SecLists.Org Security Mailing List Archive

Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:

Insecure.Org Lists

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects.

Re: Qscan in NSE: qscan.nse Fyodor (Mar 20)
Thanks for testing. And I suppose the script should probably give an
error in verbose mode for the first host it runs against if it is not
going to work for this reason. That way at least people who specify
it explicitly on the command line should get the error thanks to the
verbosity bump in that case.

Cheers,
-F

Re: Default time limits for unpwdb Ron (Mar 20)
I agree.

I think we should do a countlimit, too, as a script-arg.

Default time limits for unpwdb David Fifield (Mar 19)
The unpwdb library has a unpwdb.timelimit function that suggests how
long password brute-forcing should go on.

http://nmap.org/nsedoc/lib/unpwdb.html#timelimit

A problem is that it is up to the script to enforce the limit. Most
brute scripts don't do it. They keep running until they're exhausted
every credential. They can take an unexpectedly long time if tarpitted
or if the service is just slow.

I propose with the attached patch to add...

Re: Qscan in NSE: qscan.nse Kris Katterjohn (Mar 19)
I updated ipidseq and qscan (attached) to print a message once about lack of
privileges when verbosity > 0.

So any report on how the script is actually working? If more changes are
wanted, I'll stick it in nmap-exp/kris somewhere to avoid any more attachments.

Cheers,
Kris Katterjohn

GSoC idea? Rahul Golwalkar (Mar 19)
Hello everyone,
I was thinking that adding a Proxy support for nmap would enhance its
use greatly, as a arge portion of users are behind proxies these days. This
would also support anonymous port scanning. Can you suggest whether this
will be a good GSoC proposal?
I have also demonstrated how a simple TCP scan would work via a proxy.

After establishing a connection with a proxy server(HTTP-to be
specific), if we send the message...

Re: Qscan in NSE: qscan.nse Ron (Mar 19)
Hmm, yeah, I agree. Pretty much all my scripts, with a couple exceptions, will print out *something* if they run and
nmap.debugging()>0. The only time I don't is when the odds of a script actually doing something are minimal.

Re: Help with GSOC Djalal Harouni (Mar 19)
* Manoj <manoj0011989 () gmail com> [2010-03-19 05:27:37 +0530]:

you can take a look at http://nmap.org/soc/HostedScan.html listed in
the http://nmap.org/soc/#hostedscan

one key is probably the security context of the running CGI application.

Re: Qscan in NSE: qscan.nse Arturo 'Buanzo' Busleiman (Mar 18)
Kris Katterjohn wrote:

I (L) Kris.

Help with GSOC Manoj (Mar 18)
hello all,
I am a student of bits-pilani(goa) in India.I am interested in the
Nmap Cloud Scanning project for GSOC.i have a lot of experience in using
nmap as i have used it in a lot of hacking competitions. i have been using
python for over 3 years and i am sure that i can use python for the
project.I helped in converting the Indian Overseas Bank's 2 tier
architecture into a 3 tier one using java(servlets) to generate and view the
reports...

Re: Qscan in NSE: qscan.nse Ron (Mar 18)
Ahh, I wasn't running it as root -- I don't have root on that system. I'll try it properly tomorrow.

I blame St Patrick's day. :)

Re: ncat http proxy server and SSL David Fifield (Mar 17)
Unfortunately the only way I have found to test the program externally
is to add artificial delays to give connections time to happen.
Sometimes the delays aren't enough. For instance, sometimes the SSL
tests fail for me when my CPU is otherwise being used, because the keys
aren't generated fast enough. Along with increasing the timeout in
timeout_read, you might increase the delay in ncat_client. If you see a
test pass once, that means it...

Re: Error compiling included libpcre on FreeBSD David Fifield (Mar 17)
Do you have a file libpcre/config.h? That should be generated by
configure. If so, please post it.

David Fifield

Re: Qscan in NSE: qscan.nse Kris Katterjohn (Mar 17)
You were running as root and doing some type of raw scan? qscan.nse and
ipidseq.nse both need a meaningful host.interface for pcap or they will
silently return false from hostrule().

Oh, did you port scan or just try to -sP --script qscan ? Nmap has to find
ports open or closed for it to work. Again it will silently return if not.

These are the first things to come to mind.

Thanks,
Kris Katterjohn

Re: Qscan in NSE: qscan.nse Ron (Mar 17)

Re: Qscan in NSE: qscan.nse Kris Katterjohn (Mar 17)
Of course imagine mention of Doug in the description and a link to his docs in
the comments of the script... doing no docs at all until the end and wanting
to just push it out doesn't bode well for giving props in an initial script
apparently.

Thanks,
Kris Katterjohn

Nmap Hackers — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.

Nmap 5.21 released Fyodor (Jan 27)
Hello everyone. I'm pleased to release Nmap 5.21, which contains zero
exciting new features! It is a bug-fix only release instead,
addressing about a dozen issues discovered since 5.20. Thanks for all
the testing and bug reports! None of the bugs are critical, but we
wanted to polish things up since 5.21 may be the latest stable version
for a while. That gives us time to tackle and stabilize big
development projects. If you want to know...

Lots of Nmap News Fyodor (Jan 22)
Hi folks. I'm happy to report that the 5.20 release went well. But
with this many improvements, there will always be a few bugs found.
We're planning to round those up with a bugfix-only 5.21 release next
week. So please test out 5.20 and report any problems you experience:

Download Page: http://nmap.org/download.html
Bug Report Instructions: http://nmap.org/book/man-bugs.html

If you're running from a build of the latest SVN checkout, you...

Nmap 5.20 Released Fyodor (Jan 20)
Happy new year, everyone. I'm happy to announce Nmap 5.20--our first
stable Nmap release since 5.00 last July! It offers more than 150
significant improvements, including:
o 30+ new Nmap Scripting Engine scripts
o enhanced performance and reduced memory consumption
o protocol-specific payloads for more effectie UDP scanning
o a completely rewritten traceroute engine
o massive OS and version detection DB updates (10,000+ signatures)

The...

Nmap 5.00 Released! Fyodor (Jul 16)
Hello everyone. I'm delighted to announce the release of Nmap 5.00!
This is the first major release since 4.50 in 2007, and includes about
600 significant changes since then! We consider this the most
important Nmap release since 1997, and we recommend that all current
users upgrade.

There are too many changes to list them all in this email, so here are
the top 5 improvements in Nmap 5:

1) The new Ncat tool aims to be your Swiss Army Knife...

Nmap news: stable release candidate 4.90RC1, SoC team, and new translations Fyodor (Jun 26)
Hi Folks. I'm pleased to announce some exciting Nmap news:

[=================Nmap 4.90RC1==================]

It has been nearly 10 months (and 11 dev releases) since 4.76, the
last stable Nmap release. And we've made many dramatic changes, so it
is time for a new stable version! I've posted a release
candidate--4.90RC1--on the Nmap download page:

http://nmap.org/download.html

Please test it out, and let us know if you find any problems...

Nmap 4.85BETA6 now avail w/Conficker detection Fyodor (Apr 01)
Hi Folks! In case you missed all the news reports yesterday, a couple
great researchers from the Honeynet Project (Tillmann Werner and Felix
Leder) and Dan Kaminsky came up with a way to remotely detect the
Conficker worm which has infected millions of machines worldwide.
Some say 15,000,000 machines infected, but that might just be
exaggerated AV-company BS for all I know. But there are clearly
millions of infections, and this massive botnet...

Nmap News: 4.84BETA4 release, Nmap book news, Summer of Code, Twitter, etc. Fyodor (Mar 27)
Hello everyone. We've seen 848 messages on nmap-dev this year, but
this is my first post to nmap-hackers. So I have a lot of exciting
Nmap news to fit into this one email!

[=================Nmap 4.85BETA4==================]

While the last release I posted to this list was 4.76 in September of
last year, we've had four beta releases since then with hundreds of
important and dramatic changes. I'm pretty happy with the latest
4.85BETA4 release,...

Other Excellent Security Lists

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

announcing skipfish, an automated web app security scanner Michal Zalewski (Mar 19)
Hi folks,

I am happy to announce the availability of skipfish - our open-source,
fully automated, active web application scanner. There are several
things that probably make it interesting:

1) High speed: pure C code, highly optimized HTTP handling, minimal
CPU footprint - easily achieving 2000 requests per second with
responsive targets.

2) Ease of use: heuristics to support a variety of quirky web
frameworks and mixed-technology sites, with...

Vulnerability Httpdx v1.5.3b Mehdi Mahdjoub - Sysdream IT Security Services (Mar 19)
Program : Httpdx v1.5.3b
PoC : Remote Crash Service (if http.log=1)
Homepage : http://sourceforge.net/projects/httpdx/
Found by : Jonathan Salwan
This Advisory : Jonathan Salwan
Contact : j.salwan () sysdream com

//----- Application description

Single-process HTTP1.1/FTP server; no threads or processes started per
connection, runs with only few threads. Includes directory listing,
virtual...

[USN-915-1] Thunderbird vulnerabilities Marc Deslauriers (Mar 19)
===========================================================
Ubuntu Security Notice USN-915-1 March 18, 2010
thunderbird vulnerabilities
CVE-2009-0689, CVE-2009-2463, CVE-2009-3072, CVE-2009-3075,
CVE-2009-3077, CVE-2009-3376, CVE-2009-3983, CVE-2010-0163
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This...

[SECURITY] [DSA-2018-1] New php5 packages fix null pointer dereference Raphael Geissert (Mar 19)
------------------------------------------------------------------------
Debian Security Advisory DSA-2018-1 security () debian org
http://www.debian.org/security/ Raphael Geissert
March 18, 2010 http://www.debian.org/security/faq
------------------------------------------------------------------------

Package : php5
Vulnerability : DoS (crash)
Problem type : remote...

IBM Lotus 6.x HTTP Response Splitting Vulnerability lament (Mar 19)
=========================================
Yaniv Miron aka "Lament" Advisory March 12, 2010
IBM Lotus 6.x HTTP Response Splitting Vulnerability
=========================================

=====================
I. BACKGROUND
=====================

IBM Lotus Software delivers robust collaboration software that empowers
people to connect, collaborate, and innovate while optimizing the way they
work. With Lotus you can drive better business...

There are lost of xss vul in PHPWind v6.0 ! lis cker (Mar 19)
I found the PHPWind v6.0 just filter the xss code when the visitors login in, but it doesnt do it when login off.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the
context of the affected site.

This flaw makes its all the parameters in all the pages have the xss flaws when we login off!

Like "hack.php" "search.php" "read.php"...

CA20100318-01: Security Notice for CA ARCserve Backup Kotas, Kevin J (Mar 19)
CA20100318-01: Security Notice for CA ARCserve Backup

Issued: March 18, 2010

CA's support is alerting customers to security risks with CA ARCserve
Backup. The version of JRE shipped with ARCserve Backup is
potentially susceptible to multiple vulnerabilities and has also
reached end of life. Support is providing JRE 1.6 upgrades as
remediation.

Risk Rating

High

Platform

Windows

Affected Products

CA ARCserve Backup r12.5
CA ARCserve Backup...

CORE-2010-0311 - eFront-learning PHP file inclusion vulnerability CORE Security Technologies Advisories (Mar 17)
eFront-learning PHP file inclusion vulnerability

1. *Advisory Information*

Title: eFront-learning PHP file inclusion vulnerability
Advisory Id: CORE-2010-0311
Advisory URL:
http://www.coresecurity.com/content/efront-php-file-inclusion
Date published: 2010-03-16
Date of last update: 2010-03-16
Vendors contacted: Vendor name
Release mode: Coordinated release

2. *Vulnerability Information*

Class: PHP file inclusion [CWE-98]
Impact: Code...

Sahana 0.6.2.2 Authentication Bypass Christopher (Mar 17)
Ability to completely disable authentication via stream.php and commented
out module authentication code within it.

http://victim/<sahana_path>/index.php?mod=admin&act=acl_enable_acl
Authenticates correctly.

http://victim/<sahana_path>/stream.php?mod=admin&act=acl_enable_acl
Does not.

Secunia Research: Quicksilver Forums "mysqldump" Password Disclosure Secunia Research (Mar 17)
======================================================================

Secunia Research 17/03/2010

- Quicksilver Forums "mysqldump" Password Disclosure -

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description...

Secunia Research: Quicksilver Forums Cross-Site Request Forgery Vulnerability Secunia Research (Mar 17)
======================================================================

Secunia Research 17/03/2010

- Quicksilver Forums Cross-Site Request Forgery Vulnerability -

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of...

Secunia Research: Quicksilver Forums Backup Information Disclosure Secunia Research (Mar 17)
======================================================================

Secunia Research 17/03/2010

- Quicksilver Forums Backup Information Disclosure -

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of...

CORE-2009-0803: Virtual PC Hypervisor Memory Protection Vulnerability CORE Security Technologies Advisories (Mar 17)
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/

Virtual PC Hypervisor Memory Protection Vulnerability

1. *Advisory Information*

Title: Virtual PC Hypervisor Memory Protection Vulnerability
Advisory Id: CORE-2009-0803
Advisory URL:
http://www.coresecurity.com/content/virtual-pc-2007-hypervisor-memory-protection-bug
Date published: 2010-03-16
Date of last update: 2010-03-16
Vendors...

Miranda IM silent TLS failure Jan Schejbal (Mar 17)
Summary:
Under certain conditions, Miranda ignores the "Use TLS" setting in
Jabber accounts and uses an unencrypted connection.

Affected: Miranda IM (instant messenger), at least versions 0.8.16,
0.9.0 alpha build #6 Unicode and SVN rev. 11383

Description:
If the following conditions are met:
- "Use TLS" is enabled in the jabber account settings (Network -
Jabber - Account),

- "Validate SSL certificates" is...

Vulnerabilities in VXDate for Joomla MustLive (Mar 17)
Hello Bugtraq!

I want to warn you about vulnerabilities in component VXDate for Joomla.

-----------------------------
Advisory: Vulnerabilities in VXDate for Joomla
-----------------------------
URL: http://websecurity.com.ua/3849/
-----------------------------
Timeline:

10.05.2009 - found the vulnerabilities.
12.01.2010 - announced at my site.
18.01.2010 - informed developers.
13.03.2010 - disclosed at my site.
-----------------------------...

Full Disclosure — An unmoderated high-traffic forum for disclosure of security information. Fresh vulnerabilities sometimes hit this list many hours before they pass through the Bugtraq moderation queue. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. Unfortunately 80% of the posts are worthless drivel, so finding the gems takes patience.

Re: Setting the record straight on "The Return of Koobface" J Roger (Mar 20)
This reads as "waaa i noticed this first and didn't think much of it but now
that someone else is making a big deal, i want my credit". Maybe you
reported on it first on your blog, with a single sentence that wasn't even
the primary focus of the post. Regardless if an up rise in koobface is
significantly news worthy or not, you apparently failed to draw enough
attention (or the right attention) to it at the time.

In other words, maybe...

Setting the record straight on "The Return of Koobface" Mr. Hinky Dink (Mar 20)
Today I ran across this article...

http://www.nst.com.my/Current_News/NST/articles/20100320160620/Article/index_html

... in which it is noted that Kaspersky Labs "recently discovered the
resurgence of the malicious programme (Koobface) and sounded the alarm."

Gentlemen, I beg to differ.

I first mentioned the resurgence of Koobface on February 23rd, 2010 here...

http://proxyobsession.net/?p=827

I admit I did not "sound the...

Malware 2010 Call for Papers Daniel Reynaud (Mar 20)
Apologies for multiple postings
----------------------------------------------------------------------

*** Malware 2010 Call for Papers ***
http://malware10.loria.fr/

----------------------------------------------------------------------
Important dates
----------------------------------------------------------------------

Submission of papers: June 30,...

Re: Fingerprinting Paper with Laser james o' hare (Mar 19)
He had to speak in laymans terms so Gadi could understand biometrics.

Andrew

Re: Fingerprinting Paper with Laser james o' hare (Mar 19)
Does your average CISSP forget to research before they claim something
will be in every airport in 5 years time, with a citation of an
article that is 5 years old.

Andrew

Re: Fingerprinting Paper with Laser Valdis . Kletnieks (Mar 19)
On Fri, 19 Mar 2010 21:58:30 -0000, "james o' hare" said:

Dude. Take your meds. It's not all about Mossad. Or at least learn as much
about biometrics as the average CISSP does (at which point you'd realize that
what Dan actually wrote was the kindergarden primer level and unlikely to help
an actual spook agency). If you're reading "Dan defected" into it, you
totally missed the message.

Dan: Regarding the steganographic...

Re: Fingerprinting Paper with Laser T Biehn (Mar 19)
What 'limits'? What 'acceptable range' are you talking about?
I think they scan the surface doing pit depth / pit counts like an expensive
cd reader.
Within this presumption, you have to fingerprint either the whole document
or a small square. It cannot be duplicated, it cannot be used to
authenticate 'batches.' It could only be included in some piggyback data
e.g. in the smartcard. Preferrably signed. With some glorious pki.

Keep trying,...

Re: Fingerprinting Paper with Laser T Biehn (Mar 19)
X,
The point is that material isn't consistent.

Duh.

-Travis

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Consider a production line for printing anything that...
sample of the material printed/magnetised or otherwise marked during a
production run, then only one token need be scanned by laser. This

single data set can then be used by access points to verify the validity of
said token(s) when prese...

- --
Mankind's systems are white...

Re: Fingerprinting Paper with Laser james o' hare (Mar 19)
Gadi accidentally posting a 5 year old article and said this will be
in every airport in 5 years.

What's funnier, this or his buddy Larry posting about it
http://blogs.pcmag.com/securitywatch/2010/03/using_laser_to_fingerprint_pap.php
who didn't realise as well.

He thanks Gadi for a "hat tip".

"If it works out well in testing look for technology like this to
appear in passports, pharmaceutical packaging, credit cards and other...

[ MDVSA-2010:062 ] curl security (Mar 19)
_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:062
http://www.mandriva.com/security/
_______________________________________________________________________

Package : curl
Date : March 19, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,
Enterprise Server 5.0, Multi Network Firewall 2.0...

Re: Fingerprinting Paper with Laser james o' hare (Mar 19)
Did anyone notice Gadi's "fine article" is from 2005 and isn't even up to date?

http://nanotechwire.com/news.asp?nid=2254

That's why I'm suspicious about why he's post it in 2010 all of a sudden.

Andrew

Re: Fingerprinting Paper with Laser mrx (Mar 19)
Valdis.Kletnieks () vt edu wrote:

If deviations in the manufacturing process were consistently between known limits, it still serves as a control.
A hacker may learn those limits but then the problem of recreating an equal manufacturing process still remains.
Obviously if the deviation in each sample is such that the known level of consistency is so wide that the process is
easily
replicated then the tech is useless as an indicator of...

Re: Fingerprinting Paper with Laser james o' hare (Mar 19)
You would be better going to http://www.ingeniatechnology.com/ to find
out about it than read crap web sites that the Israeli's appear to
read.

There are PDF reports, Brochures and videos on the web site, far
better than Gadi's source of information.

Andrew

Re: Fingerprinting Paper with Laser Valdis . Kletnieks (Mar 19)
On Fri, 19 Mar 2010 20:51:40 -0000, mrx said:

I thought the point was that there *wasn't* absolute consistency, and what
was being measured was the deviations in each sample.

A bigger concern is whether normal wear and tear will invalidate the
measurements - some spots will be rubbed smoother by friction, others
will be roughed up. Yes, the fine article says this:

"This continued even after they were subjected to rough handling, including...

Re: Fingerprinting Paper with Laser james o' hare (Mar 19)
Do you think Gadi post this on purpose as a warning to the British
government that the Israeli government want this technology broken by
someone on the list?

Why else would the Israeli's post to a British mailing list to tell us
about our own techology that we already know about because we made it?

We can't stop the Israeli's posting to this mailing list but it seems
like a warning to me.

In other news it seems Dan Kaminsky has defected over...

Security Basics — A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.

RE: Home wireless free hotspot BECKY MACDONALD (Mar 19)
Interesting....

Certainly supports the concept of securing the end-node and not the network. I think he makes several valid points
throughout and I too like the idea of sharing Internet connections from both the user and provider standpoints. However
the security professional in me says I should secure all points of access (layer security is always best) and keep all
unauthorized access of my network. The security side of me wins this one :)...

RE: Home wireless free hotspot BECKY MACDONALD (Mar 19)
Interesting....

Certainly supports the concept of securing the end-node and not the network. I think he makes several valid points
throughout and I too like the idea of sharing Internet connections from both the user and provider standpoints. However
the security professional in me says I should secure all points of access (layer security is always best) and keep all
unauthorized access of my network. The security side of me wins this one :)...

Re: Home wireless free hotspot Adam Mooz (Mar 19)
Larry,

If you have the public AP infront of the private AP then, if someone
is able to subvert the router itself (not a difficult task) then they
have complete control of your traffic. The private AP should be in
front of the public AP in this case (although this is not the rule.)

----------------------------------------------------------
Adam Mooz
Blog: http://www.adammooz.com
LinkedIn: http://www.linkedin.com/ln/adammooz...

Change to SANS GIAC recert process Eggleston, Mark (Mar 19)
Hello Folks,

As a SANS GIAC alum, I didn't get anything in my email but I'm excited
about the change in the recert process:

"On March 1st, 2010, GIAC will begin to offer expanded certification
maintenance options. Besides the existing method of retaking the
standard certification exam, we will offer two main additional options.
One alternative is for you to submit a published technical research
paper, such as a GIAC Gold Paper. Another...

Re: Skype / Vsee M.D.Mufambisi (Mar 19)
The risk around such applications really is the easy leakage of
corporate information. Chat applicatios present a great risk around
this. Corporate documents can be easily transmitted out the network.
Another issue is that individuals do not normally know where to draw
the line between occasional "chatting" and wasting company time.
Viruses and malware could also be transmitted this way. Chat traffic
is encrypted and as such, these...

Re: Palevo Worm Infection Albert R. Campa (Mar 19)
check out the 3 CVEs linked on this site. Some old MS vulnerabilities.

http://www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99

__________________________________
Albert R. Campa

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL...

RE: Home wireless free hotspot Lauren Twele (Mar 19)
You also have to consider audit logs, policy management and provisioning. An identity management solution sounds like
the way to go here

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Channel, Lawrence F CTR
USAF ACC ACC/A8ZX
Sent: Wednesday, March 17, 2010 9:59 AM
To: security-basics () securityfocus com
Cc: John Lightfoot
Subject: RE: Home wireless free hotspot

John,...

RE: Home wireless free hotspot Lauren Twele (Mar 19)
IF you want to block all employee access to web mail (e.g., Gmail,
Hotmail, Yahoo, etc) from within your corporate network:
-->THEN you should set up firewall rules as suggested by the attached
-->email (SinglePoint not needed)

IF you want to control access by allowing only SOME employee access to
web mail...:
--> THEN you should license SinglePoint from Symplified

IF you want to audit access to web mail...:
--> THEN you should...

Re: Home wireless free hotspot Johnathan (Mar 19)
Signing a contract is not a legal agreement? There isn't any service provider that I am aware of that will just take
your word for agreeing to their terms of services, terms and conditions and/or terms of use.

I never said anything about breaking the law, the term legal does not always imply "breaking the law". Not fullfiling
your end of a signed agreement may not be breaking the law, but in the states, many situations can be...

Access 2003 MDE bypass. Rivest, Philippe (Mar 19)
Hi

i'm looking for a way to get access to the code once a mdb file has been
converted to a mde file.
Its my own code & application (Access 2003),i already have access to the
code but i want to ensure that if publish in a mde format no one will have
access to my code.

Also, are you aware if theres a way to remove a signature from an mde code
(signature is based on a certificate).

Thanks

<http://logo.transforce.org/ligneg.gif>...

Re: Reporting SSH abuse mgk (Mar 19)
Hi

We take reports like this seriously when we receive them and take them
up with customers. Theres no harm in sending a report with some logs.
Wording such as, it seems as though this is the situation is less
confrontational than, Attacks are coming from your network, sort it out.

Here are a few we have had:-

Looks like your custommer with IP xxxxxxxxx is doing ssh attacks to my
server.
Please take care about
Best Regards

and

Hi,...

RE: Home wireless free hotspot Murda (Mar 19)
I am fascinated by the implications of this thread and by what it is the OP wishes to do and its potential
ramifications. It seems to me that the whole privacy and anonymity aspects of this situation and similar will become
more of a battleground over the next few years in most western countries; Australia is already gearing up for a net
filter that will curtail the kind of content that can be accessed. How it will work is anyone's guess and...

Re: Skype / Vsee Shawn Merdinger (Mar 19)
Hi WW,

While dated (December, 2006) Skype's giude for network admis might be helpful

http://www.skype.com/security/network-admin-guide-version2.2.pdf

Cheers,
--scm

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and...

Check if root is allowed on SSH server - remotely? savekov (Mar 19)
Hi guys ,

is there any special way I could check remotely if the ROOT login is allowed
or not in SSH server?
I dont have any account on this server to login to the server and check the
config files.
Im just curious is there any way I could remotely find out if the root is
allowed or not allowed?

Thanks ...guys

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In...

Palevo Worm Infection martin (Mar 19)
Hi All

We've just had some clients get infected with the above worm. The
worm has definitely spread via removeable drives, but it appears to
have also spread directly between networked PC's within the same
broadcast domain. None of our users however had admin rights on any
PC, so I'm curious what vulnerability the virus is using to spread
itself amongst our machines.

According to the link below, it's spreading via "known software...

Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.

RE: Decrypting PPTP network traffic Paul Melson (Mar 18)
breaking MS-

published

published openly!

If you have packet captures of a tunnel initiation, the username is in clear
text and you can use asleap (http://www.willhackforsushi.com/?page_id=41) to
crack the CHAP challenge/response.

PaulM

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt...

Re: Re: CTF events? oguzhanssan (Mar 18)
Hi there,

i wanna organize a CTF and my scenario is defined.
But i need more suggestions about scenarios and also technology.
Scenario will be deal with personal information security. In my opinion, using an open source
e-commerce package on windows iis 5 and etc.
Any offer?

Oguzhan Sereflisan

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board...

Did you work on OSSTMM 3? Pete Herzog (Mar 18)
Hi,

It's been 7 years since OSSTMM 3 began. It was a long climb uphill
because we got rid of all best practices and verified every practice
before it went in. We searched for the essence of what security is and
we think we found it both mathematically and practically. We did
everything we could to make this OSSTMM easier to apply, more
efficient, and overwhelmingly better. Many of you were part of that
process. Below is the list of those...

Re: Professional Scrpt Kiddies vs Real Talent R. DuFresne (Mar 18)
to me this whole argument seems to indicate that unless one is capable of
writing a sendmail replacement of a replacement for X, etc, then they are
not a real knowledgeable admin type. So this whole argument blow chunks
in my mind.

Thanks,

Ron DuFresne

[SNIP]

Re: Controlled DoS Dharm Dhwaj Singh (Mar 18)
You can say that monitored/controlled DOS attack.In PenTest Scenarios
it may require more cooperation from client to analyze the resources
which would be impacted from the DOS.
Generally this methodology this used to design defense strategies
against DOS attacks

..Dharm

Re: CTF events? Jeff Testman (Mar 18)
Hello - all!

Thanks to all who replied for the great information!

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org...

Re: Evaluating pentesters Pete Herzog (Mar 17)
Hi,

Thanks for the suggestion! However, in reality most pen-test companies
won't subject themselves to such a bake-off because they might not win
and they certainly don't want to be published as a loser. We have
worked on some ways to show who's good without showing who's bad and
while I think we can do regular bake-offs, I think a good security
company is found in their accountability rather than any mythical or
even valid but poorly...

Decrypting PPTP network traffic Alexander Perchov (Mar 17)
Note: apologies for cross posting - I hope to get more coverage this
way, because google hasn't been helping lately ;-)

I am looking for a tool that can decrypt MPPE (Microsoft
Point-to-Point Encryption) network traffic given a pcap (or any other
format really) and the correct key / NTLM hash. Is anyone aware of
such a tool - public or even private software?

Most tools (and there isn't an awful lot of them anyway!) focus on
breaking...

Re: CTF events? Rob Fuller (Mar 17)
CCDC and all of the events that White Wolf Security holds are the only
ones that I know of. I don't think there is a comprehensive list as
there are new ones every week it seems. But having people post the
ones they know of may help you generate one.

Re: Controlled DoS Adam Mooz (Mar 15)
Hey Tibor

A DoS is essentially just overwhelming the capabilities of whatever service you're going after, so for web servers it's
initiating a storm of connections, for SMB it can be attempting to login 1,000,000 times per second, etc... You just
keep using the resources until they're exhausted preventing anyone else from using that service. With that in mind,
doing a 'controlled' DoS is possible, just limit how many connections or attempts...

RE: Professional Scrpt Kiddies vs Real Talent Porttikivi, Anssi (Mar 15)
My two cents: any industry that is changing and evolving rapidly will
have more demand than offer for new skills. The professional master who
understands _everything_ certainly will be too expensive to deploy for
most customers, and there will be demand for less talented and less
experienced, cheaper people. In a dynamic industry there will also
necessarily be (many kinds of) risk appetite in customers, so they are
willing to hire services w/o...

RE: Evaluating pentesters security curmudgeon (Mar 15)
: Does anyone know if a "bakeoff" of pentest vendors has ever been done?

Yes, frequently. For many large contracts, especially web application
testing, vendors will do a bakeoff to assess firms and their ability to
audit the target environment.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers...

Re: Professional Scrpt Kiddies vs Real Talent Steve Pinkham (Mar 15)
Mike wrote:

I'm going to have to strongly disagree with your assertion, or at least
my understanding of it. A doctor and a technician both need to know a
lot about how the machine works so they know the limitations of the
machine. Techs also know how to adjust the radiation level to get
contrast for different body parts, etc. If you don't know on a
functional level how an X-ray machine works, you can't run one, and you
can't interpret the...

[HITB-Announce] HITBSecConf2010 - Dubai Agenda Released Hafez Kamal (Mar 15)
Conference agenda for HITBSecConf2010 - Dubai has been announced!

Welcoming Address by H.E Mohammed Nasser Al-Ghanim (Director General, UAE Telecom Regulatory Authority - TRA) -- TBC

Keynote 1: John Viega (CTO, SaaS, McAfee Inc.) -- A/V Vendors Aren't As Dumb As They Look
Keynote 2: Matt Watchinski (Senior Director of Vulnerability Research, Sourcefire Inc.) -- TBA

1.) Daniel Mende (ERNW GmbH) with Oliver Roeschke (ERNW GmbH) -- Attacking...

Tools Update - Second week of March 2010 SD List (Mar 15)
Hello

Here is the site's newsletter "Security Database Tools Watch"
(http://www.security-database.com/toolswatch).
This letter summarizes the articles and news items published since 7 days.

You can also follow us on Twitter (http://twitter.com/ToolsWatch) to share
hot information with our followers (great bloggers, auditors, pentestors,
IT professionals and old days hackers.

New articles
--------------------------...

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

HotCloud '10 Submission Deadline Approaching InfoSec News (Mar 18)
Forwarded from: Lionel Garth Jones <lgj (at) usenix.org>

We're writing to remind you that submission deadline for the 2nd USENIX
Workshop on Hot Topics in Cloud Computing (HotCloud '10) program
committee is approaching.

Please submit your work by Tuesday, March 23, 2010.
http://www.usenix.org/hotcloud10/cfpb

Cloud computing has attracted a great deal of attention both from the
research community and from industry. The cloud computing...

$45, 582 telephone bill: Furniture company's security breach traced back to Somalia InfoSec News (Mar 18)
http://www2.hickoryrecord.com/content/2010/mar/18/furniture-company-targeted/news/

By Richard Gould
Hickory Daily Record
March 18, 2010

It only took 12 hours for a hacker to run up $45,582 in telephone
charges for a local furniture company.

More than 10,000 minutes of phone calls were made from the phones at
Sherrill Furniture on Highland Ave. NE from 9 p.m. on Friday, March 5 to
9 a.m. the following day.

The company reported the security...

Secunia Weekly Summary - Issue: 2010-11 InfoSec News (Mar 18)
========================================================================

The Secunia Weekly Advisory Summary
2010-03-11 - 2010-03-18

This week: 95 advisories

========================================================================
Table of Contents:

1.....................................................Word From...

To Battle Computer Hackers, the Pentagon Trains Its Own InfoSec News (Mar 18)
http://www.time.com/time/nation/article/0,8599,1972896,00.html

By Mark Thompson
Washington
Time
March 18, 2010

After years of building firewalls and other defenses against relentless
hacker attacks, the Pentagon is going over to the dark side of computer
warfare. But ethically, of course. The Defense Department, like most
other large organizations, has recognized that no wall is high enough to
keep out skilled and determined hackers for...

Hacking "fun" for British teens InfoSec News (Mar 18)
http://news.bbc.co.uk/2/hi/technology/8574259.stm

BBC News
18 March 2010

One in four young Britons attempts to access the Facebook accounts of
their friends, a survey claims.

The most common route of access was by working out - or "cracking" -
each other's passwords.

The poll of 1150 under-19s found that nearly half of those who accessed
other accounts did so from either their own computer or one at school.

The main reason given...

Weak states leave EU open to cyberattack InfoSec News (Mar 18)
http://news.techworld.com/security/3217728/weak-states-leave-eu-open-to-cyberattack/

By John E. Dunn
Techworld
18 March 2010

EU states need to work far more closely with one another to have any
chance of fending off the sort of cyberattacks that caused huge problems
for Estonia in 2007, a House of Lords report has said.

According to the Protecting Europe against large-scale cyber-attacks
report, the Estonian cyberwar of April that year...

P2P Puts Medical Data At Risk InfoSec News (Mar 18)
http://www.informationweek.com/news/healthcare/security-privacy/showArticle.jhtml?articleID=224000042

By Nicole Lewis
InformationWeek
March 18, 2010

Many home computer users don't realize it, but the next time they
download a movie, a video or some old sentimental song, they may be
giving an intruder the opportunity to search the PC's files for
sensitive information, including their health records, a new study
finds.

What kind of sensitive...

Fired CISO says his comments never put Penn.'s data at risk InfoSec News (Mar 18)
http://www.computerworld.com/s/article/9173078/Fired_CISO_says_his_comments_never_put_Penn._s_data_at_risk_?taxonomyId=17

By Jaikumar Vijayan
Computerworld
March 18, 2010

Robert Maley was fired from his job as the chief information security
officer for the state of Pennsylvania earlier this month after he spoke,
without proper authorization, about security incidents involving the
state during a panel discussion at the RSA trade show....

SyScan'10 CFP InfoSec News (Mar 18)
Forwarded from: thomas <thomas (at) syscan.org>

*SyScan'10 CALL FOR PAPERS*

*ABOUT SYSCAN'10*
This year, SyScan'10 will be held in the 4 exciting cities of Singapore,
Hangzhou, Taipei and Ho Chi Minh City. Details are as follows:

*/SyScan'10 Singapore
/*date: 17 – 18 June 2010

*/SyScan'10 HangZhou
/*date: 10 - 11 July 2010

*/SyScan'10 Taipei
/*date: 19 – 20 August 2010

*/SyScan'10 Ho Chi Minh City/*

date: 23 – 24 September 2010...

Hacker Disables More Than 100 Cars Remotely InfoSec News (Mar 18)
http://www.wired.com/threatlevel/2010/03/hacker-bricks-cars/

By Kevin Poulsen
Threat Level
Wired.com
March 17, 2010

More than 100 drivers in Austin, Texas found their cars disabled or the
horns honking out of control, after an intruder ran amok in a web-based
vehicle-immobilization system normally used to get the attention of
consumers delinquent in their auto payments.

Police with Austin's High Tech Crime Unit on Wednesday arrested...

Researchers Map Multi-Network Cybercrime Infrastructure InfoSec News (Mar 18)
http://www.krebsonsecurity.com/2010/03/researchers-map-multi-network-cybercrime-infrastructure/

By Brian Krebs
Krebs on Security
March 17th, 2010

Last week, security experts launched a sneak attack to disconnect
Troyak, an Internet service provider in Eastern Europe that served as a
global gateway to a nest of cyber crime activity. For the past seven
days, unnamed members of the security community reportedly have been
playing Whac-a-Mole...

Hackers offered $100,000 for browser and phone exploits InfoSec News (Mar 18)
http://news.techworld.com/security/3217625/hackers-offered-100000-for-browser-and-phone-exploits/

By John E. Dunn
Techworld
17 March 2010

Security company 3Com TippingPoint has jacked up to $100,000 (65,000)
the prize money on offer to anyone able to hack a range of browsers and
mobile devices at the forthcoming CanSecWest security conference.

Running for the fourth year at the event, $40,000 of the Pwn2Own
contest pot will be on offer...

VA faces major hurdles to comply with FISMA, audit finds InfoSec News (Mar 17)
http://fcw.com/articles/2010/03/17/audit-says-va-faces-significant-issues-with-fisma-compliance.aspx

By Alice Lipowicz
FCW.com
March 17, 2010

Despite a major improvement in cybersecurity, the Veterans Affairs
Department still has "significant" obstacles to overcome to meet federal
cybersecurity standards, according to a new report released by the VA's
Office of Inspector General.

According to a summary of the report, the VA...

'Cyber attack brought down national election website' InfoSec News (Mar 17)
http://colombiareports.com/colombia-news/news/8728-cyber-attack-brought-down-national-election-website.html

By Brett Borkan
Colombia Reports
17 March 2010

Arolen S.A., a firm contracted by private telecommunications company UNE
to provide technical services for the recent congressional elections,
blamed a cyber attack for downing the national elections webpage of the
National Registry.

The National Registry's website and the website...

Revised cybersecurity bill introduced in Senate InfoSec News (Mar 17)
http://www.computerworld.com/s/article/9172438/Revised_cybersecurity_bill_introduced_in_Senate?taxonomyId=17

By Jaikumar Vijayan
Computerworld
March 17, 2010

A revised version of a cybersecurity bill first proposed last year was
introduced again in the U.S. Senate today, notably without a
controversial provision that would have given the President authority to
disconnect networks from the Internet during a national emergency.

The bill,...

Firewall Wizards — Tips and tricks for firewall administrators

Call for papers: ISP-10, Orlando, USA, July 2010 James Heralds (Feb 22)
It would be highly appreciated if you could share this announcement with
your colleagues, students and individuals whose research is in information
security, cryptography, privacy, and related areas.

Call for papers: ISP-10, Orlando, USA, July 2010

The 2010 International Conference on Information Security and Privacy
(ISP-10) (website:
http://www.PromoteResearch.org<http://www.promoteresearch.org/>) will
be held during 12-14 of July 2010...

Re: Inline 2 port POE Firewall bruces (Feb 16)
What about the RouterBoard 433 series boards. Three NICs and POE,
firewall on RouterOS is Linux 2.6 based, so iptables is there. If you
want gigabit ethernet, the 600 series has that.

Regards,

Bruce

Quoting Kerry Milestone <km4 () sanger ac uk>:

Inline 2 port POE Firewall Kerry Milestone (Feb 16)
Hello,

i'm looking for an in-line firewall which runs on power over the ethernet. Two ports, one in and one out - running
something like iptables or monowall etc.

Ideally, i'd like to see a yoggie style small device, but their SOHO doesn't run on poe and USB is out of the question.
~ I've seen some bareboards, but in our case it would be really handy to purchase working units (when required) for a
fairly cheap price - rather than have to...

Re: Login straight to priv mode in PIX with TACACS server John Morrison (Feb 12)
Michel,

If you set the PIX to use tacacs+ and then local it will use local if
it cannot contact the TACACS+ server, The easiest way to make sure it
cannot contact the TACACS+ server is to remove the network cables.

Login straight to priv mode in PIX with TACACS server Michel Ferreira (Feb 11)
Hi,

I've successfully configured my PIX 506E (6.3) to authenticate with my
TACACS+ Server (ACS 4.1), however I want to know if there's any way to
put the user straight in priv mode (enable) just after login, without
the need to input the 'enable' command.

I'm questioning this because I don't want to include the "aaa
authentication enable console tacacs+ LOCAL" command, since with this
command if I need console access I still will be...

Draft paper submission deadline is extended: ISP-10 James Heralds (Feb 05)
Draft paper submission deadline is extended: ISP-10

The 2010 International Conference on Information Security and Privacy
(ISP-10) (website:
http://www.PromoteResearch.org<http://www.promoteresearch.org/>)
will be held during 12-14 of July 2010 in Orlando, FL, USA. ISP is an
important event in the areas of information security, privacy, cryptography
and related topics.

The conference will be held at the same time and location where...

Hackito Ergo Sum 2010 - Call For Paper - HES2010 CFP endrazine (Feb 04)
Hackito Ergo Sum 2010 - Call For Paper - HES2010 CFP
http://hackitoergosum.org

Hackito Ergo Sum conference will be held from April 8th to 10th 2010 in
Paris, France.
It is part of the series of conference "Hacker Space Fest" taking place
since 2008 in France and all over Europe.

HES2010 will focus on hardcore computer security, insecurity,
vulnerability analysis, reverse engineering, research and hacking.

INTRO
The goal of this...

Re: Is it possible to control access between clients on same LAN with a firewall? pkc_mls (Jan 28)
William Fitzgerald a écrit :

this is exactly the point.
there are some firewalls that can do layer2 filtering. (bridge mode,
transparent mode, layer2).

this is another option, but you can have some difficulties to find a
local firewall
on a printer.

you should check in the dd-wrt doc or ask the dd-wrt mailing list if it
can be configured with bridge interface
on the LAN.

Re: Is it possible to control access between clients on same LAN with a firewall? Paul D. Robertson (Jan 27)
I'm going to give you the non-firewall, imperfect but quick and easy
solution because with my quick reading of the postings I've approved, I
didn't see anyone suggest it yet- and it works no matter what you're using
as a router, assuming that it operations normally, and someone hasn't been
too clever in making it work...

Supernet the router, so use something like say 10.10.0.0/255.255.0.0 as
the "internal" network on the router....

Re: Is it possible to control access between clients on same LAN with a firewall? William Fitzgerald (Jan 27)
Hi everyone,

Thanks for the constructive feedback.

I'll read into the proposed areas such as private vlans and the possible
configurations of vlans within dd-wrt.

I now know what some of the terminology used is (private vlan etc) in
order to hone in on the correct types of documentation to read.

kind regards,
Will.

PS: This reply may not get to you for some time, as I seem to need
moderator approval to post to the list.

Pete.LeMay wrote:

Re: Is it possible to control access between clients on same LAN with a firewall? Will Brickles (Jan 27)
Using DD-WRT, what comes to mind immediately is to put your devices into separate VLANs and then use iptables to
restrict traffic between the VLANs. I don't know how flexible DD-WRT is when it comes to VLANs, but it might be your
best bet on such a platform. A configuration guide for VLANs I came across is at
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=1160 - it sounds as if you are already familiar with iptables.

Using other (much more...

Re: Is it possible to control access between clients on same LAN with a firewall? K K (Jan 27)
Yes.
The most transparent (to the host) technique is what Cisco calls
"private VLAN", see:
http://en.wikipedia.org/wiki/Private_VLAN

There are other approaches to get the same results, all require either
a firewall with lots of interfaces (real or virtual) or a very smart
switch.

Kevin

Re: Is it possible to control access between clients on same LAN with a firewall? Paul Melson (Jan 26)
With DD-WRT you can assign a different VLAN to each interface of the
router and then use iptables rules to manage traffic between devices.
This requires either a high degree of customization of your router or
the use of static IP addressing on some of the VLANs. Which for a
home network may not be so bad. Keep in mind that if you uplink other
switches to the router that the firewall cannot protect two devices
connected to that switch from each...

Re: Is it possible to control access between clients on same LAN with a firewall? Mark (Jan 26)
Will:

The issue here is that computers on the same LAN do not forward packets to
the default gateway (your firewall), but use ARP and layer 2 to communicate.
The firewall never even pays attention to this traffic. The fact that the
firewall and switch are occupying the same physical device (your WRT54G)
makes no nevermind (as we say in the south). Even if you could make your
firewall filter the traffic, in essence you would be creating a...

Re: Is it possible to control access between clients on same LAN with a firewall? Eric Gearhart (Jan 26)
You sound like you might already know this, but I may as well
summarize it for the audience. Normally in "production networks" you
separate different servers on a network based on their purpose... for
example, application servers go into an "application VLAN," database
servers go into a "database VLAN," and publicly accessible servers go
in their own separate DMZ (preferably they also hang off their own
separate...

IDS Focus — Technical discussion about Intrusion Detection Systems. You can also read the archives of a previous IDS list

Announcing: Ruby API for xtractr kowsik (Mar 18)
What started off as a way to unit test the RESTful API for xtractr has
now turned into a Ruby gem that we are releasing as open source. First
xtractr, then nuggets and now a gem.

We are happy to announce a Ruby gem for xtractr which takes all the
goodness of Ruby and interacts RESTfully with xtractr for oh-so-fun
network forensics and troubleshooting all from within IRB, the
interactive Ruby shell.

Blog: http://bit.ly/baW3zZ
Code:...

Decrypting PPTP network traffic Alexander Perchov (Mar 17)
Note: apologies for cross posting - I hope to get more coverage this
way, because google hasn't been helping lately ;-)

I am looking for a tool that can decrypt MPPE (Microsoft
Point-to-Point Encryption) network traffic given a pcap (or any other
format really) and the correct key / NTLM hash. Is anyone aware of
such a tool - public or even private software?

Most tools (and there isn't an awful lot of them anyway!) focus on
breaking...

Call for Papers: EC2ND 2010 Konrad Rieck (Mar 08)
Dear Colleagues,

Please find attached the Call for Papers for EC2ND 2010,
the sixth European Conference on Computer Network Defense,
which will be held in Berlin, Germany, October 28-29, 2010.

Please feel free to distribute this announcement. We apologize
if you receive multiple copies of this message.

Best Regards,

The EC2ND 2010 Organization Committee

* * * * * *

6th European Conference on Computer...

Announcing xtractr (on pcapr) kowsik (Feb 22)
We are happy to announce xtractr, a collaborative cloud app for
indexing, searching, extracting and reporting on large pcaps. xtractr
enables network/support engineers and testers to troubleshoot the
network, isolate problems, identify field issues and perform network
forensics.

You can learn more about xtractr on our blog: http://bit.ly/d7yrKl or
watch a demo: http://www.pcapr.net/xtractr

Thanks,

K.
---
http://www.pcapr.net/...

CFP: Workshop on the Analysis of System Logs Kathryn Mohror (Feb 05)
Workshop on the Analysis of System Logs (WASL) 2010
http://www.systemloganalysis.com
Call for Papers

===============================
October 3, 2010
Vancouver, Canada
(at OSDI)
===============================

FULL PAPER SUBMISSION: Sunday, June 13, 2010
AUTHOR...

Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

Free On-Demand Security Scanning Service Maty Siman (Mar 18)
Hi All,

Checkmarx has recently launched an on demand security scanning service.
We would like to extend an offer to all WebAppSec members for a free trial.
The scans support all common languages included in the Java and .Net
families.

In addition members will enjoy some benefits like:
• Support for Force.com languages: Apex and Visualforce
• Detection of recently discovered vulnerabilities like ReDos and XSHM
• Detailed reports...

[HITB-Announce] HITBSecConf2010 - Dubai Agenda Released Hafez Kamal (Mar 14)
Conference agenda for HITBSecConf2010 - Dubai has been announced!

Welcoming Address by H.E Mohammed Nasser Al-Ghanim (Director General, UAE Telecom Regulatory Authority - TRA) -- TBC

Keynote 1: John Viega (CTO, SaaS, McAfee Inc.) -- A/V Vendors Aren't As Dumb As They Look
Keynote 2: Matt Watchinski (Senior Director of Vulnerability Research, Sourcefire Inc.) -- TBA

1.) Daniel Mende (ERNW GmbH) with Oliver Roeschke (ERNW GmbH) -- Attacking...

Re: Need a real Java web application with vulnerabilities Yu Qu (Mar 08)
Hi, Peine and others:

I have encountered similar problems too, my suggestion is please try to google the alphabetic strings like this:

"sql injection vulnerability CVE site:web.nvd.nist.gov jsp"

I believe that some positive results can be found. I'm also looking forward to other suggestions, thx!

Best wishes!

------------------------------------

Yu Qu

Ph.D. Candidate Student

Ministry of Education Key Lab for Intelligent...

RE: [WEB SECURITY] Re: Need a real Java web application with vulnerabilities Calderon, Juan Carlos (GE, Corporate, consultant) (Mar 08)
Yeah, Steve's is just a nice approach, my experience is the same, you
will hardly find a non vulnerable custom application.

Besides you will improve your internal systems security, but fix them
fast or you could suddenly have those vulnerabilities exploited in
production and some grades changed :).

Regards,
JC

-----Original Message-----
From: Steve Pinkham [mailto:steve.pinkham () gmail com]
Sent: Lunes, 08 de Marzo de 2010 12:04 p.m.
To:...

Re: Need a real Java web application with vulnerabilities Morgan Reed (Mar 08)
Sounds like the right approach, though I'm not aware of any Java based CMS.

I'd suggest your best bet is to go trawling some of the various
vulnerability databases around the place for a suitable candidate.

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus...

Re: [WEB SECURITY] Re: Need a real Java web application with vulnerabilities Steve Pinkham (Mar 08)
Rogan Dawes wrote:
> Unfortunately, your first requirement seems to suggest against your
> suggestion. :-)
>
> As an open source app, the student would be able to see the change logs,
> and any security announcements for the app, and would be able to make
> use of those to identify known vulnerabilities in that version of the
app.
>
> I suggest you look for a project that may have had a history of
>...

Security BSides Austin - sponsors needed! Benjamin Tomhave (Mar 08)
Hi folks,

We need your help. We're still looking for sponsors for this weekend's
Security BSides Austin, which is set to occur the same day as the
kickoff for SxSW Interactive (a major developer conference). We have
official sponsorship from Astaro and Panda, plus a couple unofficial
sponsors. We'd love to see your organization involved, too! We're hoping
for a successful inaugural event in Austin, TX, so that next year we can
become officially...

Re: Need a real Java web application with vulnerabilities Marc-André Laverdière (Mar 08)
You can have a try at Securibench. Some of the apps in there don't run without
some serious armtwisting though, but its good enough for manual review and
static analysis.

Marc-André Laverdière
Software Security Scientist
Innovation Labs, Tata Consultancy Services
Hyderabad, India

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck....

Re: Need a real Java web application with vulnerabilities Federico Maggi (Mar 08)
OWASP's WebGoat Project has designed a non-trivial web application in Java, exactly for this purpose.

Ciao,
-- Federico

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

Re: Need a real Java web application with vulnerabilities Kvetch (Mar 08)
Check out Daffodil CRM - http://sourceforge.net/projects/daffodilcrm/
It has SQL injection, XSS and some coding opportunities.

Nick Baronian

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

Re: Need a real Java web application with vulnerabilities Wagner Elias (Mar 08)
OWASP Broken Web App Project contains WebGoat an app vulnerable in Java.
http://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project#tab=Project_Details

Regards

2010/3/8 Holger Peine <Holger.Peine () fh-hannover de>:

Need a real Java web application with vulnerabilities Holger Peine (Mar 08)
Hello,

I have a student who wants to perform a mostly manual security review
of some Java web application as his master's thesis work. I am well
aware of pedagogical, deliberately insecure applications like Webgoat
and many others. However, we need a real application for this:

- Real code, since the job should create a realistic experience for
the student, and the results should not be readily available
in advance (as with Webgoat etc.)

-...

SamuraiWTF 0.8 released Kevin Johnson (Mar 05)
Hi all,

I have just finished releasing SamuraiWTF 0.8. It is available at http://samurai.inguardians.com
and is a huge update. It includes metasploit, target applications
and tons of tool updates. It is now DVD sized as it has out grown the
CD release.

Thank you
Kevin Johnson and the SamuraiWTF project team

Senior Security Analyst
InGuardians, Inc.
office: 202.448.8958
cell: 904.403.8024

removing version identifying attribution data Robin Wood (Mar 04)
With a lot of open source web apps there is usually some kind of file
or comment block in the code that identifies the author and gives
attribution. The problem with most of these is that they end up
leaking information about the version of the app being used.

I'm very keen on keeping attribution in place and wouldn't want to
release software without giving due credit but at the same time I'd
rather not expose my clients to data leakage which I...

Vulnerabilities Animated Clips Maty Siman (Mar 03)
One of the biggest challenges of the security community is to build true
SDLC (Secure development Life Cycle).
The biggest obstacle is that application developers at large lack the
know-how and motivation to address application risk.
At Checkmarx labs we thought that a new approach to application developers
might help them cross the barrier.
We have developed as a pilot including two short animated clips that should
help developers understand a...

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

Wings dave (Mar 11)
So kudos to team .cn for another great IE bug. Anyone burning great bugs
like that clearly has a whole pot-full of them. Feel free to send any
spare ones my way. :>

Anyways, if you're sitting in a room with some hackers, you can always
do this: Ask them (as a group) if they could get kicked out of any
network they spent six months undetected in.

All hackers say "no" of course (what's a hacker without an ego?) but
it's interesting...

Re: Mike Bailey's Flash presentation is good. Florian Weimer (Mar 09)
Bugs in web application frameworks are typically not fixed in the
frameworks, but are classified as application bugs instead. Each
application has to work around them. That creates enough commonality
that makes scanners not entirely useless.

Mike Bailey's Flash presentation is good. dave (Mar 09)
People in the web application security space are often more into
"scanners" than people finding memory corruption bugs. I'm not sure what
the root cause is there - perhaps the set of bug classes that are
useful in web applications includes an abnormally large number of
automatable possibilities? Perhaps it's just a sign of the immaturity of
the field in general.

But web application hacking can be as complex as a CLOUDBURST style...

Re: Does anyone have video of this? Nate Lawson (Mar 04)
I'm not sure why you're so excited about this. This panel is up every
year and mostly has the same people on it.

Basically you have Shamir and Rivest as the only two active
cryptographers with Whit Diffie as comedy relief. Brian Snow retired
from the NSA a while ago. It may be a fun format to watch for a Access
Hollywood level overview of recent crypto news, but nothing
groundbreaking has ever been presented here.

As for the NSA, crypto is such...

Perforce Intevydis (Mar 04)
Hi,

Usually I tend to ignore articles related to "sophisticated" aurora
attacks but according to
http://www.wired.com/threatlevel/2010/03/source-code-hacks many
companies use Perforce, big surprise..

About two years ago we've performed a quick testing of Perforce 2008.1
and released some bugs with Vulndisco:

1. p4s.exe DoS (crash)

to trigger send the following data to port "...

Re: Does anyone have video of this? Dave Aitel (Mar 04)
Btw, for those who missed it:

"""
You find it at:
http://media.omediaweb.com/rsa2010/video-only.htm?id=1-5

And the other media from:
http://www.rsaconference.com/2010/usa/recordings/keynote-catalog.htm?utm_source=us10showdaily&utm_medium=email&utm_campaign=Wednesday
"""

-dave

Does anyone have video of this? Dave Aitel (Mar 02)
NSA, cryptoexperts jab at RSA Conference Cryptographers' Panel

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1407881,00.html

FIRST 2010! dave (Mar 02)
I'm giving a keynote at FIRST 2010. As you might imagine, FIRST is an
incident response conference (largely), and is chaired by Steve Adegbite
(Microsoft). It's in Miami, so I'm skating on home ice, as Justin Seitz
would say.

http://conference.first.org/program/program.aspx

Here's my abstract. I'm promising to "shed light" which will probably be
via a laser pointer!

"""
Incident response happens when your secure...

Month of PHP Security 2010 - CALL FOR PAPERS Stefan Esser (Feb 27)
Month of PHP Security 2010 - CALL FOR PAPERS
--------------------------------------------

Three years ago, in March 2007, the Hardened-PHP project had organized
the Month of PHP Bugs. During one month more than 40 vulnerabilities in
the PHP interpreter were disclosed in order to improve the overall
security of PHP. Now, three years later, SektionEins GmbH will
continue in the same spirit and organize the Month of PHP Security.

The intention of...

dnsmap v0.30 + embedded devices discovery trick Adrian P. (Feb 25)
Hello folks,

Just wanted to let you know that we recently released a new version of dnsmap.

dnsmap is a command line tool originally released in 2006 which helps
discover target subdomains and IP ranges during the initial stages of
an infrastructure pentest. dnsmap is a passive(ish) discovery tool
meant to be used before an actual active attack. It’s an alternative
to other discovery techniques such as whois lookups, scanning large IP
ranges,...

Re: XSS in viewstate Nicolas RUFF (Feb 21)
Hello,

I already had a look at that in the past, and it appears that ViewState
data is encoded using System.Web.UI.LosFormatter (LOS meaning Limited
Object Serialization).

Everything can be found in System.Web.dll (from the .NET Framework). It
might even be available in the source
(http://referencesource.microsoft.com/netframework.aspx).

There is at least one Open Source project that began to reimplement the
serialization logic (but it...

Re: XSS in viewstate David Byrne (Feb 19)
We usually see MAC protection turned off on at least one page during an
assessment. Does this mean that you can always have XSS if MAC
protection is turned off? That would be pretty cool.

I'm not familiar with Expression Language, but the TrustWave advisory
indicates that things can be executed on the server as well. What's the
story there?

-dave
( https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt )

Chris Weber wrote:

Re: XSS in viewstate David Byrne (Feb 19)
In our original advisory, we did comment that Microsoft hinted at this vulnerability in a rather buried document
(http://support.microsoft.com/kb/829743), but we could find no other references to it on Microsoft's website or
anywhere else. While there are plenty of comments about application developers abusing the view state, this is the
first time (as far as we know) that the .Net framework was demonstrated to be vulnerable to XSS through the...

Re: XSS in viewstate dave (Feb 19)
We usually see MAC protection turned off on at least one page during an
assessment. Does this mean that you can always have XSS if MAC
protection is turned off? That would be pretty cool.

I'm not familiar with Expression Language, but the TrustWave advisory
indicates that things can be executed on the server as well. What's the
story there?

-dave
( https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt )

Chris Weber wrote:

Re: XSS in viewstate David Byrne (Feb 19)
http://www.hacking-lab.com/misc/downloads/ViewState_Afames.pdf

This, on first glance, looks real to me. Does anyone have any comments
on it? ViewState is pretty complex and fairly opaque. If I understand
properly, MS does not publish the full specs to it? Maybe the Mono team
found them somewhere?

-dave

Honeypots — Discussions about tracking attackers by setting up decoy honeypots or entire honeynet networks.

[HITB-Announce] HITBSecConf2010 - Dubai Agenda Released Hafez Kamal (Mar 14)
Conference agenda for HITBSecConf2010 - Dubai has been announced!

Welcoming Address by H.E Mohammed Nasser Al-Ghanim (Director General, UAE Telecom Regulatory Authority - TRA) -- TBC

Keynote 1: John Viega (CTO, SaaS, McAfee Inc.) -- A/V Vendors Aren't As Dumb As They Look
Keynote 2: Matt Watchinski (Senior Director of Vulnerability Research, Sourcefire Inc.) -- TBA

1.) Daniel Mende (ERNW GmbH) with Oliver Roeschke (ERNW GmbH) -- Attacking...

Re: DNS honeypots? Jason Ross (Mar 03)
But it would have the advantage of allowing you to capture further
traffic for analysis through whatever tools you choose.

Re: DNS honeypots? Alexandre Dulaunoy (Mar 03)
We have used various techniques to make DNS honeypots. But there is
an easy to do "fake" DNS server using Net::DNS::Nameserver :

http://search.cpan.org/~olaf/Net-DNS/

You can even find a simple example in the POD :

http://search.cpan.org/~olaf/Net-DNS/lib/Net/DNS/Nameserver.pm

If you want to make a low-interaction nameserver, you can filter
the request and answer to limit the malicious queries but still gain
information by doing and...

Re: DNS honeypots? Brent Huston (Mar 03)
Likely nothing today, most malware isn't smart enough to figure that out.

Re: DNS honeypots? Jason Lewis (Mar 03)
Slightly related, I was wondering what might happen if I made every
query to the honeypot resolve back to the honeypot?

Re: DNS honeypots? Brent Huston (Mar 03)
One of the tactics our clients use is that they stand up one of our HoneyPoint Agents on a decoy box and then send all
malicious and failed queries to that IP address. The HoneyPoint Agent then absorbs the traffic for analysis.

You can find a little bit about it from one of our customers here, they wrote it up with us: http://hurl.ws/cbhp

Let me know if that helps!

Re: DNS honeypots? chr1x (Mar 02)
This post looks pretty interesting!

Let's analyze your requirement:

1. Logging malicious queries
2. Reject/Deny any possible dns attack attempt

Well, from my point of view, going from the Honeypot concept which is
track hackers, probably the best way that you can follow is to setup an
IPS instead a Sensor. Personally, I don't see the purpose to have
"Reactive" honeypot if the objective of a honeypot is to be the most
open possible...

Re: DNS honeypots? Jason Lewis (Mar 02)
I just figured I'd setup something to log access and see what shows
up. I wasn't planning on directing traffic to the system.

Re: DNS honeypots? Jason Lewis (Mar 02)
Cool, this is the kind of thing I was thinking of doing. I was hoping
I wouldn't have to reinvent the wheel.

Thanks.

Re: DNS honeypots? Jason Ross (Mar 02)
There's quite a lot of (bad and good) bots "out there" looking for DNS
servers, particularly ones that appear to permit recursive queries to
the Internet. Just leaving a box on the net that meets those criteria
will collect a fair amount of queries.

Re: DNS honeypots? Valdis . Kletnieks (Mar 02)
On Tue, 02 Mar 2010 15:00:43 EST, Jason Lewis said:

Out of curiosity, how do you get traffic directed to the honeypot without
listing it in an NS entry for an SOA? Give it a hostname like ns1.exampe.com
and hope that works?

Re: DNS honeypots? Jason Ross (Mar 02)
Below is how I've got BIND set up in Debian Linux for a similar purpose.
It sends all the queries to a log file, and returns an A record (and MX)
of whatever value you'd like (I used RFC1918 space for this example).

Not sure it's perfect, but it works pretty well for my purposes.

Cheers,

Re: DNS honeypots? Tillmann Werner (Mar 02)
Jason,

No need to run a server, you can simply sniff DNS traffic destined to
that box. If you don't want to send back an ICMP port unreachable
message, just block them using a packet filter.

I have some DNS sniffer code for exactly that purpose I can send to you
off-list if you are interested. tcpdump does the job, too, but mine
integrates DNS processing and logging (for IN/A record queries via UDP).

Tillmann

DNS honeypots? Jason Lewis (Mar 02)
Anyone have any pointers to dns honeypots or maybe just BIND
configurations that would allow logging of malicious queries without
actually executing them?

Honeynet Project Forensic Challenge 2010/2 - browsers under attack christian . seifert (Feb 27)
The Honeynet Project has revived an successful program from the past: The Honeynet Project Forensic Challenge 2010. The
purpose of the Forensic Challenges is to take learning one step farther. Instead of having the Honeynet Project analyze
attacks and share their findings, Forensic Challenges give the security community the opportunity to do so. In the end,
individuals and organizations not only learn about threats, but also learn how to...

MS Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products -- note how most have a prominent and often-misleading "mitigating factors" section.

Microsoft Security Bulletin Major Revisions Microsoft (Mar 09)
********************************************************************
Title: Microsoft Security Bulletin Major Revisions
Issued: March 9, 2010
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS09-033 - Important

Bulletin Information:
=====================

* MS09-033 - Important

-...

Microsoft Security Bulletin Summary for March 2010 Microsoft (Mar 09)
********************************************************************
Microsoft Security Bulletin Summary for March 2010
Issued: March 9, 2010
********************************************************************

This bulletin summary lists security bulletins released for
March 2010.

The full version of the Microsoft Security Bulletin Summary for
March 2010 can be found at
http://www.microsoft.com/technet/security/bulletin/ms10-mar.mspx.

With...

Microsoft Security Bulletin Summary for February 2010 Microsoft (Feb 09)
********************************************************************
Microsoft Security Bulletin Summary for February 2010
Issued: February 9, 2010
********************************************************************

This bulletin summary lists security bulletins released for
February 2010.

The full version of the Microsoft Security Bulletin Summary for
February 2010 can be found at...

Microsoft Security Bulletin Summary for January 2010 Microsoft (Jan 21)
********************************************************************
Microsoft Security Bulletin Summary for January 2010
Issued: January 21, 2010
********************************************************************

This bulletin summary lists the out-of-band security bulletin
released on January 21, 2010.

The full version of the Microsoft Security Bulletin Summary for
January 2010 can be found at...

Microsoft Security Bulletin Major Revision Microsoft (Jan 14)
********************************************************************
Title: Microsoft Security Bulletin Major Revision
Issued: January 13, 2010
********************************************************************

Summary
=======
The following bulletin has undergone a major revision increment.

* MS09-073 - Important

Bulletin Information:
=====================

* MS09-073 - Important

-...

Microsoft Security Bulletin Summary for January 2010 Microsoft (Jan 12)
********************************************************************
Microsoft Security Bulletin Summary for January 2010
Issued: January 12, 2010
********************************************************************

This bulletin summary lists security bulletins released for
January 2010.

The full version of the Microsoft Security Bulletin Summary for
January 2010 can be found at
http://www.microsoft.com/technet/security/bulletin/ms10-jan.mspx....

Microsoft Security Bulletin Re-Release Microsoft (Jan 12)
********************************************************************
Title: Microsoft Security Bulletin Re-Release
Issued: January 12, 2010
********************************************************************

Summary
=======
The following bulletin has undergone a major revision increment.

* MS09-035 - Moderate

Bulletin Information:
=====================

* MS09-035 - Moderate

-...

Microsoft Security Bulletin Major Revisions Microsoft (Dec 08)
********************************************************************
Title: Microsoft Security Bulletin Major Revisions
Issued: December 8, 2009
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS08-037 - Important

Bulletin Information:
=====================

* MS08-037 - Important...

Microsoft Security Bulletin Summary for December 2009 Microsoft (Dec 08)
********************************************************************
Microsoft Security Bulletin Summary for December 2009
Issued: December 8, 2009
********************************************************************

This bulletin summary lists security bulletins released for
December 2009.

The full version of the Microsoft Security Bulletin Summary for
December 2009 can be found at...

Microsoft Security Bulletin Major Revisions Microsoft (Nov 24)
********************************************************************
Title: Microsoft Security Bulletin Major Revisions
Issued: November 24, 2009
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS08-076 - Important

Bulletin Information:
=====================

* MS08-076 - Important...

Microsoft Security Bulletin Major Revisions Microsoft (Nov 10)
********************************************************************
Title: Microsoft Security Bulletin Major Revisions
Issued: November 10, 2009
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS09-051 - Critical
* MS09-045 - Critical

Bulletin Information:
=====================

*...

Microsoft Security Bulletin Summary for November 2009 Microsoft (Nov 10)
********************************************************************
Microsoft Security Bulletin Summary for November 2009
Issued: November 10, 2009
********************************************************************

This bulletin summary lists security bulletins released for
November 2009.

The full version of the Microsoft Security Bulletin Summary for
November 2009 can be found at...

Microsoft Security Bulletin Advance Notification for November 2009 Microsoft (Nov 05)
********************************************************************
Microsoft Security Bulletin Advance Notification for November 2009
Issued: November 5, 2009
********************************************************************

This is an advance notification of security bulletins that
Microsoft is intending to release on November 10, 2009.

The full version of the Microsoft Security Bulletin Advance
Notification for November 2009 can be found...

Microsoft Security Bulletin Major Revisions Microsoft (Nov 03)
********************************************************************
Title: Microsoft Security Bulletin Major Revisions
Issued: November 2, 2009
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS09-054 - Critical

Bulletin Information:
=====================

* MS09-054 - Critical

-...

Microsoft Security Bulletin Major Revisions Microsoft (Oct 28)
********************************************************************
Title: Microsoft Security Bulletin Major Revisions
Issued: October 28, 2009
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS09-062 - Critical

Bulletin Information:
=====================

* MS09-062 - Critical

-...

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

Re: Slightly icky new biometric Rob, grandpa of Ryan, Trevor, Devon & Hannah (Mar 19)
Date sent: Fri, 19 Mar 2010 09:11:15 -0400
From: Rich Kulawiec <rsk () gsp org>

It might even come out looking ergonomic.

====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
You were there, you had the hat, you did the job. That was a
basic rule of witchery: It's up to you.
- `A Hat...

Re: FW: Facebook may get 'panic button' Tomas L. Byrnes (Mar 19)
OK, for "solves" substitute "pretends to solve". I didn't mean that it
was going to work. I was just pointing out the logic behind it.

I'm not in favor. Frankly, I think a big part of why really important
crimes like the attempted rape of Ms. Moncayo go uninvestigated is task
overloading on the police.

They're being used as babysitters to protect people from themselves, and
enforce polity, instead of focusing on catching and...

Re: FBI embeds cyber-investigators in Ukraine and Estonia robert_mcmillan (Mar 19)
One agent can do a lot to move a particular case forward, as Andy Crocker
did in Russia. I think we forget about the importance of the human element
sometimes. In Romania, they moved more agents in as they got closer to the
bust, and they did end up arresting a lot of people there. On the other
hand, you're right that the scope of the problem exceeds these resources.
Another good question: even if you get arrests, what is it going to take to
get...

Re: Using laser to fingerprint paper Valdis . Kletnieks (Mar 19)
On Sat, 20 Mar 2010 00:11:46 +0900, Peter Evans said:

Rule 34.

Re: Slightly icky new biometric Valdis . Kletnieks (Mar 19)
On Thu, 18 Mar 2010 23:26:16 PDT, "Tomas L. Byrnes" said:

Read what I said. "after the bleach you'll still have roughly that same mix".
If you have 40 million times more A than E, after bleach you'll *still* have a
lot more A than E, unless A is a wimp and E is a statistical outlier on the
hardy end. And that sort of thing happens. Even after bleach, there will be A
left on your hands, and you'll leave A all over the place....

Re: Slightly icky new biometric Martin Tomasek (Mar 19)
Autoclave? Use plasma torch. The beast can make temperatures up to 30000K.

Re: Slightly icky new biometric Rich Kulawiec (Mar 19)
Bleach? Bah. Put the keyboard in an autoclave.

---Rsk

Re: Viacom uploads *and* sues? Valdis . Kletnieks (Mar 19)
On Fri, 19 Mar 2010 12:06:38 -0000, Drsolly said:

I don't have the movie handy, but I remember it as him saying it, and
http://www.imdb.com/title/tt0071230/quotes says he did, and I can't see
Mel Brooks *not* going over the top. No way the line would say "darkie"
instead. ;)

Re: Viacom uploads *and* sues? Drsolly (Mar 19)
I don't think he said "n-word".

Re: FW: Facebook may get 'panic button' Dave Paris (Mar 19)
Eff this button idea. Facebook didn't force these two people to meet.
If the kid's internal creep-o-meter didn't go off and make her turn
around, running, in REAL life, there's no way in hell she would have
clicked a stupid eff'ing "panic button" on a website. Early warning
only works on detectable threats.

Having been on the receiving end of a serial do-gooder, I can guarantee
that absolutely *no* good will come from this...

Re: Using laser to fingerprint paper Dan Kaminsky (Mar 19)
So, it's actually really funny. All biometric hashes are roughly
reversible.

The reason why, is that they are similarity metrics: They describe a series
of vectors in multidimensional space, and the input is distance-checked
against those vectors.

If the input is close enough to the hash, it's treated as a match.

The thing is, the return value is not a binary "match" or "no match", as you
might get from a cryptographic...

Re: Using laser to fingerprint paper Wim Lewis (Mar 19)
Amour with lasers? A favorite of Pepe le Pew Pew Pew, no doubt.

Re: Using laser to fingerprint paper Michal Zalewski (Mar 19)
Well, a laser pointer is not particularly special, too ;-)

/mz

Re: FW: Facebook may get 'panic button' Dan Kaminsky (Mar 19)
Yes, because if there's one thing that's going to make the police stand up,
it's a panic button on a website rather than a police report in their hand.

Re: Why Penn CISO's Firing is Bad for All of Us Michal Zalewski (Mar 19)
Irrelevant, but:

"And this is a network that was seeing more than a billion security
events a month in 2007."

Counting every bit separately, I presume?

/mz

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, bulletins, tips, and current activity lists.

Current Activity - CA Releases Updates for ARCserve Backup Current Activity (Mar 19)
US-CERT Current Activity

CA Releases Updates for ARCserve Backup

Original release date: March 19, 2010 at 8:33 am
Last revised: March 19, 2010 at 8:33 am

CA has released updates to address vulnerabilities in the version of
Java JRE bundled with ARCserve Backup. These vulnerabilities in Java
JRE may allow an attacker to execute arbitrary code, bypass security
restrictions, cause a denial-of-service condition, or obtain sensitive
information....

Current Activity - Zeus Trojan Campaign Warning Current Activity (Mar 17)
US-CERT Current Activity

Zeus Trojan Campaign Warning

Original release date: March 17, 2010 at 1:52 pm
Last revised: March 17, 2010 at 1:52 pm

US-CERT is aware of public reports of malicious code circulating via
spam email messages impersonating the Department of Homeland Security
(DHS). The attacks arrive via unsolicited email messages that may
contain subject lines related to DHS or other government activity.
These messages may contain a...

SB10-074 -- Vulnerability Summary for the Week of March 8, 2010 US-CERT Security Bulletins (Mar 15)
Vulnerability Summary for the Week of March 8, 2010

This bulletin provides a summary of new vulnerabilities that have been
recorded by the National Institute of Standards and Technology (NIST)
National Vulnerability Database (NVD) the week of March 8, 2010. It is
available here:

http://www.us-cert.gov/cas/bulletins/SB10-074.html

For instructions on subscribing to or unsubscribing from this
mailing list, visit <...

Current Activity - Apple Releases Safari 4.0.5 Current Activity (Mar 12)
US-CERT Current Activity

Apple Releases Safari 4.0.5

Original release date: March 12, 2010 at 8:32 am
Last revised: March 12, 2010 at 8:32 am

Apple has released Safari 4.0.5 to address multiple vulnerabilities in
ColorSync, ImageIO, PubSub, Safari, and WebKit. These vulnerabilities
may allow a remote attacker to execute arbitrary code, cause a
denial-of-service condition, obtain sensitive information, or bypass
security restrictions.

US-CERT...

Cyber Security Tip ST05-003 -- Securing Wireless Networks US-CERT Security Tips (Mar 11)
Cyber Security Tip ST05-003
Securing Wireless Networks

Wireless networks are becoming increasingly popular, but they introduce
additional security risks. If you have a wireless network, make sure to take
appropriate precautions to protect your information.

How do wireless networks work?

As the name suggests, wireless networks, sometimes called WiFi, allow you to
connect to the...

TA10-068A -- Microsoft Updates for Multiple Vulnerabilities US-CERT Technical Alerts (Mar 09)
National Cyber Alert System

Technical Cyber Security Alert TA10-068A

Microsoft Updates for Multiple Vulnerabilities

Original release date:
Last revised: --
Source: US-CERT

Systems Affected

* Microsoft Windows
* Microsoft Office

Overview

Microsoft has released updates to address vulnerabilities in
Microsoft Windows and Microsoft Office.

I. Description

Microsoft has released...

Current Activity - Microsoft Releases March Security Bulletin Current Activity (Mar 09)
US-CERT Current Activity

Microsoft Releases March Security Bulletin

Original release date: March 9, 2010 at 1:44 pm
Last revised: March 9, 2010 at 1:44 pm

Microsoft has released an update to address vulnerabilities in
Microsoft Windows and Office as part of the Microsoft Security
Bulletin Summary for March 2010. These vulnerabilities may allow an
attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the...

SB10-067 -- Vulnerability Summary for the Week of March 1, 2010 US-CERT Security Bulletins (Mar 08)
Vulnerability Summary for the Week of March 1, 2010

This bulletin provides a summary of new vulnerabilities that have been
recorded by the National Institute of Standards and Technology (NIST)
National Vulnerability Database (NVD) the week of March 1, 2010. It is
available here:

http://www.us-cert.gov/cas/bulletins/SB10-067.html

For instructions on subscribing to or unsubscribing from this
mailing list, visit <...

Current Activity - Energizer DUO USB Battery Charger Software Allows Remote System Access Current Activity (Mar 08)
US-CERT Current Activity

Energizer DUO USB Battery Charger Software Allows Remote System Access

Original release date: March 8, 2010 at 10:26 am
Last revised: March 8, 2010 at 10:26 am

US-CERT is aware of a backdoor in the software for the Energizer DUO
USB battery charger. This backdoor may allow a remote attacker to list
directories, send and receive files, and execute programs on an
affected system. The software, which has been...

New US-CERT PGP Key US-CERT Technical Alerts (Mar 05)
New US-CERT PGP Key

US-CERT has generated a new US-CERT Publications PGP key. We use this
key to sign all publications, including documents sent to this list.
Effective immediately, this new key (key ID 0x093916B7) is available
and will be valid until Saturday, October 1, 2011. This key replaces the
current PGP key (key ID 0xBEE871AC).

To obtain further information or to download the new
US-CERT publications PGP key, please visit

<...

New US-CERT PGP Key US-CERT Security Bulletins (Mar 05)
New US-CERT PGP Key

US-CERT has generated a new US-CERT Publications PGP key. We use this
key to sign all publications, including documents sent to this list.
Effective immediately, this new key (key ID 0x093916B7) is available
and will be valid until Saturday, October 1, 2011. This key replaces the
current PGP key (key ID 0xBEE871AC).

To obtain further information or to download the new
US-CERT publications PGP key, please visit

<...

Cyber Security Tip -- New US-CERT PGP Key US-CERT Security Tips (Mar 05)
New US-CERT PGP Key

US-CERT has generated a new US-CERT Publications PGP key. We use this
key to sign all publications, including documents sent to this list.
Effective immediately, this new key (key ID 0x093916B7) is available
and will be valid until Saturday, October 1, 2011. This key replaces the
current PGP key (key ID 0xBEE871AC).

To obtain further information or to download the new
US-CERT publications PGP key, please visit

<...

Current Activity - Cisco Releases Multiple Security Advisories Current Activity (Mar 04)
US-CERT Current Activity

Cisco Releases Multiple Security Advisories

Original release date: March 4, 2010 at 6:00 pm
Last revised: March 4, 2010 at 6:00 pm

Cisco has released three security advisories to address
vulnerabilities.

Security advisory cisco-sa-20100303-cucm, addresses multiple
vulnerabilities in the Cisco Unified Communications Manager which
affect the Session Initiation Protocol (SIP), Skinny Client Control
Protocol (SCCP), and...

Current Activity - Microsoft Releases Advance Notification for March Security Bulletin Current Activity (Mar 04)
US-CERT Current Activity

Microsoft Releases Advance Notification for March Security Bulletin

Original release date: March 4, 2010 at 1:57 pm
Last revised: March 4, 2010 at 1:57 pm

Microsoft has issued a Security Bulletin Advance Notification,
indicating that its March release cycle will contain two bulletins.
These bulletins will have a severity rating of Important and will be
for Microsoft Windows and Microsoft Office. Release of these...

Current Activity - Microsoft Re-Releases Security Bulletin MS10-015 Current Activity (Mar 03)
US-CERT Current Activity

Microsoft Re-Releases Security Bulletin MS10-015

Original release date: March 3, 2010 at 10:02 am
Last revised: March 3, 2010 at 10:02 am

Microsoft has re-released the security update described in Microsoft
Security Bulletin MS10-015. This release contains an updated
installation package that does not allow the security update to be
installed on computers infected with malicious code. Microsoft has
also released a...

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

CVE Request -- Sahana -- v0.6.2.2 -- Authentication bypass via "acl_enable_acl" URLs Jan Lieskovsky (Mar 19)
Hi Steve, vendors,

Christopher showed:
[1] http://archives.neohapsis.com/archives/bugtraq/2010-03/0156.html

a deficiency in the way, Sahana disaster management system
performed user authentication. Visiting a certain URL
would allow an attacker to view (and potentially modify)
information, which should be otherwise protected by authentication.

Upstream bug report:
[2]...

Re: CVE Request -- Unbound v1.4.3 -- 64 bit platforms specific remote DoS Vincent Danen (Mar 18)
* [2010-03-18 14:59:53 -0400] Steven M. Christey wrote:

Perfect. Thanks, Steve.

Re: CVE Request -- Unbound v1.4.3 -- 64 bit platforms specific remote DoS Steven M. Christey (Mar 18)
CVE-2010-0735 is going to be marked for rejection so it should not be used
for any issue. CVE-2010-0969 will be updated accordingly.

- Steve

CVE Request -- Transmission v1.92 Jan Lieskovsky (Mar 17)
Hi Steve, vendors,

Transmission upstream has recently released latest, v1.92 version:
[1] http://trac.transmissionbt.com/wiki/Changes

fixing one (potentially two) security issues:
a, Fix potential buffer overflow when adding maliciously-crafted magnet links

References:
[2] http://trac.transmissionbt.com/ticket/2965
[3] http://trac.transmissionbt.com/wiki/Changes
[4]...

Re: CVE Request: libesmtp does not check NULL bytes in commonName Emily Ratliff (Mar 17)
Return Receipt

Your Re: [oss-security] CVE Request: libesmtp does not check NULL
document: bytes in commonName

was emilyr () us ibm com
received...

CVE id request: ikiwiki Nico Golde (Mar 17)
Hi,
"javascript insertion via svg uris

Ivan Shmakov pointed out that the htmlscrubber allowed data:image/* urls,
including data:image/svg+xml. But svg can contain javascript, so that is
unsafe."
http://ikiwiki.info/security/#index30h2

Can someone please assign a CVE id to this?

Cheers
Nico

Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 17)
..and for EV certificates processing (for which we should turn wildcards
off completely), are those of any use beyond web applications?

Re: CVE-2009-4271 kernel: 32bit process on 64bit system DoS Marcus Meissner (Mar 17)
Would this be a valid reproducer? :

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/mman.h>

int main(){
FILE *f;
char line[256];
void *x,*y;

f = fopen("/proc/self/maps","r");
if (!f) exit(1);

x=y=NULL;
while (fgets(line,sizeof(line),f)) {
if (strstr(line,"vdso")) {...

Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 17)
Ludwig Nussel wrote:

They are permitted in some contexts but not in actual domain names, for
example a SRV record question to a name server contains stuff like
_smtp._tcp.host.example.org The host.example.org section is forbidden
from using _ but obviously the name server itself supports it so it can
handle the _smtp._tcp components. I am assuming that since we're
validating domain names and not name server queries, the _ is forbidden...

Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 17)
ArkanoiD wrote:

Many self-signed certificates seem to have an email address as leaf
RDN. I guess that's because openssl's CA.sh asks for the mail
address. So with that additional constraint the scary warning
dialogs for self-signed certs are going to be even more confusing in
the future.

cu
Ludwig

Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 17)
Formally, they are not. But de facto they are there for a long time.

Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 17)
Brian Stafford wrote:

AFAIK underlines are not allowed in DNS. I'm sure someone knows the
RFC for that too :-)

cu
Ludwig

Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 17)
All

I've reviewed Ludwig's patch again in light of various issues in recent
discussion. I have attached a patch incorporating this and one further
modification.

Since both the original and patched versions of match_component()
implement wildcards rather less liberally than RFC 2818 implies, I
decided to move towards the approach in the I-D. match_component() now
accepts either a string or a single wildcard '*'. Matched characters
are...

CVE-2010-0008 kernel: sctp remote denial of service Eugene Teo (Mar 16)
Telesys Software reported a flaw was found in the sctp_rcv_ootb()
function in the Linux kernel Stream Control Transmission Protocol (SCTP)
implementation. A remote attacker could send a specially-crafted SCTP
packet to a target system, resulting in a denial of service.

https://bugzilla.redhat.com/CVE-2010-0008
http://git.kernel.org/linus/ece25dfa0991f65c4e1d26beb1c3c45bda4239b8

Thanks, Eugene

CVE-2009-4271 kernel: 32bit process on 64bit system DoS Eugene Teo (Mar 16)
STMicroelectronics reported a flaw in the Linux kernel, versions 2.6.9
to 2.6.17, when running on x86_64, where a user could use a regular
32bit process to trigger a kernel panic, without any special privileges.
The bug occurs when a 32bit user process triggers a segfault (i.e.
de-reference a null-pointer) after having performed a mprotect() to
restrict any rwx access on its VDSO page.

This only affects Red Hat Enterprise Linux 4....

Internet Issues and Infrastructure

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

Re: NSP-SEC Hank Nussbacher (Mar 20)
If I was such a clever 15 year old I would go to Google and enter
"contacting cisco ios security"
which would lead me to ->
http://www.cisco.com/en/US/products/products_security_advisories_listing.html
which would lead me to ->
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Same exercise can be repeated for most vendors you can choose.

-Hank

Re: NSP-SEC Justin M. Streiner (Mar 20)
Report the issue to the vendor? This is pretty common practice today.

jms

Re: NSP-SEC William Pitcock (Mar 20)
That is not what I mean and you know it.

What I mean is: why can't anyone contribute valuable information to the
security community? It is next to impossible to meet so-called 'trusted
people' if you're new to the game, which is counter-productive.

If you're a 15 year old kid and you just discovered a way to own the
latest IOS, for example, how do you know who to tell about it?

William

Re: NSP-SEC Hank Nussbacher (Mar 20)
How exactly would being transparent for the following help Internet
security:

"I am seeing a new malware infection vector via port 91714 coming from the
IP range of 32.0.0.0/8 that installs a rootkit after visiting the web page
http://www.trythisoutnow.com/. In addition, it has credit card and pswd
stealing capabilities and sends the details to a maildrop at
trythisoutnow () gmail com"

The only upside of being transparent is...

Re: ISC DHCP server failover Dan White (Mar 20)
I don't want to defend bad code where it may exist, but I view the problems
we've encountered with ISC DHCP to be minor compared to the benefits.

It may not be fair to compare DHCP failover to redundancy in a routing
scenario. In a routing failure, I'd be highly motivated to find the root
cause, open tickets, and get the problem fixed.

In a scenario where a couple of customers are unable to pull an IP address,
every few months, I'm OK with...

IPtv solutions Rashed Alwarrag (Mar 20)
Dear Nanog
I am interested in IPtv solutions so Can anybody advice me what is the best IPTv products/solutions that is Widely
deployed in most of the Service provider and if they have courses available ?
Thanks a lot

Rashed Alwarrag
Applied Technologies

IPtv solutions Rashed Alwarrag (Mar 20)
Dear Nanog
I am interested in IPtv solutions so Can anybody advice me what is the best IPTv products/solutions that is wildly
deployed in most of the Service provider and if they have courses available ?
Thanks a lot

Rashed Alwarrag
Applied Technologies

Re: Using private APNIC range in US Łukasz Bromirski (Mar 20)
A lot of cheap, low-end devices (sometimes with names of well-know
vendors) use IPs like 1.1.1.1 and 1.2.3.4 as captive portal IPs to
authenticate connecting clients. A lot of "WLAN hotspots" users will
have problems reaching 1/8 unless they connect via VPN to corporate
and browse from there or something like that. The question is how
soon 1/8 will have interesting content to serve, as I know at least
one popular hotel chain in Europe...

Help with a 3561 debug Jess Kitchen (Mar 20)
Hello,

If anyone is single homed via Savvis AS3561 that could spare a minute to
help with a couple of mtr/tcptraceroute/iperfs that would be great- trying
to drill down a peculiar and intermittent issue that has been occurring
since some time Thursday (packets indescriminately dropped on the floor
but only on particular paths)

Please mail offlist, thanks

Re: ISC DHCP server failover sthaug (Mar 20)
Note that this method of handling failover is inherent in the original
DHCP failover design. See

http://tools.ietf.org/id/draft-ietf-dhc-failover-12.txt

Specifically, quoting from the above draft,

"While this technique works in some domains, having the only server to
which a DHCP client can communicate voluntarily shut itself down seems
like something worth avoiding.

The failover protocol will operate correctly while both servers...

Re: CRS-3 jim deleskie (Mar 19)
Thats funny, not sure if Cisco sells one or not but back in the day, I
worked @ Avici, and we did in fact have a special jack used to move
the chassis around :)

-jim

Re: CRS-3 Steve Meuse (Mar 19)
Paul Ferguson expunged (fergdawgster () gmail com):

$90k is the price of the special lift jack you need to move them around :)

-Steve

Re: ISC DHCP server failover Mike (Mar 19)
David W. Hankins wrote:

<long explanation snipped>

With all due respect and acknowledgment of the tremendous contributions
of ISC and you yourself Mr. Hankins, I have to comment that failover in
isc-dhcp is broken by design because it requires the amount of
handholding and operator thinking in the event of a failure that you
explained to us at length is required. Failure needs to be handled
automatically and without any intervention...

Re: ISC DHCP server failover David W. Hankins (Mar 19)
If restarting one or both dhcpd processes corrects a pool balancing
problem, then I suspect what you're looking at is a bug where the
servers would fail to schedule a reconnection if the failover socket
is lost in a particular way. Because the protocol also uses a message
exchange inside the TCP channel to determine if the socket is up
(rather than just TCP keepalives) this can sometimes happen even
without a network outage during load spikes or...

Re: NSP-SEC Jorge Amodio (Mar 19)
+1. Does the nomination include a sample ?

J

Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating

Government webpage for every citizen in the race to create a paperless society Dave Farber (Mar 20)
Begin forwarded message:

> From: Brian Randell <Brian.Randell () ncl ac uk>
> Date: March 20, 2010 2:08:15 PM EDT
> To: dave () farber net
> Subject: Government webpage for every citizen in the race to create
> a paperless society
>

> Hi Dave:
>
> From today's (UK) Times newspaper - for IP if you wish.
>
> Cheers
>
> Brian
>
> ---
>
> Government webpage for every citizen in the race to...

Re: Amazon's new publisher: Make Millions from Selling Wikipedia in Print Dave Farber (Mar 20)
>From: "Mike Godwin" <mnemonic () gmail com>
>To: <dave () farber net>
>Cc: "ip" <ip () v2 listbox com>
>Date: March 20, 2010 12:32:30 PM EDT
>Subject: Re: [IP] Amazon's new publisher: Make Millions from Selling Wikipedia in Print
>
>

-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed:...

Amazon's new publisher: Make Millions from Selling Wikipedia in Print Dave Farber (Mar 20)
Begin forwarded message:

> From: "David P. Reed" <dpreed () reed com>
> Date: March 20, 2010 9:40:35 AM EDT
> To: David Farber <dave () farber net>
> Subject: Amazon's new publisher: Make Millions from Selling
> Wikipedia in Print
>

> Dave - this is amazing! Nonsense, but amazing.
>
> I just received in my email the recommendation of the following
> "book"...

Fake PayPal Data Dave Farber (Mar 20)
Begin forwarded message:

> From: Kevin Gainer <kgainer () columbus rr com>
> Date: March 20, 2010 9:36:01 AM EDT
> To: dave () farber net
> Cc: Joel Chow <joel.chow () 10tv com>, Buddysking () aol com, Firebirdfor50 () aol com
> , James Turner <jturne3 () columbus rr com>, Tien-Hsien Chang <chang.108 () osu edu
> >
> Subject: Fake PayPal Data
>

> Dave:
>
> Paypal's on-line "Student...

WORTH READING International Journal of Communication David Farber (Mar 20)
Begin forwarded message:

From: Jonathan Aronson <aronson () usc edu>
Date: March 19, 2010 11:46:48 PM EDT
To: Dave Farber <dave () farber net>
Subject: International Journal of Communication

Dave,

It’s probably worth mentioning that the International Journal of Communication is a high-quality, refereed, online
journal edited by Larry Gross and Manuel Castells at the Annenberg School for Communication and Journalism at the...

David Farber Perspectives on Broadband Research in Universitiesn -- a short film David Farber (Mar 19)
http://kmbvideojournal.com/library/vol23_no4.html

Given as part of THE KMB REPORT ON THE NATIONAL BROADBAND
TELECOM PLAN FOR THE 21ST CENTURY. ( http://kmbvideojournal.com/index.html)

-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com

Amid Vendors' Finger-Pointing, FCC Says: "We Don't Endorse Our Broadband Speed Tests!" Dave Farber (Mar 19)
Begin forwarded message:

> From: Lauren Weinstein <lauren () vortex com>
> Date: March 19, 2010 1:20:46 PM EDT
> To: dave () farber net
> Subject: Amid Vendors' Finger-Pointing, FCC Says: "We Don't Endorse
> Our Broadband Speed Tests!"
>

>
>
> Amid Vendors' Finger-Pointing, FCC Says:
> "We Don't Endorse Our Broadband Speed Tests!"
>
>...

Hot News Doctrine Gets New Life Dave Farber (Mar 19)
Begin forwarded message:

> From: Paul Levy <plevy () citizen org>
> Date: March 19, 2010 1:33:48 PM EDT
> To: dave () farber net
> Subject: Hot News Doctrine Gets New Life
>

> A federal judge in New York has breathed new life into the hoary
> "hot news" doctrine, holding that an online news service that
> specialized in obtaining information about stock recommendations by
> financial services...

added url. Just published The Open Internet: A Customer-Centric Framework David Farber (Mar 19)
International Journal of Communication 4 (2010), 302-342 1932-8036/20100302

The Open Internet: A Customer-Centric Framework

GERALD R. FAULHABER* Wharton School, University of Pennsylvania and Penn Law School

DAVID J. FARBER† Carnegie Mellon University School of Computer Science and Engineering Public Policy

http://ijoc.org/ojs/index.php/ijoc/article/viewFile/727/411

-------------------------------------------
Archives:...

Just published The Open Internet: A Customer-Centric Framework David Farber (Mar 19)
International Journal of Communication 4 (2010), 302-342 1932-8036/20100302

The Open Internet: A Customer-Centric Framework

GERALD R. FAULHABER* Wharton School, University of Pennsylvania and Penn Law School

DAVID J. FARBER† Carnegie Mellon University School of Computer Science and Engineering Public Policy

-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed:...

TSA safety rules come to the federal court in DC David Farber (Mar 19)
The NYC Subway next?? djf

Begin forwarded message:

From: "Paul Levy" <plevy () citizen org>
Date: March 19, 2010 2:04:56 PM EDT
To: <dave () farber net>
Subject: TSA safety rules come to the federal court in DC

Just received this notice from my local federal court. I wonder whether I am going to have to take off my shoes or go
through a full-body scanner next month.

Interesting, though, that court employees don't have...

Amid Vendors' Finger-Pointing, FCC Says: "We Don't Endorse Our Broadband Speed Tests!" David Farber (Mar 19)
Begin forwarded message:

From: Lauren Weinstein <lauren () vortex com>
Date: March 19, 2010 1:20:46 PM EDT
To: dave () farber net
Subject: Amid Vendors' Finger-Pointing, FCC Says: "We Don't Endorse Our Broadband Speed Tests!"

Amid Vendors' Finger-Pointing, FCC Says:
"We Don't Endorse Our Broadband Speed Tests!"

http://lauren.vortex.com/archive/000693.html

Greetings. A...

How Privacy Vanishes Online David Farber (Mar 19)
Begin forwarded message:

From: dewayne () warpspeed com (Dewayne Hendricks)
Date: March 17, 2010 11:49:03 AM EDT
To: Dewayne-Net Technology List <xyzzy () warpspeed com>
Subject: [Dewayne-Net] How Privacy Vanishes Online

March 16, 2010
How Privacy Vanishes Online
By STEVE LOHR
<http://www.nytimes.com/2010/03/17/technology/17privacy.html>

If a stranger came up to you on the street, would you give him your name, Social Security...

Car maker adds geotagging / social networking capabilities to vehicles Dave Farber (Mar 19)
Begin forwarded message:

> From: Jonathan B Spira <jspira () basex com>
> Date: March 19, 2010 10:11:42 AM EDT
> To: David Farber <dave () farber net>
> Subject: Car maker adds geotagging / social networking capabilities
> to vehicles
>

>
> Dave
>
> This is a very interesting development and it's not what it sounds
> like at first glance (i.e. putting Facebook on a screen in the car).
>
>...

Fingerprinting Paper with Laser Dave Farber (Mar 18)
Begin forwarded message:

> From: Gadi Evron <ge () linuxbox org>
> Date: March 18, 2010 11:15:47 AM EDT
> To: dave () farber net
> Subject: Fingerprinting Paper with Laser
>

> Hi Dave, this is for IP.
>
> Gadi.
>
> I saw this release today, and just had to share it with anyone I
> could find.
>
> "Every paper, plastic, metal and ceramic surface is microscopically
> different and has...

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

Risks Digest 25.96 RISKS List Owner (Mar 13)
RISKS-LIST: Risks-Forum Digest Saturday 13 March 2010 Volume 25 : Issue 96

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.96.html>
The current issue can be...

Risks Digest 25.95 RISKS List Owner (Feb 28)
RISKS-LIST: Risks-Forum Digest Sunday 28 February 2010 Volume 25 : Issue 95

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.95.html>
The current issue can be...

Risks Digest 25.94 RISKS List Owner (Feb 14)
RISKS-LIST: Risks-Forum Digest Sunday 14 February 2010 Volume 25 : Issue 94

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.94.html>
The current issue can be...

Risks Digest 25.93 RISKS List Owner (Jan 29)
RISKS-LIST: Risks-Forum Digest Friday 29 January 2010 Volume 25 : Issue 93

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.93.html>
The current issue can be...

Risks Digest 25.92 RISKS List Owner (Jan 26)
RISKS-LIST: Risks-Forum Digest Tuesday 26 January 2010 Volume 25 : Issue 92

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.92.html>
The current issue can be...

Risks Digest 25.91 RISKS List Owner (Jan 19)
RISKS-LIST: Risks-Forum Digest Tuesday 19 January 2010 Volume 25 : Issue 91

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.91.html>
The current issue can be...

Risks Digest 25.90 RISKS List Owner (Jan 08)
RISKS-LIST: Risks-Forum Digest Friday 8 January 2010 Volume 25 : Issue 90

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.90.html>
The current issue can be...

Risks Digest 25.89 RISKS List Owner (Jan 07)
RISKS-LIST: Risks-Forum Digest Thursday 7 January 2010 Volume 25 : Issue 89

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.89.html>
The current issue can be...

Risks Digest 25.88 RISKS List Owner (Dec 26)
RISKS-LIST: Risks-Forum Digest Saturday 26 December 2009 Volume 25 : Issue 88

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.88.html>
The current issue can...

Risks Digest 25.87 RISKS List Owner (Dec 15)
RISKS-LIST: Risks-Forum Digest Tuesday 15 December 2009 Volume 25 : Issue 87

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.87.html>
The current issue can...

Risks Digest 25.86 RISKS List Owner (Dec 14)
RISKS-LIST: Risks-Forum Digest Monday 14 December 2009 Volume 25 : Issue 86

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.86.html>
The current issue can be...

Risks Digest 25.85 RISKS List Owner (Nov 28)
RISKS-LIST: Risks-Forum Digest Saturday 28 November 2009 Volume 25 : Issue 85

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.85.html>
The current issue can...

Risks Digest 25.84 RISKS List Owner (Nov 25)
RISKS-LIST: Risks-Forum Digest Weds 25 November 2009 Volume 25 : Issue 84

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.84.html>
The current issue can be...

Risks Digest 25.83 RISKS List Owner (Nov 06)
RISKS-LIST: Risks-Forum Digest Friday 6 November 2009 Volume 25 : Issue 83

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.83.html>
The current issue can be...

Risks Digest 25.82 RISKS List Owner (Oct 20)
RISKS-LIST: Risks-Forum Digest Tuesday 20 October 2009 Volume 25 : Issue 82

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.82.html>
The current issue can be...

Data Loss — Data Loss covers large-scale personal data loss and theft incidents. This archive combines the main list (news releases) and the discussion list.

Open Source Tool Development

Metasploit — Development discussion for Metasploit, the premier open source remote exploitation tool

FW: msf3 file m4jh0l unkown (Mar 19)
From: h4ck3r.m4jh0l () hotmail com
To: framework-bounces () spool metasploit com
Subject: FW: [framework] msf3 file
Date: Fri, 19 Mar 2010 21:35:38 +0000

Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. Sign up now.

Re: Shikata_ga_nai evasion... NetEvil (Mar 18)
Hi John,

Thanks, nice tip! I'll try this way...

You're right... And I feel a little embarassed cause I'm a programmer
with about 20 years of experience -.-...anyway I totally agree your
point of you...
I'll get my finger dirty with some fresh code ...;)

Thanks!
David

Re: Shikata_ga_nai evasion... John Biondolillo (Mar 18)
I've been able to bypass AV's by writing my own loader, not my own template
file but actually a small program that injects shellcode into memory. So I
use msfpayload to output to C then copy the shellcode into my own loader and
compile and I'm AV free. The other thing you should watch out for is unless
the online scanner has a option to not submit the sample once you upload
something it is submitted to the AV vendors and then they will create...

Re: msf3 file ricky-lee birtles (Mar 18)
agh msf3 is a folder not a file.

You would be better using this command ( svn co
https://www.metasploit.com/svn/framework3/trunk/ msf3/ ) to get the
cutting edge version

Regards,
-- Mr R Birtles

Re: msfencode with javascript HD Moore (Mar 18)
The help output was outdated (now fixed). You can generate it in either
little-endian (x86) or big-endian modes (ppc, most risc, iphone):

$ msfencode -t js_le (or js_be)

msfencode with javascript Dont Know (Mar 18)
hi list,

I'm trying to generate a Javascript payload using msfpayload, and trying to encode it with msfencode
but, i cudnt see 'javascript' option in '-t <opt>' option of msfencode.

maybe, im missing something

Re: Bug report or Feature request socks_unc/route HD Moore (Mar 17)
The socks_unc module is not a real SOCKS proxy and we currently do not
have a SOCKS proxy with the ability to route through Meterpreter. The
backend of Meterpreter now contains all functions necessary to support
it, but its just development time that we are short on right now.

-HD

Re: Error connecting to Nexpose HD Moore (Mar 17)
This indicates your version of NeXpose has not been activated, please
login to the NeXpose web interface, go to Administration -> NeXpose ->
Licensing and make sure your key is activated.

-HD

Re: msf3 file ricky-lee birtles (Mar 17)
The msf3 file? Do you mean msfconsole?

Regards,
-- Mr R Birtles

msf3 file kits1 kits1 (Mar 17)
hi all
i need the msf3 file can someone tell me how can i get it
it didnt came out when i unziped the framework-3.2.tar.gz under Ubuntu Linux 10x :)

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Re: Shikata_ga_nai evasion... NetEvil (Mar 17)
Sent from my mobile device
--------------------------------------

Il giorno 17/mar/2010, alle ore 10.56, Dont Know <dkn4a1 () gmail com> ha
scritto:

Currently I miss to evade symantenc....

That has been always my suspect...I've stopped my submissions

I had no success with that tip unfortunetely...

My conclusions are that I need a better lab for testing :)...and i'm
working on in..

David

Bug report or Feature request socks_unc/route Mark Baggett (Mar 16)
I don't know if this is a bug or a product enhancement, but here it
goes....

I want to use Proxychains to route nmap, nessus and other tcp/udp
tools through a meterpreter session. After I get Meterpreter on a
host as session 1 I want to add a route and use the SOCKS_UNC server
with proxychains. Similar to these vids but instead of an SSH server
use the SOCKS_UNC auxiliary module:...

Error connecting to Nexpose 顺达张 (Mar 16)
Hi all,

After installing Nexpose (download from Metasploit web site), I tried to
connect (using nexpose_connect) to it, but always fail.
I installed Nexpose in windows2003 sp1, run metasploit in local or remote,
errer message was the same:
*Error while running command nexpose_connect: #<RuntimeError: Illegal
character '&' in raw string "*
More detail error messages are in the end of this mail.

Thanks,
Shunda

*The detail error log:*...

Re: Shikata_ga_nai evasion... Menerick, John (Mar 16)
Try changing the name of the file to some reserved filename such as (PRN, AUX, CON, LPT1, LPT2, COM1, COM2, NUL,
CLOCK).exe . That will get you pass the poorly developed AV programs.

John Menerick
http://www.securesql.info

NOTICE: This email and any attachments may contain confidential and proprietary information of NetSuite Inc. and is for
the sole use of the intended recipient for the stated purpose. Any improper use or distribution is...

Re: error connecting to mysql via db_connect HD Moore (Mar 16)
Yes, but this uses unix sockets by default, where you told Metasploit to
use TCP.

-HD

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

Re: Why do I get so many malformed packets Bill Meier (Mar 20)
János Löbb wrote:

The short answer: In the first capture file many/most frames are missing
the last 4 bytes.

Did you do the two captures in exactly the same way ??

I've no idea why the first capture has many frames with missing bytes.

Something to do with capturing under VMWare ??

Some kind of issue wherein something in the capture path thought the
last 4 bytes were an ethernet FCS and removed them ??

(Maybe someone else (Guy Harris ?)...

Re: Wireshark in Network - Windows/Linux Hobbe (Mar 20)
Well IF and i say IF the problem you are having is that people are sniffing
it is actually quite easy to come around that by simply makeing the client
sit on a L3 (routed) net with that client and the router beeing the only
ones at that network.
That will make all passive sniffing imposible.

To sniff on such a network you would have to have control over the network
infrastructure and well if they have that then it is game over anyway.

The...

Why do I get so many malformed packets János Löbb (Mar 20)
Hi,

We have some intermittent "slowdown" issues at a particular location.
Users connecting to DFS drives by going through two firewalls
experience serious slowdowns of their machine. Shortly after they
disconnect from the DFS drives the machines regain their vigor. I
went through the following theories:

1. The communication is hindered by one of the firewalls, so the
machine listens a lot for network traffic and that is...

jitter calculation example on wireshark wiki capricorn 80 (Mar 20)
Hi!
The jitter calculation in aaa.pcap is done on the user side or server side?
As asterisk pbx uses centralized based approach in which every communication goes from server not like skype. Is it
possible to calculate jitter by running wireshark on the server?
Regards,

Capture traffic on a "Microsoft loopback interface" evald ibrahimi (Mar 20)
Hello everybody,

I need to capture the traffic between an application and a loopback interface. Both application and loopback interface
are installed on the same machine(windows xp). It is the application itself that during its installation has created
the "microsoft loopback".
This is an application that controls an hardware. The last is connected with a serial port(RS-232).
I believe that the software sends the command to loopback...

Re: Wireshark in Network - Windows/Linux bart sikkes (Mar 20)
Hello Karthik ,

I have been following your answers and remarks for some time now and
wonder what your goal / reason behind this search for sniffer
detection is? the whole nature of sniffing, it being a passive action,
means that it is in principle not possible to detect remotely (some
exceptions as mentioned, but those don't detect sniffers but detect a
certain network card setting and can also be fooled.)

for the rest i agree with ronnie, it...

Re: Wireshark in Network - Windows/Linux Karthik Balaguru (Mar 20)
I have been searching for these tools. I did come across other tools that
help in detection of a system in promiscuous mode such as the following -

1. Sentinel
( Supports 3 methods of remote promiscuous detection: The DNS test,
Etherping test, ARP test. -a arp test, -d dns test,-e icmp etherping test.)

2. neped.c - http://www.artofhacking.com/tucops/hack/unix/live/aoh_neped.htm
( Network Promiscuous Ethernet Detector w.r.t Linux -...

Re: Using DISSECTOR_SUPPORT_SRC Sourabh Rathor (Mar 19)
I think the problem is that you are trying to extern a static variable.
Static variable has a scope in its own file and can't be accessed anywhere
else...

On Sat, Mar 20, 2010 at 1:13 AM, Jeremy O'Brien <obrien654j () gmail com>wrote:

buildbot failure in Wireshark (development) on Windows-7-x64 buildbot-no-reply (Mar 19)
The Buildbot has detected a new failure of Windows-7-x64 on Wireshark (development).
Full details are available at:
http://buildbot.wireshark.org/trunk/builders/Windows-7-x64/builds/548

Buildbot URL: http://buildbot.wireshark.org/trunk/

Buildslave for this Build: windows-7-x64

Build Reason:
Build Source Stamp: 32248
Blamelist: jake

BUILD FAILED: failed nmake all

sincerely,
-The Buildbot

buildbot failure in Wireshark (development) on Windows-XP-x86 buildbot-no-reply (Mar 19)
The Buildbot has detected a new failure of Windows-XP-x86 on Wireshark (development).
Full details are available at:
http://buildbot.wireshark.org/trunk/builders/Windows-XP-x86/builds/1167

Buildbot URL: http://buildbot.wireshark.org/trunk/

Buildslave for this Build: windows-xp-x86

Build Reason:
Build Source Stamp: 32246
Blamelist: guy

BUILD FAILED: failed failed slave lost

sincerely,
-The Buildbot

Re: Tool to compare dumps from two hosts and highlight inconsistencies Sake Blok (Mar 19)
And wireshark (a recent development version) is also capable of comparing tracefiles. See the following bugs:

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2589
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3724

Cheers,

Sake

Re: Using DISSECTOR_SUPPORT_SRC Jaap Keuter (Mar 19)
Hi,

Jeremy O'Brien wrote:

Keeping it module static? Then there's no visibility outside the module, hence
you can't link to it.

Re: Using DISSECTOR_SUPPORT_SRC Bill Meier (Mar 19)
Jeremy O'Brien wrote:

Bingo ! (iow: keeping it not global)

declared an extern to it in the original file, and

Using DISSECTOR_SUPPORT_SRC Jeremy O'Brien (Mar 19)
Hello,

I have a perfectly working dissector, but I wanted to move a very
large struct I have in it into its own C file. So I moved it (still
keeping it static), declared an extern to it in the original file, and
added the new c file to DISSECTOR_SUPPORT_SRC in Makefile.common in my
plugin's directory. After (re)compiling wireshark, I get an undefined
symbol error at runtime referencing this moved struct. So I tried
moving the filename into...

Re: Tool to compare dumps from two hosts and highlight inconsistencies Jeff Morriss (Mar 19)
Guy Harris wrote:

True, done.

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

Re: config quiet not working Lee Clemens (Mar 20)
That does seem to be the behavior I am seeing, but the manual shows "config
quiet" and "snort -q" as being the same.

Maybe the documentation should not show these two as equivalent? (I will
test again on another environment on Monday, I thought config quiet got rid
of the message below as well and -q was not necessary, but I need to
confirm).

-----Original Message-----
From: Martin Roesch [mailto:roesch () sourcefire com]...

Re: config quiet not working Martin Roesch (Mar 20)
IIRC the snort.conf is loaded after a bunch of subsystems initialize,
once it's loaded Snort should be quiet but until then the switch
hasn't been set. If you want quiet-mode from the get go use the -q
switch.

Marty

config quiet not working Lee Clemens (Mar 20)
Hello,

I am running Snort 2.8.5.3 on Linux Kernel 2.6.x.

My snort.conf contains "config quiet" and I am using -c <snort.conf path> to
start.

However, unless I use -q on the command line, I see startup info, starting
with (I would think config quiet would eliminate the need to use -q):

Running in IDS mode

--== Initializing Snort ==--
Initializing Output Plugins!
<snip>

Thanks,
Lee...

Any using snort on solaris 10 with zones Greg Cope (Mar 20)
Hi all,

I have a requirement to monitor "all traffic" (pci req 11). The vlan
in question has 2 hosts. A single windows host (physical) and a
solaris 10 host run a small number of zones.

I know solaris zones pose a challenge as interzone trafic will not go
to the wire with shared IP. Although not ideal interzone traffic
should be trusted and I am more conceded with exterior traffic.

There are few services to monitor an so...

Re: Errors in the Snort manual Joel Esler (Mar 19)
We've had a few ideas around this area already. Something very
similar. Stay tuned!

Re: Snort & Barnyard init.d script for Debian Crook, Parker (Mar 19)
Good afternoon everyone,

So my previous post just goes to show why exactly I should not post to mailing lists in the morning...

Under the single interface startup section, I noticed I placed a double dollar on the -w $LOGDIR/$WALDO section as seen
below:

/usr/local/bin/barnyard2 -D -c $BARN_CONF/barnyard2.conf -G $GEN_MSG -S $SID_MSG -d $LOGDIR -f $ALERTFILE -w
$$LOGDIR/$WALDO -u $USER -g $GROUP

So that line should read:...

Re: Errors in the Snort manual Jason Wallace (Mar 19)
Russ Combs wrote:

"Hopefully we will get more time to update the open source manual."

Joel Esler wrote:

"While we invest millions of dollars worth of company time, resources,
and money improving a resource that we give away for free, we rely on
you guys, the Snort Community, to take a look as well."

------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval...

Re: Errors in the Snort manual Russ Combs (Mar 19)
FYI - I've opened a bug on this to hopefully give it a little impetus.

------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev...

Re: Errors in the Snort manual Joel Esler (Mar 19)
Evilghost,

Please remember, we are being thankful. Snort is an open-source program, and this is how we get updates to software
and/or the manual. While we invest millions of dollars worth of company time, resources, and money improving a
resource that we give away for free, we rely on you guys, the Snort Community, to take a look as well.

J

Re: Errors in the Snort manual evilghost () packetmail net (Mar 19)
Thanks Russ, it truly was meant as constructive, there are times where
it's difficult to empathize with your community based on limitations of
perception. This may be the case here; perhaps Sourcefire does not see
the vital importance of this manual. I'm not subtle but neither is reality.

Sadly, I will decline the invitation but sincerely appreciate the
offer. Time is scarce and what little I have free I tend to allocate
towards...

Re: Errors in the Snort manual Russ Combs (Mar 19)
Thanks for the constructive criticism. Hopefully we will get more time to
update the open source manual. In the meantime, evilghost, you have
demonstrated a flair for writing so please feel free to contribute updates
to the manual.

Russ

------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and...

Re: Errors in the Snort manual evilghost () packetmail net (Mar 19)
Hey Mike, it looks like this should go to snort-team () sourcefire com so
I'm CCing them to this E-Mail. This should be more than embarrassing.
If I can soap-box for a minute I would think the accuracy of the manual
should be paramount; it should be the definitive authoritative source
for Snort, not a loose association of blogs, web posts, mailing-list
content, etc where it ends up being a sadistic chose your own adventure
style learning...

Errors in the Snort manual Mike Cox (Mar 19)
Again, not trying to be pedantic but I was playing around with a popular
spell checking tool and found the following errors in the Snort 2.8.5.1
manual:

Page 13, the word "substitue" should be "substitute".

Page 16, the word "specifiy" should be "specify".

Page 16, the word "specifiy" should be "specify".

Page 26, the word "occurr" should be "occur".

Page 32, the...

Snort & Barnyard init.d script for Debian Crook, Parker (Mar 19)
Howdy fellow Snortheads,

I apologize for the long post this morning, and I really hope I am not reinventing the wheel with this, but hopefully I
am helping somebody out there. I retasked the /etc/init.d/snortd script for Fedora over to Debian and included some
changes to control barnyard as well (this also includes a new section that I dropped into the /etc/sysconfig/snort
file, so I will start here with just the additional lines to the...

Re: How many ports is considered a portsweep/portscan? Russ Combs (Mar 19)
What version of Snort are you using? The latest version has event_filters
that may do exactly what you want. Check out the README.filters for more.

------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high...

More Lists

Related Resources

We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.