SecLists.Org Security Mailing List Archive

Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:

Insecure.Org Lists

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

Compile nmap for android Utkarsh Anand (Jun 11)
I am working on a project to make nmap for android using python , kivy and
Python for android. I am using python-nmap module for this. It works file
in my laptop but when I compile it for android using buildozer it does'nt
work on my phone and the app crashes. Please help me regarding this. For
more details about the problem and log please refer to this link.
https://github.com/kivy/buildozer/issues/675

Waiting to hear back from you......

[no subject] shivaceh123 (Jun 09)
Sent via the Samsung Galaxy S7 edge, an AT&T 4G LTE smartphone_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

NMAP for Mac -> Zenmap 64bit Klaus-J Luksch (Jun 07)
Hi all.

While starting 32-bit-Applications my Mac tells me that they might not run any longer in the future. Apple wants us to
run 64-bit-Apps only.

Since a while I'm busy in finding and updating apps. Till now I had no success with NMAP resp. the frontend Zenmap
(nmap itself seems to be in 64 bit version).

Because I work in CyberSecurity I use NMAP very often and I need to run it even with newer Mac OSX versions (even beta).

Is there...

NMAP crash David Brown (Jun 07)
Version: 7.60
Traceback (most recent call last):
File "zenmapGUI\MainWindow.pyo", line 707, in _save_scan_results_cb
File "zenmapGUI\MainWindow.pyo", line 797, in _save
File "zenmapCore\RecentScans.pyo", line 168, in add_recent_scan
File "zenmapCore\RecentScans.pyo", line 159, in save
IOError: [Errno 13] Permission denied: u'C:\\Users\\dkbro\\.zenmap\\recent_scans.txt'

Dave Brown
System...

OperationalError: database is locked Jezior Zbigniew (Jun 07)
Version: 7.70
Traceback (most recent call last):
File "zenmapGUI\App.pyo", line 185, in _destroy_callback
File "zenmapCore\UmitDB.pyo", line 407, in <module>
File "zenmapCore\UmitDB.pyo", line 406, in verify_db
File "zenmapCore\UmitDB.pyo", line 283, in create_db
OperationalError: database is locked

Cross-compiling Nmap Script Engine with Buildroot mail (May 29)
Dear all,

I'm trying to cross-compile Nmap Script Engine with Buildroot (towards
ARM RPi3 image); yet, the nmap package for Buildroot
(https://github.com/buildroot/buildroot/tree/master/package/nmap) is
missing NSE support.

By forcing the --with-liblua=included tag into the package's configure
options (following this threat for enabling NSE on OpenWRT:
http://seclists.org/nmap-dev/2018/q2/0), nmap seems to build normally....

Version: 7.70 Traceback (most recent call last): File "zenmapGUI\ScanInterface.pyo", line 458, in start_scan_cb File "zenmapGUI\ScanInterface.pyo", line 561 p.henriqueribeiro () bol com br (May 29)

Reverse DNS lookup for private IPs error Eduardo Ocete (May 29)
Hi!

So the issue that I've encountered is that when a public DNS server is
added to the resolv.conf file, below the entry of a private DNS server,
Nmap doesn't resolve the hostname as expected.

This is the resolv.conf file configuration that makes the rDNS lookup fail:

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by
resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is...

Crash in libssh with certain SSH scripts Daniel Cater (May 28)
Hello,

$ nmap -V
Nmap version 7.70 ( https://nmap.org )
Platform: x86_64-unknown-linux-gnu
Compiled with: nmap-liblua-5.3.3 openssl-1.0.2g nmap-libssh2-1.8.0
libz-1.2.8 libpcre-8.38 libpcap-1.7.4 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select

On a job recently Nmap 7.70 kept crashing during the NSE phase, and after a
while of debugging it, I narrowed it down to one particular host with TCP
port 22 open. From...

Re: output missing? Paulino Calderon (May 18)
Hey,

There is a --reason option you can use to make Nmap return this information to you.

[1] https://nmap.org/book/man-briefoptions.html

output missing? Mike . (May 18)
hello. i have sent 2-3 past emails/posts with not a response (one even being a script error). not sure what gives so if
this one doesnt get anything, i wont bother anymore. just wondering how i can ALWAYS get this output in a scan Reason:
42058 resets and 7941 no-responses

the REASON part is what i want on each scan, and as you can see it doesnt always happen

Host is up, received arp-response (0.0041s latency).

PORT STATE SERVICE...

Updates to TN3270 NSE Library Phil Young (May 17)
Hi All,

Just submitted pull request 1218 https://github.com/nmap/nmap/pull/1218 <https://github.com/nmap/nmap/pull/1218> which
fixes a 3 year old bug in the way the screens are being rendered. This was previous fixed with a quick fix. That broke
the entire library and all scripts that required specific cursor placement. This pull request fixes that issue as well
as fixing the screen rendering issue....

Port 6668 chkvmi+g2vcgf8--- via dev (May 16)
Hello,

i made a scan on one of my machines whose had the port 6668 open. Nmap identified it as IRC?, but the port 6668 is the
IRC from I2P.

Probably you guys already know about this but i just wanted to make sure. Thanks for the amazing tool.

----
Sent using Guerrillamail.com
Block or report abuse: https://www.guerrillamail.com//abuse/?a=RURiJQMNQqRbhxyz

Crash Report Lee Roberts (May 16)
Version: 7.40
Traceback (most recent call last):
File
"/Applications/Applications/Zenmap.app/Contents/Resources/lib/python2.7/site-packages/zenmapGUI/App.py",
line 178, in _destroy_callback
from zenmapCore.UmitDB import UmitDB
File
"/Applications/Applications/Zenmap.app/Contents/Resources/lib/python2.7/site-packages/zenmapCore/UmitDB.py",
line 400, in <module>
verify_db()
File...

install fails on win10 pro 1803 build 17134.48 guy (May 16)

Version: 7.70

Traceback (most recent call last):

File "zenmap", line 189, in <module>

File "zenmapGUI\App.pyo", line 358, in run

File "zenmapGUI\App.pyo", line 194, in new_window

File "zenmapGUI\MainWindow.pyo", line 152, in <module>

File "zenmapGUI\ScanInterface.pyo", line 156, in <module>

File "zenmapGUI\TopologyPage.pyo", line 132, in...

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.

Nmap 7.70 released! Better service and OS detection, 9 new NSE scripts, new Npcap, and much more. Fyodor (Mar 20)
Nmap Community,

We're excited to make our first Nmap release of 2018--version 7.70! It
includes hundreds of new OS and service fingerprints, 9 new NSE scripts
(for a total of 588), a much-improved version of our Npcap windows packet
capturing library/driver, and service detection improvements to make -sV
faster and more accurate. And those are just a few of the dozens of
improvements described below.

Nmap 7.70 source code and binary...

Nmap GSoC 2017 Success Reports Fyodor (Oct 10)
Hello Nmap Community,

Nmap celebrated its 20th birthday last month and we also just completed our
13th Google Summer of Code. We focused on a fairly small team of four
students this year (http://seclists.org/nmap-announce/2017/2), and I'm
happy to report that every one passed! And they all have code integrated
into Nmap 7.60 already, with even more to follow for the next release.
Also this year, for the first time, every student wrote a...

Nmap 7.60 released! SSH support, SMB2/SMB3 improvements, 14 more scripts, new Npcap, GSoC work, and more Fyodor (Aug 01)
Hello everyone. I'm back from Defcon and excited to announce the new Nmap
7.60 release! It has only been a month and a half since 7.50, but we still
packed a lot into this one. Mostly because we have such an awesome GSoC
team of 8 students and mentors working on so many cool projects. The
program hasn't even ended yet, but much of their work has already been
integrated into this release.

One of the things I'm most excited...

Nmap 7.50 Released! 14 new NSE scripts, 300+ fingerprints, new Npcap, and more Fyodor (Jun 13)
Dear Nmap Community:

The Nmap project is delighted to announce the release of Nmap 7.50! It is
our first big release since last December and has hundreds of improvements
that we hope you will enjoy.

One of the things we have been worked the hardest on recently is our Npcap
packet capturing driver and library for Windows (https://nmap.org/npcap/).
It is a replacement for WinPcap, which served us well for many years, but
is no longer maintained....

Introducing the 2017 Nmap/Google Summer of Code Team! Fyodor (May 18)
Nmap community:

Thanks for all of your applications and referrals of talented students to
the Summer of Code program. Google has agreed to sponsor four students to
spend this summer enhancing the Nmap Security Scanner and I'm proud to
introduce our 2017 team! We normally mentor coders working all over the
Nmap/Zenmap/Ncat/Nping spectrum, but this year we're doubling down on the
Nmap Scripting Engine component. All four of our...

Nmap Project Seeking Talented Programmers for GSoC 2017 Fyodor (Mar 27)
Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're one...

Nmap GSoC 2016 Success Report Fyodor (Feb 07)
Happy belated new year from the Nmap Project! I'd like to take this
opportunity to send you the belated results from our 2016 Summer of Code
team. I was going to send them right after the program finished, but some
of the students were still finishing some great things so I decided to
wait. As you may recall from the team intro mail (
http://seclists.org/nmap-announce/2016/2), we had 5 students last year and
I'm happy to report that...

Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

Other Excellent Security Lists

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

CA20180614-01: Security Notice for CA Privileged Access Manager Williams, Ken (Jun 14)
CA20180614-01: Security Notice for CA Privileged Access Manager

Issued: June 14th, 2018
Last Updated: June 14th, 2018

CA Technologies Support is alerting customers to multiple potential
risks with CA Privileged Access Manager. Multiple vulnerabilities
exist that can allow a remote attacker to conduct a variety of attacks.
These risks include seven vulnerabilities privately reported within
the past year to CA Technologies by security...

CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018 Branco, Rodrigo (Jun 14)
<<< application/pkcs7-mime: EXCLUDED >>>

WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005 Michael Catanzaro (Jun 14)
------------------------------------------------------------------------
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005
------------------------------------------------------------------------

Date reported : June 13, 2018
Advisory ID : WSA-2018-0005
WebKitGTK+ Advisory URL :
https://webkitgtk.org/security/WSA-2018-0005.html
WPE WebKit Advisory URL :...

[SECURITY] [DSA 4228-1] spip security update Sebastien Delafond (Jun 14)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4228-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
June 14, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : spip
CVE ID : CVE-2017-15736
Debian Bug :...

APPLE-SA-2018-06-13-01 Xcode 9.4.1 Apple Product Security (Jun 14)
APPLE-SA-2018-06-13-01 Xcode 9.4.1

Xcode 9.4.1 is now available and addresses the following:

Git
Available for: macOS High Sierra 10.13.2 or later
Impact: Multiple issues in git, the most significant of which may
lead to arbitrary code execution
Description: Multiple issues existed in git. These issues were
addressed by updating git to version 2.15.2.
CVE-2018-11235: Etienne Stalmans
CVE-2018-11233

Installation note:

Xcode 9.4.1 may be...

Multiple Security Issues in Ecos Secure Boot Stick (SBS) Michael Rossberg (Jun 13)
MULTIPLE SECURITY ISSUES IN ECOS SECURE BOOT STICK (SBS)

- Software: Ecos Secure Boot Stick
- Version: Stick Version 5.6.5, System Management Version 5.2.68
- Vendor Status: Vendor informed
- Release Date: 13/06/2018

The latest version of this document may be downloaded from
https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html. A German version
may be found below.

1. General Overview

The Ecos Secure Boot Stick shall provide...

Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS) CVE-2018-11689 yavuz atlas (Jun 13)
I. VULNERABILITY
-------------------------
Samsung Web Viewer for Samsung DVR Reflected Cross Site Scripting (XSS)

II. CVE REFERENCE
-------------------------
CVE-2018-11689

III. REFERENCES
-------------------------
https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11689

IV. CREDIT
-------------------------
Yavuz Atlas - Biznet Bilisim
http://www.biznet.com.tr/biznet-guvenlik-duyurulari

V. DESCRIPTION
-------------------------
Samsung Web...

CSNC-2018-021 - Vert.x - HTTP Header Injection Advisories (Jun 13)
#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: Vert.x [1]
# CSNC ID: CSNC-2018-021
# Subject: HTTP Header Injection
# Risk: Medium
# Effect: Remotely exploitable
# Author: Lukasz D. (advisories () compass-security com)
# Date: 12.06.2018
#...

[SECURITY] [DSA 4227-1] plexus-archiver security update Salvatore Bonaccorso (Jun 12)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4227-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 12, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : plexus-archiver
CVE ID : CVE-2018-1002200
Debian...

DefenseCode ThunderScan SAST Advisory: WordPress WP Google Map Plugin Multiple SQL injection Security Vulnerabilities Defense Code (Jun 12)
DefenseCode ThunderScan SAST Advisory: WordPress WP Google Map Plugin
Multiple SQL injection Security Vulnerabilities

Advisory ID: DC-2018-05-002
Advisory Title: WordPress WP Google Map Plugin Multiple SQL injection
Vulnerabilities
Advisory URL: http://www.defensecode.com/advisories.php
Software: WordPress WP Google Map plugin
Language: PHP
Version: 4.0.4 and below
Vendor Status: Vendor contacted, no response
Release...

DefenseCode ThunderScan SAST Advisory: WordPress Ultimate Form Builder Lite Plugin Multiple Vulnerabilities (XSS and SQLi) Defense Code (Jun 12)
DefenseCode ThunderScan SAST Advisory: WordPress Ultimate Form Builder
Lite Plugin Multiple Vulnerabilities (XSS and SQLi)

Advisory ID: DC-2018-05-009
Advisory Title: WordPress Ultimate Form Builder Lite Plugin Multiple
Vulnerabilities (XSS and SQLi)
Advisory URL: http://www.defensecode.com/advisories.php
Software: WordPress Ultimate Form Builder Lite plugin
Language: PHP
Version: 1.3.7 and below
Vendor Status: Vendor...

[SECURITY] [DSA 4226-1] perl security update Salvatore Bonaccorso (Jun 12)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4226-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
June 12, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : perl
CVE ID : CVE-2018-12015
Debian Bug :...

AST-2018-008: PJSIP endpoint presence disclosure when using ACL Asterisk Security Team (Jun 12)
Asterisk Project Security Advisory - AST-2018-008

Product Asterisk
Summary PJSIP endpoint presence disclosure when using ACL
Nature of Advisory Unauthorized data disclosure
Susceptibility Remote Unauthenticated Sessions
Severity Minor...

AST-2018-007: Infinite loop when reading iostreams Asterisk Security Team (Jun 12)
Asterisk Project Security Advisory - AST-2018-007

Product Asterisk
Summary Infinite loop when reading iostreams
Nature of Advisory Denial of Service
Susceptibility Remote Authenticated Sessions
Severity Critical...

[SRP-2018-01] Reverse engineering tools for ST DVB chipsets (public release) Security Explorations (Jun 11)
Hello All,

We have decided to release to the public domain our SRP-2018-01 security
research project related to the security of STMicroelectronics chipsets.

The research material (70+ pages long technical paper accompanied by two
reverse engineering tools) can be downloaded from the SRP section of our
portal (Past SRP materials):

http://www.security-explorations.com/en/srp.html

The release of SRP-2018-01 is a direct consequence of the...

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

SAINTCON 2018 CFP - Sep 25-28, Provo Utah Troy Jessup (Jun 12)
SAINTCON 2018 - Call for Papers

INTRODUCTION
SAINTCON is Utah's best annual Security Conference and Training Event. The Conference spans 4 days and includes a
large variety of content and events making it very diverse and covers a large variety of security related areas of
interest. SAINTCON is a community conference administered by the Utah Chapter of the Security Advisory and Incident
Network Team (UtahSAINT).

Site:...

INFILTRATE Video Release! Ben Watson. David Aitel (May 29)
https://vimeo.com/269252626

Back to the future: Going back in time to abuse Android’s JIT, Benjamin
Watson, INFILTRATE 2018

There's a lot of different uses of "exploit-like" thinking, which is a
kind of rapid-fire scrappy engineering, like building a campsite before
darkness in the zombie-infested wilderness with only the tools you
brought with you, which consist of a pocket knife, some para-cord, and a
pile of soggy...

Project Grapple Dave Aitel (May 23)
https://www.local10.com/sports/liberty-city-kids-form-unlikely-team-combining-2-sports-while-learning-life-lessons-

https://www.flograppling.com/video/6044979-project-grapple-the-jiu-jitsu-non-profit-changing-lives

https://www.instagram.com/project_grapple/

Hi everyone! So for those of you who come to INFILTRATE
<https://infiltratecon.com/fun/>, or attend any of Jeremiah Grossman's
<...

The 6th Annual Volatility Plugin Contest and the Inaugural Volatility Analysis Contest! Andrew Case (May 23)
We are excited to announce that the 2018 Volatility Plugin Contest and the inaugural Volatility Analysis Contest are
now accepting submissions until October 1, 2018. Winners of each contest will receive over $2,500 in cash prizes and
the highly coveted Volatility swag (t-shirts, stickers, etc.)!

Full details can be found on our blog post:

https://volatility-labs.blogspot.com/2018/05/the-6th-annual-volatility-plugin.html

Please let us know...

Re%3A Alternatives to viruscheckmate&In-Reply-To=<CAOjDnn%3D4%3DRkj%2Br1KPksJURXND4hQOmNirwLRcgtnbyeZHWMbXA%40mail.gmail.com> Alex Boldwin (May 23)
Hi Konrads,
I know:
hxxps://antiscan.me (https://link.getmailspring.com/link/1526990922.local-1f8df3dd-cfd9-v1.2.1-7e7447b6 ()
getmailspring com/0?redirect=https%3A%2F%2Fantiscan.me&recipient=ZGFpbHlkYXZlQGxpc3RzLmltbXVuaXR5aW5jLmNvbQ%3D%3D)
hxxps://scanmybin.net (https://link.getmailspring.com/link/1526990922.local-1f8df3dd-cfd9-v1.2.1-7e7447b6 ()
getmailspring...

t2'18: Call For Papers 2018 (Helsinki, Finland) Tomi Tuominen (May 17)
#
# t2'18 - Call For Papers (Helsinki, Finland) - October 25 - 26, 2018
#

Join us for the 15th anniversary celebrations on Oct 25-26! CFP and ticket
sales are now open.

To truly appreciate the full spectrum of cyber, one simply needs to visit
Helsinki. Sooner or later you need a break from the sunshine and warmth, and it
is exactly that contrast we can provide. Located halfway between Miami and
Singapore (the long way round), just 3200 km...

Alternatives to viruscheckmate Konrads Smelkovs (May 17)
Purely practical question - It would seem that virusheckmate is well dead.

Apart from maintaining 50 VMs to replicate it, are there decent
alternatives to do payload scan w/o releasing it to the clouds and vendor
sigs?

What is important? David Aitel (May 17)
https://vimeo.com/270394910

Attacking a co-hosted VM, Paul Fariello, Mehdi Talbi, INFILTRATE 2018

I find that I often have a distorted view of what the "most important"
INFILTRATE talk is every year. But since Immunity is merging with a data
center company, it does make sense to give extra points to a talk that
combines the "new hotness" of CPU-level attacks to show step by step how
to go from one guest VM to another guest...

INFILTRATE 2018: Ghost in the Locks David Aitel (May 02)
https://vimeo.com/267613809

Ghost in the locks, Tomi Tuominen, Timo Hirvonen, INFILTRATE 2018

This was one of our mystery talks this year, and I have to say, you'll
never trust your hotel room door again. :)

-dave

Strategic Keynote: Matt Tait David Aitel (May 02)
Matt Tait's INFILTRATE 2018 keynote: here <https://vimeo.com/267445424>,
is really about the intersection of two different strategic risk
bubbles. It is about a misunderstood or mis-articulated security
dilemma. On one hand, vulnerabilities which get auto-silently-patched do
not get used by attackers as N-day. On the other hand,
auto-silent-update systems are themselves a strategic risk of massive
impact, and one we've seen used...

Code vs bandwidth Konrads Smelkovs (May 02)
Some time ago Dave defended his very fat Trojan on the account that no one
cares if it’s 4 or 40 megs and then there was that discussion about
bandwidth and i’d like to tie it together:

“The more code and computing capacity you have closer to the object of
interest the less bandwidth you need and vice versa”.

I’ll illustrate this with a few basic examples:

Let’s say you want to portscan a subnet from a compromised PC. You can...

Trends and INFILTRATE David Aitel (Apr 30)
We got generally good feedback
<https://twitter.com/surkatty/status/990619671417286657> for INFILTRATE
but in my view conferences are less "Are they enjoyable?" and more "What
did people legitimately get out of it?"

One thing I really like about INFILTRATE is we are small enough that the
crowd is quite restricted to "People who find a heap overflow talk worth
watching, even if it's just to see what the speaker...

Transitions David Aitel (Mar 26)
So much of BJJ is about transitions from one position to another. For
example, when you have one kind of bugclass, and you apply a methodology
to transform that into another bugclass. For example, recently I saw a
talk during our INFILTRATE dry runs, where someone (not even hacking a
browser or using a scripting language of any kind!) used a "Write Once"
primitive to modify a particular structure such that it assumed the size
was...

To DARPA, re CGC! CC: Everyone else! :) Dave Aitel (Mar 22)
So this experiment is super interesting. And there's a ton of great new
fuzzers coming out. AND I DARE YOU TO PROVE TO ME THAT SMT STUFF IS NOT
JUST A HUGE WASTE OF TIME BY REDOING THIS EXPERIMENT WITH THEM! :)

In particular Angora looks extremely good. The paper is well worth a read:
https://arxiv.org/abs/1803.01307

Also note: The metric we want between different fuzzers is, "what bugs does
this one find that others don't"....

Re: Celebrations Matt Tait (Mar 12)
There is a fair argument that we overplay the visibility of the alcohol and
underplay the visibility of the healthy options (eg SAS had morning
exercise on the beach, lots of folks didn't drink at all etc), and that
might be off-putting to new folks entering the field.

No real problem with folks who use alcohol to blow off steam at these
conferences (hell, I had a *lot* of tequila on and off stage this past
week) but it's a good...

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

Hey there! Sierra - Black Hills Information Security (Apr 23)
<<< text/html: EXCLUDED >>>

Security Weekly Insider: You are now unsubscribed Paul Asadoorian (Feb 01)
** We have removed your email address from our list.
------------------------------------------------------------

We're sorry to see you go! Don't forget you can subscribe to all of our shows (RSS and iTunes) at
http://securityweekly.com (http://securityweekly)

Was this a mistake? Did you forward one of our emails to a friend, and they clicked the unsubscribe link not realizing
they were in fact unsubscribing you from this list? If...

WEBCAST: How To Test Endpoint Security Solutions (The Atomic Red Team Way) Security Weekly (Jan 26)
Is your endpoint solution working? Are you struggling to test quarterly, if at all?

Dear Security Weekly tribe,

Have you ever wondered if your endpoint security solution is working the way you expect? Have you tested your endpoint
solution, and if so how often? And when you test detection, have you moved past detonating a malware sample to see what
happens?

An emerging category in information security are solutions that allow you to test...

Security Weekly Webcast Paul Asadoorian (Jan 15)
Last Chance to Register!!

Dear Security Weekly Tribe!

Last Chance to register for this week’s webcast!

Tired of wasting your time sifting through logs for nothing in return? We know attackers borrow IP addresses but
control domains. Join Michael Santarcangelo and Paul Asadoorian as they poo-poo on logs and show you how to use this
insight to successfully pivot your way to a more powerful response. Joining this webcast is Taylor...

WEBCAST: The Power of the Pivot Paul Asadoorian (Jan 04)
Using domain names and DNS information to explore and thwart malicious infrastructure

Dear Security Weekly tribe,

Join Michael Santarcangelo (The Security Catalyst), Taylor Wilkes-Pierce from DomainTools and myself for our upcoming
webcast! We will discuss using domain names and DNS information to thwart malicious infrastructure.

Registration information:
Wednesday, January 17, 2018
3:00PM - 4:00pm ET
Register now: The Power of the Pivot (...

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

Microsoft Security Update Minor Revisions Microsoft (Jun 15)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: June 15, 2018
********************************************************************

Summary
=======

The following CVE has been revised in the May 2018 Security
Updates.

* CVE-2018-8245

Revision Information:
=====================

CVE-2018-8245

- Title: CVE-2018-8245 | Microsoft Publisher Remote Code Execution...

Microsoft Security Advisory Notification Microsoft (Jun 13)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: June 13, 2018
********************************************************************

Security Advisories Released or Updated on June 13, 2018
===================================================================
* Microsoft Security Advisory 180016

- Title: Microsoft Guidance for Lazy FP State Restore
-...

Microsoft Security Advisory Notification Microsoft (Jun 12)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: June 12, 2018
********************************************************************

Security Advisories Released or Updated on June 12, 2018
===================================================================

* Microsoft Security Advisory 4338110

- Title: Microsoft guidance for CBC Symmetric Encryption Security...

Microsoft Security Update Summary for June 12, 2018 Microsoft (Jun 12)
********************************************************************
Microsoft Security Update Summary for June 12, 2018
Issued: June 12, 2018
********************************************************************

This summary lists security updates released for June 12, 2018.

Complete information for the June 2018 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>.

Critical Security Updates...

Microsoft Security Update Releases Microsoft (Jun 12)
********************************************************************
Title: Microsoft Security Update Releases
Issued: June 12, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2018-0976
* CVE-2018-1003
* CVE-2018-8136

Revision Information:
=====================

- CVE-2018-0976 | Windows Remote Desktop Protocol (RDP) Denial of...

Microsoft Security Advisory Notification - Correction Microsoft (Jun 07)
********************************************************************
Title: Microsoft Security Advisory Notification - Correction
Issued: June 7, 2018
********************************************************************

CORRECTION: The original mailer contained an incorrect URL for
ADV180014.

Security Advisories Released or Updated on June 7, 2018
===================================================================

* Microsoft...

Microsoft Security Advisory Notification Microsoft (Jun 07)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: June 7, 2018
********************************************************************

Security Advisories Released or Updated on June 7, 2018
===================================================================

* Microsoft Security Advisory 180014

- Title: June 2018 Adobe Flash Security Update
-...

Microsoft Security Advisory Notification Microsoft (May 21)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: May 21, 2018
********************************************************************

Security Advisories Released or Updated on May 21, 2018
===================================================================

* Microsoft Security Advisory ADV180012

- Title: Microsoft Guidance for Speculative Store Bypass
-...

Microsoft Security Update Releases Microsoft (May 18)
********************************************************************
Title: Microsoft Security Update Releases
Issued: May 18, 2018
********************************************************************

Summary
=======

The following CVE has been published or has undergone a major
revision increment:

* CVE-2018-0886

Revision Information:
=====================

- CVE-2018-0886 | CredSSP Remote Code Execution Vulnerability
-...

Microsoft Security Update Minor Revisions Microsoft (May 17)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: May 17, 2018
********************************************************************

Summary
=======

The following CVE has been revised in the May 2018 Security
Updates.

* CVE-2018-0958

Revision Information:
=====================

CVE-2018-8117

- Title: CVE-2018-0958 | Windows Security Feature Bypass
Vulnerability...

Microsoft Security Update Releases Microsoft (May 15)
********************************************************************
Title: Microsoft Security Update Releases
Issued: May 15, 2018
********************************************************************

Summary
=======

The following CVEs have been published or have undergone a major
revision increment:

* CVE-2018-8147
* CVE-2018-8162
* CVE-2018-8176

Revision Information:
=====================

- CVE-2018-8147 | Microsoft Excel Remote Code...

Microsoft Security Update Releases Microsoft (May 08)
********************************************************************
Title: Microsoft Security Update Releases
Issued: May 8, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2017-11927
* CVE-2018-0886
* CVE-2018-0963
* CVE-2018-0993

Revision Information:
=====================

- CVE-2017-11927 | Microsoft Windows Information...

Microsoft Security Update Summary for May 8, 2018 Microsoft (May 08)
********************************************************************
Microsoft Security Update Summary for May 8, 2018
Issued: May 8, 2018
********************************************************************

This summary lists security updates released for May 8, 2018.

Complete information for the May 2018 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>.

Critical Security Updates...

Microsoft Security Update Minor Revisions Microsoft (May 08)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: May 8, 2018
********************************************************************

Summary
=======

The following CVE has been revised in the April 2018 Security
Updates.

* CVE-2018-8117

Revision Information:
=====================

CVE-2018-8117

- Title: CVE-2018-1038 | Microsoft Wireless Keyboard 850
Security...

Security Advisories Released or Updated on May 8, 2018 Microsoft (May 08)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: May 8, 2018
********************************************************************

Security Advisories Released or Updated on May 8, 2018
===================================================================

* Microsoft Security Advisory 4092731

- Title: Update to Azure Guest OS Machine Key Generation Algorithm
-...

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

Verizon: 1.5M of Contact Records Stolen, Now on Sale Jeffrey Walton (Mar 26)
http://www.mobipicker.com/verizon-1-5m-contact-records-stolen-now-sale/:

A business to business telecommunication giant,
Verizon Enterprise Solutions, a Basking Ridge,
New Jersey-based company, has been the latest
victim of a cyber crime that stole 1.5 million contact
records of the customers of Verizon...

I don't quite understand this double talk. Could someone explain to me:

A spokesperson from Verizon said that...

Statement on Lavabit Citation in Apple Case Jeffrey Walton (Mar 16)
(From John Young on another list):
http://www.facebook.com/KingLadar/posts/10156714933135038

As many of you already know, the government cited the Lavabit case in
a footnote. The problem is their description insinuates a precedent
that was never created. Obviously I was somewhat disturbed by their
misrepresentation. So I decided to draft a statement. And keep in
mind, these are the same people who say "trust us." Click continue to
read...

The NSA's back door has given every US secret to our enemies Jeffrey Walton (Feb 29)
http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2

Deng Xiaoping, in 1979 - his second year as supreme leader of China -
perceived a fundamental truth that has yet to be fully grasped by most
Western leaders: Software, if properly weaponized, could be far more
destructive than any nuclear arsenal.

Under Deng’s leadership, China began one of the most ambitious and
sophisticated meta- software...

Can Spies Break Apple Crypto? Jeffrey Walton (Feb 27)
Here's an interesting exchange between Cryptome and Michael Froomkin,
Law Professor at University of Miami, on the All Writs Act
(http://cryptome.org/2016/02/can-spies-break-apple-crypto.htm):

-----

A. Michael Froomkin:

The factual posture in the key Supreme Court precedent, New York
Telephone, involved a situation where only the subject of the order
was capable of providing the assistance at issue. This is the basis
for Apple's...

The FBI's iPhone Problem: Tactical vs. Strategic Thinking Jeffrey Walton (Feb 23)
http://www.technewsworld.com/story/83130.html

I'm an ex-sheriff, and I've been in and out of security jobs for much
of my life, so I've got some familiarity with the issues underlying
the drama between the FBI and Apple. FBI officials -- and likely those
in every other three-letter agency and their counterparts all over the
world -- would like an easier way to do their jobs. Wouldn't we all?

If they could put cameras in...

Wanted: Cryptography Products for Worldwide Survey Jeffrey Walton (Jan 01)
(http://www.schneier.com/crypto-gram/archives/2015/1215.html):

In 1999, Lance Hoffman, David Balenson, and others published a survey
of non-US cryptographic products. The point of the survey was to
illustrate that there was a robust international market in these
products, and that US-only export restrictions on strong encryption
did nothing to prevent its adoption and everything to disadvantage US
corporations. This was an important contribution...

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

Re: CVE-2018-3665 Lazy FPU Context Switching Information Leak Anthony Liguori (Jun 15)
Alan Coopersmith <alan.coopersmith () oracle com> writes:

I should have scrubbed that language. We won't be sending that until
later this month.

Regards,

Anthony Liguori

Re: CVE-2018-3665 Lazy FPU Context Switching Information Leak Alan Coopersmith (Jun 15)
Did the attachment get lost on the way to the list? I didn't see any.

Re: CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Jakub Wilk (Jun 15)
* Marcus Brinkmann <marcus.brinkmann () ruhr-uni-bochum de>, 2018-06-15, 16:43:

Thanks for doing this. I didn't mean to imply that you were not diligent
enough.

I was hoping somebody else would take care of this.

Please do! :-)

Re: CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Marcus Brinkmann (Jun 15)
Thanks, fixed.

Yes. I did two weeks of due diligence on the important package managers,
Git, and anything I could think of that is critical. But I am not saying
what I looked at, because there might be something I missed, and I want
everybody to join in and have a fresh look. It is too much for a single
person.

I didn't know about Debian code search, so thanks for the tip.

You reporting these? If not, I can do it.

Re: Intel FP security issue Anthony Liguori (Jun 15)
Hrm, I'll check with the reporter but I just sent it myself. Should
appear shortly.

Yes, phone email client :-/

Regards,

Anthony Liguori

CVE-2018-3665 Lazy FPU Context Switching Information Leak Anthony Liguori (Jun 15)
Affected Software / Hardware:
All operating system kernels / hypervisors using Lazy FPU context switching
running on Intel CPUs
(more details below)

Summary:
The FPU register state (legacy/MMX/SSE/AVX/AVX-512 registers) can be
leaked across process or virtual machine boundaries using speculative execution
on Intel CPUs when the hypervisor or operating system kernel uses lazy FPU
context switching.

Impact:
Any information in the above registers...

Re: Intel FP security issue Solar Designer (Jun 15)
There's nothing like this in the moderation queue. Also not in the spam
filter. Please repost right away.

BTW, the above message of yours lacks an In-Reply-To header, even though
it appears to be a reply to Marcus' message. So technically it started
a new thread. There's probably something broken on your end.

Alexander

Re: Re: Intel FP security issue Liguori, Anthony (Jun 15)
The discover sent a post here but I suspect it's stuck in the moderation queue. I'll repost later today.

Regards,

Anthony Liguori

Re: Re: Intel FP security issue Marcus Meissner (Jun 15)
Hi,

For the record, this is https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html
aka CVE-2018-3665 with codename "Lazy FPU Save/Restore".

XEN advisory https://xenbits.xen.org/xsa/advisory-267.html was posted here too, describing it a bit better.

Full details are planned to be released June 27th.

Ciao, Marcus

Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Georgi Guninski (Jun 15)
Looks like util-linux currently supports pty's:
http://man7.org/linux/man-pages/man1/su.1.html
-P, --pty
Create pseudo-terminal for the session.
...
This feature is EXPERIMENTAL for now and may be removed in the
next releases.

Re: CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Jason A. Donenfeld (Jun 14)
Project write up is here:
https://lists.zx2c4.com/pipermail/password-store/2018-June/003308.html

Re: CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Jakub Wilk (Jun 14)
* Marcus Brinkmann <marcus.brinkmann () ruhr-uni-bochum de>, 2018-06-14, 23:46:

[...]

In the blog post you write that the fixed regexp is "^[GNUPG:]", but
that would be really bad. :) I think you meant "^\[GNUPG:\]".

There's apparently more software that uses unachored "\[GNUPG:\]":
https://codesearch.debian.net/search?q=%5B%5E%5E%5D%5C%5C%5C%5BGNUPG%3A%5C%5C%5C%5D

CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Marcus Brinkmann (Jun 14)
This is the third (and for now last) in my series of GnuPG signature
spoof exploits.

First, a cautious note:

In the course of my 2 week investigation, I went through a lot of
applications using gpg. There were a couple of "near misses" in critical
infrastructure projects which were not vulnerable, but where I am not
sure if that was due to conscious design choices or just by pure chance.

It would be prudent for everybody who knows a...

Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Jakub Wilk (Jun 14)
* Georgi Guninski <guninski () guninski com>, 2018-06-13, 12:54:

(Please fix unescaped "<" and "&" characters on that page.)

For Debian this bug is tracked here:
https://bugs.debian.org/628843

The list of nasty things you can do when you get your hands on the tty
fd is probably very long...

setsid() defeats TIOCSTI (while breaking other things like job
control...); it doesn't stop other attacks that...

WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005 Michael Catanzaro (Jun 14)
------------------------------------------------------------------------
WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005
------------------------------------------------------------------------

Date reported : June 13, 2018
Advisory ID : WSA-2018-0005
WebKitGTK+ Advisory URL :
https://webkitgtk.org/security/WSA-2018-0005.html
WPE WebKit Advisory URL :...

Educause Security Discussion — Securing networks and computers in an academic environment.

Re: Options for Delaying Restart after Patching John Ramsey (Jun 15)
In essence, we use a GPO that enables automatic updates for any of our PC asset classes. (Note: these are security
updates and not OS version upgrades). The GPO then is configured to restart on Saturday nights (if the device wasn't
restarted prior to that.) Within 6 months, our top 50 most exploitable devices went from 86% as PCs down to less than
28% of these devices being PCs.

John Ramsey, Chief Information Security Officer,...

Options for Delaying Restart after Patching Hahues, Sven (Jun 15)
Hi everyone,

I wanted to find out if some of you could share what some of the approaches you have taken when handling the
post-patching required restart of the client computers in your environment. We would like to have the flexibility for
the staff to opt out/postpone the otherwise mandatory restart for 12-24 hours or so however, have countdown timer on
the desktop to indicate the restart is still required (and can be accomplished at any...

Re: Networking Design Recommendations for Scientific Equipment Shankar, Anurag (Jun 14)
Hi,

You might also want to look at a promising new architecture from DISA called the Software Defined Perimeter (SDP).

https://cloudsecurityalliance.org/group/software-defined-perimeter/#_overview

Regards,

Anurag

---
Anurag Shankar, Ph.D. Email: ashankar [at] iu.edu Phone: +1 (812) 856-6978
Center for Applied Cybersecurity Research, Pervasive Technology Institute, Indiana University
2719 E. 10th Street, Suite 231, Bloomington, IN 47408...

Re: Networking Design Recommendations for Scientific Equipment Hahues, Sven (Jun 14)
Hi all,

The only thing I have heard of is the concept of the Science DMZ that has been making its way through some of the
meetings with our SUS counterparts.

The concept is basically a close to "frictionless" network used to interconnect research computing environments.

https://fasterdata.es.net/science-dmz/

They have a specific section on security:

https://fasterdata.es.net/science-dmz/science-dmz-security/

As far as published...

Information Security Administrator Opening at Loyola Chicago Pardonek, Jim (Jun 14)
Greetings,

The University Information Security Office (UISO) at Loyola University Chicago is looking for an Information Security
Administrator. This is a new position that will assist in managing the expanding responsibilities that the UISO is
being asked to assume. The primary responsibilities for this position are monitoring and configuring security systems
and devices on the Loyola network. These systems include intrusion prevention...

HEISC Update, June 2018: New Resources & Security List Reminders Valerie Vogel (Jun 14)
We hope your summer is off to a great start! Please take a few minutes to check out the latest higher ed infosec and
privacy resources created by your peers.

NOTE: This message also offers some friendly reminders about Security Discussion list participation.

HECVAT Update

Are you using the HECVAT (Higher Education Cloud Vendor Assessment Tool)? If so, please let us know by completing this
brief online form<...

Job Openings - University of Illinois Barnes, Joe (Jun 14)
Good morning,

I wanted to make everyone aware that the Privacy and Security Office at the University of Illinois is looking to fill 2
positions (IT Security Engineer or Senior IT Security Engineer). Each position is focused on cybersecurity solutions
engineering and development; security design and recommendations for projects, security support, and cybersecurity
vulnerability assessment. This includes development of technical solutions and...

Re: Networking Design Recommendations for Scientific Equipment Alex Keller (Jun 13)
Nicklaus et al,

I don’t have any specific recommendations to share but am keenly interested in this topic. We support dozens of
research labs with network capable scientific equipment (either direct Ethernet/WiFi or via a workstation purpose built
and sold with the device) which does NOT meet our campus minimum security standards for network access. These
conditions have organically evolved into labs without any network (Sneakernet and USB...

Notre Dame Information Security Architect opening Jason Williams (Jun 13)
Colleagues,

Notre Dame Information Security has an opening for a security architect.
This role has many opportunities for growth and leadership. Notre Dame
hosts over 80% of our services in the cloud, including a large presence in
Amazon Web Services (AWS), and the security architect is highly involved in
designing and implementing security controls for these services. The
architect will also be involved in the implementation of our new SOC. The...

Re: Do students hold universities accountable for protecting their information? McIntosh, Keith (Jun 12)
Colleagues,

Thank you very much for sharing your thoughts and perspective! I love the dialogue. When I was asked this question I
had to think about my response for a while and chose to answer from the perspective of evidence or data to support that
students have actually held institutions accountable. My response was based on my experience and purely anecdotal. I
do not know the answer for sure so I wonder if this would be a good survey...

EDUCAUSE Director of the Cybersecurity Program Job Posting Valerie Vogel (Jun 12)
Good afternoon,

EDUCAUSE is hiring a Director of the Cybersecurity
Program<https://www.educause.edu/focus-areas-and-initiatives/policy-and-security/cybersecurity-program>. The director
would be responsible for overseeing the Higher Education Information Security Council (HEISC), as well as the annual
Security Professionals Conference. Additional duties and responsibilities are included in the Career Center job
listing:...

BrightTalk - SOC Automation Case Study - Maricopa Community Colleges Hiram Wong (Jun 12)
SOC Automation Case Study - Maricopa Community Colleges
Maricopa Community Colleges faced a common challenge - receiving too many
suspicious login alerts from their G Suite. It was tedious and difficult to
investigate every alert and they did not have the resources to manually
follow up with every user to determine whether this was an actual attack on
their systems.

Faced with limited resources, the security team implemented advanced
security...

Networking Design Recommendations for Scientific Equipment Nicklaus Giacobe (Jun 12)
Does anyone have documented recommendations for plugging scientific equipment into campus computer networks? I’ve been
asked to consult for a local lab whose scientists are having some difficulty communicating with their IT support folks.
I can imagine lots of recommendations for no networking, local area networking only, no wireless, yes wireless,
VLANed, firewalled, bridged control systems, never having control systems with Internet...

Re: Do students hold universities accountable for protecting their information? Semmens, Theresa (Jun 12)
Is it possible to do a blog or opinion piece in this thread?

Get Outlook for Android<https://aka.ms/ghei36>

________________________________
From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Pitt, Sharon
<spitt () UDEL EDU>
Sent: Tuesday, June 12, 2018 9:33:07 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Do students hold universities accountable for...

Re: Do students hold universities accountable for protecting their information? Josh Callahan (Jun 12)
I like the idea of flipping the question. To "Do we hold ourselves
accountable for our student's information that we hold?" I think we can be
an enthusiastic "Yes!" That's why we are here and in my experience we are
dedicated and passionate about holding ourselves accountable as individuals
and a community to increasingly high standards.

What I was trying to get at initially was we don't currently have a...

Internet Issues and Infrastructure

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

Re: fd.io vs cumulus vs snabb vs OVS vs OpenNSL Henri Grönroos (Jun 15)
Hi,

Well, 3.5.2 isn't exactly latest, there is 3.5.3, 3.6.0 and 3.6.1 also.
But I guess switchd running cpu somewhat hot is normal (40% load in empty switch or so) as it is
polling all the stuff from asic etc.
I do agree that cpus on many edgecores & dells and similar are somewhat under powered,
but haven't encountered similar problems with that (yet) myself.
Would be also very interested to hear more specifics.

,
Henri

re: fd.io vs cumulus vs snabb vs OVS vs OpenNSL Maciek Konstantynowicz (mkonstan) via NANOG (Jun 15)
Hi,

Gleaned this thread on nanog mailer archive [1] mentioning fd.io :)

Not a "thought leader", but I thought I respond with some fd.io data
points, hopefully relevant to the thread’s subject.

Note that most of them focus on data plane functionality, performance
and technology level comparison:

- IPv4 routing (large FIB) at Terabit speed, a video clip (low-budget)
showing what difference modern Xeon processors (Skylake) can...

Re: BGP in a containers Tom Limoncelli (Jun 15)
Using BGP (Quagga) in containers is a great way to build a simulation of
your actual network. You can then test configuration changes in the
simulation before you make them in production.

You can even build this up into an automated test pipeline where new
configurations are tested in simulation before put into production.

There was a talk about an experimental system like this at the February
2017 meetup:...

Re: BGP in a containers Andrew Denton (Jun 15)
Have a look at Project Calico, https://www.projectcalico.org/. They
have the route-everything container networking pretty much figured out.

- Andrew

WC 2018 impact on network yet Ong Beng Hui (Jun 15)
Hi,

With every operators looking at high quality HD video stream, anyone
feeling the impact for WC 2018 yet ?

Re: BGP in a containers Pete Lumbis (Jun 15)
FRR, the modern fork of quagga, has a pre built docker container.
https://hub.docker.com/r/cumulusnetworks/frrouting/

RE: BGP in a containers Michel Py (Jun 15)
The intent of the original post was vague. Like a lot of people, I would not run a full BGP router in a container. Now,
if the purpose is to inject or learn a handful of routes in order to do limited host routing, I can see the need.
A route-server or a looking glass in a container would be fine, or something to perform analysis on the routing table,
but not anything that has to route actual traffic.

I use ExaBGP to inject routes, perfect tool...

Google Peering/Edge Network Contact? Zach Puls (Jun 15)
Does anyone have a contact for Google Peering / PNI?

We have a caching appliance whose BGP session has been flapping nonstop for
the past month or so. We've had a ticket open with Google since it started,
but they haven't really made any headway, or provided much of a response.

Thanks,

Re: fd.io vs cumulus vs snabb vs OVS vs OpenNSL nanog (Jun 15)
- bgpd crashes
- bgpd loading as hell after some time (can be fixed by restarting the
process ..)
- cumulus by itself (switchd & portwd) loads as hell as well, all the
time, the hardware is under pressure all the time (which is an issue for
CPU-based stuff : monitoring, sflow etc)

5712-54X-O-AC-F from edgecore
(https://www.edge-core.com/productsInfo.php?cls=&cls2=&cls3=44&id=15),
which has specific issues by itself as well :/...

Re: fd.io vs cumulus vs snabb vs OVS vs OpenNSL John Fraizer (Jun 15)
I would also be very interested in what specific issues you are having...

- What specific issues are you having with BGP running under Cumulus
Linux.
- What hardware are you running Cumulus Linux on?
- What version of Cumulus Linux?

Weekly Routing Table Report Routing Analysis Role Account (Jun 15)
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.

The posting is sent to APOPS, NANOG, AfNOG, SANOG, PacNOG, SAFNOG
TZNOG, MENOG, BJNOG, SDNOG, CMNOG, LACNOG, IRNOG and the RIPE Routing WG.

Daily listings are sent to bgp-stats () lists apnic net

For historical data, please see http://thyme.rand.apnic.net.

If you have any comments please contact Philip Smith...

Re: BGP in a containers Hugo Slabbert (Jun 15)
Some bits similar to Raymond's comments, but in our case this was
specifically for a Kubernetes deployment. Our k8s deployment is mostly
"self-hosted", i.e. the k8s control plane runs within k8s, with the workers
being disposable. Dropping the routing into a container that runs in the
host's/worker's network namespace means it is just another container
(daemonset) that Kubernetes will schedule to the worker as part...

Re: BGP in a containers Raymond Burkholder (Jun 15)
Most any host now-a-days has quite a bit of horse power to run services.
All those services could be run natively all in one namespace on the
same host, or ...

I tend to gravitate towards running services individually in LXC
containers. This creates a bit more overhead than running chroot style
environments, but less than running full fledged kvm style
virtualization for each service.

I typically automate the provisioning and the spool...

Re: BGP in a containers Michael Thomas (Jun 14)
So I have to ask, why is it advantageous to put this in a container
rather than just run it directly
on the container's host?

Mike

Re: BGP in a containers Christopher Morrow (Jun 14)
On Thu, Jun 14, 2018 at 10:41 PM Oliver O'Boyle <oliver.oboyle () gmail com>
wrote:

and... XR or Junos are ... doing this under the covers for you anyway, so..
get used to the new paradigem!

Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating

Greeting from Tokyo Dave Farber (Jun 15)
I arrived two days ago and am getting used to Japan and Tokyo. I went through the paper work and got my resdient card,
my cell number and my bank account. More on the bank latter in this note.

The house I am renting is very very good. It is a wonderful blend of Japanese and western style ( will send a few
pictured latter. The subway is a wonderful improvement over NYC. Clean, ONTIME etc. Even the escalltors work!!

Keio University has been all...

Why there are so many unsheltered homeless people on the West Coast Dave Farber (Jun 14)
Begin forwarded message:

> From: Dewayne Hendricks <dewayne () warpspeed com>
> Date: June 15, 2018 at 12:46:13 AM GMT+9
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] Why there are so many unsheltered homeless people on the West Coast
> Reply-To: dewayne-net () warpspeed com
>
> Why there are so many unsheltered homeless people on the West Coast
> By Margot...

[EXCELLENT!] Apple to Close iPhone Security Hole That Police Use to Crack Devices Dave Farber (Jun 13)
Begin forwarded message:

> From: Lauren Weinstein <lauren () vortex com>
> Date: June 14, 2018 at 7:18:37 AM GMT+9
> To: nnsquad () nnsquad org
> Subject: [ NNSquad ] [EXCELLENT!] Apple to Close iPhone Security Hole That Police Use to Crack Devices
>
>
> [EXCELLENT!] Apple to Close iPhone Security Hole That Police Use to
> Crack Devices
>
>...

One Woman Who Knew Her Rights Forced Border Patrol off a Greyhound Bus Dave Farber (Jun 13)
Begin forwarded message:

> From: Dewayne Hendricks <dewayne () warpspeed com>
> Date: June 14, 2018 at 4:33:33 AM GMT+9
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] One Woman Who Knew Her Rights Forced Border Patrol off a Greyhound Bus
> Reply-To: dewayne-net () warpspeed com
>
> One Woman Who Knew Her Rights Forced Border Patrol off a Greyhound Bus
> How a...

I am off to Tokyo Dave Farber (Jun 12)
They may be a lapse of IP mail until I figure out how to do things from Tokyo in my house

-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915
Unsubscribe Now:
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-a538de84&post_id=20180612133954:9BA8769E-6E67-11E8-B1B1-D02F9284CB53
Powered by...

The Trump spectacle is overshadowing the more urgent scandals of this administration Dave Farber (Jun 12)
Begin forwarded message:

> From: Dewayne Hendricks <dewayne () warpspeed com>
> Date: June 12, 2018 at 10:09:39 PDT
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] The Trump spectacle is overshadowing the more urgent scandals of this administration
> Reply-To: dewayne-net () warpspeed com
>
> The Trump spectacle is overshadowing the more urgent scandals of this...

Re NYTimes: Mark Zuckerberg, Elon Musk and the Feud Over Killer Robots Dave Farber (Jun 11)
Begin forwarded message:

> From: "Ed Gerck, Ph.D." <egerck () gmail com>
> Date: June 11, 2018 at 10:15:09 AM PDT
> To: David Farber <dave () farber net>
> Subject: Re: [IP] Re NYTimes: Mark Zuckerberg, Elon Musk and the Feud Over Killer Robots
>
> Dear Dave and list,
>
> We are working on this theme, and contributions are welcome for a potential participation. Our initial results are
> given...

Re Lauren's Blog: "Why We May Have to Cut Europe Off from the Internet" Dave Farber (Jun 11)
Begin forwarded message:

> From: "Patrick W. Gilmore" <patrick () ianai net>
> Date: June 11, 2018 at 10:44:24 AM PDT
> To: Dave Farber <dave () farber net>, Hasan Diwan <hasan.diwan () gmail com>, Lauren Weinstein <lauren () vortex com>
> Cc: "Patrick W. Gilmore" <patrick () ianai net>
> Subject: Re: [IP] Lauren's Blog: "Why We May Have to Cut Europe Off from the...

Re NYTimes: Mark Zuckerberg, Elon Musk and the Feud Over Killer Robots Dave Farber (Jun 11)
Begin forwarded message:

> From: "Ed Gerck, Ph.D." <egerck () gmail com>
> Date: June 11, 2018 at 10:15:09 AM PDT
> To: David Farber <dave () farber net>
> Subject: Re: [IP] Re NYTimes: Mark Zuckerberg, Elon Musk and the Feud Over Killer Robots
>
> Dear Dave and list,
>
> We are working on this theme, and contributions are welcome for a potential participation. Our initial results are
> given...

Re NYTimes: Mark Zuckerberg, Elon Musk and the Feud Over Killer Robots Dave Farber (Jun 11)
Begin forwarded message:

> From: David Orban <david () davidorban com>
> Date: June 11, 2018 at 8:59:13 AM PDT
> To: Dave Farber <dave () farber net>
> Cc: ip <ip () listbox com>
> Subject: Re: [IP] NYTimes: Mark Zuckerberg, Elon Musk and the Feud Over Killer Robots
>
> > evolution does not turn rocks into birds.
>
> Huh? Actually that is exactly what evolution does.
>
> It takes a very...

Re There’s a Better Answer Than Electric Cars Dave Farber (Jun 11)
Begin forwarded message:

> From: Bob Hinden <bob.hinden () gmail com>
> Date: June 10, 2018 at 08:28:52 PDT
> To: Dave Farber <dave () farber net>
> Cc: Bob Hinden <bob.hinden () gmail com>
> Subject: Re: [IP] Re There’s a Better Answer Than Electric Cars
>
> Right, it a very long way from a paper to production at the scale that would have any significant effect on reducing
> carbon and the use of...

NYTimes: Mark Zuckerberg, Elon Musk and the Feud Over Killer Robots Dave Farber (Jun 11)
Begin forwarded message:

> From: Daniel Berninger <dan () danielberninger com>
> Date: June 11, 2018 at 04:29:32 PDT
> To: David Farber <dave () farber net>
> Subject: NYTimes: Mark Zuckerberg, Elon Musk and the Feud Over Killer Robots
>
> Dave,
>
> For IP, the NYTimes pretends in a Sunday article the Musk/Zuckerberg "feud" anchors two sides of the AI debate.
>
> "Mark Zuckerberg, Elon...

Should Bankers Be Forced to Put Some Skin in the Game? Dave Farber (Jun 10)
Begin forwarded message:

> From: Dewayne Hendricks <dewayne () warpspeed com>
> Date: June 10, 2018 at 7:44:50 AM PDT
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] Should Bankers Be Forced to Put Some Skin in the Game?
> Reply-To: dewayne-net () warpspeed com
>
> [Note: This item comes from friend David Rosenthal. DLH]
>
> Should Bankers Be Forced to...

Re There’s a Better Answer Than Electric Cars Dave Farber (Jun 10)
Begin forwarded message:

> From: "John Levine" <johnl () iecc com>
> Date: June 10, 2018 at 7:32:54 AM PDT
> To: dave () farber net
> Subject: Re: [IP] There’s a Better Answer Than Electric Cars
>
> In article <585606AD-4516-4063-8BA7-FC718DF1AFA1 () me com> you write:
>>> Subject: There’s a Better Answer Than Electric Cars
>>>
>>>...

How the body could power pacemakers and other implantable devices Dave Farber (Jun 10)
Begin forwarded message:

> From: Dewayne Hendricks <dewayne () warpspeed com>
> Date: June 10, 2018 at 5:52:21 AM PDT
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] How the body could power pacemakers and other implantable devices
> Reply-To: dewayne-net () warpspeed com
>
> How the body could power pacemakers and other implantable devices
> By Charles Q. Choi...

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

Risks Digest 30.72 RISKS List Owner (Jun 12)
RISKS-LIST: Risks-Forum Digest Tuesday 12 June 2018 Volume 30 : Issue 72

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.72>
The current issue can also be...

Risks Digest 30.71 RISKS List Owner (Jun 05)
RISKS-LIST: Risks-Forum Digest Tuesday 5 May 2018 Volume 30 : Issue 71

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.71>
The current issue can also be...

Risks Digest 30.70 RISKS List Owner (May 26)
RISKS-LIST: Risks-Forum Digest Saturday 26 May 2018 Volume 30 : Issue 70

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.70>
The current issue can also be...

Risks Digest 30.69 RISKS List Owner (May 16)
RISKS-LIST: Risks-Forum Digest Wednesday 16 May 2018 Volume 30 : Issue 69

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.69>
The current issue can also be...

Risks Digest 30.68 RISKS List Owner (May 05)
RISKS-LIST: Risks-Forum Digest Saturday 5 May 2018 Volume 30 : Issue 68

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.68>
The current issue can also be...

Risks Digest 30.67 RISKS List Owner (Apr 29)
RISKS-LIST: Risks-Forum Digest Sunday 29 April 2018 Volume 30 : Issue 67

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.67>
The current issue can also be...

Risks Digest 30.66 RISKS List Owner (Apr 22)
RISKS-LIST: Risks-Forum Digest Sunday 22 April 2018 Volume 30 : Issue 66

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.66>
The current issue can also be...

Risks Digest 30.65 RISKS List Owner (Apr 14)
RISKS-LIST: Risks-Forum Digest Saturday 14 April 2018 Volume 30 : Issue 65

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.65>
The current issue can also be...

Risks Digest 30.63 RISKS List Owner (Apr 01)
RISKS-LIST: Risks-Forum Digest Sunday 1 April 2018 Volume 30 : Issue 63

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.63>
The current issue can also be...

Risks Digest 30.62 RISKS List Owner (Mar 30)
RISKS-LIST: Risks-Forum Digest Friday 30 March 2018 Volume 30 : Issue 62

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.62>
The current issue can also be...

Risks Digest 30.61 RISKS List Owner (Mar 27)
RISKS-LIST: Risks-Forum Digest Tuesday 27 March 2018 Volume 30 : Issue 61

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.61>
The current issue can also be...

Risks Digest 30.60 RISKS List Owner (Mar 20)
RISKS-LIST: Risks-Forum Digest Tuesday 20 March 2018 Volume 30 : Issue 60

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.60>
The current issue can also be...

Risks Digest 30.59 RISKS List Owner (Mar 17)
RISKS-LIST: Risks-Forum Digest Saturday March 2018 Volume 30 : Issue 59

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.59>
The current issue can also be...

Risks Digest 30.58 RISKS List Owner (Mar 15)
RISKS-LIST: Risks-Forum Digest Thursday 15 March 2018 Volume 30 : Issue 58

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.58>
The current issue can also be...

Risks Digest 30.57 RISKS List Owner (Mar 01)
RISKS-LIST: Risks-Forum Digest Thursday 1 March 2018 Volume 30 : Issue 57

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.57>
The current issue can also be...

BreachExchange — BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.

Does your cyber incident response plan include these best practices? Audrey McNeil (Jun 15)
https://www.bizjournals.com/twincities/news/2018/06/11/
does-your-cyber-incident-response-plan-include.html

When it comes to corporate cyber incidents, there's no debating the facts:
Attacks are more sophisticated, frequent, widespread, and costly than ever.
In 2015, cybercrime cost companies $3 trillion. By 2021, that number is
expected to double. At that point, cybercrime will become the most
profitable criminal enterprise in the world....

Endpoint Security Advice for the CISO on the Go! Audrey McNeil (Jun 15)
https://solutionsreview.com/endpoint-security/endpoint-
security-advice-ciso-go/

We get it. You’re an enterprise-level CISO. You’re busy.

Actually, let us rephrase that. You’re an enterprise-level CISO. You’re
probably stressed to the point of hair pulling, teeth gnashing, and
lamentations. Your enterprise IT security team processes hundreds if not
thousands of security events, potential data breaches, and employee access
requests every...

Wellington, Fla., Breach Larger than Initially Thought Inga Goddijn (Jun 15)
http://www.govtech.com/security/Wellington-Fla-Breach-Larger-than-Initially-Thought.html

Wellington, Fla., Chief information officer William Silliman also said the
breach began as an effort to mine for the digital currency Bitcoin, but at
some point expanded to include a sophisticated “skimmer” to capture credit
card numbers.

In a news release last week, Wellington warned that utility customers who
made one-time debit or credit card...

BANCO DE CHILE WIPER ATTACK JUST A COVER FOR $10M SWIFT HEIST Inga Goddijn (Jun 15)
https://threatpost.com/banco-de-chile-wiper-attack-just-a-cover-for-10m-swift-heist/132796/

A cyberattack against Chile’s largest financial institution last month,
which reportedly destroyed 9,000 workstations and 500 servers, was actually
cover for a larger plot to compromise endpoints handling transactions on
the SWIFT network. When the dust settled on the attacks, investigators said
$10 million was stolen from Banco de Chile and funneled...

Click2Gov or Click2Breach? Inga Goddijn (Jun 15)
https://www.riskbasedsecurity.com/2018/06/click2gov-or-click2breach/

Here on the Cyber Risk Analytics <https://www.cyberriskanalytics.com/> research
team, we have more than our fair share of “glitch in the matrix moments” –
you know, that proverbial black cat walking across your screen that makes
you think: “Didn’t I just see this breach?” Usually it’s a case of similar
circumstances or simply two names that are a lot alike....

3 MSP Best Practices for Protecting Users Destry Winant (Jun 14)
https://www.webroot.com/blog/2018/06/12/3-msp-best-practices-protecting-clients/

Cyberattacks are on the rise, with UK firms being hit, on average, by
over 230,000 attacksin 2017. Managed service providers (MSPs) need to
make security a priority in 2018, or they will risk souring their
relationships with clients. By following 3 simple MSP best practices
consisting of user education, backup and recovery, and patch
management, your MSP can enhance...

Video website AcFun suffers massive privacy breach by hackers Destry Winant (Jun 14)
http://www.ecns.cn/news/cns-wire/2018-06-13/detail-ifyvfaqz8676084.shtml

(ECNS) - China's popular animation and video platform AcFun announced
on Wednesday that hackers had compromised tens of millions of bits of
user data, including user IDs, nicknames, and encrypted passwords.

AcFun, known among netizens as "Station A," urged users who hadn't
logged in since July 7, 2017 to change their passwords on the platform
as soon as...

Cybercrime: Under-Reporting Gives Hackers A Green Light Destry Winant (Jun 14)
https://www.cybersecurityintelligence.com/blog/cybercrime-under-reporting-gives-hackers-a-green-light-3444.html

Organisations which don't report that they've been the victim of
cybercrime are putting others at risk of further attacks and are
hampering the authorities' ability to fight against hackers, the UK's
serious and organised crime unit has warned.

The National Crime Agency has issued the warning to businesses as part...

Protecting network availability for GDPR compliance Audrey McNeil (Jun 14)
https://www.itproportal.com/features/protecting-network-
availability-for-gdpr-compliance/

With GDPR now in force, organisations across Europe, including those
worldwide which do business in the region, have been working hard over the
past months to ensure they’re compliant. But with many column inches being
dedicated to the various nuances and implications of the new regulation,
the issue of data protection has been thrown into sharp, yet...

What Makes IoT Security so Tough? Audrey McNeil (Jun 14)
https://dzone.com/articles/what-makes-iot-security-so-tough

I went to the very first Internet of Things (IoT) meet-up in New York City
five years ago when the term “digital transformation” was just starting to
become a buzz phrase and IoT devices were appearing everywhere. It was then
that I realized the impact all those interconnected “things” would have on
cybersecurity.

Devices before IoT where just that, devices. They ran on code...

Organizations Lack Adequate Budget for Medical Device Security Audrey McNeil (Jun 14)
https://healthitsecurity.com/news/organizations-lack-
adequate-budget-for-medical-device-security

Despite recognizing medical device security as a priority, only 37 percent
of more than 100 healthcare practitioners had budgets to implement their
device security strategy, according to a HIMSS survey.

Most respondents (85%) said they used firewalls and network access controls
at their organization, while around half (52%) said they used...

Enabling a Secure Business Audrey McNeil (Jun 13)
http://www.datacenterjournal.com/enabling-secure-business/

Organizations young enough to have begun with an understanding of how
serious cyberthreats are most likely built security into their systems. For
more-established companies, security must be added on after the fact. It’s
the difference between agile security and retrofitted, patchwork security.

Adding security solutions is certainly less expensive than ripping and
replacing the entire...

Unintended recipient: Why is email still such a risk to data? Audrey McNeil (Jun 13)
https://www.scmagazineuk.com/unintended-recipient-why-is-
email-still-such-a-risk-to-data/article/767090/

The most pervasive communications channel for most organisations worldwide,
email, is also one of the most prominent and underestimated data loss
vectors, primarily due to human error, which an IBM report estimated was
responsible for 95 percent of all security incidents.

By design, it's an open portal to your organisation, allowing...

What We've Got Here is Failure to Communicate! Audrey McNeil (Jun 13)
https://www.securityweek.com/what-weve-got-here-failure-communicate

Many enterprises have been taking stock of their security architecture as
well as assessing gaps and redundancies (see last month’s article Wading
Through Tool Overload and Redundancy?). Sometimes it is the result of a
post breach investigation, and the post investigation finger pointing.
Sometimes it is due to new management taking stock of the company’s risk
exposure....

The Great (belated) Mozilla Firefox CVE Dump Inga Goddijn (Jun 13)
https://www.riskbasedsecurity.com/2018/06/the-great-belated-mozilla-firefox-cve-dump/

On June 11th, MITRE published descriptions and references for 318 entries,
all relating to Mozilla Firefox. Yes; three hundred and eighteen entries.
It may be tempting to think Mozilla was holding back on disclosures or
there was a flurry of research activity leading to a slew of new
vulnerabilities being discovered. But no, this would not be the case. These...

Open Source Tool Development

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

Wireshark User's Guide comment/suggestion R. Martindale (Jun 15)
While reviewing what I presume to be the current Wireshark User's Guide
(https://wireshark.org/docs/wsug_html_chunked/index.html), I was unable to find any mention of the version of Wireshark
to which the guide applies. Some of the screenshots in the guide differ from what I am seeing on my screen when I run
Wireshark under Raspbian GNU/Linux ver 9 (stretch).

I respectfully suggest that the Forward of the user's guide (Preface,...

Re: What did we do to our code between 2012 and 2013? Gerald Combs (Jun 14)
OK, that's due to a6131151f5, which changed the varying outputs of our code generation scripts to a consistent
"Generated automatically...". It was intended to fix licensecheck but it also ended up fixing SLOCCount's behavior. As
far as I can tell neither Tokei nor cloc check file contents for autogen patterns so their numbers include
automatically generated code.

Re: What did we do to our code between 2012 and 2013? Jim Young (Jun 13)
Using git bisect and defining "bad" as lower SLOC and "good" as higher SLOC
this is what I came up with:

$ git bisect start 6d7a3a8ceef0fbcf3fc0ced1b92834c505dc135a
5ca89cfed3aa9f0498de2783673abc4c69b4271b
.
.
.

;-)

What did we do to our code between 2012 and 2013? Gerald Combs (Jun 13)
I thought it might be interesting to create a graph of our lines-of-code estimates over the past 20 years using
SLOCCount[1], Tokei[2], and cloc[3]. Each program produces similar numbers until 2013, when SLOCCount's estimate drops
considerably. Running the following commands on a VM here produces the following output:

$ git rev-list -1 --before="2012-07-15 00:00:00" master
5ca89cfed3aa9f0498de2783673abc4c69b4271b

$ git checkout...

Re: Sometimes SLL/Linux cooked-mode capture is decoded and sometimes its not (difference between two packets?) Michael Lum (Jun 12)
Sorry, for the late reply/thanks Pascal.

My capture tool needed to look at the datalink type from libpcap in order to encode the "fake" syslog correctly.

I wondered why when I first added this feature that it seemed like sometimes it would work and sometimes it wouldn't.

As you would know it was because the datalink type was changing depending on what interface I was capturing
and the encapsulation has to be formatted...

Re: Push failed after amend (Change 27518) david_aggeler (Jun 11)
Hi Pascal,

I don’t think I have a clue what I’m doing. I think I finally managed to squash the two commits under one change ID. I
was not doing the ‘interactive’ part correctly.

I’ve now sent it to Gerrit. It looks ok to me.

Regards

David

From: Wireshark-dev [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Pascal Quantin
Sent: Monday, June 11, 2018 3:32 PM
To: Developer support list for Wireshark <wireshark-dev ()...

Re: Push failed after amend (Change 27518) Pascal Quantin (Jun 11)
Hi David,

you have have at least 3 different commits with the same Change-ID, which
cannot work (as indicated previously).
Please squash them altogether with the git rebase -i command.

BR,
Pascal.

Le lun. 11 juin 2018 à 15:27, <david_aggeler () hispeed ch> a écrit :

Re: Push failed after amend (Change 27518) david_aggeler (Jun 11)
Hi Pascal, Dario,

I did a git rebase -I HEAD~2 (any a few others). That seems to work, but not the subsequent push. I’ve attached a log
if that helps.

Regards

David

From: Wireshark-dev [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Pascal Quantin
Sent: Monday, June 11, 2018 9:48 AM
To: Developer support list for Wireshark <wireshark-dev () wireshark org>
Subject: Re: [Wireshark-dev] Push failed after amend (Change...

Re: Push failed after amend (Change 27518) Pascal Quantin (Jun 11)
Hi David,

Le lun. 11 juin 2018 à 09:29, <david_aggeler () hispeed ch> a écrit :

That probably means that you have at least two separate commits that use
the same Change-Id (while each commit must have a different one). So
inspect your history and either squash the commits together or use
separate ids for bot h commits (you can edit your commits with git rebase
-i).

Best regards,
Pascal.

Re: Push failed after amend (Change 27518) Dario Lombardo (Jun 11)
You're trying to push to refs/publish/master/dicom-heuristic and that is
used when you're promoting a change from draft to published. Gerrit
requires you to push to refs/for/master/dicom-hauristic for regular
commits. You don't have to force anything on gerrit. This is allowed in
pure git only. Gerrit will create a new changeset based on change's commit
id every time you push again.

The workflow is:

[make changes]
git commit...

Re: Push failed after amend (Change 27518) david_aggeler (Jun 11)
Thanks.

I now tried --force-with-lease and --force. Neither of them worked.

Regards
David

-----Original Message-----
From: Wireshark-dev [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Ahmad Fatoum
Sent: Monday, June 11, 2018 9:33 AM
To: Developer support list for Wireshark <wireshark-dev () wireshark org>
Subject: Re: [Wireshark-dev] Push failed after amend (Change 27518)

git push --force-with-lease

--force works as...

Re: Push failed after amend (Change 27518) Ahmad Fatoum (Jun 11)
git push --force-with-lease

--force works as well, but --force-with-lease is good habit (you can't override someone else's changes by mistake that
way).

Cheers
Ahmad

Push failed after amend (Change 27518) david_aggeler (Jun 11)

I still have to learn a lot. I've got a pending review, so I've updated my
code, amended as I thought I needed to, and tried to push once more (as I
did last time except the last push did not have the author populated).

However I get an error:

==

remote: Processing changes: refs: 1, done

To ssh://code.wireshark.org:29418/wireshark

! [remote rejected] HEAD -> refs/publish/master/dicom-heuristic
(duplicate request)...

Re: How to read packetWireshark Capture Interface Guy Harris (Jun 09)
If you mean that you'd like to see the contents of the packets that the "Capture Interfaces" dialog box is counting,
the only way to do that is to start a capture on the interface or interfaces on which you want to see the packets.

How to read packetWireshark Capture Interface Danny Vu (Jun 09)
I would like to read back packets/s from wireshark capture interfaces from the window command line. Appreciate for
your help!

[cid:image001.jpg@01D3FF4E.B3604880]

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

Two missing for scan Dorian ROSSE (Jun 15)
Dear IT Snort Community,

This is my error when I try to launch a scan :

WARNING: flowbits key 'ms_sql_seen_dns' is checked but not ever set.
WARNING: flowbits key 'smb.tree.create.llsrpc' is set but not ever checked.

How to repair this two problems for do a scan ?

I was follow this link :

http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node6.html

Thank you in advance to repair my two errors,

Regards.

Dorian...

Re: Ubuntu 18 and so rules error James Lay (Jun 15)
Thanks Patrick...looks like it's just myself and YM so far...course this
is just testing, but yea...nice to find it early.

James

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow...

Re: Ubuntu 18 and so rules error Patrick Mullen (pamullen) via Snort-users (Jun 15)
James,

I'm at a loss. Let me google and think about this and get back to you. Maybe it's a a versioning issue?

Anyone else have/seen this issue?

Thanks,

~Patrick

From: James Lay <jlay () slave-tothe-box net>
Reply-To: "jlay () slave-tothe-box net" <jlay () slave-tothe-box net>
Date: Thursday, June 14, 2018 at 5:44 PM
To: "Patrick Mullen (pamullen)" <pamullen () cisco com>
Cc:...

Re: Flowbit Warnings wkitty42 (Jun 15)
is is not an email chain... it is a mailing list... look at the bottom of every
message posted in here and you'll see a link to mailman... click it and go
unsubscribe from the mailing list in the same way you subscribed to it...

https://lists.snort.org/mailman/listinfo/snort-sigs

if you're stuck and the list is being force(?) fed to you via an internal
corporate email distribution list, you need to talk to your email...

Re: Flowbit Warnings Felix Rodríguez (Jun 15)
can you get me out of the mail chain please

Re: Flowbit Warnings wkitty42 (Jun 15)
in other words, Gerry, enable rule 23499 and be done with that warning ;)

Re: Flowbit Warnings wkitty42 (Jun 15)
wasn't this already discussed in snort-users? you were answered over there...
one of those answers was mine...

from that topic:
1. when you edited those rules, you broke them...
2. there are two rules that you can enable that will stop those warnings...
3. here is my response to you in snort-users where the original discussion took
place...

----->8 snip 8<-----

look at that very closely... it is checking if the file.swf flowbit is...

Re: Flowbit Warnings Alex McDonnell (Jun 15)
The warning you have states file.cur is checked but not ever set. That
indicates to me that your issue is with rules that have flowbits:isset and
not rules that have flowbits:set.

sid:23499 is the only rule in the Talos rule set that checks for that
flowbit. it's in file-other.rules. The three setters for that are 23496
23497 and 23498 in file-fidentify.rules. All of those are old enough that
they are in the subscriber rule set which is...

Flowbit Warnings Gerry Carpinetti via Snort-sigs (Jun 15)
I did some reading on flowbit warnings and how to fix them but after the changes I still receive the warnings. I used
Notepad++ to open a rules file, than used Search -> Find In Files "selected the C:\Snort\rules folder than entered
"flowbits:set" into the Find What box, I replaced all flowbits:set to flowbits:isset..

No matter which .rules file I open and search for flowbits:set has been replaced with isset but yet I still...

Re: Segfault building Snort3 b245 with --enable-tcmalloc flag Noah Dietrich (Jun 15)
Thank you Michael for the deep-dive analysis of this issue. It looks that
installing gperftools 2.7 from github fixes the problem, although I haven't
done more than just run snort with the -V flag. The steps it took for this
are below.
Has anyone done an analysis of the performance benefits of using tcmalloc?
I'd assume that you're getting more speed for the trade-off of increased
memory usage, but it would be interesting if...

(no subject) Dorian ROSSE (Jun 15)
Dear Snort Sigs IT community,

Can you run on my server called « bitfenix-server » a scan each day against UDP heard ?

Because since the last day my VPN works bad for my SSH access and I received a lot of junk e-mail also my e-mail Linux
server at the beginning in IPV6 leave all junk e-mail...

Thank you in advance to answer my ask,

Regards.

Dorian Rosse.

Re: Ubuntu 18 and so rules error Y M via Snort-users (Jun 14)
I see. PulledPork in my case did not like the same malware-other.so:

Generating Stub Rules....
Generating shared object stubs via:/usr/local/snort/bin/snort -c /usr/local/snort/etc/snort.conf
--dump-dynamic-rules=/tmp/tha_rules/so_rules/
An error occurred: Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/malware-other.so...
ERROR: Failed to load /usr/local/snort/lib/snort_dynamicrules/malware-other.so:...

Re: Ubuntu 18 and so rules error James Lay (Jun 14)
Good info thanks YM!

James

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Re: Ubuntu 18 and so rules error James Lay (Jun 14)
Yes....of note I am not compiling the rules, just using pulled pork to
do it's thing.

James

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules:...

Re: Spam Joel Esler (jesler) via Snort-users (Jun 14)
No. Not uncommon. But those addresses that are part of the distribution list wouldn’t be able to write an email to
the list.

Sent from my iPhone

Yeah, that's what I was saying (they should check which email address receives the mail they think is spam). Ask Joel
if it's that uncommon...

i've never heard of such but if that's the case, then folks should be talking to
their $job$ and have their subscription to the list...

More Lists

Related Resources

We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.