SecLists.Org Security Mailing List Archive

Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:

Insecure.Org Lists

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

Re: ZenMap 6.25 causes Blue screens on Windows 7 David Fifield (Jun 20)
Thanks for this report. The best I can tell is that this is some problem
unrelated to Nmap. Microsoft Support published an article on this "Event
ID 41" error:
http://support.microsoft.com/kb/2028504
And there are some TechNet threads about it:

https://social.technet.microsoft.com/Forums/windows/en-US/9e71f600-7c62-4869-8236-964e93d17936/iam-having-microsoftwindowskernelpower-crashes...

Re: NMAP 6.25 does not compile on Solaris 10 David Fifield (Jun 20)
Latest SVN (r31010) builds for me on Solaris 10, while 6.25 does not. So
I guess this got fixed somewhere along the line.

David Fifield

Re: Strange beahviour/bug with nmap rpc-grind script David Fifield (Jun 19)
Thanks for this report. I was not able to reproduce it, however that
doesn't necessarily mean anything. I found that a bug in rpc-grind
prevented a proper error message from being shown, and I think the error
message might help find the cause of the problem. The message
NSE: rpc-grind ReceivePacket(): nil
should have a real error message in place of "nil". I committed a fix
for this in r31010, and I've also attached a...

Re: Ncat-Lua idea: --lua-eval for Lua one-liners David Fifield (Jun 19)
An aside, in bash at least, you can do this with --lua-exec as
ncat -l -p 13 --lua-exec <(echo 'print(os.date())')

David Fifield

Ncat-Lua idea: --lua-eval for Lua one-liners Jacek Wielemborek (Jun 19)
Hi guys,

I have an idea for an Ncat extension that would work as an addition to
--lua-exec. The feature I'm speaking of is --lua-eval, which would
allow to run simple Lua one-line scripts directly from the
command-line, in contrast to --lua-exec, which requires a file to be
created in order to be executed. The invocation would look like this:

ncat -l -p 13 --lua-eval 'print(os.date())'

...which implements the RFC 867 daytime...

New VA Modules: OpenVAS: 18, MSF: 2, Nessus: 6 New VA Module Alert Service (Jun 19)
This report describes any new scripts/modules/exploits added to Nmap,
OpenVAS, Metasploit, and Nessus since yesterday.

== OpenVAS plugins (18) ==

r16708 803643 2013/gb_mozilla_thunderbird_mult_vuln01_oct12_macosx.nasl
http://wald.intevation.org/scm/viewvc.php/trunk/openvas-plugins/scripts/2013/gb_mozilla_thunderbird_mult_vuln01_oct12_macosx.nasl?root=openvas&view=markup
Mozilla Thunderbird Multiple Vulnerabilities-01 (Mac OS X)

r16708...

New VA Modules: NSE: 2, OpenVAS: 2, MSF: 1, Nessus: 5 New VA Module Alert Service (Jun 18)
This report describes any new scripts/modules/exploits added to Nmap,
OpenVAS, Metasploit, and Nessus since yesterday.

== Nmap Scripting Engine scripts (2) ==

r30965 http-fileupload-exploiter http://nmap.org/nsedoc/scripts/http-fileupload-exploiter.html
https://svn.nmap.org/nmap/scripts/http-fileupload-exploiter.nse
Author: George Chatzisofroniou
Exploits insecure file upload forms in web applications using various
techniques like changing the...

Re: [NSE] SSL certificate chain and verification David Fifield (Jun 18)
Thanks Patrik. Can you add documentation for the new result format in
nselib/nmap.luadoc, and send a new patch?

Okay, but this is nontrivial and should be done as a separate patch.
Check Ncat's cert_match_dnsname and the tests in
ncat/test/test-wildcard.c.

I think this is a bad idea. We already do it for Ncat's certificate
store, which means Ncat's certificate store is always out of date. Don't
hardcode a name like...

Re: [NSE] IKE information extraction David Fifield (Jun 18)
I've applied parts of the ike.lua patch in a series of revisions
starting with r30968. The remaining uncommitted changes are attached.

Please don't mix up a lot of unrelated changes in one patch in the
future. In particular, you changed the name of some constant tables and
changed their formatting, while also adding elements to them. This makes
it take longer to evaluate your changes.

I see that you are storing a list of vendor IDs. I...

George's status report - #2 of 16 George Chatzisofroniou (Jun 18)
Hi,

Here's the report for this week.

Accomplishments:

* Switched to nmap's SVN repo and created my private branch.

* Improvements on my HTTP scripts
http-fileupload-expoiter
- Emailed the script to the list.
- Commited it to the trunk.
http-comments-displayer
- Added the pathname for the file with the comments and
the line number in the output.
- Renamed the 'extend' argument to...

Re: Jacek's status report - #2 of 16 David Fifield (Jun 18)
I saw the implementation at https://svn.nmap.org/nmap-exp/d33tah/ncat-lua,
and it's looking good. The reason I estimate two weeks is because of
what Fred Brooks said: "A Systems Product is a truly useful object but
costs at least 9 times as much as a Program." (http://javatroopers.com/Mythical_Man_Month.html#Chapter_1)
There's still a lot to be done before this feature is complete. At least:
* man page documenatation
*...

Re: Ncat + Lua - GSOC feedback request Jacek Wielemborek (Jun 17)
2013/6/17 David Fifield <david () bamsoftware com>:

Yeah, I noticed that when I started coding (the code's in the repo BTW). For
my comments on the Windows implementation, please refer to my report #2 (not
saying I'm not going to do this, but I'd definitely put this off for later).

Sounds like we're heading for the plugin system Daniel Miller suggested. I
have to admit I'm excited about it!

I like the approach,...

Re: Ncat + Lua - GSOC feedback request Jacek Wielemborek (Jun 17)
2013/6/17 Daniel Miller <bonsaiviking () gmail com>:

What we're heading to is a plugin system instead of a scripting one. But I
have to admit I love this idea!

Re: Jacek's status report - #2 of 16 Jacek Wielemborek (Jun 17)
2013/6/18 David Fifield <david () bamsoftware com>:

Have you looked at my initial implementation? I estimated the proof of concept
to take more or less three days, it was more like three hours. I like the
explanation you just gave for embedding Lua - it really is a pain to code on
the bare Windows and I do believe that Ncat-Lua could help me there.

And for the telnet negotiation, I understood your point (or at least I think I
do) a while...

Re: Jacek's status report - #2 of 16 David Fifield (Jun 17)
There might be some confusion here, because Telnet negotiation is not
something that makes sense for --lua-exec. The -t option just causes
Ncat to do things to automatically ignore certain byte patterns that
Telnet servers emit.

Think of --lua-exec this way: You are stuck on Windows and you don't
even have a way to write shell scripts. But Ncat's built-in Lua
interpreter lets you still write interesting little --sh-exec
replacements....

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.

Nmap Project Seeking Talented Programmers for Google Summer of Code Fyodor (Apr 26)
Hi Folks. I'm happy to announce that the Nmap Project has again been
accepted into the Google Summer of Code program. This innovative and
extraordinarily generous program provides $5,000 stipends to college and
graduate students who spend the summer improving Nmap! They gain valuable
experience, get paid, strengthen their résumés, and write code for millions
of users.

Previous SoC students helped create the Nmap Scripting Engine, Zenmap...

Nmap 6.25 holiday season release! 85 new scripts, better performance, Windows 8 enhancements, and more Fyodor (Nov 30)
Hi folks. It has been more than five months since the Nmap 6.01
release, and I'm pleased to announce a new version for you to enjoy
during the holidays! Nmap 6.25 contains hundreds of improvements,
including 85 new NSE scripts, nearly 1,000 new OS and service
detection fingerprints, performance enhancements such as the new
kqueue and poll I/O engines, better IPv6 traceroute support, Windows 8
improvements, and much more! It also includes...

Nmap 6.01 Released Fyodor (Jun 22)
Hi folks! I'm happy to report that the Nmap 6.00 release
(http://nmap.org/6 ) last month was a huge success, with hundreds of
thousands of downloads and a bunch of positive articles and reviews.
But any release this big is going to uncover a few issues, so we've
released Nmap 6.01 to address them. This should also appease the more
conservative users who always wait for the first patch update before
installing a major software release....

Nmap 6 Released! Fyodor (May 21)
Hi folks! After almost three years of work, 3,924 code commits, and
more than a dozen point releases since Nmap 5, I'm delighted to
announce the release of Nmap 6! It includes a more powerful Nmap
Scripting Engine, 289 new scripts, better web scanning, full IPv6
support, the Nping packet prober, faster scans, and much more!

For the top 6 improvements in Nmap 6, see the release notes:

http://nmap.org/6

Or you can go straight to the...

Last Chance to Apply for the Nmap/Google Summer of Code! Fyodor (Apr 04)
Hi Folks. I'm happy to announce that the Nmap Project has again been
accepted into the Google Summer of Code program. This innovative and
extraordinarily generous program provides $5,000 stipends to college
and graduate students who want to spend the summer improving Nmap!
They gain valuable experience, get paid, strengthen their résumé, and
write code for millions of users.

Previous SoC students helped create the Nmap Scripting Engine,...

Nmap 5.61TEST5 released with 43 new scripts, improved OS & version detection, and more! Fyodor (Mar 09)
Hi folks! We've been working hard for the last 2 months since
5.61TEST4, and I'm pleased to announce the results: Nmap 5.61TEST5.
This release has 43 new scripts, including new brute forcers for http
proxies, SOCKS proxies, Asterisk IAX2, Membase, MongoDB, Nessus
XMLRPC, Redis, the WinPcap remote capture daemon, the VMWare auth
daemon, and old-school rsync. Better check that your passwords are
strong! Some other fun scripts are...

Other Excellent Security Lists

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

[CVE-2013-0523] IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks VSR Advisories (Jun 19)
VSR Security Advisory
http://www.vsecurity.com/

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Advisory Name: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks
Release Date: 2013-06-19
Application: IBM WebSphere Commerce
Versions: 5.6.X, 6.0.X, 7.0.X, possibly others
Credit: Timothy D. Morgan <tmorgan (a) vsecurity . com>...

[SECURITY] [DSA 2711-1] haproxy security update Moritz Muehlenhoff (Jun 19)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2711-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
June 19, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : haproxy
Vulnerability : several
Problem type : remote...

Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence TC and TE Software Cisco Systems Product Security Incident Response Team (Jun 19)
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence TC and TE Software

Advisory ID: cisco-sa-20130619-tpc

Revision 1.0

For Public Release 2013 June 19 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco TelePresence TC and TE Software contain two vulnerabilities in the implementation of the Session Initiation
Protocol (SIP) that could allow an unauthenticated...

Facebook critical design flaw jjshoe (Jun 19)
On or around September 27, 2012 I disclosed to Facebook through https://www.facebook.com/whitehat/report/ a critical
design flaw in how users share photos using a URI. Once a URI is known the only action the user can take to hide the
contents of a photo album is to delete the album. This means if you ever have a breach, be it someone sitting in front
of your computer, or getting your Facebook password, you must delete all your photo albums to...

Remote code execution in Puppet andreas . lindqvist (Jun 19)
http://puppetlabs.com/security/cve/cve-2013-3567/

ESA-2013-032 RSA BSAFE® Micro Edition Suite Security U pdate for SSL/TLS Plaintext Recovery (aka “Lucky Thirt een”) Vulnerability Security Alert (Jun 19)
ESA-2013-032: RSA BSAFE® Micro Edition Suite Security Update for SSL/TLS Plaintext Recovery (aka Lucky Thirteen)
Vulnerability

EMC Identifier: ESA-2013-032

CVE Identifier: CVE-2013-0169

Severity Rating: CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)

Affected Products:

All versions of RSA BSAFE Micro Edition Suite except for 4.0.3 and 3.2.5

Unaffected Products:

RSA BSAFE Micro Edition Suite 4.0.3 and 3.2.5 (newly released)...

ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities Security Alert (Jun 19)
ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities

EMC Identifier: ESA-2013-039

CVE Identifier: CVE-2011-3389, CVE-2013-0169

Severity Rating: CVSS v2 Base Score: Refer NVD (http://nvd.nist.gov/) for individual scores for each CVE

Affected Products:

All versions of RSA BSAFE SSL-J except for 6.0.1 and 5.1.2

Unaffected Products:

RSA BSAFE SSL-J 6.0.1 and 5.1.2 (newly released)

Summary:

RSA BSAFE SSL-J 6.0.1 and 5.1.2 contain...

ESA-2013-045: RSA BSAFE® SSL-C Security Update for SSL /TLS Plaintext Recovery (aka “Lucky Thirteen”) Vulne rability Security Alert (Jun 19)
ESA-2013-045: RSA BSAFE® SSL-C Security Update for SSL/TLS Plaintext Recovery (aka Lucky Thirteen) Vulnerability

EMC Identifier: ESA-2013-045

CVE Identifier: CVE-2013-0169

Severity Rating: CVSS v2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)

Affected Products:

All versions of RSA BSAFE SSL-C except for 2.8.7

Unaffected Products:

RSA BSAFE SSL-C 2.8.7 (newly released)

Summary:

RSA BSAFE SSL-C 2.8.7 contains updates designed to...

[SECURITY] [DSA 2628-2] nss-pam-ldapd update Moritz Muehlenhoff (Jun 18)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2628-2 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
June 18, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : nss-pam-ldapd
Vulnerability : buffer overflow
Problem type...

[SECURITY] [DSA 2698-1] tiff security update Michael Gilbert (Jun 18)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2698-1 security () debian org
http://www.debian.org/security/ Michael Gilbert
June 18, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : tiff
Vulnerability : buffer overflow
Problem type :...

APPLE-SA-2013-06-18-1 Java for OS X 2013-004 and Mac OS X v10.6 Update 16 Apple Product Security (Jun 18)
APPLE-SA-2013-06-18-1 Java for OS X 2013-004 and
Mac OS X v10.6 Update 16

Java for OS X 2013-004 and Mac OS X v10.6 Update 16 is now available
and addresses the following:

Java
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 or later, OS X Lion Server v10.7 or later,
OS X Mountain Lion 10.8 or later
Impact: Multiple vulnerabilities in Java 1.6.0_45
Description: 8011782 Multiple vulnerabilities existed in Java...

Re: Apple and Wifi Hotspot Credentials Management Vulnerability Jeffrey Walton (Jun 18)
My bad. The application estimates the time to crack the password used.
It does not attempt to recover the password.

Apple and Wifi Hotspot Credentials Management Vulnerability Jeffrey Walton (Jun 18)
This vulnerability was published to the OWASP Mobile Security list as
a research paper by Andreas Kurtz, Daniel Metz and Felix Freiling. See
"Cracking iOS personal hotspots using a Scrabble crossword game word
list," http://lists.owasp.org/pipermail/owasp-mobile-security-project/2013-June/000640.html.

It appears Apple Wifi hotspot passwords are generated using a wordlist
consisting of 1842 words. The authors built a customer cracker to...

[SECURITY] [DSA 2710-1] xml-security-c security update Salvatore Bonaccorso (Jun 18)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2710-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
June 18, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : xml-security-c
Vulnerability : several
Problem type :...

FreeBSD Security Advisory FreeBSD-SA-13:06.mmap FreeBSD Security Advisories (Jun 18)
=============================================================================
FreeBSD-SA-13:06.mmap Security Advisory
The FreeBSD Project

Topic: Privilege escalation via mmap

Category: core
Module: kernel
Announced: 2013-06-18
Credits: Konstantin Belousov
Alan Cox
Affects: FreeBSD 9.0 and...

Full Disclosure — A lightly moderated high-traffic forum for disclosure of security information. Fresh vulnerabilities sometimes hit this list many hours before they pass through the Bugtraq moderation queue. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. Unfortunately, most of the posts are worthless drivel, so finding the gems takes patience.

Microsofts NEW Bug Bounty Program 2013 & BlueHat Competition Bonus Update! Vulnerability Lab (Jun 20)
Microsofts NEW Bug Bounty Program 2013 & BlueHat Competition Bonus Update!

Date: 19 June - 2013
Updates:**BlueHat Competition
New:**Mitigation Bypass Bounty
New: Internet Explorer 11 Preview Bug Bounty

Description:
In the video Mike Reavey, Jonathan Ness and Kate Moussouris shortly
announce the new bug bounty program. The video also impact topics like
bluehat competition update and the mitigation bypass reward.

Video:...

Re: Happy Birthday FreeBSD! Now you are 20 years old and your security is the same as 20 years ago... :) Steven Hartland (Jun 19)
You mean patched:-
http://www.freebsd.org/security/advisories/FreeBSD-SA-13:06.mmap.asc

----- Original Message -----
From: "Hunger" <hunger () hunger hu>

--------------------------------------------------------------------------------

================================================
This e.mail is private and confidential between Multiplay (UK) Ltd. and the person or entity to whom it is addressed.
In the event of...

Happy Birthday FreeBSD! Now you are 20 years old and your security is the same as 20 years ago... :) Hunger (Jun 19)
$ uname -a
FreeBSD fbsd91x64 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec
4 09:23:10 UTC 2012
root () farrell cse buffalo edu:/usr/obj/usr/src/sys/GENERIC amd64
$ id
uid=1001(hunger) gid=1002(hunger) groups=1002(hunger)
$ gcc fbsd9lul.c -o fbsd9lul
$ ./fbsd9lul
FreeBSD 9.{0,1} mmap/ptrace exploit
by Hunger <fbsd9lul () hunger hu>
# id
uid=0(root) gid=0(wheel) egid=1002(hunger) groups=1002(hunger)
#
/*
* FreeBSD 9.{0,1} mmap/ptrace...

Re: Happy Birthday FreeBSD! Now you are 20 years old and your security is the same as 20 years ago... :) Samuel Ports (Jun 19)
Believe patch already released

[SECURITY] [DSA 2712-1] otrs2 security update Florian Weimer (Jun 19)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2712-1 security () debian org
http://www.debian.org/security/ Florian Weimer
June 19, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : otrs2
Vulnerability : privilege escalation
Problem type...

Re: Linkedin Social Network - Persistent Web Vulnerability Vulnerability Lab (Jun 19)
update ... =>

- gov mv
- ismail kaleem

Reference:
http://www.ncit.gov.mv/index.php/en/news/item/204-ncit-has-helped-linkedin-social-network-to-fix-vulnerability

[Security-news] SA-CONTRIB-2013-053 - Login Security - Multiple Vulnerabilities security-news (Jun 19)
View online: https://drupal.org/node/2023585

* Advisory ID: DRUPAL-SA-CONTRIB-2013-053
* Project: Login Security [1] (third-party module)
* Version: 6.x, 7.x
* Date: 2013-June-19
* Security risk: Critical [2]
* Exploitable from: Remote
* Vulnerability: Multiple vulnerabilities

-------- DESCRIPTION
---------------------------------------------------------

Login Security module adds additional access controls to the login form of...

[CVE-2013-0523] IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks VSR Advisories (Jun 19)
VSR Security Advisory
http://www.vsecurity.com/

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Advisory Name: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks
Release Date: 2013-06-19
Application: IBM WebSphere Commerce
Versions: 5.6.X, 6.0.X, 7.0.X, possibly others
Credit: Timothy D. Morgan <tmorgan (a) vsecurity . com>...

[SECURITY] [DSA 2711-1] haproxy security update Moritz Muehlenhoff (Jun 19)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2711-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
June 19, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : haproxy
Vulnerability : several
Problem type : remote...

Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence TC and TE Software Cisco Systems Product Security Incident Response Team (Jun 19)
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence TC and TE Software

Advisory ID: cisco-sa-20130619-tpc

Revision 1.0

For Public Release 2013 June 19 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco TelePresence TC and TE Software contain two vulnerabilities in the implementation of the Session Initiation
Protocol (SIP) that could allow an unauthenticated...

User Credentials Leakage in Panda Cloud Office Protection Buherátor (Jun 19)
Dear List,

More than a year ago I identified a pretty serious bug in the deployment
system of Panda Cloud Office Protection. The bug seems to be fixed since
version 6 (I didn't assess the new implementation thoroughly), but I am
unaware of any official notices about it from the vendor although
management passwords may still be recovered from leftover installers, so I
think it worth to publish the info here:

http://vimeo.com/66384124...

[SECURITY] [DSA 2698-1] tiff security update Michael Gilbert (Jun 19)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2698-1 security () debian org
http://www.debian.org/security/ Michael Gilbert
June 18, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : tiff
Vulnerability : buffer overflow
Problem type :...

DDoS attacks via other sites execution tool MustLive (Jun 18)
Hello participants of Mailing List.

If you haven't read my article (written in 2010 and last week I wrote about
it to WASC list) Advantages of attacks on sites with using other sites
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008846.html),
feel free to do it. In this article I reminded you about using of the sites
for attacks on other sites
(...

[SECURITY] [DSA 2628-2] nss-pam-ldapd update Moritz Muehlenhoff (Jun 18)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2628-2 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
June 18, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : nss-pam-ldapd
Vulnerability : buffer overflow
Problem type...

Joomla crypto vulnerability (all versions) Marco Beierer (Jun 18)
# Vulnerable Application
All current and past versions of Joomla (http://www.joomla.org) up to
1.5.26, 2.5.11, 3.1.1. Also the Joomla platform and maybe the Joomla
framework (not tested). At the moment there is no vendor patch available.

# The Problem
The problem occurs in the implementation of JCryptCipherSimple. The
JCryptCipherSimple encrypts a text with an simple XOR operation in the
Electronic Codebook Mode (ECB). The ECB is insecure by...

Security Basics — A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.

Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.

GreHack 2013 - 2nd Call For Papers - November 15, Grenoble, France F. Duchene (May 29)
---------------------------
*GreHack 2013* — 2nd Call For Papers
November 15, Grenoble, France
http://grehack.org — Twitter: @grehack
---------------------------
*Topics*
The 2nd International Symposium on Grey-Hat Hacking — aka GreHack 2013
— will gather researchers and practitioners from academia, industry,
and government to discuss new advances in computer and information
security research.

All topics related to vulnerability...

c0c0n 2013 CFP - Extended Deadline: 9 June, 2013 c0c0n International Information Security Conference (May 27)
c0c0n 2013 CFP - Extended Deadline: 9 June, 2013

Thanks to everyone for all the paper submissions. The CFP Review Committee
will be evaluating the same for selection. Based on the requests received,
we are extending the CFP deadline to June 9, 2013 in the hope of receiving
few more paper submissions.

/ _ \ / _ \ |__ \ / _ \/_ |___ \
___| | | | ___| | | |_ __ ) | | | || | __) |
/ __| | | |/ __| | | | '_ \ /...

RE: WASC Announcement: Static Analysis Technologies Evaluation Criteria Published Debasis Mohanty (May 19)
Good initiative! I feel one of the important element that is missing is the
"scoring mechanism". Based on what would you distinguish one product from
the other?

I created similar evaluation criteria nearly 7-8 years back for evaluating
SCA products using a QFD. That was the time I was introduced to 6-sigma and
thought a QFD is a best approach to have appropriate scoring for various
pilot parameters. However I never released it to the...

CONFidence - May, 28-29, Krakow, Poland - a conference adventure that never stops! Sławomir Jabs (May 19)
Everything has a story, everything evolves, adapts to changing circumstances
but does your IT Sec strategy evolve with the development of the digital
world?

Are you wiling to gamble on the security of you systems?

Join the upcoming CONFidence conference and meet both renown speakers and
specialists who deal with the IT security on a daily basis. People like,
you, who never stop asking questions and play with risks all the time...

We will...

[HITB-Announce] HITB Magazine Issue 010 Hafez Kamal (May 14)
Hi everyone,

A small reminder that article submissions for HITB Magazine Issue 010
are due tomorrow (15th May 2013). If you're interested in submitting
please send your > 3000 word article to editorial () hackinthebox org

Topics of interest include, but are not limited to the following:

Next generation attacks and exploits
Apple / OS X security vulnerabilities
SS7/Backbone telephony networks
VoIP security
Data...

SpiderFoot 2.0 released Steve Micallef (May 10)
Hi everyone,

SpiderFoot is a free, open-source footprinting tool, enabling you to
perform various scans against a given domain name in order to obtain
information such as sub-domains, e-mail addresses, owned netblocks, web
server versions and so on. The main objective of SpiderFoot is to
automate the footprinting process to the greatest extent possible,
freeing up a penetration tester's time to focus their efforts on the
security...

WASC Announcement: Static Analysis Technologies Evaluation Criteria Published announcements (May 10)
The Web Application Security Consortium (WASC) is pleased to announce the
Static Analysis Technologies Evaluation Criteria. The goal of the SATEC
project is to create a vendor-neutral set of criteria to help guide
application security professionals during the process of acquiring a
static code analysis technology that is intended to be used during
source-code driven security programs. This document provides a
comprehensive list of criteria that...

Ruxcon 2013 Call For Papers cfp (May 07)
Ruxcon 2013 Call For Presentations
Melbourne, Australia, October 26th-27th
CQ Function Centre
http://www.ruxcon.org.au/call-for-papers/

The Ruxcon team is pleased to announce the Call For Presentations for Ruxcon 2013.

This year the conference will take place over the weekend of the 26th and 27th
of October at the CQ Function Centre, Melbourne, Australia.

.[x]. About Ruxcon .[x].

Ruxcon is ia premier technical computer security conference...

[TOOL] TOPERA v2 released cr0hn (May 07)
Hi everybody,

We just released TOPERA v2:

TOPERA is a new security tool for IPv6, with the particularity that their attacks can't be detected by Snort.

This new version of TOPERA include these improvements:

1 - Slow HTTP attacks (Slowloris over IPv6).
2 - Improved TCP port scanner.

New project page:

http://toperaproject.github.io/topera/

Regards!...

[HITB-Announce] #HITB2013KUL Call for Papers Hafez Kamal (May 01)
Hi everyone - This is a Call for Papers for the 11th annual HITB
Security Conference in Malaysia, #HITB2013KUL which takes place on the
16th and 17th of October in Kuala Lumpur.

Keynote speakers for the conference will be Joe Sullivan (Chief Security
Officer, Facebook) and Andy Ellis (Chief Security Officer, Akamai)

We're looking for talks that are highly technical, but most importantly,
material which is new and cutting edge. Submissions...

Breakpoint 2013 Call For Papers cfp (May 01)
Breakpoint 2013 Call For Papers
Melbourne, Australia, October 24th-25th
Intercontinental Rialto
http://www.ruxconbreakpoint.com

.[x]. Introduction .[x].

The Ruxcon team is pleased to announce Call For Papers for Breakpoint 2013.

Breakpoint showcases the work of expert security researchers from around the
world on a wide range of topics. This conference is organised by the Ruxcon
team and offers a specialised security conference to...

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

Firewall Wizards — Tips and tricks for firewall administrators

Re: Linked-in and its Phishing-like contacts option! lordchariot (May 01)
Yeah, I was trying to make this non-product specific, but most vendors can actually do this to some degree or another.

Here's how we do it on my product:

https://mcafee.box.com/MWG7-FeatureDemo-Part2

The problem with doing it at a network layer with an IDS is the SSL decryption. Almost everything nowadays is HTTPS, so
it's game over if you cannot open up the encryption.

e²

_____________________________________

From:...

Re: Linked-in and its Phishing-like contacts option! Jon Robinson (May 01)
It's not free but Palo Alto Networks does this.You can search here to see
which applications/sites they can control:
http://apps.paloaltonetworks.com/applipedia/

Jon Robinson
Digital Scepter
desk (951) 461-7868
mobile (562) 682-0821
jon () digitalscepter com

Re: Linked-in and its Phishing-like contacts option! Mathew Want (May 01)
Read only access to the sites. I like that idea a lot.

Has anyone else come across this requirement or found a good way to do it
at a control point level? Perhaps at the IDS layer?

M@

Re: OpenBSD IPSEC VPN question Chris Buechler (May 01)
You can, but that's a different circumstance. That would be IPsec
transport mode, which in combination with gif, GRE or similar
tunneling indeed doesn't have such requirements/quirks since there is
a route in the routing table in that case. Tunnel mode is more common,
which is what's applicable to the subject of this thread. Routing
table changes have no impact on whether traffic in BSD traverses a
tunnel mode IPsec connection,...

Re: OpenBSD IPSEC VPN question Paul D. Robertson (May 01)
It's been a while since I've done it, but Linux used to make an ipsec0 interface that was handled with the standard
routing table. Possibly in *BSD you need to use a gre or gif tunnel to achieve the same thing?

Paul

Re: OpenBSD IPSEC VPN question Chris Buechler (May 01)
This is true of all the BSDs with IPsec (and maybe Linux and other
*nix OSes but not sure of those). Traffic that doesn't have a specific
source IP set gets the source IP that's closest to the destination per
the routing table. IPsec doesn't have a routing table entry, traffic
follows the SPD. So it ends up getting the IP that's nearest the
default gateway, which is most always a public IP, which is most
always not going to...

Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

CFP Extended - OWASP InfoSec India Conference 2013 Dhruv Soi (Jun 14)
Good News for information security experts who couldn't yet submit
their papers for "OWASP InfoSec India Conference 2013" happening at
Hotel Crowne Plaza, Gurgaon, New Delhi NCR, India from August 30-31,
2013.

With few great papers submitted already, we would like to take this
opportunity to extend the CFP submission dates to 10 more days in
order to allow maximum participation.

CFP is now closing on June 25th, 2013, more details...

t2'13: Call for Papers 2013 (Helsinki / Finland) Tomi Tuominen (Jun 11)
# t2'13 - Call For Papers #
Helsinki, Finland
October 24 - 25, 2013

We are pleased to announce the annual t2'13 infosec conference, which
will take place in Helsinki, Finland, from October 24 to 25, 2013.

We are looking for original, preferably technical presentations in the
fields of information security. Presentations should last a minimum of
60 minutes and a maximum of two...

c0c0n 2013 CFP - Extended Deadline: 9 June, 2013 c0c0n International Information Security Conference (May 27)
c0c0n 2013 CFP - Extended Deadline: 9 June, 2013

Thanks to everyone for all the paper submissions. The CFP Review Committee
will be evaluating the same for selection. Based on the requests received,
we are extending the CFP deadline to June 9, 2013 in the hope of receiving
few more paper submissions.

/ _ \ / _ \ |__ \ / _ \/_ |___ \
___| | | | ___| | | |_ __ ) | | | || | __) |
/ __| | | |/ __| | | | '_...

CONFidence - May, 28-29, Krakow, Poland - a conference adventure that never stops! Sławomir Jabs (May 17)
Everything has a story, everything evolves, adapts to changing circumstances
but does your IT Sec strategy evolve with the development of the digital
world?

Are you wiling to gamble on the security of you systems?

Join the upcoming CONFidence conference and meet both renown speakers and
specialists who deal with the IT security on a daily basis. People like,
you, who never stop asking questions and play with risks all the time...

We will...

RE: WASC Announcement: Static Analysis Technologies Evaluation Criteria Published Debasis Mohanty (May 17)
Good initiative! I feel one of the important element that is missing is the
"scoring mechanism". Based on what would you distinguish one product from
the other?

I created similar evaluation criteria nearly 7-8 years back for evaluating
SCA products using a QFD. That was the time I was introduced to 6-sigma and
thought a QFD is a best approach to have appropriate scoring for various
pilot parameters. However I never released it to the...

[HITB-Announce] HITB Magazine Issue 010 Hafez Kamal (May 14)
Hi everyone,

A small reminder that article submissions for HITB Magazine Issue 010
are due tomorrow (15th May 2013). If you're interested in submitting
please send your > 3000 word article to editorial () hackinthebox org

Topics of interest include, but are not limited to the following:

Next generation attacks and exploits
Apple / OS X security vulnerabilities
SS7/Backbone telephony networks
VoIP security
Data...

WASC Announcement: Static Analysis Technologies Evaluation Criteria Published announcements (May 11)
The Web Application Security Consortium (WASC) is pleased to announce the
Static Analysis Technologies Evaluation Criteria. The goal of the SATEC
project is to create a vendor-neutral set of criteria to help guide
application security professionals during the process of acquiring a
static code analysis technology that is intended to be used during
source-code driven security programs. This document provides a
comprehensive list of criteria that...

SpiderFoot 2.0 released Steve Micallef (May 06)
Hi everyone,

SpiderFoot is a free, open-source footprinting tool, enabling you to
perform various scans against a given domain name in order to obtain
information such as sub-domains, e-mail addresses, owned netblocks, web
server versions and so on. The main objective of SpiderFoot is to
automate the footprinting process to the greatest extent possible,
freeing up a penetration tester's time to focus their efforts on the
security...

[HITB-Announce] #HITB2013KUL Call for Papers Hafez Kamal (May 01)
Hi everyone - This is a Call for Papers for the 11th annual HITB
Security Conference in Malaysia, #HITB2013KUL which takes place on the
16th and 17th of October in Kuala Lumpur.

Keynote speakers for the conference will be Joe Sullivan (Chief Security
Officer, Facebook) and Andy Ellis (Chief Security Officer, Akamai)

We're looking for talks that are highly technical, but most importantly,
material which is new and cutting edge. Submissions...

Breakpoint 2013 Call For Papers cfp (May 01)
Breakpoint 2013 Call For Papers
Melbourne, Australia, October 24th-25th
Intercontinental Rialto
http://www.ruxconbreakpoint.com

.[x]. Introduction .[x].

The Ruxcon team is pleased to announce Call For Papers for Breakpoint 2013.

Breakpoint showcases the work of expert security researchers from around the
world on a wide range of topics. This conference is organised by the Ruxcon
team and offers a specialised security conference to...

Arachni v0.4.2 has been released (Open Source Web Application Security Scanner Framework) Tasos Laskos (Apr 29)
Hey folks,

This is just to let you know that there's a new version of Arachni.

Arachni is a modular and high-performance (Open Source) Web Application Security Scanner Framework written in Ruby.

The change-log is quite sizeable but the gist is:
* Brand new web interface -- allowing for team collaboration.
* Significant decreases in memory usage.
* Issue remarks – Providing extra context to logged issues.
* Improved payloads...

Administrivia - slow moderation this week Andrew van der Stock (Apr 28)
Hi all,

I'm going to be in Milan this week.

Not that there are many messages to moderate, but moderation will be
iffy / slow this next week, particularly during the bits where various
planes are flapping their wings and going "whoosh".

Normal moderation service will resume May 5.

thanks,
Andrew

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here -...

A survey on qunatifying severity of vulnerabilities in softwares Khalid Khan Afridi (Apr 18)
Hello!

I am currently performing my master thesis on the topic of quantifying the
severity of
software vulnerabilities.

As you have done significant work in this area, I would be glad if you
could spare a few
minutes of your time to answer a survey on the topic. It should not
require more than 15-20
minutes to complete.

The survey can be found at: http://secsurvey.ics.kth.se/index.php

Thank you for your attention!

Best Regards,
Khalid Khan...

Defcon DCG Kerala Information Security Meet 2013 Ajin Abraham (Apr 07)
Defcon DCG Kerala Information Security Meet 2013
=====================================
Defcon DCG Kerala (DC0497) is a Defcon USA registered group for
promoting and demonstrating research and development in the field of
Information Security. We are a group of Information Security
Enthusiasts actively interested in promoting information security.
Defcon Kerala Information Security Meet will be a platform for
security analysts, ethical hackers,...

c0c0n 2013 - Call For Papers and Call For Workshops c0c0n International Information Security Conference (Apr 06)
/ _ \ / _ \ |__ \ / _ \/_ |___ \
___| | | | ___| | | |_ __ ) | | | || | __) |
/ __| | | |/ __| | | | '_ \ / /| | | || ||__ <
| (__| |_| | (__| |_| | | | | / /_| |_| || |___) |
\___|\___/ \___|\___/|_| |_| |____|\___/ |_|____/

###################################################
c0c0n 2013 - Call For Papers and Call For Workshops
###################################################

August 22-24, 2013 -...

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

Re: Defeating what's next Val Smith (Jun 17)
I love offense. I have been offensively focused from a work perspective
since about 1995, and personally since 1982. I love writing exploits and
have personally hacked 10s of 1000s of computers with my own tools.

In the last few years I have been helping a number of very large
customers with security. What I have learned, sadly, is the following:

- No 0day in existence can help them
- Reverse engineering & memory forensics are basically...

Re: Defeating what's next toby (Jun 17)
Actually, I don't know what other people on the defense side think of when
someone says "Indicators of Compromise" but I don't think about hashes or
file names or registry keys at all.
I think about anomalous login times, unusual traffic
destinations/sources/volumes, unusual file accesses (to file servers, not
file access time on a potentially compromised client), patterns of
exploration or spreading changes in behavior that...

Chris Eagle's INFILTRATE Keynote Dave Aitel (Jun 14)
Keynotes, unlike normal technical talks, should sometimes cover very
broad areas because your keynote speakers should have broad, interesting
experiences. Chris Eagle's keynote at INFILTRATE 2013 is one of those.
Few people knew that before working with IDA, Chris Eagle was a Naval
Pilot. And yet, an entire talk without OODA loops!

Just as a note: you can buy INFILTRATE 2014 tickets now, and while we
will probably not fill up the conference...

Re: Defeating what's next Moses (Jun 14)
Indicators of Compromise or more appropriately those that are Open
Indicators of Compromise. We have had many proprietary solutions that
used 'signature based' indicators for a quite a long time. Some of them
you never could run in an open or customizable fashion like A/V. Can't
have their secret sauce all over the preverbal industry. Others that you
could run in an open fashion on an infrastructure, like Snort, were used...

Re: Defeating what's next Ben Miller (Jun 13)
so I think one of the more powerful thing about IOCs is that it is open. To
Havlar's point, this assists in forming communities and establishing
confidence. Incidentally, communities and confidence is not something bad
guys are generally lacking but defenders are.

A stack of IOCs can also better inform a defender on what to expect. For
instance, the sequence of IOCS of an attack may outline a dropper, benign
document, a trojan and 10 minute...

Re: Defeating what's next Vitaly Osipov (Jun 13)
… or, Ptolemaic model of the solar system of infosec.

Required reading: https://en.wikipedia.org/wiki/Deferent_and_epicycle

In all enterprise-y security courses they will teach you that there
are several components to defence processes:

10. If you can, try to prevent bad guys getting to you
20. If you cannot, try to detect an attempt to get in before it succeeds
30. If you cannot detect attempts, aim to detect whether you've been...

Re: Defeating what's next Halvar Flake (Jun 12)

Re: Defeating what's next Kristian Erik Hermansen (Jun 12)
It's the same reason DENTISTS STILL HAVE JOBS. We can -- with nearly
100% certainty -- prevent tooth decay. The fact that we don't shows
that we are human and naturally flawed. Even when 100% of the problem
is within our control, humans still get cavities. Security is far less
in one's control, due to vendor requirements / open source libraries /
etc., so the problem of course will be much worse. How many people on
this list have...

Re: Defeating what's next Brad Andrews (Jun 12)
Perhaps everything basically boils down into that, at one form or another. How many new things are really under the
sun?

From: John Strand
Sent: Wednesday, June 12, 2013 9:31 AM
To: Dave Aitel
Cc: dailydave () lists immunityinc com
Subject: Re: [Dailydave] Defeating what's next

Why does it seem we are moving from blacklists to "new and improved" blacklists?

It seems like the industry is caught between choosing between...

Re: Defeating what's next Nick Selby (Jun 12)
Great thread. The only thing I would expand on Dave's description of
"indicators of Compromise" is that for us, when we get called in because
the customer doesn't believe it's been compromised but wants to quiet down
Bill in IT Security so he'll shaddup already, our indicators of compromise
are all human and procedural and policy-based. Before we even run an nmap
scan we have put together a fairly accurate prediction...

Re: Defeating what's next security curmudgeon (Jun 12)
: Why does it seem we are moving from blacklists to "new and improved"
: blacklists?
:
: It seems like the industry is caught between choosing between things
: that dont work (i.e. blacklists, "better" firewalls) and things which
: are hard to implement (i.e. whitelists, better internal network
: segmentation, baseline monitoring, etc.)

Because we are. You can sell "new signatures" as a subscription model for...

Re: Defeating what's next Arrigo Triulzi (Jun 12)
[...]
That way, by the time someone

As painfully learned during my brief startup stint: never speak the truth about the limitations of your security
product as it does not show knowledge of the problem space but loses you sales and VC money.

Arrigo

Re: Defeating what's next Justin Seitz (Jun 12)
This is true arguably because the overall skill of the infosec industry
is on the decline. As one of my Canadian counterparts once said: "The
term security researcher or penetration tester really means 'can run
Nessus'". No different for the defense side.

The best bet for any company slogging the new and improved defense
mechanisms is to wrap it in a $100k pretty 2U chassis, and have insanely
stringent trial request...

Re: Defeating what's next John Strand (Jun 12)
Why does it seem we are moving from blacklists to "new and improved"
blacklists?

It seems like the industry is caught between choosing between things that
dont work (i.e. blacklists, "better" firewalls) and things which are hard
to implement (i.e. whitelists, better internal network segmentation,
baseline monitoring, etc.)

I think Paul said, "Every time you hit the easy button, God deploys another
trojan on your...

Defeating what's next Dave Aitel (Jun 12)
Hackers spend a lot of time looking at what's coming down the technology
road at them. In a sense, this business is about learning how to stare
down the barrel of a gun and not blinking for decades at a time. When
you blink, you end up a CISSP. Richer financially, but poorer in 0days,
the only currency that matters to someone with your particular addiction.

Terminology can reveal a lot, as can business strategies. I spent some
time on the...

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

Re: Running applications that require admin rights in Windows? Nathan Sweaney (Jun 19)
The EncryptedRunAs program sounds very similar to old program called CPAU.
It's no longer supported, but still works fine on Windows 7 and it's free.
However, both programs have a serious flaw. In order to run the actual
command you want with the credentials that are "encrypted," they have to
have the encryption key and use it to decrypt the command. In other words,
at best you have several layers of obfuscation on top of an...

Re: Running applications that require admin rights in Windows? Michael Salmon (Jun 19)
I got a lot of options to review now, a lot more then reading suggestions
at online tech forums. Part of the problem is one of the software package
I'm thinking of using it on is a wireless card software called Tata Photon+
that our remote users in India run. Not something I have here to test.
I'd prefer to either use the sysinternal tools to grant access to the
necessary files\folders\regkeys or maybe grant RunAsInvoker or the...

Re: Running applications that require admin rights in Windows? Guillaume Ross (Jun 19)
For those who have had issues with Time zones in the past, it's worth knowing that in Windows there are now two
different User Rights:

One for changing the system time (which non admins definitely do not need)
One for changing the timezone (which non admins greatly appreciate having)

Minor feature but makes a big difference.

For the rest of the stuff, as mentioned before:

1 - Delegate the proper permissions on the files and registry
2 -...

Re: Running applications that require admin rights in Windows? Tony Turner (Jun 18)
In the past I used regmon and tokenmon to understand what rights apps need
to run and then made permissions changes on specific registry keys or
protected files to allow privileged access and included that custom config
in default build for that subsection of users requiring elevated access.
Make sure you understand the security implications of any permissions
changes if you take this approach. For enterprise specific browser
addons/ActiveX...

Re: Running applications that require admin rights inWindows? Ryan (Jun 18)
I use Windows permissions/access control lists to allow the group/user access to the required files, directories and
registry keys. Figuring out what they need access to and that level of access is the tricky part. Procmon
(Sysinternals/Microsoft) is a great tool for this and many other types of application debugging. It will monitor file,
registry, process and network access to tell when the required application is running successfully as...

Re: BSidesRI Videos Omid Mohammadi (Jun 18)
Thanks!

Regards,
Omid
Sent from my mobile device

Re: Running applications that require admin rights in Windows? Jesse McMinn (Jun 18)
I recently encountered this issue in my environment while migrating to
Windows 7. I have a decent amount of legacy software requiring
administrator rights that the developers don't have time to fix.

I used the Microsoft Application Compatibility Toolkit to grant
RunAsInvoker rights to the specific programs needing admin rights. You can
test to see if it will run at that point and adjust as needed. The end
result is a .sdb file you can...

Re: Running applications that require admin rights in Windows? Michael Salmon (Jun 18)
Hi Mike,
Thank you. I did get some ideas from those that hit me up off the list. I
had three recommendations.
Danilo recommended EncryptedRunAS software from
http://www.wingnutsoftware.com/
Ty recommended a product from Avecto called Privilege Guard that his
company is using with great results.
Craig recommended a third option but it may be the same concept as using a
shortcut to 'runas /user:computername\administrator /savecred "Path...

Re: Running applications that require admin rights in Windows? Michael Dickey (Jun 18)
I'm not going to help a ton since I'm a few years removed from being useful
on the desktop, but where I work, we either don't allow that software or we
make exceptions based on roles.

For software that just needs admin rights, we do whatever we can to say no
to having it in our network. If we absolutely must, we do entertain the
idea of hosting it on a virtual Windows desktop system and granting
as-needed access to it or...

Re: Running applications that require admin rights in Windows? Larry Petty (Jun 18)
Look into the ForceAdminAccess application shim.

http://technet.microsoft.com/en-us/library/cc766024%28v=ws.10%29.aspx

From: pauldotcom-bounces () mail pauldotcom com [mailto:pauldotcom-bounces () mail pauldotcom com] On Behalf Of Michael
Salmon
Sent: Sunday, June 16, 2013 10:26 PM
To: PaulDotCom Security Weekly Mailing List
Subject: [Pauldotcom] Running applications that require admin rights in Windows?

Hi guys,
Got a question I'd like...

Re: Running applications that require admin rights in Windows? Bugbear (Jun 18)
Hey Michael

We stripped admin rights out years ago. It was a fair amount of work (took
a solid year) but what we did was to document the registry keys and file
locations each software uses and give the user modify to only those
locations and files. (Like I said it took some time) In most cases these
are easy locations to find based on the naming but there were some cases
where we would have to turn to things like Sysinternals ProcMon to...

Re: Running applications that require admin rights in Windows? Mike Perez (Jun 18)
As luck would have it, I'm in the Windows Security class with Jason Fossen.
I'll ask him if he has any specific recommendations.

Did you get any feedback from the list yet? If so, please share!

Thanks,
Mike

On Sun, Jun 16, 2013 at 10:25 PM, Michael Salmon <lonestarr13 () gmail com>wrote:

Re: official site of Security Certified Network Professional (SCNP) Glenn Barrett (Jun 17)
I had both the SCNP and SCNA back in approx. 2008. I believe at one point
it was even one of the security certs that fulfilled one of the Dog
requirements. The company issuing the cert then got bought out by a foreign
company and it seemed harder to get any more information, so I didn't
bother trying to renew. The material and exam were actually quite
comprehensive. No idea what the current state of these certs is though.

Re: BSidesRI Videos d4x (Jun 17)
Thank you Adrian!

Sent from my mobile

Re: BSidesRI Videos Patrick Laverty (Jun 17)
He already did! He had three of them up a few hours or so before the
presenter even started!! :)

Adrian rocks.

If you're doing conference videos and don't bring in Adrian, you're doing
it wrong.

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

Microsoft Security Bulletin Minor Revisions Microsoft (Jun 18)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: June 18, 2013
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS13-048

Bulletin Information:
=====================

* MS13-048 - Important

-...

Microsoft Security Bulletin Minor Revisions Microsoft (Jun 13)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: June 12, 2013
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS13-048

Bulletin Information:
=====================

* MS13-048 - Important

-...

Microsoft Security Bulletin Summary for June 2013 Microsoft (Jun 11)
********************************************************************
Microsoft Security Bulletin Summary for June 2013
Issued: June 11, 2013
********************************************************************

This bulletin summary lists security bulletins released for
June 2013.

The full version of the Microsoft Security Bulletin Summary for
June 2013 can be found at
http://technet.microsoft.com/security/bulletin/ms13-jun.

With the release...

Microsoft Security Advisory Notification Microsoft (Jun 11)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: June 11, 2013
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (2755801)
- Title: Update for Vulnerabilities in Adobe Flash Player in
Internet Explorer 10
-...

Microsoft Security Bulletin Minor Revisions Microsoft (May 29)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: May 29, 2013
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS12-069
* MS13-038
* MS13-040

Bulletin Information:
=====================

* MS12-069 - Important...

Microsoft Security Bulletin Minor Revisions Microsoft (May 23)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: May 23, 2013
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS12-044

Bulletin Information:
=====================

* MS12-044 - Important

-...

Microsoft Security Bulletin Minor Revisions Microsoft (May 22)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: May 22, 2013
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS12-081
* MS13-037
* MS13-MAY

Bulletin Information:
=====================

* MS12-081 - Critical

-...

Microsoft Security Bulletin Minor Revisions Microsoft (May 16)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: May 15, 2013
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS13-045

Bulletin Information:
=====================

* MS13-045 - Important

-...

Microsoft Security Advisory Notification Microsoft (May 14)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: May 14, 2013
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (2846338)
- Title: Vulnerability in Microsoft Malware Protection Engine
Could Allow Remote Code Execution
-...

Microsoft Security Bulletin Minor Revisions Microsoft (May 14)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: May 14, 2013
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS13-009

Bulletin Information:
=====================

* MS13-009 - Critical

-...

Microsoft Security Bulletin Summary for May 2013 Microsoft (May 14)
********************************************************************
Microsoft Security Bulletin Summary for May 2013
Issued: May 14, 2013
********************************************************************

This bulletin summary lists security bulletins released for
May 2013.

The full version of the Microsoft Security Bulletin Summary for
May 2013 can be found at
http://technet.microsoft.com/security/bulletin/ms13-may.

With the release of...

Microsoft Security Bulletin Advance Notification for May 2013 Microsoft (May 09)
********************************************************************
Microsoft Security Bulletin Advance Notification for May 2013
Issued: May 9, 2013
********************************************************************

This is an advance notification of security bulletins that
Microsoft is intending to release on May 14, 2013.

The full version of the Microsoft Security Bulletin Advance
Notification for May 2013 can be found at...

Microsoft Security Advisory Notification Microsoft (May 08)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: May 8, 2013
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (2847140)
- Title: Vulnerability in Internet Explorer Could Allow
Remote Code Execution
-...

Microsoft Security Advisory Notification Microsoft (May 04)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: May 3, 2013
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (2847140)
- Title: Vulnerability in Internet Explorer Could Allow
Remote Code Execution
-...

Microsoft Security Bulletin Minor Revisions Microsoft (Apr 26)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: April 26, 2013
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS12-043

Bulletin Information:
=====================

* MS12-043 - Critical

-...

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

GCHQ intercepted foreign politicians' communications at G20 summits Jeffrey Walton (Jun 18)
Its nice to see the US has company....

http://www.guardian.co.uk/uk/2013/jun/16/gchq-intercepted-communications-g20-summits

Re: "1984" sales spike Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jun 17)
Date sent: Fri, 14 Jun 2013 15:25:33 -0400
From: Jeffrey Walton <noloader () gmail com>

Oh, surely no politician would ever do such a thing ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
well, the last remaining computer in the house with Windows on it
died this morning.
-...

Re: [funsec] On the Internet, the NSA Definitely K nows You’re a Dog (Comic_ John C. A. Bambenek, GCIH, CISSP (Jun 17)
Awesome

On the Internet, the NSA Definitely K nows You’re a Dog (Comic_ Paul Ferguson (Jun 17)
Enjoy:

http://allthingsd.com/20130617/then-and-now-comic/

- ferg

Re: Former DOJ Prosecutor Files $3 Billion Suit Against Obama, Holder, NSA, Verizon Over PRISM Rich Kulawiec (Jun 17)
The oligarchy *owns* the media, if we define "media" as "major newspapers,
magazines, radio stations, television stations, and cable networks".
Over the past several decades, the dividing line between the newsroom
and the business department has steadily eroded -- as a timely example,
the newspaper of Woodward, Bernstein, Bradley, and Graham has this past
week quietly announced "sponsored" editorials. Gack. Blech....

Re: Former DOJ Prosecutor Files $3 Billion Suit Against Obama, Holder, NSA, Verizon Over PRISM Jeffrey Walton (Jun 17)
Valdis, I don't expect the victims (us) to find redress.

The lawsuit is a form of civil disobedience. See item 63 under
"Noncooperation with Social Events, Customs, and Institutions ,"
http://www.aeinstein.org/organizations103a.html.

What I find interesting is the suit is being minimized, much like the
folks in the Occupy movement. Contrast that to the media's coverage of
"Snowden the Traitor" stories. Do yo think...

Re: Former DOJ Prosecutor Files $3 Billion Suit Against Obama, Holder, NSA, Verizon Over PRISM John C. A. Bambenek, GCIH, CISSP (Jun 17)
He is also a birther who filed suits on that topic. Unfortunately the front
runner on this has no credibility.

Re: Former DOJ Prosecutor Files $3 Billion Suit Against Obama, Holder, NSA, Verizon Over PRISM Valdis . Kletnieks (Jun 16)
On Sat, 15 Jun 2013 20:55:25 -0400, Jeffrey Walton said:

This will almost certainly go nowhere, for the exact same reason that
most of the lawsuits about warrantless spying went nowhere - nobody can
show proof they were actually spied on and therefor have standing to sue
as "plaintiff who was spied on". Every single one of the warrantless
spying cases went bye-bye except for one law firm that got hold of an
accidentally released...

Former DOJ Prosecutor Files $3 Billion Suit Against Obama, Holder, NSA, Verizon Over PRISM Jeffrey Walton (Jun 16)
https://www.google.com/#q=Larry+Klayman+lawsuit+prism

All the references are non-mainstream (Washington Post, NY Times, and
other mainstream outlets have not picked up the story yet....).

Re: "1984" sales spike Rich Kulawiec (Jun 15)
A) I have sometimes jokingly suggested that perhaps all of this could
have been avoided if we'd simply given the nascent state of Israel
half of Nevada, and paid to move everything there.

Oh, sure, expensive as hell, but then again, 70 years of bloodshed,
instability, proxy wars, killings, more killings, killings because
of killings and more killings, etc., etc., etc. is expensive too.
And it may yet end in a nuclear exchange, whose...

Re: "1984" sales spike Jeffrey Walton (Jun 14)
No, I don't believe it had anything to do with Immigration Reform.

If you believe its a very small group of individuals are involved and
the Fatwa only covers seven years, then I believe you are sadly
mistaken. The US foreign policy in the Middle East has been f**k'd up
since before I was born, so that's at least 50 years.

In fact, the US meets its own definition of a nation exporting terror
when you take into consideration its...

Re: "1984" sales spike Jeffrey Walton (Jun 14)
+1

+1
Has anyone else noticed that when the US f**ks up really bad, then the
argument turns to Immigration to distract us? When Bush lied and
invaded Iraq, Immigration became an issue. When Wikileaks received
documents about the US actions in its wars, Immigration became an
issue. Now we have the evidence of the widespread spying by the US
government agencies, and again Immigration is rearing its head.

I'm starting to believe there's...

Re: "1984" sales spike Jeffrey Walton (Jun 14)
Sorry Vic. I was outside cutting the grass, and I just got back.

Jeff

Re: "1984" sales spike Blanchard, Michael (InfoSec) (Jun 14)
Not at all... staying there and dealing with it is a choice for sure, although a bad choice. I would say he made the
right choice by immigrating to the states....

I'm sure your Grandfather came here legally, and didn't try to hide within the system. Just as my Great Grandfather
did from Montreal.

I'm not against immigration, I'm actually completely for immigration.... just immigrate legally...

One thing I will say,...

Re: "1984" sales spike Vic Vandal (Jun 14)
Jeff,

I notice that you left out these original words of mine in your response:
"Just for the record, I'm pro-immigration but anti-illegal-immigration, and calling for fiscal responsibility on this
topic should not be misconstrued as any bias against migrant workers from below our southern border."

Yep, you must have missed that part about "pro-immigration". I'm all for allowing a logical number of people from...

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

Alert - Upcoming Mail Delivery Changes US-CERT Alerts (May 10)
National Cyber Awareness System
US-CERT Alert - Upcoming Mail Delivery Changes

Thank you for being a subscriber to our US-CERT Alerts product. We
are striving to keep our capabilities at the leading edge of
communication. You may have noticed we've redesigned and upgraded our
website recently and as a part of that process, on May 14th, we are
migrating to GovDelivery as our email subscription service. As a
current subscriber you will...

Current Activity - Upcoming Mail Delivery Changes Current Activity (May 10)
National Cyber Awareness System

Thank you for being a subscriber to our US-CERT Current Activity
product. We are striving to keep our capabilities at the leading edge
of communication. You may have noticed we've redesigned and upgraded
our website recently and as a part of that process, on May 14th, we
are migrating to GovDelivery as our email subscription service. As a
current subscriber you will need to do nothing. You will notice a...

Current Activity - Microsoft Releases Advance Notification for May 2013 Security Bulletin Current Activity (May 09)
National Cyber Awareness System
Microsoft Releases Advance Notification for May 2013 Security Bulletin

Original release date: May 09, 2013

Microsoft has issued a Security Bulletin Advanced Notification
indicating that its May release will contain 10 bulletins. These
bulletins will have the severity rating of critical and important and
will be for Microsoft Windows, Office, Internet Explorer, .NET
Framework, Lync, and Windows Essentials. These...

Current Activity - Adobe Releases Security Advisory for ColdFusion Current Activity (May 09)
National Cyber Awareness System
Adobe Releases Security Advisory for ColdFusion

Original release date: May 09, 2013

Adobe has identified a critical vulnerability affecting ColdFusion 10,
9.0.2, 9.0.1, 9.0, and earlier versions for Windows, Macintosh, and
UNIX. This vulnerability (CVE-2013-3336) could permit an unauthorized
user to remotely retrieve files stored on a server. There are reports
that an exploit of this vulnerability is publicly...

Current Activity - Microsoft Releases Security Advisory for Internet Explorer Current Activity (May 07)
National Cyber Awareness System
Microsoft Releases Security Advisory for Internet Explorer

Original release date: May 07, 2013

Microsoft is investigating public reports of a remote code execution
vulnerability in Internet Explorer 8 and is aware of attacks that
attempt to exploit this vulnerability. This vulnerability may allow an
attacker to execute arbitrary code if a user accesses a specially
crafted website. Microsoft is actively working...

Current Activity - Cisco Releases Security Advisories Current Activity (Apr 25)
National Cyber Awareness System
Cisco Releases Security Advisories

Original release date: April 25, 2013

Cisco has released three security advisories to address vulnerabilities
affecting Cisco NX-OS-based products, Cisco Device Manager, and Cisco
Unified Computing System. These vulnerabilities may allow an attacker to
bypass authentication controls, execute arbitrary code, obtain sensitive
information, or cause a denial-of-service condition....

Current Activity - Apple Releases Security Updates for Safari Current Activity (Apr 18)
National Cyber Awareness System
Apple Releases Security Updates for Safari

Original release date: April 18, 2013

Apple has released security updates for Safari 6.0.4 WebKit to address
multiple vulnerabilities. These vulnerabilities could allow a remote
attacker to execute arbitrary code or cause a denial-of-service
condition.

Safari 6.0.4 WebKit updates are available for the following versions:
* OS X Lion v10.7.5
* OS X Lion Server v10.7.5...

Alert TA13-107A: Oracle has released multiple updates for Java SE US-CERT Alerts (Apr 18)
National Cyber Awareness System
TA13-107A: Oracle has released multiple updates for Java SE

Original release date: April 17, 2013

Systems Affected

* JDK and JRE 7 Update 17 and earlier
* JDK and JRE 6 Update 43 and earlier
* JDK and JRE 5.0 Update 41 and earlier
* JavaFX 2.2.7 and earlier

Overview

Oracle has released a Critical Patch Update (CPU) for Java SE. Oracle
strongly recommends that customers apply CPU fixes as soon as possible....

Current Activity - Scams Exploiting Boston Marathon Explosion Current Activity (Apr 17)
National Cyber Awareness System
Scams Exploiting Boston Marathon Explosion

Original release date: April 17, 2013

Malicious actors are exploiting the April 15 explosions at the Boston
Marathon in attempts to collect money intended for charities and to
spread malicious code. Fake websites and social networking accounts have
been set up to take advantage of those interested in learning more
details about the explosions or looking to contribute to...

Current Activity - Malicious Actors May Take Advantage of Boston Marathon Explosion Current Activity (Apr 17)
National Cyber Awareness System
Malicious Actors May Take Advantage of Boston Marathon Explosion

Original release date: April 17, 2013

Historically, scammers, spammers, and other malicious actors capitalize
on major news events by registering domain names related to the events.
Malicious actors may attempt to exploit the April 15, 2013 explosions at
the Boston Marathon in this way. Some may use fake domains to take
advantage of those interested...

Current Activity - Oracle Releases April 2013 Security Advisory Current Activity (Apr 17)
National Cyber Awareness System
Oracle Releases April 2013 Security Advisory

Original release date: April 17, 2013

Oracle has released its Critical Patch Update for April 2013 to address
128 vulnerabilities across multiple products. This update contains the
following security fixes:
* 4 for Oracle Database Server
* 29 for Oracle Fusion Middleware
* 6 for Oracle E-Business Suite
* 3 for Oracle Supply Chain Products Suite
* 11 for Oracle...

Current Activity - WordPress Sites Targeted by Mass Brute-force Botnet Attack Current Activity (Apr 15)
National Cyber Awareness System
WordPress Sites Targeted by Mass Brute-force Botnet Attack

Original release date: April 15, 2013

US-CERT is aware of an ongoing campaign targeting the content management
software WordPress, a free and open source blogging tool and web
publishing platform based on PHP and MySQL. All hosting providers
offering WordPress for web content management are potentially targets.
Hackers reportedly are utilizing over 90,000...

Current Activity - Microsoft Releases April 2013 Security Bulletin Current Activity (Apr 09)
National Cyber Awareness System
Microsoft Releases April 2013 Security Bulletin

Original release date: April 04, 2013 | Last revised: April 09, 2013

Microsoft has released updates to address vulnerabilities in Microsoft
Windows, Office, Internet Explorer, Server Software, and Security
Software as part of the Microsoft Security Bulletin summary for April
2013. These vulnerabilities could allow remote code execution, elevation
of privilege,...

Current Activity - Microsoft Releases Advance Notification for April 2013 Security Bulletin Current Activity (Apr 04)
National Cyber Awareness System
Microsoft Releases Advance Notification for April 2013 Security Bulletin

Original release date: April 04, 2013

Microsoft has issued a Security Bulletin Advance Notification indicating
that its April release will contain nine bulletins. These bulletins will
have the severity rating of critical and important and will be for
Microsoft Windows, Office, Internet Explorer, Server Software, and
Security Software. These...

Current Activity - Mozilla Releases Multiple Updates Current Activity (Apr 03)
National Cyber Awareness System
Mozilla Releases Multiple Updates

Original release date: April 03, 2013

The Mozilla Foundation has released updates to address multiple
vulnerabilities. These vulnerabilities could allow an attacker to
initiate a cross-site scripting attack or obtain sensitive information,
enable privilege escalation or execute arbitrary code, or cause a
denial-of-service condition.

Updates to the following products are...

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

CVE request for Drupal contributed module Forest Monsen (Jun 20)
Hi there,

I'd like to request a CVE identifier, or identifiers, for:

SA-CONTRIB-2013-053 - Login Security - Multiple Vulnerabilities
https://drupal.org/node/2023585

Maybe two -- denial of service, and access bypass.

Thanks!

Forest Monsen, on behalf of the Drupal Security Team

[CVE identifier assignment notification] CVE-2013-2191 python-bugzilla: Does not verify Bugzilla server certificate Jan Lieskovsky (Jun 19)
Hello Kurt, Steve, vendors,

It was found that python-bugzilla, a Python library for interacting with Bugzilla
instances over XML-RPC functionality, did not perform X.509 certificate verification
when using secured SSL connection. A man-in-the-middle (MiTM) attacker could use this
flaw to spoof Bugzilla server via an arbitrary certificate.

Credit: This issue was discovered by Florian Weimer of the Red Hat Product Security Team.

CVE id:...

[OSSA 2013-017] Issues in Keystone middleware memcache signing/encryption feature (CVE-2013-2166, CVE-2013-2167) Thierry Carrez (Jun 19)
OpenStack Security Advisory: 2013-017
CVE: CVE-2013-2166, CVE-2013-2167
Date: June 19, 2013
Title: Issues in Keystone middleware memcache signing/encryption feature
Reporter: Paul McMillan (Nebula)
Products: python-keystoneclient
Affects: version 0.2.3 to 0.2.5

Description:
Paul McMillan from Nebula reported multiple issues in the implementation
of memcache signing/encryption feature in Keystone client middleware. An
attacker with direct write...

Re: Re: [Ticket#2012111110000015] TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core Kurt Seifried (Jun 19)
k so in summary then:

CVE-2012-6144 TYPO3-CORE-SA-2012-005: Backend History Module SQL
Injection TYPO3 internal

CVE-2012-6145 TYPO3-CORE-SA-2012-005: Backend History Module
Cross-Site Scripting Thomas Worm

CVE-2012-6146 TYPO3-CORE-SA-2012-005: Backend History Module
Information Disclosure Oliver Hader

CVE-2012-6147 TYPO3-CORE-SA-2012-005: Backend API Cross-Site Scripting
Johannes Feustel

CVE-2012-6148 TYPO3-CORE-SA-2012-005: Backend API...

Re: Thoughts on a vuln/CVE? Kurt Seifried (Jun 19)
Right. I'm talking about more than just this instance. Wordpress
plugins. rubygems.org. etc. Any ways I've been thinking about it and
will post a longer email later.

Re: Thoughts on a vuln/CVE? Florian Weimer (Jun 19)
* Kurt Seifried:

But the present situation is really not that clear-cut. We have no
indicator of malicious intent from the current domain owner, and users
would still have to disable signature checking *and* they must have
configured the problematic repository. That's a little bit
far-fetched.

Re: CVE request: gnome-shell crash, screen unlock on resume Kurt Seifried (Jun 19)
Please use CVE-2013-2190 for this issue.

Re: Thoughts on a vuln/CVE? Kurt Seifried (Jun 18)
I care a lot less about what is "officially endorsed" or not endorsed
and a lot more with what is actually going on. If a large percentage
of people are exposed to a vuln, even if they "shouldn't" be then it
would still get a CVE. I see a lot of CVEs that should never be
exploitable, but people do crazy things/configurations.

Re: Thoughts on a vuln/CVE? Moritz Muehlenhoff (Jun 18)
Debian doesn't endorse any external repository. During package installation
the pre/post installation scripts run with root privs. As such, if you
enable a repository you trust the people behind that repository with
the equivalent to root access to your system anyway.

Cheers,
Moritz

Re: Thoughts on a vuln/CVE? Tim (Jun 18)
To me, it's a big grey area as far as assigning a CVE for stuff like
this.

But there's no reason we shouldn't raise awareness through venues like
the various CERTs. Though it seems US-CERT is only really good at
re-sending microsoft and apple advisories these days. =(

tim

Re: Thoughts on a vuln/CVE? Dave Walker (Jun 18)
Hey,

If a weakness in Debian's package management system signature
verification was identified recently, then this specific issue of
debian-multimedia deserves dedicated attention as it would be a useful
contributing vector; but until then - this isn't an documentable
exposure risk IMO.

Comparing to the definition we use for 'Exposure', a "system
configuration issue" certainly fits the grounds to be assigned a CVE...

Re: Thoughts on a vuln/CVE? Simon McVittie (Jun 18)
In this case the repository key is the former maintainer's personal
PGP key, which it appears he uses to sign deb-multimedia.org (the same
set of packages as the former debian-multimedia.org). I would assume
that it is unlikely to be held on a HSM, but I don't see any reason
why it would now be less safe than it was while debian-multimedia.org
was active.

Anyone who doesn't/didn't trust the maintainer of that repository (and...

Re: Thoughts on a vuln/CVE? Florian Weimer (Jun 18)
We definitely do. A recent example is CVE-2012-4446.

CVE request: gnome-shell crash, screen unlock on resume Florian Weimer (Jun 18)
Upstream GNOME recently fixed a bug that could crash gnome-shell
immediately after resume:

https://bugzilla.gnome.org/show_bug.cgi?id=701974

As noted here, the impact is that after resume, the password entry
dialog disappears and the user is dropped into the pre-existing X session:

https://bugzilla.redhat.com/show_bug.cgi?id=954054

I haven't figured out the exact trigger conditions, but this has
happened to me a couple of times since...

Re: Thoughts on a vuln/CVE? Kurt Seifried (Jun 18)
Ah thanks, I forgot about that (I don't use Debian that often). So
with the signing key requirement in mind this is not a vuln.

However my original question still stands, can/should we consider a
common configuration of software that goes from being secure to
insecure to be worthy of a CVE? A lot of things that used to be common
practice (like shipping every service/server enabled, all accounts
active, all access enabled, anonymous uploads...

Secure Coding — The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.

SearchSecurity: The NSA leaks (verizon and prism) Gary McGraw (Jun 20)
hi sc-l,

When we build systems, we need to do some thinking about privacy along with our thinking about security. If we don't
anticipate how our systems and the data they collect migt be abused, we might not make the right design decicions.
Just ask Facebook.

Today, SearchSecurity posted my article on the NSA Surveillance. Please read this:
http://bit.ly/15dB1c5 (turns out that Facebook is a bigger offender in my mind than the NSA)....

TechTarget: Proactive Security in Financial Services Gary McGraw (Jun 10)
hi sc-l,

The Financial Services sector is an important advocate for real software security. At FS-ISAC this Spring in Florida,
I moderated a panel about that (including JP Morgan Chase, Capital One and Fidelity). The panel resulted in a writeup
posted today (and published in Information Security Magazine).

http://bit.ly/163miTX

(kevin longlink...

Re: Need a help for an article vanderaj vanderaj (Jun 04)
Hi Punit,

Good on you for selecting information security as a topic of interest.
We need more grads in our field!

The state of the art for buffer overflows, heap overflows, and other
memory corruption bugs is so advanced that it may take you a little
while to get on top of it before being able to write about it simply
enough for the average Joe to understand it. They seem simple enough,
but there's so much nuance and almost an obsessive...

Need a help for an article Punit Mehta (Jun 04)
Hi all ,

I am a second year computer science
undergraduate student at a university. I want to publish an article based
on computer security. I had thought of some like Buffer Overflow , Heap
Overflow , Format String attack etc. But they sound too old. My aim is to
publish some fresh and interesting stuff based on computer security. I have
searched a lot But may be because of my limited knowledge , I am not able
to find...

Silver Bullet 86: Wenyuan Xu Gary McGraw (May 31)
hi sc-l,

Ever wonder what it is like to be a Chinese scholar living and teaching in the US or a woman teaching computer science
and engineering? We talk about that in the 86th episode of the Silver Bullet Security Podcast featuring University of
South Carolina professor Wenyuan Xu: bit.ly/14e8h29 <http://t.co/A1aymA09tw>

We also discuss embedded device security (cars, electricity billing systems, medical devices), software security,...

CFP: Workshop on Risk Perception in IT Security and Privacy (SOUPS) - Final CFP Larry Koved (May 29)
Brief position statements are due this Thursday, May 30, 2013.

Workshop on Risk Perception in IT Security and Privacy

A workshop of the Symposium On Usable Privacy and Security (SOUPS)
http://cups.cs.cmu.edu/soups/2013/

For full details, please see: http://cups.cs.cmu.edu/soups/2013/risk.html

This workshop is an opportunity to bring together researchers and
practitioners to share experiences, concerns and ideas about how to
address the gap...

c0c0n 2013 CFP - Extended Deadline: 9 June, 2013 c0c0n International Information Security Conference (May 28)
c0c0n 2013 CFP - Extended Deadline: 9 June, 2013

Thanks to everyone for all the paper submissions. The CFP Review Committee
will be evaluating the same for selection. Based on the requests received,
we are extending the CFP deadline to June 9, 2013 in the hope of receiving
few more paper submissions.

/ _ \ / _ \ |__ \ / _ \/_ |___ \
___| | | | ___| | | |_ __ ) | | | || | __) |
/ __| | | |/ __| | | | '_ \...

SecAppDev hits the road Kenneth R. van Wyk (May 22)
Greetings SC-L subscribers,

I suspect many of you have heard of SecAppDev (http://secappdev.org) over the years. It's a non-profit training event
that has hitherto been held in Leuven, Belgium for 1 week each Feb/Mar. Well, we're excited to say that this year we've
added a second event: SecAppDev Dublin!

Yes, SecAppDev will be hitting the road for its first foray outside of Belgium. For one week in July (15th-19th), we'll...

2013 OWASP Mobile Top 10 Call For Data Jim Manico (May 21)
Hello All,

We are pleased to announce the 2013 call for data to help refresh the Mobile Top 10 Risks for 2013 and publish a more
formal publication. We are encouraging everyone to get involved.

The current Mobile Top Ten Risks are located here:

https://www.owasp.org/index.php/OWASP_Mobile_Security_Project#tab.3DTop_Ten_Mobile_Risks

- What do we need? -

Right now we are looking for data that represents the current state of mobile...

CFP: Workshop on Risk Perception in IT Security and Privacy at SOUPS Larry Koved (May 20)
Short position statements due next Thursday, May 30

Workshop on Risk Perception in IT Security and Privacy

A workshop of the Symposium On Usable Privacy and Security (SOUPS)
http://cups.cs.cmu.edu/soups/2013/

For full details, please see: http://cups.cs.cmu.edu/soups/2013/risk.html

This workshop is an opportunity to bring together researchers and
practitioners to share experiences, concerns and ideas about how to
address the gap between...

Correction: W2SP 2013 - Web 2.0 Security and Privacy workshop - Final call for participation Larry Koved (May 20)
*** My apologies for another email. Only ONE week until the workshop! ***

Call for participation: Only ONE week until the workshop!

The workshop and program chairs invite you to participate in the 7th W2SP
workshop.

The goal of this one-day workshop is to bring together researchers and
practitioners from academia and industry to focus on understanding Web
security and privacy issues, and to establish new collaborations in these
areas....

W2SP 2013 - Web 2.0 Security and Privacy workshop - Final call for participation Larry Koved (May 20)
Call for participation: Only three weeks until the workshop!

The workshop and program chairs invite you to participate in the 7th W2SP
workshop.

The goal of this one-day workshop is to bring together researchers and
practitioners from academia and industry to focus on understanding Web
security and privacy issues, and to establish new collaborations in these
areas.

The list of this year's accepted papers / presentations can be found...

MoST 2013 - Mobile Security and Technology workshop - final call for participation Larry Koved (May 20)
Call for participation: One week until the workshop!

The workshop and program chairs invite you to participate in the 2nd MoST
workshop.

Mobile Security Technologies (MoST) brings together researchers,
practitioners, policy makers, and hardware and software developers of
mobile systems to explore the latest understanding and advances in the
security and privacy for mobile devices, applications, and systems.

The list of this year's...

SearchSecurity: BSIMM4 Gary McGraw (May 11)
hi sc-l,

Sammy Migues, Jacob West and I wrote an introductory article about BSIMM4 for SearchSecurity. It was just posted on
SearchSecurity: http://bit.ly/11qlIBi
(or http://searchsecurity.techtarget.com/feature/BSIMM4-measures-and-advances-secure-application-development)

This article provides a great way to get up to speed on the BSIMM project in its BSIMM4 instantiation. The BSIMM
Community is expanding rapidly, and we're looking...

Ruxcon 2013 Call For Papers cfp (May 08)
Ruxcon 2013 Call For Presentations
Melbourne, Australia, October 26th-27th
CQ Function Centre
http://www.ruxcon.org.au/call-for-papers/

The Ruxcon team is pleased to announce the Call For Presentations for Ruxcon 2013.

This year the conference will take place over the weekend of the 26th and 27th
of October at the CQ Function Centre, Melbourne, Australia.

.[x]. About Ruxcon .[x].

Ruxcon is ia premier technical computer security conference...

Educause Security Discussion — Securing networks and computers in an academic environment.

Re: Experience with HigherOne or TouchNet for payment processing? Cheryl O'Dell (Jun 19)
Ben,

We use Touchnet hosting services and have limited our PCI scope. We've had no problems. We've been using it for
several years. If you need further info from me - contact me directly.

Thanks,
Cheryl

Cheryl O'Dell, CISSP
Emporia State University
Information Technology
Director, Information Security and Compliance
1200 Commercial, Campus Box 4018, Emporia, Kansas 66801
codell () emporia edu<mailto:codell () emporia...

Re: Experience with HigherOne or TouchNet for payment processing? Manjak, Martin (Jun 19)
+1 on Touchnet.

Marty Manjak
ISO
University at Albany
Sent from my iPhone

Hi Ben,
I've had a lot of experience with TouchNet. They are, probably, the largest player in the .edu space for turnkey
payment processing.
I would go with them again and would recommend using them to others.
If you have specific questions you're welcome to PM me.
Cheers,
Harry

"Walther, Benjamin J." <Benjamin.Walther () tufts edu<...

Re: Experience with HigherOne or TouchNet for payment processing? Harry Hoffman (Jun 19)
Hi Ben,
I've had a lot of experience with TouchNet. They are, probably, the largest player in the .edu space for turnkey
payment processing.
I would go with them again and would recommend using them to others.
If you have specific questions you're welcome to PM me.
Cheers,
Harry

"Walther, Benjamin J." <Benjamin.Walther () tufts edu> wrote:

Experience with HigherOne or TouchNet for payment processing? Walther, Benjamin J. (Jun 19)
We're evaluating vendors for use as third party payment processing, with a goal off keeping PCI requirements as low as
possible.
Towards that end, does anyone have experience with HigherOne's or TouchNet's payment processing service, as a former or
current client? Does not have to be security-centric, though that is a concern. How does their service fare in terms of
security practices, reliability, availability, support, etc?...

RuffaloCODY Fundraising Management question Walter Petruska (Jun 19)
Could any of you who have RuffaloCODY as a service provider, operating ON
your campus (and therefore within your facilities/on your network, etc.)
please contact me directly (off-list) for a brief discussion.

The topic is past performance, and specifically, PCI-compliance and where
to draw the contract and technology and organizational lines to maintain
compliance of each party (RuffaloCODY & your institution)

Thanks much-

Re: REN-ISAC and SANS partner for highly discounted technical and awareness training; WEBCAST May 21 Bateman, Darrell (Jun 19)
Doug

Can we commit by July 31 to purchase at least the minimum required $4,000 worth of discounted courses, but defer
payment to September?

Sent from my Windows Phone
________________________________
From: Doug Pearson<mailto:dodpears () REN-ISAC NET>
Sent: ‎5/‎16/‎2013 9:42 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] REN-ISAC and SANS partner for highly discounted...

Re: Outsourcing security awareness training King, Ronald A. (Jun 18)
We use Awareity's MOAT. They do most, if not all, of what is asked and
more. We have also automated uploading user account updates, additions and
disablements.

Ronald King

Security Engineer

Norfolk State University

http://security.nsu.edu <http://security.nsu.edu/>

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jordan, Tom
Sent: Tuesday, June 18, 2013 1:52 PM
To:...

Of interest to some? Privacy and Security Forum, Streamed Live Tonight! Tracy Beth Mitrano (Jun 18)
There will be attention to technical security, and how to contextualize it within privacy, law and policy issues …
Thanks, Tracy

"Privacy, Security & Your Data - Concerns in a Changing World"

In this fast paced, technological world, our personal information is vulnerable every single day. As companies grow
globally, and cyber security becomes ever more challenging, how do businesses preserve individual privacy and maintain...

Re: Phishing, Spam Solutions Valdis Kletnieks (Jun 18)
On Wed, 12 Jun 2013 15:45:29 +0900, Katsuya Uchida said:

Which is a good reason *not* to rely on them, as other methods manage
to reject 99% or better of spam. Anything that's only rejecting 90%
of spam these days is considered horrible.

There's several problems with these:

1) Some of the solutions don't actually provide the assertion that you think
they do (in particular, SPF has this problem - it does what it claims, but what...

Outsourcing security awareness training Jordan, Tom (Jun 18)
Has anyone on the list outsourced their information security awareness training? If so, do you have particular
providers that you'd recommend?

We at the University of Wisconsin Whitewater have made use of the SANS Securing the Human content in our local training
program, but want to explore outsourcing the administrative aspects of the program as well - notification, reporting,
etc. Ideally we'd like to provide the training partner...

Job Posting: IT Security Analyst - University of Colorado Colorado Springs Greg Williams (Jun 18)
We are looking for an IT Security Analyst to assist with the development, monitoring, and enforcement of security
policy and baseline standards to ensure that the University of Colorado Colorado Springs maintain confidentiality,
integrity, and availability of university systems.

Examples of Work Performed
- Leverage various resources (NIDS, HIDS, netflow, SCCM, etc) to identify and remediate potential security issues
- Assist in risk...

Re: Data Access Approval Letter Drew Perry (Jun 18)
We do have a document specifically for that purpose. Contact me offline and
I'll get you a copy of it. There's nothing sensitive about the document, I
just don't have an electronic copy. (There are only 2 people with that
level of authority at our University.)

Drew Perry
Security Analyst
Murray State University
(270) 809-4414
aperry () murraystate edu

***MSU Information Systems staff will *never* ask for your password or
other...

Job Posting: Information Security Analyst at Worcester Polytechnic Institute Phillip Deneault (Jun 17)
Under the direction of the WPI Information Security Officer (ISO), an
Information Security Analyst will provide technical analysis, system
development and support for the software and hardware managed by
Information Security for the purpose of securing WPI systems and data,
and to be in compliance with applicable laws and regulations. An
Information Security Analyst will be expected to stay current with
security methodologies and threats, develop...

Re: Data Access Approval Letter Tim Doty (Jun 17)
We don't really have that. What we do have is domain admin privileges
which provides technical access to managed systems and our network file
shares. We also have technical access to email. In addition to that we
have a variety of logs, such as server and network. But IT security does
not have carte blanche to university data -- for example, the majority
of academic records are not directly accessible.

There are a variety of policies (...

Re: Data Access Approval Letter Julian Y Koh (Jun 16)
We don't have a signed letter, but we have an official policy.

<http://www.it.northwestern.edu/policies/responsibilities.html>

Internet Issues and Infrastructure

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

Re: net neutrality and peering wars continue Jerry Dent (Jun 20)
Let's not kid ourselves, the transit providers are just as greedy. Even the
tier 2 ones (minus HE). My favorite is when they turn down your request
because you have an out of band circuit in a remote pop with them. As if
we're stuffing 800G of traffic down a 1G circuit that's never seen 100K of
traffic on it. Or the "It would jeopardize our peering agreements with
other providers" ... followed by a call from one of their...

Need help in flushing DNS Zaid Ali Kahn (Jun 20)
Reaching out to DNS operators around the globe. Linkedin.com has had some issues with DNS and would like DNS operators
to flush their DNS. If you see www.linkedin.com resolving NS to ns1617.ztomy.com or ns2617.ztomy.com then please flush
your DNS.

Any other info please reach out to me off-list.

Zaid

Re: net neutrality and peering wars continue Siegel, David (Jun 20)
Well, with net flow Analytics, it's not really the case that we don't have a way of evaluating the relative burdens.
Every major net flow Analytics vendor is implementing some type of distance measurement capability so that each party
can calculate not only how much traffic they carry for each peer, but how far.

Dave

Re: net neutrality and peering wars continue Benson Schliesser (Jun 20)
Agreed that CDN, traffic steering, etc, changes the impact of routing
protocols. But I think you made my point. The sending peer (or their
customer) has more control over cost. And we don't really have a good
proxy for evaluating relative burdens.

That's not to suggest that peering disputes are really about technical
capabilities. Nor fairness, even...

Cheers,
-Benson

Re: net neutrality and peering wars continue Leo Bicknell (Jun 20)
That was a great argument in 1993, and was in fact largely true in system that existed at that time. However today
what you describe no longer really makes any sense.

While it is technically true that the protocols favor asymmetric routing, your theory is based on the idea that a
content site exists in one location, and does not want to optimize the user experience. That really doesn't describe
any of the large sources/sinks today....

Re: net neutrality and peering wars continue Benson Schliesser (Jun 20)
What do you mean "not really buy the balanced traffic story"? Ratio can
matter when routing is asymmetric. (If costs can be approximated as
distance x volume, forwarding hot-potato places a higher burden on the
recipient...) And we've basically designed protocols that route
asymmetrically by default. Measuring traffic ratios is the laziest
solution to this problem, and thus the one we should've expected.

Cheers,
-Benson

RE: net neutrality and peering wars continue Siegel, David (Jun 20)
Hi Wayne,

Another important point not to be missed is that these days, thanks to CDN technology, a heavy inbound ratio does not
necessarily indicate a high cost burden like it did pre-CDN tech. Even more ironically, the unwillingness of a peer to
upgrade connections due to the ratio excuse results in the CDN having to source traffic from non-optimal locations just
to get the bits into the other network, thereby increasing the cost burden of...

Re: net neutrality and peering wars continue Wayne E Bouchard (Jun 20)
At the risk of inflaming passions, I'll share my opinion on this whole
topic and then disappear back into my cubicle.

For my part, peering ratios never made sense anyway except in the pure
transit world. I mean, content providers are being punished by eyeball
networks because the traffic is one way. Well, DUH! But everyone
overlooks two simple facts: 1) Web pages don't generate traffic, users
do. Content sits there taking up disk space...

Wiki for people doing IPv6-only testing Jason Fesler (Jun 19)
On a recent IPv6 providers call, there was a desire for participants
to share information with each other on what works and what breaks in
an IPv6-only environment. I offered to set that up. It was further
suggested I should share this with more than just that small
community; to anyone who might be doing work to test out IPv6-only
scenarios.

http://wiki.test-ipv6.com

This is distinct from ARIN's wiki in so far that this is less about...

Re: net neutrality and peering wars continue Dorian Kim (Jun 19)
At the end of the day though, this comes down to a clash of business models and the
reason why it's a public spectacle, and of public policy interest is due to the
wide spread legacy of monopoly driven public investment in the last mile
infrastructure.

-dorian

Re: net neutrality and peering wars continue William Herrin (Jun 19)
The phrase you're looking for is, "double billing." Same byte, two payers.

-Bill

Re: net neutrality and peering wars continue Leo Bicknell (Jun 19)
I agree with Randy, but will go one further.

Requiring a balanced ratio is extremely bad business because it incentivizes your competitors to compete in your home
market.

You're a content provider who can't meet ratio requirements? You go into the eyeball space, perhaps by purchasing an
eyeball provider, or creating one.

Google Fiber, anyone?

Having a requirement that's basically "you must compete with me on all the...

Re: net neutrality and peering wars continue Blake Dunlap (Jun 19)
Or alternately:

Verizon wishes money to accept data it requested from other vendors, film
at 11.

It's all in the application of the angular momentum...

-Blake

Re: net neutrality and peering wars continue Randy Bush (Jun 19)
as someone who does not really buy the balanced traffic story, some are
eyeballs and some are eye candy and that's just life, seems like a lot
of words to justify various attempts at control, higgenbottom's point.

randy

Re: net neutrality and peering wars continue Ren Provo (Jun 19)
Even better by Verizon -
http://publicpolicy.verizon.com/blog/entry/unbalanced-peering-and-the-real-story-behind-the-verizon-cogent-dispute

Some may recognize the name of the author for the WSJ article given
she attended NANOG in Orlando -
http://online.wsj.com/article_email/SB10001424127887323836504578553170167992666-lMyQjAxMTAzMDEwOTExNDkyWj.html

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

Risks Digest 27.35 RISKS List Owner (Jun 18)
RISKS-LIST: Risks-Forum Digest Tuesday 18 June 2013 Volume 27 : Issue 35

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.35.html>
The current issue can be...

Risks Digest 27.34 RISKS List Owner (Jun 12)
RISKS-LIST: Risks-Forum Digest Wednesday 12 June 2013 Volume 27 : Issue 34

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.34.html>
The current issue can be...

Risks Digest 27.33 RISKS List Owner (Jun 06)
RISKS-LIST: Risks-Forum Digest Thursday 6 June 2013 Volume 27 : Issue 33

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.33.html>
The current issue can be...

Risks Digest 27.32 RISKS List Owner (Jun 04)
RISKS-LIST: Risks-Forum Digest Tuesday 4 June 2013 Volume 27 : Issue 32

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.32.html>
The current issue can be...

Risks Digest 27.31 RISKS List Owner (May 31)
RISKS-LIST: Risks-Forum Digest Friday 31 May 2013 Volume 27 : Issue 31

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.31.html>
The current issue can be...

Risks Digest 27.30 RISKS List Owner (May 30)
RISKS-LIST: Risks-Forum Digest Wednesday 29 May 2013 Volume 27 : Issue 30

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.30.html>
The current issue can be...

Risks Digest 27.29 RISKS List Owner (May 26)
RISKS-LIST: Risks-Forum Digest Saturday 25 May 2013 Volume 27 : Issue 29

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.29.html>
The current issue can be...

Risks Digest 27.28 RISKS List Owner (May 17)
RISKS-LIST: Risks-Forum Digest Friday 17 May 2013 Volume 27 : Issue 28

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.28.html>
The current issue can be...

Risks Digest 27.27 RISKS List Owner (May 05)
RISKS-LIST: Risks-Forum Digest Saturday 4 April 2013 Volume 27 : Issue 27

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.27.html>
The current issue can be...

Risks Digest 27.26 RISKS List Owner (Apr 24)
RISKS-LIST: Risks-Forum Digest Tuesday 23 April 2013 Volume 27 : Issue 26

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.26.html>
The current issue can be...

Risks Digest 27.25 RISKS List Owner (Apr 19)
RISKS-LIST: Risks-Forum Digest Friday 19 April 2013 Volume 27 : Issue 25

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.25.html>
The current issue can be...

Risks Digest 27.24 RISKS List Owner (Apr 07)
RISKS-LIST: Risks-Forum Digest Sunday 7 April 2013 Volume 27 : Issue 24

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.24.html>
The current issue can be...

Risks Digest 27.23 RISKS List Owner (Mar 31)
RISKS-LIST: Risks-Forum Digest Saturday 30 March 2013 Volume 27 : Issue 23

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.23.html>
The current issue can be...

Risks Digest 27.22 RISKS List Owner (Mar 24)
RISKS-LIST: Risks-Forum Digest Saturday 23 March 2013 Volume 27 : Issue 22

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.22.html>
The current issue can be...

Risks Digest 27.21 RISKS List Owner (Mar 22)
RISKS-LIST: Risks-Forum Digest Thursday 21 March 2013 Volume 27 : Issue 21

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.21.html>
The current issue can be...

Data Loss — Data Loss covers large-scale personal data loss and theft incidents. This archive combines the main list (news releases) and the discussion list.

Open Source Tool Development

Metasploit — Development discussion for Metasploit, the premier open source remote exploitation tool

Invitation to connect on LinkedIn Gerasimos Kassaras (Jun 13)
LinkedIn
------------

Gerasimos Kassaras requested to add you as a connection on LinkedIn:

------------------------------------------

Lasantha,

I'd like to add you to my professional network on LinkedIn.

- Gerasimos

Accept invitation from Gerasimos Kassaras...

Re: Wmic through the windows api egypt (May 17)
Extensions should be submitted as a pull request in the meterpreter
repo: https://github.com/rapid7/meterpreter
If you have already written the ruby side, that should be a pull
request on the framework repo, with a link to the meterpreter pull
request in the description.

Thanks!
egypt

Re: Wmic through the windows api Abuse 007 (May 16)
Hi Brian,

Perhaps you need to allocate some memory in a process, write your custom
data structure there, and then make the call with a pointer/reference to
the custom data structure in the memory you allocated for it.

Cheers,
B

Ruxcon 2013 Call For Papers cfp (May 07)
Ruxcon 2013 Call For Presentations
Melbourne, Australia, October 26th-27th
CQ Function Centre
http://www.ruxcon.org.au/call-for-papers/

The Ruxcon team is pleased to announce the Call For Presentations for Ruxcon 2013.

This year the conference will take place over the weekend of the 26th and 27th
of October at the CQ Function Centre, Melbourne, Australia.

.[x]. About Ruxcon .[x].

Ruxcon is ia premier technical computer security conference...

Breakpoint 2013 Call For Papers cfp (Apr 30)
Breakpoint 2013 Call For Papers
Melbourne, Australia, October 24th-25th
Intercontinental Rialto
http://www.ruxconbreakpoint.com

.[x]. Introduction .[x].

The Ruxcon team is pleased to announce Call For Papers for Breakpoint 2013.

Breakpoint showcases the work of expert security researchers from around the
world on a wide range of topics. This conference is organised by the Ruxcon
team and offers a specialised security conference to...

Re: framework Digest, Vol 63, Issue 13 Vlad Ovtchinikov (Apr 27)
Try exploit-db.com

Sent from my iPhone

Re: framework Digest, Vol 63, Issue 13 Prabhu (Apr 27)
Hi,
I surfed privilege Esclation exploits in unix/local and linux/local
category, I found most of them works only with linux kernel 2.4 and 2.6.
But I am looking exploits for kernel 3.0 and above, could some one suggest
me a exploit to handle this.

Re: help Joshua Smith (Apr 25)
You beat me Tod, I was gonna say
$ msfconsole

but seriously man, you need to give more details.

Re: help Tod Beardsley (Apr 25)
http://ifconfig.me

Re: framework Digest, Vol 63, Issue 12 Michael Schierl (Apr 25)
Am 25.04.2013 19:59, schrieb Tod Beardsley:

Seconded.

Also, please note that a piece of shellcode is not an exploit (just like
a pinch of gunpowder is not a firearm, or like a satellite is not a
space rocket). In fact the shellcode is usually the easiest part for a
new exploit as Metasploit ships lots of them to easily integrate into
any exploit.

When you have installed Metasploit, have a look at the unix/local/ and
linux/local/ category if...

help gri sma (Apr 25)
how to use external ip on metasploit

Re: framework Digest, Vol 63, Issue 12 Tod Beardsley (Apr 25)
please don't run random blobs of shellcode you find on the internet.
It's not healthy.

That's kind of why we do Metasploit.

If you would like to start using Metasploit, please see
http://metasploit.pro and pick the right version for your needs.

Thanks!

Re: framework Digest, Vol 63, Issue 12 Prabhu (Apr 25)
Hi,

I picked a exploit from below link, and I compile it manually in test
environment. I end up with a error message stating that
error: lvalue required as left operand of assignment

http://www.shell-storm.org/shellcode/files/shellcode-548.php

Could you suggest me a shellcode to proceed.

Re: framework Digest, Vol 63, Issue 11 Prabhu (Apr 25)
Hi Tod,

Thank you for response, I'm looking at this exploit. could you help me to
sort this.

http://pastebin.com/GC824ayU

Re: framework Digest, Vol 63, Issue 11 h4lp.php () gmail com (Apr 24)
did you find somethings at exploit-db or 1337day?
and maybe you should tell what did you do and how ,more and your metasploit 's version

Prabhu <flyingcolours47 () gmail com>编写：

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

Re: Wmem has reached feature-parity with emem Evan Huus (Jun 19)
lookup32_array_le and lookup32_le return the node with the given key
if it exists, or the next smallest node if it exists (regardless of
how much smaller), or NULL. I don't think mixing and matching
conditions is the correct way to do this.

What I think you can do (this code is not tested and I've never tried
anything like this, but I *think* it will work) is to make the key
with the first 4 entries (and not the k_frame_number value)...

Re: Wmem has reached feature-parity with emem Evan Huus (Jun 19)
So se_tree had two functions that were sort of confused:
se_tree_create_non_persistent() and se_tree_create().

se_tree_create_non_persistent() behaves how you would kind of expect
se_tree_create() to behave - it creates a tree that is completely gone
when the file closes. The function se_tree_create() does some magic
though, it creates a tree that doesn't disappear when the file closes,
it simply empties. The tree still exists, it just has...

Re: Wmem has reached feature-parity with emem Michal Labedzki (Jun 19)
Hi,
One more thing. What do you think about new API... In Bluetooth dissectors
there is a lot of code like this (little simplified):

k_interface_id = interface_id;
k_adapter_id = adapter_id;
k_chandle = chandle;
k_cid = cid;
k_frame_number = pinfo->fd->num;

key[0].length = 1;
key[0].key = &k_interface_id;
key[1].length = 1;
key[1].key =...

Re: Wmem has reached feature-parity with emem Evan Huus (Jun 19)
Unfortunately it is not quite so simple. I will write some doc and
perhaps create a helper function later today once I figure out the
exact changes needed. The difficulty is only on creation though, once
the tree exists all the inserts and lookups should just be replacable
automatically.

Re: [Wireshark-commits] rev 50031: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-nbap.c packet-nbap.h Pascal Quantin (Jun 19)
2013/6/19 Joerg Mayer <jmayer () loplof de>

Hi Jörg,

if this is the result of cmake versus autofoo/nmake, then for sure we
should do something for this. For me it makes no sense to have locally
modified files simply because I use a different build system than yours.
What about removing the whole line? Is it that useful (as all info can be
found in the corresponding makefile)? Anybody having a strong opinion on
this?
Keeping only the...

Re: Wmem has reached feature-parity with emem Michal Labedzki (Jun 19)
Hi,
I have a problem. For example packet-btavctp.c, I created emem tree in
proto_register_btavctp(). And it is ok. But after switch to wmem Wireshark
fails (cannot run) with:
"ERROR:wmem_scopes.c:96:wmem_file_scope: assertion failed: (in_file_scope)"

This is my change:
- reassembling = se_tree_create(EMEM_TREE_TYPE_RED_BLACK, "btavctp
reassembling");
+ reassembling = wmem_tree_new(wmem_file_scope());

Or maybe should I do...

Re: [Wireshark-commits] rev 50031: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-nbap.c packet-nbap.h Joerg Mayer (Jun 19)
In case you
a) don't like the output in the header and
b) don't want to regenerate the dissectors each time someone generates the
dissectors via cmake then
maybe you should change asn2wrs to not include the leading parts of the
pathnames ;-)

Ciao
Jörg

Re: New Defects reported by Coverity Scan for Wireshark (forw) Joerg Mayer (Jun 19)
Bugs get more visibility than reports somewhere. There are currently
less than 300 open IDs, if I interpret the statistics correctly.

But yes, opening a bug for every open ID probably doesn't make sense.

How about only opening bugs for the "All Newley Detected" category?
If someone just committed code they are more likely to feel responsible
than looking at a list of ~300 anaonymous reports.

Dashboard, Project Settings might be...

Re: how does cmake know how to generate plugin.c Joerg Mayer (Jun 19)
register_dissector_files(plugin.c
plugin
${DISSECTOR_SRC}
)

which gets defined in cmake/modules/UseMakeDissectorReg.cmake

Ciao
Jörg

Commit 49949 broke packet_win.c Joerg Mayer (Jun 19)
for WANT_PACKET_EDITOR:

In file included from /home/jmayer/work/wireshark/svn/trunk/wiretap/wtap.h:32:0,
from /home/jmayer/work/wireshark/svn/trunk/epan/nstime.h:30,
from /home/jmayer/work/wireshark/svn/trunk/epan/frame_data.h:30,
from /home/jmayer/work/wireshark/svn/trunk/epan/epan.h:32,
from /home/jmayer/work/wireshark/svn/trunk/ui/gtk/packet_win.c:44:...

Re: "Type-punned pointer... breaks anti-aliasing rules" in dfilter-macro.c Evan Huus (Jun 19)
Probably the simplest fix is to add -fno-strict-aliasing to the build flags on FreeBSD.

Re: "Type-punned pointer... breaks anti-aliasing rules" in dfilter-macro.c Dirk Jagdmann (Jun 18)
maybe "&((void*)macros)" helps?

"Type-punned pointer... breaks anti-aliasing rules" in dfilter-macro.c Stephen Fisher (Jun 18)
When trying to compile Wireshark (SVN trunk) on FreeBSD for the first time in a long time, I ran across a familiar
error:

    dfilter-macro.c: In function 'dfilter_macro_init':
    dfilter-macro.c:614: warning: dereferencing type-punned pointer will break strict-aliasing rules

However, line 614 has a history of being changed between this:

    (void*) &macros,

and this (as it currently is):

    (void**) &macros,...

Re: [Wireshark-commits] rev 49995: /trunk/ /trunk/: macosx-setup.sh Dirk Jagdmann (Jun 18)
I suggest it is not worth investing time to support those non-working
old versions, as nobody seems to have complained yet (and I don't think
anybody will in the future).

Re: [Wireshark-commits] rev 49995: /trunk/ /trunk/: macosx-setup.sh Dirk Jagdmann (Jun 18)
I've created https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8821
with my suggestion. We can continue to discuss there if/what/how we'd
like to determine the optimum number of parallel make jobs.

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

Re: Poor performance with Snort 2.9.4.6 under OpenBSD 5.3 Joel Esler (Jun 20)
Package maintainers would benefit everyone by submitting their packages upstream. For years, our recommendation was to
build, the packages were so far behind.

Keeping the package maintainers up to date has helped a bit I see things being updated more.

Re: barnyard2 failing Jeremy Hoel (Jun 20)
The problem is in the error message. Check your flags.

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:...

Re: barnyard2 failing Herminio Hernandez (Jun 20)
Thanks for the advice I got barnyard2 installed. However I am now getting this error.

$ sudo barnyard2 -c /opt/local/etc/barnyard2/barnyard2.conf -g /opt/local/etc/snort/gen-msg.map -s
/opt/local/etc/snort/sid-msg.map -d /var/log/snort -f snort.u2.1371688964 -w /var/log/snort/barnyard.waldo
ERROR: Group "/opt/local/etc/snort/gen-msg.map" unknown.
Fatal Error, Quitting..
Barnyard2 exiting...

Re: Poor performance with Snort 2.9.4.6 under OpenBSD 5.3 Markus Lude (Jun 19)
I didn't ask that you do the builds. I ask you to stop recommending
building from source on the lists again and again. Maybe you should
start thinking about the drawbacks of this.

Maintainers can't test all. We need others to test too.

I had written a far better one in my last post.
You should look through the contributions. Misguiding howtos with really
horrible advices help noone. Some may good, but at least a few I read
are awful....

Re: Poor performance with Snort 2.9.4.6 under OpenBSD 5.3 Joel Esler (Jun 19)
Not until packages are maintained. We can't do them all.

I'm always looking for contributions. If something is wrong, either contact the author to correct it, or write a
better one. They are written by volunteers that dedicate their time to helping people.

Always a good use of time.

Re: Poor performance with Snort 2.9.4.6 under OpenBSD 5.3 Markus Lude (Jun 19)
What keeps you from running a newer release? Why not use packages, or if
they are a bit outdated, help test updates? Most, if not all problems
you face may have already dealt with.

Maybe Joel will finally stop pushing people to build snort themselves,
especially if they use "howtos" like the one on the snort home page,
which includes horrible advice and as I already stated some time ago
should better be removed, at least the one about...

Re: Re : Trojan.APT.Seinup sig with pcre help request James Lay (Jun 19)
Boy I sure missed a bit...thanks RM!

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC
Trojan.Win32.APT.Seinup outbound connection";
flow:to_server,established; content:".php|3f|"; http_uri;
pcre:"/\x2ephp\x3f[a-z0-9]{11,13}=[a-z0-9]{3,7}\x26/iU"; metadata:policy
balanced-ips drop, policy security-ips drop, service http;
reference:url,...

Re: Trojan.APT.Seinup sig with pcre help request James Lay (Jun 19)
Bleh...now I see a bit of a fix already:

pcre:"/\x2ephp\x3fa-z0-9]{11,13}=[a-z0-9]{3,7}\x26/i";

James

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev

Trojan.APT.Seinup sig with pcre help request James Lay (Jun 19)
This one hurt my head:

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC
Trojan.Win32.APT.Seinup outbound connection";
flow:to_server,established; content:"php|3f|"; http_uri;
pcre:"/\x2ephp\x3fa-z0-9]{11,13}=[a-z0-9]{3,7}\x26/"; metadata:policy
balanced-ips drop, policy security-ips drop, service http;
reference:url,...

Re: Openadvertising.com Malware Campaign malicious jar sigs James Lay (Jun 19)
Good info Joel...also show's my bag of fail on my rule ;) Thanks
again.

James

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev

Win32.OnlineGameHack sig James Lay (Jun 19)
AHNLabs..good stuff:

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC
Trojan.Win32.OnlineGameHack outbound connection";
flow:to_server,established; content:"/get.asp?mac="; http_uri;
content:"&os="; within:36; http_uri; metadata:policy balanced-ips drop,
policy security-ips drop, service http;
reference:url,...

Re: error at logging to database beenph (Jun 19)
http://manual.snort.org/node29.html#SECTION00421000000000000000

alert - generate an alert using the selected alert method, and then
log the packet

log - log the packet

Barnyard2 Need a event and a packet to output to database.

As i understand it if you only use LOG as a rule action, only the
packet thus the behavior your observe.

-elz

------------------------------------------------------------------------------
This SF.net email is...

Re: Barnyard2 Runaway Process, Not Working on OS X beenph (Jun 19)
Let its run its caching your database.
Let it run.

-elz

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev

Re: Openadvertising.com Malware Campaign malicious jar sigs Joel Esler (Jun 19)
This is the Jar exploit (more info below)

This is the zeroaccess download

More jar exploits, but two different methods, site.jar is cve-2013-1493 and atom.jar is cve-2013-2423.

Re: Openadvertising.com Malware Campaign malicious jar sigs James Lay (Jun 19)
Excellent...thanks Joel!

James

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev

OpenVAS — Development and announcements regarding OpenVAS, a free network security scanner which forked from Nessus. This is a combination of the English openvas-announce, openvas-devel, openvas-discuss, and openvas-plugins lists.

Re: get_nvt invalid XML? Reindl Harald (Jun 20)
Am 20.06.2013 04:29, schrieb Brandon Perry:

clearly poor XML, this is even in HTML a syntax error
http://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references

get_nvt invalid XML? Brandon Perry (Jun 20)
Hi, I have discovered that, using mono at least, I am not able to parse the
get_nvt api call properly due to ampersands in the XML returned that are
not XML entities.

Two examples are the following URL's:
URL:http://svn.apache.org/viewvc?view=revision&revision=1476592
URL:http://forums.exponentcms.org/viewtopic.php?f=16&t=78

By replacing the &revision and &t with &revision= and &t,
respectively, I am able to...

OpenVAS-6 DEMO Virtual Appliance ready for try-out Jan-Oliver Wagner (Jun 18)
Dear OpenVAS users,

finally I pushed the OpenVAS-6 DEMO Virtual Appliance online:

http://www.openvas.org/vm.html

It survived our smoke tests, but I'd appreciate if the experienced
community members could give it a try before we officially announce it.

Remind that it is not a industry-standard solution. It is a DEMO
after all. But it is good basis to try out OpenVAS-6, to have a working
start for experiments of whatever kind.

Mirrors...

OpenVAS-6 DEMO Virtual Appliance ready for try-out Jan-Oliver Wagner (Jun 18)
Dear OpenVAS developers,

finally I pushed the OpenVAS-6 DEMO Virtual Appliance online:

http://www.openvas.org/vm.html

It survived our smoke tests, but I'd appreciate if the experienced
community members could give it a try before we officially announce it.

Remind that it is not a industry-standard solution. It is a DEMO
after all. But it is good basis to try out OpenVAS-6, to have a working
start for experiments of whatever kind....

Re: OpenVAS hangs while storing Windows Credentials / GnuPG Winfried Neessen (Jun 18)
Hi again,

nevermind. looks like the GPG keygeneration just took forever. Just in
this moment it finished:

md crypt: INFO:2013-06-18 09h28.09 XXXXXXXX:15131: starting key
generation ...
md crypt: INFO:2013-06-18 10h00.36 XXXXXXXX:15131: OpenPGP key 'OpenVAS
Credential Encryption' has been generated
md main:WARNING:2013-06-18 10h00.38 XXXXXXXX:16576: write_to_client:
failed to write to client: Error in the push function.
lib...

Re: OpenVAS hangs while storing Windows Credentials / GnuPG Michael Meyer (Jun 18)
*** Winfried Neessen wrote:

Does '/usr/pkg/openvas/etc/openvas/gnupg' exist and is it mode "600"?

Creation of first credentials can take some time. You could improve
the speed by running something like http://www.issihosts.com/haveged/.

Micha

OpenVAS hangs while storing Windows Credentials / GnuPG Winfried Neessen (Jun 18)
Hi,

I was just about to store a new set of Windows Credentials in OpenVAS 6.
After I press the
submit button, OpenVAS hangs infinite. In the openvasmd.log I can see the
following messages:

base gpgme:MESSAGE:2013-06-18 09h28.09 XXXXXXXX:15131: Setting GnuPG
homedir to '/usr/pkg/openvas/etc/openvas/gnupg'
base gpgme:MESSAGE:2013-06-18 09h28.09 XXXXXXXX:15131: Using OpenPGP
engine version '2.0.14'
md crypt:...

Re: false positive? NVT: Microsoft MS03-034 security check (OID: 1.3.6.1.4.1.25623.1.0.101015) Reindl Harald (Jun 15)
Am 15.06.2013 09:27, schrieb Michael Meyer:

hmm this makes it all more strange

* the NVT Result speaks about TCP not UDP, however
* the first alarm was on 2013-06-01
* it has gone away this week

really strange - if the NVT and anything relevant on VAS side has not
changed my only explanation would be that MS re-itroduced this bug
with the patchday before and fixed it with the last this week *and*
the real bug must have been in the...

Re: false positive? NVT: Microsoft MS03-034 security check (OID: 1.3.6.1.4.1.25623.1.0.101015) Michael Meyer (Jun 15)
*** Reindl Harald wrote:

,---[ http://openvas.komma-nix.de/nasl.php?oid=101015 ]
| # default NetBIOS udp port
| port = 137;
|
| [...]
|
| soc = open_sock_udp(port);
`----| ^^^

remote-MS03-034.nasl was not touched since 2012-01-09.

Micha

Re: location of scan status/progress in tasks,db Matthew Mundell (Jun 14)
It's also calculated every time.

location of scan status/progress in tasks,db Alexander Rau (Jun 14)
Hi:

Where is the scan status/progress percentage stored in tasks.db? I tried
looking through all tables but can's seem to locate it.

Thanks

Alex

Re: false positive? NVT: Microsoft MS03-034 security check (OID: 1.3.6.1.4.1.25623.1.0.101015) Reindl Harald (Jun 14)
well it seems recent NVT-updates *or* the MS patchday
this week fixed it but it would be interesting to know
what of both it was, as said if it was the windows
update the problem would have been much larger as the
NVT says in respect of a closed port

Am 14.06.2013 20:15, schrieb Reindl Harald:

false positive? NVT: Microsoft MS03-034 security check (OID: 1.3.6.1.4.1.25623.1.0.101015) Reindl Harald (Jun 14)
how can this affcet a full patched Windows Server 2008R2
where netbios-ns (137/tcp) is for sure not open from the
scanner IP as well as any other port of the machine?

not telnet nor nmap confirms 137 open

that would mean OpenVAS is doing something special to get
whatever response from the Windows machine while nmap says
there is no open port which would be much more critical
the the CVE because a major bug in the Windows firewall

Perl Module for OMP Winfried Neessen (Jun 12)
Hi all,

as I wanted to use the OpenVAS CVE reports within a Perl-Script, I thought
it would be useful
to use the OMP such purpose. As there seems no existing Perl-Module for
such task, I took
some time and wrote one.

You can find it on CPAN:
http://search.cpan.org/~wneessen/OpenVAS-OMP_0.04/

Maybe this might be helpful for other users as well.

Regards
Winni

Re: Workflow on inhouse continuous scanning? jelmer de reus (Jun 12)
Did you exclude printers etc. from the IP address range?not all devices like to get tickled ;)Also you can specify a
port list and exclude some of those 'critical' services.

Best regards,Jelmer

_______________________________________________
Openvas-discuss mailing list
Openvas-discuss () wald intevation org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

More Lists

Related Resources

We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.