6DAFFB000 -- ct magazine -- pgpCA () ct heise de
+ Some years back a German technical magazine apparently made a big
push to get people using OpenPGP and had their own verification
service
* WKS in the current (>=...

GraphicsMagick 1.3.27 is available Bob Friesenhahn (Dec 10)
[ This release announcement is forwarded to the oss-security list due
the many security issues found in 1.3.26 and fixed by 1.3.27. Much
thanks to the security researchers and OS package maintainers who
notified us about problems and sometimes provided useful analysis and
patches.]

GraphicsMagick 1.3.27 (the 61st release, and the 28th in this cycle) is now
available. This release is API and ABI compatible with previous 1.3.X releases
so...

Re: CVE Request -- Arbitrary command execution in mercurial repo with a git submodule Salvatore Bonaccorso (Dec 10)
Hi

FTR, this issue was later on assigned CVE-2017-17458.

@Terry, CVEs cannot be requested anymore via mailing oss-security,
rather filling the request via https://cveform.mitre.org/ for future
requests.

Regards,
Salvatore

[CVE-2017-15708] Apache Synapse Remote Code Execution Vulnerability Isuru Udana (Dec 10)
CVE-2017-15708: Apache Synapse Remote Code Execution Vulnerability

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1

Description:

Due to the presence of Apache Commons Collections 3.2.1
(commons-collections-3.2.1.jar) or previous versions,
Apache Synapse 3.0.0 or all previous releases allows remote code
execution attacks that can be performed by
injecting specially crafted...

Re: Re: Recommendations GnuPG-2 replacement Marcus Brinkmann (Dec 10)
Hi Phil,

thank you for your work on the keyservers, and thank you for the
explanations of the reasons behind it, and your thoughts on the matter.
They are very valuable to me, as I too am learning a lot about the
history and implementation details on the way.

I didn't want to complain that the openpgp keyservers have their own
self-signed root CA - it was just one of those things that I didn't
expect and only found out by digging...

Re: Re: Recommendations GnuPG-2 replacement Jeffrey Walton (Dec 10)
Hi Marcus,

Sorry to go off-list. Regarding:

We had so many problems with Cmake we had to drop it. It accounted for
nearly 20% of our bugs. We could not even set a "C++ project" (i.e.,
'project(cryptopp, CXX)') without breaking Cmake. Also see
https://www.cryptopp.com/wiki/CMake#CMake_Removal.

Regarding:

I think the library made a good design decision by moving secret key
operations out-of-process and then interfacing...

Secure Coding — The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Silver Bullet 123: Yanek Korff Gary McGraw (Jul 06)
hi sc-l,

The latest installment of Silver Bullet was posted this morning. Silver Bullet episode 123 features a conversation
with Yanek Korff. Yanek worked for many years at Cigital as a system administrator back in the early days. He then
moved on to operational security work at AOL and running managed security services at Mandiant.

We talk about managing technical people in this episode. We also discuss operational security. Have a...

Educause Security Discussion — Securing networks and computers in an academic environment.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Information Security Plan Keenan Martinez (Dec 11)
Good day members,

If possible, can you please ensure your University’s Information Security Plan?

I am in the research phase of creating a three-five year plan.

Thank You,
Regards,

Keenan Martinez
Manager
Information Technology Department
Arthur Lok Jack Graduate School of Business
Max Richards Drive, Uriah Butler Highway, North West, Mt. Hope. Trinidad & Tobago. (UTC-4 hours)
• (868) 645-6700 ext. 333 (Ext.) • (868) 662 1411 (fax)...

Department of Education Webinar, Dec. 18: Student Data in Times of Crises Valerie Vogel (Dec 11)
Greetings,

The U.S. Department of Education will be hosting webinar, “Student Data in Times of Crisis,” on Monday, December 18,
1-2 pm EST. More details are provided below.

Thank you,

Valerie

__________________________________

From: U.S. Department of Education

Date: Thursday, December 7, 2017 at 4:08 AM

Subject: U.S. Department of Education Daily Digest Bulletin

Please join us on Monday, December 18 at 1:00 pm ET for a webinar...

Re: Dept of Edu Letters Aube, Jane M. (Dec 09)
Hi Jarret,

Thank you for providing this information. It’s heartening to hear Educause is engaging with FSA and ED on this
developing issue.

As an attendee of FSA, ED’s Tiina Rodrigue was successful with her self proclaimed “Operation #InformTerrifyEntertain.

Thank you.

Best regards,
Jane
Jane Aube | Loan Programs and Compliance Specialist | Student Financial Services | Middlebury College | 802.443.5790
Sent from my iPad...

Re: Measures of detecting breached email accounts Valdis Kletnieks (Dec 09)
On Fri, 08 Dec 2017 14:14:23 -0800, Joseph Tam said:

Note that this can be distinguished from "somebody forgot to update
the saved password" because a student trying different passwords won't
be issuing the attempts every 5 minutes on the nose.

Similarly, most "trying a variant on a broken password software" won't
spread the attempts out and try a new variant every 5 minutes, because
that ends up lowering the...

Re: Measures of detecting breached email accounts Joseph Tam (Dec 08)
On some systems (e.g. ssh), yes.

However, for mail authentication, consecutive failures followed by
success is typical of people who change their password, but neglect to
update the cached password in their reader. Or they enter the wrong
password to start with, then walk away, then come back to find
they haven't authenticated properly.

If your talking an office worth of people or a small set of highly locked
down accounts, OK, look at...

Re: Centralized Password Management Barton, Robert W. (Dec 08)
While we are on this subject, I would like to hear from those that have an enterprise password solution, why the do?
We’ve been talking about it here, and some see a good reason for it, and some see shortcomings. So, if you can, please
drop me a line (please go off-list since this is OT).

Robert W. Barton
Director of Information Security
Lewis University
One University Parkway
Romeoville, IL 60446-2200
815-836-5663

From: The EDUCAUSE...

Re: Centralized Password Management Brad Judy (Dec 08)
In this discussion, it’s probably worth noting when schools are talking about individual end-user password management
tool, a team-sharing based password/secret management tool (maybe for the IT dept) or more advanced privileged access
management tools (dynamic password management, monitored shell access for vendors, etc.).

Different needs drive some very different choices for password/secret management. For end-users, maybe easy UI is a...

Re: Centralized Password Management Marlana Trombley (Dec 08)
Perhaps Team Password <https://www.teampassword.com/> would meet your
requirements? I've enjoyed using them in the past!

Re: Centralized Password Management Nick Lewis (Dec 08)
Hi Ken,

I assume your comment about the huge price jump in the past year is about potential direct agreements for LastPass. The
NET+ LastPass pricing hasn’t changed since the program was started 2+ years ago. Happy discuss more here or to chat
more offline.

Thanks,

Nick

Nick Lewis, MS, MA, CISSP
NET+ Program Manager, Security and Identity
Internet2
nlewis () internet2 edu

Their prices for the Enterprise version took a HUGE jump in...

Re: Centralized Password Management Ken Connelly (Dec 08)
Their prices for the Enterprise version took a HUGE jump in the past
year.  Our price doubled over last year.  Even so, their feature set
seems to be pretty unique.

-ken

Re: Centralized Password Management Brian Epstein (Dec 08)
We've been happy with LastPass.com for a few years now.

Thanks,
Brian

Re: Centralized Password Management Frank Barton (Dec 08)
We are using Thycotic's SecretServer, and have been doing so for about 4
years now, with very good results.

Frank

Re: Centralized Password Management Shelton Waggener (Dec 07)
All,
Yes there is a lastpass program with Internet2. We have also been working with them on how to accelerate adoption for
campuses as more institution are tackling this particular challenge. Nick Lewis heads up that effort and will respond
to any requests to netplus () internet2 edu or feel free to reach out to him directly at nlewis () internet2 edu

Best
Shel Waggener

If I'm not mistaken Internet2 has a deal with lastpass...

Re: Centralized Password Management Shen, Philip *HS (Dec 07)
If I'm not mistaken Internet2 has a deal with lastpass

https://www.internet2.edu/products-services/cloud-services-applications/lastpass/

Phil

________________________________
From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Shawn Kohrman
<skohrman () APU EDU>
Sent: Thursday, December 7, 2017 5:18 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY]...

Re: Centralized Password Management Shawn Kohrman (Dec 07)
We're using Lastpass Enterprise and are liking it.

-----
Shawn A. Kohrman, CISSP, C|EH, CPT
Executive Director, Information Services
Security Architect

Azusa Pacific University
Information & Media Technology
901 E. Alosta Ave., PO Box 7000
Azusa, CA 91702-7000

P: 626.815.2054 | F: 626.815.2061 | http://security.apu.edu/
-----

On Thu, Dec 7, 2017 at 2:00 PM, Madl, Michael <michael.madl () indwes edu>
wrote:

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

• Current Month
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

RE: UPnP/IPv6 support in home routers? Keith Medcalf (Dec 11)
UPnP is the spawn of Beelzebub.

Implementation by Bugs Bunny's maroons for use by other maroons is ok, I suppose, as long as those of us who are not
maroons can turn the evil off.

However, if those maroons start whining about all the crap that happened to them because they enabled UPnP they better
to be able to take the "I told you so you stupid maroon" in stride as a perfectly adequate and entirely correct
statement of fact....

Re: Packets Broker (aka: WAN Accelerator (aka: Congestion Algorithms (aka: You call yourself a network engineer?) ) Selphie Keller (Dec 11)
I have some good success with kcptun - https://github.com/xtaci/kcptun it's
designed to handle problematic links.

Packets Broker (aka: WAN Accelerator (aka: Congestion Algorithms (aka: You call yourself a network engineer?) ) Alain Hebert (Dec 11)
    Hi,

We're used to fix Long Fat Network issues ourself...

    But I'm stuck in a case where we need to transparently proxy TCP
connections to apply congestion algorithms (cubic, htcp, etc) since some
of our newer customers are ... well ... refusing to acknowledge that
reality.

    Any good lead for a 1U platform averaging ~10Gbps of throughput,
that isn't some PC hack in a box?

    ( off-lists would be...

RE: quake3-master-getservers: Edwin Pers (Dec 11)
https://nmap.org/nsedoc/scripts/quake3-master-getservers.html

I'd nuke the entire environment from orbit, no telling what other nasty surprises they left for you

-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Richard
Sent: Sunday, December 10, 2017 1:36 PM
To: nanog () nanog org
Subject: quake3-master-getservers:

    NANOG group, at a client site who was complaining of having their Active...

Re: UPnP/IPv6 support in home routers? valdis . kletnieks (Dec 11)
On Mon, 11 Dec 2017 09:23:11 -0300, Fernando Gont said:

Well, there's a bit of a problem there.

Near as I can tell, to get IPv6 support you need to use IGDv2.

Unfortunately, if you want your Xbox or Playstation to be able
to work, you need to be using IGDv1.

Guess what almost everybody chooses to do?

(Been there, done that - had to rebuild miniupnpd for OpenWRT/Lede
because it built with v2 by default)

UPnP/IPv6 support in home routers? Fernando Gont (Dec 11)
Folks,

Anyone can comment on the UPnP support for IPv6 in home routers?

Those that I have checked have UPnP support for IPv4, but not for IPv6
-- even when the home router does otherwise support IPv6.

Looking at UPnP itself, it seems to allow opening holes at the IGD, but
on a fully-specified (local ip, local port, remote ip, remote port)
basis, which kind of sucks -- as one would want to be able to whitelist
all ports for a given IP address,...

Re: quake3-master-getservers: Christopher Morrow (Dec 10)
On Sun, Dec 10, 2017 at 10:36 AM, Richard <rgolodner () infratection com>
wrote:

I think at the point you found a back door ... err, delete and re-install
from known good media.

Re: Static Routing 172.16.0.0/32 Mikael Abrahamsson (Dec 10)
Last time I tried using the first address of a classful address block
(which 172.16.0.0/32 would be) in Cisco IOS (classic), that didn't work
properly. This was in IOS 12.0.x. You can't set up BGP peers to something
in the network address in classful network space, for instance. So
172.16.0.0/32 or 172.16.255.255/32 wouldn't work (because it's first and
last address of class B space), but 172.16.1.0 worked just fine...

quake3-master-getservers: Richard (Dec 10)
    NANOG group, at a client site who was complaining of having their
Active Directory passwords changed every week. Found a PPTP which had
been put in place by a ex employee. Fixed that.

    I have no idea what a master-get servers is.

    If anyone can ping me-off-list to educate me a bit more, please do.

    Sincerely, Richard

RE: Static Routing 172.16.0.0/32 Keith Medcalf (Dec 08)
And thank god for that. Since Microsoft stopped diddle-farting with Windows 98 is was never infested with the UDP
"Execute Payload with NT AUTHORITY\SYSTEM" flag that appeared in all later versions of Windows TCP/IP stack.

As Windows 98 worked on the day after Microsoft stopped diddling with it, so it will work on that day + N, for every
value of N.

The most wonderful thing that can happen to a Microsoft product is that they stop...

RE: Static Routing 172.16.0.0/32 Kate Gerry (Dec 08)
In this example only semi-new devices with current OSes are accessing 172.16.0.0, concerns over old devices or a BSD4.2
machine hitting it is highly unlikely.

To clarify Ryan's statement, the device in question is our software repository where we store OS software updates, for
only recent versions of software, so it should not be an issue. Since we have multiple locations, and multiple software
stores, we use 172.16.0.0 as the AnyCast...

Re: Static Routing 172.16.0.0/32 Ken Chase (Dec 08)
Right - usage of network and broadcast addresses will suddenly make all the
ToiletPaperLink devices upgrade themselves to a new firmware that the devs
released posthaste to handle them properly...

I like your upgrade-by-force ideas! (no, I do. Screw bad implimentations, let them
be binned!) (Tell me about your v6 adoption plans now.)

The Win95 thing was just a personal example of how these things can express
themselves... was a good laugh at...

Re: Static Routing 172.16.0.0/32 Jason Kuehl (Dec 08)
+1 for gross comment.

Re: Static Routing 172.16.0.0/32 Ryan Hamel (Dec 08)
Same for a /12, which is RFC1918.

-------- Original message --------
From: valdis.kletnieks () vt edu
Date: 12/8/17 1:46 PM (GMT-08:00)
To: Ryan Hamel <Ryan.Hamel () quadranet com>
Cc: nanog () nanog org
Subject: Re: Static Routing 172.16.0.0/32

On Fri, 08 Dec 2017 03:13:57 +0000, Ryan Hamel said:

Probably depends on what your colleague is trying to do. Nothing in the
rules says the .0 address on a subnet is reserved (though you're...

Re: Static Routing 172.16.0.0/32 Ryan Hamel (Dec 08)
I'm not implying HTTP, I'm implying a static route at each sites private layer 3 router (it'll move to BGP in the
future). The repository server listens on the IP as well.

My original question was the fact of using 172.16.0.0/32 as a usable IP address (not even caring about anycast).

-------- Original message --------
From: William Herrin <bill () herrin us>
Date: 12/8/17 1:45 PM (GMT-08:00)
To: Ryan Hamel <Ryan.Hamel...

Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating

• Current Month
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Former Facebook exec says social media is ripping apart society DAVID FARBER (Dec 11)
Begin forwarded message:

> From: the keyboard of geoff goodfellow <geoff () iconia com>
> Date: December 11, 2017 at 11:53:34 PM EST
> To: E-mail Pamphleteer Dave Farber's Interesting People list <ip () listbox com>
> Cc: Dewayne Hendricks <dewayne () warpspeed com>, Michael Grant <mgrant () grant org>, "Peter G. Neumann" <neumann ()
> csl sri com>, Sam Baker <kokuadigital () gmail...

Tech pioneers tell FCC: 'You don't understand how the internet works' Dave Farber (Dec 11)
https://www.engadget.com/2017/12/11/internet-pioneers-fcc-open-letter/

-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now:...

Re 400+ lines of JavaScript into web pages Dave Farber (Dec 11)
---------- Forwarded message ---------
From: Roy Levin <roy () levin net>
Date: Mon, Dec 11, 2017 at 2:34 PM
Subject: RE: [IP] Re Comcast is injecting 400+ lines of JavaScript into web
pages
To: <dave () farber net>

Dave,

For IP, if you choose.

I don’t understand the apparent compulsion by ISPs to communicate with me
by any means they can implement. If the electric company, or gas company,
or water company, has to tell me...

Re Comcast is injecting 400+ lines of JavaScript into web pages Dave Farber (Dec 11)
> Begin forwarded message:
>
> From: Brett Glass <brett () lariat net>
> Subject: Re: [IP] Fwd: Comcast is injecting 400+ lines of JavaScript into web pages
> Date: December 11, 2017 at 1:51:28 PM EST
> To: dave () farber net
>
> Dave, and everyone:
>
> As an ISP, I often have trouble contacting our customers. They change telephone numbers and e-mail addresses without
> telling us; our notices often wind...

U.S. Military Capabilities and Forces for a Dangerous World Rethinking the U.S. Approach to Force Planning Dave Farber (Dec 11)
> https://www.rand.org/content/dam/rand/pubs/research_reports/RR1700/RR1782/RAND_RR1782.pdf
>
>

U.S. Military Capabilities and Forces for a Dangerous World
Rethinking the U.S. Approach to Force Planning

by David Ochmanek, Peter A. Wilson, Brenna Allen, John Speed Meyers, Carter C. Price
• Related Topics:
• Counterterrorism,
• Military Force Planning,
• Military Transformation,
•...

Deptos Renta Temporaria a mts del Hospital Italiano no responder (Dec 11)
Su Cliente de Mail NO soporta mensajes en formato HTML.

Para ver correctamente el contenido del correo COPIE y PEGUE la siguiente URL
en su Navegador Web (Chrome / Internet Explorer / FireFox / Safari)

https://app.embluemail.com/Online/VO.aspx?6c4h-R-ek5fk9bhbKwIKEi-R-9i:,i,9-R-0

Re Comcast is injecting 400+ lines of JavaScript into web pages Dave Farber (Dec 10)
> Begin forwarded message:
>
> From: "Livingood, Jason" <Jason_Livingood () comcast com>
> Subject: Re: [IP] Fwd: Comcast is injecting 400+ lines of JavaScript into web pages
> Date: December 10, 2017 at 7:46:20 PM EST
> To: "dave () farber net" <dave () farber net>, ip <ip () listbox com>, "gumby () henkel-wallace org" <gumby ()
> henkel-wallace org>
>
> Dave –...

Fwd: Comcast is injecting 400+ lines of JavaScript into web pages Dave Farber (Dec 10)
---------- Forwarded message ---------
From: DV Henkel-Wallace <gumby () henkel-wallace org>
Date: Sun, Dec 10, 2017 at 10:53 AM
Subject: Comcast is injecting 400+ lines of JavaScript into web pages
To: David Farber <dave () farber net>

Apparently Comcast feels it gets to decide what I should see on the web
pages I choose. Injecting random *executable content* is no different from
providing other editorial “improvements”.

The...

Re Why Mike Masnick changed his mind on net neutrality / responses to Ben Thompson Dave Farber (Dec 10)
Begin forwarded message:

> From: Hasan Diwan <hasan.diwan () gmail com>
> Date: December 10, 2017 at 6:07:09 PM EST
> To: "dave () farber net" <dave () farber net>
> Subject: Re: [IP] Why Mike Masnick changed his mind on net neutrality / responses to Ben Thompson
>
> Prof Farber,
> [for IP, if you wish]
>
> The underlying question regarding network neutrality is one of innovation. Specifically,...

Why Mike Masnick changed his mind on net neutrality / responses to Ben Thompson Dave Farber (Dec 10)
Begin forwarded message:

> From: Barbara van Schewick <schewick () stanford edu>
> Date: December 10, 2017 at 12:25:04 PM EST
> To: David Farber <dave () farber net>
> Cc: Barbara van Schewick <schewick () stanford edu>
> Subject: Why Mike Masnick changed his mind on net neutrality / responses to Ben Thompson
>
> Hi Dave,
>
> For IP, if you wish. You recently shared an article by tech industry...

Doctors find brain abnormalities in victims of Cuba mystery Dave Farber (Dec 09)
> Begin forwarded message:
>
> From: Kimi Wei <kimi () thewei com>
> Subject: Doctors find brain abnormalities in victims of Cuba mystery
> Date: December 9, 2017 at 11:38:27 AM EST
> To: David Farber <dave () farber net>
>
> https://www.apnews.com/bbed1d7f6f1a4320a7e60abfdce67d4d
>
> Doctors find brain abnormalities in victims of Cuba mystery
>
> JOSH LEDERMAN
> Associated Press•December...

The Washington Post: Perspective | This is how nuclear war with North Korea would unfold Dave Farber (Dec 09)
Perspective | This is how nuclear war with North Korea would unfold
The Washington Post

In one all-too-plausible worst-case scenario, millions die from mistakes and a tweet. Read the full story

Shared from Apple News

-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription:...

Microsoft Researcher Details Real-World Dangers of Algorithm Bias Dave Farber (Dec 09)
>
> https://gizmodo.com/microsoft-researcher-details-real-world-dangers-of-algo-1821129334
> <https://gizmodo.com/microsoft-researcher-details-real-world-dangers-of-algo-1821129334>
>
> Microsoft Researcher Details Real-World Dangers of Algorithm Bias
>
> Sidney Fussell <//kinja.com/sidneyfussell>Yesterday 5:00pm
> <https://gizmodo.com/microsoft-researcher-details-real-world-dangers-of-algo-1821129334...

Fwd: [Internet Policy] Some comments on WTO and e-commerce (longish) Dave Farber (Dec 08)
---------- Forwarded message ---------
From: Ang Peng Hwa (Prof) <TPHANG () ntu edu sg>
Date: Fri, Dec 8, 2017 at 11:32 AM
Subject: Re: [Internet Policy] Some comments on WTO and e-commerce (longish)
To: Richard Hill <rhill () hill-a ch>, thomas.streinz () law nyu edu <
thomas.streinz () law nyu edu>
CC: ISOC Internet Policy <internetpolicy () elists isoc org>

We have here a classic problem of people having only one tool...

Fwd: Amazon wants a key to your house. I did it. I regretted it. - The Washington Post Dave Farber (Dec 08)
---------- Forwarded message ---------
From: Rollie Cole <rolliecole () gmail com>
Date: Thu, Dec 7, 2017 at 9:59 PM
Subject: Re: [IP] Amazon wants a key to your house. I did it. I regretted
it. - The Washington Post
To: Dave Farber (by way of Bernard A. Galler) <dave () farber net>

Dave:

I wonder if anyone has tried putting Amazon Key on a lockbox outside the
house -- the delivery person can then put the items in the box, without...

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Risks Digest 30.50 RISKS List Owner (Nov 22)
RISKS-LIST: Risks-Forum Digest Wednesday 22 October 2017 Volume 30 : Issue 50

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.50>
The current issue can also...

Risks Digest 30.49 RISKS List Owner (Nov 07)
RISKS-LIST: Risks-Forum Digest Tuesday 7 November 2017 Volume 30 : Issue 49

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.49>
The current issue can also be...

Risks Digest 30.48 RISKS List Owner (Oct 19)
RISKS-LIST: Risks-Forum Digest Thursday 19 October 2017 Volume 30 : Issue 48

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.48>
The current issue can also...

Risks Digest 30.47 RISKS List Owner (Sep 29)
RISKS-LIST: Risks-Forum Digest Friday 29 September 2017 Volume 30 : Issue 47

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.47>
The current issue can also...

Risks Digest 30.46 RISKS List Owner (Sep 11)
RISKS-LIST: Risks-Forum Digest Monday 11 September 2017 Volume 30 : Issue 46

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.46>
The current issue can also...

Risks Digest 30.44 RISKS List Owner (Aug 31)
RISKS-LIST: Risks-Forum Digest Thursday 31 August 2017 Volume 30 : Issue 44

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.44>
The current issue can also be...

Risks Digest 30.43 RISKS List Owner (Aug 14)
RISKS-LIST: Risks-Forum Digest Monday 14 August 2017 Volume 30 : Issue 43

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.43>
The current issue can also be...

Risks Digest 30.42 RISKS List Owner (Aug 07)
RISKS-LIST: Risks-Forum Digest Monday 7 August 2017 Volume 30 : Issue 42

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.42>
The current issue can also be...

Risks Digest 30.41 RISKS List Owner (Aug 01)
RISKS-LIST: Risks-Forum Digest Tuesday 1 August 2017 Volume 30 : Issue 41

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.41>
The current issue can also be...

Risks Digest 30.40 RISKS List Owner (Jul 28)
RISKS-LIST: Risks-Forum Digest Friday 28 July 2017 Volume 30 : Issue 40

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.40>
The current issue can also be...

Risks Digest 30.39 RISKS List Owner (Jul 22)
RISKS-LIST: Risks-Forum Digest Saturday 22 July 2017 Volume 30 : Issue 39

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.39>
The current issue can also be...

Risks Digest 30.38 RISKS List Owner (Jul 17)
RISKS-LIST: Risks-Forum Digest Monday 17 July 2017 Volume 30 : Issue 38

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.38>
The current issue can also be...

Risks Digest 30.37 RISKS List Owner (Jul 14)
RISKS-LIST: Risks-Forum Digest Friday 14 July 2017 Volume 30 : Issue 37

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.37>
The current issue can also be...

Risks Digest 30.36 RISKS List Owner (Jul 07)
RISKS-LIST: Risks-Forum Digest Friday 7 July 2017 Volume 30 : Issue 36

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.36>
The current issue can also be...

BreachExchange — BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

The Cumulative Effect of Major Breaches: The Collective Risk of Yahoo & Equifax Audrey McNeil (Dec 11)
http://www.securityweek.com/cumulative-effect-major-
breaches-collective-risk-yahoo-equifax

Until quite recently, people believed that a dizzying one billion accounts
were compromised in the 2013 Yahoo! breach… and then it was revealed that
the real number is about three billion accounts.

That raises the question: so what? Isn’t all the damage from a
four-year-old breach already done?

The answer: not at all. For those who have taken...

Do your employee medical files meet ADA privacy requirements? Audrey McNeil (Dec 11)
https://www.bizjournals.com/bizjournals/how-to/human-
resources/2017/12/do-your-employee-medical-files-meet-ada-privacy.html

Contrary to popular belief, the most significant law for employers with
regard to medical privacy is the Americans with Disabilities Act, not the
Health Insurance Portability and Accountability Act.

Employers,in their activities as employers (as opposed to health plan
sponsors), are not included under the HIPAA...

6 Tips to Protect Your Business from Identity Theft Audrey McNeil (Dec 11)
http://www.strategydriven.com/2017/12/06/6-tips-to-protect-
your-business-from-identity-theft/

Identity theft is becoming an increasing concern for people, with major
data breaches becoming a normal part of our daily news cycle. In fact, it
is safe to say that your information is probably somewhere out in the void,
just waiting for somebody to pick it up and start using it. This is not an
exaggeration, this is just the unfortunate reality we...

Could the security industry have it all wrong? Audrey McNeil (Dec 11)
https://www.csoonline.com/article/3239848/security/
could-the-security-industry-have-it-all-wrong.html

For decades, enterprises have focused on securing valuable data and IP by
building “walls and moats” to keep out bad actors. Yet despite growing
investments in defensive technologies, cyber breaches continue to
proliferate. The threat landscape becomes even more complex as perimeters
effectively evaporate thanks to ever-increasing systems...

No place for HR to hide from cybercrime Audrey McNeil (Dec 11)
http://www.hrreview.co.uk/analysis/sarah-adams-no-place-
hr-hide-cybercrime/109297

Sharp edges can be dangerous. And HR, whether it’s in- or out-of-house, is
at the sharp end of cyber-security in two major ways.

First, the kind of data HR personnel handle makes them a prime target for
cyber-attacks. Things like addresses, dates of birth, National Insurance
numbers and payroll details are like gold dust to cybercriminals. They’re
the perfect...

Innovation In The Ransomware Supply Chain Audrey McNeil (Dec 11)
http://www.businesscomputingworld.co.uk/innovation-in-the-ransomware-
supply-chain/

A classic feature of an economy experiencing high demand for its products
and services is the evolution and specialisation of the supply chain; the
ransomware market has proved no different. The economy itself has become so
much more robust because of the now-existing service layers or tiers. These
services drive down the barrier to entry and attackers no longer...

A cyber attack which should serve as a warning to the financial service industry Audrey McNeil (Dec 08)
http://dofonline.co.uk/2017/12/05/cyber-attack-serve-
warning-financial-service-industry/

The Financial Conduct Authority (FCA) has announced plans to investigate
Equifax following the recent cyber attack on the business. As many as
694,000 UK users were affected, a number that rises beyond 143 million when
US customers are included. Although Equifax has welcomed the investigation
to “learn the lessons from this criminal cyber attack”, the...

5 computer security facts that surprise most people Audrey McNeil (Dec 08)
https://www.csoonline.com/article/3239644/data-breach/5-
computer-security-facts-that-surprise-most-people.html

The five statements below are the causes behind a lot of computer security
risk and exploits. If you understand them well enough today, you will be
ahead of your peers.

1. Every company is hacked

When the world hears about the latest big breach, people probably think
that the company involved must be bad at computer security. The...

The 2018 Cybersecurity landscape Audrey McNeil (Dec 08)
http://www.itnewsafrica.com/2017/12/the-2018-cybersecurity-landscape/

Every year around this time all the security businesses and analysts leap
for their crystal ball and attempt to predict what we should be worrying
about in the coming 12 months or more. And the sad reality is that not a
lot will change as there is not much need for the cybercriminal community
to do anything different – it’s already working well now!

The cybercriminal...

Obike becomes latest victim of global data breach Audrey McNeil (Dec 08)
https://www.cnet.com/news/yellow-bike-sharing-firm-is-
new-victim-of-global-data-breach/

Are you riding one of those yellow bikes on the streets of Singapore,
Sydney or London? Some of your personal information may have been accessed.

Obike suffered a global security breach that lasted at least two weeks,
Bavarian Radio reported. User information including names, contacts,
profile photos and location was leaked and made accessible online.

The...

Ransomware slows North Carolina county government to a crawl Destry Winant (Dec 07)
http://www.wral.com/deadline-looms-for-decision-by-hacked-north-carolina-county/17165343/

A cyberattack slowed county government to a crawl Wednesday in North
Carolina's most populous metro area as deputies processed jail inmates
by hand, the tax office turned away electronic payments and building
code inspectors switched to paper records.

Data was frozen on dozens of Mecklenburg County servers after one of
its employees opened an email...

Nearly 20, 000 patients compromised by Henry Ford Health System data breach Destry Winant (Dec 07)
https://www.freep.com/story/news/local/michigan/detroit/2017/12/06/henry-ford-hospital-data-breach/926163001/

Henry Ford Health System announced this week a data breach of health
information that involves nearly 20,000 patients. It is "unclear" if
any of the compromised information has been used "inappropriately."

"We are very sorry this happened. We take very seriously any misuse of
patient information, and we are...

Mahtomedi Middle School student breaches district data Destry Winant (Dec 07)
http://www.presspubs.com/white_bear/news/article_6f7d6712-daa8-11e7-879a-9b732f23cd48.html

A Mahtomedi Middle School student breached student data earlier this
fall when a teacher was logged into a computer.

The student accessed 3,300 student ID numbers, 215 test scores, 11
individualized education plan (IEP) sheets and 18 other student
education plans, said Patrick Crothers, technology coordinator. The
breach extended beyond the middle school...

Which of Your Employees Are Most Likely to Expose Your Company to a Cyberattack? Destry Winant (Dec 07)
https://hbr.org/2017/12/which-of-your-employees-are-most-likely-to-expose-your-company-to-a-cyberattack

When poet Alexander Pope first said “to err is human,” he probably
didn’t realize how prescient those words were in capturing the world
of cybersecurity. Yes, the root cause of most security breaches can be
traced to human actions, or lack thereof. However, the bigger mistake
is to believe that cybersecurity can be attained simply by...

Security nightmare: Lewiston man accesses stranger’s bank info Audrey McNeil (Dec 06)
http://www.sunjournal.com/security-nightmare-lewiston-
man-accesses-strangers-bank-info/

Somewhere in Farmington, Connecticut, is a man who may never know how lucky
he is to still be in possession of his money.

On Friday night, a Lewiston man trying to manage his own bank account was
inexplicably given access to a complete stranger’s banking information.

“I just wanted to log on to my account to see if there’s money to go
Christmas...

Metasploit — Development discussion for Metasploit, the premier open source remote exploitation tool

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

nullcon se7en CFP is open nullcon (Aug 25)
Dear Friends,

Welcome to nullcon se7en!

$git commit -a <sin>

<sin> := wrath | pride | lust | envy | greed | gluttony | sloth

nullcon is an annual security conference held in Goa, India. The focus
of the conference is to showcase the next generation of offensive and
defensive security technology. We happily open doors to researchers
and hackers around the world working on the next big thing in security
and request...

Ruxcon 2015 Final Call For Presentations cfp (Jul 05)
Ruxcon 2015 Final Call For Presentations
Melbourne, Australia, October 24-25
CQ Function Centre

http://www.ruxcon.org.au

The Ruxcon team is pleased to announce the first round of Call For Presentations for Ruxcon 2015.

This year the conference will take place over the weekend of the 24th and 25th of October at the CQ Function Centre,
Melbourne, Australia.

The deadline for submissions is the 15th of September, 2015.

.[x]. About Ruxcon .[x]....

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

• Current Month
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

dtd parsing failure 杜 伟强 (Dec 10)
hello every one
i have successfule build wireshark on windows
but when i start wireshark it pop an error windows says

dtd parser in file c/development/wsbuild64/run/relwithdebinfo/dtds/._dc.dtd:
syntax error in .dc.dtd:1 at or before 'mac':
dtd parsing failure

so what happened here?

Re: Windows 64-bit petri-dish build timing out? Martin Mathieson via Wireshark-dev (Dec 09)
Oops, should have just searched for 'error', was looking for something
obvious near the bottom of the log. And rebased.
Martin

On Sat, Dec 9, 2017 at 2:44 PM, Jakub Zawadzki <darkjames-ws () darkjames pl>
wrote:

TLS1.2 Handshake: Cert Not Shown: Out of order Packet Nalini J Elkins (Dec 09)
All,
I am attaching a trace.  I do not know if you can do anything but what is happening is that a packet is coming in out
of order.  The packet, I believe 6, should really be put together with packet 8 (which includes packet 5 already).
What happens is that the Server Certificate record is not being reconstructed.
I have the same scenario multiple times in a customer trace for other handshake packets.   I cannot send the customer
trace but...

Re: Windows 64-bit petri-dish build timing out? Jakub Zawadzki (Dec 09)
Hello Martin,

W dniu 2017-12-09 14:52, Martin Mathieson via Wireshark-dev napisał(a):

Not sure about timeout, but recent cause of windows build failures was
missing declaration of packet_range_t in file_dlg_win32.h

From your log:
filter_autocomplete.c

130>C:\buildbot\builders\windows-x86-64-petri-dish\windows-x86-64-petri-dish\build\ui/win32/file_dlg_win32.h(73):
error C2143: syntax error: missing ')' before...

Windows 64-bit petri-dish build timing out? Martin Mathieson via Wireshark-dev (Dec 09)
There have been some failures recently, e.g.
https://buildbot.wireshark.org/petri-dish/builders/Windows%20Petri%20Dish%20x64/builds/1123/steps/compile_1/logs/stdio

That build took over 21 minutes, and near the start of the log you can see:

in dir C:\buildbot\builders\windows-x86-64-petri-dish\windows-x86-64-petri-dish\build/cmbuild
(timeout 1200 secs)

I don't know 20 minutes is still a sensible timeout, or whether these
builds ought to...

Re: how to enable ip reassembly in tshark Jaap Keuter (Dec 09)
Hi,

Tshark would be using the same preferences as Wireshark does (barring any profile changes), so should be reassembling
the IP fragments into complete UDP packets with SIP payload.

If not, you can always add -o ip.defragment:TRUE to the Tshark command line to have this option set.

Thanks,
Jaap

[SNIP]

how to enable ip reassembly in tshark Wenling Li -X (wenlli - CIeNET at Cisco) (Dec 08)
Hi wireshark supporter,

I installed wireshark software on my Ubuntu 16.04, and when I using tshark to capture packets, I found that one of the
sip packet which is more than 1500bytes is fragmented as two ip packets.

But if I using wireshark to capture all the sip packets can be shown completely, the bigger sip packet which is more
than 1500 bytes can be displayed in one packet in wireshark.

My tshark and wireshark version is 2.2.6.

So...

Q. on Tshark & Reassembled TCP segments sift sans (Dec 07)
Is it possible to use Tshark to carve HTTP fields from an HTTP header
that's large enough to get divided up into multiple packets? In Wireshark,
this large/oversized HTTP header becomes displayed in reassembled TCP
segments. I can see the HTTP header in the ASCII section by finding the
frame that contains all of the reassembled TCP segments and clicking on the
"Reassembled TCP" tab at the bottom of the screen. I can see the full...

Dissect independently from the port number Marcin Nawrocki (Dec 07)
Dear Wireshark community,

I would like to dissect my packets independently from the port number
for a small subset of protocols.

Reading the docs (README.heuristic [1]) suggests, that normal dissectors
(ND) are based on port numbers and have a higher priority than heuristic
dissectors (HD). Due to FCFS detection order and performance reasons I
would also like to disable all dissectors and enable the dissectors only
for the protocols I am...

Re: Wireshark Help on UHD-Display Maynard, Chris (Dec 04)
From: Wireshark-dev [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Alfred Bauer
Sent: Sunday, December 3, 2017 1:27 PM
To: wireshark-dev () wireshark org
Subject: [Wireshark-dev] Wireshark Help on UHD-Display

Hi.

i have a new laptop from HP (ENVY) with UHD Display 17.3", (Resolution 3840x2160)

All is fine, but Help is as it would be displayed on FHD Display, too small for this screen size (Screenshot attached).

Regards,...

Wireshark Help on UHD-Display Alfred Bauer (Dec 04)
Hi.

i have a new laptop from HP (ENVY) with UHD Display 17.3", (Resolution 3840x2160)

All is fine, but Help is as it would be displayed on FHD Display, too small for this screen size (Screenshot attached).

Regards,
Alfred Bauer
(just a wireshark user)

Re: git question Dario Lombardo (Dec 04)
If you have pushed to gerrit from your master (that is correct, but not the
best option), you didn't do anything wrong. Gerrit uses a cherry-pick
strategy when we promote a commit, that means that developer's commit
histories don't play any role.
What git is telling you is that you and master have diverged, and you have
to update.

Running git push --rebase does

1) fetch data from remote
2) stash your local commits
3) apply new...

Re: Build broken (cfile-int.h missing) Guy Harris (Dec 03)
Fixed in 8ffc939b54cbfdda4698bafb60ebd0856a575853. See also 461c8a7b44a2853d2ad3ae3d0586b4f21b9feab8.

Build broken (cfile-int.h missing) Martin Mathieson via Wireshark-dev (Dec 03)
I'm seeing this, I don't have cfile-int.h anywhere):

[ 2%] Building C object ui/CMakeFiles/ui.dir/capture.c.o
/home/martin/wireshark/ui/capture.c:25:23: fatal error: cfile-int.h: No
such file or directory
#include "cfile-int.h"
^
compilation terminated.

Martin

Re: Qt-related error during build prep Paul Offord (Dec 03)
Thanks Jakub,

I feel a bit stupid for not noticing. I've been going back and forth through Graham's setup guide to make sure I
hadn't missed anything, and there it is right under my nose. Duh!

Thanks and regards...Paul

-----Original Message-----
From: Wireshark-dev [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Jakub Zawadzki
Sent: 03 December 2017 17:58
To: Developer support list for Wireshark <wireshark-dev...

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Snort extra version 1.0.0-a4 built incomplete. Chatsiri Rattana via Snort-devel (Dec 12)
Hello Contributor,

Snort version 3.0 Version 3.0.0 (Build 240) from 2.9.8-383 and hash
committing is 1b646c46a Merge pull request #1002 in SNORT/snort3 from
sum_stuff to master. After was snort built completed. I'm try to build
snort-extra package name snort_extra-1.0.0-a4. Error show as below.

snort3-distfw/snort_extra-1.0.0-a4/src/inspectors/data_log/data_log.cc:95:22:
error: ‘get_data_bus’ was not declared in this scope...

Re: TOR Browser detection policy rule Tyler Montier (Dec 11)
Lenny,

Thanks for your submission. We will review the rule for addition into the
community ruleset, and get back to you when its finished.

You said you tested the rule already, do you have any pcaps that you could
send our way while we test the rule?

Thanks,

Tyler Montier
Cisco Talos

Re: TOR Browser detection policy rule R S (Dec 11)
9000,9001,9040 etc. but not 300 ports. There will be lots of traffic
attributed to Tor although it isn't.
Suggest to change to date to international ISO format YYYY-MM-DD

TOR Browser detection policy rule Lenny Hansson (Dec 11)
To all SNORT users:

TOR Browser detection rule. Feel free to use.

I have tested the rule on 100GB data set no false positives so far. If
you find any false positives please let me know.

alert tcp $EXTERNAL_NET [9000:9300] -> $HOME_NET 1024: (msg:"NF - POLICY
- TOR browser starting up - TOR SSL NAT Check Detected - Typical TOR DNS
name"; flow:from_server,established;
pcre:"/www\.[a-z0-9]{12,21}\.(com|net)/i";...

Re: indicator DNS queries Y M via Snort-sigs (Dec 08)
Please keep the posts on the list.

I’m not sure if you are asking or thinking out loud. Either way, probably no one can help you answer that question, but
you. That’s why I stressed “your environment” in my previous response.

________________________________
From: Weissenburger, Steve <scweissen () tegna com>
Sent: Friday, December 8, 2017 4:26:07 PM
To: Y M
Subject: RE: [Snort-sigs] indicator DNS queries

Thanks for the...

Re: Traffic Capture Al Lewis (allewi) via Snort-users (Dec 08)
Hello,

Are you sure snort isnt seeing the ARP traffic? Have you checked your exist stats? See mine for arp below

===============================================================================
Breakdown by protocol (includes rebuilt packets):
Eth: 42 (100.000%)
VLAN: 0 ( 0.000%)
IP4: 18 ( 42.857%)
Frag: 0 ( 0.000%)
ICMP: 0 ( 0.000%)
UDP:...

Re: Traffic Capture Syed Hammad Tahir (Dec 08)
I specifically want to do it with snort since I am using it as a sensor
with apache metron.

Re: Traffic Capture wkitty42 (Dec 08)
if all you are wanting to do is capture traffic, why not use tcpdump or
wireshark? that's what they do... something like this should do...

tcpdump -i eth0 -s0 -w arp_traffic.pcap 'arp or icmp'

check the tcpdump docs to understand the options given...

Re: Traffic Capture wkitty42 (Dec 08)
if all you are wanting to do is capture traffic, why not use tcpdump or
wireshark? that's what they do... something like this should do...

tcpdump -i eth0 -s0 -w arp_traffic.pcap 'arp or icmp'

check the tcpdump docs to understand the options given...

Traffic Capture Syed Hammad Tahir (Dec 08)
Hi all,

I am new to snort and need help .

Is there any way (by writing rules) to capture all the network traffic?

By default I am using alert tcp any any -> any any (msg: “alert”) but it
doesnt capture the whole traffic i.e., the packets sent transferred between
other nodes (unicast).

I am specifically interested in capturing the ARP request data. Any help
will be appreciated.

Regards

Pulledpork 0.7.3 released Michael Shirk via Snort-users (Dec 07)
The current master branch has been tagged as 0.7.3. Let me know if you
have any issues.

https://github.com/shirkdog/pulledpork/releases/tag/v0.7.3

Thanks.

Re: false positive FYI Al Lewis (allewi) via Snort-sigs (Dec 07)
Hello,

Can you send a sample of the traffic?

Thanks.

Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi () cisco com<mailto:allewi () cisco com>

From: Snort-sigs <snort-sigs-bounces () lists snort org<mailto:snort-sigs-bounces () lists snort org>> on behalf of
Daniel Schreiber <scrober () outlook de<mailto:scrober () outlook de>>
Date: Thursday, December 7, 2017 at 2:45...

Re: indicator DNS queries Y M via Snort-sigs (Dec 07)
These rules detect DNS queries generated from the protected/home network to domain(s) ending with top-level domains
(TLD) “win”, “top”, and “tk”. Depending on your environment, domains under these TLDs might be suspicious, specifically
the ones with “win” and “top”.

You need to identify the sources of these queries (obviously not the DNS servers, but the clients requesting the
domains) and determine their legitimacy based...

false positive FYI Daniel Schreiber (Dec 07)
Hello,

these Rule here:
119:33 (http_inspect) UNESCAPED SPACE IN HTTP URI

Cause some false positve on my setup.

it blocks Apple Facetime server IPs and steam akamaitechnologies IPs that seems to reffer to the Steam Network.

Greetings

indicator DNS queries Weissenburger, Steve (Dec 07)
Hello,
I'm being hit with these three snort rules and trying to find more info on what exactly these are doing but coming up
empty. Can anyone provide more insight? I'm a snort newbie.

Thanks,
Steve

INDICATOR-COMPROMISE Suspicious .win dns query (1:44077:1)
INDICATOR-COMPROMISE Suspicious .top dns query (1:43687:1)
INDICATOR-COMPROMISE Suspicious .tk dns query (1:39867:3)