SecLists.Org Security Mailing List Archive

Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:

Insecure.Org Lists

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

New VA Modules: Nessus: 14 New VA Module Alert Service (May 21)
This report describes any new scripts/modules/exploits added to Nmap,
OpenVAS, Metasploit, and Nessus since yesterday.

== Nessus plugins (14) ==

66520 opera_check_adobe_reader_enabled.nasl
http://nessus.org/plugins/index.php?view=single&id=66520
Adobe Reader Enabled in Browser (Opera)

66519 firefox_check_adobe_reader_enabled.nasl
http://nessus.org/plugins/index.php?view=single&id=66519
Adobe Reader Enabled in Browser (Mozilla Firefox)...

Re: [NSE] IKE information extraction Jesper Kückelhahn (May 21)
Hi Patrik,

Thanks for the pointer. I'll look into using this for for the script.

- Jesper

Re: [NSE] IKE information extraction Jesper Kückelhahn (May 21)
Hi Anne,

Thank you for your interest in testing the script. Unfortunately I don't
have any systems available for testing purposes, but if you find any I'd be
very interested in any feedback.

- Jesper

Re: nmaprc.lua? Fyodor (May 21)
Good point! I added this to the list of nmaprc ideas at
https://svn.nmap.org/nmap/todo/nmap.txt

Cheers,
Fyodor

Re: [NSE] IKE information extraction Patrik Karlsson (May 21)
Jesper,

I don't think there is a way to tell if the port is in use or not but if
you want to avoid that the scripts run at the same time you could use a
mutex. There some more information here;
http://nmap.org/book/nse-parallelism.html

/Patrik

On Mon, May 20, 2013 at 6:38 PM, Jesper Kückelhahn <dev.kyckel () gmail com>wrote:

Nmap IPC facilities? Jacek Wielemborek (May 20)
Hi,

I recently had an idea and I thought it'd be nice to get some feedback
from you guys. On the #nmap IRC channel I was discussing introducing
better facilities to interact with Nmap scanning processes. At first,
I was thinking of ways to add more interactivity to the program, like
a keystroke to pause the current task or skip one of hosts.

I found out that there used to be "interactive mode" in Nmap, removed
by David in 2010...

Re: [NSE] IKE information extraction stripes (May 20)
If you have a system I can test it against, I'll test the patch.

-Anne

[NSE] IKE information extraction Jesper Kückelhahn (May 20)
Hi list,

I've attached a script for extracting information from an IKE service and a
patch for ike.lua.

The IKE response might contain useful information such as the internal IP
address, domain name or username, which the script displays. Also matched
vendor IDs are displayed.

The ike.lua.patch adds extra functionality to support the extraction (and
some minor refactoring).

Example outputs:

PORT STATE SERVICE REASON VERSION...

New VA Modules: Nessus: 6 New VA Module Alert Service (May 20)
This report describes any new scripts/modules/exploits added to Nmap,
OpenVAS, Metasploit, and Nessus since yesterday.

== Nessus plugins (6) ==

66506 suse_acroread-8571.nasl
http://nessus.org/plugins/index.php?view=single&id=66506
SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 8571)

66505 suse_11_acroread-130516.nasl
http://nessus.org/plugins/index.php?view=single&id=66505
SuSE 11.2 Security Update : Acrobat Reader (SAT...

Re: Nmap under OpenVZ venet? NStorm (May 20)
Hello.

Checked out revision 30907.
Seems to be working fine now (on a host with venet NOARP device):
# nmap --iflist
Starting Nmap 6.26SVN ( http://nmap.org ) at 2013-05-20 11:06 MSK
************************INTERFACES************************
DEV (SHORT) IP/MASK TYPE UP MTU MAC
lo (lo) 127.0.0.1/8 loopback up 16436
lo (lo) ::1/128 loopback up 16436
venet0 (venet0) 192.168.9.39/32 other up 1500...

[no subject] Absai Gomes Brito Junior (May 19)
Out

Re: dev Digest, Vol 98, Issue 26 Brandon Oliver (May 19)
# Nmap 6.25 scan initiated Sun May 19 02:40:24 2013 as: C:\Program Files
(x86)\Nmap\nmap.exe -p80 -Pn -O -o
Nmap scan report for
Host is up (0.018s latency).
PORT STATE SERVICE
80/tcp open http
MAC Address:
Warning: OSScan results may be unreliable because we could not find at
least 1 open and 1 closed port
Device type: printer
Running: HP embedded, HP VxWorks
OS CPE: cpe:/h:hp:laserjet_cp2025dn cpe:/h:hp:laserjet_p2045n
cpe:/o:hp:vxworks
OS...

PrinterScanningIntrusion Brandon Oliver (May 19)
The loan noob, need to borrow some sec info. What's a DragonIDSConsole
doing on an HP Printer? Obviously firewall, but as I read about this bad
boy it's pretty nifty, all retard meant. I do have a serious question,
shall I close all these ports, and why do I return an error when scanning
for window -sW? It suggests to run ipv6 if my address is wrong but it's
not, did it anyways :
# Nmap 6.25 scan initiated Sat May 18 20:34:14...

Re: NMAP Error David Fifield (May 18)
That is a good find. Does it happen when scanning just 10.0.0.4, or does
it require the full range? Can you send me -d3 of scanning the printer?

David Fifield

Re: NMAP Error Gisle Vanem (May 18)
"David Fifield" <david () bamsoftware com> wrote:

I also hit this crash (debug-assert) with this command:
nmap -v -A 10.0.0.1-6

Just before nmap is to report the result for 10.0.0.4 (my Canon printer),
the Debug Assertion box comes up. Analysing this in WinDbg reveals
a problem with:

currenths->scriptResults.sort(scriptid_lessthan);
(in output.cc / printhostscriptresults).

The stacktrace at this point is:...

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.

Nmap Project Seeking Talented Programmers for Google Summer of Code Fyodor (Apr 26)
Hi Folks. I'm happy to announce that the Nmap Project has again been
accepted into the Google Summer of Code program. This innovative and
extraordinarily generous program provides $5,000 stipends to college and
graduate students who spend the summer improving Nmap! They gain valuable
experience, get paid, strengthen their résumés, and write code for millions
of users.

Previous SoC students helped create the Nmap Scripting Engine, Zenmap...

Nmap 6.25 holiday season release! 85 new scripts, better performance, Windows 8 enhancements, and more Fyodor (Nov 30)
Hi folks. It has been more than five months since the Nmap 6.01
release, and I'm pleased to announce a new version for you to enjoy
during the holidays! Nmap 6.25 contains hundreds of improvements,
including 85 new NSE scripts, nearly 1,000 new OS and service
detection fingerprints, performance enhancements such as the new
kqueue and poll I/O engines, better IPv6 traceroute support, Windows 8
improvements, and much more! It also includes...

Nmap 6.01 Released Fyodor (Jun 22)
Hi folks! I'm happy to report that the Nmap 6.00 release
(http://nmap.org/6 ) last month was a huge success, with hundreds of
thousands of downloads and a bunch of positive articles and reviews.
But any release this big is going to uncover a few issues, so we've
released Nmap 6.01 to address them. This should also appease the more
conservative users who always wait for the first patch update before
installing a major software release....

Nmap 6 Released! Fyodor (May 21)
Hi folks! After almost three years of work, 3,924 code commits, and
more than a dozen point releases since Nmap 5, I'm delighted to
announce the release of Nmap 6! It includes a more powerful Nmap
Scripting Engine, 289 new scripts, better web scanning, full IPv6
support, the Nping packet prober, faster scans, and much more!

For the top 6 improvements in Nmap 6, see the release notes:

http://nmap.org/6

Or you can go straight to the...

Last Chance to Apply for the Nmap/Google Summer of Code! Fyodor (Apr 04)
Hi Folks. I'm happy to announce that the Nmap Project has again been
accepted into the Google Summer of Code program. This innovative and
extraordinarily generous program provides $5,000 stipends to college
and graduate students who want to spend the summer improving Nmap!
They gain valuable experience, get paid, strengthen their résumé, and
write code for millions of users.

Previous SoC students helped create the Nmap Scripting Engine,...

Nmap 5.61TEST5 released with 43 new scripts, improved OS & version detection, and more! Fyodor (Mar 09)
Hi folks! We've been working hard for the last 2 months since
5.61TEST4, and I'm pleased to announce the results: Nmap 5.61TEST5.
This release has 43 new scripts, including new brute forcers for http
proxies, SOCKS proxies, Asterisk IAX2, Membase, MongoDB, Nessus
XMLRPC, Redis, the WinPcap remote capture daemon, the VMWare auth
daemon, and old-school rsync. Better check that your passwords are
strong! Some other fun scripts are...

Other Excellent Security Lists

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

[slackware-security] kernel (SSA:2013-140-01) Slackware Security Team (May 21)
[slackware-security] kernel (SSA:2013-140-01)

New Linux kernel packages are available for Slackware 13.37 and 14.0 to fix
a security issue.

Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/linux-3.2.45/*: Upgraded.
Upgraded to new kernels that fix CVE-2013-2094, a bug that can allow local
users to gain a root shell. Be sure to upgrade your initrd and reinstall
LILO after upgrading...

Sony PS3 Firmware v4.31 - Code Execution Vulnerability Vulnerability Lab (May 21)
Title:
======
Sony PS3 Firmware v4.31 - Code Execution Vulnerability

Date:
=====
2013-05-12

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=767

VL-ID:
=====
767

Common Vulnerability Scoring System:
====================================
6.5

Introduction:
=============
The PlayStation 3 is the third home video game console produced by Sony Computer Entertainment and the successor to the
PlayStation 2 as part of the...

CVE-2013-3496. Local privilege escalation vulnerability in Infotecs products (ViPNet Client\Coordinator, SafeDisk, Personal Firewall) chudakovma (May 21)
CVE-2013-3496. Local privilege escalation vulnerability in Infotecs products (ViPNet Client\Coordinator, SafeDisk,
Personal Firewall)

CVE reference:
CVE-2013-3496

Credit:
Maksim Chudakov (@MChudakov)
Andrey Kurtasanov(andreykurtasanov () gmail com)

Severity:
Medium

Local\Remote:
Local

Vulnerability Class:
Privilege Escalation

Vendor URL:
http://www.infotecs.biz/

Affected OS:
Windows

Vulnerable systems:
ViPNet Client 3.2.10 (15632) and...

Revision of "IPv6 Stable Privacy Addresses" (Fwd: I-D Action: draft-ietf-6man-stable-privacy-addresses-07.txt) Fernando Gont (May 21)
Folks,

We have published a revision of our IETF I-D "A method for Generating
Stable Privacy-Enhanced Addresses with IPv6 Stateless Address
Autoconfiguration (SLAAC)".

This revision is available at:
<http://tools.ietf.org/html/draft-ietf-6man-stable-privacy-addresses-07>.

This proposal is key for the mitigation of address-scanning attacks,
while at the same time preventing host-tracking.

Stay tuned for more IPv6 security news...

Defense in depth -- the Microsoft way Stefan Kanthak (May 21)
Hi @ll,

the "Microsoft Installer" creates for applications installed via an
.MSI the following uninstall information in the Windows registry
(see <http://msdn.microsoft.com/library/aa372105.aspx>):

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall]
"UninstallString"="MsiExec.Exe /X{<GUID>}"
"ModifyPath"="MsiExec.Exe /I{<GUID>}"

Note the unqualified path...

Static analysis tool exposition (SATE) V Call for participation aure (May 21)
NIST is preparing the fifth Static Analysis Tool Exposition (SATE V). Briefly, participating tool makers run their
static analyzer on a set of programs. Researchers led by NIST analyze the tool reports and present the results and
experiences at a workshop. A detailed plan is available at:

http://samate.nist.gov/SATE.html

We plan to provide test cases by June 3rd. Tool makers will have until August 1st (if at all possible; September 1st at...

CONFidence - May, 28-29, Krakow, Poland - a conference adventure that never stops! Sławomir Jabs (May 17)
Everything has a story, everything evolves, adapts to changing circumstances
but does your IT Sec strategy evolve with the development of the digital
world?

Are you wiling to gamble on the security of you systems?

Join the upcoming CONFidence conference and meet both renown speakers and
specialists who deal with the IT security on a daily basis. People like,
you, who never stop asking questions and play with risks all the time...

We will...

[slackware-security] ruby (SSA:2013-136-02) Slackware Security Team (May 17)
[slackware-security] ruby (SSA:2013-136-02)

New ruby packages are available for Slackware 13.1, 13.37, 14.0, and -current
to fix a security issue.

Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/ruby-1.9.3_p429-i486-1_slack14.0.txz: Upgraded.
This update fixes a security issue in DL and Fiddle included in Ruby where
tainted strings can be used by system calls regardless of the $SAFE...

[slackware-security] mozilla-thunderbird x86_64 packages (SSA:2013-136-01) Slackware Security Team (May 17)
[slackware-security] mozilla-thunderbird x86_64 packages (SSA:2013-136-01)

New mozilla-thunderbird packages are available for Slackware64 13.37 and
14.0. These were accidentally omitted from the last upload.

Here are the details from the Slackware64 14.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-17.0.6-x86_64-1_slack14.0.txz: Upgraded.
Here's the package that was missing from the last batch. The...

APPLE-SA-2013-05-16-1 iTunes 11.0.3 Apple Product Security (May 17)
APPLE-SA-2013-05-16-1 iTunes 11.0.3

iTunes 11.0.3 is now available and addresses the following:

iTunes
Available for: Mac OS X v10.6.8 or later, Windows 7, Vista,
XP SP2 or later
Impact: An attacker in a privileged network position may manipulate
HTTPS server certificates, leading to the disclosure of sensitive
information
Description: A certificate validation issue existed in iTunes. In
certain contexts, an active network attacker could...

ESA-2013-029: RSA SecurID Sensitive Information Disclosure Vulnerability Security Alert (May 16)
ESA-2013-029: RSA SecurID Sensitive Information Disclosure Vulnerability

EMC Identifier: ESA-2013-029

CVE Identifier: CVE-2013-0941

Severity Rating: CVSS v2 Base Score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)

Affected Products:

RSA Authentication API versions prior to 8.1 SP1

RSA Web Agent for Apache Web Server versions prior to 5.3.5

RSA Web Agent for IIS versions prior to 5.3.5

RSA PAM Agent versions prior to 7.0

RSA Agent for Microsoft...

ESA-2013-041: EMC VNX and Celerra Control Station Elevation of Privilege Vulnerability Security Alert (May 16)
ESA-2013-041: EMC VNX and Celerra Control Station Elevation of Privilege Vulnerability

EMC Identifier: ESA-2013-041

CVE Identifier: CVE-2013-3270

Severity Rating: CVSS v2 Base Score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)

Affected products:

EMC VNX Control Station versions prior 7.1.70.2
EMC Celerra Control Station versions prior 6.0.70.1

Summary:

A vulnerability exists in EMC VNX and EMC Celerra Control Station that...

[slackware-security] mozilla-thunderbird (SSA:2013-135-02) Slackware Security Team (May 16)
[slackware-security] mozilla-thunderbird (SSA:2013-135-02)

New mozilla-thunderbird packages are available for Slackware 13.37, 14.0,
and -current to fix security issues.

Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-thunderbird-17.0.6-i486-1_slack14.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

[slackware-security] mozilla-firefox (SSA:2013-135-01) Slackware Security Team (May 16)
[slackware-security] mozilla-firefox (SSA:2013-135-01)

New mozilla-firefox packages are available for Slackware 13.37, 14.0,
and -current to fix security issues.

Here are the details from the Slackware 14.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-21.0-i486-1_slack14.0.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

[SECURITY] [DSA 2669-1] linux security update dann frazier (May 16)
----------------------------------------------------------------------
Debian Security Advisory DSA-2669-1 security () debian org
http://www.debian.org/security/ Dann Frazier
May 15, 2013 http://www.debian.org/security/faq
----------------------------------------------------------------------

Package : linux
Vulnerability : privilege escalation/denial of service/information...

Full Disclosure — A lightly moderated high-traffic forum for disclosure of security information. Fresh vulnerabilities sometimes hit this list many hours before they pass through the Bugtraq moderation queue. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. Unfortunately, most of the posts are worthless drivel, so finding the gems takes patience.

[ MDVSA-2013:166 ] krb5 security (May 21)
_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:166
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : krb5
Date : May 21, 2013
Affected: Business Server 1.0, Enterprise Server 5.0
_______________________________________________________________________

Problem...

Re: exploitation ideas under memory pressure sd (May 21)
Interesting idea to create a thread and patch the list. Upon reading your first post, I immediately thought this wasn't
going to be exploitable, you've proven me wrong. Any chance for a copy of the exploit code? I might port it to
Metasploit.

sd

CVE-2013-3496. Local privilege escalation vulnerability in Infotecs products (ViPNet Client\Coordinator, SafeDisk, Personal Firewall) Максим Чудаков (May 21)
CVE-2013-3496. Local privilege escalation vulnerability in Infotecs
products (ViPNet Client\Coordinator, SafeDisk, Personal Firewall)

CVE reference:
CVE-2013-3496

Credit:
Maksim Chudakov (@MChudakov)
Andrey Kurtasanov(andreykurtasanov () gmail com)

Severity:
Medium

Local\Remote:
Local

Vulnerability Class:
Privilege Escalation

Vendor URL:
http://www.infotecs.biz/

Affected OS:
Windows

Vulnerable systems:
ViPNet Client 3.2.10 (15632) and...

Sony PS3 Firmware v4.31 - Code Execution Vulnerability Vulnerability Lab (May 20)
Title:
======
Sony PS3 Firmware v4.31 - Code Execution Vulnerability

Date:
=====
2013-05-12

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=767

VL-ID:
=====
767

Common Vulnerability Scoring System:
====================================
6.5

Introduction:
=============
The PlayStation 3 is the third home video game console produced by Sony Computer Entertainment and the successor to the
PlayStation 2 as part of the...

Trend Micro DirectPass 1.5.0.1060 (Cloud) Software - Multiple Software Vulnerabilities Vulnerability Lab (May 20)
Title:
======
Trend Micro DirectPass 1.5.0.1060 (Cloud) Software - Multiple Software Vulnerabilities

Date:
=====
2013-05-21

References:
===========
http://www.vulnerability-lab.com/get_content.php?id=894

Article: http://www.vulnerability-lab.com/dev/?p=580

Trend Micro (Reference): http://esupport.trendmicro.com/solution/en-US/1096805.aspx
Trend Micro Solution ID: 1096805

Video: http://www.vulnerability-lab.com/get_content.php?id=951

VL-ID:...

Re: exploitation ideas under memory pressure Tavis Ormandy (May 20)
I guess I'm talking to myself, maybe this list is all about XSS now ;)

I'm quite proud of this list cycle trick, here's how to turn it into an
arbitrary write.

First, we create a watchdog thread that will patch the list atomically
when we're ready. This is needed because we can't exploit the bug while
HeavyAllocPool is failing, because of the early exit in pprFlattenRec:

.text:BFA122B8 call newpathrec...

Re: My ISP is routing traffic to private addresses... Patrick Webster (May 20)
Maybe when we cut over to IPv6 the ISPs will revert to the golden age of
putting all their gear on publicly addressable space :)

Conversely, an enjoyable network design is where you route public IPs from
a private network to a private network, and the public IP has different
services on the internet to the internally routed version, but clients need
access to both.

NATing heaven.

Critical issues affecting multiple game engines ReVuln (May 20)
We have just released a paper [1], in which we detail several 0-day
issues affecting a number of different game engines, including: Unreal
Engine, CryEngine 3 and idTech 4.

During our presentation at the recent NoSuchCon conference in Paris, we
discussed [2] additional details about game engine issues. Additionally
we demonstrated [3] how an attacker can use master servers to perform
mass-exploiting of game vulnerabilities, in order to target...

Re: My ISP is routing traffic to private addresses... Alexander Georgiev (May 20)
Because private addresses have no global meaning, routing information
about private networks shall not be propagated on inter-enterprise
links, and packets with private source or destination addresses
should not be forwarded across such links. Routers in networks not
using private address space, especially those of Internet service
providers, are expected to be configured to reject (filter out)
routing information about private...

Defense in depth -- the Microsoft way Stefan Kanthak (May 20)
Hi @ll,

the "Microsoft Installer" creates for applications installed via an
.MSI the following uninstall information in the Windows registry
(see <http://msdn.microsoft.com/library/aa372105.aspx>):

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall]
"UninstallString"="MsiExec.Exe /X{<GUID>}"
"ModifyPath"="MsiExec.Exe /I{<GUID>}"

Note the unqualified path...

Thttpd 2.25b Directory Traversal Vulnerability metropolis haxor (May 20)
Hi guys,
You can find the software affected at http://www.acme.com/software/thttpd/thttpd-2.25b.tar.gz
Thanks,
Metropolis
###########################################
#
# Software Name : Thttpd 2.25b
#
# Version : 2.25b (29dec2003)
#
# Bug Type : Directory Traversal Vulnerability
#
# Found by : Metropolis
#
# Home : http://metropolis.fr.cr
#
# Discovered : 19/05/2013
#
# Download app : http://www.acme.com/software/thttpd/thttpd-2.25b.tar.gz
#
#...

Interesting referrer URLs when accessing vulnerability disclosure information halfdog (May 19)
Hello list,

In the aftermath of most of my full-disclosure posts I've observed
quite interesting referrer URLs when someone tries to read information
provided explaining the issue. In quite some cases, those requests can
be attributed to national CERTs, software distributors' security
teams, universities with IT-security research units, ... accessing
that information.

Information leaked via the referrer URLs indicates, that a...

Revision of "IPv6 Stable Privacy Addresses" (Fwd: I-D Action: draft-ietf-6man-stable-privacy-addresses-07.txt) Fernando Gont (May 19)
Folks,

We have published a revision of our IETF I-D "A method for Generating
Stable Privacy-Enhanced Addresses with IPv6 Stateless Address
Autoconfiguration (SLAAC)".

This revision is available at:
<http://tools.ietf.org/html/draft-ietf-6man-stable-privacy-addresses-07>.

This proposal is key for the mitigation of address-scanning attacks,
while at the same time preventing host-tracking.

Stay tuned for more IPv6 security news...

AFU vulnerabilities in MCImageManager for TinyMCE MustLive (May 19)
Hello list!

I want to warn you about vulnerabilities in Moxiecode Image Manager
(MCImageManager). This is commercial plugin for TinyMCE. It concerns as
MCImageManager, as all web applications which have MCImageManager in their
bundle.

These are Arbitrary File Uploading vulnerabilities, which lead to Code
Execution on IIS and Apache web servers.

-------------------------
Affected products:
-------------------------

Vulnerable are Moxiecode...

AFU vulnerabilities in MCFileManager for TinyMCE MustLive (May 18)
Hello list!

I want to warn you about vulnerabilities in Moxiecode File Manager
(MCFileManager). This is commercial plugin for TinyMCE. It concerns as
MCFileManager, as all web applications which have MCFileManager in their
bundle.

These are Arbitrary File Uploading vulnerabilities, which lead to Code
Execution on IIS and Apache web servers.

-------------------------
Affected products:
-------------------------

Vulnerable are Moxiecode...

Security Basics — A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.

Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.

RE: WASC Announcement: Static Analysis Technologies Evaluation Criteria Published Debasis Mohanty (May 19)
Good initiative! I feel one of the important element that is missing is the
"scoring mechanism". Based on what would you distinguish one product from
the other?

I created similar evaluation criteria nearly 7-8 years back for evaluating
SCA products using a QFD. That was the time I was introduced to 6-sigma and
thought a QFD is a best approach to have appropriate scoring for various
pilot parameters. However I never released it to the...

CONFidence - May, 28-29, Krakow, Poland - a conference adventure that never stops! Sławomir Jabs (May 19)
Everything has a story, everything evolves, adapts to changing circumstances
but does your IT Sec strategy evolve with the development of the digital
world?

Are you wiling to gamble on the security of you systems?

Join the upcoming CONFidence conference and meet both renown speakers and
specialists who deal with the IT security on a daily basis. People like,
you, who never stop asking questions and play with risks all the time...

We will...

[HITB-Announce] HITB Magazine Issue 010 Hafez Kamal (May 14)
Hi everyone,

A small reminder that article submissions for HITB Magazine Issue 010
are due tomorrow (15th May 2013). If you're interested in submitting
please send your > 3000 word article to editorial () hackinthebox org

Topics of interest include, but are not limited to the following:

Next generation attacks and exploits
Apple / OS X security vulnerabilities
SS7/Backbone telephony networks
VoIP security
Data...

SpiderFoot 2.0 released Steve Micallef (May 10)
Hi everyone,

SpiderFoot is a free, open-source footprinting tool, enabling you to
perform various scans against a given domain name in order to obtain
information such as sub-domains, e-mail addresses, owned netblocks, web
server versions and so on. The main objective of SpiderFoot is to
automate the footprinting process to the greatest extent possible,
freeing up a penetration tester's time to focus their efforts on the
security...

WASC Announcement: Static Analysis Technologies Evaluation Criteria Published announcements (May 10)
The Web Application Security Consortium (WASC) is pleased to announce the
Static Analysis Technologies Evaluation Criteria. The goal of the SATEC
project is to create a vendor-neutral set of criteria to help guide
application security professionals during the process of acquiring a
static code analysis technology that is intended to be used during
source-code driven security programs. This document provides a
comprehensive list of criteria that...

Ruxcon 2013 Call For Papers cfp (May 07)
Ruxcon 2013 Call For Presentations
Melbourne, Australia, October 26th-27th
CQ Function Centre
http://www.ruxcon.org.au/call-for-papers/

The Ruxcon team is pleased to announce the Call For Presentations for Ruxcon 2013.

This year the conference will take place over the weekend of the 26th and 27th
of October at the CQ Function Centre, Melbourne, Australia.

.[x]. About Ruxcon .[x].

Ruxcon is ia premier technical computer security conference...

[TOOL] TOPERA v2 released cr0hn (May 07)
Hi everybody,

We just released TOPERA v2:

TOPERA is a new security tool for IPv6, with the particularity that their attacks can't be detected by Snort.

This new version of TOPERA include these improvements:

1 - Slow HTTP attacks (Slowloris over IPv6).
2 - Improved TCP port scanner.

New project page:

http://toperaproject.github.io/topera/

Regards!...

[HITB-Announce] #HITB2013KUL Call for Papers Hafez Kamal (May 01)
Hi everyone - This is a Call for Papers for the 11th annual HITB
Security Conference in Malaysia, #HITB2013KUL which takes place on the
16th and 17th of October in Kuala Lumpur.

Keynote speakers for the conference will be Joe Sullivan (Chief Security
Officer, Facebook) and Andy Ellis (Chief Security Officer, Akamai)

We're looking for talks that are highly technical, but most importantly,
material which is new and cutting edge. Submissions...

Breakpoint 2013 Call For Papers cfp (May 01)
Breakpoint 2013 Call For Papers
Melbourne, Australia, October 24th-25th
Intercontinental Rialto
http://www.ruxconbreakpoint.com

.[x]. Introduction .[x].

The Ruxcon team is pleased to announce Call For Papers for Breakpoint 2013.

Breakpoint showcases the work of expert security researchers from around the
world on a wide range of topics. This conference is organised by the Ruxcon
team and offers a specialised security conference to...

Arachni v0.4.2 has been released (Open Source Web Application Security Scanner Framework) Tasos Laskos (Apr 29)
Hey folks,

This is just to let you know that there's a new version of Arachni.

Arachni is a modular and high-performance (Open Source) Web Application Security Scanner Framework written in Ruby.

The change-log is quite sizeable but the gist is:
* Brand new web interface -- allowing for team collaboration.
* Significant decreases in memory usage.
* Issue remarks – Providing extra context to logged issues.
* Improved payloads...

TXDNS v2.4 released Arley Silveira (Apr 17)
TXDNS v 2.4 is out and available to download from
http://txdns.net/

This new version adds support for reverse grinding.

Ex:
txdns -r 10-20.1.60-70.1-254,192.168.15.0/24

Cheers
Arley Silveira.
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without...

A survey on qunatifying severity of vulnerabilities in softwares Khalid Khan Afridi (Apr 17)
Hello!

I am currently performing my master thesis on the topic of quantifying the
severity of
software vulnerabilities.

As you have done significant work in this area, I would be glad if you
could spare a few
minutes of your time to answer a survey on the topic. It should not
require more than 15-20
minutes to complete.

The survey can be found at: http://secsurvey.ics.kth.se/index.php

Thank you for your attention!

Best Regards,
Khalid Khan...

Hackersh 0.1 Release Announcement Itzik Kotler (Apr 03)
Hi All,

I am pleased to announce the first version of Hackersh
(http://www.hackersh.org).

Hackersh ("Hacker Shell") is a free and open source shell (command
interpreter) written in Python with built-in security commands, and
out-of-the-box wrappers for various security tools, using Pythonect as
its scripting engine. Pythonect is a new, experimental,
general-purpose high-level dataflow programming language based on
Python. It aims to...

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

Firewall Wizards — Tips and tricks for firewall administrators

Re: Linked-in and its Phishing-like contacts option! lordchariot (May 01)
Yeah, I was trying to make this non-product specific, but most vendors can actually do this to some degree or another.

Here's how we do it on my product:

https://mcafee.box.com/MWG7-FeatureDemo-Part2

The problem with doing it at a network layer with an IDS is the SSL decryption. Almost everything nowadays is HTTPS, so
it's game over if you cannot open up the encryption.

e²

_____________________________________

From:...

Re: Linked-in and its Phishing-like contacts option! Jon Robinson (May 01)
It's not free but Palo Alto Networks does this.You can search here to see
which applications/sites they can control:
http://apps.paloaltonetworks.com/applipedia/

Jon Robinson
Digital Scepter
desk (951) 461-7868
mobile (562) 682-0821
jon () digitalscepter com

Re: Linked-in and its Phishing-like contacts option! Mathew Want (May 01)
Read only access to the sites. I like that idea a lot.

Has anyone else come across this requirement or found a good way to do it
at a control point level? Perhaps at the IDS layer?

M@

Re: OpenBSD IPSEC VPN question Chris Buechler (May 01)
You can, but that's a different circumstance. That would be IPsec
transport mode, which in combination with gif, GRE or similar
tunneling indeed doesn't have such requirements/quirks since there is
a route in the routing table in that case. Tunnel mode is more common,
which is what's applicable to the subject of this thread. Routing
table changes have no impact on whether traffic in BSD traverses a
tunnel mode IPsec connection,...

Re: OpenBSD IPSEC VPN question Paul D. Robertson (May 01)
It's been a while since I've done it, but Linux used to make an ipsec0 interface that was handled with the standard
routing table. Possibly in *BSD you need to use a gre or gif tunnel to achieve the same thing?

Paul

Re: OpenBSD IPSEC VPN question Chris Buechler (May 01)
This is true of all the BSDs with IPsec (and maybe Linux and other
*nix OSes but not sure of those). Traffic that doesn't have a specific
source IP set gets the source IP that's closest to the destination per
the routing table. IPsec doesn't have a routing table entry, traffic
follows the SPD. So it ends up getting the IP that's nearest the
default gateway, which is most always a public IP, which is most
always not going to...

Re: OpenBSD IPSEC VPN question David Lang (Apr 30)
That's what I would expect as well, but the person reporting the problem is
claiming that this is not the case on OpenBSD, that there are no routes visible
and connections _from_ the firewall need to explicitly set their source IP
address.

This doesn't sound right to me, but I am not an OpenBSD expert.

David Lang_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com...

Re: OpenBSD IPSEC VPN question Paul D. Robertson (Apr 30)
I'd expect a connect() to bind implicitly to IP_ADDR_ANY and have the system fill in the source address by default
based on the destination route if the client doesn't specify an explicit bind address and for traffic destined to go
through the VPN to do so- it sounds like it doesn't- but without more data, I'd be wary of troubleshooting it (NAT,
filtering...)

However, I'd also advocate being able to explicitly set the...

Breakpoint 2013 Call For Papers cfp (Apr 30)
Breakpoint 2013 Call For Papers
Melbourne, Australia, October 24th-25th
Intercontinental Rialto
http://www.ruxconbreakpoint.com

.[x]. Introduction .[x].

The Ruxcon team is pleased to announce Call For Papers for Breakpoint 2013.

Breakpoint showcases the work of expert security researchers from around the
world on a wide range of topics. This conference is organised by the Ruxcon
team and offers a specialised security conference to...

Re: OpenBSD IPSEC VPN question Bennett Todd (Apr 30)
When you've got a vpn up, you're multi-homed, the Unix way for a client to
choose a network to use, when there are multiple choices, is to specify the
src ip to bind to.

I think that's the behavior I'd expect anywhere.

Re: Linked-in and its Phishing-like contacts option! David Lang (Apr 30)
when you say turn off webmail, do you mean to cut off access to public webmail
servers from inside your network? or do you man to not run things like OWA that
expose your company mail to the Internet?

David Lang

firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Re: Proxy advantage David Lang (Apr 30)
If you start with the premise that the only thing that's a firewall is a packet
filter, especially with deep packet inspection being optionsl, then you are
going to be in rather bad shape.

I have run a fairly large organization with proxy firewalls (800+ people, 100+
separate networks), it can be done. In some areas it bypasses whole classes of
problems.

Even for user desktops you can do it, but you need to get a good proxy, not just...

Re: firewall-wizards Digest, Vol 64, Issue 3 phishing David Lang (Apr 30)
Except with the "Cloud" you as an organization give up a lot of the tools that
have been used in the past to secure things.

Plus, you have the DevOps approach being misinterpreted by management to mean
"engineers can do everything, they can bypass those annoying ops and security
folks to get things done"

It's going to be an interesting few years as everyone learns that you still need
admins and security folks in the...

Re: Linked-in and its Phishing-like contacts option! lordchariot (Apr 30)
I have a lot of requests from customers to try to make the web read-only. The main use cases are for social network,
blogs/wikis, and commenting on posts. The fundamental ways to do this are to 1) have MITM SSL decryption, and 2) block
the POST method for specific sites. Most commercial proxies can do this and even squid does SSL MITM.

By blocking POST to certain categories of sites and only allowing the POST for the */logon pages, users can...

OpenBSD IPSEC VPN question David Lang (Apr 30)
I'm seeing some odd reports on the rsyslog mailing list where someone is climing
that when using an IPSEC VPN on OpenBSD they have to explicitly set the source
IP address for all connections out from the firewall (tunnel endpoint) or else
the connection won't go through the tunnel. The person reporting this is
proposing modifications to rsyslog to have it force the local IP address for
outbound connections as a work-around for this...

Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

CONFidence - May, 28-29, Krakow, Poland - a conference adventure that never stops! Sławomir Jabs (May 17)
Everything has a story, everything evolves, adapts to changing circumstances
but does your IT Sec strategy evolve with the development of the digital
world?

Are you wiling to gamble on the security of you systems?

Join the upcoming CONFidence conference and meet both renown speakers and
specialists who deal with the IT security on a daily basis. People like,
you, who never stop asking questions and play with risks all the time...

We will...

RE: WASC Announcement: Static Analysis Technologies Evaluation Criteria Published Debasis Mohanty (May 17)
Good initiative! I feel one of the important element that is missing is the
"scoring mechanism". Based on what would you distinguish one product from
the other?

I created similar evaluation criteria nearly 7-8 years back for evaluating
SCA products using a QFD. That was the time I was introduced to 6-sigma and
thought a QFD is a best approach to have appropriate scoring for various
pilot parameters. However I never released it to the...

[HITB-Announce] HITB Magazine Issue 010 Hafez Kamal (May 14)
Hi everyone,

A small reminder that article submissions for HITB Magazine Issue 010
are due tomorrow (15th May 2013). If you're interested in submitting
please send your > 3000 word article to editorial () hackinthebox org

Topics of interest include, but are not limited to the following:

Next generation attacks and exploits
Apple / OS X security vulnerabilities
SS7/Backbone telephony networks
VoIP security
Data...

WASC Announcement: Static Analysis Technologies Evaluation Criteria Published announcements (May 11)
The Web Application Security Consortium (WASC) is pleased to announce the
Static Analysis Technologies Evaluation Criteria. The goal of the SATEC
project is to create a vendor-neutral set of criteria to help guide
application security professionals during the process of acquiring a
static code analysis technology that is intended to be used during
source-code driven security programs. This document provides a
comprehensive list of criteria that...

SpiderFoot 2.0 released Steve Micallef (May 06)
Hi everyone,

SpiderFoot is a free, open-source footprinting tool, enabling you to
perform various scans against a given domain name in order to obtain
information such as sub-domains, e-mail addresses, owned netblocks, web
server versions and so on. The main objective of SpiderFoot is to
automate the footprinting process to the greatest extent possible,
freeing up a penetration tester's time to focus their efforts on the
security...

[HITB-Announce] #HITB2013KUL Call for Papers Hafez Kamal (May 01)
Hi everyone - This is a Call for Papers for the 11th annual HITB
Security Conference in Malaysia, #HITB2013KUL which takes place on the
16th and 17th of October in Kuala Lumpur.

Keynote speakers for the conference will be Joe Sullivan (Chief Security
Officer, Facebook) and Andy Ellis (Chief Security Officer, Akamai)

We're looking for talks that are highly technical, but most importantly,
material which is new and cutting edge. Submissions...

Breakpoint 2013 Call For Papers cfp (May 01)
Breakpoint 2013 Call For Papers
Melbourne, Australia, October 24th-25th
Intercontinental Rialto
http://www.ruxconbreakpoint.com

.[x]. Introduction .[x].

The Ruxcon team is pleased to announce Call For Papers for Breakpoint 2013.

Breakpoint showcases the work of expert security researchers from around the
world on a wide range of topics. This conference is organised by the Ruxcon
team and offers a specialised security conference to...

Arachni v0.4.2 has been released (Open Source Web Application Security Scanner Framework) Tasos Laskos (Apr 29)
Hey folks,

This is just to let you know that there's a new version of Arachni.

Arachni is a modular and high-performance (Open Source) Web Application Security Scanner Framework written in Ruby.

The change-log is quite sizeable but the gist is:
* Brand new web interface -- allowing for team collaboration.
* Significant decreases in memory usage.
* Issue remarks – Providing extra context to logged issues.
* Improved payloads...

Administrivia - slow moderation this week Andrew van der Stock (Apr 28)
Hi all,

I'm going to be in Milan this week.

Not that there are many messages to moderate, but moderation will be
iffy / slow this next week, particularly during the bits where various
planes are flapping their wings and going "whoosh".

Normal moderation service will resume May 5.

thanks,
Andrew

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here -...

A survey on qunatifying severity of vulnerabilities in softwares Khalid Khan Afridi (Apr 18)
Hello!

I am currently performing my master thesis on the topic of quantifying the
severity of
software vulnerabilities.

As you have done significant work in this area, I would be glad if you
could spare a few
minutes of your time to answer a survey on the topic. It should not
require more than 15-20
minutes to complete.

The survey can be found at: http://secsurvey.ics.kth.se/index.php

Thank you for your attention!

Best Regards,
Khalid Khan...

Defcon DCG Kerala Information Security Meet 2013 Ajin Abraham (Apr 07)
Defcon DCG Kerala Information Security Meet 2013
=====================================
Defcon DCG Kerala (DC0497) is a Defcon USA registered group for
promoting and demonstrating research and development in the field of
Information Security. We are a group of Information Security
Enthusiasts actively interested in promoting information security.
Defcon Kerala Information Security Meet will be a platform for
security analysts, ethical hackers,...

c0c0n 2013 - Call For Papers and Call For Workshops c0c0n International Information Security Conference (Apr 06)
/ _ \ / _ \ |__ \ / _ \/_ |___ \
___| | | | ___| | | |_ __ ) | | | || | __) |
/ __| | | |/ __| | | | '_ \ / /| | | || ||__ <
| (__| |_| | (__| |_| | | | | / /_| |_| || |___) |
\___|\___/ \___|\___/|_| |_| |____|\___/ |_|____/

###################################################
c0c0n 2013 - Call For Papers and Call For Workshops
###################################################

August 22-24, 2013 -...

winAUTOPWN v3.4 Released - Completing 4 years !! QUAKER DOOMER (Mar 27)
Dear all,

This is to announce release of winAUTOPWN version 3.4.
Conceived and released in 2009, WINDOWS AUTOPWN grows strong completing its 4th year.
Visit: http://winautopwn.co.nr

++++++++++++++++++++
About winAUTOPWN:

winAUTOPWN is a unique exploit framework which aids in auto (hacking) / shell gaining as well as in exploiting
vulnerabilities to conduct Remote Command Execution, Remote File/Shell Upload, Remote File Inclusion and...

Unauthorized Access: Bypassing PHP strcmp() Danux (Mar 03)
Hope you enjoy it.

http://danuxx.blogspot.com/2013/03/unauthorized-access-bypassing-php-strcmp.html

NoSuchCon CFP 2.0 / 15-17 May 2013 / Paris, France Jonathan Brossard (Feb 25)
*******************************************************************************

PARENTAL ADVISORY: 100% technical content
*******************************************************************************

+--------------------------------------------------------------+
= =
= NoSuchCon - CFP 2.0 =
=...

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

D2Sec's Elliot Dave Aitel (May 06)
http://www.d2sec.com/news/driving_d2_elliot_with_immunity_canvas.html

There's a lot of different kinds of exploits - and many people ignore
the web exploits that are not for Wordpress. This is usually a mistake
because, especially as we look at #OpUSA and #OpIsreal and the like, a
lot of people are running all sorts of web applications with all sorts
of esoteric web vulnerabilities on them. Which is why our close and
continuing friends over...

SyScan 2013 Dave Aitel (May 02)
It's really only after you finish writing a keynote that you know what
it's about. In a sense, everyone around you writes it with you as you
talk through it with people. The one I delivered at SyScan itself was
funnier. . . although even so, not very funny. Not everything is funny!
Even things that include Buffy.

"Things Buffy the Vampire Slayer Taught Me About CyberWar - SyScan 2013
Keynote)"...

Yet Another Java Security Warning Bypass Esteban Guillardoy (Apr 25)
Hi everyone!

I wrote a blog post about another Java Security Warning Bypass that
you may find interesting ;)

Just go to the Immunity blog and enjoy:
http://immunityproducts.blogspot.com/2013/04/yet-another-java-security-warning-bypass.html

Cheers
Esteban

Answering Lurene's Question Dave Aitel (Apr 21)
So the kids are in NY so I've gotten a full night's sleep for the first
time in about a while, and parts of my brain I didn't realize were
malfunctioning now have blood and oxygen and whatever soupy hormones
they need to start sparking back up. I'm working on my SyScan talk,
which is due next week, so I wanted to warm up by answering a question
for Lurene.

----

Imagine it's 2030 and we finally understand a few things...

Students teaching trainers Alex McGeorge (Apr 17)
Aloha list,

We do a lot of teaching at Immunity and it's something I think we've
gotten pretty good at over the years. Part of improving your teaching
offerings is doing some hard reflection on what did and didn't work for
the most recent class which is what we're in the process of doing for
web hacking right now. Most of those lessons only make sense from an
internal perspective but there are some things that other people...

Re: Linux Hangman Rules Michal Zalewski (Apr 17)
[lcamtuf () raccoon ~]$ gdb
(gdb) shell id
uid=500(lcamtuf) gid=500(lcamtuf) groups=100(users),500(lcamtuf)

Oh no!

/mz

Linux Hangman Rules Dave Aitel (Apr 17)
http://blog.ioactive.com/2013/04/can-gdbs-list-source-code-be-used-for.html

So reading the above blog is amusing for many reasons. But it did make a
lot of people sit around looking at the funniest games you could play on
modern Linux. For example, Linux Hangman.

Linux Hangman Rules
You take turns putting setuid root onto files in /usr/bin /usr/sbin/,
etc. and if your opponent can use that to get root, even via a
convoluted scenario, then you...

Re: Recent experiences with ZDI? Jim Manico (Apr 17)
Here is a pretty comprehensive list of bug bounty programs to help kick
start the conversation.

http://bugcrowd.com/list-of-bug-bounty-programs/

- Jim

Recent experiences with ZDI? patrick patrick (Apr 15)
Hi guys,

I haven´t had dealings with ZDI in years, but I´ve heard some rumors of
people getting screwed over by them recently.

Can somebody confirm or deny this?

Is there currently a safe&legal alternative to get rewarded for bughunting?

Thanks
P

Android Application (Dalvik) Memory Analysis & the Chuli Malware Joe Sylve (Apr 15)
Hello,

We wanted to take the opportunity to point you to a blog post which gives a
preview of some of the research we've been working on at 504ENSICS Labs in
the area of Android memory analysis. We think our results will be of great
interest to the DFIR community and look forward to your feed back.

The blog post can be found here:

http://www.504ensics.com/android-application-dalvik-memory-analysis-the-chuli-malware/

---
Joe T. Sylve,...

top game Dave Aitel (Mar 22)
In some parallel universe you can hear Yoda say to a younger Disciple,
"How are you going to control EIP if you can't even control your own anger?"

Perhaps not Yoda. Perhaps Halvar.

Regardless, if for whatever reason you wanted to hear more about
Brazilian Jiu Jitsu or INFILTRATE, then you can hit up the podcast I did
this morning with Ryan Naraine
here:...

Gifts Dave Aitel (Mar 21)
Angel <http://en.wikipedia.org/wiki/Angel_%28Buffyverse%29>: And
Buffy, be careful with this gift. A lot of things that seem strong
and good and powerful, they can be painful.
Buffy <http://en.wikipedia.org/wiki/Buffy_Summers>: Like, say...
immortality?
Angel: Exactly. I'm dying to get rid of that.

We put the 32 bit (or we will shortly) version of the PTRACE exploit
into CANVAS Early Updates. I know there...

Re: RSA Shawn (Mar 21)
I putted these slides into one tar file:
http://hfg-resources.googlecode.com/files/RSA-US-2013.tar.bz2

"Seeing is believing" Dave Aitel (Mar 19)
So a while back I asked what the point of PWN2OWN was, and Mark Dowd
said that of course many people have never SEEN a modern exploit, and
hence it has some strategic value. I think for Google it's also useful
to see what new bugclasses exist in their products that people have not
otherwise publicly told them about, as well. The main bugclass is being
arrogant enough to believe they can write something memory safe in C++,
but we'll get...

Re: The Truth of TrueType Justin Seitz (Mar 11)
Sometimes Dave fails at pasting things, that's why the rest of us are here:

http://immunityproducts.blogspot.com.ar/2013/03/infiltrate-preview-truetype-font.html

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

Re: [GPWN-list] Avoiding IPS Detection Tim Tomes (May 21)
OK, let me provide a little more detail. You've done reconnaissance,
and there wasn't enough information to make precise targetted attacks.
You need to probe the network (i.e. nmap scans) to find available
services. You can't go to your local coffee shop or use a service like
anonymizer because they are detecting and blocking too aggressively to
experience the benefits of either. Your only choice is avoidance.

I know some of you...

Re: Ec-council (Certified Ethical Hacker) gets Hacked Carlos Perez (May 21)
Well that case was not indexing, he did automated an went further than that with no permission and his chat logs do not
reflect it was to responsibly notify AT&T, plus challenging the judge was not as smart idea
http://www.justice.gov/usao/nj/Press/files/pdffiles/2011/Spitler,%20Daniel%20et%20al.%20Complaint.pdf he did got way to
much time in the puns in the ass for it.

Re: Ec-council (Certified Ethical Hacker) gets Hacked Patrick Laverty (May 21)
Maybe not but apparently it's enough to get you 3 1/2 years in jail if you
do it to AT&T.

Re: Ec-council (Certified Ethical Hacker) gets Hacked yersinia (May 21)
Hi to all

I'm part of the EC-COUNCIL group on linkedin. There were two posts on
this topic. The most recent (11 hours ago) is the following

"

**Updated** Message from EC-Council

On May 16th, 2013, EC-Council was notified of an article that stated
an alleged hack had taken place on EC-Council Servers. Upon
notification, EC-Council immediately investigated the issue. Contrary
to the news reported by E Hacking News this week,...

Avoiding IPS Detection Tim Tomes (May 21)
I'm compiling a list of preferred methods for probing networks while
avoiding IDS/IPS detection. Any and all input is appreciated. Thanks.

Re: [GPWN-list] Avoiding IPS Detection Jamil Ben Alluch (May 21)
Hello Tim,

You could take a look at these links, they provide some information:
http://en.wikipedia.org/wiki/Intrusion_detection_system_evasion_techniques
http://insecure.org/stf/secnet_ids/secnet_ids.html

Hope this helps.

Best regards,

Re: Ec-council (Certified Ethical Hacker) gets Hacked allison nixon (May 21)
where are all those ethical hackers who could have notified them of the
indexing problem? that's a pretty obvious flaw.

oh right, it would be unethical to test that...

Re: Ec-council (Certified Ethical Hacker) gets Hacked Charles Watathi (May 21)
Hi,

http://www.net-security.org/secworld.php?id=14923seems the guy got
root to the servers through uploading a webshell to the
cms

Re: OSCP certification? Ryan B (May 21)
Hi Don,

I got my start in InfoSec with the OSCP and I would highly recommend the
course if you're new(ish) to Penetration Testing (more novice than absolute
beginner, although both are fine, one will require more personal study
though) It is by no means the only training you should get and I'd
recommend you continue your studies after the course but if you're looking
for a Pentester Bootcamp, it's really good.

The best part...

Re: Ec-council (Certified Ethical Hacker) gets Hacked Robin Wood (May 21)
Not really a hack if all that happened was that they found indexing on a
few directories.

Re: Ec-council (Certified Ethical Hacker) gets Hacked iamnowonmai (May 21)
Not me, man. I work for the other team.

Re: Ec-council (Certified Ethical Hacker) gets Hacked Ryan Dewhurst (May 20)
Anyone a member of their group on linkedin? Seems they posted their
official reply there, but I'm not a member and they're unlikely to aprove
my membership request.

Re: Howto update (security patches) Java on Windows 8 Ryan (May 20)
Here is the vendor link I use to remember how to grab the MSI:

http://www.java.com/en/download/help/msi_install.xml

And of course the manual download link:
http://java.com/en/download/manual.jsp

My experience is by default it will remove old versions of the same major
version as the installer.

Ryan

----- Original Message -----
From: "Carlos Perez" <carlos_perez () darkoperator com>
To: "PaulDotCom Security Weekly...

Re: SQL cheat sheat Bruce Barnett (May 20)
RSnake gives a list of thought-provoking techniques
http://ha.ckers.org/sqlinjection/

First week of Month of Volatility Plugins II is posted Andrew Case (May 20)
Hello,

We are writing as the first week of the second installment of the
Month of Volatility Plugins is now posted. Volatility 2.3 is currently
in beta, and the blog posts are focusing on new features in this
version. This week's posts discussed a number of new address spaces we
have added to support new hardware architectures and file formats.

The first one is the MachO address space used to support Mac Memory Reader:...

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

Microsoft Security Bulletin Minor Revisions Microsoft (May 16)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: May 15, 2013
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS13-045

Bulletin Information:
=====================

* MS13-045 - Important

-...

Microsoft Security Advisory Notification Microsoft (May 14)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: May 14, 2013
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (2846338)
- Title: Vulnerability in Microsoft Malware Protection Engine
Could Allow Remote Code Execution
-...

Microsoft Security Bulletin Minor Revisions Microsoft (May 14)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: May 14, 2013
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS13-009

Bulletin Information:
=====================

* MS13-009 - Critical

-...

Microsoft Security Bulletin Summary for May 2013 Microsoft (May 14)
********************************************************************
Microsoft Security Bulletin Summary for May 2013
Issued: May 14, 2013
********************************************************************

This bulletin summary lists security bulletins released for
May 2013.

The full version of the Microsoft Security Bulletin Summary for
May 2013 can be found at
http://technet.microsoft.com/security/bulletin/ms13-may.

With the release of...

Microsoft Security Bulletin Advance Notification for May 2013 Microsoft (May 09)
********************************************************************
Microsoft Security Bulletin Advance Notification for May 2013
Issued: May 9, 2013
********************************************************************

This is an advance notification of security bulletins that
Microsoft is intending to release on May 14, 2013.

The full version of the Microsoft Security Bulletin Advance
Notification for May 2013 can be found at...

Microsoft Security Advisory Notification Microsoft (May 08)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: May 8, 2013
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (2847140)
- Title: Vulnerability in Internet Explorer Could Allow
Remote Code Execution
-...

Microsoft Security Advisory Notification Microsoft (May 04)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: May 3, 2013
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory (2847140)
- Title: Vulnerability in Internet Explorer Could Allow
Remote Code Execution
-...

Microsoft Security Bulletin Minor Revisions Microsoft (Apr 26)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: April 26, 2013
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS12-043

Bulletin Information:
=====================

* MS12-043 - Critical

-...

Microsoft Security Bulletin Minor Revisions Microsoft (Apr 24)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: April 24, 2013
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS13-028
* MS13-031
* MS13-036
* MS13-APR

Bulletin Information:
=====================

*...

Microsoft Security Bulletin Re-Releases Microsoft (Apr 23)
********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: April 23, 2013
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS13-036 - Important
* MS13-apr

Bulletin Information:
=====================

* MS13-036 -...

Microsoft Security Bulletin Minor Revisions Microsoft (Apr 18)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: April 17, 2013
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS13-036

Bulletin Information:
=====================

* MS13-036 - Important

-...

Microsoft Security Bulletin Minor Revisions Microsoft (Apr 16)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: April 16, 2013
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS13-034

Bulletin Information:
=====================

* MS13-034 - Important

-...

Microsoft Security Bulletin Summary for April 2013 Microsoft (Apr 09)
********************************************************************
Microsoft Security Bulletin Summary for April 2013
Issued: April 9, 2013
********************************************************************

This bulletin summary lists security bulletins released for
April 2013.

The full version of the Microsoft Security Bulletin Summary for
April 2013 can be found at
http://technet.microsoft.com/security/bulletin/ms13-apr.

With the...

Microsoft Security Bulletin Advance Notification for April 2013 Microsoft (Apr 04)
********************************************************************
Microsoft Security Bulletin Advance Notification for April 2013
Issued: April 4, 2013
********************************************************************

This is an advance notification of security bulletins that
Microsoft is intending to release on April 9, 2013.

The full version of the Microsoft Security Bulletin Advance
Notification for April 2013 can be found at...

Microsoft Security Bulletin Minor Revisions Microsoft (Apr 03)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: April 3, 2013
********************************************************************

Summary
=======
The following bulletins have undergone minor revision increments.
Please see the bulletin for more details.

* MS13-007
* MS13-022

Bulletin Information:
=====================

* MS13-007 - Important

-...

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

US CERT: Washington, DC Radio Station Web Site Compromises Jeffrey Walton (May 21)
This is kind of interesting.... I've don't believe I have ever
received a US CERT bulletin calling out a website for distributing the
flyby goodness.

I wonder if the radio station does not fully support the current
regime. Could it be more tactics like we have recently seen at the
IRS?

https://www.us-cert.gov/ncas/alerts/TA13-141A

Internet Census 2012 data search engine launched Juha-Matti Laurio (May 21)
http://www.exfiltrated.com/querystart.php

Juha-Matti

OT: Attorney General Eric Holder on 'Too Big to Jail' Jeffrey Walton (May 18)
http://www.americanbanker.com/issues/178_45/transcript-attorney-general-eric-holder-on-too-big-to-jail-1057295-1.html

The following is a transcript of Attorney General Eric Holder's
remarks before the Senate Judiciary Committee, in which he discusses
the idea that some banks are 'Too Big to Jail.'

Sen. Chuck Grassley, R-Iowa: In the case of bank prosecution. I'm
concerned we have a mentality of 'too big to jail' in...

Re: [funsec] Skype with care â€“ Microsof t is reading everything you write Jeffrey Walton (May 17)
That's not really practical in many cases. What do consumers have when
all carriers and handset manufacturers do it? Its certainly not
choice.

All are likely doing it to some degree or another. Again, no choice.

Monopolistic policy and practice in industry used to be kept in check.
Case studies include the steel, railroad, and oil barons. For the old
steel, railroad, and oil barons, the interesting thing (in my opinion)
was why it...

Re: Skype with care â€“ Microsof t is reading everything you write Blanchard, Michael (InfoSec) (May 17)
There is always a clause in ALL of those ELUA's stating that they can change at anytime, without notice usually too.
Your only recourse is to stop using the product if you don’t like the EULA. Sucks yes, but until a better product
comes along that is as widely adopted, well, we're stuck.... Who's to say what Apple is doing with Facetime?

Those folks that complain about "evil empires" are the cause of their own...

Re: [funsec] Skype with care â€“ Microsof t is reading everything you write Jeffrey Walton (May 17)
In the US, they call those "Material Adverse Change" (MACs).

Its a bitch we have to accept those adverse changes just to get bug
fixes and security patches for defective products. It seems like
illegal tying to me, and I wonder why the FTC has not stepped in. In
the US, politicians are bought and sold like trading cards, so I don't
expect it to change anytime soon.

Jeff

Re: [funsec] Skype with care â Microsoft is re ading everything you write Rob, grandpa of Ryan, Trevor, Devon & Hannah (May 17)
As it happens, I'm currently reviewing an intriguing book ("Boilerplate") that
addresses all kinds of issues around "agreements" and consent. Particularly for
those of us who joined Skype before MS bought it, and therefore "agreed" to a
very different set of rules ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade ()...

Re: Skype with care Joel Esler (May 17)
Skype is a free tool.

You get, what you pay for. Same with Google and their products, etc.

Re: Skype with care Jeffrey Walton (May 16)
Nice, but I don't agree with some of Bott's conclusions. Especially
the one made about visiting a site/fetching a header. If its just host
reputation, all the reputation service needs is the URL, without the
need to visit the host.

Do you think a M$ engineer tossed us a bread crumb to let us know the
degree of invasion? Why else take the risk of leaking interception
results like this originating from encrypted traffic that users expect...

Re: Skype with care Juha-Matti Laurio (May 16)
A different point of view also:

http://www.zdnet.com/is-microsoft-reading-your-skype-instant-messages-7000015388/

Juha-Matti

Jeffrey Walton [noloader () gmail com] kirjoitti:

Re: [funsec] Skype with care – Microsoft is reading everything you write Jeffrey Walton (May 16)
A couple of follow ups on this....

"Skype backdoor confirmation,"
http://lists.randombit.net/pipermail/cryptography/2013-May/004224.html

and

"All Your Skype Are Belong To Us,"
http://financialcryptography.com/mt/archives/001430.html

They're not even trying any more Rich Kulawiec (May 16)
Domains registered by the Discovery Channel yesterday:

19kidsandcounting.net
40yearchildanewcase.com
40yearchildanewcase.net
7littlejohnstons.com
7littlejohnstons.net
900poundmantheraceagainsttime.com
900poundmantheraceagainsttime.net
alaskathelastfrontier.net
americasworsttattoos.net
amishmafia.net
backyardoil.net
beringseagoldundertheice.net...

Skype with care – Microsoft is reading everything you write Jeffrey Walton (May 16)
(Thanks to KW in a private email).

http://www.h-online.com/security/news/item/Skype-with-care-Microsoft-is-reading-everything-you-write-1862870.html

Anyone who uses Skype has consented to the company reading everything
they write. The H's associates in Germany at heise Security have now
discovered that the Microsoft subsidiary does in fact make use of this
privilege in practice. Shortly after sending HTTPS URLs over the
instant messaging...

Private drone spying ... Rob, grandpa of Ryan, Trevor, Devon & Hannah (May 14)
OK, get out your legal arguments: privately-owned "peeping tom" drones are now
in use ...

http://www.theatlantic.com/technology/archive/2013/05/so-this-is-how-it-begins-
guy-refuses-to-stop-drone-spying-on-seattle-woman/275769/

or

http://is.gd/CWnpGJ

====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
Hardware has grown following...

[HITB-Announce] HITB Magazine Issue 010 Hafez Kamal (May 14)
Hi everyone,

A small reminder that article submissions for HITB Magazine Issue 010
are due tomorrow (15th May 2013). If you're interested in submitting
please send your > 3000 word article to editorial () hackinthebox org

Topics of interest include, but are not limited to the following:

Next generation attacks and exploits
Apple / OS X security vulnerabilities
SS7/Backbone telephony networks
VoIP security
Data...

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

Alert - Upcoming Mail Delivery Changes US-CERT Alerts (May 10)
National Cyber Awareness System
US-CERT Alert - Upcoming Mail Delivery Changes

Thank you for being a subscriber to our US-CERT Alerts product. We
are striving to keep our capabilities at the leading edge of
communication. You may have noticed we've redesigned and upgraded our
website recently and as a part of that process, on May 14th, we are
migrating to GovDelivery as our email subscription service. As a
current subscriber you will...

Current Activity - Upcoming Mail Delivery Changes Current Activity (May 10)
National Cyber Awareness System

Thank you for being a subscriber to our US-CERT Current Activity
product. We are striving to keep our capabilities at the leading edge
of communication. You may have noticed we've redesigned and upgraded
our website recently and as a part of that process, on May 14th, we
are migrating to GovDelivery as our email subscription service. As a
current subscriber you will need to do nothing. You will notice a...

Current Activity - Microsoft Releases Advance Notification for May 2013 Security Bulletin Current Activity (May 09)
National Cyber Awareness System
Microsoft Releases Advance Notification for May 2013 Security Bulletin

Original release date: May 09, 2013

Microsoft has issued a Security Bulletin Advanced Notification
indicating that its May release will contain 10 bulletins. These
bulletins will have the severity rating of critical and important and
will be for Microsoft Windows, Office, Internet Explorer, .NET
Framework, Lync, and Windows Essentials. These...

Current Activity - Adobe Releases Security Advisory for ColdFusion Current Activity (May 09)
National Cyber Awareness System
Adobe Releases Security Advisory for ColdFusion

Original release date: May 09, 2013

Adobe has identified a critical vulnerability affecting ColdFusion 10,
9.0.2, 9.0.1, 9.0, and earlier versions for Windows, Macintosh, and
UNIX. This vulnerability (CVE-2013-3336) could permit an unauthorized
user to remotely retrieve files stored on a server. There are reports
that an exploit of this vulnerability is publicly...

Current Activity - Microsoft Releases Security Advisory for Internet Explorer Current Activity (May 07)
National Cyber Awareness System
Microsoft Releases Security Advisory for Internet Explorer

Original release date: May 07, 2013

Microsoft is investigating public reports of a remote code execution
vulnerability in Internet Explorer 8 and is aware of attacks that
attempt to exploit this vulnerability. This vulnerability may allow an
attacker to execute arbitrary code if a user accesses a specially
crafted website. Microsoft is actively working...

Current Activity - Cisco Releases Security Advisories Current Activity (Apr 25)
National Cyber Awareness System
Cisco Releases Security Advisories

Original release date: April 25, 2013

Cisco has released three security advisories to address vulnerabilities
affecting Cisco NX-OS-based products, Cisco Device Manager, and Cisco
Unified Computing System. These vulnerabilities may allow an attacker to
bypass authentication controls, execute arbitrary code, obtain sensitive
information, or cause a denial-of-service condition....

Current Activity - Apple Releases Security Updates for Safari Current Activity (Apr 18)
National Cyber Awareness System
Apple Releases Security Updates for Safari

Original release date: April 18, 2013

Apple has released security updates for Safari 6.0.4 WebKit to address
multiple vulnerabilities. These vulnerabilities could allow a remote
attacker to execute arbitrary code or cause a denial-of-service
condition.

Safari 6.0.4 WebKit updates are available for the following versions:
* OS X Lion v10.7.5
* OS X Lion Server v10.7.5...

Alert TA13-107A: Oracle has released multiple updates for Java SE US-CERT Alerts (Apr 18)
National Cyber Awareness System
TA13-107A: Oracle has released multiple updates for Java SE

Original release date: April 17, 2013

Systems Affected

* JDK and JRE 7 Update 17 and earlier
* JDK and JRE 6 Update 43 and earlier
* JDK and JRE 5.0 Update 41 and earlier
* JavaFX 2.2.7 and earlier

Overview

Oracle has released a Critical Patch Update (CPU) for Java SE. Oracle
strongly recommends that customers apply CPU fixes as soon as possible....

Current Activity - Scams Exploiting Boston Marathon Explosion Current Activity (Apr 17)
National Cyber Awareness System
Scams Exploiting Boston Marathon Explosion

Original release date: April 17, 2013

Malicious actors are exploiting the April 15 explosions at the Boston
Marathon in attempts to collect money intended for charities and to
spread malicious code. Fake websites and social networking accounts have
been set up to take advantage of those interested in learning more
details about the explosions or looking to contribute to...

Current Activity - Malicious Actors May Take Advantage of Boston Marathon Explosion Current Activity (Apr 17)
National Cyber Awareness System
Malicious Actors May Take Advantage of Boston Marathon Explosion

Original release date: April 17, 2013

Historically, scammers, spammers, and other malicious actors capitalize
on major news events by registering domain names related to the events.
Malicious actors may attempt to exploit the April 15, 2013 explosions at
the Boston Marathon in this way. Some may use fake domains to take
advantage of those interested...

Current Activity - Oracle Releases April 2013 Security Advisory Current Activity (Apr 17)
National Cyber Awareness System
Oracle Releases April 2013 Security Advisory

Original release date: April 17, 2013

Oracle has released its Critical Patch Update for April 2013 to address
128 vulnerabilities across multiple products. This update contains the
following security fixes:
* 4 for Oracle Database Server
* 29 for Oracle Fusion Middleware
* 6 for Oracle E-Business Suite
* 3 for Oracle Supply Chain Products Suite
* 11 for Oracle...

Current Activity - WordPress Sites Targeted by Mass Brute-force Botnet Attack Current Activity (Apr 15)
National Cyber Awareness System
WordPress Sites Targeted by Mass Brute-force Botnet Attack

Original release date: April 15, 2013

US-CERT is aware of an ongoing campaign targeting the content management
software WordPress, a free and open source blogging tool and web
publishing platform based on PHP and MySQL. All hosting providers
offering WordPress for web content management are potentially targets.
Hackers reportedly are utilizing over 90,000...

Current Activity - Microsoft Releases April 2013 Security Bulletin Current Activity (Apr 09)
National Cyber Awareness System
Microsoft Releases April 2013 Security Bulletin

Original release date: April 04, 2013 | Last revised: April 09, 2013

Microsoft has released updates to address vulnerabilities in Microsoft
Windows, Office, Internet Explorer, Server Software, and Security
Software as part of the Microsoft Security Bulletin summary for April
2013. These vulnerabilities could allow remote code execution, elevation
of privilege,...

Current Activity - Microsoft Releases Advance Notification for April 2013 Security Bulletin Current Activity (Apr 04)
National Cyber Awareness System
Microsoft Releases Advance Notification for April 2013 Security Bulletin

Original release date: April 04, 2013

Microsoft has issued a Security Bulletin Advance Notification indicating
that its April release will contain nine bulletins. These bulletins will
have the severity rating of critical and important and will be for
Microsoft Windows, Office, Internet Explorer, Server Software, and
Security Software. These...

Current Activity - Mozilla Releases Multiple Updates Current Activity (Apr 03)
National Cyber Awareness System
Mozilla Releases Multiple Updates

Original release date: April 03, 2013

The Mozilla Foundation has released updates to address multiple
vulnerabilities. These vulnerabilities could allow an attacker to
initiate a cross-site scripting attack or obtain sensitive information,
enable privilege escalation or execute arbitrary code, or cause a
denial-of-service condition.

Updates to the following products are...

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

Moodle security notifications public Michael de Raadt (May 21)
The following security notifications are now public. Thanks to OSS
members for their cooperation.

=======================================================================
MSA-13-0020: Capability issue in Assignment

Description: The assignment module was not checking capabilities
for users downloading all assignments as a zip.
Issue summary: Students can download assignments submitted by other...

CVE assignments for Wireshark 1.8.7 and 1.6.15 cve-assign (May 20)
Use CVE-2013-3555.

Use CVE-2013-3556 for the Bug 8599 issue addressed in r48943.

Use CVE-2013-3557 for the Bug 8599 issue addressed in r48944.

It is possible that CVE-2013-3556 only affects people who made their
own builds from the Wireshark trunk, and does not affect users of any
Wireshark release. Although MITRE does not always assign CVE names for
such development-code issues, in this case it is useful for clarifying
the scope of...

Re: Re: CVE Request -- Wireshark: Upstream v1.8.7, v1.6.15 fixes Kurt Seifried (May 20)
So just to confirm: ALL wireshark CVEs are handled by upstream sending
a request direct to Mitre? Cool by me.

Re: CVE Request -- Wireshark: Upstream v1.8.7, v1.6.15 fixes cve-assign (May 20)
Wireshark upstream sends advance requests for CVE assignments to MITRE
(for these releases and apparently all other releases in the past year
or more). MITRE will be sending our 1.8.7/1.6.15 CVE assignments to
oss-security also, almost certainly today.

Re: CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Tomas Hoger (May 20)
...

There should be no need for two separate CVEs for this issue.
Problematic match_hostname was developed in Python 3. As its
functionality is needed by Python 2 users, and it is not provided by
the standard library, Python 3 implementation was made available via
different module. It's the same code, packaged in python (3.x) and
python-backports-ssl_match_hostname packages. The same CVE should
apply to both.

Given that CVE-2013-2099...

tty-hijacking & CVE-2005-4890 - redux mancha (May 20)
Hello.

A recent use-case on Slackware made me re-visit CVE-2005-4890
in the context of "su -c". Particularly, shadow's implementation
as of shadow 4.1.5.

During the discussions of this CVE (see footer links), it was
pointed out shadow's fix is partial given interactive su remains
vulnerable to tty-hijacking. It was also mentioned this vector
is less worrisome given use cases for interactive su are primarily
privilege...

CVE Request -- Wireshark: Upstream v1.8.7, v1.6.15 fixes Jan Lieskovsky (May 20)
Hello Kurt, Steve, vendors,

Wireshark upstream has released 1.8.7, 1.6.15 versions,
correcting multiple security flaws:

1) http://www.wireshark.org/security/wnpa-sec-2013-31.html
https://bugzilla.redhat.com/show_bug.cgi?id=965110

2) http://www.wireshark.org/security/wnpa-sec-2013-30.html
https://bugzilla.redhat.com/show_bug.cgi?id=965111

3) http://www.wireshark.org/security/wnpa-sec-2013-29.html...

Re: CVE Request: Man in the middle on Gentoo Portage binary package installer Pavel Labushev (May 20)
emerge --sync uses plain rsync without any integrity verification. One
should worry about /Packages not before he started obtaining portage
tree using emerge-webrsync together with the webrsync-gpg feature
instead of emerge --sync.

Re: plone, rrdtool, zenoss bugs Henri Salo (May 19)
Tested Debian wheezy packages:

python-rrdtool 1.4.7-2
python2.7 2.7.3-6

Backtrace attached. Might affect other software too.
Debian bug: http://bugs.debian.org/708866

---
Henri Salo
(gdb) run -c "import rrdtool;rrdtool.graph('/tmp=/out.png','-f','%n%n')"
Starting program: /usr/bin/python2.7 -c "import rrdtool;rrdtool.graph('/tmp=/out.png','-f','%n%n')"
[Thread...

Re: Re: CVE Request: DoS in OpenSMTPD TLS Support Gilles Chehade (May 19)
Yes, that would have been much nicer.

We discovered the CVE request at the same time as everyone, on two
public lists along with a script that allows any kiddie to trigger
it... sent by a package maintainer we had talked to minutes ago to
explain the issue and who knew the fix release was two days away.

Anyway, what's done is done, we released earlier, hopefully we get
a bit more coordination next time.

Hopefully, we don't need too...

Re: Re: CVE Request: DoS in OpenSMTPD TLS Support Kurt Seifried (May 19)
For future reference you can get CVEs privately, although if you're
not the official upstream this means there is a greater chance of
duplicates (and thus of me saying "no, make a public request). So if
you want to do this a possible compromise is to email me and the
upstream and if upstream replies that it's ok then I'd probably go ahead.

Agreed, generally with public source code commits fixing an issue we
consider it public...

More zPanel security flaws? Trying to sort them out Kurt Seifried (May 19)
So the head of the zPanel project "ballen" ("Bobby Allen" according to
Google) reports:

http://forums.zpanelcp.com/showthread.php?27608-ZPanelCP-Server-has-not-been-compromised

======
4) Security issues raised
The security issues mentioned in the following article
(http://imgur.com/a/lzRuo) are already fixed, however we are a short
way off being able to release the new version. All known security
vulnerabilities have been...

Re: CVE Request: DoS in OpenSMTPD TLS Support Jason A. Donenfeld (May 19)
Sorry about that. I was in the midst of bumping packages in gentoo to
the snapshot where you had fixed the issue, when I figured it might be
wise to also get the issue tracked with a CVE asap. Sorry for jumping
the gun.

The quote was "I haven't looked into why this happens or if memory
corruption / code execution is a possibility, but at the very least,
it's a nasty DoS."

Which is why I figured it was already a public issue,...

Re: Re: CVE Request: DoS in OpenSMTPD TLS Support Kurt Seifried (May 18)
A snapshot has been posted to http://www.opensmtpd.org/archives/ , but

Please use CVE-2013-2125 for this issue.

Re: CVE request: WordPress plugin wp-cleanfix CSRF Kurt Seifried (May 18)
Ok this is a slightly messy one. Normally yes, WP admin can modify the
site and thus execute arbitrary PHP, so a remote flaw that allows php
command execution only for admin would be a security flaw (e.g. worth
of hardening) but not typically a security vulnerability (e.g. worthy
of a CVE and full security treatment).

However in this case it is exploitable, the CSRF provides a vector for
exploitation. So it's gets a separate CVE.

So please...

Secure Coding — The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.

CFP: Workshop on Risk Perception in IT Security and Privacy at SOUPS Larry Koved (May 20)
Short position statements due next Thursday, May 30

Workshop on Risk Perception in IT Security and Privacy

A workshop of the Symposium On Usable Privacy and Security (SOUPS)
http://cups.cs.cmu.edu/soups/2013/

For full details, please see: http://cups.cs.cmu.edu/soups/2013/risk.html

This workshop is an opportunity to bring together researchers and
practitioners to share experiences, concerns and ideas about how to
address the gap between...

Correction: W2SP 2013 - Web 2.0 Security and Privacy workshop - Final call for participation Larry Koved (May 20)
*** My apologies for another email. Only ONE week until the workshop! ***

Call for participation: Only ONE week until the workshop!

The workshop and program chairs invite you to participate in the 7th W2SP
workshop.

The goal of this one-day workshop is to bring together researchers and
practitioners from academia and industry to focus on understanding Web
security and privacy issues, and to establish new collaborations in these
areas....

W2SP 2013 - Web 2.0 Security and Privacy workshop - Final call for participation Larry Koved (May 20)
Call for participation: Only three weeks until the workshop!

The workshop and program chairs invite you to participate in the 7th W2SP
workshop.

The goal of this one-day workshop is to bring together researchers and
practitioners from academia and industry to focus on understanding Web
security and privacy issues, and to establish new collaborations in these
areas.

The list of this year's accepted papers / presentations can be found...

MoST 2013 - Mobile Security and Technology workshop - final call for participation Larry Koved (May 20)
Call for participation: One week until the workshop!

The workshop and program chairs invite you to participate in the 2nd MoST
workshop.

Mobile Security Technologies (MoST) brings together researchers,
practitioners, policy makers, and hardware and software developers of
mobile systems to explore the latest understanding and advances in the
security and privacy for mobile devices, applications, and systems.

The list of this year's...

SearchSecurity: BSIMM4 Gary McGraw (May 11)
hi sc-l,

Sammy Migues, Jacob West and I wrote an introductory article about BSIMM4 for SearchSecurity. It was just posted on
SearchSecurity: http://bit.ly/11qlIBi
(or http://searchsecurity.techtarget.com/feature/BSIMM4-measures-and-advances-secure-application-development)

This article provides a great way to get up to speed on the BSIMM project in its BSIMM4 instantiation. The BSIMM
Community is expanding rapidly, and we're looking...

Ruxcon 2013 Call For Papers cfp (May 08)
Ruxcon 2013 Call For Presentations
Melbourne, Australia, October 26th-27th
CQ Function Centre
http://www.ruxcon.org.au/call-for-papers/

The Ruxcon team is pleased to announce the Call For Presentations for Ruxcon 2013.

This year the conference will take place over the weekend of the 26th and 27th
of October at the CQ Function Centre, Melbourne, Australia.

.[x]. About Ruxcon .[x].

Ruxcon is ia premier technical computer security conference...

Silver Bullet 85:Mobile Security with Jim Routh and Scott Matsumoto Gary McGraw (May 03)
hi sc-l,

Is mobile security a brand new day or the same old same old? The answer depends on how you look at the problem. If
you are a practitioner in the trenches, there are many new and interesting shiny bits to mobile security. If you are a
security veteran, things look very familiar. In this episode of Silver Bullet, Jim Routh, Scott Matsumoto and I take
on the Necker Cube of mobile security. Jim Routh is the ultimate security...

CFP: Workshop on Risk Perception in IT Security and Privacy Larry Koved (May 03)
Workshop on Risk Perception in IT Security and Privacy

A workshop of the Symposium On Usable Privacy and Security (SOUPS)
http://cups.cs.cmu.edu/soups/2013/

For full details, please see: http://cups.cs.cmu.edu/soups/2013/risk.html

This workshop is an opportunity to bring together researchers and
practitioners to share experiences, concerns and ideas about how to
address the gap between user perception of IT risks and security /...

W2SP 2013 - Web 2.0 Security and Privacy workshop - call for participation Larry Koved (May 03)
Only three weeks until the workshop.

Call for participation!

The workshop and program chairs invite you to participate in the 7th W2SP
workshop.

The goal of this one-day workshop is to bring together researchers and
practitioners from academia and industry to focus on understanding Web
security and privacy issues, and to establish new collaborations in these
areas.

The list of this year's accepted papers / presentations can be found...

MoST 2013 - Mobile Security and Technology workshop - call for participation Larry Koved (May 03)
Three weeks until the workshop.

Call for participation!

The workshop and program chairs invite you to participate in the 2nd MoST
workshop.

Mobile Security Technologies (MoST) brings together researchers,
practitioners, policy makers, and hardware and software developers of
mobile systems to explore the latest understanding and advances in the
security and privacy for mobile devices, applications, and systems.

The list of this year's...

Breakpoint 2013 Call For Papers cfp (May 01)
Breakpoint 2013 Call For Papers
Melbourne, Australia, October 24th-25th
Intercontinental Rialto
http://www.ruxconbreakpoint.com

.[x]. Introduction .[x].

The Ruxcon team is pleased to announce Call For Papers for Breakpoint 2013.

Breakpoint showcases the work of expert security researchers from around the
world on a wide range of topics. This conference is organised by the Ruxcon
team and offers a specialised security conference to...

Re: BSIMM Diagrams Craig Heath (Apr 23)
Thanks Ivan! Unfortunately I wasn't able to look at this straight away,
and when I go to the link now I get "ME-ERR-002 Sorry, we couldn't find the
page you were looking for."

Would you be able to put it up again?

Cheers!

- Craig.

Comparing a firm's BSIMM measurement against a benchmark Iván Arce (Apr 20)
Hello

I've updated the BSIMM visualizations I posted about yesterday.

Here are two sample visualizations to compare a firm's measurement
against a benchmark ("Earth").

The first one uses the size of the boxes to indicate how prevalent is
the activity (percentage of firms where the activity was observed) and
color to indicate that the activity was observed at the firm.

http://www-958.ibm.com/v/298285

In the second treemap...

Re: BSIMM Diagrams Daniel Halber (Apr 19)
Thanks for sharing Ivan,
However, java in the browser is not acceptable, so could you please find
another way to share the visualization tool please?
This may not be an easy request to fulfill since I would not launch any
executable code (java or otherwise), without a minimal level of assurance...

Best regards,

Daniel Halber
daniel.halber () gmail com

------------------------------
*From*: Iván Arce <ivan.w.arce () gmail com>
*Date*:...

Re: BSIMM Diagrams Iván Arce (Apr 19)
oh I forgot to mention. The treemap example sent previously isn't useful
for comparison against a benchmark. It is useful for comparing a firm's
score against the overall model with finer granularity that a radial
graph but less detail than a Sammy Migues' "equalizer graph".

I'm working on a treemap useful for comparing against a benchmark.

-ivan

Educause Security Discussion — Securing networks and computers in an academic environment.

Re: email address as directory information Shalla, Kevin (May 21)
We have defined e-mail as part of directory information. Not doing so would have seriously hampered students'
communicating with each other. We do get FOIA requests, but we do charge for that, and they're not overwhelming.

Kevin

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of John
Forker
Sent: Friday, May 17, 2013 11:17 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject:...

UTM Firewall vs IPS appliance John Kaftan (May 20)
Hello:

We are looking at refreshing our firewalls and are wondering what others
are doing in terms of IPS. Is the UTM firewall winning over a separate IPS
appliance? What are you using and why?

I could see a few different factors when considering this decision.

1. Budget. Single appliance is likely less expensive than 2.
2. Culture. If security is a separate dept than networking perhaps it
would make more sense to have the security team...

Re: Question About Password Resets Schumacher, Adam J. (May 17)
We have two mechanisms in place. One is a two-factor online reset process. When a person activates their account,
they must provide answers to security questions as well as either an external email or cell phone number to which we
send a reset code. Once they've answered the questions and entered the code, they can set a new password.

The other mechanism is for individuals who either can't remember the answers to their questions,...

Re: Palo Alto Firewall and Sorenson VP 200 (Video Phones) Peter Setlak (May 17)
Harry,

We use PA 5050's on our edge. We do not use Sorenson video phones. However,
we did experience an issue with Jumbo Frames with a device on our network.
Are the video phones wired? Are they on 1Gb or 100Mb ports? Try 100Mb and
see if that fixes the issue. There are also settings on the FW to allow
jumbo frames (which we did not adjust as we're hesitant to change the
entire edge for one device). Otherwise, are the video phones...

Palo Alto Firewall and Sorenson VP 200 (Video Phones) Harry Zahlis (May 17)
Our District just purchased and implemented a new Palo Alto Networks firewall. We have run across an issue which has
stumped a lot of people.

Our deaf faculty and students use a device provided by Sorenson (Sorenson ntouch VP-200) for telecommunication. At
first we opened the specific ports required by the Sorenson devices but we could not place phone calls. We opened all
ports, TCP and UDP in both directions (any-any) and we still cannot...

email address as directory information John Forker (May 17)
We are deliberating over whether we should or shouldn't include student
email addresses in our list of directory information elements as allowed
by FERPA. If you institution has chosen not to include email addresses as
part of directory information, how do you control unauthorized access in a
way that doesn't stymy collaboration among students and among students and
industry representatives If your institution has chosen email...

REN-ISAC and SANS partner for highly discounted technical and awareness training; WEBCAST May 21 Doug Pearson (May 17)
SANS and REN-ISAC are partnering to bring exceptional security awareness
and technical training to the education community at substantially
discounted pricing.

An interactive webcast is scheduled for Tuesday, May 21 to explain the
program and provide opportunity for Q&A.

The special pricing is available during a purchase commitment window,
June 1 through July 31, for:

- SANS Securing The Human security awareness training,
- SANS...

Re: Question About Password Resets Valdis Kletnieks (May 16)
On Thu, 16 May 2013 11:00:00 -0500, Jim Pardonek said:

No matter what you end up doing, remember to leave a flag for "this account
may not be reset by phone/self-serve/whatever", so you can flag high-value
or high-risk accounts as "tough noogies, they have to come in with official ID".

And remember - it doesn't have to be a high-priv account. I've heard of
plenty of incidents of stalkers and ex-SO's social...

Re: Question About Password Resets David Curry (May 16)
We require everyone to provide their university identification number,
their username, and their date of birth. If the person is (or ever has
been) an employee, we also require the last four digits of their SSN/ITIN.

If the individual does not know his or her username he or she can look it
up by providing identification number and last name.

If the individual does not know his or her identification number, the
various departments (Human...

Re: Question About Password Resets David Seidl (May 16)
Jim
We use a voice recognition process - our helpdesk finds a co-worker who is known to us who we can conference in with
that person to identify them. It's not ideal, but we can almost always find someone who we do know and recognize. If
that fails - and it does at times - we don't feel as bad about making them come in with their ID in hand.
David

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV...

Re: Question About Password Resets Roger A Safian (May 16)
We have security questions and answers set when the accounts are created. I'm not a fan of them myself, but, I
recognize their usefulness in situations like this. If those fail, the user would need to contact a department chair,
program coordinator, etc. and have that person contact our help desk in order to authorize the change.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf...

Question About Password Resets Jim Pardonek (May 16)
We've recently had some issues with our current password reset process, particularly when a faculty or staff member is
out of town and calls for a password reset. We also have an issue because our campuses are spread out geographically
which makes it difficult for someone to come in person. I apologize if this has been discussed before, but I was
wondering what other institutions are doing regarding password resets via telephone? Or do...

Job Openings - Appalachian State University - CISO and Director of Information Analytics Anthony J. Santucci (May 15)
Greetings!

We have two new positions at AppState that are currently being advertised.
Please pass this along to anyone you think might be interested in coming to
the beautiful Blue Ridge Mountains of North Carolina!

Chief Information Security Officer
http://hrs.appstate.edu/employment/epa-jobs/801

Reporting to the Associate Vice Chancellor and Chief Information Officer of
Information Technology Services, the Chief Information Security Officer...

clickable links in instant messaging programs Fowler, Becky Thurmond (May 15)
I'm trying to gauge what other institutions are doing regarding clickable links in instant messaging programs. We
currently block links that are sent through our Microsoft Lync implementation but we'd like to determine what other
peer institutions are doing.

Does your university block clickable links through technical means? Do you allow clickable links but display a pop-up
or warning message? Or do you deal with this issue...

Job: Info Sec Analyst in Salem, MA George Moore (May 14)
Greetings:
I'm hiring an Information Security Analyst (ISA) for Salem State University in Salem Massachusetts. An ideal candidate
is motivated and enthusiastic about security. The ISA is responsible for monitoring the university network for security
vulnerabilities and compromised systems. The candidate accomplishes these goals by monitoring intrusion detection
systems, performing vulnerability assessments and management of network...

Internet Issues and Infrastructure

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

Re: What hath god wrought? Phil Fagan (May 21)
HAH! Thats pretty funny....the tinfoil piece.

Re: Inventory and workflow management systems Warren Bailey (May 21)
Beware of Metasolv license costs..

Beware of Metasolv in general.

RE: Inventory and workflow management systems Siegel, David (May 21)
Off the shelf stuff? There are lots of options, but it seems like the general opinion of the IT groups I've worked
with is that it's just as much work to customize and integrate them as it is to write from scratch so we tend to get
further way from COTS all the time.

You should take a look at Metasolv (now part of Oracle, I believe). We used it in one of our P&L regions for some
regional products for over a decade and I was...

Re: What hath god wrought? jim deleskie (May 21)
Maybe my tinfoil isn't on tight enough, or maybe I give to much credit to a
gov't, or perhaps I'm just feeding the trolls, but I have a very hard time
believing that DHS, launched a DoS from their own machines.

-jim

Re: What hath god wrought? David Conrad (May 21)
And if you were certain, are you certain the folks at DHS were aware their machine(s) were engaged in a DoS attack?

You can find zombies in the oddest places...

Regards,
-drc

ISOC item of interest bmanning (May 21)
ISOC - the folks who bring you IETF standards, is seeking public input.
This from Emma:

----
Hi all,

In case it is of interest there is currently a public consultation on the
Internet Society's mission now and in the future, you can voice your
opinions by filling in the form at:

https://www.internetsociety.org/form/strategic-and-business-planning-2014

If you have any questions you can mail...

Re: APC In-row Units Dale W. Carder (May 21)
Thus spake Morgan Miskell (morgan.miskell () caro net) on Tue, May 21, 2013 at 09:49:14AM -0400:

We have lots of the apc units, including the 500 or 501 IIRC. In general they
are great except for finding skilled enough labor to install & maintain them.
They are capable of getting your equipment mighty wet.

Also pay attention to your water quality during the design process.

Dale

Re: APC In-row Units Justin M. Streiner (May 21)
We have some APC in-row coolers in our DR site. They've been in place for
about 3 years, and no major maintenance issues that are outside of the
norm. I believe we feed them off of our building chilled water loop,
with a backup domestic water feed for times when the chilled water plant
has to be taken offline for maintenance.

I don't directly run our DR site, but I've never heard of any serious
performance issues.

I...

APC In-row Units Morgan Miskell (May 21)
I realize this topic is semi off point so feel free to reply to the list
or to me personally. I am wondering if anyone has any experience using
the APC In-row cooling units in their data centers. I am specifically
looking at the ACRD501.

Do they work well? How long have you run them? Any maintenance issues?

Any input would be greatly appreciated.

[NANOG 58] Final agenda posted and late registration - See you in New Orleans! David Temkin (May 21)
All-

The final agenda for NANOG 58 has been posted at:

http://www.nanog.org/meetings/nanog58/agenda

Also of note, Standard Registration ends on May 30 - the price will then go
up $75. We encourage you to register now and lock in the few remaining
hotel rooms at

http://www.nanog.org/meetings/nanog58/registration

This meeting will follow the new Monday-Wednesday format of tutorials
beginning Monday morning, a Newcomers Lunch, and then General...

Re: High throughput bgp links using gentoo + stipped kernel Justin M. Streiner (May 21)
Stateful firewalling is also painful in environments where path asymmetry
could exist, since either the routing policy would need to be designed to
enforce symmetry (more complex, less reliable), or the stateful
firewalling devices would need to have a way to share state information
with each other to accommodate asymmetry.

jms

RE: High throughput bgp links using gentoo + stipped kernel MailPlus| David Hofstee (May 21)
This is what we do too: Separate firewalling and routing. We use Vyatta for both and it works. Bye,

David

-----Oorspronkelijk bericht-----
Van: Matt Palmer [mailto:mpalmer () hezmatt org]
Verzonden: zondag 19 mei 2013 23:32
Aan: nanog () nanog org
Onderwerp: Re: High throughput bgp links using gentoo + stipped kernel

I don't know about "only", but it'd have to come close to "best". iptables (and stateful...

Re: What hath god wrought? Jay Farrell (May 21)
Are you certain it was a DoS attempt? They may have just been running
a surveillance software package such as URLy warning, which GETs the
pages of a site repeatedly and diffs them to watch for updates. In the
case of an (non-)organization like Occupy I can't imagine law
enforcement would neglect to do this. I've been on the receiving end
of this sort of thing myself (long story).

Re: What hath god wrought? Charles Wyble (May 21)
Sorry. The occupy site was on a shared hosting plan at the company I worked for.

Source determined via Whois output for the attacking ip found via our analysis. It was a rather crude dos attack
(repeated get requests). At first we figured they were just mirroring the site for offline analysis or something, but
it soon became evident they were just hammering the site.

Yes we could of sued. However the inevitable stonewalling, endless resources...

Re: High throughput bgp links using gentoo + stipped kernel joel jaeggli (May 20)
Putting your border router in scope for your pci environment is imho an
engineering/documentation mistake.

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

Risks Digest 27.28 RISKS List Owner (May 17)
RISKS-LIST: Risks-Forum Digest Friday 17 May 2013 Volume 27 : Issue 28

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.28.html>
The current issue can be...

Risks Digest 27.27 RISKS List Owner (May 05)
RISKS-LIST: Risks-Forum Digest Saturday 4 April 2013 Volume 27 : Issue 27

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.27.html>
The current issue can be...

Risks Digest 27.26 RISKS List Owner (Apr 24)
RISKS-LIST: Risks-Forum Digest Tuesday 23 April 2013 Volume 27 : Issue 26

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.26.html>
The current issue can be...

Risks Digest 27.25 RISKS List Owner (Apr 19)
RISKS-LIST: Risks-Forum Digest Friday 19 April 2013 Volume 27 : Issue 25

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.25.html>
The current issue can be...

Risks Digest 27.24 RISKS List Owner (Apr 07)
RISKS-LIST: Risks-Forum Digest Sunday 7 April 2013 Volume 27 : Issue 24

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.24.html>
The current issue can be...

Risks Digest 27.23 RISKS List Owner (Mar 31)
RISKS-LIST: Risks-Forum Digest Saturday 30 March 2013 Volume 27 : Issue 23

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.23.html>
The current issue can be...

Risks Digest 27.22 RISKS List Owner (Mar 24)
RISKS-LIST: Risks-Forum Digest Saturday 23 March 2013 Volume 27 : Issue 22

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.22.html>
The current issue can be...

Risks Digest 27.21 RISKS List Owner (Mar 22)
RISKS-LIST: Risks-Forum Digest Thursday 21 March 2013 Volume 27 : Issue 21

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.21.html>
The current issue can be...

Risks Digest 27.20 RISKS List Owner (Mar 18)
RISKS-LIST: Risks-Forum Digest Monday 18 March 2013 Volume 27 : Issue 20

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.20.html>
The current issue can be...

Risks Digest 27.19 RISKS List Owner (Mar 12)
RISKS-LIST: Risks-Forum Digest Monday 11 March 2013 Volume 27 : Issue 19

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.19.html>
The current issue can be...

Risks Digest 27.18 RISKS List Owner (Mar 06)
RISKS-LIST: Risks-Forum Digest Wednesday 6 March 2013 Volume 27 : Issue 18

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.18.html>
The current issue can be...

Risks Digest 27.17 RISKS List Owner (Feb 25)
RISKS-LIST: Risks-Forum Digest Sunday 24 February 2013 Volume 27 : Issue 17

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.17.html>
The current issue can be...

Risks Digest 27.16 RISKS List Owner (Feb 14)
RISKS-LIST: Risks-Forum Digest Thursday 14 February 2013 Volume 27 : Issue 16

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.16.html>
The current issue can...

Risks Digest 27.15 RISKS List Owner (Jan 29)
RISKS-LIST: Risks-Forum Digest Tuesday 29 January 2013 Volume 27 : Issue 15

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.15.html>
The current issue can be...

Risks Digest 27.14 RISKS List Owner (Jan 23)
RISKS-LIST: Risks-Forum Digest Tuesday 22 January 2013 Volume 27 : Issue 14

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/27.14.html>
The current issue can be...

Data Loss — Data Loss covers large-scale personal data loss and theft incidents. This archive combines the main list (news releases) and the discussion list.

Open Source Tool Development

Metasploit — Development discussion for Metasploit, the premier open source remote exploitation tool

Re: Wmic through the windows api egypt (May 17)
Extensions should be submitted as a pull request in the meterpreter
repo: https://github.com/rapid7/meterpreter
If you have already written the ruby side, that should be a pull
request on the framework repo, with a link to the meterpreter pull
request in the description.

Thanks!
egypt

Re: Wmic through the windows api Abuse 007 (May 16)
Hi Brian,

Perhaps you need to allocate some memory in a process, write your custom
data structure there, and then make the call with a pointer/reference to
the custom data structure in the memory you allocated for it.

Cheers,
B

Ruxcon 2013 Call For Papers cfp (May 07)
Ruxcon 2013 Call For Presentations
Melbourne, Australia, October 26th-27th
CQ Function Centre
http://www.ruxcon.org.au/call-for-papers/

The Ruxcon team is pleased to announce the Call For Presentations for Ruxcon 2013.

This year the conference will take place over the weekend of the 26th and 27th
of October at the CQ Function Centre, Melbourne, Australia.

.[x]. About Ruxcon .[x].

Ruxcon is ia premier technical computer security conference...

Breakpoint 2013 Call For Papers cfp (Apr 30)
Breakpoint 2013 Call For Papers
Melbourne, Australia, October 24th-25th
Intercontinental Rialto
http://www.ruxconbreakpoint.com

.[x]. Introduction .[x].

The Ruxcon team is pleased to announce Call For Papers for Breakpoint 2013.

Breakpoint showcases the work of expert security researchers from around the
world on a wide range of topics. This conference is organised by the Ruxcon
team and offers a specialised security conference to...

Re: framework Digest, Vol 63, Issue 13 Vlad Ovtchinikov (Apr 27)
Try exploit-db.com

Sent from my iPhone

Re: framework Digest, Vol 63, Issue 13 Prabhu (Apr 27)
Hi,
I surfed privilege Esclation exploits in unix/local and linux/local
category, I found most of them works only with linux kernel 2.4 and 2.6.
But I am looking exploits for kernel 3.0 and above, could some one suggest
me a exploit to handle this.

Re: help Joshua Smith (Apr 25)
You beat me Tod, I was gonna say
$ msfconsole

but seriously man, you need to give more details.

Re: help Tod Beardsley (Apr 25)
http://ifconfig.me

Re: framework Digest, Vol 63, Issue 12 Michael Schierl (Apr 25)
Am 25.04.2013 19:59, schrieb Tod Beardsley:

Seconded.

Also, please note that a piece of shellcode is not an exploit (just like
a pinch of gunpowder is not a firearm, or like a satellite is not a
space rocket). In fact the shellcode is usually the easiest part for a
new exploit as Metasploit ships lots of them to easily integrate into
any exploit.

When you have installed Metasploit, have a look at the unix/local/ and
linux/local/ category if...

help gri sma (Apr 25)
how to use external ip on metasploit

Re: framework Digest, Vol 63, Issue 12 Tod Beardsley (Apr 25)
please don't run random blobs of shellcode you find on the internet.
It's not healthy.

That's kind of why we do Metasploit.

If you would like to start using Metasploit, please see
http://metasploit.pro and pick the right version for your needs.

Thanks!

Re: framework Digest, Vol 63, Issue 12 Prabhu (Apr 25)
Hi,

I picked a exploit from below link, and I compile it manually in test
environment. I end up with a error message stating that
error: lvalue required as left operand of assignment

http://www.shell-storm.org/shellcode/files/shellcode-548.php

Could you suggest me a shellcode to proceed.

Re: framework Digest, Vol 63, Issue 11 Prabhu (Apr 25)
Hi Tod,

Thank you for response, I'm looking at this exploit. could you help me to
sort this.

http://pastebin.com/GC824ayU

Re: framework Digest, Vol 63, Issue 11 h4lp.php () gmail com (Apr 24)
did you find somethings at exploit-db or 1337day?
and maybe you should tell what did you do and how ,more and your metasploit 's version

Prabhu <flyingcolours47 () gmail com>编写：

Re: framework Digest, Vol 63, Issue 11 Tod Beardsley (Apr 24)
Which Metasploit module is giving you trouble?

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

Re: TCP packet reassemble problem Natalie Shapira (May 21)
Hi,

Can you describe a little bit more about the way that your dissector knowes
how to start?
Have you enter any patch to the wireshark code (besides the plugin) ?
If you want to add source file, I can look at it.

Natalie.

On Tue, May 21, 2013 at 11:59 AM, Hardik Patel <hardik.party () gmail com>wrote:

TCP packet reassemble problem Hardik Patel (May 21)
Hello,

I am developing plugin in wireshark, which is working fine for single TCP
packet.

My dissector tvb buffer start correctly after tcp checksum at the offset of
0035.

But in case of Reassembled packets, i can see that my tvb buffer for
dissector pointing at the start of frame at 0000.

so how can i make my tvb buffer pointing at the end of tcp checksum as it
should do.??

because of this problem my dissector wrongly dissecting frame....

Re: Unexpected tap behaviour Anders Broman (May 20)
Jeff Morriss skrev 2013-05-20 21:35:

Doh, should have thought about that. Will look into it tomorrow.
Thanks
Anders

Re: NPL to Wireshark compiler/converter Graham Bloice (May 20)
Looking at the link it would seem that OPN is a text-based description
language that through the magic of the OPN compiler produces a Protocol
Object Model (POM) that consists of the .Net classes etc. and is the binary
form of the protocol description and the POM is then consumed by the
(amongst other things) Message Analyzer run-time component.

So it would seem that others could use OPN, but would have to implement
their own compiler\run-time....

Re: Kept support of Visual Studio 2005 Graham Bloice (May 20)
It would be a start.

Personally I'd cut VS 2008 off as well. Supporting the current and
previous version should be OK, especially as VS isn't distributed as part
of the OS so isn't tied to it and the Express editions are just a download
away, and all versions can co-exist happily on the same machine I think
(definitely true for VS2005 & 2012, so probably true for other versions).

Graham

ZigBee APS decription Fabio Tarabelloni (May 20)
Hi,

I updated the repository and after the sources compile process wireshark
does't decript the APS command. If I open the same capture with release
software the problem is not present.
(note: I compiled the current trunk sources in linux)

Fabio.

Re: Unexpected tap behaviour Jeff Morriss (May 20)
Diameter isn't queuing messages to the tap when !tree. Need to either
lose this line in dissect_diameter_common():

or move the tap queuing before it.

Unexpected tap behaviour Anders Broman (May 20)
Hi,
I just implemented the export_pdu tap for Diameter as well as SIP to my
surprise if I don't define
a filter only SIP packets get experted from a file with both Diameter
and SIP. If I specify a filter of
"diameter or SIP" both gets exported. I would have expected both to be
exported with no filter. Could any one shed
some light on what's going on?
Regards
Anders

Re: NPL to Wireshark compiler/converter Guy Harris (May 20)
It sounds as if Microsoft's new Message Analyzer tool:

http://blogs.technet.com/b/messageanalyzer/archive/2012/09/17/meet-the-successor-to-microsoft-network-monitor.aspx

will have its own protocol description language:

Dave MacDonald 21 Sep 2012 4:09 PM
I'll answer a couple of questions:

* Parsers aren't compatible. But, we have a number of ways to bootstrap from various artifacts such as IDL and...

Re: Kept support of Visual Studio 2005 Gerald Combs (May 20)
We've typically supported GLib and GTK+ versions for five years. I'd be
OK with applying this to Visual Studio versions as well. It looks like
we can bump the minimum GLib version to 2.16 so I'll do that shortly.

Re: Kept support of Visual Studio 2005 Gerald Combs (May 20)
Would reducing the number of supported compilers in config.nmake help in
that regard?

I'm OK with removing VS 2005 and .Net Framework 2.0.

Re: Kept support of Visual Studio 2005 Graham Bloice (May 20)
This is the small end of a long and wriggly worm.

Windows builds can consume system libraries from two sources, the
Compiler\VS Studio installation and the Platform SDK. Merely checking the
compiler version isn't necessarily the correct option as the build may be
using a much newer version of the SDK that doesn't have the issue. In
addition the build may be targeted at version of Windows that doesn't
suffer the issue. I would...

Re: [Wireshark-commits] rev 49410: /trunk/asn1/ /trunk/asn1/: CMakeLists.txt Makefile.am Pascal Quantin (May 20)
2013/5/20 Joerg Mayer <jmayer () loplof de>

Hi Jörg,

as the Kerberos autogenerated is not at the same level as the hand written
one yet (I found missing things when working on it last week), I wanted to
avoid having someone committing the auto generated one (assuming that it
was an oversight to have locally modified files not checked in) and have a
loss of functionality. Better safe than sorry.
For example I have a long standing but not...

Re: Kept support of Visual Studio 2005 Evan Huus (May 20)
i found this line (in ui/gtk/summary_dialog.c)

Wouldn't bother me any.

A similar question regarding glib versions came up a few weeks ago - it
would be good if we could talk at Sharkfest about a plan of some sort for
support lifespans. Obviously every case is slightly different but it would
be good to agree on some sort of general policy, both for internal use and
for communication to the more stability-oriented vendors who might be...

Kept support of Visual Studio 2005 Alexis La Goutte (May 20)
Hi,

i found this line (in ui/gtk/summary_dialog.c)

#if (defined _WIN32) && (_MSC_VER < 1500)
/* calling localtime() on MSVC 2005 with huge values causes it to crash */
/* XXX - find the exact value that still does work */
/* XXX - using _USE_32BIT_TIME_T might be another way to circumvent this
problem */
if (ti_time > 2000000000) {
ti_tm = NULL;
} else
#endif
ti_tm = localtime(&ti_time);

and i ask if you...

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

Home_Net, External_Net issue Josh Bitto (May 21)
I'm wondering if this is a config issue or traffic setup issue. Currently my internal network the ONLY thing that ever
shows up is portscans. I can't get anything else to be looked at. Is this due to a Home_net and External_net being
setup wrong? My understanding is if I list Home_net to "any" then snort should monitor that traffic.

------------------------------------------------------------------------------
Try New Relic...

Newb Question Josh Bitto (May 21)
I'm using pfsense and I haven't turned on blocking yet. So to kind of tell you what my setup is I have a wan interface
and then internal interfaces......So I usually just want to turn on blocking from source...Is there a way to exclude my
wan interface IP from being blocked? My worry is that if there is something outbound as the wan interface as being the
source IP that snort would block it. Then I inadvertently have blocked service...

Sourcefire VRT Certified Snort Rules Update 2013-05-21 Research (May 21)
Sourcefire VRT Certified Snort Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
The Sourcefire VRT has added and modified multiple rules in the
blacklist, browser-firefox, browser-ie, browser-plugins,
browser-webkit, exploit-kit, file-flash, file-identify, file-image,
file-multimedia, file-office, file-pdf, malware-backdoor, malware-cnc,
malware-other, os-windows, protocol-ftp, pua-adware and...

Re: More ACID BASE Help beenph (May 21)
====[ Tought i sent that e-mail before but it seem's like it was pending in
my draft....sorry! ]=====

Hi 2 all :),
Sorry for top posting but i just want to drop some comments in the thread
concerning previous posting,

Under Linux and other unices,
libraries can be installed everywhere.

Most of the times what you will need to do is to update
/etc/ld.so.conf (this file contain path for the dynamic linker runtime
library bindings (man page...

Re: snorby GUI binary package. Jeremy Hoel (May 21)
No.. it's all source from Git.. and then you have to have Ruby on
Rails and other good things.

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try...

snorby GUI binary package. Kaushal Shriyan (May 21)
Hi,

Is there a snorby binary version for CentOS Linux version 6.4?

Thanks and Regards,

Kaushal
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try...

Re: Parsing curiosity between standard byte_test and DCE byte_test Todd Wease (May 21)
Joshua,

It looks like the override functions are deprecated. What happens when the
"dce" argument is used is byte_order_func is set to DCE2_GetByteOrder()
when parsing - ByteTestParse() - so the normal byte test evaluation
function is called - ByteTest() - and in that function, byte_order_func is
called. So ">=" and "<=" are supported with the "dce" argument to
byte_test. Documentation needs to be...

Re: Parsing curiosity between standard byte_test and DCE byte_test Russ Combs (May 21)
Thanks Joshua. We are looking into it and will get back to you.

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome...

Re: Different bpf filter for every multiple config used in snort Russ Combs (May 21)
Probably not in that form. I'm guessing you actually want to select a
policy by BPF, not the other way around. What are you trying to do
beyond the network or VLAN bindings available now?

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack...

Re: AFPACKET Inline mode: dropping do not work Russ Combs (May 21)
Suggest starting with double checking your configuration. Did you
bridge the interfaces?

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic...

AFPACKET Inline mode: dropping do not work Oleg Gvozdev (May 21)
I have a problem with IPS mode.

I wonder how afpacket can drop/block traffic.

1.I saw daq-1.1.1/xxx/daq_afpacket.c : daq_acquire() use raw socket and
kernel rx_ring to receive ethernet data.
2. on each packet snort callback is called and if verdict after callback is
PASS, then daq use sento() to send packet on interface ; else: if verdict
is DROP - then nothing is sendig.
3.I comment sendto call in daq so any traffic will not be sent, but ICMP...

Updating... GREENWOOD, Tony (May 21)
Hi there,

Could anyone point me towards a guide for keeping my configuration up to
date?

I am running snort/barnyard2/mysql with a BASE front end. Rules are
updated using pulledpork and it all runs under CentOS6.3.

Many Thanks...

This email (including any attachments) may contain confidential
and/or privileged information or information otherwise protected
from disclosure. If you are not the intended recipient, please
notify the sender...

Re: Different bpf filter for every multiple config used in snort C. L. Martinez (May 21)
Thanks Russ ... But, could be a good feature to be included in next
snort relesases??

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and...

Parsing curiosity between standard byte_test and DCE byte_test Joshua Kinard (May 20)
Snort-devel,

Looking at the parsing code for the normal byte_test keyword and the DCERPC2
overridden one, there appears to be an undocumented issue with the operator
field.

Here's the switch statement that parses the operator for the standard byte_test:
/* set the operator */
switch(*cptr)
{
case '<': idx->operator = BT_LESS_THAN;
cptr++;
if...

Win.Lyposit.Trojan James Lay (May 20)
Anyone think a pcre relating to "The string before the equality sign is
randomly generated for length between 1 and 5" is needed?

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC
Win.Lyposit.Trojan C2 Query"; content:"GET"; http_method;
content:"|2f|ads1|2f|?"; http_uri; metadata:policy balanced-ips drop,
policy security-ips drop, ruleset community service http;
reference:url,...

OpenVAS — Development and announcements regarding OpenVAS, a free network security scanner which forked from Nessus. This is a combination of the English openvas-announce, openvas-devel, openvas-discuss, and openvas-plugins lists.

Re: SVN trunk: Breaking openvas-administrator Matthew Mundell (May 21)
If you migrate from an existing install the old users will be preserved.
Otherwise you could insert the first user into the db by hand.

Re: SVN trunk: Breaking openvas-administrator btb (May 21)
i see, thanks. so while this is still being worked out, i can't do much testing beyond just building the software?

-ben

Re: openvasmd using all CPU Paula Gonzalez Muñoz (May 21)
Hello,

I have found a workaround for this behaviour (it works on gentoo with
kernel 3.4 on a server profile). The first credential you create you do it
using CLI with this command:

omp -u your_openvas_user -w your_password --xml="<create_lsc_credential>
<name>init</name><login>init</login><password>init</password></create_lsc_credential>"

The credential can be whatever you want (you...

Re: SVN trunk: Breaking openvas-administrator Matthew Mundell (May 20)
We still have to work out how to create the first user.

If you already have a user you can use GSA, or an OMP command like

omp -u m -w m -X '<create_user><name>admin</name><role
role_id="7a8cb5b4-b74d-11e2-8187-406186ea4fc5"/><password>admin</password></create_user>'

Re: SVN trunk: Breaking openvas-administrator btb (May 20)
i've built revision 16369, and see the following when running openvas-check-setup:

openvas-check-setup 2.2.1
Test completeness and readiness of OpenVAS-7

[...]

Step 1: Checking OpenVAS Scanner ...
OK: OpenVAS Scanner is present in version 4.0+beta1.
OK: OpenVAS Scanner CA Certificate is present as /opt/openvas/var/lib/openvas/CA/cacert.pem.
OK: NVT collection in /opt/openvas/var/lib/openvas/plugins contains...

internal error when creating credentials Paula Gonzalez Muñoz (May 20)
Hello all,

I was having the problem with openvasmd CPU consumption and I tried using
the --disable-encrypted-credentials flag. When I started openvasmd again
without that flag (having rebuilded the tasks.db from scratch) I started
getting an internal server error everytime I try to save a credential. I've
reinstalled openvas and I still get the same error. The only clue I have is
that on openvasmd.log I get the following:

base...

Re: Compilation problem for gsd 1.2.2 with openvas 6 lib on opensuse 12.1, 12.2, 12.3 Johann LUCE (May 20)
Le 30/04/2013 17:12, Johann LUCE a écrit :

hi

can compile it with this patch applyed:

http://git.kali.org/gitweb/?p=packages/gsd.git;a=blob_plain;f=debian/patches/build-with-qt-no-keywords;hb=eb9708034101a54a2c628ca796482a018768d4ac

regards

jluce

Re: openvasmd using all CPU Paula Gonzalez Muñoz (May 20)
Hi all,

I've checked that doing this the credentials are stored on the tasks.db
with the password on clear text. after doing some test with this setup I
tried to run openvasmd without the --disable-encrypted-credentials flag and
now every time I try to save a credential I get an internal error message.
Is there any other solution to the CPU consumption problem? And also, how
do I get to make openvaswork again?

Regards,
Paula

2013/5/20...

Re: openvasmd using all CPU Paula Gonzalez Muñoz (May 20)
Hi YanQian,

I've tried it and it works like a charm :). However I'm also courious about
the security implications of this.

Regards,
Paula

2013/5/18 YanQian <yankaiqian () live cn>

Re: openvasmd using all CPU YanQian (May 18)
Hi, Paula,
I got the same issue with OpenVAS 6 on RHEL6, the temporary workaround is add this option to openvas manager service.
"--disable-encrypted-credentials"

It was told by mime at #openvas IRC. I added it to the file /etc/sysconfig/openvas-manager on RHEL.

And I also want to know, if this option is used, does it mean that credentials are saved in some place with clear text?

regards,
YanQian

Date: Fri, 17 May 2013 17:51:53...

Re: Why openvas-scapdata-sync delete my plugins directory? Ulises Cuñé (May 17)
Hello Timo,
Yes, I have set SCAP_DIR and NVT_DIR on the same path.

2013/5/17 Timo Pollmeier <timo.pollmeier () greenbone net>

Re: openvasmd using all CPU Paula Gonzalez Muñoz (May 17)
Hello,

I have again the same problem on a completely different machine. Any idea
about the possible cause and how to solve it? It only happens when trying
to create credentials (I've been able to create other objects).

Regards,
Paula

2013/4/30 Paula Gonzalez Muñoz <p.gonmu () gmail com>

Re: Renaming "Full and fast" to "Best practice"? smkr (May 17)
If the goal is to give users something first hand what about "Default" and you
can add a short description.

Re: empty tasks.db Paula Gonzalez Muñoz (May 17)
Yes. It gives no clues.

I have just done a few more tests and the problem was that the problem was
that the 'om' user was not created correctly and the openvas-check-setup
gave a misleading error. It is described here:

http://aymanstechblog.blogspot.com.es/2013/01/error-number-of-nvts-in-openvas-manager.html

After changing the name to the folder it worked.

Maybe the openvas-check-setup should be reviewed so it gives more
informative...

Re: trouble building gsa from trunk btb (May 17)
CMakeLists.txt now looks like:

target_link_libraries (gsad_base "${LIBMICROHTTPD_LDFLAGS} ${LIBXML_LDFLAGS} ${GLIB_LDFLAGS} ${GTHREAD_LDFLAGS}
${LIBEXSLT_LDFLAGS} ${LIBXSLT_LDFLAGS} ${OPENVAS_LDFLAGS} ${GNUTLS_LDFLAGS}" -lgcrypt)

and it appears to build successfully.

thanks
-ben

More Lists

Related Resources

We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.