SecLists.Org Security Mailing List Archive

Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:

Insecure.Org Lists

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

Nmap new version past 7.70 due to CVE-2018-15173 Shashi Guruprasad (Aug 27)
Hi Fyodor, or Daniel Miller,

Would it be possible to release a new version of nmap for fix CVE-2018-15173? Qualys is reporting this vulnerability in
our system despite installing 7.70-1. I can build from source, but it will mean that I will need to do this all the
time in the future…

Thanks and regards,
Shashi
[GH#1147]<http://issues.nmap.org/1147>[GH#1108]<http://issues.nmap.org/1108> Reduced LibPCRE resource limits so that...

Re: Google Summer of Code 2019 Fyodor (Aug 24)
On Fri, Aug 24, 2018 at 9:57 AM Jeffrey Rowell <jrowell3 () msudenver edu>
wrote:

Hi Jeff. After participating in all of the first 13 years of GSoC, we
decided to take a year off last year, as described at
http://seclists.org/nmap-dev/2018/q1/23.

We haven't decided yet on whether to come back for 2019. A lot of it
depends on how much interest we have from prospective students and
mentors. Of course it is also subject to Google...

Google Summer of Code 2019 Jeffrey Rowell (Aug 24)
Hello all,

I have used Nmap throughout my penetration testing and defense class at school, and I was wondering if Nmap will have a
project for GSOC 2019. I am looking to apply to GSOC next summer and would love to apply to Nmap if there is a project
available! However I did not see an Nmap project from GSOC 2018 so I was wondering if there is going to be any more
GSOC Nmap projects in the future? Any info is very much appreciated!

Much...

Re: Re: New script for brute-force discovery passwords and users in CMS Made Simple in version 2.2.6 George Chatzisofroniou (Aug 20)
I personally favor the extension of current NSE functionality. Instead
of iterating through the `known_apps` table, we can introduce an
argument `--http-form-brute.app` that will assume the target
installation. Extending `http-form-brute` to support a two-step login
process would be a great addition that could work against other
applications too.

George

mysql-dump-hashes.nse compatibility patch (v5.7) Robbe Van der Gucht (Aug 19)
Hi all,

authentication_string and the password field is no longer present.
Because of this the mysql-dump-hashes.nse script doesn't work any more
against recent MySQL server installations. Attached you'll find my
proposed fix.

The patch is a simple fall back. If the first query referring to the
the 'password' field fails it will attempt to use the
'authentication_string' field.

I tested this fix against MySQL...

Network World Christian Heinrich (Aug 17)
https://www.networkworld.com/article/3296740/lan-wan/what-is-nmap-why-you-need-this-network-mapper.amp.html

[no subject] istanbul istanbul (Aug 14)

Re: Nmap Defcon Dinner Invitation! TONIGHT! Phil Young (Aug 11)
Is it too late to get in to dinner

Re: Re: New script for brute-force discovery passwords and users in CMS Made Simple in version 2.2.6 Artur Kielak (Aug 11)
Hi George

Thanks for feedback. Sorry for answering so late.

CMS Made Simple after first request(post) return with specific cookies that are needed to second request (get) and then
if we have response containing specific pattern then we could say that login is success.
I tested http-form-brute for made simple but it works differently from http-cmsmadesimple-brute.nse. In second request
(get) must add specific cookie and append to request(get)...

Re: Halcyon - An IDE for NSE development Sanoop Thomas (Aug 11)
Thanks David for the shout out. Means a lot :-)

If anyone is here, ping me up. I'm more than happy to meet up and discuss
about how I can improvise the tool and help nse dev community.

Happy Defcon

Re: Problem with writing NSE scripts in Lua Gisle Vanem via dev (Aug 11)
J A wrote:

No, I do not think so. In an "external run" of Lua, a 'require "nmap"'
would mean load a dynamic library call nmap.so / nmap.dll. Alternatively
a 'nmap.lua' that does similar things.

Since Nmap has created such a module (or package?) internally for
itself, it's not needed by a 'require' externally. Could be a hazard
if this was possible. Ref, nse_mainc.cc + init_main() that calls...

Nmap Defcon Dinner Invitation! TONIGHT! Fyodor (Aug 11)
Hey folks! Sorry it is last minute, but we're hosting an Nmap developer
dinner tonight at 6:30pm and I wanted to invite any community members who I
might not already know are here at Defcon. The dinner is at 6:30pm TODAY
(Saturday), and the only qualifying rule is that you have to be listed at
least once on the Nmap Changelog (https://nmap.org/changelog.html).

Let me know if you can make it and I'll send you the full details. Please...

Problem with writing NSE scripts in Lua J A (Aug 11)
Hello,

I'm trying to use Lua to develop NSE scripts and other programs using
nmaps' collection of Lua files (e.g. stdnse.lua).
However, every time I go to import/load/*require* a particular file or
module so I can use its functions, I keep running into the errors around
the existence of nmap.lua.
I have installed, multiple times, the latest version of nmap from GitHub,
and copied the contents of the nselib directory to the appropriate...

Re: Halcyon - An IDE for NSE development David Fifield (Aug 10)
For those at Def Con, I noticed Sanoop is scheduled to do a demo of
Halcyon tomorrow (Saturday 2018-08-11) starting at 10:00.
https://defcon.org/html/defcon-26/dc-26-demolabs.html#Halcyon

[NSE] RFC: range in ipOps.lua nnposter (Jul 29)
Providing visibility into a proposed change in ipOps.lua: "range" that
is specified via CIDR notation would be treated as starting with the
first IP address of the corresponding CIDR block, not with the IP
address in the CIDR expression.

Details at https://github.com/nmap/nmap/issues/1285

Please let me know if you have any concerns over the change.

Cheers,
nnposter

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.

Nmap 7.70 released! Better service and OS detection, 9 new NSE scripts, new Npcap, and much more. Fyodor (Mar 20)
Nmap Community,

We're excited to make our first Nmap release of 2018--version 7.70! It
includes hundreds of new OS and service fingerprints, 9 new NSE scripts
(for a total of 588), a much-improved version of our Npcap windows packet
capturing library/driver, and service detection improvements to make -sV
faster and more accurate. And those are just a few of the dozens of
improvements described below.

Nmap 7.70 source code and binary...

Nmap GSoC 2017 Success Reports Fyodor (Oct 10)
Hello Nmap Community,

Nmap celebrated its 20th birthday last month and we also just completed our
13th Google Summer of Code. We focused on a fairly small team of four
students this year (http://seclists.org/nmap-announce/2017/2), and I'm
happy to report that every one passed! And they all have code integrated
into Nmap 7.60 already, with even more to follow for the next release.
Also this year, for the first time, every student wrote a...

Nmap 7.60 released! SSH support, SMB2/SMB3 improvements, 14 more scripts, new Npcap, GSoC work, and more Fyodor (Aug 01)
Hello everyone. I'm back from Defcon and excited to announce the new Nmap
7.60 release! It has only been a month and a half since 7.50, but we still
packed a lot into this one. Mostly because we have such an awesome GSoC
team of 8 students and mentors working on so many cool projects. The
program hasn't even ended yet, but much of their work has already been
integrated into this release.

One of the things I'm most excited...

Nmap 7.50 Released! 14 new NSE scripts, 300+ fingerprints, new Npcap, and more Fyodor (Jun 13)
Dear Nmap Community:

The Nmap project is delighted to announce the release of Nmap 7.50! It is
our first big release since last December and has hundreds of improvements
that we hope you will enjoy.

One of the things we have been worked the hardest on recently is our Npcap
packet capturing driver and library for Windows (https://nmap.org/npcap/).
It is a replacement for WinPcap, which served us well for many years, but
is no longer maintained....

Introducing the 2017 Nmap/Google Summer of Code Team! Fyodor (May 18)
Nmap community:

Thanks for all of your applications and referrals of talented students to
the Summer of Code program. Google has agreed to sponsor four students to
spend this summer enhancing the Nmap Security Scanner and I'm proud to
introduce our 2017 team! We normally mentor coders working all over the
Nmap/Zenmap/Ncat/Nping spectrum, but this year we're doubling down on the
Nmap Scripting Engine component. All four of our...

Nmap Project Seeking Talented Programmers for GSoC 2017 Fyodor (Mar 27)
Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're one...

Nmap GSoC 2016 Success Report Fyodor (Feb 07)
Happy belated new year from the Nmap Project! I'd like to take this
opportunity to send you the belated results from our 2016 Summer of Code
team. I was going to send them right after the program finished, but some
of the students were still finishing some great things so I decided to
wait. As you may recall from the team intro mail (
http://seclists.org/nmap-announce/2016/2), we had 5 students last year and
I'm happy to report that...

Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities secure (Aug 28)
DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities

Dell EMC Identifier: DSA-2018-128

CVE Identifier: CVE-2018-11054, CVE-2018-11055, CVE-2018-11056, CVE-2018-11057, CVE-2018-11058

Severity: High

Severity Rating: View details below for individual CVSS Score for each CVE.

Affected Products:

RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (CVE-2018-11056, CVE-2018-11058)
RSA...

CVE-2018-12710 Kevin R (Aug 27)

Re: Jetty 6.1.6 Cross-Site Scripting (XSS) Simon Waters (Aug 24)
The demise of the MortBay and Codehaus websites doesn't help, this isn't
the sort of forensics I expected to do.

https://web.archive.org/web/20090709110650/http://jira.codehaus.org/browse/JETTY-980

Suggests semicolon after any directory listing, led to inclusion of the
text after into the document.

echo -e "GET /cometd/dijit/;<script>alert(document.title);</script>
HTTP/1.0\n\n" | nc 127.0.0.1 8080

The patch...

Re: Jetty 6.1.6 Cross-Site Scripting (XSS) Simon Waters (Aug 24)
Is this CVE-2009-1524? If so fixed in 6.1.17, April 2009.

DSA-2018-132: RSA NetWitness Platform Server-Side Template Injection Vulnerability secure (Aug 24)
DSA-2018-132: RSA NetWitness Platform Server-Side Template Injection Vulnerability

Dell EMC Identifier: DSA-2018-132

CVE Identifier: CVE-2018-11061

Severity Rating: CVSS v3 Base Score: 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)

Severity: Critical

Affected Products:

RSA NetWitness Platform versions prior to 11.1.0.2
RSA Security Analytics versions prior to 10.6.6

Summary:

RSA NetWitness Platform contains fixes for a server-side template...

DSA-2018-144: RSA Archer SQL Injection Vulnerability within embedded WorkPoint component secure (Aug 24)
DSA-2018-144: RSA Archer SQL Injection Vulnerability within embedded WorkPoint component

Dell EMC Identifier: DSA-2018-144

CVE Identifier: CVE-2018-11065

Severity Rating: CVSS:3 Base Score: 2.7 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Severity: Low

Affected Products:
* RSA Archer versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4.0.1

Summary:
RSA Archer contains a fix for a SQL injection vulnerability, in...

Couchbase Server - Remote Code Execution x ksi (Aug 24)
Hey,

Description:
Couchbase Server [1] exposes REST API [2] which by default is
available on TCP/8091 and/or TCP/18091.
Authenticated users can send arbitrary Erlang code to 'diag/eval'
endpoint of the API. The code will be subsequently executed in the
underlying operating system with privileges of the user which was used
to start Couchbase.
The 'diag/eval' endpoint was found to be referenced in the official
documentation...

Mutiny Monitoring Appliance < 6.1.0-5263 - Command Injection (CVE-2018-15529) Reggie Dodd (Aug 24)
[Title]
Mutiny Monitoring Appliance < 6.1.0-5263 - Command Injection
(CVE-2018-15529)

[Product]
Mutiny Monitoring Appliance
https://www.mutiny.com/

[CVE]
CVE-2018-15529

[Credit]
Reginald Dodd

[Description]
A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring
Appliance" before 6.1.0-5263 allows authenticated users, with access to the
admin interface, to inject arbitrary commands within the filename of a...

Re: Jetty 6.1.6 Cross-Site Scripting (XSS) 1n3--- via Fulldisclosure (Aug 24)
Nice find! I figured as much, but good to see there's a patch out
there somewhere...

It's likely CVE-2009-1524, but the description is vague and no public
PoC was released as far as I can tell.

The demise of the MortBay and Codehaus websites doesn't help, this
isn't the sort of forensics I expected to do.

https://web.archive.org/web/20090709110650/http://jira.codehaus.org/browse/JETTY-980

Suggests semicolon after any...

Re: Jetty 6.1.6 Cross-Site Scripting (XSS) 1n3--- via Fulldisclosure (Aug 24)
It's likely CVE-2009-1524, but the description is vague and no public
PoC was released as far as I can tell.

Title: Jetty 6.1.6 Cross-Site Scripting
Date: 8/14/2018
Author: 1N3@CrowdShield - https://crowdshield.com
Software Link: http://www.mortbay.org/jetty/
Tested on: Jetty 6.1.6 (other versions may also be vulnerable)
CVE: N/A
Background: Jetty 6.1.6 is vulnerable to Cross-Site Scripting (XSS)
which allows an attacker to inject...

Seagate Media Server multiple SQL injection vulnerabilities Summer of Pwnage via Fulldisclosure (Aug 22)
------------------------------------------------------------------------
Seagate Media Server multiple SQL injection vulnerabilities
------------------------------------------------------------------------
Yorick Koster, September 2017

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
Seagate Personal Cloud is a consumer-grade...

Defense in depth -- the Microsoft way (part 57): all the latest MSVCRT installers allow escalation of privilege Stefan Kanthak (Aug 21)
Hi @ll,

about 6 weeks ago, Microsoft updated their MSKB article
<https://support.microsoft.com/en-us/help/2977003/the-latest-supported-visual-c-downloads>,
listing the current/lastest downloads of their MSVCRT alias
Microsoft Visual C++ Redistributable for Visual Studio 201x

Guess what Microsoft used to build the executable installers
offered on that page: COMPLETELY outdated versions 3.7.3813.0
(and before) of Wix Toolset, which NOBODY...

RESPONSIVE filemanager Simon Uvarov via Fulldisclosure (Aug 21)
The following vulnerabilities were fixed in the version 9.13.4.
https://responsivefilemanager.com

#1 Path Traversal Allows to Read Any File

Reserved CVE: CVE-2018-15535
Discovered By: Simon Uvarov
Vendor Status: Fixed

Details:

The following request allows a user to read any file on the system.

GET
/filemanager/ajax_calls.php?action=get_file&sub_action=preview&preview_mode=text&title=source&file=../../../../etc/passwd...

Re: Full Disclosure - Responsive File Manager Silton Renato (Aug 21)
I contacted the developer warning of the vulnerability, but he did not
respond. I released full disclosure, he had already released the update. I
found manually checking yes

Em Sáb, 11 de ago de 2018 13:52, Henri Salo <henri () nerv fi> escreveu:

DSA-2018-132: RSA NetWitness Platform Server-Side Template Injection Vulnerability Dell EMC Product Security Response Center (Aug 21)
DSA-2018-132: RSA NetWitness Platform Server-Side Template Injection Vulnerability

Dell EMC Identifier: DSA-2018-132

CVE Identifier: CVE-2018-11061

Severity Rating: CVSS v3 Base Score: 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)

Severity: Critical

Affected Products:

RSA NetWitness Platform versions prior to 11.1.0.2
RSA Security Analytics versions prior to 10.6.6

Summary:

RSA NetWitness Platform contains fixes for a server-side template...

Other Excellent Security Lists

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

[CVE-2018-15877] Plainview Activity Monitor RCE Lydéric LEFEBVRE (Aug 27)
About:
===========
Component: Plainview Activity Monitor (Wordpress plugin)
Vulnerable version: 20161228 and possibly prior
Fixed version: 20180826
CVE-ID: CVE-2018-15877
CWE-ID: CWE-78
Author:
- Lydéric Lefebvre (https://www.linkedin.com/in/lydericlefebvre)

Timeline:
===========
- 2018/08/25: Vulnerability found
- 2018/08/25: CVE-ID request
- 2018/08/26: Reported to developer
- 2018/08/26: Fixed version
- 2018/08/26: Advisory published on...

[CVE-2018-15877] Plainview Activity Monitor RCE Lydéric LEFEBVRE (Aug 27)
About:
===========
Component: Plainview Activity Monitor (Wordpress plugin)
Vulnerable version: 20161228 and possibly prior
Fixed version: 20180826
CVE-ID: CVE-2018-15877
CWE-ID: CWE-78
Author:
- Lydéric Lefebvre (https://www.linkedin.com/in/lydericlefebvre)

Timeline:
===========
- 2018/08/25: Vulnerability found
- 2018/08/25: CVE-ID request
- 2018/08/26: Reported to developer
- 2018/08/26: Fixed version
- 2018/08/26: Advisory published on...

[SYSS-2018-010] Dojo Toolkit - dojox.grid.DataGrid editing XSS Moritz Bechler (Aug 27)
Advisory ID: SYSS-2018-010
Product: Dojo Toolkit
Manufacturer: JS Foundation
Affected Version(s): 1.13
Tested Version(s): 1.13, 1.10.7
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: Fixed
Manufacturer Notification: 2018-07-02
Solution Date: 2018-10-13
Public Disclosure: 2018-10-24
CVE Reference: CVE-2018-15494
Author of Advisory: Moritz Bechler, SySS GmbH...

Couchbase Server - Remote Code Execution x ksi (Aug 24)
Sender: s3810 () pjwstk edu pl
Subject: Couchbase Server - Remote Code Execution
Message-Id: <CAN10O-YorWdFmOh6kZDG1=R6+S5GQTQbSQms0DGjR8pDhr2MFQ () mail gmail com>
Recipient: Lanware.Security () lanware co uk

Couchbase Server - Remote Code Execution x ksi (Aug 24)
Sender: s3810 () pjwstk edu pl
Subject: Couchbase Server - Remote Code Execution
Message-Id: <CAN10O-YorWdFmOh6kZDG1=R6+S5GQTQbSQms0DGjR8pDhr2MFQ () mail gmail com>
Recipient: Lanware.Security () lanware co uk

Couchbase Server - Remote Code Execution x ksi (Aug 23)
Hey,

Description:
Couchbase Server [1] exposes REST API [2] which by default is
available on TCP/8091 and/or TCP/18091.
Authenticated users can send arbitrary Erlang code to 'diag/eval'
endpoint of the API. The code will be subsequently executed in the
underlying operating system with privileges of the user which was used
to start Couchbase.
The 'diag/eval' endpoint was found to be referenced in the official
documentation...

Seagate Media Server multiple SQL injection vulnerabilities Summer of Pwnage (Aug 23)
------------------------------------------------------------------------
Seagate Media Server multiple SQL injection vulnerabilities
------------------------------------------------------------------------
Yorick Koster, September 2017

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
Seagate Personal Cloud is a consumer-grade...

[SECURITY] [DSA 4279-2] linux regression update Salvatore Bonaccorso (Aug 23)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4279-2 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
August 22, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : linux
Debian Bug : 906769

The security update...

[ANN] CVE-2018-11776 Apache Struts 2.3 to 2.3.34 and 2.5 to 2.5.16 Yasser Zamani (Aug 22)
[CVEID]:CVE-2018-11776
[PRODUCT]:Apache Struts
[VERSION]:Apache Struts 2.3 to 2.3.34 and 2.5 to 2.5.16
[PROBLEMTYPE]:Remote Code Execution
[REFERENCES]:https://cwiki.apache.org/confluence/display/WW/S2-057
[DESCRIPTION]:Man Yue Mo from the Semmle Security Research team was
noticed that Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16
suffer from possible Remote Code Execution when using results with no
namespace and in same time, its upper...

[SECURITY] [DSA 4280-1] openssh security update Sebastien Delafond (Aug 21)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4280-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
August 22, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : openssh
CVE ID : CVE-2018-15473
Debian Bug :...

Mutiny Monitoring Appliance < 6.1.0-5263 - Command Injection (CVE-2018-15529) reggie . dodd30 (Aug 21)
[Title]
Mutiny Monitoring Appliance < 6.1.0-5263 - Command Injection (CVE-2018-15529)

[Product]
Mutiny Monitoring Appliance
https://www.mutiny.com/

[CVE]
CVE-2018-15529

[Credit]
Reginald Dodd

[Description]
A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows
authenticated users, with access to the admin interface, to inject arbitrary commands within the filename of a...

[slackware-security] libX11 (SSA:2018-233-01) Slackware Security Team (Aug 21)
[slackware-security] libX11 (SSA:2018-233-01)

New libX11 packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/libX11-1.6.6-i586-1_slack14.2.txz: Upgraded.
This update fixes some security issues:
Fixed crash on invalid reply (CVE-2018-14598).
Fixed off-by-one writes (CVE-2018-14599).
Fixed out of...

[SECURITY] [DSA 4279-1] linux security update Salvatore Bonaccorso (Aug 20)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4279-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
August 20, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : linux
CVE ID : CVE-2018-3620 CVE-2018-3646...

[CVE-2018-15528] Reflected XSS in Java System Solutions SSO Plugin 4.0.13.1 for BMC MyIT mamurch (Aug 20)
Title:
======

Reflected XSS in Java System Solutions SSO Plugin 4.0.13.1 for BMC MyIT

Description:
============

Reflected Cross-Site Scripting in Java System Solutions' BMC MyIT SSO Plugin version 4.0.13.1 was identified during a
penetration test. Other versions might be affected as well. A remote attacker can abuse this issue to inject
client-side scripts into the "select_sso()" function. The payload is triggered when the...

[slackware-security] ntp (SSA:2018-229-01) Slackware Security Team (Aug 19)
[slackware-security] ntp (SSA:2018-229-01)

New ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/ntp-4.2.8p12-i586-1_slack14.2.txz: Upgraded.
This release improves on one security fix in ntpd:
LOW/MEDIUM: Sec 3012: Sybil vulnerability: ephemeral association attack
While fixed in...

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

Re: Voting Village at Defcon Dave Aitel (Aug 25)
https://www.propublica.org/article/defcon-teen-did-not-hack-a-state-election

The whole thing was a sham. I know darktangent is on this list. Something
to think about for next year ...

-dave

Re: Cymothoa Exigua " (Aug 24)
I think it is worth noting that she claims multiple people felt the same
way and expressed similar independent opinions before she synthesized them
for a wider audience. What that probably means is that such comments are
not her feelings alone. What IS clear is that crypto technology is a double
edged sword and you must choose which edge of the blade you wish to wield.

Re: Voting Village at Defcon Chris Eng (Aug 23)
What even is the point of setting up “replica websites” that are only replicas in the sense that they ostensibly
perform the same function as the real sites, but otherwise do not share common code/technology and are essentially
known sacrificial sites with security bugs intentionally placed in them?

We know how much of the media operates. Did this coverage surprise anybody? Especially with quotes like this:

“These websites are so easy...

Cymothoa Exigua Dave Aitel (Aug 23)
The world is full of horrors, and one of those is Cymothoa Exigua
<https://www.google.com/search?q=fish+tongue+parasite&safe=off&source=lnms&tbm=isch&sa=X&ved=0ahUKEwi4vtLso4PdAhUGq1kKHen0D9oQ_AUICigB&biw=1440&bih=809>.
Another one of those, is groups of people who think they, somehow, have
cracked the code to developing technology in an "ethical" way, and if you
just obeyed them, everything would be...

Re: Voting Village at Defcon Kevin T. Neely (Aug 23)
Sure, it's SQLi, but I'm not sure why you'd minimize her effort. According
to the village's Twitter account, she changed the vote tallys from a
replica of the site. https://twitter.com/VotingVillageDC It would be nice
if the media reported on the recommendations that come from the findings,
but we all know that's not how the media operates.

K

Re: information operations efforts and data carving Jukka Ruohonen (Aug 23)
This was a good take on things. I generally also applaud the constructive
criticism instead of the ranting strategy...

But it is still social media. Now I've seen quite a few papers recently
about vulnerabilities viz. Twitter. Some of these are relevant; there have
been some information leakages about things I consider relevant myself
(i.e., open source). But now people are attaching the "zero-day" label to
their papers, which...

Hammerhead repost for Halvar Dave Aitel (Aug 13)
From:
https://web.archive.org/web/20040131120103/http://www.immunitysec.com:8010/29/2002
- Fishing for Obscurity

Some sharks and fish have a unique sixth sense – they can generate and
detect electrical fields, even minute ones. According to the font of all
natural knowledge, the Discovery channel (as opposed to Dawson's Creek, the
font for all social knowledge), a hammer head shark's funny looking head is
actually a voltmeter of...

Voting Village at Defcon Dave Aitel (Aug 13)
https://www.usatoday.com/story/tech/nation-now/2018/08/13/11-year-old-hacks-replica-florida-election-site-changes-results/975121002/

So I don't know a ton about the details of voting machines, but I'm pretty
sure what happened at the DEFCON voting village is not being represented at
all accurately in the media, and I'm curious why nobody in the community is
pushing back on it, specifically I think we have a duty not to be used as...

information operations efforts and data carving Dave Aitel (Aug 09)
Previously Unreleased Work:
https://docs.google.com/presentation/d/1tMlJvnUv_Qbh5mx2RYbyuTHTHr9c9ShIKBzz_JDGn_s/edit?usp=sharing
Paper on the 3M Tweets from Clemson:
https://www.cyxtera.com/blog/data-carving-the-internet-research-agency-tweets

So what you see a lot in some papers is this sort of thing (this one is
from the original Clemson paper):
[image: image.png]I always get flashbacks of that XKCD Correlation vs
Causation comic <...

FINAL CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018 Branco, Rodrigo (Aug 09)
CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018

[ - Introduction - ]

It is a pleasure to invite you to submit abstracts to iSecCon 2018, the annual Security Conference at Intel.

This prestigious conference aims to bring together esteemed speakers from the industry, government and academia to
share knowledge and leading-edge ideas about security and related topics. This is an
excellent opportunity to network with like-minded people...

Assessment Dave Aitel (Jul 20)
So soon after the Immunity deal closed we had this big all hands conference
call with everyone in the larger Cyxtera group on it, and Chris Day, who
runs the group I'm in, said, "Hey Dave, can you give everyone a quick
rundown as to what Immunity is, now that we're all one big team?" and I'll
be honest, I totally bombed.

Immunity has never done corporate verbiage. There's a tendency to be
extremely bland and generic...

Capstone disassembler framework v3.0.5 is out! Nguyen Anh Quynh (Jul 20)
Greetings,

We are very happy to announce version 3.0.5 of Capstone disassembler
framework!

In no particular order, we would like to thank CrowdStrike, CMC Infosec &
Jurriaan Bremer for sponsoring this release!

This stable version fixes some security issues in the core, as well as many
improvements, so existing users are strongly recommended to upgrade.

More details are available at http://capstone-engine.org/Version-3.0.5.html

(For those...

Peach season Dave Aitel (Jul 13)
As Ryan Naraine has pointed out I never did an announcement on this mailing list when Cyxtera<https://www.cyxtera.com>
and Immunity finally closed our deal. Partially that's because these things are in some ways anti-climactic, and
partially because I and a lot of the team at Immunity immediately went on a binge of experimenting with various large
toolkits we'd never had access to before.

For example, this one:...

CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018 Branco, Rodrigo (Jul 09)

SAINTCON 2018 CFP - Sep 25-28, Provo Utah Troy Jessup (Jun 12)
SAINTCON 2018 - Call for Papers

INTRODUCTION
SAINTCON is Utah's best annual Security Conference and Training Event. The Conference spans 4 days and includes a
large variety of content and events making it very diverse and covers a large variety of security related areas of
interest. SAINTCON is a community conference administered by the Utah Chapter of the Security Advisory and Incident
Network Team (UtahSAINT).

Site:...

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

Microsoft Security Advisory Notification Microsoft (Aug 24)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: August 24, 2018
********************************************************************

Security Advisories Released or Updated on August 24, 2018
===================================================================

* Microsoft Security Advisory ADV180018

- Title: Microsoft guidance to mitigate L1TF variant
-...

Microsoft Security Update Releases Microsoft (Aug 21)
********************************************************************
Title: Microsoft Security Update Releases
Issued: August 21, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2018-8273

Revision Information:
=====================

- CVE-2018-8273 | Microsoft SQL Server Remote Code Execution
Vulnerability
-...

Microsoft Security Update Releases Microsoft (Aug 20)
********************************************************************
Title: Microsoft Security Update Releases
Issued: August 20, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2018-0952

Revision Information:
=====================

- CVE-2018-8273 | Diagnostic Hub Standard Collector Elevation of
Privilege Vulnerability
-...

Microsoft Security Advisory Notification Microsoft (Aug 15)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: August 15, 2018
********************************************************************

Security Advisories Released or Updated on August 15, 2018
===================================================================

* Microsoft Security Advisory ADV180002

- Title: Guidance to mitigate speculative execution side-channel...

Microsoft Security Update Releases Microsoft (Aug 15)
********************************************************************
Title: Microsoft Security Update Releases
Issued: August 15, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2018-8202
* CVE-2018-8284

Revision Information:
=====================

- CVE-2018-8202 | .NET Framework Elevation of Privilege
Vulnerability
-...

Microsoft Security Update Summary for August 14, 2018 Microsoft (Aug 14)
********************************************************************
Microsoft Security Update Summary for August 14, 2018
Issued: August 14, 2018
********************************************************************

This summary lists security updates released for August 14, 2018.

Complete information for the August 2018 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>.

Critical Security...

Microsoft Security Advisory Notification Microsoft (Aug 14)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: August 14, 2018
********************************************************************

Security Advisories Released or Updated on August 14, 2018
===================================================================

* Microsoft Security Advisory ADV180018

- Title: Microsoft guidance to mitigate L1TF variant
-...

Microsoft Security Advisory Notification Microsoft (Aug 08)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: August 8, 2018
********************************************************************

Security Advisories Released or Updated on August 8, 2018
===================================================================

* Microsoft Security Advisory ADV180012

- Title: Microsoft Guidance for Speculative Store Bypass
-...

Microsoft Security Advisory Notification Microsoft (Aug 01)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: August 1, 2018
********************************************************************

Security Advisories Released or Updated on August 1, 2018
===================================================================

* Microsoft Security Advisory ADV180002

- Title: Guidance to mitigate speculative execution side-channel...

Microsoft Security Update Releases Microsoft (Aug 01)
********************************************************************
Title: Microsoft Security Update Releases
Issued: August 1, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2018-8172
* CVE-2018-8202

Revision Information:
=====================

- CVE-2018-8172 | Visual Studio Remote Code Execution
Vulnerability
-...

Microsoft Security Update Minor Revisions Microsoft (Aug 01)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: August1, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a minor revision increment:

* CVE-2018-8202 - Version 4.1
* CVE-2018-8284 - Version 2.2
* CVE-2018-8356 - Version 3.1

Revision Information:
=====================

-...

Microsoft Security Advisory Notification Microsoft (Jul 27)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: July 26, 2018
********************************************************************

Security Advisories Released or Updated on July 26, 2018
===================================================================

* Microsoft Security Advisory ADV180012

- Title: Microsoft Guidance for Speculative Store Bypass
-...

Microsoft Security Update Releases Microsoft (Jul 26)
********************************************************************
Title: Microsoft Security Update Releases
Issued: July 26, 2018
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment:

* CVE-2018-8202

Revision Information:
=====================

- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reason for Revision: Microsoft is aware of...

Microsoft Security Update Releases Microsoft (Jul 24)
********************************************************************
Title: Microsoft Security Update Releases
Issued: July 24, 2018
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment:

* CVE-2018-8308

Revision Information:
=====================

- https://portal.msrc.microsoft.com/en-us/security-guidance/
advisory/CVE-2018-8308
- Reason for...

Microsoft Security Update Releases Microsoft (Jul 19)
********************************************************************
Title: Microsoft Security Update Releases
Issued: July 19, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2018-8202
* CVE-2018-8260
* CVE-2018-8284
* CVE-2018-8356

Revision Information:
=====================

-...

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

Verizon: 1.5M of Contact Records Stolen, Now on Sale Jeffrey Walton (Mar 26)
http://www.mobipicker.com/verizon-1-5m-contact-records-stolen-now-sale/:

A business to business telecommunication giant,
Verizon Enterprise Solutions, a Basking Ridge,
New Jersey-based company, has been the latest
victim of a cyber crime that stole 1.5 million contact
records of the customers of Verizon...

I don't quite understand this double talk. Could someone explain to me:

A spokesperson from Verizon said that...

Statement on Lavabit Citation in Apple Case Jeffrey Walton (Mar 16)
(From John Young on another list):
http://www.facebook.com/KingLadar/posts/10156714933135038

As many of you already know, the government cited the Lavabit case in
a footnote. The problem is their description insinuates a precedent
that was never created. Obviously I was somewhat disturbed by their
misrepresentation. So I decided to draft a statement. And keep in
mind, these are the same people who say "trust us." Click continue to
read...

The NSA's back door has given every US secret to our enemies Jeffrey Walton (Feb 29)
http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2

Deng Xiaoping, in 1979 - his second year as supreme leader of China -
perceived a fundamental truth that has yet to be fully grasped by most
Western leaders: Software, if properly weaponized, could be far more
destructive than any nuclear arsenal.

Under Deng’s leadership, China began one of the most ambitious and
sophisticated meta- software...

Can Spies Break Apple Crypto? Jeffrey Walton (Feb 27)
Here's an interesting exchange between Cryptome and Michael Froomkin,
Law Professor at University of Miami, on the All Writs Act
(http://cryptome.org/2016/02/can-spies-break-apple-crypto.htm):

-----

A. Michael Froomkin:

The factual posture in the key Supreme Court precedent, New York
Telephone, involved a situation where only the subject of the order
was capable of providing the assistance at issue. This is the basis
for Apple's...

The FBI's iPhone Problem: Tactical vs. Strategic Thinking Jeffrey Walton (Feb 23)
http://www.technewsworld.com/story/83130.html

I'm an ex-sheriff, and I've been in and out of security jobs for much
of my life, so I've got some familiarity with the issues underlying
the drama between the FBI and Apple. FBI officials -- and likely those
in every other three-letter agency and their counterparts all over the
world -- would like an easier way to do their jobs. Wouldn't we all?

If they could put cameras in...

Wanted: Cryptography Products for Worldwide Survey Jeffrey Walton (Jan 01)
(http://www.schneier.com/crypto-gram/archives/2015/1215.html):

In 1999, Lance Hoffman, David Balenson, and others published a survey
of non-US cryptographic products. The point of the survey was to
illustrate that there was a robust international market in these
products, and that US-only export restrictions on strong encryption
did nothing to prevent its adoption and everything to disadvantage US
corporations. This was an important contribution...

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

Re: Travis CI MITM RCE Daniel Kahn Gillmor (Aug 28)
This is great advice, and not just for builds/CI configuration.

I made a similar suggestion recently to clean up the starttls-everywhere
datafile updater:

https://github.com/EFForg/starttls-everywhere/pull/65/commits/eb0a28e3fa141d4fb445c00df3ab7f3765ded859

In some ways, the keyserver network has done the OpenPGP community a
disservice, by encouraging OpenPGP users to refer to keys by
fingerprints (or even worse, by key IDs). While this...

Re: Linux kernel: CVE-2018-14619 kernel: crash (possible privesc) in kernel crypto subsystem. Greg KH (Aug 28)
Heh, ok, fair enough, thanks for being honest :)

greg k-h

Re: Linux kernel: CVE-2018-14619 kernel: crash (possible privesc) in kernel crypto subsystem. Florian Weimer (Aug 28)
We have shipped supported kernels with this vulnerability.

But the real reason why I want this fixed is that the Python 3 test
suite triggers this bug and panics some of our RPM builders. 8-/

Thanks,
Florian

Re: CVE-2018-10938: Linux kernel: net: infinite loop in net/ipv4/cipso_ipv4.c:cipso_v4_optptr() allows a remote DoS Greg KH (Aug 28)
To be more specific here (as I complained about the other CVE report for
the kernel a minute ago), this means currently the 3.18.y, 4.4.y, and
4.9.y kernels are vulnerable to this problem. I'll go backport the
patch above now to those trees and it will be included in the next
releases of these kernel trees later this week.

Thanks for posting this here, it is helpful, and I appreciate it.

greg k-h

Re: Linux kernel: CVE-2018-14619 kernel: crash (possible privesc) in kernel crypto subsystem. Greg KH (Aug 28)
Are we seriously now going to be assigning cves to everything that
syzbot finds? If so, great, this is going to be fun!

If not, why this specific patch? What makes it specia from the hundreds
of other syzbot finds that have been fixed (and not fixed yet)? This
seems like an odd choice, given:

So this was introduced in 4.14 which was released Nov 12, 2017, and
fixed in 4.14.8 which was released on Dec 20, 2017. A very small
window,...

CVE-2018-15746 Qemu: seccomp: blacklist is not applied to all threads P J P (Aug 28)
Hello,

An issue was found in the way QEMU implements Seccomp sandboxing. In that, all
QEMU threads are not bound by the sandbox. A guest user/process maybe be able
to use this flaw to crash a guest resulting in DoS.

Upstream patch:
---------------
-> https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg04892.html

Reference:
----------
-> https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg02289.html...

Re: Linux kernel: FS_IOC_FSSETXATTR will lead to EXT4-fs shut down Xiami (Aug 28)
Your ioctl command 0x8004587d is exactly EXT4_IOC_SHUTDOWN defined in fs/ext4/ext4.h

Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Marcus Meissner (Aug 28)
Hi,

I had 4 CVEs assigned yesterday afternoon already working from CERTs list,
see inline comments below. Please adjust if something is incorrect in them.

CERT has mailed overnight that they will take care of the CVE assignment, so
I am defering the rest to them.

Ciao, Marcus

CVE-2018-15910

CVE-2018-15909

CVE-2018-15908

CVE-2018-15911

Linux kernel: FS_IOC_FSSETXATTR will lead to EXT4-fs shut down 张洪睿 (Aug 28)
Hello：
when I fuzz，I found the kernel will always no output from machine, and error FS_IOC_FSSETXATTR contribute to
this.

the syzlog is as below:

r0 = creat(&(0x7f0000000140)='./file0\x00', 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x8004587d, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x8})

the poc will show like this:

#define _GNU_SOURCE

#include <endian.h>
#include <stdint.h>
#include...

Re: Another OpenSSH "user enumeration" Marcus Meissner (Aug 28)
Hi,

Mitre has assigned CVE-2018-15919

Ciao, Marcus

Linux kernel: CVE-2018-14619 kernel: crash (possible privesc) in kernel crypto subsystem. Wade Mealing (Aug 27)
Gday,

Syzkaller/syzbot found a use-after-free bug in the cryptographic
subsystem of the Linux kernel [1], that can be used to panic the
system and possibly escalate privileges.

The bug was introduced in commit 72548b093ee3, and has been addressed
in b32a7dc8aef1882fbf983eb354837488cc9d54dc, a reproducer is available
on the tail end of syzbots email to kernel list (
https://lkml.org/lkml/2017/11/27/866 ). Most RHEL kernels are not
affected as...

Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Perry E. Metzger (Aug 27)
On Mon, 27 Aug 2018 16:02:46 -0700 Tavis Ormandy <taviso () google com>
wrote:

They also claimed "Artifex Software is pleased to report that the
recently disclosed security vulnerabilities in Ghostscript have been
resolved.", which, even if they were all patched in their git
repository, which they don't seem to all be, would still not really
be true given the lack of an actual release.

If someone would put a git repo onto...

Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 27)
Here is an update, Artifex made a press release
<https://www.darkreading.com/prnewswire2.asp?rkey=20180824UN89145&filter=3930>
listing
some necessary commits, but the list was incomplete.

Here is a list of relevant commits I'm aware of so far, some issues are
still open with working exploits available. It's my understanding that no
new release is planned until late September, and vendors need to either
ship a git snapshot...

Another "user enumeration" in Dropbear sjw (Aug 27)
Hi

Due the high interests in CVE-2018-15473 ("user enumeration" in
OpenSSH), people may also notice CVE-2018-15599 [1] in Dropbear (popular
on IoT/initramfs).
The issue seems to be very similar. A patch [2] is already available,
but no new releases so far.

Best regards

[1] http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002108.html
[2] https://secure.ucc.asn.au/hg/dropbear/rev/5d2d1021ca00

Another OpenSSH "user enumeration" Qualys Security Advisory (Aug 27)
Hi all,

On August 24, 2018, we sent the following email to openssh () openssh com
and distros () vs openwall org. About the disclosure of this issue, Solar
Designer wrote "I'd be even happier with it being made public right away
if that's OK with both the OpenSSH team and Qualys", and Theo de Raadt
wrote "More than reporting to us, I urge you to publish it"; for a
detailed explanation, please refer to Damien...

Educause Security Discussion — Securing networks and computers in an academic environment.

Re: Trusted CI now accepting engagement applications for early 2019 AIS (Aug 28)
Are any of you opening up your campus to a vendor’s IP range so they can provide more rapid support should an outage
occur?

What is your security policy around such a configuration vs a client-specific VPN or IP-SEC tunnel?

From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Von Welch
Sent: Monday, August 27, 2018 9:47 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY]...

Trusted CI now accepting engagement applications for early 2019 Von Welch (Aug 27)
Dear Colleagues,

We are accepting applications for one-on-one engagements to be executed in January - June 2019. Applications are due
October 1, 2018. (Slots are limited and in demand, so this is a hard deadline!)

To learn more about the process and criteria, and to complete the application form, visit our site:

http://trustedci.org/application <http://trustedci.org/application>

During Trusted CI's first 5 years, we’ve...

Managed Security Services Scott Voelker (Aug 27)
Dear Colleagues,

Are any of you using a managed security service such as SecureWorks, Trustwave, etc.? If so...

Which MSS solution are you using?
Which specific services are you using them for?
Are you happy with the solution?
Why did you choose that specific vendor?
What considerations/ suggestions would you offer in hindsight?

Thank you,

Scott Voelker
Deputy-Director Information Security, IITS
Long Beach City College
4901 E. Carson Street,...

Re: OneDrive for Business "feature" Marden Paul (Aug 27)
There is also supposed to be a feature rolled out that permits the creation of a password for the ANYONE link type.

https://office-watch.com/2018/password-file-sharing-links-onedrive/

[https://office-watch.com/fredagg/uploads/password-protected-file-sharing-links-with-onedrive-microsoft-office-19037.png]<https://office-watch.com/2018/password-file-sharing-links-onedrive/>

Password Protected file sharing links with OneDrive
...<...

Re: OneDrive for Business "feature" Childs, Aaron (Aug 27)
Good Afternoon Michael,

It is a configurable option. If you go to https://admin.onedrive.com/?v=SharingSettings you can change the external
sharing to "Only people in your organization"

Have a good day,
Aaron

Aaron Childs, Director

[cid:image006.jpg@01D2D928.B291E230]

Infrastructure Services
Information Technology Services
Wilson Hall - 577 Western Ave. Westfield MA 01086
P 413.572.5527 F 413.572.5615
aaron () westfield ma...

Re: OneDrive for Business "feature" Menne, Michael S (Aug 27)
I'm sure it's been a while and I've just discovered it. I'm not in the web interface of OD4B much. I prefer the sync
client and thick apps.

I don't see any option to turn this feature off. I can change its behavior slightly and make it less permissive. The
default is to share with anyone. Changing this to share with specific people might be acceptable.

My issue with the feature is that its default configuration...

Re: OneDrive for Business "feature" Michael Schalip (Aug 27)
I'm not sure that's going to qualify as a "bug". That capability has been available in O365/OneDrive for quite some
time now. However - I believe there are ways to control that behavior through the central console....

M

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Menne,
Michael S
Sent: Monday, August 27, 2018 10:53 AM
To: SECURITY () LISTSERV EDUCAUSE EDU...

OneDrive for Business "feature" Menne, Michael S (Aug 27)
FYI ... I just stumbled across a wonderful "helpful feature" in Office 365 OneDrive for Business.

Right click on a file in the web interface and select "Copy Link." Voila, that file has now been shared with anyone
that can discover the link. Unless you explicitly remove the link or change the sharing properties of the link, it has
now been shared with the world. I submitted a Service Request to Microsoft on this as a bug...

Position Opening: Manager of Security Engineering and Services Corn, Michael (Aug 24)
Hello folks,

I've just opened up a position in the security office here at UCSD. This position reports directly to the CISO and
helps lead the office - it is a peer of our IR and Threat Detection lead, and manages a staff of 6 engineers and
analysts. Great job, great team, great location - and beaches! We have beaches!
Drop me a note off list if you'd like more info,
thanks
MC...

Re: Information Security Training Jeff Choo (Aug 24)
We used SANS before. We are now using Lawroom.com/Everfi for their cybersecurity awareness training for the first time
as mandatory training for our faculty and staff. The feedback I am getting from faculty and staff is that they found
the training is very well done (which is positively rare coming from our faculty, generally, for our cybersecurity
training). The implementation is a bit of a hassle but just for that positive feedback, I...

Re: QRadar Walzer, Jeff R (Aug 24)
Scott,

Thx for the reply and information. Greatly appreciated.

Jeff

From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Scott Stoops
Sent: Friday, August 24, 2018 9:43 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] QRadar

We recently completed a PoC of QRadar. Our intent is to purchase it as soon as we can reasonably arrange the budget.
Things that affected our...

Re: QRadar John Ramsey (Aug 24)
We are pretty extensive QRadar shop now for about 5 years. We’re pretty satisfied and it’s a top of the line SIEM.
Like any SIEM though, there is some TLC required to ensure you’re pulling in the correct logs and tweaking alerts where
necessary.

John

John Ramsey, Chief Information Security Officer, National Student Clearinghouse
Certified: CISSP, CISM, PMP, CSSLP, CRISC, CGEIT
2300 Dulles Station Blvd., Suite 220, Herndon, VA 20171...

Re: QRadar Scott Stoops (Aug 24)
We recently completed a PoC of QRadar. Our intent is to purchase it as soon
as we can reasonably arrange the budget. Things that affected our decisions:

1) It is a single interface. All configuration and interaction is through
that single interface.
2) Initial set up was easy. Out of the box it is fairly chatty in terms of
the information it presents. We anticipate that the actual tuning will take
us quite some time.
3) The rules are very...

QRadar Walzer, Jeff R (Aug 24)
We are looking at QRadar and was looking for any feedback from any schools that have deployed it. Pros/cons, good/bad,
etc.

Thx
---------------------------------------------------------------------------
Jeff Walzer
Senior Security Analyst
Computing Services and Systems Development (CSSD)
University of Pittsburgh
315 S. Bellefield Ave., Rm 403
PGH, PA 15260
---------------------------------------------------------------------------

Re: Information Security Training Hiram Wong (Aug 22)
We use the Human Firewall module from this company
https://www.thesecurityawarenesscompany.com/ as training. It helps satisfy
our state's audit requirements. Pricing for just the Human Firewall module
is based off purchasing points from the company and buying modules and
other things ala carte.

Internet Issues and Infrastructure

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

Subsea Cable Status Map Experiment Update Mehmet Akcin (Aug 28)
Hello everyone,

I wanted to send a quick follow up email regarding the subsea cable status
map experiment which we have shared few months ago with NANOG community.

More details can be found here.
<https://mailman.nanog.org/pipermail/nanog/2018-June/096080.html> Nanog
lighting talk can be accessed here.
<https://www.youtube.com/watch?v=t5dzvZM0Hsk&feature=youtu.be&t=1311>

Based on the feedback we have collected from many...

Re: FCC: 2017 Atlantic Hurricane Season Impact on Communications Sean Donelan (Aug 27)
The Commission is still looking for nominations for its disaster response
and recovery working group. Any independent ISPs can nominate a
representative....

https://docs.fcc.gov/public/attachments/DA-18-837A1.pdf

The Federal Communications Commission (Commission) solicits nominations
for membership on a new Disaster Response and Recovery Working Group of
the Broadband Deployment Advisory Committee (BDAC). This new working group
will...

FCC: 2017 Atlantic Hurricane Season Impact on Communications Sean Donelan (Aug 27)
The FCC has published a report "2017 Atlantic Hurricane Season Impact on
CommunicationsReport and Recommendations."

It is a bit excessive on the back-slapping about the FCC's leadership.

No independent ISPs submitted comments to the Commission. Are there any
independent ISPs left in Puerto Rico or U.S. Virgin Islands?

https://docs.fcc.gov/public/attachments/DOC-353805A1.pdf

Some highlights...

V. LESSONS LEARNED AND NEXT...

Sprint Wireless Luke Guillory (Aug 27)
Anyone from Sprint on here that can help or direct me to a contact that can help with trunk issues into a tandem?
Running out of options trying to get them to sort of their issues for their customers.

Thanks
Luke

Ns

Re: YANG daemeon for Linux Eric Lindsjö (Aug 25)
What you want is probably sysrepo https://github.com/sysrepo/sysrepo

/Eric

Weekly Routing Table Report Routing Analysis Role Account (Aug 24)
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.

The posting is sent to APOPS, NANOG, AfNOG, SANOG, PacNOG, SAFNOG
TZNOG, MENOG, BJNOG, SDNOG, CMNOG, LACNOG, IRNOG and the RIPE Routing WG.

Daily listings are sent to bgp-stats () lists apnic net

For historical data, please see http://thyme.rand.apnic.net.

If you have any comments please contact Philip Smith...

Re: IPv6 Management Stan Barber (Aug 24)
I am with Owen here. If the IPv6 management is working and reliable,
maintaining the IPv4 management infrastructure should not be needed.

Certainly, the ability to get to "working and reliable" is going to depend
on a host of factors, but a good architecture and using best practices
during the deployment of the IPv6 network will make it easier.

Re: IPv6 Management Blake Hudson (Aug 24)
Agreed, lots of (relatively) old switches support IPv6 management
addresses without issue. My suggestion is to dedicate a nibble in your
IPv6 numbering plan for loopbacks/mgmt addresses, firewall access to
this nibble as necessary, and go to town.

Owen DeLong wrote on 8/23/2018 1:54 PM:

Microsoft - list of Azure DNS servers Ryan Finnesey (Aug 24)
I am looking for someone from Microsoft to contact me off list. I am looking for a complete list of Azure DNS
servers.

Cheers
Ryan

Re: IPv6 Management Owen DeLong (Aug 23)
I don’t see much difference between v6 management addresses and v4 management addresses when it comes to best practices.

I will say that if it were my network, I’d move everything internal-only that I could to IPv6 as quickly as possible,
freeing up those v4 addresses
for other purposes (or if GUA, possibly monetization while they’re still valuable).

Once you’ve got the ability to use IPv6 management addresses, what’s the point of...

IPv6 Management Justin Wilson (Aug 23)
We were having an interesting debate on IPV6 management on layer2 devices. Does anyone have a best practice
document they have seen for utilizing v6 Management addresses? I know Cisco has some extensive documentation on using
v6 on their wireless products.

I know everyone has thoughts so am interested in any best practices which have been presented to the community.
I haven’t worried about management access on layer2...

Re: Hurricane Lane: Catagory 5 storm forecast to sideswipe Hawaii Scott Weeks (Aug 22)
--- sean () donelan com wrote:
From: Sean Donelan <sean () donelan com>

Hurricane warnings have been issued for Hurricane
Lane, which strengthened to a catagory 5 storm on
Tuesday. The forecast cone of uncertainity shows
the path sideswiping Hawaii on Thursday.
-------------------------------------------

Yep, this one's closer than the other 2-3 weeks ago.
I thought about sending another 'dust off your DR
plan' for...

Re: NANOG Digest, Vol 127, Issue 16 Saymon Araújo (Aug 22)
- PRTG, it's realy easy to configure. Most of the senssors are SNMP of:
traffic/ping/cpu/memory and some senssors for servers like DNS and Radius,
etc.
- Zabbix, there's 2 things that made us use Zabbix, the first one it's
Zabbix Proxy, since the network it's geographical distribuited we need a
tool that provides us monitoring from another places with a low price. And
LLD that i use for monitoring BGP/OSPF sessions and prefix....

Pybatfish - Open source network validation SDK Ratul Mahajan (Aug 22)
Hey, folks -

Since many of you build and use tools for network validation, I wanted to
share a quick announcement.

We just released Pybatfish <http://github.com/batfish/pybatfish>, a Python
SDK for Batfish. As you may know, Batfish is an open source framework for
deep (semantic) validation in multi-vendor networks (which we presented at
NANOG65 <https://www.youtube.com/watch?v=sKApcGY6MxQ>).

Pybatfish will make it easy for you to...

New AS Number Block allocated to the RIPE NCC Ingrid Wijte (Aug 22)
Dear Colleagues,

The RIPE NCC has received the following AS Number Blocks from the IANA
on 20 August 2018:

207260-208283
208284-209307
209308-210331

You may want to update your records accordingly.

Best regards,

Ingrid Wijte
Registration Services Assistant Manager and Policy Development
RIPE NCC

Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

Risks Digest 30.81 RISKS List Owner (Aug 25)
RISKS-LIST: Risks-Forum Digest Saturday 25 August 2018 Volume 30 : Issue 81

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.81>
The current issue can also be...

Risks Digest 30.80 RISKS List Owner (Aug 18)
RISKS-LIST: Risks-Forum Digest Saturday 18 August 2018 Volume 30 : Issue 80

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.80>
The current issue can also be...

Risks Digest 30.79 RISKS List Owner (Aug 08)
RISKS-LIST: Risks-Forum Digest Wednesday 8 August 2018 Volume 30 : Issue 79

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.79>
The current issue can also be...

Risks Digest 30.78 RISKS List Owner (Aug 01)
RISKS-LIST: Risks-Forum Digest Wednesday 1 August 2018 Volume 30 : Issue 78

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.78>
The current issue can also be...

Risks Digest 30.77 RISKS List Owner (Jul 30)
RISKS-LIST: Risks-Forum Digest Monday 30 July 2018 Volume 30 : Issue 77

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.77>
The current issue can also be...

Risks Digest 30.76 RISKS List Owner (Jul 20)
RISKS-LIST: Risks-Forum Digest Friday 20 July 2018 Volume 30 : Issue 76

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.76>
The current issue can also be...

Risks Digest 30.75 RISKS List Owner (Jul 14)
RISKS-LIST: Risks-Forum Digest Saturday 14 July 2018 Volume 30 : Issue 75

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> and
<http://catless.ncl.ac.uk/Risks/30.75>
The current issue can also be...

Risks Digest 30.74 RISKS List Owner (Jul 05)
RISKS-LIST: Risks-Forum Digest Thursday 5 July 2018 Volume 30 : Issue 74

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.74>
The current issue can also be...

Risks Digest 30.73 RISKS List Owner (Jun 26)
RISKS-LIST: Risks-Forum Digest Tuesday 26 June 2018 Volume 30 : Issue 73

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.73>
The current issue can also be...

Risks Digest 30.72 RISKS List Owner (Jun 12)
RISKS-LIST: Risks-Forum Digest Tuesday 12 June 2018 Volume 30 : Issue 72

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.72>
The current issue can also be...

Risks Digest 30.71 RISKS List Owner (Jun 05)
RISKS-LIST: Risks-Forum Digest Tuesday 5 May 2018 Volume 30 : Issue 71

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.71>
The current issue can also be...

Risks Digest 30.70 RISKS List Owner (May 26)
RISKS-LIST: Risks-Forum Digest Saturday 26 May 2018 Volume 30 : Issue 70

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.70>
The current issue can also be...

Risks Digest 30.69 RISKS List Owner (May 16)
RISKS-LIST: Risks-Forum Digest Wednesday 16 May 2018 Volume 30 : Issue 69

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.69>
The current issue can also be...

Risks Digest 30.68 RISKS List Owner (May 05)
RISKS-LIST: Risks-Forum Digest Saturday 5 May 2018 Volume 30 : Issue 68

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.68>
The current issue can also be...

Risks Digest 30.67 RISKS List Owner (Apr 29)
RISKS-LIST: Risks-Forum Digest Sunday 29 April 2018 Volume 30 : Issue 67

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.67>
The current issue can also be...

BreachExchange — BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.

Open Source Tool Development

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

Re: Building RPM proprietarry plugin including math.h fails Guy Harris (Aug 29)
If you're assuming that libwireshark uses libfoobar, you are making a mistake, unless "footer" is spelled "glib" or "c".

Then your plugin doesn't need to be linked with libm.

If you link with it. Don't assume libwireshark is guaranteed to be linked with any libraries other than "the system
libraries" and "glib".

Re: Building RPM proprietarry plugin including math.h fails João Valverde (Aug 28)
Assuming you are using CMake your plugin should use:
target_link_libraries(myplugin epan ${M_LIBRARIES})

Re: Building RPM proprietarry plugin including math.h fails Anders Broman (Aug 28)
Den ons 29 aug. 2018 07:03João Valverde <joao.valverde () tecnico ulisboa pt>
skrev:

Not sure what you are saying, where should what be done to make the build
work?
Anders

Petri-Dish stuck? Anders Broman (Aug 28)
Hi
It seems like no builds has come through in a while.
Regards
Anders

Re: Building RPM proprietarry plugin including math.h fails João Valverde (Aug 28)
And if my plugin calls requires libfoozbar that's an automatic
libwireshark dependency then? Or doesn't call C math functions, why
should my plugin be force to link with libm? Point is any library is
already available to plugins.

Re: Building RPM proprietarry plugin including math.h fails Guy Harris (Aug 28)
If your plugin calls C math functions, the "math library" is an external linkage requirement; some platforms have a
separate "math library", some don't. M_LIBRARIES should be set as necessary by the CMake module for libm.

Re: Building RPM proprietarry plugin including math.h fails João Valverde (Aug 28)
It's not a bug in Wireshark, it's a bug in your build, IMO.

I'll look into it.

Re: Building RPM proprietarry plugin including math.h fails Anders Broman (Aug 28)
-----Original Message-----
From: Wireshark-dev <wireshark-dev-bounces () wireshark org> On Behalf Of João Valverde
Sent: den 29 augusti 2018 01:40
To: wireshark-dev () wireshark org
Subject: Re: [Wireshark-dev] Building RPM proprietarry plugin including math.h fails

If indeed that is the problem (very likely) the decision to make these libraries PRIVATE was intentional because the
only external linkage requirement that I saw was glib....

Re: Building RPM proprietarry plugin including math.h fails João Valverde (Aug 28)
If indeed that is the problem (very likely) the decision to make these
libraries PRIVATE was intentional because the only external linkage
requirement that I saw was glib.

Re: Building RPM proprietarry plugin including math.h fails João Valverde (Aug 28)
I see now that you said proprietary plugin in the subject. Just add
M_LIBRARIES to your build?

Re: Building RPM proprietarry plugin including math.h fails João Valverde (Aug 28)
You could try using PUBLIC with M_LIBRARIES.

https://code.wireshark.org/review/#/c/29208/16/epan/CMakeLists.txt

Is this your own custom build or not?

Re: Building RPM proprietarry plugin including math.h fails Anders Broman (Aug 28)
Den tis 28 aug. 2018 16:25Ed Beroset <beroset () mindspring com> skrev:

Sure but somthing changed recently in the cmake files and broke it, as it
has worked before.
I'm trying a fix in the cmake file in epan.
Anders

[HITB-Announce] Reminder: HITBSecConf2018 Dubai CFP Hafez Kamal (Aug 28)
REMINDER: The Call for Papers for #HITB2018DXB closes on the 1st of September!

Call for Papers: https://cfp.hackinthebox.org
Event Website: https://conference.hitb.org/hitbsecconf2018dxb/

After a 8 year hiatus, the HITB Security Conference series returns to the Middle East!
Held at the Grand Hyatt Dubai from November 25th till the 28th, HITBSecConf2018 Dubai will be
featuring 2-day technical training courses followed by our 2-day multi-track...

Re: Building RPM proprietarry plugin including math.h fails Ed Beroset (Aug 28)
That's the symptom of missing the math library on the linker command
line. You'd need to add '-lm' to the linker line, if that's what you're
asking about.

Ed

Building RPM proprietarry plugin including math.h fails Anders Broman (Aug 28)
Hi,
tfo/packet-tfo.c:3754: undefined reference to `pow'
collect2: error: ld returned 1 exit status

when running make-rpm-package

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

Re: Snort3 and barnyard2 Russ via Snort-users (Aug 28)
Snort 3 does not provide those files. Barnyard2 is woefully out of date
at this point, but you use classification.config and reference.config
from the Snort 2 download. sid-msg.map is in the rules download.
gen-msg.map can be created by running this Snort 3 command:

snort --list-builtin | sed -e "s/ / || /; s/:/ || /" | sort -n -t
'|' -k 1 -k 3

Hope that helps.
Russ

Re: Base setup Eric Albert (Aug 28)
from what I see in the logs, it looks like it can't reach mail and
adodbmysql? Would that cause the page not to load? here's part of the
apache logs

[Tue Aug 28 14:25:20.822660 2018] [mpm_prefork:notice] [pid 2184] AH00169:
caught SIGTERM, shutting down
[Tue Aug 28 14:25:21.894672 2018] [mpm_prefork:notice] [pid 2348] AH00163:
Apache/2.4.18 (Ubuntu) configured -- resuming normal operations
[Tue Aug 28 14:25:21.894766 2018]...

Snort Subscriber Rules Update 2018-08-28 Research via Snort-sigs (Aug 28)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the browser-ie,
file-pdf, indicator-compromise, indicator-obfuscation, malware-cnc and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Re: Base setup Eric Albert (Aug 28)
I've done all of that. Is there supposed to be any changes made to the
php.ini file? I'm not reading any of that, but the last time I used apache
there were some changes needed in there

*Eric Albert **Network & Infrastructure Specialist*

*902-237-7889 | help () wilsons ca <help () wilsons ca>*

Re: Base setup Carl Huth via Snort-users (Aug 28)
In Ubuntu, you can check the mods that are enabled by using :
ls /etc/apache2/mods-enabled
or /etc/apache2/mods-available if you want to see which ones are available.

Your PHP settings are in /etc/php/5.6/apache2/php.ini

service apache2 reload should be enough for the module to load but you may
need to do a full restart,s*ervice apache2 restart*

It should just work for you at this point. The instructions I had read
from the snort site, do say...

Re: Base setup Ryan via Snort-users (Aug 28)
Here are my build notes for PHP5....this is what you probably
missed...because I missed it too. :)

a2enmod php5.6

# Notes
# Download ADODB
https://downloads.sourceforge.net/project/adodb/adodb-php5-only/adodb-520-for-php5/adodb-5.20.13.zip

# Install ADODB per directions (google)
adodb-5.20.13.zip

# Install PHP5
apt-get install ca-certificates apt-transport-https
wget -q https://packages.sury.org/php/apt.gpg -O- | sudo apt-key add -
echo...

Re: Base setup Eric Albert (Aug 28)
Took a bit more than I thought, but a php -v shows that it's running
php5.6.32. Still can't get on the base site though, not sure what else it
could be. I can get on the apache site no problem, just the base link
doesn't want to work.

*Eric Albert **Network & Infrastructure Specialist*

*902-237-7889 | help () wilsons ca <help () wilsons ca>*

[HITB-Announce] Reminder: HITBSecConf2018 Dubai CFP Hafez Kamal (Aug 28)
REMINDER: The Call for Papers for #HITB2018DXB closes on the 1st of September!

Call for Papers: https://cfp.hackinthebox.org
Event Website: https://conference.hitb.org/hitbsecconf2018dxb/

After a 8 year hiatus, the HITB Security Conference series returns to the Middle East!
Held at the Grand Hyatt Dubai from November 25th till the 28th, HITBSecConf2018 Dubai will be
featuring 2-day technical training courses followed by our 2-day multi-track...

Re: Base setup Ryan via Snort-users (Aug 28)
Hi Eric,

I just completed this build on Debian 9 a couple of weeks ago and had to
install PHP 5.6 for BASE to work. It was an easy install. Set the preferred
PHP to use version 5 (or unistall 7) and BASE worked perfectly.

-Ryan

Snort3 and barnyard2 oleg gv via Snort-users (Aug 28)
Hello, I'm tring to use snort3 with unified2 = {...} options in config and
barnyar2 to process logs.

Barn2 need gen-msg.map and sid-msg.map files and classifications/refernce
files.

Where to get them in snort3 or snort3-rules packages ? No *.map files found
here.

Is it possible to run snort3 with barny2 ?

Thanks.

Re: Base setup Eric Albert (Aug 28)
So I installed PHP, but I think the problem is that base is supposed to use
PHP5, and PHP7 is installed because 16.04 uses it by default. It did say
in the docs to install the proper PPA to get around it, but I don't think
it works. I can get to the apache page, but as soon as I try to go to
base_main.php the page cannot be found. I made the changes that the doc
said to make in the base_conf.php, is there some other change to some
config...

Multiple signatures 013 Y M via Snort-sigs (Aug 27)
Hi,

Yet another DNS tunneling sample and signatures below. Also adding signatures for CVE-2018-8414 in PDFs. Pcaps are
available.

Should have worked on these before forwarding 012. Sorry for the noise :).

Thanks.
YM

# --------------------
# Date: 2018-08-27
# Title: CVE-2018-8414 Samples In The Wild
# Reference:
# - http://sketchymoose.blogspot.com/2018/08/cve-2018-8414-samples-in-wild.html
# Hashes:
# -...

Re: Base setup Eric Albert (Aug 27)
yup, someone else mentioned that, by dum dum

*Eric Albert **Network & Infrastructure Specialist*

*902-237-7889 | help () wilsons ca <help () wilsons ca>*

Re: Base setup DFIRob via Snort-users (Aug 27)
This is a base issue, not a snort issue, but it looks to me like you
miss php on your webserver.

Re: Base setup Eric Albert (Aug 27)
Right, the docs didn't say to install apache and I had to do that, but I
didn't think about PHP support, I'll give it a go

Thx

*Eric Albert **Network & Infrastructure Specialist*

*902-237-7889 | help () wilsons ca <help () wilsons ca>*

More Lists

Related Resources

We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.