|
SecLists.Org Security Mailing List Archive
Any hacker will tell you that the latest news and exploits are not
found on any web site—not even Insecure.Org. No, the cutting edge
in security research is and will continue to be the full
disclosure mailing lists such as Bugtraq. Here we provide web
archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:
 Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects.
nmap can detect printer?
Jacky Jack (Jul 29)
Hi
How can I configure nmap not to scan for printers or other embedded devices?
Thanks.
NMap Scripts Vs Nessus
Jacky Jack (Jul 29)
Hi
Note in advance - no offense to nmap folks.
Let me tell what I feel.
Some of NMmap Scripts are now moving on for vulnerability scanning.
Those scripts are a smallest subset of what Nessus is now doing.
I have no idea why NSE folks write scripts that re-invent the wheel.
Although I appreciate that we have two options to validate the results,
a great deal of time will be wasted if NSE folks are
writing/converting Nessus plugins to NSEs....
Re: Nmap Scan Results
Jon Svede (Jul 29)
What do you want to do with the results? I.e., are you looking just
to convert it a Java object or are you trying to get into another
format or something else?
Jon
Re: fix to build nmap on some OpenBSD archs
Sebastian Reitenbach (Jul 29)
Hi,
I rechecked and saw that there are other patches needed to make this work:
http://www.openbsd.org/cgi-bin/cvsweb/ports/net/nmap/patches/patch-
nsock_include_nsock_h
http://www.openbsd.org/cgi-bin/cvsweb/ports/net/nmap/patches/patch-
nsock_src_nsock_pcap_h
Those are also needed to get nmap compiled on OpenBSD, also with newer gcc, I
tried on i386 with gcc-4.2.
I tried to remove above two patches and removed the patch above from...
Re: fix to build nmap on some OpenBSD archs
Sebastian Reitenbach (Jul 28)
Hi,
Thanks.
I'll recheck and let you know later.
Sebastian
typo in nmap-service-probes
Gutek (Jul 28)
just a small typo in the "Canon iR3570 printer ftpd" fingerprint (reads
"priter"), diff attached.
Regards,
A.G.
Re: New Feature in zenmap interface - Script Selection
kirubakaran S (Jul 28)
Yes, The formatting of text in Description box is not done. It is just
copy and paste of text in scripts. I am planning to do the formatting in
future.
cheers
Kirubakaran.S
http://kirubakaran-blessedblogger.blogspot.com/
Re: [Ncat] I'd like to contribute a feature
David Fifield (Jul 28)
Thanks for your interest! Please help us understand what you have in
mind by showing some example command lines and explaining how they will
work. A use case, a real-world problem that this will solve, is good
too.
You will want to refer to this documentation for getting the source
code.
http://nmap.org/book/install.html#inst-svn
http://nmap.org/book/inst-source.html
As for code organization, --sh-exec and --exec are handled in the files...
Re: [nmap-svn] r19330 - in nmap: . libnetutil
David Fifield (Jul 28)
Good catch on this. We had a test for --mtu in Nping, but I guess we
didn't look at the results closely enough.
David Fifield
Re: fix to build nmap on some OpenBSD archs
David Fifield (Jul 28)
Thanks. I see that this patch is mostly about not mixing code and
declarations in C code (not C++, where it is allowed). I have committed
that.
I'm not sure about this either. You say it is necessary for you to build
on OpenBSD? What if you use the --with-libpcap=included configure
option? I tried applying this part of the patch on x86_64 GNU/Linux, and
got the error
make[1]: Entering directory `/home/david/nmap/nsock/src'
gcc -c -I../../nbase...
Re: Bugfixes for smb-psexec
David Fifield (Jul 28)
I think this is fine to commit now.
David Fifield
Re: New Feature in zenmap interface - Script Selection
David Fifield (Jul 28)
Thank you for testing, Kris. I agree, we should collapse single newlines
into spaces. I noticed that <code></code> tags are not recognized
either, and * lists show up verbatim, though they look tolerable.
Kirubakaran already has a todo note to make the NSEDoc link clickable. I
think all these can be a part of a larger formatting task.
David Fifield
Re: New Feature in zenmap interface - Script Selection
Kris Katterjohn (Jul 28)
I have one comment on the Description box: the text tends to look rather goofy
because the script's description has manual line breaks in it and the editor
window wraps lines as well (it always pops up as a small window for me so it
does it often).
Maybe whitespace like spaces, tabs and single newlines can be stripped down to
single spaces so it all gets wrapped equally? Double newlines can remain for
paragraph separation. This is just a...
Re: Nmap Scan Results
Tuan Nguyen (Jul 28)
Can someone point me to where I could get help with Java parsing of the
following nmap xml output?
<?xml version="1.0"?>
<nmaprun>
<port protocol="tcp" portid="10243">
<state state="open" reason="syn-ack" reason_ttl="123"/>
<service name="unknown" method="table" conf="3" />
</port>
</nmaprun>
Thanks,...
Re: 5.30BETA1 cross-compile regression
Nuno Gonçalves (Jul 28)
2010/7/23 David Fifield <david () bamsoftware com>:
Even so it still encounter problems with, what seems, uClibc. Since 4.50.
mips-openwrt-linux-uclibc-g++ -c -DNOLUA -I./libdnet-stripped/include
-I/home/nuno/Desktop/openwrt2/trunk/staging_dir/target-mips_r2_uClibc-0.9.30.1/usr/include
-I/home/nuno/Desktop/openwrt2/trunk/staging_dir/target-mips_r2_uClibc-0.9.30.1/usr/include...
 Nmap Hackers — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.
Nmap Defcon Release: Version 5.35DC1
Fyodor (Jul 16)
Hi folks. It has been 3.5 months since the last Nmap release
(5.30BETA1 on March 29), and anyone following the nmap-dev list knows
that we've been very busy during that time. So I'm pleased to release
Nmap version 5.35DC1 containing the fruits of that labor. The Defcon
name is because that conference is awesome! And also because David
Fifield and I have an exciting Nmap talk planned there and at Black
Hat in a couple weeks (see...
Nmap News and Last Chance to Take the Survey
Fyodor (Apr 30)
Hi Folks. I have some Nmap news to share with you:
First off, I'm delighted to introduce the 2010 Nmap/Google Summer of
Code Team! Google has sponsored eight student developers to spend
this summer enhancing the Nmap Security Scanner and related projects,
so you can expect great things in coming months. Ithilgore and Luis
MartinGarcia are returning to improve Ncrack and Nping, new students
Drazen Popovic and Djalal Harouni will be working on...
Survey Reminder
Fyodor (Apr 14)
Hi folks, I have a quick question for you:
Q: What do the Nmap Scripting Engine, Ndiff, and the Zenmap Topology
Mapper have in common?
A: They're all features which were added after you asked for them in
the 2006 Nmap Survey!
With that in mind, I'd like to thank the 1,013 people who have already
taken the 2010 survey. We just need 1,987 more and we can close this
survey up, tabulate and share results, choose the prize winners, and
post...
Nmap/SecTools Survey and GSoC Deadline
Fyodor (Apr 07)
Hello everyone. I hope you're enjoying the 5.30BETA1 release. So far
it has proven stable and functional, so don't let the BETA name scare
you. You can get it at http://nmap.org/download.html. Meanwhile, I
have some great news, and I'm also asking for your help on two things.
The first is that the Nmap Project was again accepted for the Google
Summer of Code program, so we'll have full time coding help this
summer! SoC previously brought us...
Nmap 5.30BETA1 Released w/37 new scripts and new Apple vuln
Fyodor (Mar 29)
Hi folks! It has been two months since the 5.21 release and we've
been very busy during that time! I hope you're happy with the results,
which is a new 5.30BETA1 release made today. Top features include:
o 37 new NSE scripts, bringing the total to 117! New scripts cover
SNMP, SSL, Postgress, MySQL, HTTP, LDAP, NFS, DB2, AFS, and many
more. Also check out the clever host scripts qscan and
ipidseq. Learn about them all at...
Nmap 5.21 released
Fyodor (Jan 27)
Hello everyone. I'm pleased to release Nmap 5.21, which contains zero
exciting new features! It is a bug-fix only release instead,
addressing about a dozen issues discovered since 5.20. Thanks for all
the testing and bug reports! None of the bugs are critical, but we
wanted to polish things up since 5.21 may be the latest stable version
for a while. That gives us time to tackle and stabilize big
development projects. If you want to know...
Lots of Nmap News
Fyodor (Jan 22)
Hi folks. I'm happy to report that the 5.20 release went well. But
with this many improvements, there will always be a few bugs found.
We're planning to round those up with a bugfix-only 5.21 release next
week. So please test out 5.20 and report any problems you experience:
Download Page: http://nmap.org/download.html
Bug Report Instructions: http://nmap.org/book/man-bugs.html
If you're running from a build of the latest SVN checkout, you...
Nmap 5.20 Released
Fyodor (Jan 20)
Happy new year, everyone. I'm happy to announce Nmap 5.20--our first
stable Nmap release since 5.00 last July! It offers more than 150
significant improvements, including:
o 30+ new Nmap Scripting Engine scripts
o enhanced performance and reduced memory consumption
o protocol-specific payloads for more effectie UDP scanning
o a completely rewritten traceroute engine
o massive OS and version detection DB updates (10,000+ signatures)
The...
Nmap 5.00 Released!
Fyodor (Jul 16)
Hello everyone. I'm delighted to announce the release of Nmap 5.00!
This is the first major release since 4.50 in 2007, and includes about
600 significant changes since then! We consider this the most
important Nmap release since 1997, and we recommend that all current
users upgrade.
There are too many changes to list them all in this email, so here are
the top 5 improvements in Nmap 5:
1) The new Ncat tool aims to be your Swiss Army Knife...
Nmap news: stable release candidate 4.90RC1, SoC team, and new translations
Fyodor (Jun 26)
Hi Folks. I'm pleased to announce some exciting Nmap news:
[=================Nmap 4.90RC1==================]
It has been nearly 10 months (and 11 dev releases) since 4.76, the
last stable Nmap release. And we've made many dramatic changes, so it
is time for a new stable version! I've posted a release
candidate--4.90RC1--on the Nmap download page:
http://nmap.org/download.html
Please test it out, and let us know if you find any problems...
Nmap 4.85BETA6 now avail w/Conficker detection
Fyodor (Apr 01)
Hi Folks! In case you missed all the news reports yesterday, a couple
great researchers from the Honeynet Project (Tillmann Werner and Felix
Leder) and Dan Kaminsky came up with a way to remotely detect the
Conficker worm which has infected millions of machines worldwide.
Some say 15,000,000 machines infected, but that might just be
exaggerated AV-company BS for all I know. But there are clearly
millions of infections, and this massive botnet...
Nmap News: 4.84BETA4 release, Nmap book news, Summer of Code, Twitter, etc.
Fyodor (Mar 27)
Hello everyone. We've seen 848 messages on nmap-dev this year, but
this is my first post to nmap-hackers. So I have a lot of exciting
Nmap news to fit into this one email!
[=================Nmap 4.85BETA4==================]
While the last release I posted to this list was 4.76 in September of
last year, we've had four beta releases since then with hundreds of
important and dramatic changes. I'm pretty happy with the latest
4.85BETA4 release,...
 Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
CFP NcN 2010
Jose Nicolas Castellano (Jul 29)
*************************************************
* No cON Name 2010 Congress === Call For Papers *
*************************************************
Congress
<> http://noconname.org <>
<> October: 20,21 <>
Trainings
<> http://noconname.org <>
<> October: 18,19 <>
** What is No cON Name...
[ MDVSA-2010:142 ] openldap
security (Jul 29)
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:142
http://www.mandriva.com/security/
_______________________________________________________________________
Package : openldap
Date : July 28, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0,
Enterprise Server 5.0...
PBBooking 1.0.4_3 Joomla Component Multiple Blind SQL Injection
Salvatore Fresta aka Drosophila (Jul 29)
PBBooking 1.0.4_3 Joomla Component Multiple Blind SQL Injection
Name PBBooking
Vendor http://sourceforge.net/projects/pbbooking/
Versions Affected 1.0.4_3
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-07-29
X. INDEX
I. ABOUT THE APPLICATION
II. DESCRIPTION
III. ANALYSIS
IV....
[security bulletin] HPSBUX02556 SSRT100014 rev.2 - HP-UX Running rpc.ttdbserver, Remote Execution of Arbitrary Code
security-alert (Jul 29)
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02288473
Version: 2
HPSBUX02556 SSRT100014 rev.2 - HP-UX Running rpc.ttdbserver, Remote Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-07-13
Last Updated: 2010-07-28
Potential Security Impact: Remote execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team...
New vulnerabilities in Cetera eCommerce
MustLive (Jul 28)
Hello Bugtraq!
I want to warn you about security vulnerabilities in Cetera eCommerce.
-----------------------------
Advisory: New vulnerabilities in Cetera eCommerce
-----------------------------
URL: http://websecurity.com.ua/4266/
-----------------------------
Affected products: Cetera eCommerce 14.0 and previous versions.
-----------------------------
Timeline:
31.10.2009 - found vulnerabilities.
31.10.2009 - informed developers about...
Vulnerabilities in Cetera eCommerce
MustLive (Jul 28)
Hello Bugtraq!
I want to warn you about security vulnerabilities in Cetera eCommerce. Which
I disclosed already in December 2009 (SecurityVulns ID: 10489).
-----------------------------
Advisory: Vulnerabilities in Cetera eCommerce
-----------------------------
URL: http://websecurity.com.ua/3640/
-----------------------------
Affected products: Cetera eCommerce 14.0 and previous versions.
-----------------------------
Timeline:
01.03.2009 -...
PhotoMap Gallery 1.6.0 Joomla Component Multiple Blind SQL Injection
Salvatore Fresta aka Drosophila (Jul 28)
PhotoMap Gallery 1.6.0 Joomla Component Multiple Blind SQL Injection
Name PhotoMap Gallery
Vendor http://photoindochina.com
Versions Affected 1.6.0
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-07-28
X. INDEX
I. ABOUT THE APPLICATION
II. DESCRIPTION
III. ANALYSIS
IV....
[security bulletin] HPSBMA02549 SSRT090158 rev.2 - HP Insight Control Power Management for Windows, Local Unauthorized Read Access to Data
security-alert (Jul 28)
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02282361
Version: 2
HPSBMA02549 SSRT090158 rev.2 - HP Insight Control Power Management for Windows, Local Unauthorized Read Access to Data
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-07-12
Last Updated: 2010-07-27
Potential Security Impact: Local unauthorized read access to data
Source: Hewlett-Packard Company, HP...
Jira Enterprise 4.0.1 - Multiple Low Risk Vulnerabilities
advisories (Jul 28)
Jira - Multiple Low Risk Vulnerabilities
Versions Affected: 4.0.1 (other versions were not checked.)
Info:
JIRA provides issue tracking and project tracking for software
development teams to improve code quality and the speed of
development. (and so forth.)
External Links:
http://www.atlassian.com/software/jira/
Credits: MaXe (no previous vulnerability information about these
bugs were found.)
-:: The Advisory ::-
Jira is prone to Cross...
Secunia Research: Autonomy KeyView wkssr.dll Record Parsing Buffer Overflows
Secunia Research (Jul 28)
======================================================================
Secunia Research 28/07/2010
- Autonomy KeyView wkssr.dll Record Parsing Buffer Overflows -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's Description of...
Secunia Research: Autonomy KeyView wkssr.dll String Indexing Vulnerability
Secunia Research (Jul 28)
======================================================================
Secunia Research 28/07/2010
- Autonomy KeyView wkssr.dll String Indexing Vulnerability -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's Description of...
Secunia Research: Autonomy KeyView wkssr.dll Integer Underflow Vulnerability
Secunia Research (Jul 28)
======================================================================
Secunia Research 28/07/2010
- Autonomy KeyView wkssr.dll Integer Underflow Vulnerability -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's Description of...
Secunia Research: Autonomy KeyView wosr.dll Data Block Parsing Buffer Overflow
Secunia Research (Jul 28)
======================================================================
Secunia Research 28/07/2010
- Autonomy KeyView wosr.dll Data Block Parsing Buffer Overflow -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's Description...
Secunia Research: Autonomy KeyView rtfsr.dll RTF Parsing Signedness Error
Secunia Research (Jul 28)
======================================================================
Secunia Research 28/07/2010
- Autonomy KeyView rtfsr.dll RTF Parsing Signedness Error -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's Description of...
Secunia Research: Autonomy KeyView wkssr.dll Floating Point Conversion Buffer Overflow
Secunia Research (Jul 28)
======================================================================
Secunia Research 28/07/2010
- Autonomy KeyView wkssr.dll -
- Floating Point Conversion Buffer Overflow -
======================================================================
Table of Contents
Affected Software....................................................1...
 Full Disclosure — An unmoderated high-traffic forum for disclosure of security information. Fresh vulnerabilities sometimes hit this list many hours before they pass through the Bugtraq moderation queue. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. Unfortunately 80% of the posts are worthless drivel, so finding the gems takes patience.
Re: Patent Absurdity - How software patents broke the system
M.B.Jr. (Jul 28)
I'm sorry, Rohit.
Chances are you're gonna face some problems in the US.
Marcio Barbado, Jr.
[ MDVSA-2010:142 ] openldap
security (Jul 28)
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:142
http://www.mandriva.com/security/
_______________________________________________________________________
Package : openldap
Date : July 28, 2010
Affected: 2008.0, 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0,
Enterprise Server 5.0...
Re: Patent Absurdity - How software patents broke the system
M.B.Jr. (Jul 28)
Hi Rohit,
sorry for such a delay in this reply.
Your point alludes to one very generical concept but it is interesting
for it gives the chance to extirpate some confusion people make in
this subject.
See, maybe you don't clearly understand the difference between a
license and a patent.
A license is a contract between a licensor and a licensee. These 2
parties could be 2 commercial companies for example.
So, if your company's employees write...
New vulnerabilities in Cetera eCommerce
MustLive (Jul 28)
Hello Full-Disclosure!
I want to warn you about security vulnerabilities in Cetera eCommerce.
-----------------------------
Advisory: New vulnerabilities in Cetera eCommerce
-----------------------------
URL: http://websecurity.com.ua/4266/
-----------------------------
Affected products: Cetera eCommerce 14.0 and previous versions.
-----------------------------
Timeline:
31.10.2009 - found vulnerabilities.
31.10.2009 - informed developers...
Vulnerabilities in Cetera eCommerce
MustLive (Jul 28)
Hello Full-Disclosure!
I want to warn you about security vulnerabilities in Cetera eCommerce. Which
I disclosed already in December 2009 (SecurityVulns ID: 10489).
-----------------------------
Advisory: Vulnerabilities in Cetera eCommerce
-----------------------------
URL: http://websecurity.com.ua/3640/
-----------------------------
Affected products: Cetera eCommerce 14.0 and previous versions.
-----------------------------
Timeline:...
Qualys Adds Exploitability Data
sergio (Jul 28)
Re: Speakers Required for null+h4ck3r meet in Delhi on 31st July 2010
Tõnu Samuel (Jul 28)
Don't tell the country :P
Tõnu
Secunia Research: Autonomy KeyView wkssr.dll Record Parsing Buffer Overflows
Secunia Research (Jul 28)
======================================================================
Secunia Research 28/07/2010
- Autonomy KeyView wkssr.dll Record Parsing Buffer Overflows -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's Description of...
Secunia Research: Autonomy KeyView wkssr.dll String Indexing Vulnerability
Secunia Research (Jul 28)
======================================================================
Secunia Research 28/07/2010
- Autonomy KeyView wkssr.dll String Indexing Vulnerability -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's Description of...
Secunia Research: Autonomy KeyView wkssr.dll Integer Underflow Vulnerability
Secunia Research (Jul 28)
======================================================================
Secunia Research 28/07/2010
- Autonomy KeyView wkssr.dll Integer Underflow Vulnerability -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's Description of...
Secunia Research: Autonomy KeyView wosr.dll Data Block Parsing Buffer Overflow
Secunia Research (Jul 28)
======================================================================
Secunia Research 28/07/2010
- Autonomy KeyView wosr.dll Data Block Parsing Buffer Overflow -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's Description...
Secunia Research: Autonomy KeyView rtfsr.dll RTF Parsing Signedness Error
Secunia Research (Jul 28)
======================================================================
Secunia Research 28/07/2010
- Autonomy KeyView rtfsr.dll RTF Parsing Signedness Error -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's Description of...
Secunia Research: Autonomy KeyView wkssr.dll Floating Point Conversion Buffer Overflow
Secunia Research (Jul 28)
======================================================================
Secunia Research 28/07/2010
- Autonomy KeyView wkssr.dll -
- Floating Point Conversion Buffer Overflow -
======================================================================
Table of Contents
Affected Software....................................................1...
Secunia Research: Autonomy KeyView Compound File Parsing Buffer Overflow
Secunia Research (Jul 28)
======================================================================
Secunia Research 28/07/2010
- Autonomy KeyView Compound File Parsing Buffer Overflow -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's Description of...
Re: Speakers Required for null+h4ck3r meet in Delhi on 31st July 2010
Rockey Killer (Jul 28)
New Delhi , India
Don't use google map to find out :P
 Security Basics — A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.
Re: Beginner questions regarding PHP and MySQL Injection
zero9zero (Jul 29)
Well sql injection doesn't have to be in a lnput validation.. Usually they inject it through the url too...
A simple way to prevent sql injection is to filter out character like single quote, doubles, slash, backslash, semi
colon, extended character and etc, in all strings from input, url parameter, and values from cookie..
Try to googling more cause there's a ton paper to read.
Have fun,
Burhan M.
Sent from my BlackBerry®
powered by Sinyal...
make nmap not to scan fragile devices
Jacky Jack (Jul 29)
Hi
How can I configure nmap not to scan for printers or other fragile
devices lke nessus/openvas?
Thanks.
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will...
Re: Fw: North Korea conflict with US and South Korea could spark cyber war
Chester Enright (Jul 29)
n3td3v...yet another example of the creation of a phony organization
to promote an individual. Not a bad plan if you're trying to boost a
sickly resume...well that or actually doing something worthwhile
instead of blowing smoke on Internet mailing lists.
And also, the first rule of conning people into thinking you're a
legitimate organization is professional site design. Try to remember
that for your next troll organization.
Please stop with...
Re: Wikileaks, Afghanistan war logs leaked by hackers
Florian Rommel (Jul 29)
blah blah blah... yes i would rather sit back in the times when all we heard was the propaganda of the war machine and
no real information EVER got to the people... ah the good old blissful times...
this is a good start for one heck of a flamewar.. so which flame should we start? american "national security" vs the
worlds interest to know or "leaking" real information that is in direct contrast to lies published by the...
Re: Wikileaks, Afghanistan war logs leaked by hackers
pryorda pryor (Jul 29)
I think we should have access to all the warlogs anyways.. We are
paying them to be there!
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to...
Re: People on Google Security blog don't understand cyber terrorism
Jan G.B. (Jul 29)
Let's see what you posted on twitter not so long ago..
Here is a screenshot of 2010-06-11
http://img153.imageshack.us/img153/3624/screenshot233c.png
Here.. I have something for you: <°)((((((><
2010/7/23 andrew.wallace <andrew.wallace () rocketmail com>:
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of...
Re: Firefox Bypass Master password Vulnerability
Andre Pawlowski (Jul 29)
I tested this for myself with Firefox 3.6.8 and Google Chrome
5.0.375.125. It DID NOT work. Chrome has the option to import passwords
from Firefox but when you use a Master Password in Firefox, Chrome was
only able to import the URLs to the websites for which I saved passwords
in Firefox.
I think (and hope) the passwords are encrypted in Firefox when you use a
Master Password. Can anyone confirm that?
Regards
Andre Pawlowski...
FW: People on Google Security blog don't understand cyber terrorism
Murda (Jul 29)
Sorry, Tamer, I think you may have misunderstood this phrase:
Im assuming that David intended for this to mean the sysadmin in question
or the aforementioned sysadmin,. It doesnt mean that the sysadmins name
was Said(or Saeed or any permutation thereof).
It appears that there has been a miscomprehension of said word, would be
an example of its usage in this context.
Incidentally(and coincidentally) my response would be the same...
RE: Pwnie Awards 2010 should be condemned by the security community
Murda (Jul 29)
I will bring this up at the next security community meeting. I will also
suggest the inception of a black ops cyber-hit squad to cyber-takedown any
cyber-terrorists or cyber-insurgents and cyber-traitors. Together, we can
win this cyber-war if only we all use our cyber-sense and cyber-skills in
cyber-harmony. Then we can usher in a new dawn of cyber-topia where
cyber-people can cyber-roam in cyber-peace, free from cyber-fear. We are so
going to...
Re: People on Google Security blog don't understand cyber terrorism
Chad Perrin (Jul 29)
While Mr. Gillett (who also responded to you) made very good points, and
I agree with his statements, I feel it incumbent upon me to add one more
thing:
The term "terrorist" should not be applied to the case of Tavis Ormandy's
public disclosure of a vulnerability in software distributed by
Microsoft. In fact, there is quite obviously no malicious intent
involved -- obviously, at least, to anyone willing to actually read about
what...
RE: Fw: North Korea conflict with US and South Korea could spark cyber war
Murda (Jul 29)
I wonder if he can hear us trip-trapping on 'his' list. Just wait 'til my
big brother, Gruff gets here.
-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Adam Mooz
Sent: Wednesday, July 28, 2010 5:37 AM
To: Wim
Cc: security-basics () securityfocus com
Subject: Re: Fw: North Korea conflict with US and South Korea could spark
cyber war
while there are a few trolls, andrew being...
Wikileaks, Afghanistan war logs leaked by hackers
andrew.wallace (Jul 29)
Julian Assange alleges it was a computer hacker who accessed databases via the
internet who gave him the Afghanistan war logs.
This highlights the need for tighter cyber security laws, not only are
researchers such as Tavis Ormandy making irresponsible technical flaw
disclosures, anonymous hackers are leaking national security information to
Wikileaks.
We really need to get tougher cyber security laws in place to tackle what's
going...
Beginner questions regarding PHP and MySQL Injection
James Bensley (Jul 29)
List of great knowledge...
I have set my self up a test lab some some PHP excersies; it seems the
infamous ' or 1=1 -- is way to easy to exploit; I can only get it to
work if I give it a stupidly oversized helping hand :D
(i.e. php magic quotes is turn off and no input validation of any sort
is being performed)
As soon as I start using as a minimum stringslashes() and
mysql_real_esacpe_string() and/or turn magic quotes on, I can no
longer...
Re: NMap Scripts Vs Nessus
Jacky Jack (Jul 29)
Yeah, it's up to their wishes.
But we should be able to make good decision and choice for our time spent.
The willingness to contribute is good but the willingness to
contribute in what it's most needed and most wanted is better.
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate....
Re: Fw: North Korea conflict with US and South Korea could spark cyber war
Robert Larsen (Jul 29)
Seems like this n3td3v/Andrew troll has been around for a while:
http://it.toolbox.com/blogs/managing-infosec/security-trolls-n3td3v-12460
http://seclists.org/fulldisclosure/2009/Nov/227
 Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.
HELP. How to dump one NDS?
Alonso Jose da Silva II (Jul 28)
Guys,
I have one Novell NDS 8.8 SP5 and one 8.7.3.9, can some help me?
How can I dump the users accounts and HASHs from the database?
BR,
AlonsoII
Re: People are bad at trust.... new article
Pete Herzog (Jul 28)
Jeff,
I think laziness is an international thing ;) But it's not why we are
bad at trust. We are actually wired to be good at it but so many
things corrupt and cross those wires that by the time we are 7 years
old, we already have a poor foundation for doing it at all.
Our best hope to fix this is to learn again how to trust by knowing
the right reasons to trust. This is crucially important to ANYONE who
works in security.
-pete.
Re: demoing sslv2 vulns
Saleh (Jul 28)
Here is a demonstration for SSL Strip Attack:
http://securitytube.net/SSLstrip-Tutorial-video.aspx
Re: demoing sslv2 vulns
Robin Wood (Jul 28)
A we've pointed out quite a few times, I was looking for attacks on
SSLv2 and the ciphers, not things like this.
Robin
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT
and CEPT certs require a full practical examination in order...
Re: People are bad at trust.... new article
Pete Herzog (Jul 28)
Hi Saleh,
Trust is a good thing because it's efficient and requires less effort
to maintain for most people. While I agree that how people feel about
trust cannot be measured except by surrogate (like how wine tasters
rate wines for us is not really how we might experience the same wine)
we can measure reasons to trust, which allows us to use our trust
properly and in the right context. By only stopping trust when "people
prove...
Re: when to fix , when to not to fix the vuln.
Tony Turner (Jul 28)
You need to put the findings in context. It's not enough to say "Fix the
vulns with highest score" as your pentester likely may not understand
your business well enough to know that the moderate vuln impacting your
mission critical system is actually a larger concern than the severe
impacting a less critical system, especially if it would be difficult to
use that system to pivot due to IPSEC rules or whatnot. Or perhaps you
have an...
Re: when to fix , when to not to fix the vuln.
Jason Ross (Jul 25)
In 2 of those 3 scenarios, this shouldn't be a question.
In the first (someone gave you a pentest report), the person providing
said report should be working with you to help you understand the
vuln.
Additionally, the report itself should contain the information
required to not only understand the vulnerability, but recreate the
test such that its presence can be confirmed, or even exploited, by
yourself as the client.
In the third example (you...
Re: when to fix , when to not to fix the vuln.
Robert Portvliet (Jul 25)
If they gave a you a good report you should have the vulnerabilities
listed in order of severity, in which case you should fix the most
critical (those that present the greatest risk) first, unless you know
of some compensating control that limits your exposure to said
vulnerability, in which case perhaps another vuln may be more
important to remediate first.
If the company\individual performing the pentest did not indicate the
severity of their...
Re: when to fix , when to not to fix the vuln.
Todd Haverkos (Jul 25)
a bv <vbavbalist () gmail com> writes:
One part of your question is relatively easy--if the pen test report
doesn't include that value add of explaining the vulnerabilities
they're listing, your penetration tester isn't doing their job. With
simpler vuln scans, it's not nearly as surprising for a customer to
have to go and do more of the reasearch and risk assessment on their
own.
In the report, hopefully there are CVE numbers as...
Re: How to tweak tools against targets that block ICMP
Jacky Jack (Jul 24)
Hi Demetris Papapetrou
Now I know what you mean. I never think like this before.
Your thinking is one of Top Pentester's smart thinking.
My concern using port forwarding tools is that
- Can they actually handle or route the traffic of all kinds -
weird/high volume?
- Can the host machine be affected if core scanners like
nessus/metasplolit? Seems attacking own machine?
Thanks....
People are bad at trust.... new article
Pete Herzog (Jul 24)
"People are bad at trust....
We can probably say that trust impacts nearly every decision we make.
Trust affects our relationships. Trust is a key component in our
security and well being. But for all its importance, most everyone
still approaches trust from “the gut”. We mostly let our bio-chemistry
call the shots. And we can prove that WE ARE BAD AT DOING IT!"
A new article called Essential Trust Analysis is now available...
Re: How to tweak tools against targets that block ICMP
Robert Portvliet (Jul 24)
What is the behavior you are seeing? (Does it fail because it can't
ping the host?)
What tool(s) are you using?
I would think most scanners would have an option to skip this step
(like nmap has -PN)
If the tool you are using doesn't have this option, I would consider
using a tool where you can craft your packets to slip thorugh the
packet filter, like with NMAP, HPING, SCAPY, etc.
Also, take into consideration that although they are blocking...
when to fix , when to not to fix the vuln.
a bv (Jul 24)
Hi,
Someone gave you a pentest report , or a basic tool scan report or
you have done the scan. There are v ulnerabilities found and listed.
How do you understand the vuln. and when do you try to
fix it, or when you dont fix it?
Regards
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you...
Re: demoing sslv2 vulns
Richard Miles (Jul 24)
Hi chintan,
But SSL Strip is another attack, it's not because of the weak cipher
used. There is any POC against the SSL weak ciphers + web server?
Thanks
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT
and CEPT certs require a...
Re: VPNs and double encryption
Miguel Gonzalez (Jul 24)
Many thanks to everybody. Someone pointed me out that TCP over TCP was not a good idea and was much better to use TCP
over UDP. That's what I've done, OpenVPN allows using UDP instead. I have tested Asterisk and works pretty fine.
Miguel
--- El jue, 15/7/10, Nick Besant <lists () hwf cc> escribió:
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification...
 Info Security News — Carries news items (generally from mainstream sources) that relate to security.
Researcher Exposes Massive Automated Check Counterfeiting Operation Out of Russia
InfoSec News (Jul 29)
http://www.darkreading.com/database_security/security/attacks/showArticle.jhtml?articleID=226300183
By Kelly Jackson Higgins
DarkReading
July 28, 2010
BLACK HAT USA -- Las Vegas -- A researcher has blown wide open a
sophisticated online check-counterfeiting operation out of Russia that
used a combination of a VPN'ed botnet, Zeus, and Gozi Trojans, SQL
injection attacks, and money mules to print around $9 million worth of
counterfeited U.S....
Security researcher demonstrates ATM hacking
InfoSec News (Jul 29)
http://news.cnet.com/8301-1009_3-20012019-83.html
By Declan McCullagh
CNet News
Security
July 28, 2010
LAS VEGAS -- Hacking into an ATM isn't impossible, a security researcher
showed Wednesday. With the right software, it's actually pretty easy.
Barnaby Jack, director of security testing at Seattle-based IOActive,
hauled two ATMs onto the Black Hat conference stage and demonstrated to
a rapt audience the fond daydream of teenage hackers...
DHS official fields hard questions at Black Hat
InfoSec News (Jul 29)
http://www.computerworld.com/s/article/9179789/DHS_official_fields_hard_questions_at_Black_Hat
By Robert McMillan
IDG News Service
July 28, 2010
The U.S. Department of Homeland Security sent its highest-ranking
official ever to speak at the Black Hat conference this week, and its
Deputy Secretary Jane Holl Lute ended up fielding a few tough questions
from skeptical computer security professionals in attendance.
During a question-and-answer...
Android wallpaper app that steals your data was downloaded by millions
InfoSec News (Jul 29)
http://mobile.venturebeat.com/2010/07/28/android-wallpaper-app-that-steals-your-data-was-downloaded-by-millions/
By Dean Takahashi
Mobile Beat
July 28, 2010
A questionable Android mobile wallpaper app that collects your personal
data and sends it to a mysterious site in China, has been downloaded
millions of times, according to data unearthed by mobile security firm
Lookout.
That means that apps that seem good but are really stealing your...
BlackBerry agrees to address India's security concerns: MHA
InfoSec News (Jul 29)
http://timesofindia.indiatimes.com/business/india-business/BlackBerry-agrees-to-address-Indias-security-concerns-MHA/articleshow/6232306.cms
The Times of India
July 29, 2010
NEW DELHI: The government today said the makers of BlackBerry - Research
in Motion (RIM) - has given an assurance to it on soon addressing its
security concerns and hoped that the Canadian service provider and
security agencies would be on the "same page"....
One Breach = $1 Million To $53 Million In Damages Per Year, Report Says
InfoSec News (Jul 27)
http://www.darkreading.com/database_security/security/attacks/showArticle.jhtml?articleID=226200272
By Kelly Jackson Higgins
DarkReading
July 26, 2010
Organizations are getting hit by at least one successful attack per
week, and the annualized cost to their bottom lines from the attacks
ranged from $1 million to $53 million per year, according to a newly
published benchmark study of 45 U.S. organizations hit by data breaches.
The...
Black Hat too commercial for you?
InfoSec News (Jul 27)
http://www.networkworld.com/news/2010/072610-security-conferences.html
By Tim Greene
Network World
July 26, 2010
Two premiere security conferences -- Black Hat and DefCon -- run
back-to-back in Las Vegas this week, each with their own distinct
flavor. But even these events don't meet the needs of all computer
security pros, setting the stage for a widening set of satellite events.
Some of these alternatives are corporate sponsored and some...
Black Hat: Mobile Flaws Get Attention
InfoSec News (Jul 27)
http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=226100127
By Thomas Claburn
InformationWeek
July 22, 2010
At the Black Hat USA 2010 conference, July 24 - 29 in Las Vegas, mobile
security won't just be over the air, it'll be in the air. Nowadays, said
conference founder Jeff Moss, "it's all mobile all the time. It's like
when they introduced Windows 7 or Windows XP -- it's all new. Everybody
is...
[Dataloss Weekly Summary] Week of Sunday, July 18, 2010
InfoSec News (Jul 27)
========================================================================
Open Security Foundation - DataLossDB Weekly Summary
Week of Sunday, July 18, 2010
45 Incidents Added.
========================================================================
DataLossDB is a research project aimed at documenting known and reported
data loss incidents world-wide. The Open Security Foundation asks for
contributions of new incidents and new data for...
39 IOS unveils advanced cyber schoolhouse addition
InfoSec News (Jul 27)
http://www.afspc.af.mil/news/story.asp?id=123214901
By Capt. Carrie L. Kessler
39th Information Operations Squadron
7/26/2010
HURLBURT FIELD, Fla. -- Members of the Air Force's sole information
operations and cyber formal training unit celebrated a milestone July
20, with a ribbon-cutting ceremony to mark the completion of the
long-awaited 4,500 sq. ft. facility addition.
"We're at an all time high of graduating more than 480...
Call for Chapter Proposals
InfoSec News (Jul 27)
Forwarded from: George Yee <gmyee (at) sce.carleton.ca>
Apologies for cross-posting.
Dear Colleague,
Greetings! I would like to invite you to submit a chapter proposal to a
new book I am editing, entitled "Privacy Protection Measures and
Technologies in Business Organizations: Aspects and Standards", assuming
this topic lies within your work area. The due date for the proposal is
August 15, 2010. For more details, please...
MoD loses a staggering 340 laptop computers in TWO YEARS...and most of them were not encrypted
InfoSec News (Jul 27)
http://www.dailymail.co.uk/news/article-1296773/MoD-loses-staggering-340-laptop-computers-TWO-YEARS--encrypted.html
By Daily Mail Reporter
22nd July 2010
The Ministry of Defence has lost or had stolen 340 laptops worth more
than £600,000 in the last two years, figures reveal today.
A total of 593 CDs, DVDs and floppy disks, 215 USB memory sticks, 96
removable hard disk drives and 13 mobile phones have also disappeared
from the department...
CfP: WORKSHOP ON CLOUD PRIVACY, SECURITY, RISK & TRUST (CPSRT 2010) - Deadline Extended!
InfoSec News (Jul 25)
Forwarded from: George Yee <gmyee (at) sce.carleton.ca>
DEADLINES EXTENDED!!
CALL FOR PAPERS (For HTML version, please visit
http://CPSRT.cloudcom.org/)
INTERNATIONAL WORKSHOP ON CLOUD PRIVACY, SECURITY, RISK & TRUST (CPSRT 2010)
In conjunction with 2nd IEEE International Conference on Cloud Computing
Technology and Science (CloudCom 2010), November 30 - December 3, 2010
Indiana University, USA, http://2010.cloudcom.org/...
Police called over pizza hack
InfoSec News (Jul 25)
http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=10661073
By Joseph Barratt
nzherald.co.nz
July 25, 2010
The personal details of several Kiwi celebrities have been released by
hackers as proof they have cracked Hell Pizza's customer database.
Private information including passwords, email and home addresses, phone
numbers - plus pizza orders - have fallen into the hands of the
anonymous cyber hackers.
Hell have called in...
Wikileaks releases massive set of Afghan war files
InfoSec News (Jul 25)
http://news.cnet.com/8301-1009_3-20011594-83.html
By Declan McCullagh and Steven Musil
Security
CNET News
July 25, 2010
Wikileaks, the document-leaking organization that has previously
released internal U.S. military videos, on Sunday disclosed over 75,000
confidential files related to the war in Afghanistan.
The group gave the documents in advance to the New York Times, Germany's
Der Spiegel, and the U.K.'s Guardian newspaper, which...
 Firewall Wizards — Tips and tricks for firewall administrators
Re: Taking a traffic snapshot with network IDS
vern (Jun 21)
You might want to check out Bro in this regard, which IMHO excels at this
sort of information gathering/logging. www.bro-ids.org
Vern
Re: firewall-wizards Digest, Vol 50, Issue 5
Bernie (Jun 21)
Personally I'd use wireshark Daniel. The ability to create file sets
would allow for a full 24 hrs of capture. The book just out on
Wireshark by Laura Chappell is a great resource.
Re: Taking a traffic snapshot with network IDS
Marcus J. Ranum (Jun 21)
Yack, Daniel wrote:
I think you might want to look at things like argus, urlsniff, and
wireshark for your data-gathering, if data is what you're
after. What an IDS does is gives you its notion of what it saw,
based on its rules (i.e.: the preconceptions of whoever wrote the
IDS' rule-base) If you're trying to do discovery, you want the
undigested raw data, or something closer to it.
That said, an IDS can be turned into one heck of a nice...
Re: Taking a traffic snapshot with network IDS
Farrukh Haroon (Jun 21)
Instead of capturing each packet, you would be better off going via the
Netflow Path IMHO.
There are a number of free netflow analyzers available on the Internet e.g.:
http://www.plixer.com/products/netflow-sflow/free-netflow-scrutinizer.php
http://www.solarwinds.com/products/freetools/netflow_analyzer.aspx
http://www.paessler.com/ ( I think they offer one netflow sensor in the free
version)
Regards
Farrukh
On Fri, Jun 18, 2010 at 4:58 PM,...
Taking a traffic snapshot with network IDS
Yack, Daniel (Jun 21)
There are probably one thousand ways to do this, but I wanted to toss
this out...
For simplicity, let's just say I'm watching traffic from an internet
router to my core router(s). That's the only segment I'm interested in.
The goal is for me to discover out all 'normal' traffic in my
environment, and take a snapshot of that. By snapshot, I mean gather
traffic for 24 hours. Then review all of it manually, and create a
template that says...
Re: Firewall Best Practice regarding XMPP traffic?
paddy joesoap (Jun 17)
Hi Kevin and all,
I have taken on board the XMPP administrators views that TLS should
always be used and thus eliminates (or at least minimises) the ability
to perform layer-7 filtering. However, from reading the various XMPP
RFC's called XEP's, I think the there are situations that allow for
DPI and defense in-depth situations using a firewall. Its not just as
simple as opening XMPP service ports and leaving the XMPP server
handle security on...
Re: Firewall Best Practice regarding XMPP traffic?
K K (Jun 17)
In my experience, yes -- XMPP servers are generally deployed in the
DMZ with TLS enabled (required) for all connections.
Theoretically you could load a copy of your XMPP server's private key
onto a content inspection device, granting it visibility inside the
encrypted session. I've never known anybody to do this in practice.
What I have seen done for a corporate XMPP deployment is to have the
clients connect to an edge device using the legacy...
Firewall Best Practice regarding XMPP traffic?
paddy joesoap (Jun 16)
Hi all,
In securing XMPP (Jabber, IM) servers, what best practice in your
opinion should be used.
Having consulted with the XMPP community, they tend to think of TLS
communication channels only and thus a firewall becomes somewhat
redundant from an XMPP perspective.
That is, the XMPP server should handle authentication, deep packet
inspection, IP address filtering and so forth. (Of course this is a
simplistic view given a
firewall helps...
Re: Hidden ISP firewall/filtering
Paul Melson (Jun 08)
IPSec, but when
gateway not responding
when I do a shields
anyone know if there is > a way to find out if our ISP actually has a
firewall/filtering in place, or b) have any other > thoughts.
You should be able to portscan with a tool like NMap or similar from a
switch connected to the external interface of the firewall and then scan
from another vantage point that traverses the ISP (home, coffee shop,
airport, etc.) If the ports...
Re: Hidden ISP firewall/filtering
Kurt Buff (Jun 08)
Layer 4 traceroute (http://pwhois.org/lft/) comes to mind, or nmap,
against a remote target controlled by you.
Kurt
Re: Hidden ISP firewall/filtering
Craig Van Tassle (Jun 08)
Your best bet is to check with your ISP.
A good way to check is to setup a couple of servers on a box, put that
outside your firewall and then see if you can telnet to them. I would use
a box that you can wipe after you do this test.
R: Hidden ISP firewall/filtering
Andrea Mennini - Mobile (Jun 08)
Try grc.com shields up. It should give you a basic idea.
My 2 cents
Ciao
Andrea Mennini (da mobile / vom Handy aus)
-----Original Message-----
From: "Jerrod Fuller" <jfuller () whitesboots net>
Date: Wed, 26 May 2010 09:54:18
To: <firewall-wizards () listserv icsalabs com>
Subject: [fw-wiz] Hidden ISP firewall/filtering
Hidden ISP firewall/filtering
Jerrod Fuller (Jun 04)
I recently purchased a Watchguard XTM2 to handle our firewall and VPN with
IPSec, but when attempting to connect via VPN with IPSec, it gives a message
of "VPN gateway not responding (waiting for MSG2)" I have removed our
watchguard from the network and when I do a "shields up" scan it shows all
ports being closed. Long story short . . . does anyone know if there is a
way to find out if our ISP actually has a...
EUSecWest 2010 MiniCFP (conf Jun 16/17) and PacSec 2010 CFP (conf Nov 10/11, deadline July 30)
Dragos Ruiu (Jun 04)
-- EUSecWest 2010 MiniCFP (PacSec CFP Follows)
One of our presenters was unable to get corporate approval for his
travel and cancelled out. As such we are opening up one or two
available slots for last minute submissions. We are also offering
a referral bounty of a free conference registration for high quality
replacement papers on short notice. (The Conference is on June 16/17
at the Melkweg in Amsterdam.) Please forward submissions to...
 IDS Focus — Technical discussion about Intrusion Detection Systems. You can also read the archives of a previous IDS list
CFP: Deadline Extended: SLAML'10
Mohror, Kathryn (Jun 18)
Workshop on Managing Systems via Log Analysis and Machine
Learning Techniques (SLAML '10)
=============================================
October 2-3, 2010
Vancouver, BC, Canada
(at OSDI)
http://www.usenix.org/events/slaml10/cfp/
=============================================
********...
Announcement: xtractr updates
pcapr (Jun 08)
Just a quick note to let you know that the lite version of xtractr can
now index up to 10 million packets or 1GByte of pcaps. This makes it
easy to grab large packet traces from a production network and perform
troubleshooting and forensics with just a few clicks. We have also
updated the live demo of xtractr to use the pcap from the Honeynet
Challenge #4 (VoIP). Can you answer the forensics questions?
http://www.pcapr.net/xtractr
If you are...
Performance measurement tool for IDS/IPS
wittybugz (Jun 01)
Hi All,
Is any tool available in market (free or paid) for measuring performance of Host based IDS/IPS devices?
I want to measure performance for protocols like HTTP,FTP,SMB/RPC,DNS etc.
Thanks,
Prateek
-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate
on your web...
 Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.
Re: Fwd: Hash for data in transit
Robert Hajime Lanning (Jul 28)
You can hash the form data, then encrypt the hash with a shared transaction
key given to the user via a capcha type of method.
Basically you sign the form data using a capcha phrase as the random
shared per transaction key. Just make sure the whole transaction uses
SSL/TLS of appropriate strength.
That would prove against tampering in transit, twice over. Once via the
SSL/TLS and second via the internal signing.
Re: Fwd: Hash for data in transit
richardhigh (Jul 27)
Saleh,
Thanks for the feedback. Our team is still trying different things to comply with this security requirement. Trying to
find a solution to verify the integrity without opening more vulnerabilities with the solution. Any additional
suggestions are welcomed.
Thanks.
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request...
Fwd: Hash for data in transit
Saleh (Jul 26)
---------- Forwarded message ----------
From: Voulnet <voulnet () gmail com>
Date: Fri, Jul 23, 2010 at 7:51 PM
Subject: Re: Hash for data in transit
To: Saleh <q8mosfet () gmail com>
That is wrong in a security perspective. The initial asker asked about
using it for data integrity between a web app and a browser, a path
that is filled with perils and dangers, hence CRC is not really the
best option.
Using CRC, there is absolutely...
Re: Hash for data in transit
Peter M. Jansson (Jul 21)
So section 3.7.5 if the DISA Application Security and Development STIG V3R1 seems to be the requirement in question,
but who is it that's saying that a properly configured TLS/SSL connection doesn't meet the requirement, and why? I
question how the STIG is being read here.
I agree with Robert that there's no reason to trust SSL any less than a client-side JavaScript implementation.
(Actually, I worry a bit more about potential bugs in the...
Re: Hash for data in transit
Robert Hajime Lanning (Jul 21)
Well, outside of an AES128-SHA1 SSL connection, there really isn't much that can
be done for transit protection.
I would not trust any JavaScript implementation of form data hashing.
Since that is
all modifiable on the client side.
If you can't even trust certificates, how are you going to trust the
client platform?
Re: Hash for data in transit
Richard Moore (Jul 21)
If the intention is to protect against malicious changes (as the
reference to tripwire suggests) then CRCs would be a very poor choice.
They are vulnable to a range of attacks that allow the data to be
modified whilst the CRC remains valid. If a secure hash is required
then something like SHA-1 or SHA-256 should be used.
This is also true.
Cheers
rich.
Re: Hash for data in transit
Martin Tartarelli (Jul 21)
Hi Richard,
HDIV (http data integrity validator ) is Open Source Security
Framework for HTTP.
OWASP ESAPI is another security tool
2010/7/20 Nikhil Wagholikar <visitnikhil () gmail com>:
RE: Hash for data in transit
Jacqueline.Primrose (Jul 21)
Have you checked out GlobalScape EFT?
http://www.cuteftp.com/
Jackie Primrose
-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of richardhigh () imgva com
Sent: Tuesday, July 20, 2010 3:04 PM
To: webappsec () securityfocus com
Subject: Hash for data in transit
Does anyone know of any tools out there that can be used to ensure the integrity of data while in transit from a web...
Re: Hash for data in transit
Saleh (Jul 21)
According to one of my friends (voulnet () gmail com)
CRC is not that good in data integrity (errors can be masked)
HTTPS will do good =D
Re: mysql selecting into outfile in an insert
Robin Wood (Jul 21)
As I said, on my box I'm root, I've all the privs available and the
"into outfile" works fine on its own.
Robin
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
Re: Hash for data in transit
Nikhil Wagholikar (Jul 20)
Hi Richard,
CRC is one of the best methods for integrity checking (more precisely
'detection') of data between web server and web browser.
In any case, like Robert said, HTTPs will do integrity check for the data.
---
Nikhil Wagholikar
Senior Consultant
Ernst and Young (India)
Web: http://www.ey.com/India
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic...
Re: mysql selecting into outfile in an insert
Camilo Uribe (Jul 20)
Look for the file privilege:
http://dev.mysql.com/doc/refman/5.1/en/privileges-provided.html#priv_file
By the way as a security measure, mysql will not overwrite existing files.
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus...
Re: Hash for data in transit
Robert Hajime Lanning (Jul 20)
https will between the browser and the webserver.
Re: mysql selecting into outfile in an insert
Robin Wood (Jul 20)
Not sure on the vulnerable app I'm testing but in my lab I'm on as
root and can run the "select into outfile" fine.
Robin
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
Hash for data in transit
richardhigh (Jul 20)
Does anyone know of any tools out there that can be used to ensure the integrity of data while in transit from a web
app and a user using a website to enter information?
I've heard of Tripwire and ossec but those more for OS or for files at rest.
Any ideas are welcomed. Thanks.
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE....
 Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.
Re: Things that slipped the pwnie net.
Alexander Sotirov (Jul 25)
NGINX got a pwnie nomination by proxy, Dr. Raid's song 'Pwned' mentions the
NGINX bug in the intro:
Dude, I saw you in fuckin' ZF0
they got you and everyone in your fuckin' chan
What?!?
(You got 0wned)
Dude, you got NGINX running on your fuckin' web server
(That's how you got 0wned)
Yeah dude, NGINX is good, what?
They popped your box and took your damn key!
Those pics of you and your sis, they base64 encoded that shit and...
Call For Papers - Hackers 2 Hackers Conference 7th Edition - Brazil
Rodrigo Rubira Branco (BSDaemon) (Jul 25)
CALL FOR PAPERS - Hackers 2 Hackers Conference 7th edition
The call for papers for H2HC 7th edition is now open. H2HC is a hacker
conference taking place in Sao Paulo, Brazil, from 27 to 28 November 2010.
[ - Introduction - ]
For the seventh consecutive year and past success we have been having,
the annual Hackers 2 Hackers Conference will be held again in Sao Paulo,
from 27 to 28 November 2010, and aims to get together industry,...
Re: there might be three people who missed it...
Jon Oberheide (Jul 22)
This brings up an interesting question I had related to cross-vendor
responsible disclosure when I came across a comment from Chris regarding
the recent libpng vulnerability in Chrome:
http://code.google.com/p/chromium/issues/detail?id=45983#c17
(I'm not reproducing the comment here since it's worth reading it in the
full context of the bug)
It's certainly a tricky issue: how does Google balance the secret
disclosure (via an innocent-sounding...
there might be three people who missed it...
Michal Zalewski (Jul 22)
...so FYI:
http://googleonlinesecurity.blogspot.com/2010/07/rebooting-responsible-disclosure-focus.html
/me grabs popcorn.
/mz
SILICA-U
dave (Jul 22)
So it's been a while since I've posted about wireless penetration testing. And
wireless penetration testing hasn't CHANGED a whole lot. But how we do it has. So
first, some history:
SILICA was a product that worked on the Nokia n-series. The great thing is they are
cell-phone sized. The problem with that is they have a cell phone's ram and CPU and
wireless range (aka, none). This made advanced features like WEP cracking difficult
to implement....
Re: Your trusted computing base is not what you think it is! :>
Florian Weimer (Jul 19)
Only if the key is virtually unused. If it is not, revocation is
close to impossible because of the impact on legitimate signatures.
There are some attempts to address this (like timestamping signatures
from a trusted third party), but that doesn't help if your key
material is compromised and you continue to use it to create new
signatures.
You could require that signatures are stored on tamper-proof devices
which cannot leak the key material,...
Mini Fuzzer Shootout
Ben Nagy (Jul 19)
Hi all,
So, I've been presenting recently on 'industrial' fuzzing. This
basically means going really fast, then scrambling around, trying to
catch up by writing surrounding tools that can scale well enough to
make use of the speed. I was talking to Charlie Miller about his CSW
slides, which contain some awesome metrics for people in the game -
crash percentages, what percentage of those bugs are any good etc -
and decided that one of the things...
Kiwicon IV: Our Worst CFP Yet
Kiwicon (Jul 15)
----[ TRULY THE FUTURE IS NOW, FOR IT IS THE YEAR
_______ _______ _____ _______ _______ ______
| || _ || _ || _ || _ || _ \
|___| ||. | ||.| ||. | ||. 1 ||. | \
/ ___/ |. | |`-|. ||. | ||. _ ||. | \
|: 1 \ |: 1 | |: ||: 1 ||: | ||: 1 /
|::.. . ||::.. . | |::.||::.. . ||::.|:. ||::.. . /...
Re: Your trusted computing base is not what you think it is! :>
Shane (Jul 15)
The good thing about their signing key is that it's static (does not
change too often) and can be revoked, if not the value is actually
higher then their source (key not changing, one time theft = high value,
vs. source code/changes frequently = value goes down over time).
Hopefully the revokation procedure is being enforced. =).
I've almost never seen a verified FF addon...
Your trusted computing base is not what you think it is! :>
dave (Jul 15)
Here are some trojans signed by a key from realtek, supposably. How cool is that! You
have to assume the signing key was at least as protected as their source code, right? :>
http://anti-virus.by/en/tempo.shtml
Likewise, people tend to ignore that when you send your bugs to CERT or MS, it's
likely the Russian organized crime is also reading it.
And, as pointed out:...
FW: Black Hat Abu Dhabi CFP - November 10 - 11 2010
The Dark Tangent (Jul 15)
Call for Papers - Black Hat Abu Dhabi 2010
Hey DD readers, I wanted to drop you the heads up.
WHERE and WHEN:
Launched under the Patronage of His Highness Sheikh Mohammed bin Zayed Al
Nahyan, Black Hat Abu Dhabi will take place on 8th to 11th November 2010 at
Emirates Palace. Black Hat has partnered with the UAE Telecoms Regulatory
Authority to hold a three track, two day Briefings in Abu Dhabi, the Middle
East's first edition of the Las...
Pwnie Awards 2010
Alexander Sotirov (Jul 14)
The Pwnie Awards ceremony will return for the fourth consecutive year to the
BlackHat USA conference in Las Vegas. The award ceremony will take place
during the BlackHat reception on Thr, July 29, 2010.
The Pwnie Awards is an annual awards ceremony celebrating the achievements and
failures of security researchers and the wider security community in the past
year. We're currently accepting nominations in nine award categories:
* Best...
AI is a good problem to have.
dave (Jul 14)
Lcamtuf says
(http://lcamtuf.blogspot.com/2010/06/intrusion-detection-doing-it-wrong.html):
"""
The key to surviving a compromise may lie in the capability to detect a successful
attack very early on. The attackers you should be fearing the most are just humans,
and have to learn about the intricacies of your networks, and the value of every
asset, as they go. These precious hours may give you the opportunity to recover -
right...
"Finding 0days"
dave (Jul 12)
In just a few days Immunity has a training called "Finding 0days" here in Miami
July 19-22, 2010: Finding 0Days
Duration: 4 days
Cost: $4000 per person
contact: Admin () immunityinc com
The only thing I don't like about the class is the title, really, in the sense that
there is no one way to find 0days. Also, unlike many basic-level classes, Finding
0days tends to shift a bit depending on who the instructor is. Which generally brings...
Re: Solutions
Andre Gironda (Jul 07)
Rich,
I think you may have interpreted Dave's email incorrectly. What did
Dave describe? Let's take a look:
Dave says that WAFs and IDSs have at least one major problem that
PREVENTS them from working / being useful.
Dave also says that secure static code analyzers also have at least
one major problem that prevents going into the useful category. I am
going to have to agree with Dave on some of these brilliant points.
Dave says that...
 PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.
Re: Facebook account harvesting
Matthew Manor (Jul 29)
The google cache of the Ron's blog post is working. Or you can grab it
here:
http://thepiratebay.org/torrent/5722635
and congrats on the BBC interview
-Matt Manor
Re: Locking down Ports and DHCP
Butturini, Russell (Jul 29)
Or if you're poor and can't afford a management suite, you can display the ARP table on the switch to figure out what's
plugged in where, or if they're "nice" switches, they have a sticky learning capability that will lock whatever is on
the port at the time in and not let other mac addresses connected.
-----Original Message-----
From: pauldotcom-bounces () mail pauldotcom com [mailto:pauldotcom-bounces () mail pauldotcom com] On...
Re: Locking down Ports and DHCP
Tyler Robinson (Jul 29)
Thank you everyone for the advice this is very helpful but now looks like I
have a lot of work to do, has anyone seen if this kind of precaution is
required in any of the audit alphebet (pci,Hippa, etc) We have a state audit
coming in Aug but I did not see anything on it for preventative just logging
for after the fact.
Thanks again everyone,
TR
Re: Facebook account harvesting
xgermx (Jul 29)
Congrats on the TechCrunch and Gawker posts.
Re: Facebook account harvesting
Nicolas Villatte (Jul 29)
Hi everyone,
I had some time today to fetch the torrent from a torrent
enabled-machine but the link to the blog entry is down, could anyone provide
the torrent link?
Thank you,
Nicolas.
Re: Locking down Ports and DHCP
Josh Olson (Jul 29)
Depending on the switches, you could lock ports to mac addresses. A
management suite such as pinnacle would likely ease the
implementation.
http://www.pinnsoft.com/
Re: Locking down Ports and DHCP
Bugbear (Jul 29)
First and foremost get your company policies and procedures in place
if you have not yet. Also, you will need "buy in" from the support
staff because their helpdesk calls are going to increase.
With that said, I would look at 802.1x
Assuming you are a Windows shop and your switches support it (most
modern switches do), take a look. I have leveraged it somewhat
successfully. I personally do not do any NAP/NAC (remediation), I just
very...
Re: Locking down Ports and DHCP
Craig Freyman (Jul 29)
Cisco's NAC solution would also help. NAC works by setting up policies for
network traffic and client access to the network. You can get fancy and even
include things like checking if the PC has updated AV defs/Windows updates
etc. If they're not updated do (something).... If they're updated, then
allow them to authenticate via AD or some other way and let them on to the
network.
Re: Locking down Ports and DHCP (Tyler Robinson)
Cody Dumont (Jul 29)
TR,
If you are running Cisco as the switching platform, I have a configuration builder on my blog http://www.melcara.com.
The posting is called "Secure Switch Config 0.01". The config builder show how to enable Dynamic ARP Inspection (DAI),
DHCP Snooping and Port Security. The config builder also shows how to harden then control plane of the switch. If you
don't have Cisco switches, the concepts shown should also be somewhat...
Anyone looking at a service like Loggly
Thomas Fischer (Jul 29)
In a recent discussion, I was introduced to a new service that is starting
up for cloud-based log management. Service is here: http://www.loggly.com/
anyone looking at something like this?
The obvious thought that came to my mind initially was the risks of
publishing sensitive info and un-sanitized data to the web!
Thoughts?
Re: Locking down Ports and DHCP
Denis Hancock (Jul 29)
Have you considered NAP ?
http://technet.microsoft.com/en-us/library/cc774814%28WS.10%29.aspx
On Thu, Jul 29, 2010 at 7:36 AM, Tyler Robinson <pcimpressions () gmail com>wrote:
Locking down Ports and DHCP
Tyler Robinson (Jul 28)
I am coming into an environment of over 1000 clients everything is setup
DHCP except printers and servers I am trying to work towards a much more
secure network but am at a loss of how to start locking down switches and
DHCP I want to make sure no one is plugging in unauthorized devices or rogue
devices for that matter so just wondering how everyone else is securing
there networks as always pauldotcom listeners are the best and all help is...
Re: Facebook account harvesting
Larry Pesce (Jul 27)
Ron, awesome work. I got my copy via torrent, and now I'm seeding at
about 700K/sec@ O_o
I can't wait for folks to start digging into this dataset (myself
included) to see what we can come up with.
- L
Re: Windows Twitter clients
Dan McGinn-Combs (Jul 27)
You're not very demanding! You can use Blu. It has that option. In fact it's the default.you can find a ton of
Windows clients listed with reviews and ratings on http://oneforty.com.
Dan
Re: Windows Twitter clients
genesiswave (Jul 27)
Seesmic Desktop using Adobe Air - I have 2 acconts that automatically login and my shared account that regularly
changes its password so I leave it for manual entry
Sent via BlackBerry from T-Mobile
-----Original Message-----
From: "Jody & Jennifer McCluggage" <j2mccluggage () adelphia net>
Sender: pauldotcom-bounces () mail pauldotcom com
Date: Mon, 26 Jul 2010 18:53:33
To: 'PaulDotCom Security Weekly Mailing...
 Honeypots — Discussions about tracking attackers by setting up decoy honeypots or entire honeynet networks.
[HITB-Announce] HITB Magazine Issue 003 + HITBSecConf2010 - Amsterdam
Hafez Kamal (Jul 04)
Our first ever HITBSecConf in Europe is over! A big big thank you to all
our sponsors, speakers, crew, volunteers and of course attendees who
made it over to join us!!!
We're already planning for 2011 and the tentative timing for the HITB
Europe is mid May (stay tuned to our @hitbsecconf twitter stream for all
conference updates).
All conference materials from the event can be downloaded from...
CFP: Deadline Extended: SLAML'10
Mohror, Kathryn (Jun 16)
Workshop on Managing Systems via Log Analysis and Machine
Learning Techniques (SLAML '10)
=============================================
October 2-3, 2010
Vancouver, BC, Canada
(at OSDI)
http://www.usenix.org/events/slaml10/cfp/
=============================================
********...
[HITB-Announce] HITBSecConf2010 - Malaysia Call for Papers
Hafez Kamal (May 19)
The Call for Papers for HITB Security Conference 2010 Malaysia is now open!
Talks that are more technical or that discuss new and never before seen
attack methods are of more interest than a subject that has been covered
several times before. Submissions are due no later than 9th August 2010.
HITB CFP: http://cfp.hackinthebox.org/
===
Date: October 11th - 14th 2010
Venue: Crowne Plaza Mutiara Kuala Lumpur
Keynote 1: Chris Wysopal...
RE: info reg Zeus bot detection and analysis
Younger Tyler (May 19)
Any tips on how to selectively get infected with Zeus?
You can find the latest Zeus variants here http://www.malwaredomainlist.com/mdl.php
Tyler
-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Michele Zoerb
Sent: Wednesday, May 19, 2010 11:39 AM
To: Mayank.2.Bhatnagar; honeypot honeypot
Subject: RE: info reg Zeus bot detection and analysis
Interesting thoughts as I am just...
RE: info reg Zeus bot detection and analysis
Gary Derania (May 19)
------Original Message------
From: "Michele Zoerb" <mzoerb () the41 com>
To: "Mayank.2.Bhatnagar" <MBhatnagar () ipolicynetworks com>"honeypot honeypot" <honeypots () securityfocus com>
Sent: Wed 2010-05-19 08:48
Subject: RE: info reg Zeus bot detection and analysis
Interesting thoughts as I am just starting the same type of project. I want to get infected by Zeus and perform some
analysis. I...
RE: info reg Zeus bot detection and analysis
Michele Zoerb (May 19)
Interesting thoughts as I am just starting the same type of project. I want to get infected by Zeus and perform some
analysis. I have a closed environment, but didn't think that detecting a virtual environment would be an issue for the
bot. I will put my VMconverter onto a separate machine and clone from there.
Any tips on how to selectively get infected with Zeus?
Thanks,
Chele
-----Original Message-----
From: listbounce () securityfocus...
info reg Zeus bot detection and analysis
Mayank.2.Bhatnagar (May 19)
Hi everyone,
We are able to collect several samples of Zeus bot and there are many variants of the same.
However when we try to analyse it in our sandbox and closed environment, we are not able to get any activity.
There are several reports available, which are for same md5sum sample but still after much of analysis and triggering
attempts, either the malicious sample dosnt trigger or if it does, it doesn't show any network activity.
What...
[HITB-Announce] HITB eZine Issue 002 out now!
Hafez Kamal (Apr 23)
The second quarterly HITB eZine (issue 002) has been released! Grab your
copies from here:
https://www.hackinthebox.org/modules.php?op=modload&name=News&file=article&sid=35995
===
3 months ago, our newly 'reborn' ezine was a completely new experience
to our small team and we didn't expect it to have a lot of followers
considering its absence for many years. But to our surprise, we received
over 20K downloads just weeks after its...
[HITB-Announce] FINAL CALL - CFP for HITBSecConf2010 Amsterdam
Hafez Kamal (Apr 08)
This is the FINAL CALL to submit your talk / presentation proposals for
the inaugural HITB Security Conference in Europe! Submissions are due
by 19TH APRIL 2010.
HITBSecConf2010 - Amsterdam takes place at the Grand Krasnapolsky from
the 29th of June till the 2nd of July (Tuesday - Friday) with keynote
speakers Anton Chuvakin and Mark Curphey in our _first ever_ QUAD TRACK
conference.
To submit your presentation proposals and for further details...
Call For Papers - hack.lu 2010 - 27-29 October - Luxembourg
Alexandre Dulaunoy (Apr 04)
Call for Papers Hack.lu 2010
The purpose of the hack.lu convention is to give an open and free
playground where people can discuss the implication of new
technologies in society. hack.lu is a balanced mix convention where
technical and non-technical people can meet each others and share
freely all kind of information. The convention will be held in the
Grand-Duchy of Luxembourg in October 2010 (27-29.10.2010). The...
 Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.
Microsoft Security Bulletin Minor Revision
Microsoft (Jul 21)
********************************************************************
Title: Microsoft Security Bulletin Minor Revision
Issued: July 21, 2010
********************************************************************
Summary
=======
The following bulletin has undergone a minor revision increment.
* MS09-014 - Critical
Bulletin Information:
=====================
* MS09-014 - Critical
-...
Microsoft Security Advisory Notification
Microsoft (Jul 20)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: July 20, 2010
********************************************************************
Security Advisory Updated Today
==============================================
* Microsoft Security Advisory (2286198)
- Title: Vulnerability in Windows Shell Could Allow
Remote Code Execution
-...
Microsoft Security Advisory Notification
Microsoft (Jul 19)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: July 19, 2010
********************************************************************
Security Advisory Updated Today
==============================================
* Microsoft Security Advisory (2286198)
- Title: Vulnerability in Windows Shell Could Allow
Remote Code Execution
-...
Microsoft Security Advisory Notification
Microsoft (Jul 16)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: July 16, 2010
********************************************************************
Security Advisory Released Today
==============================================
* Microsoft Security Advisory (2286198)
- Title: Vulnerability in Windows Shell Could Allow
Remote Code Execution
-...
Microsoft Security Bulletin Minor Revisions
Microsoft (Jul 14)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: July 14, 2010
********************************************************************
Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.
* MS10-045 - Important
* MS10-044 - Critical
* MS10-043 - Critical
Bulletin Information:...
Microsoft Security Bulletin Minor Revisions
Microsoft (Jul 13)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: July 13, 2010
********************************************************************
Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.
* MS10-041 - Important
* MS10-021 - Important
Bulletin Information:
=====================
*...
Microsoft Security Bulletin Re-Release
Microsoft (Jul 13)
********************************************************************
Title: Microsoft Security Bulletin Re-Release
Issued: July 13, 2010
********************************************************************
Summary
=======
The following bulletin has undergone a major revision increment.
Please see the appropriate bulletin for more details.
* MS10-024 - Important
Bulletin Information:
=====================
* MS10-024 - Important
-...
Microsoft Security Bulletin Summary for July 2010
Microsoft (Jul 13)
********************************************************************
Microsoft Security Bulletin Summary for July 2010
Issued: July 13, 2010
********************************************************************
This bulletin summary lists security bulletins released for
July 2010.
The full version of the Microsoft Security Bulletin Summary for
July 2010 can be found at
http://www.microsoft.com/technet/security/bulletin/ms10-jul.mspx.
With the...
Microsoft Security Bulletin Summary for June 2010
Microsoft (Jun 08)
********************************************************************
Microsoft Security Bulletin Summary for June 2010
Issued: June 8, 2010
********************************************************************
This bulletin summary lists security bulletins released for
June 2010.
The full version of the Microsoft Security Bulletin Summary for
June 2010 can be found at
http://www.microsoft.com/technet/security/bulletin/ms10-jun.mspx.
With the...
Microsoft Security Bulletim Summary for May 2010
Microsoft (May 11)
********************************************************************
Microsoft Security Bulletin Summary for May 2010
Issued: May 11, 2010
********************************************************************
This bulletin summary lists security bulletins released for
May 2010.
The full version of the Microsoft Security Bulletin Summary for
May 2010 can be found at
http://www.microsoft.com/technet/security/bulletin/ms10-may.mspx.
With the...
Microsoft Security Bulletin Major Revision MS10-016
Microsoft (May 03)
********************************************************************
Title: Microsoft Security Bulletin Major Revision
Issued: May 3, 2010
********************************************************************
Summary
=======
The following bulletin has undergone a major revision increment.
* MS10-016 - Important
Bulletin Information:
=====================
* MS10-016 - Important
-...
Microsoft Security Bulletin Re-Release
Microsoft (Apr 27)
********************************************************************
Title: Microsoft Security Bulletin Re-Release
Issued: April 27, 2010
********************************************************************
Summary
=======
The following bulletin has undergone a major revision increment:
* MS10-025 - Critical
Bulletin Information:
=====================
* MS10-025 - Critical
-...
Microsoft Security Bulletin Major Revision
Microsoft (Apr 21)
********************************************************************
Title: Microsoft Security Bulletin Major Revision
Issued: April 21, 2010
********************************************************************
Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.
* MS10-025 - Critical
Bulletin Information:
=====================
* MS10-025 - Critical
-...
Microsoft Security Bulletin Summary for April 2010
Microsoft (Apr 13)
********************************************************************
Microsoft Security Bulletin Summary for April 2010
Issued: April 13, 2010
********************************************************************
This bulletin summary lists security bulletins released for
April 2010.
The full version of the Microsoft Security Bulletin Summary for
April 2010 can be found at
http://www.microsoft.com/technet/security/bulletin/ms10-apr.mspx.
With...
 Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community
Hackers study vulnerabilities as ATMs spit cash
Juha-Matti Laurio (Jul 29)
http://ca.reuters.com/article/technologyNews/idCATRE66S02Y20100729
"A security expert showed off techniques for breaking into ATMs, causing machines to spit out cash to a cheering crowd
at an annual gathering of hackers.
"I hope to change the way people look at devices that from the outside are seemingly impenetrable," Barnaby Jack,
director of research at security consulting firm IOActive Labs,
told a standing-room-only crowd...
An Ising Model Approach to Malware Epidemiology
silky (Jul 29)
Thought funsec may be interested in this ...
http://arxiv.org/abs/1007.4938 - An Ising Model Approach to Malware Epidemiology
Abstract: We introduce an Ising approach to study the spread of
malware. The Ising spins up and down are used to represent two
states--online and offline--of the nodes in the network. Malware is
allowed to propagate amongst online nodes and the rate of propagation
was found to increase with data traffic. For a more...
Re: Linnea, 1 year, triggered a bomb alert in New Jersey
chaim . rieger (Jul 28)
I'll verify that both of ours have wreaked untold havoc on the bank
accounts. My wallet cowers in fear.
_______
Am about to join you there. My wallet started puckering last week when I found out.
Sent via BlackBerry from T-Mobile
Re: Linnea, 1 year, triggered a bomb alert in New Jersey
Dave Paris (Jul 28)
I'll verify that both of ours have wreaked untold havoc on the bank
accounts. My wallet cowers in fear.
Re: Linnea, 1 year, triggered a bomb alert in New Jersey
Rich Kulawiec (Jul 28)
Well, and just to prove it, here's a timely picture of a mutant squirrel,
ridden by Chewbacca, and fighting the Nazis:
http://www.boingboing.net/2010/07/28/chewbacca-fights-naz.html
---Rsk
Re: Linnea, 1 year, triggered a bomb alert in New Jersey
Martin Tomasek (Jul 28)
chaim.rieger () gmail com napsal(a):
I think that all puppies are terrorists. Remember, when Iran discovered
spy squirrels trained by CIA? Well, since squirrels are already on CIA
side, they had to choose puppies. When the puppies come of age, they
will be able to carry WMDs into the middle of every city. We should be
afraid, very afraid..
Re: Linnea, 1 year, triggered a bomb alert in New Jersey
Valdis . Kletnieks (Jul 28)
On Wed, 28 Jul 2010 19:47:10 -0000, chaim.rieger () gmail com said:
Babies are unable to form an intent, so the "intent to cause terror"
requirement isn't there. Now your average 5 year old on the other hand...
Re: Linnea, 1 year, triggered a bomb alert in New Jersey
chaim . rieger (Jul 28)
I personally think that all babies are terrorists.
Sent via BlackBerry from T-Mobile
Re: Linnea, 1 year, triggered a bomb alert in New Jersey
Robert Portvliet (Jul 28)
OMG, it's starting already!
http://www.nydailynews.com/news/politics/2010/06/27/2010-06-27_texas_rep_louie_gohmert_warns_of_terrorist_baby_plot.html
Linnea, 1 year, triggered a bomb alert in New Jersey
Juha-Matti Laurio (Jul 28)
Translated with Google Translate:
"The family was heading to Boston in early July and had just stopped over at Newark Airport.
When little Linnea went through security showed up "Explosive!" With intense red letters on the monitor.
Then chaos erupted.
When airport staff reviewed Linnea shoes they found a small piece of explosive material.
- The FBI, the bomb team and the New York police came toward us, "says her mother,...
Probably more fun if you *don't* have to travel for work ...
Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 27)
Vancouver entrepreneurs have designs to make luggage stand out on airport
carousels. The stickers make it appear that the suitcases have been ripped open to
expose either stacks of money, cocaine, an abducted flight attendant or a case full
of sex toys.
http://bit.ly/ao9ZuW+
http://www.cbc.ca/canada/british-columbia/story/2010/07/27/con-cheeky-
stickers.html
http://thecheeky.com/?p=22
====================== (quote inserted randomly by...
iPhone Jailbreaking
Jeffrey Walton (Jul 27)
"Apple Says iPhone Jailbreaking is Illegal":
http://www.eff.org/deeplinks/2009/02/apple-says-jailbreaking-illegal
"Jailbreaking iPhone apps is now legal":
http://money.cnn.com/2010/07/26/technology/iphone_jailbreaking/index.htm
Re: Differing takes on privacy
Dave Paris (Jul 26)
Interesting to see that UAE is backed by facts & evidence and the US
position has almost universally failed. (w/r/t this type of security,
not as a uniformly broad brush of course)
Re: 'World's No. 1 hacker' tome rocks security world
Lee Heath (Jul 26)
Good details of sources.
http://www.thebaskins.com/main/index.php?option=com_content&view=article&id=52
Differing takes on privacy
Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 26)
UAE says privacy is a security risk.
http://www.bbc.co.uk/news/technology-10761210
US says openness is a security risk.
http://www.bbc.co.uk/news/world-us-canada-10758578
====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
It is impossible for a man to begin to learn what he thinks he
knows. -...
 CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.
Current Activity - Apple Releases Safari 5.0.1 and Safari 4.1.1
Current Activity (Jul 28)
US-CERT Current Activity
Apple Releases Safari 5.0.1 and Safari 4.1.1
Original release date: July 28, 2010 at 1:35 pm
Last revised: July 28, 2010 at 1:35 pm
Apple has released Safari 5.0.1 and Safari 4.1.1 for Windows and Mac
OS X to address multiple vulnerabilities in Safari and WebKit. These
vulnerabilities may allow an attacker to execute arbitrary code, cause
a denial-of-service condition, or obtain sensitive information.
US-CERT...
Cyber Security Tip ST05-012 -- Supplementing Passwords
US-CERT Security Tips (Jul 28)
Cyber Security Tip ST05-012
Supplementing Passwords
Passwords are a common form of protecting information, but passwords alone
may not provide adequate security. For the best protection, look for sites
that have additional ways to verify your identity.
Why aren't passwords sufficient?
Passwords are beneficial as a first layer of protection, but they are
susceptible to being...
Current Activity - Google Releases Chrome 5.0.375.125
Current Activity (Jul 27)
US-CERT Current Activity
Google Releases Chrome 5.0.375.125
Original release date: July 27, 2010 at 12:01 pm
Last revised: July 27, 2010 at 12:01 pm
Google has released Chrome 5.0.375.125 for Linux, Mac, and Windows to
address multiple vulnerabilities. These vulnerabilities may allow an
attacker to execute arbitrary code or obtain sensitive information.
US-CERT encourages users and administrators to review the Google
Chrome Releases blog...
Current Activity - Firefox Releases Firefox 3.6.8
Current Activity (Jul 26)
US-CERT Current Activity
Firefox Releases Firefox 3.6.8
Original release date: July 26, 2010 at 8:40 am
Last revised: July 26, 2010 at 8:40 am
The Mozilla Foundation has released Firefox 3.6.8 to address a
critical vulnerability. This vulnerability may allow an attacker to
execute arbitrary code.
US-CERT encourages users and administrators to review the Mozilla
Foundation security advisory MFSA 2010-48 and update to Firefox 3.6.8
to help...
Current Activity - Cisco Releases Security Advisory for CDS Internet Streamer
Current Activity (Jul 22)
US-CERT Current Activity
Cisco Releases Security Advisory for CDS Internet Streamer
Original release date: July 22, 2010 at 8:30 am
Last revised: July 22, 2010 at 8:30 am
Cisco has released a security advisory to address a vulnerability in
the Cisco Internet Streamer application that is part of the Cisco
Content Delivery System. Exploitation of this vulnerability may allow
a remote, unauthenticated attacker to obtain sensitive information,...
Current Activity - Microsoft Windows .LNK Vulnerability
Current Activity (Jul 21)
US-CERT Current Activity
Microsoft Windows .LNK Vulnerability
Original release date: July 16, 2010 at 10:08 am
Last revised: July 21, 2010 at 8:49 am
US-CERT is aware of a vulnerability affecting Microsoft Windows. This
vulnerability is due to the failure of Microsoft Windows to properly
obtain icons for .LNK files. Microsoft uses .LNK files, commonly
referred to as "shortcuts," as references to files or applications.
By convincing...
Current Activity - Mozilla Releases Firefox 3.6.7
Current Activity (Jul 21)
US-CERT Current Activity
Mozilla Releases Firefox 3.6.7
Original release date: July 21, 2010 at 8:44 am
Last revised: July 21, 2010 at 8:44 am
The Mozilla Foundation has released Firefox 3.6.7 and Firefox 3.5.11
to address multiple vulnerabilities. These vulnerabilities may allow
an attacker to execute arbitrary code, obtain sensitive information,
bypass security restrictions, or conduct cross-site scripting attacks.
Some of these...
Current Activity - Apple Releases iTunes 9.2.1
Current Activity (Jul 20)
US-CERT Current Activity
Apple Releases iTunes 9.2.1
Original release date: July 20, 2010 at 7:54 am
Last revised: July 20, 2010 at 7:54 am
Apple has released iTunes 9.2.1 to address a vulnerability. This
vulnerability is due to improper handling of itpc URLs. itpc is the
protocol used by Apple iTunes for handling podcasts. By convincing a
user to access a specially crafted itpc URL, an attacker may be able
to execute arbitrary code or cause a...
Current Activity - Microsoft Windows LNK Vulnerability
Current Activity (Jul 19)
US-CERT Current Activity
Microsoft Windows LNK Vulnerability
Original release date: July 16, 2010 at 10:08 am
Last revised: July 19, 2010 at 9:02 am
US-CERT is aware of a vulnerability affecting Microsoft Windows. This
vulnerability is due to the failure of Microsoft Windows to properly
obtain icons for LNK files. Microsoft uses LNK files, commonly
referred to as "shortcuts," as references to files or applications.
By convincing a...
Current Activity - Microsoft Windows LNK Vulnerability
Current Activity (Jul 16)
US-CERT Current Activity
Microsoft Windows LNK Vulnerability
Original release date: July 16, 2010 at 10:08 am
Last revised: July 16, 2010 at 10:08 am
US-CERT is aware of a vulnerability affecting Microsoft Windows. This
vulnerability is due to improper handling of LNK files. Microsoft uses
LNK files, commonly referred to as "shortcuts" as references to files
or applications. By convincing a user to display a specially-crafted
LNK...
Cyber Security Tip ST05-011 -- Effectively Erasing Files
US-CERT Security Tips (Jul 14)
Cyber Security Tip ST05-011
Effectively Erasing Files
Before selling or discarding an old computer, or throwing away a disk
or CD, you naturally make sure that you've copied all of the files you
need. You've probably also attempted to delete your personal files so
that other people aren't able to access them. However, unless you have
taken the proper steps to make sure the hard drive,...
TA10-194B -- Oracle Updates for Multiple Vulnerabilities
US-CERT Technical Alerts (Jul 13)
National Cyber Alert System
Technical Cyber Security Alert TA10-194B
Oracle Updates for Multiple Vulnerabilities
Original release date: July 13, 2010
Last revised: --
Source: US-CERT
Systems Affected
* Oracle Database 11g Release 2, version 11.2.0.1
* Oracle Database 11g Release 1, version 11.1.0.7
* Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4
* Oracle Database...
TA10-194A -- Microsoft Updates for Multiple Vulnerabilities
US-CERT Technical Alerts (Jul 13)
National Cyber Alert System
Technical Cyber Security Alert TA10-194A
Microsoft Updates for Multiple Vulnerabilities
Original release date: July 13, 2010
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Windows
* Microsoft Office
Overview
Microsoft has released updates to address vulnerabilities in
Microsoft Windows and Microsoft Office.
I. Description
The...
Current Activity - Oracle Releases Critical Patch Update for July 2010
Current Activity (Jul 13)
US-CERT Current Activity
Oracle Releases Critical Patch Update for July 2010
Original release date: July 13, 2010 at 4:03 pm
Last revised: July 13, 2010 at 4:03 pm
Oracle has released its Critical Patch Update for July 2010 to address
59 vulnerabilities across multiple products. This update contains the
following security fixes:
* 6 for Oracle Database Server
* 2 for TimesTen In-Memory Database
* 5 for Oracle Secure Backup
* 7 for...
Current Activity - Microsoft Releases July Security Bulletin
Current Activity (Jul 13)
US-CERT Current Activity
Microsoft Releases July Security Bulletin
Original release date: July 13, 2010 at 1:25 pm
Last revised: July 13, 2010 at 1:25 pm
Microsoft has released updates to address vulnerabilities in Microsoft
Windows and Office as part of the Microsoft Security Bulletin Summary
for July 2010. These vulnerabilities may allow an attacker to execute
arbitrary code.
US-CERT encourages users and administrators to review the...
 Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community
Re: CVE request: zabbix
Josh Bressers (Jul 29)
Please use CVE-2010-2790.
Thanks.
Re: CVE request: mediawiki
Josh Bressers (Jul 29)
----- "Raphael Geissert" <geissert () debian org> wrote:
I spy three flaws:
A data leakage vulnerability was discovered, affecting MediaWiki 1.8
and later. Public caching headers were incorrectly set on API
responses containing private data. By means of a CSRF-style attack,
this can lead to the disclosure of various types of private data
stored on a wiki. All users are advised to upgrade. Full details can...
Re: CVE Request: Piwik < 0.6.4 Arbitrary file inclusion
Josh Bressers (Jul 29)
Please use CVE-2010-2786
Thanks.
Re: CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter
Josh Bressers (Jul 29)
Please use CVE-2010-2785
Thanks.
CVE request: zabbix
Raphael Geissert (Jul 28)
Hi,
A XSS vulnerability was discovered in the Zabbix PHP frontend.
References:
https://support.zabbix.com/browse/ZBX-2326
http://www.zabbix.com/forum/showthread.php?p=68770
Could a CVE id be assigned?
Regards,
CVE request: mediawiki
Raphael Geissert (Jul 28)
Hi,
A data leakage and a XSS vulnerabilities were discovered in mediawiki.
References:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-
July/000092.html
https://bugzilla.wikimedia.org/show_bug.cgi?id=24565
Could CVE ids be assigned?
Thanks,
CVE Request: Piwik < 0.6.4 Arbitrary file inclusion
Anthon Pang (Jul 28)
An arbitrary file inclusion vulnerability is fixed by the latest Piwik
0.6.4 release. The advisory is (or will be) published here:
http://piwik.org/blog/2010/07/piwik-0-6-4-security-advisory/
Description:
Piwik versions 0.6 through 0.6.3 are vulnerable to arbitrary, remote
file inclusion using a directory traversal pattern in a crafted
request for a data renderer.
This vulnerability is rated critical, and Piwik users are strongly
encouraged...
CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter
Jan Lieskovsky (Jul 28)
Hi Steve,
user with nickname 'unic0rn' reported:
[1] https://svn.kvirc.de/kvirc/ticket/858
a deficiency in the way KVIrc IRC client extracted the "next" CTCP parameter from message
pointer. A remote, authenticated attacker, valid KVIrc user, could send a specially-crafted
DCC Client-To-Client Protocol (CTCP) message, like:
/ctcp nickname DCC GET\rQUIT\r
/ctcp nickname DCC GET\rPRIVMSG\40#channel\40:epic\40fail\r
which could...
Re: CVE-2008-id Request -- ssmtp -- standardise() -- Buffer overflow
Josh Bressers (Jul 26)
Hi Steve,
I'm going to leave this one for you, I have no 2008 IDs.
Thanks.
Re: CVE request: GnuPG 2
Josh Bressers (Jul 26)
----- "Florian Weimer" <fw () deneb enyo de> wrote:
Please use CVE-2010-2547.
Thanks.
Re: mikmod incomplete fix for CVE-2009-3995
Josh Bressers (Jul 26)
----- "Tomas Hoger" <thoger () redhat com> wrote:
Please use CVE-2010-2546.
Thanks.
Re: Cacti XSS fixes in 0.8.7g
Josh Bressers (Jul 26)
Sorry for the delay. IDs inline.
----- "Tomas Hoger" <thoger () redhat com> wrote:
Use CVE-2010-2543
Use CVE-2010-2544
Use CVE-2010-2545
Thanks.
CVE-2008-id Request -- ssmtp -- standardise() -- Buffer overflow
Jan Lieskovsky (Jul 26)
Hi Steve, vendors,
Brendan Boerner reported:
[1] https://bugs.launchpad.net/ubuntu/+source/ssmtp/+bug/282424
a deficiency in the way ssmtp removed trailing '\n' sequence
by processing lines beginning with a leading dot. A local user,
could send a specially-crafted e-mail message via ssmtp send-only
sendmail emulator, leading to ssmtp executable denial of service (exit with:
ssmtp: standardise() -- Buffer overflow). Different vulnerability...
CVE request: GnuPG 2
Florian Weimer (Jul 23)
GnuPG 2.0 before version 2.0.17 reuses a freed pointer when verifying
a signature or importing a certificate with many Subject Alternate
Names, possibly allowing context-dependent attacks to execute
arbitrary code.
<http://lists.gnupg.org/pipermail/gnupg-announce/2010q3/000302.html>
CVE assignment notification -- CVE-2010-2474 -- JBossESB
Marc Schoenefeld (Jul 23)
Hello Steve,
JBossESB: privilege escalation in cross-domain contexts
The security context from an authentication request should check the
domain and invalidate the information if the service is secured with a
different security domain.
At present the execution of a service with a different domain could
result in the pipeline being executed differing credentials, one set
from the first domain if the request is still valid, a second set
from the...
 Secure Coding — The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.
Static code review for iPhone developers?
Kenneth Van Wyk (Jul 29)
Greetings SC-L folks. Hey, I have a quick question I'd like to submit to this group.
Anyone know of any static code analysis tools that can scan an iPhone app package? Something that integrates with the
Xcode SDK and can at the very least scan through all of the Objective C in the src tree is what I'm looking for. Any
SCA product vendors currently doing this? Please contact me on or off list.
Cheers,
Ken
-----
Kenneth R. van Wyk
KRvW...
Job Posting: Software Security Assurance Program at Oracle
Rajiv Sharma (Jul 27)
Apologies for any inconvenience due to the job posting to [SC-L] subscribers. I checked with Ken and he was ok with it.
There are couple of job openings in the Security Program Management group which is part of Oracle Global Product
Security team, and oversees the product security assurance program. That is, we establish standards, tools, processes,
APIs, etc. for avoiding security vulnerabilities in Oracle products. There are also several...
Python Security
Craig Younkins (Jul 26)
Hello fellow secure coders! My name is Craig Younkins. I'm an intern at
OWASP, the Open Web Application Security Project, and this summer I'm
focusing on web security in Python. I'm helping Python developers make
more secure web applications.
I'd like to invite you to a new community - http://www.pythonsecurity.org/ -
which is now the central hub for security in Python. We're writing articles
on security topics and how they pertain to Python,...
Job Posting: Software Assurance at MITRE
Steven M. Christey (Jul 22)
Apologies ahead of time to SC-L subscribers who do not want to see job
postings; Ken said it was OK.
MITRE, a "Fortune 100 Best Company To Work For" corporation, is seeking a
Software Systems Engineer to provide expertise in the area of software
security. The ideal candidate would have broad, deep knowledge of the
types of vulnerabilities that occur throughout the SDLC; their associated
mitigations; techniques for...
Silver Bullet 52: Paul Kocher
Gary McGraw (Jul 21)
hi sc-l,
Paul Kocher has been a good friend for over a decade. Paul worked closely with me in the mid-90s "smart card wars"
when we did lots of work for Visa International and Mastercard. Paul invented DPA back then while we were busy hacking
Java-based cards with malicious applets at Cigital.
Silver Bullet 52 is a conversation with Paul. What makes Paul particularly interesting is his blend of entrepreneurial
business savvy and...
Secure Development Related PhD Work
Brad Andrews (Jul 19)
I am considering many things for my own future at this point in time and one possibility is to return and earn the PhD
I interrupted many years ago. If anyone knows a professor working in the area of secure development, including
training developers on the topic (my M.S. was in C.S. from Illinois and focused on CBT-related themes), please let me
know.
I am open to many options now and would also consider employment work in that area if...
Cyber Security at the White House
Gary McGraw (Jul 16)
hi sc-l,
I was honored to be among the invited guests at the White House cyber security meeting on Wednesday. When President
Obama walked into the room (unannounced and not really expected), it was very exciting!
I wrote up my impression of the meeting and progress in US cyber security for my informIT column this month:
Obama Highlights Cyber Security Progress
http://www.informit.com/articles/article.aspx?p=1617137
There are a couple of...
Brainstorm 2020: A Vision for Software Security
Stacy Simpson (Jul 08)
All,
I wanted to invite you to Brainstorm 2020: A Vision for Software Security at
Black Hat USA 2010. Hosted by SAFECode, the event will be a community
brainstorm designed to help us define a shared vision for software security
and identify new, forward-thinking ideas about how to make it happen.
SAFECode invites you to grab the mic and share your thoughts on two key
questions:
* What should our vision be for software security in 2020?...
Silver Bullet 51: Anup Ghosh
Gary McGraw (Jul 06)
hi sc-l,
On June 25th, we posted the 51st episode of Silver Bullet, featuring Dr. Anup Ghosh. Anup and I worked together for
several years when Anup ran Cigital Labs. After a long stint at DARPA, Anup is back in startup mode with his new
company invincea (invisible virtualized browser wrapping). Have a listen to episode 51:
http://www.cigital.com/silverbullet/show-051/
As always, your feedback and comments are welcome. Sorry for the...
recent technical reports from the CERT Secure Coding Initiative
Robert Seacord (Jun 26)
The Secure Coding Initiative at CERT has published several TRs recently. Sorry I've been slow in sending out updates
to the list.
Please let me know if you have any questions about any of these reports or are interested in collaborating with CERT to
advance these projects.
Thanks,
rCs
________________________________
Java Concurrency Guidelines
Fred Long, Dhruv Mohindra, Robert Seacord, & David Svoboda
CMU/SEI-2010-TR-015
An...
One day software security awareness training?
Jeremy Epstein (Jun 24)
All,
I'm looking for a one day software security awareness training class for a
client. Yes, I know one day isn't enough to teach what people need to know,
but I'll be lucky if I can get them to spend that long. (The initial
reaction to my recommendation was "no way".)
My goal is for them to learn basics like:
- How adversaries work
- Types of tools (static analysis, dynamic analysis, fuzzing)
- Architectural concerns (e.g., don't...
Re: More on Cyber War
Julie Ryan (Jun 23)
Ben,
You're right, and that's the whole point of the conference. You should consider coming next year. I think you'd be
particularly interested in the discussions on the Laws of Armed Conflict.
In the meantime, conference content is being discussed on linkedin, with a wonderful summary of the Legal and Policy
track presentations by Eneken Tikk, in the group Cyber Security Forum Initiative (Law and Policy Division).
Also, the conference...
Re: More on Cyber War
Rob Floodeen (Jun 23)
Haroon Meer,
Thanks for the slide show. I liked it. The concept of taking things
we all know and putting a few concrete examples on it is just great.
Specifically the ones you used. More so, I also liked the way you
presented the slide deck with written comments and documented the
presentation. (I'll be borrowing that)
So my question to the list, does anyone have something similar but
more specifically to secure coding? A recent...
Re: More on Cyber War
Benjamin Tomhave (Jun 23)
Howdy!
It's Gary's fault! (we can blame him since he's on vacation:)
An interesting presentation, consistent with others I've seen on the
topic. The problem around the "cyberwar" (or "cyber conflict") stuff is
definitional. We need to be extremely careful using the word "war" as it
tends to have very specific connotations. You also get into issues about
defining what is or isn't "critical infrastructure"...
Re: More on Cyber War
Haroon Meer (Jun 23)
Hi..
Would have considered it slightly off-list-topic, but the current
thread seems to allow it in :>
My slides from the 2010 Conference on Cyber Conflict are now online at
[http://blog.thinkst.com/2010/06/conference-on-cyber-conflict-slides.html]
Comments / Flames / Feedback is always welcome..
/mh
 Educause Security Discussion — Securing networks and computers in an academic environment.
Re: Stolen Laptops
Felecia Vlahos (Jul 29)
Another intangible return on investment is the benefit of catching the
crooks and lowering crime. We've had one Lojack recovery, and one
non-Lojack in the past 5 years. About 15 laptops reported stolen during
that time (for employees).
The non-Lojack just happened to be the more effective as it lead to the
arrest of a fencing operation. There were 7 laptops recovered as a result
of the arrest, but only 1 from SDSU. We learned that the...
Re: Stolen Laptops
Chris Green (Jul 29)
http://www.educause.edu/sites/default/files/library/presentations/SEC10/SESS11/SPC%2B2010%2Bdisk%2Bencryption%2B-%2Ball.pdf
slide 16 is what we did and now do. A big pain point was a lot of personally owned approved devices for work and
needing to support encryption on those.
There's nothing like bricking an associate dean's brand new "I want to watch movies on a plane and keep up with my UAB
work that may include sensitive email"...
Re: Stolen Laptops
Beechey, Jim (Jul 29)
We deploy encryption (PGP) on all faculty/staff desktops and laptops. Our theft ratio is about 50/50 between the two
for faculty/staff computers. We have a lot of open office designed spaces which makes physical security challenging.
One thing we do that has worked from a student perspective is to write alerts in our logging system for MAC addresses
of stolen machines. If the laptop associates with an access point or the student logs into...
Re: Identity Finder Console 4.5 Questions
Arnold, Brennon (Jul 29)
Thanks so much for the feedback, Patty... I upgraded to 4.5 yesterday, and the upgrade seemed to work great. I am
spending today checking out the client interaction, but I don't anticipate any problems based on what I'm hearing. - B
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Patria,
Patricia
Sent: Monday, July 26, 2010 3:52 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject:...
Re: Stolen Laptops
Russell Fulton (Jul 29)
we too have seen desktops go walkies :) A couple of years ago we had a spate of burglaries where the thieves hid in
buildings at lock up time then ramshacked offices and piled all the gear up at an external door which had road access.
They then presumably called their mates on the cell phone and when then when the van is backed up to the door light a
cigarette under the smoke alarm and hey pesto the fire alarms go off and the external doors...
Re: Stolen Laptops
Felecia Vlahos (Jul 28)
Another intangible return on investment is the benefit of catching the
crooks and lowering crime. We've had one Lojack recovery, and one
non-Lojack in the past 5 years. About 15 laptops reported stolen during
that time (for employees).
The non-Lojack just happened to be the more effective as it lead to the
arrest of a fencing operation. There were 7 laptops recovered as a result
of the arrest, but only 1 from SDSU. We learned that...
Re: Stolen Laptops
David Gillett (Jul 28)
My only experience has been on the other end. We were contacted by a
service and told that a stolen laptop covered by them had showed up in our
address space. The only information they would provide was a MAC address --
and couldn't or wouldn't tell us if it was for a wired or wireless
interface. If I recall correctly, the closest match we could find in a DHCP
server log wasn't exact and only very vaguely corresponded to the times they...
Re: Stolen Laptops
Maloney, Michael (Jul 28)
Pointsec for Windows XP, Bitlocker for Windows Vista/ 7 admin laptops.
********************************************
Mike Maloney
Sr. System Engineer
Middlesex County College
2600 Woodbridge Avenue
Edison, NJ 08818
Phone: 732-906-7754
Cell: 908-217-2086
Fax: 732-906-4266
Email: mmaloney () middlesexcc edu
********************************************
-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [...
Re: Stolen Laptops
Sherry Callahan (Jul 28)
We've been installing 3-year licenses of CompuTrace on all of our 4,000+
faculty\staff laptops as well as all of our student tablets since 2006.
We've averaged anywhere from 1 to 8 stolen devices per year (total of
26) and CompuTrace has recovered 35% of those for us. They've paid us
for non-recovery of another 42%. The max recovery is $1,000 or 90% of
the purchase price for new computers and that decreases with the age of
the device. One...
Re: Stolen Laptops
Joel Rosenblatt (Jul 28)
We have been deploying GuardianEdge to all machines (desktops and laptops) that access sensitive information ... around
here, we have seen desktops taking a
walk :-)
Joel
--On Wednesday, July 28, 2010 10:27 AM -0400 Ben Woelk <fbwis () RIT EDU> wrote:
Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033...
Re: Stolen Laptops
Ben Woelk (Jul 28)
We're requiring laptop encryption, primarily centrally-managed PointSec with some pockets using other products if
PointSec won't work/fit.
Ben Woelk '07
Policy and Awareness Analyst
Information Security Office
Rochester Institute of Technology
ROS 10-A204
151 Lomb Memorial Drive
Rochester, New York 14623
585.475.4122
585.475.7920 fax
ben.woelk () rit edu
http://security.rit.edu/dsd.html
Become a fan of RIT Information Security at...
Re: Stolen Laptops
Joel Rosenblatt (Jul 28)
This number will be affected by the area where your school is located .. here in NYC, the police have better things to
do than chase down lost laptops :-)
With that said, beside PCPhoneHome, we have a free registration service run by our Public Safety department - they
engrave the device with a serial number and
provide non removable stickers.
We do recover laptops from the local pawn shops .. the police will check there periodically and...
Re: Stolen Laptops
SCHALIP, MICHAEL (Jul 28)
Are your institutions "encouraging encryption" on laptops, or "requiring encryption" on laptops? We're moving to
Symantec Endpoint Encryption (it was GuardianEdge, but they got bought by Symantec - which is actually good for us,
since we use Symantec Altiris, SEP, etc.) and will be doing full disk encryption on any/all non-instructional (student
use) laptops.....
M
-----Original Message-----
From: The EDUCAUSE Security...
Re: Stolen Laptops
Ben Woelk (Jul 28)
The issue for us has been not so much preventing theft of laptops or recovering them when stolen. It is reducing the
occurrences of private information on those laptops or ensuring that they are encrypted. Replacement of the laptop
itself is fairly trivial compared to notifying X number of people that their private information was on the laptops.
We do promote awareness and physical security--locking doors, not leaving laptops unattended, use...
Re: Stolen Laptops
David Bowie (Jul 28)
My interest lies with how many computers were recovered after being
stolen AND having some sort of LoJack installed.
That percentage tells me a lot more about the efficacy of each system.
Anyone care to share that level of data?
From us - we had 25 computers stolen in 2009. None had LoJack or
anything installed. 3 were recovered. (Mostly through silly actions on
behalf of the thief - another discussion over beer perhaps.) That...
 NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.
Re: Addressing plan exercise for our IPv6 course
Jordi Palet Martínez (Jul 29)
The policies available in all the 5 RIR regions, allow you to request not
the "default" /32, but whatever is appropriate for the size of your network
even if you provide to your end-users /48.
Not an issue.
Regards,
Jordi
-----Original Message-----
From: Matthew Walster <matthew () walster org>
To: Owen DeLong <owen () delong com>
Cc: nanog () nanog org
Date: Thu, 29 Jul 2010 16:00:40 +0100
Subject: Re: Addressing...
Re: Addressing plan exercise for our IPv6 course
Matthew Walster (Jul 29)
There are 65,536 /48s in a /32. It's not about how available 2000::/3
is, it's hassle to keep requesting additional PA space. Some ISPs
literally have millions of customers.
All I'm saying is, why waste the space when they're only going to need
1 subnet? If they want more than one subnet, give them a /48,/56,/60
or whatever, as requested.
M
Re: Addressing plan exercise for our IPv6 course
Owen DeLong (Jul 29)
Why not just give them a /48 and not worry about who needs what?
Why add the cost and complexity of all these different sized assignments
based on requests and such?
If we give every household on the planet a /48 (approximately 3 billion
/48s), we consume less than 1/8192 of 2000::/3.
Even if it turns out this is a bad idea and we can't sustain this level of IP
consumption, we still have 7/8ths of the address space available to use
more...
Re: Addressing plan exercise for our IPv6 course
Owen DeLong (Jul 29)
Source address selection is one of the problems.
Distribution of source address selection policy is part of that problem.
Owen
Re: Addressing plan exercise for our IPv6 course
Matthew Walster (Jul 29)
Sorry for the week's delay - I meant delegating a /64 using DHCPv6 PD,
I had assumed the link net would be based on provider preference - /64
would obviously make the most sense for the vast majority of
scenarios.
In my experience, I would have though well over 99% of residential
users just require one subnet, if they require additional subnets
they'll ask for them, and if it's standardised, a /56 could easily be
quickly assigned and added to...
Re: Addressing plan exercise for our IPv6 course
Mark Smith (Jul 29)
If it is address selection policy distribution, then this Internet
Draft is aiming to solve that -
"Distributing Address Selection Policy using DHCPv6"
http://tools.ietf.org/html/draft-fujisaki-6man-addr-select-opt-00.html
Re: Addressing plan exercise for our IPv6 course
Tim Franklin (Jul 29)
So, the security model here is that arbitrary untrusted applications, running on an arbitrary untrusted OS, selected by
people who have no understanding of computer or network security are allowed to update the security policy on the
perimeter device. I can see why those secure NAT boxes have *totally* stopped the Windows botnet problem in its
tracks...
Permit any outbound
Permit any inbound established
Deny any inbound
Achieves essentially...
Re: Addressing plan exercise for our IPv6 course
Mark Smith (Jul 29)
What is worse about that is that we networking people have ended up
shifting the cost of fixing our problem onto the application
developers and onto the application users. Because we don't provide
end-to-end visibility between peers on the Internet ("Internet
transparency" - see RFC4924), application developers have to try to
develop methods of doing that themselves. As you've said, this creates
additional application complexity,...
Re: Web expert on his 'catastrophe' key for the internet
todd glassey (Jul 28)
On 7/28/2010 1:16 PM, Jorge Amodio wrote:
Add the numbers to the pages when the pdf IS printed. Its in the
printing configuration.
Todd
Re: Web expert on his 'catastrophe' key for the internet
Jorge Amodio (Jul 28)
Have you noticed that the Provisional TCR Proposal doc from ICANN has
the page numbers encrypted ?
(http://www.root-dnssec.org/wp-content/uploads/2010/04/ICANN-TCR-Proposal-20100408.pdf)
Looks it is the strange "I don't know how to number pages on pdf
files" algorithm :-)
Cheers
Jorge
Re: Web expert on his 'catastrophe' key for the internet
Valdis . Kletnieks (Jul 28)
On Wed, 28 Jul 2010 14:20:51 CDT, Jorge Amodio said:
Of course not. The only real requirement is that the TCR group hold enough
shares so ICANN can't sign anything without them. For instance, make 12
shares, give 6 to ICANN and 1 to each of six TCR people, and then require 11
shares in order to sign something. The only way anything happens is for ICANN
and at least 5 TCR to cooperate - which is about the only way to make it
palatable for all...
Re: Web expert on his 'catastrophe' key for the internet
Jorge Amodio (Jul 28)
Also, these famous guys selected as part of the TCR group where the
number is not actually seven, don't even have enough material to sign
anything by themselves.
The RKSH or Recovery Key Share Holder just holds in a tamper evident
bag, a smart card with part of the key used to encrypt the backup
copies of the HSM (Hardware Security Module).
I'd love to see how they can "restart the world wide web" with that ...
Cheers
Jorge
Re: Web expert on his 'catastrophe' key for the internet
Valdis . Kletnieks (Jul 28)
On Wed, 28 Jul 2010 09:24:57 PDT, "andrew.wallace" said:
Movie-plot threat.
Hint 1 - if you want to cause actual mischief, I'd start the merriment over at
gtld-servers.net rather than the actual root, or maybe even one more level down
at the actual TLD servers. '.' is small enough that it can easily be
hand-verified if need be, but there's like 140M things under .com handled by
dozens of registries and registrars - even with DNSSEC,...
Re: Web expert on his 'catastrophe' key for the internet
Jorge Amodio (Jul 28)
Which is totally unfounded and equivalent to a ton of dung.
Please stop with the non-operational content conspiracy theories, tnx.
Re: Out-of-band paging
Steve Gibbard (Jul 28)
I think people are getting lost in the weeds here, and confusing
technologies with paths.
My current employer has been upgrading its transit circuits, and spent
time in the last few months worrying about diversity of the transit paths.
But we didn't insist that one provider come in via metro ethernet, one via
SONET, and one via a GRE tunnel. What we did was have them bring in
network maps, and make them sell us circuits that weren't...
 Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating
Do any IPers know how to report a fake Facebook request to join a group?
Dave Farber (Jul 29)
Begin forwarded message:
> From: "Jonathan M. Smith" <jms () cis upenn edu>
> Date: July 29, 2010 7:50:37 AM EDT
> To: Dave Farber <dave () farber net>
> Cc: Jonathan Smith <jms () central cis upenn edu>
> Subject: Do any IPers know how to report a fake Facebook request to join a group?
>
> It was from a (real) friend and I almost accepted, but it seemed a little odd, so I checked with the...
re rResolution of my ATT MicroCell issues
Dave Farber (Jul 29)
I have my 3G cell working with just the normal mess of finding a gps window in the middle of a tree loaded site. It
would be nice if I did not have to maintain gps visibility if a move it with in the house or can I?
Dave
Begin forwarded message:
> From: Jonathan P Gill <jock.gill () gmail com>
> Date: July 28, 2010 6:38:11 PM EDT
> To: David Josephson <dlj () josephson com>
> Cc: Jonathan P Gill <jock.gill () gmail...
FTC Leaning Toward Do-Not-Track List for Online Ads
Dave Farber (Jul 29)
Begin forwarded message:
> From: Mary Shaw <mary.shaw () gmail com>
> Date: July 29, 2010 7:00:16 AM EDT
> To: dave () farber net
> Subject: Re: [IP] FTC Leaning Toward Do-Not-Track List for Online Ads
>
> Dave,
>
> This sounds very attractive -- until you realize how widely the do-not-call list is ignored.
>
> My home phone been on the do-not-call list since it opened. I have filed a very large number of...
re Police limits on taking photo's in DC
Dave Farber (Jul 29)
Begin forwarded message:
> From: "Denning, Dorothy (CIV)" <dedennin () nps edu>
> Date: July 27, 2010 2:47:35 PM EDT
> To: dave () farber net, ip <ip () v2 listbox com>
> Subject: RE: [IP] re Police limits on taking photo's in DC
>
> There is a nice legal analysis of this case on Cato’s website:
>
>
>
> http://www.cato-at-liberty.org/2010/06/03/revise-the-maryland-wiretap-law/
>...
Police limits on taking photo's in DC; can we hear an opposing view?
Dave Farber (Jul 29)
Begin forwarded message:
> From: "Lin, Herb" <HLin () nas edu>
> Date: July 27, 2010 5:03:29 PM EDT
> To: "dave () farber net" <dave () farber net>, ip <ip () v2 listbox com>
> Cc: "gerry-faulhaber () mchsi com" <gerry-faulhaber () mchsi com>
> Subject: RE: [IP] Police limits on taking photo's in DC; can we hear an opposing view?
>
> I've spoken to various LEOs on this...
WH wants easier FBI electronic surveillance of Internet
Dave Farber (Jul 29)
Begin forwarded message:
> From: Richard Forno <rforno () infowarrior org>
> Date: July 29, 2010 7:36:45 AM EDT
> To: Undisclosed-recipients: <>;
> Cc: Farber Dave <dave () farber net>
> Subject: WH wants easier FBI electronic surveillance of Internet
>
>
> Obama channelling the ghost of Dubya? Same stuff/desires, different administration. :( -rf
>
>
> White House proposal would ease...
FTC Leaning Toward Do-Not-Track List for Online Ads
Dave Farber (Jul 29)
Begin forwarded message:
> From: Sashikumar N <sashikumar.n () gmail com>
> Date: July 29, 2010 4:28:25 AM EDT
> To: dave <dave () farber net>
> Subject: FTC Leaning Toward Do-Not-Track List for Online Ads
>
> Prof Dave,
> For IP...
>
> regards
> sashi
>
> FTC Leaning Toward Do-Not-Track List for Online Ads
> By Kenneth Corbin
> July 28, 2010
>
> As it prepares a major report with...
America's Operating System: Law.gov principles
Dave Farber (Jul 28)
Begin forwarded message:
> From: Joseph Lorenzo Hall <joehall () gmail com>
> Date: July 28, 2010 5:25:46 PM EDT
> To: Dave Farber <dave () farber net>
> Subject: America's Operating System: Law.gov principles
>
> Hi Dave, for IP if you deem fit.
>
> Carl Malamud has tirelessly spearheaded an effort over the past year
> or so to make US law, the operating system of our government, freely
> available....
Personal Info For 100 Million Facebook Users Harvested Into One File - The Consumerist
Dave Farber (Jul 28)
http://consumerist.com/2010/07/personal-info-for-100-million-facebook-users-harvested-into-one-file.html
-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now:...
: an interesting read on ISP surveillance, privacy, and Net Neutrality
Dave Farber (Jul 28)
Begin forwarded message:
> From: Abe Singer <abe () oyvay nu>
> Date: July 28, 2010 4:44:48 PM EDT
> To: Dave Farber <dave () farber net>
> Subject: an interesting read on ISP surveillance, privacy, and Net Neutrality
>
> Dr. Farber,
>
> For IP if you like...
>
> I recommend to IPers the article "The Rise and Fall of Invasive ISP
> Surveillance," by Paul Ohm at University of Colorado,...
Verizon experienced nationwide Network Extender network failure yesterday
Dave Farber (Jul 28)
Begin forwarded message:
> From: "Kevin G. Barkes" <kgbarkes () gmail com>
> Date: July 28, 2010 2:57:15 PM EDT
> To: dave () farber net
> Subject: Verizon experienced nationwide Network Extender network failure yesterday
>
> Not related to ATT, but...
>
> I was thinking of ordering a Verizon Network Extender because my office is
> in the basement of my home and the signal there fades from time to...
Resolution of my ATT MicroCell issues-- resend
David Farber (Jul 28)
Begin forwarded message:
From: Jonathan P Gill <jock.gill () gmail com>
Date: July 28, 2010 9:14:46 AM EDT
To: David Farber <dave () farber net>
Cc: Jonathan P Gill <jock.gill () gmail com>
Subject: Resolution of my ATT MicroCell issues
Dave,
IP readers might like to know that my MicroCell is now working very well in rural VT in a location that is 15 miles
from the nearest tower.
Getting to this happy result took some time...
Fantasy role playing has no place in DNSSEC
David Farber (Jul 28)
Begin forwarded message:
From: "George Ou" <george_ou () lanarchitect net>
Date: July 28, 2010 1:12:13 PM EDT
To: <dave () farber net>, <nnsquad () nnsquad org>
Subject: Fantasy role playing has no place in DNSSEC
Fantasy role playing has no place in DNSSEC
http://www.digitalsociety.org/2010/07/fantasy-role-playing-has-no-place-in-dnssec/
When the media starts naming individuals in the UK who hold 1/5th of the key...
Resolution of my ATT MicroCell issues
Dave Farber (Jul 28)
Begin forwarded message:
> From: Jonathan P Gill <jock.gill () gmail com>
> Date: July 28, 2010 9:14:46 AM EDT
> To: David Farber <dave () farber net>
> Cc: Jonathan P Gill <jock.gill () gmail com>
> Subject: Resolution of my ATT MicroCell issues
>
> Gilsson Universal Amplified GPS Antenna
-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed:...
EFF Wins New Legal Protections for Video Artists, Cell Phone Jailbreakers, and Unlockers
David Farber (Jul 28)
Begin forwarded message:
From: dewayne () warpspeed com (Dewayne Hendricks)
Date: July 26, 2010 6:50:17 PM EDT
To: Dewayne-Net Technology List <xyzzy () warpspeed com>
Subject: [Dewayne-Net] EFF Wins New Legal Protections for Video Artists, Cell Phone Jailbreakers, and Unlockers
[Note: This item comes from reader Monty Solomon. DLH]
From: Monty Solomon <monty () roscom com>
Date: July 26, 2010 2:59:37 PM PDT
Subject: EFF Wins New...
 The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.
Risks Digest 26.11
RISKS List Owner (Jul 21)
RISKS-LIST: Risks-Forum Digest Wednesday 21 July 2010 Volume 26 : Issue 11
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/26.11.html>
The current issue can be...
Risks Digest 26.10
RISKS List Owner (Jul 10)
RISKS-LIST: Risks-Forum Digest Saturday 10 July 2010 Volume 26 : Issue 10
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/26.10.html>
The current issue can be...
Risks Digest 26.09
RISKS List Owner (Jul 03)
RISKS-LIST: Risks-Forum Digest Saturday 3 July 2010 Volume 26 : Issue 09
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/26.09.html>
The current issue can be...
Risks Digest 26.08
RISKS List Owner (Jun 10)
RISKS-LIST: Risks-Forum Digest Thursday 10 June 2010 Volume 26 : Issue 08
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/26.08.html>
The current issue can be...
Risks Digest 26.07
RISKS List Owner (May 29)
RISKS-LIST: Risks-Forum Digest Saturday 29 May 2010 Volume 26 : Issue 07
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/26.07.html>
The current issue can be...
Risks Digest 26.06
RISKS List Owner (May 08)
RISKS-LIST: Risks-Forum Digest Saturday 8 May 2010 Volume 26 : Issue 06
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/26.06.html>
The current issue can be...
Risks Digest 26.05
RISKS List Owner (May 04)
RISKS-LIST: Risks-Forum Digest Tuesday 4 April 2010 Volume 26 : Issue 05
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/26.05.html>
The current issue can be...
Risks Digest 26.04
RISKS List Owner (Apr 28)
RISKS-LIST: Risks-Forum Digest Wednesday 28 April 2010 Volume 26 : Issue 04
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/26.04.html>
The current issue can be...
Risks Digest 26.03
RISKS List Owner (Apr 25)
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/26.03.html>
The current issue can be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:...
Risks Digest 26.02
RISKS List Owner (Apr 18)
RISKS-LIST: Risks-Forum Digest Sunday 18 April 2010 Volume 26 : Issue 02
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/26.02.html>
The current issue can be...
Risks Digest 26.01
RISKS List Owner (Apr 08)
RISKS-LIST: Risks-Forum Digest Thursday 8 April 2010 Volume 26 : Issue 01
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/26.01.html>
The current issue can be...
 Data Loss — Data Loss covers large-scale personal data loss and theft incidents. This archive combines the main list (news releases) and the discussion list.
NJ: Potential security breach at Cooper Univ. Hospital
kirniki (Jul 28)
http://abclocal.go.com/wpvi/story?section=news/local&id=7578794
CAMDEN, N.J. - July 27, 2010 (WPVI) -- A thumb drive that contained
personal data about current and past graduate medical education
residents and fellows at Cooper University Hospital has gone missing.
Hospital sources tell Action News the thumb drive went missing on July
8th.
[..]
Cooper refused an interview but released the following statement:
"Cooper University...
Russian hacking ring specialises in counterfeit checks
security curmudgeon (Jul 28)
[This doesn't spell out "data loss", but putting the details together and
this is an incident. - jericho]
http://blogs.ft.com/techblog/2010/07/russian-hacking-ring-specialises-in-counterfeit-checks/
Russian hacking ring specialises in counterfeit checks
July 28, 2010 12:14am
by Joseph Menn
Most of the organised hacking rings aiming at bank fraud these days are
stealing login credentials and then taking advantage of the relatively...
One Breach = $1 Million To $53 Million In Damages Per Year, Report Says
security curmudgeon (Jul 27)
---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>
http://www.darkreading.com/database_security/security/attacks/showArticle.jhtml?articleID=226200272
By Kelly Jackson Higgins
DarkReading
July 26, 2010
Organizations are getting hit by at least one successful attack per week,
and the annualized cost to their bottom lines from the attacks ranged from
$1 million to $53 million per year, according to a...
follow-up: Police called over pizza hack
security curmudgeon (Jul 27)
---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>
http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=10661073
By Joseph Barratt
nzherald.co.nz
July 25, 2010
The personal details of several Kiwi celebrities have been released by
hackers as proof they have cracked Hell Pizza's customer database.
Private information including passwords, email and home addresses, phone
numbers - plus...
corporate identity theft in colorado
Henry Brown (Jul 24)
http://www.networkworld.com/news/2010/071610-colorado-warns-of-major-corporate.html
..
Colorado's Secretary of State and other officials are warning the
state's 800,000 or so registered businesses to watch out for scammers
who have been forging business identities to make fraudulent purchases
from several big-box retailers in recent months.
So far, at least 35 businesses in the state have had their corporate
identities misused to open...
ICO says more than 9000 children's details put at risk by UK councils
security curmudgeon (Jul 24)
http://www.infosecurity-magazine.com/view/10852/ico-says-more-than-9000-childrens-details-put-at-risk-by-uk-councils/
ICO says more than 9000 children's details put at risk by UK councils
09 July 2010
The Information Commissioner' Office (ICO) has taken action against the
London Borough of Barnet, West Sussex County Council and Buckinghamshire
County Council for breaching the Data Protection Act.
According to the ICO, a systemic lack of...
fringe: New Zealand-based Hell Pizza's database gets walked...
security curmudgeon (Jul 24)
http://risky.biz/hell
EXCLUSIVE: I know what you ate last summer
New Zealand-based Hell Pizza's database gets walked...
By Patrick Gray
July 22, 2010 --
The online customer database of a New Zealand-headquartered pizza store
chain has been compromised.
Risky.Biz understands multiple intruders have compromised Hell Pizza's
400mb database. While it does not contain any credit card information, it
does contain in excess of 230,000 rows of...
UK: Data breach reporting law set for four-year rollout
security curmudgeon (Jul 24)
http://www.zdnet.co.uk/news/compliance/2010/07/19/data-breach-reporting-law-set-for-four-year-rollout-40089566/
http://www.silicon.com/management/public-sector/2010/07/16/uk-headed-for-data-breach-disclosure-law-within-four-years-39746105/
Data breach reporting law set for four-year rollout
By Nick Heath, silicon.com, 19 July, 2010 09:13
NEWS
A law forcing all organisations to publically declare data breaches is
expected to be in place in...
130 B.C. lottery web accounts compromised
kirniki (Jul 20)
http://www.cbc.ca/canada/british-columbia/story/2010/07/20/bc-lottery-corporation-online-gambling-crash.html
B.C.'s privacy commissioner has confirmed that a breach that
compromised users' account details forced the shutdown of the B.C.
Lottery Corporation's new online casino PlayNow.com just hours after
it was launched last week.
Elizabeth Denham said the personal information of more than 130 people
was inadvertently shared with other...
130 B.C. lottery web accounts compromised
kirniki (Jul 20)
http://www.cbc.ca/canada/british-columbia/story/2010/07/20/bc-lottery-corporation-online-gambling-crash.html
B.C.'s privacy commissioner has confirmed that a breach that
compromised users' account details forced the shutdown of the B.C.
Lottery Corporation's new online casino PlayNow.com just hours after
it was launched last week.
Elizabeth Denham said the personal information of more than 130 people
was inadvertently shared with other...
MD: State employee posts nearly 3, 000 SSNs online
kirniki (Jul 20)
http://www.baltimoresun.com/news/maryland/bs-md-dhr-ssn-posted-online-20100719,0,2531857.story
A Maryland Department of Human Resources employee was placed on
administrative leave after posting the Social Security numbers and
other personal information of nearly 3,000 clients of a state agency
on a third-party website, a spokeswoman for the agency said.
[..]
Personal details of 93, 000 staff and students at university could be exposed
Nehlebaeff, Alex (Jul 20)
July 19, SC Magazine - (Iowa) Personal details of 93,000 staff and students at university could be exposed after
database compromise. The personal details of 93,000 people have been exposed, following the compromise of a database a
college in Storm Lake, Iowa. The social security numbers, addresses and driver's license information of students and
staff at Buena Vista University dating back to 1987 could be vulnerable, according to whotv.com....
Personal Info of Tens of Thousands of Israelis Stolen by Turkish Hackers
Darius Freamon (Jul 20)
http://news.softpedia.com/news/Personal-Info-of-Tens-of-Thousands-of-Israelis-Stolen-by-Turkish-Hackers-148020.shtml
By *Lucian Constantin*, Security News
Editor<http://news.softpedia.com/editors/browse/lucian-constantin>
July 19th, 2010, 07:37 GMT
According to reports in local media the email addresses, passwords and
personal information of over 100,000 Israelis is being shared on Turkish
hacking forums. Apparently, they were lifted...
Spanish police detained tree hackers with a database with more than 120, 000 users of a "web popular television", 14 Jul 2010
Lostmon lords (Jul 20)
The Guardia Civil have detained three people, including a minor in a
town near A Coruña, belonging to a group of hackers to attack websites
dedicated to public and private entities.
('xassiz','kr0no', 'Ca0s' y 'K41S3R' members of 'KA0 Team')
The group disbanded hackers had accessed web servers, attacking and
changing among others, pages of the Socialist Party in Madrid, Partido
Popular, the program 'Save me' by Telecinco and the Children's...
MA: Data Loss Affects Thousands Of Patients
security curmudgeon (Jul 20)
http://www.thebostonchannel.com/mostpopular/24311150/detail.html
Data Loss Affects Thousands Of Patients
South Shore Hospital Incident Under Investigation
POSTED: 2:12 pm EDT July 19, 2010
UPDATED: 3:09 pm EDT July 19, 2010
BOSTON -- Back-up computer files containing personal, health and financial
information of thousands affiliated with South Shore Hospital may have
been lost by a professional data management company.
The backup computer...
 Metasploit — Development discussion for Metasploit, the premier open source remote exploitation tool
Problem updating metasploit
epidoksos xaker (Jul 29)
hello everybody, i have a hard disk installation of backtrack 4 in
vmware. the problem is that when i try to update metasploit the output
is the following
svn: Checksum mismatch while updating
'/opt/metasploit3/msf3/msfcli'; expected:
'716617886c06b8c2b0be6d3e566432d9', actual:
'7d58f8cfb92af535c55f5e11016a1369'
i removed the msfcli, it was restored but no update has been done. Any ideas??
thnx...
Re: Help: Yahoo! Messenger YVerInfo.dll ActiveX Control Buffer Overflow
Julião Barbin (Jul 26)
Ok,Thanks for the help,jcb
Re: Uninstalling Metasploit Mini
Matt Gardenghi (Jul 26)
Did you utilize the uninstall in the /opt/metasploit/ directory? I
think that will do it for you. But really, why would anyone ever
uninstall Metasploit? ;-)
Matt
Re: Help: Yahoo! Messenger YVerInfo.dll ActiveX Control Buffer Overflow
Joshua J. Drake (Jul 25)
You appear to have used LHOST incorrectly. Based on the output
provided, you should set it to 10.20.6.126 (LHOST == listen host).
After running the exploit, you'll still need to convince a user on
that machine to visit your web site (http://10.20.6.126:8080/S85gRUvyp0)
Hope this helps,
db_autopwn error
Teng Kacak (Jul 25)
greetings.
i have came across an error during my db_autopwn session back when i was
using metasploit 3.3.3 which was updated to 3.4.0-devel.
http://pastebin.com/69AKPtgQ
the error occured after updating to 3.4.0-devel and when i reinstalls
metasploit 3.3.3, there's no problem. after a fresh format, i decided to
install metasploit 3.4.1 and the same error occurs. any ideas on causes of
the problem anyone? my system is running on Fedora 13 using...
Re: LNK Exploit Export
Florian Roth (Jul 25)
Hey, thanks,
I did the following but struggled because it did not work as I
expected.
I changed the contents of the LNK to the name of my DLL.
But that didn't do the trick.
I had to use the following string with a trailing space and double
point.
00000080 00 00 00 6a 00 00 00 00 00 00 20 00 3a 00 43 00 |...j...... .:.C.|
00000090 3a 00 5c 00 42 00 4e 00 57 00 45 00 6a 00 42 00 |:.\.B.N.W.E.j.B.|
000000a0 63 00 66 00 49 00 71 00 2e...
Re: LNK Exploit Export
Hendrik Baecker (Jul 25)
Am 24.07.10 21:47, schrieb Florian Roth:
Don't suppose - know!
hexdump -C /path/to/your.lnk ^^
I would try to hexedit the lnk to change the voodoo you found by
hexdump. Didn't try it myself yet, maybe some more knowledge about LNK
file structure / the weak M$ code is needed.
I wouldn't say the DLL itself might be a problem - it's just a PE DLL'd
payload.
Back to your question - I'm not aware of an export function in metasploit.
Cherio!
Uninstalling Metasploit Mini
Bryan Richardson (Jul 24)
Hi,
I used the .run installer for Linux for the first time today on my new
laptop and noticed that all the MSF executables are linked to the
local bin directory. Just for future reference, is there a way of
uninstalling the framework such that all the static links to the MSF
executables are removed as well, or does this have to be done
manually?
Don't get me wrong, I love the installer. Thanks for all the great work!
Re: proplem in meta
Florian Roth (Jul 24)
What payload do you use?
Where are you and where is the target located? (same network, other
network, both behind NAT routers?)
proplem in meta
ahly com (Jul 24)
i have met proplem in meta i exploit the probem (((1_the conection timed out ))
2((the explit compleceted but no session ))
LNK Exploit Export
Florian Roth (Jul 24)
Hi!
I played with the LNK exploit
(windows/browser/ms10_xxx_windows_shell_lnk_execute) and would like to
know a way to make it usable in a standalone version.
I noticed that every time I copied the generated DLL and LNK file to a
different directory, the exploit does not work anymore. So I suppose
that the code is bound to a fixed path where the DLL has to be located.
I'd like to send the exploit to a friend who wants to demonstrate the...
Re: Load plugin inside msfgui / Error in msfgui ?
scriptjunkie (Jul 23)
Hi Ludovic,
Unfortunately, the ability to load a plugin is not in msfrpc yet, so I
can't implement that in msfgui yet. I haven't had time to get a patch
together, but the code would be similar to the cmd_load code in the
console command dispatcher. You can track progress (or try to make a
patch yourself and post it) here:
https://www.metasploit.com/redmine/issues/2292
The job error should be fixed now, though. svn up and test it out....
Load plugin inside msfgui / Error in msfgui ?
Ludovic Courgnaud (Jul 23)
Hi everyone,
I was trying the msfgui and I'm wondering if it is possible to launch a
plugin directly from the interface. I did not find the option in the menus
and I need it in order to load both a plugin and an exploit at same time.
Actually, a loaded plugin (in console mode) permits me to create Command and
Control channels with list of victims, then an exploit can be executed on a
selected victim. Is that possible in graphical mode?
Then, in...
Re: Search Exploit/Auxiliary by "option"
Ulisses Castro (Jul 21)
I got this solved, so...
While waiting to this "dumb" solution:
---
$ pwd
/pentest/framework3/modules
$ for mod in $(find . -type f -iname '*.rb' | cut -f2- -d'/' | egrep
-v '(^payloads|^nops|^encoders|/fileformat/|/browser/)' | cut -f2-
-d'/' | cut -f1 -d'.'); do echo $mod; ../msfcli $mod O | grep -v
RHOSTS | grep RHOST && echo $mod >> /tmp/rhost_module_filtered.txt;
done
---
I wrote a little piece of python code to...
Search Exploit/Auxiliary by "option"
Ulisses Castro (Jul 20)
Hello fellows,
I'm trying without success with some greps/egreps to filter all
exploit/auxiliary that use option RHOST and not RHOSTS and is not
browser or fileformat type.
---
$ pwd
/pentest/framework3/modules
$ grep -irl "\[ 'Automatic'\, { } \]" * | grep -iv \.svn | egrep -v
'(browser|fileformat)'
exploits/linux/mysql/mysql_yassl_getname.rb
exploits/multi/http/jboss_maindeployer.rb
exploits/multi/http/sun_jsws_dav_options.rb...
 Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.
Global variables
César Gomes (Jul 29)
Hello everyone,
I'm currently working on a dissector, and I need to make so that one
variable has the same value at the begining of a capture, the value then can
change, but in the beginning it has to be the same, how can I do that? I
would apreciate any help.
Best Regards
César Gomes
Re: not able to decode TCAP/GSM_MAP/GSM_SMS protocol layers
Jeff Morriss (Jul 29)
Zak, Pavel wrote:
The message on the right has no SSNs in the SCCP Called/Calling
addresses. Wireshark uses the SSN to know that the message is TCAP (as
opposed to some other upper-layer protocol).
I suppose that if this is really a problem SCCP could have a preference
for a "default" upper layer protocol if none is found via SSNs.
not able to decode TCAP/GSM_MAP/GSM_SMS protocol layers
Zak, Pavel (Jul 29)
Hi,
I currently have wireshark 1.2.9 and I'm not able to decode M3UA traffic exchanged between SMSC and STP. Decoding ends
up on ETH/IP/SCTP/M3UA/SCCP layer and the rest is non decoded raw data.
Could anyone tell me what's wrong in the traffic? Please see HTML output bellow (left side correctly decoded, right
side incorrectly).
Thank you,
Pavel
1
No. Time Source Destination Protocol Info...
UI for packets differing by a checksum on the end
Jon Smirl (Jul 29)
I'm working on the 802.15.4 packet decoder. 802.15.4 packets have a
two byte hardware checksum at the end of them. Some sniffer hardware
includes this checksum in the packets returned and some hardware
doesn't.
We've been switching between them by changing the source code:
- ieee802154_handle = find_dissector("wpan");
+ ieee802154_handle = find_dissector("wpan_nofcs");
How can i fix this so that I can...
Unable to Decode MAP
Zulhilmi Muhammad (Jul 29)
Hi Wireshark expert,
I'm tried to use wireshark to decode the trace file, unfortunately the wireshark
shows the errors on the certain map output message. Refer to below message.
Any solution is much appreciated.
extensionContainer
privateExtensionList: 1 item
PrivateExtension
extId: 1.2.826.0.1249.58.1.0 (ericsson-gsm-Map-Ext)
Extension Data...
Re: building wireshark in linux
Maynard, Chris (Jul 29)
Which version of Wireshark are you compiling against? With 1.2.8, my plugins get copied automatically. I haven’t
integrated them with the trunk yet. Anyway, I think you probably just need to edit plugins/Makefile.nmake, possibly as
easy as adding your plugin to the PLUGIN_LIST, which the latest README.plugins mentions, or if you’re using an older
version such as 1.2.8 like I am, then adding the appropriate xcopy command to the...
Re: building wireshark in linux
ajay seshadri (Jul 29)
Thanks a lot Chris.
Since I am building it as a plugin, I actually paste the dll in the
..wireshark\wireshark-gtk2\plugins\my_protocol folder to make it work. It
doesn't show the added protocol otherwise.
I get this message : sudo: ./autogen.sh: command not found for ./autogen.sh.
I have installed autoconf2.66, automake-1.9 and libtool-2.2. Am I missing out on
the installation of any files?
________________________________
From:...
buildbot failure in Wireshark (development) on Windows-7-x64
buildbot-no-reply (Jul 29)
The Buildbot has detected a new failure of Windows-7-x64 on Wireshark (development).
Full details are available at:
http://buildbot.wireshark.org/trunk/builders/Windows-7-x64/builds/825
Buildbot URL: http://buildbot.wireshark.org/trunk/
Buildslave for this Build: windows-7-x64
Build Reason:
Build Source Stamp: 33667
Blamelist: martinm
BUILD FAILED: failed checkapi
sincerely,
-The Buildbot
Re: PacketReceivePacket error out on allocating buffer gerater than 4MB
Guy Harris (Jul 29)
The wireshark-users list is for users of the Wireshark application, just as wireshark-dev is for people developing code
for Wireshark. Neither are the best list for people trying to develop their own applications using WinPcap; the right
list is the winpcap-users mailing list:
http://www.winpcap.org/contact.htm
RTP Stream Analysis
Keith French (Jul 29)
In the RTP Stream Analysis window of Wireshark there is a column for filtered jitter and at the bottom are figures for
max & mean jitter. What exactly are these jitter figures & how to they compare to the jitter & difference when graphed
from this window?
Keith French
Re: Buffering packets for dissection
Andreas (Jul 28)
Jaap Keuter <jaap.keuter () > writes:
Hi,
I've checked out the tutorial about reassembling TCP fragments, but it seems
tcp_dissect_pdus() needs a fixed size header, which this protocol (TFO) doesn't
have.
Well, okay, the frames and messages do have headers, but they can only be
obtained after reassembly; I need to extract every 16th byte's LSB, and one
message can consist of 30 to 130 bits.
Also, the length of the message depends on...
buildbot failure in Wireshark (development) on Windows-XP-x86
buildbot-no-reply (Jul 28)
The Buildbot has detected a new failure of Windows-XP-x86 on Wireshark (development).
Full details are available at:
http://buildbot.wireshark.org/trunk/builders/Windows-XP-x86/builds/775
Buildbot URL: http://buildbot.wireshark.org/trunk/
Buildslave for this Build: windows-xp-x86
Build Reason:
Build Source Stamp: 33666
Blamelist: wmeier
BUILD FAILED: failed failed slave lost
sincerely,
-The Buildbot
buildbot failure in Wireshark 1.4 on Windows-XP-x86
buildbot-no-reply (Jul 28)
The Buildbot has detected a new failure of Windows-XP-x86 on Wireshark 1.4.
Full details are available at:
http://buildbot.wireshark.org/trunk-1.4/builders/Windows-XP-x86/builds/53
Buildbot URL: http://buildbot.wireshark.org/trunk-1.4/
Buildslave for this Build: windows-xp-x86
Build Reason:
Build Source Stamp: 33659
Blamelist: gerald
BUILD FAILED: failed nmake all
sincerely,
-The Buildbot
buildbot failure in Wireshark 1.0 on Windows-XP-x86
buildbot-no-reply (Jul 28)
The Buildbot has detected a new failure of Windows-XP-x86 on Wireshark 1.0.
Full details are available at:
http://buildbot.wireshark.org/trunk-1.0/builders/Windows-XP-x86/builds/5
Buildbot URL: http://buildbot.wireshark.org/trunk-1.0/
Buildslave for this Build: windows-xp-x86
Build Reason:
Build Source Stamp: 33662
Blamelist: gerald
BUILD FAILED: failed failed slave lost
sincerely,
-The Buildbot
buildbot failure in Wireshark 1.4 on Windows-7-x64
buildbot-no-reply (Jul 28)
The Buildbot has detected a new failure of Windows-7-x64 on Wireshark 1.4.
Full details are available at:
http://buildbot.wireshark.org/trunk-1.4/builders/Windows-7-x64/builds/54
Buildbot URL: http://buildbot.wireshark.org/trunk-1.4/
Buildslave for this Build: windows-7-x64
Build Reason:
Build Source Stamp: 33659
Blamelist: gerald
BUILD FAILED: failed nmake all
sincerely,
-The Buildbot
 Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.
Re: What s the difference between the shipped snort.conf's?
Joel Esler (Jul 29)
The barnyard configuration may not change much. The snort.conf is a manual conversion though.
Sent from my iPhone
------------------------------------------------------------------------------
The Palm PDK Hot Apps Program offers developers who use the
Plug-In Development Kit to bring their C/C++ apps to Palm for a share
of $1 Million in cash or HP Products. Visit us here for more details:
http://p.sf.net/sfu/dev2dev-palm...
Re: What s the difference between the shipped snort.conf's?
Jun Wan (Jul 28)
Hi Wkitty42,
Thanks for the info. I can install the new Snort 2.8.6.1 (via compiling the new
2.8.6.1 sources or pre-compiled binary downloads) into a diffrent folder, create new folders for log, barnyard2 ...
etc.
How to migrate the configurations from old Snort.conf , barnyard2 and old customised rules to the new
Snort.conf,barnyard2 and new rules? manual process? auto-process?
Thanks.
Regards
John...
Re: What s the difference between the shipped snort.conf's?
waldo kitty (Jul 28)
FWIW: i made the transition in my setups by downloading and compiling the new
2.8.6.1 sources... i suspect that it is much easier in other environments due to
the pre-compiled binary downloads that are available...
FWIW2: i don't think it will help with your problem of pulled pork not being
able to download the MD5 file but stranger things have been seen... especially
if the MD5 is/was not available where your pulled pork may have been...
Re: What's the difference between the shipped snort.conf's?
Jun Wan (Jul 28)
Hi Jimmy,
I am going to do the same thing as you did---making the transition from 2.8.5.3 to 2.8.6.1.
What's the best way to do this transition?
How did you make the transition?
Thanks
Regards
John
Re: Snort 2.8.6.1, "Error: Failed to find LibVerion()" while trying to develop a preprocessor module
Russ Combs (Jul 28)
Have a look at the ssl preprocessor. It is relatively simple.
------------------------------------------------------------------------------
The Palm PDK Hot Apps Program offers developers who use the
Plug-In Development Kit to bring their C/C++ apps to Palm for a share
of $1 Million in cash or HP Products. Visit us here for more details:
http://p.sf.net/sfu/dev2dev-palm_______________________________________________
Snort-devel mailing list...
Re: Snort 2.8.6.1, "Error: Failed to find LibVerion()" while trying to develop a preprocessor module
Joel Esler (Jul 28)
BlackLight said:
You need to delete the libsf_dynamic_preprocessor_example.* files in
order to have Snort function.
j
------------------------------------------------------------------------------
The Palm PDK Hot Apps Program offers developers who use the
Plug-In Development Kit to bring their C/C++ apps to Palm for a share
of $1 Million in cash or HP Products. Visit us here for more details:
http://p.sf.net/sfu/dev2dev-palm
Re: Snort 2.8.6.1, "Error: Failed to find LibVerion()" while trying to develop a preprocessor module
BlackLight (Jul 28)
My issue is not with getting Snort running. I know deleting libsf*example*
Snort runs, but I need to develop *MY OWN* preprocessor module. Of course I
started from the source code of the "official" example, but it looks definitely
bugged, taking out random LibVersion() issues. So where should I start for
developing my preprocessor module if modifying a bit and compiling
spp_example.c all I get is Snort not working?
Snort 2.8.6.1, "Error: Failed to find LibVerion()" while trying to develop a preprocessor module
BlackLight (Jul 28)
I need to work on Snort for my master thesis, developing a preprocessor
module on Snort 2.8.6.1. I started from the spp_example.c code,
creating a directory called "testpreproc" in snort_dynamicpreprocessor
with the following content:
spp_example.c -> http://sprunge.us/GYUA
sf_dynamic_preproc_lib.c -> http://sprunge.us/HUZZ
sf_preproc_info.h -> http://sprunge.us/dIaU
and this is the Makefile:
all:
gcc...
Re: What's the difference between the shipped snort.conf's?
Joel Esler (Jul 28)
It's the one I start with personally, so yes.
However, any snort.conf should be modified to fit the environment you are applying your IDS to.
J
------------------------------------------------------------------------------
The Palm PDK Hot Apps Program offers developers who use the
Plug-In Development Kit to bring their C/C++ apps to Palm for a share
of $1 Million in cash or HP Products. Visit us here for more details:...
Re: Invitation to connect on LinkedIn
Jim Mccullough (Jul 28)
Nope
Sent from my iPhone
------------------------------------------------------------------------------
The Palm PDK Hot Apps Program offers developers who use the
Plug-In Development Kit to bring their C/C++ apps to Palm for a share
of $1 Million in cash or HP Products. Visit us here for more details:
http://p.sf.net/sfu/dev2dev-palm_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go...
Re: What's the difference between the shipped snort.conf's?
Jimmy Crackcorn (Jul 28)
Perfect; thanks, Joel.
I'm presuming the snort.conf that shipped w/ the VRT rules should be
the config file to go with then?
Cheers
------------------------------------------------------------------------------
The Palm PDK Hot Apps Program offers developers who use the
Plug-In Development Kit to bring their C/C++ apps to Palm for a share
of $1 Million in cash or HP Products. Visit us here for more details:
http://p.sf.net/sfu/dev2dev-palm
Re: FW: Oinkmaster can t get rules
JJC (Jul 28)
Can you execute a verbose run -vv and see what the output is? As to running
on XP, I cannot say as I have not tested on XP, or any Windows platform. I
would say that it is likely that the 403 is not being caused by an OS
related issue, though it could be.
------------------------------------------------------------------------------
The Palm PDK Hot Apps Program offers developers who use the
Plug-In Development Kit to bring their C/C++ apps to...
Re: What's the difference between the shipped snort.conf's?
Joel Esler (Jul 28)
The below says "--enable-zip" It should be "--enable-zlib"
Joel
------------------------------------------------------------------------------
The Palm PDK Hot Apps Program offers developers who use the
Plug-In Development Kit to bring their C/C++ apps to Palm for a share
of $1 Million in cash or HP Products. Visit us here for more details:
http://p.sf.net/sfu/dev2dev-palm
What's the difference between the shipped snort.conf's?
Jimmy Crackcorn (Jul 28)
I'm finally making the transition from 2.8.5.3 to 2.8.6.1 and am
re-vamping my snort.conf but I'm seeing some differences between the
snort.conf that ships with 2.8.6.1 and what shipped with the latest
VRT release (on the 22nd). I'd used the one included in the ruleset
but it doesn't pass a simple test (compiled with
--enable-decoder-preprocessor-rules --enable-targetbased
--disable-corefile --enable-zip --enable-sourcefire --enable-ipv6):
......
Re: Invitation to connect on LinkedIn
Bruce A. Sanders (Jul 28)
No.
_____
From: Ninad Purohit [mailto:ninadpurohit () gmail com]
To: snort-users () lists sourceforge net
Sent: Tue, 27 Jul 2010 23:53:26 -0400
Subject: [Snort-users] Invitation to connect on LinkedIn
LinkedIn
I'd like to add you to my professional network on LinkedIn.
- Ninad
Ninad Purohit
Deputy Manager - Information Security at Vodafone Essar Limited
Mumbai Area, India
Confirm that you know Ninad
© 2010, LinkedIn...
 OpenVAS — Development and announcements regarding OpenVAS, a free network security scanner which forked from Nessus. This is a combination of the English openvas-announce, openvas-devel, openvas-discuss, and openvas-plugins lists.
Missing OMP-Support in OpenVAS-Client
Stefan Schwarz (Jul 29)
i compiled using:
cd openvas-client && ./configure --enable-omp && make && sudo make install
but when trying to connect via OpenVAS-Client to openvasmd
(Manager->New), after successful authorization i get
md omp:MESSAGE:2010-07-29 14h11.00 utc:4731: Failed to parse
client XML: Error
Is OMP still supported for OpenVAS-Client? I'm using 1.1.0.SVN.r8597.
Stefan
gsa-desktop 0.1.0 released
Michael Wiegand (Jul 29)
Hello,
Those of you watching the SVN commits and the OpenVAS website closely will
already have noticed it: Our newest OpenVAS module just had it's first
release.
The newest member of the OpenVAS family is called gsa-desktop and is a Qt
based OMP client with the ultimate goal of providing an alternative to the
Gtk based OpenVAS-Client while offering the full potential of OMP.
We invite you to try out gsa-desktop and are looking forward to...
OpenVAS Change Request #49: Introduce new NVT category ACT_NETWORK
Michael Wiegand (Jul 29)
Hello,
I've just uploaded Change Request #49 (Introduce new NVT category
ACT_NETWORK), which is available at:
http://www.openvas.org/openvas-cr-49.html
This CR was inspired by kost's CR #26 and by our discussion about improving
nmap integration. Since the proposal differs slightly from CR #26, I'll leave
it up to the community to combine the two CRs or to keep them separate.
Please read the CR and let me know what you think. If you have any...
Planning release of gsa 1.0.0
Jan-Oliver Wagner (Jul 29)
Hi,
as a follow up on the openvas-manager, gsa 1.0.0 is planned to be released
next week as the first OMP client.
This also should increase the number of users and thus of feedback.
Any concerns, comments?
All the best
Jan
Re: Planning release of openvas-manager 1.0.0(.rc2)
Jan-Oliver Wagner (Jul 29)
done now, see openvas-announce.
Re: OpenVas Installation guide
Stephan Kleine (Jul 29)
Simply add
http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v3/Fedora_13/
as repository and install the stuff from there. If "it doesn't work", which
e.g. can happen due to the init scripts since those are untested cause I don't
use Fedora, you send me a patch or tell me what needs to be changed and I'll
change it.
hth
Stephan
OpenVAS Manager 1.0 released
Jan-Oliver Wagner (Jul 29)
Substantial Technology Adance: Vulnerability Management with OpenVAS Manager 1.0
OpenVAS Manager 1.0 represents almost 2 years of intensive work. The mission of
OpenVAS Manager is to offer powerful and comfortable vulnerability management on
top of the actual vulnerability scanner, OpenVAS Scanner 3.1.
The OpenVAS Manager is a layer between the OpenVAS Scanner and various client
applications. The upcoming clients cover web, desktop and command...
OpenVas Installation guide
Hakimi, Wais (Jul 29)
Hello all,
I would like to install Openvas on Fedora 13. I am kinda confused with the whole process. That is because I am not
familiar with all Linux distros. Could anyone help me with the step-by-step process, including which files to download,
which commands to use in order to download files, install and run OpenVas server. Also, how to scan other computers on
the network?
Sorry if I sound dumb, but I have tried everything I could, and...
Re: connection failure
Aaron (Jul 28)
I have confirmed that there is only one openvasmd process running. I
was going to attach some logs, but openvassd.{message,dump} do not
appear to exist. I will attach openvasmd.log, however. It looks like
it may be meaningful, and it's only about three lines.
I apologize for the delay. Since enabling PIE and PaX, I've had trouble
with a number of programs -- notably my mail client!
-Aaron
lib serv: DEBUG:2010-07-29 05h55.21 utc:11174:...
Re: Welcome to the "Openvas-discuss" mailing list
Dražen Popović (Jul 27)
Classic XD
Re: Welcome to the "Openvas-discuss" mailing list
Scott Damron (Jul 27)
You just sent your password to the entire mailing list...
Re: Problems with OpenVAS 3.1 on Ubuntu 10.04
Felix Wolfsteller (Jul 27)
You tried to access an ssl server via http.
Either access the service via https://...:9393 or use what Stefan suggested
and start gsad with --http-only .
We suggest to use the --http-only flag and e.g. "stunnel" if you want to use
it in production, because of an issue with the ssl-implementation.
The issue stems from a library in use (libmicrohttpd) and was btw. reported to
be closed yesterday (so, smooth and safe...
Re: Problems with OpenVAS 3.1 on Ubuntu 10.04
Bozidar Spirovski (Jul 27)
Stefan
Your suggestion clears the problem with ability to log on to GSA. So i
manage to start the entire product set with the following sequence:
from terminal, as root
/etc/init.d/openvas-scanner start
openvasmd --database=/var/lib/openvas/mgr/tasks.db --listen=127.0.0.1
--port=9391 --slisten=127.0.0.1 --sport=9390
openvasad --listen=127.0.0.1 --port=9392 --users-dir=/var/lib/openvas/users
--scanner-config-file=/etc/openvas/openvassd.conf...
Re: Problems with OpenVAS 3.1 on Ubuntu 10.04
Steefan Schwarz (Jul 26)
Am 26.07.2010 20:23, schrieb Bozidar Spirovski:
[]
gsad still has problems with SSL, did you try:
gsad --http-only ...
Stefan
Re: Problems with OpenVAS 3.1 on Ubuntu 10.04
Luis Contreras (Jul 26)
Hi Bozidar,
have you installed openvas throught the source or from the synaptic package
manager ?
On Mon, Jul 26, 2010 at 2:23 PM, Bozidar Spirovski <spirovski.b () gmail com>wrote:
We also maintain archives for these lists (some are currently inactive):
Read some old-school private security digests such as Zardoz at SecurityDigest.Org
We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.
|
Current Quarter
Archived Posts
RSS Feed
About List
Show Latest Posts
Hide Latest Posts