SecLists.Org Security Mailing List Archive

Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:

Insecure.Org Lists

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

Re: Nmap Script Engine on OpenWrt Daniel Miller (Apr 05)
It looks like Lua puts the commands to 'ar' into the AR variable. Your
build environment or configuration sets the AR variable to the appropriate
binary for your system, overwriting these commands. Then when building, ar
complains that it's missing a valid command.

As a workaround, here's a patch that ought to solve it:

diff --git a/liblua/Makefile b/liblua/Makefile
index d71c75c..ee52283 100644
--- a/liblua/Makefile
+++...

Re: Nmap Script Engine on OpenWrt Bruno (Apr 05)
The lua version on the OpenWRT device that is being used is Lua 5.1.5.

Trying with the "--with-liblua=included" option, it tried to compile
liblua, however it still failed with the attached error log.

But it seems some progress were made. Do you have any other suggestions
I could try?

Thanks Daniel

arm-openwrt-linux-muslgnueabi-gcc-ar liblua.a lapi.o lcode.o lctype.o ldebug.o ldo.o ldump.o lfunc.o lgc.o llex.o
lmem.o lobject.o...

Re: Nmap Script Engine on OpenWrt Daniel Miller (Apr 05)
Bruno,

Thanks for following up. It appears that you might have a version of Lua
installed that is incompatible with Nmap. You can force Nmap to build and
statically link the Lua 5.3.3 source that's included with Nmap by passing
--with-liblua=included to configure. Let us know if this fixes the issue
for you.

Dan

New script for brute-force discovery passwords and users in CMS Made Simple in version 2.2.6 Artur Kielak (Apr 02)
Hi

I would like add new script for brute force discovery passwords and users in CMS Made Simple in version 2.2.6.
This is my first plugin. Please for review.

Artur Kielak

Index: scripts/http-cmsmadesimple-brute.nse
===================================================================
--- scripts/http-cmsmadesimple-brute.nse (nonexistent)
+++ scripts/http-cmsmadesimple-brute.nse (kopia robocza)
@@ -0,0 +1,162 @@
+local brute =...

Re: Nmap Script Engine on OpenWrt Bruno (Apr 02)
Thanks Daniel Miller for your prompt answer,

I'm attaching the error log. (Not sure if it works for the dev list. If
it doesn't I will reply with the error on clear text).

Compiling with the "--without-liblua" works flawlessly.

make[3]: Entering directory '/home/bruno/lede/feeds/packages/net/nmap'
rm -f /home/bruno/lede/build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/nmap-nossl/nmap-7.60/.built
touch...

Re: Nmap Script Engine on OpenWrt Daniel Miller (Apr 02)
Bruno,

NSE doesn't make sense outside the context of Nmap, and many of the
libraries it uses are compiled in to nmap itself. However, there shouldn't
be any reason that it wouldn't compile on OpenWrt. Can you change the
package's makefile so that it doesn't use --without-liblua in configure and
then report what actually happens? What are the specific errors that happen?

Dan

Nmap Script Engine on OpenWrt Bruno (Apr 02)
Is it possible to run NSE scritps, but without the nmap scripting?

I'm trying to run nmap scripting on OpenWRT, so the router let me know
if there are vulnerabilities on my network to be patched. However, the
nmap version for OpenWRT is missing scripting support
(https://github.com/openwrt/packages/issues/4472)

The scripts are written in lua. So, what I'm planning to do is run all
the scripts available from lua itself. Do I have...

dhcp script ?? Mike . (Mar 27)
with debugging turned on, i noticed this from the dhcp discover script. my simple question is : do we need the
"unexpected" line? is that an error? here is the output

NSE: [broadcast-dhcp-discover W:274F274] dhcp-discover: Attempting to parse Serv
er Identifier
NSE: [broadcast-dhcp-discover W:274F274] dhcp-discover: Attempting to parse Doma
in Name Server
NSE: [broadcast-dhcp-discover W:274F274] dhcp-discover: Attempting to parse Doma...

scan hung up with SYN scan Mike . (Mar 25)
hello

i'm posting because this is the first time i ever saw this function dsiplayed. while doing a simple syn scan, with
retries at 1, i saw this:

doAnyOutstandingRetransmits took 48ms
SYN Stealth Scan Timing: About 20.21% done; ETC: 11:57 (0:02:02 remaining)
SYN Stealth Scan Timing: About 48.46% done; ETC: 11:56 (0:01:05 remaining)

........and it hung and locked up. just curious why i was seeing "doAnyOutstandingRetransmits"??...

Re: question regarding max retries Mike . (Mar 23)
this can be discarded. i see the error on my part. didnt see the port value at the end. now i do look silly. my
apologies

________________________________
From: Mike . <dmciscobgp () hotmail com>
Sent: Friday, March 23, 2018 7:43 PM
To: nmap-group
Subject: question regarding max retries

hello all

hopefully this isnt a silly question. setting the max retries value to 1 when scanning my router, i figured i would see
just one packet/probe...

question regarding max retries Mike . (Mar 23)
hello all

hopefully this isnt a silly question. setting the max retries value to 1 when scanning my router, i figured i would see
just one packet/probe in debuging output. this is what i am seeing. my question, is this normal behavoir for this
setting?

m|ke

Service scan sending probe NBTStat to 192.168.0.1:53 (udp)
Service scan sending probe NBTStat to 192.168.0.1:68 (udp)
Service scan sending probe Help to 192.168.0.1:53 (udp)
Service scan...

Re: npcap 0.99R1 installer won't install on Win 7 32-bit Michael D. Lawler (Mar 13)
Yep it is working correctly now. Thanks for the quick fix!

At 12:51 PM 3/13/2018, Daniel Miller wrote:

Re: npcap 0.99R1 installer won't install on Win 7 32-bit Daniel Miller (Mar 13)
Michael,

You'll find the Npcap 0.99-r2 installer will work fine on 32-bit Windows:
https://nmap.org/npcap/#download

Dan

Re: npcap 0.99R1 installer won't install on Win 7 32-bit Daniel Miller (Mar 12)
Michael,

Thanks so much again for reporting this. I confirmed that we mistakenly
took out the portion of the installer that stores the result of the 64-bit
check, so all checks were assuming 64-bit. We'll test properly on 32-bit
Windows and get a fix into the next release this week.

Dan

Re: npcap 0.99R1 installer won't install on Win 7 32-bit Michael D. Lawler (Mar 11)
The install.log clearly shows that it's trying to
install the x64 and not the x86 driver on a 32-bit system.

detailprint: Installing NDIS6.x x64 driver for Win7, Win8 and Win10

from line 86 of the install.log that I sent Dan.

At 05:29 PM 3/11/2018, Daniel Miller wrote:

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.

Nmap 7.70 released! Better service and OS detection, 9 new NSE scripts, new Npcap, and much more. Fyodor (Mar 20)
Nmap Community,

We're excited to make our first Nmap release of 2018--version 7.70! It
includes hundreds of new OS and service fingerprints, 9 new NSE scripts
(for a total of 588), a much-improved version of our Npcap windows packet
capturing library/driver, and service detection improvements to make -sV
faster and more accurate. And those are just a few of the dozens of
improvements described below.

Nmap 7.70 source code and binary...

Nmap GSoC 2017 Success Reports Fyodor (Oct 10)
Hello Nmap Community,

Nmap celebrated its 20th birthday last month and we also just completed our
13th Google Summer of Code. We focused on a fairly small team of four
students this year (http://seclists.org/nmap-announce/2017/2), and I'm
happy to report that every one passed! And they all have code integrated
into Nmap 7.60 already, with even more to follow for the next release.
Also this year, for the first time, every student wrote a...

Nmap 7.60 released! SSH support, SMB2/SMB3 improvements, 14 more scripts, new Npcap, GSoC work, and more Fyodor (Aug 01)
Hello everyone. I'm back from Defcon and excited to announce the new Nmap
7.60 release! It has only been a month and a half since 7.50, but we still
packed a lot into this one. Mostly because we have such an awesome GSoC
team of 8 students and mentors working on so many cool projects. The
program hasn't even ended yet, but much of their work has already been
integrated into this release.

One of the things I'm most excited...

Nmap 7.50 Released! 14 new NSE scripts, 300+ fingerprints, new Npcap, and more Fyodor (Jun 13)
Dear Nmap Community:

The Nmap project is delighted to announce the release of Nmap 7.50! It is
our first big release since last December and has hundreds of improvements
that we hope you will enjoy.

One of the things we have been worked the hardest on recently is our Npcap
packet capturing driver and library for Windows (https://nmap.org/npcap/).
It is a replacement for WinPcap, which served us well for many years, but
is no longer maintained....

Introducing the 2017 Nmap/Google Summer of Code Team! Fyodor (May 18)
Nmap community:

Thanks for all of your applications and referrals of talented students to
the Summer of Code program. Google has agreed to sponsor four students to
spend this summer enhancing the Nmap Security Scanner and I'm proud to
introduce our 2017 team! We normally mentor coders working all over the
Nmap/Zenmap/Ncat/Nping spectrum, but this year we're doubling down on the
Nmap Scripting Engine component. All four of our...

Nmap Project Seeking Talented Programmers for GSoC 2017 Fyodor (Mar 27)
Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're one...

Nmap GSoC 2016 Success Report Fyodor (Feb 07)
Happy belated new year from the Nmap Project! I'd like to take this
opportunity to send you the belated results from our 2016 Summer of Code
team. I was going to send them right after the program finished, but some
of the students were still finishing some great things so I decided to
wait. As you may recall from the team intro mail (
http://seclists.org/nmap-announce/2016/2), we had 5 students last year and
I'm happy to report that...

Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

Re: Massive Breach in Panera Bread John Menerick (Apr 03)
They didn’t fix the other domains from resolving their weblogic / Hyperion site. Try catering, etc.....

Sent from ProtonMail Mobile

CVE-2018-9233 Sophos Endpoint Protection Control Panel v10.7 / Insecure Crypto hyp3rlinx (Apr 03)
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/SOPHOS-ENDPOINT-PROTECTION-CONTROL-PANEL-v10.7-INSECURE-CRYPTO-CVE-2018-9233.txt
[+] ISR: Apparition Security

Vendor:
==========
www.sophos.com

Product:
===========
Sophos Endpoint Protection - Control Panel v10.7

Sophos Endpoint Protection helps secure your workstation by adding
prevention, detection, and...

CVE-2018-4863 Sophos Endpoint Protection v10.7 / Tamper Protection Bypass hyp3rlinx (Apr 03)
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/SOPHOS-ENDPOINT-PROTECTION-v10.7-TAMPER-PROTECTION-BYPASS-CVE-2018-4863.txt
[+] ISR: Apparition Security

Vendor:
=============
www.sophos.com

Product:
===========
Sophos Endpoint Protection v10.7

Sophos Endpoint Protection helps secure your workstation by adding
prevention, detection, and response technology on...

Re: CVE-2018-5708 Kevin R (Apr 03)
Discoverer: Kevin Randall

Re: Massive Breach in Panera Bread (RS) Tyler Schroder (Apr 03)
A correction seems to be issued for both endpoints, POC links are returning
"INVALID_SESSION". Might still be breakable given some time, but something
tells me they're getting a lot of free pentesting right now :)

R. S. Tyler Schroder

-----Original Message-----
From: Fulldisclosure [mailto:fulldisclosure-bounces () seclists org] On Behalf
Of Jack Beanstalk
Sent: Monday, April 2, 2018 3:43 PM
To: fulldisclosure () seclists org...

Directory Traversal Vulnerability in DNNarticle module for DNN Rahimian (Apr 03)
##############################

01. ### Advisory Information ###
Title: Directory Traversal Vulnerability in DNNarticle module
Date published: n/a
Date of last update: n/a
Vendors contacted: zldnn.com
Discovered by: Esmaeil Rahimian
Severity: Critical

02. ### Vulnerability Information ###

OVE-ID: CVE-2018-9126.

03. ### Introduction ###

DNN Article is not only a powerful module to enable post and manage
articles, but also provides total...

Massive Breach in Panera Bread Jack Beanstalk (Apr 03)
7682200f0cd27a4f1a3c2301941d959aae7abf89136c38a4f1ded4d2bb7a67d7

I'd like to report a security vulnerability in Panera Bread's web
application. There is a publicly available, completely unauthenticated
API endpoint that allows anyone to access the following information
about anyone who has ever signed up for an account to order food from
Panera Bread:

1. Username

2. First and last name

3. Email address

4. Phone number

5. Birthday...

Re: [SE-2011-01] Security contact at Canal+ Group ? Security Explorations (Apr 03)
Hello Nicolas,

Thank you very much for your prompt response and for providing
us with this contact information. We do appreciate it.

[SE-2011-01] Security contact at Canal+ Group ? Security Explorations (Apr 03)
Hello All,

Over the recent month we have been trying (with no success) to obtain
information from various entities regarding the replacement process of
set-top-box devices conducted by the NC+ operator in Poland [1]. The
basis of the above can be found in this message [2].

We have received a key confirmation from NC+ operator that "the goal
of a replacement process of set-top-boxes is to improve security level
of a broadcasted signal,...

Re: new email; gw22067 () hotmail com | Double-free segfault bypass Matthew Fernandez (Mar 30)
Maybe I’m misunderstanding something, but what is the vulnerability here? It looks like you are just demonstrating that
a program can corrupt its own heap, which it can already do in numerous other ways.

Null Pointer Deference (Denial of Service)-Kingsoft Internet Security 9+ Kernel Driver KWatch3.sys WTS Research Team (Mar 30)
*****[ White Team Security (WTS) Security Advisory- ADV-01-03-2018 ]*****

Kingsoft Internet Security 9+ - Null Pointer Deference Kernel Driver KWatch3.sys

--------------------------------------------------------------------------------------------------------------

Author:

- Arjun Basnet from White Team Security (WTS) Research Team

*****[ Table of Contents ]*****

* Overview

* Detailed description

* Vulnerable IOCTL

* Timeline of...

SSRF（Server Side Request Forgery） in Tpshop <= 2.0.6 （CVE-2017-16614） service () baimaohui net (Mar 30)
# SSRF（Server Side Request Forgery） in Tpshop <= 2.0.6 (CVE-2017-16614)

The Tpshop open source mall system is a multi-merchant mode mall system developed by Shenzhen Leopard Network Co.,
Ltd.This system is based on the Thinkphp development framework.

## Product Download: http://www.tp-shop.cn/Index/Index/download.html

## Vulnerability Type：SSRF（Server Side Request Forgery）

## Attack Type : Remote

## Vulnerability Description...

APPLE-SA-2018-3-29-8 iCloud for Windows 7.4 Apple Product Security (Mar 30)
APPLE-SA-2018-3-29-8 iCloud for Windows 7.4

iCloud for Windows 7.4 is now available and addresses the following:

Security
Available for: Windows 7 and later
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4144: Abraham Masri (@cheesecakeufo)

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead...

APPLE-SA-2018-3-29-7 iTunes 12.7.4 for Windows Apple Product Security (Mar 30)
APPLE-SA-2018-3-29-7 iTunes 12.7.4 for Windows

iTunes 12.7.4 for Windows is now available and addresses the
following:

Security
Available for: Windows 7 and later
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2018-4144: Abraham Masri (@cheesecakeufo)

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may...

APPLE-SA-2018-3-29-6 Safari 11.1 Apple Product Security (Mar 30)
APPLE-SA-2018-3-29-6 Safari 11.1

Safari 11.1 is now available and addresses the following:

Safari
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and
macOS High Sierra 10.13.4
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2018-4102: Kai Zhao of 3H security team
CVE-2018-4116: @littlelailo, xisigr of...

Other Excellent Security Lists

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

[SECURITY] [DSA 4167-1] sharutils security update Luciano Bello (Apr 05)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4167-1 security () debian org
https://www.debian.org/security/ Luciano Bello
April 05, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : sharutils
CVE ID : CVE-2018-1000097
Debian Bug...

Advisory - Fisheye and Crucible - CVE-2018-5223 Atlassian (Apr 04)
This email refers to the advisory found at
https://confluence.atlassian.com/x/aS5sO and
https://confluence.atlassian.com/x/Zi5sO .

CVE ID:

* CVE-2018-5223.

Product: Fisheye and Crucible.

Affected Fisheye and Crucible product versions:

version < 4.4.6
4.5.0 <= version < 4.5.3

Fixed Fisheye and Crucible product versions:
* for 4.4.x, Fisheye 4.4.6 has been released with a fix for this issue.
* for 4.5.x, Fisheye 4.5.3 has been...

Advisory - Bamboo - CVE-2018-5224 Atlassian (Apr 04)
This email refers to the advisory found at
https://confluence.atlassian.com/x/PS9sO .

CVE ID:

* CVE-2018-5224.

Product: Bamboo.

Affected Bamboo product versions:

2.7.0 <= version < 6.3.3
6.4.0 <= version < 6.4.1

Fixed Bamboo product versions:

* for 6.3.x, Bamboo 6.3.3 has been released with a fix for this issue.
* for 6.4.x, Bamboo 6.4.1 has been released with a fix for this issue.

Summary:
This advisory discloses a critical...

[SECURITY] [DSA 4166-1] openjdk-7 security update Moritz Muehlenhoff (Apr 04)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4166-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
April 04, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openjdk-7
CVE ID : CVE-2018-2579 CVE-2018-2588...

FreeBSD Security Advisory FreeBSD-SA-18:05.ipsec FreeBSD Security Advisories (Apr 03)
=============================================================================
FreeBSD-SA-18:05.ipsec Security Advisory
The FreeBSD Project

Topic: ipsec crash or denial of service

Category: core
Module: ipsec
Announced: 2018-04-04
Credits: Maxime Villard
Affects: All supported versions of FreeBSD.
Corrected:...

FreeBSD Security Advisory FreeBSD-SA-18:04.vt FreeBSD Security Advisories (Apr 03)
=============================================================================
FreeBSD-SA-18:04.vt Security Advisory
The FreeBSD Project

Topic: vt console memory disclosure

Category: core
Module: vt console
Announced: 2018-04-04
Credits: Dr Silvio Cesare of InfoSect
Affects: All supported versions of...

[SECURITY] [DSA 4165-1] ldap-account-manager security update Luciano Bello (Apr 03)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4165-1 security () debian org
https://www.debian.org/security/ Luciano Bello
April 03, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ldap-account-manager
CVE ID : CVE-2018-8763...

[SECURITY] [DSA 4164-1] apache2 security update Salvatore Bonaccorso (Apr 03)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4164-1 security () debian org
https://www.debian.org/security/ Stefan Fritsch
April 03, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : apache2
CVE ID : CVE-2017-15710 CVE-2017-15715...

[SECURITY] [DSA 4163-1] beep security update Moritz Muehlenhoff (Apr 02)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4163-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
April 02, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : beep
CVE ID : CVE-2018-0492

It was discovered that...

[SECURITY] [DSA 4161-1] python-django security update Luciano Bello (Apr 01)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4161-1 security () debian org
https://www.debian.org/security/ Luciano Bello
April 01, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : python-django
CVE ID : CVE-2018-7536 CVE-2018-7537...

[SECURITY] [DSA 4159-1] remctl security update Moritz Muehlenhoff (Apr 01)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4159-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
April 01, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : remctl
CVE ID : CVE-2018-0493

Santosh...

[SECURITY] [DSA 4160-1] libevt security update Moritz Muehlenhoff (Apr 01)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4160-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
April 01, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libevt
CVE ID : CVE-2018-8754

It was discovered...

[SECURITY] [DSA 4162-1] irssi security update Moritz Muehlenhoff (Apr 01)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4162-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
April 01, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : irssi
CVE ID : CVE-2018-5205 CVE-2018-5206...

[slackware-security] php (SSA:2018-090-01) Slackware Security Team (Apr 01)
[slackware-security] php (SSA:2018-090-01)

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/php-5.6.35-i586-1_slack14.2.txz: Upgraded.
This update fixes a security issue where sensitive data belonging to other
accounts might be accessed by a local user.
For more information, see:...

CA20180329-01: Security Notice for CA Workload Automation AE and CA Workload Control Center Williams, Ken (Mar 29)
CA20180329-01: Security Notice for CA Workload Automation AE and CA
Workload Control Center

Issued: March 29, 2018
Last Updated: March 29, 2018

CA Technologies Support is alerting customers to two potential risks
with CA Workload Automation AE and CA Workload Control Center. Two
vulnerabilities exist that can allow a remote attacker to conduct SQL
injection attacks or execute code remotely.

The first vulnerability, CVE-2018-8953, in CA...

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

Transitions David Aitel (Mar 26)
So much of BJJ is about transitions from one position to another. For
example, when you have one kind of bugclass, and you apply a methodology
to transform that into another bugclass. For example, recently I saw a
talk during our INFILTRATE dry runs, where someone (not even hacking a
browser or using a scripting language of any kind!) used a "Write Once"
primitive to modify a particular structure such that it assumed the size
was...

To DARPA, re CGC! CC: Everyone else! :) Dave Aitel (Mar 22)
So this experiment is super interesting. And there's a ton of great new
fuzzers coming out. AND I DARE YOU TO PROVE TO ME THAT SMT STUFF IS NOT
JUST A HUGE WASTE OF TIME BY REDOING THIS EXPERIMENT WITH THEM! :)

In particular Angora looks extremely good. The paper is well worth a read:
https://arxiv.org/abs/1803.01307

Also note: The metric we want between different fuzzers is, "what bugs does
this one find that others don't"....

Re: Celebrations Matt Tait (Mar 12)
There is a fair argument that we overplay the visibility of the alcohol and
underplay the visibility of the healthy options (eg SAS had morning
exercise on the beach, lots of folks didn't drink at all etc), and that
might be off-putting to new folks entering the field.

No real problem with folks who use alcohol to blow off steam at these
conferences (hell, I had a *lot* of tequila on and off stage this past
week) but it's a good...

Re: Celebrations Allen (Mar 12)
Infiltrate handles this fantastically. A non drinker can blend into
cocktail hour water in hand; without getting dragged into mandatory keg
stands and belching contests you might find at other conferences. By day
the debugger slides damn near require a lucid and caffeine fueled sobriety
so there is actually social pressure against getting hammered the night
before. As an attendee, strolling into the day hung over, 2-3 talks late
feels like a...

Re: Celebrations Chris Eng (Mar 12)
For the record, much of what you see in the Kaspersky pictures are non-alcoholic. Nobody is pressured to drink, but
people still like to participate in the traditions. Most of the spirits consumed on stage are the same color as
water... just saying. ;-)

[drinky1][drinky2]

So today I'm going over the reports released at Kaspersky's SAS conference and for some reason the images of people
drinking on stage stuck out at me. I think...

Re: Celebrations Alex McGeorge (Mar 12)
Hi All,

We've been talking a lot internally about substance abuse and addiction
within the larger infosec community. Our having a no-drinks ticket
option (contact admin@ for details) is a result of these conversations.
We've also talked about hosting an Alcoholics Anonymous and Narcotics
Anonymous (AA & NA) meeting during the conference. To that end, we've
reserved a conference room and will provide refreshments for such a...

Re: Celebrations Jared DeMott (Mar 12)
To go a step further, there's actually many Believers in our field -- and
often there's an informal church service/bible study/sharing time -- that
will get put together if a given security conference falls over a Sunday
morning. :) I've enjoyed many of those.
Jared

Re: Celebrations Curt Wilson (Mar 12)
My own offensive community relations are long in the tooth these days,
however your comment about addiction is relevant. Many people damage their
lives, and others lives so badly with it. Kudos for having a non-alcohol
option. A clear head and a healthy liver become even more important as the
inevitable aging process occurs. Hackers of the 80’s and 90’s are getting
old :)

Celebrations David Aitel (Mar 12)
drinky1drinky2

So today I'm going over the reports released at Kaspersky's SAS
conference and for some reason the images of people drinking on stage
stuck out at me. I think it's because half my facebook feed, when I
bother to log in to see what the schedule at the local BJJ gym is, is
people in *our community* talking about their recovery from addiction.

I know DefCon has this tradition of drinking on stage too, and GCon did,
of...

Offering Gold Level Internet Service! David Aitel (Mar 10)
So every country, including the US, has decided that disconnecting from
the outside world in the even of an attack might be a good idea, and
gamed it through pretty thoroughly. Today's DefenseOne article was on
Russia:
http://www.defenseone.com/technology/2018/03/if-war-comes-russia-could-disconnect-internet-yes-entire-country/146572/

So my question for DARPA PMs is this: What technology can we deploy to
offer an entire country internet...

Re: What's next? Konrads Smelkovs (Mar 10)
I believe that much of apparent lack of capability at western intelligence
organisations is rather a lack of action which is because the goals have
not been set at policy level and enemy was not defined. In Western public
space it wouldn’t be appropriate / possible for heads of state to publicly
declare assassination as a means of diplomacy (the famous phrase of “if
necessary, we’ll whack them in the loo” as an example). When Iran was...

schedule/program for SyScan360 in Singapore 2018 Thomas (Mar 09)
hi all

the schedule/program for SyScan360 in Singapore 2018 is out. check it
out at https://www.syscan360.org/en/schedule/

Re: What's next? the grugq (Mar 07)
I like personal IO... that is a good angle.

Thing is, people need to chill the fuck out on IO as cyber. Stuxnet still
happened. NotPetya happened. There are cyber operations which have physical
effects, and so it takes understanding that cyber is bigger than just one
style of operation. There are dimensions, aspects, facets, all of which are
cyber... anything that processes data (people, organisations, systems) is
vulnerable to cyber because...

What's next? David Aitel (Mar 07)
So right now I'm listening to alivestream from BAH
<http://www.defenseone.com/feature/genius-machines-livestream/#register-now>
on AI's usage in the military. It's good to get beyond the straight up
Terminator-esque fear that is all the rage in policy circles right now.
I mean, today you saw an article where people were upset that Google was
using TensorFlow and related technologies to recognize objects in drone
data. But...

44CON 2018 CFP Open - 12-15th September, London (UK) Steve (Mar 07)
44CON 2018 is the UK's best annual Security Conference and Training event. The conference spans 2.5 days with training
on the 10th and 11th of September, a free evening event on the 12th of September, and a full two-day conference on the
13th and 14th of September. The event takes place at the ILEC Conference Centre near Earls Court, London. 44CON 2018
includes catering, private bus bar and Gin O'Clock breaks. Early Bird discounted...

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

Security Weekly Insider: You are now unsubscribed Paul Asadoorian (Feb 01)
** We have removed your email address from our list.
------------------------------------------------------------

We're sorry to see you go! Don't forget you can subscribe to all of our shows (RSS and iTunes) at
http://securityweekly.com (http://securityweekly)

Was this a mistake? Did you forward one of our emails to a friend, and they clicked the unsubscribe link not realizing
they were in fact unsubscribing you from this list? If...

WEBCAST: How To Test Endpoint Security Solutions (The Atomic Red Team Way) Security Weekly (Jan 26)
Is your endpoint solution working? Are you struggling to test quarterly, if at all?

Dear Security Weekly tribe,

Have you ever wondered if your endpoint security solution is working the way you expect? Have you tested your endpoint
solution, and if so how often? And when you test detection, have you moved past detonating a malware sample to see what
happens?

An emerging category in information security are solutions that allow you to test...

Security Weekly Webcast Paul Asadoorian (Jan 15)
Last Chance to Register!!

Dear Security Weekly Tribe!

Last Chance to register for this week’s webcast!

Tired of wasting your time sifting through logs for nothing in return? We know attackers borrow IP addresses but
control domains. Join Michael Santarcangelo and Paul Asadoorian as they poo-poo on logs and show you how to use this
insight to successfully pivot your way to a more powerful response. Joining this webcast is Taylor...

WEBCAST: The Power of the Pivot Paul Asadoorian (Jan 04)
Using domain names and DNS information to explore and thwart malicious infrastructure

Dear Security Weekly tribe,

Join Michael Santarcangelo (The Security Catalyst), Taylor Wilkes-Pierce from DomainTools and myself for our upcoming
webcast! We will discuss using domain names and DNS information to thwart malicious infrastructure.

Registration information:
Wednesday, January 17, 2018
3:00PM - 4:00pm ET
Register now: The Power of the Pivot (...

Security Weekly On-Demand Webcasts Security Weekly (Dec 22)
Happy Holidays from Security Weekly!

Happy Holidays Security Weekly Tribe!

A number of you have told us that sometimes you sign up for our webcasts only to have your schedule go sideways… and
you miss it. While we love the ability to have real discussions and share insights during the live webcasts, I have a
special gift for you (below).

In the coming year, we’re working on an on-demand format. Our team is working to identify crucial...

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

Microsoft Security Update Releases Microsoft (Apr 03)
********************************************************************
Title: Microsoft Security Update Releases
Issued: April 3, 2018
********************************************************************

Summary
=======

The following CVE has been released on April 3, 2018:

* CVE-2018-0986

Revision Information:
=====================

- Title: Microsoft Malware Protection Engine Remote Code Execution
Vulnerability
- URL:...

Microsoft Security Update Releases Microsoft (Mar 29)
********************************************************************
Title: Microsoft Security Update Releases
Issued: March 29, 2018
********************************************************************

Summary
=======

The following CVE has been added to the March 2018 Security Updates:

* CVE-2018-1038

Revision Information:
=====================

- https://portal.msrc.microsoft.com/en-us/security-guidance
- Version: 1.0
-...

Microsoft Security Update Releases Microsoft (Mar 23)
********************************************************************
Title: Microsoft Security Update Releases
Issued: March 23, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2018-0889 * CVE-2018-0932
* CVE-2018-0891 * CVE-2018-0935
* CVE-2018-0927 * CVE-2018-0942
* CVE-2018-0929...

Microsoft Security Advisory Notification Microsoft (Mar 13)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: March 13, 2018
********************************************************************

Security Advisories Released or Updated on March 13
===================================================================

* Microsoft Security Advisory ADV180002

- Title: Guidance to mitigate speculative execution side-channel...

Microsoft Security Update Summary for March 13, 2018 Microsoft (Mar 13)
********************************************************************
Microsoft Security Update Summary for March 13, 2018
Issued: March 13, 2018
********************************************************************

This summary lists security updates released for March 13, 2018.

Complete information for the March 2018 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>.

Critical Security...

Microsoft Security Update Releases Microsoft (Mar 13)
********************************************************************
Title: Microsoft Security Update Releases
Issued: March 13, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2018-0771

Revision Information:
=====================

- https://portal.msrc.microsoft.com/en-us/security-guidance/
advisory/CVE-2018-0771
- Version:...

Microsoft Security Advisory Notification Microsoft (Mar 01)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: March 1, 2018
********************************************************************

Security Advisories Released or Updated on March 1
===================================================================

* Microsoft Security Advisory ADV180002

- Title: Guidance to mitigate speculative execution side-channel...

Microsoft Security Update Releases Microsoft (Feb 16)
********************************************************************
Title: Microsoft Security Update Releases
Issued: February 16, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2018-0810

Revision Information:
=====================

- https://portal.msrc.microsoft.com/en-us/security-guidance/
advisory/CVE-2018-0810
-...

Microsoft Security Update Minor Revisions Microsoft (Feb 16)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: February 16, 2018
********************************************************************

Summary
=======

The following CVEs have been revised in the February 2018 Security
Updates.

* CVE-2018-0842

Revision Information:
=====================

CVE-2018-0842

- Title: CVE-2018-0842 | Windows Kernel Elevation of Privilege...

Microsoft Security Advisory Notification Microsoft (Feb 13)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: February 13, 2018
********************************************************************

Security Advisories Released or Updated on February 13
===================================================================

* Microsoft Security Advisory ADV180002

- Title: Guidance to mitigate speculative execution side-channel...

Microsoft Security Update Summary for February 13, 2018 Microsoft (Feb 13)
********************************************************************
Microsoft Security Update Summary for February 13, 2018
Issued: February 13, 2018
********************************************************************

This summary lists security updates released for February 13, 2018.

Complete information for the February 2018 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>.

Critical...

Microsoft Security Update Summary for February 6, 2018 Microsoft (Feb 07)
********************************************************************
Microsoft Security Update Summary for February 6, 2018
Issued: February 6, 2018
********************************************************************

This summary lists security updates released for February 6, 2018.

Complete information for the February 2018 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>.

Critical...

Microsoft Security Update Releases Microsoft (Jan 29)
********************************************************************
Title: Microsoft Security Update Releases
Issued: January 29, 2018
********************************************************************

Summary
=======

The following advisory has undergone major revision increments:

* ADV180002

Revision Information:
=====================

- https://portal.msrc.microsoft.com/en-us/security-guidance
- Version: 11.0
- Reason for Revision:...

Microsoft Security Update Releases Microsoft (Jan 26)
********************************************************************
Title: Microsoft Security Update Releases
Issued: January 25, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2018-0764

Revision Information:
=====================

- https://portal.msrc.microsoft.com/en-us/security-guidance/
advisory/CVE-2018-0764
- Version:...

Microsoft Security Update Releases Microsoft (Jan 22)
********************************************************************
Title: Microsoft Security Update Releases
Issued: January 22, 2018
********************************************************************

Summary
=======

The following advisory has undergone major revision increments:

* ADV180002

Revision Information:
=====================

- https://portal.msrc.microsoft.com/en-us/security-guidance
- Version: 10.0
- Reason for Revision:...

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

Verizon: 1.5M of Contact Records Stolen, Now on Sale Jeffrey Walton (Mar 26)
http://www.mobipicker.com/verizon-1-5m-contact-records-stolen-now-sale/:

A business to business telecommunication giant,
Verizon Enterprise Solutions, a Basking Ridge,
New Jersey-based company, has been the latest
victim of a cyber crime that stole 1.5 million contact
records of the customers of Verizon...

I don't quite understand this double talk. Could someone explain to me:

A spokesperson from Verizon said that...

Statement on Lavabit Citation in Apple Case Jeffrey Walton (Mar 16)
(From John Young on another list):
http://www.facebook.com/KingLadar/posts/10156714933135038

As many of you already know, the government cited the Lavabit case in
a footnote. The problem is their description insinuates a precedent
that was never created. Obviously I was somewhat disturbed by their
misrepresentation. So I decided to draft a statement. And keep in
mind, these are the same people who say "trust us." Click continue to
read...

The NSA's back door has given every US secret to our enemies Jeffrey Walton (Feb 29)
http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2

Deng Xiaoping, in 1979 - his second year as supreme leader of China -
perceived a fundamental truth that has yet to be fully grasped by most
Western leaders: Software, if properly weaponized, could be far more
destructive than any nuclear arsenal.

Under Deng’s leadership, China began one of the most ambitious and
sophisticated meta- software...

Can Spies Break Apple Crypto? Jeffrey Walton (Feb 27)
Here's an interesting exchange between Cryptome and Michael Froomkin,
Law Professor at University of Miami, on the All Writs Act
(http://cryptome.org/2016/02/can-spies-break-apple-crypto.htm):

-----

A. Michael Froomkin:

The factual posture in the key Supreme Court precedent, New York
Telephone, involved a situation where only the subject of the order
was capable of providing the assistance at issue. This is the basis
for Apple's...

The FBI's iPhone Problem: Tactical vs. Strategic Thinking Jeffrey Walton (Feb 23)
http://www.technewsworld.com/story/83130.html

I'm an ex-sheriff, and I've been in and out of security jobs for much
of my life, so I've got some familiarity with the issues underlying
the drama between the FBI and Apple. FBI officials -- and likely those
in every other three-letter agency and their counterparts all over the
world -- would like an easier way to do their jobs. Wouldn't we all?

If they could put cameras in...

Wanted: Cryptography Products for Worldwide Survey Jeffrey Walton (Jan 01)
(http://www.schneier.com/crypto-gram/archives/2015/1215.html):

In 1999, Lance Hoffman, David Balenson, and others published a survey
of non-US cryptographic products. The point of the survey was to
illustrate that there was a robust international market in these
products, and that US-only export restrictions on strong encryption
did nothing to prevent its adoption and everything to disadvantage US
corporations. This was an important contribution...

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

Re: Privsec vuln in beep / Code execution in GNU patch Jakub Wilk (Apr 06)
* Hanno Böck <hanno () hboeck de>, 2018-04-06, 08:52:

Upstream bug report:
https://github.com/johnath/beep/issues/11

[...]

This bug triggers even with -u (which is supposed to disable patch type
detection). :-/

Re: Privsec vuln in beep / Code execution in GNU patch Sebastian Krahmer (Apr 06)
Hi

:

lulz. There is indeed a double free of console_device,
if a SIGINT is caught right before main() returns.
(Looking at git dbf0b4). Besides the easter egg, the patch
is still wrong. optarg may be reused via console_device, so the strdup()
is OK, but the ressource-free and signal handling isnt.

Shouts to the beep trolls. I strongly challenge the oppinion that security
is better done without it ...

Brave Knights who found issues in such...

Privsec vuln in beep / Code execution in GNU patch Hanno Böck (Apr 05)
Hi,

There was a joke webpage about a vulnerability in beep a few days ago:
http://holeybeep.ninja/
There's also a corresponding Debian Advisory:
https://lists.debian.org/debian-security-announce/2018/msg00089.html
Neither have any technical details. CVE is CVE-2018-0492.

If anyone knows the background of this please share it.

However it turned out that on that joke holey beep webpage there's a
patch with a hidden easter egg...

Re: Linux Kernel Defence Map Kees Cook (Apr 05)
Well, naming can get confusing here. RAP got renamed along the way to
include both "Return Address Protection" (backward edge) and "Indirect
Control Transfer Protection" (forward edge). Clang CFI is forward edge
only, though things like shadow stacks or pointer authentication can
provide backward edge protection. So... I'm not sure how much detail
you want to capture in the bubbles. :)

Here's Sami Tolvanen's...

Re: Linux Kernel Defence Map Alexander Popov (Apr 05)
Just got an idea to call it "userspace data access". Short and simple!

I also combined SMAP/PAN and UDEREF into a cluster to reduce the number of
edges. Now it looks a bit better.

Ok. Created a CFI cluster with RAP and Clang CFI inside.

However, I didn't manage to find any materials about applying Clang CFI to the
Linux kernel.

Thanks!
Alexander

Re: Linux Kernel Defence Map Kees Cook (Apr 05)
Yeah, that makes sense.

Yes. Per-arch inplementations of bpf_int_jit_compile() make calls to
bpf_jit_binary_alloc() which does the randomized page offset with trap
instructions, and calls bpf_jit_binary_lock_ro() to make the memory
read-only at the end.

Yup. Function pointers are the traditional target.

"type confusion" seems weird to me, but I haven't spent a lot of time
weighing the options of the naming of these things....

Re: Linux Kernel Defence Map Alexander Popov (Apr 05)
Hello Kees,

Thanks a lot for your reply!

Yes, self-protection.rst is a really nice reading. There is a link to it in the
References section below the map. Moved it before the map.

Ok. Added a "by default in grsecurity" node connected with
SLAB_FREELIST_HARDENED. That will show the origin of the idea.

At the same time SLAB_FREELIST_HARDENED contains my "fasttop" check against
double-free. So I've put...

Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck (Apr 05)
CVE-2018-1000142

CVE-2018-1000143

CVE-2018-1000144

CVE-2018-1000145

CVE-2018-1000151

CVE-2018-1000146

CVE-2018-1000147

CVE-2018-1000148

CVE-2018-1000149

CVE-2018-1000150

CVE-2018-1000152 (improper authorization) and CVE-2018-1000153 (CSRF)

Re: Re: Linux Kernel Defence Map Kurt Seifried (Apr 04)
Please use a CWE identifier if one exists (https://cwe.mitre.org/), if one
doesn't exist perhaps we should have one (email me and I'm happy to help
get that ball rolling). Having a CWE not only helps categorize things
correctly but gives us something to point developers at for resources
around flaws and how they can be avoided/dealt with/etc.

[SECURITY] CVE-2018-1315 'COPY FROM FTP' statement in HPL/SQL can write to arbitrary location if the FTP server is compromised Daniel Dai (Apr 04)
CVE-2018-1315: 'COPY FROM FTP' statement in HPL/SQL can write to
arbitrary location if the FTP server is compromised

Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected: Hive 2.1.0 to 2.3.2

Description: When 'COPY FROM FTP' statement is run using HPL/SQL extension to
Hive, a compromised/malicious FTP server can cause the file to be
written to an arbitrary location on the cluster where the command is...

[SECURITY] CVE-2018-1282 JDBC driver is susceptible to SQL injection attack if the input parameters are not properly cleaned Daniel Dai (Apr 04)
CVE-2018-1282: JDBC driver is susceptible to SQL injection attack if
the input parameters are not properly cleaned

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: This vulnerability affects all versions of Hive
JDBC driver from 0.7.1

Description: This vulnerability in Hive allows carefully crafted arguments to be
used to bypass the argument escaping/cleanup that JDBC driver does in
PreparedStatement...

[SECURITY] CVE-2018-1284: Hive UDF series UDFXPathXXXX allow users to pass carefully crafted XML to access arbitrary files Daniel Dai (Apr 04)
CVE-2018-1284: Hive UDF series UDFXPathXXXX allow users to pass
carefully crafted XML to access arbitrary files

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: This vulnerability affects all versions from 0.6.0

Description: Malicious user might use any xpath UDFs
(xpath/xpath_string/xpath_boolean/xpath_number/xpath_double/xpath_float/xpath_long/xpath_int/xpath_short)
to expose the content of a file on the machine...

Re: Linux Kernel Defence Map Kees Cook (Apr 04)
This is cool; thanks for starting it! There are many nuances, details,
and caveats for a lot of the defense details, but I do like showing
the general relationships. Having some much longer accompanying text
would be nice to dive more deeply into each bubble in the chart. I'd
like to capture as much of that as possible in upstream's
Documentation/security/self-protection.rst! :)

Some initial thoughts in looking at the chart:...

Re: [webkit-security] WebKitGTK+ Security Advisory WSA-2018-0003 Michael Catanzaro (Apr 04)
Correction:

The versions affected for CVE-2018-4118 was not correct. An attempt to
fix this issue was included in 2.18.1, but the change was incomplete.
This should have read:

Versions affected: WebKitGTK+ before 2.20.0

WebKitGTK+ Security Advisory WSA-2018-0003 Michael Catanzaro (Apr 04)
------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2018-0003
------------------------------------------------------------------------

Date reported : April 04, 2018
Advisory ID : WSA-2018-0003
Advisory URL : https://webkitgtk.org/security/WSA-2018-0003.html
CVE identifiers : CVE-2018-4101, CVE-2018-4113, CVE-2018-4114,
CVE-2018-4117, CVE-2018-4118, CVE-2018-4119,...

Educause Security Discussion — Securing networks and computers in an academic environment.

Key signing at SPC 2018 Ken Connelly (Apr 04)
I've been busy, but nobody signs up for these things until the last
minute anyway. That's my story and I'm sticking to it!

REN-ISAC is sponsoring a key-signing event at Security Professionals
Conference in Baltimore next week. It's on the agenda[1] for Wednesday
evening at 6pm in the Maryland Ballroom D. More details are available
on the REN-ISAC site[2]. If you're fully up to speed on everything and
just want to...

Re: Request for Information - Secure File Transfer Technologies for Research Departments Ronald King (Apr 04)
At my previous institution we have had very good success with Filelocker.
The only real challenge was convincing users that it was not permanent
storage. Other than that, I would highly recommend it and have recommended
it here for later this year.

Ron

*Ronald A. King, CISSP*
Chief Information Security Officer
Morgan State University Office: (443) 885-3372
1700 E. Cold Spring Ln. Email: ronald.king () morgan edu
Baltimore, MD 21251 URL:...

Re: Tips for using third party survey providers Ronald King (Apr 04)
We also provide copies on our website and encourage other departments to do
the same.

Ron

*Ronald A. King, CISSP*
Chief Information Security Officer
Morgan State University Office: (443) 885-3372
1700 E. Cold Spring Ln. Email: ronald.king () morgan edu
Baltimore, MD 21251 URL: http://www.morgan.edu

*Growing the future ... Leading the world*
<http://www.morgan.edu/Documents/ABOUT/StrategicPlan/StrategicPlan2011-21_Final.pdf>

Reporting Cyber Risk to Board of Directors STURGIS, JOHN (Apr 03)
Good afternoon, everyone!

The folks over at Cyentia Institute<https://www.cyentia.com/> are gathering info for their second edition of the Cyber
Balance Sheet report (last year’s is available
here<https://cyentia.com/wp-content/uploads/Cyber-Balance-Sheet-Report-2017.pdf>), and I’m sure they would greatly
value the input from higher ed security professionals.

Key points:

* Final report is available to all for free,
*...

Senior Security Engineer Position Borinski, Jason (Apr 03)
Hi all,

I'm reaching out for assistance from this community in recruiting a Senior Security Engineer with general security
expertise and experience in scripting, Linux, and securing cloud technologies.

The position is responsible for designing, deploying and managing enterprise security solutions utilizing various
network, endpoint and cloud technologies for a 100,000-node network, one of the largest in San Diego. The environment
offers...

Re: Dynamic data collection capabilities? Bridges, Robert A. (Apr 02)
One of the themes of our cyber operational research is that operations now collect a huge amount of data. Yet, much of
it isn’t used, and it takes lots of time for analysts to make sense of it. Further, analysts’ time is one of the main
constraints driving decisions on what tools are purchased, and what alerts are investigated.

Are there specific problems or wish-list items that could help lower the quantity of data, but increase the...

Re: Identity Verification Processes Chad Tracy (Apr 02)
Paul,

I hope all is well. I wanted to reach out to say that we are actively
looking at our process as well and an area we are looking into is using
Google Hangouts, Webex, or something similar where a person can open a
"video" chat session to prove they are who they say they are... we are
different in that we have the students image already on file so the help
desk will have to pull up their record to confirm.

Chad Tracy
Director of...

Summary Report :: Dorkbot Service [MAR 2018-03] Cam Beasley (Apr 01)
howdy all —

i wanted to share high level stats from the Dorkbot service for the past month with the community.
the numbers this month are influenced by a large number of new campus subscribers along with operational tweaks on our
end.

[month = March 2018]

total campuses subscribed = 391 (+55 campuses compared to last month)

——————
verified XSS vulnerable pages = 4,669 (+968% compared to last month)
verified SQLi vulnerable...

Identity Verification Processes Paul Chauvet (Mar 29)
Hello all,

We are trying to improve and standardize our online identity verification processes for our students, alumni, and
applicants. We need to do identity verification when someone needs a password reset, and we do not have a current
personal email address on-file (for us to send a password reset email to).

Would anyone be willing to share their identity verification processes (especially regarding password resets)?

I'll also say...

Re: On-demand Privilege Escalation Solution for Endpoints Shen, Philip (ps7xj) (Mar 28)
+1 to what Nathanael said

----

Phil Shen BS, GIAC GSEC, ITIL
IT Security - University of Virginia School of Medicine<mailto:Phil.Shen () virginia edu>

________________________________
From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Biggs,
Nathanael <nbiggs112 () CEDARVILLE EDU>
Sent: Wednesday, March 28, 2018 4:22 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re:...

Re: On-demand Privilege Escalation Solution for Endpoints Biggs, Nathanael (Mar 28)
MakeMeAdmin generates event logs that can be collected by Event Log
Forwarding. We don't have that set up for all our endpoints now, but it's
probably not a bad idea.

Nathanael Biggs
*Network Analyst*
Information Technology
*Cedarville University*
o: 937-766-7905
www.cedarville.edu
<https://twitter.com/cedarville>
<https://www.youtube.com/user/cedarvilleu>
<https://www.facebook.com/cedarville>
<...

Re: On-demand Privilege Escalation Solution for Endpoints Davis, Chris (Mar 28)
What about auditing admin events? Are you aggregating your endpoint logs for that somehow, or can it be pulled into
something else?

Christopher Davis, Ph.D.
Chief Information Officer
Lourdes University
6832 Convent Blvd. | REH 003P | Sylvania, OH 43560
cdavis () lourdes edu<mailto:cdavis () lourdes edu>

Don't be a victim of phishing. Lourdes will never ask you to send sensitive information through unsecure channels.
Report any...

Re: On-demand Privilege Escalation Solution for Endpoints Biggs, Nathanael (Mar 28)
+1 for MakeMeAdmin. We're in the middle of deploying this in conjunction
with LAPS (so that the admin passwords change regularly), and it looks
promising, based on the testing we've done.

Access is administered via GPO, but the tool doesn't require real-time
access to the domain in order to function.

Nathanael Biggs
*Network Analyst*
Information Technology
*Cedarville University*
o: 937-766-7905
www.cedarville.edu
<...

Re: On-demand Privilege Escalation Solution for Endpoints Shen, Philip (ps7xj) (Mar 28)
For those on a budget check out Make Me Admin https://makemeadmin.com/

Thanks,

Phil

----

Phil Shen BS, GIAC GSEC, ITIL
IT Security - University of Virginia School of Medicine<mailto:Phil.Shen () virginia edu>

________________________________
From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of WALTER KERNER
<walter_kerner () FITNYC EDU>
Sent: Wednesday, March 28, 2018...

Re: On-demand Privilege Escalation Solution for Endpoints WALTER KERNER (Mar 28)
We’re just beginning to use Avecto here. It’s still early but it seems
like it will be a good fit. It will let traveling faculty add printers,
adjust networks, and handle timezones with admin rights. We also use it to
confirm on software installs: we don’t prohibit faculty from installing
what they want, but we want to alert them to drive-by downloads

Walter Kerner

AVP and CISO

[image: blue]

333 7th Avenue, 13th Floor

New York, NY...

Internet Issues and Infrastructure

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

Re: Why doesn't "Cloudflare 1.1.1.1" compress root answers? Bjørn Mork (Apr 05)
Anurag Bhatia <me () anuragbhatia com> writes:

https://tools.ietf.org/html/rfc1035#section-4.1.4

Bjørn

Re: Why doesn't "Cloudflare 1.1.1.1" compress root answers? Jared Mauch (Apr 05)
Yes.. Check 4.1.4 of https://www.ietf.org/rfc/rfc1035.txt

RE: Juniper Config Commit causes Cisco Etherchannels to go into err-disable state Naslund, Steve (Apr 05)
Got it. Do any of those trunks add a new VLAN to the switch that was not active before? If so, that would cause a
BPDU over all trunks that allow that VLAN. Even if the port is not up yet, by adding the VLAN to ANY trunk you are
implying that it should be active on ALL trunks that are not VLAN limited.

Steve

Re: Juniper Config Commit causes Cisco Etherchannels to go into err-disable state Joseph Jenkins (Apr 05)
This are also no new vlans being used at all. They are all already existing
on the switches involved and nothing is being added. In fact what makes
this even weirder is that I already have that exact same port configuration
running on port 1/0/67 of the Juniper and it doesn't cause me any issues
nor did it cause any issues when the config was applied. This existing port
1/0/67 has gone down/up as the firewall has been rebooted and...

Re: Juniper Config Commit causes Cisco Etherchannels to go into err-disable state Joseph Jenkins (Apr 05)
Steve let me clarify the config I am applying has nothing to do with an
LACP trunk or any of my existing LACP trunks. It is a completely different
configuration on a completely different interface, the only similarity is
that I am trying to configure a trunk interface on the Juniper side for
multiple vlans. There is no LACP configuration involved.

RE: Juniper Config Commit causes Cisco Etherchannels to go into err-disable state Naslund, Steve (Apr 05)
It really does not resolve anything it just allows a bad configuration to work. The guard is there so that if one side
is configured as a channel and the other side is not, the channel gets shut down. Allowing it to remain up can cause a
BPDU loop. Your spanning tree is trying to tell you something, you should listen or you could get really hard to
isolate issues.

Steven Naslund
Chicago IL

RE: Juniper Config Commit causes Cisco Etherchannels to go into err-disable state Naslund, Steve (Apr 05)
I am kind of confused by your configuration. If the Cisco side is configured as LACP trunk, then the Juniper side also
needs to be configured as LACP trunks. Spanning-tree would be getting confused because the Cisco is treating the LACP
trunk as a single interface for purposes of spanning-tree (which should be configured at the port-channel level),
Juniper is considering them to all be individual ports and would be sending BPDUs over each...

Re: Juniper Config Commit causes Cisco Etherchannels to go into err-disable state Joseph Jenkins (Apr 05)
No there isn't, but from what I am getting responses both onlist and off
list is to just run this on the Cisco switches:

no spanning-tree etherchannel guard misconfig

and that should resolve the issue.

Thanks Everyone.

Re: Juniper Config Commit causes Cisco Etherchannels to go into err-disable state Hunter Fuller (Apr 05)
On Thu, Apr 5, 2018 at 3:58 PM Joseph Jenkins <joe () breathe-underwater com>
wrote:

We have to do this on all of our Cisco Port-channels that lead to Brocade
ICX switches:
no spanning-tree etherchannel guard misconfig

If we don't do it, after a couple of days, the Cisco will err-disable the
Port-channel just as you describe. I guess the misconfig detection is
incompatible with the Brocade OS.
We have seen no ill effects from this,...

RE: Juniper Config Commit causes Cisco Etherchannels to go into err-disable state Robert Webb (Apr 05)
I don't see any issue with the snippet of the config you provided for the "Firewall Port". Is there a chance that the
port ge-0/0/67 is referenced somewhere else in the Juniper config that when applying your trunk setup is causing issues?

Just throw that out off the top of my head and not really thinking it through.

Robert

-----Original Message-----
From: NANOG <nanog-bounces () nanog org> On Behalf Of Joseph Jenkins...

Juniper Config Commit causes Cisco Etherchannels to go into err-disable state Joseph Jenkins (Apr 05)
I have cases open with both Cisco and Juniper on this, but wanted to see if
anyone else had seen an issue like this because support has no idea.

I have a Juniper QFX 5100 Core running in Virtual Chassis mode with 4
switches. I have 4 separate stacks of Cisco 3750 switches with 2x1GB
uplinks bound into 4 different LACP trunks. I have had it happen twice now
where I apply a trunk port config(not an LACP trunk) to a port that isn't a
part of...

Re: Why doesn't "Cloudflare 1.1.1.1" compress root answers? Anurag Bhatia (Apr 05)
Hi Bjørn

Never realised of such compression on answered. Is this is something well
documented? Curious.

Thanks for sharing.

Re: Are any of you starting to get AI robocalls? HAL (Apr 05)
I've worked at a telco for 15 years and I can say this problem is not
going away anytime soon. The issue is the SS7 network that carriers use
inherently trusts calls from long distance trunks without verification...
I've analyzed incoming spoofed calls from our STP and they all come from
foreign point codes on the SS7 network somewhere else in the world. One
potential solution was to block incoming calls from an LD trunk with a
local...

Re: NG Firewalls & IPv6 Keith Stokes (Apr 05)
I’ve been using PfSense @ home dual-stack on Cox for a year or two. As far as I can tell any IPv6 problems are Cox
issues.

I've used pfSense (BSD firewall) in a dual stack setup. Not all features
are at parity with v4 (the captive portal doesn't support v6, for
example), but the core features of stateful firewall, DHCPv6, etc seemed
to work without any fuss.

Joe Klein wrote on 4/2/2018 5:58 PM:
All,

At security and network...

RE: NG Firewalls & IPv6 Robert Webb (Apr 05)
Really?? I was looking to install and use as a vm to test with and everything I was reading said it was not implemented
and was not on the horizon.

Only version I found from Sophos that was capable was the old Astaro version. I may have to take a second look.

Do you have any links to the configuration from their site you could send off list? Or on list if anyone else is
interested.

Thanks,
Robert

-----Original Message-----
From: NANOG...

Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating

Atlanta Airport Shuts Down Wi-Fi Following Cyber Attack on City - Condé Nast Traveler Dave Farber (Apr 05)
Atlanta Airport Shuts Down Wi-Fi Following Cyber Attack on City - Condé
Nast Traveler

https://apple.news/AZbvgYA59TV2-4JvrTzOhnA

-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now:...

Are any of you starting to get AI robocalls? Dave Farber (Apr 05)
Begin forwarded message:

> From: HAL <hal.lightwood () tbaytel net>
> Date: April 5, 2018 at 3:34:08 PM EDT
> To: NANOG <nanog () nanog org>
> Subject: Re: Are any of you starting to get AI robocalls?
>
> I've worked at a telco for 15 years and I can say this problem is not
> going away anytime soon. The issue is the SS7 network that carriers use
> inherently trusts calls from long distance trunks...

RevUS Theaters See Lowest Audiences For 23 Years Dave Farber (Apr 05)
Begin forwarded message:

> From: Rahul Tongia <tongia () cmu edu>
> Date: April 6, 2018 at 2:07:11 AM EDT
> To: David Farber <dave () farber net>
> Subject: Re: [IP] US Theaters See Lowest Audiences For 23 Years
> Reply-To: tongia () cmu edu
>
> Is it only me that seems to limit going to the theater for selected movies, esp. ones "worthy" of the massive screen?
> This would seem to partly explain...

US Theaters See Lowest Audiences For 23 Years Dave Farber (Apr 05)
Begin forwarded message:

> From: "RJR.C" <rjr () rjriley com>
> Date: April 5, 2018 at 10:30:01 PM EDT
> To: dave () farber net
> Subject: Re: [IP] US Theaters See Lowest Audiences For 23 Years
>
>
> Theaters have cut their own throats with high prices and things like blasting paying customers with loud commercials
> for at least half an hour before they start the show. Hell,my hearing is impaired and...

Michal Kosinski * 4:30PM, Wed Apr 11, 2018 in Gates B03 Dave Farber (Apr 05)
Begin forwarded message:

> From: "Dennis Allison" <allison () stanford edu>
> Date: April 6, 2018 at 12:31:44 AM EDT
> To: farber () cis upenn edu
> Subject: [EE CS Colloq] Michal Kosinski * 4:30PM, Wed Apr 11, 2018 in Gates B03
> Reply-To: "Dennis Allison" <allison () stanford edu>
>
> Stanford EE Computer Systems Colloquium
>
> 4:30 PM, Wednesday, Apr 11, 2018
> NEC Auditorium,...

Facebook retracted Zuck’s messages from recipients’ inboxes Dave Farber (Apr 05)
Begin forwarded message:

> From: Richard Forno <rforno () infowarrior org>
> Date: April 6, 2018 at 12:37:35 AM EDT
> To: Infowarrior List <infowarrior () attrition org>
> Cc: Dave Farber <dave () farber net>
> Subject: Facebook retracted Zuck’s messages from recipients’ inboxes
>
> Facebook retracted Zuckerberg’s messages from recipients’ inboxes
>
> Facebook says it was for security, but...

Outgoing White House emails not protected by verification system - Axios Dave Farber (Apr 05)
https://www.axios.com/outgoing-white-house-emails-not-protected-by-verification-system-deafc584-759b-4c8f-969a-3ced8a8059f8.html

-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now:...

“I Hacked an Election. So can the Russians." Dave Farber (Apr 05)
Begin forwarded message:

> From: Barbara Simons <simons () acm org>
> Date: April 5, 2018 at 2:51:53 PM EDT
> To: Dave Farber <dave () farber net>
> Subject: Re: "I Hacked an Election. So can the Russians."
> Reply-To: simons () acm org
>
> Dear Dave, sorry about replacing the "e" in your name with a "d". That's what I get for rushing. Barbara
>
>> On 2018-04-05...

US Theaters See Lowest Audiences For 23 Years Dave Farber (Apr 05)
Begin forwarded message:

> From: Dewayne Hendricks <dewayne () warpspeed com>
> Date: April 5, 2018 at 12:53:46 PM EDT
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] US Theaters See Lowest Audiences For 23 Years
> Reply-To: dewayne-net () warpspeed com
>
> US Theaters See Lowest Audiences For 23 Years
> By JOE SKREBELS
> Apr 5 2018
> <...

Smartphone app more efficient in cardiac assessment Dave Farber (Apr 05)
http://wap.business-standard.com/article/news-ani/smartphone-app-more-efficient-in-cardiac-assessment-118040300320_1.html

Smartphone app more efficient in cardiac assessment
A new randomised clinical trial has found that smartphone application performs better than traditional exam in cardiac
assessment.

According to a University of Ottawa Heart Institute-led research, a smartphone application using the phone's camera
function performed...

CenturyLink fights billing-fraud lawsuit by claiming that it has no customers Dave Farber (Apr 05)
Begin forwarded message:

> From: Richard Forno <rforno () infowarrior org>
> Date: April 5, 2018 at 7:32:35 AM EDT
> To: Infowarrior List <infowarrior () attrition org>
> Cc: Dave Farber <dave () farber net>
> Subject: CenturyLink fights billing-fraud lawsuit by claiming that it has no customers
>
> CenturyLink fights billing-fraud lawsuit by claiming that it has no customers
>
> CenturyLink...

GOOD PROPOSAL Teruo Murasawa (Apr 04)
Good day,

I am the Head of Private Investments Bank
in Japan. I have a huge business for you that will benefit us.

If you are interested, for time essence, please contact me with your name and phone number.
you can also send an email to confirm that you are ready to work with me to carry out this project.

At this time I will wait for your quick reply.

Regards
Teruo Murasawa

US suspects cellphone spying devices in DC Dave Farber (Apr 04)
Begin forwarded message:

> From: Dewayne Hendricks <dewayne () warpspeed com>
> Date: April 4, 2018 at 5:44:22 AM EDT
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] US suspects cellphone spying devices in DC
> Reply-To: dewayne-net () warpspeed com
>
> [Note: This item comes from friend Mike Cheponis. DLH]
>
> US suspects cellphone spying devices in DC...

Hey, Alexa, What Can You Hear? And What Will You Do With It? Dave Farber (Apr 03)
Begin forwarded message:

> From: Dewayne Hendricks <dewayne () warpspeed com>
> Date: April 3, 2018 at 7:00:23 AM EDT
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] Hey, Alexa, What Can You Hear? And What Will You Do With It?
> Reply-To: dewayne-net () warpspeed com
>
> Hey, Alexa, What Can You Hear? And What Will You Do With It?
> By SAPNA MAHESHWARI
> Mar...

The Guardian view on intelligence genes: going beyond the evidence Dave Farber (Apr 03)
Begin forwarded message:

> From: Dewayne Hendricks <dewayne () warpspeed com>
> Date: April 1, 2018 at 3:15:04 PM EDT
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] The Guardian view on intelligence genes: going beyond the evidence
> Reply-To: dewayne-net () warpspeed com
>
> The Guardian view on intelligence genes: going beyond the evidence
>...

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

Risks Digest 30.63 RISKS List Owner (Apr 01)
RISKS-LIST: Risks-Forum Digest Sunday 1 April 2018 Volume 30 : Issue 63

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.63>
The current issue can also be...

Risks Digest 30.62 RISKS List Owner (Mar 30)
RISKS-LIST: Risks-Forum Digest Friday 30 March 2018 Volume 30 : Issue 62

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.62>
The current issue can also be...

Risks Digest 30.61 RISKS List Owner (Mar 27)
RISKS-LIST: Risks-Forum Digest Tuesday 27 March 2018 Volume 30 : Issue 61

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.61>
The current issue can also be...

Risks Digest 30.60 RISKS List Owner (Mar 20)
RISKS-LIST: Risks-Forum Digest Tuesday 20 March 2018 Volume 30 : Issue 60

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.60>
The current issue can also be...

Risks Digest 30.59 RISKS List Owner (Mar 17)
RISKS-LIST: Risks-Forum Digest Saturday March 2018 Volume 30 : Issue 59

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.59>
The current issue can also be...

Risks Digest 30.58 RISKS List Owner (Mar 15)
RISKS-LIST: Risks-Forum Digest Thursday 15 March 2018 Volume 30 : Issue 58

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.58>
The current issue can also be...

Risks Digest 30.57 RISKS List Owner (Mar 01)
RISKS-LIST: Risks-Forum Digest Thursday 1 March 2018 Volume 30 : Issue 57

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.57>
The current issue can also be...

Risks Digest 30.56 RISKS List Owner (Feb 27)
RISKS-LIST: Risks-Forum Digest Tuesday 27 February 2018 Volume 30 : Issue 56

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.56>
The current issue can also...

Risks Digest 30.55 RISKS List Owner (Feb 17)
RISKS-LIST: Risks-Forum Digest Saturday 17 February 2018 Volume 30 : Issue 55

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.55>
The current issue can also...

Risks Digest 30.54 RISKS List Owner (Feb 10)
RISKS-LIST: Risks-Forum Digest Saturday 10 February 2018 Volume 30 : Issue 54

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.54>
The current issue can also...

Risks Digest 30.53 RISKS List Owner (Jan 18)
RISKS-LIST: Risks-Forum Digest Thursday 18 January 2018 Volume 30 : Issue 53

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.53>
The current issue can also...

BreachExchange — BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.

Open Source Tool Development

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

Re: Extracting filter Dario Lombardo (Apr 05)
That's great, it's exactly what I was looking for. Thanks!

On Thu, Apr 5, 2018 at 9:06 AM, Pascal Quantin <pascal.quantin () gmail com>
wrote:

Re: Extracting filter Pascal Quantin (Apr 05)
Hi Dario,

2018-04-05 8:57 GMT+02:00 Dario Lombardo <dario.lombardo.ml () gmail com>:

You can try parsing the output of tshark -G fields.

Pascal.

Extracting filter Dario Lombardo (Apr 04)
Hi
I need to extract all the display filters to have a list with

<proto> <filter> <type>

example

dns dns.a6.address_suffix FT_IPv6
dns dns.a6.prefix_len FT_UINT8
dns dns.a6.prefix_name FT_STRING
dns dns.aaaa FT_IPv6
dns dns.afsdb.hostname FT_STRING
dns dns.afsdb.subtype FT_UINT16
dns dns.a FT_IPv4
dns dns.apl.address_family FT_UINT16
dns dns.apl.afdlength FT_UINT8
dns dns.apl.afdpart.data FT_BYTES

I've already done it...

Responding to Gerrit comments Paul Offord (Apr 04)
Hi,

Roland put some comments against one of my code submissions - https://code.wireshark.org/review/#/c/26203/

If I click on the hotlink in Roland's post it takes me to the code. If I click on the comment there the page jumps to
a random place in the code. I'm sure when I've done this before the comment opens to show Done, Reply or Delete
options. Has something changed?

Thanks and regards...Paul

New pcap-ng block requires a rescan Paul Offord (Apr 04)
Hi,

I've reached a milestone with the TRB support; all basic Wireshark functionality is complete. There is a remaining
problem. On opening a file, the blocks are decoded (see the protocol tree in the following screenshot) but the values
are not rendered in the Packet List columns.

[cid:image003.jpg@01D3CC06.F0CEEF80]

If I force a rescan (typically by changing to another profile and then back to the original profile), the column values...

Wireshark 2.2.14 is now available Wireshark announcements (Apr 03)
I'm proud to announce the release of Wireshark 2.2.14.

__________________________________________________________________

What is Wireshark?

Wireshark is the world's most popular network protocol analyzer. It is
used for troubleshooting, analysis, development and education.
__________________________________________________________________

What's New

Bug Fixes

The following vulnerabilities have been...

Wireshark 2.4.6 is now available Wireshark announcements (Apr 03)
I'm proud to announce the release of Wireshark 2.4.6.

__________________________________________________________________

What is Wireshark?

Wireshark is the world's most popular network protocol analyzer. It is
used for troubleshooting, analysis, development and education.
__________________________________________________________________

What's New

Bug Fixes

The following vulnerabilities have been fixed:...

Wireshark 2.2.14 is now available Gerald Combs (Apr 03)
I'm proud to announce the release of Wireshark 2.2.14.

__________________________________________________________________

What is Wireshark?

Wireshark is the world's most popular network protocol analyzer. It is
used for troubleshooting, analysis, development and education.
__________________________________________________________________

What's New

Bug Fixes

The following vulnerabilities have been...

Wireshark 2.4.6 is now available Gerald Combs (Apr 03)
I'm proud to announce the release of Wireshark 2.4.6.

__________________________________________________________________

What is Wireshark?

Wireshark is the world's most popular network protocol analyzer. It is
used for troubleshooting, analysis, development and education.
__________________________________________________________________

What's New

Bug Fixes

The following vulnerabilities have been fixed:...

Re: [Wireshark-commits] [wireshark] branch master-2.6 created (now 9dde6d4) Gerald Combs (Apr 02)
Along with creating the master-2.6 branch earlier today I made the following changes on the Buildbot:

- Migrated the master and master-2.6 Windows builders away from Cygwin.
- Increased the log file retention count so that build step output is available for a longer period of time.
- Broke WiX package signing.

The last one wasn't intentional. Unfortunately I won't be able to fix it until tomorrow morning PDT.

Extract SSL Master Secret in Python Jörn Heissler (Mar 30)
Hi,

I wrote a small python module to retrieve the ssl master secret from an
ssl.SSLSocket object.

https://github.com/joernheissler/SslMasterKey

Certainly far from perfect as it depends on cpython, makes assumptions
about internal python structs and only supports openssl-1.1.

Cheers
Jörn

Re: Lua Dissector Dev Tool Richard Sharpe (Mar 29)
I have no contribution to these issues. However, I think the name
'sharkbait' would be a catchier name :-)

Re: Can't view Petri Dish logs Paul Offord (Mar 28)
Yes please.

Sent from Samsung Mobile on O2

-------- Original message --------
From: Anders Broman <a.broman58 () gmail com>
Date: 29/03/2018 06:47 (GMT+00:00)
To: Developer support list for Wireshark <wireshark-dev () wireshark org>
Subject: Re: [Wireshark-dev] Can't view Petri Dish logs

Do you need a new run?

Den tors 29 mars 2018 07:17Roland Knall <rknall () gmail com<mailto:rknall () gmail com>> skrev:
Yes, it...

Re: Can't view Petri Dish logs Anders Broman (Mar 28)
Do you need a new run?

Den tors 29 mars 2018 07:17Roland Knall <rknall () gmail com> skrev:

Re: Can't view Petri Dish logs Roland Knall (Mar 28)
Yes, it expires after a few runs to save space.

Regards
Roland

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

Re: Troubles in paradise Alberto Colosi via Snort-users (Apr 06)
As a Security engineer I know so well what ur describeing here

is my common activity to analize and detect virus, malware, pisghing, ransom and so on

is either stupid to send a virus to sec man as is obvious at 99% will not be hit

thanks about ur cooperation ! I'll check if I have some file like it inside my email

________________________________
From: wkitty42 () windstream net <wkitty42 () windstream net>
Sent: Friday, April 6,...

Re: Troubles in paradise wkitty42 (Apr 06)
it is/was a doc file attached to the message written by epoupee () ac-rennes fr...
in the snort-users list, Message-ID:
<d04435116e0a2c7e882ceec92912f938@127.0.0.1>... if you do not see
epoupee_Demande.doc attached to emails from epoupee () ac-rennes fr then something
must have cleaned it from the copy you received...

i also received a second one sent directly to me instead of to the list... it
did not have a subject line but it was a...

Re: Troubles in paradise Alberto Colosi via Snort-users (Apr 05)
I only have a removal message from some antivirus on the road

so to delete the mail , can you tell me where it was as all emails sent on list was only with txt

I would not have a virused email in my mail folder and I would like to see and remove

plese detail where is the virus so to be able to delete that email

thanks

________________________________
From: Snort-users <snort-users-bounces () lists snort org> on behalf of wkitty42 ()...

Re: Troubles in paradise wkitty42 (Apr 05)
oh, that's nice... send a trojan downloader to an INFOSEC group... ain't you
just the smart one! :lol:

https://www.virustotal.com/#/file/1bfccacde59ab9444d9c33d7d7d15aba7cb2d3964aa6055e1944c942eda808c1/detection

Re: Troubles in paradise epoupee () ac-rennes fr (Apr 05)
Bonjour,

Veuillez trouver ci-joint et confirmez.

epoupee () ac-rennes fr

Sent from Mail for Windows 10

From: snort-users () lists snort org
Sent: Thu, 05 Apr 2018 18:32:40 +0000
To: angel_romeroesquivel () hotmail com
Subject: Re: [Snort-users] Troubles in paradise

snort -l var/log/snort
vs

snort -l /var/log/snort/log

Marcin

Hi there!. Beforehand I want to say, thank you for any advice on this maybe silly question.

I'm new in...

Snort Subscriber Rules Update 2018-04-05 Research (Apr 05)
Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of a vulnerability affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2018-0986:
A coding deficiency exists in Microsoft Malware Protection Engine that
may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 46163 through 46164.

Talos has also added...

Re: Troubles in paradise Marcin Dulak via Snort-users (Apr 05)
snort -l var/log/snort
vs
snort -l /var/log/snort/log

Marcin

Re: Troubles in paradise Jason Hellenthal (Apr 05)
Angel, I hate to say it but you have a lot of documentation to read and experiment with that is already out there.

Instead of leaving you blind... I would suggest getting familiar with the "File Hierarchy Standard (FHS)” And the
"Snort Cookbook", plus the UNIX philosophy along with just about every “manual page” for every tool/command you work
with on any project.

There is as lot of philosophy in the UNIX world that...

Troubles in paradise angel romero esquivel via Snort-users (Apr 05)
Hi there!. Beforehand I want to say, thank you for any advice on this maybe silly question.

I'm new in Snort and I just started and I already found an issue on it. I can't make a log of my outcome. I have to say
I'm not even sure if I configured this directory propery , first reason is because I have no idea where I should create
it and the second one 'cause I'm new even on Linux. Really sorry.

Anyway, I hope you can...

Re: Submission for IOCs James via Snort-sigs (Apr 05)
Hello,

Attached is SWIFT ISAC Bulletin with IOCs of knowns attacks

regards James

Re: Submission for IOCs Nick Randolph (Apr 05)
You can submit them to this list!

Submission for IOCs James via Snort-sigs (Apr 05)
Hello

How can one submit IOCs to Snort team for signature creation ?

Regards James

Re: (no subject) Joel Esler (jesler) via Snort-users (Apr 04)
Visit the link at the bottom of all of these emails.

Yes. These lists have been active since 1998.

Sent from my iPhone

That drinking game is hilarious. You guys been managing this list awhile! Nice work.

In case you haven't seen this one before: How do I subscribe to the snort-users list? Like this?

subscribe

The rules of the drinking game clearly state it can be a drink of your choosing, alcohol or not....

Re: (no subject) Jason Simsay via Snort-users (Apr 04)
That drinking game is hilarious. You guys been managing this list awhile!
Nice work.

In case you haven't seen this one before: How do I subscribe to the
snort-users list? Like this?

subscribe

Re: [PATCH] snort: fix cross compilation errors Sergio Prado (Apr 04)
Hello Joel,

It is against Snort version 2.9.11.1.

Best regards,

Sergio Prado
Embedded Labworks
Office: +55 11 2628-3461
Mobile: +55 11 97123-3420

2018-04-03 1:31 GMT-03:00 Joel Esler (jesler) <jesler () cisco com>:

More Lists

Related Resources

We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.