SecLists.Org Security Mailing List Archive

Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:

Insecure.Org Lists

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

New VA Modules: OpenVAS: 12, Nessus: 30 New VA Module Alert Service (May 25)
This report describes any new scripts/modules/exploits added to Nmap,
OpenVAS, Metasploit, and Nessus since yesterday.

== OpenVAS plugins (12) ==

r16460 803700 2013/gb_dlink_dsl_router_mult_auth_bypass_vuln.nasl
http://wald.intevation.org/scm/viewvc.php/trunk/openvas-plugins/scripts/2013/gb_dlink_dsl_router_mult_auth_bypass_vuln.nasl?root=openvas&view=markup
D-Link Dsl Router Multiple Authentication Bypass Vulnerabilities

r16460 803701...

Query related to Proposal submitted Yash Saxena (May 24)
I have submitted my proposal named *A Stop on piracy [
http://www.google-melange.com/gsoc/proposal/review/google/gsoc2013/yash_92/1
]* to *Nmap Security Scanner* as my mentor organisation at earliest as the
submission begin for the proposal at Google Summer of Code 2013. But the
mentor organisation didn't contacted me regarding my proposal till now.
Does this is a sign of rejection of my proposal.

With Warm regards
YASH SAXENA

Posted on...

New VA Modules: OpenVAS: 4, Nessus: 12 New VA Module Alert Service (May 24)
This report describes any new scripts/modules/exploits added to Nmap,
OpenVAS, Metasploit, and Nessus since yesterday.

== OpenVAS plugins (4) ==

r16437 2013/gb_pcoweb_default_root_password.nasl
http://wald.intevation.org/scm/viewvc.php/trunk/openvas-plugins/scripts/2013/gb_pcoweb_default_root_password.nasl?root=openvas&view=markup
CAREL pCOWeb Default root Password

r16437 2013/gb_multiple_dvr_dir_traversal_05_2013.nasl...

[NSE] SSL certificate chain and verification Patrik Karlsson (May 24)
Hi,

The attached patch is an attempt to add the SSL certificate chain and a
potential warning generated upon cert verification to the cert NSE table.
It also updates the ssl-cert script to output the chain and any warning
received. Running against a server with a self-signed cert should now
generate a warning, while running against a site signed by a trusted CA
should not.

In the event you find that this works, is useful and want it committed I...

New VA Modules: OpenVAS: 2, Nessus: 18 New VA Module Alert Service (May 23)
This report describes any new scripts/modules/exploits added to Nmap,
OpenVAS, Metasploit, and Nessus since yesterday.

== OpenVAS plugins (2) ==

r16419 2013/gb_nginx_http_parse_bof_vuln.nasl
http://wald.intevation.org/scm/viewvc.php/trunk/openvas-plugins/scripts/2013/gb_nginx_http_parse_bof_vuln.nasl?root=openvas&view=markup
Nginx Chunked Transfer Encoding Stack Based Buffer Overflow
Vulnerability

r16419...

Re: New VA Modules: Nessus: 13 Edson Ticona (May 23)
El 14/05/2013 04:57, "New VA Module Alert Service" <postmaster () insecure org>
escribió:

Re: [NSE] IKE information extraction Jesper Kückelhahn (May 22)
Hi Patrik,

I guess I missed your point about using a mutex; I initially didn't think
about implementing it in the ike lib, which makes more sense. I've attached
a patch against SVN that includes mutex. Thanks again for the pointer.

I've also attached an updated ike-info.nse that extracts more information,
specifically the use of aggressive mode authentification and pre-shared
keys (CVE-2002-1623).

- Jesper

New VA Modules: OpenVAS: 29, Nessus: 7 New VA Module Alert Service (May 22)
This report describes any new scripts/modules/exploits added to Nmap,
OpenVAS, Metasploit, and Nessus since yesterday.

== OpenVAS plugins (29) ==

r16404 865620 2013/gb_fedora_2013_7128_tinc_fc17.nasl
http://wald.intevation.org/scm/viewvc.php/trunk/openvas-plugins/scripts/2013/gb_fedora_2013_7128_tinc_fc17.nasl?root=openvas&view=markup
Fedora Update for tinc FEDORA-2013-7128

r16404 870997 2013/gb_RHSA-2013_0827-01_openswan.nasl...

Re: [NSE] IKE information extraction Jesper Kückelhahn (May 21)
Hi Patrik,

I've looked a bit more into to this, and using a mutex scheme, requires that the two scripts (version detection and
information extraction) sets the mutex. This would solve the problem of both these scripts trying to bind to UDP 500,
but would require other scripts binding to this port to also use this mutex, which could lead to transparency issues.

Would it make more sense to extend the 'bind' method of new_socket,...

New VA Modules: Nessus: 14 New VA Module Alert Service (May 21)
This report describes any new scripts/modules/exploits added to Nmap,
OpenVAS, Metasploit, and Nessus since yesterday.

== Nessus plugins (14) ==

66520 opera_check_adobe_reader_enabled.nasl
http://nessus.org/plugins/index.php?view=single&id=66520
Adobe Reader Enabled in Browser (Opera)

66519 firefox_check_adobe_reader_enabled.nasl
http://nessus.org/plugins/index.php?view=single&id=66519
Adobe Reader Enabled in Browser (Mozilla Firefox)...

Re: [NSE] IKE information extraction Jesper Kückelhahn (May 21)
Hi Patrik,

Thanks for the pointer. I'll look into using this for for the script.

- Jesper

Re: [NSE] IKE information extraction Jesper Kückelhahn (May 21)
Hi Anne,

Thank you for your interest in testing the script. Unfortunately I don't
have any systems available for testing purposes, but if you find any I'd be
very interested in any feedback.

- Jesper

Re: nmaprc.lua? Fyodor (May 21)
Good point! I added this to the list of nmaprc ideas at
https://svn.nmap.org/nmap/todo/nmap.txt

Cheers,
Fyodor

Re: [NSE] IKE information extraction Patrik Karlsson (May 21)
Jesper,

I don't think there is a way to tell if the port is in use or not but if
you want to avoid that the scripts run at the same time you could use a
mutex. There some more information here;
http://nmap.org/book/nse-parallelism.html

/Patrik

On Mon, May 20, 2013 at 6:38 PM, Jesper Kückelhahn <dev.kyckel () gmail com>wrote:

Nmap IPC facilities? Jacek Wielemborek (May 20)
Hi,

I recently had an idea and I thought it'd be nice to get some feedback
from you guys. On the #nmap IRC channel I was discussing introducing
better facilities to interact with Nmap scanning processes. At first,
I was thinking of ways to add more interactivity to the program, like
a keystroke to pause the current task or skip one of hosts.

I found out that there used to be "interactive mode" in Nmap, removed
by David in 2010...

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.

Nmap Project Seeking Talented Programmers for Google Summer of Code Fyodor (Apr 26)
Hi Folks. I'm happy to announce that the Nmap Project has again been
accepted into the Google Summer of Code program. This innovative and
extraordinarily generous program provides $5,000 stipends to college and
graduate students who spend the summer improving Nmap! They gain valuable
experience, get paid, strengthen their résumés, and write code for millions
of users.

Previous SoC students helped create the Nmap Scripting Engine, Zenmap...

Nmap 6.25 holiday season release! 85 new scripts, better performance, Windows 8 enhancements, and more Fyodor (Nov 30)
Hi folks. It has been more than five months since the Nmap 6.01
release, and I'm pleased to announce a new version for you to enjoy
during the holidays! Nmap 6.25 contains hundreds of improvements,
including 85 new NSE scripts, nearly 1,000 new OS and service
detection fingerprints, performance enhancements such as the new
kqueue and poll I/O engines, better IPv6 traceroute support, Windows 8
improvements, and much more! It also includes...

Nmap 6.01 Released Fyodor (Jun 22)
Hi folks! I'm happy to report that the Nmap 6.00 release
(http://nmap.org/6 ) last month was a huge success, with hundreds of
thousands of downloads and a bunch of positive articles and reviews.
But any release this big is going to uncover a few issues, so we've
released Nmap 6.01 to address them. This should also appease the more
conservative users who always wait for the first patch update before
installing a major software release....

Nmap 6 Released! Fyodor (May 21)
Hi folks! After almost three years of work, 3,924 code commits, and
more than a dozen point releases since Nmap 5, I'm delighted to
announce the release of Nmap 6! It includes a more powerful Nmap
Scripting Engine, 289 new scripts, better web scanning, full IPv6
support, the Nping packet prober, faster scans, and much more!

For the top 6 improvements in Nmap 6, see the release notes:

http://nmap.org/6

Or you can go straight to the...

Last Chance to Apply for the Nmap/Google Summer of Code! Fyodor (Apr 04)
Hi Folks. I'm happy to announce that the Nmap Project has again been
accepted into the Google Summer of Code program. This innovative and
extraordinarily generous program provides $5,000 stipends to college
and graduate students who want to spend the summer improving Nmap!
They gain valuable experience, get paid, strengthen their résumé, and
write code for millions of users.

Previous SoC students helped create the Nmap Scripting Engine,...

Nmap 5.61TEST5 released with 43 new scripts, improved OS & version detection, and more! Fyodor (Mar 09)
Hi folks! We've been working hard for the last 2 months since
5.61TEST4, and I'm pleased to announce the results: Nmap 5.61TEST5.
This release has 43 new scripts, including new brute forcers for http
proxies, SOCKS proxies, Asterisk IAX2, Membase, MongoDB, Nessus
XMLRPC, Redis, the WinPcap remote capture daemon, the VMWare auth
daemon, and old-school rsync. Better check that your passwords are
strong! Some other fun scripts are...

Other Excellent Security Lists

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

[SECURITY] [DSA 2675-2] libxvmc regression update Thijs Kinkhorst (May 24)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2675-2 security () debian org
http://www.debian.org/security/ Thijs Kinkhorst
May 24, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libxvmc
Vulnerability : several
Problem type : remote...

[security bulletin] HPSBUX02881 SSRT101189 rev.1 - HP-UX Directory Server, Remote Disclosure of Information security-alert (May 24)
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03772083

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c03772083
Version: 1

HPSBUX02881 SSRT101189 rev.1 - HP-UX Directory Server, Remote Disclosure of
Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2013-05-23
Last...

[SECURITY] [DSA 2692-1] libxxf86vm security update Moritz Muehlenhoff (May 24)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2692-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libxxf86vm
Vulnerability : several
Problem type : remote...

[SECURITY] [DSA 2691-1] libxinerama security update Moritz Muehlenhoff (May 24)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2691-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libxinerama
Vulnerability : several
Problem type :...

[SECURITY] [DSA 2690-1] libxxf86dga security update Moritz Muehlenhoff (May 24)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2690-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libxxf86dga
Vulnerability : several
Problem type :...

[SECURITY] [DSA 2673-1] libdmx security update Moritz Muehlenhoff (May 24)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2673-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libdmx
Vulnerability : several
Problem type : remote...

[SECURITY] [DSA 2674-1] libxv security update Moritz Muehlenhoff (May 24)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2674-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libxv
Vulnerability : several
Problem type : remote...

[SECURITY] [DSA 2675-1] libxvmc security update Moritz Muehlenhoff (May 24)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2675-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libxvmc
Vulnerability : several
Problem type : remote...

[SECURITY] [DSA 2676-1] libxfixes security update Moritz Muehlenhoff (May 24)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2676-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libxfixes
Vulnerability : several
Problem type : remote...

[SECURITY] [DSA 2689-1] libxtst security update Moritz Muehlenhoff (May 24)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2689-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libxtst
Vulnerability : several
Problem type : remote...

[SECURITY] [DSA 2688-1] libxres security update Moritz Muehlenhoff (May 24)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2688-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libxres
Vulnerability : several
Problem type : remote...

[SECURITY] [DSA 2687-1] libfs security update Moritz Muehlenhoff (May 24)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2687-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libfs
Vulnerability : several
Problem type : remote...

[SECURITY] [DSA 2686-1] libxcb security update Moritz Muehlenhoff (May 24)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2686-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libxcb
Vulnerability : several
Problem type : remote...

[SECURITY] [DSA 2685-1] libxp security update Moritz Muehlenhoff (May 24)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2685-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libxp
Vulnerability : several
Problem type : remote...

[SECURITY] [DSA 2684-1] libxrandr security update Moritz Muehlenhoff (May 24)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2684-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libxrandr
Vulnerability : several
Problem type : remote...

Full Disclosure — A lightly moderated high-traffic forum for disclosure of security information. Fresh vulnerabilities sometimes hit this list many hours before they pass through the Bugtraq moderation queue. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. Unfortunately, most of the posts are worthless drivel, so finding the gems takes patience.

Multiple vulnerabilities in aCMS MustLive (May 25)
Hello list!

These are Cross-Site Scripting, Content Spoofing and Information Leakage
vulnerabilities in aCMS. This is commercial CMS. There are multiple
vulnerabilities in aCMS and it's the first part of them.

-------------------------
Affected products:
-------------------------

Vulnerable are aCMS 1.0 and previous versions.

-------------------------
Affected vendors:
-------------------------

Almacor
http://almacor.ru

----------...

Re: Sony PS3 Firmware v4.31 - Code Execution Vulnerability Julius Kivimäki (May 25)
I went and dug out my PS3 and tested this. Results: particularly crappy
HTML execution, useless. I don't know what world you live in, but calling
this a security vulnerability would be a wild exaggeration.

2013/5/21 Vulnerability Lab <research () vulnerability-lab com>

PayPal.com XSS Vulnerability Robert Kugler (May 25)
Hello all!

I'm Robert Kugler a 17 years old German student who's interested in
securing computer systems.

I would like to warn you that PayPal.com is vulnerable to a Cross-Site
Scripting vulnerability!
PayPal Inc. is running a bug bounty program for professional security
researchers.

https://www.paypal.com/us/webapps/mpp/security/reporting-security-issues

XSS vulnerabilities are in scope. So I tried to take part and sent my find
to...

[SECURITY] [DSA 2693-1] libx11 security update Raphael Geissert (May 25)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2693-1 security () debian org
http://www.debian.org/security/ Raphael Geissert
May 24, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libx11
Vulnerability : several
Problem type : remote...

[SECURITY] [DSA 2675-2] libxvmc regression update Thijs Kinkhorst (May 25)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2675-2 security () debian org
http://www.debian.org/security/ Thijs Kinkhorst
May 24, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libxvmc
Vulnerability : several
Problem type : remote...

Analysis of the Carna Botnet (Internet Census 2012) Parth Shukla (May 24)
Dear All,

I have made my presentation on the Carna Botnet freely available for view
and/or download: http://bit.ly/auscertcarna

This presentation is on the Compromised Devices of the Carna Botnet (also
known as Internet Census 2012). This analysis is done from data obtained
directly from the researcher. The data used is NOT publicly available for
download.

This was recently presented at the AusCERT Conference 2013. Info:...

Open challenge to Design the logo for Ground Zero Summit Ground Zero (May 24)
Hello All!
The GroundZero Summit(G0S) is an
international platform for Information Security professionals showcasing their
research, products and case studies to industry leaders, policy makers,
investigators and decision makers from various Government Department of India
and abroad.
G0S is a largest collaborative platform
in Asia founded together by leading Cyber Security thought leaders and
Government of India to address the Cyber Security...

Shakacon V Speaker Selections Shakacon (May 24)
Aloha from Hawaii:

The Shakacon CFP committee is pleased to announce the Shakacon V speaker
line up. Please join us June 27-28, 2013 in beautiful Honolulu, HI .

www.shakacon.org/speakers.html

Rahul Kashyap, Chief Security Architect, Head of Security Research -
Bromium
How Trustworthy are your Sand (de)fences?

Max Sobell, Senior Consultant - Intrepidus Group
Android 4.0: Ice Cream "Sudo Make Me a" Sandwich

Jason Shirk,...

Re: Sony PS3 Firmware v4.31 - Code Execution Vulnerability Gary Driggs (May 24)
A full reading of the original post reveals the following plain text
transmission:

"Successful exploitation of the vulnerability can result in persistent
but local system command executions, psn session hijacking, persistent
phishing attacks, external redirect out of the vulnerable module,
stable persistent save game preview listing context manipulation"

Show In Browser 0.0.3 Ruby Gem /tmp file injection vulnerability Larry W. Cashdollar (May 24)
TITLE: Show In Browser 0.0.3 Ruby Gem /tmp file injection vulnerability.

DATE: 5/15/2023

AUTHOR: Larry W. Cashdollar (@_larry0)

DOWNLOAD: https://rubygems.org/gems/show_in_browser

DESCRIPTION: Opens arbitrary text in your browser

VENDOR: Jonathan Leung

FIX: N/A

CVE: 2013-2105

DETAILS: The following code uses the temporary file "/tmp/browser.html" insecurely.

2 FILE_LOCATION = "/tmp/browser.html"

3 4 class <<...

little proof-of-concept for remote traffic statistics using the IP ID field Jann Horn (May 23)
Hello,
I built a small C helper for remotely generating traffic statistics using the
IP ID field. Well, hping3 does all the interesting stuff. This program will
just, every five minutes, send 20 SYN packets in intervals of 100ms to port 80
of the target machine, then sum up the ID differences and output a line with
the current unix time and the number of packets the remote machine seems to
have sent during the two seconds of measuring....

Question on SMBRelay through Meterpreter sd (May 23)
Hi guys,

Does anyone here have any experience with SMBRelay? Specifically running this module on a meterpreter session?

Imagine I run: run autoroute -s 10.1.13.0/24 and the IP of the meterpreter client is 10.1.13.26. If I set the SRVHOST
to listen on this address would that work?

I have tried this an received an error saying that port 445/139 are busy. But if I elevated to SYSTEM, closed these
ports and then ran SMBRelay. Would...

XSS and FPD vulnerabilities in I Love It New theme for WordPress MustLive (May 23)
Hello list!

These are Cross-Site Scripting and Full path disclosure vulnerabilities in I
Love It New theme for WordPress. This is commercial (premium) theme. Earlier
I've wrote about vulnerabilities in VideoJS
(http://seclists.org/fulldisclosure/2013/May/21) and in multiple web
applications.

-------------------------
Affected products:
-------------------------

All versions of I Love It New theme for WordPress. The theme contains...

[SECURITY] [DSA 2692-1] libxxf86vm security update Moritz Muehlenhoff (May 23)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2692-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libxxf86vm
Vulnerability : several
Problem type : remote...

[SECURITY] [DSA 2691-1] libxinerama security update Moritz Muehlenhoff (May 23)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2691-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
May 23, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libxinerama
Vulnerability : several
Problem type :...

Security Basics — A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.

Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.

RE: WASC Announcement: Static Analysis Technologies Evaluation Criteria Published Debasis Mohanty (May 19)
Good initiative! I feel one of the important element that is missing is the
"scoring mechanism". Based on what would you distinguish one product from
the other?

I created similar evaluation criteria nearly 7-8 years back for evaluating
SCA products using a QFD. That was the time I was introduced to 6-sigma and
thought a QFD is a best approach to have appropriate scoring for various
pilot parameters. However I never released it to the...

CONFidence - May, 28-29, Krakow, Poland - a conference adventure that never stops! Sławomir Jabs (May 19)
Everything has a story, everything evolves, adapts to changing circumstances
but does your IT Sec strategy evolve with the development of the digital
world?

Are you wiling to gamble on the security of you systems?

Join the upcoming CONFidence conference and meet both renown speakers and
specialists who deal with the IT security on a daily basis. People like,
you, who never stop asking questions and play with risks all the time...

We will...

[HITB-Announce] HITB Magazine Issue 010 Hafez Kamal (May 14)
Hi everyone,

A small reminder that article submissions for HITB Magazine Issue 010
are due tomorrow (15th May 2013). If you're interested in submitting
please send your > 3000 word article to editorial () hackinthebox org

Topics of interest include, but are not limited to the following:

Next generation attacks and exploits
Apple / OS X security vulnerabilities
SS7/Backbone telephony networks
VoIP security
Data...

SpiderFoot 2.0 released Steve Micallef (May 10)
Hi everyone,

SpiderFoot is a free, open-source footprinting tool, enabling you to
perform various scans against a given domain name in order to obtain
information such as sub-domains, e-mail addresses, owned netblocks, web
server versions and so on. The main objective of SpiderFoot is to
automate the footprinting process to the greatest extent possible,
freeing up a penetration tester's time to focus their efforts on the
security...

WASC Announcement: Static Analysis Technologies Evaluation Criteria Published announcements (May 10)
The Web Application Security Consortium (WASC) is pleased to announce the
Static Analysis Technologies Evaluation Criteria. The goal of the SATEC
project is to create a vendor-neutral set of criteria to help guide
application security professionals during the process of acquiring a
static code analysis technology that is intended to be used during
source-code driven security programs. This document provides a
comprehensive list of criteria that...

Ruxcon 2013 Call For Papers cfp (May 07)
Ruxcon 2013 Call For Presentations
Melbourne, Australia, October 26th-27th
CQ Function Centre
http://www.ruxcon.org.au/call-for-papers/

The Ruxcon team is pleased to announce the Call For Presentations for Ruxcon 2013.

This year the conference will take place over the weekend of the 26th and 27th
of October at the CQ Function Centre, Melbourne, Australia.

.[x]. About Ruxcon .[x].

Ruxcon is ia premier technical computer security conference...

[TOOL] TOPERA v2 released cr0hn (May 07)
Hi everybody,

We just released TOPERA v2:

TOPERA is a new security tool for IPv6, with the particularity that their attacks can't be detected by Snort.

This new version of TOPERA include these improvements:

1 - Slow HTTP attacks (Slowloris over IPv6).
2 - Improved TCP port scanner.

New project page:

http://toperaproject.github.io/topera/

Regards!...

[HITB-Announce] #HITB2013KUL Call for Papers Hafez Kamal (May 01)
Hi everyone - This is a Call for Papers for the 11th annual HITB
Security Conference in Malaysia, #HITB2013KUL which takes place on the
16th and 17th of October in Kuala Lumpur.

Keynote speakers for the conference will be Joe Sullivan (Chief Security
Officer, Facebook) and Andy Ellis (Chief Security Officer, Akamai)

We're looking for talks that are highly technical, but most importantly,
material which is new and cutting edge. Submissions...

Breakpoint 2013 Call For Papers cfp (May 01)
Breakpoint 2013 Call For Papers
Melbourne, Australia, October 24th-25th
Intercontinental Rialto
http://www.ruxconbreakpoint.com

.[x]. Introduction .[x].

The Ruxcon team is pleased to announce Call For Papers for Breakpoint 2013.

Breakpoint showcases the work of expert security researchers from around the
world on a wide range of topics. This conference is organised by the Ruxcon
team and offers a specialised security conference to...

Arachni v0.4.2 has been released (Open Source Web Application Security Scanner Framework) Tasos Laskos (Apr 29)
Hey folks,

This is just to let you know that there's a new version of Arachni.

Arachni is a modular and high-performance (Open Source) Web Application Security Scanner Framework written in Ruby.

The change-log is quite sizeable but the gist is:
* Brand new web interface -- allowing for team collaboration.
* Significant decreases in memory usage.
* Issue remarks – Providing extra context to logged issues.
* Improved payloads...

TXDNS v2.4 released Arley Silveira (Apr 17)
TXDNS v 2.4 is out and available to download from
http://txdns.net/

This new version adds support for reverse grinding.

Ex:
txdns -r 10-20.1.60-70.1-254,192.168.15.0/24

Cheers
Arley Silveira.
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without...

A survey on qunatifying severity of vulnerabilities in softwares Khalid Khan Afridi (Apr 17)
Hello!

I am currently performing my master thesis on the topic of quantifying the
severity of
software vulnerabilities.

As you have done significant work in this area, I would be glad if you
could spare a few
minutes of your time to answer a survey on the topic. It should not
require more than 15-20
minutes to complete.

The survey can be found at: http://secsurvey.ics.kth.se/index.php

Thank you for your attention!

Best Regards,
Khalid Khan...

Hackersh 0.1 Release Announcement Itzik Kotler (Apr 03)
Hi All,

I am pleased to announce the first version of Hackersh
(http://www.hackersh.org).

Hackersh ("Hacker Shell") is a free and open source shell (command
interpreter) written in Python with built-in security commands, and
out-of-the-box wrappers for various security tools, using Pythonect as
its scripting engine. Pythonect is a new, experimental,
general-purpose high-level dataflow programming language based on
Python. It aims to...

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

Firewall Wizards — Tips and tricks for firewall administrators

Re: Linked-in and its Phishing-like contacts option! lordchariot (May 01)
Yeah, I was trying to make this non-product specific, but most vendors can actually do this to some degree or another.

Here's how we do it on my product:

https://mcafee.box.com/MWG7-FeatureDemo-Part2

The problem with doing it at a network layer with an IDS is the SSL decryption. Almost everything nowadays is HTTPS, so
it's game over if you cannot open up the encryption.

e²

_____________________________________

From:...

Re: Linked-in and its Phishing-like contacts option! Jon Robinson (May 01)
It's not free but Palo Alto Networks does this.You can search here to see
which applications/sites they can control:
http://apps.paloaltonetworks.com/applipedia/

Jon Robinson
Digital Scepter
desk (951) 461-7868
mobile (562) 682-0821
jon () digitalscepter com

Re: Linked-in and its Phishing-like contacts option! Mathew Want (May 01)
Read only access to the sites. I like that idea a lot.

Has anyone else come across this requirement or found a good way to do it
at a control point level? Perhaps at the IDS layer?

M@

Re: OpenBSD IPSEC VPN question Chris Buechler (May 01)
You can, but that's a different circumstance. That would be IPsec
transport mode, which in combination with gif, GRE or similar
tunneling indeed doesn't have such requirements/quirks since there is
a route in the routing table in that case. Tunnel mode is more common,
which is what's applicable to the subject of this thread. Routing
table changes have no impact on whether traffic in BSD traverses a
tunnel mode IPsec connection,...

Re: OpenBSD IPSEC VPN question Paul D. Robertson (May 01)
It's been a while since I've done it, but Linux used to make an ipsec0 interface that was handled with the standard
routing table. Possibly in *BSD you need to use a gre or gif tunnel to achieve the same thing?

Paul

Re: OpenBSD IPSEC VPN question Chris Buechler (May 01)
This is true of all the BSDs with IPsec (and maybe Linux and other
*nix OSes but not sure of those). Traffic that doesn't have a specific
source IP set gets the source IP that's closest to the destination per
the routing table. IPsec doesn't have a routing table entry, traffic
follows the SPD. So it ends up getting the IP that's nearest the
default gateway, which is most always a public IP, which is most
always not going to...

Re: OpenBSD IPSEC VPN question David Lang (Apr 30)
That's what I would expect as well, but the person reporting the problem is
claiming that this is not the case on OpenBSD, that there are no routes visible
and connections _from_ the firewall need to explicitly set their source IP
address.

This doesn't sound right to me, but I am not an OpenBSD expert.

David Lang_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com...

Re: OpenBSD IPSEC VPN question Paul D. Robertson (Apr 30)
I'd expect a connect() to bind implicitly to IP_ADDR_ANY and have the system fill in the source address by default
based on the destination route if the client doesn't specify an explicit bind address and for traffic destined to go
through the VPN to do so- it sounds like it doesn't- but without more data, I'd be wary of troubleshooting it (NAT,
filtering...)

However, I'd also advocate being able to explicitly set the...

Breakpoint 2013 Call For Papers cfp (Apr 30)
Breakpoint 2013 Call For Papers
Melbourne, Australia, October 24th-25th
Intercontinental Rialto
http://www.ruxconbreakpoint.com

.[x]. Introduction .[x].

The Ruxcon team is pleased to announce Call For Papers for Breakpoint 2013.

Breakpoint showcases the work of expert security researchers from around the
world on a wide range of topics. This conference is organised by the Ruxcon
team and offers a specialised security conference to...

Re: OpenBSD IPSEC VPN question Bennett Todd (Apr 30)
When you've got a vpn up, you're multi-homed, the Unix way for a client to
choose a network to use, when there are multiple choices, is to specify the
src ip to bind to.

I think that's the behavior I'd expect anywhere.

Re: Linked-in and its Phishing-like contacts option! David Lang (Apr 30)
when you say turn off webmail, do you mean to cut off access to public webmail
servers from inside your network? or do you man to not run things like OWA that
expose your company mail to the Internet?

David Lang

firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Re: Proxy advantage David Lang (Apr 30)
If you start with the premise that the only thing that's a firewall is a packet
filter, especially with deep packet inspection being optionsl, then you are
going to be in rather bad shape.

I have run a fairly large organization with proxy firewalls (800+ people, 100+
separate networks), it can be done. In some areas it bypasses whole classes of
problems.

Even for user desktops you can do it, but you need to get a good proxy, not just...

Re: firewall-wizards Digest, Vol 64, Issue 3 phishing David Lang (Apr 30)
Except with the "Cloud" you as an organization give up a lot of the tools that
have been used in the past to secure things.

Plus, you have the DevOps approach being misinterpreted by management to mean
"engineers can do everything, they can bypass those annoying ops and security
folks to get things done"

It's going to be an interesting few years as everyone learns that you still need
admins and security folks in the...

Re: Linked-in and its Phishing-like contacts option! lordchariot (Apr 30)
I have a lot of requests from customers to try to make the web read-only. The main use cases are for social network,
blogs/wikis, and commenting on posts. The fundamental ways to do this are to 1) have MITM SSL decryption, and 2) block
the POST method for specific sites. Most commercial proxies can do this and even squid does SSL MITM.

By blocking POST to certain categories of sites and only allowing the POST for the */logon pages, users can...

OpenBSD IPSEC VPN question David Lang (Apr 30)
I'm seeing some odd reports on the rsyslog mailing list where someone is climing
that when using an IPSEC VPN on OpenBSD they have to explicitly set the source
IP address for all connections out from the firewall (tunnel endpoint) or else
the connection won't go through the tunnel. The person reporting this is
proposing modifications to rsyslog to have it force the local IP address for
outbound connections as a work-around for this...

Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

CONFidence - May, 28-29, Krakow, Poland - a conference adventure that never stops! Sławomir Jabs (May 17)
Everything has a story, everything evolves, adapts to changing circumstances
but does your IT Sec strategy evolve with the development of the digital
world?

Are you wiling to gamble on the security of you systems?

Join the upcoming CONFidence conference and meet both renown speakers and
specialists who deal with the IT security on a daily basis. People like,
you, who never stop asking questions and play with risks all the time...

We will...

RE: WASC Announcement: Static Analysis Technologies Evaluation Criteria Published Debasis Mohanty (May 17)
Good initiative! I feel one of the important element that is missing is the
"scoring mechanism". Based on what would you distinguish one product from
the other?

I created similar evaluation criteria nearly 7-8 years back for evaluating
SCA products using a QFD. That was the time I was introduced to 6-sigma and
thought a QFD is a best approach to have appropriate scoring for various
pilot parameters. However I never released it to the...

[HITB-Announce] HITB Magazine Issue 010 Hafez Kamal (May 14)
Hi everyone,

A small reminder that article submissions for HITB Magazine Issue 010
are due tomorrow (15th May 2013). If you're interested in submitting
please send your > 3000 word article to editorial () hackinthebox org

Topics of interest include, but are not limited to the following:

Next generation attacks and exploits
Apple / OS X security vulnerabilities
SS7/Backbone telephony networks
VoIP security
Data...

WASC Announcement: Static Analysis Technologies Evaluation Criteria Published announcements (May 11)
The Web Application Security Consortium (WASC) is pleased to announce the
Static Analysis Technologies Evaluation Criteria. The goal of the SATEC
project is to create a vendor-neutral set of criteria to help guide
application security professionals during the process of acquiring a
static code analysis technology that is intended to be used during
source-code driven security programs. This document provides a
comprehensive list of criteria that...

SpiderFoot 2.0 released Steve Micallef (May 06)
Hi everyone,

SpiderFoot is a free, open-source footprinting tool, enabling you to
perform various scans against a given domain name in order to obtain
information such as sub-domains, e-mail addresses, owned netblocks, web
server versions and so on. The main objective of SpiderFoot is to
automate the footprinting process to the greatest extent possible,
freeing up a penetration tester's time to focus their efforts on the
security...

[HITB-Announce] #HITB2013KUL Call for Papers Hafez Kamal (May 01)
Hi everyone - This is a Call for Papers for the 11th annual HITB
Security Conference in Malaysia, #HITB2013KUL which takes place on the
16th and 17th of October in Kuala Lumpur.

Keynote speakers for the conference will be Joe Sullivan (Chief Security
Officer, Facebook) and Andy Ellis (Chief Security Officer, Akamai)

We're looking for talks that are highly technical, but most importantly,
material which is new and cutting edge. Submissions...

Breakpoint 2013 Call For Papers cfp (May 01)
Breakpoint 2013 Call For Papers
Melbourne, Australia, October 24th-25th
Intercontinental Rialto
http://www.ruxconbreakpoint.com

.[x]. Introduction .[x].

The Ruxcon team is pleased to announce Call For Papers for Breakpoint 2013.

Breakpoint showcases the work of expert security researchers from around the
world on a wide range of topics. This conference is organised by the Ruxcon
team and offers a specialised security conference to...

Arachni v0.4.2 has been released (Open Source Web Application Security Scanner Framework) Tasos Laskos (Apr 29)
Hey folks,

This is just to let you know that there's a new version of Arachni.

Arachni is a modular and high-performance (Open Source) Web Application Security Scanner Framework written in Ruby.

The change-log is quite sizeable but the gist is:
* Brand new web interface -- allowing for team collaboration.
* Significant decreases in memory usage.
* Issue remarks – Providing extra context to logged issues.
* Improved payloads...

Administrivia - slow moderation this week Andrew van der Stock (Apr 28)
Hi all,

I'm going to be in Milan this week.

Not that there are many messages to moderate, but moderation will be
iffy / slow this next week, particularly during the bits where various
planes are flapping their wings and going "whoosh".

Normal moderation service will resume May 5.

thanks,
Andrew

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here -...

A survey on qunatifying severity of vulnerabilities in softwares Khalid Khan Afridi (Apr 18)
Hello!

I am currently performing my master thesis on the topic of quantifying the
severity of
software vulnerabilities.

As you have done significant work in this area, I would be glad if you
could spare a few
minutes of your time to answer a survey on the topic. It should not
require more than 15-20
minutes to complete.

The survey can be found at: http://secsurvey.ics.kth.se/index.php

Thank you for your attention!

Best Regards,
Khalid Khan...

Defcon DCG Kerala Information Security Meet 2013 Ajin Abraham (Apr 07)
Defcon DCG Kerala Information Security Meet 2013
=====================================
Defcon DCG Kerala (DC0497) is a Defcon USA registered group for
promoting and demonstrating research and development in the field of
Information Security. We are a group of Information Security
Enthusiasts actively interested in promoting information security.
Defcon Kerala Information Security Meet will be a platform for
security analysts, ethical hackers,...

c0c0n 2013 - Call For Papers and Call For Workshops c0c0n International Information Security Conference (Apr 06)
/ _ \ / _ \ |__ \ / _ \/_ |___ \
___| | | | ___| | | |_ __ ) | | | || | __) |
/ __| | | |/ __| | | | '_ \ / /| | | || ||__ <
| (__| |_| | (__| |_| | | | | / /_| |_| || |___) |
\___|\___/ \___|\___/|_| |_| |____|\___/ |_|____/

###################################################
c0c0n 2013 - Call For Papers and Call For Workshops
###################################################

August 22-24, 2013 -...

winAUTOPWN v3.4 Released - Completing 4 years !! QUAKER DOOMER (Mar 27)
Dear all,

This is to announce release of winAUTOPWN version 3.4.
Conceived and released in 2009, WINDOWS AUTOPWN grows strong completing its 4th year.
Visit: http://winautopwn.co.nr

++++++++++++++++++++
About winAUTOPWN:

winAUTOPWN is a unique exploit framework which aids in auto (hacking) / shell gaining as well as in exploiting
vulnerabilities to conduct Remote Command Execution, Remote File/Shell Upload, Remote File Inclusion and...

Unauthorized Access: Bypassing PHP strcmp() Danux (Mar 03)
Hope you enjoy it.

http://danuxx.blogspot.com/2013/03/unauthorized-access-bypassing-php-strcmp.html

NoSuchCon CFP 2.0 / 15-17 May 2013 / Paris, France Jonathan Brossard (Feb 25)
*******************************************************************************

PARENTAL ADVISORY: 100% technical content
*******************************************************************************

+--------------------------------------------------------------+
= =
= NoSuchCon - CFP 2.0 =
=...

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

Re: The underlying structure is foamy Keith Seymour (May 24)
We're all driven by metaphors. They make complex subjects easy to discuss
without getting lost in the details. They also allow you to think
creatively about the subject and gain new insights. I think Dave's metaphor
works well for both of these purposes.

Sure the ships are cheaper, sure they are faster but ours are just as fast
and cheap as theirs so the advantage needs to be that ours are more
effective. Bits have to get there and...

Re: The underlying structure is foamy Pedro Hugo (May 24)
Hello everyone,

The navy analogy is definitely very interesting and compelling. I am not
so sure if it is the best one to use in this case.
My issue is with the economics of the new navy. The old navy is essential
a natural monopoly due to its high costs and barriers to entry.
Very few countries can(could) afford to develop, deploy, and maintain an
effective navy. The Spanish and Portuguese split the world and its
richnesses, and still were...

Re: The underlying structure is foamy Ben Nagy (May 24)
In the final determination, I have opted for prose, because my first
sonnet, in the Italian form, had already taken over an hour by the time
I got to construct the volta, plus I had ciabatta to make.

I am not going to take Dave's email apart by paragraphs, nor Halvar's
keynote slides, because not only am I disinterested in scoring 'points'
but I also feel that they both presented many interesting arguments,
several of which...

INFILTRATE 2013 Video #1 Dave Aitel (May 24)
So the first video we're releasing is Stephen Watt's keynote. Yesterday
we released it as a link in Immunity Debugger, so if you were doing real
WORK then you got it early. :>

http://infiltratecon.com/watt.html

Of course, the best time to get tickets for INFILTRATE 2014 is now, and
not the day before the event. Likewise, the Master Class sells out every
year, and there's less spots in 2014 than there were in 2013.

And if you...

Re: The underlying structure is foamy Moses Hernandez (May 24)
Cyberwar. I am not sure that it conjures the right picture on my head
because there would be a dark skies and a dystopian society with only Mel
Gibson, Harrison Ford, and just for the heck of it Patrick Swayze from Road
House. Do I believe that people are going to replace their fleet with
something else? Yes. A scramjet based one. Nothing says dystopia like a
scramjet drone army.

I think this new notion that large companies are pushing, the one...

Re: The underlying structure is foamy Thomas Lim (May 24)
Dave

Ben, like you and Halvar, are all iconoclasts. It's impossible to find
anyone else in this Universe that will come close to looking like the 3
of you and/or have the kind of cognitive "computing power" that you 3
possess. Unlike me who is a Chinese, common, prevalent (you cannot get
rid of us, can't you?) and who cannot read, write and pronounce properly
the lingua franca of planet Earth.

Ben is really a mystique. His...

The underlying structure is foamy Dave Aitel (May 23)
So Ben Nagy, who is nothing if not an iconoclast, disagrees with my and
Halvar's general tenets that the easiest analogy to what is happening in
the cyber space is the creation of a new Navy (or set of Navy's). But he
refuses to argue with it when it's not words on paper. So I figured I'd
put down some words on paper.

The first and most basic premise is that the Internet has replaced the
oceans as the global Commons. While...

Automated Volatility plugin Generation with Dalvik Inspector Joe Sylve (May 23)
Hello,

We wanted to take the opportunity to point you to a blog post which gives a
preview of some of the research we've been working on at 504ENSICS Labs in
the area of Android memory analysis. This time we are demoing a feature
that will allow automatted volatility plugin generation with our Dalvik
Inspector tool. We think our results will be of great interest to the DFIR
community and look forward to your feed back. We plan on...

Starters. Dave Aitel (May 23)
And....we're back!

I got a few emails asking where DD went, and the answer is "after
INFILTRATE there's lots of work to do". We'll have quite a few
announcements and blog posts and dissertations on social insects and
their relationship to trojan protocols coming in the following days!

For a starter, this blog post is a good morning read!...

WhiteHat Security report, or what use is SCA for web apps? Vitaly Osipov (May 23)
A while ago I've read an article absolutely not about security but
about how great it is to work in small friendly teams -
http://pragprog.com/magazines/2012-12/agile-in-the-small

It contains an awesome quote:

"...most best practices are just crutches for having a heterogeneous
skill mix in one’s team."

Please hold that quote in mind while I turn to the figures recently
released by WhiteHat Security
(...

D2Sec's Elliot Dave Aitel (May 06)
http://www.d2sec.com/news/driving_d2_elliot_with_immunity_canvas.html

There's a lot of different kinds of exploits - and many people ignore
the web exploits that are not for Wordpress. This is usually a mistake
because, especially as we look at #OpUSA and #OpIsreal and the like, a
lot of people are running all sorts of web applications with all sorts
of esoteric web vulnerabilities on them. Which is why our close and
continuing friends over...

SyScan 2013 Dave Aitel (May 02)
It's really only after you finish writing a keynote that you know what
it's about. In a sense, everyone around you writes it with you as you
talk through it with people. The one I delivered at SyScan itself was
funnier. . . although even so, not very funny. Not everything is funny!
Even things that include Buffy.

"Things Buffy the Vampire Slayer Taught Me About CyberWar - SyScan 2013
Keynote)"...

Yet Another Java Security Warning Bypass Esteban Guillardoy (Apr 25)
Hi everyone!

I wrote a blog post about another Java Security Warning Bypass that
you may find interesting ;)

Just go to the Immunity blog and enjoy:
http://immunityproducts.blogspot.com/2013/04/yet-another-java-security-warning-bypass.html

Cheers
Esteban

Answering Lurene's Question Dave Aitel (Apr 21)
So the kids are in NY so I've gotten a full night's sleep for the first
time in about a while, and parts of my brain I didn't realize were
malfunctioning now have blood and oxygen and whatever soupy hormones
they need to start sparking back up. I'm working on my SyScan talk,
which is due next week, so I wanted to warm up by answering a question
for Lurene.

----

Imagine it's 2030 and we finally understand a few things...

Students teaching trainers Alex McGeorge (Apr 17)
Aloha list,

We do a lot of teaching at Immunity and it's something I think we've
gotten pretty good at over the years. Part of improving your teaching
offerings is doing some hard reflection on what did and didn't work for
the most recent class which is what we're in the process of doing for
web hacking right now. Most of those lessons only make sense from an
internal perspective but there are some things that other people...

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

Automated Volatility Plugin Generation with Dalvik Inspector Joe Sylve (May 24)
Hello,

We wanted to take the opportunity to point you to a blog post which gives a
preview of some of the research we've been working on at 504ENSICS Labs in
the area of Android memory analysis. This time we are demoing a feature
that will allow automated volatility plugin generation with our Dalvik
Inspector tool. We think our results will be of great interest to the DFIR
community and look forward to your feed back. We plan on...

OWASP OWTF 0.16 "shady citizen" released, now working smoothly in Kali! Abraham Aranguren (May 24)
Hello everybody,

I would like to let you know that OWASP OWTF 0.16 "shady citizen" has
just been released and is now working smoothly in Kali Linux.

As a wrapper tool that depends on many tools, the migration from
Backtrack to Kali Linux has been a bit of a challenge for the OWTF
development team: Many tools were removed, all tools and dictionaries
changed their locations, some tools were not working any more, other
tools had to be...

Re: SQL cheat sheat Joel Gunderson (May 23)
Additionally, not necessarily related directly to SQL injection, but make
sure that there is a sufficient authentication/authorization framework in
place, if possible. This will help reduce the threat population to begin
with.

Re: Avoiding IPS Detection Wicked Clown (May 22)
I am not 100% sure about probing networks, but here are some ways to bypass
IPS/IDS in general that works against some big hitters:

1) send the protocol over a different allowed port, for example.. use FTP
over MYSQL.
2) Most IPS/IDS will ignore the first 4k of data on network, so if you send
data out of the network just do it in 3k chunks, yes you will have to keep
re-establish the connection.. but if you do a snatch and grab for example
the...

GPS tracking devices Jesse Gardner (May 22)
Hi there, I had an interesting question at work yesterday and
thought some of you might have faced this scenario...

My work sends important devices & systems through common shipping
services (FedEx, UPS, etc.); our operations folks mentioned the
desire to have better/real-time tracking information available
through some sort of GPS/LoJack tracking device.

Have you ever used any devices like this? Do you have any
suggestions on...

Re: Howto update (security patches) Java on Windows 8 Carlos Perez (May 22)
Another method is to use the WSUS Package Publisher http://wsuspackagepublisher.codeplex.com/ , still you will need a
software inventory solution or build your own, that is just basics for security, no way to be able to be effective at
determining risk if you do not have a host and software inventory. The modification of the MSI is so it removes Java 6
if you do not use it, also remember there are more that one packaged version of Java, you...

Re: Howto update (security patches) Java on Windows 8 Guillaume Ross (May 22)
In the GPO itself you can mark a package to be installed after the removal of a previous version as well.

I don't recommend using GPOs to push software, especially software that is updated so often and found vulnerable so
often, because you will have little information on how successful the deployment is.
One day or another, you will end up with a bunch of workstations still running an old Java, or maybe stuck without
Java. (One could...

Re: Avoiding IPS Detection Dan King (May 22)
Run tests to see if heavily fragmented packets trigger anything. If not,
use fragmentation (out of order works really well)

Also scan really really slowly. A lot of IPS/IDS trigger on volume of
traffic.

Re: SQL cheat sheat Guillaume Ross (May 22)
IMO - if we are discussing solely SQLi - the MOST important thing is to use parameterized queries.
Then, validate user input (though that is important for way more than SQLi).

Depending on the language you are using and the RDBMS you are accessing there are different ways to parameterize
queries, but they are typically easy and user friendly. Sometimes they can have a positive performance impact depending
on the way the query optimizer works...

Re: Little Snitch Guillaume Ross (May 22)
I have not tested Hands Off but I do remember seeing that one of the advantages it had over Little Snitch was inbound
monitoring and management - which Little Snitch added in version 3.
They both look relatively user friendly and seem to work in very similar ways.

It would be very interesting to see an in depth comparison indeed, especially now that LS has inbound functionality
too..

Guillaume

Re: [GPWN-list] Avoiding IPS Detection Tim Tomes (May 21)
OK, let me provide a little more detail. You've done reconnaissance,
and there wasn't enough information to make precise targetted attacks.
You need to probe the network (i.e. nmap scans) to find available
services. You can't go to your local coffee shop or use a service like
anonymizer because they are detecting and blocking too aggressively to
experience the benefits of either. Your only choice is avoidance.

I know some of you...

Re: Ec-council (Certified Ethical Hacker) gets Hacked Carlos Perez (May 21)
Well that case was not indexing, he did automated an went further than that with no permission and his chat logs do not
reflect it was to responsibly notify AT&T, plus challenging the judge was not as smart idea
http://www.justice.gov/usao/nj/Press/files/pdffiles/2011/Spitler,%20Daniel%20et%20al.%20Complaint.pdf he did got way to
much time in the puns in the ass for it.

Re: Ec-council (Certified Ethical Hacker) gets Hacked Patrick Laverty (May 21)
Maybe not but apparently it's enough to get you 3 1/2 years in jail if you
do it to AT&T.

Re: Ec-council (Certified Ethical Hacker) gets Hacked yersinia (May 21)
Hi to all

I'm part of the EC-COUNCIL group on linkedin. There were two posts on
this topic. The most recent (11 hours ago) is the following

"

**Updated** Message from EC-Council

On May 16th, 2013, EC-Council was notified of an article that stated
an alleged hack had taken place on EC-Council Servers. Upon
notification, EC-Council immediately investigated the issue. Contrary
to the news reported by E Hacking News this week,...

Avoiding IPS Detection Tim Tomes (May 21)
I'm compiling a list of preferred methods for probing networks while
avoiding IDS/IPS detection. Any and all input is appreciated. Thanks.

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

Microsoft Security Bulletin Minor Revisions Microsoft (May 23)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: May 23, 2013
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS12-044

Bulletin Information:
=====================

* MS12-044 - Important

-...

Microsoft Security Bulletin Minor Revisions Microsoft (May 22)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: May 22, 2013
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS12-081
* MS13-037
* MS13-MAY

Bulletin Information:
=====================

* MS12-081 - Critical

-...

Microsoft Security Bulletin Minor Revisions Microsoft (May 16)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: May 15, 2013
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS13-045

Bulletin Information:
=====================

* MS13-045 - Important

-...

Microsoft Security Advisory Notification Microsoft (May 14)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: May 14, 2013
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (2846338)
- Title: Vulnerability in Microsoft Malware Protection Engine
Could Allow Remote Code Execution
-...

Microsoft Security Bulletin Minor Revisions Microsoft (May 14)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: May 14, 2013
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS13-009

Bulletin Information:
=====================

* MS13-009 - Critical

-...

Microsoft Security Bulletin Summary for May 2013 Microsoft (May 14)
********************************************************************
Microsoft Security Bulletin Summary for May 2013
Issued: May 14, 2013
********************************************************************

This bulletin summary lists security bulletins released for
May 2013.

The full version of the Microsoft Security Bulletin Summary for
May 2013 can be found at
http://technet.microsoft.com/security/bulletin/ms13-may.

With the release of...

Microsoft Security Bulletin Advance Notification for May 2013 Microsoft (May 09)
********************************************************************
Microsoft Security Bulletin Advance Notification for May 2013
Issued: May 9, 2013
********************************************************************

This is an advance notification of security bulletins that
Microsoft is intending to release on May 14, 2013.

The full version of the Microsoft Security Bulletin Advance
Notification for May 2013 can be found at...

Microsoft Security Advisory Notification Microsoft (May 08)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: May 8, 2013
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (2847140)
- Title: Vulnerability in Internet Explorer Could Allow
Remote Code Execution
-...

Microsoft Security Advisory Notification Microsoft (May 04)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: May 3, 2013
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (2847140)
- Title: Vulnerability in Internet Explorer Could Allow
Remote Code Execution
-...

Microsoft Security Bulletin Minor Revisions Microsoft (Apr 26)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: April 26, 2013
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS12-043

Bulletin Information:
=====================

* MS12-043 - Critical

-...

Microsoft Security Bulletin Minor Revisions Microsoft (Apr 24)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: April 24, 2013
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS13-028
* MS13-031
* MS13-036
* MS13-APR

Bulletin Information:
=====================

*...

Microsoft Security Bulletin Re-Releases Microsoft (Apr 23)
********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: April 23, 2013
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS13-036 - Important
* MS13-apr

Bulletin Information:
=====================

* MS13-036 -...

Microsoft Security Bulletin Minor Revisions Microsoft (Apr 18)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: April 17, 2013
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS13-036

Bulletin Information:
=====================

* MS13-036 - Important

-...

Microsoft Security Bulletin Minor Revisions Microsoft (Apr 16)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: April 16, 2013
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS13-034

Bulletin Information:
=====================

* MS13-034 - Important

-...

Microsoft Security Bulletin Summary for April 2013 Microsoft (Apr 09)
********************************************************************
Microsoft Security Bulletin Summary for April 2013
Issued: April 9, 2013
********************************************************************

This bulletin summary lists security bulletins released for
April 2013.

The full version of the Microsoft Security Bulletin Summary for
April 2013 can be found at
http://technet.microsoft.com/security/bulletin/ms13-apr.

With the...

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

Kim Dotcom owns two-factor authentication Rob, grandpa of Ryan, Trevor, Devon & Hannah (May 24)
http://www.wired.com/threatlevel/2013/05/kim-dotcom-two-factor/

====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
cur f w d dis and p
A sed iend rought eath ease ain
bles fr b br and ag
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links...

Re: Safe online banking Nick FitzGerald (May 24)
Rob wrote:

With apologies to the master...

They forgot the "-- and even then I have my doubts."

Regards,

Nick FitzGerald

Safe online banking Rob, grandpa of Ryan, Trevor, Devon & Hannah (May 24)
http://www.theonion.com/articles/after-checking-your-bank-account-remember-to-
log-o,32260/

====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
I refuse to believe corporations are people until Texas executes
one. - http://twitter.com/#!/ararubyan/status/115479037849239553
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links...

REVIEW: "Cloud Crash", Phil Edwards Rob, grandpa of Ryan, Trevor, Devon & Hannah (May 24)
BKCLDCRS.RVW 20101009

"Cloud Crash", Phil Edwards, 2011, 978-1466408425, U$9.99
%A Phil Edwards PhilEdwardsInc.com philipjedwards () gmail com
%C Seattle, WA
%D 2011
%G 978-1466408425 1466408421
%I CreateSpace Independent Publishing Platform/Amazon
%O U$9.99
%O http://www.amazon.com/exec/obidos/ASIN/1466408421/robsladesinterne
http://www.amazon.co.uk/exec/obidos/ASIN/1466408421/robsladesinte-21
%O...

Re: US CERT: Washington, DC Radio Station Web Site Compromises Paul Ferguson (May 21)
I don't recall seeing a US-CERT advisory when a particular website has
been compromised.

I think that it is only "of government interest" because these
particular watering hole attacks used comprised websites in the
Washington, D.C., area which are highly popular with people living in
that area -- namely government employees and government contractors.

See also:...

Re: US CERT: Washington, DC Radio Station Web Site Compromises Jeffrey Walton (May 21)
Thanks Paul.

Have you ever seen US CERT issue against a website? Or is this new
reporting introduced with the recent email procedure change.

Jeff

Re: US CERT: Washington, DC Radio Station Web Site Compromises Paul Ferguson (May 21)
No conspiracy theories here -- just "yet another" watering hole attack.

See also:

https://en.wikipedia.org/wiki/Watering_Hole

It has become a fairly common attack/victimization methodology.

- ferg

US CERT: Washington, DC Radio Station Web Site Compromises Jeffrey Walton (May 21)
This is kind of interesting.... I've don't believe I have ever
received a US CERT bulletin calling out a website for distributing the
flyby goodness.

I wonder if the radio station does not fully support the current
regime. Could it be more tactics like we have recently seen at the
IRS?

https://www.us-cert.gov/ncas/alerts/TA13-141A

Internet Census 2012 data search engine launched Juha-Matti Laurio (May 21)
http://www.exfiltrated.com/querystart.php

Juha-Matti

OT: Attorney General Eric Holder on 'Too Big to Jail' Jeffrey Walton (May 18)
http://www.americanbanker.com/issues/178_45/transcript-attorney-general-eric-holder-on-too-big-to-jail-1057295-1.html

The following is a transcript of Attorney General Eric Holder's
remarks before the Senate Judiciary Committee, in which he discusses
the idea that some banks are 'Too Big to Jail.'

Sen. Chuck Grassley, R-Iowa: In the case of bank prosecution. I'm
concerned we have a mentality of 'too big to jail' in...

Re: [funsec] Skype with care â€“ Microsof t is reading everything you write Jeffrey Walton (May 17)
That's not really practical in many cases. What do consumers have when
all carriers and handset manufacturers do it? Its certainly not
choice.

All are likely doing it to some degree or another. Again, no choice.

Monopolistic policy and practice in industry used to be kept in check.
Case studies include the steel, railroad, and oil barons. For the old
steel, railroad, and oil barons, the interesting thing (in my opinion)
was why it...

Re: Skype with care â€“ Microsof t is reading everything you write Blanchard, Michael (InfoSec) (May 17)
There is always a clause in ALL of those ELUA's stating that they can change at anytime, without notice usually too.
Your only recourse is to stop using the product if you don’t like the EULA. Sucks yes, but until a better product
comes along that is as widely adopted, well, we're stuck.... Who's to say what Apple is doing with Facetime?

Those folks that complain about "evil empires" are the cause of their own...

Re: [funsec] Skype with care â€“ Microsof t is reading everything you write Jeffrey Walton (May 17)
In the US, they call those "Material Adverse Change" (MACs).

Its a bitch we have to accept those adverse changes just to get bug
fixes and security patches for defective products. It seems like
illegal tying to me, and I wonder why the FTC has not stepped in. In
the US, politicians are bought and sold like trading cards, so I don't
expect it to change anytime soon.

Jeff

Re: [funsec] Skype with care â Microsoft is re ading everything you write Rob, grandpa of Ryan, Trevor, Devon & Hannah (May 17)
As it happens, I'm currently reviewing an intriguing book ("Boilerplate") that
addresses all kinds of issues around "agreements" and consent. Particularly for
those of us who joined Skype before MS bought it, and therefore "agreed" to a
very different set of rules ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade ()...

Re: Skype with care Joel Esler (May 17)
Skype is a free tool.

You get, what you pay for. Same with Google and their products, etc.

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

Alert - Upcoming Mail Delivery Changes US-CERT Alerts (May 10)
National Cyber Awareness System
US-CERT Alert - Upcoming Mail Delivery Changes

Thank you for being a subscriber to our US-CERT Alerts product. We
are striving to keep our capabilities at the leading edge of
communication. You may have noticed we've redesigned and upgraded our
website recently and as a part of that process, on May 14th, we are
migrating to GovDelivery as our email subscription service. As a
current subscriber you will...

Current Activity - Upcoming Mail Delivery Changes Current Activity (May 10)
National Cyber Awareness System

Thank you for being a subscriber to our US-CERT Current Activity
product. We are striving to keep our capabilities at the leading edge
of communication. You may have noticed we've redesigned and upgraded
our website recently and as a part of that process, on May 14th, we
are migrating to GovDelivery as our email subscription service. As a
current subscriber you will need to do nothing. You will notice a...

Current Activity - Microsoft Releases Advance Notification for May 2013 Security Bulletin Current Activity (May 09)
National Cyber Awareness System
Microsoft Releases Advance Notification for May 2013 Security Bulletin

Original release date: May 09, 2013

Microsoft has issued a Security Bulletin Advanced Notification
indicating that its May release will contain 10 bulletins. These
bulletins will have the severity rating of critical and important and
will be for Microsoft Windows, Office, Internet Explorer, .NET
Framework, Lync, and Windows Essentials. These...

Current Activity - Adobe Releases Security Advisory for ColdFusion Current Activity (May 09)
National Cyber Awareness System
Adobe Releases Security Advisory for ColdFusion

Original release date: May 09, 2013

Adobe has identified a critical vulnerability affecting ColdFusion 10,
9.0.2, 9.0.1, 9.0, and earlier versions for Windows, Macintosh, and
UNIX. This vulnerability (CVE-2013-3336) could permit an unauthorized
user to remotely retrieve files stored on a server. There are reports
that an exploit of this vulnerability is publicly...

Current Activity - Microsoft Releases Security Advisory for Internet Explorer Current Activity (May 07)
National Cyber Awareness System
Microsoft Releases Security Advisory for Internet Explorer

Original release date: May 07, 2013

Microsoft is investigating public reports of a remote code execution
vulnerability in Internet Explorer 8 and is aware of attacks that
attempt to exploit this vulnerability. This vulnerability may allow an
attacker to execute arbitrary code if a user accesses a specially
crafted website. Microsoft is actively working...

Current Activity - Cisco Releases Security Advisories Current Activity (Apr 25)
National Cyber Awareness System
Cisco Releases Security Advisories

Original release date: April 25, 2013

Cisco has released three security advisories to address vulnerabilities
affecting Cisco NX-OS-based products, Cisco Device Manager, and Cisco
Unified Computing System. These vulnerabilities may allow an attacker to
bypass authentication controls, execute arbitrary code, obtain sensitive
information, or cause a denial-of-service condition....

Current Activity - Apple Releases Security Updates for Safari Current Activity (Apr 18)
National Cyber Awareness System
Apple Releases Security Updates for Safari

Original release date: April 18, 2013

Apple has released security updates for Safari 6.0.4 WebKit to address
multiple vulnerabilities. These vulnerabilities could allow a remote
attacker to execute arbitrary code or cause a denial-of-service
condition.

Safari 6.0.4 WebKit updates are available for the following versions:
* OS X Lion v10.7.5
* OS X Lion Server v10.7.5...

Alert TA13-107A: Oracle has released multiple updates for Java SE US-CERT Alerts (Apr 18)
National Cyber Awareness System
TA13-107A: Oracle has released multiple updates for Java SE

Original release date: April 17, 2013

Systems Affected

* JDK and JRE 7 Update 17 and earlier
* JDK and JRE 6 Update 43 and earlier
* JDK and JRE 5.0 Update 41 and earlier
* JavaFX 2.2.7 and earlier

Overview

Oracle has released a Critical Patch Update (CPU) for Java SE. Oracle
strongly recommends that customers apply CPU fixes as soon as possible....

Current Activity - Scams Exploiting Boston Marathon Explosion Current Activity (Apr 17)
National Cyber Awareness System
Scams Exploiting Boston Marathon Explosion

Original release date: April 17, 2013

Malicious actors are exploiting the April 15 explosions at the Boston
Marathon in attempts to collect money intended for charities and to
spread malicious code. Fake websites and social networking accounts have
been set up to take advantage of those interested in learning more
details about the explosions or looking to contribute to...

Current Activity - Malicious Actors May Take Advantage of Boston Marathon Explosion Current Activity (Apr 17)
National Cyber Awareness System
Malicious Actors May Take Advantage of Boston Marathon Explosion

Original release date: April 17, 2013

Historically, scammers, spammers, and other malicious actors capitalize
on major news events by registering domain names related to the events.
Malicious actors may attempt to exploit the April 15, 2013 explosions at
the Boston Marathon in this way. Some may use fake domains to take
advantage of those interested...

Current Activity - Oracle Releases April 2013 Security Advisory Current Activity (Apr 17)
National Cyber Awareness System
Oracle Releases April 2013 Security Advisory

Original release date: April 17, 2013

Oracle has released its Critical Patch Update for April 2013 to address
128 vulnerabilities across multiple products. This update contains the
following security fixes:
* 4 for Oracle Database Server
* 29 for Oracle Fusion Middleware
* 6 for Oracle E-Business Suite
* 3 for Oracle Supply Chain Products Suite
* 11 for Oracle...

Current Activity - WordPress Sites Targeted by Mass Brute-force Botnet Attack Current Activity (Apr 15)
National Cyber Awareness System
WordPress Sites Targeted by Mass Brute-force Botnet Attack

Original release date: April 15, 2013

US-CERT is aware of an ongoing campaign targeting the content management
software WordPress, a free and open source blogging tool and web
publishing platform based on PHP and MySQL. All hosting providers
offering WordPress for web content management are potentially targets.
Hackers reportedly are utilizing over 90,000...

Current Activity - Microsoft Releases April 2013 Security Bulletin Current Activity (Apr 09)
National Cyber Awareness System
Microsoft Releases April 2013 Security Bulletin

Original release date: April 04, 2013 | Last revised: April 09, 2013

Microsoft has released updates to address vulnerabilities in Microsoft
Windows, Office, Internet Explorer, Server Software, and Security
Software as part of the Microsoft Security Bulletin summary for April
2013. These vulnerabilities could allow remote code execution, elevation
of privilege,...

Current Activity - Microsoft Releases Advance Notification for April 2013 Security Bulletin Current Activity (Apr 04)
National Cyber Awareness System
Microsoft Releases Advance Notification for April 2013 Security Bulletin

Original release date: April 04, 2013

Microsoft has issued a Security Bulletin Advance Notification indicating
that its April release will contain nine bulletins. These bulletins will
have the severity rating of critical and important and will be for
Microsoft Windows, Office, Internet Explorer, Server Software, and
Security Software. These...

Current Activity - Mozilla Releases Multiple Updates Current Activity (Apr 03)
National Cyber Awareness System
Mozilla Releases Multiple Updates

Original release date: April 03, 2013

The Mozilla Foundation has released updates to address multiple
vulnerabilities. These vulnerabilities could allow an attacker to
initiate a cross-site scripting attack or obtain sensitive information,
enable privilege escalation or execute arbitrary code, or cause a
denial-of-service condition.

Updates to the following products are...

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

CVE Request: cgit directory traversal Jason A. Donenfeld (May 25)
Hi Kurt,

As mentioned in early messages to oss-sec, I've inherited
maintainership of the cgit codebase and am gradually auditing it.
Today I found a nasty directory traversal:

http://somehost/?url=/somerepo/about/../../../../etc/passwd

This should be pretty straightforward to categorize.

Exploitation looks like:
http://data.zx2c4.com/cgit-directory-traversal.png

I've committed a fix for it here:...

CVE Request: SPIP privilege escalation Salvatore Bonaccorso (May 25)
Hi Kurt

SPIP 3.0.9, 2.1.22 and 2.0.23 fixed a privilege escalation vulerability,
where an user can take editorial control on the site. Upstream announce
is at [1] and the upstream commit fixing it is [2].

I'm CC'ing David Prévot, Debian maintainer for spip (there does not seem
to be a english translation of the announce available right now).

[1] http://contrib.spip.net/SPIP-3-0-9-2-1-22-2-0-23-corrections-de-bug-et-faille?lang=fr...

Re: CVE Request: pwgen Kurt Seifried (May 25)
Is any of this behaviour documented, or is it only "documented" in the
source code (I'm guessing source code only)? Also I'm trying to think
of situations where /dev/random and urandom are not available, AND the
system is otherwise working ok and nothing comes to mind. The fall
back is definitely sub-optimal, but can it be triggered in any
meaningful way.

CVE Request: pwgen Seth Arnold (May 24)
Hello Kurt, Steve, all,

Do these issues deserve CVE numbers?

A user reported to launchpad [1] that pwgen will use /dev/urandom or
/dev/random if it can, but will silently fall back to using drand48() or
random() if the device files fail to open. The report also mentions that
when the device files are available, the output is biased by too-simple
use of the modulo operator to scale the output to 0 <= n < max. There
are further complaints...

Re: plone, rrdtool, zenoss bugs Matthew Wilkes (May 24)
Hi, Plone checking in here. Sorry, didn't see this until the ping just now.

This is technically a bug in PluggableAuthService, an optional part of
Zope that we use. In a correctly set up Plone site this won't be
accessible, but if people are using an account that's set up to access
the Zope management interface (such as the initial admin user created on
install) then it would be.

We discourage people from using these users...

Re: plone, rrdtool, zenoss bugs Kurt Seifried (May 24)
The original reporter never replied =( [ping!]

Any ways:

It just doesn't sound like much of a problem (user logs in, passes
some mucky data to rrdtool causing it to crash, the system is fine,
that instance of rrdtool dies and gets cleaned up). No real trust
boundary gets violated/no DoS in any meaningful way as I understand
it. Unless an exploitable scenario comes to light I don't think this
is an issue really.

Re: plone, rrdtool, zenoss bugs Henri Salo (May 24)
Hard to say how many and which applications are using this library with user
input. At least original reporter pointed out Zenoss-case. I can find out if
there is others if that is needed, but obviously it's impossible to list all use
cases.

---
Henri Salo

Re: CVE request: MediaWiki chunked uploads vulnerability Kurt Seifried (May 24)
Nope, see below. email me if you want to become the official mediawiki
requester.

1.20.6

Download:

http://download.wikimedia.org/mediawiki/1.20/mediawiki-1.20.6.patch.gz.sig

1.19.7

Download:

http://download.wikimedia.org/mediawiki/1.19/mediawiki-1.19.7.patch.gz.sig

Please use CVE-2013-2114 for this issue.

Re: plone, rrdtool, zenoss bugs Kurt Seifried (May 24)
Ho likely is an attacker to be able to pass a format string to it though?

Re: CVE request: dovecot : "APPEND" Parameters Processing Denial of Service Vulnerability Kurt Seifried (May 24)
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695138#15

Yeah, we can't guarantee that can we. For all we know someone used it
in a major deployment/system image/who knows.

Please use CVE-2013-2111 for this issue.

[OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013) Jeremy Stanley (May 23)
OpenStack Security Advisory: 2013-013
CVE: CVE-2013-2013
Date: May 23, 2013
Title: Keystone client local information disclosure
Reporter: Jake Dahn (Nebula)
Products: python-keystoneclient
Affects: All versions

Description:
Jake Dahn from Nebula reported a vulnerability that the keystone
client only allows passwords to be updated in a clear text
command-line argument, which may enable other local users to obtain
sensitive information by listing...

Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries Alan Coopersmith (May 23)
-------- Original Message --------
Subject: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X
Window System client libraries
Date: Thu, 23 May 2013 08:05:22 -0700
From: Alan Coopersmith <alan.coopersmith () oracle com>
To: xorg-announce () lists x org
CC: xorg () lists x org, xorg-devel () lists x org

X.Org Security Advisory: May 23, 2013
Protocol handling issues in X Window System client libraries...

CVE-2013-2069 livecd-tools: improper handling of passwords Brian C. Lane (May 23)
https://bugzilla.redhat.com/show_bug.cgi?id=964299

The livecd-tools package provides support for reading and executing
Kickstart files in order to create a system image. It was discovered
that livecd-tools gave the root user an empty password rather than
leaving the password locked in situations where no 'rootpw' directive
was used or when the 'rootpw --lock' directive was used within the
Kickstart file, which could allow...

Re: CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Tomas Hoger (May 23)
There are surely differences in other parts of python code, but in this
case, affected functionality is the same in python 3 and
python-backports-ssl_match_hostname (the latter just contains a
functionality copied from the former). Given that affected code is
identical, I don't believe differences in other parts of codebases not
related to the flaw should force split. I.e. I'd follow:

AB4) If there are multiple products, vendors,...

Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Oden Eriksson (May 22)
onsdagen den 22 maj 2013 15.31.44 skrev Matthias Weckbecker:

Whoops. You're right.

Secure Coding — The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.

SecAppDev hits the road Kenneth R. van Wyk (May 22)
Greetings SC-L subscribers,

I suspect many of you have heard of SecAppDev (http://secappdev.org) over the years. It's a non-profit training event
that has hitherto been held in Leuven, Belgium for 1 week each Feb/Mar. Well, we're excited to say that this year we've
added a second event: SecAppDev Dublin!

Yes, SecAppDev will be hitting the road for its first foray outside of Belgium. For one week in July (15th-19th), we'll...

2013 OWASP Mobile Top 10 Call For Data Jim Manico (May 21)
Hello All,

We are pleased to announce the 2013 call for data to help refresh the Mobile Top 10 Risks for 2013 and publish a more
formal publication. We are encouraging everyone to get involved.

The current Mobile Top Ten Risks are located here:

https://www.owasp.org/index.php/OWASP_Mobile_Security_Project#tab.3DTop_Ten_Mobile_Risks

- What do we need? -

Right now we are looking for data that represents the current state of mobile...

CFP: Workshop on Risk Perception in IT Security and Privacy at SOUPS Larry Koved (May 20)
Short position statements due next Thursday, May 30

Workshop on Risk Perception in IT Security and Privacy

A workshop of the Symposium On Usable Privacy and Security (SOUPS)
http://cups.cs.cmu.edu/soups/2013/

For full details, please see: http://cups.cs.cmu.edu/soups/2013/risk.html

This workshop is an opportunity to bring together researchers and
practitioners to share experiences, concerns and ideas about how to
address the gap between...

Correction: W2SP 2013 - Web 2.0 Security and Privacy workshop - Final call for participation Larry Koved (May 20)
*** My apologies for another email. Only ONE week until the workshop! ***

Call for participation: Only ONE week until the workshop!

The workshop and program chairs invite you to participate in the 7th W2SP
workshop.

The goal of this one-day workshop is to bring together researchers and
practitioners from academia and industry to focus on understanding Web
security and privacy issues, and to establish new collaborations in these
areas....

W2SP 2013 - Web 2.0 Security and Privacy workshop - Final call for participation Larry Koved (May 20)
Call for participation: Only three weeks until the workshop!

The workshop and program chairs invite you to participate in the 7th W2SP
workshop.

The goal of this one-day workshop is to bring together researchers and
practitioners from academia and industry to focus on understanding Web
security and privacy issues, and to establish new collaborations in these
areas.

The list of this year's accepted papers / presentations can be found...

MoST 2013 - Mobile Security and Technology workshop - final call for participation Larry Koved (May 20)
Call for participation: One week until the workshop!

The workshop and program chairs invite you to participate in the 2nd MoST
workshop.

Mobile Security Technologies (MoST) brings together researchers,
practitioners, policy makers, and hardware and software developers of
mobile systems to explore the latest understanding and advances in the
security and privacy for mobile devices, applications, and systems.

The list of this year's...

SearchSecurity: BSIMM4 Gary McGraw (May 11)
hi sc-l,

Sammy Migues, Jacob West and I wrote an introductory article about BSIMM4 for SearchSecurity. It was just posted on
SearchSecurity: http://bit.ly/11qlIBi
(or http://searchsecurity.techtarget.com/feature/BSIMM4-measures-and-advances-secure-application-development)

This article provides a great way to get up to speed on the BSIMM project in its BSIMM4 instantiation. The BSIMM
Community is expanding rapidly, and we're looking...

Ruxcon 2013 Call For Papers cfp (May 08)
Ruxcon 2013 Call For Presentations
Melbourne, Australia, October 26th-27th
CQ Function Centre
http://www.ruxcon.org.au/call-for-papers/

The Ruxcon team is pleased to announce the Call For Presentations for Ruxcon 2013.

This year the conference will take place over the weekend of the 26th and 27th
of October at the CQ Function Centre, Melbourne, Australia.

.[x]. About Ruxcon .[x].

Ruxcon is ia premier technical computer security conference...

Silver Bullet 85:Mobile Security with Jim Routh and Scott Matsumoto Gary McGraw (May 03)
hi sc-l,

Is mobile security a brand new day or the same old same old? The answer depends on how you look at the problem. If
you are a practitioner in the trenches, there are many new and interesting shiny bits to mobile security. If you are a
security veteran, things look very familiar. In this episode of Silver Bullet, Jim Routh, Scott Matsumoto and I take
on the Necker Cube of mobile security. Jim Routh is the ultimate security...

CFP: Workshop on Risk Perception in IT Security and Privacy Larry Koved (May 03)
Workshop on Risk Perception in IT Security and Privacy

A workshop of the Symposium On Usable Privacy and Security (SOUPS)
http://cups.cs.cmu.edu/soups/2013/

For full details, please see: http://cups.cs.cmu.edu/soups/2013/risk.html

This workshop is an opportunity to bring together researchers and
practitioners to share experiences, concerns and ideas about how to
address the gap between user perception of IT risks and security /...

W2SP 2013 - Web 2.0 Security and Privacy workshop - call for participation Larry Koved (May 03)
Only three weeks until the workshop.

Call for participation!

The workshop and program chairs invite you to participate in the 7th W2SP
workshop.

The goal of this one-day workshop is to bring together researchers and
practitioners from academia and industry to focus on understanding Web
security and privacy issues, and to establish new collaborations in these
areas.

The list of this year's accepted papers / presentations can be found...

MoST 2013 - Mobile Security and Technology workshop - call for participation Larry Koved (May 03)
Three weeks until the workshop.

Call for participation!

The workshop and program chairs invite you to participate in the 2nd MoST
workshop.

Mobile Security Technologies (MoST) brings together researchers,
practitioners, policy makers, and hardware and software developers of
mobile systems to explore the latest understanding and advances in the
security and privacy for mobile devices, applications, and systems.

The list of this year's...

Breakpoint 2013 Call For Papers cfp (May 01)
Breakpoint 2013 Call For Papers
Melbourne, Australia, October 24th-25th
Intercontinental Rialto
http://www.ruxconbreakpoint.com

.[x]. Introduction .[x].

The Ruxcon team is pleased to announce Call For Papers for Breakpoint 2013.

Breakpoint showcases the work of expert security researchers from around the
world on a wide range of topics. This conference is organised by the Ruxcon
team and offers a specialised security conference to...

Re: BSIMM Diagrams Craig Heath (Apr 23)
Thanks Ivan! Unfortunately I wasn't able to look at this straight away,
and when I go to the link now I get "ME-ERR-002 Sorry, we couldn't find the
page you were looking for."

Would you be able to put it up again?

Cheers!

- Craig.

Comparing a firm's BSIMM measurement against a benchmark Iván Arce (Apr 20)
Hello

I've updated the BSIMM visualizations I posted about yesterday.

Here are two sample visualizations to compare a firm's measurement
against a benchmark ("Earth").

The first one uses the size of the boxes to indicate how prevalent is
the activity (percentage of firms where the activity was observed) and
color to indicate that the activity was observed at the firm.

http://www-958.ibm.com/v/298285

In the second treemap...

Educause Security Discussion — Securing networks and computers in an academic environment.

Re: Are you getting lots of phishing spam with links to hosts at webs[.]com? Will Froning (May 25)
Hello Bob,

I'm all in for some collective pressure. We saw jimdo and webs last week.
With finals coming up (next week), we always see an increase in phishing
this time of the semester.

abuse () aus edu goes to me.

Thanks,
Will

Re: Are you getting lots of phishing spam with links to hosts at webs[.]com? Bob Bayn (May 24)
support () jimdo com is fairly responsive. My collection of all email received here during the month of May includes
70 different phish message episodes with links to jimdo and 3 individual messages with "benign" links to jimdo - all in
mailing list messages.

Bob Bayn SER 301 (435)797-2396 IT Security Team
Office of Information Technology, Utah State University
three common hazardous email scams to watch out...

Re: Are you getting lots of phishing spam with links to hosts at webs[.]com? Thorpe, Glenn (May 24)
Ditto here (the entire story).

We were hit pretty consistently with sites from this domain during March/April. We finally started having to block
those emails at our gateway unfortunately; now they are moving towards jimdo.

Glenn Thorpe III
Asst. Director, Information Security
University of North Texas System
T: 940.369.8884
E: glenn.thorpe () untsystem edu<mailto:glenn.thorpe () untsystem edu>
[cid:D425ED7D-EBCB-4415-895D-146D90CD09F1]...

Re: Are you getting lots of phishing spam with links to hosts at webs[.]com? David Curry (May 24)
We've gotten a couple. I reported it through their "report abuse" page on
Wednesday; they finally responded today and the page has been taken down.

Re: Are you getting lots of phishing spam with links to hosts at webs[.]com? Mark Rogowski (May 24)
Funny you mention webs; I just received a complaint about a phishing site there today.

They must be getting bored with you big universities, they are now focusing on us small fry...

Mark Rogowski CISSP, CISM
IT Security / Information Security Office
University of Winnipeg
Ph: (204) 786-9034

________________________________
From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Bob Bayn...

Re: OpenDNS Users Michael Benedetto (May 24)
We've been using OpenDNS for close to 18months for our forwarder from our
internal DNS servers on recursive queries. It works great. We've had a
performance increase overall, and our malware issues have dropped over 80%
with the malware blocking we have through OpenDNS.

Michael Benedetto
Director of Information Technology and Deputy CIO
American Museum of Natural History
Central Park West at 79th Street
New York, NY 10024-5192
Voice:...

Re: OpenDNS Users Santabarbara, Angelo (May 24)
Yes the implementation is simply to add it as a forwarder on internal DNS
servers. We did consider the pay for product prior to them releasing the
"Umbrella service." I think it would be very useful for the community as
that version also blocks known malware hosting sites. Problem for us was
the budgetary cost as it is charged by total FTE count.

We really didn't have any web/application problems. The big difference was
the...

Are you getting lots of phishing spam with links to hosts at webs[.]com? Bob Bayn (May 24)
I get phish messages reported by my users. There are generally several different ones a day that have links to a
password collection web form at a host at webs[.]com. I submit a complaint about the URL to the webs[.]com report
page and they generally remove the page within a day. But phishers probably get most of their passwords within the
first day anyhow.

Six months ago, we were being phished with google spreadsheet form pages, but...

Re: OpenDNS Users Greg Schmalhofer (May 24)
I believe OpenDNS typically recommends it be added as a forwarder for any domains the internal DNS is not authoritative
for.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of
McClenon, Brady
Sent: Friday, May 24, 2013 11:27 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] OpenDNS Users

I'd add a question of "How did you implement it?" because I'm...

Re: OpenDNS Users McClenon, Brady (May 24)
I'd add a question of "How did you implement it?" because I'm curious....

Did you put OpenDNS DNS servers on your computers/devices, or did you add it as a forwarder on your internal DNS
servers for any domain they aren't authoritative for?

Brady McClenon
Senior Server Administrator
Applications Research & Development
Information Technology Services
SUNY College at Oneonta
607-436-3203

"Quotes found on the...

Re: OpenDNS Users Jesse Safran (May 24)
Open DNS and OpenDNS in this case are not one in the same. From a Paul
Vixie in the comments:

"Rather, we’re solving internet public safety problems. As long as you can
run your own recursive name server (and 85% of you who do this are using
our free BIND software to do it!), *or you can reach well-monitored open
recursive servers like google’s or opendns’s, or you can reach the
recursive dns servers operated for you by your ISP,...

Re: OpenDNS Users Mike Caudill (May 24)
Open DNS resolver != OpenDNS resolver

One refers to open recursive DNS resolution that is often unnecessary and
the other refers to a commercial DNS service.

Mike Caudill
Assistant Director, Cyber Defense and Response
Duke Medicine
Email: mike.caudill () duke edu
Phone: +1-919-668-2144 / +1 919-522-4931 (cell)

On 5/24/13 10:54 AM, "Patrick Ouellette" <ouellep () ALGONQUINCOLLEGE COM>
wrote:

Re: OpenDNS Users John Kristoff (May 24)
OpenDNS is a company (opendns.com), who so happen to in essence run an
open resolver service, but this is not what is the ISC article refers
to, the latter of which would more generically be called an open DNS
resolver. The former is a personal or business decision, the latter is
just good operational advice. A comment by Paul to the original ISC
article above also clarifies this difference.

John

Re: OpenDNS Users Patrick Ouellette (May 24)
Here's one to ponder on that question
- Why you shouldn't be operating an OpenDNS Resolver" from ISC:
https://www.isc.org/wordpress/is-your-open-dns-resolver-part-of-a-criminal-conspiracy/

Sincerely,

Patrick Ouellette
Algonquin College - School of Advanced Technology
Program Coordinator - Computer Systems Technician & Technology- Networking / Security Programs
Professor - Department of Information Technology &...

Re: OpenDNS Users Santabarbara, Angelo (May 24)
We have been using the free version of OpenDNS since October 2012. I had
used OpenDNS in my previous position outside higher ed for over two years
prior to that. We have definitely seen a major drop in compromised
accounts. OpenDNS has had a hand in this, but we also executed an
education campaign that also helped limit the number of compromised
accounts. Performance wise, we actually experienced higher levels of
performance for the initial...

Internet Issues and Infrastructure

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

Re: leasing/managed offices in London, UK with 10gbe carriers POPs? Simon Lockhart (May 25)
Unlikely to find managed offices with multiple 10GE connections. In my
experience, if they have 1GE shared between all tenants, then you're doing
well :)

That said, if you talk to the people with lots of fibre around London (Geo,
Zayo/Abovenet, Level3, etc), then you will probably find that you can pick
up a metro dark fibre hop back to one of the major datacentres for not too
much money. If you shop around carefully, you may find that...

Mail contact needed at CenturyLink.com Jay Ashworth (May 25)
The Outages list is receiving hard bounces from *some* email address hosted
at Qwest/Centurylink.

Alas, the bounce message comes from "qwestrsp () centurylink com", and neither
the headers nor the message body *identifies the invalid address*.

This does not seem to conform with best practices. :-)

If you're in responsible charge of that mail service, could you please
contact me off-list, that we might track down who it is, and...

leasing/managed offices in London, UK with 10gbe carriers POPs? Andrius Kazimieras Kasparavičius (May 25)
Hi,

I was going through this database[1] looking for office
facilities/buildings with 10gbe carriers POPs already present, but only
datacentres are listed.

My requirement is low cost 10gbe connectivity to any London
datacentre where I could either get either low-cost few racks
hosting+partial transit.. Well multiple 1gig links might be ok
too.

I am sure there are already large office blocks with multiple
10gbe carrier POPs or am I? Maybe it is...

Re: Network Research James Bensley (May 25)
I am currently undertaking a research project for a masters degree in
advanced networking, with The Open University, in the UK. I am
researching for no company. I intend to conduct the research as part
of my dissertation, then upload my dissertation containing the
research results, for all and sundry to freely read and distribute (if
it interests them!). Hopefully it will, and more importantly, I hope
it will be beneficial to someone, and an...

Re: Network Research Jeroen Massar (May 25)
Networking "research" for which organization?

Published how and where and for what purpose?

Greets,
Jeroen

Network Research James Bensley (May 25)
Hello everyone,

I am performing some research on networking at present and want the
input of the community and industry at large. I have created a small
on-line survey and would be very grateful to anyone that could give 3
minutes to fill it out. You will be benefiting networking research so
I'm sure you are all wanting to participate;

The survey is here:
https://docs.google.com/forms/d/1lqigAHYHEgLLHr2kifiyBwgJ9Nw5AFS6d_XVXfhKkTw/viewform...

Re: Geoip lookup John Curran (May 25)
Indeed. This was covered in more detail in the Policy Experience Report
given at the ARIN 31, in which it was noted that we are seeing an increase
in requests for IPv4 address space from parties who have infrastructure in
the region, but for customers entirely from outside the region. This has
resulted in a significant change in the issuance rate and therefore any
estimates for regional free pool depletion. ARIN has sought guidance from
the...

Re: ADVANCE WARNING: Google moving to 2048-bit SSL and root keys Ryan Gard (May 25)
a 2048 bit certificate as well.

Seems they also put a sandbox for testing together. That being said, they
won't confirm or deny whether or not they'll be using the same CA as they
have in the sandbox...

https://cert-test.sandbox.google.com/

Re: ADVANCE WARNING: Google moving to 2048-bit SSL and root keys Jimmy Hess (May 25)
Hm.. this might be no big deal if not for public key pinning and CA
pinning in modern browsers of certain sites, they could just get
themselves 2048 bit certificates from any CA...

So what could otherwise be a routine certificate change, may have some
unusual extra baggage attached to it -- requiring end users performing
software code update in their only slightly outdated browsers,
instead of just switching certificates, so they stop...

Re: Mailman reverting settings Grant Ridder (May 25)
Hi,

I received a couple offlist replies. To answer Phil's questions, iptables
appeared to have spiked the cpu to 100% and caused it to overload and
become unresponsive. Var was lot filled up to my knowledge.

An offlist reply suggested that if the config.pck file gets corrupted, then
mailman will revert to using an old config.db file. After doing a file
level restore of the appropriate config.pck file, the list returned to
normal....

BGP Update Report cidr-report (May 24)
BGP Update Report
Interval: 16-May-13 -to- 23-May-13 (7 days)
Observation Point: BGP Peering with AS131072

TOP 20 Unstable Origin AS
Rank ASN Upds % Upds/Pfx AS-Name
1 - AS36998 176470 7.2% 208.6 -- SDN-MOBITEL
2 - AS9829 54002 2.2% 50.4 -- BSNL-NIB National Internet Backbone
3 - AS8402 36213 1.5% 38.3 -- CORBINA-AS OJSC "Vimpelcom"
4 - AS5800 30402...

The Cidr Report cidr-report (May 24)
This report has been generated at Fri May 24 21:13:21 2013 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.

Check http://www.cidr-report.org for a current version of this report.

Recent Table History
Date Prefixes CIDR Agg
17-05-13 456674 260287
18-05-13 456618 259718
19-05-13 456593 259863...

ADVANCE WARNING: Google moving to 2048-bit SSL and root keys Jay Ashworth (May 24)
Via PRIVACY Forum:

----- Forwarded Message -----

Cheers,
-- jra

Re: High throughput bgp links using gentoo + stipped kernel Nick Khamis (May 24)
Sorry for the top post!!!

N.

Re: High throughput bgp links using gentoo + stipped kernel Nick Khamis (May 24)
+1 on the interrupt cpu assignment....

N.

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

Risks Digest 27.28 RISKS List Owner (May 17)
RISKS-LIST: Risks-Forum Digest Friday 17 May 2013 Volume 27 : Issue 28

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.28.html>
The current issue can be...

Risks Digest 27.27 RISKS List Owner (May 05)
RISKS-LIST: Risks-Forum Digest Saturday 4 April 2013 Volume 27 : Issue 27

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.27.html>
The current issue can be...

Risks Digest 27.26 RISKS List Owner (Apr 24)
RISKS-LIST: Risks-Forum Digest Tuesday 23 April 2013 Volume 27 : Issue 26

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.26.html>
The current issue can be...

Risks Digest 27.25 RISKS List Owner (Apr 19)
RISKS-LIST: Risks-Forum Digest Friday 19 April 2013 Volume 27 : Issue 25

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.25.html>
The current issue can be...

Risks Digest 27.24 RISKS List Owner (Apr 07)
RISKS-LIST: Risks-Forum Digest Sunday 7 April 2013 Volume 27 : Issue 24

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.24.html>
The current issue can be...

Risks Digest 27.23 RISKS List Owner (Mar 31)
RISKS-LIST: Risks-Forum Digest Saturday 30 March 2013 Volume 27 : Issue 23

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.23.html>
The current issue can be...

Risks Digest 27.22 RISKS List Owner (Mar 24)
RISKS-LIST: Risks-Forum Digest Saturday 23 March 2013 Volume 27 : Issue 22

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.22.html>
The current issue can be...

Risks Digest 27.21 RISKS List Owner (Mar 22)
RISKS-LIST: Risks-Forum Digest Thursday 21 March 2013 Volume 27 : Issue 21

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.21.html>
The current issue can be...

Risks Digest 27.20 RISKS List Owner (Mar 18)
RISKS-LIST: Risks-Forum Digest Monday 18 March 2013 Volume 27 : Issue 20

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.20.html>
The current issue can be...

Risks Digest 27.19 RISKS List Owner (Mar 12)
RISKS-LIST: Risks-Forum Digest Monday 11 March 2013 Volume 27 : Issue 19

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.19.html>
The current issue can be...

Risks Digest 27.18 RISKS List Owner (Mar 06)
RISKS-LIST: Risks-Forum Digest Wednesday 6 March 2013 Volume 27 : Issue 18

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.18.html>
The current issue can be...

Risks Digest 27.17 RISKS List Owner (Feb 25)
RISKS-LIST: Risks-Forum Digest Sunday 24 February 2013 Volume 27 : Issue 17

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.17.html>
The current issue can be...

Risks Digest 27.16 RISKS List Owner (Feb 14)
RISKS-LIST: Risks-Forum Digest Thursday 14 February 2013 Volume 27 : Issue 16

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.16.html>
The current issue can...

Risks Digest 27.15 RISKS List Owner (Jan 29)
RISKS-LIST: Risks-Forum Digest Tuesday 29 January 2013 Volume 27 : Issue 15

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.15.html>
The current issue can be...

Risks Digest 27.14 RISKS List Owner (Jan 23)
RISKS-LIST: Risks-Forum Digest Tuesday 22 January 2013 Volume 27 : Issue 14

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.14.html>
The current issue can be...

Data Loss — Data Loss covers large-scale personal data loss and theft incidents. This archive combines the main list (news releases) and the discussion list.

Open Source Tool Development

Metasploit — Development discussion for Metasploit, the premier open source remote exploitation tool

Re: Wmic through the windows api egypt (May 17)
Extensions should be submitted as a pull request in the meterpreter
repo: https://github.com/rapid7/meterpreter
If you have already written the ruby side, that should be a pull
request on the framework repo, with a link to the meterpreter pull
request in the description.

Thanks!
egypt

Re: Wmic through the windows api Abuse 007 (May 16)
Hi Brian,

Perhaps you need to allocate some memory in a process, write your custom
data structure there, and then make the call with a pointer/reference to
the custom data structure in the memory you allocated for it.

Cheers,
B

Ruxcon 2013 Call For Papers cfp (May 07)
Ruxcon 2013 Call For Presentations
Melbourne, Australia, October 26th-27th
CQ Function Centre
http://www.ruxcon.org.au/call-for-papers/

The Ruxcon team is pleased to announce the Call For Presentations for Ruxcon 2013.

This year the conference will take place over the weekend of the 26th and 27th
of October at the CQ Function Centre, Melbourne, Australia.

.[x]. About Ruxcon .[x].

Ruxcon is ia premier technical computer security conference...

Breakpoint 2013 Call For Papers cfp (Apr 30)
Breakpoint 2013 Call For Papers
Melbourne, Australia, October 24th-25th
Intercontinental Rialto
http://www.ruxconbreakpoint.com

.[x]. Introduction .[x].

The Ruxcon team is pleased to announce Call For Papers for Breakpoint 2013.

Breakpoint showcases the work of expert security researchers from around the
world on a wide range of topics. This conference is organised by the Ruxcon
team and offers a specialised security conference to...

Re: framework Digest, Vol 63, Issue 13 Vlad Ovtchinikov (Apr 27)
Try exploit-db.com

Sent from my iPhone

Re: framework Digest, Vol 63, Issue 13 Prabhu (Apr 27)
Hi,
I surfed privilege Esclation exploits in unix/local and linux/local
category, I found most of them works only with linux kernel 2.4 and 2.6.
But I am looking exploits for kernel 3.0 and above, could some one suggest
me a exploit to handle this.

Re: help Joshua Smith (Apr 25)
You beat me Tod, I was gonna say
$ msfconsole

but seriously man, you need to give more details.

Re: help Tod Beardsley (Apr 25)
http://ifconfig.me

Re: framework Digest, Vol 63, Issue 12 Michael Schierl (Apr 25)
Am 25.04.2013 19:59, schrieb Tod Beardsley:

Seconded.

Also, please note that a piece of shellcode is not an exploit (just like
a pinch of gunpowder is not a firearm, or like a satellite is not a
space rocket). In fact the shellcode is usually the easiest part for a
new exploit as Metasploit ships lots of them to easily integrate into
any exploit.

When you have installed Metasploit, have a look at the unix/local/ and
linux/local/ category if...

help gri sma (Apr 25)
how to use external ip on metasploit

Re: framework Digest, Vol 63, Issue 12 Tod Beardsley (Apr 25)
please don't run random blobs of shellcode you find on the internet.
It's not healthy.

That's kind of why we do Metasploit.

If you would like to start using Metasploit, please see
http://metasploit.pro and pick the right version for your needs.

Thanks!

Re: framework Digest, Vol 63, Issue 12 Prabhu (Apr 25)
Hi,

I picked a exploit from below link, and I compile it manually in test
environment. I end up with a error message stating that
error: lvalue required as left operand of assignment

http://www.shell-storm.org/shellcode/files/shellcode-548.php

Could you suggest me a shellcode to proceed.

Re: framework Digest, Vol 63, Issue 11 Prabhu (Apr 25)
Hi Tod,

Thank you for response, I'm looking at this exploit. could you help me to
sort this.

http://pastebin.com/GC824ayU

Re: framework Digest, Vol 63, Issue 11 h4lp.php () gmail com (Apr 24)
did you find somethings at exploit-db or 1337day?
and maybe you should tell what did you do and how ,more and your metasploit 's version

Prabhu <flyingcolours47 () gmail com>编写：

Re: framework Digest, Vol 63, Issue 11 Tod Beardsley (Apr 24)
Which Metasploit module is giving you trouble?

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

Extract bytes from a tvbuff_t Rion Carter (May 25)

Re: Getting "undefined symbol" with latest build from SVN Guy Harris (May 25)
You have only one "wireshark" executable image on your system, right?

If not, then:

...perhaps you have a post-r49530 binary of Wireshark that's finding a pre-r49530 binary of the libwireshark library;
r49530 introduced that routine and made the "follow SSL stream" code use it to check whether the current packet was an
SSL packet or not.

Getting "undefined symbol" with latest build from SVN Alexander Koeppe (May 25)
Hello,

since a few days, after I updated and recompiled the sources via SVN, I
get the following error when trying to start wireshark:

symbol lookup error: ../../tmp/wireshark/bin/wireshark: undefined
symbol: epan_dissect_packet_contains_field

After that, wireshark just dies with exit code 127.

I made a clean svn checkout and completely rebuilt the sources but
getting the same error when trying to start it.

Does somebody know what...

Re: build error: Can't execute /usr/bin/pod2html Christopher Maynard (May 25)
jack <jcardozo () > writes:

You might want to revisit the developer guide to be sure you haven't missed
something: http://www.wireshark.org/docs/wsdg_html_chunked/ChSetupWin32.html

Other than that,
What version of bash?
What is your OS and is it 32 or 64 bit?
What is your environment (path, etc.)?

- Chris

build error: Can't execute /usr/bin/pod2html jack (May 25)
Hello Developers,
I am able to compile all the modules except for the doc and docbook folders.
Here are my steps to identify the problem:

I open a Visual Studio Express 2010 command prompt and run the following command:

D:\projects\wireshark\doc>nmake -f Makefile.nmake
Microsoft (R) Program Maintenance Utility Version 10.00.30319.01
Copyright (C) Microsoft Corporation. All rights reserved.
bash pod2html --title="The Wireshark Network...

Re: Expert info is now filterable! Christopher Maynard (May 25)
<mmann78 () > writes:

Nice!

I was wondering about the naming convention here. proto_tree_add_text() is
for adding text that isn't filterable, but expert_add_info_format_text(),
even if temporary, would be for adding fields that are filterable. Would it
be better to use the proto* naming convention, something like:

expert_add_info -> expert_add_info_string
expert_add_info_format_text -> expert_add_info_item()

And come to...

Re: Expert info is now filterable! mmann78 (May 25)
Actually, this is where I need help as to which documentation I should update. I did a search for "expert" over the
whole Wireshark directory and none of the docs explicitly mentioned expert_add_info_format(). Most just refered to the
"expert API". I can update the doxygen comments in expert.h to indicate my plans to deprecate expert_add_info_format
in its current form, but didn't know if "an example"...

Re: tshark http -e options Shain Singh (May 25)
you can use "-e text" to grab the returned output.

tshark -G | grep http

will show you the valid http.* related filters

Re: Expert info is now filterable! Alexis La Goutte (May 25)
+1 :-)

Do you have plan to also update documentation ? (README.dev guide) and
reference template ? (packet-PROTO...c ?)

I will change "my" dissectors (ieee80211, ICMPv6, ISAKMP, CAPWAP, BGP....)

Regards

Re: Expert info is now filterable! Evan Huus (May 25)
This is fantastic and seriously useful! Major kudos :)

Cheers,
Evan

Expert info is now filterable! mmann78 (May 25)
For those of you that aren't masochists and follow the bug mailing list, I added support for "(display) filterable"
expert info. Expert info can now also be used as
a display filter. And just like the proto_tree_add_text to proto_tree_add_item conversion, there's work to be done
making all the expert info calls filterable. It
would be appreciated that if you feel responsible for a dissector (or just want to help), please...

Re: Listener (Tap) in Lua to write SSL cert bytes Rion Carter (May 24)

BOSH connections Matt Bellizzi (May 24)
Hello

I'm wondering if anyone has a good way to view XMPP traffic through a BOSH connection? Wireshark does this as BOSH
is just HTTP however the SSL decodes seem to be all over in different tabs and also the conversation is in two HTTP
connections. Thanks for any help.

Re: Listener (Tap) in Lua to write SSL cert bytes Evan Huus (May 24)
If you select the field then look in the status-bar at the bottom that will
give you the field name (looks like ssl.handshake.certificate was right the
first time).

It sounds like you don't want the value of the field, but the raw packet
bytes that the field was extracted from. I'm not sure how to do that in
Lua, hopefully somebody else will.

Evan

Re: Listener (Tap) in Lua to write SSL cert bytes Rion Carter (May 24)

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

Re: rules file doesn't work properly, no DoS or portscan detected... waldo kitty (May 25)
i've always been under the impression that one should always supply "-i
interface"...

weird... what interface does it say it is using? you should be able to find that
in the log...

Re: rules file doesn't work properly, no DoS or portscan detected... Gijs van der Velden (May 25)
There is only one interface on the system so I left it as not set, but when I set it the same thing happens.

I don't get it since snort is actually capturing packets as well, but maybe its only capturing outgoing packets?

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based...

How to use alertAdd to generate a "variable" alert message? Hai Minh Nguyen (May 25)
Hi,

I'm using _dpd.alertAdd to raise an alert in my dynamic preprocessor. But I
face a problem:

I ran this code:

char alert[256];
double score = MyFunction();
sprintf(alert, "Alert: Score = %lf", score);
_dpd.alertAdd(DPX_GID, DPX_DST_SID, 1, 0, 3, alert, 0);

I'm using 2 output modules to check it: alert_fast and unified2 (to mysql
by barnyard2). I checked the result in alert_fast output file but it didn't
show the...

Re: [Dynamic Preprocessor] How to log packet and output alert: genSnortEvent or alertAdd? Hai Minh Nguyen (May 25)
Thank you Russ. My problem has been solved.

Re: rules file doesn't work properly, no DoS or portscan detected... waldo kitty (May 25)
what interface are you trying to have snort watch?

Re: rules file doesn't work properly, no DoS or portscan detected... Gijs van der Velden (May 25)
I just started snort with:

snort -c D:\Snort\etc\snort.conf -l D:\Snort\log -T –daq pcap

And it came up with the error active response: can't open ip!
Maybe this is the cause of the problem?

From: gijsvandervelden () live nl
To: snort-users () lists sourceforge net
Subject: RE: [Snort-users] rules file doesn't work properly, no DoS or portscan detected...
Date: Sat, 25 May 2013 01:08:48 +0200

Yes, snort does detect all the...

Re: Binary log capture looks incomplete. waldo kitty (May 25)
each rule that gets triggered has the packet(s) that triggered it logged... this
is not a bug or error...

Re: Binary log capture looks incomplete. beenph (May 25)
Do you want to log in unified2 format or tcpdump format?

If you want unified2 do not use -A fast or -b at the command line level :)

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers...

Re: classification.config regression? waldo kitty (May 25)
[trim]

easier would be to modify your classification.config file ;)

FWIW: we only update ours when new classifications are added...

Re: new rule waldo kitty (May 25)
is that mininova reference to an actual reference link concerning the rule
and/or its contents or it is a link to a site that provides torrent connections
or torrent catalog links?

ideally, reference links will be to pages with information concerning the rule
and why it was written...

classification.config regression? Gregory S Thomas (May 24)
The classification.config file in the snort source tarball changed in 2.9.4.5 (and 2.9.4.6 has the same one as
2.9.4.5). Most of the changes are simply in capitalization, but it also removes 3 classifications that were introduced
in 2.9.1 (file-format, malware-cnc, and client-side-exploit):

shell> diff snort-2.9.4.1/etc/classification.config snort-2.9.4.5/etc/classification.config
47,54c47,54
< config classification:...

Re: rules file doesn't work properly, no DoS or portscan detected... Gijs van der Velden (May 24)
Yes, snort does detect all the packets.
There is only one interface on the system.

The config looks like:

#--------------------------------------------------
# VRT Rule Packages Snort.conf
#
# For more information visit us at:
# http://www.snort.org Snort Website
# http://vrt-blog.snort.org/ Sourcefire VRT Blog
#
# Mailing list Contact: snort-sigs () lists sourceforge net
# False Positive reports:...

Re: Rule Management UI Michael Steele (May 24)
Not Windows compatible, as far as I know.

Best regards,

Michael...

WINSNORT.com Management Team Member

Re: rules file doesn't work properly, no DoS or portscan detected... Joel Esler (May 24)
Are you receiving any packets on the interface that Snort is sniffing?
Are you sniffing the right interface?
What does your snort.conf look like?
What does your Snort startup command line look like?
What output do you get when you run that command?

Re: Rule Management UI Dustin Webber (May 24)
Just curious. Why would you run an IDS on window. If you meant pushing data into BASE remotely. Why would you run a web
server on windows.

Not a troll is there a performance reason?

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics....

OpenVAS — Development and announcements regarding OpenVAS, a free network security scanner which forked from Nessus. This is a combination of the English openvas-announce, openvas-devel, openvas-discuss, and openvas-plugins lists.

Fwd: After ip Address change error for admin user get_many:900 (GSA 4.0.0) Ivan Rodriguez (May 25)
Internal error: get_many:900 (GSA 4.0.0)

An internal error occurred while getting the filter list. The current list
of filters is not available. Diagnostics: Failure to receive response from
manager daemon.

Dear List,

We changed the ip address for our openvas server, after that the error
above is appearing on the GSA for the user admin which has
all the settings attached to it, tasks targets notes etc, we are doing
snapshots on this vm, so we...

task configuration reset when editing Paula Gonzalez Muñoz (May 24)
hello,

Yesterday I tried to edit a task and i noticed that when you click on the
edit button the target and the scan configured are reseted to "localhost"
and "empty" respectively. Is this a desired behavior or is it a bug?

Regards,
Paula

question about filters Paula Gonzalez Muñoz (May 24)
Hello,

when I run a task for multiple ips and I select all threat levels to be
shown (high, medium, low, log and false positive) I only get the full
report for the first, the others only show information until the low level
but nothing about logs and false positives. Is there any way to set it so I
see everything using the filter tool?

Regards,
Paula

Re: cli not building Michael Wiegand (May 24)
* btb [23. May 2013]:

You are not doing anything wrong, but your compiler warns you about the
possible use of what it thinks are uninitialized variables.

Warnings are treated as error when building in the (default) "Debug"
build type and thus break your build process. You can change this
behaviour by adding a "-DCMAKE_BUILD_TYPE=Release" to your cmake call.

Alternatively, you could try building with the attached patch,...

cli not building btb (May 23)
from revision 16442

-- Configuring openvas-cli ...
-- The C compiler identification is GNU 4.7.3
-- Check for working C compiler: /usr/bin/cc
-- Check for working C compiler: /usr/bin/cc -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Found PkgConfig: /usr/bin/pkg-config (found version "0.26")
-- Install prefix: /opt/openvas
-- checking for module 'libopenvas>=6.0.0'
-- found...

Re: SVN trunk: Breaking openvas-administrator btb (May 23)
ah, of course. that was silly of me to find the db file but not look in it. i assumed based on filename.

thanks
-ben

Re: openvasmd using all CPU YanQian (May 23)
Hi,Paula,

Yes, same logs here,

base gpgme:MESSAGE:2013-05-23 00h15.03 CST:29860: Setting GnuPG homedir to '/etc/openvas/gnupg'
base gpgme:MESSAGE:2013-05-23 00h15.03 CST:29860: Using OpenPGP engine version '2.0.14'
md crypt: INFO:2013-05-23 00h15.03 CST:29860: starting key generation ...
md main:WARNING:2013-05-22 16h19.01 utc:29810: cleanup_manage_process: attempt to close db with open statement(s)

regards,
YanQian...

Re: SVN trunk: Breaking openvas-administrator btb (May 23)
this seems to now be working:

openvas-check-setup 2.2.2
Test completeness and readiness of OpenVAS-7

Step 1: Checking OpenVAS Scanner ...
OK: OpenVAS Scanner is present in version 4.0+beta1.
OK: OpenVAS Scanner CA Certificate is present as /opt/openvas/var/lib/openvas/CA/cacert.pem.
OK: NVT collection in /opt/openvas/var/lib/openvas/plugins contains 30717 NVTs.
OK: Signature checking of NVTs is enabled in...

SVN trunk: breaking scanner users directory. Jan-Oliver Wagner (May 23)
Hi,

I just removed the handling of the "users" directory.

The only thing you need to do is to get the dname
properly placed again. Either

cp /var/lib/openvas/users/om/auth/dname /var/lib/openvas/dname

or

openvas-mkcert-client -n -i

will do the job.

If you are using .auth.conf, then you need to copy this as well:

cp /var/lib/openvas/users/.auth.conf /var/lib/openvas/auth.conf

In case you experience any other sort of problem,...

Re: SVN trunk: Breaking openvas-administrator Hani Benhabiles (May 23)
Hi,

You are probably looking for the users table in tasks.db.

$ sqlite3 /usr/var/lib/openvas/mgr/tasks.db "SELECT * FROM users;"

That is the DB where most Manager data is stored (beside secinfo stuff
like cpe, cve, dfn cert etc,. which are in the other two DBs.)

Cheers,

Hani.

Re: SVN trunk: Breaking openvas-administrator Jan-Oliver Wagner (May 22)
Am Montag 20 Mai 2013 22:40:06 schrieb btb:

openvas-check-setup:

I've comitted new version 2.2.2 of openvas-check-setup.
Please try it.

The user tests are currently missing. As Matt pointed out, it is work in
progress.

Re: openvasmd using all CPU Paula Gonzalez Muñoz (May 22)
Hi YanQian,

do you have the same message I got at openvasmd.log?

Regards,
Paula

2013/5/22 YanQian <yankaiqian () live cn>

Re: openvasmd using all CPU YanQian (May 22)
Hi, Paula,

I tried the way you said in RHEL6, start openvas-manager without "--disable-encrypted-credentials", but CPU usuage
still rise to 99% when I run omp command to add credentials (could not finish, just hang there).
so it didn't work for me.

regards,YanQian

Date: Tue, 21 May 2013 11:05:50 +0200
Subject: Re: [Openvas-discuss] openvasmd using all CPU
From: p.gonmu () gmail com
To: yankaiqian () live cn
CC: openvas-discuss...

Re: SVN trunk: Breaking openvas-administrator btb (May 22)
experimenting a bit with another computer running version 6, i can see with strace that maybe there is an sqlite db
somewhere for this:

[...]

open("/usr/lib/x86_64-linux-gnu/libsqlite3.so.0", O_RDONLY|O_CLOEXEC) = 3

[...]

but i'm not able to see it open a file. i only see three databases so far in my poking around:

var/lib/openvas/cert-data/cert.db
var/lib/openvas/scap-data/scap.db
var/lib/openvas/mgr/tasks.db

but nothing...

Re: SVN trunk: Breaking openvas-administrator btb (May 22)
i'm familiar with var/lib/openvas/users/, but i gather this is not what is meant by the db? where can i read about
inserting a user into the db by hand?

-ben

More Lists

Related Resources

We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.