SecLists.Org Security Mailing List Archive

Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects.

Re: man page translations David Fifield (Nov 08)
The translation guide is here:

http://nmap.org/xlate-faq.html

There is already a Russian translation. It is about a year old so you
can bring it up to date if you like.

http://nmap.org/man/ru/
http://nmap.org/xlate-faq.html#xlate-correct
http://nmap.org/data/man-xlate/nmap-man-ru.xml

David Fifield

Warning message enhancement idea Chris Clements (Nov 08)
Often times with slow links or comically overzealous scan tuning, nmap
informs me that it is giving up on a particular port:

Warning: Giving up on port early because of retransmission cap hit.

While getting this message is fantastic for knowing that I should
adjust my timings, it would be much more useful if it included a bit
more information, such as the particular host / port, as well as the
retransmission cap for the scan (yes I...

Re: man page translations Alexander Khodyrev (Nov 08)
Could you share a link to the documentation on the creation of man-pages for
different languages, I would pereel man-pages into Russian.

Best regards,
Khodyrev "SpxnezzaR" Alexander

2009/11/6 David Fifield <david () bamsoftware com>

Re: zenmap crashes in OSX 10.6 Jonathan Nilson (Nov 08)
Still crashes ...

valentina:~ nilsonj$ sudo
/Applications/Zenmap.app/Contents/MacOS/zenmap_wrapper.py
Xlib: extension "RANDR" missing on display "/tmp/launch-ZdeUX0/:0".
Segmentation fault

NB Running the .bin will produce a GUI, but the characters are all
off-codepage so they are not rendered. Could be a codepage definition
problem?

Let me know what else you would like to try.

./jon

On Fri, Nov 6, 2009 at 11:52 AM,...

ncat suggestions... MALTE SIMON (Nov 08)
Hi I suggest the following changes for ncat plese comment them ;-)

1. Make the following aliases:
-z = --send-only --recv-only
-i = -d
-L = -l -k
-V = -version
-so = --send-only
-ro = --recv-only

readd -r for using a random source / listen port.
-p for choosing a port to connect / listen
ncat should understand commands like ncat 127.0.0.1:23 --> connect 127.0.0.1 Port 23
ncat -l 127.0.0.1:23 --> listen on interface 127.0.0.1 Port 23...

Re: man page translations David Fifield (Nov 07)
To get only English, you should use --disable-nls. English is always
installed, in the special /usr/share/man/man1 location. LINGUAS=en
doesn't work:

/usr/bin/install: cannot stat `docs/nmap-en.1': No such file or directory

But I think I should make it not be an error if LINGUAS contains
language codes that are not among the translations we offer.

Yes, will do.

David Fifield

Re: OS X 10.6 diagnosis: pcap timeout and bpf device access David Fifield (Nov 07)
I think it's because the release I made on 10.5 was compiled as a 32-bit
executable, and the default compiler target on 10.6 is 64-bit, but I
haven't tested that yet. We could, of course, build the next release as
32-bit, but that doesn't help the people who build from source unless we
make it automatic in the build system.

For what it's worth, I ran a copy of Nmap that I had built on 10.5 and
still had installed after upgrading to 10.6. It...

Re: OS X 10.6 diagnosis: pcap timeout and bpf device access Walt Scrivens (Nov 07)
David,
Thanks for sticking with this. You've done an impressive bit of
analysis work. Your explanation is so good that even I begin to
understand what's going wrong, although I suppose the chances of apple
ever doing anything about it are slim to none.

Since the problem doesn't happen in the released version 5, the
problems you've uncovered are specific to 5.05BETA-1. Do we know why
those changes were made, and what the impact of...

Re: Simple script: random (garbage) fuzzer Jon Kibler (Nov 07)
Fyodor wrote:

Re: Use case for this script?

I have not had a chance to look at this NSE script. However, random garbage
generators are a VERY useful testing tool, especially against embedded systems
(printers, VoIP phones, environmental sensors, etc.) and real-time systems
(SCADA, PLCs, DCS, security, HVAC, etc.). They very rapidly identify brittle IP
stacks and how well systems handle unexpected traffic.

I regularly use custom protocol...

OS X 10.6 diagnosis: pcap timeout and bpf device access David Fifield (Nov 07)
I have been looking into this problem, and I think I have found the
cause, or rather causes, both of which appear to be Apple bugs. The
first is that setting timeouts for read events doesn't work unless the
timeout is at least 1000 milliseconds. The second is that opening a
/dev/bpf? device in O_WRONLY mode and binding it to an interface causes
all other listeners on the interface to see only outgoing traffic. I
don't know of a nice quick fix for...

exclude targets Si Stransky (Nov 07)
My salutations to all nmap followers,

I have something going wrong with certain sorts of exclude targets..
see for example

$ nmap -sL -n --exclude 10.0-253.0.1 10.250-255.0.22
..
nmap: TargetGroup.cc:459: int
TargetGroup::get_next_host(sockaddr_storage*, size_t*): Assertion
`ipsleft == 1' failed.
Aborted

$ nmap -sL -n -q --exclude 10.10.250-255.22 10.10.250-255.0-255
..
pine: TargetGroup.cc:459: int...

Re: Simple script: random (garbage) fuzzer Ron (Nov 07)
Fyodor wrote:

No, I'm doing a class right now and the instructor mentioned it. His
case was primarily finding low-hanging fruit services on certain systems.

It might be need to write fuzzers for specific protocols, too. HTTP
fuzzer, SMB fuzzer, etc etc. That's something I hadn't really thought of
using NSE for before.

Sure, any suggestions on how long it should go for?

Most services do terminate the connection pretty fast when they receive...

Zenmap fails to start. AFH Security (Nov 07)
Hey guys,

Running Ubuntu 9.10 Karmic Koala, on an amd64 system arch.
When I try to run zenmap (I wanted to see the new filter list button
that was mentioned in the change log) I get the following error.

"[Errno 2] No such file or directory: '/usr/share/zenmap/config'"

I searched my comp, and the zenmap dir is located at
"/usr/local/share/zenmap"
Any idea on what I'm doing wrong?

The steps I took to compile were the...

Support for IPv6 name servers in nmap Ankur Nandwani (Nov 06)
Hey Guys,

I just wrote a patch for Nmap's parallel DNS resolver which allows it
to make use of IPv6 name servers. David has committed the patch in
r16016. Please test it and let me know if there are any issues.

Thanks
Ankur

Re: Simple script: random (garbage) fuzzer Fyodor (Nov 06)
Nice. Did they request it on a public forum somewhere that you can
link to? It would be interesting to know more about the use case they
have in mind.

Maybe it should include a stopafter limit by default? That way it
doesn't go forever for people who acidentally specify it (perhaps
among other scripts) without specifying the stopafter arg.

Also, you might want to make this output line more clear:
return false, string.format("Finished...

Nmap Hackers — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.

Nmap 5.00 Released! Fyodor (Jul 16)
Hello everyone. I'm delighted to announce the release of Nmap 5.00!
This is the first major release since 4.50 in 2007, and includes about
600 significant changes since then! We consider this the most
important Nmap release since 1997, and we recommend that all current
users upgrade.

There are too many changes to list them all in this email, so here are
the top 5 improvements in Nmap 5:

1) The new Ncat tool aims to be your Swiss Army Knife...

Nmap news: stable release candidate 4.90RC1, SoC team, and new translations Fyodor (Jun 26)
Hi Folks. I'm pleased to announce some exciting Nmap news:

[=================Nmap 4.90RC1==================]

It has been nearly 10 months (and 11 dev releases) since 4.76, the
last stable Nmap release. And we've made many dramatic changes, so it
is time for a new stable version! I've posted a release
candidate--4.90RC1--on the Nmap download page:

http://nmap.org/download.html

Please test it out, and let us know if you find any problems...

Nmap 4.85BETA6 now avail w/Conficker detection Fyodor (Apr 01)
Hi Folks! In case you missed all the news reports yesterday, a couple
great researchers from the Honeynet Project (Tillmann Werner and Felix
Leder) and Dan Kaminsky came up with a way to remotely detect the
Conficker worm which has infected millions of machines worldwide.
Some say 15,000,000 machines infected, but that might just be
exaggerated AV-company BS for all I know. But there are clearly
millions of infections, and this massive botnet...

Nmap News: 4.84BETA4 release, Nmap book news, Summer of Code, Twitter, etc. Fyodor (Mar 27)
Hello everyone. We've seen 848 messages on nmap-dev this year, but
this is my first post to nmap-hackers. So I have a lot of exciting
Nmap news to fit into this one email!

[=================Nmap 4.85BETA4==================]

While the last release I posted to this list was 4.76 in September of
last year, we've had four beta releases since then with hundreds of
important and dramatic changes. I'm pretty happy with the latest
4.85BETA4 release,...

Nmap Network Scanning Book Released! Fyodor (Dec 09)
Nmap Hackers:

After promising you a book on Nmap for years, I'm delighted to finally
announce the release of Nmap Network Scanning! It contains everything
I've learned about network scanning from more than a decade of Nmap
development, plus some bad jokes and (over Time Warner's written
objections) pictures of Trinity hacking the Matrix :). Here is the
abstract:

Nmap Network Scanning is the official guide to the Nmap Security
Scanner, a...

Nmap News: 4.76 release, Defcon presentation online, Is port scanning legal? Fyodor (Sep 23)
Hi everyone. I'm happy to report that the Nmap 4.75 release (with
port frequencies, Zenmap topology, etc.) was a big success. But such
large exposure inevitably leads to bug discovery, so we've
released version 4.76 with about a dozen small fixes and stability
improvements. If 4.75 is working great for you, there is probably no
need to upgrade. But if you encountered problems, or if you are the
type who waits a couple weeks for stabilization...

Nmap 4.75 released Fyodor (Sep 08)
Hi Everyone. I'm delighted to report the release of Nmap 4.75, which
has almost 100 significant improvements since 4.68. Some which I'm
most excited about are:

o While Nmap stands for "Network Mapper", it hasn't been able to
actually draw you a map of the network--until now! Visit
http://nmap.org/book/zenmap-topology.html for details and pretty
pictures of Zenmap's new Scan Topology system.

o I spent much of this summer...

Nmap 4.68 release Fyodor (Jul 31)
Hi All. I'm happy to report that there have been several stable Nmap
releases since I mailed you about Nmap 4.60 in March. The latest
version is 4.68, and I think you'll like it (unless you still use
Win2K, which can be problematic due to IPv6 issues that we hope to
resolve in the next release). Before I give you the full list of 125
improvements, I'll start with a few highlights:

o Added a new --min-rate option that allows specifying a...

Lots of Nmap News Fyodor (Jul 31)
Hi All. I feel derelict for failing to post any Nmap news to this
nmap-hackers list in the last four months, but you can rest assured
that we've been busy on the project! For example, there have been
1,181 posts on the nmap-dev list (not all from me) since my March
nmap-hackers announcements. So you can always join that if you want a
constant flood of Nmap news :). There have also been several stable
Nmap releases since that time, great news...

Nmap accepting applications for Summer of Code developers Fyodor (Mar 24)
It may have taken me four months to send this year's first
nmap-hackers mail, but the second only took me four hours. I want to
let you all know that Nmap has been accepted for the fourth year
running to participate in the Google Summer of Code program. This
generous and innovative program provides $4,500 stipends to hundreds
of university students to create or enhance open source software.
Applications are only accepted for one week, until...

Nmap 4.60 and new movies page Fyodor (Mar 24)
Hi everyone. This is the first nmap-hackers message of the year, but
we haven't been slacking. The nmap-dev list has more than 500 posts
so far this quarter, and we've made many great improvements to Nmap
during the period.

Nmap-hackers is reserved for the most important Nmap news, but that
won't prevent me from starting out this message with something
frivolous :). I recently learned that Nmap was in not just one, but
two major motion...

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

[ GLSA 200911-01 ] Horde: Multiple vulnerabilities Alex Legler (Nov 06)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200911-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Horde: Multiple vulnerabilities
Date: November 06,...

Php 5.3.0 pdflib extension open_basedir bypass r3d . w0rm (Nov 06)
Description:
------------
Via this bug , attacker can save a file in path that not allowed in
open_basedir .

Reproduce code:
---------------
<?php
// Author : Sina Yazdanmehr (R3d.W0rm) ; Our Site : http://IrCrash.com
if(!extension_loaded('pdf')){
die('pdf extension required .');
}else{
$__PATH = $_GET['p']; /*The path that u want save file in .ex:
/etc/file.php*/
$__VALUE = $_GET['v']; /*The text that u want save in file .ex:...

[SECURITY] [DSA 1929-1] New Linux 2.6.18 packages fix several vulnerabilities dann frazier (Nov 06)
----------------------------------------------------------------------
Debian Security Advisory DSA-1929-1 security () debian org
http://www.debian.org/security/ Dann Frazier
November 5, 2009 http://www.debian.org/security/faq
----------------------------------------------------------------------

Package : linux-2.6
Vulnerability : privilege escalation/denial of...

[ MDVSA-2009:294 ] firefox security (Nov 06)
_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:294
http://www.mandriva.com/security/
_______________________________________________________________________

Package : firefox
Date : November 5, 2009
Affected: 2010.0
_______________________________________________________________________

Problem Description:

Security issues were identified...

Using Blended Browser Threats involving Chrome to steal files on your computer Inferno (Nov 06)
For complete post with images, please visit
http://securethoughts.com/2009/11/using-blended-browser-threats-involving-ch
rome-to-steal-files-on-your-computer/

SECURETHOUGHTS.COM ADVISORY
=============================================
- CVE-ID : CVE-2009-XXXX (Chrome) {Pending}
- Release Date : November 05, 2009
- Severity : Medium
- Discovered by : Inferno
=============================================

I. TITLE...

[SECURITY] [DSA 1928-1] New Linux 2.6.24 packages fix several vulnerabilities dann frazier (Nov 06)
----------------------------------------------------------------------
Debian Security Advisory DSA-1928-1 security () debian org
http://www.debian.org/security/ Dann Frazier
November 5, 2009 http://www.debian.org/security/faq
----------------------------------------------------------------------

Package : linux-2.6.24
Vulnerability : privilege escalation/denial of...

[SECURITY] [DSA 1927-1] New Linux 2.6.26 packages fix several vulnerabilities dann frazier (Nov 05)
----------------------------------------------------------------------
Debian Security Advisory DSA-1927-1 security () debian org
http://www.debian.org/security/ dann frazier
November 5, 2009 http://www.debian.org/security/faq
----------------------------------------------------------------------

Package : linux-2.6
Vulnerability : privilege escalation/denial of...

[USN-854-1] GD library vulnerabilities Marc Deslauriers (Nov 05)
===========================================================
Ubuntu Security Notice USN-854-1 November 05, 2009
libgd2 vulnerabilities
CVE-2007-3475, CVE-2007-3476, CVE-2007-3477, CVE-2009-3293,
CVE-2009-3546
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the...

[USN-855-1] libhtml-parser-perl vulnerability Marc Deslauriers (Nov 05)
===========================================================
Ubuntu Security Notice USN-855-1 November 05, 2009
libhtml-parser-perl vulnerability
CVE-2009-3627
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu....

ZDI-09-081: Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability ZDI Disclosures (Nov 05)
ZDI-09-081: Hewlett-Packard Power Manager Administration Web Server Stack Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-081
November 5, 2009

-- CVE ID:
CVE-2009-2685

-- Affected Vendors:
Hewlett-Packard

-- Affected Products:
Hewlett-Packard Power Manager

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID...

CORE-2009-0912: Blender .blend Project Arbitrary Command Execution CORE Security Technologies Advisories (Nov 05)
Blender .blend Project Arbitrary Command Execution

1. *Advisory Information*

Title: Blender .blend Project Arbitrary Command Execution
Advisory Id: CORE-2009-0912
Advisory URL:
http://www.coresecurity.com/content/blender-scripting-injection
Date published: 2009-11-05
Date of last update: 2009-11-04
Vendors contacted: Blender Foundation
Release mode: User release

2. *Vulnerability Information*

Class: Failure to Sanitize Data into a Different...

[security bulletin] HPSBMA02474 SSRT090107 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code security-alert (Nov 05)
SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c01905743
Version: 1

HPSBMA02474 SSRT090107 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2009-11-04
Last Updated: 2009-11-04

Potential Security Impact: Remote execution of arbitrary code

Source: Hewlett-Packard Company, HP Software Security Response Team...

[Bkis-12-2009] eoCMS SQL injection vulnerability - Bkis Report Bkis (Nov 05)
eoCMS SQL injection vulnerability

1. General information

eoCMS is an open source code software which is used to develop Internet
forum (http://eocms.com/). On October 15, 2009, Bkis Security detected a
SQL injection vulnerability in some functions of eoCMS.

This is a critical vulnerability which allows hacker to access the data
in the database and execute unauthorized tasks. Bkis has informed the
software developer team, and they have...

CONFidence 2.0 schedule online - last time to register Andrzej Targosz (Nov 05)
Dear Madame/Sir,

CONFidence is the one of the most technical conference in Eastern
Europe. You can find videos from the latest edition here:
http://200902.confidence.org.pl/materialy-maj-2009

You can find all informations here:
http://200902.confidence.org.pl

Speakers list (alfabetical order):
* Chema Alonso
* Jacob Appelbaum – keynote
* Jesse Burns
* Frank Breedijk
* Łukasz Bromirski
* Raoul Chiesa
* Gynvael...

Re: /proc filesystem allows bypassing directory permissions on Pavel Kankovsky (Nov 05)
It is required to do nothing:

F_SETFL
Set the file status flags, defined in <fcntl.h>, for the file
description associated with fildes from the corresponding bits in the
third argument, arg, taken as type int. Bits corresponding to the file
access mode and the file creation flags, as defined in <fcntl.h>, that are
set in arg shall be ignored. If any bits in arg other than those mentioned
here are changed by the application,...

Full Disclosure — An unmoderated high-traffic forum for disclosure of security information. Fresh vulnerabilities sometimes hit this list many hours before they pass through the Bugtraq moderation queue. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. Unfortunately 80% of the posts are worthless drivel, so finding the gems takes patience.

[SECURITY] [DSA 1931-1] New NSPR packages fix several vulnerabilities Moritz Muehlenhoff (Nov 08)
------------------------------------------------------------------------
Debian Security Advisory DSA-1931-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
November 08, 2009 http://www.debian.org/security/faq
------------------------------------------------------------------------

Package : nspr
Vulnerability : several
Problem type : local(remote)...

Re: How to receive SPAM mail dramacrat (Nov 07)
If you want to be spammed, join full-disclosure.

2009/11/7 Michael Holstein <michael.holstein () csuohio edu>

Re: How Prosecutors Wiretap Wall Street mikelitoris (Nov 07)
if a US citizen is involved, should not require a warrant.

This is all well and good, until the definition of terrorist is
changed and you become labeled a "terrorist" because your "reason"
is suddenly counterproductive to someone else's "opinion". You
must apply the warrant requirement consistently. Otherwise, when
interpretation of the word "terrorist" changes, it affects the
meaning of the law....

[SECURITY] [DSA 1930-1] New drupal6 packages fix several vulnerabilities Steffen Joeris (Nov 07)
------------------------------------------------------------------------
Debian Security Advisory DSA-1930-1 security () debian org
http://www.debian.org/security/ Steffen Joeris
November 07, 2009 http://www.debian.org/security/faq
------------------------------------------------------------------------

Package : drupal6
Vulnerability : several...

Linux 2.6.x fs/pipe.c local root exploit (CVE-2009-3547) Edward D. Teach (Nov 07)
For those who were not yet aware, there is at least 3 public exploits
since 11/05/2009 for CVE-2009-3547 targeting *all* linux kernels from
2.6.0 to 2.6.31 included. Since spender and fotis have already release
their own, there is not need for us to keep this on our hd.
ImpelDown.c is a poc trying to exploit null ptr dereference in fs/pipe.c
for *all* linux kernel from 2.6.0 to 2.6.31 and ImpelDown-2.6.31only.c
target only linux kernel version...

Re: How Prosecutors Wiretap Wall Street Paul Schmehl (Nov 07)
--On November 7, 2009 11:24:55 AM -0600 Valdis.Kletnieks () vt edu wrote:

No, actually I don't. I just did a lousy job of wording it.

That's only true if they can get the paperwork done and obtain the warrant
within 72 hours. Otherwise, at the 72 hour mark all monitoring must
cease. And guess who knows that? We don't exactly keep our operational
strictures secret, you know. And to think that terrorists aren't aware of
the rules within...

Re: How Prosecutors Wiretap Wall Street Paul Schmehl (Nov 07)
--On November 7, 2009 11:20:31 AM -0600 Rohit Patnaik
<quanticle () gmail com> wrote:

Why? If they were pursuing criminal charges against you, then, by all
means, they should have to comply with all the strictures that protect our
rights. But to gather intelligence about what terrorists are up to, even
if a US citizen is involved, should not require a warrant.

Intelligence works best in a world of secrecy. The more people that are...

Re: How Prosecutors Wiretap Wall Street Valdis . Kletnieks (Nov 07)
On Fri, 06 Nov 2009 23:42:45 CST, Paul Schmehl said:

Actually Paul, you have that bass-ackwards, and it's important.

They are allowed to start wiretapping immediately, and then have 72 hours
*after they already started listening* to find a FISA court judge and
do the paperwork. So yes, the terrorists don't wait for a warrant, and
the NSA doesn't need to wait either.

So let's see.. You're the NSA. You develop a person of interest. You start...

Re: How Prosecutors Wiretap Wall Street Rohit Patnaik (Nov 07)
The direction of the association doesn't matter. It doesn't matter if the
"terrorist" is contacting me, or if I'm contacting the terrorist. In either
case, the US government should get a warrant before they spy on me. Also,
this executive opinion doesn't just apply to the CIA and the NSA. It
applies to the entire executive branch, including law enforcement.

Secondly, we seem to have a general disagreement about the intent of the...

Re: How Prosecutors Wiretap Wall Street Paul Schmehl (Nov 06)
--On November 6, 2009 10:10:56 PM -0600 Rohit Patnaik
<quanticle () gmail com> wrote:

First of all, the NSA and CIA don't pursue criminal cases against US
persons. That's the job of law enforcement. The NSA is a military
agency. Their job is to protect the US against its enemies by providing
the military with intelligence that helps in planning and the conduct of
operations. The CIA is a civilian agency tasked with the job of...

Re: How Prosecutors Wiretap Wall Street Rohit Patnaik (Nov 06)
If it is so clear that a US citizen is involved in terrorism and is
communicating with terrorists beyond our borders, then why is it so hard for
the NSA, CIA, FBI or Homeland Security to get a warrant? After all, its not
like they can claim that there wasn't time to get a warrant - the
pre-existing law allowed them to put in expedited requests for warrants
after the actual wiretap started, in addition to allowing continued use of
wiretaps while...

Re: How Prosecutors Wiretap Wall Street Paul Schmehl (Nov 06)
--On November 6, 2009 6:07:17 PM -0600 Rohit Patnaik <quanticle () gmail com>
wrote:

Right. The New York Times prints an article claiming that a
"whistleblower" has revealed the content of a secret Executive Order. The
Washington Post then repeats that claim, without any substantiation other
than the supposed statement of an anonymous informant and unnamed
"administration officials" quoting "classified...

Re: How Prosecutors Wiretap Wall Street Paul Schmehl (Nov 06)
--On November 5, 2009 10:03:31 PM -0600 Chris <r0ck () operamail com> wrote:

Not being privy to the process, I couldn't even say if the approval
process is that high. I'm not inclined to believe it simply because some
reporter or secret source claimed it to be true. You, of course, live
with the absolute certainty that you know the truth and no other possible
explanation is plausible than the one you believe.

I think this subject...

Re: How Prosecutors Wiretap Wall Street Rohit Patnaik (Nov 06)
On Fri, Nov 6, 2009 at 1:25 PM, Paul Schmehl <pschmehl_lists () tx rr com>wrote:

You say that claims about the NSA conducting warrantless wiretaps against US
citizens are unsubstantiated. That is totally and blatantly false (
http://is.gd/4PcWV). The linked article clearly states, "Mr. Bush's
executive order allowing some warrantless eavesdropping on those inside the
United States - including American citizens, permanent legal...

Re: How to receive SPAM mail Michael Holstein (Nov 06)
I had to do a similar thing when doing a spam-appliance "vendor
shakedown" .. what I did was setup a subdomain

eg: test.mycompany.com

and then create email IDs within that subdomain that had valid mailboxes

eg: bob () test mycompany com, suzie () test mycompany com, etc.

and then I used Google to search for "free offers" and "work from home",
etc. and entered those IDs on about 100 different sites. There's tons...

Security Basics — A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.

Security Toolkit for dummies exzactly (Nov 04)
I am currently working on a (free)toolkit to pass down to Tier 3 and Tier 2
to be used in the event of a breach/infection or suspected breach/infection.
In a nutshell I want to give them some tools to use to gain further
information about the system and processes and/or malicious tools running on
it. This toolkit is designed for a Windows desktop and Server environment. I
am looking at building out tools that are fairly easy to use and do...

RE: Assessing risk management and imminent decision making process Murda Mcloud (Nov 04)
Dear Brother Barbod Kiani,
I believe that if you read the book called The Secret then all your dreams,
conscious and unconscious will come true(but only if you buy a copy of it,
not if you borrow it from the library). Also, if you send a check for $300
to the person at the top of this list then you will be repaid in abundant
alpha waves which will unlock the neural pathways to the new singularity
which I now understand you to be part of.

As for...

RE: Assessing risk management and imminent decision making process Murda Mcloud (Nov 04)
Haha. The original post ended up in my spambox for some reason ;-)
Is the emotionally and mentally effete CSO a Texan? I find that hard to
believe.
Also, I refuse to offer patulous support for fatuous requests.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how...

RE: Re[2]: Testing for SQL injection or Cross Site scripting Stoughton, Brian F. (Nov 04)
Acunetix is pretty good...

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of mojorising
Sent: Tuesday, October 13, 2009 4:50 PM
To: Adam Pal
Cc: Scott Race; security-basics () securityfocus com
Subject: Re: Re[2]: Testing for SQL injection or Cross Site scripting

Hi.

There are a few good tools out there for finding web application
vulnerabilites and it's a good idea run them...

Re: Assessing risk management and imminent decision making process Barbod Kiani (Nov 04)
Yes sir, they do. Because I also have a wireless camera in my head too
and probably never gonna be able to get married as a result. But, thanks
to dear President Obama, at least, my e-mails go thru now!

Respectfully yours,
Bob Kiani

W W wrote:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (MingW32)

mQENBErRcicBCADRCwBtsSjd9Nv3f4A/B3/9g4NECiKjOB8J3Ls06dNsycJp5235
KeM9ESjdsuPzR8+/3o5Ley97h6i0FFWRVbP6Ogne4kqQML36ZFMZxQQqHu8oGuos...

OpenVMS flags question lgpm (Nov 02)
Hi List,

Could someone please advise regarding these flags in OpenVMS:
1- DISCTLY: should it be set or not? I mean, if this flag is not listed in
the flags list, accounts would be able to prematurely abort the system login
sequence, preventing certain procedures from being executed during login.
And when they do so, does login continue normally (without running the
scripts of course), or does it stop at one point?
2- DEFCLI: having it not set...

Re: Assessing risk management and imminent decision making process Barbod Kiani (Nov 02)
Hello Mr.:

In plain English. I genuinely asked for your help while trying to give
you food for your thoughts in return about a technology in use perhaps
at least 20 years ahead of our time!

Having been thru a horrible "Enhanced Interrogation" after my
bleeding-unconscious body was flown to the area 51, had my memory messed
up, got my executive functions taken away and got more Micro Devices put
in my brain and body. Soon after, sent...

Re: Strange repeating probes to port 80 Gleb Paharenko (Oct 30)
Hi!

IMHO, it might be some botnet command center, which sends UDP probes
to check if your host infected. It is interesting in case you resend
same UDP packet back :)
Here is a clue for UDP managed trojan - it is looking for UDP packets
containing word "DOM":
http://old.honeynet.org/scans/scan21/sol/scan21_turner.txt

2009/10/26 boris mutina <boris.mutina () gmail com>:

Re: WAN optimization security kaneda (Oct 30)
You should also look at the security of the WAN optimisation device
itself:

* How do you administer the device?
* Can you apply ACLs to the admin interface?
* Can it be isolated on a OOB network
* Are firmware updates uploaded via SSL or can it be intercepted?, etc.

Re: Log analisys and siem Simone (carverrace () gmail com) (Oct 29)
I would suggest you also another product that is work fine and it
should be most apropriate for your market.
Look for SecureLog.

have a ncie day.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers...

Re: Any recommendable Windows Server Vaccine program? John Morrison (Oct 29)
Another option is McAfee AntiVirus and AntiSpyware Enterprise. The pair are
less US$80 together. If you have several servers then using them with a
central management system (ePO) brings operational efficiencies.

2009/10/29 Ken Pryor <kdpryor () gmail com>

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL...

Re: Any recommendable Windows Server Vaccine program? Ken Pryor (Oct 29)
I'll add my own endorsement for Vipre. I've been using it for several
months now and am very happy with it. As was noted, you can't beat
the price either.
KP

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your...

Re: Log analisys and siem aditya mukadam (Oct 29)
Some good SIEM options to be considered are:

1) LogRhythm
2) Netforensics
3) Arc Sight
4) Juniper STRM

Thanks,
Aditya Govind Mukadam
CISSP,CEH,JNCIA-SSL,JNCIA-UAC,JNSA-Advanced Security, CQS-PIX,CQS-VPN

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL...

Re: Log analisys and siem Albert Gonzalez (Oct 29)
Greetings,

Since you didn't mention the need for correlation, so a SIEM might not
be what you want just to collect logs. Splunk has a free version that
you might want to look at. I know the free version limits your log feeds
indexing to 500MB/day[1], but worth a test run none the less.

Later,

[1] - http://www.splunk.com/view/SP-CAAADFV#difference

-
Albert Gonzalez
http://blog.cerveau.us

Re: Any recommendable Windows Server Vaccine program? Kurt Buff (Oct 29)
If by vaccine you mean antivirus/antimalware, then I can certainly
recommend VIPRE from Sunbeltsoftware. Works well, and is not very
expensive.

Kurt

2009/10/28 MontyRee <chulmin2 () hotmail com>:

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL...

Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.

Re: Metasploit admin (Nov 05)
Jon Kibler wrote:

Thanks for the heads up. I have only scanned the first few chapters so far, I will make time for this.

Thanks again
Dave

Re: Brief Analysis of inj3ct0r.com Jon Kibler (Nov 05)
djamel djamel wrote:

Milw0rm will be back soon. See: "Milw0rm / Str0ke Not Dead" from yesterday.

Jon

Re: Pen Tester Scripting Robin Wood (Nov 05)
2009/11/3 infosec posts <infosec.posts () gmail com>:

The project is just starting up so we don't have much on there at the
moment but the number of people offering to submit scripts is growing
so hopefully it won't be long till we get to a point of having
something for everyone.

If you have something you'd like to submit please send it to
scripts () pentesterscripting com . These don't have to be hardcore, l33t
scripts just anything you...

Re: SQL passwords Martin Rublik (Nov 05)
Well if you use 2005 SQL server it would be definitely faster to
attack an uppercase hash. The complexity will reduce significantly.
For example if you have n character password then there are 2^n
possibilities for mixcase password for every uppercase password.

As for the worst case it is quite simple, it depends on how many
characters you will use :), if you use Cain for password cracking it
will show you how much time is remaining.

Best...

Analyzing Shellcode cAs (Nov 05)
Good evening everybody,

i am trying to analyze the shellcode used in this exploit:
http://www.milw0rm.com/exploits/7477

If i echo the unescaped shellcode i only get wierd chinese (i think)
letters.

What's the right way to analyze what kind of shellcode is beeing used
and what command is beeing executed by it.

Greetings,
cAs

------------------------------------------------------------------------
This list is sponsored by: Information...

Re: Brief Analysis of inj3ct0r.com djamel djamel (Nov 05)
is there any GOOD alternative other than packet storm???

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org...

Re: True Source Code Analysis for Security Jason Ross (Nov 04)
Agreed, it feels "slimy". That was my first reaction to this thread as well.
But then I tried to identify what exactly it was that cause me to feel that way.

* The white paper itself doesn't try to market their product that I
could see.
* The web site it's available from doesn't require an email address or any
other form of information before allowing you to download the document.
* The original post does not attempt to...

Milw0rm / Str0ke Not Dead Jon Kibler (Nov 04)
Hi,

I know by now that many of you have seen the story at...

http://bl4cksecurity.blogspot.com/2009/11/str0ke-milworms-funeral-is-this-friday.html

I know this because MANY of you have written me off-list with the message "have
you heard the news?"... If I did not personally reply, I am sorry, but my inbox
has been swamped today.

Well, good news and bad news here.

Bad news first. The above story is a hoax. Str0ke is alive, well, and...

MITM attack report on smartphones Mayank Aggarwal (Nov 04)
Hi,

I thought of sharing this report which we recently posted on the following link:
http://threatcenter.smobilesystems.com/?cat=4

Abstract:
According to a survey conducted by a mobile advertising researcher, AdMob, smartphone users are driving up the use of
Wi-Fi hotspots. The result of the survey indicates that there were 550 million smartphone Wi-Fi requests in Western
Europe alone in 2008, a 132% increase for the year. AdMob said that 42%...

Re: Get a Clue! WAS: Re: Metasploit Eric Milam (Nov 04)
Although I agree with some of what Jon states below. I think it was
rude not to include the link. It did only take me about 5 seconds with
Google. (Although I got the info in Sept through the Offsec Blog...and
you guys should sign up for the newsletter!)

In the immortal words of muts -> Try Harder!

http://www.offensive-security.com/metasploit-unleashed/

Best of luck!

Eric
OSCP!

Jon Kibler wrote:...

Re: port scan to juniper fw aditya mukadam (Nov 04)
Yes, I have verified and also have the relevant logs with me from the
'flow filter' .

Thanks,
Aditya Govind Mukadam

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT
and CEPT certs require a full practical examination in order to...

Re: port scan to juniper fw Chris Brenton (Nov 04)
Have you verified this? Last time I tested their anti-spoofing it didn't
actually drop the packet. It would pass it through and then follow it up
with a host unreachable (to the target) in order to kill the session.

What was odd was the TTL would get decremented by 2. My best guess is it
was the single honed IPS code dealing with the spoofing and that was
introducing an extra routing hop.

I have not tested this for a few years, so they may have...

Get a Clue! WAS: Re: Metasploit Jon Kibler (Nov 04)
Jon Kibler wrote:
<SNIP!>

<SNIP!>

I hate to reply to my own email, BUT...

<rant>
I received dozens of (mostly off-list) messages, "I cannot find the course, will
you please send me a link"? Folks, get a clue! How can you call yourself a pen
tester if you cannot find an online course hiding in plain site? How do you
expect to be able to penetrate systems through obscure weaknesses when you miss
the 6,500Kgm gorilla...

winAUTOPWN 2.0 - Introducing winAUTOPWN GUI - Now you can sleep QUAKER DOOMER (Nov 04)
Dear all,

After a long break and a lot of Unpolished SITA releases of the previous version, I am finally releasing
winAUTOPWN version 2.0

winAUTOPWN or WINDOWS AUTOPWN version 2.0 now has a GUI (winAUTOPWN_GUI.exe) to initiate the main
console winAUTOPWN.exe
winAUTOPWN now supports all console arguments which can also be fed interactively.
This version covers almost all remote exploits from 2009 start uptill October 2009. Though a few are...

Re: Metasploit jfvanmeter (Nov 04)
How well do you know metasploit?

I thought I knew it fairly well. Turns out, I do know half of what I thought I
knew about metasploit. I am really surprised at how much metasploit can do that
I did not know about.

I am currently working through Offensive Security's Metasploit Unleashed online
course. It is currently a "donate to HFC"-ware course. It is a great course, and
I highly recommend it! I have learned a lot and I am only about...

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

Data security measures for Bord Gais InfoSec News (Nov 05)
http://www.irishtimes.com/newspaper/breaking/2009/1105/breaking2.htm

By Elaine Edwards
irishtimes.com
November 5, 2009

Bord Gais is to introduce new security procedures after it accepted it
was in breach of Data Protection legislation in relation to the theft of
details of some 93,000 customers on a laptop.

A report on the investigation by the Office of the Data Protection
Commissioner (ODPC) into the theft of four laptops from Bord Gais's...

Experts gather for Cyber Operations Symposium InfoSec News (Nov 05)
http://www.ftleavenworthlamp.com/articles/2009/11/05/news/news6.txt

By Capability Development Integration Directorate
Fort Leavenworth Lamp
November 5, 2009

The Combined Arms Center Capability Development Integration Directorate
hosted a Cyberspace Operations Symposium Oct. 27-30 at Fort Leavenworth.

More than 100 attendees from more than 25 organizations across Training
and Doctrine Command and the greater community of interest actively...

Little-Known Hole Lets Attacker Hit Main Website Domain Via Its Subdomains InfoSec News (Nov 05)
http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=221600496

By Kelly Jackson Higgins
DarkReading
Nov 05, 2009

Turns out an exploit on a Website's subdomain can be used to attack the
main domain: A researcher has released a proof-of-concept showing how
cookies can be abused to execute such an insidious attack.

Michael Bailey, senior researcher for Foreground Security, published a
paper this week that...

Cybercriminals down five British police forces in a year InfoSec News (Nov 05)
http://www.theregister.co.uk/2009/11/05/police_breaches/

By Chris Williams
The Register
5th November 2009

In the last year five British police forces have suffered major computer
failures lasting three days or more as a result of malicious internet
attacks.

The spate of intrusions by cybercriminals and the resulting outages was
revealed recently by a senior authoritative source, who can't be
identified because the disclosure was made...

Secunia Weekly Summary - Issue: 2009-45 InfoSec News (Nov 05)
========================================================================

The Secunia Weekly Advisory Summary
2009-10-29 - 2009-11-05

This week: 63 advisories

========================================================================
Table of Contents:

1.....................................................Word From...

DOD approves new credentials for security professionals InfoSec News (Nov 05)
http://defensesystems.com/articles/2009/11/04/dod-approves-new-security-certification.aspx

By Kathleen Hickey
Defense Systems
Nov 05, 2009

The Defense Department has approved new credentials for information
security professionals. The directive is expected to result in more than
100,000 personnel obtaining professional credentials.

DOD approved the (ISC) 2 Certification and Accreditation Professional
(CAP), which requires that all DOD...

Call for Papers: Conference on Cyber Conflict, Estonia InfoSec News (Nov 05)
Forwarded from: k g <kgconference (at) gmail.com>

Call for Papers!

Cooperative Cyber Defence Centre of Excellence (www.ccdcoe.org),
Tallinn, Estonia

Conference on Cyber Conflict, June 15-18, 2010

CCD CoE seeks research papers from academia and the professional world
that offer an original and substantial contribution toward understanding
conflict in cyberspace.

The 2010 agenda has three tracks:

- Strategic Viewpoints
- Technical...

Men allegedly broke into computers of former employer InfoSec News (Nov 05)
http://www.theregister.co.uk/2009/11/05/computer_intrusion_charges_filed/

By Dan Goodin in San Francisco
The Register
5th November 2009

Federal authorities on Wednesday filed intrusion charges against two men
accused of accessing the computer systems of their former employer.

Scott R. Burgess, 45, of Jasper, Indiana, and Walter D. Puckett, 39, of
Williamstown, Kentucky, both worked as managers for Indiana-based Stens
Corporation until...

IT Workers Building Security Into Their Career Strategies InfoSec News (Nov 05)
http://www.darkreading.com/security/management/showArticle.jhtml?articleID=221600343

By Tim Wilson
DarkReading
Nov 04, 2009

IT professionals are placing their bets on security as they plot their
next career moves, according to a new study published earlier today.

The survey of more than 1,500 IT workers, which was conducted by the IT
trade association CompTIA, found that 37 percent intend to pursue a
security certification over the next...

New cybersecurity role for NIST? InfoSec News (Nov 05)
http://fcw.com/articles/2009/11/04/web-cybersecurity-nist-bill.aspx

By Ben Bain
FCW.com
Nov 04, 2009

A bill that would expand the National Institute for Standards and
Technology's role in cybersecurity cleared a House subcommittee today.

NIST would be responsible for developing a plan to coordinate the
government's work with international organizations developing
cybersecurity standards under the bill approved by the House Science and...

IT budgets sacrificed despite rise in hack attacks InfoSec News (Nov 05)
http://www.theage.com.au/technology/security/it-budgets-sacrificed-despite-rise-in-hack-attacks-20091103-hubi.html

By Conrad Walters
theage.com.au
November 3, 2009

Even as companies acknowledge cyber attacks have rocketed to
unprecedented levels this year, many businesses are freezing or even
cutting the security budgets that fend off these dangers.

A study of nine countries has found mid-size companies - those with
between 51 and 1000...

Military Admits N. Korean Hacker Attack InfoSec News (Nov 03)
http://english.chosun.com/site/data/html_dir/2009/11/04/2009110400775.html

The Chosun Ilbo
Nov. 04, 2009

The North Korean military hacked into the South Korean Army command in
March and a password for the National Institute of Environmental
Research (NIER) website leaked out, Lt. Gen. Kim Jong-tae, commander of
the Defense Security Commend (DSC), admitted to a parliamentary audit on
Tuesday. That confirms a report last month in the Monthly...

Mossad Hacked Syrian Official's Computer Before Bombing Mysterious Facility InfoSec News (Nov 03)
http://www.wired.com/threatlevel/2009/11/mossad-hack

By Kim Zetter
Threat Level
Wired.com
November 3, 2009

Agents of Israel's Mossad intelligence service hacked into the computer
of a senior Syrian government official a year before Israel bombed a
facility in Syria in 2007, according to Der Spiegel.

The intelligence agents planted a Trojan horse on the official's
computer in late 2006 while he was staying at a hotel in the Kensington...

Lockheed Martin To Manage Pentagon Network InfoSec News (Nov 03)
http://www.informationweek.com/news/government/enterprise-architecture/showArticle.jhtml?articleID=221600125

By J. Nicholas Hoover
InformationWeek
November 3, 2009

Lockheed Martin has won a $293 million contract to provide network
operations support to the Pentagon and other military networks in the
Washington, D.C., area.

Lockheed will manage, operate, and secure the Pentagon's data networks
and provide 24 by 7 support to users. According...

International cooperation to shape common policies for cybersecurity and data protection InfoSec News (Nov 03)
http://gcn.com/articles/2009/11/03/us-eu-cybersecurity-agreement.aspx

By William Jackson
GCN.com
Nov 03, 2009

The United States and the European Union have agreed to treat
cybersecurity, cyber crime and data protection as international issues,
cooperatively developing polices based on shared values.

Mary Ellen Callahan, chief privacy officer of the Homeland Security
Department, called the recent joint statement on these principles by
U.S....

Firewall Wizards — Tips and tricks for firewall administrators

Re: secure firewall rule management program Morty Abzug (Nov 05)
Thanks! We're looking both at Tufin (mentioned by Rainer Ginsberg)
and at Algosec (mentioned by one of our managers and by Rainer). The
current versions of both products fail to meet several of our
dealbreaking requirements. Both products are relatively new. We're
hopeful that a future version of one or both products will be what we
want.

- Morty

Re: secure firewall rule management program Matthias Leu (Nov 05)
Hi Morty,
have you had a look at Tufin SecureTrack and SecureChange Workflow?
It's not free, but quite good and I think your requirements are fulfilled.

It runs on Linux and is written by security professionals.
SecureTrack is connected to Check Point SmartCenter or MDS/CMA via
OPSEC, other vendors are supported too (e.g. Juniper, Cisco,
Fortinet,...).
Each 'save' gives a new revision, no 'install' necessary. So reports,
and above all, alerts...

OT, sorta: Breaking pipes? Kurt Buff (Nov 05)
All,

At $WORK I admin a nice Sidewinder. Works well. I like it, though I'm
not as fully trained on it as I'd like to be.

However, I'm seeing more complaints from end-users who are
encountering web sites that issue URLs with the pipe/vertical bar -
"|" - character embedded in them. The Sidewinder proxy denies it, as
is proper. The latest occurrence is a really stupid State government
web site that actually puts the pipe character at...

Re: secure firewall rule management program Avishai Wool (Oct 25)
Mordechai,

AlgoSec FireFlow does pretty much exactly what you need.
It is definitely topology aware and can tell you which firewalls
you should modify to meet a change request.
It has rule expiration built in.
Supports Check Point, Cisco, Juniper, Fortinet.

http://www.algosec.com

Avishai

disclaimer: I'm AlgoSec CTO & Co-Founder so I'm biased.

Re: Palo Alto Networks Cassell, Damon Z. (Oct 14)
Palo Alto does have central management by using an additional product called Panorama.

http://www.paloaltonetworks.com/products/panorama.html

One observation on the topic of management; the Palo Alto logging scheme seemed clunky, especially with a lot of
logging enabled. If you are a frequent user of, say, Check Point SmartView Tracker then you might be annoyed with a
web-based viewer and have some trouble with the query capabilities. Maybe...

Re: Palo Alto Networks Paul Hutchings (Oct 13)
Thanks all.

Frank, We would only be looking at one unit so management shouldn't
be an issue. You mentioned "home grown apps" and giving them a
definition, this will hopefully all be clear once I have a units GUI
in front of me, but presumably if you need/want it to the PA boxes
can also act as dumb stateful firewalls i.e. "Simply allow port XYZ
from X to Y"?

Arkanoid, I've learned not to trust the marketing hence...

Re: Slow FTP transfers sky (Oct 13)
Hi Chris,

There are no tracking module(s) that I know of. These servers are
located behind FWSM.

I haven't tried different server but active mode seems to cause
intermittent problem whereas passive mode seems to be the work around.

regards,
sky

Chris Smith wrote:

Re: Palo Alto Networks ArkanoiD (Oct 09)
Ah, and it does SSL MITM as well. I do not have any hands-on experience, though.

(going to publish a whitepaper on "benevolent" SSL MITM proxy soon which fixes several
SSL security problems ;-)

Re: Palo Alto Networks ArkanoiD (Oct 09)
The idea itself is quite good for some cases (do not rely on port numbers, use
traffic signatures *instead*). Though it sounds much as "giving up application control" ;-)

The marketing bullshit is awful, though. There is a dozen whitepapers with amazingly little
useful technology details but too many buzzwords about "next generation".

Despite that, it seems to be quite decent product with (still DPI-driven) L7 inspection,...

Re: Palo Alto Networks Paul Hutchings (Oct 09)
Fair question. At present we have an application aware firewall,
technically it is a proxy but it doesn't cache/we have no need to
cache. Of course whilst it's smart enough to know whether what's
passing through it is valid/rfc compliant http/ftp/https and so on,
it has no idea if it's Skype, MSN Messenger, Webex and so on. That's
the key area that I'm interested in, combined with the integrated
spyware/malware/virus filtering.

As...

Re: Palo Alto Networks Francois Yang (Oct 09)
I've worked with them before and they're pretty good.
easy setup and maintenance, good integration with Active Directory,
good application detection engine.
Over all it's a good product, but you have to test it in your own
environment to see if it fits.
here are the draw backs that I can remember. all firewalls have some
kind of issues.
here are the issues I see and maybe they have been fixed by now. I
don't know it's been a while.
I remember it...

Palo Alto Networks Paul Hutchings (Oct 08)
Getting one of their boxes on eval for a couple of weeks. Quite a
broad and generic question I know, but does anyone have any experience
(s) they wish to share?

Cheers,
Paul

Re: asa 5505 vpn ipsec l2l problem craig . wilson (Oct 08)
If you have tunnel interfaces setup on each end can you ping those addresses? They should work even if your not
passing anything into the tunnel.

Sent from my BlackBerry® wireless device

-----Original Message-----
From: Eric Gearhart <eric () nixwizard net>
Date: Mon, 5 Oct 2009 21:45:33
To: Firewall Wizards Security Mailing List<firewall-wizards () listserv icsalabs com>
Subject: Re: [fw-wiz] asa 5505 vpn ipsec l2l problem

Re: asa 5505 vpn ipsec l2l problem Farrukh Haroon (Oct 08)
I don't know if you got my older email, here it is again:

Run these three debugs
debug crypto engine
debug crypto isakmp 127
debug crypto ipsec 127
and then see if you get any more meaningful debugs.

Its better to clear both Phase 1 and Phase 2 before you run the debugs (just
in case the SAs are already established).

Also try removing the crypto map from the interface and re-applying it!

Please also check the logging levels on your ASA 'show...

Re: asa 5505 vpn ipsec l2l problem Eric Gearhart (Oct 08)
I think this was previously mentioned by Paul Melson... try to use IP
addresses in your IPsec interesting traffic ACL... I agree with him, that
having specific ports in ACL1 is the problem, as far as I know

So ACL1 is now:
access-list ACL1 extended permit tcp host 192.168.11.11 host 10.1.100.13 eq
4000
access-list ACL1 extended permit tcp host 192.168.11.11 host 10.1.110.250 eq
4000
access-list ACL1 extended permit tcp host 192.168.11.11 eq ftp...

IDS Focus — Technical discussion about Intrusion Detection Systems. You can also read the archives of a previous IDS list

Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

winAUTOPWN 2.0 - Introducing winAUTOPWN GUI - Now you can sleep QUAKER DOOMER (Nov 03)
Dear all,

After a long break and a lot of Unpolished SITA releases of the previous version,
I am finally releasing winAUTOPWN version 2.0

winAUTOPWN or WINDOWS AUTOPWN version 2.0 now has a GUI (winAUTOPWN_GUI.exe) to initiate the main
console winAUTOPWN.exe
winAUTOPWN now supports all console arguments which can also be fed interactively.
This version covers almost all remote exploits from 2009 start uptill October 2009. Though a few are...

[AntiSnatchOr] Eclipse BIRT <= 2.2.1 Reflected XSS Michele Orru (Oct 16)
Eclipse BIRT <= 2.2.1 Reflected XSS

Vendor: Eclipse
Advisory: http://antisnatchor.com/2008/12/18/eclipse-birt-reflected-xss/
Author: Michele "euronymous" Orrù (euronymous AT antisnatchor DOT com)

Quite a common problem in a lot of Java based applications: reflected
XSS in Java stack trace.

A Reflected XSS is present in the _report parameter: here below the modified
request (that is the BIRT 2.2.1 version included in Konakart...

Snitz Forums 2000 Multiple Cross-Site Scripting Vulnerabilities Andrea Fabrizi (Oct 16)
**************************************************************
Application: Snitz Forums 2000
Version affected: 3.4.07
Website: http://forum.snitz.com/
Discovered By: Andrea Fabrizi
Email: andrea.fabrizi () gmail com
Web: http://www.andreafabrizi.it
Vuln: Multiple Cross-Site Scripting
**************************************************************

###### PERMANENT XSS
If [sound] tag is allowed:

[sound]...

[BONSAI] XSS in Achievo - Customized XSS payload included Bonsai - Information Security (Oct 16)
Bonsai Information Security - Advisory
http://www.bonsai-sec.com/research/

Multiple XSS in Achievo

1. *Advisory Information*

Title: Multiple XSS in Achievo
Advisory ID: BONSAI-2009-0101
Advisory URL: http://www.bonsai-sec.com/research/vulnerabilities/achievo-multiple-xss-0101.txt
Date published: 2009-10-13
Vendors contacted: Achievo
Release mode: Coordinated release

2. *Vulnerability Information*...

WASC Announcement: 2008 Web Application Security Statistics Published announcements (Oct 16)
The Web Application Security Consortium (WASC) is pleased to announce
the WASC Web Application Security Statistics Project 2008. This
initiative is a collaborative industry wide effort to pool together
sanitized website vulnerability data and to gain a better understanding
about the web application vulnerability landscape.

The statistics was compiled from web application security assessment
projects which were made by the following companies in...

[AntiSnatchOr] Pentaho Bi-server multiple vulnerabilities Michele Orru (Oct 16)
Pentaho 1.7.0.1062 Multiple Vulnerabilities

Name Multiple Vulnerabilities in Pentaho
Systems Affected Pentaho <= 1.7.0.1062
Severity High
Impact (CVSSv2) High 7/10, vector: (AV:N/AC:L/Au:S/C:P/I:C/A:P)
Vendor http://www.pentaho.com
Advisory http://antisnatchor.com/2009/06/20/pentaho-1701062-multiple-vulnerabilities/
Authors Michele "euronymous" Orrù (euronymous AT antisnatchor DOT com)

Date 20081224

I. BACKGROUND...

[BONSAI] SQL Injection in Achievo Bonsai - Information Security (Oct 16)
Bonsai Information Security - Advisory
http://www.bonsai-sec.com/research/

SQL Injection in Achievo

1. *Advisory Information*

Title: SQL Injection in Achievo
Advisory ID: BONSAI-2009-0102
Advisory URL: http://www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt
Date published: 2009-10-13
Vendors contacted: Achievo
Release mode: Coordinated release

2. *Vulnerability Information*...

WASC Announcement: Announcing the Web Application Security Scanner Evaluation Criteria v1 announcements (Oct 08)
The Web Application Security Consortium is pleased to announce the release
of version 1 of the Web Application Security Scanner Evaluation Criteria
(WASSEC). The goal of the WASSEC project is to create a vendor-neutral
document to help guide information security professionals during web
application scanner evaluations. The document provides a comprehensive list
of features that should be considered when conducting an evaluation. The
WASSEC...

FBController - (Facebook Control Utility) version 2.0 QUAKER DOOMER (Sep 15)
FBController - The Ultimate Utility to Control Facebook accounts without the
Password.

Let me clear this again like last time that this utility WON'T hack/crack Facebook accounts.
The utility will need biscuits/cookies instead of the password.

Get the target's cookie by sniffing, XSS, social engineering, ARP Poison-Sniffing,
scroogle search, anyhow !
Once you have the cookies you can use FBController and have Full control over the
target's...

Re: How to enable LDAP signing on client side Peter M. Jansson (Sep 15)
The goal of having the server sign LDAP results would be to give
confidence in the integrity if the answers. I don't understand what
the goal of having clients sign queries would be. If you use SSL, the
client-server exchange is kept confidential (subject to some
assumptions) and client-side certificates can be used by the server to
provide access control so rogue clients can't make requests.

How to enable LDAP signing on client side Jianrong Yu (Sep 15)
Hi All,

The link <http://support.microsoft.com/kb/935834> is the step the How to
enable LDAP signing in Windows Server 2008.

How to enable LDAP signing on client side?

Thanks,

Jianrong Yu
Systems Operation
Office of Information technology
Ohio University

nullcon Goa 2010 Call For Papers nullcon nullcon (Sep 13)
Calling all greyhats, whitehats, blackhats, rainbowhats, nohats,
underground, aboveground, in-the-sky, on-the-moon, Grannies,
Grandpas, martians, Doodhwalas, Kaamwalis, Bai, Bhai, Chuck norris Fans,
Mithun Da Fans, Himesh Reshamiya wannabees……..

Call For Paper is officially open for nullcon Goa 2010. It is time for
you to polish your paper, stick up an abstract and send it across.
A live demo/exploit/0day with the presentation might win you...

Running ratproxy from windows command prompt without installing cygwin dec123 (Sep 13)
Hi,
Can anybody tell me how to run ratproxy from windows comand prompt,without
installing cygwin.

Re: Web 2.0 support group Catherine Pagliaro (Sep 09)
The Payment Card Industry Security Standards and Payment Application Data
Security Standards attempt to get programmers to code securely. I
underline attempt. We as payment application developers must follow
owasp.org standards and common sense security best business practises for
developing any type of code, hardening servers and locking down network
systems,as well as assuring our physical environments are locked down to
maintain our PCI DSS...

RE: Securing password between webserver & appserver. Calderon, Juan Carlos (GE, Corporate, consultant) (Sep 09)
Don that is an interesting suggestion

Do you have more specific information, since I only know that SSL/IPSec
can be end-to-end in a per link basis, but the idea of a real End-to-End
encryption using SSL, that is the case of Chintan is interesting.

Any link or whitepaper on how to do this in Tomcat as you mention?

Regards,
Juan Carlos

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

MITM Attack on Smartphones whitepaper Mayank Aggarwal (Nov 05)
SMobile has released a detailed report on research indicating that smartphone users are just as susceptible to
man-in-the-middle (MITM) attacks as PC users. This report details the results of attempts to produce MITM attacks to
determine whether it is possible to intercept SSL encrypted communications between various smartphone devices and
servers. Of the devices that were tested, each of the major smartphone operating systems appeared to lack...

Re: PrevX and other projects Shane Macaulay (Oct 30)
The chart on their main page would be a lot more compelling if they had
conversely applied whatever method they used to collect that information.

""""These statistics are provided to show that all vendors miss threats
and cannot be interpreted to compare the effectiveness of one product to
another."""""

That seems to indicate they would show us their failure rate when
compared to these vendors? And...

PrevX and other projects dave (Oct 28)
So you can read one Immunity deliverable linked here:
http://www.prevx.com/ (look for "Independent Review").

Likewise, if you have wondered where all the Immunity Debugger scripts
ran off to, they were on the old Immunity Forum. We ripped the old forum
content out of the old database and imported into the new hotness, so
you can seem them all here:
https://forum.immunityinc.com/. I don't think Google spiders HTTPS sites
for some reason...

B. Aggressive. B. E. Aggressive. (or "One 0day is enough") dave (Oct 27)
When you go into security consulting engagements with a new business
unit you usually face a few questions from the developers and business
owners. "What is it exactly that you're going to tell us?"

We always answer this the same way: "Things that will surprise you."

Most developers have read a lot about security these days - they
understand SQL Injection, Cross Site Scripting, access control, not to
use their own...

Last mile || InfoSys 2010 [ICAS, ICNS, INTENSIVE, LMPCNA] March 7-13, 2010 - Cancun, Mexico Jaime Lloret Mauri (Oct 26)
Last mile || InfoSys 2010 [ICAS, ICNS, INTENSIVE, LMPCNA] March 7-13,
2010 - Cancun, Mexico

INVITATION

Note that we are entering the last few days of submission for the events
collocated in Cancun, Mexico

Please consider to contribute and encourage your team members and fellow
scientists to contribute to the following federated events.

The submission deadline has now been moved to November 1, 2009.

Publisher: CPS ( see:...

Re: Friday afternoon RAND fail. :> dave (Oct 26)
In related news, VulnDisco has Solaris 0day this month.
https://forum.immunityinc.com/board/thread/63/vulndisco/?page=1#post-63

One of the people who did peer review for that RAND paper emailed me.
I'll leave what he said private though. I'm sure the author (Martin C.
Libicki) has had enough people annoying him over it this morning. :>

-dave

Gunter Ollmann wrote:
...

Re: Friday afternoon RAND fail. :> Travis Carelock (Oct 23)
From Rand's new whitepaper on Cyberwarfare (pg. 73):

http://www.rand.org/pubs/monographs/2009/RAND_MG877.pdf

"""
The following hints may be indicative. Private hackers are more
likely to use techniques that have been circulating throughout the
hacker community. While it is not impossible that they have managed
to generate a novel exploit to take advantage of a hitherto unknown
vulnerability, they are unlikely to have...

Re: Friday afternoon RAND fail. :> Gunter Ollmann (Oct 23)
From Rand's new whitepaper on Cyberwarfare (pg. 73):

http://www.rand.org/pubs/monographs/2009/RAND_MG877.pdf

"""
The following hints may be indicative. Private hackers are more
likely to use techniques that have been circulating throughout the
hacker community. While it is not impossible that they have managed
to generate a novel exploit to take advantage of a hitherto unknown
vulnerability, they are unlikely to have more...

Friday afternoon RAND fail. :> dave (Oct 23)
From Rand's new whitepaper on Cyberwarfare (pg. 73):

http://www.rand.org/pubs/monographs/2009/RAND_MG877.pdf

"""
The following hints may be indicative. Private hackers are more
likely to use techniques that have been circulating throughout the
hacker community. While it is not impossible that they have managed
to generate a novel exploit to take advantage of a hitherto unknown
vulnerability, they are unlikely to have more...

Re: Exploits matter. security curmudgeon (Oct 22)
Based on discussion from this thread and internal chat:

http://blog.osvdb.org/2009/10/22/classification-exploit-status-overhaul#

Classification: Exploit Status Overhaul

Posted by jericho 31 minutes ago
OSVDB's classification system is designed to categorize certain attributes
of a vulnerability. This facilitates custom searches by a specific
attribute, helps researchers develop metrics and gives a better picture of
the vulnerability...

Re: Solvers! nnp (Oct 22)
The architecture and design of the basic algorithm behind most solvers
we use for input generation was first described in 1960 (the DPLL
algorithm) so I think we're safe from the patent mongers there ;-) As
for the logic-specific parts of the solvers, most are described in
academic papers spanning the last 40 years so I presume that
constitutes 'prior art'.

I don't know of anybody working on designing or implementing the
modern crop of SMT...

Solvers! dave (Oct 21)
I'm trying to get a django app built so I can demo some of our new tech,
but it's slow going. In the meantime today's extra credit reading and
viewing:

http://seanhn.wordpress.com/ (solver->exploits blog and paper)

http://media.blackhat.com/bh-usa-06/video/2006_BlackHat_Vegas-V7-Halvar_Flake-Need_New_Tools.mp4

That's probably Halvar's best talk - in it he chats about solving input
crafting issues with large equation solvers (from 2006 so...

SOURCE Boston 2010 Call for Papers Christien Rioux (Oct 19)
SOURCE Boston 2010 Call for Papers is Now Open!

SOURCE Boston 2010
April 21-23, 2010
Seaport Hotel
www.sourceconference.com

SOURCE is the first and only conference combining advanced technology
and security practices with the business of security. With thoughtful
attention to detail and emphasis on high quality and compelling
technical content, SOURCE is committed to delivering valuable
information in a high energy and fun environment.

SOURCE...

CanSecWest 2010 CALL FOR PAPERS (deadline Nov 30, conf. Mar22-26) and PacSec (Nov 4/5) Selections Dragos Ruiu (Oct 19)
We extend our apologies if you are inconvenienced by multiple copies of this messages.

We would like to announce the PacSec 2009 Paper Selections, and
the opening of the 2010 CanSecWest Call For Papers. Given
the proximity of the Winter Olympics in Vancouver one month
before the conference, we would advise all planning to attend
to make travel preparations well in advance for next year...

PacSec 2009 Presentations

Keynote Presentation...

[NPA] Call for Papers: International Journal of Network Protocols and Algorithms Jaime Lloret_Mauri (Oct 10)
********************* Call for Papers for Vol 1, Issue 2 *********************

Network Protocols and Algorithms

ISSN 1943-3581

http://www.macrothink.org/journal/index.php/npa/

Network Protocols and Algorithms is a free online international journal, peer-reviewed and published by Macrothink
Institute. It publishes papers focused on the design, development, manage, optimize or monitoring any type of network
protocol, communication system,...

Honeypots — Discussions about tracking attackers by setting up decoy honeypots or entire honeynet networks.

nullcon Goa 2010 Call For Papers nullcon nullcon (Sep 27)
Calling all greyhats, whitehats, blackhats, rainbowhats, nohats,
underground, aboveground, in-the-sky, on-the-moon, Grannies, Grandpas,
martians, Doodhwalas, Kaamwalis, Bais, Bhais, Chuck norris Fans,
Mithun Da Fans, Himesh Reshamiya wannabees……..

Call For Paper is officially open for nullcon Goa 2010. It is time for
you to polish your paper, stick up an abstract and send it across. A
live demo/exploit/0day with the presentation might win...

Sebek issues with windows XP/Vista dharm (Sep 24)
Hello ,
Did anybody tried running sebek on windows vista as a
honeypot ? i am trying to install sebek on windows XP /Vista
environment and getting DOB screen error. Any ideas would be
appreciated .
Thanks

Workshop on the Analysis of System Logs - Oct 14 - Call for Participation Greg Bronevetsky (Sep 01)
Workshop on the Analysis of System Logs (WASL) 2009
http://www.systemloganalysis.com
Call for Participation

===============================
October 14, 2009
Big Sky, MT
(at SOSP)
===============================

--------------------------------------------------------------------------

System...

Re: Send strace output through syslog-ng BB () umd (Aug 05)
Well I did not think about this, but it seems to be a great idea. Thanks a
lot.

However, I decided to open a new port and to send syslog data through it so
that it is really easy to administrate. It works great.

Thanks for your help,

Regards,

BB () umd wrote:

Re: Send strace output through syslog-ng Gergely Révay (Aug 05)
Hi,

First of all there is no filter for strace. My first idea for your
problem was to open a new port on the server just for strace, but it's
understandable if you don't want to do it. Also the idea of Chris
sounds good as well if you don't use the facility field generally. But
a third solution that I've found is the following:

You should create a separate log path for the strace output which
should read the logs from the file and replace the...

Re: Send strace output through syslog-ng Chris Brenton (Aug 04)
Hey man,

What about something like:
tail -f /var/log/strace.log | logger -p <facility> &

In the above command you need to specify an unused facility. Then on the
server simply tell syslog-ng which file it should use for storing log
entries with the above specified facility (this can be a new unique
file).

You are suppose to use one of the "local use" facilities for stuff like
this, but I run into conflicts far too often....

Send strace output through syslog-ng BB () umd (Aug 04)
Good afternoon.

I have a honeypot which syslog-ng running. I configured it so that it can
send all the log files to a remote web server. (So that mean I have already
configured syslog-ng on this web server too) No matter with that, it works
great.

Then, on my honeypot, I have a strace command attached to my ssh server. It
gathers strace outputs in a strace.log file. Here is this command :
strace -f -q -p `cat /var/run/sshd.pid` -o...

Running Honeyd on interface IP Evgeniy Arbatov (Jul 22)
Hello,

I have a question concerning the configuration of Honeyd IP address.

I want to make my honeypot visible by the IP address of host computer interface.
I have the following setup, within the same physical host:

1.1.1.1 (interface IP)-> 2.2.2.2 (honeyd IP)

So if I ssh to the honeyd, I want to ssh to 1.1.1.1.

I guess this is something that can be done with iptables, for example like this:

iptables -A FORWARD -s 1.1.1.1 -p tcp --dport...

Extended deadline: Monday, July 6th. Workshop on the Analysis of System Logs (WASL) 2009 Greg Bronevetsky (Jul 01)
Due to multiple requests, the paper submission deadline for the Workshop
on the
Analysis of System Logs has been moved to Monday, July 6th.

Workshop on the Analysis of System Logs (WASL) 2009
http://www.systemloganalysis.com Call for Papers

===============================
October 14, 2009
Big Sky, MT
(at SOSP)...

MS Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products -- note how most have a prominent and often-misleading "mitigating factors" section.

Microsoft Security Bulletin Advance Notification for November 2009 Microsoft (Nov 05)
********************************************************************
Microsoft Security Bulletin Advance Notification for November 2009
Issued: November 5, 2009
********************************************************************

This is an advance notification of security bulletins that
Microsoft is intending to release on November 10, 2009.

The full version of the Microsoft Security Bulletin Advance
Notification for November 2009 can be found...

Microsoft Security Bulletin Major Revisions Microsoft (Nov 03)
********************************************************************
Title: Microsoft Security Bulletin Major Revisions
Issued: November 2, 2009
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS09-054 - Critical

Bulletin Information:
=====================

* MS09-054 - Critical

-...

Microsoft Security Bulletin Major Revisions Microsoft (Oct 28)
********************************************************************
Title: Microsoft Security Bulletin Major Revisions
Issued: October 28, 2009
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS09-062 - Critical

Bulletin Information:
=====================

* MS09-062 - Critical

-...

Microsoft Security Bulletin Major Revisions Microsoft (Oct 27)
********************************************************************
Title: Microsoft Security Bulletin Major Revisions
Issued: October 27, 2009
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS09-043 - Critical

Bulletin Information:
=====================

* MS09-043 - Critical

-...

Microsoft Security Bulletin Summary for October 2009 Microsoft (Oct 13)
********************************************************************
Microsoft Security Bulletin Summary for October 2009
Issued: October 13, 2009
********************************************************************

This bulletin summary lists security bulletins released for
October 2009.

The full version of the Microsoft Security Bulletin Summary for
October 2009 can be found at
http://www.microsoft.com/technet/security/bulletin/ms09-oct.mspx....

Microsoft Security Bulletin Major Revision Microsoft (Sep 09)
********************************************************************
Title: Microsoft Security Bulletin Major Revision
Issued: September 9, 2009
********************************************************************

Summary
=======
The following bulletin has undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS09-048 - Critical

Bulletin Information:
=====================

* MS09-048 - Critical

-...

Microsoft Security Bulletin Summary for September 2009 Microsoft (Sep 08)
********************************************************************
Microsoft Security Bulletin Summary for September 2009
Issued: September 8, 2009
********************************************************************

This bulletin summary lists security bulletins released for
September 2009.

The full version of the Microsoft Security Bulletin Summary for
September 2009 can be found at...

Microsoft Security Bulletin Major Revisions Microsoft (Aug 25)
********************************************************************
Title: Microsoft Security Bulletin Major Revisions
Issued: August 25, 2009
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS09-044 - Critical
* MS09-029 - Critical

Bulletin Information:
=====================

*...

Microsoft Security Bulletin Major Revisions Microsoft (Aug 11)
********************************************************************
Title: Microsoft Security Bulletin Major Revisions
Issued: August 11, 2009
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS09-035 - Moderate
* MS09-029 - Critical

Bulletin Information:
=====================

*...

Microsoft Security Bulletin Summary for August 2009 Microsoft (Aug 11)
********************************************************************
Microsoft Security Bulletin Summary for August 2009
Issued: August 11, 2009
********************************************************************

This bulletin summary lists security bulletins released for
August 2009.

The full version of the Microsoft Security Bulletin Summary for
August 2009 can be found at
http://www.microsoft.com/technet/security/bulletin/ms09-aug.mspx....

Microsoft Security Bulletin Major Revisions Microsoft (Aug 06)
********************************************************************
Title: Microsoft Security Bulletin Major Revisions
Issued: August 4, 2009
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS09-034 - Critical

Bulletin Information:
=====================

* MS09-034 - Critical

-...

Microsoft Security Bulletin Summary for July 2009 Microsoft (Jul 28)
********************************************************************
Microsoft Security Bulletin Summary for July 2009
Issued: July 28, 2009
********************************************************************

This bulletin summary lists out-of-band security bulletins released
on July 28, 2009.

The full version of the Microsoft Security Bulletin Summary for
July 2009 can be found at...

Microsoft Security Bulletin Summary for July 2009 Microsoft (Jul 14)
********************************************************************
Microsoft Security Bulletin Summary for July 2009
Issued: July 14, 2009
********************************************************************

This bulletin summary lists security bulletins released for
July 2009.

The full version of the Microsoft Security Bulletin Summary for
July 2009 can be found at
http://www.microsoft.com/technet/security/bulletin/ms09-jul.mspx.

With the...

Microsoft Security Bulletin Major Revisions Microsoft (Jul 01)
********************************************************************
Title: Microsoft Security Bulletin Major Revisions
Issued: July 1, 2009
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS03-011
* MS02-069
* MS02-052
* MS02-013
* MS00-081
* MS00-075
* MS00-059
*...

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

Re: New! From the makers of the tin-foil hat! Predrag Ivanovic (Nov 08)
<snip>

Test from serbian lab proves that it blocks low-medium frequency EMR (5kHz-100Mhz).
Thats it.Isn't that what Farradey cage is supposed to do?I like the 'made from proprietary materials' line, it
suggests some top-secret-patent-pending technology...

<rant>
AFAIK, harmfull effects of electromagnetic radiation people encounter
in everyday life was never proven , but when someone points that out, conspiracy theory
(favourite...

Re: New! From the makers of the tin-foil hat! Drsolly (Nov 08)
Actually, it's even better than the vendors thought.

Just knowing that one exists several thousand miles away, has already
given me the beneficial effect - I don't even need to buy it!

Or maybe they did already know that, and don'e want to reveal this fact.

Re: New! From the makers of the tin-foil hat! Rob, grandpa of Ryan, Trevor, Devon & Hannah (Nov 07)
Date sent: Sun, 08 Nov 2009 12:16:52 +0900
From: Peter Evans <peter () ixp jp>

Nonsense! Denatured alcohol is non-harmonized with the universe! You need all-
natural organic alcohol!

(For the chemists in the crowd, name the only non-organic alcohol ...)

====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org...

Re: New! From the makers of the tin-foil hat! Rob, grandpa of Ryan, Trevor, Devon & Hannah (Nov 07)
Date sent: Sat, 07 Nov 2009 18:09:27 -0800 (PST)
From: chris () blask org

Pens give off EMR? I never knew that ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
We are generally the better persuaded by the reasons we discover
ourselves than by those given to us by others. - Blaise Pascal...

Re: New! From the makers of the tin-foil hat! chris (Nov 07)
--- On Sat, 11/7/09, Rob, grandpa of Ryan, Trevor, Devon & Hannah <rmslade () shaw ca> wrote:

Most importantly:

"The Bioprotector allows an undisturbed flow of bioenergy (life energy, vitality) through the whole body, having a
positive and harmonising effect on health with no harmful side effects."

"Bioenergy". "Life energy", aka "vitality"...

Man, I can feel my bioenergy piling up just...

New! From the makers of the tin-foil hat! Rob, grandpa of Ryan, Trevor, Devon & Hannah (Nov 07)
OK, I've seen these things online. But yesterday I got one in my postal junk mail.

This one is called "Bioprotector." (With the little "R" in the circle.) It reduces
radiation from cell phones and other wireless devices. It protects you from
electromagnetic radiation (like sunlight). (Aka EMR.)

It "protects your children." It's "scientifically proven."

It comes in three sizes: laptop (aka...

Re: ICANN Approves Non-Latin Domain Name Characters Predrag Ivanovic (Nov 07)
Until naming dispute with Greece is resolved , 'Поранешна Југословенска Република Македонија'
is used as provisional reference by the UN and several other countries.
Using 'Makedonija' or 'Македонија' would be fine, though, from the technical standpoint.
Politically, OTOH, it would be controversial, which is precisely why they would do it (extreme stubborness is one of
the traits
that pretty...

Re: Is it phish, or is it Amex? Rich Kulawiec (Nov 05)
Part of it's cluelessness -- they simply aren't intelligent enough to
grasp even such simple things -- and part of it's obstructionism,
designed to make it as difficult as possible for you to tell them
anything they don't want to hear.

Please see Bob Frankston's note to Dave Farber's IP list, which came
through just now, entitled "Identity give-away", in which he covers
some of the same ground.

---Rsk

Facebook and MySpace security: backdoor wide open, millions of accounts exploitable Juha-Matti Laurio (Nov 05)
"As a application developer on Facebook, I usually run into certain walls that limit my application functionality.
But I don't give up easily, and only recently I found a solution to one of my function limitations.
Suprisingly, when looked into more carefully my solution allowed full access and control to the Facebook user account
that accessed my application.
Did I mention this would also be untraceable since exploit actions would happen...

SANS [was: Re: RIP str0ke] Rich Kulawiec (Nov 05)
I've been trying to get off SANS' [snail-mail] mailing list for six
months, and despite their repeated assurances that they would make
it so, I'm STILL getting recycling material from them.

I wonder if they use computers.

---Rsk

Re: Is it phish, or is it Amex? Aryeh Goretsky (home) (Nov 05)
Hello,

Best of luck reporting the issue.

http://catless.ncl.ac.uk/Risks/22.85.html#subj13

Regards,

Aryeh Goretsky

At 09:37 AM 11/4/2009, you wrote:

Re: Is it phish, or is it Amex? Rob, grandpa of Ryan, Trevor, Devon & Hannah (Nov 04)
Date sent: Wed, 04 Nov 2009 16:32:34 -0500
From: Rich Kulawiec <rsk () gsp org>

Ah, yes. I did try to send them my rant. The "From" address bounced.

Fortunately, they had also populated the "Reply to" field, with a different address.

It also bounced.

What level of cluelessness would inspire such behaviour?

That too. The two aforementioned addresses came from different domains:...

Re: Bill requiring ISPs to block fraudulent sites Alex Lanstein (Nov 04)
Forwarded from a friend.

http://news.cnet.com/8301-13578_3-10390779-38.html

[snip]

For the last decade or so, Internet service providers have been dealing
with requests to block access to pornographic or copyright-infringing Web
sites, or in China, ones that dare to criticize the government.

Now a U.S. House of Representatives bill is taking the unusual step of
requiring Internet providers to block access to online financial scams that...

Bill requiring ISPs to block fraudulent sites Paul Ferguson (Nov 04)
Forwarded from a friend.

http://news.cnet.com/8301-13578_3-10390779-38.html

[snip]

For the last decade or so, Internet service providers have been dealing
with requests to block access to pornographic or copyright-infringing Web
sites, or in China, ones that dare to criticize the government.

Now a U.S. House of Representatives bill is taking the unusual step of
requiring Internet providers to block access to online financial scams that...

Re: str0ke is alive Peter Kosinar (Nov 04)
Now, there are two questions:
1) Where are we going to get one?
2) If the outcome of the observation is "dead", is (s)he going to be
declared a murderer?

Peter

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, bulletins, tips, and current activity lists.

Current Activity - SSL and TLS Vulnerable to Man-in-the-middle Attacks Current Activity (Nov 06)
US-CERT Current Activity

SSL and TLS Vulnerable to Man-in-the-middle Attacks

Original release date: November 6, 2009 at 7:01 pm
Last revised: November 6, 2009 at 7:01 pm

US-CERT is aware of reports of publicly available exploit code for a
vulnerability within the SSL and TLS protocols. Reports indicate that
exploitation of this vulnerability may allow an attacker to conduct a
man-in-the-middle attack, allowing an attacker to inject plaintext...

Current Activity - Microsoft Releases Advance Notification for November Security Bulletin Current Activity (Nov 05)
US-CERT Current Activity

Microsoft Releases Advance Notification for November Security Bulletin

Original release date: November 5, 2009 at 4:17 pm
Last revised: November 5, 2009 at 4:17 pm

Microsoft has issued a Security Bulletin Advance Notification
indicating that its November release cycle will contain six bulletins,
three of which will have a severity rating of Critical. The
notification states that these Critical bulletins are for...

Current Activity - BlackBerry Desktop Manager Vulnerability Current Activity (Nov 05)
US-CERT Current Activity

BlackBerry Desktop Manager Vulnerability

Original release date: November 5, 2009 at 8:45 am
Last revised: November 5, 2009 at 8:45 am

Research in Motion has released Security Advisory KB19701 to address a
vulnerability in BlackBerry Desktop Manager. This vulnerability may
allow an attacker to execute arbitrary code.

US-CERT encourages users to review BlackBerry Security Advisory
KB19701 and apply any necessary...

Cyber Security Tip ST04-015 -- Understanding Denial-of-Service Attacks US-CERT Security Tips (Nov 04)
Cyber Security Tip ST04-015
Understanding Denial-of-Service Attacks

You may have heard of denial-of-service attacks launched against websites,
but you can also be a victim of these attacks. Denial-of-service attacks can
be difficult to distinguish from common network activity, but there are some
indications that an attack is in progress.

What is a denial-of-service (DoS) attack?

In a...

Current Activity - Adobe Releases Update for Shockwave Player Current Activity (Nov 04)
US-CERT Current Activity

Adobe Releases Update for Shockwave Player

Original release date: November 4, 2009 at 9:04 am
Last revised: November 4, 2009 at 9:04 am

Adobe has released Shockwave Player 11.5.2.602 to address multiple
vulnerabilities. Exploitation of these vulnerabilities may allow an
attacker to run malicious code on the user's machine.

US-CERT encourages users and administrators to review Adobe security
bulletin APSB09-16 and...

Current Activity - Sun Releases Update 17 for Java SE 6 Current Activity (Nov 04)
US-CERT Current Activity

Sun Releases Update 17 for Java SE 6

Original release date: November 4, 2009 at 9:04 am
Last revised: November 4, 2009 at 9:04 am

Sun has released update 17 for Java SE JDK 6 and Java SE JRE 6 to
address multiple vulnerabilities. The impacts of these vulnerabilities
include arbitrary code execution, privilege escalation, denial of
service, and information disclosure.

US-CERT encourages users and administrators to...

SB09-306 -- Vulnerability Summary for the Week of October 26, 2009 US-CERT Security Bulletins (Nov 02)
Vulnerability Summary for the Week of October 26, 2009

This bulletin provides a summary of new vulnerabilities that have been
recorded by the National Institute of Standards and Technology (NIST)
National Vulnerability Database (NVD) the week of October 26, 2009. It is
available here:

http://www.us-cert.gov/cas/bulletins/SB09-306.html

For instructions on subscribing to or unsubscribing from this
mailing list, visit <...

Current Activity - Mozilla Releases Firefox 3.0.15 and Firefox 3.5.4 Current Activity (Oct 28)
US-CERT Current Activity

Mozilla Releases Firefox 3.0.15 and Firefox 3.5.4

Original release date: October 28, 2009 at 9:13 am
Last revised: October 28, 2009 at 9:13 am

Mozilla has released Firefox 3.0.15 and Firefox 3.5.4 to address
multiple vulnerabilities. Exploitation of these vulnerabilities may
allow an attacker to execute arbitrary code, execute arbitrary
JavaScript with chrome privileges, or cause a denial-of-service
condition. As...

Current Activity - Federal Deposit Insurance Corporation Warns Public of Fraudulent Email Current Activity (Oct 27)
US-CERT Current Activity

Federal Deposit Insurance Corporation Warns Public of Fraudulent Email

Original release date: October 27, 2009 at 11:59 am
Last revised: October 27, 2009 at 11:59 am

The Federal Deposit Insurance Corporation (FDIC) has released
information warning the public about fraudulent email messages
purporting to come from the FDIC. These email messages provides a link
to a fraudulent FDIC website. Users are then instructed to...

Current Activity - BlackBerry PhoneSnoop Application Used to Spy on Users Current Activity (Oct 27)
US-CERT Current Activity

BlackBerry PhoneSnoop Application Used to Spy on Users

Original release date: October 27, 2009 at 11:59 am
Last revised: October 27, 2009 at 11:59 am

US-CERT is aware of public reports of a new software application
called PhoneSnoop. This software allows an attacker to call a user's
BlackBerry and listen to personal conversations. In order to install
and setup the PhoneSnoop application, attackers must have physical...

SB09-299 -- Vulnerability Summary for the Week of October 19, 2009 US-CERT Security Bulletins (Oct 26)
Vulnerability Summary for the Week of October 19, 2009

This bulletin provides a summary of new vulnerabilities that have been
recorded by the National Institute of Standards and Technology (NIST)
National Vulnerability Database (NVD) the week of October 19, 2009. It is
available here:

http://www.us-cert.gov/cas/bulletins/SB09-299.html

For instructions on subscribing to or unsubscribing from this
mailing list, visit <...

Cyber Security Tip ST04-014 -- Avoiding Social Engineering and Phishing Attacks US-CERT Security Tips (Oct 22)
Cyber Security Tip ST04-014
Avoiding Social Engineering and Phishing Attacks

Do not give sensitive information to anyone unless you are sure that they
are indeed who they claim to be and that they should have access to the
information.

What is a social engineering attack?

In a social engineering attack, an attacker uses human interaction (social
skills) to obtain or compromise information...

TA09-294A -- Oracle Updates for Multiple Vulnerabilities US-CERT Technical Alerts (Oct 21)
National Cyber Alert System

Technical Cyber Security Alert TA09-294A

Oracle Updates for Multiple Vulnerabilities

Original release date:
Last revised: --
Source: US-CERT

Systems Affected

* Oracle Database 11g, version 11.1.0.7
* Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4
* Oracle Database 10g, version 10.1.0.5
* Oracle Database 9i Release 2, versions 9.2.0.8,...

Current Activity - Oracle Releases Critical Patch Update for October 2009 Current Activity (Oct 20)
US-CERT Current Activity

Oracle Releases Critical Patch Update for October 2009

Original release date: October 20, 2009 at 4:04 pm
Last revised: October 20, 2009 at 4:04 pm

Oracle has released its Critical Patch Update for October 2009 to
address 38 vulnerabilities across several products. This update
contains the following security fixes:
* 16 for the Oracle Database
* 3 for the Oracle Application Server
* 8 for the Oracle E-Business...

SB09-292 -- Vulnerability Summary for the Week of October 12, 2009 US-CERT Security Bulletins (Oct 19)
Vulnerability Summary for the Week of October 12, 2009

This bulletin provides a summary of new vulnerabilities that have been
recorded by the National Institute of Standards and Technology (NIST)
National Vulnerability Database (NVD) the week of October 12, 2009. It is
available here:

http://www.us-cert.gov/cas/bulletins/SB09-292.html

For instructions on subscribing to or unsubscribing from this
mailing list, visit <...

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

Re: [TLS] [oss-security] CVE-2009-3555 for TLS renegotiation MITM attacks Peter Gutmann (Nov 08)
Marsh Ray <marsh () extendedsubset com> writes:

It's not actually safe to reconsider this because many servers (including some
at very large sites) always request client auth, often without the site admins
being aware of this or knowing how to disable it. I became aware of this when
I changed my code to add a roadblock until the user explicitly responded to a
client cert request, leading to many complaints about sites that formerly...

Re: [TLS] [oss-security] CVE-2009-3555 for TLS renegotiation MITM attacks Marsh Ray (Nov 07)
Eygene Ryabinkin wrote:

Yes. I regret that we didn't get a chance to update the paper before
making it generally available, so it is a bit understated:

"Other techniques allow the attacker to forward or re-purpose client
certificate authentication credentials."

It's even worse than that. In practice, clients will sign with their
client cert without user intervention.

"For one thing, browsers' behavior of allowing automatic...

Re: CVE Request - Asterisk (AST-2009-008.html) Alex Legler (Nov 07)
This is correct. Asterisk ships a copy of prototype.js.

From the Asterisk advisory:

Alex

Re: CVE Request - Asterisk (AST-2009-008.html) Moritz Muehlenhoff (Nov 07)
Jan Lieskovsky wrote:

This seems to be a mistake; CVE-2008-7220 already identifies a prototypejs
issue.

Cheers,
Moritz

Re: CVE-2009-3555 for TLS renegotiation MITM attacks Eygene Ryabinkin (Nov 06)
Sorry for jumping in, but I had missed the topic in the other lists,
so I am trying to ask here. Also CC'ing tls () ietf org -- sorry for
such cross-posting.

Thu, Nov 05, 2009 at 03:24:30PM +0000, Mark J Cox wrote:

Had anyone considered the scenario when the server requires client
certificate from the beginning, but MITM possesses some other
credentials that will be good for authentication (but can be of no use
for authorization)? In this...

Re: CVE request for oCERT advisory 2009-013 (yTNEF/Evolution TNEF) Josh Bressers (Nov 06)
----- "Steven M. Christey" <coley () linus mitre org> wrote:

Let's use CVE-2009-3887 for the traversal then.

Thanks.

Re: CVE request for oCERT advisory 2009-013 (yTNEF/Evolution TNEF) Steven M. Christey (Nov 06)
This advisory covers both buffer overflows and path traversal in the same
data field. While these may stem from "input validation" (as many issues
do), we would typically assign two separate CVE names, since the fix for a
buffer overflow would not necessarily fix the path traversal (or vice
versa).

Unless there's some deeper reason for using a single CVE, I think we
should assign separate CVEs here. If you agree Mark, we can use...

Re: CVE Request - Asterisk (AST-2009-008.html) Josh Bressers (Nov 05)
CVE-2009-3727 Asterisk AST-2009-008

Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, and
1.6.0.x before 1.6.0.17; Asterisk Business Edition A.x.x, B.x.x before
B.2.5.12, C.1.x.x before C.2.x.x before C.2.4.5 and C.3.2.2; s800i 1.3.x
before 1.3.0.5; Generates different responses when a specially crafted
REGISTER message is sent twice depending on whether a SIP username is
valid. This allows remote attackers...

Re: CVE-2009-3555 for TLS renegotiation MITM attacks Florian Weimer (Nov 05)
* Mark J. Cox:

Shouldn't this be credited to Martin Rex from SAP? He's the first one
who publicly comitted to this vulnerability. (And I'm slightly
surprised by the rapid me-too-ing that's going on here.)

Anyway, is the CVE just for HTTP over TLS, or more?

Re: CVE request: kernel: NULL pointer dereference in nfs4_proc_lock() Josh Bressers (Nov 05)
Please use CVE-2009-3726

Thanks.

CVE-2009-3555 for TLS renegotiation MITM attacks Mark J Cox (Nov 05)
http://extendedsubset.com/?p=8
http://www.ietf.org/mail-archive/web/tls/current/msg03948.html and so on
https://bugzilla.redhat.com/show_bug.cgi?id=533125

Marsh Ray of PhoneFactor has discovered a flaw in the TLS/SSL protocol
related to the handling of the session renegotiations. In certain
circumstances this flaw could be used in MITM attacks, allowing an
attacker to inject attacker-chosen plain text prefix into a secure session
of the...

CVE Request - Asterisk (AST-2009-008.html) Jan Lieskovsky (Nov 05)
Hello Steve, vendors,

Asterisk upstream has recently published two security advisories:

a, SIP responses expose valid usernames
http://downloads.asterisk.org/pub/security/AST-2009-008.html

This is similar issue to AST-2009-003.html (CVE-2008-3903)
http://downloads.asterisk.org/pub/security/AST-2009-003.html

But according to the patches:

http://downloads.digium.com/pub/asa/AST-2009-003-1.6.1.diff.txt (AST-2009-003) vs...

CVE request: kernel: NULL pointer dereference in nfs4_proc_lock() Eugene Teo (Nov 04)
Quote from upstream commit:
"We just had a case in which a buggy server occasionally returns the
wrong attributes during an OPEN call. While the client does catch this
sort of condition in nfs4_open_done(), and causes the nfs4_atomic_open()
to return -EISDIR, the logic in nfs_atomic_lookup() is broken, since it
causes a fallback to an ordinary lookup instead of just returning the error.

When the buggy server then returns a regular file...

Re: CVE request - asterisk, python-markdown, jetty, kde Tim Brown (Nov 04)
Our advisories are now up at http://www.portcullis-security.com/advisories:

* Portcullis Security Advisory 09-008 Insufficient Input Validation By IO
Slaves
* Portcullis Security Advisory 09-004 KMail Attachment Mime Type Spoofing
Enables Javascript Injection
* Portcullis Security Advisory 09-003 Form Spoofing In Konqueror Enables
KWallet Stored Credential Theft
* Portcullis Security Advisory 09-002 Ark Default View Allows JavaScript...

CVE-2009-3547 kernel: fs: pipe.c null pointer dereference Eugene Teo (Nov 03)
* a NULL pointer dereference flaw was found in each of the following
functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and
pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer
could be released by other processes before it is used to update the
pipe's reader and writer counters. This could lead to a local denial of
service or privilege escalation.

http://lkml.org/lkml/2009/10/14/184...

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

Re: Failover how much complexity will it add? Joe Maimon (Nov 08)
adel () baklawasecrets com wrote:

I wouldnt jump to any conclusions that everything will work properly if
you are terminating multiple connections directly on the SSG, what with
egress likely being different than the ingress, even if you are using
the same IP range (BGP) on all the links.

You could really be asking for trouble if you are planning on using a
different ISP provided IP range on each connection for each purpose.

Front it all...

RE: Failover how much complexity will it add? Blake Pfankuch (Nov 08)
Yes yes yes yes a thousand times yes. Depending on the criticality of internet connectivity you should also aim to
have your redundant
connections coming from a complete separate direction. Example, fiber from Level 3 come from the north in a dedicated
conduit and
fiber from Verizon coming in a dedicated conduit from the south of the building. Why? Put simply we had construction
ignore the
painted lines and dig up our conduit a few years...

Failover how much complexity will it add? adel (Nov 08)
HI,

I was recently brought onto a project where some failover is desired, but I think that the number of connections
provisioned is excessive. Also hoping to get some guidance with regards to how well I can get the failover to actually
work. So currently 4 X 100Mb/s Internet connections have been provisioned. One is to be used for general Internet,
out of the organisation, it also terminates VPNs from remote sites belonging to the...

Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN noc acrino (Nov 08)
2009/11/6 Jeffrey Lyon <jeffrey.lyon () blacklotus net>

By the way, Jeffrey, we can provide reports on HTTP-flood because our system
builds it's signatures on http traffic dumps like

=== IP: 88.246.76.65, last receiving time: 2009-10-25T23:07:37+03:00, many
identical requests (length 198):
GET / HTTP/1.1
Accept: */*
Accept-language: en-us
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1)
Gecko/20061204 Firefox/2.0.0.1...

Re: Pros and Cons of Cloud Computing in dealing with DDoS Dobbins, Roland (Nov 07)
All DDoS is 'EDoS' - it's a distinction without a difference, IMHO.

DDoS costs opex, can cost direct revenue, can induce capex spends -
it's all about economics at bottom, always has been, or nobody would
care in the first place. And look at click-fraud attacks in which the
miscreants either a) are committing fraud by causing botnets to make
fake clicks so that they can be paid for same or b) wish to exhaust a
rival's advertising...

Re: Speed Testing and Throughput testing Kevin Oberman (Nov 07)
I'll also suggest http://fasterdata.es.net as a resource for network
tuning. Tuning TCP is hard. UDP is simple, but some things can even
impact UDP.

Many less than obvious things can have a huge impact on high-speed data
transfer. The choice of congestion algorithms can be very
significant. As anyone who has used bittorrent should have noticed,
having multiple TCP streams works better than a single stream.

An oddity we have noted is that some...

Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN noc acrino (Nov 07)
Hello, Jeffery and other NANOC members.

Sorry for making another thread - I'm not too experienced in mailgroups.

The problem is in structure of new generation advert or banner networks -
they allow to return other subject traffic to the partner's URL. And this
could also be used to redirect the traffic to different exploits (a simple
way to compromise a banner network or hosting provider). This is extremely
hard to monitor or to take...

RE: {SPAM?} Re: IPv6 Deployment for the LAN TJ (Nov 07)
Device driver? Nah.
Just use a tool (like Scapy) to just arbitrarily, easily custom-craft any
packet he|she wants ... Yes, it is that easy.

Thanks!
/TJ

-----Original Message-----
From: Richard Bennett [mailto:richard () bennett com]
Sent: Saturday, November 07, 2009 15:37
To: Owen DeLong
Cc: Bernhard Schmidt; nanog () nanog org
Subject: Re: {SPAM?} Re: IPv6 Deployment for the LAN

It's not all that easy unless the dude has hacked the device...

Re: Congress may require ISPs to block fraud sites H.R.3817 Sean Donelan (Nov 07)
Some phrases people might search in various combindations on Google

SIPC
Stratton Oakmont
Prodigy
47 USC 230
House of Representatives Conference Report
GAO Report: Securities Investor Protection: Steps needed to better
disclose SIPC policies to investors

Re: {SPAM?} Re: IPv6 Deployment for the LAN Richard Bennett (Nov 07)
It's not all that easy unless the dude has hacked the device driver.

Owen DeLong wrote:

RE: need your suggestion about switch Stefan Fouant (Nov 07)
Come on... I don't know if I'd use "Miercom" and "independent" in the same
sentence? More like guns for hire. I've rarely seen a test report they
came out with that wasn't commissioned by a particular vendor with the
testing done in such a way as to slant the results in their favor.

Stefan Fouant
GPG Key ID: 0xB5E3803D

RE: Pros and Cons of Cloud Computing in dealing with DDoS Stefan Fouant (Nov 07)
I am in complete agreement with you here. And I don't think the things I've
said are generally inconsistent with the views held by others. The original
point I was trying to make before the discussion got so eloquently hijacked
towards a discussion on flooding and its impact on availability is that with
regards to cloud computing, if the discussion hasn't shifted from that of
DDoS to EDoS, it should. Just take one look at Amazon's usage-based...

RE: Pros and Cons of Cloud Computing in dealing with DDoS Stefan Fouant (Nov 07)
Been there, done that. I used to work for Ultra. 'Nuff said ;)

Stefan Fouant
GPG Key ID: 0xB5E3803D

Re: Human Factors and Accident reduction/mitigation JC Dill (Nov 07)
Owen DeLong wrote:

There are commercial pilots who fly for a living, and there are those
who have the certification but who don't fly for a living. Do you
regularly fly for a commercial airline where your schedule is determined
by the airline's needs, part 135 or part 121 rules, union rules, etc.
with no ability to modify your work schedule to allow for adequate rest?

There is no other effective option. Almost all the commuter airline...

Re: need your suggestion about switch Brian Feeny (Nov 07)
What I am gathering is that you are looking to by a off brand switch?

If this is the case, then I would argue reliability and speed aren't
important to you, but rather price, so go for what you can afford I
guess.

If you lack the knowledge to purchase a switch or test it properly, I
would hire a professional services company that can do this for you
and stand by their product/decisions.
Of course, that would be expensive, and sort of...

Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

Risks Digest 25.83 RISKS List Owner (Nov 06)
RISKS-LIST: Risks-Forum Digest Friday 6 November 2009 Volume 25 : Issue 83

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.83.html>
The current issue can be...

Risks Digest 25.82 RISKS List Owner (Oct 20)
RISKS-LIST: Risks-Forum Digest Tuesday 20 October 2009 Volume 25 : Issue 82

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.82.html>
The current issue can be...

Risks Digest 25.81 RISKS List Owner (Oct 12)
RISKS-LIST: Risks-Forum Digest Monday 12 October 2009 Volume 25 : Issue 81

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.81.html>
The current issue can be...

Risks Digest 25.80 RISKS List Owner (Oct 09)
RISKS-LIST: Risks-Forum Digest Friday 9 October 2009 Volume 25 : Issue 80

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.80.html>
The current issue can be...

Risks Digest 25.79 RISKS List Owner (Sep 25)
RISKS-LIST: Risks-Forum Digest Friday 25 September 2009 Volume 25 : Issue 79

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.79.html>
The current issue can...

Risks Digest 25.78 RISKS List Owner (Sep 14)
RISKS-LIST: Risks-Forum Digest Monday 14 September 2009 Volume 25 : Issue 78

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.78.html>
The current issue can...

Risks Digest 25.77 RISKS List Owner (Sep 01)
RISKS-LIST: Risks-Forum Digest Tuesday 1 September 2009 Volume 25 : Issue 77

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.77.html>
The current issue can...

Risks Digest 25.76 RISKS List Owner (Aug 15)
RISKS-LIST: Risks-Forum Digest Saturday 15 August 2009 Volume 25 : Issue 76

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.76.html>
The current issue can be...

Risks Digest 25.75 RISKS List Owner (Aug 06)
RISKS-LIST: Risks-Forum Digest Thursday 6 August 2009 Volume 25 : Issue 75

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.75.html>
The current issue can be...

Risks Digest 25.74 RISKS List Owner (Jul 22)
RISKS-LIST: Risks-Forum Digest Wednesday 22 July 2009 Volume 25 : Issue 74

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.74.html>
The current issue can be...

Risks Digest 25.73 RISKS List Owner (Jul 16)
RISKS-LIST: Risks-Forum Digest Thursday 16 July 2009 Volume 25 : Issue 73

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.73.html>
The current issue can be...

Risks Digest 25.72 RISKS List Owner (Jul 06)
RISKS-LIST: Risks-Forum Digest Monday 6 July 2009 Volume 25 : Issue 72

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.72.html>
The current issue can be...

Data Loss — Data Loss covers large-scale personal data loss and theft incidents. This archive combines the main list (news releases) and the discussion list.

(fringe) NY: Was Your Identity in the Confetti? lyger (Nov 07)
http://www.wpix.com/news/local/wpix-confidential-confettii,0,5603178.story

What would the Yankees' 27th World Series win have been without a ticker
tape parade? Well, for some people it would have meant not losing pay
stubs, medical records, medical bills, and even the paperwork for an
invention patent that were all exuberantly tossed as confetti down to the
parade route below.

As thousands of revelers made their way up Broadway, careless...

HI: Chaminade posted Social Security numbers of thousands of students online lyger (Nov 07)
http://www.starbulletin.com/news/breaking/69438757.html

Chaminade University inadvertently posted confidential information,
including Social Security numbers, of thousands of students, on its Web
site for months, school officials said today.

The posting of a report with the information was discovered Wednesday and
the report was taken off the Web site and links disabled.

An investigation determined the report was placed on obscure --...

MassMutual warns of data breach Michael Ram (Nov 07)
Jaclyn Cashman reports:

“MassMutual can confirm that, despite comprehensive procedures and diligent
practices to protect confidential and private data concerning employees at
MassMutual and several of its subsidiaries, a limited amount of personal
employee information maintained in a database by an outside vendor (engaged
by the company) may have been subject to unauthorized access. However, the
vendor engaged a highly respected forensics team...

Senate Panel Approves Data-breach Notification Bills Jake Kouns (Nov 05)
http://www.pcworld.com/article/181549/senate_panel_approves_databreach_notification_bills.html

Senate Panel Approves Data-breach Notification Bills

The U.S. Senate Judiciary Committee has approved two bills that would
require organizations with data breaches to report them to potential
victims.

The Judiciary Committee on Thursday voted to approve both the Personal
Data Privacy and Security Act and the Data Breach Notification Act by
large...

EU: Telcos' data breach notification amendment is passed security curmudgeon (Nov 05)
http://www.out-law.com/page-10497

Telcos' data breach notification amendment is passed

OUT-LAW News, 03/11/2009

The European Council has approved a data breach notification rule for
Europe's telecoms firms. The amendment to an EU Directive will force
telcos to tell customers if they lose their data.

The European Parliament and Commission have already approved the
amendments, which will become law after it has been published in the EU's...

NH: Insurer Says SS Numbers May Be On Stolen Laptop kirniki (Nov 04)
http://www.wmur.com/news/21520726/detail.html

Anthem Blue Cross and Blue Shield is warning 10,000 New Hampshire
physicians, dentists and other providers that their Social Security
numbers may have been stolen.

The insurance company said the providers' numbers may be in a file
that a national-level employee transferred to a personal laptop
computer that was later stolen.

The Blue Cross Blue Shield Association said the employee's actions...

(fringe) FTC delays identity protection rules till June 2010 lyger (Nov 02)
http://www.networkworld.com/news/2009/110209-layer8-ftc-red-flags.html

Well, maybe the fourth time will be the charm. This time the Federal Trade
Commission said it delayed the enforcement of its Red Flags identity
protection rules until June 1, 2010 at the request of Congressional
members.

At the request of Members of Congress, the Federal Trade Commission is
delaying enforcement of the "Red Flags" Rule until June 1, 2010, for...

232000 Military SSN exposed Henry Brown (Nov 02)
http://www.stripes.com/article.asp?section=104&article=65799

...

The military is playing catch-up on a year-old complaint that hundreds
of thousands of officers’ Social Security numbers have been floating
around on the Internet.

In an October 2008 letter to the Defense Department and the Federal
Trade Commission, Public.Resource.org detailed its discovery of roughly
232,000 military officers’ Social Security numbers in government...

Re: Data breach alerts linked to increased risk of ID theft Colin Keigher (Nov 01)
Doesn't this fall under the realm of "no duh"?

- Colin

lyger wrote:

Data breach alerts linked to increased risk of ID theft lyger (Nov 01)
http://www.scmagazineus.com/Data-breach-alerts-linked-to-increased-risk-of-ID-theft/article/156376/

Consumers who have received a data breach notification letter are four
times more likely than others to be the victim of identity theft,
according to a survey released this week by Javelin Strategy and Research.

Approximately 11 percent of U.S. consumers have received a data breach
notification letter in the past 12 months with a third of the...

Manhattan DA: Computer Technician Charged In Identity Theft security curmudgeon (Oct 30)
---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://online.wsj.com/article/BT-CO-20091028-715647.html

By Chad Bray
DOW JONES NEWSWIRES
OCTOBER 28, 2009

NEW YORK (Dow Jones) -- A computer technician has been charged with
allegedly stealing the identities of more than 150 Bank of New York Mellon
Corp. (BK) employees and using their identities to steal more than $1.1
million from charities,...

ATM Skimming in Nashville TN Henry Brown (Oct 29)
From Tennessean.com http://tinyurl.com/yf3zt2x

Metro Police believe Nashville bank ATMs have been targeted by an
organized skimming operation.

So far, 39 people have reported that their ATM cards have been
compromised, but investigators said Wednesday that they believe there
may be hundreds of victims across the city and most of them may not even
realize their information has been stolen.

...

In Nashville, the suspects were able to steal...

Re: [Dataloss] Has "Data Loss" Jumped The Shark? Jon Turner (Oct 28)
I don't think it has yet, just out from the UK Information Commissioner;
Data loss incidents double in a year admits Information Commissioner
http://www.documentmanagementnews.com/the-news/general-news/41-general-news/155-data-loss-incidents-double-in-a-year-admits-information-commissioner.html

The UK Information Commissioner reports there were almost double the number
of data loss incidents in the last 12 months when compared to the previous...

European Commission: Data-losing companies may be forced to spill to public jkouns (Oct 28)
http://www.theregister.co.uk/2009/10/28/data_breach_law/

Data-losing companies may be forced to spill to public
European Commission mulls beef-up of law

The European Commission will consider passing new laws forcing
organisations that lose personal data to go public with that loss. The
Commission has until now been opposed to the creation of wide-ranging
data breach notification requirements.

The Commission and European Council insisted...

KS: Joco pub and customers were targets of credit card hacker kirniki (Oct 28)
http://www.kansascity.com/news/breaking_news/story/1535244.html

Llywelyn’s Pub and its customers are the victims of a sophisticated
cyber credit card attack, Overland Park police said Wednesday.

Overland Park police encourage anyone who has used a credit card at
Llywelyn’s Pub within the last six months to monitor their statements
for fraudulent expenses.

Police Spokesman Jim Weaver said that more than 100 victims, including
the owner,...

Metasploit — Development discussion for Metasploit, the premier open source remote exploitation tool

Re: adobe_pdf_embedded_exe working? msf 3.3 dev windows egypt (Nov 06)
I can't reproduce this on Linux or Windows using
documentation/users_guide.pdf as the INFILENAME. Can you send the
original PDF you used?

Thanks,
egypt

Re: unicode encoding question Nicolas Krassas (Nov 03)
The encoder is not working at the moment. There is an open ticket for that,
commenting the bug tracking system from hdm:

"These require either a BufferRegister or a win32 SEH-based GetPC stub,
neither is handled properly at the moment."

https://metasploit.com/redmine/issues/430

Dinos

-----Original Message-----
From: framework-bounces () spool metasploit com
[mailto:framework-bounces () spool metasploit com] On Behalf Of...

Re: unicode encoding question HD Moore (Nov 03)
Not yet:
https://metasploit.com/redmine/issues/430

Re: unicode encoding question corelanc0d3r (Nov 03)
does anyone have a solution for this ?

Re: Exploit failed: a target has not been selected Stephen Fewer (Nov 03)
I'm guessing the problem is you should use:

set PAYLOAD windows/meterpreter/reverse_tcp

instead of 'windows/dllinject/reverse_tcp' if you want a meterpreter
payload, because after the dll has been injected the payload, on the MSF
side, needs to then establish a session.

The 'windows/meterpreter/*' payloads will establish a meterpreter
session but the 'windows/dllinject/*' payloads will not establish any
session as they only inject an arbitrary...

Re: unicode encoding question NSO Research (Nov 03)
./msfpayload windows/exec CMD=calc R | ./msfencode -e x86/unicode_upper
BufferRegister=EAX -t perl

EAX <= UPPERCASE

But you will get a

x86/unicode_upper failed: BadChar; 0 to 1

corelanc0d3r schrieb:

unicode encoding question corelanc0d3r (Nov 03)
Does anyone know what I'm doing wrong here ?

./msfpayload windows/exec CMD=calc R | ./msfencode -e
x86/unicode_upper BufferRegister=eax -t perl
[-] x86/unicode_upper failed: undefined method `+' for nil:NilClass
[-] No encoders succeeded.

Re: Exploit failed: a target has not been selected Jun Koi (Nov 03)
Anybody knows how to fix the problem with this DLL injection payload
(windows/dllinject/reverse_tcp)?

Thanks,
Jun

Re: Symantec ConsoleUtilities ActiveX Control Buffer Overflow Exploit MC (Nov 02)
thanks, i committed the module to svn. added an xpsp3(english) target and
fixed some tabbing issues.

~mc

quick and dirty search for documents through the documents and settings or users folder structure. john babio (Nov 02)

Symantec ConsoleUtilities ActiveX Control Buffer Overflow Exploit NSO Research (Nov 02)
Hi,

here is a metasploit exploit module for the Symantec ConsoleUtilities
ActiveX Control buffer overflow i published today.

http://sotiriu.de/adv/NSOADV-2009-001.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-3031

Sorry, if the code is ugly. It's my first MSF exploit.

Regards

lofi

##
# Use it only for education or ethical pentesting! The author accepts no liability for damage caused by this tool.
##

require 'msf/core'

class...

Re: error while running msfconsole HD Moore (Nov 01)
This happens when you try to run Metasploit 3.2 under Ruby 1.9, which is
not supported. You can either switch to 3.3-dev or downgrade to Ruby
1.8.

-HD

error while running msfconsole vArUn . (Nov 01)
I tried to the msfconsole with "./msfconsole" on slax and I get these errors:

/root/framework-3.2/lib/msf/core/exploit.rb:229:in `require': /root/framework-3.2/lib/msf/core/exploit/smb.rb:401:
invalid multibyte char (US-ASCII) (SyntaxError)
/root/framework-3.2/lib/msf/core/exploit/smb.rb:401: syntax error, unexpected tIDENTIFIER, expecting ')'
Rex::Text.to_unicode('Távoli nyomtatók')...

Re: Ruby IDE Tom Van de Wiele (Oct 31)
Smultron on OSX

Re: unicode shellcode question NSO Research (Oct 31)
Did you try the javascript output format of the shellcode generation?

./msfpayload windows/exec CMD=calc.exe J

This should generate unicode shellcode.

Don't forget to encode it, because of the \x00 byte problem.

Patrick Webster schrieb:

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

buildbot failure in Wireshark (development) on OSX-10.5-ppc buildbot-no-reply (Nov 07)
The Buildbot has detected a new failure of OSX-10.5-ppc on Wireshark (development).
Full details are available at:
http://buildbot.wireshark.org/trunk/builders/OSX-10.5-ppc/builds/524

Buildbot URL: http://buildbot.wireshark.org/trunk/

Buildslave for this Build: osx-10.5-ppc

Build Reason:
Build Source Stamp: 30858
Blamelist: guy

BUILD FAILED: failed compile

sincerely,
-The Buildbot

Re: How about moving from svn to git? Balint Reczey (Nov 07)
Joerg Mayer wrote:

Hi,

I really like the idea and I wanted to propose git, too.
It would be much easier to follow changes in the stable/oldstable
branches and this is something I need, since I started to maintain the
official Debian packages.

Cheers,
Balint

How to parse a protocol with two different PDU types in a single connection? Kaul (Nov 07)
Hello,

I have a protocol that begins with a PDU of type A ('link' state), then
switches after it performed some negotiation to a PDU type B ('data' state).
I've tried something similar to:
conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst,
pinfo->ptype, pinfo->srcport, pinfo->destport, 0);
if (!conversation) {
conversation = conversation_new(pinfo->fd->num,...

Re: [Wireshark-commits] rev 30846: /trunk/gtk/ /trunk/gtk/: capture_if_dlg.c Guy Harris (Nov 07)
Hmm.

Looking at capture_opts_list_interfaces(), which is what dumpcap uses
to list the interfaces, if it's generating (more easily) machine-
readable output, the output generated for a missing description
(if_info->description is null) and the output generated for an empty
description (if_info->description points to a null string) are the same.

An empty description is no more useful than a null description, and,
as indicated,...

Re: Wireshark 1.2.3 Crashes on Startup and Wont Open (Tried Uninstall and Reinstall with Reboots 3x) Gerald Combs (Nov 07)
Zinovich, Brock wrote:

Are you using a Marvell Yukon NIC on Windows 7 by any chance? If so,
this triggers a crash in Wireshark 1.2.x. You can work around the
problem by installing Wireshark 1.0.10 or Wireshark 1.3.2-SVN-30846 or
later from http://www.wireshark.org/download/automated/. More details
can be found at https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4155

Re: [Wireshark-commits] rev 30846: /trunk/gtk/ /trunk/gtk/: capture_if_dlg.c Gerald Combs (Nov 07)
Guy Harris wrote:

In capture_interface_list we don't set the interface description if we
get an empty string from dumpcap:

if (strlen(if_parts[1]) > 0)
if_info->description = g_strdup(if_parts[1]);

This is apparently how we ended up with null description pointers in
capture_get_if_icon. Should we take out the if statement and set the
description no matter what?

buildbot failure in Wireshark (development) on Solaris-10-SPARC buildbot-no-reply (Nov 07)
The Buildbot has detected a new failure of Solaris-10-SPARC on Wireshark (development).
Full details are available at:
http://buildbot.wireshark.org/trunk/builders/Solaris-10-SPARC/builds/476

Buildbot URL: http://buildbot.wireshark.org/trunk/

Buildslave for this Build: solaris-10-sparc

Build Reason:
Build Source Stamp: 30856
Blamelist: krj

BUILD FAILED: failed copy-sloccount

sincerely,
-The Buildbot

Wireshark 1.2.3 Crashes on Startup and Wont Open (Tried Uninstall and Reinstall with Reboots 3x) Zinovich, Brock (Nov 07)
Can someone help with this Crash. As stated in subject the crash appeared after trying 1.2.3. Can no longer run or use.
See below for information on Error. Screenshot of Error Details plus Text Output of Error Report Contents.

Brock Zinovich
Email: brock.zinovich () weyerhaeuser com

ÿþ<?xml version="1.0" encoding="UTF-16"?>

<DATABASE>

<EXE...

buildbot failure in Wireshark (development) on Windows-XP-Win64 buildbot-no-reply (Nov 07)
The Buildbot has detected a new failure of Windows-XP-Win64 on Wireshark (development).
Full details are available at:
http://buildbot.wireshark.org/trunk/builders/Windows-XP-Win64/builds/543

Buildbot URL: http://buildbot.wireshark.org/trunk/

Buildslave for this Build: windows-xp-win64

Build Reason:
Build Source Stamp: 30855
Blamelist: jake,jmayer

BUILD FAILED: failed nmake all

sincerely,
-The Buildbot

Re: How about moving from svn to git? Jaap Keuter (Nov 07)
Joerg Mayer wrote:

Hi,

Maybe you could whip up a Wiki page on it. It could cover ideas on: repository
storage, clients (Win/X11/OSX/text), roles (users/developers/core/buildbot),
migration, release management, etc. Maybe not all that new, but to put it in
context for the git newbees.

Thanks,
Jaap

Re: How about moving from svn to git? Sébastien Tandel (Nov 07)
Hello,

I had already made the proposal to Gerald some time ago and I'm really ok
with this proposal.

I started using git three years ago and even if the underlying concepts are
slightly different from cvs/svn, once we're used to it, it is not possible
to go back to cvs/svn. I've introduced it in my previous company and if at
the beginning, there were some people doubting about the advantages of git,
now they are *all loving* this tool and there...

Re: How about moving from svn to git? Ulf Lamping (Nov 07)
Joerg Mayer schrieb:

Tortoise git support was not suitable for productive use the last time
I've read their page.

AFAIK, moving to git would be a big hurdle for Windows developers.

Regards, ULFL

How about moving from svn to git? Joerg Mayer (Nov 07)
Hello,

this is just something that went through my mind yesterday while working
on the third patch on the same files and without a chance to commit
between the patches. If there is one thing that I don't like (although
I do it sometimes) is to do a commit that does several things at once.
With git, I could commit each patch (which is done locally) and eventually
push all commits to the central repository while maintaing the indivitual
character...

buildbot failure in Wireshark (development) on Windows-XP-x86 buildbot-no-reply (Nov 07)
The Buildbot has detected a new failure of Windows-XP-x86 on Wireshark (development).
Full details are available at:
http://buildbot.wireshark.org/trunk/builders/Windows-XP-x86/builds/418

Buildbot URL: http://buildbot.wireshark.org/trunk/

Buildslave for this Build: windows-xp-x86

Build Reason:
Build Source Stamp: 30851
Blamelist: krj

BUILD FAILED: failed nmake docs

sincerely,
-The Buildbot

Re: Unable to dissect LTE X2AP interface withwireshark. Anders Broman (Nov 07)
Hi,
The X2AP dissector is not working properly until after rev 30772, so you
need to use a buildbot build.
Regards
Anders

-----Ursprungligt meddelande-----
Från: wireshark-dev-bounces () wireshark org
[mailto:wireshark-dev-bounces () wireshark org] För Jaap Keuter
Skickat: den 6 november 2009 17:27
Till: Developer support list for Wireshark
Ämne: Re: [Wireshark-dev] Unable to dissect LTE X2AP interface
withwireshark.

complete

code...

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

kernel panic with inline enabled and tcp traffic Monchiero, Matteo (Nov 06)
Hi all,
I'm getting a kernel panic when I'm running snort, compiled with -enable-inline in inline mode with iptables. The
version of snort I'm using is 2.8.5, my machine is a HP Proliant G6 blade server with a Broadcom Netxtreme II 10G NIC.
I'm using Ubuntu-64 904 with bnx2x as a NIC driver. My snort conf. file is attached (unmodified default snort.conf from
the source tree)

I'm setting up iptables with

sudo iptables -A INPUT -j QUEUE

and...

New White Paper on Performance Tuning for Snort Mike Guiterman (Nov 06)
Hi All, Steve Sturges has authored a new white paper entitled: Using Perfmon
and Performance Profiling to Tune Snort Preprocessors and Rules". The paper
is available on Snort.org at: http://www.snort.org/docs/development-papers/.

This paper is related to the talk Steve will be giving during the next
Snort-Users Webinar on Monday, November 9. To join that session register
here<...

Re: X-Forwarded-For San Mallissery (Nov 06)
When i trying to generate the snmp traps(snmpV2) in ubuntu it shows the
error SNMPTRAP: unknown host 10.0.2.15 (file Exists).

my ip is 10.0.2.15

i changed the output trap_snmp in snort.conf as

output trap_snmp: alert,7,cpm,trap -v 2c -c public 10.0.2.15

pls reply me ..wht may be the prob
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008...

test sog1024 (Nov 06)
Ls,

I have the impression that my mails are cumming trough

Regards,

SOG1024
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july...

test sog1024 (Nov 06)
sog
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july_______________________________________________
Snort-users mailing list
Snort-users ()...

IDS and inline mode logging justin joseph (Nov 06)
How can one distinguish between snort logs between IDS mode and inline mode.

While testing the two modes 'am finding that the logs are the same. How does
one differentiate between these two modes from snort output(full logging).

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment...

Re: dinamic (or not) preprocessors alessandrorguard-snortml (Nov 05)
for the quastion about the example, I noticed that in the tar archive version 2.8.5.1 reappeared the
src/dynamic-examples dir...
I was working with the 2.8.5 :-(

----- Messaggio originale -----

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best,...

dinamic (or not) preprocessors alessandrorguard-snortml (Nov 05)
Hi all!
what's the difference between the "preprocessors" and the "dinamic preprocessors"?
(they're divided in two different directories)
I'm trying to create a preprocessor, is there an up-to-date example or any reference guide I can read?

Thanks!
Alessandro

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial....

Re: VRT Rule Search is Back on Snort.org Nigel Houghton (Nov 04)
BEFORE submitting any false positive reports, read this page:

http://www.snort.org/snort-rules/submit-a-false-positive

The correct email address and the information required is listed on that page.

Re: VRT Rule Search is Back on Snort.org Alex Kirk (Nov 04)
If you have false positive, send it in to research () sourcefire com The VRT
monitors that list and will respond to submissions there.

Re: VRT Rule Search is Back on Snort.org Jefferson, Shawn (Nov 04)
Can you provide a mechanism for us to submit false positive information via this interface somehow?

________________________________
From: Mike Guiterman [mailto:mguiterman () sourcefire com]
Sent: Wednesday, November 04, 2009 9:15 AM
To: Snort Users List; snort-sigs () lists sourceforge net
Subject: [Snort-users] VRT Rule Search is Back on Snort.org

Hi everyone,

The updated VRT Rule Search feature is now live on Snort.org. Check it out at:...

VRT Rule Search is Back on Snort.org Mike Guiterman (Nov 04)
Hi everyone,

The updated VRT Rule Search feature is now live on Snort.org. Check it out
at: http://snort.org/search.

Full text search supports the following:

- Single keyword or SID search (ex – ‘windows’, ‘mysql’, ‘linux’)
- Multiple keyword search (ex – ‘windows 2000’, ‘mysql 4.10’)
- Multiple keyword search with terms joined by the AND, OR, and
NOTboolean operators (ex – ‘windows
AND 2000 NOT xp’)...

Re: Snort Hardware Selection and Fiber/Copper Taps Alex Tatistcheff (Nov 04)
That "funding not an issue" statement is what's pushing some to recommend 3D
appliances. You can spend as much as you want on a Snort box and you will
never have the capabilities available in a 3D appliance - i.e. Realtime
Network Awareness. It's hard to overstate the importance of this capability
in an IDS/IPS.

Alex Tatistcheff
alext () pobox com

-- When a convicted terrorist was sentenced to face Jack Bauer, he appealed
to have...

Re: Problem with the '-i' option Alex Tatistcheff (Nov 04)
To check and see if it's a problem with your bridge setup try using tcpdump
and see if you get the same results, i.e. tcpdump -i br1 -vXs0

Alex Tatistcheff
alext () pobox com

-- When a convicted terrorist was sentenced to face Jack Bauer, he appealed
to have the sentence reduced to death.

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day...

Sourcefire VRT Certified Snort Rules Update research (Nov 04)
Sourcefire VRT Certified Snort Rules Update

Synopsis:
The Sourcefire VRT is aware of several vulnerabilities in Adobe
Shockwave Player.

Details:
Adobe Shockwave Player Memory Corruption (APSB09-16):
Adobe Shockwave contains a programming error that may allow a remote
attacker to execute code on an affected system.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 3, SID 16220.

Adobe...

We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.