Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Re: NSE Professional Feed Burak Cifter (Aug 20)
Good idea. But before having a professional feed, a reliable an simple
update system. After this "Nmap Update System", there could be an "Insecure
professional feed" and also other security researchers may provide (or
sell) their professional feed subscription.

Re: [NSE] script to detect phpfilevault version 09 Daniel Miller (Aug 19)
Johanna,

Thanks for this contribution. Given the simplicity of the check, I think
you could easily convert it to a http-enum fingerprint [1]. Check out the
fingerprints file in nselib/data/http-fingerprints.lua. This has the added
benefit of handling a few common cases that might cause false-positives,
specifically servers that return 200 OK for every request. I don't think it
would work well as a standalone script because of how little...

[NSE] Fingerprint refresh for http-default-accounts nnposter (Aug 19)
A majority of the fingerprints for script http-default-accounts have
been refreshed. The script should also now run noticeably faster(*).

Please report back if the script is no longer working for you as expected.

Cheers,
nnposter

* https://github.com/nmap/nmap/issues/516

Re: NSE Professional Feed Andrew Fastow (Aug 19)
Dan,

I think he meant it more from a commercial angle to nse script repository which can be subscribed to and obtain more
info.

Correct me if I am wrong.

Regards,
Andy

Sent from my iPhone

Re: NSE Professional Feed Daniel Miller (Aug 19)
Hi,

I'm not exactly sure what you're proposing, but here are a few things we've
tried along the lines of a NSE script feed:

First, we used to have a "New VA Modules" email that went out daily and
included any new NSE scripts committed since the previous day, as well as
aggregating from the Nessus feed and Metasploit modules. We turned it off
in January 2015 since it was broken and nobody noticed.

Second, we developed a...

Re: Sergey. [Status report 16/17] Sergey Khegay (Aug 18)
Hello Daniel,

Thank you for the feedback!

As far as I remember the reason for the use of pcalls in ssh-brute.nse is
precisely that "libssh2 error: EOF". I will see how can I make changes to
remove pcalls.

As for this ERROR: Too many retries, aborted ...", this is an issue with
brute.lua. I think Fotis asked you about this, but generally the problem is
that if brute.retries (default: 3) is reached on one account then the whole...

Re: Sergey. [Status report 16/17] Daniel Miller (Aug 18)
Sergey,

I checked out your gsoc-ssh branch to try, and it's looking very good. I'll
keep looking at it, but for now I had these few feedback items:

1. It would be best if we could avoid needing pcall for so many calls to
libssh2 functions. The prevailing convention with other libraries is to
either return a "status" along with the expected return value, or to return
nil and an error message in the error case. It actually...

Re: [nmap-svn] r35956 - nmap Daniel Miller (Aug 17)
Tom,

After removing this, does a later probe more correctly match Docker? I keep
getting service submissions for ServeRAID with this response for
GenericLines, GetRequest, HTTPOptions, RTSPRequest, Help, SSLSessionReq,
TLSSessionReq, Kerberos, FourOhFourRequest, LPDString, and SIPOptions.
Would putting it under any of those avoid matching Docker?

Thanks,
Dan

Re: Brute library bug in enumeration mode Daniel Miller (Aug 17)
Phil, Eli,

Thanks for the reports. I applied something like your patch in r36127.
We're still working through some of the pain from upgrading to Lua 5.3,
which uses separate integer and float types internally, so please continue
to report any crashes like this you may see.

Dan

Re: Brute library bug in enumeration mode Phil (Aug 16)
Thats unfortunate it was never fixed. Dev admins, is there a specific reason this wasn’t patched? Should patches be
submitted through github now? Just curious on the current process.

Thanks for the update Eli.

Re: Brute library bug in enumeration mode Eli Shemer (Aug 16)
Hey Phil,

I addressed this problem a couple of weeks ago, but I got no response from
the mailing list.
You can try to apply my patch at the bottom of the mail.

Have a good day.

---------- Forwarded message ----------
From: Eli Shemer <eli.shemer () greensql com>
Date: Fri, Jul 29, 2016 at 10:18 PM
Subject: brute script - bad argument error
To: dev () nmap org, patrik () cqure net

Brute library bug in enumeration mode Phil (Aug 16)
Just updated to most recent version on a blank vm to test this. Basically, when using a script that uses:
engine.options.passonly = true
the script dies with:

/usr/local/bin/../share/nmap/nselib/brute.lua:721: bad argument #3 to 'format' (number has no integer representation)
stack traceback:
[C]: in function 'string.format'
/usr/local/bin/../share/nmap/nselib/brute.lua:721: in method 'start'...

Re: npcap bsod 食肉大灰兔V5 (Aug 16)
Hi Zibri,

I saw your minidump. Please don't choose the "Raw 802.11" option in Npcap
installer. Nmap doesn't support this option and will cause Npcap driver to
trigger BSoD. This is why this option is disabled in the latest Npcap 0.08
r6.

Cheers,
Yang

Re: npcap bsod 食肉大灰兔V5 (Aug 16)
Hi Zibri,

In your report, please provide AT LEAST your OS (Vista | Win7 | Win8 |
Win10, x86 | x64), Npcap version and installation options, user software
version (e.g. Nmap, Wireshark), reproduce steps and other information you
think necessary. If your issue occurs only on a special OS version (e.g.
Win10 1511, 1607), please mention it in the report.

Cheers,
Yang

Sergey. [Status report 16/17] Sergey Khegay (Aug 16)
[Report 16/17]
Hello Nmap,

Accomplishments:
- Cleaned libssh2 integration code.

- Fixed the problem of not including libz (libssh2 dependency) to
the build if --with-libssh2=included option was used. Thanks to
Vincent for pointing it out.

- Performed ssh-brute runs against the test server.

Goals:
o: Make final edits
o: Import other Devin's scripts which use libssh2

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.

• Current Year
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Nmap 7.25BETA1 Released with our new Npcap driver, 6 new NSE scripts, and more! Fyodor (Jul 19)
Hi folks! As you may know, we've been working for the last 3 years on an
improved Windows packet capturing library named Npcap. It's based on the
original WinPcap (which hasn't been maintained in years), but we rewrote
the driver to use modern APIs (NDIS 6) for better performance. It also
improves security and enables new features. For example, Npcap allows Nmap
to do raw scans (including SYN scans and OS detection) of localhost...

Introducing the 2016 Nmap/Google Summer of Code Team! Fyodor (May 09)
Hello everyone. Google has agreed to sponsor five amazing students to
spend this summer enhancing the Nmap Security Scanner and I'm proud to
introduce our 2015 team:

*Abhishek Singh* will be working as a Feature Creeper and Bug Hunter,
making improvements throughout the Nmap codebase. The project hasn't even
started yet and he's already found and fixed several NSE script bugs and
has other code changes in the works. Abhishek is...

Nmap 7.10 released: 12 new scripts, hundreds of OS/version fingerprints, bug fixes, and more! Fyodor (Mar 17)
Hi Folks! Before I tell you about today's new Nmap release, I wanted to
share some Summer of Code news:

Google posted a fantastic story by one of our Summer of Code alumni about
how the program helped take him from rural China to a full-ride scholarship
at the University of Virginia graduate school! His mentor David and I had
the chance to meet him in San Francisco:...

Nmap Project Seeking Talented Programmers for Google Summer of Code 2016 Fyodor (Feb 29)
Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're one...

Nmap 7 Released! Fyodor (Nov 19)
Hi folks! After 3.5 years of work by more than 100 contributors and 3,200
code commits since Nmap 6, we're delighted to announce Nmap 7! Compared to
Nmap 6, we now have 171 new NSE scripts, mature IPv6 support for everything
from host discovery to port scanning to OS detection, better
infrastructure, significant performance improvements, and a lot more!

For the top 7 improvements in Nmap 7, see the release notes:

https://nmap.org/7

Or...

Nmap 6.49BETA6: 10 new NSE scripts, hundreds of new OS and version detection, GSoC improvements, and more! Fyodor (Nov 03)
Hi folks! I'm happy to announce the release of Nmap 6.49BETA6 with many
great improvements! This includes a lot of work from our Summer of Code
students as well as our regular crew of developers. The release has 10 new
NSE scripts, hundreds of new IPv4 and IPv6 OS detection signatures, and a
bunch of new version detection sigs bringing our total above 10,000! There
are dozens of other improvements as well.

As usual, Nmap 6.49BETA5...

Nmap GSoC 2015 Success Report Fyodor (Oct 19)
Nmap hackers:

I'm pleased to report the successful completion of our 11th Google Summer
of Code. And this year all five of our students passed! They added many
great features and improvements which Nmap users are sure to enjoy. Much
of their work has already been integrated in the Nmap 6.49BETA5 release
last month, and we're working to integrate even more in the upcoming stable
version. Let's look at their accomplishments...

Nmap Project News: 6.49BETA5 release, 18th Birthday, Movie Star, Summer of Code success, Shwag, etc Fyodor (Sep 25)
Hi folks. I know I haven't posted to this Nmap Announcement lists since
June, but we've had a very busy summer and I'm going to try and catch you
up in one go!

First of all, we've had four new releases since then, including today's
release of Nmap 6.49BETA5. They are all stability-focused releases to fix
all the bugs and problems we can find in preparation for a big upcoming
stable release in October (I hope).

As...

Nmap 6.49BETA1 released! New scripts, new signatures, new ASCII art! Fyodor (Jun 03)
Hi Folks. I'm happy to announce the release of Nmap 6.49BETA1. This
version has hundreds of improvements, including:

* 25 new NSE scripts (total is now 494)

* Integrated all of your latest OS detection and version/service detection
submissions (including IPv6). This allows Nmap to properly identify Linux
3.18, Windows 8.1, OS X 10.10, Android 5, etc. We now have more than 10,000
service detection signatures!

* Infrastructure...

Introducing the 2015 Nmap/Google Summer of Code Team! Fyodor (May 07)
Hello everyone. Google has agreed to sponsor five amazing students to
spend this summer enhancing the Nmap Security Scanner and I'm proud to
introduce our 2015 team:

*Andrew Farabee* will be working to refactor parts of the Nmap codebase in
ways which enable more functionality while also improving performance and
hopefully easing code maintenance too! His first task involves adding a
SOCKS proxy name resolution feature to enable scanning...

Nmap Project Seeking Talented Programmers for Google Summer of Code Fyodor (Mar 24)
Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're...

Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

• Current Month
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Path traversal vulnerability in WordPress Core Ajax handlers Summer of Pwnage (Aug 20)
------------------------------------------------------------------------
Path traversal vulnerability in WordPress Core Ajax handlers
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A path traversal vulnerability was found in the Core Ajax...

Onapsis Security Advisory ONAPSIS-2016-038: SAP HANA Information disclosure in EXPORT Onapsis Research (Aug 19)
Onapsis Security Advisory ONAPSIS-2016-038: SAP HANA Information
disclosure in EXPORT

1. Impact on Business
=====================
By exploiting this vulnerability an attacker could access business
information indexed by the SAP system.

Risk Level: Low

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-038
- Onapsis SVS ID: ONAPSIS-00235
- CVE:...

Onapsis Security Advisory ONAPSIS-2016-040: SAP HANA potential wrong encryption Onapsis Research (Aug 19)
Onapsis Security Advisory ONAPSIS-2016-040: SAP HANA potential wrong encryption

1. Impact on Business
=====================
By exploiting this vulnerability, a remote unauthenticated attacker
could access arbitrary business information from the SAP system.

Risk Level: Medium

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-040
- Onapsis SVS ID:...

Onapsis Security Advisory ONAPSIS-2016-037: SAP HANA Potential Remote Code Execution Onapsis Research (Aug 19)
Onapsis Security Advisory ONAPSIS-2016-037: SAP HANA Potential Remote
Code Execution

1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could
access and modify any information indexed by the SAP system.

Risk Level: High

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-037
- Onapsis SVS ID:...

Onapsis Security Advisory ONAPSIS-2016-034: SAP TREX remote command execution Onapsis Research (Aug 19)
Onapsis Security Advisory ONAPSIS-2016-034: SAP TREX remote command execution

1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could
access and modify any information indexed by the SAP system.

Risk Level: Critical

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-034
- Onapsis SVS ID:...

Onapsis Security Advisory ONAPSIS-2016-033: SAP TREX TNS Information Disclosure in NameServer Onapsis Research (Aug 19)
Onapsis Security Advisory ONAPSIS-2016-033: SAP TREX TNS Information
Disclosure in NameServer

1. Impact on Business
=====================
By exploiting this vulnerability an attacker could discover
information relating to servers. This information could be used to
allow the attacker to specialize their attacks.

Risk Level: Medium

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
-...

Onapsis Security Advisory ONAPSIS-2016-027: SAP HANA User information disclosure Onapsis Research (Aug 19)
Onapsis Security Advisory ONAPSIS-2016-027: SAP HANA User information disclosure

1. Impact on Business
=====================
By exploiting this vulnerability a remote unauthenticated attacker
could obtain valid usernames that could be helpful to support more
complex attacks.

Risk Level: Medium

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-027
-...

Onapsis Security Advisory ONAPSIS-2016-026: SAP HANA SYSTEM user brute force attack Onapsis Research (Aug 19)
Onapsis Security Advisory ONAPSIS-2016-026: SAP HANA SYSTEM user brute
force attack

1. Impact on Business
=====================
By exploiting this vulnerability a remote unauthenticated attacker
could get high privilleges on the HANA system with unrestricted
access to any business information.

Risk Level: Critical

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory...

Onapsis Security Advisory ONAPSIS-2016-024: SAP HANA arbitrary audit injection via HTTP requests Onapsis Research (Aug 19)
Onapsis Security Advisory ONAPSIS-2016-024: SAP HANA arbitrary audit
injection via HTTP requests

1. Impact on Business
=====================
By exploiting this vulnerability an attacker could tamper the audit
logs, hiding his trails after an attack to a HANA system.

Risk Level: High

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-024
- Onapsis...

Onapsis Security Advisory ONAPSIS-2016-025: SAP HANA arbitrary audit injection via SQL protocol Onapsis Research (Aug 19)
Onapsis Security Advisory ONAPSIS-2016-025: SAP HANA arbitrary audit
injection via SQL protocol

1. Impact on Business
=====================
By exploiting this vulnerability an attacker could tamper the audit
logs, hiding his trails after an attack to a HANA system.

Risk Level: High

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-025
- Onapsis SVS...

Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX Arbitrary file write Onapsis Research (Aug 19)
Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX Arbitrary file write

1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could
modify any information indexed by the SAP system.

Risk Level: High

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-022
- Onapsis SVS ID: ONAPSIS-00180
- CVE:...

Onapsis Security Advisory ONAPSIS-2016-021: SAP TREX Remote file read Onapsis Research (Aug 19)
Onapsis Security Advisory ONAPSIS-2016-021: SAP TREX Remote file read

1. Impact on Business
=====================
By exploiting this vulnerability, a remote unauthenticated attacker
could access arbitrary business information from the SAP system.

Risk Level: High

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-021
- Onapsis SVS ID: ONAPSIS-00179
-...

Onapsis Security Advisory ONAPSIS-2016-020: SAP TREX Remote Directory Traversal Onapsis Research (Aug 19)
Onapsis Security Advisory ONAPSIS-2016-020: SAP TREX Remote Directory Traversal

1. Impact on Business
=====================
By exploiting this vulnerability, a remote unauthenticated attacker
could access arbitrary business information from the SAP system.

Risk Level: High

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-020
- Onapsis SVS ID:...

Onapsis Security Advisory ONAPSIS-2016-019: SAP TREX Remote Command Execution Onapsis Research (Aug 19)
Onapsis Security Advisory ONAPSIS-2016-019: SAP TREX Remote Command Execution

1. Impact on Business
=====================
By exploiting this vulnerability an unauthenticated attacker could
access and modify any information indexed by the SAP system.

Risk Level: Critical

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-019
- Onapsis SVS ID:...

Onapsis Security Advisory ONAPSIS-2016-007: SAP HANA Password Disclosure Onapsis Research (Aug 19)
Onapsis Security Advisory ONAPSIS-2016-007: SAP HANA Password Disclosure

1. Impact on Business
=====================
By exploiting this vulnerability, a remote attacker may obtain
clear-text passwords of SAP HANA users and get critical information.

Risk Level: Low

2. Advisory Information
=======================
- Public Release Date: 07/20/2016
- Last Revised: 07/20/2016
- Security Advisory ID: ONAPSIS-2016-007
- Onapsis SVS ID: ONAPSIS-00186...

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

• Current Month
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Horizontal Privilege Escalation/Code Injection in ownCloud’s Windows Client Florian Bogner (Aug 19)
Horizontal Privilege Escalation/Code Injection in ownCloud’s Windows Client

Metadata
===================================================
Release Date: 17-08-2016
Author: Florian Bogner @ Kapsch BusinessCom AG (https://www.kapsch.net/kbc)
Affected versions: up to ownCloud's Desktop client version 2.2.2
Tested on: Windows 7 64 bit
CVE : pending
URL: https://bogner.sh/2016/08/horizontal-privilege-escalation-in-ownclouds-windows-client/...

[CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method Justin Bull (Aug 19)
Good evening everyone,

A security bulletin for all of you.

Software:
--------
Doorkeeper (https://github.com/doorkeeper-gem/doorkeeper)

Description:
----------
Doorkeeper is an OAuth 2 provider for Rails written in Ruby.

Affected Versions:
---------------
1.2.0 - 4.1.0 (all versions but latest patch supporting token revocation)

Fixed Versions:
-------------
4.2.0 or apply this commit[0]

Problem:
--------
Doorkeeper failed to implement OAuth...

[SYSS-2016-049] QNAP QTS - Persistent Cross-Site Scripting bugtraq (Aug 18)
Advisory ID: SYSS-2016-049
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.0 Build 20160311 and Build 20160601
Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812
Vulnerability Type: Persistent Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: unfixed
Manufacturer Notification: 2016-06-03
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS...

[SYSS-2016-054] QNAP QTS - OS Command Injection bugtraq (Aug 18)
Advisory ID: SYSS-2016-054
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.1 Build 20160601
Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: High
Solution Status: unfixed
Manufacturer Notification: 2016-06-07
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS GmbH)...

[SYSS-2016-049] QNAP QTS - Persistent Cross-Site Scripting bugtraq (Aug 18)
Advisory ID: SYSS-2016-049
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.0 Build 20160311 and Build 20160601
Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812
Vulnerability Type: Persistent Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: unfixed
Manufacturer Notification: 2016-06-03
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS...

[SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting bugtraq (Aug 18)
Advisory ID: SYSS-2016-050
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.0 Build 20160311 and Build 20160601
Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812
Vulnerability Type: Persistent Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: unfixed
Manufacturer Notification: 2016-06-03
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS...

[SYSS-2016-055] QNAP QTS - OS Command Injection bugtraq (Aug 18)
Advisory ID: SYSS-2016-055
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.1 Build 20160601
Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: High
Solution Status: Unfixed
Manufacturer Notification: 2016-06-08
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS GmbH)...

[SYSS-2016-048] QNAP QTS - OS Command Injection bugtraq (Aug 18)
Advisory ID: SYSS-2016-048
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.0 Build 20160311 and Build 20160601
Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: High
Solution Status: unfixed
Manufacturer Notification: 2016-06-03
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS GmbH)...

[SYSS-2016-051] QNAP QTS - Reflected Cross-Site Scripting bugtraq (Aug 18)
dvisory ID: SYSS-2016-051
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.1 Build 20160601
Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812
Vulnerability Type: Reflected Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: unfixed
Manufacturer Notification: 2016-06-06
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS GmbH)...

[SYSS-2016-054] QNAP QTS - OS Command Injection bugtraq (Aug 18)
Advisory ID: SYSS-2016-054
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.1 Build 20160601
Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: High
Solution Status: unfixed
Manufacturer Notification: 2016-06-07
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS GmbH)...

[SYSS-2016-048] QNAP QTS - OS Command Injection bugtraq (Aug 18)
Advisory ID: SYSS-2016-048
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.0 Build 20160311 and Build 20160601
Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: High
Solution Status: unfixed
Manufacturer Notification: 2016-06-03
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS GmbH)...

[SYSS-2016-050] QNAP QTS - Persistent Cross-Site Scripting bugtraq (Aug 18)
Advisory ID: SYSS-2016-050
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.0 Build 20160311 and Build 20160601
Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812
Vulnerability Type: Persistent Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: unfixed
Manufacturer Notification: 2016-06-03
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS...

[SYSS-2016-048] QNAP QTS - OS Command Injection bugtraq (Aug 18)
Advisory ID: SYSS-2016-048
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.0 Build 20160311 and Build 20160601
Tested Version(s): 4.2.0 Build 20160311 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: High
Solution Status: unfixed
Manufacturer Notification: 2016-06-03
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS GmbH)...

[SYSS-2016-053] QNAP QTS - Arbitrary File Overwrite bugtraq (Aug 18)
Advisory ID: SYSS-2016-053
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.1 Build 20160601
Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812
Vulnerability Type: Arbitrary file overwrite (CWE-23)
Risk Level: High
Solution Status: unfixed
Manufacturer Notification: 2016-06-06
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS GmbH)...

[SYSS-2016-052] QNAP QTS - OS Command Injection bugtraq (Aug 18)
Advisory ID: SYSS-2016-052
Product: QNAP QTS
Manufacturer: QNAP
Affected Version(s): 4.2.1 Build 20160601
Tested Version(s): 4.2.1 Build 20160601 - 4.2.2 Build 20160812
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: High
Solution Status: unfixed
Manufacturer Notification: 2016-06-06
Solution Date: tbd.
Public Disclosure: 2016-08-18
CVE Reference: Not assigned
Author of Advisory: Sebastian Nerz (SySS GmbH)...

Security Basics — A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

"The Blind SQL Injection Issue" explanation Mihamina RAKOTOMANDIMBY (May 31)
Hi members,

A web application of mine has been scanned by a "security tool".
It reports some issues about "Blind SQL Injection Issue"

The test result seems to indicate a vulnerability
because it shows that values can be appended to parameter
values, indicating that they were embedded in an SQL
query. In this test, three (or sometimes four)
requests are sent. The last is logically equal to the original,
and the next-to-last...

Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.

• Current Month
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

[ERPSCAN-16-022] SAP Hybris E-commerce Suite VirtualJDBC – Default Credentials ERPScan inc (Aug 19)
Application: SAP Hybris E-commerce Suite

Versions Affected: SAP Hybris E-commerce Suite 5.1.0.3

Vendor URL: http://sap.com

Bugs: Default credentials

Sent: 01.02.2016

Vendor response: 02.02.2016

Date of Public Advisory: 10.05.2016

Author:...

[ERPSCAN-16-023] Potential backdoor via hardcoded system ID ERPScan inc (Aug 19)
Application: SAP АBAP BASIS

Versions Affected: SAP АBAP BASIS 7.4

Vendor URL: http://SAP.com

Bugs: Hardcoded credentials

Sent: 01.02.2016

Reported: 02.02.2016

Vendor response: 02.02.2016

Date of Public Advisory: 10.05.2016

Reference:...

Faraday v2.0: Collaborative Penetration Test and Vulnerability Management Platform Francisco Amato (Aug 19)
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that help users improve their own
work, the main purpose is to...

SpiderFoot 2.7.0 released Steve Micallef (Aug 19)
Hi all,

SpiderFoot 2.7.0 is now available, with more modules, added
functionality and bug fixes since 2.5.0 was last announced on this list.
SpiderFoot is an open source intelligence gathering / reconnaissance
tool utilising over *50* data sources and methods, all driven through a
snappy web UI.

Here's what's new since 2.5.0..
- *6* new modules:
- BotScout.com search for malicious e-mail addresses
-...

Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime Edition (Build 8) Rv3Lab.org (Aug 11)
###################################################

01. ### Advisory Information ###

Title: Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime
Edition (Build 8)
Date published: n/a
Date of last update: n/a
Vendors contacted: ColoradoFTP author Sergei Abramov
Discovered by: Rv3Laboratory [Research Team]
Severity: High

02. ### Vulnerability Information ###

OVE-ID: OVE-20160718-0006
CVSS v2 Base Score: 8.5
CVSS v2 Vector:...

[ERPSCAN-16-021] SAP xMII - Reflected XSS vulnerability ERPScan inc (Jul 14)
Application: SAP xMII

Versions Affected: SAP xMII 15

Vendor URL: http://SAP.com

Bugs: XSS

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 12.04.2016

Reference: SAP Security Note 2201295

Author: Nursultan Abubakirov (ERPScan) , Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: SAP xMII – Reflected XSS vulnerability

Advisory ID: [ERPSCAN-16-021]

Risk: medium

Advisory...

[ERPSCAN-16-020] SAP NetWeaver AS JAVA UDDI component - XXE vulnerability ERPScan inc (Jul 14)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.4

Vendor URL: http://SAP.com

Bug: XXE

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 12.04.2016

Reference: SAP Security Note 2254389

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: SAP NetWeaver AS JAVA UDDI component – XXE vulnerability

Advisory ID: [ERPSCAN-16-020]

Risk:...

[ERPSCAN-16-019] SAP NetWeaver Enqueue Server - DoS vulnerability ERPScan inc (Jul 14)
Application: SAP NetWeaver Enqueue Server

Versions Affected: SAP NetWeaver Enqueue Server 7.4

Vendor URL: http://SAP.com

Bug: denial of service

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 12.04.2016

Reference: SAP Security Note 2258784

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: SAP NetWeaver Enqueue Server – DoS vulnerability

Advisory ID:...

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Newly Fired CEO Of Norse Fires Back At Critics InfoSec News (Feb 05)
http://www.darkreading.com/threat-intelligence/newly-fired-ceo-of-norse-fires-back-at-critics-/d/d-id/1324195

By Jai Vijayan
DarkReading.com
2/4/2016

Critics maintain that Norse Corp. is peddling threat data as threat
intelligence.

A massive and potentially company-ending shakeup at security vendor Norse
Corp. in recent weeks amid controversy over its practices may be a signal
that the threat intelligence industry is finally maturing....

How to secure containers and microservices InfoSec News (Feb 05)
http://www.infoworld.com/article/3029772/cloud-computing/how-to-secure-containers-and-microservices.html

By Jim Reno
InfoWorld.com
Feb 4, 2016

A few weeks ago on a Saturday morning I tried to pay a medical bill online
and received the following message:

Sorry! In order to serve you better, our website will be down for
scheduled maintenance from Friday 6:00 PM to Sunday 6:00 PM.

OK, I get it. Stuff happens. However, the following week I...

The Former Federal Employee Who Tried to Launch a Cyberattack on Nuclear Scientists InfoSec News (Feb 05)
http://www.nextgov.com/cybersecurity/2016/02/former-federal-employee-who-tried-launch-cyberattack-nuclear-scientists/125694/

By Kaveh Waddell
The Atlantic
February 4, 2016

A nuclear scientist formerly employed by the federal government admitted
Tuesday that he tried to infect the computers of about 80 government
employees whom he believed had access to nuclear materials and weapons.

According to court documents released by the Justice...

New centre to help Singapore boost cyber security InfoSec News (Feb 05)
http://www.straitstimes.com/singapore/new-centre-to-help-spore-boost-cyber-security

By Lim Yan Liang
The Straits Times
Feb 4, 2016

Singapore will face more cyber attacks as technology is increasingly used
in everyday life, from smart traffic lights and driverless trains to the
ubiquitous smartphones.

The greater risk, which is inevitable as Singapore pushes to be a Smart
Nation, was flagged yesterday by the managing director of the Infocomm...

IoT risks raise concerns among IT specialists in central and eastern Europe InfoSec News (Feb 05)
http://www.computerweekly.com/news/4500272253/IoT-risks-raise-concerns-among-IT-specialists-in-CEE

By Krzysztof Polak
ComputerWeekly.com
04 Feb 2016

The internet of things (IoT) has gone from an industry buzzword to a
highly promising phenomenon in central and eastern Europe – but IT
specialists are concerned about how to protect networks from the extra
strain of new connected devices.

The driving force behind IoT is the desire to gain...

Firewall Wizards — Tips and tricks for firewall administrators

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Re: Interesting infographic on the history of firewalls Darden, Patrick (Aug 04)
I did something similar to this in 1994-5 at Harvard using a version of rot-13 and icmp. Seriously. And it worked.
:-)

--p

-----Original Message-----
From: firewall-wizards-bounces () listserv cybertrust com [mailto:firewall-wizards-bounces () listserv cybertrust com]
On Behalf Of Marcus J. Ranum
Sent: Saturday, July 26, 2014 11:39 AM
To: Firewall Wizards Security Mailing List
Subject: [EXTERNAL]Re: [fw-wiz] Interesting infographic on the...

Re: Interesting infographic on the history of firewalls Marcus J. Ranum (Aug 01)
Claudio Telmon wrote:

When I was at TIS, in 199?2, I set up Onions' tunnel driver and a couple
shell scripts that uuencoded the packets coming out of the tunnel, and
emailed them to another system user with a .forward file that uudecoded
the packets and injected them into a peer tunnel. With that setup, and its
opposite on both machines, I was able to NFS mount filesystems across
a secure mail guard. (Hint: if you're doing your own...

Re: Interesting infographic on the history of firewalls Marcus J. Ranum (Aug 01)
It hasn't happened, yet.

mjr.

IDS Focus — Technical discussion about Intrusion Detection Systems. You can also read the archives of a previous IDS list

• Archived Posts
•  RSS Feed
•  About List

Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

SpiderFoot 2.7.0 released Steve Micallef (Aug 19)
Hi all,

SpiderFoot 2.7.0 is now available, with more modules, added
functionality and bug fixes since 2.5.0 was last announced on this list.
SpiderFoot is an open source intelligence gathering / reconnaissance
tool utilising over *50* data sources and methods, all driven through a
snappy web UI.

Here's what's new since 2.5.0..
- *6* new modules:
- BotScout.com search for malicious e-mail addresses
-...

Faraday v2.0: Collaborative Penetration Test and Vulnerability Management Platform Francisco Amato (Aug 18)
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that help users improve their own
work, the main purpose is to...

Faraday v1.0.21 with our new GTK interface! Francisco Amato (Jun 21)
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that help users improve their own
work, the main purpose is to...

Faraday v1.0.20 is here! New conflict resolution, hosts and services views & bug fixes! Francisco Amato (May 27)
A brand new Faraday version is ready! Faraday v1.0.20 is here,
bringing more functionality to our GTK interface and other cool new
features.

If you've been keeping up with Faraday, on our last release
http://blog.infobytesec.com/2016/04/prepare-warm-welcome-for-faraday-v1019.html
we published a new experimental GTK interface. In this iteration we
added several missing features and fixed a lot of small bugs.

You will probably notice the...

44CON CFP Now Open Steve (May 17)
44CON is the UK's premier annual technical security conference and training event. From the evening of the 14th of
September till the 16th of September 2016, expect a top-tier international technical conference with fast wifi, loose
0day, catering, a bar and of course, Gin O'Clock.

_____ ______ _____________________ __ |
__ // /_ // /_ ____/_ __ \__ | / / | "London calling to the
_ // /_ // /_ / _ / / /_ |/ / |...

Give a warm welcome to Faraday v1.0.19! New GTK interface, Custom Reports & Bug fixing Francisco Amato (May 05)
Faraday v1.0.19 is ready! More documentation, a new interface and
plugin fixes are some of the improvements included in this version.

Continuing with our efforts to make Faraday accessible to everyone we
stopped the development and spent a few days improving our
documentation, so feel free to take a look at it and let us know if
you feel something is missing!

It shouldn't come as a surprise that our QT interface will be
deprecated during...

Mobile Security Framework (MobSF) v0.9.2 Released Ajin Abraham (May 03)
Hey Folks,

Happy to release MobSF v0.9.2

About MobSF

Mobile Security Framework (MobSF) is an intelligent, all-in-one open
source mobile application (Android/iOS) automated pen-testing
framework capable of performing static and dynamic analysis. It can be
used for effective and fast security analysis of Android and iOS
Applications and supports both binaries (APK & IPA) and zipped source
code. MobSF can also perform Web API Security testing...

Check out faraday v1.0.18! New CLI mode, Jira support & bug fixes! Francisco Amato (Apr 07)
Today we are happy to announce that Faraday v1.0.18 is ready!

A short iteration, filled with small powerups - brand new CLI mode
allows you to process reports in batch, new helpers and plugin fixes.

We know that our users rely on a lot of different systems and
solutions and we want to integrate Faraday in that workflow. In that
order we added the ability to easily export data into a JIRA
installation, allowing users to share the findings...

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Re: Latency is a demogorgon Parity (Aug 18)
A fun question to ask is, *"why wasn't that Cisco ASA remote patched?"*

Because EQGRP didn't tell Cisco about it, duh.

But, wait, if you're EQ and suddenly a bunch of your vulns are in the wind,
you're bloody well going to rethink the equities there, right? Especially
knowing that an adversary was suddenly in possession of a bunch of your
unpatched vulnerabilities...

Unless, of course, you didn't know.

pty...

Re: Latency is a demogorgon (dave aitel) Jeffrey Carr (Aug 18)
Thanks for this post, Dave. I enjoyed reading it.

Regarding the EQ Group leak, I think that there's a good case to be made
that an insider or an ex-employee was responsible. I hope to have some
reasons posted on why that is in the next few days.

Jeff Carr

On Wed, Aug 17, 2016 at 9:00 AM, <dailydave-request () lists immunityinc com>
wrote:

Latency is a demogorgon dave aitel (Aug 17)
So every remote access trojan framework has a high level interpreter
built into it these days. It brings you back to something from that Zero
Day movie (which we all watched drunk to make it bearable, admit it)
where a Kaspersky analyst talked about Stuxnet being "Big but amazingly
BUG FREE". Not having subtle bugs is something you can do much more
easily in Python/Lua/Ruby/etc than in C/C++. There are other good
reasons to have a high...

An anonymous posting dave aitel (Aug 16)
Note that the below is not from me. I know every time I do this ppl who
can't read are like "IT IS FROM YOU". But I have a strict personal rule
against pseudonyms; even my TF2 and Overwatch accounts are named
"DAVEAITEL".
-dave

----------------------------------------------------------------
Regarding the supposed Cisco firewall tool leak from NSA that was
publicly disclosed recently:

At a recent briefing, somebody said...

Re: The Correct Amount Moses Hernandez (Aug 16)
PHP is … well it just is, and that happens to be the problem. There is no good way around it, it’s far too much in use
to quickly deprecate and back out of, and it’s also very far from being well designed, or just designed at all. If you
don’t believe anyone just Google “Why is PHP Such a horribly designed language” for all the fun references to the
developers just magically patching this thing in real time to cobble the language....

INFILTRATE 2017! dave aitel (Aug 15)
If you're looking for a conference to attend that has real return on
investment then hopefully you've considered INFILTRATE
<https://www.eventbrite.com/e/infiltrate-2017-tickets-26604676303?aff=DailyDave>.
You can and will get drunk with your friends at INFILTRATE, but we've
spent a lot of time optimizing the conference for getting you real face
to face contacts and technical knowledge. Sometimes, and I hate to say
it, this...

Data based policy making in our space? dave aitel (Aug 05)
https://www.lawfareblog.com/slow-down-lawful-hacking-frameworks-and-fixes

If you have not read this, then feel free to heckle me here about it!
Nate Cardozo has lots to say about it, but since the EFF's current
position on these things is a ball of unsupportable spaghetti he might
save his heckling for Twitter. :)

-dave

DARPA Cyber Grand Challenge! dave aitel (Aug 05)
Summary: Fifteen years from now we'll be able to secure the 80s! :)

If you haven't read this giant post on the subject, then you should:
http://cybersecpolitics.blogspot.com/2016/05/the-common-thread-fuzzing-bug-triage.html?m=1

The Cyber Grand Challenge was last night and they LIVE Streamed it to
the world over YouTube <https://www.youtube.com/watch?v=xek4OcScCh4>,
which was GREAT. The whole thing went fairly flawlessly, which...

Overwatch and Cyber War dave aitel (Aug 03)
<overwatch picture>

Overwatch <http://imgur.com/gallery/VkkGb>has swept the nation! In
particular, it's swept the small cadre of hackers that makes up Team
Cyber, to the point where you can make random professional connections
on any server Blizzard sends you to. A couple nights ago I talked about
INFILTRATE with some people while we shot at each other with imaginary
dragon arrows. And I wanted to talk here about the Overwatch...

Re: The Correct Amount Kristian Erik Hermansen (Aug 02)
Do you feel the same way about FaceBook PHP? Or general PHP v7? It sounds
like everyone has cancer, smokes, and is pregnant...

Find your wireless opponents. :) dave aitel (Aug 02)
New SILICA Video is here! https://vimeo.com/177231337

It's worth upgrading if you bought yours to Vegas and you want to locate
whoever is messing with the wireless. :)

-dave

The Correct Amount dave aitel (Aug 02)
Last week I did the technical review of one of our deliverables. Super
secure website, run by smart people. They'd limited their exposure to
one PHP file. But a good security services company provides strategic
advice, along with individual tactical recommendations. In this case,
the consultant found two critical vulnerabilities in just that one
lonely PHP file. Our strategic recommendation is always this: Use as
much PHP on your website as...

Re: Clique - a stillborn project Dan Guido (Aug 01)
Sorry to revive a dead thread, but I think this general idea of a
re-encrypting mailing list has been implemented:

https://bitbucket.org/awruef/listcrypt/src

Enjoy!

-Dan

Re: Dailydave Digest, Vol 56, Issue 10 Dave Aitel (Jul 31)
In my head I equate using computer and network operations (CNO) inside an
organization to enable information operations (IO) to getting exploitation
primitives and enabling a "Weird Machine
<http://www.slideshare.net/scovetta/fundamentals-of-exploitationrevisited>".
IO has a long history, but it's a completely different thing once CNE gets
involved. You get a feedback loop. It's like having a debugger, versus
blindly...

Re: "Clickbait policy-making" Konrads Smelkovs (Jul 31)
[..]

That's because cyber is much more about infowar than death and
destruction as with NBC. And Daily Mail is an amplifier and outlet of
propaganda regardless of whoever served it, so studying in and citing
as as an example of infowar pen-ultimate stage (the ultimate being
change in someone's mindset) is legitimate.

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Re: [Security Weekly] cheap hosting Robin Wood (Sep 23)
Resurrecting an old thread but they now have an affiliate program and I can
issue my own codes so:

20% off all servers AqUVYbUXag
50% off all big dog (whatever that is) 7E9YRUzEZy

After a month with them, their tech support is OK but not great, the server
has stayed up and not had any problems.

Robin

Re: [Security Weekly] projecting in a bight space Jeremy Pommerening (Aug 28)
I would look for a projector with at least 6000 ANSI Lumens or better.  A darker screen (grey) may also help.
 
Jeremy Pommerening

________________________________
From: Robin Wood <robin () digi ninja>
To: Security Weekly Mailing List <pauldotcom () mail securityweekly com>
Sent: Sunday, August 3, 2014 3:42 AM
Subject: [Security Weekly] projecting in a bight space

I've been looking at the venue for next year's...

[Security Weekly] Two Firefox security bugs related to HTTPS ffbugishere (Aug 17)
Hello world!

We need votes for security bugs!

Adding "Security Exception" for self-signed HTTPS sites cannot be done
permanently
https://bugzilla.mozilla.org/show_bug.cgi?id=1050100

Firefox 31 doesn't supports the industry recommended best HTTPS
ciphers
https://bugzilla.mozilla.org/show_bug.cgi?id=1051210

Other browsers should have the same bugs fixed..

p.s.: We are not related to this group, but we think they worth a
penny...

Re: [Security Weekly] Java and Flash decompilers Will Metcalf (Aug 05)
JPEXS is very nice for flash IMHO.

http://www.free-decompiler.com/flash/

Regards,

Will

Re: [Security Weekly] Java and Flash decompilers Bradley McMahon (Aug 05)
I've used flare before to pull apart a flash site for a client.
http://www.nowrap.de/flare.html

-Brad

Re: [Security Weekly] SecurityCenter alternative Steven McGrath (Aug 04)
SC certainly isn’t cheap (as a former SC customer that moved over to Tenable I can attest to that) however I can point
out that the data aggregation, trending, and custom reporting were huge wins in my book. I guess its a time/money
trade-off. How much time do you want to spend either cobbling together a tool or manually aggregating the data when
there is another tool already out there that can do it out of the box.

I can speak in more...

Re: [Security Weekly] Java and Flash decompilers S. White (Aug 04)
A few I've used in the past:

JAD - http://varaneckas.com/jad/ , http://en.wikipedia.org/wiki/JAD_(JAva_Decompiler)

HP SWFscan 

Adobe SWF investigator http://labs.adobe.com/technologies/swfinvestigator/

________________________________
From: Robin Wood <robin () digi ninja>
To: Security Weekly Mailing List <pauldotcom () mail securityweekly com>
Sent: Monday, August 4, 2014 5:54 AM
Subject: [Security Weekly] Java and...

[Security Weekly] DoFler @ BSidesLV Steven McGrath (Aug 04)
This will be the 3rd year that DoFler (the Dashboard of Fail) will be at BSidesLV. This year I wrote a new spiffy
interface for maximum trolling. Let’s be honest now, everyone loves to surf for various forms of horrible on the
internet at cons :D. Also added this year is a little vulnerability analysis (using Tenable’s PVS). Every year I try
to improve it a bit based on everyone’s input, and am always welcome to more feedback.

DB...

Re: [Security Weekly] cheap hosting Robin Wood (Aug 04)
Already sorted but thanks for the info.

Re: [Security Weekly] Java and Flash decompilers Nathan Sweaney (Aug 04)
Here are a few others I've used with varying success in the past:

SWFInvestigator - http://labs.adobe.com/technologies/swfinvestigator/
SWFScan - from Rafal Los at HP, though the link has been deleted. (Careful,
I've seen trojaned copies online.)

Re: [Security Weekly] SecurityCenter alternative Paul Asadoorian (Aug 04)
Thanks all for the informative discussion!

I know, I'm jumping in late, some closing thoughts on the subject:

- SecurityCenter has the unique advantage of consolidating plugin
updates, meaning you could have hundred of Nessus scanners deployed in
your organization, and the scanners get the plugin feed from your
SecurityCenter system. The removes the requirement of Internet access
(From the scanners), and greatly eases the administration...

Re: [Security Weekly] SecurityCenter alternative k41zen (Aug 04)
Thanks for all of your help.

We are in discussions with our Tenable contact about solutions for this issue. They’ve helped me out by enabling me to
move forward to at least deploy this into a Pre-Production environment but the costs of SC are a massive stumbling
block; hence my question about something else. Appreciate we have a big Nessus fan base here of which I am a member
too, but just wondered what could be wrapped around it.

I’ll...

Re: [Security Weekly] SecurityCenter alternative Adrien de Beaupre (Aug 04)
Hi,

I have also written a series of script to collect data from tools such as
nmap and nessus to import into MySQL called OSSAMS:
http://www.ossams.com/wp-content/uploads/2011/10/ossams-parser-SecTor-2011.zip
That leaves report writing as a series of SQL queries.
I also have a series of scripts to kick off scans, as well as a command
like XML-RPC nessus client in python if anyone is interested.

Cheers,
Adrien

Re: [Security Weekly] cheap hosting sec list (Aug 04)
Hey Robin,

If you're still looking, might want to try out getclouder.com - they
spin up Linux containers in 5 seconds and use distributed storage, which
is pretty awesome. It's still in beta, so they offer 3 months free
service, but it has been pretty stable so far from my experience.

[Security Weekly] Java and Flash decompilers Robin Wood (Aug 04)
Hi
I'm trying to put together a list of tools for decompiling Flash and Java
apps. From asking on another list I already have:

Java
JD-GUI
Java Decompiler http://jd.benow.ca/jd-gui/downloads/jd-gui-0.3.6.windows.zip.

Java snoop https://code.google.com/p/javasnoop/

Flash
Trillix
Flashbang https://github.com/cure53/Flashbang

Has anyone here got any others they can suggest?

Ideally I'm looking for free stuff but cheap commercial...

Honeypots — Discussions about tracking attackers by setting up decoy honeypots or entire honeynet networks.

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Honeypot malware archives Matteo Cantoni (Feb 14)
Hello everyone,

I would like share with you for educational purposes and without any
commercial purpose, data collected by the my homemade honeypot.
Nothing new, nothing shocking, nothing sensational... but I think can
be of interest to newcomers to the world of analysis of malware,
botnets, etc... maybe for a thesis.

The files collected are divided into zip archives, in alphabetical
order, with password (which must be request via email). Some...

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Microsoft Security Bulletin Minor Revisions Microsoft (Aug 18)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: August 18, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-075
* MS16-AUG

Bulletin Information:
=====================...

Microsoft Security Bulletin Minor Revisions Microsoft (Aug 12)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: August 12, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-102

* MS16-AUG

Bulletin Information:
=====================...

Microsoft Security Bulletin Minor Revisions Microsoft (Aug 11)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: August 11, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-035

* MS16-99

* MS16-102

* MS16-AUG

Bulletin...

Microsoft Security Bulletin Minor Revisions Microsoft (Aug 10)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: August 10, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-101
* MS16-AUG

Bulletin Information:
=====================...

Microsoft Security Bulletin Minor Revisions Microsoft (Aug 09)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: August 09, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-077

Bulletin Information:
=====================

MS16-077...

Microsoft Security Bulletin Summary for August 2016 Microsoft (Aug 09)
********************************************************************
Microsoft Security Bulletin Summary for August 2016
Issued: August 09, 2016
********************************************************************

This bulletin summary lists security bulletins released for
August 2016.

The full version of the Microsoft Security Bulletin Summary for
August 2016 can be found at
<https://technet.microsoft.com/library/security/ms16-aug>....

Microsoft Security Bulletin Releases Microsoft (Aug 09)
********************************************************************
Title: Microsoft Security Bulletin Releases
Issued: August 9, 2016
********************************************************************

Summary
=======

The following bulletins have undergone a major revision increment.

* MS16-054 - Critical
* MS16-MAY

Bulletin Information:
=====================

MS16-054

- Title: Security Update for Microsoft Office (3155544)
-...

Microsoft Security Advisory Notification Microsoft (Aug 09)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: August 9, 2016
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory 3179528
- Title: Update for Kernel Mode Blacklist
- https://technet.microsoft.com/library/security/3179528.aspx
-...

Microsoft Security Bulletin Minor Revisions Microsoft (Jul 29)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: July 29, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-JUL

Bulletin Information:
=====================

MS16-JUL...

Microsoft Security Bulletin Minor Revisions Microsoft (Jul 26)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: July 26, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-058

Bulletin Information:
=====================

MS16-058...

Microsoft Security Bulletin Minor Revisions Microsoft (Jul 18)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: July 18, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-092
* MS16-094

Bulletin Information:
=====================...

Microsoft Security Bulletin Minor Revisions Microsoft (Jul 13)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: July 13, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-035
* MS16-077

Bulletin Information:
=====================...

Microsoft Security Bulletin Summary for July 2016 Microsoft (Jul 12)
********************************************************************
Microsoft Security Bulletin Summary for July 2016
Issued: July 12, 2016
********************************************************************

This bulletin summary lists security bulletins released for
July 2016.

The full version of the Microsoft Security Bulletin Summary for
July 2016 can be found at
<https://technet.microsoft.com/library/security/ms16-jul>.

Critical...

Microsoft Security Bulletin Summary for July 2016 Microsoft (Jul 12)
********************************************************************
Microsoft Security Bulletin Summary for July 2016
Issued: July 12, 2016
********************************************************************

This bulletin summary lists security bulletins released for
July 2016.

The full version of the Microsoft Security Bulletin Summary for
July 2016 can be found at
.

Critical Security Bulletins
============================

MS16-084...

Microsoft Security Bulletin Minor Revisions Microsoft (Jun 22)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: June 22, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-063
* MS16-077
* MS16-JUN
* MS15-OCT

Bulletin Information:...

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Verizon: 1.5M of Contact Records Stolen, Now on Sale Jeffrey Walton (Mar 26)
http://www.mobipicker.com/verizon-1-5m-contact-records-stolen-now-sale/:

A business to business telecommunication giant,
Verizon Enterprise Solutions, a Basking Ridge,
New Jersey-based company, has been the latest
victim of a cyber crime that stole 1.5 million contact
records of the customers of Verizon...

I don't quite understand this double talk. Could someone explain to me:

A spokesperson from Verizon said that...

Statement on Lavabit Citation in Apple Case Jeffrey Walton (Mar 16)
(From John Young on another list):
http://www.facebook.com/KingLadar/posts/10156714933135038

As many of you already know, the government cited the Lavabit case in
a footnote. The problem is their description insinuates a precedent
that was never created. Obviously I was somewhat disturbed by their
misrepresentation. So I decided to draft a statement. And keep in
mind, these are the same people who say "trust us." Click continue to
read...

The NSA's back door has given every US secret to our enemies Jeffrey Walton (Feb 29)
http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2

Deng Xiaoping, in 1979 - his second year as supreme leader of China -
perceived a fundamental truth that has yet to be fully grasped by most
Western leaders: Software, if properly weaponized, could be far more
destructive than any nuclear arsenal.

Under Deng’s leadership, China began one of the most ambitious and
sophisticated meta- software...

Can Spies Break Apple Crypto? Jeffrey Walton (Feb 27)
Here's an interesting exchange between Cryptome and Michael Froomkin,
Law Professor at University of Miami, on the All Writs Act
(http://cryptome.org/2016/02/can-spies-break-apple-crypto.htm):

-----

A. Michael Froomkin:

The factual posture in the key Supreme Court precedent, New York
Telephone, involved a situation where only the subject of the order
was capable of providing the assistance at issue. This is the basis
for Apple's...

The FBI's iPhone Problem: Tactical vs. Strategic Thinking Jeffrey Walton (Feb 23)
http://www.technewsworld.com/story/83130.html

I'm an ex-sheriff, and I've been in and out of security jobs for much
of my life, so I've got some familiarity with the issues underlying
the drama between the FBI and Apple. FBI officials -- and likely those
in every other three-letter agency and their counterparts all over the
world -- would like an easier way to do their jobs. Wouldn't we all?

If they could put cameras in...

Wanted: Cryptography Products for Worldwide Survey Jeffrey Walton (Jan 01)
(http://www.schneier.com/crypto-gram/archives/2015/1215.html):

In 1999, Lance Hoffman, David Balenson, and others published a survey
of non-US cryptographic products. The point of the survey was to
illustrate that there was a robust international market in these
products, and that US-only export restrictions on strong encryption
did nothing to prevent its adoption and everything to disadvantage US
corporations. This was an important contribution...

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

• Current Year
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Cisco Releases Security Updates US-CERT (Aug 20)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

 

Cisco Releases Security Updates [
https://www.us-cert.gov/ncas/current-activity/2016/08/20/Cisco-Releases-Security-Updates ] 08/20/2016 02:56 AM EDT
Original release date: August 20, 2016

Cisco has released security updates to address vulnerabilities in several products. Exploitation of some of these
vulnerabilities could allow an unauthenticated remote...

Cisco Releases Security Update US-CERT (Aug 12)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

 

Cisco Releases Security Update [
https://www.us-cert.gov/ncas/current-activity/2016/08/12/Cisco-Releases-Security-Update-0 ] 08/12/2016 03:31 PM EDT
Original release date: August 12, 2016

Cisco has released a security update to address a vulnerability in its IOS XR Software for ASR 9001 Aggregation
Services Routers. Exploitation of this vulnerability could...

Microsoft Releases August 2016 Security Bulletin US-CERT (Aug 09)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

 

Microsoft Releases August 2016 Security Bulletin [
https://www.us-cert.gov/ncas/current-activity/2016/08/09/Microsoft-Releases-August-2016-Security-Bulletin ] 08/09/2016
02:55 PM EDT
Original release date: August 09, 2016

Microsoft has released nine updates to address vulnerabilities in Microsoft software. Exploitation of one of these
vulnerabilities could...

Apple Releases Security Update US-CERT (Aug 05)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

 

Apple Releases Security Update [
https://www.us-cert.gov/ncas/current-activity/2016/08/05/Apple-Releases-Security-Update ] 08/05/2016 03:25 PM EDT
Original release date: August 05, 2016

Apple has released a security update to address a vulnerability in iOS. Exploitation of this vulnerability may allow a
remote attacker to take control of an affected system....

VMware Releases Security Update US-CERT (Aug 05)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

 

VMware Releases Security Update [
https://www.us-cert.gov/ncas/current-activity/2016/08/05/VMware-Releases-Security-Update-0 ] 08/05/2016 03:38 PM EDT
Original release date: August 05, 2016

VMware has released a security update to address vulnerabilities in vCenter Server, vSphere Hypervisor (ESXi),
Workstation Pro, Workstation Player, Fusion, and Tools....

Mozilla Releases Security Updates US-CERT (Aug 03)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

 

Mozilla Releases Security Updates [
https://www.us-cert.gov/ncas/current-activity/2016/08/03/Mozilla-Releases-Security-Updates ] 08/03/2016 04:27 PM EDT
Original release date: August 03, 2016

Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. Exploitation of
some of these vulnerabilities may allow a remote...

Cisco Releases Security Updates US-CERT (Aug 03)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

 

Cisco Releases Security Updates [
https://www.us-cert.gov/ncas/current-activity/2016/08/03/Cisco-Releases-Security-Updates ] 08/03/2016 04:33 PM EDT
Original release date: August 03, 2016

Cisco has released security updates to address vulnerabilities in several products. Exploitation of some of these
vulnerabilities could allow an unauthenticated remote...

Cybersecurity Tips for the Rio Olympics US-CERT (Aug 02)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

 

Cybersecurity Tips for the Rio Olympics [
https://www.us-cert.gov/ncas/current-activity/2016/08/02/Cybersecurity-Tips-Rio-Olympics ] 08/02/2016 09:39 PM EDT
Original release date: August 02, 2016

As the 2016 Olympic Games begin in Rio de Janeiro, US-CERT reminds travelers to be aware of cybersecurity risks. At
high-profile events, hacktivists may take...

ACSC Releases Risk Mitigation Strategies Against Malicious Email US-CERT (Aug 01)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

 

ACSC Releases Risk Mitigation Strategies Against Malicious Email [
https://www.us-cert.gov/ncas/current-activity/2016/08/01/ACSC-Releases-Risk-Mitigation-Strategies-Against-Malicious-Email
] 08/01/2016 05:13 PM EDT
Original release date: August 01, 2016

The Australian Cyber Security Centre (ACSC [ http://asd.gov.au/infosec/acsc.htm ]) has published guidance to...

DHS Announces Cyber Incident Reporting Information US-CERT (Jul 29)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

 

DHS Announces Cyber Incident Reporting Information [
https://www.us-cert.gov/ncas/current-activity/2016/07/29/DHS-Announces-Cyber-Incident-Reporting-Information ]
07/29/2016 09:22 PM EDT
Original release date: July 29, 2016

The United States Department of Homeland Security (DHS) has released guidelines and points of contact for reporting
cyber incidents [...

Google Releases Security Update for Chrome US-CERT (Jul 21)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

 

Google Releases Security Update for Chrome [
https://www.us-cert.gov/ncas/current-activity/2016/07/21/Google-Releases-Security-Update-Chrome ] 07/21/2016 01:27 PM
EDT
Original release date: July 21, 2016

Google has released Chrome version 52.0.2743.82 to address multiple vulnerabilities for Windows, Mac, and Linux.
Exploitation of some of these...

Cisco Releases Security Update US-CERT (Jul 20)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

 

Cisco Releases Security Update [
https://www.us-cert.gov/ncas/current-activity/2016/07/20/Cisco-Releases-Security-Update ] 07/20/2016 12:29 PM EDT
Original release date: July 20, 2016

Cisco has released a security update to address a vulnerability in its Unified Computing System (UCS) Performance
Manager. Exploitation of this vulnerability could allow an...

Oracle Releases Security Bulletin US-CERT (Jul 20)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

 

Oracle Releases Security Bulletin [
https://www.us-cert.gov/ncas/current-activity/2016/07/19/Oracle-Releases-Security-Bulletin ] 07/19/2016 06:07 PM EDT
Original release date: July 19, 2016

Oracle has released its Critical Patch Update for July 2016 to address 276 vulnerabilities across multiple products.
Exploitation of some of these vulnerabilities may allow...

Drupal Releases Security Advisory US-CERT (Jul 18)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

 

Drupal Releases Security Advisory [
https://www.us-cert.gov/ncas/current-activity/2016/07/18/Drupal-Releases-Security-Advisory ] 07/18/2016 05:23 PM EDT
Original release date: July 18, 2016

Drupal has released an advisory to address a vulnerability in Drupal core 8.x versions prior to 8.1.7. Exploitation of
this vulnerability could allow a remote attacker to...

Apple Releases Multiple Security Updates US-CERT (Jul 18)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

 

Apple Releases Multiple Security Updates [
https://www.us-cert.gov/ncas/current-activity/2016/07/18/Apple-Releases-Multiple-Security-Updates ] 07/18/2016 05:13 PM
EDT
Original release date: July 18, 2016

Apple has released security updates for iTunes, Safari, tvOS, watchOS, iOS, and OS X El Captain. Exploitation of some
of these vulnerabilities may allow a...

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

TLS testing results - OS distro vulnerabilities Mauri Miettinen (Aug 20)
To whom it may concern,

We developed a tool to check if languages and libraries verify TLS certificates properly.
While testing this tool we did a shootout against supported versions of the
some major Linux distributions.

Results are available from:

https://github.com/ouspg/trytls/blob/shootout-0.3/shootout/README.md

It seems it may be unsafe to do TLS in some of the common distros.
E.g. the native Python version in the distros varies, and...

memory issues in libksba 1.3.4 and git Pascal Cuoq (Aug 20)
Hello all,

this GitHub commit illustrates a memory issue present in in libksba 1.3.4 and in the current git tree from
git://git.gnupg.org/libksba.git :

https://github.com/pascal-cuoq/libksba-fork/commit/709642767fbf7f2030d89bca4e4b192d612400ae

In summary:

Executing “tests/cert-basic long_time.crt” allocates a disproportionate 33MB of memory. In the current libksba git
snapshot, this memory is initialized to zero, which takes a couple of...

Path traversal vulnerability in WordPress Core Ajax handlers Summer of Pwnage (Aug 20)
------------------------------------------------------------------------
Path traversal vulnerability in WordPress Core Ajax handlers
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A path traversal vulnerability was found in the Core Ajax...

Path traversal vulnerability in WordPress Core Ajax handlers Summer of Pwnage (Aug 20)
------------------------------------------------------------------------
Path traversal vulnerability in WordPress Core Ajax handlers
------------------------------------------------------------------------
Yorick Koster, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A path traversal vulnerability was found in the Core Ajax...

Re: CVE Request: Qemu: net: vmxnet: integer overflow in packet initialisation cve-assign (Aug 19)
Use CVE-2016-6888.

Re: MatrixSSL Bignum bugs cve-assign (Aug 19)
Use CVE-2016-6885.

As far as we can tell, here you are reporting a crash issue that is not
identical to the "exponentiation with the base zero" issue.

Use CVE-2016-6886.

There is no CVE ID for this "crashes with a floating point error"
behavior that existed in the https://git.lysator.liu.se/nettle/nettle
code as of approximately 2016-07-17 through 2016-07-31. The Nettle
documentation at...

Re: CVE request: MatrixSSL lack of RSA-CRT hardening cve-assign (Aug 19)
Use CVE-2016-6883.

Use CVE-2016-6884.

Re: CVE request: MatrixSSL lack of RSA-CRT hardening cve-assign (Aug 19)
Use CVE-2016-6882.

CVE Request: Qemu: net: vmxnet: integer overflow in packet initialisation P J P (Aug 19)
Hello,

Quick Emulator(Qemu) built with the VMWARE VMXNET3 NIC device support, with
network abstraction layer is vulnerable to an integer overflow issue. It could
occur while initialisation of a new packets in the device.

A privileged user inside guest could use this flaw to crash the Qemu instance
resulting in DoS.

Upstream patch:
---------------
-> https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg03176.html

This issue was...

Re: CVE-2016-6327 | Linux kernel crash in infiniband subsystem. Greg KH (Aug 19)
For those playing at home, this was fixed in the 4.6 Linux kernel
release, as well as the 4.4.7 stable release (released on April 12,
2016), and all other stable releases around the same time, so the only
ones to worry about this are those who have not updated their kernel in
a long time.

thanks,

greg k-h

CVE-2016-6327 | Linux kernel crash in infiniband subsystem. Wade Mealing (Aug 19)
System using the infiniband support module ib_srpt were vulnerable to
a denial of service by system crash by a local attacker who is able to
abort writes to a device using this initiator.

There were multiple areas in which aborting a scsi command are able to
be handled, moving this to the correct location in the state machine
ensured that this condition was never triggered through this code
path.

The null pointer situation was enabled via a non...

Re: Re: CVE request - slock, all versions NULL pointer dereference x ksi (Aug 19)
Hey,

Just for the record... http://s1m0n.dft-labs.eu/files/slock/ . Vendor
was notified about this issue on 2015-11-13.

Thanks,
F

2016-08-19 7:13 GMT+10:00 <cve-assign () mitre org>:

[CVE-2016-6582] Doorkeeper gem does not revoke tokens & uses wrong auth/auth method Justin Bull (Aug 18)
Good evening everyone,

A security bulletin for all of you.

Software:
--------
Doorkeeper (https://github.com/doorkeeper-gem/doorkeeper)

Description:
----------
Doorkeeper is an OAuth 2 provider for Rails written in Ruby.

Affected Versions:
---------------
1.2.0 - 4.1.0 (all versions but latest patch supporting token revocation)

Fixed Versions:
-------------
4.2.0 or apply this commit[0]

Problem:
--------
Doorkeeper failed to implement OAuth...

Re: CVE Requests Facebook HHVM cve-assign (Aug 18)
Use CVE-2016-6870. The scope of this CVE is all of the incorrect uses
of strndup that were fixed in this commit. The commit message
references t11337047, which possibly is a bug that was discovered much
earlier. However, because we don't know of any earlier public
disclosure of t11337047, there isn't a separate CVE ID for t11337047.

Use CVE-2016-6871.

Use CVE-2016-6872.

Use CVE-2016-6873.

Use CVE-2016-6874.

Use CVE-2016-6875.

Re: CVE request - slock, all versions NULL pointer dereference cve-assign (Aug 18)
Use CVE-2016-6866.

Secure Coding — The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Silver Bullet 123: Yanek Korff Gary McGraw (Jul 06)
hi sc-l,

The latest installment of Silver Bullet was posted this morning. Silver Bullet episode 123 features a conversation
with Yanek Korff. Yanek worked for many years at Cigital as a system administrator back in the early days. He then
moved on to operational security work at AOL and running managed security services at Mandiant.

We talk about managing technical people in this episode. We also discuss operational security. Have a...

[CFP] Workshop: Who are you?! Adventures in Authentication at SOUPS 2016 - Next week! Larry Koved (Jun 20)
Title: Who are you?! Adventures in Authentication

Workshop to be held at the Twelfth Symposium on Usable Privacy and
Security - SOUPS 2016
When: June 22, 2016
Where: Denver, CO

URL: https://www.usenix.org/conference/soups2016/workshop-who-are-you

Description:

Authentication, or the act of proving that someone is who they claim to
be, is a cornerstone of security. As more time is spent using computers,
authentication is becoming both more...

Silver Bullet 122: David Nathans Gary McGraw (Jun 07)
Hi sc-l,

The latest episode of Silver Bullet features a conversation with David Nathans from Siemens Healthcare. David got his
start in security ops, and even wrote a book about that. But he completely understands why product security is
essential in the modern world and has been moving things in the right direction when it comes to medical devices.

Have a listen: http://bit.ly/SB-nathans

As always, your feedback is welcome.

gem...

Jack from Codiscope: Static Analysis for Node.JS Gary McGraw (May 20)
Hi sc-l,

New tech stacks call for new static analysis approaches. Check out Jacks (free for developers) from Codiscope:

https://codiscope.com/not-your-fathers-code-review/

gem

https://www.garymcgraw.com/
@cigitalgem

[CFP] Workshop CFP: Who are you?! Adventures in Authentication at SOUPS 2016 - 1 week until the submission deadline Larry Koved (May 10)
Title: Who are you?! Adventures in Authentication

Workshop to be held at the Twelfth Symposium on Usable Privacy and
Security - SOUPS 2016
When: June 22, 2016
Where: Denver, CO

URL: https://www.usenix.org/conference/soups2016/workshop-who-are-you

Description:

Authentication, or the act of proving that someone is who they claim to
be, is a cornerstone of security. As more time is spent using computers,
authentication is becoming both more...

Silver Bullet 121: Marty Hellman Gary McGraw (May 10)
hi sc-l,

While I was away in Europe, Silver Bullet 121 went live. This episode is an interview with recent Turing award winner
and public key crypto inventor Marty Hellman. I met Marty this year at RSA the night he won the Turing award. He’s a
hugely interesting guy.

We talk math, crypto, politics, and the history of the first two crypto wars. Marty put his own career (and freedom)
on the line in the first! It’s super interesting....

c0c0n 2016 | The cy0ps c0n - Call For Papers & Call For Workshops c0c0n 2016 - The CyOps Conference (Apr 25)
___ ___ ___ ___ __ __
/ _ \ / _ \ |__ \ / _ \/_ | / /
___| | | | ___| | | |_ __ ) | | | || |/ /_
/ __| | | |/ __| | | | '_ \ / /| | | || | '_ \
| (__| |_| | (__| |_| | | | | / /_| |_| || | (_) |
\___|\___/ \___|\___/|_| |_| |____|\___/ |_|\___/

#################################################################
c0c0n 2016 | The cy0ps c0n - Call For Papers & Call...

[CFP] Workshop CFP: Who are you?! Adventures in Authentication at SOUPS 2016 Larry Koved (Apr 25)
Title: Who are you?! Adventures in Authentication

Workshop to be held at the Twelfth Symposium on Usable Privacy and
Security - SOUPS 2016
When: June 22, 2016
Where: Denver, CO

URL: https://www.usenix.org/conference/soups2016

Description:

Authentication, or the act of proving that someone is who they claim to
be, is a cornerstone of security. As more time is spent using computers,
authentication is becoming both more common and...

Silver Bullet celebrates a decade of shows: Gary McGraw Gary McGraw (Apr 01)
hi sc-l,

Hard to believe, but Silver Bullet has been running for ten years---120 months of shows in a row without missing a
month. To celebrate this accomplishment, we shot a video for episode 120 out by the Shenandoah river at my house. And
we turned the tables on the interview. Marcus Ranum, inventor of the firewall, interviews me.

We discuss: software security, internet of (crappy) things, the surveillance state, advisory board work,...

Educause Security Discussion — Securing networks and computers in an academic environment.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Re: SOP for Managing Phishing/Ransomware Attempts Fisch, Neal (Aug 18)
Count me in as well Keith and thanks!

Neal Fisch
Director, Enterprise Services and Security
Information Security Officer
Division of Technology & Communication
California State University Channel Islands
One University Drive, Camarillo CA 93012
Solano Hall – Room 2178

Email: neal.fisch () csuci edu<mailto:neal.fisch () csuci edu>
Voice: 805-437-3278 | Mobile: 805-443-6529 | Fax: 805-437-3377
[EXT_IS]

From: The EDUCAUSE Security...

Re: SOP for Managing Phishing/Ransomware Attempts Ravi Tanikella (Aug 17)
- Ravi

Re: SOP for Managing Phishing/Ransomware Attempts Brian Griffith (Aug 17)
Interested!

Thanks,

Brian Griffith
Information Security Officer
Whitman College

Re: SOP for Managing Phishing/Ransomware Attempts Theresa Semmens (Aug 17)
Ditto for NDSU!

Theresa Semmens, CISA
NDSU Chief Information Security Officer
Director, Records Management
Office: 210D Quentin Burdick Building
Mail: NDSU Dept 4500
PO Box 6050
Fargo, ND 58108-6050
P: 701-231-5870
F: 701-231-8541
E: Theresa.Semmens () ndsu edu<mailto:Theresa.Semmens () ndsu edu>
www.ndsu.edu/its/security

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ben...

Re: SOP for Managing Phishing/Ransomware Attempts Brandon Hume (Aug 17)
Are all these "Me Toos" *supposed* to be going to the list? Is this
AOLCAUSE, now?

Re: SOP for Managing Phishing/Ransomware Attempts Dan Wasson (Aug 17)
Interested as well.

*Dan Wasson*
*Director Systems & LAN Management*
*Northwestern Michigan College*
*231-995-1164*
*dwasson () nmc edu <dwasson () nmc edu>*

*Don't be a scam victim - NMC and other reputable organizations will never
use email to request that you reply with your password, social security
number or confidential personal information.*

Re: SOP for Managing Phishing/Ransomware Attempts Ben Woelk (Aug 17)
We would be interested in the webcast.
Thanks,
Ben Woelk CISSP
Member, Awareness and Training Working Group
Higher Education Information Security Council
http://www.educause.edu/heisc

ISO Program Manager
Rochester Institute of Technology
Rochester, New York 14623
585.475.4122
ben.woelk () rit edu<mailto:ben.woelk () rit edu>
http://security.rit.edu/dsd.html

Become a fan of RIT Information Security at
http://rit.facebook.com/RITInfosec...

Re: SOP for Managing Phishing/Ransomware Attempts Sburlea, Stefan (Aug 17)
Interested, please add us too.

Best Regards,

Stefan Sburlea

Information Security Specialist
Desk Phone: 714-744-7802
[cid:image001.jpg@01D1F7D2.7E9A9DB0][code (1]
Visit www.chapman.edu/security<http://www.chapman.edu/security> for the latest Phishing emails

UNIVERSITY STAFF WILL NEVER ASK FOR YOUR PASSWORD - DO NOT SHARE YOUR PASSWORD WITH OTHERS!

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV...

Re: SOP for Managing Phishing/Ransomware Attempts James Farr (Aug 17)
I would like an invitation also.

James Farr

Information Security Officer

Utica College

jfarr () utica edu

315-223-2386

*From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Aiken Jr, Julian H
*Sent:* Tuesday, August 16, 2016 5:26 PM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* Re: [SECURITY] SOP for Managing Phishing/Ransomware Attempts

Keith,

I would like to be invited...

Re: SOP for Managing Phishing/Ransomware Attempts Bonnie Johnson (Aug 17)
Keith, suffice to say we are all interested?

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Taylor
Randle
Sent: Tuesday, August 16, 2016 4:52 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] SOP for Managing Phishing/Ransomware Attempts

Interested as well. Thanks!

Taylor Randle
IT Security Manager

[Description: Description: Description:...

Re: SOP for Managing Phishing/Ransomware Attempts Hall, Rand (Aug 17)
Another Google Apps consideration: Resetting user-Authorized access to
services <https://support.google.com/a/answer/2537800?hl=en#auth>. IIRC,
I've seen user-authorized services (like iOS Mail) continue to be used
after password change/restoration.

Rand

Rand P. Hall
Director, Network Services askIT!
Merrimack College
978-837-3532
rand.hall () merrimack edu

If I had an hour to save the world, I would spend 55 minutes...

Re: SOP for Managing Phishing/Ransomware Attempts Hollis, Michael (Aug 17)
Count me in, too.

Thanks,
Mike

Michael Hollis
Information Security Analyst/Senior Systems Analyst
ITS, Product Development and Engineering,
University of North Texas Health Science Center
Fort Worth, TX

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of SECURITY
automatic digest system
Sent: Tuesday, August 16, 2016 11:02 PM
To: SECURITY () LISTSERV...

Re: SOP for Managing Phishing/Ransomware Attempts Dennis Levine (Aug 17)
I am interested too!

Dennis

Dennis Levine | Information Security Officer | 120 Boylston Street Boston, MA 02116-4624 | (617) 824-8972 |
Dennis_Levine () emerson edu<mailto:Dennis_Levine () emerson edu> | www.emerson.edu
[emerson]

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Keith
Hartranft
Sent: Tuesday, August 16, 2016 1:22 PM
To: SECURITY () LISTSERV EDUCAUSE EDU...

Re: SOP for Managing Phishing/Ransomware Attempts McHugh, Susan (Aug 17)
MWCC is interested.

Susan McHugh
CIO
P: 978-630-9174

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kenneth
West
Sent: Wednesday, August 17, 2016 8:08 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] SOP for Managing Phishing/Ransomware Attempts

I am interested.

Thanks,

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE...

Re: SOP for Managing Phishing/Ransomware Attempts Barron Felder (Aug 17)
I am interested.

Thank you,

Barron

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

• Current Month
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Weekly Routing Table Report Routing Analysis Role Account (Aug 19)
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.

The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG,
SAFNOG, SdNOG, BJNOG, CaribNOG and the RIPE Routing WG.

Daily listings are sent to bgp-stats () lists apnic net

For historical data, please see http://thyme.rand.apnic.net.

If you have any comments please contact Philip Smith <pfsinoz () gmail...

Re: Arista unqualified SFP Eric Kuhnke (Aug 19)
I would like to see optics made in a shack in a rain forest, maybe we can
find a new market to sell hand made artisanal fair trade organic GMO-free
gluten-free lasers.

Re: Arista unqualified SFP Alain Hebert (Aug 19)
Well,

Context: Starting with 10Gb the optics are more finicky.

Part of that price hike include tech support (1) which you will
never get from most OEM vendor. PS: Mine is pretty good.

Having dealt with a few optic issues lately:

. Why that 10km LR won't work with that circuit, oh its a 8.5km
+ fusion + etc, your cutting it a bit short there bud, replaced them by ER's

( Cost: 3 weeks lag on delivery...

Lc fail a9k1 Dmitry Sherman (Aug 19)
Hello dear colleagues,
Any chance to recover/repair or replace failed lc on asr9001?
The line card probably dead (after flood disaster), rsp alive, flash, fans and psu also in good condition.

Thanks in advance!

Thanks
Best regards,
Dmitry Sherman
Interhost Networks
www.interhost.co.il<http://www.interhost.co.il>
Dmitry () interhost net<mailto:Dmitry () interhost net>
Mob: 054-3181182
Sent from Steve's creature
[X]

Is it nuts...

RE: Arista unqualified SFP Ryan DiRocco (Aug 19)
I wouldn't be surprised to see GOV contracts in that list :) It's the new $10,000 toilet seat to fund black ops!

Re: RIP ipv4 dominance Scott Weeks (Aug 19)
--- cb.list6 () gmail com wrote:

This not RIP ipv4, but RIP dominance, on mobile, in the USA , ....

This is an epic milestone for ipv6

http://www.worldipv6launch.org/major-mobile-us-networks-pass-50-ipv6-threshold/
----------------------------------------------

And from another point of view... I just saw this over on MENOG:

+++++++++++++++++++++
From: "Ahmed Abu-Abed" <ahmed () tamkien com>
To:...

RIP ipv4 dominance Ca By (Aug 19)
This not RIP ipv4, but RIP dominance, on mobile, in the USA , ....

This is an epic milestone for ipv6

http://www.worldipv6launch.org/major-mobile-us-networks-pass-50-ipv6-threshold/

Re: China Unicom – Does anyone still work for them ? Eric Kuhnke (Aug 18)
Is it nuts to ask if you've had fluent Mandarin or Cantonese speaking staff
members contact them?

Re: Arista unqualified SFP Eric Kuhnke (Aug 18)
Though it would be really interesting to see, if a company like Cisco or
Juniper ever suffered a major data leak, what number of customers really do
pay full list price for some stuff.

"Yeppers, twenty 1310nm LX 10Gb SFP+ for $4800 each, sounds good. Where do
we send the check?"

Re: Arista unqualified SFP Ricky Beam (Aug 18)
On Thu, 18 Aug 2016 08:05:30 -0400, Tim Jackson <jackson.tim () gmail com>
wrote:

I can't count the number of times I've seen this BS from vendors. I'm not
buying crap made in a shack out in a rain forest. I'm buying the same
f'ing optics from the same f'ing people as the vendor. (Finisar, Infineon,
etc.) The only difference between my $10 optic and their $300 optic is the
value in an EEPROM and the...

China Unicom – Does anyone still work for them ? James Braunegg (Aug 18)
Dear All

Just wondering if anyone is responsible and proactive and wants new IP Transit sales for China Unicom … or is it time
to say good bye to using China Unicom and hello to China Telecom ?

Whilst we are a client of China Unicom purchasing IP transit, the support / service provision lead times to date has
been a horrible experience.… My current contacts within the USA rarely reply to emails and services take 12 months+ to
be...

Re: cheap SMS, was Email to text - Eric Kuhnke (Aug 18)
There isn't, really, the closest you can get (on a GSM-derived, LTE
network) is probably a pay-as-you-go data plan per GB on one of Rogers'
sub-brands Fido or Chatr.

Re: cheap SMS, was Email to text - Eric Kuhnke (Aug 18)
The "Ting" MVNO is owned/run by the Tucows people (remember them!) and runs
on either Sprint or T-Mobile's network depending on where you are.

For very low data rate OOB access type things it can be as low as $10/mo
for an active LTE SIM card.

https://ting.com/rates?ab=1

Re: cheap SMS, was Email to text - John Levine (Aug 18)
Since this comes up from time to time, here's the cheapest US SIM plans I know of.

Tracfone BYOD runs on AT&T or Verizon (the latter is LTE only) and the
cheapest plan is $18 for 90 days if you sign up and autorenew. That
gives you 180 SMS. and if you want them 180 mins of voice and 180MB of
data, unused rolls over. Customer service is OK, seems to be in the
US, aimed at a bilingual Spanish/English market.

Airvoice Wireless runs on...

Re: Arista unqualified SFP Stanislaw (Aug 18)
Yeah, it is.
And yeah, I was considering that option too.

Ethan писал 2016-08-18 16:59:

Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating

• Archived Posts
•  RSS Feed
•  About List

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Risks Digest 29.70 RISKS List Owner (Aug 18)
RISKS-LIST: Risks-Forum Digest Thursday 17 August 2016 Volume 29 : Issue 70

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.70>
The current issue can also be...

Risks Digest 29.69 RISKS List Owner (Aug 16)
RISKS-LIST: Risks-Forum Digest Tuesday 16 August 2016 Volume 29 : Issue 69

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.69.html>
The current issue can...

Risks Digest 29.67 RISKS List Owner (Aug 08)
RISKS-LIST: Risks-Forum Digest Monday 9 August 2016 Volume 29 : Issue 67

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.67.html>
The current issue can also...

Risks Digest 29.66 RISKS List Owner (Aug 05)
RISKS-LIST: Risks-Forum Digest Friday 5 August 2016 Volume 29 : Issue 66

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.66.html>
The current issue can also...

Risks Digest 29.65 RISKS List Owner (Jul 28)
RISKS-LIST: Risks-Forum Digest Thursday 28 July 2016 Volume 29 : Issue 65

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.65.html>
The current issue can also...

Risks Digest 29.64 RISKS List Owner (Jul 25)
RISKS-LIST: Risks-Forum Digest Monday 25 July 2016 Volume 29 : Issue 64

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.64.html>
The current issue can also...

Risks Digest 29.63 RISKS List Owner (Jul 21)
RISKS-LIST: Risks-Forum Digest Thursday 21 July 2016 Volume 29 : Issue 63

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.63.html>
The current issue can also...

Risks Digest 29.62 RISKS List Owner (Jul 19)
RISKS-LIST: Risks-Forum Digest Tuesday 19 July 2016 Volume 29 : Issue 62

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.62.html>
The current issue can also...

Risks Digest 29.61 RISKS List Owner (Jul 15)
RISKS-LIST: Risks-Forum Digest Friday 15 July 2016 Volume 29 : Issue 61

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.61.html>
The current issue can also...

Risks Digest 29.60 RISKS List Owner (Jul 14)
RISKS-LIST: Risks-Forum Digest Thursday 14 July 2016 Volume 29 : Issue 60

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.60.html>
The current issue can also...

Risks Digest 29.59 RISKS List Owner (Jun 28)
RISKS-LIST: Risks-Forum Digest Tuesday 28 June 2016 Volume 29 : Issue 59

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.59.html>
The current issue can also...

Risks Digest 29.58 RISKS List Owner (Jun 21)
RISKS-LIST: Risks-Forum Digest Tuesday 21 June 2016 Volume 29 : Issue 58

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.58.html>
The current issue can also...

Risks Digest 29.57 RISKS List Owner (Jun 18)
RISKS-LIST: Risks-Forum Digest Saturday 18 June 2016 Volume 29 : Issue 57

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.57.html>
The current issue can also...

Risks Digest 29.56 RISKS List Owner (Jun 15)
RISKS-LIST: Risks-Forum Digest Wednesday 15 June 2016 Volume 29 : Issue 56

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.56.html>
The current issue can...

Risks Digest 29.55 RISKS List Owner (Jun 07)
RISKS-LIST: Risks-Forum Digest Tuesday 7 June 2016 Volume 29 : Issue 55

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.55.html>
The current issue can also...

BreachExchange — BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Plaintiffs Cannot Bring Data Breach Lawsuits Without Evidence That Information Will Be Used To Harm Richard Forno (Aug 19)
http://www.jdsupra.com/legalnews/plaintiffs-cannot-bring-data-breach-15526/

Plaintiffs Cannot Bring Data Breach Lawsuits Without Evidence That Information Will Be Used To Harm

The latest development in how American courts will handle the standing question for data breach class actions came last
week when the U.S. District Court for the District of Columbia dismissed for lack of standing a putative class action
related to the CareFirst...

The hidden liability: How to keep your business data safe Audrey McNeil (Aug 18)
http://www.itproportal.com/2016/08/17/the-hidden-liability-how-to-keep-your-
business-data-safe/

Data stored on business systems is both an asset and a liability. Like any
asset, your data is worth guarding, and like any liability, it’s worth
mitigating. Personal identification numbers, customer payment information,
contact lists, product/service roadmaps, and intellectual property are just
some of the types of confidential data that’s...

4 Questions the Board Must Ask Its CISO Audrey McNeil (Aug 18)
http://www.databreachtoday.com/blogs/4-questions-board-
must-ask-its-ciso-p-2218

As CISOs, the most common question we get asked by the board is, "Are we
secure?" But there is a fundamental problem with this question.

In order to explain the problem, I encourage you to ask yourself a similar
question - "Are you healthy?" - and see how you respond. Some of you
probably started explaining how often you exercise, see a doctor,...

Don’t Fear a HIPAA Audit—Fear Being Uninformed Audrey McNeil (Aug 18)
http://dentistrytoday.com/news/todays-dental-news/item/
1176-don-t-fear-a-hipaa-audit-fear-being-uninformed

Your healthcare records are under attack. It seems like we read about
another data breach or ransomware attack every day. In 2015, the protected
health information of more than 100 million patient records was
compromised. This is why the federal Department of Health and Human
Services (HHS) recently announced random Health Insurance...

Latest Hotel Malware Infection Could Just Be The Tip Of The Iceberg Audrey McNeil (Aug 18)
https://get.com/news/latest-hotel-malware-infection-could-
just-be-tip-iceberg/

A leisurely stay at a hotel is almost like playing the lottery these days,
and as absurd as it sounds, it depends a whole lot on your luck. Following
reports released last week that a number of major hotels have been hit by a
malware infection in their point-of-sale systems, at least 20 hotels
operated by HEI Hotels & Resorts on behalf of Starwood, Marriott,...

Cybersecurity and its impact on business Audrey McNeil (Aug 17)
http://in-cyprus.com/cybersecurity-and-its-impact-on-business/

Cybersecurity incidents can cause major damage to European businesses and
the economy at large. Indeed, theft of commercial trade secrets and
business information, personal data breaches, disruption of services and of
infrastructure result in economic losses of hundreds of billions of euros
each year.

According to a recent survey, at least 80% of European companies have
experienced...

IT security increasingly focusing on reaction to attacks Audrey McNeil (Aug 17)
http://www.healthdatamanagement.com/news/it-security-increasingly-
focusing-on-reaction-to-attacks

Worldwide spending on information technology security will grow by 7.9
percent, to reach $81.6 billion in 2016, according to Gartner.

In its latest market growth forecast, released last week, the research firm
says the highest growth during that time will come in the areas of security
testing, IT outsourcing and data loss prevention.

One of the...

A cybersecurity seal of approval is not enough Audrey McNeil (Aug 17)
http://www.idgconnect.com/blog-abstract/19365/a-cybersecurity-seal-approval

Cyberthreats continue to dominate the headlines and wreak havoc on
corporate networks. There are now nearly one million new malware threats
released every single day, according to recent reports. In a bid to stem
the tide, several groups have announced programs to rate the cybersecurity
of network-connectable products and systems.

In April, Underwriters Laboratories...

Stolen medical records may be for sale Audrey McNeil (Aug 17)
http://chronicle.augusta.com/news/crime-courts/2016-08-16/
stolen-medical-records-may-be-sale#

The hacker who infiltrated Athens Orthopedic Clinic’s computer system and
gained access to more than 200,000 patient records is being identified in
published reports as “The Dark Overlord,” who claims to have broken into a
number of healthcare databases and obtained millions of personal records.

At least some of those records, those reports say,...

To mitigate medical hacks, identify incentives for hackers Audrey McNeil (Aug 17)
https://www.brookings.edu/2016/08/16/to-mitigate-medical-hacks-identify-
incentives-for-hackers/

Privacy breaches are extremely ubiquitous in the health care industry. Over
the last six years, medical data of more than 155 million Americans have
been potentially exposed through nearly 1,500 breach incidents. While there
are notable ongoing efforts among health care organizations to prevent
these incidents, the strategies to mitigate the...

High-profile hacks and the asymmetry of disclosure Audrey McNeil (Aug 16)
https://fcw.com/articles/2016/08/15/comment-gleicher-dnc-cyber.aspx

The hack and subsequent leak of data from the Democratic National Committee
are an industrial-scale example of a fundamental asymmetry in our
increasingly connected world: Disclosure is easy; correction is difficult.

Although disclosure can be an important tool for transparency and advocacy,
it can also be a malicious and powerful weapon. And once records are
disclosed,...

Sage Confirms Customer Data Breach Audrey McNeil (Aug 16)
http://www.techweekeurope.co.uk/workspace/sage-customer-data-breach-196407

British software firm Sage has confirmed it is investigating a case of
“unauthorised access” to data that it said occurred at some point in the
past few weeks.

Sage, which makes business software including accounting and payroll
programs used by customers in 23 countries, said police are investigating
the breach and the data protection regulator, the Information...

Starwood, Marriott, Hyatt, IHG hit by malware Audrey McNeil (Aug 16)
http://finance.yahoo.com/news/starwood-marriott-hyatt-ihg-hit-230328538.html

A data breach at 20 U.S. hotels operated by HEI Hotels & Resorts for
Starwood, Marriott, Hyatt and Intercontinental may have divulged payment
card data from tens of thousands of food, drink and other transactions, HEI
said on Sunday.

The breach follows similar attacks at Hyatt Hotels Corp and Starwood Hotels
& Resorts Worldwide Inc in recent months.

Norwalk,...

What should healthcare do about its cybersecurity problem? Audrey McNeil (Aug 16)
http://medcitynews.com/2016/08/healthcare-cybersecurity-problem/?rf=1

The beat goes on when it comes to cybersecurity breaches in healthcare.

So far this month, Banner Health in Phoenix disclosed that it had data on
3.7 million people potentially exposed by a series of hacks. Another 3.3
million records were compromised at Newkirk Products, a company that issues
ID cards for several Blue Cross and Blue Shield carriers.

Meantime, research firm...

Four years later, case still open in DOR data breach Audrey McNeil (Aug 16)
http://www.greenvilleonline.com/story/news/crime/2016/08/
12/four-years-later-case-still-open-dor-data-breach/88453548/

Four years after South Carolina’s tax agency suffered the worst data breach
in state history, 5 million attempts are made each week to gain
unauthorized access to state government computers, which hold vast amounts
of personal data belonging to taxpayers, employees and members of the
public.

The attempts come from around the...

Metasploit — Development discussion for Metasploit, the premier open source remote exploitation tool

• Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

nullcon se7en CFP is open nullcon (Aug 25)
Dear Friends,

Welcome to nullcon se7en!

$git commit -a <sin>

<sin> := wrath | pride | lust | envy | greed | gluttony | sloth

nullcon is an annual security conference held in Goa, India. The focus
of the conference is to showcase the next generation of offensive and
defensive security technology. We happily open doors to researchers
and hackers around the world working on the next big thing in security
and request...

Ruxcon 2015 Final Call For Presentations cfp (Jul 05)
Ruxcon 2015 Final Call For Presentations
Melbourne, Australia, October 24-25
CQ Function Centre

http://www.ruxcon.org.au

The Ruxcon team is pleased to announce the first round of Call For Presentations for Ruxcon 2015.

This year the conference will take place over the weekend of the 24th and 25th of October at the CQ Function Centre,
Melbourne, Australia.

The deadline for submissions is the 15th of September, 2015.

.[x]. About Ruxcon .[x]....

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

• Current Month
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

Re: Lua 5.3 João Valverde (Aug 20)
I'm not aware of any policy that says our Lua dialect and APIs must be
stable forever. That's nice, I don't like fixing working code as much as
the next person, but sometimes reality intervenes. It would be difficult
to provide that guarantee, seeing as Lua 5.2 is already unmaintained
upstreams.

But if change 17172 is merged then it becomes at least possible.

Re: Lua 5.3 João Valverde (Aug 20)
I also meant to add that it would be better to rip-off the compatibility
band-aid, IMO, if the 5.3 features justify the upgrade.

Re: Lua 5.3 João Valverde (Aug 20)
I think there is a disconnect here because you are seeing Lua as a
system dependency. I see it as Wireshark's own embedded language
interpreter (although developed by the Lua team under a suitable license).

(Sorry for my brevity, I really appreciate your input).

Re: Lua 5.3 Peter Wu (Aug 20)
I am against pulling the Lua source tree in the tree, reasons were
already given in https://code.wireshark.org/review/#/c/17172

I am not against adding Lua 5.3 compatibility, but would like to see
compatibility for existing dissectors. Keeping support for 5.2 (or even,
argh, 5.1) would allow distros/users to build with older versions if
they desire.

If 5.3 compatibility is added it should be no problem. After looking at
the actual changes (...

Wireshark 2.2.0 release schedule Gerald Combs (Aug 19)
I plan on releasing Wireshark 2.2.0rc1 on Monday, August 22 followed by
2.2.0rc2 on the 31st. Barring any major issues 2.2.0 will be released on
September 7th.

Re: Lua 5.3 João Valverde (Aug 19)
I think the impact is very small compared to the benefits, it's an easy
port to Lua 5.3 if it requires porting at all, but maybe someone else
who uses this code heavily can comment on that.

I really like the Wireshark Lua API, by the way. It's really cool.

Re: Lua 5.3 João Valverde (Aug 19)
Let me also ask, Peter, you're pushing back against building Lua from
source and also pushing back against upgrading to 5.3.

I'm not seeing how that is a viable long-term option on Linux.

Re: Lua 5.3 Pascal Quantin (Aug 19)
2016-08-19 17:05 GMT+02:00 João Valverde <joao.valverde () tecnico ulisboa pt>:

For what it is worth, I do not remember any user asking / pushing to
upgrade to Lua 5.3 yet. Breaking their script should be justified by a huge
win (I will not judge myself whether this is the case or not with this
upgrade as I'm not a Lua user, so I'm not qualified here; but we must think
about our existing users). C plugins are a bit of main to...

Re: Lua 5.3 João Valverde (Aug 19)
I'm referring to the upgrade to Lua 5.3 here, i.e, breaking backward
compatibility, same as any other Lua script moving from 5.1/5.2 to 5.3.

Re: Lua 5.3 João Valverde (Aug 19)
Doesn't Lua 5.3 provide native bit operators? If so there is not net
loss of functionality. That was my reasoning at least.

The language incompatibilities between 5.2 and 5.3 are minor. The
wireshark API is exactly the same.

LPeg is more powerful and Lua-thonic than lrexlib, but there is a
learning curve for that, no doubt. For anyone relying on lrexlib, it's a
significant break. We can keep lrexlib, that's not a problem and...

Re: Lua 5.3 Peter Wu (Aug 19)
Why is it justified to break backwards compatibility and move from 5.2
to 5.3 without the ability to chose for 5.2? What is the killer feature
of 5.3 that makes it totally worth to possibly break older dissectors?

The disadvantage of C plugins is that it had to be recompiled for newer
versions. With a move from 5.2 to 5.3 and also removing GRegex and bitop
you make it quite likely to break Lua dissectors in some way.

I have once written a Lua...

Re: Lua 5.3 João Valverde (Aug 19)
https://code.wireshark.org/review/#/c/17175/

I'd be glad to answer any questions, to the best of my knowledge.

Re: Cmake and RPM João Valverde (Aug 18)
No problem, it's still useful to know. I also have qtchooser installed
on the Fedora VM, it just isn't picked up by configure.

Re: Cmake and RPM Jonne Zutt (Aug 18)
I did not make changes to my $PATH.
Well, after verifying and searching for a while, that did happen actually,
because of the qtchooser package:

$ rpm -qf /etc/profile.d/qtchooser.sh
qtchooser-39-1.fc20.x86_64

$ cat /etc/profile.d/qtchooser.sh

case ":${PATH:-}:" in
*:/usr/lib/qtchooser:*) ;;
*) PATH="/usr/lib/qtchooser${PATH:+:$PATH}" ;;
esac

What I did earlier to make it work for me was:
sed -i -e...

Re: Cmake and RPM João Valverde (Aug 18)
I'm not sure what you did to make configure find qtchooser in
/usr/lib/qtchooser (changed your $PATH?) but this works out of the box
for me on Fedora 20:

$ whereis qtchooser
qtchooser: /usr/lib/qtchooser

$ ./configure --with-qt=5 --with-gtk=no
---
configure:47210: checking for qtchooser
configure:47243: result: no
configure:47322: checking for lrelease-qt5
configure:47340: found /usr/bin/lrelease-qt5
configure:47352: result:...

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

• Current Quarter
•  Archived Posts
•  RSS Feed
•  About List
•  Show Latest PostsHide Latest Posts

false positive from NASA Realtime Satellite Tracking wkitty42 (Aug 20)
i'm seeing the following rules being triggered from

http://spaceflight1.nasa.gov/realdata/tracking/index.html

but i'm not sure the best way to allow this site as the java stuff seems to be
being pulled from multiple IPs on AWS...

Rule ID: 1:2016540:2 - ET CURRENT_EVENTS SUSPICIOUS JAR Download by Java UA
with non JAR EXT matches various EKs
Date: 08/20 09:37:57 Priority: 2 Class Type: Potentially Bad...

Re: Barnyard2 unable to start service Pratibha Rajan (Aug 19)
Thanks for taking the time Ian, we tried all the options accept rebuiling it. Nothing seems to work. We will give that
a try as well, else just continue running barnyard in continuous mode.

Thanks again
Pratibha

------------------------------------------------------------------------------

Re: Barnyard2 unable to start service wkitty42 (Aug 19)
Ian posted a fix for your problem early this morning... it is pretty much what i
came up with after reconsidering my previous possible fix that didn't work for
you... he also provided several additional possible solutions... at least one of
the three or four he proposed should fix your problem :)

Re: Newbie question -- Can Snort be installed in a routed mode instead of bridged mode? J Green (Aug 19)
Got it, was a file ownership issue on a few directories.

Thank you everyone.

------------------------------------------------------------------------------

Re: Barnyard2 unable to start service Ian (Aug 19)
Hi,

In the original script, change line 40 from

daemon $prog $BARNYARD_OPTS

to

daemon /usr/local/bin/$prog $BARNYARD_OPTS

Otherwise the other locations used by the $prog variable will be affected.

Alternatively create a symlink:

ln -s /usr/local/bin/barnyard2 /usr/bin/barnyard2

Or you can uninstall barnyard2 (run 'make uninstall' in the source
folder) then rebuild with a different prefix:...

Re: Newbie question -- Can Snort be installed in a routed mode instead of bridged mode? J Green (Aug 18)
So I redid the entire setup, using Daq & nfqueue. Now it does pass
traffic.

However, nothing is logged (alerts) seemingly, to the database, nor log
files.

I am probably missing something simple?

Thank you.

------------------------------------------------------------------------------

Snort Subscriber Rules Update 2016-08-18 Research (Aug 18)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the blacklist,
browser-plugins, file-office, file-pdf, malware-cnc, malware-other,
os-linux, protocol-snmp and server-webapp rule sets to provide coverage
for emerging threats from these technologies.

For a complete list of new and modified rules please see:...

Re: Barnyard2 unable to start service Pratibha Rajan (Aug 18)
Is there an alternative startup script for barnyard2? The issue seems to be with the start up script.
Pratibha
From: pratibha.nair12 () outlook com
To: bala150985 () gmail com
Date: Wed, 17 Aug 2016 23:04:44 +0530
CC: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Barnyard2 unable to start service

Hi Bala,
Below is the output I get:
# which barnyard2/usr/local/bin/barnyard2

Thanks
Pratibha
From: bala150985 () gmail com
Date:...

Batmob Info Stanwyck, Carraig - ASOC - Kansas City, MO (Aug 18)
Good Morning,

Do any of you have a write-up on the various Batmob variants? Is it benign mobile adware or is it more malicious
adware? Google searches are turning up very little on this particular adware.

Thank you,
-C

Carraig Stanwyck
USDA | OCIO | ASOC

This electronic message contains information generated by the USDA solely for the intended recipients. Any unauthorized
interception of this message or the use or disclosure of the...

Re: Barnyard2 unable to start service wkitty42 (Aug 18)
ugh... no clue... undo those changes for now... the /var/lock/subsys/ thing
appears to use the $prog variable, too... i'm suspecting that the script you
posted is assuming that barnyard2 is installed in a default pathed system
directory instead of in /usr/local/bin... if this is true, then it may be
possible to add another variable for the program launch... unfortunately, i'm
headed out for a very early day of $work$ to avoid the...

Re: Barnyard2 unable to start service Pratibha Rajan (Aug 17)
Thanks for responding ; this is the output I get after making the changes you suggested:

[root@tparheidsp001 init.d]# systemctl status barnyard2.service● barnyard2.service - SYSV: Barnyard2 is an output
processor for snort. Loaded: loaded (/etc/rc.d/init.d/barnyard2) Active: failed (Result: resources) since Wed
2016-08-17 22:08:19 EDT; 13s ago Docs: man:systemd-sysv-generator(8) Process: 10775
ExecStart=/etc/rc.d/init.d/barnyard2...

Re: Barnyard2 unable to start service wkitty42 (Aug 17)
that output might be what is needed in the "prog" variable in that script
instead of just "barnyard2"...

find the line

prog="barnyard2"

and change it to

#prog="barnyard2"

then add another line right below it

prog="/usr/local/bin/barnyard2"

and see if that makes any difference... if it does not, remove the added line
and the "#" to return to where you started...

Re: Barnyard2 unable to start service Pratibha Rajan (Aug 17)
Hi Bala/ All,
Is there any symlink that we need to create?
When I run the script to run barnyard in continuous mode it seems to run :
/usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w
/var/log/barnyard2/barnyard2.waldo
But daemon mode fails:
Aug 17 16:32:59 tparheidsp001 barnyard2: Starting Snort Output Processor (barnyard2): /bin/bash: barnyard2: command not
foundAug 17 16:32:59 tparheidsp001 barnyard2:...

Re: Barnyard2 unable to start service Pratibha Rajan (Aug 17)
Hi Bala,
Below is the output I get:
# which barnyard2/usr/local/bin/barnyard2

Thanks
Pratibha
From: bala150985 () gmail com
Date: Wed, 17 Aug 2016 18:12:53 +0530
Subject: Re: [Snort-users] Barnyard2 unable to start service
To: pratibha.nair12 () outlook com
CC: snort-users () lists sourceforge net

Could you type in "which barnyard2" and post the output here.

Hi,
Barnyard was successfully installed but having issues bringing the...

Re: Barnyard2 unable to start service Balasubramaniam Natarajan (Aug 17)
Could you type in "which barnyard2" and post the output here.