SecLists.Org Security Mailing List Archive

Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:

Insecure.Org Lists

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

Re: dev Digest, Vol 150, Issue 18 Md. Tariq Aziz (Oct 17)

static build on Linux Levente Laszlo (Oct 16)
Hi,

I would like to make a static build of Nmap (actually I just need a static
Ncat binary).
I am on Ubuntu 16.04 but I can build on CentOS/Arch/etc as well.
I have not found a lot of documentations on the web or in the list
archive...

https://blog.zsec.uk/staticnmap/
This is a post from May 2016 with version 7.11

When I tried the same (with ncat of course), with v7.60 I got an error too:...

Re: Talk on NSE's use of coroutines at Lua Workshop 2017 Fyodor (Oct 16)
On Wed, Oct 4, 2017 at 5:06 PM, Patrick Donnelly <batrick () batbytes com>
wrote:

Nice! I hope the talk goes well (looks like it starts in 30 minutes) and
I'm looking forward to the video!

Cheers,
Fyodor

Re: Crash Report Daniel Miller (Oct 10)
Ron,

Thanks for the bug report. Can you verify whether that file exists? It's
possible there is a problem with your Nmap installation.

Dan

Re: Crash Report Daniel Miller (Oct 10)
Pia,

Thanks for reporting this. The error is caused by a corrupted .pyc file
somewhere in your Python installation. Deleting the file will solve the
error, and importing the problem library as root will recompile it. Since
we don't know which library is the problem, you could run this shell script
as root, which will try each of them:

#!/bin/sh
rm /usr/lib/python2.7/difflib.pyc
python -c 'import difflib'
rm...

Crash Report Ronald Belill (Oct 09)
Version: 6.47
Traceback (most recent call last):
File "zenmapGUI\ScriptInterface.pyo", line 328, in
script_list_timer_callback
File "zenmapGUI\ScriptInterface.pyo", line 337, in initial_script_list_cb
File "zenmapGUI\ScriptInterface.pyo", line 369, in
handle_initial_script_list_output
File "zenmapCore\ScriptMetadata.pyo", line 495, in get_script_entries
File...

Crash Report Pia S. Sumalinog (Oct 09)
Version: 7.60
Traceback (most recent call last):
File "/usr/bin/zenmap", line 195, in <module>
zenmapGUI.App.run()
File "/usr/lib/python2.7/dist-packages/zenmapGUI/App.py", line 358, in run
window = new_window()
File "/usr/lib/python2.7/dist-packages/zenmapGUI/App.py", line 194, in new_window
from zenmapGUI.MainWindow import ScanWindow
File...

[MS17-010] DUMAS Xavier (Oct 09)

Re: nsock READ timeout Gerald Roy (Oct 09)

Talk on NSE's use of coroutines at Lua Workshop 2017 Patrick Donnelly (Oct 04)
If anyone in the bay area would like to participate, please register
and attend (it's free!):

http://www.lua.org/wshop17.html#abstracts

A video recording is planned. I will share to nmap-dev when it is available.

Re: nsock READ timeout Fotis Chantzis (Oct 02)
Can you please paste the output of the ssh client with verbose output on
when connecting to that server? (ssh -vv <user>@192.168.1.1)
What ssh version is the server running on the raspberry?

nsock READ timeout Gerald Roy (Oct 02)
Hi,

Running NCrack 0.6 on a Raspberry Pi 3 Raspbian with the command
ncrack -U 1user -P 1password -vv -d 10 -t 4 -iX mynmap.xml -oN ncrack.log

I get the output below. It looks like it's not doing much. 192.168.1.22
is a DD-WRT router.

ssh://192.168.1.1:22 (EID 223) Attempts: total 0 completed 0 supported 0
--- rate 0.00
ssh://192.168.1.1:22 (EID 224) nsock READ timeout!
ssh://192.168.1.1:22 (EID 224) Attempts: total 0 completed 0...

Re: New Feature for Nmap Daniel Miller (Sep 26)
Thanks for the suggestion! We already have a "map" feature in Zenmap, the
official GUI for Nmap [1]. But text-mode outputs can sometimes be useful,
too. Since Nmap already emits all of its findings in machine-parseable XML,
we are not likely to add another output format to Nmap itself, but there
are a couple of potentially interesting options:

You could write a post-processing script to convert the XML into a tabular
or text tree...

New Feature for Nmap Who Am I? (Sep 26)
Hello there.

I was looking to add a new feature to Nmap that I thought would be useful.
However, I would like to get the opinion of other individuals as well so I
can decide whether to move forward with the idea.

So, here is what I'm thinking of:

Sometimes with Nmap, I like to run a ping scan on my network. The output is
usually something like this after running "*nmap -sn 67.207.82.167/20
<http://67.207.82.167/20>*":...

Re: possible bug, nmap v7.40 Daniel Miller (Sep 26)
I remembered this issue when I saw a question and answer on
unix.stackexchange.com [1], so I thought I'd send an update. This is due to
a bug in the netfilter nat module in Linux 4.8. The code change which
introduced the bug was reverted in 4.8.16, and kernel 4.9 is not affected.

Thanks for reporting it!

Dan

https://unix.stackexchange.com/a/337496/16171

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.

Nmap GSoC 2017 Success Reports Fyodor (Oct 10)
Hello Nmap Community,

Nmap celebrated its 20th birthday last month and we also just completed our
13th Google Summer of Code. We focused on a fairly small team of four
students this year (http://seclists.org/nmap-announce/2017/2), and I'm
happy to report that every one passed! And they all have code integrated
into Nmap 7.60 already, with even more to follow for the next release.
Also this year, for the first time, every student wrote a...

Nmap 7.60 released! SSH support, SMB2/SMB3 improvements, 14 more scripts, new Npcap, GSoC work, and more Fyodor (Aug 01)
Hello everyone. I'm back from Defcon and excited to announce the new Nmap
7.60 release! It has only been a month and a half since 7.50, but we still
packed a lot into this one. Mostly because we have such an awesome GSoC
team of 8 students and mentors working on so many cool projects. The
program hasn't even ended yet, but much of their work has already been
integrated into this release.

One of the things I'm most excited...

Nmap 7.50 Released! 14 new NSE scripts, 300+ fingerprints, new Npcap, and more Fyodor (Jun 13)
Dear Nmap Community:

The Nmap project is delighted to announce the release of Nmap 7.50! It is
our first big release since last December and has hundreds of improvements
that we hope you will enjoy.

One of the things we have been worked the hardest on recently is our Npcap
packet capturing driver and library for Windows (https://nmap.org/npcap/).
It is a replacement for WinPcap, which served us well for many years, but
is no longer maintained....

Introducing the 2017 Nmap/Google Summer of Code Team! Fyodor (May 18)
Nmap community:

Thanks for all of your applications and referrals of talented students to
the Summer of Code program. Google has agreed to sponsor four students to
spend this summer enhancing the Nmap Security Scanner and I'm proud to
introduce our 2017 team! We normally mentor coders working all over the
Nmap/Zenmap/Ncat/Nping spectrum, but this year we're doubling down on the
Nmap Scripting Engine component. All four of our...

Nmap Project Seeking Talented Programmers for GSoC 2017 Fyodor (Mar 27)
Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're one...

Nmap GSoC 2016 Success Report Fyodor (Feb 07)
Happy belated new year from the Nmap Project! I'd like to take this
opportunity to send you the belated results from our 2016 Summer of Code
team. I was going to send them right after the program finished, but some
of the students were still finishing some great things so I decided to
wait. As you may recall from the team intro mail (
http://seclists.org/nmap-announce/2016/2), we had 5 students last year and
I'm happy to report that...

Nmap 7.40 Holiday Release: a dozen new NSE scripts, hundreds of new fingerprints, new Npcap, faster brute forcing, and more... Fyodor (Dec 20)
Happy holidays from the Nmap Project! In case your Christmas break plans
involve a lot of port scanning, we're delighted to announce our holiday
Nmap 7.40 release! This version stuffs your stockings with dozens of new
features, including:

- 12 new NSE scripts
- Hundreds of updated OS and version detection detection signatures
- Faster brute force authentication cracking and other NSE library
improvements
- A much-improved...

Nmap 7.31 stability-focused point release Fyodor (Oct 21)
Hi folks. I'm happy to report that the big Nmap 7.30 release last month
was a great success. We didn't even see as many bugs as expected for such
a large release, but we have collected and fixed the ones which did arise
in the last few weeks into a new 7.31 point release. It includes the
latest updates to our new Npcap driver, a fix for Nping on Windows, and
more.

Nmap 7.31 source code and binary packages for Linux, Windows, and Mac...

Nmap 7.30 Released with new NSE scripts, new Npcap, new Fingerprints, etc. Fyodor (Sep 29)
Hi folks! You may have noticed that we've only been releasing Nmap betas
for the last 6 months because we've had so much new code and so many
features to integrate thanks to hard work from both our regular team and
the 5 Google Summer of Code summer interns. But we spent the last month
focused on stability and I'm pleased to announce Nmap 7.30--our first
stable release since 7.12 back in March.

Even though it's a stable...

Nmap 7.25BETA2 Birthday Release Fyodor (Sep 01)
Hi folks! I'm happy to report that today is Nmap's 19th birthday and
instead of cake, we're celebrating open source style with a new release!
Nmap 7.25BETA1 includes dozens of performance improvements, bug fixes, and
new features. The full list is below, and includes a major LUA upgrade for
NSE scripts, a new overlapped I/O engine for better Windows performance, a
much-improved version of our new Npcap packet capturing driver,...

Nmap 7.25BETA1 Released with our new Npcap driver, 6 new NSE scripts, and more! Fyodor (Jul 19)
Hi folks! As you may know, we've been working for the last 3 years on an
improved Windows packet capturing library named Npcap. It's based on the
original WinPcap (which hasn't been maintained in years), but we rewrote
the driver to use modern APIs (NDIS 6) for better performance. It also
improves security and enables new features. For example, Npcap allows Nmap
to do raw scans (including SYN scans and OS detection) of localhost...

Introducing the 2016 Nmap/Google Summer of Code Team! Fyodor (May 09)
Hello everyone. Google has agreed to sponsor five amazing students to
spend this summer enhancing the Nmap Security Scanner and I'm proud to
introduce our 2015 team:

*Abhishek Singh* will be working as a Feature Creeper and Bug Hunter,
making improvements throughout the Nmap codebase. The project hasn't even
started yet and he's already found and fixed several NSE script bugs and
has other code changes in the works. Abhishek is...

Nmap 7.10 released: 12 new scripts, hundreds of OS/version fingerprints, bug fixes, and more! Fyodor (Mar 17)
Hi Folks! Before I tell you about today's new Nmap release, I wanted to
share some Summer of Code news:

Google posted a fantastic story by one of our Summer of Code alumni about
how the program helped take him from rural China to a full-ride scholarship
at the University of Virginia graduate school! His mentor David and I had
the chance to meet him in San Francisco:...

Nmap Project Seeking Talented Programmers for Google Summer of Code 2016 Fyodor (Feb 29)
Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're one...

Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

SEC Consult SA-20171018-1 :: Multiple vulnerabilities in Linksys E-series products SEC Consult Vulnerability Lab (Oct 18)
SEC Consult Vulnerability Lab Security Advisory < 20171018-1 >
=======================================================================
title: Multiple vulnerabilities
product: Linksys E series, see "Vulnerable / tested versions"
vulnerable version: see "Vulnerable / tested versions"
fixed version: no public fix, see solution/timeline
CVE number: -
impact: high...

SEC Consult SA-20171018-0 :: Multiple vulnerabilities in Afian AB FileRun SEC Consult Vulnerability Lab (Oct 18)
SEC Consult Vulnerability Lab Security Advisory < 20171018-0 >
=======================================================================
title: Multiple vulnerabilities
product: Afian AB FileRun
vulnerable version: 2017.03.18
fixed version: 2017.09.18
impact: critical
homepage: https://www.filerun.com | https://afian.se
found: 2017-08-28
by: Roman Ferdigg...

SSD Advisory – Linux Kernel AF_PACKET Use-After-Free Maor Shwartz (Oct 17)
SSD Advisory – Linux Kernel AF_PACKET Use-After-Free

Full report: https://blogs.securiteam.com/index.php/archives/3484
Twitter: @SecuriTeam_SSD
Weibo: SecuriTeam_SSD

Vulnerabilities summary
The following advisory describes a use-after-free vulnerability found in
Linux Kernel’s implementation of AF_PACKET that can lead to privilege
escalation.

AF_PACKET sockets “allow users to send or receive packets on the device
driver level. This for...

SSD Advisory – Ikraus Anti Virus Remote Code Execution Maor Shwartz (Oct 17)
SSD Advisory – Ikraus Anti Virus Remote Code Execution

Full report: https://blogs.securiteam.com/index.php/archives/3485
Twitter: @SecuriTeam_SSD
Weibo: SecuriTeam_SSD

Vulnerability summary
The following advisory describes an remote code execution found in Ikraus
Anti Virus version 2.16.7.

KARUS anti.virus “secures your personal data and PC from all kinds of
malware. Additionally, the Anti-SPAM module protects you from SPAM and
malware...

SSD Advisory – Webmin Multiple Vulnerabilities Maor Shwartz (Oct 17)
SSD Advisory – Webmin Multiple Vulnerabilities

Full report: https://blogs.securiteam.com/index.php/archives/3430
Twitter: @SecuriTeam_SSD
Weibo: SecuriTeam_SSD

Vulnerability summary
The following advisory describes three (3) vulnerabilities found in Webmin
version 1.850

Webmin “is a web-based interface for system administration for Unix. Using
any modern web browser, you can setup user accounts, Apache, DNS, file
sharing and much more....

SSD Advisory – Microsoft Office SMB Information Disclosure Maor Shwartz (Oct 17)
SSD Advisory – Microsoft Office SMB Information Disclosure

Full report: *https://blogs.securiteam.com/index.php/archives/3463
<https://blogs.securiteam.com/index.php/archives/3463>*
Twitter: @SecuriTeam_SSD
Weibo: SecuriTeam_SSD

*Vulnerability Summary*
The following advisory describes an information disclosure found in
Microsoft Office versions 2010, 2013, and 2016.

Microsoft Office is: “Whether you’re working or playing, Microsoft...

SSD Advisory – FiberHome Directory Traversal Maor Shwartz (Oct 17)
SSD Advisory – FiberHome Directory Traversal

Full report: https://blogs.securiteam.com/index.php/archives/3472
Twitter: @SecuriTeam_SSD
Weibo: SecuriTeam_SSD

Vulnerability Summary
The following advisory describes a directory traversal vulnerability found
in FiberHome routers.

FiberHome Technologies Group “was established in 1974. After continuous and
intensive development for over 40 years, its business has been extended to
R&D,...

[CVE-2017-14322] Interspire Email Marketer - Remote Admin Authentication Bypass Hakan Küsne (Oct 17)
Please disclose, thanks.

SEC Consult SA-20171017-0 :: Cross site scripting in Webtrekk Pixel tracking component SEC Consult Vulnerability Lab (Oct 17)
SEC Consult Vulnerability Lab Security Advisory < 20171017-0 >
=======================================================================
title: Cross site scripting
product: Webtrekk Pixel tracking
vulnerable version: v3.24 to v3.40, v4.00 to v4.40, v5.00 to v5.04
fixed version: v3.41, v4.41, v5.05
impact: Medium
homepage: https://www.webtrekk.com/
found: 2017-08-29...

[CVE-2017-15359] 3CX Phone System - Authenticated Directory Traversal Jens Regel (Oct 16)
Please disclose, thanks.

SSD Advisory – ZTE uSmartView DLL Hijacking Maor Shwartz (Oct 16)
SSD Advisory – ZTE uSmartView DLL Hijacking

Full report: *https://blogs.securiteam.com/index.php/archives/3457
<https://blogs.securiteam.com/index.php/archives/3457>*
Twitter: @SecuriTeam_SSD
Weibo: SecuriTeam_SSD

Vulnerability summary
The following advisory describes an DLL Hijacking found in ZTE uSmartView.

ZTE uSmartView offers: “ZTE provides full series of cloud computing
products (including cloud terminals, cloud desktops,...

ESA-2017-122: EMC NetWorker Buffer Overflow Vulnerability EMC Product Security Response Center (Oct 16)
ESA-2017-122: EMC NetWorker Buffer Overflow Vulnerability

EMC Identifier: ESA-2017-122

CVE Identifier: CVE-2017-8022

Severity Rating: CVSSv3 Base Score: 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected products:
* EMC NetWorker versions prior to 8.2.4.9
* EMC NetWorker versions 9.0.x (all supported versions)
* EMC NetWorker versions prior to 9.1.1.3
* EMC NetWorker versions prior to 9.2.0.4

Summary:
EMC...

ESA-2017-124: EMC Isilon OneFS Reflected Cross Site Scripting Vulnerability EMC Product Security Response Center (Oct 16)
ESA-2017-124: EMC Isilon OneFS Reflected Cross Site Scripting Vulnerability

CVE Identifier: CVE-2017-8024

EMC Identifier: ESA-2017-124

Severity Rating: CVSS Base Score: 9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)

Affected Products:
*EMC Isilon OneFS versions prior to 8.1.0.1

*EMC Isilon OneFS versions prior to 8.0.1.2

*EMC Isilon OneFS versions prior to 8.0.0.6

*EMC Isilon OneFS 7.2.1.x

Summary:
EMC Isilon OneFS is impacted by a...

SEC Consult SA-20171016-0 :: Multiple vulnerabilities in Micro Focus VisiBroker C++ SEC Consult Vulnerability Lab (Oct 15)
SEC Consult Vulnerability Lab Security Advisory < 20171016-0 >
=======================================================================
title: Multiple vulnerabilities
product: Micro Focus VisiBroker C++
vulnerable version: 8.5 SP2
fixed version: 8.5 SP4 HF3
CVE number: CVE-2017-9281, CVE-2017-9282, CVE-2017-9283
impact: High
homepage:...

[RCESEC-2017-002][CVE-2017-14956] AlienVault USM v5.4.2 "/ossim/report/wizard_email.php" Cross-Site Request Forgery leading to Sensitive Information Disclosure Julien Ahrens (Oct 13)
RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: AlienVault USM
Vendor URL: https://www.alienvault.com
Type: Cross-Site Request Forgery [CWE-253]
Date found: 2017-09-22
Date published: 2017-10-13
CVSSv3 Score: 6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVE: CVE-2017-14956

2. CREDITS
==========
This vulnerability was discovered and researched...

Other Excellent Security Lists

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

FreeBSD Security Advisory FreeBSD-SA-17:07.wpa [REVISED] FreeBSD Security Advisories (Oct 18)
=============================================================================
FreeBSD-SA-17:07.wpa Security Advisory
The FreeBSD Project

Topic: WPA2 protocol vulnerability

Category: contrib
Module: wpa
Announced: 2017-10-16
Credits: Mathy Vanhoef
Affects: All supported versions of FreeBSD.
Corrected:...

[slackware-security] xorg-server (SSA:2017-291-03) Slackware Security Team (Oct 18)
[slackware-security] xorg-server (SSA:2017-291-03)

New xorg-server packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/xorg-server-1.18.3-i586-5_slack14.2.txz: Rebuilt.
This update fixes integer overflows and other possible security issues.
For more information, see:...

[slackware-security] wpa_supplicant (SSA:2017-291-02) Slackware Security Team (Oct 18)
[slackware-security] wpa_supplicant (SSA:2017-291-02)

New wpa_supplicant packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz: Upgraded.
This update includes patches to mitigate the WPA2 protocol issues known
as "KRACK" (Key Reinstallation AttaCK),...

[slackware-security] libXres (SSA:2017-291-01) Slackware Security Team (Oct 18)
[slackware-security] libXres (SSA:2017-291-01)

New libXres packages are available for Slackware 14.1, 14.2, and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libXres-1.2.0-i586-1_slack14.2.txz: Upgraded.
Integer overflows may allow X servers to trigger allocation of insufficient
memory and a buffer overflow via vectors related to the (1)...

WebKitGTK+ Security Advisory WSA-2017-0008 Carlos Alberto Lopez Perez (Oct 18)
------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2017-0008
------------------------------------------------------------------------

Date reported : October 18, 2017
Advisory ID : WSA-2017-0008
Advisory URL : https://webkitgtk.org/security/WSA-2017-0008.html
CVE identifiers : CVE-2017-7081, CVE-2017-7087, CVE-2017-7089,...

SEC Consult SA-20171018-1 :: Multiple vulnerabilities in Linksys E-series products SEC Consult Vulnerability Lab (Oct 18)
SEC Consult Vulnerability Lab Security Advisory < 20171018-1 >
=======================================================================
title: Multiple vulnerabilities
product: Linksys E series, see "Vulnerable / tested versions"
vulnerable version: see "Vulnerable / tested versions"
fixed version: no public fix, see solution/timeline
CVE number: -
impact: high...

[security bulletin] HPESBHF03789 rev.2 - Certain HPE Gen9 Systems with HP Trusted Platform Module v2.0 Option, Unauthorized Access to Data security-alert (Oct 18)
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03789en_us

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: hpesbhf03789en_us
Version: 2

HPESBHF03789 rev.2 - Certain HPE Gen9 Systems with HP Trusted Platform Module
v2.0 Option, Unauthorized Access to Data

NOTICE: The information in this Security Bulletin should be acted upon as
soon as...

[SECURITY] [DSA 3999-1] wpa security update Yves-Alexis Perez (Oct 16)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3999-1 security () debian org
https://www.debian.org/security/ Yves-Alexis Perez
October 16, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : wpa
CVE ID : CVE-2017-13077 CVE-2017-13078...

SEC Consult SA-20171016-0 :: Multiple vulnerabilities in Micro Focus VisiBroker C++ SEC Consult Vulnerability Lab (Oct 16)
SEC Consult Vulnerability Lab Security Advisory < 20171016-0 >
=======================================================================
title: Multiple vulnerabilities
product: Micro Focus VisiBroker C++
vulnerable version: 8.5 SP2
fixed version: 8.5 SP4 HF3
CVE number: CVE-2017-9281, CVE-2017-9282, CVE-2017-9283
impact: High
homepage:...

[security bulletin] MFSBGN03786 rev.1 - HPE Connected Backup, Local Escalation of Privilege swpmb . cyber-psrt (Oct 15)
Note: the current version of the following document is available here:
https://softwaresupport.hpe.com/km/KM02987868

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM02987868
Version: 1

MFSBGN03786 rev.1 - HPE Connected Backup, Local Escalation of Privilege

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2017-10-13
Last Updated: 2017-10-13

Potential Security Impact: Local:...

Advisory X41-2017-010: Command Execution in Shadowsocks-libev X41 D-Sec GmbH Advisories (Oct 15)
X41 D-Sec GmbH Security Advisory: X41-2017-010

Command Execution in Shadowsocks-libev
======================================

Overview
--------
Severity Rating: High
Confirmed Affected Versions: 3.1.0
Confirmed Patched Versions: N/A
Vendor: Shadowsocks
Vendor URL: https://github.com/shadowsocks/shadowsocks-libev
Vector: Local
Credit: X41 D-Sec GmbH, Niklas Abel
Status: Public
CVE: not yet assigned
Advisory-URL:...

Advisory X41-2017-008: Multiple Vulnerabilities in Shadowsocks X41 D-Sec GmbH Advisories (Oct 15)
X41 D-Sec GmbH Security Advisory: X41-2017-008

Multiple Vulnerabilities in Shadowsocks
=======================================

Overview
--------
Confirmed Affected Versions: Latest commit 2ab8c6b on Sep 6
Confirmed Patched Versions: N/A
Vendor: Shadowsocks
Vendor URL: https://github.com/shadowsocks/shadowsocks/tree/master
Vector: Network
Credit: X41 D-Sec GmbH, Niklas Abel
Status: Public
Advisory-URL:...

[RCESEC-2017-002][CVE-2017-14956] AlienVault USM v5.4.2 "/ossim/report/wizard_email.php" Cross-Site Request Forgery leading to Sensitive Information Disclosure Julien Ahrens (Oct 15)
RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: AlienVault USM
Vendor URL: https://www.alienvault.com
Type: Cross-Site Request Forgery [CWE-253]
Date found: 2017-09-22
Date published: 2017-10-13
CVSSv3 Score: 6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVE: CVE-2017-14956

2. CREDITS
==========
This vulnerability was discovered and researched...

Multiple vulnerabilities in OpenText Documentum Content Server Andrey B. Panfilov (Oct 13)
CVE Identifier: CVE-2017-15012
Vendor: OpenText
Affected products: OpenText Documentum Content Server (all versions)
Researcher: Andrey B. Panfilov
CVSS v3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Fix: not available
Description:

Opentext Documentum Content Server (formerly known as EMC Documentum Content Server)
does not properly validate input of PUT_FILE RPC-command which allows any
authenticated user to hijack arbitrary file from...

[SECURITY] [DSA 3995-1] libxfont security update Moritz Muehlenhoff (Oct 11)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3995-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
October 10, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libxfont
CVE ID : CVE-2017-13720 CVE-2017-13722...

Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.

SpiderFoot 2.11 released Steve Micallef (Aug 14)
Hi all,

For the folks here interested in OSINT, recon and threat intel, I'm
pleased to announce SpiderFoot 2.11 is now out.

SpiderFoot now has over 100 modules to collect data utilising APIs from
SHODAN, BuiltWith, RIPE, AlienVault OTX, Robtex, HaveIBeenPwned? as well
as typical recon techniques like DNS brute-forcing, port scanning, web
spidering and more. It's open source, written in Python, documented and
usable with both a...

Faraday v2.6: Collaborative Penetration Test and Vulnerability Management Platform Francisco Amato (Jul 24)
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that helps users improve their
own work, the main purpose is to...

File Upload in Integration Gateway (PSIGW) ERPScan inc (Jul 20)
1. ADVISORY INFORMATION
Title: File Upload in Integration Gateway (PSIGW)
Advisory ID: [ERPSCAN-17-039]
Advisory URL: https://erpscan.com/advisories/erpscan-17-039-file-upload-integration-gateway-psigw-peoplesoft/
Risk: High
Date published: 18.07.2017
Vendor contacted: Oracle

2. VULNERABILITY INFORMATION
Class: File Upload
Impact: Remote command execution on the server
Remotely Exploitable: Yes
Locally Exploitable: Yes
CVE Name: CVE-2017-10061...

Multiple XSS (POST request) Vulnerabilities in TestServlet (PeopleSoft) ERPScan inc (Jul 20)
1. ADVISORY INFORMATION
Title: Multiple XSS (POST request) Vulnerabilities in TestServlet (PeopleSoft)
Advisory ID: [ERPSCAN-17-037]
Advisory URL: https://erpscan.com/advisories/erpscan-17-037-multiple-xss-vulnerabilities-testservlet-peoplesoft/
Risk: Medium
Date published: 18.07.2017
Vendor contacted: Oracle

2. VULNERABILITY INFORMATION
Class: XSS [CWE-79]
Impact: Modify displayed content from a Web site, steal authentication
information of a...

Directory Traversal vulnerability in Integration Gateway (PSIGW) ERPScan inc (Jul 20)
1. ADVISORY INFORMATION
Title: Directory Traversal vulnerability in Integration Gateway (PSIGW)
Advisory ID: [ERPSCAN-17-038]
Advisory URL: https://erpscan.com/advisories/erpscan-17-038-directory-traversal-vulnerability-integration-gateway-psigw/
Risk: High
Date published: 18.07.2017
Vendor contacted: Oracle

2. VULNERABILITY INFORMATION
Class: Directory Traversal
Impact: Read, delete, rewrite file from the system
Remotely Exploitable: Yes
CVE...

[HITB-Announce] HITB GSEC 2017 CommSec CFP Closes July 31st Hafez Kamal (Jul 15)
REMINDER: CFP Submission dateline is on the 31st of July 2017 23:59 SGT

Alongside HITBGSEC 2017 Singapore, we are calling on the community of hackers, makers, builders and breakers to send us
their 30 minute talk abstracts for consideration to be included in a separate 2-day single-track of talks (24th and
25th August). Access to these track of talks is completely FREE TO ATTEND and we are encouraging everyone to come! If
you're in...

ekoparty: Call for Papers 2017! Open! Francisco Amato (Jul 12)
ekoparty security conference
Training September 25-26, 2017
Conference September 27-29, 2017
Buenos Aires

Submit at: http://cfp.ekoparty.org

We are really proud to announce the thirteenth edition of the Ekoparty
Security Conference.

Once again, in this unique event, security specialist from all over
Latin America and the World will have the chance to get acquainted
with the most important researches of the year.

Ekoparty has become the most...

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

Keynotes dave aitel (Oct 16)
So I'm about to do V6 of my T2 keynote - usually it takes about 10 full
runs until a keynote is good. This is why we are very very careful about
asking people to do keynotes. They typical first run of a keynote gets
feedback like "This is terrible. Just terrible. Awful". (Except Halvar's).

In any case, I've sent out versions of it to lots of different people
for feedback and I've noticed a few things. Probably the...

Re: Eulogy Ryan Duff (Oct 10)
Yeah he was. The tragedy is how few will know everything he's done for his
country. But that's how it is.

He'll definitely be remembered by anyone who had the pleasure of working
with him.

-Ryan

Re: Eulogy Matt Georgy (Oct 06)
He was a great guy and a real patriot. He will be missed.

Eulogy dave aitel (Oct 06)
It's 11am. I'm pretty drunk right now. Lee would have liked to have
known that his passing was noticed.

For those of you who knew him.

-dave

Re: Equitablefax the grugq (Oct 03)
Hey

I wasn’t either since it doesn’t impact me, but I had to research it for this week’s news segment on Risky.Biz ==>
https://risky.biz/RB471/

During the research it became clear that the public narrative and the facts were diverging quite a bit. In particular
this “failure to patch” story line. Yes, they were slow to patch. However, their upstream provider didn’t even make the
patch available until weeks after the compromise...

Re: Equitablefax spacerog () spacerogue net (Oct 03)
Thank you for this timeline because honestly I haven't been paying that
close attention.

Based on this it looks like Equifax did actually patch, just not fast
enough, and by the time they got around to it the bad guys where already
inside. Based on this list the delta from patch release to install was
<91 days. Am I reading this correctly?

If so then the absolute shit ton of criticism heaped on Equifax for not
patching is IMO...

Re: Equitablefax Arrigo Triulzi (Oct 03)
Just in passing: "Equifax is ISO/IEC 27001:2013 certified by a reputable independent third party.”[0]. Asset management
is a core part of ISO27001:2013.

Cheers,

Arrigo

[0] https://www.equifax.com/assets/WFS/the_work_number_best_practices_in_data_security.pdf (1st page)

Twitter dave aitel (Sep 29)
Right now everyone is going on and on about how Russians spent 256K on
ads on Twitter to influence the election. Much less understood is how
great Twitter ads are for targeting phishing attacks! I wrote this whole
article while back here
<https://tindertipsforgirls.blogspot.com/2016/03/paying-for-okcupid-is-stupid.html>
on it. People are genuinely good at phishing now. The "Fake RedTube
subscription <...

Re: Equitablefax the grugq (Sep 29)
I’m not going to address any of the points in the excellent post by Katie but rather put some facts together in a
timeline so people can see the Equihax event better. The “if only bug bounty” claptrap is, as Katie points out (much
more politely), complete bullshit.

Timeline of events:

2017-03-06: Apache announces struts bug
2017-03-07: PoC exploit released to public

2017-03-10: Equihax compromised via struts exploit. Genius hackers use...

Re: Why people aren't stealing ADFS secrets? James Pleger (Sep 28)
I'm not holding out much hope on the OneLogin side, the breach they had earlier this year sounded really bad. Maybe
that event woke up the other identity providers though.

http://www.zdnet.com/article/onelogin-security-chief-new-details-data-breach/

Re: Equitablefax Katie M (Sep 28)
I actually tried helping coordinate one of the new bugs that someone found
and wanted to report to Equifax. Unfortunately, before they had time to
even look up from their current conflagration, eyebrows still singed, a
reporter published it.

At this instant, even one bug report, while completely helpful in the
micro-sense, is process-wise another tax on the resources they have working
on the big breach. It still has to go into the queue of their...

Re: Why people aren't stealing ADFS secrets? Kyle Creyts (Sep 27)
Or other SAML IDP private keys. ADFS is good, but stealing them from IDP
vendors might be much more efficient, and open many more doors. One hopes
that Google, OneLogin, Okta, and friends all do the needful to compartment
and protect these private keys.

On Wed, Sep 27, 2017 at 1:00 PM Konrads Smelkovs <konrads.smelkovs () gmail com>
wrote:

Re: Equitablefax Katie M (Sep 27)
Having a bug bounty program wouldn't have helped Equifax. Only Equifax
could have helped Equifax. The root cause of the problem wasn't that they
didn't know about the bug, it was that they face the same patch
prioritization risk vs resource balance that all orgs gamble with. They
lost that gamble, which is what every breach represents: a lost bet on the
tradeoffs. Simply knowing about a bug, via a bug bounty or otherwise, is
just...

Why people aren't stealing ADFS secrets? Konrads Smelkovs (Sep 27)
I was thinking about long term persistence and clearly, it would make a lot
of sense to steal the private key of the ADFS certificate that is used to
authenticate SAML claims. Anyone seen it done?

Re: Equitablefax Kristian Erik Hermansen (Sep 27)
But clearly Equifax didn't know ALL public facing attack surfaces
controlled by Equifax which were affected by that vulnerability. A bug
bounty likely would have surfaced those missing attack surfaces. Internal
folks always make assumptions about their own network, which is biased and
almost never reality.

- Based on the company's investigation, Equifax believes the
unauthorized accesses to certain files containing personal...

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

Re: [Security Weekly] cheap hosting Robin Wood (Sep 23)
Resurrecting an old thread but they now have an affiliate program and I can
issue my own codes so:

20% off all servers AqUVYbUXag
50% off all big dog (whatever that is) 7E9YRUzEZy

After a month with them, their tech support is OK but not great, the server
has stayed up and not had any problems.

Robin

Re: [Security Weekly] projecting in a bight space Jeremy Pommerening (Aug 28)
I would look for a projector with at least 6000 ANSI Lumens or better. A darker screen (grey) may also help.

Jeremy Pommerening

________________________________
From: Robin Wood <robin () digi ninja>
To: Security Weekly Mailing List <pauldotcom () mail securityweekly com>
Sent: Sunday, August 3, 2014 3:42 AM
Subject: [Security Weekly] projecting in a bight space

I've been looking at the venue for next year's...

[Security Weekly] Two Firefox security bugs related to HTTPS ffbugishere (Aug 17)
Hello world!

We need votes for security bugs!

Adding "Security Exception" for self-signed HTTPS sites cannot be done
permanently
https://bugzilla.mozilla.org/show_bug.cgi?id=1050100

Firefox 31 doesn't supports the industry recommended best HTTPS
ciphers
https://bugzilla.mozilla.org/show_bug.cgi?id=1051210

Other browsers should have the same bugs fixed..

p.s.: We are not related to this group, but we think they worth a
penny...

Re: [Security Weekly] Java and Flash decompilers Will Metcalf (Aug 05)
JPEXS is very nice for flash IMHO.

http://www.free-decompiler.com/flash/

Regards,

Will

Re: [Security Weekly] Java and Flash decompilers Bradley McMahon (Aug 05)
I've used flare before to pull apart a flash site for a client.
http://www.nowrap.de/flare.html

-Brad

Re: [Security Weekly] SecurityCenter alternative Steven McGrath (Aug 04)
SC certainly isn’t cheap (as a former SC customer that moved over to Tenable I can attest to that) however I can point
out that the data aggregation, trending, and custom reporting were huge wins in my book. I guess its a time/money
trade-off. How much time do you want to spend either cobbling together a tool or manually aggregating the data when
there is another tool already out there that can do it out of the box.

I can speak in more...

Re: [Security Weekly] Java and Flash decompilers S. White (Aug 04)
A few I've used in the past:

JAD - http://varaneckas.com/jad/ , http://en.wikipedia.org/wiki/JAD_(JAva_Decompiler)

HP SWFscan

Adobe SWF investigator http://labs.adobe.com/technologies/swfinvestigator/

________________________________
From: Robin Wood <robin () digi ninja>
To: Security Weekly Mailing List <pauldotcom () mail securityweekly com>
Sent: Monday, August 4, 2014 5:54 AM
Subject: [Security Weekly] Java and...

[Security Weekly] DoFler @ BSidesLV Steven McGrath (Aug 04)
This will be the 3rd year that DoFler (the Dashboard of Fail) will be at BSidesLV. This year I wrote a new spiffy
interface for maximum trolling. Let’s be honest now, everyone loves to surf for various forms of horrible on the
internet at cons :D. Also added this year is a little vulnerability analysis (using Tenable’s PVS). Every year I try
to improve it a bit based on everyone’s input, and am always welcome to more feedback.

DB...

Re: [Security Weekly] cheap hosting Robin Wood (Aug 04)
Already sorted but thanks for the info.

Re: [Security Weekly] Java and Flash decompilers Nathan Sweaney (Aug 04)
Here are a few others I've used with varying success in the past:

SWFInvestigator - http://labs.adobe.com/technologies/swfinvestigator/
SWFScan - from Rafal Los at HP, though the link has been deleted. (Careful,
I've seen trojaned copies online.)

Re: [Security Weekly] SecurityCenter alternative Paul Asadoorian (Aug 04)
Thanks all for the informative discussion!

I know, I'm jumping in late, some closing thoughts on the subject:

- SecurityCenter has the unique advantage of consolidating plugin
updates, meaning you could have hundred of Nessus scanners deployed in
your organization, and the scanners get the plugin feed from your
SecurityCenter system. The removes the requirement of Internet access
(From the scanners), and greatly eases the administration...

Re: [Security Weekly] SecurityCenter alternative k41zen (Aug 04)
Thanks for all of your help.

We are in discussions with our Tenable contact about solutions for this issue. They’ve helped me out by enabling me to
move forward to at least deploy this into a Pre-Production environment but the costs of SC are a massive stumbling
block; hence my question about something else. Appreciate we have a big Nessus fan base here of which I am a member
too, but just wondered what could be wrapped around it.

I’ll...

Re: [Security Weekly] SecurityCenter alternative Adrien de Beaupre (Aug 04)
Hi,

I have also written a series of script to collect data from tools such as
nmap and nessus to import into MySQL called OSSAMS:
http://www.ossams.com/wp-content/uploads/2011/10/ossams-parser-SecTor-2011.zip
That leaves report writing as a series of SQL queries.
I also have a series of scripts to kick off scans, as well as a command
like XML-RPC nessus client in python if anyone is interested.

Cheers,
Adrien

Re: [Security Weekly] cheap hosting sec list (Aug 04)
Hey Robin,

If you're still looking, might want to try out getclouder.com - they
spin up Linux containers in 5 seconds and use distributed storage, which
is pretty awesome. It's still in beta, so they offer 3 months free
service, but it has been pretty stable so far from my experience.

[Security Weekly] Java and Flash decompilers Robin Wood (Aug 04)
Hi
I'm trying to put together a list of tools for decompiling Flash and Java
apps. From asking on another list I already have:

Java
JD-GUI
Java Decompiler http://jd.benow.ca/jd-gui/downloads/jd-gui-0.3.6.windows.zip.

Java snoop https://code.google.com/p/javasnoop/

Flash
Trillix
Flashbang https://github.com/cure53/Flashbang

Has anyone here got any others they can suggest?

Ideally I'm looking for free stuff but cheap commercial...

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

Microsoft Security Update Minor Revisions Microsoft (Oct 19)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 18, 2017
********************************************************************

Summary
=======

The following advisory and CVE have been revised in the October 2017
Security Updates.

* ADV170012
* CVE-2017-13080

Revision Information:
=====================

ADV170012

- Title: ADV170012 | Vulnerability in TPM...

Microsoft Security Update Minor Revisions Microsoft (Oct 17)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 17, 2017
********************************************************************

Summary
=======

The following advisory has been revised in the October 2017 Security
Updates.

* ADV170012

Revision Information:
=====================

ADV170012

- Title: ADV170012 | Vulnerability in TPM could allow Security...

Microsoft Security Update Releases Microsoft (Oct 17)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 17, 2017
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment.

* ADV170018

CVE Revision Information:
=====================

CVE-2017-13080

- Title: ADV170018 | October 2017 Flash Update
-...

Microsoft Security Update Minor Revisions Microsoft (Oct 16)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 16, 2017
********************************************************************

Summary
=======

The following CVEs have been revised in the October 2017 Security
Updates.

* CVE-2017-11775
* CVE-2017-11777
* CVE-2017-11815
* CVE-2017-11820

Revision Information:
=====================

CVE-2017-11775

- Title:...

Microsoft Security Update Releases Microsoft (Oct 16)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 16, 2017
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment.

* CVE-2017-13080

CVE Revision Information:
=====================

CVE-2017-13080

- Title: CVE-2017-13080 | Windows Wireless WPA Group Key
Reinstallation...

Microsoft Security Update Minor Revisions Microsoft (Oct 11)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 11, 2017
********************************************************************

Summary
=======

The following advisory has been revised in the October 2017 Security
Updates.

* ADV170012

Revision Information:
=====================

ADV170012

- Title: ADV170012 | Vulnerability in TPM could allow Security...

Microsoft Security Bulletin Releases Microsoft (Oct 10)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 10, 2017
********************************************************************

Summary
=======

The following CVE has been revised in the October 2017 Security
Updates.

* CVE-2017-11774

Revision Information:
=====================

CVE-2017-11774

- Title: CVE-2017-11774 | Microsoft Outlook Security Feature...

Microsoft Security Bulletin Releases Microsoft (Oct 10)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 10, 2017
********************************************************************

Summary
=======

The following CVE has been revised in the October 2017 Security
Updates.

* CVE-2017-11774

Revision Information:
=====================

CVE-2017-11774

- Title: CVE-2017-11774 | Microsoft Outlook Security Feature...

This summary lists security updates released for October 2017. Microsoft (Oct 10)
********************************************************************
Microsoft Security Update Summary for October 2017
Issued: October 10, 2017
********************************************************************

This summary lists security updates released for October 2017.

Complete information for the October 2017 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>.

Critical Security...

The following CVE has undergone a major revision increment. Microsoft (Oct 04)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 4, 2017
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment.

* CVE-2017-8695

CVE Revision Information:
=====================

CVE-2017-8695

- Title: CVE-2017-8695 | Graphics Component Information Disclosure
Vulnerability...

The following CVEs have been revised in the September 2017 Security Updates. Microsoft (Oct 03)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 3, 2017
********************************************************************

Summary
=======

The following CVEs have been revised in the September 2017 Security
Updates.

* CVE-2017-8759

Revision Information:
=====================

CVE-2017-8759

- Title: CVE-2017-8759 | .NET Framework Remote Code Execution...

The following CVE has undergone a major revision increment. Microsoft (Sep 26)
********************************************************************
Title: Microsoft Security Update Releases
Issued: September 26, 2017
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment.

* CVE-2017-8628

CVE Revision Information:
=====================

CVE-2017-8628

- Title: CVE-2017-8628 | Microsoft Bluetooth Driver Spoofing
Vulnerability
-...

The following CVE has been revised in the June 2017 Security Updates. Microsoft (Sep 20)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: September 20, 2017
********************************************************************

Summary
=======

The following CVE has been revised in the June 2017 Security
Updates.

* CVE-2017-8529

Revision Information:
=====================

CVE-2017-8529

- Title: CVE-2017-8529 | Microsoft Browser Information Disclosure...

The following Defense in Depth Update has undergone a major revision increment. Microsoft (Sep 19)
********************************************************************
Title: Microsoft Security Update Releases
Issued: September 19, 2017
********************************************************************

Summary
=======

The following Defense in Depth Update has undergone a major
revision increment.

* ADV170015

Revision Information:
=====================

ADV170015

- Title: ADV170015 | Microsoft Office Defense in Depth Update
-...

Microsoft Security Update Minor Revisions Microsoft (Sep 15)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: September 15, 2017
********************************************************************

Summary
=======

The following CVEs have been revised in the September 2017 Security
Updates.

* CVE-2017-8676
* CVE-2017-8682
* CVE-2017-8695
* CVE-2017-8728
* CVE-2017-8742

Revision Information:
=====================

CVE-2017-8676...

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

Verizon: 1.5M of Contact Records Stolen, Now on Sale Jeffrey Walton (Mar 26)
http://www.mobipicker.com/verizon-1-5m-contact-records-stolen-now-sale/:

A business to business telecommunication giant,
Verizon Enterprise Solutions, a Basking Ridge,
New Jersey-based company, has been the latest
victim of a cyber crime that stole 1.5 million contact
records of the customers of Verizon...

I don't quite understand this double talk. Could someone explain to me:

A spokesperson from Verizon said that...

Statement on Lavabit Citation in Apple Case Jeffrey Walton (Mar 16)
(From John Young on another list):
http://www.facebook.com/KingLadar/posts/10156714933135038

As many of you already know, the government cited the Lavabit case in
a footnote. The problem is their description insinuates a precedent
that was never created. Obviously I was somewhat disturbed by their
misrepresentation. So I decided to draft a statement. And keep in
mind, these are the same people who say "trust us." Click continue to
read...

The NSA's back door has given every US secret to our enemies Jeffrey Walton (Feb 29)
http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2

Deng Xiaoping, in 1979 - his second year as supreme leader of China -
perceived a fundamental truth that has yet to be fully grasped by most
Western leaders: Software, if properly weaponized, could be far more
destructive than any nuclear arsenal.

Under Deng’s leadership, China began one of the most ambitious and
sophisticated meta- software...

Can Spies Break Apple Crypto? Jeffrey Walton (Feb 27)
Here's an interesting exchange between Cryptome and Michael Froomkin,
Law Professor at University of Miami, on the All Writs Act
(http://cryptome.org/2016/02/can-spies-break-apple-crypto.htm):

-----

A. Michael Froomkin:

The factual posture in the key Supreme Court precedent, New York
Telephone, involved a situation where only the subject of the order
was capable of providing the assistance at issue. This is the basis
for Apple's...

The FBI's iPhone Problem: Tactical vs. Strategic Thinking Jeffrey Walton (Feb 23)
http://www.technewsworld.com/story/83130.html

I'm an ex-sheriff, and I've been in and out of security jobs for much
of my life, so I've got some familiarity with the issues underlying
the drama between the FBI and Apple. FBI officials -- and likely those
in every other three-letter agency and their counterparts all over the
world -- would like an easier way to do their jobs. Wouldn't we all?

If they could put cameras in...

Wanted: Cryptography Products for Worldwide Survey Jeffrey Walton (Jan 01)
(http://www.schneier.com/crypto-gram/archives/2015/1215.html):

In 1999, Lance Hoffman, David Balenson, and others published a survey
of non-US cryptographic products. The point of the survey was to
illustrate that there was a robust international market in these
products, and that US-only export restrictions on strong encryption
did nothing to prevent its adoption and everything to disadvantage US
corporations. This was an important contribution...

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

CVE request: musl libc 1.1.16 and earlier dns buffer overflow Rich Felker (Oct 19)
Felix Wilhelm has discovered a flaw in the dns response parsing for
musl libc 1.1.16 that leads to overflow of a stack-based buffer.
Earlier versions are also affected.

When an application makes a request via getaddrinfo for both IPv4 and
IPv6 results (AF_UNSPEC), an attacker who controls or can spoof the
nameservers configured in resolv.conf can reply to both the A and AAAA
queries with A results. Since A records are smaller than AAAA records,...

Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Seth Arnold (Oct 19)
Note that the fix isn't modifying rsync, the fix is modifying the ftpsync
script that calls rsync:

+ RSYNC_OPTIONS=${RSYNC_OPTIONS:-"-prltvHSB8192 --safe-links --timeout 3600 --stats --no-human-readable"}

https://anonscm.debian.org/cgit/mirror/archvsync.git/commit/?id=d1ca2ab2210990b6dfb664cd6776a41b71c48016

Of course for people who run this mirroring tool as a specific user
account and set file permissions appropriately this...

[ANNOUNCE] [SECURITY] CVE-2017-12629: Several critical vulnerabilities discovered in Apache Solr (XXE & RCE) Shalin Shekhar Mangar (Oct 19)
CVE-2017-12629: Several critical vulnerabilities discovered in Apache
Solr (XXE & RCE)

Severity: Critical

Vendor:
The Apache Software Foundation

Versions Affected:
Solr 5.5.0 to 5.5.4
Solr 6.0.0 to 6.6.1
Solr 7.0.0 to 7.0.1

Description:
The details of this vulnerability were reported on public mailing
lists. See https://s.apache.org/FJDl

The first vulnerability relates to XML external entity expansion in
the XML Query Parser which is...

Re: Stored XSS vulnerability in ILIAS <= 5.2.8 and <= 5.1.20 Dollar Strike (Oct 19)
I just skimmed through the fix, I am trying to understand how does this
function if (is_int(strpos(strtolower($a_val), "javascript"))) sanitize the
input as below payloads

1. %22%7D%5D%7D%29%3Balert%280%29%3B --------> "}]});alert(0);
2. %27%27%3B%21--%22%3CXSS%3E%3D%26%7B%28%29%7D ---> '';!--"<XSS>=&{()}

Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Robert Watson (Oct 19)
May be that this convo should be migrated somewhere else, but I'd really
like to understand how this has anything to do with symlinks. Been
programming Unix/Linux for 30 years but now need to be a real SysAdmin so
need to correct my misconceptions.

Removing the ability for rsync to copy symlinks pointing to targets outside
the mirror tree would greatly cripple it. I need to understand how the
danger is worth the loss of this functionality....

[RCESEC-2017-001][CVE-2017-14955] Check_mk v1.2.8p25 save_users() Race Condition leading to Sensitive Information Disclosure Julien Ahrens (Oct 18)
RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Check_mk
Vendor URL: https://mathias-kettner.de/check_mk.html
Type: Race Condition [CWE-362]
Date found: 2017-09-21
Date published: 2017-10-18
CVSSv3 Score: 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVE: CVE-2017-14955

2. CREDITS
==========
This vulnerability was discovered and researched by...

Re: Stored XSS vulnerability in ILIAS <= 5.2.8 and <= 5.1.20 chbi (Oct 18)
CVE-2017-15538 has been assigned.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15538

Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Ben Tasker (Oct 18)
On Wed, Oct 18, 2017 at 1:55 PM, Robert Watson <robertcwatson1 () gmail com>
wrote:

If I'm reading the original correctly, then the user that will access the
target will be the user your HTTP daemon runs as (so, for sake of example,
nginx).

There's stuff that will be protected by permissions (for example, you
shouldn't be able to pull down /etc/shadow - so long as nginx/apache isn't
running as root), but there are...

Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Robert Watson (Oct 18)
Since security is determined by file and directory permissions and
ownership, not by symlinks, wouldn't the fact that a malicious user did not
have permissions to access the symlink's target file/directory prevent any
harm?

WebKitGTK+ Security Advisory WSA-2017-0008 Carlos Alberto Lopez Perez (Oct 18)
------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2017-0008
------------------------------------------------------------------------

Date reported : October 18, 2017
Advisory ID : WSA-2017-0008
Advisory URL : https://webkitgtk.org/security/WSA-2017-0008.html
CVE identifiers : CVE-2017-7081, CVE-2017-7087, CVE-2017-7089,...

Re: CVE-2017-12190: Linux kernel: block: memory leak when merging small consecutive buffers in SCSI IO vectors Vladis Dronov (Oct 18)
Hello,

A patch fixing this issue was accepted upstream:

commit 95d78c28b5a85bacbc29b8dba7c04babb9b0d467 fix unbalanced page refcounting in bio_map_user_iov

I would also consider next 2 related patches if backporting:

commit 2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058 more bio_map_user_iov() leak fixes
commit 1cfd0ddd82232804e03f3023f6a58b50dfef0574 bio_copy_user_iov(): don't ignore ->iov_offset #v4.5+

Best regards,
Vladis Dronov | Red...

Xen Security Advisory 244 (CVE-2017-15594) - x86: Incorrect handling of IST settings during CPU hotplug Xen . org security team (Oct 18)
Xen Security Advisory CVE-2017-15594 / XSA-244
version 3

x86: Incorrect handling of IST settings during CPU hotplug

UPDATES IN VERSION 3
====================

CVE assigned.

ISSUE DESCRIPTION
=================

The x86-64 architecture allows interrupts to be run on distinct stacks.
The choice of stack is encoded in a field of the corresponding
interrupt descriptor in the Interrupt Descriptor Table...

Xen Security Advisory 243 (CVE-2017-15592) - x86: Incorrect handling of self-linear shadow mappings with translated guests Xen . org security team (Oct 18)
Xen Security Advisory CVE-2017-15592 / XSA-243
version 4

x86: Incorrect handling of self-linear shadow mappings with translated guests

UPDATES IN VERSION 4
====================

CVE assigned.

ISSUE DESCRIPTION
=================

The shadow pagetable code uses linear mappings to inspect and modify the
shadow pagetables. A linear mapping which points back to itself is known as
self-linear. For...

Xen Security Advisory 239 (CVE-2017-15589) - hypervisor stack leak in x86 I/O intercept code Xen . org security team (Oct 18)
Xen Security Advisory CVE-2017-15589 / XSA-239
version 3

hypervisor stack leak in x86 I/O intercept code

UPDATES IN VERSION 3
====================

CVE assigned.

ISSUE DESCRIPTION
=================

Intercepted I/O operations may deal with less than a full machine
word's worth of data. While read paths had been the subject of earlier
XSAs (and hence have been fixed), at least one...

Xen Security Advisory 242 (CVE-2017-15593) - page type reference leak on x86 Xen . org security team (Oct 18)
Xen Security Advisory CVE-2017-15593 / XSA-242
version 3

page type reference leak on x86

UPDATES IN VERSION 3
====================

CVE assigned.

ISSUE DESCRIPTION
=================

The page type system of Xen requires cleanup when the last reference
for a given page is being dropped. In order to exclude simultaneous
updates to a given page by multiple parties, pages which are...

Educause Security Discussion — Securing networks and computers in an academic environment.

Re: posters or graphics promoting 2FA / Duo for students (or faculty)? Telfer, Will (Oct 19)
Initially the graphic said ‘Do You? I Do’ (with the Duo logo inside the O in the second Do) - this is what was on the
shirts, but after the initial rollout it changed to ‘We Duo’ like you see now.

Thank You,
Will Telfer, M.S.
Information Security Analyst
Information Technology Services
[sig]

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ben
Marsden
Sent: Thursday,...

Re: posters or graphics promoting 2FA / Duo for students (or faculty)? Ben Marsden (Oct 19)
Hi Will, thanks! Actually, while using my weak google-fu to see what I
could find prior to posting, I did find your "We do Duo, Enroll Now"
graphic, which I promptly printed and already have push-pinned to my office
door! :-)

Fwiw, so far the best incentive we've come up with was adding $5 extra of
printing to their student account if they signed up by the end of
September. That seemed to work *really* well.

-- Ben

On...

Re: posters or graphics promoting 2FA / Duo for students (or faculty)? Telfer, Will (Oct 19)
We rolled out Duo to one service last year & just this month rolled it out to about 50 more…our marketing folks went
with the theme seen on our 2-factor website: www.baylor.edu/its/weduo<http://www.baylor.edu/its/weduo>. We even gave
away t-shirts in the school colors with that logo on it. I’m not sure if this is the eye-catching look, but it did
sync up with Duo’s look fairly well, since we incorporated the logo into our...

posters or graphics promoting 2FA / Duo for students (or faculty)? Ben Marsden (Oct 19)
Hi, We're doing a "slow roll" of Duo this year.

We're continuing to work on ways to promote adoption of Duo for 2FA for
students. I'd like to post posters or table tent graphics to keep getting
eyes on it so that it enters their awareness fringes and hopefully
generates greater buy-in during more active and targeted efforts.

Do you have an eye-catching promotional poster or graphic you'd be
willing to...

Re: Security Awareness Training Tool(s) Kevin Cumberland (Oct 19)
Michael,

I did not have that issue as it relates to support. They were great in
responding to any questions or issues that I did have and they were very
quick and eager to help. I'm not really sure why your experience was
different than mine but at any rate, it's a great product

Thanks

Kevin,

I had started the implementation of this product at my last institution
and while I can’t say I completed it prior to switching jobs I can...

Save the date - VA Tech SANS Onsite 3/5/2018-3/10/2018 randy (Oct 19)
Just a note to save the date for the 2018 VA Tech SANS Onsite class that
will be offered in March, 2018. Details are:

1. WHAT: SEC 573 Automating Information Security with Python
2. WHEN: 3/5-10/2018
3. COST: $2390/person class only, $3190/person class+GIAC
4. GIAC Certification: GPYC
5. WHERE: VA Tech, Blacksburg, VA, simulcast option available
6. WWW SITE: being updated

If you have any questions, let me know. Thanks.

-Randy Marchany
VA Tech...

Save the date - VA Tech SANS Onsite 3/5/2018-3/10/2018 randy (Oct 19)
Just a note to save the date for the 2018 VA Tech SANS Onsite class that
will be offered in March, 2018. Details are:

1. WHAT: SEC 573 Automating Information Security with Python
2. WHEN: 3/5-10/2018
3. COST: $2390/person class only, $3190/person class+GIAC
4. GIAC Certification: GPYC
5. WHERE: VA Tech, Blacksburg, VA, simulcast option available
6. WWW SITE: being updated

If you have any questions, let me know. Thanks.

-Randy Marchany
VA Tech...

Re: Security Awareness Training Tool(s) Madl, Michael (Oct 19)
Kevin,

I had started the implementation of this product at my last institution and while I can’t say I completed it prior to
switching jobs I can say that I liked it a lot. The content delivery was straight forward, the price was right and the
tracking was a nice feature. What I wish could have been improved upon was the support. You basically get a single
‘set up’ call and that is it (so take good notes and record your session)....

Re: Security Awareness Training Tool(s) Hudson, Edward (Oct 19)
We use PhishMe and LawRoom content for FERPA and Data Security online.
SANS refused to submit a RFP “We are SANS, we don’t submit RFPs” <--actual quote
So we went a different direction.
We have been very happy with PhishMe (used system wide) and the content from LawRoom.
Ed

Ed Hudson
Interim CISO
[cid:image001.png@01D32273.F8B82F00]
401 Golden Shore
Long Beach, CA 90802
Tel 562-951-8431
ehudson () calstate edu<mailto:ehudson ()...

Re: Security Awareness Training Tool(s) Francisco Chavez (Oct 19)
Scott,

We just rolled out our security Awareness Training for faculty and staff this month. We are using SANS Securing
The Human training modules and delivering it through our Moodle LMS. We have built in course feedback to capture their
impressions on the course. Overall, we have had very positive results. People are very happy about how engaging the
content is for them. However, i would definitely review the content before you...

Re: Security Awareness Training Tool(s) Scott Stoops (Oct 19)
We have been looking into security awareness training and have looked at a
couple of vendors. We are now looking into the SANS Securing The Human. I'd
appreciate any feedback on how well this has worked out. What kinds of
feedback has anyone gotten from their users?

Scott Stoops
Security Analyst II
Office of Information Technology | 100 Patterson Technology Center
Ashland, OH 44805
(w) 419-289-5405
sstoops () ashland edu

Re: Security Awareness Training Tool(s) Kevin Cumberland (Oct 19)
We use PhishMe also but just for the running phishing campaigns. It's
great for that as it has a lot of predefined templates for both phishing
and creating awareness newsletters. We use SANS Securing the Human for
the content that we then import into our LMS. We have mandated that all
employees complete security awareness training

Kevin Cumberland
Network Security Administrator
Information Technology Services
College of Southern Maryland...

Re: Security Awareness Training Tool(s) Ronald Loneker (Oct 19)
Sorry I'm late to seeing this.

Phishme.com offers training with a phishing simulation program that they
charge for. They also do have free training modules for those who cannot
purchase their service - I was able to load them into our Moodle LMS to
create a training course for our faculty and staff, although we have not
mandated the training yet.

Ron Loneker, Jr.
Director, IT Special Projects
College of Saint Elizabeth
Henderson Hall,...

Re: Apple Devices not trusting Comodo SSL Certificate on initial Wireless Connection Ted Pham (Oct 18)
Recent iOS devices should have the Comodo root cert in their certificate stores. This allows web browsers and apps on
iOS devices to trust Comodo issued certs.

The issue is that WPA2 Enterprise Radius Auth was designed for large corporate enterprise intranet use. Large corporate
enterprises tend to run their own internal PKI infrastructures because they don't want to trust public certificate
authorities for some internal functions. (See...

Re: Apple Devices not trusting Comodo SSL Certificate on initial Wireless Connection Rich Graves (Oct 18)
No, you need a profile, period. Or a leap of faith by the client – I kinda
like the way that Windows 10 presents that choice to the user. “Do you
expect to find this network in this location?”

For HTTPS, security depends on consistency between the name the user types
(or at least sees) in the address bar, and the name on the SSL certificate
(which must be signed by a trusted third party). For WiFi, there is no
address bar and no fully...

Internet Issues and Infrastructure

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

Re: Puerto Rico: Lack of electricity threatens telephone and internet services Wayne Bouchard (Oct 19)
Well, the problem as I understand it is that the infrastructure was
not all that great to begin with. Much of it was damaged in the first
storm and when this second one came through, what remained basically
disappeared. That's why they say that the only thing you can do is
start from the middle and slowly extend the tentacles outward. You're
almost building the territory from scratch. Assuming that the reports
of theft,...

Re: Puerto Rico: Lack of electricity threatens telephone and internet services Jeff Shultz (Oct 19)
It does make you wonder about the electrical infrastructure of the island,
and how much work is being done to repair it. With the Texas and Florida
hurricanes you saw fleets of electrical service vehicles (boom trucks and
the like) from other power companies with joint agreements waiting to
deploy into the disaster area as soon as it was safe to do so.

With PR.... well, it's not like you can drive to the island, much less
(apparently)...

Re: Puerto Rico: Lack of electricity threatens telephone and internet services Jean-Francois Mezei (Oct 19)
Permanent duty diesel generators exist. Many northern communities in
Canada run on them as their 7/24 power source.

It *shouldn't* have taken long after Maria for locals to know how much
damage there had been to electrical grid and that if it's gonna take
months to fix, you're gonna need constant duty generators.

What isn't clear to me is whether everything still depends on FEMA/army
help, or whether business is able to...

Re: F Y I Alain Hebert (Oct 19)
    Well,

    We could also break that 200yo+ paradigm of having a paywall for
what should pretty much be free.

        Like that media supply chain still forcing licensing per country...

    And yes $35USD can be a lot of money for people that are hungry for
both food and knowledge.

-----
Alain Hebert ahebert () pubnix net
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield,...

Re: F Y I Christopher Morrow (Oct 19)

Re: F Y I João Butzke (Oct 19)
it worked here in Brazil against whatsapp.

Em 19/10/2017 13:49, Lee Howard escreveu:

Re: F Y I Lee Howard (Oct 19)

"Sci-Hub’s founder, has previously told The Scientist the site plans to
ignore the lawsuit.” How would Sci-Hub consider this a “fix”?

What enforcement mechanism would the Court have against Sci-Hub?

The idea of making third parties (ISPs) incur costs (updating ACLs or
poisoning DNS) to enforce the order is pretty bad, and doesn’t stop Tor
access. Sorry I didn’t have a chance to file an amicus before the ruling
tomorrow.

Lee

Re: Looking for a contact with clue at Choopa/Reliablesite network engineering Brian Kantor (Oct 19)
The most recent contact I have had with Vultr (parent of Choopa) is
Richard Simpliciano <rsimpliciano () vultr com>, who a week ago signed
his note as "network administrator". He was checking with me as to
whether a customer of theirs was authorized to have Vultr announce one
of our prefixes, so he might be the right person to contact.
- Brian

Re: AS36040 Prefix Limits Mike Hammett (Oct 19)
It is in conjunction with a route server. The filtering I meant would be that network A wants the IX to drop all
advertisements to them from network B. Normally solved by network B putting a community on their routes to not
advertise to network A, but network B doesn't want to do one-off configs.

-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

Midwest-IX
http://www.midwest-ix.com

----- Original Message...

Re: AS36040 Prefix Limits Mike Hammett (Oct 19)
Chris got me in touch with the right people.

Thanks.

-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

Midwest-IX
http://www.midwest-ix.com

----- Original Message -----

From: "Christopher Morrow" <morrowc.lists () gmail com>
To: "Mike Hammett" <nanog () ics-il net>
Cc: "NANOG list" <nanog () nanog org>
Sent: Wednesday, October 18, 2017 1:49:40 PM
Subject: Re:...

TWC/Charter/Spectrum contact off-list ? (Reverse DNS issue) Brandon Applegate (Oct 19)
Hello,

I had success with this issue about 2 years ago when some TWC folks contacted me. I don’t know if those folks are
still with TWC/Charter here in the end of 2017 - hence posting on NANOG. The tl;dr is IPv6 reverse DNS issues. It was
broken, got fixed, and seems to have broken again recently.

Thanks in advance.

Puerto Rico: Lack of electricity threatens telephone and internet services Sean Donelan (Oct 19)
On October 18, 2017, the Puerto Rican Telecommunications Alliance warned
the lack of utility power in the main telecommunications centers (Metro
office park, Caparra and San Patricio) may not be sustainable soon.
Although the telecommunication facilities are using generators, they are
not intended for long-term, continuous use. The generators will need
maintenance and likely experience unscheduled failures the longer they're
used....

Re: AS36040 Prefix Limits Nathan Brookfield (Oct 18)
Both sides should be filtering advertisements.

The IX may just filter by AS Path which is fairly normal by the originating AS or transiting AS should be filtering the
prefixes they advertise as well/

Nathan Brookfield
Chief Executive Officer

Simtronic Technologies Pty Ltd
http://www.simtronic.com.au

Hi, Mike

I am looking for someone that can speak authoritatively regarding AS36040's
ability to change their own prefix limits, prefix...

Re: AS36040 Prefix Limits Andy Davidson (Oct 18)
Hi, Mike

Unless this is in conjunction with a multilateral peering session (“route-server”), when prefix-filtering is something
that the IXP very much should be doing.

Andy

Re: Looking for a contact with clue at Choopa/Reliablesite network engineering Large Hadron Collider (Oct 18)
Thanks for reminding me to switch away from Vultr at my earliest
opportunity.

Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating

UK Gov't Considering Redefining Social Media Services As Publishers To Make It Easier To Control Them Dave Farber (Oct 19)
Begin forwarded message:

> From: Richard Forno <rforno () infowarrior org>
> Date: October 19, 2017 at 11:49:38 AM EDT
> To: Infowarrior List <infowarrior () attrition org>
> Cc: Dave Farber <dave () farber net>
> Subject: UK Gov't Considering Redefining Social Media Services As Publishers To Make It Easier To Control Them
>
>
>
> UK Gov't Considering Redefining Social Media Services As...

Network Neutrality and Beyond: The Long Road Ahead Dave Farber (Oct 19)
Begin forwarded message:

> From: Dewayne Hendricks <dewayne () warpspeed com>
> Date: October 19, 2017 at 9:31:05 AM EDT
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] Network Neutrality and Beyond: The Long Road Ahead
> Reply-To: dewayne-net () warpspeed com
>
> Network Neutrality and Beyond: The Long Road Ahead
> By Michael Copps
> Oct 18 2017
> <...

COMO CONSEGUIR NUEVOS CLIENTES ??? no responder (Oct 19)
Su Cliente de Mail NO soporta mensajes en formato HTML.

Para ver correctamente el contenido del correo COPIE y PEGUE la siguiente URL
en su Navegador Web (Chrome / Internet Explorer / FireFox / Safari)

https://app.embluemail.com/Online/VO.aspx?6c4h-R-ek5bq75dbKwIKEi-R-9i:,i,9-R-0

Intel Launches AI Policy Proposals Dave Farber (Oct 18)
Begin forwarded message:

> From: "Hoffman, David Legal" <david.legal.hoffman () intel com>
> Date: October 18, 2017 at 7:33:57 PM EDT
> To: "Hoffman, David Legal" <david.legal.hoffman () intel com>
> Subject: Intel Launches AI Policy Proposals
> Reply-To: "Autio, Chloe" <chloe.autio () intel com>, "Hoffman, David Legal" <david.legal.hoffman () intel com>
>
>...

The Flawed System Behind the Krack Wi-Fi Meltdown Dave Farber (Oct 18)
Ain’t that simple

Begin forwarded message:

> From: the keyboard of geoff goodfellow <geoff () iconia com>
> Date: October 18, 2017 at 4:16:37 PM EDT
> To: "E-mail Pamphleteer Dave Farber's Interesting People list" <ip () listbox com>
> Subject: The Flawed System Behind the Krack Wi-Fi Meltdown
>
> The Flawed System Behind the Krack Wi-Fi Meltdown
> By LILY HAY NEWMAN
> Oct 17 2017
> <...

Re Authoritarian Cryptocurrencies Are Coming Dave Farber (Oct 18)
Begin forwarded message:

> From: Frederick Noronha <fredericknoronha () gmail com>
> Date: October 18, 2017 at 3:18:01 PM EDT
> To: dave () farber net
> Cc: ip <ip () listbox com>
> Subject: Re: [IP] Authoritarian Cryptocurrencies Are Coming
>
>
>
> ... and India too, according to news reports:
>
>...

Authoritarian Cryptocurrencies Are Coming Dave Farber (Oct 18)
Begin forwarded message:

> From: Dewayne Hendricks <dewayne () warpspeed com>
> Date: October 18, 2017 at 9:28:54 AM EDT
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] Authoritarian Cryptocurrencies Are Coming
> Reply-To: dewayne-net () warpspeed com
>
> Authoritarian Cryptocurrencies Are Coming
> Russia and China see a new way to completely control their...

☼ Frente al Mar en Punta del Este, Temporada 2017 / 2018 noresponder (Oct 18)
Su Cliente de Mail NO soporta mensajes en formato HTML.

Para ver correctamente el contenido del correo COPIE y PEGUE la siguiente URL
en su Navegador Web (Chrome / Internet Explorer / FireFox / Safari)

https://app.embluemail.com/Online/VO.aspx?6c4h-R-ek5bp9:fbKwIKEi-R-9i:,i,9-R-0

Gift-Customized Logo/USB Flash Drive Factory/Amy Amy (Oct 17)
Hi lists-ip-jhof () seclists org,
It is nice to find your product in the market.
We are a Manufacturing & trading combo company with thousands of USB items(www.usbflashdrive-factory.com), that can
turn your product into a business gift, and it is a great idea as gifts for advertisement.
Please contact us.
Thanks & regards.Amy
Shenzhen TOROVO Technology CO., LtdAdd: Bantian Street, Longgang District,Shenzhen, Guangdong,...

WPA2: Broken with KRACK. What now? Dave Farber (Oct 16)
Begin forwarded message:

> From: the keyboard of geoff goodfellow <geoff () iconia com>
> Date: October 16, 2017 at 6:03:14 PM EDT
> To: "E-mail Pamphleteer Dave Farber's Interesting People list" <ip () listbox com>
> Subject: WPA2: Broken with KRACK. What now?
>
> WPA2: Broken with KRACK. What now?
> By Alex Hudson
> Oct 15 2017
> <...

Millions of high-security crypto keys crippled by newly discovered flaw Dave Farber (Oct 16)
Begin forwarded message:

> From: Dewayne Hendricks <dewayne () warpspeed com>
> Date: October 16, 2017 at 1:23:30 PM EDT
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] Millions of high-security crypto keys crippled by newly discovered flaw
> Reply-To: dewayne-net () warpspeed com
>
> Millions of high-security crypto keys crippled by newly discovered flaw
>...

20 of America's top political scientists gathered to discuss our democracy. They're scared. Dave Farber (Oct 16)
Begin forwarded message:

> From: Dewayne Hendricks <dewayne () warpspeed com>
> Date: October 16, 2017 at 5:55:09 AM EDT
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] 20 of America's top political scientists gathered to discuss our democracy. They're scared.
> Reply-To: dewayne-net () warpspeed com
>
> [Note: This item comes from friend Mike Cheponis....

Re Almost half of Republicans want war with North Korea, a new poll says. Is it the Trump Effect? - The Washington Post Dave Farber (Oct 16)
Begin forwarded message:

> From: Geoff Kuenning <geoff () cs hmc edu>
> Date: October 16, 2017 at 2:51:06 AM EDT
> To: dave () farber net
> Cc: "ip" <ip () listbox com>
> Subject: Re: [IP] Re Almost half of Republicans want war with North Korea, a new poll says. Is it the Trump Effect? -
> The Washington Post
>
> I suspect that most ordinary Americans, and especially those predisposed towards a...

US Congress mulls first 'hack back' revenge law. And yup, you can guess what it'll let people do Dave Farber (Oct 16)
Begin forwarded message:

> From: Richard Forno <rforno () infowarrior org>
> Date: October 14, 2017 at 6:27:44 PM EDT
> To: Infowarrior List <infowarrior () attrition org>
> Cc: Dave Farber <dave () farber net>
> Subject: US Congress mulls first 'hack back' revenge law. And yup, you can guess what it'll let people do
>
> US Congress mulls first 'hack back' revenge law. And yup, you...

Re Almost half of Republicans want war with North Korea, a new poll says. Is it the Trump Effect? - The Washington Post Dave Farber (Oct 15)
Begin forwarded message:

> From: George Dyson <gdyson () gmail com>
> Date: October 15, 2017 at 9:41:21 PM EDT
> To: David Farber <dave () farber net>
> Subject: Re: [IP] Re Almost half of Republicans want war with North Korea, a new poll says. Is it the Trump Effect? -
> The Washington Post
>
> Instead of this list of actual vulnerabilities that deserves real consideration, we get headlines like "Experts...

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

Risks Digest 30.47 RISKS List Owner (Sep 29)
RISKS-LIST: Risks-Forum Digest Friday 29 September 2017 Volume 30 : Issue 47

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.47>
The current issue can also...

Risks Digest 30.46 RISKS List Owner (Sep 11)
RISKS-LIST: Risks-Forum Digest Monday 11 September 2017 Volume 30 : Issue 46

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.46>
The current issue can also...

Risks Digest 30.44 RISKS List Owner (Aug 31)
RISKS-LIST: Risks-Forum Digest Thursday 31 August 2017 Volume 30 : Issue 44

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.44>
The current issue can also be...

Risks Digest 30.43 RISKS List Owner (Aug 14)
RISKS-LIST: Risks-Forum Digest Monday 14 August 2017 Volume 30 : Issue 43

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.43>
The current issue can also be...

Risks Digest 30.42 RISKS List Owner (Aug 07)
RISKS-LIST: Risks-Forum Digest Monday 7 August 2017 Volume 30 : Issue 42

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.42>
The current issue can also be...

Risks Digest 30.41 RISKS List Owner (Aug 01)
RISKS-LIST: Risks-Forum Digest Tuesday 1 August 2017 Volume 30 : Issue 41

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.41>
The current issue can also be...

Risks Digest 30.40 RISKS List Owner (Jul 28)
RISKS-LIST: Risks-Forum Digest Friday 28 July 2017 Volume 30 : Issue 40

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.40>
The current issue can also be...

Risks Digest 30.39 RISKS List Owner (Jul 22)
RISKS-LIST: Risks-Forum Digest Saturday 22 July 2017 Volume 30 : Issue 39

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.39>
The current issue can also be...

Risks Digest 30.38 RISKS List Owner (Jul 17)
RISKS-LIST: Risks-Forum Digest Monday 17 July 2017 Volume 30 : Issue 38

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.38>
The current issue can also be...

Risks Digest 30.37 RISKS List Owner (Jul 14)
RISKS-LIST: Risks-Forum Digest Friday 14 July 2017 Volume 30 : Issue 37

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.37>
The current issue can also be...

Risks Digest 30.36 RISKS List Owner (Jul 07)
RISKS-LIST: Risks-Forum Digest Friday 7 July 2017 Volume 30 : Issue 36

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.36>
The current issue can also be...

Risks Digest 30.35 RISKS List Owner (Jun 28)
RISKS-LIST: Risks-Forum Digest Wednesday 28 June 2017 Volume 30 : Issue 35

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.35>
The current issue can also be...

Risks Digest 30.34 RISKS List Owner (Jun 24)
RISKS-LIST: Risks-Forum Digest Saturday 24 June 2017 Volume 30 : Issue 34

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.34>
The current issue can also be...

Risks Digest 30.32 RISKS List Owner (Jun 10)
RISKS-LIST: Risks-Forum Digest Saturday 10 June 2017 Volume 30 : Issue 32

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.32>
The current issue can also be...

Risks Digest 30.31 RISKS List Owner (Jun 08)
RISKS-LIST: Risks-Forum Digest Thursday 8 June 2017 Volume 30 : Issue 31

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.31>
The current issue can also be...

BreachExchange — BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.

Open Source Tool Development

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

Re: Looking for example s1ap pcaps Pascal Quantin (Oct 19)
Hi Brien,

2017-10-19 9:46 GMT+02:00 Brien Colwell <xcolwell () gmail com>:

You can find a few samples here: http://www.ng4t.com/wireshark.html

Best regards,
Pascal.

Looking for example s1ap pcaps Brien Colwell (Oct 19)
Hi,

I'm looking for example LTE S1AP pcaps to study. I'm trying to
understand the protocol more deeply and looking for more data to learn with.

Best,
Brien

Re: Parameter passing when using a dissector table to call a sub-dissector Anders Broman (Oct 19)
-----Original Message-----
From: Wireshark-dev [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Richard Sharpe
Sent: den 18 oktober 2017 19:15
To: Developer support list for Wireshark <wireshark-dev () wireshark org>
Subject: [Wireshark-dev] Parameter passing when using a dissector table to call a sub-dissector

Hi folks,

During the review of a new protocol dissector it was suggested that I add a dissector table for the TLVs...

Re: Tips regarding measuring function execution times Paul Offord (Oct 19)
Thanks Graham,

I wasn’t aware of that. The hot path concept is the same as I get from PerfView but I may need to get even more
granular, i.e. code blocks rather than functions, hence the interest in timers. I also thought that timing would give
me a cross check. I plan to look into Guy’s suggestion regarding CPU time – as he says, I only need relative values.
I’ll try to find some time this weekend.

Best regards…Paul

From:...

Parameter passing when using a dissector table to call a sub-dissector Richard Sharpe (Oct 18)
Hi folks,

During the review of a new protocol dissector it was suggested that I
add a dissector table for the TLVs that are in the protocol so that
other dissectors can use them.

This raises an issue, however. The filter expressions for such
dissected results will always be those of the dissector was written
for, however, if you are using another dissectors sub-dissectors you
would like to be able to override their search strings.

For example,...

TLS_EDCHE_RSA_WITH_AES_128_GCM_SHA256 Sadik Sikder (Oct 18)
hello all
can anyone tell me that this cipher suite
-TLS_EDCHE_RSA_WITH_AES_128_GCM_SHA256 in order to decrypt how many byte
block requires or key block requires?

*Kind Regards,*

Samsuddin Sikder
Masters Student
M.Sc. in Communication Systems Engineering
Cologne University of Applied Sciences (FH-Köln),Germany

Re: Favoring Npcap over WinPcap at runtime? Graham Bloice (Oct 18)
And thinking a little bit more my view is that if we don't add a
preference\command flag, WinPcap is still our preferred solution as it's
bundled in the installer, hence we should prefer that. If users want
Wireshark to use Npcap, they will have to uninstall WinPcap.

Re: Favoring Npcap over WinPcap at runtime? Graham Bloice (Oct 18)
Presumably dumpcap could also have a command flag to select which to use.

Thinking about my own workflow, when capturing "oddities" occur, and Npcap
is installed, a remedial option is to uninstall it. Having a switch in
Wireshark would make life easier.

Re: Favoring Npcap over WinPcap at runtime? Pascal Quantin (Oct 18)
2017-10-18 11:54 GMT+02:00 Graham Bloice <graham.bloice () trihedral com>:

Unfortunately a Wireshark preference is not doable, as wpcap.dll is also
loaded by dumpcap that does not use our preferences module. A registry key
might do the trick. Presumably tshark should also have a command flag
allowing you to configure it.
I guess the underlying question is: what kind of power users would have
both Npcap and WinPcap installed? Either...

Re: Favoring Npcap over WinPcap at runtime? Graham Bloice (Oct 18)
On 18 October 2017 at 09:45, Pascal Quantin <pascal.quantin () gmail com>
wrote:

I'm generally in agreement with all the above, but I'm torn on hard-coding
a preference for one capture library over another. If a system has both,
who are we to say which one will be used to the exclusion of the other.

I guess I'm implying we should expose a preference to allow the user to
choose which is definitely more work but does give...

Favoring Npcap over WinPcap at runtime? Pascal Quantin (Oct 18)
Hi list,

when we introduced Npcap support back in 2015/2016, we decided that WinPcap
driver should have higher precedence due to its known stability (and
despite issues with newer Windows versions). By that time, you could get a
BSoD with Npcap.

Time has elapsed since, and Npcap is now bundled with Nmap. The number of
commits in Npcap repository (https://github.com/nmap/npcap/) have also
decreased, which hopefully means that the product is...

Re: bad UDP reassembly Graham Bloice (Oct 17)
The Wireshark Bugzilla is the place for that, where you can attach the
capture to the item you raise: https://bugs.wireshark.org

bad UDP reassembly Deny IP Any Any (Oct 17)
I have a capture, which I believe shows a device fragmenting UDP packets
and not setting the 'More Fragment's flags correctly. Wireshark reassembles
the packets, but the 'length' column is not correct for this packet.

I would expect Wireshark to show an error or indicate that there is
something wrong with the packets, but it doesn't. Can I send this small
capture to someone else to confirm?

using wireshark 2.4.1 on...

Re: build problems with the latest pull Guy Harris (Oct 17)
Yes - you're using the configure script. The configure script expects pkg-config to be able to find Qt, but, as the
Qt-for-macOS package doesn't install any .pc files, that doesn't work on macOS.

Use CMake, instead. (It might also increase the chances that running the Wireshark that results from the build will
actually post its menu bar; I've had reasonable luck with that recently with autotools builds, but there have...

Re: build problems with the latest pull Eliot Lear (Oct 17)
OSX. Clearly I'm doing something wrong. And I was wrong twice, it
doesn't build with 5.5 either. Am I missing a path variable somewhere?
I definitely have PKG_CONFIG_PATH set correctly, as well as my PATH...

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

Re: Crash using the latest build from Git Russ via Snort-users (Oct 19)
Hey João,

The backtrace definitely indicates a problem. Can we get a pcap to help
debug? In the meantime, what happens if you build without debug?
Hopefully that gets you going until we have a fix.

Thanks
Russ

RULE DETECT FULL SYN SCAN nguyen cao via Snort-users (Oct 19)
when I run : nmap -sS IP ( IP target ). Rule snort not given alert.
So, can anybody tell me rule detect this type SYN SCAN ? Tks

SNORT SMS ALERT nguyen cao via Snort-users (Oct 19)
Can someone tell me how to send sms alert of snort? As detailed as
possible. thank you

Re: Crash using the latest build from Git Russ via Snort-users (Oct 19)
Ouch. We're on it. Thanks.

Crash using the latest build from Git João Soares via Snort-users (Oct 19)
Hello everyone,

I've just updated my Snort++ build to the latest one directly from git,
and I'm getting a crash.

Here goes the version details and the backtrace:

   ,,_     -*> Snort++ <*-
o" )~   Version 3.0.0 (Build 239) from 2.9.8-383
   ''''    By Martin Roesch & The Snort Team
           http://snort.org/contact#team
           Copyright (C) 2014-2017 Cisco...

Snort Subscriber Rules Update 2017-10-19 Research (Oct 19)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the browser-ie,
indicator-compromise, indicator-obfuscation, malware-cnc, os-windows,
policy-other and server-webapp rule sets to provide coverage for
emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Re: QinQ and 802.1ah headers jan hugo prins (Oct 19)
That is really cool.
Could you tell me when I will be able to test it for you ;-)   ?

Jan Hugo Prins

Re: QinQ and 802.1ah headers Russ via Snort-users (Oct 19)
I've got a new pbb codec for Snort++. It will be out soon.

Re: QinQ and 802.1ah headers Al Lewis (allewi) via Snort-users (Oct 19)
Its a little easier in Snort++ than in Snort2.

There are instructions in each version for extending snorts capabilities (within their downloads).

Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi () cisco com<mailto:allewi () cisco com>

From: Jan Hugo Prins <jhp () jhprins org<mailto:jhp () jhprins org>>
Date: Thursday, October 19, 2017 at 7:11 AM
To: allewi <allewi () cisco...

Re: QinQ and 802.1ah headers Jan Hugo Prins (Oct 19)
How much work would it be to support this header? As far as I'm concerned it would be enough to strip the header and
work with the underneath packet.

Jan Hugo

Re: QinQ and 802.1ah headers Al Lewis (allewi) via Snort-users (Oct 19)
Hello,

So it doesn’t look like the traffic (0x88e7 tag) is supported as seen from the exit stats (ipv4 packets are
zero).

===============================================================================
Breakdown by protocol (includes rebuilt packets):
Eth: 5 (100.000%)
VLAN: 5 (100.000%)
IP4: 0 ( 0.000%)

As a workaround you could try to:

1) move the capture/port mirror closer to the internal hosts so that those tags arent present....

Re: QinQ and 802.1ah headers jan hugo prins (Oct 19)
Sure,

Thanks in advance,
Jan Hugo Prins

Re: QinQ and 802.1ah headers Al Lewis (allewi) via Snort-users (Oct 19)
Do you have a sample that you can share?

Snort should be able to decode those packets.

Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi () cisco com

QinQ and 802.1ah headers jan hugo prins (Oct 19)
Hello

I'm trying to setup a snort instance to monitor some inbound traffic to
my production network. We use an Avaya SPBM cloud and all servers are
connected to this cloud. In the VSP7024 switches we use, I can create a
port-mirroring instance and forward all traffic coming from a MAC
address (in this case the BGP router of my provider) to a port on the
switch and then I wanted to put snort behind this port and let it listen
to all inbound...

Re: logto 3.0 Russ via Snort-users (Oct 18)
Snort 3 does log "proactively" based on the event logging
configuration. It does not support logging different SIDs to different
files so you will need to select your events from your logs based on
SID. Also note that not all events are caused by individual raw packets
so you will need to look at the events to understand what happened (you
may see buffer as opposed to a packet). Pcaps arent' the best choice.

If you provide...

More Lists

Related Resources

We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.