Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

[no subject] istanbul istanbul (Aug 14)

Re: Nmap Defcon Dinner Invitation! TONIGHT! Phil Young (Aug 11)
Is it too late to get in to dinner

Re: Re: New script for brute-force discovery passwords and users in CMS Made Simple in version 2.2.6 Artur Kielak (Aug 11)
Hi George

Thanks for feedback. Sorry for answering so late.

CMS Made Simple after first request(post) return with specific cookies that are needed to second request (get) and then
if we have response containing specific pattern then we could say that login is success.
I tested http-form-brute for made simple but it works differently from http-cmsmadesimple-brute.nse. In second request
(get) must add specific cookie and append to request(get)...

Re: Halcyon - An IDE for NSE development Sanoop Thomas (Aug 11)
Thanks David for the shout out. Means a lot :-)

If anyone is here, ping me up. I'm more than happy to meet up and discuss
about how I can improvise the tool and help nse dev community.

Happy Defcon

Re: Problem with writing NSE scripts in Lua Gisle Vanem via dev (Aug 11)
J A wrote:

No, I do not think so. In an "external run" of Lua, a 'require "nmap"'
would mean load a dynamic library call nmap.so / nmap.dll. Alternatively
a 'nmap.lua' that does similar things.

Since Nmap has created such a module (or package?) internally for
itself, it's not needed by a 'require' externally. Could be a hazard
if this was possible. Ref, nse_mainc.cc + init_main() that calls...

Nmap Defcon Dinner Invitation! TONIGHT! Fyodor (Aug 11)
Hey folks! Sorry it is last minute, but we're hosting an Nmap developer
dinner tonight at 6:30pm and I wanted to invite any community members who I
might not already know are here at Defcon. The dinner is at 6:30pm TODAY
(Saturday), and the only qualifying rule is that you have to be listed at
least once on the Nmap Changelog (https://nmap.org/changelog.html).

Let me know if you can make it and I'll send you the full details. Please...

Problem with writing NSE scripts in Lua J A (Aug 11)
Hello,

I'm trying to use Lua to develop NSE scripts and other programs using
nmaps' collection of Lua files (e.g. stdnse.lua).
However, every time I go to import/load/*require* a particular file or
module so I can use its functions, I keep running into the errors around
the existence of nmap.lua.
I have installed, multiple times, the latest version of nmap from GitHub,
and copied the contents of the nselib directory to the appropriate...

Re: Halcyon - An IDE for NSE development David Fifield (Aug 10)
For those at Def Con, I noticed Sanoop is scheduled to do a demo of
Halcyon tomorrow (Saturday 2018-08-11) starting at 10:00.
https://defcon.org/html/defcon-26/dc-26-demolabs.html#Halcyon

[NSE] RFC: range in ipOps.lua nnposter (Jul 29)
Providing visibility into a proposed change in ipOps.lua: "range" that
is specified via CIDR notation would be treated as starting with the
first IP address of the corresponding CIDR block, not with the IP
address in the CIDR expression.

Details at https://github.com/nmap/nmap/issues/1285

Please let me know if you have any concerns over the change.

Cheers,
nnposter

(Ze)nMap 7.70 crash TyW (Jul 29)

Questions about Building a Standalone Ncat Portable for Windows Kary Hui (Jul 29)
Hi Developer,

I follow the steps as mentioned in "Building Ncat Portable for
Windows" (*https://secwiki.org/w/Nmap/Ncat_Portable
<https://secwiki.org/w/Nmap/Ncat_Portable>)*. However, I cannot build a
standalone Ncat. Since I am new to Visual Studio, if you find that
following steps do not make sense, please do let me know.

1) For your information, Visual Studio Express 2013 for Desktop is used.
The source codes of Nmap are...

Intel(R) Dual Band Wireless-AC 8265 does not support monitor mode Gunnar Guðvarðarson via dev (Jul 29)
Caption : [00000003] Intel(R) Dual Band Wireless-AC 8265
GUID : {83559A66-B303-48E9-88C3-5649045A4BE0}
Index : 3
InterfaceIndex : 13
Manufacturer : Intel Corporation
NetConnectionID : WiFi
PNPDeviceID :
PCI\VEN_8086&DEV_24FD&SUBSYS_00508086&REV_78\4&60CEE17&0&00E2

Error: SetWlanOperationMode::SetInterface error, error code = 50 (The
request is not supported)
Failure

I'm on...

PR#1172 for Issue #1088: "Zenmap (as root) not working" Sameer Shaikh (Jul 29)
Hello there!

It's been quite some time since I submitted my PR for issue #1088:
https://github.com/nmap/nmap/pull/1172

It hasn't received any comments. I'd really appreciate if someone could
check it out and suggest changes. If this patch is good enough, I'd like to
see it being merged into the main branch.

Re: Extremley low throughput of ncat Daniel Miller (Jul 18)
Dragan,

Thanks for the report. We have an old report of this on our tracker at
http://issues.nmap.org/1026, where the user reported the slowness began in
Ncat 6.45, and using Ncat 6.40 as the sender avoided the issue. Apart from
that, we have http://issues.nmap.org/1025, which is for optimizing the
socket read and write buffer sizes; fast networks ought to be able to
handle larger buffers, but we use a fixed size.

Dan

On Tue, Jul 17, 2018 at...

Extremley low throughput of ncat Dragan Randjelovic (Jul 17)

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.

• Current Year
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Nmap 7.70 released! Better service and OS detection, 9 new NSE scripts, new Npcap, and much more. Fyodor (Mar 20)
Nmap Community,

We're excited to make our first Nmap release of 2018--version 7.70! It
includes hundreds of new OS and service fingerprints, 9 new NSE scripts
(for a total of 588), a much-improved version of our Npcap windows packet
capturing library/driver, and service detection improvements to make -sV
faster and more accurate. And those are just a few of the dozens of
improvements described below.

Nmap 7.70 source code and binary...

Nmap GSoC 2017 Success Reports Fyodor (Oct 10)
Hello Nmap Community,

Nmap celebrated its 20th birthday last month and we also just completed our
13th Google Summer of Code. We focused on a fairly small team of four
students this year (http://seclists.org/nmap-announce/2017/2), and I'm
happy to report that every one passed! And they all have code integrated
into Nmap 7.60 already, with even more to follow for the next release.
Also this year, for the first time, every student wrote a...

Nmap 7.60 released! SSH support, SMB2/SMB3 improvements, 14 more scripts, new Npcap, GSoC work, and more Fyodor (Aug 01)
Hello everyone. I'm back from Defcon and excited to announce the new Nmap
7.60 release! It has only been a month and a half since 7.50, but we still
packed a lot into this one. Mostly because we have such an awesome GSoC
team of 8 students and mentors working on so many cool projects. The
program hasn't even ended yet, but much of their work has already been
integrated into this release.

One of the things I'm most excited...

Nmap 7.50 Released! 14 new NSE scripts, 300+ fingerprints, new Npcap, and more Fyodor (Jun 13)
Dear Nmap Community:

The Nmap project is delighted to announce the release of Nmap 7.50! It is
our first big release since last December and has hundreds of improvements
that we hope you will enjoy.

One of the things we have been worked the hardest on recently is our Npcap
packet capturing driver and library for Windows (https://nmap.org/npcap/).
It is a replacement for WinPcap, which served us well for many years, but
is no longer maintained....

Introducing the 2017 Nmap/Google Summer of Code Team! Fyodor (May 18)
Nmap community:

Thanks for all of your applications and referrals of talented students to
the Summer of Code program. Google has agreed to sponsor four students to
spend this summer enhancing the Nmap Security Scanner and I'm proud to
introduce our 2017 team! We normally mentor coders working all over the
Nmap/Zenmap/Ncat/Nping spectrum, but this year we're doubling down on the
Nmap Scripting Engine component. All four of our...

Nmap Project Seeking Talented Programmers for GSoC 2017 Fyodor (Mar 27)
Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're one...

Nmap GSoC 2016 Success Report Fyodor (Feb 07)
Happy belated new year from the Nmap Project! I'd like to take this
opportunity to send you the belated results from our 2016 Summer of Code
team. I was going to send them right after the program finished, but some
of the students were still finishing some great things so I decided to
wait. As you may recall from the team intro mail (
http://seclists.org/nmap-announce/2016/2), we had 5 students last year and
I'm happy to report that...

Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

• Current Month
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Re: Full Disclosure - Responsive File Manager Henri Salo (Aug 13)
This seems to be fixed in RFM 9.13.3 according to changelog.txt "fix
vulnerability that permits to see server files", which was released 2018-08-04.
Didn't manually verify.

[CONVISO-18-001] - Nasdaq BWise JMX/RMI RCE Anibal Aguiar (Aug 13)
[CONVISO-18-001] - Nasdaq BWise JMX/RMI RCE

1. Advisory Information
Conviso Advisory ID: CONVISO-18-001
CVE ID: CVE-2018-11247
CVSS v2: CVSS v2: 8.8,(AV:N/AC:M/Au:N/C:C/I:C/A:N)
Date: 16/05/2018

2. Affected Components
Nasdaq BWise 5.0 JMX/RMI interface

3. Description
Nasdaq BWise 5.0, through its default installation, use an JMX/RMI
interface (SAP BO Component)
without authentication on port 81/TCP.
This...

SOC Battle - ARE YOU READY FOR AN EXTRAORDINARY CTF? Mustafa Kaan Demirhan (Aug 10)
SOC Battle is a CTF (Capture the Flag) competition which is organizing
by Prisma
CSI <https://www.prismacsi.com/> and it is prepared for the SOC teams all
over the world. It is completely free to join. Purpose of the competition
is taking SOC teams to higher levels and give them a chance to compare
themselves with the other SOC teams on all over the world through scenario
based questions.

Only defence based questions will be included in...

Full Disclosure - Responsive File Manager Silton Renato (Aug 08)
Responsive Filemanager v 9.13.1 [1]
Author: Silton Santos

=====[ Table of Contents ]===================================
* Overview
* Detailed description
* Timeline of disclosure
* Thanks & Acknowledgements
* References

=====[ Overview ]===================================

* System affected : Responsive Filemanager
* Software Version : 9.13.1 (other versions may also be affected).
* Impact : Get sensitive files from the server.

=====[...

CVE-2018-12090 - LAMS < 3.1 Unauthenticated Cross-Site Scripting Nikola Kojic (Aug 07)
# Exploit Title: LAMS < 3.1 - Unauthenticated Reflected XSS
# Date: 2018-08-06
# Exploit Author: Nikola Kojic
# Website: https://ras-it.rs/
# Vendor Homepage: https://www.lamsfoundation.org/
# Software Link: https://www.lamsfoundation.org/downloads_home.htm
# Category: Web Application
# Platform: Java
# Version: < 3.1
# CVE : 2018-12090

1. Vendor Description:
LAMS is a revolutionary new tool for designing, managing and delivering
online...

Executable installers are vulnerable^WEVIL (case 56): arbitrary code execution WITH escalation of privilege via rufus*.exe Stefan Kanthak (Aug 03)
Hi @ll,

like their predecessors, the recently (2018-05-29, 2018-06-19)
published versions 3.0 and 3.1 of "Rufus" are riddled with bloody
beginners errors, which ALL allow arbitrary code execution WITH
escalation of privilege, in MULTIPLE ways.

JFTR: to support and ease further attacks, this crap is built
without ASLR and without stack cookies/canaries!
<https://msdn.microsoft.com/en-us/library/bb430720.aspx>...

CVE-2018-14857 (Unrestricted File Upload (RCE) in OCS Inventory NG Webconsole before 2.5) Simon Uvarov via Fulldisclosure (Aug 03)
# Title
Unrestricted File Upload (RCE) in OCS Inventory NG Webconsole before 2.5

#Reserved CVE
CVE-2018-14857

# Vulnerability Overview
OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template
file containing PHP code, because file extensions other than .html are permitted.

# Discovered By
Simon Uvarov

# Vendor Status
Fixed.

# Vulnerability Details
The following request saves the...

DSA-2018-112: Dell EMC Data Protection Advisor XML External Entity Vulnerability Dell EMC Product Security Response Center (Aug 03)
DSA-2018-112: Dell EMC Data Protection Advisor XML External Entity Vulnerability

Dell EMC Identifier: DSA-2018-112
CVE Identifier: CVE-2018-11048
Severity: High
Severity Rating: CVSS v3 Base Score: 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)

Affected products:
Dell EMC Data Protection Advisor 6.2,
Dell EMC Data Protection Advisor 6.3,
Dell EMC Data Protection Advisor 6.4 prior to patch B180,
Dell EMC Data Protection Advisor 6.5 prior to patch...

Executable installers are vulnerable^WEVIL (case 55): escalation of privilege with VMware Player 12.5.9 Stefan Kanthak (Aug 02)
Hi @ll,

the executable installer of VMware Player 12.5.9, published in
January 2018, available from
<https://download3.vmware.com/software/player/file/VMware-player-12.5.9-7535481.exe>,
is vulnerable.

JFTR: VMware Player 12.5.9 is the last version which runs on
32-bit Windows, and the last to support older CPUs.

Although running with administrative privileges (its embedded
application manifest specifies...

CVE-2016-7085 NOT fixed in VMware-player-12.5.9-7535481.exe Stefan Kanthak (Aug 02)
Hi @ll,

on February 13, 2016, I sent a vulnerability report regarding the
then current executable installer of VMware-player 7.1.3 to its
vendor.

On September 14, 2016, VMware published
<http://blogs.vmware.com/security/2016/09/vmsa-2016-0014.html> and
<http://www.vmware.com/security/advisories/VMSA-2016-0014.html>

I was NOT AMUSED that it took 7 month to fix this beginner's error.

In January 2018, VMware published...

(CVE-2018-13417) Out-of-Band XXE in Vuze Bittorrent Client Chris (Aug 02)
Issue: Out-of-Band XXE in Vuze Bittorrent Client's SSDP Processing
Reserved CVE: CVE-2018-13417

# Vulnerability Overview
The XML parsing engine for Vuze Bittorrent Client's SSDP/UPNP functionality is vulnerable to an XML External Entity
Processing (XXE) attack. Unauthenticated attackers on the same LAN can use this vulnerability to:

- Access arbitrary files from the filesystem with the same permission as the user account running...

(CVE-2018-13415) Out-of-Band XXE in Plex Media Server Chris (Aug 02)
Issue: Out-of-Band XXE in Plex Media Server's SSDP Processing
Reserved CVE: CVE-2018-13415

# Vulnerability Overview
The XML parsing engine for Plex Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity
Processing (XXE) attack. Unauthenticated attackers on the same LAN can use this vulnerability to:

- Access arbitrary files from the filesystem with the same permission as the user account running Plex.
-...

CA20180802-01: Security Notice for CA API Developer Portal Kotas, Kevin J (Aug 02)
CA20180802-01: Security Notice for CA API Developer Portal

Issued: August 2, 2018
Last Updated: August 2, 2018

CA Technologies Support is alerting customers to a potential risk
with CA API Developer Portal. A medium risk vulnerability exists that
can allow a remote attacker to conduct reflected cross-site scripting
attacks. CA published solutions to address the vulnerability.

The vulnerability, CVE-2018-6590, occurs due to insufficient...

Out-of-Band XXE in Universal Media Server's SSDP Processing Chris (Jul 31)
Issue: Out-of-Band XXE in Universal Media Server's SSDP Processing
Reserved CVE: CVE-2018-13416

# Vulnerability Overview
The XML parsing engine for Universal Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity
Processing (XXE) attack. Unauthenticated attackers on the same LAN can use this vulnerability to:

- Access arbitrary files from the filesystem with the same permission as the user account running UMS....

Integer overflow in SunContract 姚志华 (Jul 27)
I have found an integer overflow in mintTokens,the supply variable could overflow,because of the _amount variable is
controlled by us and can eventually cause supply overflow to zero.

vuln code:

function mintTokens(address _to, uint256 _amount) {
if (msg.sender != icoContractAddress) throw; // Only ICO address can mint tokens
if (restrictedAddresses[_to]) throw; // Throw if user wants to...

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

• Current Month
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Defense in depth -- the Microsoft way (part 57): all the latest MSVCRT installers allow escalation of privilege Stefan Kanthak (Aug 14)
Hi @ll,

about 6 weeks ago, Microsoft updated their MSKB article
<https://support.microsoft.com/en-us/help/2977003/the-latest-supported-visual-c-downloads>,
listing the current/lastest downloads of their MSVCRT alias
Microsoft Visual C++ Redistributable for Visual Studio 201x

Guess what Microsoft used to build the executable installers
offered on that page: COMPLETELY outdated versions 3.7.3813.0
(and before) of Wix Toolset, which NOBODY...

X41 D-Sec GmbH Security Advisory X41-2018-005: Multiple Vulnerabilities in Apple smartcardservices X41 D-Sec GmbH Advisories (Aug 14)
X41 D-Sec GmbH Security Advisory: X41-2018-005

Multiple Vulnerabilities in Apple smartcardservices
===================================================

Overview
--------
Confirmed Affected Versions: e3eb96a6eff9d02497a51b3c155a10fa5989021f
Confirmed Patched Versions: 8eef01a5e218ae78cc358de32213b50a601662de
Vendor: Apple
Vendor URL: https://smartcardservices.github.io/
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL:...

X41 D-Sec GmbH Security Advisory X41-2018-002: Multiple Vulnerabilities in OpenSC X41 D-Sec GmbH Advisories (Aug 14)
X41 D-Sec GmbH Security Advisory: X41-2018-002

Multiple Vulnerabilities in OpenSC
==================================

Overview
--------
Confirmed Affected Versions: 0.18.0
Confirmed Patched Versions: possibly 0.19.0
Vendor: OpenSC
Vendor URL: https://github.com/OpenSC/OpenSC
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/

Summary and Impact
------------------...

X41 D-Sec GmbH Security Advisory X41-2018-003: Multiple Vulnerabilities in pam_pkcs11 X41 D-Sec GmbH Advisories (Aug 14)
X41 D-Sec GmbH Security Advisory: X41-2018-003

Multiple Vulnerabilities in pam_pkcs11
======================================

Overview
--------
Confirmed Affected Versions: 0.6.9
Confirmed Patched Versions: -
Vendor: Unmaintained
Vendor URL: https://github.com/OpenSC/pampkcs11
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL:
https://www.x41-dsec.de/lab/advisories/x41-2018-003-pampkcs11/

Summary and Impact
------------------...

X41 D-Sec GmbH Security Advisory X41-2018-004: Multiple Vulnerabilities in Yubico libykneomgr X41 D-Sec GmbH Advisories (Aug 14)
X41 D-Sec GmbH Security Advisory: X41-2018-004

Multiple Vulnerabilities in Yubico libykneomgr
==============================================

Overview
--------
Confirmed Affected Versions: 0.1.9
Confirmed Patched Versions: -
Vendor: Yubico / Depreciated
Vendor URL: https://www.yubico.com/
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL:
https://www.x41-dsec.de/lab/advisories/x41-2018-004-libykneomgr/

Summary and Impact...

X41 D-Sec GmbH Security Advisory X41-2018-001: Multiple Vulnerabilities in Yubico Piv X41 D-Sec GmbH Advisories (Aug 14)
X41 D-Sec GmbH Security Advisory: X41-2018-001

Multiple Vulnerabilities in Yubico Piv
======================================

Overview
--------
Confirmed Affected Versions: 1.5.0
Confirmed Patched Versions: 1.6.0
Vendor: Yubico
Vendor URL: https://www.yubico.com/
Vendor Advisory URL: https://www.yubico.com/support/security-advisories
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL:...

[SECURITY] [DSA 4271-1] samba security update Salvatore Bonaccorso (Aug 14)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4271-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
August 14, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : samba
CVE ID : CVE-2018-10858 CVE-2018-10919...

ASUSTOR NAS ADM - 3.1.0 Remote Command Execution, SQL Injections kyle Lovett (Aug 14)
Product - ASUSTOR ADM - 3.1.0.RFQ3 and all previous builds
Vendor - https://www.asustor.com/
Patch Notes - http://download.asustor.com/download/docs/releasenotes/RN_ADM_3.1.3.RHU2.pdf

Issue: The Asustor NAS appliance on ADM 3.1.0 and before suffer from
multiple critical vulnerabilities. The vulnerabilities were submitted
to Asustor in January and February 2018. Several follow-up requests
were made in an attempt to obtain vendor acknowledgement,...

[SECURITY] [DSA 4267-1] kamailio security update Salvatore Bonaccorso (Aug 08)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4267-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
August 08, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : kamailio
CVE ID : CVE-2018-14767

Henning...

[CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2 Joachim De Zutter (Aug 08)
CVE ID: CVE-2018-12584

TIMELINE

Bug report with test code sent to main reSIProcate developers: 2018-06-15
Patch created by Scott Godin: 2018-06-18
CVE ID assigned: 2018-06-19
Patch committed to reSIProcate repository: 2018-06-21
Advisory first published on website: 2018-06-22
Advisory sent to Bugtraq mailing list: 2018-08-08

DESCRIPTION

A heap overflow can be triggered in the reSIProcate SIP stack when TLS is
enabled....

CA20180802-01: Security Notice for CA API Developer Portal Kotas, Kevin J (Aug 08)
CA20180802-01: Security Notice for CA API Developer Portal

Issued: August 2, 2018
Last Updated: August 2, 2018

CA Technologies Support is alerting customers to a potential risk
with CA API Developer Portal. A medium risk vulnerability exists that
can allow a remote attacker to conduct reflected cross-site scripting
attacks. CA published solutions to address the vulnerability.

The vulnerability, CVE-2018-6590, occurs due to insufficient...

[CVE-2018-14429] man-cgi < 1.16 Local File Include eL_Bart0 (Aug 08)
man-cgi before 1.16 allows Local File Inclusion via absolute path traversal. If an Attacker provides a Filename as a
Parameter (e.g. https://example.org/cgi-bin/man-cgi?/etc/passwd) the Script will read and return the local file. This
is happening because of the way the Script calls the "man" command. Tests have shown that "man /some/random/file"
(depending on it's configuration) will first try to locate a manual...

WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006 Michael Catanzaro (Aug 08)
------------------------------------------------------------------------
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006
------------------------------------------------------------------------

Date reported : August 07, 2018
Advisory ID : WSA-2018-0006
WebKitGTK+ Advisory URL :
https://webkitgtk.org/security/WSA-2018-0006.html
WPE WebKit Advisory URL :...

New VMSA-2018-0019 - Horizon 6, 7, and Horizon Client for Windows updates address an out-of-bounds read vulnerability VMware Security Response Center (Aug 08)
----------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2018-0019
Severity: Important
Synopsis: Horizon 6, 7, and Horizon Client for Windows updates
address an out-of-bounds read vulnerability
Issue date: 2018-08-07
Updated on: 2018-08-07 (Initial Advisory)
CVE number: CVE-2018-6970

1. Summary

Horizon 6, 7, and Horizon Client for Windows updates address an...

FreeBSD Security Advisory FreeBSD-SA-18:08.tcp FreeBSD Security Advisories (Aug 06)
=============================================================================
FreeBSD-SA-18:08.tcp Security Advisory
The FreeBSD Project

Topic: Resource exhaustion in TCP reassembly

Category: core
Module: inet
Announced: 2018-08-06
Credits: Juha-Matti Tilli <juha-matti.tilli () iki fi> from...

Security Basics — A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

[HITB-Announce] HITBGSEC2018 CFP - Final Call Hafez Kamal (Apr 26)
FINAL CALL!!

The Call for Papers for the HITB GSEC 2018 Singapore is now open!

Call for Papers: https://gsec.hitb.org/call-for-papers/
Event Website: https://gsec.hitb.org/sg2018/

HITB GSEC is a three-day security conference where attendees
get to vote on the final agenda of talks. Attendees can also opt to be
introduced to speakers and each other based on the votes they cast.

Held at the Intercontinental Singapore from August 27th till the...

Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

44CON 2018 - 12th-14th September, London (UK) Steve (Feb 28)
44CON 2018 is the UK's best annual Security Conference and Training event. The conference spans 2.5 days with training
on the 10th and 11th of September, a free evening event on the 12th of September, and a full two-day conference on the
13th and 14th of September. The event takes place at the ILEC Conference Centre near Earls Court, London. 44CON 2018
includes catering, private bus bar and Gin O'Clock breaks. Early Bird discounted...

RootedCON Security Conference - 1-3 March, Madrid (Spain) omarbv (Feb 11)
On the occasion of the ninth edition of RootedCON, the most important
computer security conference in the country, around 2,000 hackers will
meet to discuss new questions and researchs about the cybersecurity
world, with its risks and threats. National and international experts
have included in their agendas this mandatory appointment to discuss new
vulnerabilities, viruses, and other threats, they will also talk about
countermeasures in order...

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Newly Fired CEO Of Norse Fires Back At Critics InfoSec News (Feb 05)
http://www.darkreading.com/threat-intelligence/newly-fired-ceo-of-norse-fires-back-at-critics-/d/d-id/1324195

By Jai Vijayan
DarkReading.com
2/4/2016

Critics maintain that Norse Corp. is peddling threat data as threat
intelligence.

A massive and potentially company-ending shakeup at security vendor Norse
Corp. in recent weeks amid controversy over its practices may be a signal
that the threat intelligence industry is finally maturing....

How to secure containers and microservices InfoSec News (Feb 05)
http://www.infoworld.com/article/3029772/cloud-computing/how-to-secure-containers-and-microservices.html

By Jim Reno
InfoWorld.com
Feb 4, 2016

A few weeks ago on a Saturday morning I tried to pay a medical bill online
and received the following message:

Sorry! In order to serve you better, our website will be down for
scheduled maintenance from Friday 6:00 PM to Sunday 6:00 PM.

OK, I get it. Stuff happens. However, the following week I...

The Former Federal Employee Who Tried to Launch a Cyberattack on Nuclear Scientists InfoSec News (Feb 05)
http://www.nextgov.com/cybersecurity/2016/02/former-federal-employee-who-tried-launch-cyberattack-nuclear-scientists/125694/

By Kaveh Waddell
The Atlantic
February 4, 2016

A nuclear scientist formerly employed by the federal government admitted
Tuesday that he tried to infect the computers of about 80 government
employees whom he believed had access to nuclear materials and weapons.

According to court documents released by the Justice...

New centre to help Singapore boost cyber security InfoSec News (Feb 05)
http://www.straitstimes.com/singapore/new-centre-to-help-spore-boost-cyber-security

By Lim Yan Liang
The Straits Times
Feb 4, 2016

Singapore will face more cyber attacks as technology is increasingly used
in everyday life, from smart traffic lights and driverless trains to the
ubiquitous smartphones.

The greater risk, which is inevitable as Singapore pushes to be a Smart
Nation, was flagged yesterday by the managing director of the Infocomm...

IoT risks raise concerns among IT specialists in central and eastern Europe InfoSec News (Feb 05)
http://www.computerweekly.com/news/4500272253/IoT-risks-raise-concerns-among-IT-specialists-in-CEE

By Krzysztof Polak
ComputerWeekly.com
04 Feb 2016

The internet of things (IoT) has gone from an industry buzzword to a
highly promising phenomenon in central and eastern Europe – but IT
specialists are concerned about how to protect networks from the extra
strain of new connected devices.

The driving force behind IoT is the desire to gain...

Firewall Wizards — Tips and tricks for firewall administrators

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Revival? Paul Robertson (Sep 11)
Since the last few attempts to revive the list have failed, I'm going to attempt a Facebook group revival experiment.
It'll be a bit broader in scope, but I'm hoping we can discuss technical security matters. The new group is
Security-Wizards on Facebook.

Paul

IDS Focus — Technical discussion about Intrusion Detection Systems. You can also read the archives of a previous IDS list

• Archived Posts
•  RSS Feed
•  About List

Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Faraday Beta V3.0 Released Francisco Amato (Jul 04)
Faraday helps you to host your own vulnerability management platform
now and streamline your team in one place.

We are pleased to announce the newest version of Faraday v3.0. In this
new version we have made major architecture changes to adapt our
software to the new challenges of cyber security. We focused on
processing large data volumes and to making it easier for the user to
interact with Faraday in its environment.

To install it you can...

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Hammerhead repost for Halvar Dave Aitel (Aug 13)
From:
https://web.archive.org/web/20040131120103/http://www.immunitysec.com:8010/29/2002
- Fishing for Obscurity

Some sharks and fish have a unique sixth sense – they can generate and
detect electrical fields, even minute ones. According to the font of all
natural knowledge, the Discovery channel (as opposed to Dawson's Creek, the
font for all social knowledge), a hammer head shark's funny looking head is
actually a voltmeter of...

Voting Village at Defcon Dave Aitel (Aug 13)
https://www.usatoday.com/story/tech/nation-now/2018/08/13/11-year-old-hacks-replica-florida-election-site-changes-results/975121002/

So I don't know a ton about the details of voting machines, but I'm pretty
sure what happened at the DEFCON voting village is not being represented at
all accurately in the media, and I'm curious why nobody in the community is
pushing back on it, specifically I think we have a duty not to be used as...

information operations efforts and data carving Dave Aitel (Aug 09)
Previously Unreleased Work:
https://docs.google.com/presentation/d/1tMlJvnUv_Qbh5mx2RYbyuTHTHr9c9ShIKBzz_JDGn_s/edit?usp=sharing
Paper on the 3M Tweets from Clemson:
https://www.cyxtera.com/blog/data-carving-the-internet-research-agency-tweets

So what you see a lot in some papers is this sort of thing (this one is
from the original Clemson paper):
[image: image.png]I always get flashbacks of that XKCD Correlation vs
Causation comic <...

FINAL CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018 Branco, Rodrigo (Aug 09)
CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018

[ - Introduction - ]

It is a pleasure to invite you to submit abstracts to iSecCon 2018, the annual Security Conference at Intel.

This prestigious conference aims to bring together esteemed speakers from the industry, government and academia to
share knowledge and leading-edge ideas about security and related topics. This is an
excellent opportunity to network with like-minded people...

Assessment Dave Aitel (Jul 20)
So soon after the Immunity deal closed we had this big all hands conference
call with everyone in the larger Cyxtera group on it, and Chris Day, who
runs the group I'm in, said, "Hey Dave, can you give everyone a quick
rundown as to what Immunity is, now that we're all one big team?" and I'll
be honest, I totally bombed.

Immunity has never done corporate verbiage. There's a tendency to be
extremely bland and generic...

Capstone disassembler framework v3.0.5 is out! Nguyen Anh Quynh (Jul 20)
Greetings,

We are very happy to announce version 3.0.5 of Capstone disassembler
framework!

In no particular order, we would like to thank CrowdStrike, CMC Infosec &
Jurriaan Bremer for sponsoring this release!

This stable version fixes some security issues in the core, as well as many
improvements, so existing users are strongly recommended to upgrade.

More details are available at http://capstone-engine.org/Version-3.0.5.html

(For those...

Peach season Dave Aitel (Jul 13)
As Ryan Naraine has pointed out I never did an announcement on this mailing list when Cyxtera<https://www.cyxtera.com>
and Immunity finally closed our deal. Partially that's because these things are in some ways anti-climactic, and
partially because I and a lot of the team at Immunity immediately went on a binge of experimenting with various large
toolkits we'd never had access to before.

For example, this one:...

CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018 Branco, Rodrigo (Jul 09)

SAINTCON 2018 CFP - Sep 25-28, Provo Utah Troy Jessup (Jun 12)
SAINTCON 2018 - Call for Papers

INTRODUCTION
SAINTCON is Utah's best annual Security Conference and Training Event. The Conference spans 4 days and includes a
large variety of content and events making it very diverse and covers a large variety of security related areas of
interest. SAINTCON is a community conference administered by the Utah Chapter of the Security Advisory and Incident
Network Team (UtahSAINT).

Site:...

INFILTRATE Video Release! Ben Watson. David Aitel (May 29)
https://vimeo.com/269252626

Back to the future: Going back in time to abuse Android’s JIT, Benjamin
Watson, INFILTRATE 2018

There's a lot of different uses of "exploit-like" thinking, which is a
kind of rapid-fire scrappy engineering, like building a campsite before
darkness in the zombie-infested wilderness with only the tools you
brought with you, which consist of a pocket knife, some para-cord, and a
pile of soggy...

Project Grapple Dave Aitel (May 23)
https://www.local10.com/sports/liberty-city-kids-form-unlikely-team-combining-2-sports-while-learning-life-lessons-

https://www.flograppling.com/video/6044979-project-grapple-the-jiu-jitsu-non-profit-changing-lives

https://www.instagram.com/project_grapple/

Hi everyone! So for those of you who come to INFILTRATE
<https://infiltratecon.com/fun/>, or attend any of Jeremiah Grossman's
<...

The 6th Annual Volatility Plugin Contest and the Inaugural Volatility Analysis Contest! Andrew Case (May 23)
We are excited to announce that the 2018 Volatility Plugin Contest and the inaugural Volatility Analysis Contest are
now accepting submissions until October 1, 2018. Winners of each contest will receive over $2,500 in cash prizes and
the highly coveted Volatility swag (t-shirts, stickers, etc.)!

Full details can be found on our blog post:

https://volatility-labs.blogspot.com/2018/05/the-6th-annual-volatility-plugin.html

Please let us know...

Re%3A Alternatives to viruscheckmate&In-Reply-To=<CAOjDnn%3D4%3DRkj%2Br1KPksJURXND4hQOmNirwLRcgtnbyeZHWMbXA%40mail.gmail.com> Alex Boldwin (May 23)
Hi Konrads,
I know:
hxxps://antiscan.me (https://link.getmailspring.com/link/1526990922.local-1f8df3dd-cfd9-v1.2.1-7e7447b6 ()
getmailspring com/0?redirect=https%3A%2F%2Fantiscan.me&recipient=ZGFpbHlkYXZlQGxpc3RzLmltbXVuaXR5aW5jLmNvbQ%3D%3D)
hxxps://scanmybin.net (https://link.getmailspring.com/link/1526990922.local-1f8df3dd-cfd9-v1.2.1-7e7447b6 ()
getmailspring...

t2'18: Call For Papers 2018 (Helsinki, Finland) Tomi Tuominen (May 17)
#
# t2'18 - Call For Papers (Helsinki, Finland) - October 25 - 26, 2018
#

Join us for the 15th anniversary celebrations on Oct 25-26! CFP and ticket
sales are now open.

To truly appreciate the full spectrum of cyber, one simply needs to visit
Helsinki. Sooner or later you need a break from the sunshine and warmth, and it
is exactly that contrast we can provide. Located halfway between Miami and
Singapore (the long way round), just 3200 km...

Alternatives to viruscheckmate Konrads Smelkovs (May 17)
Purely practical question - It would seem that virusheckmate is well dead.

Apart from maintaining 50 VMs to replicate it, are there decent
alternatives to do payload scan w/o releasing it to the clouds and vendor
sigs?

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Webcast with CJ: Tues 7/24 at 11am Sierra - Black Hills Information Security (Jul 19)
Our upcoming webcast will be about POLICY...

Did you check out when you heard “policy”? Policy can often seem like a drudgery, but it’s also an important and
potentially overlooked part of business and procedure; it’s the framework on which security is really built!

CJ, our COO and Head of Sales has experience writing, assessing and implementing policies for many different kinds of
companies. And if you are worried it will be dry and...

Hey there! Sierra - Black Hills Information Security (Apr 23)
<<< text/html: EXCLUDED >>>

Honeypots — Discussions about tracking attackers by setting up decoy honeypots or entire honeynet networks.

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Honeypot malware archives Matteo Cantoni (Feb 14)
Hello everyone,

I would like share with you for educational purposes and without any
commercial purpose, data collected by the my homemade honeypot.
Nothing new, nothing shocking, nothing sensational... but I think can
be of interest to newcomers to the world of analysis of malware,
botnets, etc... maybe for a thesis.

The files collected are divided into zip archives, in alphabetical
order, with password (which must be request via email). Some...

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Microsoft Security Update Summary for August 14, 2018 Microsoft (Aug 14)
********************************************************************
Microsoft Security Update Summary for August 14, 2018
Issued: August 14, 2018
********************************************************************

This summary lists security updates released for August 14, 2018.

Complete information for the August 2018 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>.

Critical Security...

Microsoft Security Advisory Notification Microsoft (Aug 14)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: August 14, 2018
********************************************************************

Security Advisories Released or Updated on August 14, 2018
===================================================================

* Microsoft Security Advisory ADV180018

- Title: Microsoft guidance to mitigate L1TF variant
-...

Microsoft Security Advisory Notification Microsoft (Aug 08)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: August 8, 2018
********************************************************************

Security Advisories Released or Updated on August 8, 2018
===================================================================

* Microsoft Security Advisory ADV180012

- Title: Microsoft Guidance for Speculative Store Bypass
-...

Microsoft Security Advisory Notification Microsoft (Aug 01)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: August 1, 2018
********************************************************************

Security Advisories Released or Updated on August 1, 2018
===================================================================

* Microsoft Security Advisory ADV180002

- Title: Guidance to mitigate speculative execution side-channel...

Microsoft Security Update Releases Microsoft (Aug 01)
********************************************************************
Title: Microsoft Security Update Releases
Issued: August 1, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2018-8172
* CVE-2018-8202

Revision Information:
=====================

- CVE-2018-8172 | Visual Studio Remote Code Execution
Vulnerability
-...

Microsoft Security Update Minor Revisions Microsoft (Aug 01)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: August1, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a minor revision increment:

* CVE-2018-8202 - Version 4.1
* CVE-2018-8284 - Version 2.2
* CVE-2018-8356 - Version 3.1

Revision Information:
=====================

-...

Microsoft Security Advisory Notification Microsoft (Jul 27)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: July 26, 2018
********************************************************************

Security Advisories Released or Updated on July 26, 2018
===================================================================

* Microsoft Security Advisory ADV180012

- Title: Microsoft Guidance for Speculative Store Bypass
-...

Microsoft Security Update Releases Microsoft (Jul 26)
********************************************************************
Title: Microsoft Security Update Releases
Issued: July 26, 2018
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment:

* CVE-2018-8202

Revision Information:
=====================

- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reason for Revision: Microsoft is aware of...

Microsoft Security Update Releases Microsoft (Jul 24)
********************************************************************
Title: Microsoft Security Update Releases
Issued: July 24, 2018
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment:

* CVE-2018-8308

Revision Information:
=====================

- https://portal.msrc.microsoft.com/en-us/security-guidance/
advisory/CVE-2018-8308
- Reason for...

Microsoft Security Update Releases Microsoft (Jul 19)
********************************************************************
Title: Microsoft Security Update Releases
Issued: July 19, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2018-8202
* CVE-2018-8260
* CVE-2018-8284
* CVE-2018-8356

Revision Information:
=====================

-...

Microsoft Security Update Minor Revisions Microsoft (Jul 19)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: July 19, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a minor revision increment:

* CVE-2018-8202
* CVE-2018-8260
* CVE-2018-8284
* CVE-2018-8356

Revision Information:
=====================

-...

Microsoft Security Advisory Notification Microsoft (Jul 19)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: July 19, 2018
********************************************************************
a
Security Advisories Released or Updated on July 19, 2018
===================================================================

* Microsoft Security Advisory ADV180002

- Title: Guidance to mitigate speculative execution side-channel...

Microsoft Security Advisory Notification Microsoft (Jul 16)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: July 16, 2018
********************************************************************

Security Advisories Released or Updated on July 16, 2018
===================================================================

* Microsoft Security Advisory ADV180016

- Title: Microsoft Guidance for Lazy FP State Restore
-...

Microsoft Security Update Releases Microsoft (Jul 16)
********************************************************************
Title: Microsoft Security Update Releases
Issued: July 16, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2018-8319

Revision Information:
=====================

- CVE-2018-8319 | MSR JavaScript Cryptography Library Security
Feature Bypass Vulnerability
-...

Microsoft Security Update Minor Revisions Microsoft (Jun 22)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: June 22, 2018
********************************************************************

Summary
=======

The following CVE has been revised in the June 2018 Security
Updates.

* CVE-2018-0978
* CVE-2018-8113
* CVE-2018-8249
* CVE-2018-8267

Revision Information:
=====================

CVE-2018-0978

- Title: CVE-2018-0978 |...

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Verizon: 1.5M of Contact Records Stolen, Now on Sale Jeffrey Walton (Mar 26)
http://www.mobipicker.com/verizon-1-5m-contact-records-stolen-now-sale/:

A business to business telecommunication giant,
Verizon Enterprise Solutions, a Basking Ridge,
New Jersey-based company, has been the latest
victim of a cyber crime that stole 1.5 million contact
records of the customers of Verizon...

I don't quite understand this double talk. Could someone explain to me:

A spokesperson from Verizon said that...

Statement on Lavabit Citation in Apple Case Jeffrey Walton (Mar 16)
(From John Young on another list):
http://www.facebook.com/KingLadar/posts/10156714933135038

As many of you already know, the government cited the Lavabit case in
a footnote. The problem is their description insinuates a precedent
that was never created. Obviously I was somewhat disturbed by their
misrepresentation. So I decided to draft a statement. And keep in
mind, these are the same people who say "trust us." Click continue to
read...

The NSA's back door has given every US secret to our enemies Jeffrey Walton (Feb 29)
http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2

Deng Xiaoping, in 1979 - his second year as supreme leader of China -
perceived a fundamental truth that has yet to be fully grasped by most
Western leaders: Software, if properly weaponized, could be far more
destructive than any nuclear arsenal.

Under Deng’s leadership, China began one of the most ambitious and
sophisticated meta- software...

Can Spies Break Apple Crypto? Jeffrey Walton (Feb 27)
Here's an interesting exchange between Cryptome and Michael Froomkin,
Law Professor at University of Miami, on the All Writs Act
(http://cryptome.org/2016/02/can-spies-break-apple-crypto.htm):

-----

A. Michael Froomkin:

The factual posture in the key Supreme Court precedent, New York
Telephone, involved a situation where only the subject of the order
was capable of providing the assistance at issue. This is the basis
for Apple's...

The FBI's iPhone Problem: Tactical vs. Strategic Thinking Jeffrey Walton (Feb 23)
http://www.technewsworld.com/story/83130.html

I'm an ex-sheriff, and I've been in and out of security jobs for much
of my life, so I've got some familiarity with the issues underlying
the drama between the FBI and Apple. FBI officials -- and likely those
in every other three-letter agency and their counterparts all over the
world -- would like an easier way to do their jobs. Wouldn't we all?

If they could put cameras in...

Wanted: Cryptography Products for Worldwide Survey Jeffrey Walton (Jan 01)
(http://www.schneier.com/crypto-gram/archives/2015/1215.html):

In 1999, Lance Hoffman, David Balenson, and others published a survey
of non-US cryptographic products. The point of the survey was to
illustrate that there was a robust international market in these
products, and that US-only export restrictions on strong encryption
did nothing to prevent its adoption and everything to disadvantage US
corporations. This was an important contribution...

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

• Current Year
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Samba Releases Security Updates US-CERT (Aug 14)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

Samba Releases Security Updates [
https://www.us-cert.gov/ncas/current-activity/2018/08/14/Samba-Releases-Security-Updates ] 08/14/2018 06:23 PM EDT
Original release date: August 14, 2018

The Samba Team has released security updates to address several vulnerabilities in Samba. An attacker could exploit one
of these vulnerabilities to take control of an affected...

Microsoft Releases August 2018 Security Updates US-CERT (Aug 14)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

Microsoft Releases August 2018 Security Updates [
https://www.us-cert.gov/ncas/current-activity/2018/08/14/Microsoft-Releases-August-2018-Security-Updates ] 08/14/2018
05:14 PM EDT
Original release date: August 14, 2018

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could
exploit some of these...

Adobe Releases Security Updates US-CERT (Aug 14)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

Adobe Releases Security Updates [
https://www.us-cert.gov/ncas/current-activity/2018/08/14/Adobe-Releases-Security-Updates ] 08/14/2018 05:21 PM EDT
Original release date: August 14, 2018

Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader, Adobe Experience Manager,
Adobe Flash Player, and Adobe Creative Cloud Desktop...

Intel Side-Channel Vulnerability US-CERT (Aug 14)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

Intel Side-Channel L1TF Vulnerability [
https://www.us-cert.gov/ncas/current-activity/2018/08/14/Intel-Side-Channel-Vulnerability ] 08/14/2018 01:54 PM EDT
Original release date: August 14, 2018

Intel has released recommendations to address a side-channel vulnerability called L1 Terminal Fault (L1TF) that affects
multiple Intel microprocessors. An attacker could...

Oracle Releases Security Alert US-CERT (Aug 13)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

Oracle Releases Security Alert [
https://www.us-cert.gov/ncas/current-activity/2018/08/13/Oracle-Releases-Security-Alert ] 08/13/2018 03:19 PM EDT
Original release date: August 13, 2018

Oracle has released a security alert to address a vulnerability in multiple versions of Oracle Database. A remote
attacker could exploit this vulnerability to take control of an...

Back-to-School Cyber Safety US-CERT (Aug 10)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

Back-to-School Cyber Safety [ https://www.us-cert.gov/ncas/current-activity/2018/08/10/Back-School-Cyber-Safety ]
08/10/2018 08:25 AM EDT
Original release date: August 10, 2018

As summer break ends, many students will return to school with mobile devices, such as smart phones, tablets, and
laptops. Although these devices can help students with their schoolwork and...

AR18-221A: MAR-10135536-17 – North Korean Trojan: KEYMARBLE US-CERT (Aug 09)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System: AR18-221A: MAR-10135536-17 North Korean Trojan: KEYMARBLE [
https://www.us-cert.gov/ncas/analysis-reports/AR18-221A ] 08/09/2018 09:29 AM EDT
Original release date: August 09, 2018

Description

Notification

This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not
provide any warranties of any...

North Korean Malicious Cyber Activity US-CERT (Aug 09)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

North Korean Malicious Cyber Activity [
https://www.us-cert.gov/ncas/current-activity/2018/08/09/North-Korean-Malicious-Cyber-Activity ] 08/09/2018 01:02 PM
EDT
Original release date: August 09, 2018

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified a Trojan
malware variantreferred to as KEYMARBLEused by the...

ISC Releases Security Advisory for BIND US-CERT (Aug 08)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

ISC Releases Security Advisory for BIND [
https://www.us-cert.gov/ncas/current-activity/2018/08/08/ISC-Releases-Security-Advisory-BIND ] 08/08/2018 07:24 PM EDT
Original release date: August 08, 2018

The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting
multiple versions of ISC Berkeley Internet Name Domain...

FBI Releases Article on Building a Digital Defense Against Facebook Scams US-CERT (Aug 08)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

FBI Releases Article on Building a Digital Defense Against Facebook Scams [
https://www.us-cert.gov/ncas/current-activity/2018/08/07/FBI-Releases-Article-Building-Digital-Defense-Against-Facebook
] 08/07/2018 10:57 PM EDT
Original release date: August 07, 2018

The Federal Bureau of Investigation (FBI) has released an article on building a digital defense against a...

VMware Releases Security Updates US-CERT (Aug 07)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

VMware Releases Security Updates [
https://www.us-cert.gov/ncas/current-activity/2018/08/07/VMware-Releases-Security-Updates ] 08/07/2018 10:37 PM EDT
Original release date: August 07, 2018

VMware has released security updates to address a vulnerability in Horizon 6, 7, and Horizon Client for Windows. An
attacker could exploit this vulnerability to obtain...

Mozilla Releases Security Update for Thunderbird US-CERT (Aug 06)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

Mozilla Releases Security Update for Thunderbird [
https://www.us-cert.gov/ncas/current-activity/2018/08/06/Mozilla-Releases-Security-Update-Thunderbird ] 08/06/2018
08:23 PM EDT
Original release date: August 06, 2018

Mozilla has released a security update to address vulnerabilities in Thunderbird. A remote attacker could exploit some
of these vulnerabilities to...

Linux Kernel Vulnerability US-CERT (Aug 06)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

Linux Kernel Vulnerability [ https://www.us-cert.gov/ncas/current-activity/2018/08/06/Linux-Kernel-Vulnerability ]
08/06/2018 08:27 PM EDT
Original release date: August 06, 2018

NCCIC is aware of a Linux kernel vulnerability affecting Linux versions 4.9 and greater. An attacker could exploit this
vulnerability to cause a denial-of-service condition.

NCCIC...

Drupal Releases Security Update US-CERT (Aug 02)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

Drupal Releases Security Update [
https://www.us-cert.gov/ncas/current-activity/2018/08/02/Drupal-Releases-Security-Update ] 08/02/2018 08:07 PM EDT
Original release date: August 02, 2018

Drupal has released a security update addressing a vulnerability in Drupal 8.x. A remote attacker could exploit this
vulnerability to take control of an affected system.

NCCIC...

FBI Releases Article on Securing the Internet of Things US-CERT (Aug 02)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

FBI Releases Article on Securing the Internet of Things [
https://www.us-cert.gov/ncas/current-activity/2018/08/02/FBI-Releases-Article-Securing-Internet-Things ] 08/02/2018
05:32 PM EDT
Original release date: August 02, 2018

The Federal Bureau of Investigation (FBI) has released an article on the risks associated with internet-connected
devices, commonly...

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

CVE-2018-5391: Linux kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack) Vladis Dronov (Aug 14)
Heololo,

A flaw named FragmentSmack was found in the way the Linux kernel handled
reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could
use this flaw to trigger time and calculation expensive fragment reassembly
algorithms by sending specially crafted packets which could lead to a CPU
saturation and hence a denial of service on the system.

External References:

https://www.kb.cert.org/vuls/id/641765...

Xen Security Advisory 272 v2 - oxenstored does not apply quota-maxentity Xen . org security team (Aug 14)
Xen Security Advisory XSA-272
version 2

oxenstored does not apply quota-maxentity

UPDATES IN VERSION 2
====================

Ammend patch to reference XSA-272 in the commit message.

Public release.

ISSUE DESCRIPTION
=================

The logic in oxenstored for handling writes depended on the order of
evaluation of expressions making up a tuple.

As indicated in section 7.7.3...

Xen Security Advisory 271 v2 (CVE-2018-14007) - XAPI HTTP directory traversal Xen . org security team (Aug 14)
Xen Security Advisory CVE-2018-14007 / XSA-271
version 2

XAPI HTTP directory traversal

UPDATES IN VERSION 2
====================

Public release.

ISSUE DESCRIPTION
=================

XAPI has an unauthenticated HTTP endpoint update/ which exports the
contents of /var/update for other hosts to use.

However, the resolution of . and .. in paths is performed before url
unquoting is...

Xen Security Advisory 270 v2 - Linux netback driver OOB access in hash handling Xen . org security team (Aug 14)
Xen Security Advisory XSA-270
version 2

Linux netback driver OOB access in hash handling

UPDATES IN VERSION 2
====================

Public release.

ISSUE DESCRIPTION
=================

Linux's netback driver allows frontends to control mapping of requests
to request queues. When processing a request to set or change this
mapping, some input validation was missing or flawed....

Xen Security Advisory 269 v2 - x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS Xen . org security team (Aug 14)
Xen Security Advisory XSA-269
version 2

x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS

UPDATES IN VERSION 2
====================

Public release.

ISSUE DESCRIPTION
=================

The DEBUGCTL MSR contains several debugging features, some of which virtualise
cleanly, but some do not. In particular, Branch Trace Store is not
virtualised by the processor, and software has...

Xen Security Advisory 268 v2 - Use of v2 grant tables may cause crash on ARM Xen . org security team (Aug 14)
Xen Security Advisory XSA-268
version 2

Use of v2 grant tables may cause crash on ARM

UPDATES IN VERSION 2
====================

Public release.

ISSUE DESCRIPTION
=================

ARM never properly implemented grant table v2, either in the
hypervisor or in Linux.

Unfortunately, an ARM guest can still request v2 grant tables; they
will simply not be properly set up, resulting in...

Xen Security Advisory 273 v1 (CVE-2018-3620,CVE-2018-3646) - L1 Terminal Fault speculative side channel Xen . org security team (Aug 14)
Xen Security Advisory CVE-2018-3620,CVE-2018-3646 / XSA-273

L1 Terminal Fault speculative side channel

ISSUE DESCRIPTION
=================

In x86 nomenclature, a Terminal Fault is a pagetable walk which aborts
due to the page being not present (e.g. paged out to disk), or because
of reserved bits being set.

Architecturally, such a memory access will result in a page fault
exception, but some processors will speculatively...

CVE-2018-14722: btrfsmaintenance: Code execution Marcus Meissner (Aug 14)
Hi,

SUSE employee Fabian Vogt has found a shell code injection issue in the "btrfsmaintenance" tools.

https://bugzilla.suse.com/show_bug.cgi?id=1102721

Mounting btrfs images with a label including shell injection characters could cause
the cron jobs (running as root) to execute the include shellcode.

Our proposed fix attached to this email.

bad image can be created with:
mkfs.btrfs --label "`/evil/command`'...

X41 D-Sec GmbH Security Advisory X41-2018-005: Multiple Vulnerabilities in Apple smartcardservices X41 D-Sec GmbH Advisories (Aug 14)
X41 D-Sec GmbH Security Advisory: X41-2018-005

Multiple Vulnerabilities in Apple smartcardservices
===================================================

Overview
--------
Confirmed Affected Versions: e3eb96a6eff9d02497a51b3c155a10fa5989021f
Confirmed Patched Versions: 8eef01a5e218ae78cc358de32213b50a601662de
Vendor: Apple
Vendor URL: https://smartcardservices.github.io/
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL:...

X41 D-Sec GmbH Security Advisory X41-2018-004: Multiple Vulnerabilities in Yubico libykneomgr X41 D-Sec GmbH Advisories (Aug 14)
X41 D-Sec GmbH Security Advisory: X41-2018-004

Multiple Vulnerabilities in Yubico libykneomgr
==============================================

Overview
--------
Confirmed Affected Versions: 0.1.9
Confirmed Patched Versions: -
Vendor: Yubico / Depreciated
Vendor URL: https://www.yubico.com/
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL:
https://www.x41-dsec.de/lab/advisories/x41-2018-004-libykneomgr/

Summary and Impact...

X41 D-Sec GmbH Security Advisory X41-2018-003: Multiple Vulnerabilities in pam_pkcs11 X41 D-Sec GmbH Advisories (Aug 14)
X41 D-Sec GmbH Security Advisory: X41-2018-003

Multiple Vulnerabilities in pam_pkcs11
======================================

Overview
--------
Confirmed Affected Versions: 0.6.9
Confirmed Patched Versions: -
Vendor: Unmaintained
Vendor URL: https://github.com/OpenSC/pampkcs11
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL:
https://www.x41-dsec.de/lab/advisories/x41-2018-003-pampkcs11/

Summary and Impact
------------------...

X41 D-Sec GmbH Security Advisory X41-2018-002: Multiple Vulnerabilities in OpenSC X41 D-Sec GmbH Advisories (Aug 14)
X41 D-Sec GmbH Security Advisory: X41-2018-002

Multiple Vulnerabilities in OpenSC
==================================

Overview
--------
Confirmed Affected Versions: 0.18.0
Confirmed Patched Versions: possibly 0.19.0
Vendor: OpenSC
Vendor URL: https://github.com/OpenSC/OpenSC
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/

Summary and Impact
------------------...

X41 D-Sec GmbH Security Advisory X41-2018-001: Multiple Vulnerabilities in Yubico Piv X41 D-Sec GmbH Advisories (Aug 14)
X41 D-Sec GmbH Security Advisory: X41-2018-001

Multiple Vulnerabilities in Yubico Piv
======================================

Overview
--------
Confirmed Affected Versions: 1.5.0
Confirmed Patched Versions: 1.6.0
Vendor: Yubico
Vendor URL: https://www.yubico.com/
Vendor Advisory URL: https://www.yubico.com/support/security-advisories
Credit: X41 D-Sec GmbH, Eric Sesterhenn
Status: Public
Advisory-URL:...

CVE-2018-14424: Use-after-free in GDM Chris Coulson (Aug 14)
Hi,

I recently discovered a use-after-free in the GDM daemon, which is
possible to trigger via a specially crafted sequence of D-Bus method
calls as an unprivileged user.

Details from https://gitlab.gnome.org/GNOME/gdm/issues/401 follow:

----
When GdmDisplayStore (daemon/gdm-display-store.c) emits the
"display-removed" signal, the GdmDisplay being removed has already been
removed from the store. Subsequent calls to...

CVE-2018-11770: Apache Spark standalone master, Mesos REST APIs not controlled by authentication Sean Owen (Aug 13)
Severity: Medium

Vendor: The Apache Software Foundation

Versions Affected:
Spark versions from 1.3.0, running standalone master with REST API enabled,
or running Mesos master with cluster mode enabled

Description:

job submission, in addition to the submission mechanism used by
spark-submit. In standalone, the config property
'spark.authenticate.secret' establishes a shared secret for authenticating
requests to submit jobs via...

Secure Coding — The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Silver Bullet 123: Yanek Korff Gary McGraw (Jul 06)
hi sc-l,

The latest installment of Silver Bullet was posted this morning. Silver Bullet episode 123 features a conversation
with Yanek Korff. Yanek worked for many years at Cigital as a system administrator back in the early days. He then
moved on to operational security work at AOL and running managed security services at Mandiant.

We talk about managing technical people in this episode. We also discuss operational security. Have a...

Educause Security Discussion — Securing networks and computers in an academic environment.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

[UPDATED DETAILS] Save the Date for a REN-ISAC Workshop Near You Sarah Bigham (Aug 14)
Updated Workshop Details:
-------------------------

September 10, 2018: Arizona State University
Location: Tempe, AZ
https://www.ren-isac.net/calendar/september/workshop_asu.html

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

September 20, 2018: Duke University
Location: Durham, NC
https://www.ren-isac.net/calendar/september/workshop_duke.html

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

October 9,...

Job Opening - University of Illinois Barnes, Joe (Aug 14)
Afternoon,

The University of Illinois is hiring a cybersecurity operations center manager. If you or someone you know is
interested, I would encourage you to apply. Please note the job closes Aug 28. For more details see below. To apply
please go to: https://jobs.illinois.edu.

Thanks
Joe

***********************************
Joe Barnes, CISSP
Chief Privacy & Security Officer
Technology Services at Illinois
University of Illinois at...

Re: Restricting PC Admin Rights Alex Lindstrom (Aug 14)
At the University of Delaware, we're increasing deployment of desktop
management solutions that include admin account management alongside other
controls like domain joining, app whitelisting, automated patching, and
anti-virus.

We pitch this as a value-add for the end users and their units because the
management service automates many of the basic, essential security tasks
they'd otherwise have to handle manually. The end result is...

Re: Restricting PC Admin Rights Gregg, Christopher S. (Aug 14)
Our admin access plan is very similar. We flipped our default to no admin access and require a business reason for the
access. We have admittedly been somewhat lenient in accepting the reason, but we decided it is more important to get
everyone into a consistent model. Before the new policy, admin access was all over the board… some local machine
accounts, some domain accounts, some shared accounts, etc. Even with a more lenient approach...

Re: Restricting PC Admin Rights Barton, Robert W. (Aug 13)
I’m procrastinating on writing my paper. Tech Republic – 25% of employees..same password.

https://www.techrepublic.com/article/25-of-employees-use-the-same-password-for-every-account/?ftag=TREe01923b&bhid=26281587038050093910701370864326

Robert W. Barton
Director of Information Security
Lewis University
One University Parkway
Romeoville, IL 60446-2200
815-836-5663

From: Barton, Robert W.
Sent: Monday, August 13, 2018 3:58 PM
To:...

Re: Restricting PC Admin Rights Barton, Robert W. (Aug 13)
It is a user issue, but don’t forget about lateral movement of viruses (viruses can be ‘dormant’ in a file on the
network), that mistakes happen, and that if a user account falls into the wrong hands. They all add up to an issue
that can be resolved; a bank of 30,000 had few to no regular users with local administrator rights, or a way to
escalate.

Your BYOD should be segmented off to their own network with less direct access to...

Re: Microsoft MFA and Authentication FOBs Gregg, Christopher S. (Aug 13)
We've been told by MS account rep and SE that token support is coming. For now we're exempting the handful of people
who don't have a mobile phone and it doesn't work to have their office phone number as the second factor. That's 30
out of 20,000 account holders so far.

Thanks,

Chris

Chris Gregg
Associate Vice President of Information Security & Risk Management, CISO
Information Technology Services (ITS)...

Re: Restricting PC Admin Rights randy (Aug 13)
Interesting thread. I have a couple of questions:

1. What is the problem we're trying to solve?
a. Seems to me the problem isn't a user having admin rights, rather,
it's a poorly trained user with admin privs that' the problem. So, why not
create a training program for people who want admin privs? Seems to me
that's a win-win. We get an extra set of eyes to help spot problems, users
get the flexibility they...

Re: Restricting PC Admin Rights Barton, Robert W. (Aug 13)
I’ve been in on a few see-saw discussions on this topic. The only positive reason not countered for forcing a password
change, is that the likelihood of a user having a password that is the same as one of their outside accounts is far
less. The timing is up in the air though as to a good time frame.

Robert W. Barton
Director of Information Security
Lewis University
One University Parkway
Romeoville, IL 60446-2200
815-836-5663

From: The...

Re: Restricting PC Admin Rights Burns, Denis (Aug 13)
Thanks Roman – It is a good read for everyone within IT as well as executive leadership. The comments on that article
were insightful as well.

While I am in agreement with the article about most of the points, the one that they miss is that auditors are going to
judge your organization off of their score sheets that may, or may not, reflect the best practices ‘of the moment’.
While we all work to secure our environments from bad...

Re: Restricting PC Admin Rights Simanovich, Roman (Aug 13)
Frank,
FYI, good read.

https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-mandatory-password-changes

Thanks,
Roman

From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Burns, Denis
Sent: Monday, August 13, 2018 3:58 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Restricting PC Admin Rights

Hi Frank,

Happy to share some of the rationale offline.

While...

Re: Restricting PC Admin Rights Burns, Denis (Aug 13)
Hi Frank,

Happy to share some of the rationale offline.

While I petitioned for 60 days across the board, I will be happy to settle for either a slightly longer window with a
complex PW, or much longer (1-2 year) with a passphrase. We are working through the technical side to see if we can
allow our customers t self op-in for the passphrase option or switch back and forth w/o technician assistance. Also,
trying to see if we can assign them...

Re: Restricting PC Admin Rights Frank Barton (Aug 13)
Denis... why the expiring passwords? and what time-frame are you using?

Frank

Re: Restricting PC Admin Rights Burns, Denis (Aug 13)
We are taking the “Never let a good crisis go to waste” methodology and are using another initiative to roll it to our
customer base.

Everyone wants Windows 10, but we have been slow to adopt. Now, all new images have standard user rights. Many IT
folks are issued a separate domain account with local admin rights *on their computer only* for dismissing UAC’s and
running things elevated as needed.

For customer support, we use LAPS for...

Re: Restricting PC Admin Rights Frank Barton (Aug 13)
Rick, one thing to keep in mind that we've run across is software
licensing. We have many a faculty member that is also a student at another
institution (I'm pretty sure this is very common). As such they may have a
license for, say, MatLab. However, that license does not allow it to be run
on our computers.
Along a similar line "free for personal use" licenses can be problematic
also.

keeping a list of approved, and licensed...

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

• Current Month
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Re: tcp md5 bgp attacks? Randy Bush (Aug 14)
one or both of us needs to reread 4808

randy

Re: tcp md5 bgp attacks? Jared Mauch (Aug 14)
It provides some capability, but for example if I have a large iBGP mesh and need to change methods of securing it and
have automation involved, it can often be a one-shot change unless I can zone some routers to different versions of
templating to have a smooth transition. Basically the negative side of using peer-groups can be quite catastrophic
with how you transition from the router software without good update packing/replication to one...

Re: tcp md5 bgp attacks? Randy Bush (Aug 14)
[ again, thanks for an answer to the question asked ]

and i am not sure it meets my needs. i am not seeking privacy or pfs.
i want roll-if-compromise. (and no, i do not want automated compromise
heuristics, a recipe for death).

something such as, or close to, rfc 4808?

randy

Re: tcp md5 bgp attacks? Jared Mauch (Aug 14)
I’ve looked at it, hear it works, but not been willing to take the hit for any transition.

I talked about some of this and other challenges at SAAG WG at IETF 101. Transport area has some possible interesting
things, but similar to what Haas said, TCP-AO isn’t really viable yet, and we need something that’s stable enough to
last 5-7 years, which is very different from a HTTP transaction that may live only a few seconds.

We have some...

Re: tcp md5 bgp attacks? Randy Bush (Aug 14)
thanks john for the one (so far) answer to my question instead of
telling me how to run my routers

what i see also looks like config as opposed to attack

---

follow-on question:

anyone using the timed key-chain stuff?

randy

Re: tcp md5 bgp attacks? John Kristoff (Aug 14)
My data is coarse, but with 'show system statistics tcp | match auth' I
see sometimes thousands of rcv packets dropped on BGP routers. I doubt
they are attacks, but simply badly configured or stale peer sessions
over the course of time the counters initialized from.

John

Re: tcp md5 bgp attacks? Roland Dobbins (Aug 14)
No - it's a belt-and-suspenders sort of thing, along with GTSM.

-----------------------------------
Roland Dobbins <rdobbins () arbor net>

Re: tcp md5 bgp attacks? Job Snijders (Aug 14)
To further harden your setup, consider using GTSM

https://tools.ietf.org/html/rfc5082

Kind regards,

Job

Re: tcp md5 bgp attacks? Grant Taylor via NANOG (Aug 14)
n00b response here

I thought using ACLs or otherwise protecting the BGP endpoint was best
practice. Thus it's really hard to even try break an MD5 protected BGP
session if you can't even establish the TCP connection.

Everything that I've seen or set up had an ACL to only allow the peer(s)
to be able to connect to (from memory) TCP port 179.

Is there something that I've missed the boat on?

#learningOpportunity

tcp md5 bgp attacks? Randy Bush (Aug 14)
so we started to wonder if, since we started protecting our bgp
sessions with md5 (in the 1990s), are there still folk trying to
attack?

we were unable to find bgp mib counters. there are igp interface
counters, but that was not our immediate interest. we did find
that md5 failures are logged.

looking at my logs for a few years, i find essentially nothing;
two 'attackers,' one my own ibgp peer, and one that noted evildoer
rob...

Reach for a Verizon "Mobility" Network Contact Bob Evans (Aug 14)
Please contact me offline at bob () FiberInternetCenter com

NOT looking for verizon a cell phone dealer - NOT looking for a verizon
business multi-phone plan sales person. Looking for the verizon mobility
department , someone that can generate a contract for this specific
service and has contacts within that part of the organization and knows
the individuals by name.

Thank You
Bob Evans
CTO

AT&T Wireless Issue Mark Stevens (Aug 14)
Good Afternoon,

I am looking to get in touch with an AT&T wireless switch tech in the
NY/NJ region. If someone from AT&T could reach out to me offline it
would be great.

Thanks

Mark

3549 1273 Jared Mauch (Aug 14)
3549<->1273 seem to be generating a lot of BGP updates between each other, is anyone else seeing this or noticed an
adverse impact?

- Jared

Re: optical circulator as a bidirectional one fiber solution Jared Mauch (Aug 13)
There are some DCO 100G coherent optics on the market, but I think this thread is more about why there’s not much in
the way of 40/100g transmission speed, but it really is about how 10G was one of the last walls where OOK was a thing.
Once you went 40G/100G you went to parallel signals, either in CDWDM form or parallel signals on parallel fibers (eg:
those MPT/MPO cables we all get to enjoy).

If you talk to the optics folks you can get...

RE: optical circulator as a bidirectional one fiber solution Jameson, Daniel (Aug 13)
If we were talking 10G, adjacent channels, add a TFFL filter it *Should* work. 100G isn’t just on-off at a high clock
rate, it’s also modulated around the center frequency, I don’t think it’d work even with a wideband receiver.

From: Ben Cannon [mailto:ben () 6by7 net]
Sent: Monday, August 13, 2018 4:24 PM
To: Jameson, Daniel
Cc: Eric Kuhnke; nanog () nanog org list
Subject: Re: optical circulator as a bidirectional one fiber...

Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating

• Current Month
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

re 8-8-18 will go down in history as the day the first amendment died sent with approval of Guy Dave Farber (Aug 14)
Begin forwarded message:

> From: Paul Alan Levy <plevy () citizen org>
> Date: August 14, 2018 at 11:24:31 PM GMT+9
> To: "dave () farber net" <dave () farber net>, ip <ip () listbox com>
> Subject: RE: [IP] re 8-8-18 will go down in history as the day the first amendment died sent with approval of Guy
>
> Although I agree with the effort of EFF and others (mentioned in a separate thread by David...

Intel’s SGX blown wide open by, you guessed it, a speculative execution attack | Ars Technica Dave Farber (Aug 14)
The title is hype but the article is good. djf
https://arstechnica.com/gadgets/2018/08/intels-sgx-blown-wide-open-by-you-guessed-it-a-speculative-execution-attack/

-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915
Unsubscribe Now:...

Invierta en Punta del Este, 100 % financiado y sin interés. greenpark.com.uy (Aug 14)
Invertí en un lugar que nunca te va a dejar de sorprender

&nbsp;

&nbsp;

&nbsp;

&nbsp;

Para remover su direcci&oacute;n de esta lista haga <a
href="http://d.gpmserver1.com/unsuscribe.php?id=pueepswetiestryppsruy";>click aqu&iacute;</a>

Re Is Blockchain Technology the Future of Voting? Dave Farber (Aug 14)
Begin forwarded message:

> From: "Justin D'Onofrio" <justin.donofrio () me com>
> Date: August 14, 2018 at 9:38:47 PM GMT+9
> To: dave () farber net
> Subject: Re: [IP] Is Blockchain Technology the Future of Voting?
>
> Hi Dave,
>
> For IP, if you will:
>
> I feel that this is a great case of Betteridge’s Law of Headlines. It’s not the future of voting, and if it were, the
> Voatz...

re 8-8-18 will go down in history as the day the first amendment died sent with approval of Guy Dave Farber (Aug 14)
Begin forwarded message:

> From: DV Henkel-Wallace <gumby () henkel-wallace org>
> Date: August 14, 2018 at 10:29:22 PM GMT+9
> To: Guy Jarvis <fibreguy42 () gmail com>
> Cc: David Farber <dave () farber net>
> Subject: Re: [IP] 8-8-18 will go down in history as the day the first amendment died sent with approval of Guy
>
> Oh come on.
>
> Problematic as I find the idea of "hate speech"...

Re Alex Jones is far from the only person tech companies are silencing - The Washington Post Dave Farber (Aug 14)
Begin forwarded message:

> From: Rahul Tongia <tongia.cmu () gmail com>
> Date: August 14, 2018 at 9:56:14 PM GMT+9
> To: David Farber <dave () farber net>
> Cc: ip <ip () listbox com>
> Subject: Re: [IP] Alex Jones is far from the only person tech companies are silencing - The Washington Post
>
> Dave,
>
> Perhaps a naive Q - what if tech companies allow person X to continue posting aka speaking,...

8-8-18 will go down in history as the day the first amendment died sent with approval of Guy Dave Farber (Aug 14)
>>> On Aug 9, 2018, at 15:34, Guy Jarvis <fibreguy42 () gmail com> wrote:
>>
>> 8-8-18 will go down in history as the day the first amendment died, at
>> least so far as uncloaking the reality of how private for profit
>> monopolies dominate public discourse by acting as
>> politically-unaccountable speech police.
>>
>> Mindful of the words of Martin Niemoller
>> (...

Is Blockchain Technology the Future of Voting? Dave Farber (Aug 14)
Begin forwarded message:

> From: Dewayne Hendricks <dewayne () warpspeed com>
> Date: August 14, 2018 at 6:13:03 PM GMT+9
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] Is Blockchain Technology the Future of Voting?
> Reply-To: dewayne-net () warpspeed com
>
> [Note: This item comes from friend Geoff Goodfellow. DLH]
>
> Is Blockchain Technology the...

Alex Jones is far from the only person tech companies are silencing - The Washington Post DAVID FARBER (Aug 14)
> https://www.washingtonpost.com/opinions/beware-the-digital-censor/2018/08/12/997e28ea-9cd0-11e8-843b-36e177f3081c_story.html?utm_term=.5fe7f8d625d2
>
> <https://www.washingtonpost.com/opinions/beware-the-digital-censor/2018/08/12/997e28ea-9cd0-11e8-843b-36e177f3081c_story.html?utm_term=.5fe7f8d625d2>

-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription:...

The Lessons of the Seattle Plane Crash DAVID FARBER (Aug 13)
> Begin forwarded message:
>
> From: Dewayne Hendricks <dewayne () warpspeed com>
> Subject: [Dewayne-Net] The Lessons of the Seattle Plane Crash
> Date: August 14, 2018 at 10:47:52 AM GMT+9
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Reply-To: dewayne-net () warpspeed com
>
> The Lessons of the Seattle Plane Crash
> It’s not possible to eliminate all risks from modern...

Russian Military Spy Software is on Hundreds of Thousands of Home Routers DAVID FARBER (Aug 13)
Begin forwarded message:

> From: the keyboard of geoff goodfellow <geoff () iconia com>
> Date: August 14, 2018 at 7:04:29 AM GMT+9
> To: E-mail Pamphleteer Dave Farber's Interesting People list <ip () listbox com>
> Subject: Russian Military Spy Software is on Hundreds of Thousands of Home Routers
>
>...

Invierta en Punta del Este, 100 % financiado y sin interés. greenpark.com.uy (Aug 10)
Invertí en un lugar que nunca te va a dejar de sorprender

&nbsp;

&nbsp;

&nbsp;

&nbsp;

Para remover su direcci&oacute;n de esta lista haga <a
href="http://d.gpmserver1.com/unsuscribe.php?id=wppiesweyqqstryoqsruy";>click aqu&iacute;</a>

A giant floating trash collector will try to scoop up the Great Pacific Garbage Patch DAVID FARBER (Aug 09)
Begin forwarded message:

> From: the keyboard of geoff goodfellow <geoff () iconia com>
> Date: August 10, 2018 at 12:49:52 GMT+9
> To: E-mail Pamphleteer Dave Farber's Interesting People list <ip () listbox com>
> Cc: Brig <jbmerrell () comcast net>, "D. happy-go-lucky Ikeda" <brightgreen () gol com>, Lukas Lichy <lukas.lichy ()
> gmail com>, Eileen Levin <DadsGrotch () aol...

Re Deepfakes are coming. Is Big Tech ready? Dave Farber (Aug 09)
> Begin forwarded message:
>
> From: "Paul Wilson" <pwilson () apnic net>
> Subject: Re: [IP] Deepfakes are coming. Is Big Tech ready?
> Date: August 10, 2018 at 9:01:15 AM GMT+9
> To: dave () farber net
> Cc: ip <ip () listbox com>
>
> “Deepfakes”! What a wonderful bit of newspeak, but truly misleading jargon in this case at least.
>
> No matter how “good” they are, there’s...

NP again Re Chelsea Manning on the far right, state surveillance and their lessons for Australia | US news | The Guardian Dave Farber (Aug 08)
> Begin forwarded message:
>
> From: Geoff Kuenning <geoff () cs hmc edu>
> Subject: Re: [IP] Re Chelsea Manning on the far right, state surveillance and their lessons for Australia | US news |
> The Guardian
> Date: August 9, 2018 15:48:30 JST
> To: dave () farber net
>
> The essence of NP-hardness is that you can guess the answer to a problem that (as far as we know) can only be solved
> by exhaustive...

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Risks Digest 30.79 RISKS List Owner (Aug 08)
RISKS-LIST: Risks-Forum Digest Wednesday 8 August 2018 Volume 30 : Issue 79

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.79>
The current issue can also be...

Risks Digest 30.78 RISKS List Owner (Aug 01)
RISKS-LIST: Risks-Forum Digest Wednesday 1 August 2018 Volume 30 : Issue 78

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.78>
The current issue can also be...

Risks Digest 30.77 RISKS List Owner (Jul 30)
RISKS-LIST: Risks-Forum Digest Monday 30 July 2018 Volume 30 : Issue 77

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.77>
The current issue can also be...

Risks Digest 30.76 RISKS List Owner (Jul 20)
RISKS-LIST: Risks-Forum Digest Friday 20 July 2018 Volume 30 : Issue 76

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.76>
The current issue can also be...

Risks Digest 30.75 RISKS List Owner (Jul 14)
RISKS-LIST: Risks-Forum Digest Saturday 14 July 2018 Volume 30 : Issue 75

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> and
<http://catless.ncl.ac.uk/Risks/30.75>
The current issue can also be...

Risks Digest 30.74 RISKS List Owner (Jul 05)
RISKS-LIST: Risks-Forum Digest Thursday 5 July 2018 Volume 30 : Issue 74

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.74>
The current issue can also be...

Risks Digest 30.73 RISKS List Owner (Jun 26)
RISKS-LIST: Risks-Forum Digest Tuesday 26 June 2018 Volume 30 : Issue 73

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.73>
The current issue can also be...

Risks Digest 30.72 RISKS List Owner (Jun 12)
RISKS-LIST: Risks-Forum Digest Tuesday 12 June 2018 Volume 30 : Issue 72

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.72>
The current issue can also be...

Risks Digest 30.71 RISKS List Owner (Jun 05)
RISKS-LIST: Risks-Forum Digest Tuesday 5 May 2018 Volume 30 : Issue 71

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.71>
The current issue can also be...

Risks Digest 30.70 RISKS List Owner (May 26)
RISKS-LIST: Risks-Forum Digest Saturday 26 May 2018 Volume 30 : Issue 70

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.70>
The current issue can also be...

Risks Digest 30.69 RISKS List Owner (May 16)
RISKS-LIST: Risks-Forum Digest Wednesday 16 May 2018 Volume 30 : Issue 69

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.69>
The current issue can also be...

Risks Digest 30.68 RISKS List Owner (May 05)
RISKS-LIST: Risks-Forum Digest Saturday 5 May 2018 Volume 30 : Issue 68

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.68>
The current issue can also be...

Risks Digest 30.67 RISKS List Owner (Apr 29)
RISKS-LIST: Risks-Forum Digest Sunday 29 April 2018 Volume 30 : Issue 67

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.67>
The current issue can also be...

Risks Digest 30.66 RISKS List Owner (Apr 22)
RISKS-LIST: Risks-Forum Digest Sunday 22 April 2018 Volume 30 : Issue 66

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.66>
The current issue can also be...

Risks Digest 30.65 RISKS List Owner (Apr 14)
RISKS-LIST: Risks-Forum Digest Saturday 14 April 2018 Volume 30 : Issue 65

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.65>
The current issue can also be...

BreachExchange — BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Attackers could ‘faxploit’ all-in-one printer to penetrate network and steal data Destry Winant (Aug 14)
https://www.csoonline.com/article/3297240/security/attackers-could-faxploit-all-in-one-printer-to-penetrate-network-and-steal-data.html#tk.rss_news

That all-in-one printer of yours may have fax capabilities that
attackers could exploit by sending maliciously crafted image data via
fax in order to take control of the printer, penetrate your network,
and exfiltrate files. That’s what Check Point researchers Yaniv Balmas
and Eyal Itkin warned...

Critical vulnerability in Oracle Database, patch without delay! Destry Winant (Aug 14)
https://www.helpnetsecurity.com/2018/08/13/cve-2018-3110/

Oracle is urging users to patch their Oracle Database installations to
plug a critical security issue that can result in complete compromise
of the Oracle Database and shell access to the underlying server.

About the vulnerability (CVE-2018-3110)

The vulnerability (CVE-2018-3110) affects Oracle Database versions
11.2.0.4 and 12.2.0.1 on Windows and is apparently easy to exploit,
but can...

Where You Store Your Data and Why it Matters Destry Winant (Aug 14)
http://itbusinessnet.com/article/Where-You-Store-Your-Data-and-Why-it-Matters-5527636

Unless you live out in the wilderness, completely cut off from modern
society, your personal data has probably been compromised at some
point. Most only become aware of this fact when a huge data breach
like the one Equifax experienced in 2017 comes to light. That breach
compromising the sensitive information of 143 million Americans and
put them at risk for...

Can cramming code with bugs make it more secure? Some think so Destry Winant (Aug 14)
https://www.welivesecurity.com/2018/08/13/cramming-code-bugs-secure/

Researchers at New York University have come up with an unconventional
defensive technique that could ultimately deter attackers from even
trying to write exploits targeting software vulnerabilities.

In a departure with the usual ways of addressing bugs, which normally
involve eliminating known vulnerabilities or adding mitigations to
render their exploitation less...

New Variant of Dharma Ransomware Discovered Destry Winant (Aug 13)
https://latesthackingnews.com/2018/08/13/new-variant-of-dharma-ransomware-discovered/

Once again, the infamous Dharma ransomware appears all set to begin a
massive infection campaign. It comes back as a new Dharma ransomware
variant that encrypts data files with a different file extension. The
malware, after entering the system, now encrypts all files with a .cmb
extension.

New Dharma Ransomware Variant Flaunts .cmb Encryption

Researcher...

Expert Warns that Hacked Satellite Systems Could be Used to Launch Microwave-Like Attacks Destry Winant (Aug 13)
https://hackercombat.com/expert-warns-that-hacked-satellite-systems-could-be-used-to-launch-microwave-like-attacks/

A cybersecurity researcher has pointed out, at the Black Hat
conference in Las Vegas, that if hackers lay hands on the satellite
systems used by ships, planes etc, they could use the same to carry
out microwave-like attacks.

The researcher, Ruben Santamarta, has clarified that such satellite
systems, which are used by ships,...

Hi-de-Hack! Redcoats red-faced as Butlin's holiday camp admits data breach hit 34, 000 Destry Winant (Aug 13)
https://www.theregister.co.uk/2018/08/10/butlins_data_breach/

Updated Holiday camp and British institution Butlin's has admitted
34,000 visitor records have been compromised.

Guest names, holiday dates, postal addresses, email and telephone
numbers have been exposed. Butlin's said payment card details are not
at risk.

The breach was the result of staff responding to a phishing email that
posed as a message from the local council. All...

Adams County data breach exposed personal information of up to 250, 000 people Destry Winant (Aug 13)
https://www.wisconsinrapidstribune.com/story/news/2018/08/10/adams-county-data-breach-exposed-information-up-250-000-people/956200002/

ADAMS COUNTY - A data breach exposed the names, addresses, personal
information and even photographs of more than 250,000 people with
information on Adams County computer systems.

Officials in a statement on Friday said they do not have evidence that
personal data was stolen, but urged those affected by the...

Millions of health records exposed to public in Mexico Destry Winant (Aug 10)
https://pharmaphorum.com/news/health-records-publically-exposed/

A German cyber security enthusiast says he discovered an unprotected
online healthcare database and gained access to 2.3 million Mexican
patients records including their personal information and health
reports.

Bob Diachenko, cyber security and IT enthusiast from Germany
discovered the database which held personal entries of patients from
Michoacán state in Mexico has been freely...

The four most popular methods hackers use to spread ransomware Destry Winant (Aug 10)
https://www.itproportal.com/features/the-four-most-popular-methods-hackers-use-to-spread-ransomware/

Organizations from COSCO to FedEx, local governments from Atlanta to
Alaska, and several hospitals and law firms around the world all share
a common, jarring experience - in the past year, all of these
organizations have watched as malicious software took over their
networks and demanded a ransom payment, while disrupting their
business service...

Four Ways to Mitigate Cyber Risks for ERP Applications Destry Winant (Aug 10)
https://www.securityweek.com/four-ways-mitigate-cyber-risks-erp-applications

A confluence of factors is putting hundreds of thousands of
implementations of Enterprise Resource Planning (ERP) applications at
risk of cyber attacks. These factors include the following:

● Cyber attackers can focus their efforts. The vast majority of large
organizations have implemented ERP applications from one of two market
leaders – SAP and Oracle. This means...

Cyber-attack! Would your firm handle it better than this? Destry Winant (Aug 10)
https://www.bbc.co.uk/news/technology-44482380

What's it like being the victim of a live cyber-attack? What should
you do to protect your company from further damage? And should you pay
that ransom demand? Technology of Business eavesdropped on a "war
games" exercise hosted by cyber security firm Forcepoint that was
based on lots of real-life experiences.

Scenario

IT staff at fictional High Street optician Blink Wink's head...

5 Things Your Average Employee Doesn't Know About IT Destry Winant (Aug 10)
http://it.tmcnet.com/topics/it/articles/2018/08/09/439080-5-things-average-employee-doesnt-know-it.htm

5 Surprisingly Basic IT Truths Your Average Employee Doesn’t Know

When you’ve spent a career working with computers, networking systems,
and the internet, it’s hard to imagine that there are people out there
who know absolutely nothing about the most basic topics and issues.

While merely problematic most of the time, this lack of...

Hey, you know what a popular medical record system doesn't need? 23 security vulnerabilities Destry Winant (Aug 09)
https://www.theregister.co.uk/2018/08/07/openemr_vulnerabilities/

Fresh light has been shed on a batch of security vulnerabilities
discovered in the widely used OpenEMR medical records storage system.

A team of researchers at Project Insecurity discovered and reported
the flaws, which were patched last month by the OpenEMR developers in
version 5.0.1.4. With the fixes now having been out for several weeks,
the infosec crew on Tuesday publicly...

300, 000 Records Found at Hospital Slated for Demolition Destry Winant (Aug 09)
https://www.careersinfosecurity.com/300000-records-found-at-hospital-slated-for-demolition-a-11293

Documents containing information on more than 300,000 patients were
recently discovered on the former campus of a Missouri hospital that's
being prepared for demolition four years after the hospital moved to
new facilities. The incident illustrates the need to track all paper
records that contain protected health information.

In statement...

Metasploit — Development discussion for Metasploit, the premier open source remote exploitation tool

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

nullcon se7en CFP is open nullcon (Aug 25)
Dear Friends,

Welcome to nullcon se7en!

$git commit -a <sin>

<sin> := wrath | pride | lust | envy | greed | gluttony | sloth

nullcon is an annual security conference held in Goa, India. The focus
of the conference is to showcase the next generation of offensive and
defensive security technology. We happily open doors to researchers
and hackers around the world working on the next big thing in security
and request...

Ruxcon 2015 Final Call For Presentations cfp (Jul 05)
Ruxcon 2015 Final Call For Presentations
Melbourne, Australia, October 24-25
CQ Function Centre

http://www.ruxcon.org.au

The Ruxcon team is pleased to announce the first round of Call For Presentations for Ruxcon 2015.

This year the conference will take place over the weekend of the 24th and 25th of October at the CQ Function Centre,
Melbourne, Australia.

The deadline for submissions is the 15th of September, 2015.

.[x]. About Ruxcon .[x]....

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

• Current Month
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Re: Parsing openflow Avi Cohen (A) (Aug 14)
Thank you Dario

From: Wireshark-dev [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Dario Lombardo
Sent: Tuesday, 14 August, 2018 2:50 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Parsing openflow

Hi Avi
Have a look at tshark and its -E and -e options. That could do the job.

Hi
I need to capture open-flow msgs (e.g FLOW_MOD to add new flows) from controller to vSwitch ,
And to generate e.g. a *file*...

Re: Parsing openflow Dario Lombardo (Aug 14)
Hi Avi
Have a look at tshark and its -E and -e options. That could do the job.

Parsing openflow Avi Cohen (A) (Aug 14)
Hi
I need to capture open-flow msgs (e.g FLOW_MOD to add new flows) from controller to vSwitch ,
And to generate e.g. a *file* which its rows are the captured flows and its columns are the flow header fields e.g.
column 1 source-mac , column 2 dest-mac , column 3 source-IP etc.. - whenever a field is not relevant I can set the
fields as FFFF (don't care)
Also the action (actions) should be put in a column
I need this file as an...

Re: Gerrit - code review window Jaap Keuter (Aug 12)
Well, obviously I’m looking at the New UI, since Poly Gerrit is going to be the new default UI.
From the release notes:
2.16 (In development)

GWT UI is deprecated.

PolyGerrit is now the default UI.

Re: Gerrit - code review window Peter Wu (Aug 12)
Hi Jaap,

I do not observe the change you reported. If it is a change of defaults,
note that you can change it as follows:

1. In the right top corner in a side-by-side diff, press the settings
icon (next to the arrows for navigating through files).
2. Ensure that "Line Wrapping" is set to Off.

This is the case with the "Old UI". If you are looking at the "New UI"
(which says "PolyGerrit" in the top...

Gerrit - code review window Jaap Keuter (Aug 11)
Hi,

A change I noticed is the way side-by-side code is presented in the code review window.
This used to be two evenly spaced columns on the screen with horizontal scroll bars when the lines were longer than the
available width. Both scrollbars were synchronised to help sideways navigation.
The new code review window has a width that also defines the word-wrap width, and no horizontal scroll bars anymore. I
particularly don’t like word...

Re: Display more digits for NTP packet's root dispersion Martin Burnicki (Aug 09)
Dario Lombardo wrote:

Thanks, done:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15049

Re: Gerrit problems ? Gerald Combs (Aug 08)
This might be related to https://bugs.chromium.org/p/gerrit/issues/detail?id=8765, although the observed behavior in
the bug doesn't quite match ours. I'll see if I can fix it by setting sendemail.replyToAddress.

Re: New commit emails after gerrit update Dario Lombardo (Aug 08)
Perfect, thanks!

Re: New commit emails after gerrit update Gerald Combs (Aug 08)
Over time Gerrit has been migrating its backend storage from SQL to git:

https://gerrit.googlesource.com/homepage/+/md-pages/docs/Notedb.md

For us this means that the commit email script gets triggered due to more kinds of activity. I updated it to send email
only when refs/changes/* and refs/tags/* are updated, which should match its old behavior.

New commit emails after gerrit update Dario Lombardo (Aug 08)
I'm receiving emails like this for every commit email message for merged
changes.
What do they exactly mean? Are they useful or not? Maybe I'm missing
something but they don't seem really useful to me.

---------- Forwarded message ---------
From: Wireshark code review <code-review-do-not-reply () wireshark org>
Date: Wed, Aug 8, 2018 at 5:07 PM
Subject: [Wireshark-commits] refs/notes/review fc504be: Update notes for...

Re: Display more digits for NTP packet's root dispersion Dario Lombardo (Aug 08)
On Wed, Aug 8, 2018 at 9:39 AM Martin Burnicki <martin.burnicki () meinberg de>
wrote:

This makes sense to me. If you can now log in into bugzilla, can you file a
bug with a pcap attached? I could give it a look (add me to the bug).

Re: Gerrit problems ? Dario Lombardo (Aug 08)
I'm observing the same in Peter's last change, merged by Anders. I was
notified because of my gerrit filters, but not directly involved.

Re: Gerrit problems ? Jaap Keuter (Aug 08)
I’m not sure what to make of this but I noticed the following:
After having a (rather unremarkable) change (28995) accepted and merged by Anders (thanks Anders!) I received the
usual two emails about this (Code-Review +2, Merged). The remarkable thing is that the emails have an impressive
Reply-To list, with all kinds of people on them, who, apart from Anders, have not shown any interest in this change.
Before the upgrade this was only the...

Re: Gerrit problems ? Peter Wu (Aug 08)
Hi Dylan.

Githun and Google accounts were not properly migrated, that should be
fixed now. Seven other users accidentally created a new account (you,
Craig, Robert and four other core developers), those are deleted now.

Let us know if you see any problems, thanks!

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Re: Multiple signature 009 Marcos Rodriguez (Aug 14)
Hi Yaser,

Your submissions are much appreciated! We'll get these into our testing
process and get back to you as soon as possible. We'd appreciate any pcaps
you'd be willing to share. Thanks again!

Marcos Rodriguez
Cisco Talos

Multiple signature 009 Y M via Snort-sigs (Aug 14)
Hi,

Pcaps for some the signatures are available.

Below are additional references for SID 8000101 - Win.Trojan.Autophyte (SID:46970), which was posted on April 2018:
http://taylor-blog.issuemakerslab.com/2018/06/continue-to-distribute-malicious-code.html
http://taylor-blog.issuemakerslab.com/2018/07/malware-disguised-as-company-document.html

# --------------------
# Date: 2018-08-07
# Title: Andr.Ransomware.Koler / Andr.Ransomware.Svpeng
#...

Snort Subscriber Rules Update 2018-08-14 Research (Aug 14)
Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2018-8266:
A coding deficiency exists in Microsoft Chakra Scripting Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47490 through 47491.

Microsoft Vulnerability...

Re: Machine Learning preprocessor for Snort Costas Kleopa (ckleopa) via Snort-devel (Aug 14)
And to add to Carter’s comment, currently we have not added any machine learning capabilities in the open source snort
as a preprocessor but we have that on our roadmap.

Thanks
Costas

From: Snort-devel <snort-devel-bounces () lists snort org> on behalf of "Carter Waxman (cwaxman) via Snort-devel"
<snort-devel () lists snort org>
Reply-To: "Carter Waxman (cwaxman)" <cwaxman () cisco com>
Date: Tuesday,...

Re: Machine Learning preprocessor for Snort Carter Waxman (cwaxman) via Snort-devel (Aug 14)
Might I suggest trying to build this as an inspector in Snort 3? Plugin development is far simpler:

Define a Module subclass – This defines your configuration.
Define an Inspector subclass – This runs your packet processing code
Define the InspectApi – This provides the loading hooks and define what you want delivered to the Inspector and how
Build against your Snort 3 installation
Drop the .so in your dynamic plugin folder and run

Take a...

Machine Learning preprocessor for Snort Hossein Torbat via Snort-devel (Aug 14)
Dear Snort Developers,
We are trying to integrate our Machine Learning traffic detection algorithm
(written in python) to snort as a preprocessor component, but as we are new
to snort, I want to know if there were any previous effort for adding a
similar algorithm to snort, or are there any guide which can help us to
develop this faster.

Thanks,
H.Torbat

Snort Subscriber Rules Update 2018-08-09 Research (Aug 09)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the browser-ie,
browser-plugins, malware-cnc and server-webapp rule sets to provide
coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

[Sort-users] Need help snort and syslog kamal Ezzaki via Snort-users (Aug 09)
have someone an idea about the good configuration to make snort send log to
syslog and syslog accept it
i tried this confuguration but nothing happend
i putted the question in askubuntu
https://askubuntu.com/questions/1063870/snort-and-syslog
plase can someone help me

Snort alerting to unix socket Ľubomír Bielik via Snort-users (Aug 09)
Hello, has anyone successfully made Snort alert to unix socket, with
connection to some other program?

I am trying to connect Snort and Logstash. Snort is sending alerts to
'/var/log/snort/snort_alert' and Logstash is reading the same socket.

I have tested that Snort is really sending these sockets with perl
script, and I am able to receive sockets in Logstash with 'nc -U
/var/log/snort/snort_alert'.

However i am unable to...

Re: Snort.org Blog: Snort VRT Default Ruleset Rebalancing Patrick Mullen (Aug 08)
ruleset.

October/011538.html) discribes,

that might be covered by a rule."

Temporal or Environmental?

Delores,

We use the base score, as that is unchanging. The temporal score
incorporates time and other considerations and environmental incorporates
items specific to a network that we are not privy to.

In reality, we use the CVSS score plus our own judgement to determine when
a rule should be included. Generally speaking, we...

Alert mode with unified2 mode kamal Ezzaki via Snort-users (Aug 08)
hello , i just need to configure my settings to work with alert mode and
unified2 mode
mean that's in the output i want the both files alert and snort.u2
please help

Snort Subscriber Rules Update 2018-08-07 Research (Aug 07)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the browser-other,
file-image, file-office, file-other, file-pdf, indicator-compromise,
malware-cnc, malware-other and server-webapp rule sets to provide
coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:...

Re: (no subject) Joel Esler (jesler) via Snort-users (Aug 07)
Amount of unsubscribe requests for the month or so I had the list moderated? 2.

Sent from my iPhone

Please visit https://lists.snort.org/mailman/listinfo/snort-users to unsubscribe yourself.

Cheers!

2018-08-06 23:26 GMT+02:00 Murtuza Dholkawala via Snort-users <snort-users () lists snort org<mailto:snort-users ()
lists snort org>>:
Please unsubscribe me

thanks

Re: (no subject) Joel Esler (jesler) via Snort-users (Aug 07)
I turned off moderation for less than 12 hours, and already....

Sent from my iPhone

Please visit https://lists.snort.org/mailman/listinfo/snort-users to unsubscribe yourself.

Cheers!

2018-08-06 23:26 GMT+02:00 Murtuza Dholkawala via Snort-users <snort-users () lists snort org<mailto:snort-users ()
lists snort org>>:
Please unsubscribe me

thanks

Re: (no subject) Dreddnar Naruk via Snort-users (Aug 07)
Please visit https://lists.snort.org/mailman/listinfo/snort-users to
unsubscribe yourself.

Cheers!

2018-08-06 23:26 GMT+02:00 Murtuza Dholkawala via Snort-users <
snort-users () lists snort org>: