|
SecLists.Org Security Mailing List Archive
Any hacker will tell you that the latest news and exploits are not
found on any web site—not even Insecure.Org. No, the cutting edge
in security research is and will continue to be the full
disclosure mailing lists such as Bugtraq. Here we provide web
archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:
Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.
Re: dev Digest, Vol 150, Issue 18
Md. Tariq Aziz (Oct 17)
static build on Linux
Levente Laszlo (Oct 16)
Hi,
I would like to make a static build of Nmap (actually I just need a static
Ncat binary).
I am on Ubuntu 16.04 but I can build on CentOS/Arch/etc as well.
I have not found a lot of documentations on the web or in the list
archive...
https://blog.zsec.uk/staticnmap/
This is a post from May 2016 with version 7.11
When I tried the same (with ncat of course), with v7.60 I got an error too:...
Re: Talk on NSE's use of coroutines at Lua Workshop 2017
Fyodor (Oct 16)
On Wed, Oct 4, 2017 at 5:06 PM, Patrick Donnelly <batrick () batbytes com>
wrote:
Nice! I hope the talk goes well (looks like it starts in 30 minutes) and
I'm looking forward to the video!
Cheers,
Fyodor
Re: Crash Report
Daniel Miller (Oct 10)
Ron,
Thanks for the bug report. Can you verify whether that file exists? It's
possible there is a problem with your Nmap installation.
Dan
Re: Crash Report
Daniel Miller (Oct 10)
Pia,
Thanks for reporting this. The error is caused by a corrupted .pyc file
somewhere in your Python installation. Deleting the file will solve the
error, and importing the problem library as root will recompile it. Since
we don't know which library is the problem, you could run this shell script
as root, which will try each of them:
#!/bin/sh
rm /usr/lib/python2.7/difflib.pyc
python -c 'import difflib'
rm...
Crash Report
Ronald Belill (Oct 09)
Version: 6.47
Traceback (most recent call last):
File "zenmapGUI\ScriptInterface.pyo", line 328, in
script_list_timer_callback
File "zenmapGUI\ScriptInterface.pyo", line 337, in initial_script_list_cb
File "zenmapGUI\ScriptInterface.pyo", line 369, in
handle_initial_script_list_output
File "zenmapCore\ScriptMetadata.pyo", line 495, in get_script_entries
File...
Crash Report
Pia S. Sumalinog (Oct 09)
Version: 7.60
Traceback (most recent call last):
File "/usr/bin/zenmap", line 195, in <module>
zenmapGUI.App.run()
File "/usr/lib/python2.7/dist-packages/zenmapGUI/App.py", line 358, in run
window = new_window()
File "/usr/lib/python2.7/dist-packages/zenmapGUI/App.py", line 194, in new_window
from zenmapGUI.MainWindow import ScanWindow
File...
[MS17-010]
DUMAS Xavier (Oct 09)
Re: nsock READ timeout
Gerald Roy (Oct 09)
Talk on NSE's use of coroutines at Lua Workshop 2017
Patrick Donnelly (Oct 04)
If anyone in the bay area would like to participate, please register
and attend (it's free!):
http://www.lua.org/wshop17.html#abstracts
A video recording is planned. I will share to nmap-dev when it is available.
Re: nsock READ timeout
Fotis Chantzis (Oct 02)
Can you please paste the output of the ssh client with verbose output on
when connecting to that server? (ssh -vv <user>@192.168.1.1)
What ssh version is the server running on the raspberry?
nsock READ timeout
Gerald Roy (Oct 02)
Hi,
Running NCrack 0.6 on a Raspberry Pi 3 Raspbian with the command
ncrack -U 1user -P 1password -vv -d 10 -t 4 -iX mynmap.xml -oN ncrack.log
I get the output below. It looks like it's not doing much. 192.168.1.22
is a DD-WRT router.
ssh://192.168.1.1:22 (EID 223) Attempts: total 0 completed 0 supported 0
--- rate 0.00
ssh://192.168.1.1:22 (EID 224) nsock READ timeout!
ssh://192.168.1.1:22 (EID 224) Attempts: total 0 completed 0...
Re: New Feature for Nmap
Daniel Miller (Sep 26)
Thanks for the suggestion! We already have a "map" feature in Zenmap, the
official GUI for Nmap [1]. But text-mode outputs can sometimes be useful,
too. Since Nmap already emits all of its findings in machine-parseable XML,
we are not likely to add another output format to Nmap itself, but there
are a couple of potentially interesting options:
You could write a post-processing script to convert the XML into a tabular
or text tree...
New Feature for Nmap
Who Am I? (Sep 26)
Hello there.
I was looking to add a new feature to Nmap that I thought would be useful.
However, I would like to get the opinion of other individuals as well so I
can decide whether to move forward with the idea.
So, here is what I'm thinking of:
Sometimes with Nmap, I like to run a ping scan on my network. The output is
usually something like this after running "*nmap -sn 67.207.82.167/20
<http://67.207.82.167/20>*":...
Re: possible bug, nmap v7.40
Daniel Miller (Sep 26)
I remembered this issue when I saw a question and answer on
unix.stackexchange.com [1], so I thought I'd send an update. This is due to
a bug in the netfilter nat module in Linux 4.8. The code change which
introduced the bug was reverted in 4.8.16, and kernel 4.9 is not affected.
Thanks for reporting it!
Dan
https://unix.stackexchange.com/a/337496/16171
Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.
Nmap GSoC 2017 Success Reports
Fyodor (Oct 10)
Hello Nmap Community,
Nmap celebrated its 20th birthday last month and we also just completed our
13th Google Summer of Code. We focused on a fairly small team of four
students this year (http://seclists.org/nmap-announce/2017/2), and I'm
happy to report that every one passed! And they all have code integrated
into Nmap 7.60 already, with even more to follow for the next release.
Also this year, for the first time, every student wrote a...
Nmap 7.60 released! SSH support, SMB2/SMB3 improvements, 14 more scripts, new Npcap, GSoC work, and more
Fyodor (Aug 01)
Hello everyone. I'm back from Defcon and excited to announce the new Nmap
7.60 release! It has only been a month and a half since 7.50, but we still
packed a lot into this one. Mostly because we have such an awesome GSoC
team of 8 students and mentors working on so many cool projects. The
program hasn't even ended yet, but much of their work has already been
integrated into this release.
One of the things I'm most excited...
Nmap 7.50 Released! 14 new NSE scripts, 300+ fingerprints, new Npcap, and more
Fyodor (Jun 13)
Dear Nmap Community:
The Nmap project is delighted to announce the release of Nmap 7.50! It is
our first big release since last December and has hundreds of improvements
that we hope you will enjoy.
One of the things we have been worked the hardest on recently is our Npcap
packet capturing driver and library for Windows (https://nmap.org/npcap/).
It is a replacement for WinPcap, which served us well for many years, but
is no longer maintained....
Introducing the 2017 Nmap/Google Summer of Code Team!
Fyodor (May 18)
Nmap community:
Thanks for all of your applications and referrals of talented students to
the Summer of Code program. Google has agreed to sponsor four students to
spend this summer enhancing the Nmap Security Scanner and I'm proud to
introduce our 2017 team! We normally mentor coders working all over the
Nmap/Zenmap/Ncat/Nping spectrum, but this year we're doubling down on the
Nmap Scripting Engine component. All four of our...
Nmap Project Seeking Talented Programmers for GSoC 2017
Fyodor (Mar 27)
Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're one...
Nmap GSoC 2016 Success Report
Fyodor (Feb 07)
Happy belated new year from the Nmap Project! I'd like to take this
opportunity to send you the belated results from our 2016 Summer of Code
team. I was going to send them right after the program finished, but some
of the students were still finishing some great things so I decided to
wait. As you may recall from the team intro mail (
http://seclists.org/nmap-announce/2016/2), we had 5 students last year and
I'm happy to report that...
Nmap 7.40 Holiday Release: a dozen new NSE scripts, hundreds of new fingerprints, new Npcap, faster brute forcing, and more...
Fyodor (Dec 20)
Happy holidays from the Nmap Project! In case your Christmas break plans
involve a lot of port scanning, we're delighted to announce our holiday
Nmap 7.40 release! This version stuffs your stockings with dozens of new
features, including:
- 12 new NSE scripts
- Hundreds of updated OS and version detection detection signatures
- Faster brute force authentication cracking and other NSE library
improvements
- A much-improved...
Nmap 7.31 stability-focused point release
Fyodor (Oct 21)
Hi folks. I'm happy to report that the big Nmap 7.30 release last month
was a great success. We didn't even see as many bugs as expected for such
a large release, but we have collected and fixed the ones which did arise
in the last few weeks into a new 7.31 point release. It includes the
latest updates to our new Npcap driver, a fix for Nping on Windows, and
more.
Nmap 7.31 source code and binary packages for Linux, Windows, and Mac...
Nmap 7.30 Released with new NSE scripts, new Npcap, new Fingerprints, etc.
Fyodor (Sep 29)
Hi folks! You may have noticed that we've only been releasing Nmap betas
for the last 6 months because we've had so much new code and so many
features to integrate thanks to hard work from both our regular team and
the 5 Google Summer of Code summer interns. But we spent the last month
focused on stability and I'm pleased to announce Nmap 7.30--our first
stable release since 7.12 back in March.
Even though it's a stable...
Nmap 7.25BETA2 Birthday Release
Fyodor (Sep 01)
Hi folks! I'm happy to report that today is Nmap's 19th birthday and
instead of cake, we're celebrating open source style with a new release!
Nmap 7.25BETA1 includes dozens of performance improvements, bug fixes, and
new features. The full list is below, and includes a major LUA upgrade for
NSE scripts, a new overlapped I/O engine for better Windows performance, a
much-improved version of our new Npcap packet capturing driver,...
Nmap 7.25BETA1 Released with our new Npcap driver, 6 new NSE scripts, and more!
Fyodor (Jul 19)
Hi folks! As you may know, we've been working for the last 3 years on an
improved Windows packet capturing library named Npcap. It's based on the
original WinPcap (which hasn't been maintained in years), but we rewrote
the driver to use modern APIs (NDIS 6) for better performance. It also
improves security and enables new features. For example, Npcap allows Nmap
to do raw scans (including SYN scans and OS detection) of localhost...
Introducing the 2016 Nmap/Google Summer of Code Team!
Fyodor (May 09)
Hello everyone. Google has agreed to sponsor five amazing students to
spend this summer enhancing the Nmap Security Scanner and I'm proud to
introduce our 2015 team:
*Abhishek Singh* will be working as a Feature Creeper and Bug Hunter,
making improvements throughout the Nmap codebase. The project hasn't even
started yet and he's already found and fixed several NSE script bugs and
has other code changes in the works. Abhishek is...
Nmap 7.10 released: 12 new scripts, hundreds of OS/version fingerprints, bug fixes, and more!
Fyodor (Mar 17)
Hi Folks! Before I tell you about today's new Nmap release, I wanted to
share some Summer of Code news:
Google posted a fantastic story by one of our Summer of Code alumni about
how the program helped take him from rural China to a full-ride scholarship
at the University of Virginia graduate school! His mentor David and I had
the chance to meet him in San Francisco:...
Nmap Project Seeking Talented Programmers for Google Summer of Code 2016
Fyodor (Feb 29)
Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're one...
Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
SEC Consult SA-20171018-1 :: Multiple vulnerabilities in Linksys E-series products
SEC Consult Vulnerability Lab (Oct 18)
SEC Consult Vulnerability Lab Security Advisory < 20171018-1 >
=======================================================================
title: Multiple vulnerabilities
product: Linksys E series, see "Vulnerable / tested versions"
vulnerable version: see "Vulnerable / tested versions"
fixed version: no public fix, see solution/timeline
CVE number: -
impact: high...
SEC Consult SA-20171018-0 :: Multiple vulnerabilities in Afian AB FileRun
SEC Consult Vulnerability Lab (Oct 18)
SEC Consult Vulnerability Lab Security Advisory < 20171018-0 >
=======================================================================
title: Multiple vulnerabilities
product: Afian AB FileRun
vulnerable version: 2017.03.18
fixed version: 2017.09.18
impact: critical
homepage: https://www.filerun.com | https://afian.se
found: 2017-08-28
by: Roman Ferdigg...
SSD Advisory – Linux Kernel AF_PACKET Use-After-Free
Maor Shwartz (Oct 17)
SSD Advisory – Linux Kernel AF_PACKET Use-After-Free
Full report: https://blogs.securiteam.com/index.php/archives/3484
Twitter: @SecuriTeam_SSD
Weibo: SecuriTeam_SSD
Vulnerabilities summary
The following advisory describes a use-after-free vulnerability found in
Linux Kernel’s implementation of AF_PACKET that can lead to privilege
escalation.
AF_PACKET sockets “allow users to send or receive packets on the device
driver level. This for...
SSD Advisory – Ikraus Anti Virus Remote Code Execution
Maor Shwartz (Oct 17)
SSD Advisory – Ikraus Anti Virus Remote Code Execution
Full report: https://blogs.securiteam.com/index.php/archives/3485
Twitter: @SecuriTeam_SSD
Weibo: SecuriTeam_SSD
Vulnerability summary
The following advisory describes an remote code execution found in Ikraus
Anti Virus version 2.16.7.
KARUS anti.virus “secures your personal data and PC from all kinds of
malware. Additionally, the Anti-SPAM module protects you from SPAM and
malware...
SSD Advisory – Webmin Multiple Vulnerabilities
Maor Shwartz (Oct 17)
SSD Advisory – Webmin Multiple Vulnerabilities
Full report: https://blogs.securiteam.com/index.php/archives/3430
Twitter: @SecuriTeam_SSD
Weibo: SecuriTeam_SSD
Vulnerability summary
The following advisory describes three (3) vulnerabilities found in Webmin
version 1.850
Webmin “is a web-based interface for system administration for Unix. Using
any modern web browser, you can setup user accounts, Apache, DNS, file
sharing and much more....
SSD Advisory – Microsoft Office SMB Information Disclosure
Maor Shwartz (Oct 17)
SSD Advisory – Microsoft Office SMB Information Disclosure
Full report: *https://blogs.securiteam.com/index.php/archives/3463
<https://blogs.securiteam.com/index.php/archives/3463>*
Twitter: @SecuriTeam_SSD
Weibo: SecuriTeam_SSD
*Vulnerability Summary*
The following advisory describes an information disclosure found in
Microsoft Office versions 2010, 2013, and 2016.
Microsoft Office is: “Whether you’re working or playing, Microsoft...
SSD Advisory – FiberHome Directory Traversal
Maor Shwartz (Oct 17)
SSD Advisory – FiberHome Directory Traversal
Full report: https://blogs.securiteam.com/index.php/archives/3472
Twitter: @SecuriTeam_SSD
Weibo: SecuriTeam_SSD
Vulnerability Summary
The following advisory describes a directory traversal vulnerability found
in FiberHome routers.
FiberHome Technologies Group “was established in 1974. After continuous and
intensive development for over 40 years, its business has been extended to
R&D,...
[CVE-2017-14322] Interspire Email Marketer - Remote Admin Authentication Bypass
Hakan Küsne (Oct 17)
Please disclose, thanks.
SEC Consult SA-20171017-0 :: Cross site scripting in Webtrekk Pixel tracking component
SEC Consult Vulnerability Lab (Oct 17)
SEC Consult Vulnerability Lab Security Advisory < 20171017-0 >
=======================================================================
title: Cross site scripting
product: Webtrekk Pixel tracking
vulnerable version: v3.24 to v3.40, v4.00 to v4.40, v5.00 to v5.04
fixed version: v3.41, v4.41, v5.05
impact: Medium
homepage: https://www.webtrekk.com/
found: 2017-08-29...
[CVE-2017-15359] 3CX Phone System - Authenticated Directory Traversal
Jens Regel (Oct 16)
Please disclose, thanks.
SSD Advisory – ZTE uSmartView DLL Hijacking
Maor Shwartz (Oct 16)
SSD Advisory – ZTE uSmartView DLL Hijacking
Full report: *https://blogs.securiteam.com/index.php/archives/3457
<https://blogs.securiteam.com/index.php/archives/3457>*
Twitter: @SecuriTeam_SSD
Weibo: SecuriTeam_SSD
Vulnerability summary
The following advisory describes an DLL Hijacking found in ZTE uSmartView.
ZTE uSmartView offers: “ZTE provides full series of cloud computing
products (including cloud terminals, cloud desktops,...
ESA-2017-122: EMC NetWorker Buffer Overflow Vulnerability
EMC Product Security Response Center (Oct 16)
ESA-2017-122: EMC NetWorker Buffer Overflow Vulnerability
EMC Identifier: ESA-2017-122
CVE Identifier: CVE-2017-8022
Severity Rating: CVSSv3 Base Score: 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected products:
* EMC NetWorker versions prior to 8.2.4.9
* EMC NetWorker versions 9.0.x (all supported versions)
* EMC NetWorker versions prior to 9.1.1.3
* EMC NetWorker versions prior to 9.2.0.4
Summary:
EMC...
ESA-2017-124: EMC Isilon OneFS Reflected Cross Site Scripting Vulnerability
EMC Product Security Response Center (Oct 16)
ESA-2017-124: EMC Isilon OneFS Reflected Cross Site Scripting Vulnerability
CVE Identifier: CVE-2017-8024
EMC Identifier: ESA-2017-124
Severity Rating: CVSS Base Score: 9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
Affected Products:
*EMC Isilon OneFS versions prior to 8.1.0.1
*EMC Isilon OneFS versions prior to 8.0.1.2
*EMC Isilon OneFS versions prior to 8.0.0.6
*EMC Isilon OneFS 7.2.1.x
Summary:
EMC Isilon OneFS is impacted by a...
SEC Consult SA-20171016-0 :: Multiple vulnerabilities in Micro Focus VisiBroker C++
SEC Consult Vulnerability Lab (Oct 15)
SEC Consult Vulnerability Lab Security Advisory < 20171016-0 >
=======================================================================
title: Multiple vulnerabilities
product: Micro Focus VisiBroker C++
vulnerable version: 8.5 SP2
fixed version: 8.5 SP4 HF3
CVE number: CVE-2017-9281, CVE-2017-9282, CVE-2017-9283
impact: High
homepage:...
[RCESEC-2017-002][CVE-2017-14956] AlienVault USM v5.4.2 "/ossim/report/wizard_email.php" Cross-Site Request Forgery leading to Sensitive Information Disclosure
Julien Ahrens (Oct 13)
RCE Security Advisory
https://www.rcesecurity.com
1. ADVISORY INFORMATION
=======================
Product: AlienVault USM
Vendor URL: https://www.alienvault.com
Type: Cross-Site Request Forgery [CWE-253]
Date found: 2017-09-22
Date published: 2017-10-13
CVSSv3 Score: 6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVE: CVE-2017-14956
2. CREDITS
==========
This vulnerability was discovered and researched...
Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
FreeBSD Security Advisory FreeBSD-SA-17:07.wpa [REVISED]
FreeBSD Security Advisories (Oct 18)
=============================================================================
FreeBSD-SA-17:07.wpa Security Advisory
The FreeBSD Project
Topic: WPA2 protocol vulnerability
Category: contrib
Module: wpa
Announced: 2017-10-16
Credits: Mathy Vanhoef
Affects: All supported versions of FreeBSD.
Corrected:...
[slackware-security] xorg-server (SSA:2017-291-03)
Slackware Security Team (Oct 18)
[slackware-security] xorg-server (SSA:2017-291-03)
New xorg-server packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/xorg-server-1.18.3-i586-5_slack14.2.txz: Rebuilt.
This update fixes integer overflows and other possible security issues.
For more information, see:...
[slackware-security] wpa_supplicant (SSA:2017-291-02)
Slackware Security Team (Oct 18)
[slackware-security] wpa_supplicant (SSA:2017-291-02)
New wpa_supplicant packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/wpa_supplicant-2.6-i586-1_slack14.2.txz: Upgraded.
This update includes patches to mitigate the WPA2 protocol issues known
as "KRACK" (Key Reinstallation AttaCK),...
[slackware-security] libXres (SSA:2017-291-01)
Slackware Security Team (Oct 18)
[slackware-security] libXres (SSA:2017-291-01)
New libXres packages are available for Slackware 14.1, 14.2, and -current to
fix a security issue.
Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libXres-1.2.0-i586-1_slack14.2.txz: Upgraded.
Integer overflows may allow X servers to trigger allocation of insufficient
memory and a buffer overflow via vectors related to the (1)...
WebKitGTK+ Security Advisory WSA-2017-0008
Carlos Alberto Lopez Perez (Oct 18)
------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2017-0008
------------------------------------------------------------------------
Date reported : October 18, 2017
Advisory ID : WSA-2017-0008
Advisory URL : https://webkitgtk.org/security/WSA-2017-0008.html
CVE identifiers : CVE-2017-7081, CVE-2017-7087, CVE-2017-7089,...
SEC Consult SA-20171018-1 :: Multiple vulnerabilities in Linksys E-series products
SEC Consult Vulnerability Lab (Oct 18)
SEC Consult Vulnerability Lab Security Advisory < 20171018-1 >
=======================================================================
title: Multiple vulnerabilities
product: Linksys E series, see "Vulnerable / tested versions"
vulnerable version: see "Vulnerable / tested versions"
fixed version: no public fix, see solution/timeline
CVE number: -
impact: high...
[security bulletin] HPESBHF03789 rev.2 - Certain HPE Gen9 Systems with HP Trusted Platform Module v2.0 Option, Unauthorized Access to Data
security-alert (Oct 18)
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03789en_us
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: hpesbhf03789en_us
Version: 2
HPESBHF03789 rev.2 - Certain HPE Gen9 Systems with HP Trusted Platform Module
v2.0 Option, Unauthorized Access to Data
NOTICE: The information in this Security Bulletin should be acted upon as
soon as...
[SECURITY] [DSA 3999-1] wpa security update
Yves-Alexis Perez (Oct 16)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3999-1 security () debian org
https://www.debian.org/security/ Yves-Alexis Perez
October 16, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : wpa
CVE ID : CVE-2017-13077 CVE-2017-13078...
SEC Consult SA-20171016-0 :: Multiple vulnerabilities in Micro Focus VisiBroker C++
SEC Consult Vulnerability Lab (Oct 16)
SEC Consult Vulnerability Lab Security Advisory < 20171016-0 >
=======================================================================
title: Multiple vulnerabilities
product: Micro Focus VisiBroker C++
vulnerable version: 8.5 SP2
fixed version: 8.5 SP4 HF3
CVE number: CVE-2017-9281, CVE-2017-9282, CVE-2017-9283
impact: High
homepage:...
[security bulletin] MFSBGN03786 rev.1 - HPE Connected Backup, Local Escalation of Privilege
swpmb . cyber-psrt (Oct 15)
Note: the current version of the following document is available here:
https://softwaresupport.hpe.com/km/KM02987868
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: KM02987868
Version: 1
MFSBGN03786 rev.1 - HPE Connected Backup, Local Escalation of Privilege
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2017-10-13
Last Updated: 2017-10-13
Potential Security Impact: Local:...
Advisory X41-2017-010: Command Execution in Shadowsocks-libev
X41 D-Sec GmbH Advisories (Oct 15)
X41 D-Sec GmbH Security Advisory: X41-2017-010
Command Execution in Shadowsocks-libev
======================================
Overview
--------
Severity Rating: High
Confirmed Affected Versions: 3.1.0
Confirmed Patched Versions: N/A
Vendor: Shadowsocks
Vendor URL: https://github.com/shadowsocks/shadowsocks-libev
Vector: Local
Credit: X41 D-Sec GmbH, Niklas Abel
Status: Public
CVE: not yet assigned
Advisory-URL:...
Advisory X41-2017-008: Multiple Vulnerabilities in Shadowsocks
X41 D-Sec GmbH Advisories (Oct 15)
X41 D-Sec GmbH Security Advisory: X41-2017-008
Multiple Vulnerabilities in Shadowsocks
=======================================
Overview
--------
Confirmed Affected Versions: Latest commit 2ab8c6b on Sep 6
Confirmed Patched Versions: N/A
Vendor: Shadowsocks
Vendor URL: https://github.com/shadowsocks/shadowsocks/tree/master
Vector: Network
Credit: X41 D-Sec GmbH, Niklas Abel
Status: Public
Advisory-URL:...
[RCESEC-2017-002][CVE-2017-14956] AlienVault USM v5.4.2 "/ossim/report/wizard_email.php" Cross-Site Request Forgery leading to Sensitive Information Disclosure
Julien Ahrens (Oct 15)
RCE Security Advisory
https://www.rcesecurity.com
1. ADVISORY INFORMATION
=======================
Product: AlienVault USM
Vendor URL: https://www.alienvault.com
Type: Cross-Site Request Forgery [CWE-253]
Date found: 2017-09-22
Date published: 2017-10-13
CVSSv3 Score: 6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVE: CVE-2017-14956
2. CREDITS
==========
This vulnerability was discovered and researched...
Multiple vulnerabilities in OpenText Documentum Content Server
Andrey B. Panfilov (Oct 13)
CVE Identifier: CVE-2017-15012
Vendor: OpenText
Affected products: OpenText Documentum Content Server (all versions)
Researcher: Andrey B. Panfilov
CVSS v3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Fix: not available
Description:
Opentext Documentum Content Server (formerly known as EMC Documentum Content Server)
does not properly validate input of PUT_FILE RPC-command which allows any
authenticated user to hijack arbitrary file from...
[SECURITY] [DSA 3995-1] libxfont security update
Moritz Muehlenhoff (Oct 11)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3995-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
October 10, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : libxfont
CVE ID : CVE-2017-13720 CVE-2017-13722...
Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.
SpiderFoot 2.11 released
Steve Micallef (Aug 14)
Hi all,
For the folks here interested in OSINT, recon and threat intel, I'm
pleased to announce SpiderFoot 2.11 is now out.
SpiderFoot now has over 100 modules to collect data utilising APIs from
SHODAN, BuiltWith, RIPE, AlienVault OTX, Robtex, HaveIBeenPwned? as well
as typical recon techniques like DNS brute-forcing, port scanning, web
spidering and more. It's open source, written in Python, documented and
usable with both a...
Faraday v2.6: Collaborative Penetration Test and Vulnerability Management Platform
Francisco Amato (Jul 24)
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that helps users improve their
own work, the main purpose is to...
File Upload in Integration Gateway (PSIGW)
ERPScan inc (Jul 20)
1. ADVISORY INFORMATION
Title: File Upload in Integration Gateway (PSIGW)
Advisory ID: [ERPSCAN-17-039]
Advisory URL: https://erpscan.com/advisories/erpscan-17-039-file-upload-integration-gateway-psigw-peoplesoft/
Risk: High
Date published: 18.07.2017
Vendor contacted: Oracle
2. VULNERABILITY INFORMATION
Class: File Upload
Impact: Remote command execution on the server
Remotely Exploitable: Yes
Locally Exploitable: Yes
CVE Name: CVE-2017-10061...
Multiple XSS (POST request) Vulnerabilities in TestServlet (PeopleSoft)
ERPScan inc (Jul 20)
1. ADVISORY INFORMATION
Title: Multiple XSS (POST request) Vulnerabilities in TestServlet (PeopleSoft)
Advisory ID: [ERPSCAN-17-037]
Advisory URL: https://erpscan.com/advisories/erpscan-17-037-multiple-xss-vulnerabilities-testservlet-peoplesoft/
Risk: Medium
Date published: 18.07.2017
Vendor contacted: Oracle
2. VULNERABILITY INFORMATION
Class: XSS [CWE-79]
Impact: Modify displayed content from a Web site, steal authentication
information of a...
Directory Traversal vulnerability in Integration Gateway (PSIGW)
ERPScan inc (Jul 20)
1. ADVISORY INFORMATION
Title: Directory Traversal vulnerability in Integration Gateway (PSIGW)
Advisory ID: [ERPSCAN-17-038]
Advisory URL: https://erpscan.com/advisories/erpscan-17-038-directory-traversal-vulnerability-integration-gateway-psigw/
Risk: High
Date published: 18.07.2017
Vendor contacted: Oracle
2. VULNERABILITY INFORMATION
Class: Directory Traversal
Impact: Read, delete, rewrite file from the system
Remotely Exploitable: Yes
CVE...
[HITB-Announce] HITB GSEC 2017 CommSec CFP Closes July 31st
Hafez Kamal (Jul 15)
REMINDER: CFP Submission dateline is on the 31st of July 2017 23:59 SGT
Alongside HITBGSEC 2017 Singapore, we are calling on the community of hackers, makers, builders and breakers to send us
their 30 minute talk abstracts for consideration to be included in a separate 2-day single-track of talks (24th and
25th August). Access to these track of talks is completely FREE TO ATTEND and we are encouraging everyone to come! If
you're in...
ekoparty: Call for Papers 2017! Open!
Francisco Amato (Jul 12)
ekoparty security conference
Training September 25-26, 2017
Conference September 27-29, 2017
Buenos Aires
Submit at: http://cfp.ekoparty.org
We are really proud to announce the thirteenth edition of the Ekoparty
Security Conference.
Once again, in this unique event, security specialist from all over
Latin America and the World will have the chance to get acquainted
with the most important researches of the year.
Ekoparty has become the most...
Firewall Wizards — Tips and tricks for firewall administrators
Revival?
Paul Robertson (Sep 11)
Since the last few attempts to revive the list have failed, I'm going to attempt a Facebook group revival experiment.
It'll be a bit broader in scope, but I'm hoping we can discuss technical security matters. The new group is
Security-Wizards on Facebook.
Paul
Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.
Faraday v2.6: Collaborative Penetration Test and Vulnerability Management Platform
Francisco Amato (Jul 24)
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that helps users improve their
own work, the main purpose is to...
Faraday v2.5: Collaborative Penetration Test and Vulnerability Management Platform
Francisco Amato (May 29)
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that helps users improve their
own work, the main purpose is to...
Ruxcon 2017 Call For Presentations
cfp (Apr 20)
Ruxcon 2017 Call For Presentations
Melbourne, Australia, October 21-22
CQ Function Centre
http://www.ruxcon.org.au
The Ruxcon team is pleased to announce the first round of Call For Presentations for Ruxcon 2017.
This year the conference will take place over the weekend of the 21st and 22nd of October at the CQ Function Centre,
Melbourne, Australia.
The deadline for submissions is the 30th of June, 2017.
.[x]. About Ruxcon .[x].
Ruxcon is...
Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.
Keynotes
dave aitel (Oct 16)
So I'm about to do V6 of my T2 keynote - usually it takes about 10 full
runs until a keynote is good. This is why we are very very careful about
asking people to do keynotes. They typical first run of a keynote gets
feedback like "This is terrible. Just terrible. Awful". (Except Halvar's).
In any case, I've sent out versions of it to lots of different people
for feedback and I've noticed a few things. Probably the...
Re: Eulogy
Ryan Duff (Oct 10)
Yeah he was. The tragedy is how few will know everything he's done for his
country. But that's how it is.
He'll definitely be remembered by anyone who had the pleasure of working
with him.
-Ryan
Re: Eulogy
Matt Georgy (Oct 06)
He was a great guy and a real patriot. He will be missed.
Eulogy
dave aitel (Oct 06)
It's 11am. I'm pretty drunk right now. Lee would have liked to have
known that his passing was noticed.
For those of you who knew him.
-dave
Re: Equitablefax
the grugq (Oct 03)
Hey
I wasn’t either since it doesn’t impact me, but I had to research it for this week’s news segment on Risky.Biz ==>
https://risky.biz/RB471/
During the research it became clear that the public narrative and the facts were diverging quite a bit. In particular
this “failure to patch” story line. Yes, they were slow to patch. However, their upstream provider didn’t even make the
patch available until weeks after the compromise...
Re: Equitablefax
spacerog () spacerogue net (Oct 03)
Thank you for this timeline because honestly I haven't been paying that
close attention.
Based on this it looks like Equifax did actually patch, just not fast
enough, and by the time they got around to it the bad guys where already
inside. Based on this list the delta from patch release to install was
<91 days. Am I reading this correctly?
If so then the absolute shit ton of criticism heaped on Equifax for not
patching is IMO...
Re: Equitablefax
Arrigo Triulzi (Oct 03)
Just in passing: "Equifax is ISO/IEC 27001:2013 certified by a reputable independent third party.”[0]. Asset management
is a core part of ISO27001:2013.
Cheers,
Arrigo
[0] https://www.equifax.com/assets/WFS/the_work_number_best_practices_in_data_security.pdf (1st page)
Twitter
dave aitel (Sep 29)
Right now everyone is going on and on about how Russians spent 256K on
ads on Twitter to influence the election. Much less understood is how
great Twitter ads are for targeting phishing attacks! I wrote this whole
article while back here
<https://tindertipsforgirls.blogspot.com/2016/03/paying-for-okcupid-is-stupid.html>
on it. People are genuinely good at phishing now. The "Fake RedTube
subscription <...
Re: Equitablefax
the grugq (Sep 29)
I’m not going to address any of the points in the excellent post by Katie but rather put some facts together in a
timeline so people can see the Equihax event better. The “if only bug bounty” claptrap is, as Katie points out (much
more politely), complete bullshit.
Timeline of events:
2017-03-06: Apache announces struts bug
2017-03-07: PoC exploit released to public
2017-03-10: Equihax compromised via struts exploit. Genius hackers use...
Re: Why people aren't stealing ADFS secrets?
James Pleger (Sep 28)
I'm not holding out much hope on the OneLogin side, the breach they had earlier this year sounded really bad. Maybe
that event woke up the other identity providers though.
http://www.zdnet.com/article/onelogin-security-chief-new-details-data-breach/
Re: Equitablefax
Katie M (Sep 28)
I actually tried helping coordinate one of the new bugs that someone found
and wanted to report to Equifax. Unfortunately, before they had time to
even look up from their current conflagration, eyebrows still singed, a
reporter published it.
At this instant, even one bug report, while completely helpful in the
micro-sense, is process-wise another tax on the resources they have working
on the big breach. It still has to go into the queue of their...
Re: Why people aren't stealing ADFS secrets?
Kyle Creyts (Sep 27)
Or other SAML IDP private keys. ADFS is good, but stealing them from IDP
vendors might be much more efficient, and open many more doors. One hopes
that Google, OneLogin, Okta, and friends all do the needful to compartment
and protect these private keys.
On Wed, Sep 27, 2017 at 1:00 PM Konrads Smelkovs <konrads.smelkovs () gmail com>
wrote:
Re: Equitablefax
Katie M (Sep 27)
Having a bug bounty program wouldn't have helped Equifax. Only Equifax
could have helped Equifax. The root cause of the problem wasn't that they
didn't know about the bug, it was that they face the same patch
prioritization risk vs resource balance that all orgs gamble with. They
lost that gamble, which is what every breach represents: a lost bet on the
tradeoffs. Simply knowing about a bug, via a bug bounty or otherwise, is
just...
Why people aren't stealing ADFS secrets?
Konrads Smelkovs (Sep 27)
I was thinking about long term persistence and clearly, it would make a lot
of sense to steal the private key of the ADFS certificate that is used to
authenticate SAML claims. Anyone seen it done?
Re: Equitablefax
Kristian Erik Hermansen (Sep 27)
But clearly Equifax didn't know ALL public facing attack surfaces
controlled by Equifax which were affected by that vulnerability. A bug
bounty likely would have surfaced those missing attack surfaces. Internal
folks always make assumptions about their own network, which is biased and
almost never reality.
- Based on the company's investigation, Equifax believes the
unauthorized accesses to certain files containing personal...
PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.
Re: [Security Weekly] cheap hosting
Robin Wood (Sep 23)
Resurrecting an old thread but they now have an affiliate program and I can
issue my own codes so:
20% off all servers AqUVYbUXag
50% off all big dog (whatever that is) 7E9YRUzEZy
After a month with them, their tech support is OK but not great, the server
has stayed up and not had any problems.
Robin
Re: [Security Weekly] projecting in a bight space
Jeremy Pommerening (Aug 28)
I would look for a projector with at least 6000 ANSI Lumens or better. A darker screen (grey) may also help.
Jeremy Pommerening
________________________________
From: Robin Wood <robin () digi ninja>
To: Security Weekly Mailing List <pauldotcom () mail securityweekly com>
Sent: Sunday, August 3, 2014 3:42 AM
Subject: [Security Weekly] projecting in a bight space
I've been looking at the venue for next year's...
[Security Weekly] Two Firefox security bugs related to HTTPS
ffbugishere (Aug 17)
Hello world!
We need votes for security bugs!
Adding "Security Exception" for self-signed HTTPS sites cannot be done
permanently
https://bugzilla.mozilla.org/show_bug.cgi?id=1050100
Firefox 31 doesn't supports the industry recommended best HTTPS
ciphers
https://bugzilla.mozilla.org/show_bug.cgi?id=1051210
Other browsers should have the same bugs fixed..
p.s.: We are not related to this group, but we think they worth a
penny...
Re: [Security Weekly] Java and Flash decompilers
Will Metcalf (Aug 05)
JPEXS is very nice for flash IMHO.
http://www.free-decompiler.com/flash/
Regards,
Will
Re: [Security Weekly] Java and Flash decompilers
Bradley McMahon (Aug 05)
I've used flare before to pull apart a flash site for a client.
http://www.nowrap.de/flare.html
-Brad
Re: [Security Weekly] SecurityCenter alternative
Steven McGrath (Aug 04)
SC certainly isn’t cheap (as a former SC customer that moved over to Tenable I can attest to that) however I can point
out that the data aggregation, trending, and custom reporting were huge wins in my book. I guess its a time/money
trade-off. How much time do you want to spend either cobbling together a tool or manually aggregating the data when
there is another tool already out there that can do it out of the box.
I can speak in more...
Re: [Security Weekly] Java and Flash decompilers
S. White (Aug 04)
A few I've used in the past:
JAD - http://varaneckas.com/jad/ , http://en.wikipedia.org/wiki/JAD_(JAva_Decompiler)
HP SWFscan
Adobe SWF investigator http://labs.adobe.com/technologies/swfinvestigator/
________________________________
From: Robin Wood <robin () digi ninja>
To: Security Weekly Mailing List <pauldotcom () mail securityweekly com>
Sent: Monday, August 4, 2014 5:54 AM
Subject: [Security Weekly] Java and...
[Security Weekly] DoFler @ BSidesLV
Steven McGrath (Aug 04)
This will be the 3rd year that DoFler (the Dashboard of Fail) will be at BSidesLV. This year I wrote a new spiffy
interface for maximum trolling. Let’s be honest now, everyone loves to surf for various forms of horrible on the
internet at cons :D. Also added this year is a little vulnerability analysis (using Tenable’s PVS). Every year I try
to improve it a bit based on everyone’s input, and am always welcome to more feedback.
DB...
Re: [Security Weekly] cheap hosting
Robin Wood (Aug 04)
Already sorted but thanks for the info.
Re: [Security Weekly] Java and Flash decompilers
Nathan Sweaney (Aug 04)
Here are a few others I've used with varying success in the past:
SWFInvestigator - http://labs.adobe.com/technologies/swfinvestigator/
SWFScan - from Rafal Los at HP, though the link has been deleted. (Careful,
I've seen trojaned copies online.)
Re: [Security Weekly] SecurityCenter alternative
Paul Asadoorian (Aug 04)
Thanks all for the informative discussion!
I know, I'm jumping in late, some closing thoughts on the subject:
- SecurityCenter has the unique advantage of consolidating plugin
updates, meaning you could have hundred of Nessus scanners deployed in
your organization, and the scanners get the plugin feed from your
SecurityCenter system. The removes the requirement of Internet access
(From the scanners), and greatly eases the administration...
Re: [Security Weekly] SecurityCenter alternative
k41zen (Aug 04)
Thanks for all of your help.
We are in discussions with our Tenable contact about solutions for this issue. They’ve helped me out by enabling me to
move forward to at least deploy this into a Pre-Production environment but the costs of SC are a massive stumbling
block; hence my question about something else. Appreciate we have a big Nessus fan base here of which I am a member
too, but just wondered what could be wrapped around it.
I’ll...
Re: [Security Weekly] SecurityCenter alternative
Adrien de Beaupre (Aug 04)
Hi,
I have also written a series of script to collect data from tools such as
nmap and nessus to import into MySQL called OSSAMS:
http://www.ossams.com/wp-content/uploads/2011/10/ossams-parser-SecTor-2011.zip
That leaves report writing as a series of SQL queries.
I also have a series of scripts to kick off scans, as well as a command
like XML-RPC nessus client in python if anyone is interested.
Cheers,
Adrien
Re: [Security Weekly] cheap hosting
sec list (Aug 04)
Hey Robin,
If you're still looking, might want to try out getclouder.com - they
spin up Linux containers in 5 seconds and use distributed storage, which
is pretty awesome. It's still in beta, so they offer 3 months free
service, but it has been pretty stable so far from my experience.
[Security Weekly] Java and Flash decompilers
Robin Wood (Aug 04)
Hi
I'm trying to put together a list of tools for decompiling Flash and Java
apps. From asking on another list I already have:
Java
JD-GUI
Java Decompiler http://jd.benow.ca/jd-gui/downloads/jd-gui-0.3.6.windows.zip.
Java snoop https://code.google.com/p/javasnoop/
Flash
Trillix
Flashbang https://github.com/cure53/Flashbang
Has anyone here got any others they can suggest?
Ideally I'm looking for free stuff but cheap commercial...
Honeypots — Discussions about tracking attackers by setting up decoy honeypots or entire honeynet networks.
Honeypot malware archives
Matteo Cantoni (Feb 14)
Hello everyone,
I would like share with you for educational purposes and without any
commercial purpose, data collected by the my homemade honeypot.
Nothing new, nothing shocking, nothing sensational... but I think can
be of interest to newcomers to the world of analysis of malware,
botnets, etc... maybe for a thesis.
The files collected are divided into zip archives, in alphabetical
order, with password (which must be request via email). Some...
Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.
Microsoft Security Update Minor Revisions
Microsoft (Oct 19)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 18, 2017
********************************************************************
Summary
=======
The following advisory and CVE have been revised in the October 2017
Security Updates.
* ADV170012
* CVE-2017-13080
Revision Information:
=====================
ADV170012
- Title: ADV170012 | Vulnerability in TPM...
Microsoft Security Update Minor Revisions
Microsoft (Oct 17)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 17, 2017
********************************************************************
Summary
=======
The following advisory has been revised in the October 2017 Security
Updates.
* ADV170012
Revision Information:
=====================
ADV170012
- Title: ADV170012 | Vulnerability in TPM could allow Security...
Microsoft Security Update Releases
Microsoft (Oct 17)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 17, 2017
********************************************************************
Summary
=======
The following CVE has undergone a major revision increment.
* ADV170018
CVE Revision Information:
=====================
CVE-2017-13080
- Title: ADV170018 | October 2017 Flash Update
-...
Microsoft Security Update Minor Revisions
Microsoft (Oct 16)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 16, 2017
********************************************************************
Summary
=======
The following CVEs have been revised in the October 2017 Security
Updates.
* CVE-2017-11775
* CVE-2017-11777
* CVE-2017-11815
* CVE-2017-11820
Revision Information:
=====================
CVE-2017-11775
- Title:...
Microsoft Security Update Releases
Microsoft (Oct 16)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 16, 2017
********************************************************************
Summary
=======
The following CVE has undergone a major revision increment.
* CVE-2017-13080
CVE Revision Information:
=====================
CVE-2017-13080
- Title: CVE-2017-13080 | Windows Wireless WPA Group Key
Reinstallation...
Microsoft Security Update Minor Revisions
Microsoft (Oct 11)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 11, 2017
********************************************************************
Summary
=======
The following advisory has been revised in the October 2017 Security
Updates.
* ADV170012
Revision Information:
=====================
ADV170012
- Title: ADV170012 | Vulnerability in TPM could allow Security...
Microsoft Security Bulletin Releases
Microsoft (Oct 10)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 10, 2017
********************************************************************
Summary
=======
The following CVE has been revised in the October 2017 Security
Updates.
* CVE-2017-11774
Revision Information:
=====================
CVE-2017-11774
- Title: CVE-2017-11774 | Microsoft Outlook Security Feature...
Microsoft Security Bulletin Releases
Microsoft (Oct 10)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 10, 2017
********************************************************************
Summary
=======
The following CVE has been revised in the October 2017 Security
Updates.
* CVE-2017-11774
Revision Information:
=====================
CVE-2017-11774
- Title: CVE-2017-11774 | Microsoft Outlook Security Feature...
This summary lists security updates released for October 2017.
Microsoft (Oct 10)
********************************************************************
Microsoft Security Update Summary for October 2017
Issued: October 10, 2017
********************************************************************
This summary lists security updates released for October 2017.
Complete information for the October 2017 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>.
Critical Security...
The following CVE has undergone a major revision increment.
Microsoft (Oct 04)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 4, 2017
********************************************************************
Summary
=======
The following CVE has undergone a major revision increment.
* CVE-2017-8695
CVE Revision Information:
=====================
CVE-2017-8695
- Title: CVE-2017-8695 | Graphics Component Information Disclosure
Vulnerability...
The following CVEs have been revised in the September 2017 Security Updates.
Microsoft (Oct 03)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 3, 2017
********************************************************************
Summary
=======
The following CVEs have been revised in the September 2017 Security
Updates.
* CVE-2017-8759
Revision Information:
=====================
CVE-2017-8759
- Title: CVE-2017-8759 | .NET Framework Remote Code Execution...
The following CVE has undergone a major revision increment.
Microsoft (Sep 26)
********************************************************************
Title: Microsoft Security Update Releases
Issued: September 26, 2017
********************************************************************
Summary
=======
The following CVE has undergone a major revision increment.
* CVE-2017-8628
CVE Revision Information:
=====================
CVE-2017-8628
- Title: CVE-2017-8628 | Microsoft Bluetooth Driver Spoofing
Vulnerability
-...
The following CVE has been revised in the June 2017 Security Updates.
Microsoft (Sep 20)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: September 20, 2017
********************************************************************
Summary
=======
The following CVE has been revised in the June 2017 Security
Updates.
* CVE-2017-8529
Revision Information:
=====================
CVE-2017-8529
- Title: CVE-2017-8529 | Microsoft Browser Information Disclosure...
The following Defense in Depth Update has undergone a major revision increment.
Microsoft (Sep 19)
********************************************************************
Title: Microsoft Security Update Releases
Issued: September 19, 2017
********************************************************************
Summary
=======
The following Defense in Depth Update has undergone a major
revision increment.
* ADV170015
Revision Information:
=====================
ADV170015
- Title: ADV170015 | Microsoft Office Defense in Depth Update
-...
Microsoft Security Update Minor Revisions
Microsoft (Sep 15)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: September 15, 2017
********************************************************************
Summary
=======
The following CVEs have been revised in the September 2017 Security
Updates.
* CVE-2017-8676
* CVE-2017-8682
* CVE-2017-8695
* CVE-2017-8728
* CVE-2017-8742
Revision Information:
=====================
CVE-2017-8676...
Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community
Verizon: 1.5M of Contact Records Stolen, Now on Sale
Jeffrey Walton (Mar 26)
http://www.mobipicker.com/verizon-1-5m-contact-records-stolen-now-sale/:
A business to business telecommunication giant,
Verizon Enterprise Solutions, a Basking Ridge,
New Jersey-based company, has been the latest
victim of a cyber crime that stole 1.5 million contact
records of the customers of Verizon...
I don't quite understand this double talk. Could someone explain to me:
A spokesperson from Verizon said that...
Statement on Lavabit Citation in Apple Case
Jeffrey Walton (Mar 16)
(From John Young on another list):
http://www.facebook.com/KingLadar/posts/10156714933135038
As many of you already know, the government cited the Lavabit case in
a footnote. The problem is their description insinuates a precedent
that was never created. Obviously I was somewhat disturbed by their
misrepresentation. So I decided to draft a statement. And keep in
mind, these are the same people who say "trust us." Click continue to
read...
The NSA's back door has given every US secret to our enemies
Jeffrey Walton (Feb 29)
http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2
Deng Xiaoping, in 1979 - his second year as supreme leader of China -
perceived a fundamental truth that has yet to be fully grasped by most
Western leaders: Software, if properly weaponized, could be far more
destructive than any nuclear arsenal.
Under Deng’s leadership, China began one of the most ambitious and
sophisticated meta- software...
Can Spies Break Apple Crypto?
Jeffrey Walton (Feb 27)
Here's an interesting exchange between Cryptome and Michael Froomkin,
Law Professor at University of Miami, on the All Writs Act
(http://cryptome.org/2016/02/can-spies-break-apple-crypto.htm):
-----
A. Michael Froomkin:
The factual posture in the key Supreme Court precedent, New York
Telephone, involved a situation where only the subject of the order
was capable of providing the assistance at issue. This is the basis
for Apple's...
The FBI's iPhone Problem: Tactical vs. Strategic Thinking
Jeffrey Walton (Feb 23)
http://www.technewsworld.com/story/83130.html
I'm an ex-sheriff, and I've been in and out of security jobs for much
of my life, so I've got some familiarity with the issues underlying
the drama between the FBI and Apple. FBI officials -- and likely those
in every other three-letter agency and their counterparts all over the
world -- would like an easier way to do their jobs. Wouldn't we all?
If they could put cameras in...
Wanted: Cryptography Products for Worldwide Survey
Jeffrey Walton (Jan 01)
(http://www.schneier.com/crypto-gram/archives/2015/1215.html):
In 1999, Lance Hoffman, David Balenson, and others published a survey
of non-US cryptographic products. The point of the survey was to
illustrate that there was a robust international market in these
products, and that US-only export restrictions on strong encryption
did nothing to prevent its adoption and everything to disadvantage US
corporations. This was an important contribution...
CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.
Cisco Releases Security Updates
US-CERT (Oct 18)
U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:
Cisco Releases Security Updates [
https://www.us-cert.gov/ncas/current-activity/2017/10/18/Cisco-Releases-Security-Updates ] 10/18/2017 04:07 PM EDT
Original release date: October 18, 2017
Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one
of these vulnerabilities to take control of an affected...
Google Releases Security Updates for Chrome
US-CERT (Oct 18)
U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:
Google Releases Security Updates for Chrome [
https://www.us-cert.gov/ncas/current-activity/2017/10/18/Google-Releases-Security-Updates-Chrome ] 10/18/2017 10:08 AM
EDT
Original release date: October 18, 2017
Google has released Chrome version 62.0.3202.62 for Windows, Mac, and Linux to address multiple vulnerabilities.
Exploitation of some of these...
Oracle Releases Security Bulletin
US-CERT (Oct 17)
U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:
Oracle Releases Security Bulletin [
https://www.us-cert.gov/ncas/current-activity/2017/10/17/Oracle-Releases-Security-Bulletin ] 10/17/2017 08:40 PM EDT
Original release date: October 17, 2017
Oracle has released its Critical Patch Update for October 2017 to address 252 vulnerabilities across multiple products.
A remote attacker could exploit some of these...
IC3 Issues Alert on DDoS Attacks
US-CERT (Oct 17)
U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:
IC3 Issues Alert on DDoS Attacks [
https://www.us-cert.gov/ncas/current-activity/2017/10/17/IC3-Issues-Alert-DDoS-Attacks ] 10/17/2017 08:39 PM EDT
Original release date: October 17, 2017
The Internet Crime Complaint Center (IC3) has issued an alert on distributed denial-of-service (DDoS)-for-hire services
advertised on criminal forums and marketplaces. Using DDoS...
IC3 Issues Alert on IoT Devices
US-CERT (Oct 17)
U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:
IC3 Issues Alert on IoT Devices [ https://www.us-cert.gov/ncas/current-activity/2017/10/17/IC3-Issues-Alert-IoT-Devices
] 10/17/2017 06:56 PM EDT
Original release date: October 17, 2017
In conjunction with National Cyber Security Awareness Month, the Internet Crime Complaint Center (IC3) has issued an
alert to individuals and businesses about the security risks...
Today’s Predictions for Tomorrow’s Internet
US-CERT (Oct 17)
U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:
Todays Predictions for Tomorrows Internet [
https://www.us-cert.gov/ncas/current-activity/2017/10/17/Today%E2%80%99s-Predictions-Tomorrow%E2%80%99s-Internet ]
10/17/2017 07:24 AM EDT
Original release date: October 17, 2017
October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. Smart
cities, connected devices,...
Adobe Releases Security Updates
US-CERT (Oct 16)
U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:
Adobe Releases Security Updates [
https://www.us-cert.gov/ncas/current-activity/2017/10/16/Adobe-Releases-Security-Updates ] 10/16/2017 03:33 PM EDT
Original release date: October 16, 2017
Adobe has released security updates to address a vulnerability in Adobe Flash Player. A remote attacker could exploit
this vulnerability to take control of an affected system....
CERT/CC Reports WPA2 Vulnerabilities
US-CERT (Oct 16)
U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:
CERT/CC Reports WPA2 Vulnerabilities [
https://www.us-cert.gov/ncas/current-activity/2017/10/16/CERTCC-Reports-WPA2-Vulnerabilities ] 10/16/2017 09:20 AM EDT
Original release date: October 16, 2017
CERT Coordination Center (CERT/CC) has released information on Wi-Fi Protected Access II (WPA2) protocol
vulnerabilities. Exploitation of these vulnerabilities could...
Mozilla Releases Security Update
US-CERT (Oct 11)
U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:
Mozilla Releases Security Update [
https://www.us-cert.gov/ncas/current-activity/2017/10/11/Mozilla-Releases-Security-Update ] 10/11/2017 10:25 AM EDT
Original release date: October 11, 2017
Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. Exploitation of some of
these vulnerabilities may allow a remote attacker to take...
Microsoft Releases October 2017 Security Updates
US-CERT (Oct 10)
U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:
Microsoft Releases October 2017 Security Updates [
https://www.us-cert.gov/ncas/current-activity/2017/10/10/Microsoft-Releases-October-2017-Security-Updates ] 10/10/2017
03:37 PM EDT
Original release date: October 10, 2017
Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some
of these vulnerabilities...
Cybersecurity in the Workplace is Everyone’s Business
US-CERT (Oct 10)
U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:
Cybersecurity in the Workplace is Everyones Business [
https://www.us-cert.gov/ncas/current-activity/2017/10/10/Cybersecurity-Workplace-Everyone%E2%80%99s-Business ]
10/10/2017 01:38 PM EDT
Original release date: October 10, 2017
October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. Creating
a culture of...
Apple Releases Security Update for macOS High Sierra
US-CERT (Oct 05)
U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:
Apple Releases Security Update for macOS High Sierra [
https://www.us-cert.gov/ncas/current-activity/2017/10/05/Apple-Releases-Security-Update-macOS-High-Sierra ] 10/05/2017
05:00 PM EDT
Original release date: October 05, 2017
Apple has released a supplemental security update to address vulnerabilities in macOS High Sierra 10.13. An attacker
could exploit these...
Cisco Releases Security Updates
US-CERT (Oct 04)
U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:
Cisco Releases Security Updates [
https://www.us-cert.gov/ncas/current-activity/2017/10/04/Cisco-Releases-Security-Updates ] 10/04/2017 03:30 PM EDT
Original release date: October 04, 2017
Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some
of these vulnerabilities to cause a denial-of-service...
Apache Releases Security Updates for Apache Tomcat
US-CERT (Oct 03)
U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:
Apache Releases Security Updates for Apache Tomcat [
https://www.us-cert.gov/ncas/current-activity/2017/10/03/Apache-Releases-Security-Updates-Apache-Tomcat ] 10/03/2017
05:26 PM EDT
Original release date: October 03, 2017
The Apache Software Foundation has released Apache Tomcat 9.0.1 and 8.5.23 to address a vulnerability in previous
versions of the software. A...
Apple Releases Security Update for iOS
US-CERT (Oct 03)
U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:
Apple Releases Security Update for iOS [
https://www.us-cert.gov/ncas/current-activity/2017/10/03/Apple-Releases-Security-Update-iOS ] 10/03/2017 04:17 PM EDT
Original release date: October 03, 2017
Apple has released iOS 11.0.2 to address vulnerabilities in previous versions of iOS. Exploitation of some of these
vulnerabilities could allow a remote attacker to...
Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community
CVE request: musl libc 1.1.16 and earlier dns buffer overflow
Rich Felker (Oct 19)
Felix Wilhelm has discovered a flaw in the dns response parsing for
musl libc 1.1.16 that leads to overflow of a stack-based buffer.
Earlier versions are also affected.
When an application makes a request via getaddrinfo for both IPv4 and
IPv6 results (AF_UNSPEC), an attacker who controls or can spoof the
nameservers configured in resolv.conf can reply to both the A and AAAA
queries with A results. Since A records are smaller than AAAA records,...
Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync
Seth Arnold (Oct 19)
Note that the fix isn't modifying rsync, the fix is modifying the ftpsync
script that calls rsync:
+ RSYNC_OPTIONS=${RSYNC_OPTIONS:-"-prltvHSB8192 --safe-links --timeout 3600 --stats --no-human-readable"}
https://anonscm.debian.org/cgit/mirror/archvsync.git/commit/?id=d1ca2ab2210990b6dfb664cd6776a41b71c48016
Of course for people who run this mirroring tool as a specific user
account and set file permissions appropriately this...
[ANNOUNCE] [SECURITY] CVE-2017-12629: Several critical vulnerabilities discovered in Apache Solr (XXE & RCE)
Shalin Shekhar Mangar (Oct 19)
CVE-2017-12629: Several critical vulnerabilities discovered in Apache
Solr (XXE & RCE)
Severity: Critical
Vendor:
The Apache Software Foundation
Versions Affected:
Solr 5.5.0 to 5.5.4
Solr 6.0.0 to 6.6.1
Solr 7.0.0 to 7.0.1
Description:
The details of this vulnerability were reported on public mailing
lists. See https://s.apache.org/FJDl
The first vulnerability relates to XML external entity expansion in
the XML Query Parser which is...
Re: Stored XSS vulnerability in ILIAS <= 5.2.8 and <= 5.1.20
Dollar Strike (Oct 19)
I just skimmed through the fix, I am trying to understand how does this
function if (is_int(strpos(strtolower($a_val), "javascript"))) sanitize the
input as below payloads
1. %22%7D%5D%7D%29%3Balert%280%29%3B --------> "}]});alert(0);
2. %27%27%3B%21--%22%3CXSS%3E%3D%26%7B%28%29%7D ---> '';!--"<XSS>=&{()}
Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync
Robert Watson (Oct 19)
May be that this convo should be migrated somewhere else, but I'd really
like to understand how this has anything to do with symlinks. Been
programming Unix/Linux for 30 years but now need to be a real SysAdmin so
need to correct my misconceptions.
Removing the ability for rsync to copy symlinks pointing to targets outside
the mirror tree would greatly cripple it. I need to understand how the
danger is worth the loss of this functionality....
[RCESEC-2017-001][CVE-2017-14955] Check_mk v1.2.8p25 save_users() Race Condition leading to Sensitive Information Disclosure
Julien Ahrens (Oct 18)
RCE Security Advisory
https://www.rcesecurity.com
1. ADVISORY INFORMATION
=======================
Product: Check_mk
Vendor URL: https://mathias-kettner.de/check_mk.html
Type: Race Condition [CWE-362]
Date found: 2017-09-21
Date published: 2017-10-18
CVSSv3 Score: 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVE: CVE-2017-14955
2. CREDITS
==========
This vulnerability was discovered and researched by...
Re: Stored XSS vulnerability in ILIAS <= 5.2.8 and <= 5.1.20
chbi (Oct 18)
CVE-2017-15538 has been assigned.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15538
Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync
Ben Tasker (Oct 18)
On Wed, Oct 18, 2017 at 1:55 PM, Robert Watson <robertcwatson1 () gmail com>
wrote:
If I'm reading the original correctly, then the user that will access the
target will be the user your HTTP daemon runs as (so, for sake of example,
nginx).
There's stuff that will be protected by permissions (for example, you
shouldn't be able to pull down /etc/shadow - so long as nginx/apache isn't
running as root), but there are...
Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync
Robert Watson (Oct 18)
Since security is determined by file and directory permissions and
ownership, not by symlinks, wouldn't the fact that a malicious user did not
have permissions to access the symlink's target file/directory prevent any
harm?
WebKitGTK+ Security Advisory WSA-2017-0008
Carlos Alberto Lopez Perez (Oct 18)
------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2017-0008
------------------------------------------------------------------------
Date reported : October 18, 2017
Advisory ID : WSA-2017-0008
Advisory URL : https://webkitgtk.org/security/WSA-2017-0008.html
CVE identifiers : CVE-2017-7081, CVE-2017-7087, CVE-2017-7089,...
Re: CVE-2017-12190: Linux kernel: block: memory leak when merging small consecutive buffers in SCSI IO vectors
Vladis Dronov (Oct 18)
Hello,
A patch fixing this issue was accepted upstream:
commit 95d78c28b5a85bacbc29b8dba7c04babb9b0d467 fix unbalanced page refcounting in bio_map_user_iov
I would also consider next 2 related patches if backporting:
commit 2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058 more bio_map_user_iov() leak fixes
commit 1cfd0ddd82232804e03f3023f6a58b50dfef0574 bio_copy_user_iov(): don't ignore ->iov_offset #v4.5+
Best regards,
Vladis Dronov | Red...
Xen Security Advisory 244 (CVE-2017-15594) - x86: Incorrect handling of IST settings during CPU hotplug
Xen . org security team (Oct 18)
Xen Security Advisory CVE-2017-15594 / XSA-244
version 3
x86: Incorrect handling of IST settings during CPU hotplug
UPDATES IN VERSION 3
====================
CVE assigned.
ISSUE DESCRIPTION
=================
The x86-64 architecture allows interrupts to be run on distinct stacks.
The choice of stack is encoded in a field of the corresponding
interrupt descriptor in the Interrupt Descriptor Table...
Xen Security Advisory 243 (CVE-2017-15592) - x86: Incorrect handling of self-linear shadow mappings with translated guests
Xen . org security team (Oct 18)
Xen Security Advisory CVE-2017-15592 / XSA-243
version 4
x86: Incorrect handling of self-linear shadow mappings with translated guests
UPDATES IN VERSION 4
====================
CVE assigned.
ISSUE DESCRIPTION
=================
The shadow pagetable code uses linear mappings to inspect and modify the
shadow pagetables. A linear mapping which points back to itself is known as
self-linear. For...
Xen Security Advisory 239 (CVE-2017-15589) - hypervisor stack leak in x86 I/O intercept code
Xen . org security team (Oct 18)
Xen Security Advisory CVE-2017-15589 / XSA-239
version 3
hypervisor stack leak in x86 I/O intercept code
UPDATES IN VERSION 3
====================
CVE assigned.
ISSUE DESCRIPTION
=================
Intercepted I/O operations may deal with less than a full machine
word's worth of data. While read paths had been the subject of earlier
XSAs (and hence have been fixed), at least one...
Xen Security Advisory 242 (CVE-2017-15593) - page type reference leak on x86
Xen . org security team (Oct 18)
Xen Security Advisory CVE-2017-15593 / XSA-242
version 3
page type reference leak on x86
UPDATES IN VERSION 3
====================
CVE assigned.
ISSUE DESCRIPTION
=================
The page type system of Xen requires cleanup when the last reference
for a given page is being dropped. In order to exclude simultaneous
updates to a given page by multiple parties, pages which are...
Secure Coding — The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.
Silver Bullet 123: Yanek Korff
Gary McGraw (Jul 06)
hi sc-l,
The latest installment of Silver Bullet was posted this morning. Silver Bullet episode 123 features a conversation
with Yanek Korff. Yanek worked for many years at Cigital as a system administrator back in the early days. He then
moved on to operational security work at AOL and running managed security services at Mandiant.
We talk about managing technical people in this episode. We also discuss operational security. Have a...
Educause Security Discussion — Securing networks and computers in an academic environment.
Re: posters or graphics promoting 2FA / Duo for students (or faculty)?
Telfer, Will (Oct 19)
Initially the graphic said ‘Do You? I Do’ (with the Duo logo inside the O in the second Do) - this is what was on the
shirts, but after the initial rollout it changed to ‘We Duo’ like you see now.
Thank You,
Will Telfer, M.S.
Information Security Analyst
Information Technology Services
[sig]
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ben
Marsden
Sent: Thursday,...
Re: posters or graphics promoting 2FA / Duo for students (or faculty)?
Ben Marsden (Oct 19)
Hi Will, thanks! Actually, while using my weak google-fu to see what I
could find prior to posting, I did find your "We do Duo, Enroll Now"
graphic, which I promptly printed and already have push-pinned to my office
door! :-)
Fwiw, so far the best incentive we've come up with was adding $5 extra of
printing to their student account if they signed up by the end of
September. That seemed to work *really* well.
-- Ben
On...
Re: posters or graphics promoting 2FA / Duo for students (or faculty)?
Telfer, Will (Oct 19)
We rolled out Duo to one service last year & just this month rolled it out to about 50 more…our marketing folks went
with the theme seen on our 2-factor website: www.baylor.edu/its/weduo<http://www.baylor.edu/its/weduo>. We even gave
away t-shirts in the school colors with that logo on it. I’m not sure if this is the eye-catching look, but it did
sync up with Duo’s look fairly well, since we incorporated the logo into our...
posters or graphics promoting 2FA / Duo for students (or faculty)?
Ben Marsden (Oct 19)
Hi, We're doing a "slow roll" of Duo this year.
We're continuing to work on ways to promote adoption of Duo for 2FA for
students. I'd like to post posters or table tent graphics to keep getting
eyes on it so that it enters their awareness fringes and hopefully
generates greater buy-in during more active and targeted efforts.
Do you have an eye-catching promotional poster or graphic you'd be
willing to...
Re: Security Awareness Training Tool(s)
Kevin Cumberland (Oct 19)
Michael,
I did not have that issue as it relates to support. They were great in
responding to any questions or issues that I did have and they were very
quick and eager to help. I'm not really sure why your experience was
different than mine but at any rate, it's a great product
Thanks
Kevin,
I had started the implementation of this product at my last institution
and while I can’t say I completed it prior to switching jobs I can...
Save the date - VA Tech SANS Onsite 3/5/2018-3/10/2018
randy (Oct 19)
Just a note to save the date for the 2018 VA Tech SANS Onsite class that
will be offered in March, 2018. Details are:
1. WHAT: SEC 573 Automating Information Security with Python
2. WHEN: 3/5-10/2018
3. COST: $2390/person class only, $3190/person class+GIAC
4. GIAC Certification: GPYC
5. WHERE: VA Tech, Blacksburg, VA, simulcast option available
6. WWW SITE: being updated
If you have any questions, let me know. Thanks.
-Randy Marchany
VA Tech...
Save the date - VA Tech SANS Onsite 3/5/2018-3/10/2018
randy (Oct 19)
Just a note to save the date for the 2018 VA Tech SANS Onsite class that
will be offered in March, 2018. Details are:
1. WHAT: SEC 573 Automating Information Security with Python
2. WHEN: 3/5-10/2018
3. COST: $2390/person class only, $3190/person class+GIAC
4. GIAC Certification: GPYC
5. WHERE: VA Tech, Blacksburg, VA, simulcast option available
6. WWW SITE: being updated
If you have any questions, let me know. Thanks.
-Randy Marchany
VA Tech...
Re: Security Awareness Training Tool(s)
Madl, Michael (Oct 19)
Kevin,
I had started the implementation of this product at my last institution and while I can’t say I completed it prior to
switching jobs I can say that I liked it a lot. The content delivery was straight forward, the price was right and the
tracking was a nice feature. What I wish could have been improved upon was the support. You basically get a single
‘set up’ call and that is it (so take good notes and record your session)....
Re: Security Awareness Training Tool(s)
Hudson, Edward (Oct 19)
We use PhishMe and LawRoom content for FERPA and Data Security online.
SANS refused to submit a RFP “We are SANS, we don’t submit RFPs” <--actual quote
So we went a different direction.
We have been very happy with PhishMe (used system wide) and the content from LawRoom.
Ed
Ed Hudson
Interim CISO
[cid:image001.png@01D32273.F8B82F00]
401 Golden Shore
Long Beach, CA 90802
Tel 562-951-8431
ehudson () calstate edu<mailto:ehudson ()...
Re: Security Awareness Training Tool(s)
Francisco Chavez (Oct 19)
Scott,
We just rolled out our security Awareness Training for faculty and staff this month. We are using SANS Securing
The Human training modules and delivering it through our Moodle LMS. We have built in course feedback to capture their
impressions on the course. Overall, we have had very positive results. People are very happy about how engaging the
content is for them. However, i would definitely review the content before you...
Re: Security Awareness Training Tool(s)
Scott Stoops (Oct 19)
We have been looking into security awareness training and have looked at a
couple of vendors. We are now looking into the SANS Securing The Human. I'd
appreciate any feedback on how well this has worked out. What kinds of
feedback has anyone gotten from their users?
Scott Stoops
Security Analyst II
Office of Information Technology | 100 Patterson Technology Center
Ashland, OH 44805
(w) 419-289-5405
sstoops () ashland edu
Re: Security Awareness Training Tool(s)
Kevin Cumberland (Oct 19)
We use PhishMe also but just for the running phishing campaigns. It's
great for that as it has a lot of predefined templates for both phishing
and creating awareness newsletters. We use SANS Securing the Human for
the content that we then import into our LMS. We have mandated that all
employees complete security awareness training
Kevin Cumberland
Network Security Administrator
Information Technology Services
College of Southern Maryland...
Re: Security Awareness Training Tool(s)
Ronald Loneker (Oct 19)
Sorry I'm late to seeing this.
Phishme.com offers training with a phishing simulation program that they
charge for. They also do have free training modules for those who cannot
purchase their service - I was able to load them into our Moodle LMS to
create a training course for our faculty and staff, although we have not
mandated the training yet.
Ron Loneker, Jr.
Director, IT Special Projects
College of Saint Elizabeth
Henderson Hall,...
Re: Apple Devices not trusting Comodo SSL Certificate on initial Wireless Connection
Ted Pham (Oct 18)
Recent iOS devices should have the Comodo root cert in their certificate stores. This allows web browsers and apps on
iOS devices to trust Comodo issued certs.
The issue is that WPA2 Enterprise Radius Auth was designed for large corporate enterprise intranet use. Large corporate
enterprises tend to run their own internal PKI infrastructures because they don't want to trust public certificate
authorities for some internal functions. (See...
Re: Apple Devices not trusting Comodo SSL Certificate on initial Wireless Connection
Rich Graves (Oct 18)
No, you need a profile, period. Or a leap of faith by the client – I kinda
like the way that Windows 10 presents that choice to the user. “Do you
expect to find this network in this location?”
For HTTPS, security depends on consistency between the name the user types
(or at least sees) in the address bar, and the name on the SSL certificate
(which must be signed by a trusted third party). For WiFi, there is no
address bar and no fully...
NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.
Re: Puerto Rico: Lack of electricity threatens telephone and internet services
Wayne Bouchard (Oct 19)
Well, the problem as I understand it is that the infrastructure was
not all that great to begin with. Much of it was damaged in the first
storm and when this second one came through, what remained basically
disappeared. That's why they say that the only thing you can do is
start from the middle and slowly extend the tentacles outward. You're
almost building the territory from scratch. Assuming that the reports
of theft,...
Re: Puerto Rico: Lack of electricity threatens telephone and internet services
Jeff Shultz (Oct 19)
It does make you wonder about the electrical infrastructure of the island,
and how much work is being done to repair it. With the Texas and Florida
hurricanes you saw fleets of electrical service vehicles (boom trucks and
the like) from other power companies with joint agreements waiting to
deploy into the disaster area as soon as it was safe to do so.
With PR.... well, it's not like you can drive to the island, much less
(apparently)...
Re: Puerto Rico: Lack of electricity threatens telephone and internet services
Jean-Francois Mezei (Oct 19)
Permanent duty diesel generators exist. Many northern communities in
Canada run on them as their 7/24 power source.
It *shouldn't* have taken long after Maria for locals to know how much
damage there had been to electrical grid and that if it's gonna take
months to fix, you're gonna need constant duty generators.
What isn't clear to me is whether everything still depends on FEMA/army
help, or whether business is able to...
Re: F Y I
Alain Hebert (Oct 19)
Well,
We could also break that 200yo+ paradigm of having a paywall for
what should pretty much be free.
Like that media supply chain still forcing licensing per country...
And yes $35USD can be a lot of money for people that are hungry for
both food and knowledge.
-----
Alain Hebert ahebert () pubnix net
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield,...
Re: F Y I
Christopher Morrow (Oct 19)
Re: F Y I
João Butzke (Oct 19)
it worked here in Brazil against whatsapp.
Em 19/10/2017 13:49, Lee Howard escreveu:
Re: F Y I
Lee Howard (Oct 19)
"Sci-Hub’s founder, has previously told The Scientist the site plans to
ignore the lawsuit.” How would Sci-Hub consider this a “fix”?
What enforcement mechanism would the Court have against Sci-Hub?
The idea of making third parties (ISPs) incur costs (updating ACLs or
poisoning DNS) to enforce the order is pretty bad, and doesn’t stop Tor
access. Sorry I didn’t have a chance to file an amicus before the ruling
tomorrow.
Lee
Re: Looking for a contact with clue at Choopa/Reliablesite network engineering
Brian Kantor (Oct 19)
The most recent contact I have had with Vultr (parent of Choopa) is
Richard Simpliciano <rsimpliciano () vultr com>, who a week ago signed
his note as "network administrator". He was checking with me as to
whether a customer of theirs was authorized to have Vultr announce one
of our prefixes, so he might be the right person to contact.
- Brian
Re: AS36040 Prefix Limits
Mike Hammett (Oct 19)
It is in conjunction with a route server. The filtering I meant would be that network A wants the IX to drop all
advertisements to them from network B. Normally solved by network B putting a community on their routes to not
advertise to network A, but network B doesn't want to do one-off configs.
-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
----- Original Message...
Re: AS36040 Prefix Limits
Mike Hammett (Oct 19)
Chris got me in touch with the right people.
Thanks.
-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
----- Original Message -----
From: "Christopher Morrow" <morrowc.lists () gmail com>
To: "Mike Hammett" <nanog () ics-il net>
Cc: "NANOG list" <nanog () nanog org>
Sent: Wednesday, October 18, 2017 1:49:40 PM
Subject: Re:...
TWC/Charter/Spectrum contact off-list ? (Reverse DNS issue)
Brandon Applegate (Oct 19)
Hello,
I had success with this issue about 2 years ago when some TWC folks contacted me. I don’t know if those folks are
still with TWC/Charter here in the end of 2017 - hence posting on NANOG. The tl;dr is IPv6 reverse DNS issues. It was
broken, got fixed, and seems to have broken again recently.
Thanks in advance.
Puerto Rico: Lack of electricity threatens telephone and internet services
Sean Donelan (Oct 19)
On October 18, 2017, the Puerto Rican Telecommunications Alliance warned
the lack of utility power in the main telecommunications centers (Metro
office park, Caparra and San Patricio) may not be sustainable soon.
Although the telecommunication facilities are using generators, they are
not intended for long-term, continuous use. The generators will need
maintenance and likely experience unscheduled failures the longer they're
used....
Re: AS36040 Prefix Limits
Nathan Brookfield (Oct 18)
Both sides should be filtering advertisements.
The IX may just filter by AS Path which is fairly normal by the originating AS or transiting AS should be filtering the
prefixes they advertise as well/
Nathan Brookfield
Chief Executive Officer
Simtronic Technologies Pty Ltd
http://www.simtronic.com.au
Hi, Mike
I am looking for someone that can speak authoritatively regarding AS36040's
ability to change their own prefix limits, prefix...
Re: AS36040 Prefix Limits
Andy Davidson (Oct 18)
Hi, Mike
Unless this is in conjunction with a multilateral peering session (“route-server”), when prefix-filtering is something
that the IXP very much should be doing.
Andy
Re: Looking for a contact with clue at Choopa/Reliablesite network engineering
Large Hadron Collider (Oct 18)
Thanks for reminding me to switch away from Vultr at my earliest
opportunity.
Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating
UK Gov't Considering Redefining Social Media Services As Publishers To Make It Easier To Control Them
Dave Farber (Oct 19)
Begin forwarded message:
> From: Richard Forno <rforno () infowarrior org>
> Date: October 19, 2017 at 11:49:38 AM EDT
> To: Infowarrior List <infowarrior () attrition org>
> Cc: Dave Farber <dave () farber net>
> Subject: UK Gov't Considering Redefining Social Media Services As Publishers To Make It Easier To Control Them
>
>
>
> UK Gov't Considering Redefining Social Media Services As...
Network Neutrality and Beyond: The Long Road Ahead
Dave Farber (Oct 19)
Begin forwarded message:
> From: Dewayne Hendricks <dewayne () warpspeed com>
> Date: October 19, 2017 at 9:31:05 AM EDT
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] Network Neutrality and Beyond: The Long Road Ahead
> Reply-To: dewayne-net () warpspeed com
>
> Network Neutrality and Beyond: The Long Road Ahead
> By Michael Copps
> Oct 18 2017
> <...
COMO CONSEGUIR NUEVOS CLIENTES ???
no responder (Oct 19)
Su Cliente de Mail NO soporta mensajes en formato HTML.
Para ver correctamente el contenido del correo COPIE y PEGUE la siguiente URL
en su Navegador Web (Chrome / Internet Explorer / FireFox / Safari)
https://app.embluemail.com/Online/VO.aspx?6c4h-R-ek5bq75dbKwIKEi-R-9i:,i,9-R-0
Intel Launches AI Policy Proposals
Dave Farber (Oct 18)
Begin forwarded message:
> From: "Hoffman, David Legal" <david.legal.hoffman () intel com>
> Date: October 18, 2017 at 7:33:57 PM EDT
> To: "Hoffman, David Legal" <david.legal.hoffman () intel com>
> Subject: Intel Launches AI Policy Proposals
> Reply-To: "Autio, Chloe" <chloe.autio () intel com>, "Hoffman, David Legal" <david.legal.hoffman () intel com>
>
>...
The Flawed System Behind the Krack Wi-Fi Meltdown
Dave Farber (Oct 18)
Ain’t that simple
Begin forwarded message:
> From: the keyboard of geoff goodfellow <geoff () iconia com>
> Date: October 18, 2017 at 4:16:37 PM EDT
> To: "E-mail Pamphleteer Dave Farber's Interesting People list" <ip () listbox com>
> Subject: The Flawed System Behind the Krack Wi-Fi Meltdown
>
> The Flawed System Behind the Krack Wi-Fi Meltdown
> By LILY HAY NEWMAN
> Oct 17 2017
> <...
Re Authoritarian Cryptocurrencies Are Coming
Dave Farber (Oct 18)
Begin forwarded message:
> From: Frederick Noronha <fredericknoronha () gmail com>
> Date: October 18, 2017 at 3:18:01 PM EDT
> To: dave () farber net
> Cc: ip <ip () listbox com>
> Subject: Re: [IP] Authoritarian Cryptocurrencies Are Coming
>
>
>
> ... and India too, according to news reports:
>
>...
Authoritarian Cryptocurrencies Are Coming
Dave Farber (Oct 18)
Begin forwarded message:
> From: Dewayne Hendricks <dewayne () warpspeed com>
> Date: October 18, 2017 at 9:28:54 AM EDT
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] Authoritarian Cryptocurrencies Are Coming
> Reply-To: dewayne-net () warpspeed com
>
> Authoritarian Cryptocurrencies Are Coming
> Russia and China see a new way to completely control their...
☼ Frente al Mar en Punta del Este, Temporada 2017 / 2018
noresponder (Oct 18)
Su Cliente de Mail NO soporta mensajes en formato HTML.
Para ver correctamente el contenido del correo COPIE y PEGUE la siguiente URL
en su Navegador Web (Chrome / Internet Explorer / FireFox / Safari)
https://app.embluemail.com/Online/VO.aspx?6c4h-R-ek5bp9:fbKwIKEi-R-9i:,i,9-R-0
Gift-Customized Logo/USB Flash Drive Factory/Amy
Amy (Oct 17)
Hi lists-ip-jhof () seclists org,
It is nice to find your product in the market.
We are a Manufacturing & trading combo company with thousands of USB items(www.usbflashdrive-factory.com), that can
turn your product into a business gift, and it is a great idea as gifts for advertisement.
Please contact us.
Thanks & regards.Amy
Shenzhen TOROVO Technology CO., LtdAdd: Bantian Street, Longgang District,Shenzhen, Guangdong,...
WPA2: Broken with KRACK. What now?
Dave Farber (Oct 16)
Begin forwarded message:
> From: the keyboard of geoff goodfellow <geoff () iconia com>
> Date: October 16, 2017 at 6:03:14 PM EDT
> To: "E-mail Pamphleteer Dave Farber's Interesting People list" <ip () listbox com>
> Subject: WPA2: Broken with KRACK. What now?
>
> WPA2: Broken with KRACK. What now?
> By Alex Hudson
> Oct 15 2017
> <...
Millions of high-security crypto keys crippled by newly discovered flaw
Dave Farber (Oct 16)
Begin forwarded message:
> From: Dewayne Hendricks <dewayne () warpspeed com>
> Date: October 16, 2017 at 1:23:30 PM EDT
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] Millions of high-security crypto keys crippled by newly discovered flaw
> Reply-To: dewayne-net () warpspeed com
>
> Millions of high-security crypto keys crippled by newly discovered flaw
>...
20 of America's top political scientists gathered to discuss our democracy. They're scared.
Dave Farber (Oct 16)
Begin forwarded message:
> From: Dewayne Hendricks <dewayne () warpspeed com>
> Date: October 16, 2017 at 5:55:09 AM EDT
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] 20 of America's top political scientists gathered to discuss our democracy. They're scared.
> Reply-To: dewayne-net () warpspeed com
>
> [Note: This item comes from friend Mike Cheponis....
Re Almost half of Republicans want war with North Korea, a new poll says. Is it the Trump Effect? - The Washington Post
Dave Farber (Oct 16)
Begin forwarded message:
> From: Geoff Kuenning <geoff () cs hmc edu>
> Date: October 16, 2017 at 2:51:06 AM EDT
> To: dave () farber net
> Cc: "ip" <ip () listbox com>
> Subject: Re: [IP] Re Almost half of Republicans want war with North Korea, a new poll says. Is it the Trump Effect? -
> The Washington Post
>
> I suspect that most ordinary Americans, and especially those predisposed towards a...
US Congress mulls first 'hack back' revenge law. And yup, you can guess what it'll let people do
Dave Farber (Oct 16)
Begin forwarded message:
> From: Richard Forno <rforno () infowarrior org>
> Date: October 14, 2017 at 6:27:44 PM EDT
> To: Infowarrior List <infowarrior () attrition org>
> Cc: Dave Farber <dave () farber net>
> Subject: US Congress mulls first 'hack back' revenge law. And yup, you can guess what it'll let people do
>
> US Congress mulls first 'hack back' revenge law. And yup, you...
Re Almost half of Republicans want war with North Korea, a new poll says. Is it the Trump Effect? - The Washington Post
Dave Farber (Oct 15)
Begin forwarded message:
> From: George Dyson <gdyson () gmail com>
> Date: October 15, 2017 at 9:41:21 PM EDT
> To: David Farber <dave () farber net>
> Subject: Re: [IP] Re Almost half of Republicans want war with North Korea, a new poll says. Is it the Trump Effect? -
> The Washington Post
>
> Instead of this list of actual vulnerabilities that deserves real consideration, we get headlines like "Experts...
The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.
Risks Digest 30.47
RISKS List Owner (Sep 29)
RISKS-LIST: Risks-Forum Digest Friday 29 September 2017 Volume 30 : Issue 47
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.47>
The current issue can also...
Risks Digest 30.46
RISKS List Owner (Sep 11)
RISKS-LIST: Risks-Forum Digest Monday 11 September 2017 Volume 30 : Issue 46
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.46>
The current issue can also...
Risks Digest 30.44
RISKS List Owner (Aug 31)
RISKS-LIST: Risks-Forum Digest Thursday 31 August 2017 Volume 30 : Issue 44
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.44>
The current issue can also be...
Risks Digest 30.43
RISKS List Owner (Aug 14)
RISKS-LIST: Risks-Forum Digest Monday 14 August 2017 Volume 30 : Issue 43
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.43>
The current issue can also be...
Risks Digest 30.42
RISKS List Owner (Aug 07)
RISKS-LIST: Risks-Forum Digest Monday 7 August 2017 Volume 30 : Issue 42
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.42>
The current issue can also be...
Risks Digest 30.41
RISKS List Owner (Aug 01)
RISKS-LIST: Risks-Forum Digest Tuesday 1 August 2017 Volume 30 : Issue 41
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.41>
The current issue can also be...
Risks Digest 30.40
RISKS List Owner (Jul 28)
RISKS-LIST: Risks-Forum Digest Friday 28 July 2017 Volume 30 : Issue 40
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.40>
The current issue can also be...
Risks Digest 30.39
RISKS List Owner (Jul 22)
RISKS-LIST: Risks-Forum Digest Saturday 22 July 2017 Volume 30 : Issue 39
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.39>
The current issue can also be...
Risks Digest 30.38
RISKS List Owner (Jul 17)
RISKS-LIST: Risks-Forum Digest Monday 17 July 2017 Volume 30 : Issue 38
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.38>
The current issue can also be...
Risks Digest 30.37
RISKS List Owner (Jul 14)
RISKS-LIST: Risks-Forum Digest Friday 14 July 2017 Volume 30 : Issue 37
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.37>
The current issue can also be...
Risks Digest 30.36
RISKS List Owner (Jul 07)
RISKS-LIST: Risks-Forum Digest Friday 7 July 2017 Volume 30 : Issue 36
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.36>
The current issue can also be...
Risks Digest 30.35
RISKS List Owner (Jun 28)
RISKS-LIST: Risks-Forum Digest Wednesday 28 June 2017 Volume 30 : Issue 35
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.35>
The current issue can also be...
Risks Digest 30.34
RISKS List Owner (Jun 24)
RISKS-LIST: Risks-Forum Digest Saturday 24 June 2017 Volume 30 : Issue 34
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.34>
The current issue can also be...
Risks Digest 30.32
RISKS List Owner (Jun 10)
RISKS-LIST: Risks-Forum Digest Saturday 10 June 2017 Volume 30 : Issue 32
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.32>
The current issue can also be...
Risks Digest 30.31
RISKS List Owner (Jun 08)
RISKS-LIST: Risks-Forum Digest Thursday 8 June 2017 Volume 30 : Issue 31
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.31>
The current issue can also be...
BreachExchange — BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.
Agency report: Most businesses couldn't withstand cyberattack
Destry Winant (Oct 19)
https://www.theet.com/news/free/agency-report-most-businesses-couldn-t-withstand-cyberattack/article_d1e81455-f3f3-5c94-b5a5-93efbe683dce.html
Half of small businesses report they could remain profitable for only
one month if they lost essential data, according to a new report
released by the Better Business Bureau in conjunction with National
Cybersecurity Awareness Month.
“Profitability is the ultimate test of risk,” said Bill Fanelli,...
Top real estate company admits to being unwitting source of country’s largest personal data breach
Destry Winant (Oct 19)
https://www.timeslive.co.za/news/south-africa/2017-10-18-top-real-estate-company-admits-to-being-unwitting-source-of-countrys-largest-personal-data-breach/
One of South Africa’s top real estate companies has admitted to being
the unwitting source of the largest known personal data breach to date
in the country.
TimesLIVE has also ascertained that the dump of personal information —
estimated at 31.6 million records — includes the estimated...
Realistic Cybersecurity for Small- and Mid-Sized Enterprises
Inga Goddijn (Oct 18)
http://www.brinknews.com/realistic-cybersecurity-for-small-and-mid-sized-enterprises/
In June of this year, a data analytics firm working for the Republican
National Committee left databases of 198 million U.S. citizen voter files
exposed to the Internet without security, making the RNC susceptible to
theft by cyber criminals for 10 to 14 days. Following the incident, the RNC
suspended its relationship with the third-party firm.
Reading the...
Why Certification Matters for Cloud Service Providers
Inga Goddijn (Oct 18)
https://cloudtweaks.com/2017/10/certification-cloud-service-providers/
Certification for Cloud Service Providers
As of 2017, the concept of “*cloud*” has become more of a norm for
companies and organizations worldwide. Most now use cloud service providers
(CSPs) for some part of their business, and cloud has grown from simply
being an IT concern to a C-level concern. Debate continues over the
varieties of cloud available, such as...
How We Can Turn National Cybersecurity Awareness Month Into Cybersecurity Action
Inga Goddijn (Oct 18)
https://dzone.com/articles/how-we-can-turn-national-cybersecurity-awareness-m
Want to take a peek at the World’s Worst Data Breaches? Here
<http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/>
you go.
Now that we’ve got that out of the way, let’s start this blog post over
again. Our goal isn’t to frighten you or deepen the numbness you might
already be feeling from the drip, drip, drip of bad...
THE RIGHT STUFF: BUILDING AN EFFECTIVE CYBERSECURITY INCIDENT RESPONSE TEAM
Inga Goddijn (Oct 18)
http://www.insidecounsel.com/2017/10/17/the-right-stuff-building-an-effective-cybersecurit?slreturn=1508263317
I. A Multi-disciplinary Team-based Approach to Incident Response
A well thought-out and practical incident response plan is a key component
of any comprehensive information security program. But, organizations often
make the mistake of categorizing the incident response plan as an “IT
issue” or a “legal issue.” A...
Data breach at Arden Hills-based Catholic financial services provider affects nearly 130K accounts
Inga Goddijn (Oct 18)
http://www.twincities.com/2017/10/16/catholic-united-financial-data-breach-may-have-affected-nearly-130k-accounts/
A data breach at an Arden Hills-based financial services company serving
Catholic Church members in the upper Midwest has affected nearly 130,000
current and former members.
The unidentified hacker accessed the first and last names, mailing
addresses, dates of birth, email addresses, insurance policy information,
and Social...
Microsoft responded quietly after detecting secret database hack in 2013
Richard Forno (Oct 17)
#Cyber Risk
October 17, 2017 / 5:06 AM / in 6 hours
Microsoft responded quietly after detecting secret database hack in 2013
Joseph Menn
http://www.reuters.com/article/us-microsoft-cyber-insight/microsoft-responded-quietly-after-detecting-secret-database-hack-in-2013-idUSKBN1CM0D0
(Reuters) - Microsoft Corp’s secret internal database for tracking bugs in its own software was broken into by a highly
sophisticated hacking group more than four...
FTC Provides Guidance on Reasonable Data Security Practices (Part I of III)
Inga Goddijn (Oct 17)
http://www.jdsupra.com/legalnews/ftc-provides-guidance-on-reasonable-18941/
Over the past 15 years, the Federal Trade Commission (FTC) has brought
more than 60 cases against companies for unfair or deceptive data security
practices that put consumers’ personal data at unreasonable risk. Although
the FTC has stated that the touchstone of its approach to data security is
reasonableness, the FTC has faced considerable criticism from the...
Creating a Structure for Cyber Risk Management
Inga Goddijn (Oct 17)
https://www.bankdirector.com/index.php/issues/risk/creating-structure-cyber-risk-management/
In 93 percent of data breaches, the targeted systems were compromised
within minutes. Eighty-three percent of the time, those breaches were not
discovered for weeks, leaving the attackers with plenty of time to do their
damage and exfiltrate data, according to the 2016 Verizon Data Breach
Investigations Report. The average consolidated cost of a U.S....
Earning Customers' Trust in Our Day of Data Breaches
Inga Goddijn (Oct 17)
https://www.business.com/articles/earning-customer-trust-data-breaches/
Data collection is a topic that's getting more attention than ever before.
In the wake of recent breaches, consumers are wondering if they can trust
businesses to protect their information from malicious hackers. You need to
reassure them that you can.
Do you know what Arby's, Verifone, Saks Fifth Avenue, Chipotle, Gmail,
Brooks Brothers, DocuSign, Kmart, the...
Phishers imitate SEC, abuse Microsoft feature, to distribute DNSMessenger malware
Inga Goddijn (Oct 17)
https://www.scmagazine.com/phishers-imitate-sec-abuse-microsoft-feature-to-distribute-dnsmessenger-malware/article/699918/
A spear phishing campaign impersonating the U.S. Securities and Exchange
Commission was recently discovered attempting to infect victims with
DNSMessenger malware, using malicious Word attachments that abuse Microsoft
Windows' Dynamic Data Exchange (DDE) protocol.
Discovered earlier this year, DNSMessenger is a...
We Heart It says a data breach affected over 8 million accounts, included emails and passwords
Inga Goddijn (Oct 17)
https://techcrunch.com/2017/10/16/we-heart-it-says-a-data-breach-affected-over-8-million-accounts-included-emails-and-passwords/
We Heart It, an image-sharing site used by 40 million teens as of a couple
of years ago, is informing users their personal data may have been
compromised. The company was alerted to a possible security breach last
week that involved over 8 million accounts, it saidon Friday. The breach
took place a few years ago and...
How the SEC breach resembles immature teenage behavior
Audrey McNeil (Oct 16)
http://it.toolbox.com/blogs/itmanagement/how-the-sec-
breach-resembles-immature-teenage-behavior-78737
If you were like me growing up, you had some temper tantrums where you
expressed your emotions perhaps a little too much. As I got into my
mid-to-late teens, I remember it happening quite often. In one particular
situation, I got into a pretty heated fight with my older sister and,
thanks to my sister wearing a cast on her foot, my bedroom door...
OPINION: Are employees inviting cyber threats into your organisation and draining resources?
Audrey McNeil (Oct 16)
https://www.iol.co.za/business-report/opinion-are-employees-inviting-cyber-
threats-into-your-organisation-and-draining-resources-11558355
In today’s always-connected world, companies face a new wave of threats as
cybercrime continues to escalate.
Cyber security is becoming more challenging as businesses are having a
tough time trying to address growing threats while maintaining focus on
their core business. These evolving threats are more...
Metasploit — Development discussion for Metasploit, the premier open source remote exploitation tool
nullcon se7en CFP is open
nullcon (Aug 25)
Dear Friends,
Welcome to nullcon se7en!
$git commit -a <sin>
<sin> := wrath | pride | lust | envy | greed | gluttony | sloth
nullcon is an annual security conference held in Goa, India. The focus
of the conference is to showcase the next generation of offensive and
defensive security technology. We happily open doors to researchers
and hackers around the world working on the next big thing in security
and request...
Ruxcon 2015 Final Call For Presentations
cfp (Jul 05)
Ruxcon 2015 Final Call For Presentations
Melbourne, Australia, October 24-25
CQ Function Centre
http://www.ruxcon.org.au
The Ruxcon team is pleased to announce the first round of Call For Presentations for Ruxcon 2015.
This year the conference will take place over the weekend of the 24th and 25th of October at the CQ Function Centre,
Melbourne, Australia.
The deadline for submissions is the 15th of September, 2015.
.[x]. About Ruxcon .[x]....
Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.
Re: Looking for example s1ap pcaps
Pascal Quantin (Oct 19)
Hi Brien,
2017-10-19 9:46 GMT+02:00 Brien Colwell <xcolwell () gmail com>:
You can find a few samples here: http://www.ng4t.com/wireshark.html
Best regards,
Pascal.
Looking for example s1ap pcaps
Brien Colwell (Oct 19)
Hi,
I'm looking for example LTE S1AP pcaps to study. I'm trying to
understand the protocol more deeply and looking for more data to learn with.
Best,
Brien
Re: Parameter passing when using a dissector table to call a sub-dissector
Anders Broman (Oct 19)
-----Original Message-----
From: Wireshark-dev [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Richard Sharpe
Sent: den 18 oktober 2017 19:15
To: Developer support list for Wireshark <wireshark-dev () wireshark org>
Subject: [Wireshark-dev] Parameter passing when using a dissector table to call a sub-dissector
Hi folks,
During the review of a new protocol dissector it was suggested that I add a dissector table for the TLVs...
Re: Tips regarding measuring function execution times
Paul Offord (Oct 19)
Thanks Graham,
I wasn’t aware of that. The hot path concept is the same as I get from PerfView but I may need to get even more
granular, i.e. code blocks rather than functions, hence the interest in timers. I also thought that timing would give
me a cross check. I plan to look into Guy’s suggestion regarding CPU time – as he says, I only need relative values.
I’ll try to find some time this weekend.
Best regards…Paul
From:...
Parameter passing when using a dissector table to call a sub-dissector
Richard Sharpe (Oct 18)
Hi folks,
During the review of a new protocol dissector it was suggested that I
add a dissector table for the TLVs that are in the protocol so that
other dissectors can use them.
This raises an issue, however. The filter expressions for such
dissected results will always be those of the dissector was written
for, however, if you are using another dissectors sub-dissectors you
would like to be able to override their search strings.
For example,...
TLS_EDCHE_RSA_WITH_AES_128_GCM_SHA256
Sadik Sikder (Oct 18)
hello all
can anyone tell me that this cipher suite
-TLS_EDCHE_RSA_WITH_AES_128_GCM_SHA256 in order to decrypt how many byte
block requires or key block requires?
*Kind Regards,*
Samsuddin Sikder
Masters Student
M.Sc. in Communication Systems Engineering
Cologne University of Applied Sciences (FH-Köln),Germany
Re: Favoring Npcap over WinPcap at runtime?
Graham Bloice (Oct 18)
And thinking a little bit more my view is that if we don't add a
preference\command flag, WinPcap is still our preferred solution as it's
bundled in the installer, hence we should prefer that. If users want
Wireshark to use Npcap, they will have to uninstall WinPcap.
Re: Favoring Npcap over WinPcap at runtime?
Graham Bloice (Oct 18)
Presumably dumpcap could also have a command flag to select which to use.
Thinking about my own workflow, when capturing "oddities" occur, and Npcap
is installed, a remedial option is to uninstall it. Having a switch in
Wireshark would make life easier.
Re: Favoring Npcap over WinPcap at runtime?
Pascal Quantin (Oct 18)
2017-10-18 11:54 GMT+02:00 Graham Bloice <graham.bloice () trihedral com>:
Unfortunately a Wireshark preference is not doable, as wpcap.dll is also
loaded by dumpcap that does not use our preferences module. A registry key
might do the trick. Presumably tshark should also have a command flag
allowing you to configure it.
I guess the underlying question is: what kind of power users would have
both Npcap and WinPcap installed? Either...
Re: Favoring Npcap over WinPcap at runtime?
Graham Bloice (Oct 18)
On 18 October 2017 at 09:45, Pascal Quantin <pascal.quantin () gmail com>
wrote:
I'm generally in agreement with all the above, but I'm torn on hard-coding
a preference for one capture library over another. If a system has both,
who are we to say which one will be used to the exclusion of the other.
I guess I'm implying we should expose a preference to allow the user to
choose which is definitely more work but does give...
Favoring Npcap over WinPcap at runtime?
Pascal Quantin (Oct 18)
Hi list,
when we introduced Npcap support back in 2015/2016, we decided that WinPcap
driver should have higher precedence due to its known stability (and
despite issues with newer Windows versions). By that time, you could get a
BSoD with Npcap.
Time has elapsed since, and Npcap is now bundled with Nmap. The number of
commits in Npcap repository (https://github.com/nmap/npcap/) have also
decreased, which hopefully means that the product is...
Re: bad UDP reassembly
Graham Bloice (Oct 17)
The Wireshark Bugzilla is the place for that, where you can attach the
capture to the item you raise: https://bugs.wireshark.org
bad UDP reassembly
Deny IP Any Any (Oct 17)
I have a capture, which I believe shows a device fragmenting UDP packets
and not setting the 'More Fragment's flags correctly. Wireshark reassembles
the packets, but the 'length' column is not correct for this packet.
I would expect Wireshark to show an error or indicate that there is
something wrong with the packets, but it doesn't. Can I send this small
capture to someone else to confirm?
using wireshark 2.4.1 on...
Re: build problems with the latest pull
Guy Harris (Oct 17)
Yes - you're using the configure script. The configure script expects pkg-config to be able to find Qt, but, as the
Qt-for-macOS package doesn't install any .pc files, that doesn't work on macOS.
Use CMake, instead. (It might also increase the chances that running the Wireshark that results from the build will
actually post its menu bar; I've had reasonable luck with that recently with autotools builds, but there have...
Re: build problems with the latest pull
Eliot Lear (Oct 17)
OSX. Clearly I'm doing something wrong. And I was wrong twice, it
doesn't build with 5.5 either. Am I missing a path variable somewhere?
I definitely have PKG_CONFIG_PATH set correctly, as well as my PATH...
Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.
Re: Crash using the latest build from Git
Russ via Snort-users (Oct 19)
Hey João,
The backtrace definitely indicates a problem. Can we get a pcap to help
debug? In the meantime, what happens if you build without debug?
Hopefully that gets you going until we have a fix.
Thanks
Russ
RULE DETECT FULL SYN SCAN
nguyen cao via Snort-users (Oct 19)
when I run : nmap -sS IP ( IP target ). Rule snort not given alert.
So, can anybody tell me rule detect this type SYN SCAN ? Tks
SNORT SMS ALERT
nguyen cao via Snort-users (Oct 19)
Can someone tell me how to send sms alert of snort? As detailed as
possible. thank you
Re: Crash using the latest build from Git
Russ via Snort-users (Oct 19)
Ouch. We're on it. Thanks.
Crash using the latest build from Git
João Soares via Snort-users (Oct 19)
Hello everyone,
I've just updated my Snort++ build to the latest one directly from git,
and I'm getting a crash.
Here goes the version details and the backtrace:
,,_ -*> Snort++ <*-
o" )~ Version 3.0.0 (Build 239) from 2.9.8-383
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2017 Cisco...
Snort Subscriber Rules Update 2017-10-19
Research (Oct 19)
Talos Snort Subscriber Rules Update
Synopsis:
This release adds and modifies rules in several categories.
Details:
Talos has added and modified multiple rules in the browser-ie,
indicator-compromise, indicator-obfuscation, malware-cnc, os-windows,
policy-other and server-webapp rule sets to provide coverage for
emerging threats from these technologies.
For a complete list of new and modified rules please see:
https://www.snort.org/advisories
Re: QinQ and 802.1ah headers
jan hugo prins (Oct 19)
That is really cool.
Could you tell me when I will be able to test it for you ;-) ?
Jan Hugo Prins
Re: QinQ and 802.1ah headers
Russ via Snort-users (Oct 19)
I've got a new pbb codec for Snort++. It will be out soon.
Re: QinQ and 802.1ah headers
Al Lewis (allewi) via Snort-users (Oct 19)
Its a little easier in Snort++ than in Snort2.
There are instructions in each version for extending snorts capabilities (within their downloads).
Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi () cisco com<mailto:allewi () cisco com>
From: Jan Hugo Prins <jhp () jhprins org<mailto:jhp () jhprins org>>
Date: Thursday, October 19, 2017 at 7:11 AM
To: allewi <allewi () cisco...
Re: QinQ and 802.1ah headers
Jan Hugo Prins (Oct 19)
How much work would it be to support this header? As far as I'm concerned it would be enough to strip the header and
work with the underneath packet.
Jan Hugo
Re: QinQ and 802.1ah headers
Al Lewis (allewi) via Snort-users (Oct 19)
Hello,
So it doesn’t look like the traffic (0x88e7 tag) is supported as seen from the exit stats (ipv4 packets are
zero).
===============================================================================
Breakdown by protocol (includes rebuilt packets):
Eth: 5 (100.000%)
VLAN: 5 (100.000%)
IP4: 0 ( 0.000%)
As a workaround you could try to:
1) move the capture/port mirror closer to the internal hosts so that those tags arent present....
Re: QinQ and 802.1ah headers
jan hugo prins (Oct 19)
Sure,
Thanks in advance,
Jan Hugo Prins
Re: QinQ and 802.1ah headers
Al Lewis (allewi) via Snort-users (Oct 19)
Do you have a sample that you can share?
Snort should be able to decode those packets.
Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi () cisco com
QinQ and 802.1ah headers
jan hugo prins (Oct 19)
Hello
I'm trying to setup a snort instance to monitor some inbound traffic to
my production network. We use an Avaya SPBM cloud and all servers are
connected to this cloud. In the VSP7024 switches we use, I can create a
port-mirroring instance and forward all traffic coming from a MAC
address (in this case the BGP router of my provider) to a port on the
switch and then I wanted to put snort behind this port and let it listen
to all inbound...
Re: logto 3.0
Russ via Snort-users (Oct 18)
Snort 3 does log "proactively" based on the event logging
configuration. It does not support logging different SIDs to different
files so you will need to select your events from your logs based on
SID. Also note that not all events are caused by individual raw packets
so you will need to look at the events to understand what happened (you
may see buffer as opposed to a packet). Pcaps arent' the best choice.
If you provide...
We also maintain archives for these lists (some are currently inactive):
Read some old-school private security digests such as Zardoz at SecurityDigest.Org
We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.
|