SecLists.Org Security Mailing List Archive

Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:

Insecure.Org Lists

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

Re: Problem with the ftp-vsftpd-backdoor.nse script(patch) Daniel Miller (Oct 29)
Victor,

Thanks for bringing this up. I'm sorry it took so long to get back to
you; in general, you can get a better response by sending questions
and bugs to dev () nmap org, since several different developers monitor
that list.

The bug you brought up came about when the script was converted to use
the vulns library. I spotted a couple other similar issues, and I
think I fixed them. I'm attaching the patch which will apply to the...

New VA Modules: MSF: 1, Nessus: 8, OpenVAS: 3 New VA Module Alert Service (Oct 29)
This report describes any new scripts/modules/exploits added to Nmap,
Metasploit, Nessus, and OpenVAS since yesterday.

== Metasploit modules (1) ==

e4064279
https://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/fileformat/ms14_060_sandworm.rb
MS14-060 Microsoft Windows OLE Package Manager Code Execution

== Nessus plugins (8) ==

78701 shellshock_mail_agents.nasl...

Optimizing BPF filters Daniel Miller (Oct 29)
I am about to commit 2 changes to the way we call pcap_compile in libnetutil:

diff --git a/libnetutil/netutil.cc b/libnetutil/netutil.cc
index b7727f7..5350660 100644
--- a/libnetutil/netutil.cc
+++ b/libnetutil/netutil.cc
@@ -4069,7 +4069,7 @@ void set_pcap_filter(const char *device, pcap_t
*pd, const char *bpf, ...) {
netutil_fatal("%s called with too-large filter arg\n", __func__);
va_end(ap);

- if (pcap_compile(pd,...

New VA Modules: Nessus: 13, OpenVAS: 2 New VA Module Alert Service (Oct 28)
This report describes any new scripts/modules/exploits added to Nmap,
Metasploit, Nessus, and OpenVAS since yesterday.

== Nessus plugins (13) ==

78693 cisco-sa-20140926-bash-nxos.nasl
http://nessus.org/plugins/index.php?view=single&id=78693
Cisco NX-OS GNU Bash Environment Variable Command Injection
Vulnerability (cisco-sa-20140926-bash) (Shellshock)

78692 oracle_access_manager_cpu_oct_2014.nasl...

Re: [ncat] Listening Unix domain socket and UDP dies on Connect Daniel Miller (Oct 27)
John,

I'm sorry it has taken so long to get back to you on this.
Unfortunately, I'm not able to reproduce the error. Is it still
affecting you?

I'm assuming you meant --udp and not --unix here

In order to better solve your problem, will you please provide some
information about your platform? I don't see EINVAL as a documented
error from connect in the Linux man pages, but I'd assume you are
running Red Hat. What...

Re: Possible bug while using -sY -PY and --data-length. Daniel Miller (Oct 27)
José,

Thank you for the bug report. This is an unfortunate consequence of
the way that --data-length is implemented. TCP does not specify a
payload length in the header, and UDP specifies the length once. SCTP,
on the other hand, specifies the length of each chunk individually;
the SCTP INIT chunk that is sent to accomplish the port scan is one,
and then any random data that is sent because of --data-length is
interpreted as a second chunk....

Re: New WordPress NSE script (http-wordpress-info) Robin Wood (Oct 27)
To speed it up a bit, I've found that on large jobs for the same
client, the sites all tend to use the same set of plugins and base
themes so if you set up caching correctly then after the first site
has been tested the rest will mostly be pulling data from the cache
rather than online.

I agree making it optional is best though, especially as you don't
always have internet access while doing this scanning.

Robin

Re: New WordPress NSE script (http-wordpress-info) peter () hackertarget com (Oct 27)
Hi Robin,

Thanks for the feedback, I had considered using an external source for
vulnerability data. However my main goal was for a very light weight script
that could give a quick overview of multiple WordPress installations. I
have in the past performed large scale WordPress surveys. An external API
lookup would slow down the scanning process.

I will consider adding a script-arg to enable an API call against the DB.

Peter

New VA Modules: OpenVAS: 1 New VA Module Alert Service (Oct 27)
This report describes any new scripts/modules/exploits added to Nmap,
Metasploit, Nessus, and OpenVAS since yesterday.

== OpenVAS plugins (1) ==

r754 2014/gb_missing_httponly_cookie_attribute.nasl
https://wald.intevation.org/scm/viewvco.php/scripts/2014/gb_missing_httponly_cookie_attribute.nasl?root=openvas-nvts&view=markup
Missing httpOnly Cookie Attribute

Re: ssl-enum-ciphers with just hostname fails Kent Fritz (Oct 26)
Works great! Thanks for looking at this!

Kent.

NMAP ignore specific IP range on open port scan command Petr Lázňovský (Oct 26)
Trying to scan larger routed network for devices with port 22 opened, but it look like nmap ignore range
10.12.100.1-254 in list of ranges if there are more than one ranges in the list. Perform few tests yesterday and today
but all with same results. As you may see, first scan contain hosts from given ranges EXCLUDE hosts from range
10.12.100.1-254 but second scan contain hosts from this range (as expected). Devices from range 10.12.100.1-254...

New VA Modules: MSF: 13 New VA Module Alert Service (Oct 26)
This report describes any new scripts/modules/exploits added to Nmap,
Metasploit, Nessus, and OpenVAS since yesterday.

== Metasploit modules (13) ==

f956c8d9
https://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/post/multi/manage/shell_to_meterpreter.rb
Shell to Meterpreter Upgrade

b770745e https://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/encoders/cmd/echo.rb
Echo Command Encoder...

Re: New WordPress NSE script (http-wordpress-info) George Chatzisofroniou (Oct 26)
Hello Peter,

Thanks for contributing. We have http-devframework for finding out the
technology behind the target website. I believe it's better if you
extend the WordPress entry in
nselib/data/http-devframework-fingerprints.lua and make it return more
information (theme & plugins) about the installation.

Let me know if you need any help,

Re: ssl-enum-ciphers with just hostname fails Daniel Miller (Oct 26)
Kent,

Thanks for bearing with me on this. I looked over the packet capture
you sent, and I think I identified the problem: an off-by-one error in
reading TLS records! Here's a 1-line patch to possibly fix the
problem; let me know if this works for you (you may have to manually
make the change depending on line numbers, but the code surrounding it
should not have changed much):

diff --git a/scripts/ssl-enum-ciphers.nse...

Re: ssl-enum-ciphers with just hostname fails Kent Fritz (Oct 25)
I couldn't get top-of-tree to build in my environment, and the latest script
wouldn't run on 6.47, but the patch did apply on the 6.47 version. But
it didn't fix the problem. I'll send you the capture I mentioned off-list.

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.

Nmap Project Seeking Talented Programmers for Google Summer of Code--Last Day to Apply! Fyodor (Mar 20)
Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're...

Nmap Team Launches 5-Gigapixel "Icons of the Web" Project Fyodor (Dec 19)
Fellow Nmap Hackers,

Perhaps you remember in 2010 how we capped off a massive scan of the top
million Internet web sites by creating a giant interactive collage, with
each site scaled by its popularity? Well, I'm happy to report that we
restarted our scanners this year and have launched a brand new and much
improved edition of Icons of the Web at http://nmap.org/favicon/! It's
interesting to see how things have changed in just 3...

Nmap 6.40 Released! New scripts, new signatures, better performance! Fyodor (Aug 19)
Hi Folks. It has been a while since the last stable Nmap release, but
I'm pleased to release Nmap 6.40 and I think you'll consider it worth
the wait! It includes 14 new NSE scripts, hundreds of new OS and
service detection signatures, a new --lua-exec feature for scripting
Ncat, initial support for NSE and version scanning through a chain of
proxies, improved target specification, many performance enhancements
and bug fixes, and much...

Nmap Project Seeking Talented Programmers for Google Summer of Code Fyodor (Apr 26)
Hi Folks. I'm happy to announce that the Nmap Project has again been
accepted into the Google Summer of Code program. This innovative and
extraordinarily generous program provides $5,000 stipends to college and
graduate students who spend the summer improving Nmap! They gain valuable
experience, get paid, strengthen their résumés, and write code for millions
of users.

Previous SoC students helped create the Nmap Scripting Engine, Zenmap...

Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. It higher traffic than other lists, but the relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

MS08-067 strikes again. Now ATM SCADA StrangeLove (Oct 29)
Slides and demo Black Hat EU report on ATM security.

http://scadastrangelove.blogspot.com/2014/10/different-type-of-scada.html

SEC Consult SA-20141029-1 :: Persistent cross site scripting in Confluence RefinedWiki Original Theme SEC Consult Vulnerability Lab (Oct 29)
SEC Consult Vulnerability Lab Security Advisory < 20141029-1 >
=======================================================================
title: Persistent cross site scripting
product: Confluence RefinedWiki Original Theme
vulnerable version: 3.x - 4.0.x
fixed version: 4.0.12
impact: high
homepage: http://www.refinedwiki.com/
found: 2014-08-07
by: Manuel...

SEC Consult SA-20141029-0 :: Multiple critical vulnerabilities in Vizensoft Admin Panel SEC Consult Vulnerability Lab (Oct 29)
SEC Consult Vulnerability Lab Security Advisory < 20141029-0 >
=======================================================================
title: Multiple critical vulnerabilities
product: Vizensoft Admin Panel
vulnerable version: 2014
fixed version: -
impact: critical
homepage: http://www.vizensoft.com
found: 2014-07-10
by: A. Antukh, A. Baranov...

Go Home WP-API, You're Drunk... Scott Arciszewski (Oct 29)
... or more accurately, asleep at the wheel!
_______________________________________________________
_________/ STORY TIME (feel free to skip this if you don't care) \__________
| |
| Recently, I made a quick analysis of all of the public projects listed |
| on HackerOne....

DAVOSET v.1.2.1 MustLive (Oct 28)
Hello participants of Mailing List.

After making public release of DAVOSET
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html),
I've made next update of the software. At 23rd of October DAVOSET v.1.2.1
was released - DDoS attacks via other sites execution tool
(http://websecurity.com.ua/davoset/).

Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I

Also yesterday I opened a...

CVE-2014-2718: ASUS wireless router updates are vulnerable to a MITM attack David Longenecker (Oct 28)
The ASUS RT- series of wireless routers rely on an easily manipulated
process to determine if a firmware update is available, and to retrieve the
necessary update binary. In short, the router downloads via clear-text a
file from http://dlcdnet.asus.com, parses it to determine the latest
firmware version, then downloads (again in the clear) a binary file
matching that version number from the same web site. No HTTP = no assurance
that the site on...

CVE-2014-7178 - Remote Command Execution in Enalean Tuleap Portcullis Advisories (Oct 28)
Vulnerability title: Tuleap <= 7.4.99.5 Remote Command Execution in Enalean Tuleap
CVE: CVE-2014-7178
Vendor: Enalean
Product: Tuleap
Affected version: 7.4.99.5 and earlier
Fixed version: 7.5
Reported by: Jerzy Kramarz

Details:

Tuleap does not validate the syntax of the requests submitted to SVN handler pages in order to validate weather request
passed to passthru() function are introducing any extra parameters that would be executed in the...

CVE-2014-7177 - External XML Entity Injection in Enalean Tuleap Portcullis Advisories (Oct 28)
Vulnerability title: Tuleap <= 7.2 External XML Entity Injection in Enalean Tuleap
CVE: CVE-2014-7177
Vendor: Enalean
Product: Tuleap
Affected version: 7.2 and earlier
Fixed version: 7.4.99.5
Reported by: Jerzy Kramarz

Details:

A multiple XML External Entity Injection has been found and confirmed within the software as an authenticated user.
Successful attack could allow an authenticated attacker to access local system files. The following...

CVE-2014-7176 - Authenticated Blind SQL Injection in Enalean Tuleap Portcullis Advisories (Oct 28)
Vulnerability title: Tuleap <= 7.4.99.5 Authenticated Blind SQL Injection in Enalean Tuleap
CVE: CVE-2014-7176
Vendor: Enalean
Product: Tuleap
Affected version: 7.4.99.5 and earlier
Fixed version: 7.5
Reported by: Jerzy Kramarz

Details:

SQL injection has been found and confirmed within the software as an authenticated user. A successful attack could
allow an authenticated attacker to access information such as usernames and password hashes...

CVE-2014-4974 - Kernel Memory Leak in ESET Multiple Windows Products Portcullis Advisories (Oct 28)
Vulnerability title: Kernel Memory Leak in ESET Multiple Windows Products
CVE: CVE-2014-4974
Vendor: ESET
Product: Multiple Windows Products
Affected version: 5.0 - 7.0
Fixed version: Build 1212
Reported by: Kyriakos Economou

Details:

The latest, and earlier versions, of ESET Smart Security and ESET Endpoint Security products for Windows XP OS allow
any local user to leak privileged information from kernel memory by exploiting a vulnerability...

Google Youtube - Filter Bypass & Persistent Vulnerability [9-5942000004564] (PoC Video Demonstration) Vulnerability Lab (Oct 27)
Document Title:
===============
Google Youtube - Filter Bypass & Persistent Vulnerability [9-5942000004564] (PoC Video Demonstration)

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=1352

Google Security ID: [9-5942000004564]

View: https://www.youtube.com/watch?v=656LM9zGLxc

Article:
http://vulnerability-db.com/magazine/articles/2014/10/25/google-youtube-persistent-cross-site-vulnerability-demonstration-video...

Folder Plus v2.5.1 iOS - Persistent Item Vulnerability Vulnerability Lab (Oct 27)
Document Title:
===============
Folder Plus v2.5.1 iOS - Persistent Item Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1348

Release Date:
=============
2014-10-24

Vulnerability Laboratory ID (VL-ID):
====================================
1348

Common Vulnerability Scoring System:
====================================
3.5

Product & Service Introduction:...

Apple iOS v8.0.2 - Silent Contact Denial of Service Vulnerability Vulnerability Lab (Oct 27)
Document Title:
===============
Apple iOS v8.0.2 - Silent Contact Denial of Service Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1324

Video: http://www.vulnerability-lab.com/get_content.php?id=1333

Article:
http://vulnerability-db.com/magazine/articles/2014/10/22/apple-ios-v802-silent-contact-0day-vulnerability-denial-service

Release Date:
=============
2014-10-23

Vulnerability...

WebDisk+ v2.1 iOS - Code Execution Vulnerability Vulnerability Lab (Oct 27)
Document Title:
===============
WebDisk+ v2.1 iOS - Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1349

Release Date:
=============
2014-10-23

Vulnerability Laboratory ID (VL-ID):
====================================
1349

Common Vulnerability Scoring System:
====================================
9.1

Product & Service Introduction:
===============================...

iFileExplorer v6.51 iOS - File Include Web Vulnerability Vulnerability Lab (Oct 27)
Document Title:
===============
iFileExplorer v6.51 iOS - File Include Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1345

Release Date:
=============
2014-10-22

Vulnerability Laboratory ID (VL-ID):
====================================
1345

Common Vulnerability Scoring System:
====================================
5.4

Product & Service Introduction:...

Other Excellent Security Lists

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

CVE-2014-8399 SQL Injection in NuevoLabs flash player for clipshare research (Oct 29)
Nuevolabs Nuevoplayer for clipshare SQL Injection
=======================================================================

:: ADVISORY SUMMARY ::
Title: Nuevolabs Nuevoplayer for clipshare Sql Injection
Vendor: NUEVOLABS (www.nuevolabs.com)
Product: NUEVOPLAYER for clipshare
Credits: Cory Marsh - protectlogic.com
Discovery: 2014-10-10
Release: 2014-10-28

Nueovplayer is a popular flash video player with integration into multiple...

SEC Consult SA-20141029-1 :: Persistent cross site scripting in Confluence RefinedWiki Original Theme SEC Consult Vulnerability Lab (Oct 29)
SEC Consult Vulnerability Lab Security Advisory < 20141029-1 >
=======================================================================
title: Persistent cross site scripting
product: Confluence RefinedWiki Original Theme
vulnerable version: 3.x - 4.0.x
fixed version: 4.0.12
impact: high
homepage: http://www.refinedwiki.com/
found: 2014-08-07
by: Manuel...

SEC Consult SA-20141029-0 :: Multiple critical vulnerabilities in Vizensoft Admin Panel SEC Consult Vulnerability Lab (Oct 29)
SEC Consult Vulnerability Lab Security Advisory < 20141029-0 >
=======================================================================
title: Multiple critical vulnerabilities
product: Vizensoft Admin Panel
vulnerable version: 2014
fixed version: -
impact: critical
homepage: http://www.vizensoft.com
found: 2014-07-10
by: A. Antukh, A. Baranov...

Multiple vulnerabilities in EspoCRM High-Tech Bridge Security Research (Oct 29)
Advisory ID: HTB23238
Product: EspoCRM
Vendor: http://www.espocrm.com
Vulnerable Version(s): 2.5.2 and probably prior
Tested Version: 2.5.2
Advisory Publication: October 8, 2014 [without technical details]
Vendor Notification: October 8, 2014
Vendor Patch: October 10, 2014
Public Disclosure: October 29, 2014
Vulnerability Type: PHP File Inclusion [CWE-98], Improper Access Control [CWE-284], Cross-Site Scripting [CWE-79]
CVE References:...

[ MDVSA-2014:212 ] wget security (Oct 29)
_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:212
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : wget
Date : October 29, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated...

[ MDVSA-2014:211 ] wpa_supplicant security (Oct 29)
_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:211
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : wpa_supplicant
Date : October 29, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...

[security bulletin] HPSBUX03159 SSRT101785 rev.1 - HP-UX kernel, Local Denial of Service (DoS) security-alert (Oct 29)
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04491186

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04491186
Version: 1

HPSBUX03159 SSRT101785 rev.1 - HP-UX kernel, Local Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2014-10-28
Last Updated:...

[SECURITY] [DSA 3050-2] xulrunner update Moritz Muehlenhoff (Oct 29)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3050-2 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
October 28, 2014 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : iceweasel
CVE ID : CVE-2014-1574 CVE-2014-1576...

phpfusion (Search Page) Denial of Service Vulnerability iedb . team (Oct 28)
phpfusion All version suffers from a denial of service vulnerability.

#!/usr/bin/perl
#################################
#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@
# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@
#...

[ MDVSA-2014:210 ] mariadb security (Oct 28)
_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2014:210
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : mariadb
Date : October 28, 2014
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:...

IEEE Technically Co-sponsored - Third International Conference on Digital Information, Networking, and Wireless Communications || RUSSIA liezelle (Oct 28)
All the papers will be submitted to IEEE for potential inclusion to IEEE
Xplore as well as other Abstracting and Indexing (A&I) databases.
========================================================================
CALL FOR PAPERS
The Third International Conference on Digital Information,
Networking, and Wireless Communications (DINWC2015)
February 3-5, 2015
University of Synergy...

[security bulletin] HPSBST03160 rev.1 - HP XP Command View Advanced Edition running Apache Struts, Remote Execution of Arbitrary Code security-alert (Oct 28)
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04473828

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04473828
Version: 1

HPSBST03160 rev.1 - HP XP Command View Advanced Edition running Apache
Struts, Remote Execution of Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....

[security bulletin] HPSBHF03156 rev.1 - HP TippingPoint Intrusion Prevention System (IPS) Local Security Manager (LSM) running SSL, Remote Disclosure of Information security-alert (Oct 28)
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04487990

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04487990
Version: 1

HPSBHF03156 rev.1 - HP TippingPoint Intrusion Prevention System (IPS) Local
Security Manager (LSM) running SSL, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted...

Re: vulnerabilities in libbfd (CVE-2014-beats-me) Mike Frysinger (Oct 28)
a few have been reported recently, but not sure if this is the same one. best
to file a bug on sourceware.org/bugzilla/ and as people walk through the
reports, collapse as needed.

sure, but honestly, invoking bfd in any sort of security sensitive context is a
terrible terrible idea. it's full of range issues like this (by nature of its
job), and will continue to be so. unless we switch to a language like python
where exceeding...

Google Youtube - Filter Bypass & Persistent Vulnerability [9-5942000004564] (PoC Video Demonstration) Vulnerability Lab (Oct 28)
Document Title:
===============
Google Youtube - Filter Bypass & Persistent Vulnerability [9-5942000004564] (PoC Video Demonstration)

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=1352

Google Security ID: [9-5942000004564]

View: https://www.youtube.com/watch?v=656LM9zGLxc

Article:
http://vulnerability-db.com/magazine/articles/2014/10/25/google-youtube-persistent-cross-site-vulnerability-demonstration-video...

Security Basics — A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.

Advanced Android & iOS Hands-on Exploitation Training at Toorcon San Diego Aditya Gupta (Oct 03)
Hello everyone,

I'm Aditya from Attify. I'm glad to announce that, I'll be running a
2-day class on Android,
iOS and ARM Hands-on Exploitation at Toorcon 2014 in San Diego this
October. The training will focus on a hands-on approach to find vulns
and exploit them on mobile applications as well as the platform as
well.

All the exercises will be performed on a customised Mobile
Exploitation training distro and on a set of...

SecurityXploded 2nd Quarterly Meet Presentations and Video demos Monnappa KA (Sep 29)
Hi All,

The presentations and video demos from our recently concluded Second
‘SecurityXploded Quarterly Meet’ is now online. Thanks to all people
who took time out of their busy schedule and attended the meet.
Special thanks to ThoughtWorks for providing us with the venue.

Link to the presentations
http://securitytrainings.net/securityxploded-2nd-quarterly-meet-27th-sep-2014/

Thanks,
Monnappa...

Upcoming SecurityXploded Meet - 27th September, Bangalore, India Monnappa KA (Sep 24)
Hi All,

Friendly Reminder,

Upcoming SecurityXploded community meet on 27th
September 2014 in Bangalore, India. This meet is completely free and
doesn’t require any registration or any other formalities to attend.
The meet will start at 10 AM IST.

After the meet, we will upload the presentations/videos for our online
users to our website.

Talks:

10:00-10:30 – Introduction – SecurityXploded Team
10:30-11:15 – Dissecting BetaBot –...

Deadline Approaching: InfoSec2014 - Information Security and Cyber Forensics - Malaysia jackie (Sep 11)
The International Conference on Information Security and Cyber Forensics
(InfoSec2014)

Universiti Sultan Zainal Abidin (UniSZA), Kuala Terengganu, Malaysia
October 8-10, 2014 | infosec () sdiwc net
http://sdiwc.net/conferences/2014/infosec2014/

All registered papers will be included in the publisher's Digital
Library.
================================================================

The conference aims to enable researchers build...

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

Re: Shameless plug: OWASP Board Elections Robin Wood (Oct 28)
I'll have a look at that. I thought I'd got my head around the
vulnerability then watch the first video and realised that I'd only
got half of it, really need time now to lab it all up and test it out.

Sounds good, the more posts the better it will be.

It would be good to keep it here as it already lands in lots of
inboxes and to collect that number of users again will be hard. We are
in touch with someone at Symantec who says...

Re: Shameless plug: OWASP Board Elections Seth Art (Oct 27)
Robin,

Thanks so much for the kind words about my talk. I gave an extended
version of my talk this past weekend at BSidesDC, and the video just
posted a few hours ago: https://www.youtube.com/watch?v=v5DIcAtnKRU.
The BSidesDC version includes a demo at the end which will hopefully
give people an idea of what is required to go from finding this
vulnerability to exploiting it.

Back to the real point of this thread: I also would love for this...

Administrivia: Trouble Ticket Systems subscribing to this list and unsubscribe requests Andrew van der Stock (Oct 23)
Hi there,

I have become aware of a number of you subscribing trouble ticketing
systems to this mail list. Robin (@digininja) has managed to find
someone to start helping us.

I will - with some luck - be getting access to the admin panel, and if
that happens, I will be unsubscribing any trouble ticketing systems
subscribed to this list. You may not realise this, but it creates a
lot of workload everytime I get messages about waiting for customer...

Re: Shameless plug: OWASP Board Elections Brian Zaugg (Oct 23)
Here! Here! I like the idea of making the list more active and useful.
And, a good article on cross-domain policy and CSRF is a great start.

Brian

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

Re: unsubscribing from the list Andrew van der Stock (Oct 22)
Hi all,

If you want to get off the list, an easier way is to visit the
following page, enter your e-mail address twice, and click the
checkbox for webappsec down the bottom left and click submit. In a few
seconds, you'll have an unsubscribe e-mail. Reply to that and you're
off the list.

http://www.securityfocus.com/archive/

I hate to see folks go, but I do realise that positions and interest
change, particularly for an ancient list...

unsubscribing from the list Robin Wood (Oct 22)
Seeing as quite a few people have mailed me directly asking to
unsubscribe from the list I want to point to these entries which are
in the headers of every mail sent out by the list.

List-Id: <webappsec.list-id.securityfocus.com>
List-Post: <mailto:webappsec () securityfocus com>
List-Help: <mailto:webappsec-help () securityfocus com>
List-Unsubscribe: <mailto:webappsec-unsubscribe () securityfocus com>
List-Subscribe:...

Re: Shameless plug: OWASP Board Elections maestro (Oct 22)
I can second what Robin said.

Also, OWASP news might not be out of place here. I follow this list but I don’t really follow OWASP closely and I never
would have heard a thing about any elections or anything otherwise. I’m obviously not a member but stuff like this
helps generate interest, I think.

Not bad for a shameless plug.

maestro

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers...

Re: Shameless plug: OWASP Board Elections Robin Wood (Oct 22)
Hi
I'd love to see the list going again and getting more use. I think my
reason for not using it is that it isn't being used so I forget about
it, it needs traffic to gain some traction and remind people it
exists.

I'll make sure that I post some questions when they come up, see if we
can get it moving again.

As a start, I've just watched this brilliant explanation of why an
open crossdomain policy file is bad, I'd...

Shameless plug: OWASP Board Elections Andrew van der Stock (Oct 21)
Hi there,

Apologies for complete self interest where the list admin (me) pushes
a personal interest (OWASP). However, I believe the Open Web
Application Security Project is on topic for the web application
security mail list, and I wouldn't normally do it (you can check -
I've been moderator since 2004), but it's important.

Beyond the plug below - I am very interested in ways we can revitalise
this list. I don't know about...

CFP COMCOM, Elsevier: Special Issue on Security and Privacy in Unified Communications: Challenges and Solutions, Manuscript Due October 31, 2014 Georgios Karopoulos (Oct 21)
[Apologies if you receive multiple copies of this message]

========================================================================

*Call for Papers*

Computer Communications Journal, Elsevier
(Current Impact Factor: 1.352)

Special Issue on:
Security and Privacy in Unified Communications: Challenges and Solutions

Direct Link:...

CFP COMCOM, Elsevier: Special Issue on Security and Privacy in Unified Communications: Challenges and Solutions, Manuscript Due October 31, 2014 Georgios Karopoulos (Oct 07)
[Apologies if you receive multiple copies of this message]

========================================================================

*Call for Papers*

Computer Communications Journal, Elsevier
(Current Impact Factor: 1.352)

Special Issue on:
Security and Privacy in Unified Communications: Challenges and Solutions

Direct Link:...

OWASP Xenotix XSS Exploit Framework v6 Released Ajin Abraham (Sep 15)
Hi All,
Xenotix provides Zero False Positive XSS Detection by
performing the Scan within the browser engines where in real world,
payloads get reflected. Xenotix Scanner Module is incorporated with 3
intelligent fuzzers to reduce the scan time and produce better
results. If you really don't like the tool logic, then leverage the
power of Xenotix API to make the tool work like you wanted it to be.

See What's new!...

t2’14 Challenge to be released 2014-09-13 10:00 EEST Tomi Tuominen (Sep 07)
Running assets is always difficult, however this year has been excruciating for t2 infosec. We lost one of our most
prized and well placed deep cover operatives in a foreign three letter agency. Shortly after the CFP, communications
stopped and we have to assume her new assignment is a permanent placement at a black site somewhere in Eastern Europe.

Luckily for us, the person was able to exfiltrate a key piece of an intelligence analysis...

Arachni v1.0 (WebUI v0.5) has been released (Open Source Web Application Security Scanner Framework) Tasos Laskos (Sep 01)
Hey folks,

There's a new version of Arachni, an Open Source, modular and high-performance
Web Application Security Scanner Framework written in Ruby.

This release makes Arachni the first F/OSS system to have support for a browser
environment, allowing it to handle modern web applications which make use of
technologies such as HTML5/DOM/JavaScript/AJAX.

The new scan engine has been benchmarked (WIVET v3 and WAVSEP v1.5) higher than
even...

IJDSN - Special Issue on Research Advances in Security and Privacy for Smart Cities Georgios Kambourakis (Aug 08)
International Journal of Distributed Sensor Networks (IF 0.923)
Special Issue on Research Advances in Security and Privacy for Smart Cities

*** SUBMISSION DEADLINE EXTENDED TO Sept. 19, 2014 ***

Security for smart cities is considered to embrace both urban security
subsystems and infrastructure security ones. So, while urban security
and privacy are mostly concerned with the prevention of crime and the
facilitation of services provided to...

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

INNUENDO Outlook Channel Video! Dave Aitel (Oct 28)
https://vimeo.com/110185867 <https://vimeo.com/110185867>

Above is a link for a video demonstrating the Outlook channel for
INNUENDO. Many of our clients are doing penetration tests against big
financials and other "Fortune 50's" or military agencies and the like,
and getting command and control to work properly in an environment that
is defended by WebSense, proper exfiltration filters, and all the other
defenses a Fortune...

Re: I am the reason we cannot have nice things on the Internet. Parity (Oct 28)
The list of toxic effects of the (global) intelligence community's meddling
in the (global) IT industry affairs goes on ad nauseum. To Thomas' list we
can also add the actual weakening of the security of technology products &
services, the gagging of technology & telecom businesses w/r/t compulsive
cooperation with LE & intelligence agencies in any number of jurisdictions,
and all of the concomitant damage done the their...

Re: Ekoparty 2014 Thomas Lim (Oct 28)
i do not know if my post will see daylight as Dave has not been posting
my reply to DD for a while ;)

Nico is spot on. Back in 2012 when i keynoted at Infiltrate, that was
the main message that i sent out. there is a gut of security conferences
and not enough good talks to go around. i can understand why people want
to organise a security con in their own cities. they do it for their
community. that's very admirable and should be supported....

Re: I am the reason we cannot have nice things on the Internet. dan (Oct 28)
Michal,

Precisely as you say, anyone who cares to complain has a duty to
suggest alternatives to what they are complaining about. Otherwise
they are engaging in mere cant.

Without in any way trying to say I have "the answer," your point
in this sentence, "[I]n the world of international affairs, there
are very few real rules, and very little to be gained by taking
a principled stand" is exactly what I was getting at in my...

Ekoparty 2014 Nicolas Waisman (Oct 27)
For those who dont know, EKO stand for Electronic Knock Out. In 1992
AD, back when people where painting their nails black, it used to have
a darkest meaning but i swear with my life not to reveal it.

With the increasing amount of new conference, each of them are
struggling to achieve that unique experience feeling but most of them
fail. I think is a combination of the city, the venue, the people and
the effort the organize put to make all of...

Re: I am the reason we cannot have nice things on the Internet. Thomas Quinlan (Oct 23)
It's late & I'm scratching this out on my phone, but the problem may
actually be four-fold. My last two points, plus:

3 - Parallel Reconstruction. This is quite scary. It undermines basic legal
tenets that we've had for hundreds of years. Additionally, people aren't
even doing it well. A leaky captcha? Please, anyone with a modicum of
understanding about how things work saw right through that.

4 - Targeting...

Re: I am the reason we cannot have nice things on the Internet. Thomas Quinlan (Oct 23)
I don't know anything about anything past my (now expired?) US Secret
Clearance. The issue as I see it is that regardless of right / wrong, the
bigger issue is trust. No one can trust the NSA and what it has to say.
It's not just a matter of the fact that it's a spook organisation. The
issue is two-fold:

1 - "We constantly save you but won't tell you from what or how." The boy
who cried wolf at least told us...

Re: I am the reason we cannot have nice things on the Internet. Michal Zalewski (Oct 23)
Oh boy!

So... I'm decidedly ambivalent toward Edward Snowden. I found some of
his disclosures troubling; but I also felt that many more of them
were reported in a misguided way, ultimately unsurprising, and
probably deeply harmful to the US.

I am also an unabashed westerner. Having grown up in a culturally
western country turned into a Soviet satellite state, I am very
pragmatic in seeing the US as a force for good - and compared to the...

Re: I am the reason we cannot have nice things on the Internet. Andreas Lindh (Oct 22)
Dave,

I read that piece and thought it was quite well written. I also think that
you¹re wrong on several accounts.

First of all, the US is not the Internet. Saying that it¹s a good thing
that the US has "the most sophisticated cyber arsenal of any other country
on the planet² is just irrelevant in this context. You are addressing the
claim that the US is the biggest threat to the Internet, not to other
countries who happen to have a...

I am the reason we cannot have nice things on the Internet. Dave Aitel (Oct 22)
Article that dropped today. I have learned from the comments that I am
the reason we cannot have nice things:
http://www.businessinsider.com/expert-here-are-4-things-edward-snowden-gets-wildly-wrong-about-the-nsa-2014-10

Prepub Review Document:
https://pbs.twimg.com/media/B0jFP8bCQAA_jxQ.jpg:large

Next week I'm going to give a talk here, available for beers/heckling!...

James Mickens and DJB Dave Aitel (Oct 20)
DJB's talk here: http://cr.yp.to/talks/2014.10.18/slides-djb-20141018-a4.pdf
Is like a much longer, more detailed, much less funny version of James
Micken's talk here: http://vimeo.com/95066828

Both of them are important to watch. This is your weekly reminder to
watch James' talk again!

-dave

Re: The Blue Pill of Threat Intelligence Curt Wilson (Oct 20)
It seems to me that leveraging internal telemetry for accurate and relevant
threat intelligence should be the first step. Anomalous traffic from a
central management server for PoS infrastructure to unknown FTP servers
should be a big red flag, for example. Implementing the proper
instrumentation and maintaining it adequately I would think should be a
priority.

I think back to one of the targeted threats -I believe it may have been
Duqu - that...

Re: The Blue Pill of Threat Intelligence Harry Hoffman (Oct 20)
Most of what I've seen is that the various threat intelligence feeds are
used more in line with how BL filters are used in email systems.

Folks are blocking things out-right based upon a certain confidence
level and then allowing the rest into their networks.

It doesn't mean that the traffic that wasn't on the BL doesn't get
inspected, it simply means there's less traffic to inspect.

Local logs may add to the threat...

Things That Have Already Happened - Cyber Pearl Harbor Dave Aitel (Oct 17)
Huawei is in the news again for trying to hack the NSA. I love this. I
wear my Huawei shirt proudly and often. And fellow DD subscriber Bill
Plummer has this beautiful Zen Koan to say:

“While Huawei <http://www.washingtontimes.com/topics/huawei/> is
challenged to respond to The Washington Times’ vague inquiry, the
suggestion that a globally-proven and trusted $40 billion vender of
commercial telecommunications gear would risk its very...

Re: The Blue Pill of Threat Intelligence Matthew Wollenweber (Oct 17)
Foremost, I love your observation that: "[threat intel products] offers
malware analysis, even though the massively expensive undertaking helps
nobody but the threat intelligence company, as it resells that information
to other customers. I find that who system/approach to be unethical and my
best to keep my employer out of those systems. However, threat intel can be
useful to enterprises in a variety of mechanisms. First, it provides...

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

Re: [Security Weekly] cheap hosting Robin Wood (Sep 23)
Resurrecting an old thread but they now have an affiliate program and I can
issue my own codes so:

20% off all servers AqUVYbUXag
50% off all big dog (whatever that is) 7E9YRUzEZy

After a month with them, their tech support is OK but not great, the server
has stayed up and not had any problems.

Robin

Re: [Security Weekly] projecting in a bight space Jeremy Pommerening (Aug 28)
I would look for a projector with at least 6000 ANSI Lumens or better. A darker screen (grey) may also help.

Jeremy Pommerening

________________________________
From: Robin Wood <robin () digi ninja>
To: Security Weekly Mailing List <pauldotcom () mail securityweekly com>
Sent: Sunday, August 3, 2014 3:42 AM
Subject: [Security Weekly] projecting in a bight space

I've been looking at the venue for next year's...

[Security Weekly] Two Firefox security bugs related to HTTPS ffbugishere (Aug 17)
Hello world!

We need votes for security bugs!

Adding "Security Exception" for self-signed HTTPS sites cannot be done
permanently
https://bugzilla.mozilla.org/show_bug.cgi?id=1050100

Firefox 31 doesn't supports the industry recommended best HTTPS
ciphers
https://bugzilla.mozilla.org/show_bug.cgi?id=1051210

Other browsers should have the same bugs fixed..

p.s.: We are not related to this group, but we think they worth a
penny...

Re: [Security Weekly] Java and Flash decompilers Will Metcalf (Aug 05)
JPEXS is very nice for flash IMHO.

http://www.free-decompiler.com/flash/

Regards,

Will

Re: [Security Weekly] Java and Flash decompilers Bradley McMahon (Aug 05)
I've used flare before to pull apart a flash site for a client.
http://www.nowrap.de/flare.html

-Brad

Re: [Security Weekly] SecurityCenter alternative Steven McGrath (Aug 04)
SC certainly isn’t cheap (as a former SC customer that moved over to Tenable I can attest to that) however I can point
out that the data aggregation, trending, and custom reporting were huge wins in my book. I guess its a time/money
trade-off. How much time do you want to spend either cobbling together a tool or manually aggregating the data when
there is another tool already out there that can do it out of the box.

I can speak in more...

Re: [Security Weekly] Java and Flash decompilers S. White (Aug 04)
A few I've used in the past:

JAD - http://varaneckas.com/jad/ , http://en.wikipedia.org/wiki/JAD_(JAva_Decompiler)

HP SWFscan

Adobe SWF investigator http://labs.adobe.com/technologies/swfinvestigator/

________________________________
From: Robin Wood <robin () digi ninja>
To: Security Weekly Mailing List <pauldotcom () mail securityweekly com>
Sent: Monday, August 4, 2014 5:54 AM
Subject: [Security Weekly] Java and...

[Security Weekly] DoFler @ BSidesLV Steven McGrath (Aug 04)
This will be the 3rd year that DoFler (the Dashboard of Fail) will be at BSidesLV. This year I wrote a new spiffy
interface for maximum trolling. Let’s be honest now, everyone loves to surf for various forms of horrible on the
internet at cons :D. Also added this year is a little vulnerability analysis (using Tenable’s PVS). Every year I try
to improve it a bit based on everyone’s input, and am always welcome to more feedback.

DB...

Re: [Security Weekly] cheap hosting Robin Wood (Aug 04)
Already sorted but thanks for the info.

Re: [Security Weekly] Java and Flash decompilers Nathan Sweaney (Aug 04)
Here are a few others I've used with varying success in the past:

SWFInvestigator - http://labs.adobe.com/technologies/swfinvestigator/
SWFScan - from Rafal Los at HP, though the link has been deleted. (Careful,
I've seen trojaned copies online.)

Re: [Security Weekly] SecurityCenter alternative Paul Asadoorian (Aug 04)
Thanks all for the informative discussion!

I know, I'm jumping in late, some closing thoughts on the subject:

- SecurityCenter has the unique advantage of consolidating plugin
updates, meaning you could have hundred of Nessus scanners deployed in
your organization, and the scanners get the plugin feed from your
SecurityCenter system. The removes the requirement of Internet access
(From the scanners), and greatly eases the administration...

Re: [Security Weekly] SecurityCenter alternative k41zen (Aug 04)
Thanks for all of your help.

We are in discussions with our Tenable contact about solutions for this issue. They’ve helped me out by enabling me to
move forward to at least deploy this into a Pre-Production environment but the costs of SC are a massive stumbling
block; hence my question about something else. Appreciate we have a big Nessus fan base here of which I am a member
too, but just wondered what could be wrapped around it.

I’ll...

Re: [Security Weekly] SecurityCenter alternative Adrien de Beaupre (Aug 04)
Hi,

I have also written a series of script to collect data from tools such as
nmap and nessus to import into MySQL called OSSAMS:
http://www.ossams.com/wp-content/uploads/2011/10/ossams-parser-SecTor-2011.zip
That leaves report writing as a series of SQL queries.
I also have a series of scripts to kick off scans, as well as a command
like XML-RPC nessus client in python if anyone is interested.

Cheers,
Adrien

Re: [Security Weekly] cheap hosting sec list (Aug 04)
Hey Robin,

If you're still looking, might want to try out getclouder.com - they
spin up Linux containers in 5 seconds and use distributed storage, which
is pretty awesome. It's still in beta, so they offer 3 months free
service, but it has been pretty stable so far from my experience.

[Security Weekly] Java and Flash decompilers Robin Wood (Aug 04)
Hi
I'm trying to put together a list of tools for decompiling Flash and Java
apps. From asking on another list I already have:

Java
JD-GUI
Java Decompiler http://jd.benow.ca/jd-gui/downloads/jd-gui-0.3.6.windows.zip.

Java snoop https://code.google.com/p/javasnoop/

Flash
Trillix
Flashbang https://github.com/cure53/Flashbang

Has anyone here got any others they can suggest?

Ideally I'm looking for free stuff but cheap commercial...

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

Microsoft Security Advisory Notification Microsoft (Oct 29)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: October 29, 2014
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (3009008)
- Title: Vulnerability in SSL 3.0 Could Allow Information
Disclosure
-...

Microsoft Security Advisory Notification Microsoft (Oct 21)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: October 21, 2014
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (3010060)
- Title: Vulnerability in Microsoft OLE Could Allow Remote Code
Execution
-...

Microsoft Security Advisory Notification Microsoft (Oct 18)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: October 17, 2014
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (2949927)
- Title: Vulnerability in SSL 3.0 Could Allow Information
Disclosure
-...

Microsoft Security Advisory Notification Microsoft (Oct 16)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: October 15, 2014
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (3009008)
- Title: Vulnerability in SSL 3.0 Could Allow Information
Disclosure
-...

Microsoft Security Advisory Notification Microsoft (Oct 14)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: October 14, 2014
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (3009008)
- Title: Vulnerability in SSL 3.0 Could Allow Information
Disclosure
-...

Microsoft Security Advisory Notification Microsoft (Oct 14)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: October 14, 2014
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (2755801)
- Title: Update for Vulnerabilities in Adobe Flash Player in
Internet Explorer
-...

Microsoft Security Bulletin Re-Releases Microsoft (Oct 14)
********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: October 14, 2014
********************************************************************

Summary
=======
The following bulletin has undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS14-042 - Moderate

Bulletin Information:
=====================

MS14-042 - Moderate

-...

Microsoft Security Bulletin Summary for October 2014 Microsoft (Oct 14)
********************************************************************
Microsoft Security Bulletin Summary for October 2014
Issued: October 14, 2014
********************************************************************

This bulletin summary lists security bulletins released for
October 2014.

The full version of the Microsoft Security Bulletin Summary for
October 2014 can be found at
<https://technet.microsoft.com/library/security/ms14-oct...

Microsoft Security Bulletin Advance Notification for October 2014 Microsoft (Oct 09)
********************************************************************
Microsoft Security Bulletin Advance Notification for October 2014
Issued: October 9, 2014
********************************************************************

This is an advance notification of security bulletins that Microsoft
is intending to release on October 14, 2014.

The full version of the Microsoft Security Bulletin Advance
Notification for October 2014 can be found at...

Microsoft Security Bulletin Minor Revisions Microsoft (Oct 09)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: October 8, 2014
********************************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS14-051 - Critical
* MS14-AUG

Bulletin Information:
=====================

MS14-051 -...

Microsoft Security Bulletin Minor Revisions Microsoft (Oct 02)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: October 2, 2014
********************************************************************

Summary
=======
The following bulletin has undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS14-030 - Important

Bulletin Information:
=====================

MS14-030 - Important

-...

Microsoft Security Bulletin Minor Revisions Microsoft (Sep 25)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: September 24, 2014
********************************************************************

Summary
=======
The following document has undergone a minor revision increment.
Please see the bulletin for more details.

* MS14-049 - Important

Bulletin Information:
=====================

MS14-009 - Important

-...

Microsoft Security Bulletin Minor Revisions Microsoft (Sep 25)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: September 24, 2014
********************************************************************

Summary
=======
The following document has undergone a minor revision increment.
Please see the bulletin for more details.

* MS14-049 - Important

Bulletin Information:
=====================

MS14-009 - Important

-...

Microsoft Security Bulletin Minor Revisions Microsoft (Sep 24)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: September 24, 2014
********************************************************************

Summary
=======
The following documents have undergone a minor revision increment.
Please see the appropriate bulletin or summary for more details.

* MS14-009 - Important
* MS14-feb

Bulletin Information:
=====================...

Microsoft Security Bulletin Re-Releases Microsoft (Sep 23)
********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: September 23, 2014
********************************************************************

Summary
=======
The following bulletin has undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS14-055 - Important

Bulletin Information:
=====================

MS14-055 - Important

-...

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

Modem (?) hacking (?!?) Rob, grandpa of Ryan, Trevor, Devon & Hannah (Oct 28)
Very cute:

http://security.stackexchange.com/questions/56181/hack-into-a-computer-
through-mac-and-ip-address

====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
A teacher is one who makes himself progressively unnecessary.
- Thomas Carruthers
victoria.tc.ca/techrev/rms.htm...

Re: Don't mess with Canadians carrying sticks ... Jeffrey Walton (Oct 24)
I think there's a critical flaw in your logic. I think its the
difference between theory and practice. The rule of law applies to
little folks like you and I; and does not appear to apply to the
oligarchy.

Until the law applies to everyone equally, I'm more than happy to find
satisfaction in the vigilantes.

Too big to jail FTW... Battle evil with a different kind of evil...

Re: Don't mess with Canadians carrying sticks ... Rich Kulawiec (Oct 23)
Agreed. I think this is apropos:

Whoever fights monsters should see to it that in the process
he does not become a monster.
--- Friedrich Nietzsche

---rsk

Re: Don't mess with Canadians carrying sticks ... Valdis . Kletnieks (Oct 23)
On Wed, 22 Oct 2014 21:36:16 -0400, Jeffrey Walton said:

They should either lose elections, or they should end up in a criminal
court and given a fair trial, no matter *how* big a scum they are.

Saying that it's OK for random vigilantes to shoot at them means you've
basically given up the idea of the rule of law.

Meanwhile, where's *our* safety video? Rob, grandpa of Ryan, Trevor, Devon & Hannah (Oct 23)
https://www.youtube.com/watch?v=qOw44VFNk8Y

====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
Only two things are infinite, the universe and human stupidity
and I'm not sure about the former. - Albert Einstein
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links...

Re: Don't mess with Canadians carrying sticks ... Blanchard, Michael (InfoSec) (Oct 23)
" If nothing else, remember that most of them have families that will grieve.
Those politicians need to lose an election. Not a life."

Can't agree more!

Michael P. Blanchard
Principal Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE
Cyber Security Services
EMC ² Corporation
32 Coslin Drive
Southboro, MA 01772

-----Original Message-----
From: funsec [mailto:funsec-bounces () linuxbox org] On Behalf Of Valdis.Kletnieks () vt edu...

Re: Don't mess with Canadians carrying sticks ... Jeffrey Walton (Oct 23)
I should probably agree with you here. Not all of them deserve to be
punished. I would shed a tear for ones with political courage. But
they are very few and far between.

Here's another way to look at the penalty, though: politicians and
their friends commit crimes against the democracy and the people that
would make Bin Laden green with envy. The breadth and depth of their
crimes are unrivaled. Bin Laden himself could not pull off a crime...

Re: Don't mess with Canadians carrying sticks ... Jeffrey Walton (Oct 23)
Reagan was not a good example. Six or so of his senior staff went to
jail after his presidency for their crimes. The investigations stopped
at Bush and Reagan (take a guess why...).

Bin Laden and friends were Reagan's "Freedom Fighters". They were well
funded and well trained. We can thank Reagan and friends for the rise
of the nice folks who are trying to kill us, and who we're trying to
kill now.

Oh, and Reagan was an...

Fwd: TA14-295A: Crypto Ransomware Jeffrey Walton (Oct 23)
This is kind of humorous in a morbid sort of way....

That would make mobile operating systems (iOS, Android, Windows Phone and
Windows RT) ransomware...

Unless, of course, you feel its somehow OK that they deny you use of your
mobile device and deny you updates and security patches until you agree to
data collection, agree to a litany of other obscene terms, join their store
program, provide a credit card, and pay for a developer license to run...

Re: Don't mess with Canadians carrying sticks ... Valdis . Kletnieks (Oct 22)
On Wed, 22 Oct 2014 17:02:14 -0400, Jeffrey Walton said:

Would you bestow honors on the guys who stopped John Hinkly Jr before he
managed to get another bullet into Reagan? How about if somebody had
stopped Lee Harvey Oswald or the guys who shot Ghandi and Benazir Bhutto?

Yes, many of them *are* corrupt, but jumping from there to "Every single
one of them is so corrupt that they don't deserve an attempt to stop
an assassination"...

Re: Don't mess with Canadians carrying sticks ... Jeffrey Walton (Oct 22)
Not sure about this quote from the article, though:

Vickers is being described by many as a hero.

Politicians are usually corrupt to the core. They are more than happy
to take money and peddle influence. I'd much rather see a politician
killed, and I'm not sure I would bestow honors on someone who stopped
it...

Don't mess with Canadians carrying sticks ... Rob, grandpa of Ryan, Trevor, Devon & Hannah (Oct 22)
http://www.theepochtimes.com/n3/1034708-kevin-vickers-sergeant-at-arms-
shoots-a-shooting-suspect-in-ottawa/

====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
Sometimes I think that the patron saint of lawyers ought to be
Pontius Pilate, for surely he said it best: What is truth?
- Sharyn McCrumb...

Top secret US space craft returns after two years Rob, grandpa of Ryan, Trevor, Devon & Hannah (Oct 18)
http://www.telegraph.co.uk/science/space/11171389/Top-secret-US-space-drone-
returns-to-Earth-after-two-year-orbit.html

At least, that's what they'd *like* us to think ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
For any number X which is less than 2^N (for any N), a maximum of
(N + log(N) + log (log(N)))/8 bytes is necessary to...

CarolinaCon-11 call for papers/presenters Vic Vandal (Oct 07)
h4x0rs, stuff breakers, InfoSec pros, g33k girls, international spies, and script kidz,

CarolinaCon-11, also referred to as "The Last CarolinaCon As We Know It", will occur on March 20th-22nd 2015 in Raleigh
NC (USA). We are now officially accepting speaker/paper/demo submissions for the event.

If you are somewhat knowledgeable in any interesting field of hacking, technology, robotics, science, global
thermonuclear war, etc. (but...

The "integrity" side of the triad ... Rob, grandpa of Ryan, Trevor, Devon & Hannah (Oct 04)
Interesting variant on Snopes:

http://www.vancouversun.com/news/Fact+fiction+Website+wants+record+straight/1
0260059/story.html

====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
How good bad music and bad reasons sound when we march against an
enemy. - Friedrich Nietzsche
victoria.tc.ca/techrev/rms.htm...

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

Alert - Upcoming Mail Delivery Changes US-CERT Alerts (May 10)
National Cyber Awareness System
US-CERT Alert - Upcoming Mail Delivery Changes

Thank you for being a subscriber to our US-CERT Alerts product. We
are striving to keep our capabilities at the leading edge of
communication. You may have noticed we've redesigned and upgraded our
website recently and as a part of that process, on May 14th, we are
migrating to GovDelivery as our email subscription service. As a
current subscriber you will...

Current Activity - Upcoming Mail Delivery Changes Current Activity (May 10)
National Cyber Awareness System

Thank you for being a subscriber to our US-CERT Current Activity
product. We are striving to keep our capabilities at the leading edge
of communication. You may have noticed we've redesigned and upgraded
our website recently and as a part of that process, on May 14th, we
are migrating to GovDelivery as our email subscription service. As a
current subscriber you will need to do nothing. You will notice a...

Current Activity - Microsoft Releases Advance Notification for May 2013 Security Bulletin Current Activity (May 09)
National Cyber Awareness System
Microsoft Releases Advance Notification for May 2013 Security Bulletin

Original release date: May 09, 2013

Microsoft has issued a Security Bulletin Advanced Notification
indicating that its May release will contain 10 bulletins. These
bulletins will have the severity rating of critical and important and
will be for Microsoft Windows, Office, Internet Explorer, .NET
Framework, Lync, and Windows Essentials. These...

Current Activity - Adobe Releases Security Advisory for ColdFusion Current Activity (May 09)
National Cyber Awareness System
Adobe Releases Security Advisory for ColdFusion

Original release date: May 09, 2013

Adobe has identified a critical vulnerability affecting ColdFusion 10,
9.0.2, 9.0.1, 9.0, and earlier versions for Windows, Macintosh, and
UNIX. This vulnerability (CVE-2013-3336) could permit an unauthorized
user to remotely retrieve files stored on a server. There are reports
that an exploit of this vulnerability is publicly...

Current Activity - Microsoft Releases Security Advisory for Internet Explorer Current Activity (May 07)
National Cyber Awareness System
Microsoft Releases Security Advisory for Internet Explorer

Original release date: May 07, 2013

Microsoft is investigating public reports of a remote code execution
vulnerability in Internet Explorer 8 and is aware of attacks that
attempt to exploit this vulnerability. This vulnerability may allow an
attacker to execute arbitrary code if a user accesses a specially
crafted website. Microsoft is actively working...

Current Activity - Cisco Releases Security Advisories Current Activity (Apr 25)
National Cyber Awareness System
Cisco Releases Security Advisories

Original release date: April 25, 2013

Cisco has released three security advisories to address vulnerabilities
affecting Cisco NX-OS-based products, Cisco Device Manager, and Cisco
Unified Computing System. These vulnerabilities may allow an attacker to
bypass authentication controls, execute arbitrary code, obtain sensitive
information, or cause a denial-of-service condition....

Current Activity - Apple Releases Security Updates for Safari Current Activity (Apr 18)
National Cyber Awareness System
Apple Releases Security Updates for Safari

Original release date: April 18, 2013

Apple has released security updates for Safari 6.0.4 WebKit to address
multiple vulnerabilities. These vulnerabilities could allow a remote
attacker to execute arbitrary code or cause a denial-of-service
condition.

Safari 6.0.4 WebKit updates are available for the following versions:
* OS X Lion v10.7.5
* OS X Lion Server v10.7.5...

Alert TA13-107A: Oracle has released multiple updates for Java SE US-CERT Alerts (Apr 18)
National Cyber Awareness System
TA13-107A: Oracle has released multiple updates for Java SE

Original release date: April 17, 2013

Systems Affected

* JDK and JRE 7 Update 17 and earlier
* JDK and JRE 6 Update 43 and earlier
* JDK and JRE 5.0 Update 41 and earlier
* JavaFX 2.2.7 and earlier

Overview

Oracle has released a Critical Patch Update (CPU) for Java SE. Oracle
strongly recommends that customers apply CPU fixes as soon as possible....

Current Activity - Scams Exploiting Boston Marathon Explosion Current Activity (Apr 17)
National Cyber Awareness System
Scams Exploiting Boston Marathon Explosion

Original release date: April 17, 2013

Malicious actors are exploiting the April 15 explosions at the Boston
Marathon in attempts to collect money intended for charities and to
spread malicious code. Fake websites and social networking accounts have
been set up to take advantage of those interested in learning more
details about the explosions or looking to contribute to...

Current Activity - Malicious Actors May Take Advantage of Boston Marathon Explosion Current Activity (Apr 17)
National Cyber Awareness System
Malicious Actors May Take Advantage of Boston Marathon Explosion

Original release date: April 17, 2013

Historically, scammers, spammers, and other malicious actors capitalize
on major news events by registering domain names related to the events.
Malicious actors may attempt to exploit the April 15, 2013 explosions at
the Boston Marathon in this way. Some may use fake domains to take
advantage of those interested...

Current Activity - Oracle Releases April 2013 Security Advisory Current Activity (Apr 17)
National Cyber Awareness System
Oracle Releases April 2013 Security Advisory

Original release date: April 17, 2013

Oracle has released its Critical Patch Update for April 2013 to address
128 vulnerabilities across multiple products. This update contains the
following security fixes:
* 4 for Oracle Database Server
* 29 for Oracle Fusion Middleware
* 6 for Oracle E-Business Suite
* 3 for Oracle Supply Chain Products Suite
* 11 for Oracle...

Current Activity - WordPress Sites Targeted by Mass Brute-force Botnet Attack Current Activity (Apr 15)
National Cyber Awareness System
WordPress Sites Targeted by Mass Brute-force Botnet Attack

Original release date: April 15, 2013

US-CERT is aware of an ongoing campaign targeting the content management
software WordPress, a free and open source blogging tool and web
publishing platform based on PHP and MySQL. All hosting providers
offering WordPress for web content management are potentially targets.
Hackers reportedly are utilizing over 90,000...

Current Activity - Microsoft Releases April 2013 Security Bulletin Current Activity (Apr 09)
National Cyber Awareness System
Microsoft Releases April 2013 Security Bulletin

Original release date: April 04, 2013 | Last revised: April 09, 2013

Microsoft has released updates to address vulnerabilities in Microsoft
Windows, Office, Internet Explorer, Server Software, and Security
Software as part of the Microsoft Security Bulletin summary for April
2013. These vulnerabilities could allow remote code execution, elevation
of privilege,...

Current Activity - Microsoft Releases Advance Notification for April 2013 Security Bulletin Current Activity (Apr 04)
National Cyber Awareness System
Microsoft Releases Advance Notification for April 2013 Security Bulletin

Original release date: April 04, 2013

Microsoft has issued a Security Bulletin Advance Notification indicating
that its April release will contain nine bulletins. These bulletins will
have the severity rating of critical and important and will be for
Microsoft Windows, Office, Internet Explorer, Server Software, and
Security Software. These...

Current Activity - Mozilla Releases Multiple Updates Current Activity (Apr 03)
National Cyber Awareness System
Mozilla Releases Multiple Updates

Original release date: April 03, 2013

The Mozilla Foundation has released updates to address multiple
vulnerabilities. These vulnerabilities could allow an attacker to
initiate a cross-site scripting attack or obtain sensitive information,
enable privilege escalation or execute arbitrary code, or cause a
denial-of-service condition.

Updates to the following products are...

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Michal Zalewski (Oct 30)
Possibly. I've been having my posts to the list dropped for many
months, unable to get ahold of anyone who could fix or diagnose the
problem. I eventually figured out that cross-posting to BUGTRAQ and
F-D causes the posts to end up in their spam folder. If that's true
for everybody, that's hilarious.

But even if I don't cross-post, it usually takes 3+ days for things to
go through, and the number of bounces you get in...

Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Dave Horsfall (Oct 29)
It could be because they're hosted at Security Focus, whose mailserver
could best be described as erratic. It doesn't like long banners or greet
pauses (both anti-spammer defences) and retries frequently, as if that
will make any difference. I'm told that this is a "feature" of Qmail
(along with its other antisocial habits).

Oddly enough, I do receive the occasional BugTraq message, so sometimes it
works, hence my...

Re: CVE-2014-3690: KVM DoS triggerable by malicious host userspace Andy Lutomirski (Oct 29)
As promised, here's the exploit.

I didn't really feel like writing a self-contained test case to
initialize a KVM vCPU, so I turned QEMU into an exploit instead. Apply
the attached patch to QEMU, build it, and run it (qemu-system-x86_64
-machine accel=kvm).

--Andy

Message-Id: <3689fa9aa528efc759ce9089454d1185d9bf29ae.1412696684.git.luto () amacapital net>
From: Andy Lutomirski <luto () amacapital net>
Date: Tue, 7 Oct...

Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Michal Zalewski (Oct 29)
Or just require an accompanying explanation. But FD is as much of a
watering hole and has a long history of fake exploits being posted...
I think we could survive.

(BUGTRAQ, too, although that list seems to be in a pretty bad shape
these days and perhaps its days are numbered).

Re: Request cve for imagemagick security problem (DOS) Hanno Böck (Oct 29)
Am Wed, 29 Oct 2014 16:17:09 +0100
schrieb Bastien ROUCARIES <roucaries.bastien () gmail com>:

This imagemagick release fixes also three issues I detected via
zzuf+asan.

I haven't found the time yet to write proper disclosures yet:
Out-of-bound memory error in resize code is CVE-2014-8354
Out-of-bound memory error in PCX decoder is CVE-2014-8355
Out-of-bound memory error in DCM decode has no CVE yet (if CVE
assigners read this they...

Request cve for imagemagick security problem (DOS) Bastien ROUCARIES (Oct 29)
Hi,

I request a CVE indentifier for imagemagick.

Removing profile from jpg image create infinite loop with at least
6.8.9.6 version.

Version 6.7.7.10 is not affected.

Version 6.8.9.9 and more recent are fixed.

You could lead to do by doing convert test.jpg +profile '!icc,*' out.jpg

I could be exploited through imagick and thus maybe remotly exploitable.

Moreinformation https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=764872
and...

Re: ftp(1) can be made execute arbitrary commands by malicious webserver cve-assign (Oct 29)
Use CVE-2014-8517.

Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Kurt Seifried (Oct 29)
For example using something like metasploit the code would (in theory)
be more radable and anything hidden/obfuscated would stick out. My vote
would be to require well written nmap scripts or metasploit modules that
don't contain obfuscated code/etc. This would also make getting them to
work simpler (no use of weird one off CPAN modules or specific versions
of some obscure python thing, etc.).

Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Alexander Cherepanov (Oct 29)
This is an interesting question but how "fully working exploits" differ
from "testcases that exercise the flaw" in this regard?

Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Kurt Seifried (Oct 28)
Will someone/people vet the exploits to make sure they are not trojan
horses/self harming (e.g. the rm -rf * embedded in it somewhere?).
Strikes me as a heck of a watering hole attack potentially (and yes,
list members should know better, but ... yeah).

Re: ftp(1) can be made execute arbitrary commands by malicious webserver Stuart Henderson (Oct 28)
BTW, I changed OpenBSD's ftp(1) a while ago to just use the "filename"
part of the original request, rather than taking a name from the
redirection target (this also matches what curl -O does) - it's a bit
less convenient in some cases, but it felt like a bad idea to allow the
output filename to be under control of the remote host (though I was
more thinking of the situation where someone might run it from their
home directory...

ftp(1) can be made execute arbitrary commands by malicious webserver Alistair Crooks (Oct 28)
Hi,

Despite being old, tnftp(1) is quite widely used, hence this request.

Could we get a CVE issued for this one, please?

Sorry about the lack of warning, I wasn't aware of the issue before
the fixes were committed to the repo.

FreeBSD and Dragonfly have been informed, as has Apple, and I have
received a boilerplate reply from Apple. The issue is present in
10.10 (Yosemite).

Thanks,
Alistair
---
Security Officer, NetBSD

Just a quick...

[OSSA 2014-038] Nova network DoS through API filtering (CVE-2014-3708) Tristan Cacqueray (Oct 28)
OpenStack Security Advisory: 2014-038
CVE: CVE-2014-3708
Date: October 28, 2014
Title: Nova network DoS through API filtering
Reporter: Mohammed Naser (Vexxhost)
Products: Nova
Versions: up to 2014.1.3, and 2014.2

Description:
Mohammed Naser from Vexxhost reported a vulnerability in Nova API
filters. By listing active servers using an ip filter, an authenticated
user may overload nova-network or neutron-server process, resulting in a
denial of...

Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Alexander Cherepanov (Oct 28)
Then perhaps just remove it? It always seemed to me a strange
restriction. Other guidelines are either technical in nature or they are
intended to reduce the amount of noise. This restriction seems to be
neither.

Of you can replace it with something like this:
- Please only send fully working exploits which themselves are open-source.

Re: Re: strings / libbfd crasher Alexander Cherepanov (Oct 28)
Michal, thanks for the analysis! And thanks, Hanno, for uploading them
to binutils bugtracker.

Secure Coding — The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.

Silver Bullet 102: Richard Danzig Gary McGraw (Sep 21)
hi sc-l,

The 102nd monthly episode of the Silver Bullet podcast features a conversation with Richard Danzig. Richard is a very
accomplished leader who served as Secretary of the Navy (among other powerful positions). He is currenty a member of
the Board of the Center for a New American Security. Richard is attempting in his recent work to bridge the gap
between technologists and Washington policy makers when it comes to cybersecurity....

IEEE Center for Secure Design [searchsecurity and silver bullet] Gary McGraw (Aug 27)
hi sc-l,

This evening in SF we are officially launching the IEEE Center for Seure Design with a small event including security
people and press. Jim DelGrosso and I will make a short presentation about the CSD during the launch.

I devoted both of my monthly pieces (Silver Bullet and SearchSecurity) to the CSD this month.

Please check out this article and pass it on:
http://bit.ly/CSD-SS <...

Silver Bullet Episode 100 (!!): Cigital's Principals Gary McGraw (Jul 23)
hi sc-l,

Thanks for listening to the Silver Bullet Security Podcast for the eight 1/3 years it has been produced. Each episode
has been downloaded over 10,787 times on average with over 1,067,948 downloads for the podcast as a whole. That's lots
of listening!

To celebrate our 100 months in a row landmark, we shot a live video version of Silver Bullet at the Cigital Tech Fair
this month. The episode features Cigital’s Principals,...

Ruxcon 2014 Final Call For Presentations cfp (Jul 15)
Ruxcon 2014 Call For Presentations
Melbourne, Australia, October 11th-12th
CQ Function Centre

http://www.ruxcon.org.au

The Ruxcon team is pleased to announce the Final Call For Presentations for Ruxcon 2014.

This year the conference will take place over the weekend of the 11th and 12th of October at the CQ Function Centre,
Melbourne, Australia.

The deadline for submissions is the 15th of September, 2014.

.[x]. About Ruxcon .[x].

Ruxcon is...

Re: [External] Re: SearchSecurity: Medical Devices and Software Security Gary McGraw (Jul 08)
hi sc-l,

FWIW, I wrote about mdeical device security first in 1998 in the book
³Software Fault Injection.² Our little article was merely meant as a
reminder and to let you all know that some medical device manufacturers
are actually doing analysis.

gem

Re: [External] Re: SearchSecurity: Medical Devices and Software Security Goertzel, Karen [USA] (Jul 07)
Another big frustration: No-one seems to be making any real headway into the problem of actually measuring loss
attributable to doing nothing - or, in other words, losses cradle to grave from operating insufficiently secure
systems. People try to measure "ROI" from security, which is a ridiculous concept because it involves trying to measure
a negative - i.e., this is how many times we DIDN'T lose $n - can't be done - or...

Re: [External] Re: SearchSecurity: Medical Devices and Software Security Jeffrey Walton (Jul 07)
https://en.wikipedia.org/wiki/Therac-25 FTW!

+1. Dr. Geer has already warned about it at
http://www.lawfareblog.com/2014/04/heartbleed-as-metaphor/. Can you
imagine the IoT, with medical devices and avionics packages, running
around with little to no testing and little more that the browser
security model. Clear the cache to erase the evidence!!!

This is a political problem rooted in software liability laws (or lack
thereof). Too many carrots,...

Re: SearchSecurity: Medical Devices and Software Security Jeremy Epstein (Jul 07)
Agree with you - there's nothing new in the article. I gave a talk a
couple years ago at a conference on biomedical engineering, and there was
one person in the room (out of a few hundred) who had heard of Therac-25.
(Which I assume is what you were referring to with 1985.)

If the article were instead published in a medical device or biomedical
engineering journal, that would be something different. But as you say,
putting it in on...

Re: [External] Re: SearchSecurity: Medical Devices and Software Security Goertzel, Karen [USA] (Jul 07)
Ever since I read an article about the challenges of remote laser surgery being done by doctors at the Naval Hospital
in Bethesda, MD, via satellite link on wounded soldiers in Iraq, I've been warning for years about the need to apply
software assurance principles to the development and testing - and SCRM to the acquisition - of medical devices and
their embedded software. I'm delighted to see someone with your influence start...

Re: SearchSecurity: Medical Devices and Software Security security curmudgeon (Jul 07)
: Chandu Ketkar and I wrote an article about medical device security based
: on a talk Chandu gave at Kevin Fu?s Archimedes conference in Ann Arbor.
: In the article, we discuss six categories of security defects that
: Cigital discovers again and again when analyzing medical devices for our
: customers. Have a look and pass it on:
:
: http://bit.ly/1pPH56p
:
: As always, your feedback is welcome.

Per your request, my feedback:

Why do...

Silver Bullet 99: Michael Hicks Gary McGraw (Jul 03)
hi sc-l,

Silver Bullet Security Podcast number 99 (99 months in a row!!) was just posted. This episode features a programming
languages smorgasbord with Michael Hicks, professor of CS and security at University of Maryland. We talk type safety,
closure, why C is bad, what makes dynamic languages like Javascript problematic, and so on. If you like programming
languages talk, you’ll dig this episode.

Have a listen:...

SearchSecurity: Medical Devices and Software Security Gary McGraw (Jul 03)
hi sc-l,

Chandu Ketkar and I wrote an article about medical device security based on a talk Chandu gave at Kevin Fu’s Archimedes
conference in Ann Arbor. In the article, we discuss six categories of security defects that Cigital discovers again
and again when analyzing medical devices for our customers. Have a look and pass it on:

http://bit.ly/1pPH56p

As always, your feedback is welcome.

gem

company www.cigital.com
podcast...

Educause Security Discussion — Securing networks and computers in an academic environment.

Re: Firewall Vendors Jason Cook (Oct 29)
+1 for Palo's. Closing in on 2 years with a pair of 5060's. Highly recommend them, they have been awesome.

They have some abilities to packet shape, but certainly do not have the same granularity you can achieve in a dedicated
box. This can probably be said for other features like web content filtering, however what functionality it does have
suits our current requirements so it's working very well for us.

Re: Firewall Vendors Rich Graves (Oct 29)
We got training units as part of our purchase 3 years ago. The class materials were an improvement over the
not-so-great documentation. CLI was not seriously covered.

They really don't have a CLI. They have an XPath API that you can use within an SSH session. "set cli
config-output-format set" will show you some things in a more IOS-style format, but it still doesn't make a lot of
sense to me. I use the GUI for...

Re: Firewall Vendors Jeremy Kurtz (Oct 29)
Curious if anyone has jumped on board with Cisco and their Sourcefire
acquisition - even more so if moving from PAN...

Re: Firewall Vendors Walter Petruska (Oct 29)
Pair of Palo Alto 5050s at edge replacing Cisco FWSMs. Running for 2+
years now.

More being built into a new core.

Re: Firewall Vendors Garmon, Joel (Oct 29)
We use palo alto and love them

Re: Firewall Vendors T. Shayne Ghere (Oct 29)
Hello,

We just moved from Cisco FWSM’s to two PA 5050 firewalls. We’re having
some issues with the GUI, which is what they recommend using, but we’re
used to the CLI. When you purchased them, did they offer any type of
training or offer training?

I’d appreciate any information you could provide.

Thanks!

Shayne

-----------------------------

*Bradley University*

T. Shayne Ghere, CCNP

Network Engineer

1501 W. Bradley Ave.

Morgan...

Re: Response to phishing e-mails Brandon Hume (Oct 29)
Why not both? We're talking about .edu... fundamentally, people are
supposed to be learning. As you said, there's a steady stream of users
coming in, and wacking them all in the head is both tiring and useless.
But by that same token, there's a steady stream of people leaving out
the other side, and you want them to be able to take care of themselves.

It's absolutely unfair to the user to punish them for a first...

Re: Firewall Vendors Manuel Amaral (Oct 29)
+1 for Palo Alto. We've been using their 5020's and are very happy with them. Threat protection and the free
wildfire feature works great. We're also using Procera units for bandwidth management and haven't considered
eliminating them, at least not yet anyway. HTH.

Regards,
Manny
-----------------------
Manny Amaral
Associate Director of Information Technology
(781) 292-2433

[cid:image001.png@01CFF3A8.1F5149B0]...

Re: Firewall Vendors King, Ronald A. (Oct 29)
Palo Alto Networks. We have had a pair of their next generation PA 5050s
and have been very happy with them.

Got a Phish (email)? Forward it to abuse () nsu edu <mailto:abuse () nsu edu> !

Ronald King, CISSP

Interim CISO & Technical Services Director

Norfolk State University

http://security.nsu.edu <http://security.nsu.edu/>

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU]...

Firewall Vendors Kubb, Richard (Oct 29)
Greetings,

At Maryville we currently use a Sonicwall firewall that is rapidly reaching end of life and are starting to explore
alternative vendors. Curious which vendors and models others are using for your firewall solution. We also use
Packetshaper as part of our solution and we would consider a single firewall device and eliminate the use of
Packetshaper if we can find the right solution.

Regards,

Rick.

Rick Kubb
Director of...

Re: Response to phishing e-mails Nick Semenkovich (Oct 29)
The larger issue is whether to treat security as a problem with your
users, or a problem with what you've set up for them.

When it's treated as a problem with your users, it's a never ending
stream of new students & staff, one-off punishments, etc. -- and it's
too easy to put the problem on others.

For the users who get phished, the question shouldn't be "How can we
make our users better?" but instead --...

Re: Awareness/Compliance Tracking Software DiGrazia, Mick A (Oct 29)
I’ve used Securing The Human, a SANS product. It’s a good product and the hosted solution allows you to do some fairly
good tracking, reporting, reminders, etc.

http://www.securingthehuman.org/

Mick A. DiGrazia

University of Connecticut

Information Technology Services

(860) 486-1336

mick.digrazia () uconn edu<mailto:mick.digrazia () uconn edu>

From: Erik Decker <Erik.Decker () UCHOSPITALS EDU<mailto:Erik.Decker ()...

Re: Response to phishing e-mails Brandon Hume (Oct 29)
I've seen spam archived in the various on-line mailing lists. It does
exist. Whether or not Google shows it is a numbers game. And what the
employer concludes based on it isn't my problem... most likely they'll
believe the user when they say "that wasn't me!", but the rest of the
explanation can (should) make the employer think that the user is either
careless or gullible.

Most of the time the account is a...

Re: Awareness/Compliance Tracking Software Erik Decker (Oct 29)
Hi Jim - it's not open source, but we used a hosted provider at Columbia. That was "RocketReady", which I think
changed their name to "Sight Training". It was pretty darn cheap comparatively, for the 30k users.

Interesting, these just changed their name again... now they are Stridepoint. Funny.

http://www.stridepoint.com/training

Happy to answer any questions you might have on it.

Erik Decker
Chief Information...

Awareness/Compliance Tracking Software Pardonek, Jim (Oct 29)
When I was at a different university (think Boilermakers) we had a web based application called webcert that housed
their compliance "training" (HIPAA, FERPA, PCI, etc.) and keep track of who completed the training, presented them with
a certificate and sent a reminder 30 days before your cert expired. I am looking for a similar solution to deploy here
for our needs as well. Does anyone know of any open source packages that might...

Internet Issues and Infrastructure

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

Re: Industry standard bandwidth guarantee? Rafael Possamai (Oct 30)
I'd say if there's a strong financial reasoning (or greed some times)
behind a complaint, it will be brought up, otherwise shouldn't it be all
based on civil talks and agreements anyway?

RE: Industry standard bandwidth guarantee? keith tokash (Oct 29)
I'm sorry I should have been more specific. I'm referring to the *percentage* of a circuit's bandwidth. For example
if you order a 20Mb site to site circuit and iperf shows 17Mb. Well ... that's 15% off, which sounds hefty, but I'm
not sure what's realistic to expect.

And beyond expectations, I'm wondering if there's a threshold that industry movers/shakers generally yell at their
vendor for going...

Re: Industry standard bandwidth guarantee? Valdis . Kletnieks (Oct 29)
On Wed, 29 Oct 2014 15:24:46 -0700, keith tokash said:

How are you going to come up with a standard that covers both the uplink from
Billy-Bob's Bait, Fish, Tackle, and Wifi, where a fractional gigabit may be
plenty, and the size pipes that got clogged in the recent Netflix network
neutrality kerfluffle?

And where your PoPs are (and how many) matters as well - if you have a peering
agreement with another carrier, and you exchange...

Re: Seeking VPS providers for low volume network probe Jim Popovitch (Oct 29)
+1 for RamNode (AS3842). I have several VPS'es from them, very very
stable, awesome Support. Other nods go to OneAsiaHost (AS24482) in
Singapore, and RansomIT (AS45177) down under. All three of those
providers fundamentally understand BGP/peering.

As for Africa... I use the RamNode Netherlands to provide coverage to
Africa. I spent the past year and half trolling the African VPS
marketplace, and while there are excellent providers, the...

Industry standard bandwidth guarantee? keith tokash (Oct 29)
Hi *, sorry if this has been answered, I did look.

Is there an industry standard regarding how much bandwidth an inter-carrier circuit should guarantee? Specifically I'm
thinking of a sub-interface on a shared physical interface. I've not thought much about it but if there's a more
generally-accepted guideline than, "when the customers start leaving / when you leave," I'm at least 5% ears.

Thanks,
Keith...

Re: .mil postmaster Contacts? Mark Andrews (Oct 29)
Well the servers for DISA.MIL are not EDNS compliant, they drop
EDNS version 1 queries and unless you are running a experimental
nameserver which expects EDNS version negotiation to work it shouldn't
be causing you issues yet. Otherwise the lookups of the MX records
succeed.

There is no good reason to block EDNS version 1 queries. All it
does is break EDNS version negotiation.

Mark

In message <20141029150034.GA25731 () esri com>,...

Re: Seeking VPS providers for low volume network probe Josh Luthman (Oct 29)
Ramnode is like $24 a year. They have a Netherlands cluster. I'm running
CentOS6 and get both IPv4 and v6. They use OpenVZ for the really cheap
stuff so depending on what you're doing you may run into issues.

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

Seeking VPS providers for low volume network probe Eric Germann (Oct 29)

Greetings,

I'm looking for recommendations on a reliable VPS Provider(s) who can
provide

1. Centos 6
2. IPv4 and IPv6 (preferably)

physically in the regions of African Continent, Eastern Europe/Russia,
Middle East, South America and Canada.

I've already deployed some globally with Vultr and Amazon (Brazil
region).

Basically doing a low volume test point probe (512MB-1GB RAM, < 20GB
disk) for latency measurements. Would...

Re: NIST NTP Server List Doug Barton (Oct 29)
Other way around.

Re: NIST NTP Server List Brian Christopher Raaen (Oct 29)
I disabled IPv6 on my machine and was able to pull it up, reenable IPv6 and
I start getting 404's.

Re: NIST NTP Server List Christopher Morrow (Oct 29)
I meant that it seems that v4 is broken, but v6 is not.
so sure, it's a server thing, but he's seeing different results maybe
as a side effect of eyeballs.

Re: NIST NTP Server List Doug Barton (Oct 29)
Happy Eyeballs has nothing to do with it. This is a server
misconfiguration plain and simple.

Doug

Re: NIST NTP Server List Christopher Morrow (Oct 29)
"happy eyeballs"

Re: NIST NTP Server List Doug Barton (Oct 29)
Also getting a 404 over IPv6. You can verify what transport we're using
in Firefox using the SixorNot plugin.

hth,

Doug

Re: NIST NTP Server List Brian Christopher Raaen (Oct 29)
That is interesting as the computer I am using is on dual-stack, and I am
probably using IPv6 to reach it.

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

Risks Digest 28.31 RISKS List Owner (Oct 24)
RISKS-LIST: Risks-Forum Digest Friday 24 October 2014 Volume 28 : Issue 31

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.31.html>
The current issue can be...

Risks Digest 28.30 RISKS List Owner (Oct 23)
RISKS-LIST: Risks-Forum Digest Thursday 23 October 2014 Volume 28 : Issue 30

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.30.html>
The current issue can be...

Risks Digest 28.29 RISKS List Owner (Oct 09)
RISKS-LIST: Risks-Forum Digest Thursday 9 October 2014 Volume 28 : Issue 29

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.29.html>
The current issue can be...

Risks Digest 28.28 RISKS List Owner (Sep 30)
RISKS-LIST: Risks-Forum Digest Tuesday 30 September 2014 Volume 28 : Issue 28

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.28.html>
The current issue can...

Risks Digest 28.27 RISKS List Owner (Sep 15)
RISKS-LIST: Risks-Forum Digest Monday 15 September 2014 Volume 28 : Issue 27

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.27.html>
The current issue can...

Risks Digest 28.26 RISKS List Owner (Sep 11)
RISKS-LIST: Risks-Forum Digest Thursday 11 September 2014 Volume 28 : Issue 26

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.26.html>
The current issue can...

Risks Digest 28.25 RISKS List Owner (Sep 09)
RISKS-LIST: Risks-Forum Digest Tuesday 9 September 2014 Volume 28 : Issue 25

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.25.html>
The current issue can...

Risks Digest 28.24 RISKS List Owner (Sep 04)
RISKS-LIST: Risks-Forum Digest Weds 4 September 2014 Volume 28 : Issue 24

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.24.html>
The current issue can be...

Risks Digest 28.23 RISKS List Owner (Aug 28)
RISKS-LIST: Risks-Forum Digest Thursday 28 August 2014 Volume 28 : Issue 23

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.23.html>
The current issue can be...

Risks Digest 28.22 RISKS List Owner (Aug 27)
RISKS-LIST: Risks-Forum Digest Wednesday 27 August 2014 Volume 28 : Issue 22

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.22.html>
The current issue can...

Risks Digest 28.21 RISKS List Owner (Aug 26)
RISKS-LIST: Risks-Forum Digest Tuesday 26 August 2014 Volume 28 : Issue 21

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.21.html>
The current issue can be...

Risks Digest 28.20 RISKS List Owner (Aug 24)
RISKS-LIST: Risks-Forum Digest Sunday 24 August 2014 Volume 28 : Issue 20

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.20.html>
The current issue can be...

Risks Digest 28.19 RISKS List Owner (Aug 21)
RISKS-LIST: Risks-Forum Digest Thursday 21 August 2014 Volume 28 : Issue 19

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.19.html>
The current issue can be...

Risks Digest 28.18 RISKS List Owner (Aug 18)
RISKS-LIST: Risks-Forum Digest Monday 18 August 2014 Volume 28 : Issue 18

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.18.html>
The current issue can be...

Risks Digest 28.17 RISKS List Owner (Aug 14)
RISKS-LIST: Risks-Forum Digest Thursday 14 August 2014 Volume 28 : Issue 17

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/28.17.html>
The current issue can be...

Data Loss — Data Loss covers large-scale personal data loss and theft incidents. This archive combines the main list (news releases) and the discussion list.

Open Source Tool Development

Metasploit — Development discussion for Metasploit, the premier open source remote exploitation tool

Re: Is there a users mailing list? Tod Beardsley (Oct 20)
These days, people use the forums at http://community.rapid7.com for user talk. Or #metasploit on Freenode IRC.

Is there a users mailing list? Jon Molesa (Oct 20)
This was the only one google returned. I noticed this is the developers
list.

Re: help Jon Molesa (Oct 20)
Sorry about this. I was trying to hurry the mail server to try a resend
after subscription. It was meant to bump my grey listing.

I was attempting to interact with the mailman server as seen here
http://www.list.org/mailman-member/node41.html.

I'm fine otherwise. :-P

Re: help Tod Beardsley (Oct 20)
If this is an emergency, dial 911 (or your country's emergency services number).

Re: How-to update host information HD Moore (Oct 20)
Hi Jon,

You can edit a host via psql or just the irb console in Metasploit. For example, just do: msf> irb

From this prompt, you can do:

irb> host = Mdm::Host.where(address: '1.1.1.1'); host.hostname = 'BugServer'; host.save!

Keep in mind we normally split up things by workspace, so if you have multiple projects/workspaces:

irb> host = framework.workspace.hosts.where(address: '1.1.1.1')

Hope this...

How-to update host information Jon Molesa (Oct 20)
Hello,

I'm new here. Could someone please tell me how I can update information
for a host? I haven't tried importing it via a csv, but right now I just
want to know if it is possible to do in msfconsole.

I have a hostname for an IP address that I have previously imported. I
would like to update the record for that IP to include the hostname.

hosts -h doesn't reveal support for updating a host record.

Lastly, if the answer is to...

help Jon Molesa (Oct 20)
help

Re: ERROR: invalid input when using new Credential API Pedro Ribeiro (Oct 08)
If I try to attack a domain and set RHOST to a hostname, I get the same error:

[-] Auxiliary failed: ActiveRecord::StatementInvalid
PG::InvalidTextRepresentation: ERROR: invalid input syntax for type
inet: "domain.com"

(domain.com was actually a valid and reachable domain)

I understand that the credential API is new, but this is very clearly a bug.

Regards,
Pedro

Re: ERROR: invalid input when using new Credential API Pedro Ribeiro (Oct 03)
Isn't that too limiting? What if you are collecting the creds for a host
which is inside a private network, but you can only see the externally
facing host?

Or in other words, what would you do in this case? The host name might be
the same as the rhost, but not on all cases and we can't know that from the
exploit.

Regards
Pedro

reported credential with an address field needs to have an associated IP
(or the hostname must resolve).

a...

Re: ERROR: invalid input when using new Credential API HD Moore (Oct 03)
The database is keyed off IP addresses, so you are correct in that any reported credential with an address field needs
to have an associated IP (or the hostname must resolve).

-HD

ERROR: invalid input when using new Credential API Pedro Ribeiro (Oct 02)
Hi,

I'm building an aux module that gets the SQL database credentials from
a target. These credentials are provided in the form
hostname-username-password. I'm using the new Credential API and doing
the following:

service_data = {
address: loot[database_server_name].split('\\')[0],
# port is 0 because we can't get it from the packet_reply
port: 0,
service_name: loot[database_type],...

g.kassaras () googlemail com has indicated you're a friend. Accept? g . kassaras (Sep 27)
Hi,

g.kassaras () googlemail com wants to follow you.

****** Is g.kassaras () googlemail com you friend? ******
If Yes please follow the link below:
http://invites.flipmailer.com/signup_e.html?fullname=&email=framework () spool metasploit
com&invitername=g.kassaras () googlemail
com&inviterid=31175062&userid=0&token=0&emailmasterid=db05a8fc-3a7b-4f3d-827d-842eb601aa28&from=g.kassaras
()...

Re: vim syntax highlighting for rc files Tod Beardsley (Sep 07)
We don't do this because it's easy, we do it because it's hard. :)

Re: vim syntax highlighting for rc files Robin Wood (Sep 07)
Wouldn't have thought it was easy but not being easy doesn't normally stop
people.

Robin

Re: vim syntax highlighting for rc files Tod Beardsley (Sep 07)
They're nearly always a mix of console commands and chunks of ruby. Sometimes they have bash/OS commands, too. So,
you're looking at two and maybe three intermixed styles. Not trivial?

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

Re: About window scale option Jeff Morriss (Oct 29)
Well remember that on a given TCP connection there are 2 window sizes:
that of the client and that of the server.

In this trace the client supports scaling but the server does not.
Wireshark (at least the development version I just tried) correctly
applied scaling to the client's window but not to the server's window:

Re: TCP: Retrieving connection initiator as well as looping through connections Matt (Oct 29)
It apparently works now, sorry for the noise.

2014-10-29 12:23 GMT+01:00 Matt <mattator () gmail com>:

Re: TCP: Retrieving connection initiator as well as looping through connections Matt (Oct 29)
For posterity, here is how I've done it:
conv = (conversation_t*)g_hash_table_find(
get_conversation_hashtable_exact(), check_mptcp_token, (gpointer)&token);

I am now looking for a way to debug. printf seems the way(and not
g_log/Q_INFO ?) to go but I need to display the con sole to see the
messages and I 've been unable to find a way to do so with the Qt version.
I've set gui.console.open to ALWAYS in .wireshark/preferences...

Re: ctype.h calls Jeff Morriss (Oct 29)
Good point: we prohibited strncasecmp() years ago so there's no need for
it to exist any more.

https://code.wireshark.org/review/4980

About window scale option 徐鸿 (Oct 28)
Hi ,

If the server does not support 'Window Scale' option, even the client
send one packet with WS=256, I thought the real window size should be
consider small than 64K. But I can see the 'Calculated window size' is
larger that 64K on Wireshark1.12.1, is there something wrong ? the trace
file is attached.

Re: ctype.h calls Guy Harris (Oct 28)
The remaining calls in Wireshark proper (I'm leaving the build tools out, at least for now), at least based on what
files are still including ctype.h, are:

in the H.245 dissector, a call to isascii() used to decide whether to display something as text or hex;

in the S1AP dissector, a call to isalpha(), which is in a loop that is being used to check whether something
should be displayed as a text string;

in...

Re: ctype.h calls Ed Beroset (Oct 28)
Jeff Morriss wrote:

One of the calls in <ctype.h> is tolower() which is used in wsutil/strncasecmp.c. Could we simply remove that entire
file and use g_ascii_strncasecmp() instead?

Ed

ctype.h calls Jeff Morriss (Oct 28)
Just catching up on 3 weeks of traffic on the the -commits list...

Is there any reason the remaining ctype.h calls in master shouldn't be
removed [and the functions put on the prohibited list in checkAPIs.pl]?

Buildbot builders down Gerald Combs (Oct 28)
Most of the Buildbot builders are down due to a cooling unit failure.
I'll power them back up once it's repaired.

Re: TCP: Retrieving connection initiator as well as looping through connections Matt (Oct 28)
dfilter("tcp") ) but it looks slow. I would rather search through created
TCP conversations. My problem is that conversations look saved into
different hashtables such as "GHashTable* conversation_hashtable_exact". To
compare my token with a key against all TCP connections, I believe I should
compare it over the conversations in the 4 hashtables. Is that correct ?

2014-10-28 9:58 GMT+01:00 Matt <mattator () gmail com>:

Re: Translation tools Michal Labedzki (Oct 28)
Hello,

FYI, I am working on improvements on translation feature in Qt Ui. If
you see some untranslated texts that you already translated, it will
be fixed next/this week.

Re: Translation tools Jasper Bongertz (Oct 28)
Hi all,

FYI, for the fun of it I started working on the German translation for
the QT UI. Just in case someone else gets the same idea.

Cheers,
Jasper

Re: TCP: Retrieving connection initiator as well as looping through connections Matt (Oct 28)
This is one of the problems (and advantages) of these multipath
protocols, it's easier to evade data capture.
Especially for MPTCP, you have to get all SYN/ACKs to be able to map a
subflow to an MPTCP
connection, otherwise you can't tell anything (MPTCP exchanges
keys/nonces to authenticate a subflow during the3WHS).
I wished to propose expert info in case of packet retransmission (such
as detecting wrong keys) but it's not...

Re: TCP: Retrieving connection initiator as well as looping through connections Guy Harris (Oct 27)
Well, you're not guaranteed to be able to do it by having the TCP dissector look for the initial SYN, as that's not
guaranteed to be in the capture. That would work *if* the capture includes the initial SYN, but not all captures do so.

If, for a connection, you're willing to have it indicate either:

XXX.XXX.XXX.XXX initiated the connection;

YYY.YYY.YYY.YYY initiated the connection;

we don't know...

TCP: Retrieving connection initiator as well as looping through connections Matt (Oct 27)
Hi,

I am trying to improve the MPTCP support in the TCP dissector. To
provide expert infos, I need to identify which host initiated the
connection (ie sent the SYN). I wonder how to do that, I could use
tcp_analysis::server_port if ports were guaranted to be different on
both sides.

Secondly, I am trying to setup an MPTCP *stream* identifier , similar
to tcp stream. Indeed a single MPTCP connection can be composed of
several TCP connections....

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

Re: Shellshock Signatures Ron Haines (Oct 29)
Sorry for reposting, but it appears that my text was missing when I checked on the Snort user archives. Not exactly
sure what the problem was, but trying again with plain text and no signature...

I have been seeing multiple alerts on 1:31977:3 when people visit the Newegg website. This is a community rule and I'm
thinking this is a false positive. I have found several instances in the websites code where they use a lot of function
calls...

Re: Errors initializing Snort with netmap support C. L. Martinez (Oct 29)
Any ideas about this??

------------------------------------------------------------------------------

Re: Debug errors with Openappid and Snort 2.9.7.0 Joel Esler (jesler) (Oct 29)
CC’ing the OpenAppId list.

Debug errors with Openappid and Snort 2.9.7.0 C. L. Martinez (Oct 29)
Hi all,

I have enabled appid preprocessor in a test host (FreeBSD 10, Snort
2.9.7.0) and it seems is working correct, but I see a lot of debug
errors like these:

Oct 29 11:58:22 plzfnsm01 snort[1403]: client
/data/config/etc/idpsnort/common/appid/odp/lua/client_tds.lua: error
validating [string ""]:151: attempt to call global
'getShortHostFormat' (a nil value)
Oct 29 11:58:22 plzfnsm01 snort[1403]: client...

Errors initializing Snort with netmap support C. L. Martinez (Oct 29)
Hi all,

Starting Snort with netmap support in DAQ, returns me the following error:

FATAL ERROR: Can't start DAQ (-1) - start_instance: Netmap
registration for em0 failed: Invalid argument (22)!

DAQ conf:

config daq: netmap
config daq_dir: /opt/daq/lib/daq
config daq_mode: passive
#config daq_var:

Snort startup command is: "snort -D -q -c /etc/snort/snort.conf -i em0"

Do I need to setup something else?? Snort is 2.9.7.0 under...

[Snort]Linux system non-accessible after sometime hitesh menghani (Oct 29)
Hi,

Problem-
Linux system become inaccessible after sometime(2-3 hrs) and has to be
restarted back, when traffic is passed through it.

Below are my linux system details:
1. Kernel version: 2.6.33.3-85
1. Installed snort(2.9.7.0 rc + openaappid version 220) for application
detection.
2. Queuing traffic to both snort through iptables.

Kernel logs obtained on console confirms that issue is with
snort-2.9.7.0-rc, by using pid shown.

Please find...

Snort string matching whitelist possible ? bancfc (Oct 28)
Can snort do string matching where the packet payload MUST match a
certain whitelisted text string and only that?

I want to make sure that nothing malicious is sneaked into the rest of
the packet besides the allowed data.

------------------------------------------------------------------------------

Re: APT28 Snort Signatures Joel Esler (jesler) (Oct 28)
Thanks Tony, we’ll get these into the system

Sourcefire VRT Certified Snort Rules Update 2014-10-28 Research (Oct 28)
Sourcefire VRT Certified Snort Rules Update

Synopsis:
This SRU release adds and modifies rules in several categories.

Details:
This release contains an SRU only, there is no corresponding SEU today.

The VRT has added and modified multiple rules in the browser-chrome,
malware-cnc, server-other and sql rule sets to provide coverage for
emerging threats from these technologies.

For a complete list of new and modified rules please see:...

Re: Developing a TCP/IP connections statistics plugin Phuong Cao (Oct 28)
Hi Carter,

I plan to define my statistics to _SessionControlBlock
(session_common.h) and update the statistics whenever I see a new TCP
packet in ProcessTCPStream function (snort_stream_tcp.c). This would
result in a patch definitely.

What would you suggest to add the statistics as a dynamic plugin?

Your pointers are very helpful. Thanks.
- PC

------------------------------------------------------------------------------

Re: Snort-users Digest, Vol 101, Issue 41 Alex McDonnell (Oct 28)
Hi Ron,

We have observed alerts on newegg's site for our shellshock rules. It
seems that there is some sort of performance tracking that is injecting the
pattern that rule looks for into the URI. At this point, if it is only a
aleatory alert on newegg's site we will not be changing the rule, as it has
yielded nothing but true positives thus far. Any pcap you have and want to
forward along would also be helpful.

Alex McDonnell
TALOS...

Re: Poodle Signatures Joel Esler (jesler) (Oct 28)
All versions currently shipping have coverage for this vulnerability.

Re: Developing a TCP/IP connections statistics plugin Carter Waxman (cwaxman) (Oct 28)
Hi Phuong,

We actually collect statistics on TCP as well. This is all functionality
handled by the perfmon preprocessor, and you may want to look into going
that route. Have a look at perf-base.{c,h}, as this is where we store and
manipulate such things. Also, look into the way we track streams in
snort_stream_tcp.c. You will find some of the connection accounting you
are looking for handled by this component.

Let us know if there is any thing...

APT28 Snort Signatures Tony Robinson (Oct 28)
Howdy Howdy. I'm sure many of you are aware of the recent news with APT28.
If not, have a look:
http://www.fireeye.com/resources/pdfs/apt28.pdf
https://github.com/fireeye/iocs/tree/master/APT28

I have developed and tested signatures based off the PDF report and the
IOCs provided by Fire Eye. Here is what I have:

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC
CORESHELL POST request";...

Poodle Signatures Leo Miao (Oct 28)
Does the latest rule
(snortrules-snapshot-2970.tar.gz<https://www.snort.org/downloads/registered/snortrules-snapshot-2970.tar.gz>) include
the fix for Poodle vulnerability?
------------------------------------------------------------------------------

More Lists

Related Resources

We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.