SecLists.Org Security Mailing List Archive

Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:

Insecure.Org Lists

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

New VA Modules: OpenVAS: 18, MSF: 2, Nessus: 6 New VA Module Alert Service (Jun 19)
This report describes any new scripts/modules/exploits added to Nmap,
OpenVAS, Metasploit, and Nessus since yesterday.

== OpenVAS plugins (18) ==

r16708 803643 2013/gb_mozilla_thunderbird_mult_vuln01_oct12_macosx.nasl
http://wald.intevation.org/scm/viewvc.php/trunk/openvas-plugins/scripts/2013/gb_mozilla_thunderbird_mult_vuln01_oct12_macosx.nasl?root=openvas&view=markup
Mozilla Thunderbird Multiple Vulnerabilities-01 (Mac OS X)

r16708...

New VA Modules: NSE: 2, OpenVAS: 2, MSF: 1, Nessus: 5 New VA Module Alert Service (Jun 18)
This report describes any new scripts/modules/exploits added to Nmap,
OpenVAS, Metasploit, and Nessus since yesterday.

== Nmap Scripting Engine scripts (2) ==

r30965 http-fileupload-exploiter http://nmap.org/nsedoc/scripts/http-fileupload-exploiter.html
https://svn.nmap.org/nmap/scripts/http-fileupload-exploiter.nse
Author: George Chatzisofroniou
Exploits insecure file upload forms in web applications using various
techniques like changing the...

Re: [NSE] SSL certificate chain and verification David Fifield (Jun 18)
Thanks Patrik. Can you add documentation for the new result format in
nselib/nmap.luadoc, and send a new patch?

Okay, but this is nontrivial and should be done as a separate patch.
Check Ncat's cert_match_dnsname and the tests in
ncat/test/test-wildcard.c.

I think this is a bad idea. We already do it for Ncat's certificate
store, which means Ncat's certificate store is always out of date. Don't
hardcode a name like...

Re: [NSE] IKE information extraction David Fifield (Jun 18)
I've applied parts of the ike.lua patch in a series of revisions
starting with r30968. The remaining uncommitted changes are attached.

Please don't mix up a lot of unrelated changes in one patch in the
future. In particular, you changed the name of some constant tables and
changed their formatting, while also adding elements to them. This makes
it take longer to evaluate your changes.

I see that you are storing a list of vendor IDs. I...

George's status report - #2 of 16 George Chatzisofroniou (Jun 18)
Hi,

Here's the report for this week.

Accomplishments:

* Switched to nmap's SVN repo and created my private branch.

* Improvements on my HTTP scripts
http-fileupload-expoiter
- Emailed the script to the list.
- Commited it to the trunk.
http-comments-displayer
- Added the pathname for the file with the comments and
the line number in the output.
- Renamed the 'extend' argument to...

Re: Jacek's status report - #2 of 16 David Fifield (Jun 18)
I saw the implementation at https://svn.nmap.org/nmap-exp/d33tah/ncat-lua,
and it's looking good. The reason I estimate two weeks is because of
what Fred Brooks said: "A Systems Product is a truly useful object but
costs at least 9 times as much as a Program." (http://javatroopers.com/Mythical_Man_Month.html#Chapter_1)
There's still a lot to be done before this feature is complete. At least:
* man page documenatation
*...

Re: Ncat + Lua - GSOC feedback request Jacek Wielemborek (Jun 17)
2013/6/17 David Fifield <david () bamsoftware com>:

Yeah, I noticed that when I started coding (the code's in the repo BTW). For
my comments on the Windows implementation, please refer to my report #2 (not
saying I'm not going to do this, but I'd definitely put this off for later).

Sounds like we're heading for the plugin system Daniel Miller suggested. I
have to admit I'm excited about it!

I like the approach,...

Re: Ncat + Lua - GSOC feedback request Jacek Wielemborek (Jun 17)
2013/6/17 Daniel Miller <bonsaiviking () gmail com>:

What we're heading to is a plugin system instead of a scripting one. But I
have to admit I love this idea!

Re: Jacek's status report - #2 of 16 Jacek Wielemborek (Jun 17)
2013/6/18 David Fifield <david () bamsoftware com>:

Have you looked at my initial implementation? I estimated the proof of concept
to take more or less three days, it was more like three hours. I like the
explanation you just gave for embedding Lua - it really is a pain to code on
the bare Windows and I do believe that Ncat-Lua could help me there.

And for the telnet negotiation, I understood your point (or at least I think I
do) a while...

Re: Jacek's status report - #2 of 16 David Fifield (Jun 17)
There might be some confusion here, because Telnet negotiation is not
something that makes sense for --lua-exec. The -t option just causes
Ncat to do things to automatically ignore certain byte patterns that
Telnet servers emit.

Think of --lua-exec this way: You are stuck on Windows and you don't
even have a way to write shell scripts. But Ncat's built-in Lua
interpreter lets you still write interesting little --sh-exec
replacements....

Jacek's status report - #2 of 16 Jacek Wielemborek (Jun 17)
Hi guys,

Below is my report for the week 2/16 of „Bringing Lua to Ncat” GSoC project:

Accomplishments:

* Done a lot of experimenting with git-svn. It took me three or four
days of pulling the whole SVN tree (due to some errors and mistakes –
for example, my Debian box segfaulted while trying to pull the SVN
repository– of course, while I was sleeping) with git-svn before I
found out it's better to just clone my nmap-exp branch.

*...

Re: Bug parsing TCP packet Henri Doreau (Jun 17)
2013/6/17 David Fifield <david () bamsoftware com>:

Thank you, checked in as r30949.

Re: Bug parsing TCP packet David Fifield (Jun 17)
Thanks, looks good to me. There are no consequences to the OS classifier
because we don't currently have any training examples that pad TCP in
this way.

David Fifield

Re: Ncat + Lua - GSOC feedback request Daniel Miller (Jun 17)
Do you suppose that (farther down the road,) Ncat could expose an API
for adding and consuming command-line options within Lua? The model I'm
imagining would treat the Lua components more as "modules" than
"scripts," enabling a different set of features depending on which are
"loaded." For example, this simple connection:

ncat nmap.org 12345

Could become a connection to a Telnet server over SSL like...

Yang's status report - #2 of 16 veotax (Jun 17)
Hi all, Reading a log of document stuff, not many lines of coding. Still 7000(npf.sys) and 3000(packet.dll) lines of
source code to read. Need read fast.. Accomplishments:
* Compiled WinPcap 4.1.3 source code and read through the documents attached with it. To compile the WinPcap needs the
AirPcap devpack, I downloaded the AirPcap 4.1.0 devpack from Internet and it ran very well. But it seems to be a
commercial software? I'm gonna figure...

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.

Nmap Project Seeking Talented Programmers for Google Summer of Code Fyodor (Apr 26)
Hi Folks. I'm happy to announce that the Nmap Project has again been
accepted into the Google Summer of Code program. This innovative and
extraordinarily generous program provides $5,000 stipends to college and
graduate students who spend the summer improving Nmap! They gain valuable
experience, get paid, strengthen their résumés, and write code for millions
of users.

Previous SoC students helped create the Nmap Scripting Engine, Zenmap...

Nmap 6.25 holiday season release! 85 new scripts, better performance, Windows 8 enhancements, and more Fyodor (Nov 30)
Hi folks. It has been more than five months since the Nmap 6.01
release, and I'm pleased to announce a new version for you to enjoy
during the holidays! Nmap 6.25 contains hundreds of improvements,
including 85 new NSE scripts, nearly 1,000 new OS and service
detection fingerprints, performance enhancements such as the new
kqueue and poll I/O engines, better IPv6 traceroute support, Windows 8
improvements, and much more! It also includes...

Nmap 6.01 Released Fyodor (Jun 22)
Hi folks! I'm happy to report that the Nmap 6.00 release
(http://nmap.org/6 ) last month was a huge success, with hundreds of
thousands of downloads and a bunch of positive articles and reviews.
But any release this big is going to uncover a few issues, so we've
released Nmap 6.01 to address them. This should also appease the more
conservative users who always wait for the first patch update before
installing a major software release....

Nmap 6 Released! Fyodor (May 21)
Hi folks! After almost three years of work, 3,924 code commits, and
more than a dozen point releases since Nmap 5, I'm delighted to
announce the release of Nmap 6! It includes a more powerful Nmap
Scripting Engine, 289 new scripts, better web scanning, full IPv6
support, the Nping packet prober, faster scans, and much more!

For the top 6 improvements in Nmap 6, see the release notes:

http://nmap.org/6

Or you can go straight to the...

Last Chance to Apply for the Nmap/Google Summer of Code! Fyodor (Apr 04)
Hi Folks. I'm happy to announce that the Nmap Project has again been
accepted into the Google Summer of Code program. This innovative and
extraordinarily generous program provides $5,000 stipends to college
and graduate students who want to spend the summer improving Nmap!
They gain valuable experience, get paid, strengthen their résumé, and
write code for millions of users.

Previous SoC students helped create the Nmap Scripting Engine,...

Nmap 5.61TEST5 released with 43 new scripts, improved OS & version detection, and more! Fyodor (Mar 09)
Hi folks! We've been working hard for the last 2 months since
5.61TEST4, and I'm pleased to announce the results: Nmap 5.61TEST5.
This release has 43 new scripts, including new brute forcers for http
proxies, SOCKS proxies, Asterisk IAX2, Membase, MongoDB, Nessus
XMLRPC, Redis, the WinPcap remote capture daemon, the VMWare auth
daemon, and old-school rsync. Better check that your passwords are
strong! Some other fun scripts are...

Other Excellent Security Lists

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

[SECURITY] [DSA 2628-2] nss-pam-ldapd update Moritz Muehlenhoff (Jun 18)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2628-2 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
June 18, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : nss-pam-ldapd
Vulnerability : buffer overflow
Problem type...

[SECURITY] [DSA 2698-1] tiff security update Michael Gilbert (Jun 18)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2698-1 security () debian org
http://www.debian.org/security/ Michael Gilbert
June 18, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : tiff
Vulnerability : buffer overflow
Problem type :...

APPLE-SA-2013-06-18-1 Java for OS X 2013-004 and Mac OS X v10.6 Update 16 Apple Product Security (Jun 18)
APPLE-SA-2013-06-18-1 Java for OS X 2013-004 and
Mac OS X v10.6 Update 16

Java for OS X 2013-004 and Mac OS X v10.6 Update 16 is now available
and addresses the following:

Java
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7 or later, OS X Lion Server v10.7 or later,
OS X Mountain Lion 10.8 or later
Impact: Multiple vulnerabilities in Java 1.6.0_45
Description: 8011782 Multiple vulnerabilities existed in Java...

Re: Apple and Wifi Hotspot Credentials Management Vulnerability Jeffrey Walton (Jun 18)
My bad. The application estimates the time to crack the password used.
It does not attempt to recover the password.

Apple and Wifi Hotspot Credentials Management Vulnerability Jeffrey Walton (Jun 18)
This vulnerability was published to the OWASP Mobile Security list as
a research paper by Andreas Kurtz, Daniel Metz and Felix Freiling. See
"Cracking iOS personal hotspots using a Scrabble crossword game word
list," http://lists.owasp.org/pipermail/owasp-mobile-security-project/2013-June/000640.html.

It appears Apple Wifi hotspot passwords are generated using a wordlist
consisting of 1842 words. The authors built a customer cracker to...

[SECURITY] [DSA 2710-1] xml-security-c security update Salvatore Bonaccorso (Jun 18)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2710-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
June 18, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : xml-security-c
Vulnerability : several
Problem type :...

FreeBSD Security Advisory FreeBSD-SA-13:06.mmap FreeBSD Security Advisories (Jun 18)
=============================================================================
FreeBSD-SA-13:06.mmap Security Advisory
The FreeBSD Project

Topic: Privilege escalation via mmap

Category: core
Module: kernel
Announced: 2013-06-18
Credits: Konstantin Belousov
Alan Cox
Affects: FreeBSD 9.0 and...

Re: CVE-2013-2156: Apache Santuario C++ heap overflow vulnerability Cantor, Scott (Jun 18)
CVE-2013-2156: Apache Santuario XML Security for C++ contains heap
overflow while processing InclusiveNamespace PrefixList

Severity: Critical

Vendor: The Apache Software Foundation

Versions Affected: Apache Santuario XML Security for C++ library versions
prior to V1.7.1

Description: A heap overflow exists in the processing of the PrefixList
attribute optionally used in conjunction with Exclusive Canonicalization,
potentially allowing arbitary...

CVE-2013-2154: Apache Santuario C++ stack overflow vulnerability Cantor, Scott (Jun 18)
CVE-2013-2154: Apache Santuario XML Security for C++ contains a stack
overflow during XPointer evaluation

Severity: Critical

Vendor: The Apache Software Foundation

Versions Affected: Apache Santuario XML Security for C++ library versions
prior to V1.7.1

Description: A stack overflow, possibly leading to arbitrary code
execution, exists in the processing of malformed XPointer expressions
in the XML Signature Reference processing code.

An...

CVE-2013-2155: Apache Santuario C++ denial of service vulnerability Cantor, Scott (Jun 18)
CVE-2013-2155: Apache Santuario XML Security for C++ contains denial
of service and hash length bypass issues while processing HMAC signatures

Severity: Critical

Vendor: The Apache Software Foundation

Versions Affected: Apache Santuario XML Security for C++ library versions
prior to V1.7.1

Description: A bug exists in the processing of the output length of an
HMAC-based XML Signature that would cause a denial of service when
processing...

CVE-2013-2153: Apache Santuario C++ signature bypass vulnerability Cantor, Scott (Jun 18)
CVE-2013-2153: Apache Santuario XML Security for C++ contains an
XML Signature Bypass issue

Severity: Critical

Vendor: The Apache Software Foundation

Versions Affected: Apache Santuario XML Security for C++ library versions
prior to V1.7.1

Description: The implementation of XML digital signatures in the
Santuario-C++ library is vulnerable to a spoofing issue allowing an
attacker to reuse existing signatures with arbitrary content.

The...

[security bulletin] HPSBHF02885 rev.2 - HP Integrated Lights-Out iLO3 and iLO4 using Single-Sign-On (SSO), Remote Unauthorized Access security-alert (Jun 17)
Document ID: c03787836
Version: 2

HPSBHF02885 rev.2 - HP Integrated Lights-Out iLO3 and iLO4 using
Single-Sign-On (SSO), Remote Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2013-06-11
Last Updated: 2013-06-17

Potential Security Impact: Remote unauthorized access

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
A...

Re: WordPress 3.5.1, Denial of Service Henri Salo (Jun 13)
Please use CVE-2013-2173 for this issue.

---
Henri Salo

LSE Leading Security Experts GmbH - LSE-2013-06-13 - Avira AntiVir Engine LSE Leading Security Experts GmbH $Security Advisories$ (Jun 13)
=== LSE Leading Security Experts GmbH - Security Advisory 2013-06-13 ===

Avira AntiVir Engine -- Denial of Service / Filtering Evasion
-------------------------------------------------------------

Affected Versions
=================
Avira AntiVir Engine < 8.2.12.58

Affected products using the AntiVir engine are:

Avira Server Security
Avira AntiVir MailGate
Avira AntiVir MailGate Suite
Avira Exchange Security
Avira AntiVir WebGate
Avira...

[ MDVSA-2013:173 ] subversion security (Jun 13)
_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:173
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : subversion
Date : June 13, 2013
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________

Problem...

Full Disclosure — A lightly moderated high-traffic forum for disclosure of security information. Fresh vulnerabilities sometimes hit this list many hours before they pass through the Bugtraq moderation queue. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. Unfortunately, most of the posts are worthless drivel, so finding the gems takes patience.

[SECURITY] [DSA 2698-1] tiff security update Michael Gilbert (Jun 19)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2698-1 security () debian org
http://www.debian.org/security/ Michael Gilbert
June 18, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : tiff
Vulnerability : buffer overflow
Problem type :...

DDoS attacks via other sites execution tool MustLive (Jun 18)
Hello participants of Mailing List.

If you haven't read my article (written in 2010 and last week I wrote about
it to WASC list) Advantages of attacks on sites with using other sites
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008846.html),
feel free to do it. In this article I reminded you about using of the sites
for attacks on other sites
(...

[SECURITY] [DSA 2628-2] nss-pam-ldapd update Moritz Muehlenhoff (Jun 18)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2628-2 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
June 18, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : nss-pam-ldapd
Vulnerability : buffer overflow
Problem type...

Joomla crypto vulnerability (all versions) Marco Beierer (Jun 18)
# Vulnerable Application
All current and past versions of Joomla (http://www.joomla.org) up to
1.5.26, 2.5.11, 3.1.1. Also the Joomla platform and maybe the Joomla
framework (not tested). At the moment there is no vendor patch available.

# The Problem
The problem occurs in the implementation of JCryptCipherSimple. The
JCryptCipherSimple encrypts a text with an simple XOR operation in the
Electronic Codebook Mode (ECB). The ECB is insecure by...

[SECURITY] [DSA 2710-1] xml-security-c security update Salvatore Bonaccorso (Jun 18)
-------------------------------------------------------------------------
Debian Security Advisory DSA-2710-1 security () debian org
http://www.debian.org/security/ Salvatore Bonaccorso
June 18, 2013 http://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : xml-security-c
Vulnerability : several
Problem type :...

Re: Full-Disclosure Digest, Vol 100, Issue 21 Daniel Sichel (Jun 18)
You mean like using GMail via Webmail (without PGP)? Which security
professional would do this? Do you still use Telnet to manage your
devices instead of SSH?

Yeah, pretty much. Is that a problem? I mean who cares about the privacy or security of email? As to the telnet, I have
a firewall, what could go wrong?

I am beginning to understand why the Sons of Liberty gave up on print media campaigns and went over to the more
direct, and...

Inkasso Trojaner Analysis - Part 1 Curesec Research Team (Jun 18)
Hi List,

we analyzed a Trojan, propagating via email, sent to us some days ago. Please
find the first part here:

http://cureblog.de/inkassomahngebuhren-trojaner-part-1/

Cheers,
Curesec Research Team

Canon Wireless Printer Disclosure & DoS Matt Andreko (Jun 18)
The below 3 issues have been tested and verified working on the following
Canon Printer models (May affect more, but this is all I was able to test
against):
MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920

#1 (CVE-2013-4613): Canon printers do not require a password for the
administrative interfaces by default. Unauthorized users on the network may
configure the printer. If the printer is exposed to the public internet,
anonymous users...

Re: Microsoft Outlook Vulnerability: S/MIME Loss of Integrity Alex (Jun 18)
"Case in point: Google don't even offer support for S/MIME in GMail and
it's probably the most widely used online email service available
today."

You mean like using GMail via Webmail (without PGP)? Which security
professional would do this? Do you still use Telnet to manage your
devices instead of SSH?

Re: Microsoft Outlook Vulnerability: S/MIME Loss of Integrity Darius Jahandarie (Jun 18)
Although it's clear why Google does not want to "make encryption easy"
(it directly affects their main revenue source, ads), it's never been
clear to me why they have not taken any efforts to make _signing_
easy. To my knowledge, Google is not involved in silently rewriting
emails or otherwise faking emails, so I see no reason they'd be
opposed to it.

(P.S., I really like this vuln. and proceeding thread -- user...

Re: CVE-2013-2156: Apache Santuario C++ heap overflow vulnerability Cantor, Scott (Jun 18)
CVE-2013-2156: Apache Santuario XML Security for C++ contains heap
overflow while processing InclusiveNamespace PrefixList

Severity: Critical

Vendor: The Apache Software Foundation

Versions Affected: Apache Santuario XML Security for C++ library versions
prior to V1.7.1

Description: A heap overflow exists in the processing of the PrefixList
attribute optionally used in conjunction with Exclusive Canonicalization,
potentially allowing arbitary...

CVE-2013-2155: Apache Santuario C++ denial of service vulnerability Cantor, Scott (Jun 18)
CVE-2013-2155: Apache Santuario XML Security for C++ contains denial
of service and hash length bypass issues while processing HMAC signatures

Severity: Critical

Vendor: The Apache Software Foundation

Versions Affected: Apache Santuario XML Security for C++ library versions
prior to V1.7.1

Description: A bug exists in the processing of the output length of an
HMAC-based XML Signature that would cause a denial of service when
processing...

CVE-2013-2154: Apache Santuario C++ stack overflow vulnerability Cantor, Scott (Jun 18)
CVE-2013-2154: Apache Santuario XML Security for C++ contains a stack
overflow during XPointer evaluation

Severity: Critical

Vendor: The Apache Software Foundation

Versions Affected: Apache Santuario XML Security for C++ library versions
prior to V1.7.1

Description: A stack overflow, possibly leading to arbitrary code
execution, exists in the processing of malformed XPointer expressions
in the XML Signature Reference processing code.

An...

CVE-2013-2153: Apache Santuario C++ signature bypass vulnerability Cantor, Scott (Jun 18)
CVE-2013-2153: Apache Santuario XML Security for C++ contains an
XML Signature Bypass issue

Severity: Critical

Vendor: The Apache Software Foundation

Versions Affected: Apache Santuario XML Security for C++ library versions
prior to V1.7.1

Description: The implementation of XML digital signatures in the
Santuario-C++ library is vulnerable to a spoofing issue allowing an
attacker to reuse existing signatures with arbitrary content.

The...

Re: Microsoft Outlook Vulnerability: S/MIME Loss of Integrity Jeffrey Walton (Jun 17)
The browsers are just confusing users. Consider:

No encryption (plain HTTP) - good, no indicators
Opportunistic encryption (self signed, HTTPS) - bad, red bar
Encryption (CA, HTTPS) - good, green bar

As Peter Gutmann, puts it, getting a certificate for a website is like
getting one from a vending machine (race to the bottom, FTW), so a CA
certificate has no more value than a self signed certificate used in
opportunistic encryption....

Security Basics — A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.

Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.

GreHack 2013 - 2nd Call For Papers - November 15, Grenoble, France F. Duchene (May 29)
---------------------------
*GreHack 2013* — 2nd Call For Papers
November 15, Grenoble, France
http://grehack.org — Twitter: @grehack
---------------------------
*Topics*
The 2nd International Symposium on Grey-Hat Hacking — aka GreHack 2013
— will gather researchers and practitioners from academia, industry,
and government to discuss new advances in computer and information
security research.

All topics related to vulnerability...

c0c0n 2013 CFP - Extended Deadline: 9 June, 2013 c0c0n International Information Security Conference (May 27)
c0c0n 2013 CFP - Extended Deadline: 9 June, 2013

Thanks to everyone for all the paper submissions. The CFP Review Committee
will be evaluating the same for selection. Based on the requests received,
we are extending the CFP deadline to June 9, 2013 in the hope of receiving
few more paper submissions.

/ _ \ / _ \ |__ \ / _ \/_ |___ \
___| | | | ___| | | |_ __ ) | | | || | __) |
/ __| | | |/ __| | | | '_ \ /...

RE: WASC Announcement: Static Analysis Technologies Evaluation Criteria Published Debasis Mohanty (May 19)
Good initiative! I feel one of the important element that is missing is the
"scoring mechanism". Based on what would you distinguish one product from
the other?

I created similar evaluation criteria nearly 7-8 years back for evaluating
SCA products using a QFD. That was the time I was introduced to 6-sigma and
thought a QFD is a best approach to have appropriate scoring for various
pilot parameters. However I never released it to the...

CONFidence - May, 28-29, Krakow, Poland - a conference adventure that never stops! Sławomir Jabs (May 19)
Everything has a story, everything evolves, adapts to changing circumstances
but does your IT Sec strategy evolve with the development of the digital
world?

Are you wiling to gamble on the security of you systems?

Join the upcoming CONFidence conference and meet both renown speakers and
specialists who deal with the IT security on a daily basis. People like,
you, who never stop asking questions and play with risks all the time...

We will...

[HITB-Announce] HITB Magazine Issue 010 Hafez Kamal (May 14)
Hi everyone,

A small reminder that article submissions for HITB Magazine Issue 010
are due tomorrow (15th May 2013). If you're interested in submitting
please send your > 3000 word article to editorial () hackinthebox org

Topics of interest include, but are not limited to the following:

Next generation attacks and exploits
Apple / OS X security vulnerabilities
SS7/Backbone telephony networks
VoIP security
Data...

SpiderFoot 2.0 released Steve Micallef (May 10)
Hi everyone,

SpiderFoot is a free, open-source footprinting tool, enabling you to
perform various scans against a given domain name in order to obtain
information such as sub-domains, e-mail addresses, owned netblocks, web
server versions and so on. The main objective of SpiderFoot is to
automate the footprinting process to the greatest extent possible,
freeing up a penetration tester's time to focus their efforts on the
security...

WASC Announcement: Static Analysis Technologies Evaluation Criteria Published announcements (May 10)
The Web Application Security Consortium (WASC) is pleased to announce the
Static Analysis Technologies Evaluation Criteria. The goal of the SATEC
project is to create a vendor-neutral set of criteria to help guide
application security professionals during the process of acquiring a
static code analysis technology that is intended to be used during
source-code driven security programs. This document provides a
comprehensive list of criteria that...

Ruxcon 2013 Call For Papers cfp (May 07)
Ruxcon 2013 Call For Presentations
Melbourne, Australia, October 26th-27th
CQ Function Centre
http://www.ruxcon.org.au/call-for-papers/

The Ruxcon team is pleased to announce the Call For Presentations for Ruxcon 2013.

This year the conference will take place over the weekend of the 26th and 27th
of October at the CQ Function Centre, Melbourne, Australia.

.[x]. About Ruxcon .[x].

Ruxcon is ia premier technical computer security conference...

[TOOL] TOPERA v2 released cr0hn (May 07)
Hi everybody,

We just released TOPERA v2:

TOPERA is a new security tool for IPv6, with the particularity that their attacks can't be detected by Snort.

This new version of TOPERA include these improvements:

1 - Slow HTTP attacks (Slowloris over IPv6).
2 - Improved TCP port scanner.

New project page:

http://toperaproject.github.io/topera/

Regards!...

[HITB-Announce] #HITB2013KUL Call for Papers Hafez Kamal (May 01)
Hi everyone - This is a Call for Papers for the 11th annual HITB
Security Conference in Malaysia, #HITB2013KUL which takes place on the
16th and 17th of October in Kuala Lumpur.

Keynote speakers for the conference will be Joe Sullivan (Chief Security
Officer, Facebook) and Andy Ellis (Chief Security Officer, Akamai)

We're looking for talks that are highly technical, but most importantly,
material which is new and cutting edge. Submissions...

Breakpoint 2013 Call For Papers cfp (May 01)
Breakpoint 2013 Call For Papers
Melbourne, Australia, October 24th-25th
Intercontinental Rialto
http://www.ruxconbreakpoint.com

.[x]. Introduction .[x].

The Ruxcon team is pleased to announce Call For Papers for Breakpoint 2013.

Breakpoint showcases the work of expert security researchers from around the
world on a wide range of topics. This conference is organised by the Ruxcon
team and offers a specialised security conference to...

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

Firewall Wizards — Tips and tricks for firewall administrators

Re: Linked-in and its Phishing-like contacts option! lordchariot (May 01)
Yeah, I was trying to make this non-product specific, but most vendors can actually do this to some degree or another.

Here's how we do it on my product:

https://mcafee.box.com/MWG7-FeatureDemo-Part2

The problem with doing it at a network layer with an IDS is the SSL decryption. Almost everything nowadays is HTTPS, so
it's game over if you cannot open up the encryption.

e²

_____________________________________

From:...

Re: Linked-in and its Phishing-like contacts option! Jon Robinson (May 01)
It's not free but Palo Alto Networks does this.You can search here to see
which applications/sites they can control:
http://apps.paloaltonetworks.com/applipedia/

Jon Robinson
Digital Scepter
desk (951) 461-7868
mobile (562) 682-0821
jon () digitalscepter com

Re: Linked-in and its Phishing-like contacts option! Mathew Want (May 01)
Read only access to the sites. I like that idea a lot.

Has anyone else come across this requirement or found a good way to do it
at a control point level? Perhaps at the IDS layer?

M@

Re: OpenBSD IPSEC VPN question Chris Buechler (May 01)
You can, but that's a different circumstance. That would be IPsec
transport mode, which in combination with gif, GRE or similar
tunneling indeed doesn't have such requirements/quirks since there is
a route in the routing table in that case. Tunnel mode is more common,
which is what's applicable to the subject of this thread. Routing
table changes have no impact on whether traffic in BSD traverses a
tunnel mode IPsec connection,...

Re: OpenBSD IPSEC VPN question Paul D. Robertson (May 01)
It's been a while since I've done it, but Linux used to make an ipsec0 interface that was handled with the standard
routing table. Possibly in *BSD you need to use a gre or gif tunnel to achieve the same thing?

Paul

Re: OpenBSD IPSEC VPN question Chris Buechler (May 01)
This is true of all the BSDs with IPsec (and maybe Linux and other
*nix OSes but not sure of those). Traffic that doesn't have a specific
source IP set gets the source IP that's closest to the destination per
the routing table. IPsec doesn't have a routing table entry, traffic
follows the SPD. So it ends up getting the IP that's nearest the
default gateway, which is most always a public IP, which is most
always not going to...

Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

CFP Extended - OWASP InfoSec India Conference 2013 Dhruv Soi (Jun 14)
Good News for information security experts who couldn't yet submit
their papers for "OWASP InfoSec India Conference 2013" happening at
Hotel Crowne Plaza, Gurgaon, New Delhi NCR, India from August 30-31,
2013.

With few great papers submitted already, we would like to take this
opportunity to extend the CFP submission dates to 10 more days in
order to allow maximum participation.

CFP is now closing on June 25th, 2013, more details...

t2'13: Call for Papers 2013 (Helsinki / Finland) Tomi Tuominen (Jun 11)
# t2'13 - Call For Papers #
Helsinki, Finland
October 24 - 25, 2013

We are pleased to announce the annual t2'13 infosec conference, which
will take place in Helsinki, Finland, from October 24 to 25, 2013.

We are looking for original, preferably technical presentations in the
fields of information security. Presentations should last a minimum of
60 minutes and a maximum of two...

c0c0n 2013 CFP - Extended Deadline: 9 June, 2013 c0c0n International Information Security Conference (May 27)
c0c0n 2013 CFP - Extended Deadline: 9 June, 2013

Thanks to everyone for all the paper submissions. The CFP Review Committee
will be evaluating the same for selection. Based on the requests received,
we are extending the CFP deadline to June 9, 2013 in the hope of receiving
few more paper submissions.

/ _ \ / _ \ |__ \ / _ \/_ |___ \
___| | | | ___| | | |_ __ ) | | | || | __) |
/ __| | | |/ __| | | | '_...

CONFidence - May, 28-29, Krakow, Poland - a conference adventure that never stops! Sławomir Jabs (May 17)
Everything has a story, everything evolves, adapts to changing circumstances
but does your IT Sec strategy evolve with the development of the digital
world?

Are you wiling to gamble on the security of you systems?

Join the upcoming CONFidence conference and meet both renown speakers and
specialists who deal with the IT security on a daily basis. People like,
you, who never stop asking questions and play with risks all the time...

We will...

RE: WASC Announcement: Static Analysis Technologies Evaluation Criteria Published Debasis Mohanty (May 17)
Good initiative! I feel one of the important element that is missing is the
"scoring mechanism". Based on what would you distinguish one product from
the other?

I created similar evaluation criteria nearly 7-8 years back for evaluating
SCA products using a QFD. That was the time I was introduced to 6-sigma and
thought a QFD is a best approach to have appropriate scoring for various
pilot parameters. However I never released it to the...

[HITB-Announce] HITB Magazine Issue 010 Hafez Kamal (May 14)
Hi everyone,

A small reminder that article submissions for HITB Magazine Issue 010
are due tomorrow (15th May 2013). If you're interested in submitting
please send your > 3000 word article to editorial () hackinthebox org

Topics of interest include, but are not limited to the following:

Next generation attacks and exploits
Apple / OS X security vulnerabilities
SS7/Backbone telephony networks
VoIP security
Data...

WASC Announcement: Static Analysis Technologies Evaluation Criteria Published announcements (May 11)
The Web Application Security Consortium (WASC) is pleased to announce the
Static Analysis Technologies Evaluation Criteria. The goal of the SATEC
project is to create a vendor-neutral set of criteria to help guide
application security professionals during the process of acquiring a
static code analysis technology that is intended to be used during
source-code driven security programs. This document provides a
comprehensive list of criteria that...

SpiderFoot 2.0 released Steve Micallef (May 06)
Hi everyone,

SpiderFoot is a free, open-source footprinting tool, enabling you to
perform various scans against a given domain name in order to obtain
information such as sub-domains, e-mail addresses, owned netblocks, web
server versions and so on. The main objective of SpiderFoot is to
automate the footprinting process to the greatest extent possible,
freeing up a penetration tester's time to focus their efforts on the
security...

[HITB-Announce] #HITB2013KUL Call for Papers Hafez Kamal (May 01)
Hi everyone - This is a Call for Papers for the 11th annual HITB
Security Conference in Malaysia, #HITB2013KUL which takes place on the
16th and 17th of October in Kuala Lumpur.

Keynote speakers for the conference will be Joe Sullivan (Chief Security
Officer, Facebook) and Andy Ellis (Chief Security Officer, Akamai)

We're looking for talks that are highly technical, but most importantly,
material which is new and cutting edge. Submissions...

Breakpoint 2013 Call For Papers cfp (May 01)
Breakpoint 2013 Call For Papers
Melbourne, Australia, October 24th-25th
Intercontinental Rialto
http://www.ruxconbreakpoint.com

.[x]. Introduction .[x].

The Ruxcon team is pleased to announce Call For Papers for Breakpoint 2013.

Breakpoint showcases the work of expert security researchers from around the
world on a wide range of topics. This conference is organised by the Ruxcon
team and offers a specialised security conference to...

Arachni v0.4.2 has been released (Open Source Web Application Security Scanner Framework) Tasos Laskos (Apr 29)
Hey folks,

This is just to let you know that there's a new version of Arachni.

Arachni is a modular and high-performance (Open Source) Web Application Security Scanner Framework written in Ruby.

The change-log is quite sizeable but the gist is:
* Brand new web interface -- allowing for team collaboration.
* Significant decreases in memory usage.
* Issue remarks – Providing extra context to logged issues.
* Improved payloads...

Administrivia - slow moderation this week Andrew van der Stock (Apr 28)
Hi all,

I'm going to be in Milan this week.

Not that there are many messages to moderate, but moderation will be
iffy / slow this next week, particularly during the bits where various
planes are flapping their wings and going "whoosh".

Normal moderation service will resume May 5.

thanks,
Andrew

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here -...

A survey on qunatifying severity of vulnerabilities in softwares Khalid Khan Afridi (Apr 18)
Hello!

I am currently performing my master thesis on the topic of quantifying the
severity of
software vulnerabilities.

As you have done significant work in this area, I would be glad if you
could spare a few
minutes of your time to answer a survey on the topic. It should not
require more than 15-20
minutes to complete.

The survey can be found at: http://secsurvey.ics.kth.se/index.php

Thank you for your attention!

Best Regards,
Khalid Khan...

Defcon DCG Kerala Information Security Meet 2013 Ajin Abraham (Apr 07)
Defcon DCG Kerala Information Security Meet 2013
=====================================
Defcon DCG Kerala (DC0497) is a Defcon USA registered group for
promoting and demonstrating research and development in the field of
Information Security. We are a group of Information Security
Enthusiasts actively interested in promoting information security.
Defcon Kerala Information Security Meet will be a platform for
security analysts, ethical hackers,...

c0c0n 2013 - Call For Papers and Call For Workshops c0c0n International Information Security Conference (Apr 06)
/ _ \ / _ \ |__ \ / _ \/_ |___ \
___| | | | ___| | | |_ __ ) | | | || | __) |
/ __| | | |/ __| | | | '_ \ / /| | | || ||__ <
| (__| |_| | (__| |_| | | | | / /_| |_| || |___) |
\___|\___/ \___|\___/|_| |_| |____|\___/ |_|____/

###################################################
c0c0n 2013 - Call For Papers and Call For Workshops
###################################################

August 22-24, 2013 -...

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

Re: Defeating what's next Val Smith (Jun 17)
I love offense. I have been offensively focused from a work perspective
since about 1995, and personally since 1982. I love writing exploits and
have personally hacked 10s of 1000s of computers with my own tools.

In the last few years I have been helping a number of very large
customers with security. What I have learned, sadly, is the following:

- No 0day in existence can help them
- Reverse engineering & memory forensics are basically...

Re: Defeating what's next toby (Jun 17)
Actually, I don't know what other people on the defense side think of when
someone says "Indicators of Compromise" but I don't think about hashes or
file names or registry keys at all.
I think about anomalous login times, unusual traffic
destinations/sources/volumes, unusual file accesses (to file servers, not
file access time on a potentially compromised client), patterns of
exploration or spreading changes in behavior that...

Chris Eagle's INFILTRATE Keynote Dave Aitel (Jun 14)
Keynotes, unlike normal technical talks, should sometimes cover very
broad areas because your keynote speakers should have broad, interesting
experiences. Chris Eagle's keynote at INFILTRATE 2013 is one of those.
Few people knew that before working with IDA, Chris Eagle was a Naval
Pilot. And yet, an entire talk without OODA loops!

Just as a note: you can buy INFILTRATE 2014 tickets now, and while we
will probably not fill up the conference...

Re: Defeating what's next Moses (Jun 14)
Indicators of Compromise or more appropriately those that are Open
Indicators of Compromise. We have had many proprietary solutions that
used 'signature based' indicators for a quite a long time. Some of them
you never could run in an open or customizable fashion like A/V. Can't
have their secret sauce all over the preverbal industry. Others that you
could run in an open fashion on an infrastructure, like Snort, were used...

Re: Defeating what's next Ben Miller (Jun 13)
so I think one of the more powerful thing about IOCs is that it is open. To
Havlar's point, this assists in forming communities and establishing
confidence. Incidentally, communities and confidence is not something bad
guys are generally lacking but defenders are.

A stack of IOCs can also better inform a defender on what to expect. For
instance, the sequence of IOCS of an attack may outline a dropper, benign
document, a trojan and 10 minute...

Re: Defeating what's next Vitaly Osipov (Jun 13)
… or, Ptolemaic model of the solar system of infosec.

Required reading: https://en.wikipedia.org/wiki/Deferent_and_epicycle

In all enterprise-y security courses they will teach you that there
are several components to defence processes:

10. If you can, try to prevent bad guys getting to you
20. If you cannot, try to detect an attempt to get in before it succeeds
30. If you cannot detect attempts, aim to detect whether you've been...

Re: Defeating what's next Halvar Flake (Jun 12)

Re: Defeating what's next Kristian Erik Hermansen (Jun 12)
It's the same reason DENTISTS STILL HAVE JOBS. We can -- with nearly
100% certainty -- prevent tooth decay. The fact that we don't shows
that we are human and naturally flawed. Even when 100% of the problem
is within our control, humans still get cavities. Security is far less
in one's control, due to vendor requirements / open source libraries /
etc., so the problem of course will be much worse. How many people on
this list have...

Re: Defeating what's next Brad Andrews (Jun 12)
Perhaps everything basically boils down into that, at one form or another. How many new things are really under the
sun?

From: John Strand
Sent: Wednesday, June 12, 2013 9:31 AM
To: Dave Aitel
Cc: dailydave () lists immunityinc com
Subject: Re: [Dailydave] Defeating what's next

Why does it seem we are moving from blacklists to "new and improved" blacklists?

It seems like the industry is caught between choosing between...

Re: Defeating what's next Nick Selby (Jun 12)
Great thread. The only thing I would expand on Dave's description of
"indicators of Compromise" is that for us, when we get called in because
the customer doesn't believe it's been compromised but wants to quiet down
Bill in IT Security so he'll shaddup already, our indicators of compromise
are all human and procedural and policy-based. Before we even run an nmap
scan we have put together a fairly accurate prediction...

Re: Defeating what's next security curmudgeon (Jun 12)
: Why does it seem we are moving from blacklists to "new and improved"
: blacklists?
:
: It seems like the industry is caught between choosing between things
: that dont work (i.e. blacklists, "better" firewalls) and things which
: are hard to implement (i.e. whitelists, better internal network
: segmentation, baseline monitoring, etc.)

Because we are. You can sell "new signatures" as a subscription model for...

Re: Defeating what's next Arrigo Triulzi (Jun 12)
[...]
That way, by the time someone

As painfully learned during my brief startup stint: never speak the truth about the limitations of your security
product as it does not show knowledge of the problem space but loses you sales and VC money.

Arrigo

Re: Defeating what's next Justin Seitz (Jun 12)
This is true arguably because the overall skill of the infosec industry
is on the decline. As one of my Canadian counterparts once said: "The
term security researcher or penetration tester really means 'can run
Nessus'". No different for the defense side.

The best bet for any company slogging the new and improved defense
mechanisms is to wrap it in a $100k pretty 2U chassis, and have insanely
stringent trial request...

Re: Defeating what's next John Strand (Jun 12)
Why does it seem we are moving from blacklists to "new and improved"
blacklists?

It seems like the industry is caught between choosing between things that
dont work (i.e. blacklists, "better" firewalls) and things which are hard
to implement (i.e. whitelists, better internal network segmentation,
baseline monitoring, etc.)

I think Paul said, "Every time you hit the easy button, God deploys another
trojan on your...

Defeating what's next Dave Aitel (Jun 12)
Hackers spend a lot of time looking at what's coming down the technology
road at them. In a sense, this business is about learning how to stare
down the barrel of a gun and not blinking for decades at a time. When
you blink, you end up a CISSP. Richer financially, but poorer in 0days,
the only currency that matters to someone with your particular addiction.

Terminology can reveal a lot, as can business strategies. I spent some
time on the...

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

Re: Running applications that require admin rights in Windows? Nathan Sweaney (Jun 19)
The EncryptedRunAs program sounds very similar to old program called CPAU.
It's no longer supported, but still works fine on Windows 7 and it's free.
However, both programs have a serious flaw. In order to run the actual
command you want with the credentials that are "encrypted," they have to
have the encryption key and use it to decrypt the command. In other words,
at best you have several layers of obfuscation on top of an...

Re: Running applications that require admin rights in Windows? Michael Salmon (Jun 19)
I got a lot of options to review now, a lot more then reading suggestions
at online tech forums. Part of the problem is one of the software package
I'm thinking of using it on is a wireless card software called Tata Photon+
that our remote users in India run. Not something I have here to test.
I'd prefer to either use the sysinternal tools to grant access to the
necessary files\folders\regkeys or maybe grant RunAsInvoker or the...

Re: Running applications that require admin rights in Windows? Guillaume Ross (Jun 19)
For those who have had issues with Time zones in the past, it's worth knowing that in Windows there are now two
different User Rights:

One for changing the system time (which non admins definitely do not need)
One for changing the timezone (which non admins greatly appreciate having)

Minor feature but makes a big difference.

For the rest of the stuff, as mentioned before:

1 - Delegate the proper permissions on the files and registry
2 -...

Re: Running applications that require admin rights in Windows? Tony Turner (Jun 18)
In the past I used regmon and tokenmon to understand what rights apps need
to run and then made permissions changes on specific registry keys or
protected files to allow privileged access and included that custom config
in default build for that subsection of users requiring elevated access.
Make sure you understand the security implications of any permissions
changes if you take this approach. For enterprise specific browser
addons/ActiveX...

Re: Running applications that require admin rights inWindows? Ryan (Jun 18)
I use Windows permissions/access control lists to allow the group/user access to the required files, directories and
registry keys. Figuring out what they need access to and that level of access is the tricky part. Procmon
(Sysinternals/Microsoft) is a great tool for this and many other types of application debugging. It will monitor file,
registry, process and network access to tell when the required application is running successfully as...

Re: BSidesRI Videos Omid Mohammadi (Jun 18)
Thanks!

Regards,
Omid
Sent from my mobile device

Re: Running applications that require admin rights in Windows? Jesse McMinn (Jun 18)
I recently encountered this issue in my environment while migrating to
Windows 7. I have a decent amount of legacy software requiring
administrator rights that the developers don't have time to fix.

I used the Microsoft Application Compatibility Toolkit to grant
RunAsInvoker rights to the specific programs needing admin rights. You can
test to see if it will run at that point and adjust as needed. The end
result is a .sdb file you can...

Re: Running applications that require admin rights in Windows? Michael Salmon (Jun 18)
Hi Mike,
Thank you. I did get some ideas from those that hit me up off the list. I
had three recommendations.
Danilo recommended EncryptedRunAS software from
http://www.wingnutsoftware.com/
Ty recommended a product from Avecto called Privilege Guard that his
company is using with great results.
Craig recommended a third option but it may be the same concept as using a
shortcut to 'runas /user:computername\administrator /savecred "Path...

Re: Running applications that require admin rights in Windows? Michael Dickey (Jun 18)
I'm not going to help a ton since I'm a few years removed from being useful
on the desktop, but where I work, we either don't allow that software or we
make exceptions based on roles.

For software that just needs admin rights, we do whatever we can to say no
to having it in our network. If we absolutely must, we do entertain the
idea of hosting it on a virtual Windows desktop system and granting
as-needed access to it or...

Re: Running applications that require admin rights in Windows? Larry Petty (Jun 18)
Look into the ForceAdminAccess application shim.

http://technet.microsoft.com/en-us/library/cc766024%28v=ws.10%29.aspx

From: pauldotcom-bounces () mail pauldotcom com [mailto:pauldotcom-bounces () mail pauldotcom com] On Behalf Of Michael
Salmon
Sent: Sunday, June 16, 2013 10:26 PM
To: PaulDotCom Security Weekly Mailing List
Subject: [Pauldotcom] Running applications that require admin rights in Windows?

Hi guys,
Got a question I'd like...

Re: Running applications that require admin rights in Windows? Bugbear (Jun 18)
Hey Michael

We stripped admin rights out years ago. It was a fair amount of work (took
a solid year) but what we did was to document the registry keys and file
locations each software uses and give the user modify to only those
locations and files. (Like I said it took some time) In most cases these
are easy locations to find based on the naming but there were some cases
where we would have to turn to things like Sysinternals ProcMon to...

Re: Running applications that require admin rights in Windows? Mike Perez (Jun 18)
As luck would have it, I'm in the Windows Security class with Jason Fossen.
I'll ask him if he has any specific recommendations.

Did you get any feedback from the list yet? If so, please share!

Thanks,
Mike

On Sun, Jun 16, 2013 at 10:25 PM, Michael Salmon <lonestarr13 () gmail com>wrote:

Re: official site of Security Certified Network Professional (SCNP) Glenn Barrett (Jun 17)
I had both the SCNP and SCNA back in approx. 2008. I believe at one point
it was even one of the security certs that fulfilled one of the Dog
requirements. The company issuing the cert then got bought out by a foreign
company and it seemed harder to get any more information, so I didn't
bother trying to renew. The material and exam were actually quite
comprehensive. No idea what the current state of these certs is though.

Re: BSidesRI Videos d4x (Jun 17)
Thank you Adrian!

Sent from my mobile

Re: BSidesRI Videos Patrick Laverty (Jun 17)
He already did! He had three of them up a few hours or so before the
presenter even started!! :)

Adrian rocks.

If you're doing conference videos and don't bring in Adrian, you're doing
it wrong.

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

Microsoft Security Bulletin Minor Revisions Microsoft (Jun 18)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: June 18, 2013
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS13-048

Bulletin Information:
=====================

* MS13-048 - Important

-...

Microsoft Security Bulletin Minor Revisions Microsoft (Jun 13)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: June 12, 2013
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS13-048

Bulletin Information:
=====================

* MS13-048 - Important

-...

Microsoft Security Bulletin Summary for June 2013 Microsoft (Jun 11)
********************************************************************
Microsoft Security Bulletin Summary for June 2013
Issued: June 11, 2013
********************************************************************

This bulletin summary lists security bulletins released for
June 2013.

The full version of the Microsoft Security Bulletin Summary for
June 2013 can be found at
http://technet.microsoft.com/security/bulletin/ms13-jun.

With the release...

Microsoft Security Advisory Notification Microsoft (Jun 11)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: June 11, 2013
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (2755801)
- Title: Update for Vulnerabilities in Adobe Flash Player in
Internet Explorer 10
-...

Microsoft Security Bulletin Minor Revisions Microsoft (May 29)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: May 29, 2013
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS12-069
* MS13-038
* MS13-040

Bulletin Information:
=====================

* MS12-069 - Important...

Microsoft Security Bulletin Minor Revisions Microsoft (May 23)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: May 23, 2013
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS12-044

Bulletin Information:
=====================

* MS12-044 - Important

-...

Microsoft Security Bulletin Minor Revisions Microsoft (May 22)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: May 22, 2013
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS12-081
* MS13-037
* MS13-MAY

Bulletin Information:
=====================

* MS12-081 - Critical

-...

Microsoft Security Bulletin Minor Revisions Microsoft (May 16)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: May 15, 2013
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS13-045

Bulletin Information:
=====================

* MS13-045 - Important

-...

Microsoft Security Advisory Notification Microsoft (May 14)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: May 14, 2013
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (2846338)
- Title: Vulnerability in Microsoft Malware Protection Engine
Could Allow Remote Code Execution
-...

Microsoft Security Bulletin Minor Revisions Microsoft (May 14)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: May 14, 2013
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS13-009

Bulletin Information:
=====================

* MS13-009 - Critical

-...

Microsoft Security Bulletin Summary for May 2013 Microsoft (May 14)
********************************************************************
Microsoft Security Bulletin Summary for May 2013
Issued: May 14, 2013
********************************************************************

This bulletin summary lists security bulletins released for
May 2013.

The full version of the Microsoft Security Bulletin Summary for
May 2013 can be found at
http://technet.microsoft.com/security/bulletin/ms13-may.

With the release of...

Microsoft Security Bulletin Advance Notification for May 2013 Microsoft (May 09)
********************************************************************
Microsoft Security Bulletin Advance Notification for May 2013
Issued: May 9, 2013
********************************************************************

This is an advance notification of security bulletins that
Microsoft is intending to release on May 14, 2013.

The full version of the Microsoft Security Bulletin Advance
Notification for May 2013 can be found at...

Microsoft Security Advisory Notification Microsoft (May 08)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: May 8, 2013
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (2847140)
- Title: Vulnerability in Internet Explorer Could Allow
Remote Code Execution
-...

Microsoft Security Advisory Notification Microsoft (May 04)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: May 3, 2013
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (2847140)
- Title: Vulnerability in Internet Explorer Could Allow
Remote Code Execution
-...

Microsoft Security Bulletin Minor Revisions Microsoft (Apr 26)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: April 26, 2013
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS12-043

Bulletin Information:
=====================

* MS12-043 - Critical

-...

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

GCHQ intercepted foreign politicians' communications at G20 summits Jeffrey Walton (Jun 18)
Its nice to see the US has company....

http://www.guardian.co.uk/uk/2013/jun/16/gchq-intercepted-communications-g20-summits

Re: "1984" sales spike Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jun 17)
Date sent: Fri, 14 Jun 2013 15:25:33 -0400
From: Jeffrey Walton <noloader () gmail com>

Oh, surely no politician would ever do such a thing ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
well, the last remaining computer in the house with Windows on it
died this morning.
-...

Re: [funsec] On the Internet, the NSA Definitely K nows You’re a Dog (Comic_ John C. A. Bambenek, GCIH, CISSP (Jun 17)
Awesome

On the Internet, the NSA Definitely K nows You’re a Dog (Comic_ Paul Ferguson (Jun 17)
Enjoy:

http://allthingsd.com/20130617/then-and-now-comic/

- ferg

Re: Former DOJ Prosecutor Files $3 Billion Suit Against Obama, Holder, NSA, Verizon Over PRISM Rich Kulawiec (Jun 17)
The oligarchy *owns* the media, if we define "media" as "major newspapers,
magazines, radio stations, television stations, and cable networks".
Over the past several decades, the dividing line between the newsroom
and the business department has steadily eroded -- as a timely example,
the newspaper of Woodward, Bernstein, Bradley, and Graham has this past
week quietly announced "sponsored" editorials. Gack. Blech....

Re: Former DOJ Prosecutor Files $3 Billion Suit Against Obama, Holder, NSA, Verizon Over PRISM Jeffrey Walton (Jun 17)
Valdis, I don't expect the victims (us) to find redress.

The lawsuit is a form of civil disobedience. See item 63 under
"Noncooperation with Social Events, Customs, and Institutions ,"
http://www.aeinstein.org/organizations103a.html.

What I find interesting is the suit is being minimized, much like the
folks in the Occupy movement. Contrast that to the media's coverage of
"Snowden the Traitor" stories. Do yo think...

Re: Former DOJ Prosecutor Files $3 Billion Suit Against Obama, Holder, NSA, Verizon Over PRISM John C. A. Bambenek, GCIH, CISSP (Jun 17)
He is also a birther who filed suits on that topic. Unfortunately the front
runner on this has no credibility.

Re: Former DOJ Prosecutor Files $3 Billion Suit Against Obama, Holder, NSA, Verizon Over PRISM Valdis . Kletnieks (Jun 16)
On Sat, 15 Jun 2013 20:55:25 -0400, Jeffrey Walton said:

This will almost certainly go nowhere, for the exact same reason that
most of the lawsuits about warrantless spying went nowhere - nobody can
show proof they were actually spied on and therefor have standing to sue
as "plaintiff who was spied on". Every single one of the warrantless
spying cases went bye-bye except for one law firm that got hold of an
accidentally released...

Former DOJ Prosecutor Files $3 Billion Suit Against Obama, Holder, NSA, Verizon Over PRISM Jeffrey Walton (Jun 16)
https://www.google.com/#q=Larry+Klayman+lawsuit+prism

All the references are non-mainstream (Washington Post, NY Times, and
other mainstream outlets have not picked up the story yet....).

Re: "1984" sales spike Rich Kulawiec (Jun 15)
A) I have sometimes jokingly suggested that perhaps all of this could
have been avoided if we'd simply given the nascent state of Israel
half of Nevada, and paid to move everything there.

Oh, sure, expensive as hell, but then again, 70 years of bloodshed,
instability, proxy wars, killings, more killings, killings because
of killings and more killings, etc., etc., etc. is expensive too.
And it may yet end in a nuclear exchange, whose...

Re: "1984" sales spike Jeffrey Walton (Jun 14)
No, I don't believe it had anything to do with Immigration Reform.

If you believe its a very small group of individuals are involved and
the Fatwa only covers seven years, then I believe you are sadly
mistaken. The US foreign policy in the Middle East has been f**k'd up
since before I was born, so that's at least 50 years.

In fact, the US meets its own definition of a nation exporting terror
when you take into consideration its...

Re: "1984" sales spike Jeffrey Walton (Jun 14)
+1

+1
Has anyone else noticed that when the US f**ks up really bad, then the
argument turns to Immigration to distract us? When Bush lied and
invaded Iraq, Immigration became an issue. When Wikileaks received
documents about the US actions in its wars, Immigration became an
issue. Now we have the evidence of the widespread spying by the US
government agencies, and again Immigration is rearing its head.

I'm starting to believe there's...

Re: "1984" sales spike Jeffrey Walton (Jun 14)
Sorry Vic. I was outside cutting the grass, and I just got back.

Jeff

Re: "1984" sales spike Blanchard, Michael (InfoSec) (Jun 14)
Not at all... staying there and dealing with it is a choice for sure, although a bad choice. I would say he made the
right choice by immigrating to the states....

I'm sure your Grandfather came here legally, and didn't try to hide within the system. Just as my Great Grandfather
did from Montreal.

I'm not against immigration, I'm actually completely for immigration.... just immigrate legally...

One thing I will say,...

Re: "1984" sales spike Vic Vandal (Jun 14)
Jeff,

I notice that you left out these original words of mine in your response:
"Just for the record, I'm pro-immigration but anti-illegal-immigration, and calling for fiscal responsibility on this
topic should not be misconstrued as any bias against migrant workers from below our southern border."

Yep, you must have missed that part about "pro-immigration". I'm all for allowing a logical number of people from...

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

Alert - Upcoming Mail Delivery Changes US-CERT Alerts (May 10)
National Cyber Awareness System
US-CERT Alert - Upcoming Mail Delivery Changes

Thank you for being a subscriber to our US-CERT Alerts product. We
are striving to keep our capabilities at the leading edge of
communication. You may have noticed we've redesigned and upgraded our
website recently and as a part of that process, on May 14th, we are
migrating to GovDelivery as our email subscription service. As a
current subscriber you will...

Current Activity - Upcoming Mail Delivery Changes Current Activity (May 10)
National Cyber Awareness System

Thank you for being a subscriber to our US-CERT Current Activity
product. We are striving to keep our capabilities at the leading edge
of communication. You may have noticed we've redesigned and upgraded
our website recently and as a part of that process, on May 14th, we
are migrating to GovDelivery as our email subscription service. As a
current subscriber you will need to do nothing. You will notice a...

Current Activity - Microsoft Releases Advance Notification for May 2013 Security Bulletin Current Activity (May 09)
National Cyber Awareness System
Microsoft Releases Advance Notification for May 2013 Security Bulletin

Original release date: May 09, 2013

Microsoft has issued a Security Bulletin Advanced Notification
indicating that its May release will contain 10 bulletins. These
bulletins will have the severity rating of critical and important and
will be for Microsoft Windows, Office, Internet Explorer, .NET
Framework, Lync, and Windows Essentials. These...

Current Activity - Adobe Releases Security Advisory for ColdFusion Current Activity (May 09)
National Cyber Awareness System
Adobe Releases Security Advisory for ColdFusion

Original release date: May 09, 2013

Adobe has identified a critical vulnerability affecting ColdFusion 10,
9.0.2, 9.0.1, 9.0, and earlier versions for Windows, Macintosh, and
UNIX. This vulnerability (CVE-2013-3336) could permit an unauthorized
user to remotely retrieve files stored on a server. There are reports
that an exploit of this vulnerability is publicly...

Current Activity - Microsoft Releases Security Advisory for Internet Explorer Current Activity (May 07)
National Cyber Awareness System
Microsoft Releases Security Advisory for Internet Explorer

Original release date: May 07, 2013

Microsoft is investigating public reports of a remote code execution
vulnerability in Internet Explorer 8 and is aware of attacks that
attempt to exploit this vulnerability. This vulnerability may allow an
attacker to execute arbitrary code if a user accesses a specially
crafted website. Microsoft is actively working...

Current Activity - Cisco Releases Security Advisories Current Activity (Apr 25)
National Cyber Awareness System
Cisco Releases Security Advisories

Original release date: April 25, 2013

Cisco has released three security advisories to address vulnerabilities
affecting Cisco NX-OS-based products, Cisco Device Manager, and Cisco
Unified Computing System. These vulnerabilities may allow an attacker to
bypass authentication controls, execute arbitrary code, obtain sensitive
information, or cause a denial-of-service condition....

Current Activity - Apple Releases Security Updates for Safari Current Activity (Apr 18)
National Cyber Awareness System
Apple Releases Security Updates for Safari

Original release date: April 18, 2013

Apple has released security updates for Safari 6.0.4 WebKit to address
multiple vulnerabilities. These vulnerabilities could allow a remote
attacker to execute arbitrary code or cause a denial-of-service
condition.

Safari 6.0.4 WebKit updates are available for the following versions:
* OS X Lion v10.7.5
* OS X Lion Server v10.7.5...

Alert TA13-107A: Oracle has released multiple updates for Java SE US-CERT Alerts (Apr 18)
National Cyber Awareness System
TA13-107A: Oracle has released multiple updates for Java SE

Original release date: April 17, 2013

Systems Affected

* JDK and JRE 7 Update 17 and earlier
* JDK and JRE 6 Update 43 and earlier
* JDK and JRE 5.0 Update 41 and earlier
* JavaFX 2.2.7 and earlier

Overview

Oracle has released a Critical Patch Update (CPU) for Java SE. Oracle
strongly recommends that customers apply CPU fixes as soon as possible....

Current Activity - Scams Exploiting Boston Marathon Explosion Current Activity (Apr 17)
National Cyber Awareness System
Scams Exploiting Boston Marathon Explosion

Original release date: April 17, 2013

Malicious actors are exploiting the April 15 explosions at the Boston
Marathon in attempts to collect money intended for charities and to
spread malicious code. Fake websites and social networking accounts have
been set up to take advantage of those interested in learning more
details about the explosions or looking to contribute to...

Current Activity - Malicious Actors May Take Advantage of Boston Marathon Explosion Current Activity (Apr 17)
National Cyber Awareness System
Malicious Actors May Take Advantage of Boston Marathon Explosion

Original release date: April 17, 2013

Historically, scammers, spammers, and other malicious actors capitalize
on major news events by registering domain names related to the events.
Malicious actors may attempt to exploit the April 15, 2013 explosions at
the Boston Marathon in this way. Some may use fake domains to take
advantage of those interested...

Current Activity - Oracle Releases April 2013 Security Advisory Current Activity (Apr 17)
National Cyber Awareness System
Oracle Releases April 2013 Security Advisory

Original release date: April 17, 2013

Oracle has released its Critical Patch Update for April 2013 to address
128 vulnerabilities across multiple products. This update contains the
following security fixes:
* 4 for Oracle Database Server
* 29 for Oracle Fusion Middleware
* 6 for Oracle E-Business Suite
* 3 for Oracle Supply Chain Products Suite
* 11 for Oracle...

Current Activity - WordPress Sites Targeted by Mass Brute-force Botnet Attack Current Activity (Apr 15)
National Cyber Awareness System
WordPress Sites Targeted by Mass Brute-force Botnet Attack

Original release date: April 15, 2013

US-CERT is aware of an ongoing campaign targeting the content management
software WordPress, a free and open source blogging tool and web
publishing platform based on PHP and MySQL. All hosting providers
offering WordPress for web content management are potentially targets.
Hackers reportedly are utilizing over 90,000...

Current Activity - Microsoft Releases April 2013 Security Bulletin Current Activity (Apr 09)
National Cyber Awareness System
Microsoft Releases April 2013 Security Bulletin

Original release date: April 04, 2013 | Last revised: April 09, 2013

Microsoft has released updates to address vulnerabilities in Microsoft
Windows, Office, Internet Explorer, Server Software, and Security
Software as part of the Microsoft Security Bulletin summary for April
2013. These vulnerabilities could allow remote code execution, elevation
of privilege,...

Current Activity - Microsoft Releases Advance Notification for April 2013 Security Bulletin Current Activity (Apr 04)
National Cyber Awareness System
Microsoft Releases Advance Notification for April 2013 Security Bulletin

Original release date: April 04, 2013

Microsoft has issued a Security Bulletin Advance Notification indicating
that its April release will contain nine bulletins. These bulletins will
have the severity rating of critical and important and will be for
Microsoft Windows, Office, Internet Explorer, Server Software, and
Security Software. These...

Current Activity - Mozilla Releases Multiple Updates Current Activity (Apr 03)
National Cyber Awareness System
Mozilla Releases Multiple Updates

Original release date: April 03, 2013

The Mozilla Foundation has released updates to address multiple
vulnerabilities. These vulnerabilities could allow an attacker to
initiate a cross-site scripting attack or obtain sensitive information,
enable privilege escalation or execute arbitrary code, or cause a
denial-of-service condition.

Updates to the following products are...

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

Re: Re: [Ticket#2012111110000015] TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core Kurt Seifried (Jun 19)
k so in summary then:

CVE-2012-6144 TYPO3-CORE-SA-2012-005: Backend History Module SQL
Injection TYPO3 internal

CVE-2012-6145 TYPO3-CORE-SA-2012-005: Backend History Module
Cross-Site Scripting Thomas Worm

CVE-2012-6146 TYPO3-CORE-SA-2012-005: Backend History Module
Information Disclosure Oliver Hader

CVE-2012-6147 TYPO3-CORE-SA-2012-005: Backend API Cross-Site Scripting
Johannes Feustel

CVE-2012-6148 TYPO3-CORE-SA-2012-005: Backend API...

Re: Thoughts on a vuln/CVE? Kurt Seifried (Jun 19)
Right. I'm talking about more than just this instance. Wordpress
plugins. rubygems.org. etc. Any ways I've been thinking about it and
will post a longer email later.

Re: Thoughts on a vuln/CVE? Florian Weimer (Jun 19)
* Kurt Seifried:

But the present situation is really not that clear-cut. We have no
indicator of malicious intent from the current domain owner, and users
would still have to disable signature checking *and* they must have
configured the problematic repository. That's a little bit
far-fetched.

Re: CVE request: gnome-shell crash, screen unlock on resume Kurt Seifried (Jun 19)
Please use CVE-2013-2190 for this issue.

Re: Thoughts on a vuln/CVE? Kurt Seifried (Jun 18)
I care a lot less about what is "officially endorsed" or not endorsed
and a lot more with what is actually going on. If a large percentage
of people are exposed to a vuln, even if they "shouldn't" be then it
would still get a CVE. I see a lot of CVEs that should never be
exploitable, but people do crazy things/configurations.

Re: Thoughts on a vuln/CVE? Moritz Muehlenhoff (Jun 18)
Debian doesn't endorse any external repository. During package installation
the pre/post installation scripts run with root privs. As such, if you
enable a repository you trust the people behind that repository with
the equivalent to root access to your system anyway.

Cheers,
Moritz

Re: Thoughts on a vuln/CVE? Tim (Jun 18)
To me, it's a big grey area as far as assigning a CVE for stuff like
this.

But there's no reason we shouldn't raise awareness through venues like
the various CERTs. Though it seems US-CERT is only really good at
re-sending microsoft and apple advisories these days. =(

tim

Re: Thoughts on a vuln/CVE? Dave Walker (Jun 18)
Hey,

If a weakness in Debian's package management system signature
verification was identified recently, then this specific issue of
debian-multimedia deserves dedicated attention as it would be a useful
contributing vector; but until then - this isn't an documentable
exposure risk IMO.

Comparing to the definition we use for 'Exposure', a "system
configuration issue" certainly fits the grounds to be assigned a CVE...

Re: Thoughts on a vuln/CVE? Simon McVittie (Jun 18)
In this case the repository key is the former maintainer's personal
PGP key, which it appears he uses to sign deb-multimedia.org (the same
set of packages as the former debian-multimedia.org). I would assume
that it is unlikely to be held on a HSM, but I don't see any reason
why it would now be less safe than it was while debian-multimedia.org
was active.

Anyone who doesn't/didn't trust the maintainer of that repository (and...

Re: Thoughts on a vuln/CVE? Florian Weimer (Jun 18)
We definitely do. A recent example is CVE-2012-4446.

CVE request: gnome-shell crash, screen unlock on resume Florian Weimer (Jun 18)
Upstream GNOME recently fixed a bug that could crash gnome-shell
immediately after resume:

https://bugzilla.gnome.org/show_bug.cgi?id=701974

As noted here, the impact is that after resume, the password entry
dialog disappears and the user is dropped into the pre-existing X session:

https://bugzilla.redhat.com/show_bug.cgi?id=954054

I haven't figured out the exact trigger conditions, but this has
happened to me a couple of times since...

Re: Thoughts on a vuln/CVE? Kurt Seifried (Jun 18)
Ah thanks, I forgot about that (I don't use Debian that often). So
with the signing key requirement in mind this is not a vuln.

However my original question still stands, can/should we consider a
common configuration of software that goes from being secure to
insecure to be worthy of a CVE? A lot of things that used to be common
practice (like shipping every service/server enabled, all accounts
active, all access enabled, anonymous uploads...

Re: Thoughts on a vuln/CVE? Moritz Muehlenhoff (Jun 18)
[..]

No way. This is not an insecure configuration: This was never a Debian
service and people are free to put whatever they want in /etc/apt/sources.list.
There are hundreds of external apt sources and everyone of them could have
their owner changed at some point.

Also there's no security issue: If a domain is grabbed and someone configures
an apt repository on the site, he/she would lack the repository key previously
used to sign the...

Re: Thoughts on a vuln/CVE? Russ Allbery (Jun 18)
Kurt Seifried <kseifried () redhat com> writes:

It's possibly worth noting that the repository that was at that site was
signed and had been for some years, and the key was not compromised. So
not only would the site need to be taken over by an attacker for a
successful exploit, but the affected user would have to ignore the copius
warnings that APT produces when installing packages from an untrusted
archive, or have configured APT...

Re: Thoughts on a vuln/CVE? Yves-Alexis Perez (Jun 18)
I'm not completely sure what assigning a CVE would give here. Debian
itself never shipped a package adding this apt source. Some people
might have shipped some external packages adding it, but I'm not really
aware of this. Usually the source was added manually by end-users.

So I'm not too sure what tracking the “issue” would actually give. Maybe
it can help raise awareness on this, but I'm not too convinced.

Regards,

Secure Coding — The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.

TechTarget: Proactive Security in Financial Services Gary McGraw (Jun 10)
hi sc-l,

The Financial Services sector is an important advocate for real software security. At FS-ISAC this Spring in Florida,
I moderated a panel about that (including JP Morgan Chase, Capital One and Fidelity). The panel resulted in a writeup
posted today (and published in Information Security Magazine).

http://bit.ly/163miTX

(kevin longlink...

Re: Need a help for an article vanderaj vanderaj (Jun 04)
Hi Punit,

Good on you for selecting information security as a topic of interest.
We need more grads in our field!

The state of the art for buffer overflows, heap overflows, and other
memory corruption bugs is so advanced that it may take you a little
while to get on top of it before being able to write about it simply
enough for the average Joe to understand it. They seem simple enough,
but there's so much nuance and almost an obsessive...

Need a help for an article Punit Mehta (Jun 04)
Hi all ,

I am a second year computer science
undergraduate student at a university. I want to publish an article based
on computer security. I had thought of some like Buffer Overflow , Heap
Overflow , Format String attack etc. But they sound too old. My aim is to
publish some fresh and interesting stuff based on computer security. I have
searched a lot But may be because of my limited knowledge , I am not able
to find...

Silver Bullet 86: Wenyuan Xu Gary McGraw (May 31)
hi sc-l,

Ever wonder what it is like to be a Chinese scholar living and teaching in the US or a woman teaching computer science
and engineering? We talk about that in the 86th episode of the Silver Bullet Security Podcast featuring University of
South Carolina professor Wenyuan Xu: bit.ly/14e8h29 <http://t.co/A1aymA09tw>

We also discuss embedded device security (cars, electricity billing systems, medical devices), software security,...

CFP: Workshop on Risk Perception in IT Security and Privacy (SOUPS) - Final CFP Larry Koved (May 29)
Brief position statements are due this Thursday, May 30, 2013.

Workshop on Risk Perception in IT Security and Privacy

A workshop of the Symposium On Usable Privacy and Security (SOUPS)
http://cups.cs.cmu.edu/soups/2013/

For full details, please see: http://cups.cs.cmu.edu/soups/2013/risk.html

This workshop is an opportunity to bring together researchers and
practitioners to share experiences, concerns and ideas about how to
address the gap...

c0c0n 2013 CFP - Extended Deadline: 9 June, 2013 c0c0n International Information Security Conference (May 28)
c0c0n 2013 CFP - Extended Deadline: 9 June, 2013

Thanks to everyone for all the paper submissions. The CFP Review Committee
will be evaluating the same for selection. Based on the requests received,
we are extending the CFP deadline to June 9, 2013 in the hope of receiving
few more paper submissions.

/ _ \ / _ \ |__ \ / _ \/_ |___ \
___| | | | ___| | | |_ __ ) | | | || | __) |
/ __| | | |/ __| | | | '_ \...

SecAppDev hits the road Kenneth R. van Wyk (May 22)
Greetings SC-L subscribers,

I suspect many of you have heard of SecAppDev (http://secappdev.org) over the years. It's a non-profit training event
that has hitherto been held in Leuven, Belgium for 1 week each Feb/Mar. Well, we're excited to say that this year we've
added a second event: SecAppDev Dublin!

Yes, SecAppDev will be hitting the road for its first foray outside of Belgium. For one week in July (15th-19th), we'll...

2013 OWASP Mobile Top 10 Call For Data Jim Manico (May 21)
Hello All,

We are pleased to announce the 2013 call for data to help refresh the Mobile Top 10 Risks for 2013 and publish a more
formal publication. We are encouraging everyone to get involved.

The current Mobile Top Ten Risks are located here:

https://www.owasp.org/index.php/OWASP_Mobile_Security_Project#tab.3DTop_Ten_Mobile_Risks

- What do we need? -

Right now we are looking for data that represents the current state of mobile...

CFP: Workshop on Risk Perception in IT Security and Privacy at SOUPS Larry Koved (May 20)
Short position statements due next Thursday, May 30

Workshop on Risk Perception in IT Security and Privacy

A workshop of the Symposium On Usable Privacy and Security (SOUPS)
http://cups.cs.cmu.edu/soups/2013/

For full details, please see: http://cups.cs.cmu.edu/soups/2013/risk.html

This workshop is an opportunity to bring together researchers and
practitioners to share experiences, concerns and ideas about how to
address the gap between...

Correction: W2SP 2013 - Web 2.0 Security and Privacy workshop - Final call for participation Larry Koved (May 20)
*** My apologies for another email. Only ONE week until the workshop! ***

Call for participation: Only ONE week until the workshop!

The workshop and program chairs invite you to participate in the 7th W2SP
workshop.

The goal of this one-day workshop is to bring together researchers and
practitioners from academia and industry to focus on understanding Web
security and privacy issues, and to establish new collaborations in these
areas....

W2SP 2013 - Web 2.0 Security and Privacy workshop - Final call for participation Larry Koved (May 20)
Call for participation: Only three weeks until the workshop!

The workshop and program chairs invite you to participate in the 7th W2SP
workshop.

The goal of this one-day workshop is to bring together researchers and
practitioners from academia and industry to focus on understanding Web
security and privacy issues, and to establish new collaborations in these
areas.

The list of this year's accepted papers / presentations can be found...

MoST 2013 - Mobile Security and Technology workshop - final call for participation Larry Koved (May 20)
Call for participation: One week until the workshop!

The workshop and program chairs invite you to participate in the 2nd MoST
workshop.

Mobile Security Technologies (MoST) brings together researchers,
practitioners, policy makers, and hardware and software developers of
mobile systems to explore the latest understanding and advances in the
security and privacy for mobile devices, applications, and systems.

The list of this year's...

SearchSecurity: BSIMM4 Gary McGraw (May 11)
hi sc-l,

Sammy Migues, Jacob West and I wrote an introductory article about BSIMM4 for SearchSecurity. It was just posted on
SearchSecurity: http://bit.ly/11qlIBi
(or http://searchsecurity.techtarget.com/feature/BSIMM4-measures-and-advances-secure-application-development)

This article provides a great way to get up to speed on the BSIMM project in its BSIMM4 instantiation. The BSIMM
Community is expanding rapidly, and we're looking...

Ruxcon 2013 Call For Papers cfp (May 08)
Ruxcon 2013 Call For Presentations
Melbourne, Australia, October 26th-27th
CQ Function Centre
http://www.ruxcon.org.au/call-for-papers/

The Ruxcon team is pleased to announce the Call For Presentations for Ruxcon 2013.

This year the conference will take place over the weekend of the 26th and 27th
of October at the CQ Function Centre, Melbourne, Australia.

.[x]. About Ruxcon .[x].

Ruxcon is ia premier technical computer security conference...

Silver Bullet 85:Mobile Security with Jim Routh and Scott Matsumoto Gary McGraw (May 03)
hi sc-l,

Is mobile security a brand new day or the same old same old? The answer depends on how you look at the problem. If
you are a practitioner in the trenches, there are many new and interesting shiny bits to mobile security. If you are a
security veteran, things look very familiar. In this episode of Silver Bullet, Jim Routh, Scott Matsumoto and I take
on the Necker Cube of mobile security. Jim Routh is the ultimate security...

Educause Security Discussion — Securing networks and computers in an academic environment.

Re: Outsourcing security awareness training King, Ronald A. (Jun 18)
We use Awareity's MOAT. They do most, if not all, of what is asked and
more. We have also automated uploading user account updates, additions and
disablements.

Ronald King

Security Engineer

Norfolk State University

http://security.nsu.edu <http://security.nsu.edu/>

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jordan, Tom
Sent: Tuesday, June 18, 2013 1:52 PM
To:...

Of interest to some? Privacy and Security Forum, Streamed Live Tonight! Tracy Beth Mitrano (Jun 18)
There will be attention to technical security, and how to contextualize it within privacy, law and policy issues …
Thanks, Tracy

"Privacy, Security & Your Data - Concerns in a Changing World"

In this fast paced, technological world, our personal information is vulnerable every single day. As companies grow
globally, and cyber security becomes ever more challenging, how do businesses preserve individual privacy and maintain...

Re: Phishing, Spam Solutions Valdis Kletnieks (Jun 18)
On Wed, 12 Jun 2013 15:45:29 +0900, Katsuya Uchida said:

Which is a good reason *not* to rely on them, as other methods manage
to reject 99% or better of spam. Anything that's only rejecting 90%
of spam these days is considered horrible.

There's several problems with these:

1) Some of the solutions don't actually provide the assertion that you think
they do (in particular, SPF has this problem - it does what it claims, but what...

Outsourcing security awareness training Jordan, Tom (Jun 18)
Has anyone on the list outsourced their information security awareness training? If so, do you have particular
providers that you'd recommend?

We at the University of Wisconsin Whitewater have made use of the SANS Securing the Human content in our local training
program, but want to explore outsourcing the administrative aspects of the program as well - notification, reporting,
etc. Ideally we'd like to provide the training partner...

Job Posting: IT Security Analyst - University of Colorado Colorado Springs Greg Williams (Jun 18)
We are looking for an IT Security Analyst to assist with the development, monitoring, and enforcement of security
policy and baseline standards to ensure that the University of Colorado Colorado Springs maintain confidentiality,
integrity, and availability of university systems.

Examples of Work Performed
- Leverage various resources (NIDS, HIDS, netflow, SCCM, etc) to identify and remediate potential security issues
- Assist in risk...

Re: Data Access Approval Letter Drew Perry (Jun 18)
We do have a document specifically for that purpose. Contact me offline and
I'll get you a copy of it. There's nothing sensitive about the document, I
just don't have an electronic copy. (There are only 2 people with that
level of authority at our University.)

Drew Perry
Security Analyst
Murray State University
(270) 809-4414
aperry () murraystate edu

***MSU Information Systems staff will *never* ask for your password or
other...

Job Posting: Information Security Analyst at Worcester Polytechnic Institute Phillip Deneault (Jun 17)
Under the direction of the WPI Information Security Officer (ISO), an
Information Security Analyst will provide technical analysis, system
development and support for the software and hardware managed by
Information Security for the purpose of securing WPI systems and data,
and to be in compliance with applicable laws and regulations. An
Information Security Analyst will be expected to stay current with
security methodologies and threats, develop...

Re: Data Access Approval Letter Tim Doty (Jun 17)
We don't really have that. What we do have is domain admin privileges
which provides technical access to managed systems and our network file
shares. We also have technical access to email. In addition to that we
have a variety of logs, such as server and network. But IT security does
not have carte blanche to university data -- for example, the majority
of academic records are not directly accessible.

There are a variety of policies (...

Re: Data Access Approval Letter Julian Y Koh (Jun 16)
We don't have a signed letter, but we have an official policy.

<http://www.it.northwestern.edu/policies/responsibilities.html>

Data Access Approval Letter Will Froning (Jun 16)
Hello All,

I'm trying to find this online, but I am failing completely. When running
an investigation I often run into roadblocks on data access and it can
significantly delay my progress.

Do you all have a letter signed by your Chancellor/President that gives you
carte blanche access to University data when running an investigation?

If so, can you point me to an online copy so I can shamelessly copy it? ;)

Thanks,
Will

Re: Securing the eCampus: July 16-17 at Dartmouth College Bill Kyle (Jun 13)
Team,

FYI.

Best regards,
Bill

Re: Phishing, Spam Solutions Katsuya Uchida (Jun 12)
Some idea is to set email authenticaton.
I heard that the email authentication rejects 90% of spam mails.

What is email authentication (Sender ID, DomainKeys/DKIM, SPF) and how
do I set it up?
http://help.campaignmonitor.com/topic.aspx?t=88

(2013/06/11 23:56), David James Anderson wrote:

=============================================================
Katsuya Uchida, Professor, Ph. D. (Mr.)
Assistant to CIO at City of Yokohama
Professor...

Re: Phishing, Spam Solutions Bob Bayn (Jun 11)
I will add a vote for Ironport email filtering. The past 30 days, our pair of Ironport M1070s have blocked 93.9% of
incoming email, without complaint.

However, the brief phish messages that are so common still come through, to a large extent. The messages come from
compromised email accounts on systems with generally good reputations and they often link to fairly trusted web
servers. The password collection forms are often hosted on...

Re: Phishing, Spam Solutions Josh Flaherty (Jun 11)
Hello,

We recently switched from open source packages (Sendmail, Spamassassin, Mimedefang, Clamav) to Cisco IronPort
Appliances. The appliances were fairly expensive but have greatly reduced the amount of spam and phishing that gets
through.

Comparing the effectiveness of the open source mail gateways to the Iron Port, the amount of spam getting through has
dropped by approximately half.

Open Source Mail Gateways

IronPort

Clean Messages...

Phishing, Spam Solutions David James Anderson (Jun 11)
Good Morning,

We are looking to reduce the number of phishing emails getting to our users' inbox. We currently have a homebrew
filter of sorts and were wondering what is out there in the free and commercial worlds.

We're envisioning a software that keeps itself up-to-date with a global list somewhere, but also has the functionality
of allowing us to add custom rules for phishes specific to us. What tools do you use and what would...

Internet Issues and Infrastructure

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

Re: gTLDs opened up Owen DeLong (Jun 19)
AfriNIC did not put them on the stage. AIS was not convened by AfriNIC. It is very much like holding APNIC responsible
for the content of other parts of an APRICOT meeting. It just doesn't reflect the facts.

I agree that these TLD sellers are rather silly, but the organizers of the conference chose to allow free speech.

You are, of course, free to criticize as you wish, but ideally, you should at least direct your criticism at those...

gTLDs opened up Randy Bush (Jun 19)
AfriNIC put these wonderful people on stage at the African Internet
Summit.

In parallel, I should offer /16s from an alternet IP space for USD1,000,
buy one and get one free.

</sarcasm>

randy

Re: Network Vendor suggestions/reviews, Arista Networks, Dell Force10, Juniper, Extreme Networks etc... Rodrick Brown (Jun 19)
Arista is rock solid they have both an IOS like cli and a standard
unix shell you can even run tcpdump on their switches.

Arista claim to fame came about 3-4 years back when they had at the
time one of the fastest non-blocking cut though 10Gbe switches using
the fulcrum asic geared for low latency environments the financial
sector ate it up and loved it. Facebook is also a huge Arista shop.

Sent from my iPhone

Re: Network Vendor suggestions/reviews, Arista Networks, Dell Force10, Juniper, Extreme Networks etc... Andreas Larsen (Jun 19)
I have worked with both Extreme, Juniper, Cisco and Brocade and Avaya.

Extreme.
Great boxes stable and afforadable when it comes to 10GE and 40GE. Truly
one XOS for all boxes, lowend x440 has the same XOS as 48*10GE
device.Support sucks very bad though if you can't get your SE to support
you.

Juniper
Great boxes, very nice CLI, good support with a nice ticketsystem and good
kb. However I have found alot of bugs that needs to be...

Re: Network Vendor suggestions/reviews, Arista Networks, Dell Force10, Juniper, Extreme Networks etc... Erik Bais (Jun 19)
Hi Blake,

Purple is the new Green.

I would have a vote for Extreme Networks if you look for a high density, low latency, non blocking setup.
Their BD X8 could do 768 10G's per chassis (2304 ports per rack). Later this year the BD X8 will also do the new gen
100G.
Their switches are one of the fastest switches you can find for a datacenter setup, along with their TOR switch, the 48
port 10G 1U switch, the X670/X670V.

From a pricepoint...

Re: Network Vendor suggestions/reviews, Arista Networks, Dell Force10, Juniper, Extreme Networks etc... QliX=D! [aka EHB] (Jun 19)
Go juniper!!!
Full junos equipment on the network means same OS for switches, routers,
and firewalls.
You have high end equipment to support a core tier1 backbone, and also a
simpliest 24 port sw soho range. All with the same config languaje.
You can use the management software called junos space to make complex
deploys like a brezee. Space have multiple modules that you can use to
manage, configure and monitor all the junos equipment family. You...

Re: Network Vendor suggestions/reviews, Arista Networks, Dell Force10, Juniper, Extreme Networks etc... Brent Jones (Jun 19)
Coming from first hand experience, all network equipment vendors have
strengths and weaknesses.
Personally, I prefer the Junos CLI and ecosystem, but it is a learning
curve, especially with a larger team who may not be familiar with it.
But I found once I grasped the "Junos way", I'm significantly more
productive with less errors, and "commit confirmed" is much better than
Cisco comparable rollback methods.
Juniper also...

Re: Network Vendor suggestions/reviews, Arista Networks, Dell Force10, Juniper, Extreme Networks etc... Phil Fagan (Jun 19)
Mike brings up a good point though; the effort, cost, and risk of
introducing a new CLI to an environment sometimes is masked until you
really need to dig in and work through outages. Familiarity with a codebase
or at least with how the code "thinks" should go a long way when deciding
what to put in your racks. Of course, how do you quantify that?

Re: Network Vendor suggestions/reviews, Arista Networks, Dell Force10, Juniper, Extreme Networks etc... Mike Hale (Jun 19)
I'm exact opposite of Phil. I love IOS and hate JunOS....for that
single reason, I'm really against buying Juniper in our shop for
pretty much anything. :)

Still, to be fair, the hardware seems to be really, really stable and
well built. I don't think we've had a failure across our Junipers in
the short time I've been with my day job.

As far as support goes...the only time we had issues with our Nexus
gear I was...

Re: Network Vendor suggestions/reviews, Arista Networks, Dell Force10, Juniper, Extreme Networks etc... Phil Fagan (Jun 19)
I've had nothing but good luck with Juniper support and well with Cisco you
pay for support too. I will say Arista support was great, however, I'm
still hesitant to put them in full production; but I think that is lack of
experience with them speaking.

Do the bake off in your lab and let'm run!

Re: 10gig coast to coast Ben Aitchison (Jun 19)
maybe his customers are connecting to normal internet servers. there's a lot of
servers with strangely low limits on window size out there.

like on speedtest.net under palo alto there's "Fiber Internet Center" which seems
to have a window size of 128k.

it requests files from 66.201.42.23, and if you do something like:

curl -O http://66.201.42.23/speedtest/random4000x4000.jpg

then do ping 66.201.42.23 then divide 1000 by...

Re: Network Vendor suggestions/reviews, Arista Networks, Dell Force10, Juniper, Extreme Networks etc... Michel de Nostredame (Jun 19)
I would say Force10 support is very good, especially in bay area that
their HQ is locally here. Most of our questions can be addressed
within only few days even in one day. That probably because our
environment is too simple? Layer-2 TOR S4810, Layer-3 Core Z9000, runs
OSPF and VLT (multiple chassis LAG, this is something like Cisco
VPC/VSS.)

Re: 10gig coast to coast Valdis . Kletnieks (Jun 19)
On Wed, 19 Jun 2013 00:24:15 -0000, James Braunegg said:

If you don't have control over the server, why are you allowing your
customer to make their misconfiguration your problem? (Mostly a rhetorical
question, as I know damned well how this sort of thing ends up happening)

Re: Network Vendor suggestions/reviews, Arista Networks, Dell Force10, Juniper, Extreme Networks etc... Michel de Nostredame (Jun 19)
DELL Force10 switches (not DELL Power Connect) run so far so good in
our environment. the combination of S4810 and Z9000 make good sense on
both operation and capex point of view.

There were three headaches for us in the beginning of adaption.
Force10 calculates frame size with CRC32, say if your IP MTU is 9000
on VMware then the trunk port on Force10 should be 9022. Although it
clearly documented in manual but still troublesome for people who...

RE: Network Vendor suggestions/reviews, Arista Networks, Dell Force10, Juniper, Extreme Networks etc... Blake Pfankuch - Mailing List (Jun 19)
Let me also clarify, Price per port is not the final deciding factor. We are looking much more at a combination of
daily operational sanity, troubleshooting features, operational feature set, vendor support quality and price.

Support is absolute key. When we need help, we need help quickly and knowledgeable support. The name checkpoint comes
to mind when I think of something I DON’T want for support quality. It also causes nausea…...

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

Risks Digest 27.35 RISKS List Owner (Jun 18)
RISKS-LIST: Risks-Forum Digest Tuesday 18 June 2013 Volume 27 : Issue 35

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.35.html>
The current issue can be...

Risks Digest 27.34 RISKS List Owner (Jun 12)
RISKS-LIST: Risks-Forum Digest Wednesday 12 June 2013 Volume 27 : Issue 34

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.34.html>
The current issue can be...

Risks Digest 27.33 RISKS List Owner (Jun 06)
RISKS-LIST: Risks-Forum Digest Thursday 6 June 2013 Volume 27 : Issue 33

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.33.html>
The current issue can be...

Risks Digest 27.32 RISKS List Owner (Jun 04)
RISKS-LIST: Risks-Forum Digest Tuesday 4 June 2013 Volume 27 : Issue 32

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.32.html>
The current issue can be...

Risks Digest 27.31 RISKS List Owner (May 31)
RISKS-LIST: Risks-Forum Digest Friday 31 May 2013 Volume 27 : Issue 31

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.31.html>
The current issue can be...

Risks Digest 27.30 RISKS List Owner (May 30)
RISKS-LIST: Risks-Forum Digest Wednesday 29 May 2013 Volume 27 : Issue 30

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.30.html>
The current issue can be...

Risks Digest 27.29 RISKS List Owner (May 26)
RISKS-LIST: Risks-Forum Digest Saturday 25 May 2013 Volume 27 : Issue 29

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.29.html>
The current issue can be...

Risks Digest 27.28 RISKS List Owner (May 17)
RISKS-LIST: Risks-Forum Digest Friday 17 May 2013 Volume 27 : Issue 28

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.28.html>
The current issue can be...

Risks Digest 27.27 RISKS List Owner (May 05)
RISKS-LIST: Risks-Forum Digest Saturday 4 April 2013 Volume 27 : Issue 27

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.27.html>
The current issue can be...

Risks Digest 27.26 RISKS List Owner (Apr 24)
RISKS-LIST: Risks-Forum Digest Tuesday 23 April 2013 Volume 27 : Issue 26

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.26.html>
The current issue can be...

Risks Digest 27.25 RISKS List Owner (Apr 19)
RISKS-LIST: Risks-Forum Digest Friday 19 April 2013 Volume 27 : Issue 25

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.25.html>
The current issue can be...

Risks Digest 27.24 RISKS List Owner (Apr 07)
RISKS-LIST: Risks-Forum Digest Sunday 7 April 2013 Volume 27 : Issue 24

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.24.html>
The current issue can be...

Risks Digest 27.23 RISKS List Owner (Mar 31)
RISKS-LIST: Risks-Forum Digest Saturday 30 March 2013 Volume 27 : Issue 23

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.23.html>
The current issue can be...

Risks Digest 27.22 RISKS List Owner (Mar 24)
RISKS-LIST: Risks-Forum Digest Saturday 23 March 2013 Volume 27 : Issue 22

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.22.html>
The current issue can be...

Risks Digest 27.21 RISKS List Owner (Mar 22)
RISKS-LIST: Risks-Forum Digest Thursday 21 March 2013 Volume 27 : Issue 21

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.21.html>
The current issue can be...

Data Loss — Data Loss covers large-scale personal data loss and theft incidents. This archive combines the main list (news releases) and the discussion list.

Open Source Tool Development

Metasploit — Development discussion for Metasploit, the premier open source remote exploitation tool

Invitation to connect on LinkedIn Gerasimos Kassaras (Jun 13)
LinkedIn
------------

Gerasimos Kassaras requested to add you as a connection on LinkedIn:

------------------------------------------

Lasantha,

I'd like to add you to my professional network on LinkedIn.

- Gerasimos

Accept invitation from Gerasimos Kassaras...

Re: Wmic through the windows api egypt (May 17)
Extensions should be submitted as a pull request in the meterpreter
repo: https://github.com/rapid7/meterpreter
If you have already written the ruby side, that should be a pull
request on the framework repo, with a link to the meterpreter pull
request in the description.

Thanks!
egypt

Re: Wmic through the windows api Abuse 007 (May 16)
Hi Brian,

Perhaps you need to allocate some memory in a process, write your custom
data structure there, and then make the call with a pointer/reference to
the custom data structure in the memory you allocated for it.

Cheers,
B

Ruxcon 2013 Call For Papers cfp (May 07)
Ruxcon 2013 Call For Presentations
Melbourne, Australia, October 26th-27th
CQ Function Centre
http://www.ruxcon.org.au/call-for-papers/

The Ruxcon team is pleased to announce the Call For Presentations for Ruxcon 2013.

This year the conference will take place over the weekend of the 26th and 27th
of October at the CQ Function Centre, Melbourne, Australia.

.[x]. About Ruxcon .[x].

Ruxcon is ia premier technical computer security conference...

Breakpoint 2013 Call For Papers cfp (Apr 30)
Breakpoint 2013 Call For Papers
Melbourne, Australia, October 24th-25th
Intercontinental Rialto
http://www.ruxconbreakpoint.com

.[x]. Introduction .[x].

The Ruxcon team is pleased to announce Call For Papers for Breakpoint 2013.

Breakpoint showcases the work of expert security researchers from around the
world on a wide range of topics. This conference is organised by the Ruxcon
team and offers a specialised security conference to...

Re: framework Digest, Vol 63, Issue 13 Vlad Ovtchinikov (Apr 27)
Try exploit-db.com

Sent from my iPhone

Re: framework Digest, Vol 63, Issue 13 Prabhu (Apr 27)
Hi,
I surfed privilege Esclation exploits in unix/local and linux/local
category, I found most of them works only with linux kernel 2.4 and 2.6.
But I am looking exploits for kernel 3.0 and above, could some one suggest
me a exploit to handle this.

Re: help Joshua Smith (Apr 25)
You beat me Tod, I was gonna say
$ msfconsole

but seriously man, you need to give more details.

Re: help Tod Beardsley (Apr 25)
http://ifconfig.me

Re: framework Digest, Vol 63, Issue 12 Michael Schierl (Apr 25)
Am 25.04.2013 19:59, schrieb Tod Beardsley:

Seconded.

Also, please note that a piece of shellcode is not an exploit (just like
a pinch of gunpowder is not a firearm, or like a satellite is not a
space rocket). In fact the shellcode is usually the easiest part for a
new exploit as Metasploit ships lots of them to easily integrate into
any exploit.

When you have installed Metasploit, have a look at the unix/local/ and
linux/local/ category if...

help gri sma (Apr 25)
how to use external ip on metasploit

Re: framework Digest, Vol 63, Issue 12 Tod Beardsley (Apr 25)
please don't run random blobs of shellcode you find on the internet.
It's not healthy.

That's kind of why we do Metasploit.

If you would like to start using Metasploit, please see
http://metasploit.pro and pick the right version for your needs.

Thanks!

Re: framework Digest, Vol 63, Issue 12 Prabhu (Apr 25)
Hi,

I picked a exploit from below link, and I compile it manually in test
environment. I end up with a error message stating that
error: lvalue required as left operand of assignment

http://www.shell-storm.org/shellcode/files/shellcode-548.php

Could you suggest me a shellcode to proceed.

Re: framework Digest, Vol 63, Issue 11 Prabhu (Apr 25)
Hi Tod,

Thank you for response, I'm looking at this exploit. could you help me to
sort this.

http://pastebin.com/GC824ayU

Re: framework Digest, Vol 63, Issue 11 h4lp.php () gmail com (Apr 24)
did you find somethings at exploit-db or 1337day?
and maybe you should tell what did you do and how ,more and your metasploit 's version

Prabhu <flyingcolours47 () gmail com>编写：

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

Re: [Wireshark-commits] rev 50031: /trunk/epan/dissectors/ /trunk/epan/dissectors/: packet-nbap.c packet-nbap.h Joerg Mayer (Jun 19)
In case you
a) don't like the output in the header and
b) don't want to regenerate the dissectors each time someone generates the
dissectors via cmake then
maybe you should change asn2wrs to not include the leading parts of the
pathnames ;-)

Ciao
Jörg

Re: New Defects reported by Coverity Scan for Wireshark (forw) Joerg Mayer (Jun 19)
Bugs get more visibility than reports somewhere. There are currently
less than 300 open IDs, if I interpret the statistics correctly.

But yes, opening a bug for every open ID probably doesn't make sense.

How about only opening bugs for the "All Newley Detected" category?
If someone just committed code they are more likely to feel responsible
than looking at a list of ~300 anaonymous reports.

Dashboard, Project Settings might be...

Re: how does cmake know how to generate plugin.c Joerg Mayer (Jun 19)
register_dissector_files(plugin.c
plugin
${DISSECTOR_SRC}
)

which gets defined in cmake/modules/UseMakeDissectorReg.cmake

Ciao
Jörg

Commit 49949 broke packet_win.c Joerg Mayer (Jun 19)
for WANT_PACKET_EDITOR:

In file included from /home/jmayer/work/wireshark/svn/trunk/wiretap/wtap.h:32:0,
from /home/jmayer/work/wireshark/svn/trunk/epan/nstime.h:30,
from /home/jmayer/work/wireshark/svn/trunk/epan/frame_data.h:30,
from /home/jmayer/work/wireshark/svn/trunk/epan/epan.h:32,
from /home/jmayer/work/wireshark/svn/trunk/ui/gtk/packet_win.c:44:...

Re: "Type-punned pointer... breaks anti-aliasing rules" in dfilter-macro.c Evan Huus (Jun 19)
Probably the simplest fix is to add -fno-strict-aliasing to the build flags on FreeBSD.

Re: "Type-punned pointer... breaks anti-aliasing rules" in dfilter-macro.c Dirk Jagdmann (Jun 18)
maybe "&((void*)macros)" helps?

"Type-punned pointer... breaks anti-aliasing rules" in dfilter-macro.c Stephen Fisher (Jun 18)
When trying to compile Wireshark (SVN trunk) on FreeBSD for the first time in a long time, I ran across a familiar
error:

    dfilter-macro.c: In function 'dfilter_macro_init':
    dfilter-macro.c:614: warning: dereferencing type-punned pointer will break strict-aliasing rules

However, line 614 has a history of being changed between this:

    (void*) &macros,

and this (as it currently is):

    (void**) &macros,...

Re: [Wireshark-commits] rev 49995: /trunk/ /trunk/: macosx-setup.sh Dirk Jagdmann (Jun 18)
I suggest it is not worth investing time to support those non-working
old versions, as nobody seems to have complained yet (and I don't think
anybody will in the future).

Re: [Wireshark-commits] rev 49995: /trunk/ /trunk/: macosx-setup.sh Dirk Jagdmann (Jun 18)
I've created https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8821
with my suggestion. We can continue to discuss there if/what/how we'd
like to determine the optimum number of parallel make jobs.

Wmem has reached feature-parity with emem Evan Huus (Jun 18)
As per the subject, as of revision 50020.

If I've missed an API somewhere please let me know, but as far as I
can tell every function defined in emem.h has a wmem equivalent.

This means that unless there are any objections, emem is now
deprecated. New code should only use wmem.

Most of the APIs are fairly similar, and doc/README.wmem provides a
good overview of how wmem differs from emem and how to use it. I'm
sure there are things...

Re: [Wireshark-commits] rev 49995: /trunk/ /trunk/: macosx-setup.sh Guy Harris (Jun 18)
Well, I'd expect the OS's CPU scheduler to, at minimum, figure out that a job not blocking for anything or blocking for
"fast" events such as file system I/O should run at a lower priority than something that just got woken up due to user
action or the arrival of network data (heck, V6 UNIX tried to do that), and my machine seems to be reasonably
responsive even with make -j 8 pegging the CPU.

The harder-to-nicely-allocate...

how does cmake know how to generate plugin.c Dirk Jagdmann (Jun 18)
I'm studying cmake rules in the plugin/ directory. I can not find out,
how cmake knows how to build the plugin.c file for each of the plugins.
Where is this defined?

Re: [Wireshark-commits] rev 49995: /trunk/ /trunk/: macosx-setup.sh Gerald Combs (Jun 18)
I'm using "make -j -l 2" (keep spawning jobs until the system load is
"2") on the buildbots. After a bit of experimentation that seems to
utilize available cores without overloading the system, particularly if
you have multiple builds running.

Re: [Wireshark-commits] rev 49995: /trunk/ /trunk/: macosx-setup.sh Dirk Jagdmann (Jun 18)
hmm, there are many points discussed here:

- do we want to make a smart decision on the number of parallel make
jobs, possibly derived from the number of cores?

My personal opinion is yes. On OsX using the sysctl mentioned by Guy is
probably a good starting point. Adding my own experience you'll want to
oversubscribe the number of jobs over the number of cores a little bit,
so that when jobs are waiting for I/O action another job can...

Re: [Wireshark-commits] rev 49995: /trunk/ /trunk/: macosx-setup.sh Guy Harris (Jun 18)
How many processor cores does your machine have, and are they multi-threaded?

I have a 4-dual-threaded-core machine (and a solid-state disk and a lot of memory), and "-j 8" seems to run the CPU at
about 100%. I don't know whether "number of threads" would be a good default in all cases - what you really want is to
keep cranking up the number of jobs until things don't get faster, but that's a pain - but, if...

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

Re: Openadvertising.com Malware Campaign malicious jar sigs James Lay (Jun 19)
Nice work Nathan thanks…and LOL as well ;)

James
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev

Re: Openadvertising.com Malware Campaign malicious jar sigs lists () packetmail net (Jun 18)
I've got hits and these aren't what I'm seeing, I was seeing 16-byte by 16-byte
to these; James good sig but I see your &k=&h= concatenated together without the
16-byte values. As always James, you rock, despite what Joel says about you :)

hxxp://www.msas.ch/images/_notes/.cache/?f=site.jar&k=9899151747059318&h=0504dc8510fdce57...

Re: Facebook Secure Cryptor sig Joel Esler (Jun 18)
Thanks James!

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev

Re: Openadvertising.com Malware Campaign malicious jar sigs Joel Esler (Jun 18)
Thanks James!

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev

Openadvertising.com Malware Campaign malicious jar sigs James Lay (Jun 18)
Again, slowish day:

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS
(msg:"INDICATOR-COMPROMSED openxadvertising.com Malvertising Campaign
URI request 1"; flow:to_server,established;
content:"|2f|.cache|2f||3f|f=site.jar&k=&h="; http_uri; metadata:policy
balanced-ips drop, policy security-ips drop, service http;
reference:url,http://research.zscaler.com/2013/06/openxadvertisingcom-mass-malvertising.html;...

Facebook Secure Cryptor sig James Lay (Jun 18)
Heh...slow week:

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC
Trojan.Win32 Facebook Secure Cryptor C2"; flow:to_server,established;
content:"|2f|forum|2f|search.php|3f|email="; http_uri; metadata:policy
balanced-ips drop, policy security-ips drop, service http;
reference:url,https://blog.avast.com/2013/06/18/your-facebook-connection-is-now-secured;
classtype:trojan-activity; sid:10000077;...

Re: Snort only partially alerting James Lay (Jun 18)
Frank,

Try capturing with tshark or tcpdump (use -s 0 for tcpdump to capture
the full packet. Then, after capturing, run it through snort with
something like:

sudo snort -c snort.conf -r bleh.pcap -k none

James

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev

Snort only partially alerting Frank Calone (Jun 18)
I still don't have a fix yet to the problem of Snort only alerting
occasionally. I have it setup to look for exe downloads using just 2
rules. I have a web site setup to download (not https) an exe file. I
decided to run snort in full packet logger mode to see what was coming in
(/usr/sbin/snort -dev -i p1p1 -l /var/log/snort -h x.x.x.x/16). I
immediately started getting the following warning messages:

(snort_decoder) WARNING: IP dgm...

Sourcefire VRT Certified Snort Rules Update 2013-06-18 Research (Jun 18)
Sourcefire VRT Certified Snort Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
The Sourcefire VRT has added and modified multiple rules in the
blacklist, browser-ie, browser-plugins, file-flash, file-java,
file-other, file-pdf, indicator-scan, malware-cnc, malware-other,
os-mobile, os-windows, protocol-dns, protocol-ftp, protocol-imap,
protocol-nntp, protocol-rpc, protocol-scada, protocol-snmp,...

Re: barnyard2 failing James Lay (Jun 18)
Comment out that snort -i line..that was used just as an example.

James------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:...

Re: barnyard2 failing beenph (Jun 18)
Are you sure you compiled barnyard2?

seem's like you compiled barnyard1 version 0.2.0..

You can get current barnyard2 master here: https://github.com/firnsy/barnyard2

Direct tar.gz link = https://github.com/firnsy/barnyard2/archive/master.tar.gz

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev

Re: Snort u2 output with vlan_event_type not supported by barnyard2? beenph (Jun 18)
Hi Agus,

UNIFIED2_IDS_EVENT_VLAN , type 104 and
UNIFIED2_IDS_EVENT_MPLS, type 99

Are parsed from the unified2 file but will not be sent to output plugins.

Expect full logging support in barnyard2 2.2.

In the meantime its not had to adapt current code to log those event
type with or without
the vlan information, if you need assistance or pointed to do so, do
not hesitate to mail
barnyard2-devel () googlegroups

Cheers,
-elz...

barnyard2 failing Herminio Hernandez (Jun 18)
I have compiles barnyard2 to write snort logs to my postgresql database but it is failing. Below is what I get

$ barnyard -c /opt/local/etc/barnyard2/barnyard2.conf -g /opt/local/etc/snort/gen-msg.map -s
/opt/local/etc/snort/sid-msg.map -d /var/log/snort -f snort.log -w /var/log/snort/barnyard.waldo
Barnyard Version 0.2.0 (Build 32)
Unrecognized config directive: 'reference_file: /opt/local/etc/snort/reference.config'...

Snort u2 output with vlan_event_type not supported by barnyard2? Agus (Jun 17)
Hi guys,

When configuring output u2 with clan_event_type, it seems that barnyard
doesn't output at all. When i remove it, it starts logging. Anyone is using
B2 with vlan?

Thanks!
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev_______________________________________________
Snort-users mailing list...

Re: Snort GUI Michal Purzynski (Jun 17)
+1 for the Security Onion. Installing it will let you test Snorby +
Squert + Sguil in no time (you should be set with a test installation in
like 15 minute max).

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev_______________________________________________
Snort-users mailing list
Snort-users () lists...

OpenVAS — Development and announcements regarding OpenVAS, a free network security scanner which forked from Nessus. This is a combination of the English openvas-announce, openvas-devel, openvas-discuss, and openvas-plugins lists.

OpenVAS-6 DEMO Virtual Appliance ready for try-out Jan-Oliver Wagner (Jun 18)
Dear OpenVAS users,

finally I pushed the OpenVAS-6 DEMO Virtual Appliance online:

http://www.openvas.org/vm.html

It survived our smoke tests, but I'd appreciate if the experienced
community members could give it a try before we officially announce it.

Remind that it is not a industry-standard solution. It is a DEMO
after all. But it is good basis to try out OpenVAS-6, to have a working
start for experiments of whatever kind.

Mirrors...

OpenVAS-6 DEMO Virtual Appliance ready for try-out Jan-Oliver Wagner (Jun 18)
Dear OpenVAS developers,

finally I pushed the OpenVAS-6 DEMO Virtual Appliance online:

http://www.openvas.org/vm.html

It survived our smoke tests, but I'd appreciate if the experienced
community members could give it a try before we officially announce it.

Remind that it is not a industry-standard solution. It is a DEMO
after all. But it is good basis to try out OpenVAS-6, to have a working
start for experiments of whatever kind....

Re: OpenVAS hangs while storing Windows Credentials / GnuPG Winfried Neessen (Jun 18)
Hi again,

nevermind. looks like the GPG keygeneration just took forever. Just in
this moment it finished:

md crypt: INFO:2013-06-18 09h28.09 XXXXXXXX:15131: starting key
generation ...
md crypt: INFO:2013-06-18 10h00.36 XXXXXXXX:15131: OpenPGP key 'OpenVAS
Credential Encryption' has been generated
md main:WARNING:2013-06-18 10h00.38 XXXXXXXX:16576: write_to_client:
failed to write to client: Error in the push function.
lib...

Re: OpenVAS hangs while storing Windows Credentials / GnuPG Michael Meyer (Jun 18)
*** Winfried Neessen wrote:

Does '/usr/pkg/openvas/etc/openvas/gnupg' exist and is it mode "600"?

Creation of first credentials can take some time. You could improve
the speed by running something like http://www.issihosts.com/haveged/.

Micha

OpenVAS hangs while storing Windows Credentials / GnuPG Winfried Neessen (Jun 18)
Hi,

I was just about to store a new set of Windows Credentials in OpenVAS 6.
After I press the
submit button, OpenVAS hangs infinite. In the openvasmd.log I can see the
following messages:

base gpgme:MESSAGE:2013-06-18 09h28.09 XXXXXXXX:15131: Setting GnuPG
homedir to '/usr/pkg/openvas/etc/openvas/gnupg'
base gpgme:MESSAGE:2013-06-18 09h28.09 XXXXXXXX:15131: Using OpenPGP
engine version '2.0.14'
md crypt:...

Re: false positive? NVT: Microsoft MS03-034 security check (OID: 1.3.6.1.4.1.25623.1.0.101015) Reindl Harald (Jun 15)
Am 15.06.2013 09:27, schrieb Michael Meyer:

hmm this makes it all more strange

* the NVT Result speaks about TCP not UDP, however
* the first alarm was on 2013-06-01
* it has gone away this week

really strange - if the NVT and anything relevant on VAS side has not
changed my only explanation would be that MS re-itroduced this bug
with the patchday before and fixed it with the last this week *and*
the real bug must have been in the...

Re: false positive? NVT: Microsoft MS03-034 security check (OID: 1.3.6.1.4.1.25623.1.0.101015) Michael Meyer (Jun 15)
*** Reindl Harald wrote:

,---[ http://openvas.komma-nix.de/nasl.php?oid=101015 ]
| # default NetBIOS udp port
| port = 137;
|
| [...]
|
| soc = open_sock_udp(port);
`----| ^^^

remote-MS03-034.nasl was not touched since 2012-01-09.

Micha

Re: location of scan status/progress in tasks,db Matthew Mundell (Jun 14)
It's also calculated every time.

location of scan status/progress in tasks,db Alexander Rau (Jun 14)
Hi:

Where is the scan status/progress percentage stored in tasks.db? I tried
looking through all tables but can's seem to locate it.

Thanks

Alex

Re: false positive? NVT: Microsoft MS03-034 security check (OID: 1.3.6.1.4.1.25623.1.0.101015) Reindl Harald (Jun 14)
well it seems recent NVT-updates *or* the MS patchday
this week fixed it but it would be interesting to know
what of both it was, as said if it was the windows
update the problem would have been much larger as the
NVT says in respect of a closed port

Am 14.06.2013 20:15, schrieb Reindl Harald:

false positive? NVT: Microsoft MS03-034 security check (OID: 1.3.6.1.4.1.25623.1.0.101015) Reindl Harald (Jun 14)
how can this affcet a full patched Windows Server 2008R2
where netbios-ns (137/tcp) is for sure not open from the
scanner IP as well as any other port of the machine?

not telnet nor nmap confirms 137 open

that would mean OpenVAS is doing something special to get
whatever response from the Windows machine while nmap says
there is no open port which would be much more critical
the the CVE because a major bug in the Windows firewall

Perl Module for OMP Winfried Neessen (Jun 12)
Hi all,

as I wanted to use the OpenVAS CVE reports within a Perl-Script, I thought
it would be useful
to use the OMP such purpose. As there seems no existing Perl-Module for
such task, I took
some time and wrote one.

You can find it on CPAN:
http://search.cpan.org/~wneessen/OpenVAS-OMP_0.04/

Maybe this might be helpful for other users as well.

Regards
Winni

Re: Workflow on inhouse continuous scanning? jelmer de reus (Jun 12)
Did you exclude printers etc. from the IP address range?not all devices like to get tickled ;)Also you can specify a
port list and exclude some of those 'critical' services.

Best regards,Jelmer

_______________________________________________
Openvas-discuss mailing list
Openvas-discuss () wald intevation org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Workflow on inhouse continuous scanning? Keso Fregol (Jun 11)
I had to stop the scan in question. But at the time there were one Oracle Service that gone haywire. And made the
server unusable. And an cots system, that is by design crap'ishly developed by an small 'local' firm.. The thing that
made me stop was the Oracle db server, so after that I haven't had the guts to continue scanning on our db net. These
scans were committed from a management network with no network filters in...

Re: Trend calculation Alexander Rau (Jun 11)
Thanks Matthew

More Lists

Related Resources

We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.