SecLists.Org Security Mailing List Archive

Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:

Insecure.Org Lists

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

Re: zenmap 7.40 for Mac OS X Sierra, latest update not working Daniel Miller (Jan 31)
Jim,

Thanks for the report. The "total failure" message is given when the
authorization wrapper for Zenmap is unable to execute an AppleScript
string. I'm not sure of the cause in your case, but a workaround would be
to bypass the authorization wrapper, running Zenmap without root
privileges. You can do this by directly calling the zenmap.bin executable
inside Zenmap.app. In most cases, this is...

zenmap 7.40 for Mac OS X Sierra, latest update not working James J Solderitsch (Jan 31)
I was using 7.12 just fine and I thought I would just use the 7.40 dmg file to upgrade.

After upgrading, Zenmap refuses to open.

In the Mac OS X System Log I see: “Total Failure!”

Any ideas?

I can re-install the 7.12 version and this continues to work.

My OS version is 10.12.3

Running on a Macbook Pro with 16GBs of RAM.

Jim

Bug report, error in documentation ToddAndMargo (Jan 31)

Re: sweet32 and ssl-enum-ciphers question ToddAndMargo (Jan 31)

Re: Nmap 7.40 broadcast-dhcp-discover issue Varunram Ganesh (Jan 31)
Hi Akash,

The script arguments are exchangeable.

sudo nmap -d --script broadcast-dhcp-discover -e p2p0
sudo nmap -d -e p2p0 --script broadcast-dhcp-discover

both give the same output. (p2p0 is an interface)

As long as -e is followed by the interface name, it should work fine.

But I think Steven might have identified the wrong interface. Because when
I tried the script with the same arguments but a different target, I got
the same error....

Nmap 7.40 Error Modifying Profile Vincent Hotmail (Jan 31)
This is from a Windows 7 32-bit OS.

I'm also unable to Add a New Profile, but it doesn't give an error message as per Editing a Profile.

Version: 7.40
Traceback (most recent call last):
File "zenmapGUI\MainWindow.pyo", line 816, in _edit_scan_profile_cb
File "zenmapGUI\ProfileEditor.pyo", line 170, in __init__
TypeError: GtkTextBuffer.set_text() argument 1 must be string or read-only buffer, not list

Let me...

Re: sweet32 and ssl-enum-ciphers question Daniel Miller (Jan 31)
Todd,

The "+" forces the script to run on every discovered open port regardless
of whether it is a "likely SSL" port or not. The default behavior is to
only run on known SSL or STARTTLS ports (3389 is included in this list).
The generally-accepted way to run the script against discovered services on
unusual ports is to add -sV to perform service and application version
detection. This way, the script can match not only on the...

Re: sweet32 and ssl-enum-ciphers question ToddAndMargo (Jan 30)
This script "--script +ssl-enum-ciphers" found

64-bit block cipher 3DES vulnerable to SWEET32 attack

So now I can reproduce.

What did the "+" sign do to make the difference?

Many thanks,
-T

Re: sweet32 and ssl-enum-ciphers question ToddAndMargo (Jan 30)
By chance, if the port(s) are closed properly, would I
not see the "ssl-enum-ciphers" report that shows
on https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html
as the script could find anything?

[NSE] CICS fixes and new script Phil Young (Jan 30)
Hi All,

I've just created the following pull request:
https://github.com/nmap/nmap/pull/671

This pull request adds/fixes the following

-

cics-enum support for testing transaction IDs with a valid
username/password (transaction IDs that need auth can now be discovered)
-

cics-user-enum added support for RACF messages and other fixes
-

New cics-user-brute A new script for brute forcing CICS user IDs

Re: sweet32 and ssl-enum-ciphers question ToddAndMargo (Jan 30)
Hi Daniel,

The ports are custom ports.

-p xxxx,yyyy

I redacted the actual port numbers as I also redacted the IP address.

My first fix will be to do the W7 updates. But I wanted to use
NMap to test if I succeeded.

-T

Re: sweet32 and ssl-enum-ciphers question Daniel Calvo Castro (Jan 30)
Hi,

You said about an existing RDP port open for outgoing connections, so
the sweet32 is about RDP port, usually 3389, not 443 (although could
be affected too).

Check against RDP tcp port, for Windows 7 there is an update that lets
you fix this issue.

Kind Regards

2017-01-30 20:12 GMT+01:00 ToddAndMargo <ToddAndMargo () zoho com>:

sweet32 and ssl-enum-ciphers question ToddAndMargo (Jan 30)
Hi All,

I have a customer that got tagged with sweet32 on his PCI (credit
card security) external scan. He is using RDP on a couple
of his workstations so he can log in from home and I do believe
the issue is that he hasn't done his Windows 7 updates
in about two years. I will fix.

Anyway, I am on nmap 7.40. Reading over at:

https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html

It shows a bunch of this stuff:

Example Usage...

Re: dev Digest, Vol 142, Issue 33 Akash Das (Jan 30)
@Steven Shiau, the problem is in the usage. You are using it in a wrong way.
The correct way to use the script with -e option is like the following :-

nmap -d -e <interface_name> --script broadcast-dhcp-discover

and the out put will be like this :-

Starting Nmap 7.40SVN ( https://nmap.org ) at 2017-01-30 21:33 IST
Warning: File ./nmap-services exists, but Nmap is using
/usr/local/bin/../share/nmap/nmap-services for security and...

Re: Nmap 7.40 broadcast-dhcp-discover issue Varunram Ganesh (Jan 30)
Seems like the transaction id of DHCP is not getting passed on properly to
the parsing function. Since its a bit difficult looking back into a release
that far, could you do git diff on nmap 7.12 (i.e. could you pull from
7.40SVN onto 7.12 and then do git diff) and attach it?

Cheers,
Varunram

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.

Nmap 7.40 Holiday Release: a dozen new NSE scripts, hundreds of new fingerprints, new Npcap, faster brute forcing, and more... Fyodor (Dec 20)
Happy holidays from the Nmap Project! In case your Christmas break plans
involve a lot of port scanning, we're delighted to announce our holiday
Nmap 7.40 release! This version stuffs your stockings with dozens of new
features, including:

- 12 new NSE scripts
- Hundreds of updated OS and version detection detection signatures
- Faster brute force authentication cracking and other NSE library
improvements
- A much-improved...

Nmap 7.31 stability-focused point release Fyodor (Oct 21)
Hi folks. I'm happy to report that the big Nmap 7.30 release last month
was a great success. We didn't even see as many bugs as expected for such
a large release, but we have collected and fixed the ones which did arise
in the last few weeks into a new 7.31 point release. It includes the
latest updates to our new Npcap driver, a fix for Nping on Windows, and
more.

Nmap 7.31 source code and binary packages for Linux, Windows, and Mac...

Nmap 7.30 Released with new NSE scripts, new Npcap, new Fingerprints, etc. Fyodor (Sep 29)
Hi folks! You may have noticed that we've only been releasing Nmap betas
for the last 6 months because we've had so much new code and so many
features to integrate thanks to hard work from both our regular team and
the 5 Google Summer of Code summer interns. But we spent the last month
focused on stability and I'm pleased to announce Nmap 7.30--our first
stable release since 7.12 back in March.

Even though it's a stable...

Nmap 7.25BETA2 Birthday Release Fyodor (Sep 01)
Hi folks! I'm happy to report that today is Nmap's 19th birthday and
instead of cake, we're celebrating open source style with a new release!
Nmap 7.25BETA1 includes dozens of performance improvements, bug fixes, and
new features. The full list is below, and includes a major LUA upgrade for
NSE scripts, a new overlapped I/O engine for better Windows performance, a
much-improved version of our new Npcap packet capturing driver,...

Nmap 7.25BETA1 Released with our new Npcap driver, 6 new NSE scripts, and more! Fyodor (Jul 19)
Hi folks! As you may know, we've been working for the last 3 years on an
improved Windows packet capturing library named Npcap. It's based on the
original WinPcap (which hasn't been maintained in years), but we rewrote
the driver to use modern APIs (NDIS 6) for better performance. It also
improves security and enables new features. For example, Npcap allows Nmap
to do raw scans (including SYN scans and OS detection) of localhost...

Introducing the 2016 Nmap/Google Summer of Code Team! Fyodor (May 09)
Hello everyone. Google has agreed to sponsor five amazing students to
spend this summer enhancing the Nmap Security Scanner and I'm proud to
introduce our 2015 team:

*Abhishek Singh* will be working as a Feature Creeper and Bug Hunter,
making improvements throughout the Nmap codebase. The project hasn't even
started yet and he's already found and fixed several NSE script bugs and
has other code changes in the works. Abhishek is...

Nmap 7.10 released: 12 new scripts, hundreds of OS/version fingerprints, bug fixes, and more! Fyodor (Mar 17)
Hi Folks! Before I tell you about today's new Nmap release, I wanted to
share some Summer of Code news:

Google posted a fantastic story by one of our Summer of Code alumni about
how the program helped take him from rural China to a full-ride scholarship
at the University of Virginia graduate school! His mentor David and I had
the chance to meet him in San Francisco:...

Nmap Project Seeking Talented Programmers for Google Summer of Code 2016 Fyodor (Feb 29)
Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're one...

Nmap 7 Released! Fyodor (Nov 19)
Hi folks! After 3.5 years of work by more than 100 contributors and 3,200
code commits since Nmap 6, we're delighted to announce Nmap 7! Compared to
Nmap 6, we now have 171 new NSE scripts, mature IPv6 support for everything
from host discovery to port scanning to OS detection, better
infrastructure, significant performance improvements, and a lot more!

For the top 7 improvements in Nmap 7, see the release notes:

https://nmap.org/7

Or...

Nmap 6.49BETA6: 10 new NSE scripts, hundreds of new OS and version detection, GSoC improvements, and more! Fyodor (Nov 03)
Hi folks! I'm happy to announce the release of Nmap 6.49BETA6 with many
great improvements! This includes a lot of work from our Summer of Code
students as well as our regular crew of developers. The release has 10 new
NSE scripts, hundreds of new IPv4 and IPv6 OS detection signatures, and a
bunch of new version detection sigs bringing our total above 10,000! There
are dozens of other improvements as well.

As usual, Nmap 6.49BETA5...

Nmap GSoC 2015 Success Report Fyodor (Oct 19)
Nmap hackers:

I'm pleased to report the successful completion of our 11th Google Summer
of Code. And this year all five of our students passed! They added many
great features and improvements which Nmap users are sure to enjoy. Much
of their work has already been integrated in the Nmap 6.49BETA5 release
last month, and we're working to integrate even more in the upcoming stable
version. Let's look at their accomplishments...

Nmap Project News: 6.49BETA5 release, 18th Birthday, Movie Star, Summer of Code success, Shwag, etc Fyodor (Sep 25)
Hi folks. I know I haven't posted to this Nmap Announcement lists since
June, but we've had a very busy summer and I'm going to try and catch you
up in one go!

First of all, we've had four new releases since then, including today's
release of Nmap 6.49BETA5. They are all stability-focused releases to fix
all the bugs and problems we can find in preparation for a big upcoming
stable release in October (I hope).

As...

Nmap 6.49BETA1 released! New scripts, new signatures, new ASCII art! Fyodor (Jun 03)
Hi Folks. I'm happy to announce the release of Nmap 6.49BETA1. This
version has hundreds of improvements, including:

* 25 new NSE scripts (total is now 494)

* Integrated all of your latest OS detection and version/service detection
submissions (including IPv6). This allows Nmap to properly identify Linux
3.18, Windows 8.1, OS X 10.10, Android 5, etc. We now have more than 10,000
service detection signatures!

* Infrastructure...

Introducing the 2015 Nmap/Google Summer of Code Team! Fyodor (May 07)
Hello everyone. Google has agreed to sponsor five amazing students to
spend this summer enhancing the Nmap Security Scanner and I'm proud to
introduce our 2015 team:

*Andrew Farabee* will be working to refactor parts of the Nmap codebase in
ways which enable more functionality while also improving performance and
hopefully easing code maintenance too! His first task involves adding a
SOCKS proxy name resolution feature to enable scanning...

Nmap Project Seeking Talented Programmers for Google Summer of Code Fyodor (Mar 24)
Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're...

Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

Executable installers are vulnerable^WEVIL (case 47): Heimdal Security's SetupLauncher vulnerable to DLL hijacking Stefan Kanthak (Jan 31)
Hi @ll,

Heimdal.SetupLauncher.exe, available from
<https://heimdalprodstorage.blob.core.windows.net/setup/Heimdal.SetupLauncher.exe>
is (surprise.-) vulnerable to DLL hijacking: it loads (at least)
WINSPOOL.DRV from its "application directory" instead Windows
"system directory".

For downloaded applications like Heimdal.SetupLauncher.exe the
"application directory" is Windows' "Downloads"...

Re: [0-day] RCE and admin credential disclosure in NETGEAR WNR2000 Netgear Security (Jan 31)
Hello Pedro,

We have noted the CVEs within our internal records and will update the kb accordingly. Thank you for letting us know.

If you have time, are you able to verify the firmware remediates the vulnerability? Thank you for taking the time to
continue to research this vulnerability. We appreciate all of the hard work you have put in to make Netgear's products
more secure for everyone.

NETGEAR’s mission is to be the innovative...

[REVIVE-SA-2017-001] Revive Adserver - Multiple vulnerabilities Matteo Beccati (Jan 31)
========================================================================
Revive Adserver Security Advisory REVIVE-SA-2017-001
========================================================================
http://www.revive-adserver.com/security/revive-sa-2017-001
========================================================================
CVE-IDs: TBA
Date: 2017-01-31
Risk Level: High...

PEAR Base System v1.10.1 Arbitrary File Download hyp3rlinx (Jan 31)
[+]#########################################################
####################################
[+] Credits / Discovery: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/PEAR-ARBITRARY-
FILE-DOWNLOAD.txt
[+] ISR: ApparitionSEC
[+]#########################################################
####################################

Vendor:
============
pear.php.net

Product:...

Hacking Printers Advisory 6/6: Multiple vendors physical NVRAM damage via PJL commands Jens Müller (Jan 30)
TL;DR: In the scope of academic research on printer security, various
vulnerabilities in network printers and MFPs have been discovered. This
is advisory 6 of 6 of the `Hacking Printers' series. Each advisory
discusses multiple issues of the same category. This post is about
putting printers out of their misery and destorying the NVRAM through
ordinary print jobs. The attack can be performed by anyone who can
print, for example through USB...

Hacking Printers Advisory 3/6: Brother printers vulnerable to memory access via PJL commands Jens Müller (Jan 30)
TL;DR: In the scope of academic research on printer security, various
vulnerabilities in network printers and MFPs have been discovered. This
is advisory 3 of 6 of the `Hacking Printers' series. Each advisory
discusses multiple issues of the same category. This post is about
abusing Brother's proprietary PJL extensions to dump the printers NVRAM
and gain access to interesting stuff like passwords. The attack can be
performed by anyone...

Hacking Printers Advisory 4/6: Multiple vendors buffer overflow in LPD daemon and PJL interpreter Jens Müller (Jan 30)
TL;DR: In the scope of academic research on printer security, various
vulnerabilities in network printers and MFPs have been discovered. This
is advisory 4 of 6 of the `Hacking Printers' series. Each advisory
discusses multiple issues of the same category. This post is about
buffer overflows in the printer's LPD daemon and PJL interpreter which
leads to denial of service or potentially even to code execution. The
attack can be...

Hacking Printers Advisory 5/6: HP printers restoring factory defaults through PML commands Jens Müller (Jan 30)
TL;DR: In the scope of academic research on printer security, various
vulnerabilities in network printers and MFPs have been discovered. This
is advisory 5 of 6 of the `Hacking Printers' series. Each advisory
discusses multiple issues of the same category. This post is about
resetting a printer to factory defaults through ordinary print jobs,
therefore bypassing all protection mechanisms like user-set passwords.
The attack can be performed...

Hacking Printers Advisory 2/6: Various HP/OKI/Konica printers file/password disclosure via PostScript/PJL Jens Müller (Jan 30)
TL;DR: In the scope of academic research on printer security, various
vulnerabilities in network printers and MFPs have been discovered. This
is advisory 2 of 6 of the `Hacking Printers' series. Each advisory
discusses multiple issues of the same category. This post is about
accessing a printers file system through ordinary PostScript or PJL
based print jobs -- since decades a documented feature of both
languages. The attack can be...

Hacking Printers Advisory 1/6: PostScript printers vulnerable to print job capture Jens Müller (Jan 30)
TL;DR: In the scope of academic research on printer security, various
vulnerabilities in network printers and MFPs have been discovered. This
is advisory 1 of 6 of the `Hacking Printers' series. Each advisory
discusses multiple issues of the same category. This post is about
manipulating and obtaining documents printed by other users, which can
be accomplished by infecting the printer with PostScript malware. This
vulnerability has...

Re: [0-day] RCE and admin credential disclosure in NETGEAR WNR2000 Pedro Ribeiro (Jan 30)
An update on this post:

MITRE has provided me with CVE numbers.
CVE-2016-10175 for #1 (information disclosure)
CVE-2016-10176 for #2 (improper access control)
CVE-2016-10174 for #3 (stack buffer overflow)

In addition, NETGEAR has recognised the flaw and released beta firmware
that is supposed to fix this vulnerability. This claim was NOT verified.
The beta firmware can be downloaded from:...

Sophos Web Appliance - Block & Unblock IPs Remote Command Injection (CVE-2016-9553) Russell Sanford (Jan 30)
Critical Start security expert Russell Sanford discovered and reported two critical zero-day vulnerabilities in the
Sophos Web Appliance in December of 2016. The vulnerabilities, documented under CVE-2016-9553, allow the remote
compromise of the appliance's underlining Linux subsystem. The vulnerabilities have now been patched in the January
2017 4.3.1 release of the appliance line.

Here is a summary of the two vulnerabilities documented...

Free ebook to learn ethical hacking techniques Sparc Flow (Jan 30)
Hello List,

As a way of giving back to the community, I want to share an ebook about pentesting and ethical hacking. You can have
it for free here :
https://www.amazon.com/dp/B01MTDLGQQ

It illustrates a (fictitious) full hacking scenario: from creating a malicious file in a phishing campaign, all the way
to exfiltrating data from a Mainframe (while knocking off some windows domains along the way).
I obviously could not do it without the great...

Re: Digital Ocean ssh key authentication security risk -- password authentication is re-enabled Daniel Elebash (Jan 30)
After two months of going back and forth with digital ocean I just received a message today that they have deployed a
fix so you may not be able to replicate the problem.

My main concern is the not notifying customers of this behavior, most likely leaving many unaware and vulnerable.

Even though they have fixed this issue which was being set via cloud init, it still leaves currently deployed servers
with password authentication set to yes....

Re: Digital Ocean ssh key authentication security risk -- password authentication is re-enabled gp (Jan 30)
Hello,

The last time I contacted them they did not care about this. It's
basically a feature. They also used to (or still do) reset SSH host keys
and other things.

A suggested workaround if I remember correctly was to set a sticky bit
on the files you did not want their bootstrap script to modify. I have
no idea if this works or if it makes sense as I worked around the
problem another way.

Have you tried reaching support about it? I...

Other Excellent Security Lists

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

[security bulletin] HPSBHF03693 rev.1 - HPE iMC PLAT Network Products running Microsoft SQL Server, Remote Elevation of Privilege security-alert (Jan 31)
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382740

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05382740
Version: 1

HPSBHF03693 rev.1 - HPE iMC PLAT Network Products running Microsoft SQL
Server, Remote Elevation of Privilege

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date:...

ESA-2017-007: EMC Documentum eRoom Unverified Password Change Vulnerability EMC Product Security Response Center (Jan 31)
ESA-2017-007: EMC Documentum eRoom Unverified Password Change Vulnerability

EMC Identifier: ESA-2017-007
CVE Identifier: CVE-2017-2766
Severity Rating: CVSS v3 Base Score: 5.7 (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)

Affected products:
EMC Documentum eRoom version 7.4.4
EMC Documentum eRoom version 7.4.4 SP1
EMC Documentum eRoom version prior to 7.4.5 P04
EMC Documentum eRoom version prior to 7.5.0 P01

Summary:
EMC Documentum eRoom includes...

ESA-2016-094: RSA BSAFE Micro Edition Suite Multiple Vulnerabilities EMC Product Security Response Center (Jan 31)
ESA-2016-094: RSA BSAFE® Micro Edition Suite Multiple Vulnerabilities

EMC Identifier: ESA-2016-094

CVE Identifier: CVE-2016-0923, CVE-2016-0924

Affected Products:
RSA BSAFE Micro Edition Suite (MES) all 4.1.x versions prior to 4.1.5
RSA BSAFE Micro Edition Suite (MES) all 4.0.x versions prior to 4.0.9

Unaffected Products:
RSA BSAFE Micro Edition Suite (MES) 4.1.5
RSA BSAFE Micro Edition Suite (MES)...

[REVIVE-SA-2017-001] Revive Adserver - Multiple vulnerabilities Matteo Beccati (Jan 31)
========================================================================
Revive Adserver Security Advisory REVIVE-SA-2017-001
========================================================================
http://www.revive-adserver.com/security/revive-sa-2017-001
========================================================================
CVE-IDs: TBA
Date: 2017-01-31
Risk Level: High...

[security bulletin] HPESBMU03701 rev.1 - HPE Smart Storage Administrator, Remote Arbitrary Code Execution security-alert (Jan 30)
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05382349

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05382349
Version: 1

HPESBMU03701 rev.1 - HPE Smart Storage Administrator, Remote Arbitrary Code
Execution

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2017-01-30
Last Updated:...

Secunia Research: libarchive "lha_read_file_header_1()" Out-Of-Bounds Memory Access Denial of Service Vulnerability Secunia Research (Jan 30)
======================================================================

Secunia Research 2017/01/27

libarchive "lha_read_file_header_1()" Out-Of-Bounds Memory Access
Denial of Service Vulnerability

======================================================================
Table of Contents

Affected...

secuvera-SA-2017-01: Privilege escalation in an OPSI Managed Client environment ("rise of the machines") sbieber (Jan 30)
Affected Products
Tested with
OPSI Server 4.0.7.26
OPSI ClientAgent 4.0.7.10-1
(older releases have not been tested)
According to the vendor all server instances that use a python-opsi version lower
than 4.0.7.28-4 are affected

References
https://www.secuvera.de/advisories/secuvera-SA-2017-01.txt (used for updates)
https://sourceforge.net/p/opsi/mailman/message/35609086/ (announcement by vendor
in german...

Persistent Cross-Site Scripting vulnerability in User Access Manager WordPress Plugin Summer of Pwnage (Jan 29)
------------------------------------------------------------------------
Persistent Cross-Site Scripting vulnerability in User Access Manager
WordPress Plugin
------------------------------------------------------------------------
Burak Kelebek, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A persistent Cross-Site Scripting...

Multiple blind SQL injection vulnerabilities in FormBuilder WordPress Plugin Summer of Pwnage (Jan 29)
------------------------------------------------------------------------
Multiple blind SQL injection vulnerabilities in FormBuilder WordPress
Plugin
------------------------------------------------------------------------
Burak Kelebek, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
Multiple blind SQL injection vulnerabilities...

CVE-2017-3160: Gradle Distribution URL used by Cordova-Android does not use https by default bowserj (Jan 29)
===================================================================
CVE-2017-3160: Gradle Distribution URL used by Cordova-Android does not use https by default

Severity: High

Vendor: The Apache Software Foundation

Versions Affected: Cordova Android (6.1.1 and below)

Description: After the Android platform is added to Cordova the first time, or after a project is created using the
build scripts, the scripts will fetch Gradle on the first...

[SECURITY] [DSA 3773-1] openssl security update Moritz Muehlenhoff (Jan 29)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3773-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 27, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openssl
CVE ID : CVE-2016-7056 CVE-2016-8610...

ESA-2016-133: EMC Data Protection Advisor Path Traversal Vulnerability EMC Product Security Response Center (Jan 27)
ESA-2016-133: EMC Data Protection Advisor Path Traversal Vulnerability

EMC Identifier: ESA-2016-133

CVE Identifier: CVE-2016-8211

Severity Rating: CVSS v3 Base Score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected products:
EMC Data Protection Advisor 6.1.x
EMC Data Protection Advisor 6.2
EMC Data Protection Advisor 6.2.1
EMC Data Protection Advisor 6.2.2
EMC Data Protection Advisor 6.2.3 prior to patch 446

Summary:
EMC Data...

ESA-2016-154: RSA BSAFE® Crypto-J Multiple Security Vulnerabilities EMC Product Security Response Center (Jan 27)
ESA-2016-154: RSA BSAFE® Crypto-J Multiple Security Vulnerabilities

EMC Identifier: ESA-2016-154

CVE Identifier: CVE-2016-8212, CVE-2016-8217

Severity Rating: See below for scores for individual issues

Affected Products:
RSA BSAFE Crypto-J versions prior to 6.2.2

Unaffected Products:
RSA BSAFE Crypto-J 6.2.2

Summary:
RSA announces security fixes to RSA BSAFE® Crypto-J designed to address two security...

ESA-2016-037: EMC PowerPath Management Appliance Information Disclosure Vulnerability EMC Product Security Response Center (Jan 27)
ESA-2016-037: EMC PowerPath Management Appliance Information Disclosure Vulnerability

EMC Identifier: ESA-2016-037

CVE Identifier: CVE-2016-0890

Severity Rating: CVSS v3 Base Score: 6.4 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L)

Affected products:
EMC PowerPath Virtual (Management) Appliance 2.0
EMC PowerPath Virtual (Management) Appliance 2.0 SP1

Summary:
EMC PowerPath Virtual Appliance is affected by a sensitive information disclosure...

Secunia Research: Oracle Outside In VSDX Use-After-Free Vulnerability Secunia Research (Jan 27)
======================================================================

Secunia Research 2016/01/18

Oracle Outside In VSDX Use-After-Free Vulnerability

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of...

Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.

[ERPSCAN-16-035] SAP Solman - user accounts disclosure ERPScan inc (Dec 20)
Application: SAP Solman

Versions Affected: SAP Solman 7.1-7.31

Vendor URL: http://SAP.com

Bugs: Information Disclosure

Sent: 12.07.2016

Reported: 13.07.2016

Vendor response: 13.07.2016

Date of Public Advisory: 13.09.2016

Reference: SAP Security Note 2344524

Author: Roman Bezhan (ERPScan)

Description

1. ADVISORY INFORMATION

Title:[ERPSCAN-16-035] SAP Solman – user accounts disclosure

Advisory ID:[ERPSCAN-16-035]

Risk: high...

Faraday v2.2: Collaborative Penetration Test and Vulnerability Management Platform Francisco Amato (Nov 23)
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that help users improve their own
work, the main purpose is to...

[ERPSCAN-16-031] SAP NetWeaver AS ABAP – directory traversal using READ DATASET ERPScan inc (Nov 22)
Application: SAP NetWeaver AS ABAP

Versions Affected: SAP NetWeaver AS ABAP 7.4

Vendor URL: http://SAP.com

Bugs: Directory traversal

Sent: 22.04.2016

Reported: 23.04.2016

Vendor response: 23.04.2016

Date of Public Advisory: 09.08.2016

Reference: SAP Security Note 2312966

Author: Daria Prosochkina (ERPScan)

Description

1. ADVISORY INFORMATION

Title: [ERPSCAN-16-031] SAP NetWeaver AS ABAP – directory traversal
using READ DATASET...

[ERPSCAN-16-032] SAP Telnet Console – Directory traversal vulnerability ERPScan inc (Nov 22)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 to 7.5

Vendor URL: http://SAP.com

Bugs: Directory traversal

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 09.08.2016

Reference: SAP Security Note 2280371

Author: Mathieu Geli (ERPScan)

Description

1. ADVISORY INFORMATION

Title: [ERPSCAN-16-032] SAP Telnet Console – Directory traversal vulnerability...

[ERPSCAN-16-033] SAP NetWeaver AS JAVA icman - DoS vulnerability ERPScan inc (Nov 22)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.4

Vendor URL: http://SAP.com

Bug: Denial of Service

Sent: 22.04.2016

Reported: 23.04.2016

Vendor response: 23.04.2016

Date of Public Advisory: 09.08.2016

Reference: SAP Security Note 2313835

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: [ERPSCAN-16-033] SAP NetWeaver AS JAVA icman – DoS vulnerability

Advisory...

[ERPSCAN-16-034] SAP NetWeaver AS JAVA - XXE vulnerability in BC-BMT-BPM-DSK component ERPScan inc (Nov 22)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.4

Vendor URL: http://SAP.com

Bug: XXE

Sent: 09.03.2016

Reported: 10.03.2016

Vendor response: 10.03.2016

Date of Public Advisory: 09.08.2016

Reference: SAP Security Note 2296909

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: [ERPSCAN-16-034] SAP NetWeaver AS JAVA – XXE vulnerability in
BC-BMT-BPM-DSK component

Advisory...

MobSF v0.9.3 is Released: Now supports Windows APPX Static Analysis Ajin Abraham (Nov 22)
Hello Folks,

MobSF v0.9.3 is released.

About MobSF

Mobile Security Framework (MobSF) is an intelligent, all-in-one open
source mobile application (Android/iOS/Windows) automated pen-testing
framework capable of performing static and dynamic analysis. It can be
used for effective and fast security analysis of Android, iOS and
Windows mobile Applications and supports both binaries (APK, IPA &
APPX ) and zipped source code. MobSF can also...

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

Faraday v2.3: Collaborative Penetration Test and Vulnerability Management Platform Francisco Amato (Jan 31)
We are very proud to present the first 2017 edition of the Faraday
Platform! Faraday v2.3 is ready to download!

Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email....

RVAsec 2017 Call for Presentations (CFP Sullo (Jan 23)
The CFP for RVAsec 2017 is underway!

____________________________________
RVAsec // June 8-9th, 2017 // Richmond, VA

RVAsec is a Richmond, VA based security convention that brings top
industry speakers to the midatlantic region. In its fourth year,
RVAsec 2016 attracted nearly 400 security professionals from across
the country.

Talks must be 50 minutes in length, and submissions will need to
select from one of two tracks: business or...

Faraday v2.2: Collaborative Penetration Test and Vulnerability Management Platform Francisco Amato (Nov 23)
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that help users improve their own
work, the main purpose is to...

MobSF v0.9.3 is Released: Now supports Windows APPX Static Analysis Ajin Abraham (Nov 22)
Hello Folks,

MobSF v0.9.3 is released.

About MobSF

Mobile Security Framework (MobSF) is an intelligent, all-in-one open
source mobile application (Android/iOS/Windows) automated pen-testing
framework capable of performing static and dynamic analysis. It can be
used for effective and fast security analysis of Android, iOS and
Windows mobile Applications and supports both binaries (APK, IPA &
APPX ) and zipped source code. MobSF can also...

Re: IE11 is not following CORS specification for local files Ricardo Iramar dos Santos (Oct 13)
Same attack using XSS as vector.
Imagine that https://xss-doc.appspot.com is a site about gift cards.
The XSS payload below will create a giftcard.htm file in the default
download folder.
If the victim open the file a GET to
https://mail.google.com/mail/u/0/#inbox will be submitted.
After the GET the file will perform a POST to
http://192.168.1.36/req.php using the GET response as a body.
An attacker would be able to read all the emails in the...

Re: IE11 is not following CORS specification for local files Ricardo Iramar dos Santos (Oct 05)
I did a small improvement in this attack.
Using IE File API
(https://msdn.microsoft.com/en-us/library/hh772315(v=vs.85).aspx) an
attacker would be able to create a web page with the content below and
send to a victim.
A local file with the same content that I sent previously would be
created on download default folder.
If the victim perform the three following clicks (Save, Open and Allow
blocked content) an attacker would be able to perform any...

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

Re: Webex and RCE Kristian Erik Hermansen (Jan 30)
Other than this new remote code execution, wasn't it widely known that even
older versions of WebEx would download sub-resource JAR files over
unencrypted HTTP and just run them without verification? As such, remote
code execution for WebEx (on a hostile network) has been going on a long
time and, as with anything, surely there are additional vectors no one has
found yet and others have kept their lips sealed about ;) Yeah, this is why
many...

Re: Webex and RCE Ryan Duff (Jan 26)
It should also be worth noting that Cisco's "fix" for this is to only allow
this behavior from "https://*.webex.com"; or "https://*.webex.com.cn";.

First off, I really hope those domains aren't at all vulnerable to XSS or
this could still be exploited. But the largest issue here in my eyes is
that their "fix" is to basically say "now, only Cisco can arbitrarily
execute code on your...

Webex and RCE dave aitel (Jan 24)
Trainings tend to be about the past. They are more war stories than
distilled wisdom. Like when we teach you how to do a client-side and
then a kernel exploit
<http://infiltratecon.com/training.html#click-here-for-ring0>, that's
because that's the attack path that's been most successful for us in the
past.

But a lot of hacking is less brute force than that - a lot of it is just
knowing where to look, or gaining expertise in...

Re: #HackingTogether.org Dave Aitel (Jan 23)
Just as a secondary note, we always offer non-alcoholic cocktails at
INFILTRATE for similar reasons...

-dave

Exploits are chameleons dave aitel (Jan 23)
To mathematicians, exploits are proofs to theorems. To foreign policy
people who specialize in export control, they are "dual-use items", and
to people in information security they are simply ground truths of our
shifting domains.

To state it more simply: Vendor advisories lie to you. Or they present
"alternative truths", sometimes on purpose, sometimes not. Exploits are
your only way to dispel this action in a definitive...

#HackingTogether.org Rob Fuller (Jan 23)
I'm soo late to this game but I made a video to describe my feelings about
it and help where I can to spread the word:

https://www.youtube.com/watch?v=Wggu_qaYJaQ

part of http://hackingtogether.org/

We on this list are for the most part already participating in a social
group that has support. I'm not saying we don't have problems, but the ones
that don't have such support, who aren't part of any groups or you only see...

Reliability dave aitel (Jan 17)
There are so many angles on reliability in hacking. Because I wrote some
of the early CANVAS code that still, to my chagrin, is still in the
tree, occasionally I get pulled in to explain why some piece of CANVAS
works the way it does. In particular, one of our customers noticed some
forensics artifacts that were unacceptable. But while we were doing
that, the exploit team was pushing out local exploits this month for
Linux and Windows, the COW...

a serious inquiry about how organizations handle e.g. traumatic impacts Richard Thieme (Jan 17)
My speech on "Playing Through the Pain: The Impact of Dark Knowledge and
Secrets on intelligence and Security Professionals" continues to gain
momentum (over 6000 views on you tube of the def con talk and more on
the O'Reilly site). The Def Con video is at
https://www.youtube.com/watch?v=IowHTVxHpAs. The talk will given again
in Columbus Ohio (4/21/17) for a regional ISSA meeting and in Dublin for
SOURCE Dublin.

Discussing a...

It's dangerous to go alone: Crypto-Analysis dave aitel (Jan 09)
<crypto class image>

So I've been writing a bit about the larger "War on Crypto" here:
https://cybersecpolitics.blogspot.com/2017/01/the-csis-paper-review-part-1.html

I know a lot of you hate reading policy stuff (and I'm not fond of how
much a part of my life it has become) but the CSIS paper had a "who's
who" of the policy world on it and is worth critiquing in a larger space
(here on this list, if you...

YSTS 11th Edition - CFP Luiz Eduardo (Jan 09)
Where: Sao Paulo, Brazil

When: May 22nd, 2017

Call for Papers Opens: December 30th, 2016

Call for Papers Close: February 28th, 2017

http://www.ysts.org

@ystscon

ABOUT THE CONFERENCE

you Sh0t the Sheriff is a very unique, one-day, event dedicated to
bringing cutting edge talks to the top-notch professionals of the
Information Security Community.

The conference’s main goal is to bring the attendees to the current
state of the information...

Just so you don't have to... Dave Aitel (Dec 17)
I went through the Shadowbroker.zip file they released. It's like, super
old boring crap but the following readme's were mistakenly included it
seems. I'll hit a few enters if you don't want to read it because you have
clearance.
-dave

# as of: 2010-07-29 18:01:21 EDT

# EBBISLAND
# (Exploit for Solaris 2.6, 2.7, 2.8, 2.9 and 2.10)

# First ensure that the vulnerable rpc service is running. You must
# be able to reach the...

Results from the 2016 Volatility Plugin Contest are in! Andrew Case (Dec 07)
We are excited to announce that the results of the 2016 Volatility
Plugin Contest are in:

https://volatility-labs.blogspot.com/2016/12/results-from-2016-volatility-plugin.html

We received a record number of submissions this year, and we are looking
forward to seeing these plugins be adopted in the field.

We also wanted to thank Airbnb again for their donation of $999 to the
prize pool. It is great to see organizations supporting open source...

Re: Adversary Simulation Adrian Sanabria (Dec 05)
So, this has become its own market segment now, and I think
attack/adversary simulation is really important. Yes, I agree that
accurately simulating current tactics is important, but this is a hugely
valuable capability even if the simulations are older,since the average
enterprise is far from effectively defending against more sophisticated
adversaries. And let's be honest - the attackers most likely to go after
the average organization...

Re: Adversary Simulation Christos Kalkanis (Nov 30)
Paul,

INNUENDO was created to be a framework, or a superset if you like,
of APT functionality that was common at the time but also visible on the
horizon. The most important design decision we made was to keep
the architecture flexible enough in order to both adapt to and subsume
emerging techniques used by nation states while dealing with uncertainty
and failures on the target end. This led us to fully adopt Python as
the core of INNUENDO [1]....

Re: Adversary Simulation benjamin heise (Nov 30)
Justin Warner actually wrote a, IMO, great overview of adversary emulation
and how to carry it out, as well as delving lightly into the Diamond Model
of Intrusion Analysis.

Does Immunity follow this same model, or have you developed your own model
for performing adversary simulation?

References:
http://www.sixdub.net/?p=762
http://www.dtic.mil/dtic/tr/fulltext/u2/a586960.pdf

V/r,
Ben

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

Re: [Security Weekly] cheap hosting Robin Wood (Sep 23)
Resurrecting an old thread but they now have an affiliate program and I can
issue my own codes so:

20% off all servers AqUVYbUXag
50% off all big dog (whatever that is) 7E9YRUzEZy

After a month with them, their tech support is OK but not great, the server
has stayed up and not had any problems.

Robin

Re: [Security Weekly] projecting in a bight space Jeremy Pommerening (Aug 28)
I would look for a projector with at least 6000 ANSI Lumens or better. A darker screen (grey) may also help.

Jeremy Pommerening

________________________________
From: Robin Wood <robin () digi ninja>
To: Security Weekly Mailing List <pauldotcom () mail securityweekly com>
Sent: Sunday, August 3, 2014 3:42 AM
Subject: [Security Weekly] projecting in a bight space

I've been looking at the venue for next year's...

[Security Weekly] Two Firefox security bugs related to HTTPS ffbugishere (Aug 17)
Hello world!

We need votes for security bugs!

Adding "Security Exception" for self-signed HTTPS sites cannot be done
permanently
https://bugzilla.mozilla.org/show_bug.cgi?id=1050100

Firefox 31 doesn't supports the industry recommended best HTTPS
ciphers
https://bugzilla.mozilla.org/show_bug.cgi?id=1051210

Other browsers should have the same bugs fixed..

p.s.: We are not related to this group, but we think they worth a
penny...

Re: [Security Weekly] Java and Flash decompilers Will Metcalf (Aug 05)
JPEXS is very nice for flash IMHO.

http://www.free-decompiler.com/flash/

Regards,

Will

Re: [Security Weekly] Java and Flash decompilers Bradley McMahon (Aug 05)
I've used flare before to pull apart a flash site for a client.
http://www.nowrap.de/flare.html

-Brad

Re: [Security Weekly] SecurityCenter alternative Steven McGrath (Aug 04)
SC certainly isn’t cheap (as a former SC customer that moved over to Tenable I can attest to that) however I can point
out that the data aggregation, trending, and custom reporting were huge wins in my book. I guess its a time/money
trade-off. How much time do you want to spend either cobbling together a tool or manually aggregating the data when
there is another tool already out there that can do it out of the box.

I can speak in more...

Re: [Security Weekly] Java and Flash decompilers S. White (Aug 04)
A few I've used in the past:

JAD - http://varaneckas.com/jad/ , http://en.wikipedia.org/wiki/JAD_(JAva_Decompiler)

HP SWFscan

Adobe SWF investigator http://labs.adobe.com/technologies/swfinvestigator/

________________________________
From: Robin Wood <robin () digi ninja>
To: Security Weekly Mailing List <pauldotcom () mail securityweekly com>
Sent: Monday, August 4, 2014 5:54 AM
Subject: [Security Weekly] Java and...

[Security Weekly] DoFler @ BSidesLV Steven McGrath (Aug 04)
This will be the 3rd year that DoFler (the Dashboard of Fail) will be at BSidesLV. This year I wrote a new spiffy
interface for maximum trolling. Let’s be honest now, everyone loves to surf for various forms of horrible on the
internet at cons :D. Also added this year is a little vulnerability analysis (using Tenable’s PVS). Every year I try
to improve it a bit based on everyone’s input, and am always welcome to more feedback.

DB...

Re: [Security Weekly] cheap hosting Robin Wood (Aug 04)
Already sorted but thanks for the info.

Re: [Security Weekly] Java and Flash decompilers Nathan Sweaney (Aug 04)
Here are a few others I've used with varying success in the past:

SWFInvestigator - http://labs.adobe.com/technologies/swfinvestigator/
SWFScan - from Rafal Los at HP, though the link has been deleted. (Careful,
I've seen trojaned copies online.)

Re: [Security Weekly] SecurityCenter alternative Paul Asadoorian (Aug 04)
Thanks all for the informative discussion!

I know, I'm jumping in late, some closing thoughts on the subject:

- SecurityCenter has the unique advantage of consolidating plugin
updates, meaning you could have hundred of Nessus scanners deployed in
your organization, and the scanners get the plugin feed from your
SecurityCenter system. The removes the requirement of Internet access
(From the scanners), and greatly eases the administration...

Re: [Security Weekly] SecurityCenter alternative k41zen (Aug 04)
Thanks for all of your help.

We are in discussions with our Tenable contact about solutions for this issue. They’ve helped me out by enabling me to
move forward to at least deploy this into a Pre-Production environment but the costs of SC are a massive stumbling
block; hence my question about something else. Appreciate we have a big Nessus fan base here of which I am a member
too, but just wondered what could be wrapped around it.

I’ll...

Re: [Security Weekly] SecurityCenter alternative Adrien de Beaupre (Aug 04)
Hi,

I have also written a series of script to collect data from tools such as
nmap and nessus to import into MySQL called OSSAMS:
http://www.ossams.com/wp-content/uploads/2011/10/ossams-parser-SecTor-2011.zip
That leaves report writing as a series of SQL queries.
I also have a series of scripts to kick off scans, as well as a command
like XML-RPC nessus client in python if anyone is interested.

Cheers,
Adrien

Re: [Security Weekly] cheap hosting sec list (Aug 04)
Hey Robin,

If you're still looking, might want to try out getclouder.com - they
spin up Linux containers in 5 seconds and use distributed storage, which
is pretty awesome. It's still in beta, so they offer 3 months free
service, but it has been pretty stable so far from my experience.

[Security Weekly] Java and Flash decompilers Robin Wood (Aug 04)
Hi
I'm trying to put together a list of tools for decompiling Flash and Java
apps. From asking on another list I already have:

Java
JD-GUI
Java Decompiler http://jd.benow.ca/jd-gui/downloads/jd-gui-0.3.6.windows.zip.

Java snoop https://code.google.com/p/javasnoop/

Flash
Trillix
Flashbang https://github.com/cure53/Flashbang

Has anyone here got any others they can suggest?

Ideally I'm looking for free stuff but cheap commercial...

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

Microsoft Security Advisory Notification Microsoft (Jan 27)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: January 27, 2017
********************************************************************

Security Advisories Released or Updated Today
==============================================

* Microsoft Security Advisory 4010983
- Title: Vulnerability in ASP.NET Core MVC 1.1.0 Could Allow Denial of
Service
-...

Microsoft Security Advisory Notification Microsoft (Jan 10)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: January 10, 2017
********************************************************************

Security Advisories Released or Updated Today
==============================================

* Microsoft Security Advisory 3214296
- Title: Vulnerabilities in Identity Model Extensions Token Signing
Verification
-...

Microsoft Security Bulletin Summary for January 2017 Microsoft (Jan 10)
********************************************************************
Microsoft Security Bulletin Summary for January 2017
Issued: January 10, 2017
********************************************************************

This bulletin summary lists security bulletins released for
January 2017.

The full version of the Microsoft Security Bulletin Summary for
January 2017 can be found at
<https://technet.microsoft.com/library/security/ms17-jan>....

Microsoft Security Bulletin Releases Microsoft (Dec 19)
********************************************************************
Title: Microsoft Security Bulletin Releases
Issued: December 19, 2016
********************************************************************

Summary
=======

The following bulletins have undergone a major revision increment.

* MS16-155 - Important

Bulletin Information:
=====================

MS16-155

- Title: Security Update for .NET Framework (3205640)
-...

Microsoft Security Bulletin Summary for December 2016 Microsoft (Dec 13)
********************************************************************
Microsoft Security Bulletin Summary for December 2016
Issued: December 13, 2016
********************************************************************

This bulletin summary lists security bulletins released for
December 2016.

The full version of the Microsoft Security Bulletin Summary for
December 2016 can be found at
<https://technet.microsoft.com/library/security/ms16-dec...

Microsoft Security Bulletin Releases Microsoft (Dec 13)
********************************************************************
Title: Microsoft Security Bulletin Releases
Issued: December 13, 2016
********************************************************************

Summary
=======

The following bulletins have undergone a major revision increment.

October
* MS16-118 - Critical
* MS16-120 - Critical
* MS16-122 - Critical
* MS16-123 - Important
* MS16-124 - Important
* MS16-126 - Moderate

November
*...

Microsoft Security Bulletin Minor Revisions Microsoft (Dec 13)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: November 23, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-130
* MS16-140

Bulletin Information:...

Microsoft Security Bulletin Minor Revisions Microsoft (Nov 23)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: November 23, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-130
* MS16-140

Bulletin Information:...

Microsoft Security Bulletin Releases Microsoft (Nov 16)
********************************************************************
Title: Microsoft Security Bulletin Releases
Issued: November 15, 2016
********************************************************************

Summary
=======

The following bulletins have undergone a major revision increment.

* MS16-133 - Important

Bulletin Information:
=====================

MS16-133

- Title: Security Update for Microsoft Office (3199168)
-...

Microsoft Security Bulletin Summary for November 2016 Microsoft (Nov 08)
********************************************************************
Microsoft Security Bulletin Summary for November 2016
Issued: November 8, 2016
********************************************************************

This bulletin summary lists security bulletins released for
November 2016.

The full version of the Microsoft Security Bulletin Summary for
November 2016 can be found at
<https://technet.microsoft.com/library/security/ms16-nov...

Microsoft Security Bulletin Minor Revisions Microsoft (Nov 08)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: November 8, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-035
* MS16-091
* MS16-101

Bulletin Information:...

Microsoft Security Bulletin Summary for October 2016 Microsoft (Oct 27)
********************************************************************
Microsoft Security Bulletin Summary for October 2016
Issued: October 27, 2016
********************************************************************

This is a notification of an out-of-band security bulletin that was
added to the October Security Bulletin Summary on October 27, 2016.

The full version of the Microsoft Security Bulletin Summary for
October 2016 can be found at...

Microsoft Security Bulletin Minor Revisions Microsoft (Oct 12)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: October 12, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-121

Bulletin Information:
=====================

MS16-121...

Microsoft Security Bulletin Releases Microsoft (Oct 11)
********************************************************************
Title: Microsoft Security Bulletin Releases
Issued: October 11, 2016
********************************************************************

Summary
=======

The following bulletins have undergone a major revision increment.

* MS16-101 - Important

Bulletin Information:
=====================

MS16-101

- Title: Security Update for Windows Authentication Methods (3178465)
-...

Microsoft Security Bulletin Summary for October 2016 Microsoft (Oct 11)
********************************************************************
Microsoft Security Bulletin Summary for October 2016
Issued: October 11, 2016
********************************************************************

This bulletin summary lists security bulletins released for
October 2016.

The full version of the Microsoft Security Bulletin Summary for
April 2016 can be found at
<https://technet.microsoft.com/library/security/ms16-oct>....

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

Verizon: 1.5M of Contact Records Stolen, Now on Sale Jeffrey Walton (Mar 26)
http://www.mobipicker.com/verizon-1-5m-contact-records-stolen-now-sale/:

A business to business telecommunication giant,
Verizon Enterprise Solutions, a Basking Ridge,
New Jersey-based company, has been the latest
victim of a cyber crime that stole 1.5 million contact
records of the customers of Verizon...

I don't quite understand this double talk. Could someone explain to me:

A spokesperson from Verizon said that...

Statement on Lavabit Citation in Apple Case Jeffrey Walton (Mar 16)
(From John Young on another list):
http://www.facebook.com/KingLadar/posts/10156714933135038

As many of you already know, the government cited the Lavabit case in
a footnote. The problem is their description insinuates a precedent
that was never created. Obviously I was somewhat disturbed by their
misrepresentation. So I decided to draft a statement. And keep in
mind, these are the same people who say "trust us." Click continue to
read...

The NSA's back door has given every US secret to our enemies Jeffrey Walton (Feb 29)
http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2

Deng Xiaoping, in 1979 - his second year as supreme leader of China -
perceived a fundamental truth that has yet to be fully grasped by most
Western leaders: Software, if properly weaponized, could be far more
destructive than any nuclear arsenal.

Under Deng’s leadership, China began one of the most ambitious and
sophisticated meta- software...

Can Spies Break Apple Crypto? Jeffrey Walton (Feb 27)
Here's an interesting exchange between Cryptome and Michael Froomkin,
Law Professor at University of Miami, on the All Writs Act
(http://cryptome.org/2016/02/can-spies-break-apple-crypto.htm):

-----

A. Michael Froomkin:

The factual posture in the key Supreme Court precedent, New York
Telephone, involved a situation where only the subject of the order
was capable of providing the assistance at issue. This is the basis
for Apple's...

The FBI's iPhone Problem: Tactical vs. Strategic Thinking Jeffrey Walton (Feb 23)
http://www.technewsworld.com/story/83130.html

I'm an ex-sheriff, and I've been in and out of security jobs for much
of my life, so I've got some familiarity with the issues underlying
the drama between the FBI and Apple. FBI officials -- and likely those
in every other three-letter agency and their counterparts all over the
world -- would like an easier way to do their jobs. Wouldn't we all?

If they could put cameras in...

Wanted: Cryptography Products for Worldwide Survey Jeffrey Walton (Jan 01)
(http://www.schneier.com/crypto-gram/archives/2015/1215.html):

In 1999, Lance Hoffman, David Balenson, and others published a survey
of non-US cryptographic products. The point of the survey was to
illustrate that there was a robust international market in these
products, and that US-only export restrictions on strong encryption
did nothing to prevent its adoption and everything to disadvantage US
corporations. This was an important contribution...

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

Educause Security Discussion — Securing networks and computers in an academic environment.

(SECURITY] Enabling Audit Functionality in O365 Patricia Malek (Jan 31)
Good Evening,

We are thinking about implementing audit logging on O365 mailboxes and had some questions that maybe the group could
assist us with:

1. What kind of activities do you log?

2. What is your retention policy on the log?

3. How large does the log size get?

4. Do you use the logs for any proactive alerting around possible account compromise?

I appreciate any information you could provide around this...

Watermark on Campus Directory Image Ludwig, Linda (Jan 31)
What are your reasons for using or not using a watermark on campus directory images?

Thank you,

Linda Ludwig
Information Security Awareness Specialist
Grinnell College
ludwigl () grinnell edu<mailto:ludwigl () grinnell edu>

EDUCAUSE Awards: Nominate an IT Leader (by 2/20/17) Valerie Vogel (Jan 31)
Colleagues,

The EDUCAUSE Awards Program brings peer endorsement and distinction to professional accomplishments in higher education
IT.

* The Leadership Award, the highest recognition for individual achievement, is awarded annually to the “summa cum
laudes” in our field—whose work has had a significant and positive impact on advancing the theory and practice of
information technology in higher education.
* The EDUCAUSE...

Re: Password Vault Solutions Michael Muto (Jan 30)
Hello,

We also utilize Thycotic Secret Server, which has worked great for us. We have been a proud customer since 2008, and
the product has evolved over the years. We are running Enterprise Edition. Feel free to contact me with any questions.

Thanks,

Michael Muto
Systems Administrator
Duquesne University | Computing and Technology Services
600 Forbes Avenue, Pittsburgh, PA 15282
Phone: 412-396-4621 Email: mutom () duq edu
MCSE, MCSA, MCP,...

Re: Password Vault Solutions Frank Barton (Jan 30)
You can put Husson University down as another happy Thycotic Secret Server
customer - we've been using Professional for about 3 years. Very Very easy
setup

Frank

Re: Password Vault Solutions Taylor Randle (Jan 27)
We've been using Thycotic Secret Server for almost 2 years now and have been very happy with it. The free version is
quite robust and will suit most of the requirements you mentioned - we recently upgraded to Professional for some
additional functionality. Implementation was very easy and took virtually no time to get up and running. Feel free to
send me an email directly if you have any other questions.

Thanks!
Taylor

Taylor Randle...

Re: SIEM preferences for the budget conscious institution Kevin Wilcox (Jan 27)
With a judicious use of Puppet to manage the Splunk infrastructure, I (1

Just for clarification, are you using forwarders as Splunk uses forwarders
or as the rest of the logging world uses forwarders? I.e., are you managing
500 servers that are "heavy forwarders" and exist only to serve the logging
infrastructure (the way the rest of the logging world uses the word
forwarders) or are there 500 servers running the Splunk agent (as...

Re: Password Vault Solutions Hugh Burley (Jan 27)
We use Thycotic Secret Server and I have been very pleased with it. We have recently integrated access with DUO.

Hugh

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Gregg,
Christopher S.
Sent: Friday, January 27, 2017 10:23 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Password Vault Solutions

Hi,

We are evaluating password vault and privileged access management...

Re: SIEM preferences for the budget conscious institution Johnson, Kyle A (Jan 27)
I used Splunk in a previous job and I absolutely loved it. I am trying to push for it here as well. I used Splunk
strictly for incident response, and it worked tremendously well. There are also a great deal of add-on applications
that can be integrated within Splunk. Very easy to customize dashboards, receive emailed reports/alerts, etc. I would
highly recommend it, especially if you integrate some sort of threat intel solution with it. The...

Re: SIEM preferences for the budget conscious institution Christopher Caldwell (Jan 27)
Rob,

Have you looked into an all-in-one solution? We are in the middle of a multi-year budget crisis and with Splunk we have
not only sustained, but expanded our investment. It fulfills multiple roles (SEIM, ITSA, BI, etc) at a much lower TCO
than any other solution that we have looked at. With a judicious use of Puppet to manage the Splunk infrastructure, I
(1 person) manage three clusters (including one multi-site), totaling 12 indexers, 11...

Re: Password Vault Solutions Brian Griffith (Jan 27)
We use Thycotic Secret Server. So far, I'm a big fan. Happy to share more
details directly.

Brian W. Griffith
Information Security Officer
Whitman College
griffibw () whitman edu

On Fri, Jan 27, 2017 at 10:24 AM Gregg, Christopher S. <csgregg () stthomas edu>
wrote:

Re: Password Vault Solutions Wesley Hayato Tomatsu (Jan 27)
We use Password Manager Pro and it works reasonably well for us although we
aren’t really making the full use of all of its features such as automatic
password resets and such. But it was a lot cheaper for us than Thycotic as
we only have a license for 5 administrators (only administrators are able
to add new resources into the database; you can have an unlimited number of
users who are able to access or change existing passwords).

Adding...

Password Vault Solutions Gregg, Christopher S. (Jan 27)
Hi,

We are evaluating password vault and privileged access management solutions at our university. The primary goal is to
house IT service accounts and shared accounts with elevate privileges, but we are also considered expanded future use
such as possibly using such a solution to manage access to critical systems, and manage short term privilege
escalation. We'd also be able to use the tools to better audit the use of these accounts....

Re: SIEM preferences for the budget conscious institution Baillio, Aaron (Jan 27)
We are using 2 solutions, Elastic Search as well as AlienVault. ES is an open source Splunk derivative. We have
AlienVault running alongside because it has so many features aside from the SIEM. Feel free to hit me up with
questions as well.

B. Aaron Baillio
Managing Director, Security Operations and Architecture
Univeristy of Oklahoma, IT
O: 405-325-7948
C: 254-400-6404

From: The EDUCAUSE Security Constituent Group Listserv [...

Re: SIEM preferences for the budget conscious institution Barnes, William (Jan 27)
I'm using Alienvault USM. I like it.
You can drop me an email or give me a call next week if you have an specific questions about it.

Thanks!
--Bill
*************************************************************************
* Bill Barnes, RHCE, CISSP
* Manager of Technology Support Services
* and Library Network Administrator
* Technology Support Services
* Bloomsburg University
* ph: 570-389-2813
* e-mail: wbarnes () bloomu edu<...

Internet Issues and Infrastructure

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

Re: DWDM Optics cheaper than CWDM Optics? Chuck Anderson (Jan 31)
I've bought their DWDM 80km 10gig and they are working beautifully on
a couple amplified circuits with both Cisco and Juniper routers. I've
also bought gray optics and DACs. The only issue I've noted with some
QSFP+ DACs is some kind of programming issue where the serial number
is mis-read by some models of our Juniper switches. Another oddity is
that each end of some of our DACs have a separate serial number...we
just record...

Re: DWDM Optics cheaper than CWDM Optics? Colton Conor (Jan 31)
Just so you know, FS.com now stocks many of the common optics in Seattle
Washington for next day delivery. So they now are stocking more and more
items in the USA.

When we order an item from China on Monday USA time, we get it it Thursday
morning USA time if its in stock in China!

Re: DWDM Optics cheaper than CWDM Optics? Faisal Imtiaz (Jan 31)
Since I am in the middle of doing something similar, I will share my observations.

CWDM Advantage:-
Passive CWDM Muxes are less expensive than the DWDM counterparts.
Short Range optics (CWDM) are favorable priced
Long Range optics are not so favorably priced.
( I guess that is due to production volume).

Deploying a CWDM passive mux solution, can allow you to stack a DWDM mux on the 1530-1560 CWDM channel.
(one has to pay...

Re: Netflow/sFlow generator for Linux with BGP support Stanislaw Datskevich (Jan 31)
Affirmative, works like a charm.

Also the author is very responsive (has even answered to my dumb
questions in the list).

30.01.2017 03:14, Tom Hill пишет:

Re: BGP route processing speed Sebastian Spies (Jan 31)
Hey Sriram,

hope, you are doing fine.

my BSc thesis from 2010 might be relevant to what you are looking for.

https://drive.google.com/file/d/0B5kLBHCcFJjFZk5RTUtwbUstbm8/view?usp=sharing

Best,
Sebastian

Sriram, Kotikalapudi (Fed) schrieb:

Re: DWDM Optics cheaper than CWDM Optics? Brandon Martin (Jan 31)
I came to the same conclusion a couple years ago. At the time, CWDM was
about the same price as DWDM or maybe still just a hair cheaper, but the
DWDM system is a) so much more capable, and b) typically has better
tools/monitoring, etc. (if you're using muxponders, etc.) that it made
sense to just go DWDM. Given advances in optics, I'm not surprised that
DWDM is now cheaper than CWDM outright.

Of course, the same may not be true...

Re: DWDM Optics cheaper than CWDM Optics? Bob Evans (Jan 31)
I have been under the impression for years now that the age of the fiber
may play a roll in which you prefer due to channel spacing needed to cram
in more frequencies. Never really came across a real world situation where
one didn't work as well as the other. There is probably more things to
consider than the fiber's age.

Thank You
Bob Evans
CTO

RE: DWDM Optics cheaper than CWDM Optics? Luke Guillory (Jan 31)
Karl,

I've bought at least 20k in optics from them in the last 2 years, from QSFP DAC, QSFP to 10g breakouts and everything
in between and the only thing to fail was 1 QSFP breakout cable. A partner of ours uses their DWDM optics and passive
MUXs while I've used their CWDM with no issues.

Luke Guillory
Network Operations Manager

Tel: 985.536.1212
Fax: 985.536.0300
Email: lguillory () reservetele com

Reserve...

DWDM Optics cheaper than CWDM Optics? Karl Gerhard (Jan 31)
Hello,

fs.com offers DWDM optics that are cheaper than CWDM optics:
CWDM 80km 10G for 600$ http://www.fs.com/c/cisco-cwdm-sfp-plus-2425?70-80km
DWDM 80km 10G for 420$ http://www.fs.com/c/cisco-dwdm-sfp-plus-2485?70-80km

This is significant.
Is this for real? Has anybody bought their DWDM optics?

Going with DWDM and passive Mux/Demux seems to be cheaper nowadays than going with CWDM.

Regards
Karl

Re: Fwd: Any Yahoo DNS admins on list? Dan States via NANOG (Jan 31)
Hello Brielle,
The issue has been resolved, I confirmed the Qwest/CenturyLink resolver you mentioned is being properly routed.
-- ♜ Dan States - Yahoo DNS Operations

Re: Fwd: Any Yahoo DNS admins on list? Dan States via NANOG (Jan 31)
Looks like this may be a peering issue, we're investigating.
Regards
-- ♜ Dan States - Yahoo DNS Operations

Re: BGP IP prefix hijacking Bob Evans (Jan 30)
OOPs the Spam thing is just our firewall indicator to possibility - meet a
threshold level - i forgot to remove it when replying. Didnt mean to call
your email spam.
Thank You
Bob Evans
CTO

Re: -Spam- BGP IP prefix hijacking Bob Evans (Jan 30)
The more tools the better the net can become.
I find that BGPmon.net is pretty good. I have not yet found anything else
as good.

You put in your prefixes and they email notify you of bgp changes they see
with the AS hop string announcing. Helpful not just for hijacks - but to
know that peers of peers are receiving your prefixes with your ASN.

Thank You
Bob Evans
CTO

BGP IP prefix hijacking Nagarjun Govindraj via NANOG (Jan 30)
Hi All,

I am planning to write a tool to detect real time BGP IP prefix hijacking.
I am glad to know some of the open problems faced by
providers/companies/community.
I would like to know how the community is currently dealing and mitigating
with such problems.
It will be very helpful to know some of the adopted strategies by the
community to detect bgp IP prefix hijacking and problems that are yet to be
solved.
Also I would like to know some of...

RE: Netflow/sFlow generator for Linux with BGP support Mike Patterson via NANOG (Jan 30)
I agree. nProbe is a great solution. It scales and provides tons of metrics if you decide you need visibility beyond
BGP.

Michael Patterson
www.plixer.com

-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Mel Beckman
Sent: Saturday, January 28, 2017 11:55 PM
To: Patrick Velder <lists () velder li>
Cc: nanog () nanog org
Subject: Re: Netflow/sFlow generator for Linux with BGP support

Patrick,...

Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

Risks Digest 30.11 RISKS List Owner (Jan 28)
RISKS-LIST: Risks-Forum Digest Saturday 28 January 2017 Volume 30 : Issue 11

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.11>
The current issue can also...

Risks Digest 30.10 RISKS List Owner (Jan 22)
RISKS-LIST: Risks-Forum Digest Sunday 22 January 2017 Volume 30 : Issue 10

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.10>
The current issue can also be...

Risks Digest 30.09 RISKS List Owner (Jan 17)
RISKS-LIST: Risks-Forum Digest Tuesday 17 January 2017 Volume 30 : Issue 09

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.09>
The current issue can also be...

Risks Digest 30.08 RISKS List Owner (Jan 10)
RISKS-LIST: Risks-Forum Digest Tuesday 10 January 2017 Volume 30 : Issue 08

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.08>
The current issue can also be...

Risks Digest 30.07 RISKS List Owner (Jan 08)
RISKS-LIST: Risks-Forum Digest Sunday 8 January 2017 Volume 30 : Issue 07

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.07>
The current issue can also be...

Risks Digest 30.06 RISKS List Owner (Dec 30)
RISKS-LIST: Risks-Forum Digest Friday 30 December 2016 Volume 30 : Issue 06

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.06>
The current issue can also be...

Risks Digest 30.05 RISKS List Owner (Dec 26)
RISKS-LIST: Risks-Forum Digest Monday 26 December 2016 Volume 30 : Issue 05

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.05>
The current issue can also be...

Risks Digest 30.04 RISKS List Owner (Dec 20)
RISKS-LIST: Risks-Forum Digest Tuesday 20 December 2016 Volume 30 : Issue 04

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.04>
The current issue can also...

Risks Digest 30.03 RISKS List Owner (Dec 19)
RISKS-LIST: Risks-Forum Digest Monday 19 December 2016 Volume 30 : Issue 03

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.03>
The current issue can also be...

Risks Digest 30.02 RISKS List Owner (Dec 15)
RISKS-LIST: Risks-Forum Digest Thursday 15 December 2016 Volume 30 : Issue 02

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.02>
The current issue can also...

Risks Digest 30.01 RISKS List Owner (Dec 14)
RISKS-LIST: Risks-Forum Digest Wednesday 14 December 2016 Volume 30 : Issue 01

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.01>
The current issue can also...

Risks Digest 29.96 RISKS List Owner (Dec 10)
RISKS-LIST: Risks-Forum Digest Saturday 10 December 2016 Volume 29 : Issue 96

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.96>
The current issue can also...

Risks Digest 29.95 RISKS List Owner (Nov 29)
RISKS-LIST: Risks-Forum Digest Tuesday 29 November 2016 Volume 29 : Issue 95

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.95>
The current issue can also...

Risks Digest 29.94 RISKS List Owner (Nov 25)
RISKS-LIST: Risks-Forum Digest Friday 25 November 2016 Volume 29 : Issue 94

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.94>
The current issue can also be...

Risks Digest 29.93 RISKS List Owner (Nov 21)
RISKS-LIST: Risks-Forum Digest Monday 21 November 2016 Volume 29 : Issue 93

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.93>
The current issue can also be...

BreachExchange — BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.

Tesla sues former employee for stealing Autopilot information Audrey McNeil (Jan 31)
http://www.foxnews.com/auto/2017/01/27/tesla-sues-former-
employee-for-stealing-autopilot-information.html

In a lawsuit filed in California, Tesla has accused former employee and
Autopilot manager Sterling Anderson of stealing proprietary company secrets
and software. In addition, Tesla says Anderson worked with Chris Urmson,
former head of Google's autonomous car project, of trying to lure Tesla
employees away to join a competing tech...

3 Serious Digital Threats to Your Business in 2017 Audrey McNeil (Jan 31)
http://opensources.info/3-serious-digital-threats-to-your-business-in-2017/

The internet is far from a safe place to do business, but the convenience
and capability of the web makes it nearly impossible for any competitive
company to stay away. In the seemingly eternal arms race between hackers
and cybersecurity experts, digital threats are changing every year ― and
becoming more and more appalling with every generation.

To have any semblance...

Cardinals To Pay Two Draft Picks, $2MM To Astros As Fine In Data Breach Scandal Audrey McNeil (Jan 31)
http://www.mlbtraderumors.com/2017/01/cardinals-to-send-two-
draft-picks-to-astros-pay-2mm-fine-for-data-breach-scandal.html

Major League Baseball has concluded its investigation into the Cardinals’
illegal accessing of the Astros’ proprietary database, ruling that St.
Louis will have to send two draft picks to the Astros and pay a $2MM fine
to the Astros as punishment, Major League Baseball commissioner Rob Manfred
announced on Monday. The...

The effect of cybercrime on businesses and consumers Audrey McNeil (Jan 31)
https://betanews.com/2017/01/30/cybercrime-effects/

Here we are, at the end of the first month of a new year and where are we?
Well, I guess that very much depends on who you are. If you're a hacker,
then things are looking good for you. If you're a consumer, the evidence
suggests you won't be fooled twice, but is that good enough? And if you're
a business, you've got the same security problems as last year but with...

Phishing Alert: Employee W-2 Information at Risk Audrey McNeil (Jan 31)
http://www.natlawreview.com/article/phishing-alert-
employee-w-2-information-risk

It's happening again. This time last year, there were a substantial number
of phishing attacks all over the country targeting employee W-2
information. According to the IRS, phishing and other schemes jeopardizing
tax information were up over 400% in 2016. The phishing attacks typically
involve HR or payroll department employees sharing highly sensitive W-2...

2016 Data Breach Legislation Roundup: What to Know Going Forward Audrey McNeil (Jan 31)
http://www.jdsupra.com/legalnews/2016-data-breach-legislation-roundup-10735/

States were busy updating their data breach notification statutes in 2016.
With 2016 in the rear view, let’s take a look back at the legislative
changes that will impact corporate incident response processes and what
those trends portend going forward.

Expanded Definition of “Personal Information”

Login Credentials. In 2016, Rhode Island, Nebraska and Illinois...

Sundance Hack Acts as a Warning to Small and Mid Sized Businesses Audrey McNeil (Jan 30)
http://www.business2community.com/cybersecurity/sundance-
hack-acts-warning-small-mid-sized-businesses-01765418

This past Saturday, January 21st, the 2017 Sundance Film Festival was
underway with its first weekend of screenings when it was interrupted by a
cyberattack that disabled its online box office as well as internet access
throughout Park City, Utah. The attack is reportedly being investigated by
the FBI as a denial of service (DDoS)...

Acer will pay $115K settlement following major security breach Audrey McNeil (Jan 30)
http://www.digitaltrends.com/computing/acer-settlement-security-breach/

In June 2016, Acer announced that a security breach pertaining to its
online storefront serving North America had resulted in thousands of users’
personal data being compromised. Now, the New York attorney general’s
office has confirmed that the company will pay $115,000 in penalties,
following an in-depth investigation into the error.

It’s been discovered that an...

Alleged LinkedIn hacker is stuck between a Trump and a hard face Audrey McNeil (Jan 30)
http://www.theinquirer.net/inquirer/news/3003448/alleged-
linkedin-hacker-is-stuck-between-a-trump-and-a-hard-face

Pity alleged LinkedIn hacker Yevgeniy Nikulin. He is currently facing
extradition requests from both the USA and Russia, suggesting that he is
doomed for Putin or Trump style punishment.

Nikulin is suspected of hacking LinkedIn, which is a glue-like social
network for businesses and business people. If you are not on it, someone...

Building Security Layers – of Software Audrey McNeil (Jan 30)
https://www.infosecurity-magazine.com/opinions/building-security-layers-of/

Global enterprises in 2016 experienced increasingly numerous, varied and
sophisticated security threats. When it comes to ICT – which is how most of
today’s organizations operate – the potential risks of attack are enormous.
These attacks to integrated mobile devices, apps and network hardware and
software can threaten not just data protection, financial stability...

RoT: Ransomware of Things Audrey McNeil (Jan 27)
http://www.welivesecurity.com/2017/01/25/rot-ransomware-things/

One of the trends that I found most worrying in 2016 was the willingness of
some individuals to participate in the following three activities: holding
computer systems and data files hostage (ransomware); denying access to
data and systems (Distributed Denial of Service or DDoS); and infecting
some of the devices that make up the Internet of Things (IoT).

Sadly, I think these...

Digital Risk Monitoring: The New Normal Audrey McNeil (Jan 27)
http://wwpi.com/2017/01/25/digital-risk-monitoring-the-new-normal/

The threat landscape is evolving much faster than many enterprises can
react to protect themselves and their customers.

Today, an online promotion can turn into a forgotten website that hackers
can use as an easy inroad to a network. A CEO’s social media presence meant
to create visibility with customers can turn into hundreds of rogue
accounts impersonating him. A deprecated...

Explaining cybersecurity threats in a decision-maker context Audrey McNeil (Jan 27)
https://gcn.com/articles/2017/01/26/explaining-cyber-in-context.aspx

As cybersecurity professionals, I’m sure you’ve had this experience: you
find a risk to your organization’s systems, data and reputation, and you
want to take action -- recode, deploy a web application firewall or maybe
even disconnect the system.

You don’t want to make it sound like the sky is falling, but you need time
and resources to correct the issue -- now. You...

Small business owners should take steps to make their systems safe from hackers Audrey McNeil (Jan 27)
http://www.thedailyreporteronline.com/news/2017/01/25/small-
business-owners-should-take-steps-to-make-their-systems-safe-from-hackers/

An industry review of cyber security practices of small and medium sized
businesses found that 55 percent of respondent companies suffered a cyber
attack in the past 12 months.

Half of the 600 IT professionals at those companies admitted their
employers having been the target of data breaches during the same...

Why All Companies Should Have a Ransomware Recovery Plan Audrey McNeil (Jan 27)
http://wwpi.com/2017/01/26/why-all-companies-should-have-
a-ransomware-recovery-plan/

Cyber criminals are not only becoming more and more sophisticated but also
bolder. The most insidious computer crime today doesn’t involve viruses or
stealing credit card numbers. Instead, it comes in the form of ransomware –
rogue programs that hold an entire organization’s data hostage with
unbreakable encryption and demand a ransom for the decryption...

Open Source Tool Development

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

Re: NSIS v3 Gerald Combs (Jan 30)
OK, I've installed 3.01 on the Windows builders. If there are any
problems I can revert back to v2.51.

Re: NSIS v3 Pascal Quantin (Jan 30)
Hi Gerald,

2017-01-30 19:56 GMT+01:00 Gerald Combs <gerald () wireshark org>:

I'm also using it locally and did not face an issue so far.

Pascal.

NSIS v3 Gerald Combs (Jan 30)
The Developer's Guide says that NSIS v3 is unsupported. Is that truly the
case? I'm able to build an installer on my development VM using NSIS v3.01
without any problems that I can find.

Re: XML library for use in dissector Ahmad Fatoum (Jan 30)
Hello Peter,

As OEMs can (and do) provide their own device profiles, restricting loading
to compile-time would be too big a limitation.

For now, I went the plugin route and edited the build files to include
libxml2.

Kind regards
Ahmad Fatoum

Re: Chappell University All Access Pass James Wilson (Jan 30)
I’ve had a subscription for almost 3 years now and it’s been very good in my opinion. Vids are easy to follow, you can
repeat a class as many times as you want, class notes and documentation and sample pcap files are available for use to
follow along. You also get a discount for repeat subscriptions, their office is very responsive to emails, questions,
etc…but the biggest benefit is that Chappell has been working with Wireshark well...

University Project Kunal Thakrar (Jan 29)
Hello,

I am currently doing some development to create a customised Wireshark as part of a project at university, which will
add a feature similar to the developer's tools in Firefox and the same in Chrome. However, this will be within
Wireshark and will, therefore, be separate from the web browsers.

I started by creating a GUI window similar to the existing Conversations dialog with features removed to only show the
TCP connections....

Re: XML library for use in dissector Peter Wu (Jan 29)
Hi Ahmad,

Some (family of) dissectors are generated from description files (ASN.1,
PIDL, ...). These "compilers" are Python/Perl/... programs which
sometimes have additional dependencies at the time of generation, but
are otherwise just normal C dissectors without additional dependencies
after generation.

Would this method of generating a dissector help? You can find some
examples in epan/dissectors/asn1/, epan/dissectors/pidl/,...

Re: Same issue of compiling wireshark on AWS AMI Guy Harris (Jan 28)

No, because the person who sent that message didn't bother sending the top-level Makefile in response to my asking him
to do so, so we were unable to figure out whether it was linking with -lm.

Could you please send both the config.out file from the configure process and the top-level Makefile it generated?

XML library for use in dissector Ahmad Fatoum (Jan 28)
Hello everyone,

As part of a school project, we intend to extend the Ethernet POWERLINK
(packet-epl.c) dissector in Wireshark to be able to read in the XML device
description files (XDD) and use that information to dissect the packet
payload (The data field is currently displayed as a byte stream).

As we would like to have the changes eventually merged into the trunk, we
want to check what XML library we should use?

We are hesitant to rely on...

Re: Checking address in WMEM Evan Huus (Jan 26)
wmem ships with four different allocator algorithms (see
wmem_allocator_type in wmem_core.h) of which the block allocator you
are looking at is only one. When a wmem scope is initialized the
backing algorithm can be overridden by an environment variable (see
wmem_init() and wmem_allocator_new() in wmem_core.c). This is mostly
useful on the build machines to turn on additional safety checks (the
strict allocator) or to be friendly to memory...

Re: New GUI for specific protocol Juan Jose Martin Carrascosa (Jan 26)
Hi again,

Can somebody point to me any simple example? I am able to tap the dissector
but I would like to write now a simple app that prints a message in the
terminal every time the packet() function is called. I know this looks
simple, but it's been some time and I can't get this running...

Thanks,
Juanjo Martin

Re: Checking address in WMEM Dario Lombardo (Jan 26)
On Thu, Jan 26, 2017 at 3:41 PM, Jeff Morriss <jeff.morriss.ws () gmail com>
wrote:

Yes. Basically I'd like the idea to give the user a very useful error
message. The wmem is pretty hard to debug, since a wrong scope basically
means a segment violation, a double free, or so. But that can happen very
far from where the error is.

Re: Checking address in WMEM Jeff Morriss (Jan 26)
Sounds like a crash is the *right* thing to do here, non?

Or are you looking for a way to make the crash easier to debug?

Re: Checking address in WMEM Dario Lombardo (Jan 26)
I get it.

I don't get this. Can you explain it a little bit?

The general problem is: a function takes a wmem string as input. This
function can do wmem_realloc, then I need the scope the variable lives in.
If the caller gives the wrong scope, I have a crash. The question is how
can I check that the variable is consistent with the provided scope?
Despite very expensive, I could have this check in debug only to reduce the
debug time.

Re: Checking address in WMEM Evan Huus (Jan 26)
Each block can consist of multiple chunks, so you need a second, inner
loop. You can do this with WMEM_CHUNK_NEXT.

Do note, however, that:
- you'll be iterating over every piece of memory allocated in this
scope, which will probably be quite expensive
- your code will fail any time wmem chooses a different allocator
(this happens in CI, and occasionally elsewhere as well)

What problem specifically are you trying to solve? There may be an...

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

Re: Snort Rule Creation John G (Jan 31)
Hey Joel. Yes I do. I just left is an "any" because i was trying
everything to get it to alert lol But we are thinking that the issue is not
rule related.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot_______________________________________________
Snort-sigs mailing list...

Re: Snort Rule Creation Joel Esler (jesler) (Jan 31)
You know you can do ![80,443] as ports right?

Re: (no subject) wkitty42 (Jan 31)
do it yourself by looking at the information at the bottom of each and every
email in the list...

> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users

Re: Snort Rule Creation John G (Jan 31)
That is from Sourcefire. This is what the actual rule looks like now.

alert ip !Source address any <> [All, 8, destination, addresses] any
(sid:1000000; gid:1; msg:"Unwanted Traffic"; classtype:tcp-connection;
rev:5; )

The rule should work right? Might be an issue with the way our network is
setup and where our ids is located.

------------------------------------------------------------------------------
Check out the...

Re: Snort Rule Creation Desmond Agee (Jan 31)
What program is that a snap-shot of?

Desmond Agee

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

http://www.snort.org...

Re: Snort Rule Creation John G (Jan 31)
Alright, so this is basically what I did.

Alert ip !SOURCEIP any [8, Destination, IP's] any (msg:”Unauthorized TCP
traffic initiated”;)

I figured out that you can negate with ! in front of the IP's. To test it,
I have been sending ping packets to the destination IP's from a source ip
address that is NOT what i entered in the Source IP part of the rule.
However, I am not receiving any alerts. Do i need to add arguments to...

Re: Snort Rule Creation John G (Jan 31)
Forgot to attach the screenshot.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

http://www.snort.org

Please visit...

Re: Snort Rule Creation John G (Jan 31)
Thanks for the help. So i created a rule similar to that. Wouldn't this
rule fire if the source ip address on any port communicates with those
destination addresses? Attached is a screenshot of the rule I created.
However, the rule that i created will fire if it sees traffic on ports
80/443 from the one source address to 8 destination addresses on the same
ports. What i want however is to alert if there is traffic outside of
those...

Re: Snort Rule Creation James Lay (Jan 31)
And doc link:

http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node29.html#SECTION00423000000000000000

James

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

Re: Snort Rule Creation Joel Esler (jesler) (Jan 31)
Maybe something like:

alert tcp $SOURCEIP any -> ![destip1, destip2, destip3] any (msg:”Unauthorized TCP traffic initiated”; flags:S;
sid:1000000; rev:1;)

?

(no subject) Omar Johnatan Lopez Carrillo (Jan 31)
hola amigos soy nuevo en esto y tengo un problema al momento de ejecutar
snort
¿alguien me puede ayudar?

ERROR: /etc/snort/snort.conf(326) => Palabra clave no válida '}' para la
configuración del servidor.
Error fatal, Dejar de fumar ..

-
I*ng. Omar J. Lopez Carrillo *

*Soporte Técnico Universidad Tecnológica de Coahuíla *
*Tel: 288 388 00 ext: 173*...

Snort Rule Creation John G (Jan 31)
Good Afternoon everyone,

My name is John and I am starting out with creating Snort rules. I have
experience using Snort with IDS's such as Sourcefire and Security Onion for
incident response. However, i don't have much experience creating custom
rules. Although i once created a rule during one of my security classes
during my undergrad program lol Anyway, i have been reading documentation
for how to understand/create rules from a...

Snort Subscriber Rules Update 2017-01-31 Research (Jan 31)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the blacklist,
browser-ie, browser-plugins, deleted, file-executable, file-flash,
file-image, file-office, file-other, file-pdf, malware-cnc,
malware-other, os-windows, policy-other, protocol-dns, server-iis,
server-other and sql rule sets to provide coverage for emerging threats
from...

Rule 18:119 James Lay (Jan 31)
Rule:

alert ( msg: "HI_CLIENT_WEBROOT_DIR"; sid: 18; gid: 119; rev: 1;
metadata: rule-type preproc, service http ; classtype:unknown;
reference:cve,2001-0333; reference:cve,2002-1744;
reference:cve,2008-5515; reference:2015-0666; )

Needs cve, on the last reference.

James

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech...

Re: (no subject) Joel Esler (jesler) (Jan 31)
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users <https://lists.sourceforge.net/lists/listinfo/snort-users>

More Lists

Related Resources

We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.