|
SecLists.Org Security Mailing List Archive
Any hacker will tell you that the latest news and exploits are not
found on any web site—not even Insecure.Org. No, the cutting edge
in security research is and will continue to be the full
disclosure mailing lists such as Bugtraq. Here we provide web
archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:
 Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects.
RE: [BULK] Re: new Win install fails beyond localhost
Norris Carden (Mar 10)
This showed up in the zenmap.exe.log:
E:\tools\Nmap\py2exe\library.zip\zenmapGUI\MainWindow.py:625:
GtkWarning: Could not find the icon '"C:\Program Files\Windows
NT\Accessories\WORDPAD.EXE",1'. The 'hicolor' theme
was not found either, perhaps you need to install it.
You can get a copy from:
http://icon-theme.freedesktop.org/releases
E:\tools\Nmap\py2exe\library.zip\zenmapGUI\App.py:337: GtkWarning:
gdkselection-win32.c:1068:...
Re: zenmap doesn't scan my user mode linux image
Toralf Förster (Mar 10)
David Fifield wrote at 17:41:12
Well,
but it is a regression at least at at my Gentoo system either between net-
analyzer/nmap-5.00-r2 and net-analyzer/nmap-5.21.
Or something other at my notebook changed, b/c I'm pretty sure that it worked
fine before (b/c I use the UML system since years to play with wireshark and
the protocols of sendmail, courier, apache, cups and friends).
Re: More nsock socket_count_write_dec assert() failures
David Fifield (Mar 09)
I worked off-list with Brandon on this problem, and I think we have it
solved. It's committed as r16961.
The problem was that handle_write_results always assumed that it was
being called as the result of a socket becoming writable. If a call to
SSL_write resulted in the pseudo-error SSL_ERROR_WANT_READ, it would
(correctly) decrement the write count and increment the write count.
However, when handle_write_result was called agains as a result of...
Re: NMAP XML output too verbose
Duarte Silva (Mar 09)
Knowing that I'm fairly new in the area of contributing to nmap, but
here it goes :)
The question of the XML showing off-line hosts can be solved with a
different XSL that only shows hosts that are up. (I have been
tinkering about a new and a little more interactive XSL file that
could transform the XML to something more pleasant to use, mashing it
up with JavaScript maybe?? Kind of thinking out loud now).
The problem of XML having hosts that...
Re: NMAP XML output too verbose
Ron (Mar 09)
One of the most common questions we see in #nmap on Freenode is, "how an I find every host with port xx open?" -- I
think your proposed modification to --open will make that a far easier question to answer. Sounds good to me!
Re: New Nmap options for IDS interaction
Theo Dzierzbicki (Mar 09)
Hello again,
It's been a week since I started to work on this possibles options, and
I'm having some trouble with the implementation, so I thought that even
if the options are NOT yet working correctly, this could be a good time to
report and ask for some advices.
The attached patch states my current progress.
I dived in the scan_engine.cc file as you told me, and tried to modify
the sendOK() function. This function happens to be a different...
Re: NMAP XML output too verbose
Fyodor (Mar 09)
Hi Kevin. I talked this over with David Fifield today and we have a
solution proposal which I hope will benefit you and other Nmap users.
Note that this proposal also significantly changes the --open
command-line argument:
The first part of our plan is to only show down hosts in the XML in
verbose mode (as you suggested). Nmap already works this way for its
normal/interactive output. The idea had been that humans don't
normally read the XML...
Re: a few usability problems and how to scan very fast a large network
Farkas Levente (Mar 09)
local arp table usually don't contains all apr info on the lan:-(
this gives me:
Nmap done: 65536 IP addresses (74 hosts up) scanned in 45.85 seconds
so much slower then my version:-(
this true, but imho a better output still would be useful.
this takes:
Nmap done: 65536 IP addresses (80 hosts up) scanned in 46.74 seconds
we always like to scan LAN or why VLAN different in this case?
in my case this the fastest:
Nmap done: 65536 IP addresses...
Re: a few usability problems and how to scan very fast a large network
Brandon Enright (Mar 09)
The best way would be to look at your ARP tables. With Nmap though,
something like this should be pretty comprehensive:
nmap -v -d -v -sP -PE -PP -PM
-PS21,22,23,80,135,139,443,445,1024,1025,1026,3389 -PA
21,22,23,80,135,139,443,445,1024,1025,1026,3389 -T5
--min-hostgroup 2048 --min-parallelism 256 -oA results 10.10.0.0/16
See below.
All of them but for different purposes.
Agreed.
Generally, yes.
Well if you tell Nmap to scan an IP and it...
RE: [BULK] Re: new Win install fails beyond localhost
Norris Carden (Mar 09)
BTW, the same install package is working fine on my XP desktop.
***WinIP*** trying to initialize WinPcap
Winpcap present, dynamic linked to: WinPcap version 4.1.1 (packet.dll
version 4.1.0.1753), based on libpcap version 1.0 branch 1_0_rel0b
(20091008)
NPF service is already running.
Starting Nmap 5.21 ( http://nmap.org ) at 2010-03-09 15:37 Central
Standard Time
The max # of sockets we are using is: 0
--------------- Timing report...
Re: new Win install fails beyond localhost
David Fifield (Mar 09)
Thanks, can you also do
nmap scanme.nmap.org
David Fifield
RE: new Win install fails beyond localhost
Norris Carden (Mar 09)
Results as requested... thanks for pointing out these options..
nmap --iflist
Starting Nmap 5.21 ( http://nmap.org ) at 2010-03-09 15:13 Central
Standard Time
************************INTERFACES************************
DEV (SHORT) IP/MASK TYPE UP MAC
eth0 (eth0) 10.1.1.XX/24 ethernet up 00:00:00:00:00:00
lo0 (lo0) 127.0.0.1/8 loopback up
DEV WINDEVICE
eth0 \Device\NPF_{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}
lo0...
a few usability problems and how to scan very fast a large network
Farkas Levente (Mar 09)
hi,
i've got a few question.
in short:
1. what's the fastest way to discover all available ip address in a
large (eg. class B network) if we're on a fast (at least 100Mb) LAN?
2. is there any way to filter output based on the scan specification?
3. is there any usable output format?
in a longer version (start from the end):
3. the current formats are not really useful for automatic processing,
since:
- normal output is not very easy to parse....
Re: zenmap doesn't scan my user mode linux image
David Fifield (Mar 09)
It would be very helpful if you could retest with version 5.00 to
confirm that. It will be much easier to fix if you can find a version
that definitely works.
David Fifield
Re: new Win install fails beyond localhost
David Fifield (Mar 09)
Can you scan hosts outside your local network, like scanme.nmap.org?
Perhaps there is a problem with ARP ping over the teamed interface.
If you can, please post the output from scanning one of the
non-responsive hosts, using the -d3 option to get debugging information.
You can remove or change any private IP addresses.
Also please send the output of
nmap --iflist
David Fifield
 Nmap Hackers — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.
Nmap 5.21 released
Fyodor (Jan 27)
Hello everyone. I'm pleased to release Nmap 5.21, which contains zero
exciting new features! It is a bug-fix only release instead,
addressing about a dozen issues discovered since 5.20. Thanks for all
the testing and bug reports! None of the bugs are critical, but we
wanted to polish things up since 5.21 may be the latest stable version
for a while. That gives us time to tackle and stabilize big
development projects. If you want to know...
Lots of Nmap News
Fyodor (Jan 22)
Hi folks. I'm happy to report that the 5.20 release went well. But
with this many improvements, there will always be a few bugs found.
We're planning to round those up with a bugfix-only 5.21 release next
week. So please test out 5.20 and report any problems you experience:
Download Page: http://nmap.org/download.html
Bug Report Instructions: http://nmap.org/book/man-bugs.html
If you're running from a build of the latest SVN checkout, you...
Nmap 5.20 Released
Fyodor (Jan 20)
Happy new year, everyone. I'm happy to announce Nmap 5.20--our first
stable Nmap release since 5.00 last July! It offers more than 150
significant improvements, including:
o 30+ new Nmap Scripting Engine scripts
o enhanced performance and reduced memory consumption
o protocol-specific payloads for more effectie UDP scanning
o a completely rewritten traceroute engine
o massive OS and version detection DB updates (10,000+ signatures)
The...
Nmap 5.00 Released!
Fyodor (Jul 16)
Hello everyone. I'm delighted to announce the release of Nmap 5.00!
This is the first major release since 4.50 in 2007, and includes about
600 significant changes since then! We consider this the most
important Nmap release since 1997, and we recommend that all current
users upgrade.
There are too many changes to list them all in this email, so here are
the top 5 improvements in Nmap 5:
1) The new Ncat tool aims to be your Swiss Army Knife...
Nmap news: stable release candidate 4.90RC1, SoC team, and new translations
Fyodor (Jun 26)
Hi Folks. I'm pleased to announce some exciting Nmap news:
[=================Nmap 4.90RC1==================]
It has been nearly 10 months (and 11 dev releases) since 4.76, the
last stable Nmap release. And we've made many dramatic changes, so it
is time for a new stable version! I've posted a release
candidate--4.90RC1--on the Nmap download page:
http://nmap.org/download.html
Please test it out, and let us know if you find any problems...
Nmap 4.85BETA6 now avail w/Conficker detection
Fyodor (Apr 01)
Hi Folks! In case you missed all the news reports yesterday, a couple
great researchers from the Honeynet Project (Tillmann Werner and Felix
Leder) and Dan Kaminsky came up with a way to remotely detect the
Conficker worm which has infected millions of machines worldwide.
Some say 15,000,000 machines infected, but that might just be
exaggerated AV-company BS for all I know. But there are clearly
millions of infections, and this massive botnet...
Nmap News: 4.84BETA4 release, Nmap book news, Summer of Code, Twitter, etc.
Fyodor (Mar 27)
Hello everyone. We've seen 848 messages on nmap-dev this year, but
this is my first post to nmap-hackers. So I have a lot of exciting
Nmap news to fit into this one email!
[=================Nmap 4.85BETA4==================]
While the last release I posted to this list was 4.76 in September of
last year, we've had four beta releases since then with hundreds of
important and dramatic changes. I'm pretty happy with the latest
4.85BETA4 release,...
 Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Vulnerabilities in Hydra Engine
MustLive (Mar 10)
Hello Bugtraq!
I want to warn you about vulnerabilities in Hydra Engine. It's commercial
Ukrainian CMS.
-----------------------------
Advisory: Vulnerabilities in Hydra Engine
-----------------------------
URL: http://websecurity.com.ua/3453/
-----------------------------
Timeline:
26.08.2009 - found the vulnerabilities.
28.08.2009 - announced at my site.
09.09.2009 - informed developers.
30.01.2010 - disclosed at my site....
VUPEN Security Research - Microsoft Office Excel Record Processing Code Execution Vulnerability
VUPEN Security Research (Mar 10)
VUPEN Security Research - Microsoft Office Excel Record Processing Code
Execution Vulnerability
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Microsoft Office Excel is a powerful tool you can use to create and
format spreadsheets, and analyze and share information to make more
informed decisions. With the Microsoft Office Fluent user interface,
rich data visualization, and PivotTable views,...
Secunia Research: Employee Timeclock Software "mysqldump" Password Disclosure
Secunia Research (Mar 10)
======================================================================
Secunia Research 10/03/2010
- Employee Timeclock Software "mysqldump" Password Disclosure -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's...
CORE-2009-1103: Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability
CORE Security Technologies Advisories (Mar 10)
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability
1. *Advisory Information*
Title: Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability
Advisory Id: CORE-2009-1103
Advisory URL: http://www.coresecurity.com/content/CORE-2009-1103
Date published: 2010-03-09
Date of last update: 2010-03-09
Vendors contacted: Microsoft...
ZDI-10-026: Hewlett-Packard OVPI helpmanager Servlet Remote Code Execution Vulnerability
ZDI Disclosures (Mar 10)
ZDI-10-026: Hewlett-Packard OVPI helpmanager Servlet Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-026
March 9, 2010
-- CVE ID:
CVE-2010-0447
-- Affected Vendors:
Hewlett-Packard
-- Affected Products:
Hewlett-Packard OpenView Performance Insight
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID...
iDefense Security Advisory 03.09.10: Microsoft Excel FNGROUPNAME Record Uninitialized Memory Vulnerability
iDefense Labs (Mar 10)
iDefense Security Advisory 03.09.10
http://labs.idefense.com/intelligence/vulnerabilities/
Mar 09, 2010
I. BACKGROUND
Excel is the spreadsheet application included with Microsoft Corp.'s
Office productivity software suite. More information is available at
the following website:
http://office.microsoft.com/excel/
II. DESCRIPTION
Remote exploitation of an uninitialized memory vulnerability in
Microsoft Corp.'s Excel could allow an attacker to...
[xss] a xss on "threadid" parameter in BBSMAX
lis cker (Mar 10)
i found a xss on "threadid" parameter in "post.aspx" in BBSMAX , it's "post.aspx?action=reply&threadid="
Vulnerable: BBSMAX 4.2 BBSMAX 4.1 BBSMAX 3.0
For example:
http://bbs.example.com/forum1/post.aspx?action=reply&threadid=";><script>alert(/liscker/);</script>
BBSMAX Home Page : http://www.bbsmax.com/
BBSMAX is prone to an cross-site scripting vulnerability because the...
Secunia Research: Employee Timeclock Software SQL Injection Vulnerabilities
Secunia Research (Mar 10)
======================================================================
Secunia Research 10/03/2010
- Employee Timeclock Software SQL Injection Vulnerabilities -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's Description of...
CORE-2009-0813: Windows Movie Maker and Microsoft Producer IsValidWMToolsStream() Heap Overflow
CORE Security Technologies Advisories (Mar 10)
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Windows Movie Maker and Microsoft Producer IsValidWMToolsStream() Heap
Overflow
1. *Advisory Information*
Title: Windows Movie Maker and Microsoft Producer IsValidWMToolsStream()
Heap Overflow
Advisory Id: CORE-2009-0813
Advisory URL: http://www.coresecurity.com/content/movie-maker-heap-overflow
Date published: 2010-03-09
Date of last update:...
ZDI-10-025: Microsoft Office Excel XLSX File Parsing Remote Code Execution Vulnerability
ZDI Disclosures (Mar 09)
ZDI-10-025: Microsoft Office Excel XLSX File Parsing Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-025
March 9, 2010
-- CVE ID:
CVE-2010-0263
-- Affected Vendors:
Microsoft
-- Affected Products:
Microsoft Office Excel
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Microsoft Office Excel. User interaction is
required to...
[security bulletin] HPSBMA02489 SSRT090065 rev.1 - HP Performance Insight , Remote Execution of Arbitrary Commands
security-alert (Mar 09)
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02033170
Version: 1
HPSBMA02489 SSRT090065 rev.1 - HP Performance Insight , Remote Execution of Arbitrary Commands
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-03-08
Last Updated: 2010-03-08
Potential Security Impact: Remote execution of arbitrary commands
Source: Hewlett-Packard Company, HP Software Security Response...
[SECURITY] [DSA 2008-1] New typo3-src packages fix several vulnerabilities
Moritz Muehlenhoff (Mar 09)
------------------------------------------------------------------------
Debian Security Advisory DSA-2008-1 security () debian org
http://www.debian.org/security/ Moritz Muehlenhoff
March 08, 2010 http://www.debian.org/security/faq
------------------------------------------------------------------------
Package : typo3-src
Vulnerability : several
Problem type : local/remote...
IBM ENOVIA SmarTeam v5 Cross Site Scripting Vulnerability
lament (Mar 09)
=========================================
Yaniv Miron aka "Lament" Advisory March 7, 2010
IBM ENOVIA SmarTeam v5 Cross Site Scripting Vulnerability
=========================================
=====================
I. BACKGROUND
=====================
ENOVIA SmarTeam provides highly flexible product data management
and mission-critical business process management.
It helps your team optimally leverage product knowledge,
driving...
Re: Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass
Sabahattin Gucukoglu (Mar 09)
Do you have firmware information on which products it affects.
Tested with firmware 7.5 on the latest-generation units. Should work just fine with 7.4.2, on the previous generation.
These are the latest versions. I don't know about previous releases for Airport Express, Airport Extreme, or Time
Capsule, and what revisions they will be at. They will probably be affected as long as they offer FTP access, which I
think was true for Airport...
SQL injection vulnerability in wILD CMS
Maciej Gojny (Mar 09)
# Title: [SQL injection vulnerability in wILD CMS]
# Date: [09.03.2010]
# Author: [Ariko-Security]
# Software Link: [http://www.wildcms.com/]
# Version: [ALL]
============ { Ariko-Security - Advisory #4/3/2010 } =============
SQL injection vulnerability in wILD CMS
Vendor's Description of Software:
# http://www.wildcms.com/
Vulnerable DEMO
# http://www.wildcms.com/page.php?page_id=139
Dork:
# N/A
Application Info:
# Name: wILD CMS...
 Full Disclosure — An unmoderated high-traffic forum for disclosure of security information. Fresh vulnerabilities sometimes hit this list many hours before they pass through the Bugtraq moderation queue. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. Unfortunately 80% of the posts are worthless drivel, so finding the gems takes patience.
credit union phishing scam
Pradip Sharma (Mar 10)
http://www.hattiesburgamerican.com/article/20100310/NEWS01/100310012/AG+warns+of+credit+union+phishing+scam
Attorney General Jim Hood is warning credit union members of an apparent
phishing scam.
Phishing is a computer-related scam that uses email, pop-up messages or cell
phone text messages to deceive the consumer into revealing their credit card
numbers, bank or credit union account numbers, Social Security numbers,
passwords or other...
New Internet Explorer code-execution
Pradip Sharma (Mar 10)
Online thugs are exploiting a security bug in earlier versions of Internet
Explorer that allows them to remotely execute malicious code, Microsoft
warned on Tuesday.
http://www.theregister.co.uk/2010/03/09/internet_explorer_attacks/
Re: Mozilla Firefox 3.6 plenitude String Crash(0day) Exploit
john stanion (Mar 10)
Are you saying right now that you and then SecurusGlobal is providing
illegal services to script-kiddies ?
Secunia Research: Employee Timeclock Software "mysqldump" Password Disclosure
Secunia Research (Mar 10)
======================================================================
Secunia Research 10/03/2010
- Employee Timeclock Software "mysqldump" Password Disclosure -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's...
Secunia Research: Employee Timeclock Software SQL Injection Vulnerabilities
Secunia Research (Mar 10)
======================================================================
Secunia Research 10/03/2010
- Employee Timeclock Software SQL Injection Vulnerabilities -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's Description of...
Secunia Research: Employee Timeclock Software Backup Information Disclosure
Secunia Research (Mar 10)
======================================================================
Secunia Research 10/03/2010
- Employee Timeclock Software Backup Information Disclosure -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's Description of...
CVE-2010-0624: Heap-based buffer overflow in GNU Tar and GNU Cpio
Jakob Lell (Mar 10)
I. BACKGROUND
GNU Tar and GNU Cpio are popular programs for managing archive
files. Both programs are included in many linux distributions. GNU Tar
is commonly used for exchanging source code archives.
Both programs include a client implementation for the remote mag tape
protocol (rmt). This protocol allows accessing a tape device attached
to a remote system via a rsh/ssh. It can also be used to
extract/create archive files on another system...
Re: Ubisoft DDoS
Michal (Mar 10)
Oh yeah, they paid a pretty penny for these things, along with the rest
of the infrastructure. It was serious business. In the early days at
that company they had quite a lot of problems, I can imagine when
capital was low and trying to get this stuff in place would be difficult.
Still trying to rack my brains what we where using...it wasn't anything
cisco though (well on the DDos mitigation anyway). I do remember it has
a horrid Java driven web...
Re: Mozilla Firefox 3.6 plenitude String Crash(0day) Exploit
Fionnbharr (Mar 10)
Next time when you have a bug like this can you email me and I'll swap
you a bug where you can send a lot of data at a host from thousands of
computers and they can't handle legitimate traffic. Sounds about fair.
[SECURITY] [DSA 2009-1] New tdiary packages fix cross-site scripting
Steffen Joeris (Mar 10)
------------------------------------------------------------------------
Debian Security Advisory DSA-2009-1 security () debian org
http://www.debian.org/security/ Steffen Joeris
March 09, 2010 http://www.debian.org/security/faq
------------------------------------------------------------------------
Package : tdiary
Vulnerability : insufficient input sanitising
Problem type...
Vulnerabilities in Hydra Engine
MustLive (Mar 10)
Hello Full-Disclosure!
I want to warn you about vulnerabilities in Hydra Engine. It's commercial
Ukrainian CMS.
-----------------------------
Advisory: Vulnerabilities in Hydra Engine
-----------------------------
URL: http://websecurity.com.ua/3453/
-----------------------------
Timeline:
26.08.2009 - found the vulnerabilities.
28.08.2009 - announced at my site.
09.09.2009 - informed developers.
30.01.2010 - disclosed at my site....
iDefense Security Advisory 03.09.10: Microsoft Excel MDXTUPLE Record Heap Overflow Vulnerability
iDefense Labs (Mar 10)
iDefense Security Advisory 03.09.10
http://labs.idefense.com/intelligence/vulnerabilities/
Mar 09, 2010
I. BACKGROUND
Excel is the spreadsheet application included with Microsoft Corp.'s
Office productivity software suite. More information is available at
the following website:
http://office.microsoft.com/excel/
II. DESCRIPTION
Remote exploitation of a heap overflow vulnerability in Microsoft
Corp.'s Excel could allow an attacker to execute...
iDefense Security Advisory 03.09.10: Microsoft Excel MDXSET Record Heap Overflow Vulnerability
iDefense Labs (Mar 10)
iDefense Security Advisory 03.09.10
http://labs.idefense.com/intelligence/vulnerabilities/
Mar 09, 2010
I. BACKGROUND
Excel is the spreadsheet application included with Microsoft Corp.'s
Office productivity software suite. More information is available at
the following website:
http://office.microsoft.com/excel/
II. DESCRIPTION
Remote exploitation of a heap overflow vulnerability in Microsoft
Corp.'s Excel could allow an attacker to execute...
iDefense Security Advisory 03.09.10: Microsoft Excel FNGROUPNAME Record Uninitialized Memory Vulnerability
iDefense Labs (Mar 09)
iDefense Security Advisory 03.09.10
http://labs.idefense.com/intelligence/vulnerabilities/
Mar 09, 2010
I. BACKGROUND
Excel is the spreadsheet application included with Microsoft Corp.'s
Office productivity software suite. More information is available at
the following website:
http://office.microsoft.com/excel/
II. DESCRIPTION
Remote exploitation of an uninitialized memory vulnerability in
Microsoft Corp.'s Excel could allow an attacker to...
iDefense Security Advisory 03.09.10: Microsoft Excel Sheet Object Type Confusion Vulnerability
iDefense Labs (Mar 09)
iDefense Security Advisory 03.09.10
http://labs.idefense.com/intelligence/vulnerabilities/
Mar 09, 2010
I. BACKGROUND
Excel is the spreadsheet application included with Microsoft Corp.'s
Office productivity software suite. More information is available at
the following website:
http://office.microsoft.com/excel/
II. DESCRIPTION
Remote exploitation of a type confusion vulnerability in Microsoft
Corp.'s Excel could allow an attacker to execute...
 Security Basics — A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.
Reporting SSH abuse
Dan Pilcheck (Mar 09)
Hello list,
I've been getting a slew of SSH brute forces coming from a university
inside the US over the
past week. Normally I wouldn't even bother with reporting, but I
figured this would be a
chance to clear this up.
Fail2ban bans for 10 hours, and then the login attempts area right
back at it. Repeat.
An email with associated logs, and perhaps a little info from this
side is the best I can come
up with. I suppose there's not much else to...
Re: Help hardening router
Mike Hale (Mar 09)
Wouldn't you want to encrypt your passwords in 5? Level 7 can be
cracked in seconds online.
Re: Help hardening router
Curt Shaffer (Mar 09)
Step one is to now change all of your passwords unless you put bogus hashes in there when you posted this. Otherwise,
everyone on this list can tell you what they are now :)
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your...
Re: Help hardening router
Alex (Mar 09)
Hi you
Take a look at the Cisco IOS benchmark from CIS [1]
type this
MARIO (config)#ip ssh?
does it show anything? [2]
Yes. You better change this access list with one that only allows the
traffic that you want and place a deny-all rule at the end. (You will
see this int the CIS benchmark as well)
But that's the access list that's applied to your internal network
going out. You also have an access-list that seems to be applied to
the...
RE: Help hardening router
Jatmoko, Arif (ID - Jakarta) (Mar 09)
If this is a Cisco Catalyst, that should be support SSH. Just enable SSH by entering the command :
crypto key generate rsa
line vty 0 4
And disable telnet, make SSH the only transport agent, use ACL to restrict inbound & outbound packet passing your
interfaces (by ip address & services), enable logging, secure your login, etc...etc.
You should, at least learn some basic command or consults about configuring Catalyst IOS to someone has...
Re: securing a segment of a network
krymson (Mar 09)
Would that be a primary concern about the current state of audits and checklists? Basically, there is a *lot* of effort
to camoflage or "limit the scope" of such audits.
<- snip ->
Now to the issue itself.
I am willing to believe the issue was actually about potential inappropriate access to system resources such as
applicatiions, shares and/or privileges. Splitting the network does not address this in any way, at best it...
FW: Help hardening router
Craig S. Wright (Mar 09)
ARGGG!
Always obscure the details.
It is clear you are not experienced with Cisco security. As such, I would
start with an automated tool such as the router audit tool (RAT) and Nipper.
You get these from the following sites respectively:
Centre for Internet Security (CIS) website
http://www.cisecurity.org/bench_cisco.html.
Nipper, (Network Infrastructure Parser)...
Re: Help hardening router
John Morrison (Mar 09)
Joe,
To protect, or secure, the router there are a few basics. These boil down to:
Install the latest IOS updates
Only run required services and disable all others
Allow only authenticated and encrypted access to the router
Use ACLs to control remote access to the router
See
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml
Latest IOS Update
==============
Download and installed the latest...
Re: Help hardening router
David Goldsmith (Mar 09)
Did you change the various encrypted passwords before posting the
config? If not, we may not have the IP address of the router, but you
just exposed their passwords (which may be used elsewhere)
There are also IP address for other interfaces on the router and other
endpoints, descriptions of connections, etc, in the configuration that
you posted.
If you post configurations to public lists asking for review, you should
be sure to fully...
Re: securing a segment of a network
Adam Pal (Mar 08)
Hi Roger,
First point: what you described bellow is nice, but it is one special scenario.
What is the most likely threat you want to mitigate?
Try to keep in mind, that mitigating exitic threats can lead you to higher costs and that is what you wanted to avoid
acording to your first email.
Also another question you can take in consideration: what would be your acceptable risks?
If the requirement is:
"Keep the same, maintain the...
Help hardening router
mzcohen2682 (Mar 08)
HI ALL !
I have a task to harden a small organization router, today the have
only the router and they dont use a FW.
Im pasting here the config (not before changing the Ip's ) can someone
recommend which commands to implement in order to harden the router?
they use some VPN's and the admin configs the router throw telnet.
another thing.. how I know if this IOS supports SSH?
also in the endo of the access list they have a line saying:...
Re: Re: securing a segment of a network
Bovril1a (Mar 08)
Unless you are in a high security environment the requirement from your auditors is an excellent example of why
auditors do not and never ever should run systems.......
Based on the caveat above, the issue has probably nothing to do with network segregation or segmentation and everything
to do with effective permissionings.
First we strip the perceived issue
Before you EVER accept an audit finding it needs to meet a basic "Rule of...
Re: securing a segment of a network
Roger D Vargas (Mar 08)
Adam Pal escribió:
That makes the acocutning PC inaccesible from the other network. In
theory, if you gain access to the gateway PC (with 2 network cars, one
for each network segment) you could do something, but that would take a
very skilled guy who can break into a Linux server and get the info from
Windows shares.
Keep the same, maintain the accounting PCs unreachable from the other
PCs in the network....
Re: securing a segment of a network
Adam Pal (Mar 08)
Hello Roger,
What exactly was your security gain from physicaly split the network?
It would also help if you can specify what security requirement should
be satisfied.
-
Best regards,
Adam Pal
Monday, March 1, 2010, 8:15:27 PM, you wrote:
<==============Original message text===============
RDV> Im facing a problem here in my network. Due to an auditory, some years
RDV> ago I had physically split my network in 2, with 2 windows...
Re: [cansecwest] Advanced PHP Hacking
Barbod Kiani (Mar 08)
Laurent:
Leaning the defense mechanisms activities through different layers would
be a major boost for the Security Admins. Be a very useful course to
take. Thanks for Sharing! Also, wanted to know, besides ways to break
into PHP environment, if it touches the following subjects in the
details and ways to prevent them ***currently*** in used:
1) It would be bad enough to get your index page de-faced, but worst
would be to have one of your...
 Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.
Re: Case studies books
David Glosser (Mar 09)
not a book, no idea how real, but fun to watch
http://en.wikipedia.org/wiki/Tiger_Team_(TV_series)
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT
and CEPT certs require a full practical examination in order to become...
Re: Evaluating pentesters
Shohn Trojacek (Mar 09)
Tony,
I'd say that similar to a job interview, you could ask them to tell
"war stories" and then measure their hesitation and response time to
detect BS. Of course, you don't want to mistake contemplation for
hesitation, but this is generally an effective tool in any area. For
example, you can call up a former employer and ask if they would hire
that person again. The lack of a response can be more telling than an
actual response at...
Re: Professional Scrpt Kiddies vs Real Talent
Omar Herrera (Mar 09)
Hi Adriel,
I agree that you have script kiddies on both ends, but this is the
nature of humans. You get you car these days to the mechanic and most of
them run some kind of scanner without understanding the inner details,
look at the report, replace the parts and that's it. They do what they
were trained for, nothing more or nothing else, and sometimes, that's
just what it's needed.
We got scientists and experts that claim to know the...
Re: Evaluating pentesters
Jason Ross (Mar 09)
In theory, there is; see http://securityscoreboard.com
In practice, there's a lot of security companies listed on the site
which have little information about them posted. That's largely
due to the fact that the site is really just starting to gain momentum,
but it still means that not a lot of data is available.
Still, even without the full realisation of user scores and such, it's
a helpful resource IMO. Specifically, it provides a very nice...
Re: Evaluating pentesters
aceinyaface (Mar 09)
Hey Tony,
This is a bit dated, but I guess this is what this guy was trying to do:
http://secreview.blogspot.com/
I've heard a lot about Netragard and heard they provide the services
you are looking for and do a very good job. FWIW.
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that...
Re: Professional Scrpt Kiddies vs Real Talent
Vikram Dhillon (Mar 09)
Thanks for that awesome email, I suppose you are right that in most cases the script kiddies are just being an
annoyance, imagine though if they did know and fully understood what those tools did. Wouldn't that be scarier :) Then
again, that's just my opinion, but I do strongly believe that ignorance is benifiting us one way or the other. With the
advent of linux however, things have changed a lot, the code is open so its harder to make it...
Re: Professional Scrpt Kiddies vs Real Talent
Adriel T. Desautels (Mar 09)
Comments embedded below:
When shouldn't a penetration tester be a hacker?
Hence why I made the correction to our blog: " As far as I am concerned, these are some of the best guys in the
industry:" When I first wrote it I wrote it as if the list was all inclusive, and that's just impossible. My mistake.
Care to elaborate? I might be having an idiot moment here, but I'm not following what you are trying to communicate.
What does...
Re: Professional Scrpt Kiddies vs Real Talent
Adriel T. Desautels (Mar 09)
Hi Wim, my comments are embedded below.
Why are you making the assumption that Vulnerability Research is limited to "products"?
Interesting perspective and I can't say that I share your view in its entirety. That said, I certainly agree that
contributing to the community is of huge value. I think that our contributions are proof of that aren't they?
I love HD, so do the people on our team, but I'm not sure that I'd go so far as...
Re: proposed pen-test
Shohn Trojacek (Mar 08)
I haven't thought this very far through, but wanted to comment that
this is hilarious for many reasons. I can imagine the look of surprise
on the user's face.
I'm not sure there would be a whole lot of value in performing this
unless your users have been trained quite well in this area. I'm
operating under the presumption that this is a "normal" user
population not used to security protocols and such. In other words,
I'd probably spend...
Re: Professional Scrpt Kiddies vs Real Talent
Wim Remes (Mar 08)
while I understand what triggered this post and/or e-mail, it is barely scratching the surface. Infosec is so much
more than finding vulnerabilities in products that you can hardly
limit a list of "security experts" to people doing vulnerability research. It just ain't right. For me there's two
kind of people in infosec : People that are actually contributing to a
very open and interactive community (no, not by stepping in the...
Re: proposed pen-test
Terry Cutler (Mar 08)
Hey John, I'm actually reproducing the Hack that was done on Google
called "Project Aurora" in a Keynot demo at Novell Brainshare. I'll be
using Core Impact 10 to do this. In essence what happens is that Core
installs a webserver instance on my PC and fires off an email to whom
ever you specify and FROM who ever you want. Now, core has some built
in HTML messages that look like the real deal such as Facebook and
Linkedin invitations....
Re: Evaluating pentesters
Andre Gironda (Mar 08)
Is there some kind of capital planning, budgeting, or decision-making
process that occurs before a company seeks out to hire penetration
testing firm(s)?
http://www.penetration-testing.com
Why PCI DSS focused and not anything else? I would have rather you
said ISO 27002, BITS FISAP, or Unified Compliance. Actually I would
rather have you say that this is risk management and fraud management
focused, perhaps citing standards in those areas.
Ok....
Re: Evaluating pentesters
David Glosser (Mar 08)
I would assume that a PCI Approved Scanning Vendor (ASV) would also
have those resources.
Another option may to visit the PCI forums and mailing lists and check
out the replies to user questions. Many of those answers are from
people who have performed PCI gap analyses and PCI audits
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to...
Re: proposed pen-test
krymson (Mar 08)
If you have access to the mailboxes of the department, could you just slip them in with some prepared wear-and-tear on
the packages and maybe a stamp making it look like it has been processed? Of course, now you're just pretending to be
the real post instead of actually using them!
One problem with USB keys and social testing would be any effects if your targets take the devices home to check them
out, or give them to a student or friend or...
Re: Evaluating pentesters
Tracy Reed (Mar 08)
On Fri, Mar 05, 2010 at 07:01:33PM -0500, Tony Turner spake thusly:
Just out of curiosity, what makes for a bad pen-testing firm?
I'm going to be looking for one myself (PCI as well) and would like to
know what to avoid.
Although pen-testing is way-overrated IMHO. The attackers will have
far more time and be far more resourceful than your pen-testers will
ever be.
There seems to be a cottage industry of small shops praying on
merchants who...
 Info Security News — Carries news items (generally from mainstream sources) that relate to security.
Thailand approves extradition of credit card hack suspect
InfoSec News (Mar 09)
http://www.theregister.co.uk/2010/03/08/thailand_extradites_hacking_suspect/
By Dan Goodin in San Francisco
The Register
8th March 2010
A criminal court in Thailand has approved the extradition to the US of a
Malaysian man suspected of participating in credit card thefts of more
than $152m, according to a local news report.
Gooi Kokseng, 44, was arrested on January 30 after being accused of
causing more than 5 billion baht, or $152.9m, in...
RSA: Cybersecurity A Joint Fed, Industry Effort
InfoSec News (Mar 09)
http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=223200125
By J. Nicholas Hoover
InformationWeek
March 8, 2010
Government officials played a starring role at the annual RSA Conference
last week, laying out their plans for government cybersecurity,
particularly the need for increased cooperation with industry, in
keynotes and panel sessions throughout the week.
White House cybersecurity coordinator Howard...
Cybersecurity program has serious defects, GAO says
InfoSec News (Mar 09)
http://gcn.com/articles/2010/03/08/cnci-assessment-030810.aspx
By William Jackson
GCN.com
March 08, 2010
Implementing the Comprehensive National Cybersecurity Initiative, a
broad program intended to protect the nation.s cyber infrastructure, has
been hampered by a lack of coordination and transparency, according to
the Government Accountability Office.
"CNCI is unlikely to fully achieve its goal of reducing potential
vulnerabilities,...
Ford Motor Rolls Out New Security Features To Prevent Car-Hacking
InfoSec News (Mar 09)
http://www.darkreading.com/vulnerability_management/security/client/showArticle.jhtml?articleID=223200163
By Kelly Jackson Higgins
DarkReading
March 08, 2010
Automobile giant Ford Motor this year will debut vehicles with built-in
WiFi -- along with enhanced security features to prevent data breaches
via its new cars.
Ford has offered the so-called Sync technology service it co-developed
with Microsoft in most of its Ford, Lincoln, and...
Backdoor found in Energizer Duo USB battery charger
InfoSec News (Mar 09)
http://news.cnet.com/8301-27080_3-10465429-245.html
By Elinor Mills
InSecurity Complex
CNet News
March 8, 2010
Software that can be downloaded for use with the Energizer Duo USB
battery charger contains a backdoor that could allow an attacker to
remotely take control of a Windows-based PC, Energizer and US-CERT is
warning.
"The installer for the Energizer Duo software places the file
UsbCharger.dll in the application's directory and...
FDIC: Hackers took more than $120M in three months
InfoSec News (Mar 09)
http://www.computerworld.com/s/article/9167598/FDIC_Hackers_took_more_than_120M_in_three_months?taxonomyId=17
By Robert McMillan
IDG News Service
March 8, 2010
Ongoing computer scams targeting small businesses cost U.S. companies
$25 million in the third quarter of 2009, according to the U.S. Federal
Deposit Insurance Corporation.
Online banking fraud involving the electronic transfer of funds has been
on the rise since 2007 and rose to...
Tokyo's Cyber Emergency Centre at the vanguard of hacking defence
InfoSec News (Mar 07)
http://technology.timesonline.co.uk/tol/news/tech_and_web/article7053320.ece
By Leo Lewis
The Times
March 8, 2010
Across one wall of a Thunderbirds-style command centre a huge map of the
world keeps a running log of global cyber-attacks. Bloodcurdling names
dart across the screen as thousands of computers are attacked in Houston
or Hiroshima or Hampstead. This is Tokyo's Cyber Emergency Centre.
Itsuro Nishimoto gives an order to one of his...
The Corporate Side of Snooping
InfoSec News (Mar 07)
http://www.nytimes.com/2010/03/07/business/07shelf.html
By DEVIN LEONARD
Off the Shelf
The New York Times
March 5, 2010
IT'S easy to understand how Washington reporters can become jaded. They
are constantly being spun by the same gang of politicians and lobbyists
who dominate the nation's capital.
So, by his own admission, Eamon Javers, a veteran Washington
correspondent who now covers the White House for Politico, was thrilled
when he...
Microsoft's tax-for-hacks 'horrible' idea, say security experts
InfoSec News (Mar 07)
http://www.computerworld.com/s/article/9166458/Microsoft_s_tax_for_hacks_horrible_idea_say_security_experts?taxonomyId=17
By Gregg Keizer
Computerworld
March 5, 2010
Microsoft's idea that the fight against malware could be funded by an
Internet tax is "horrible," an analyst said Thursday as other experts
weighed in on a recent comment by the company's security chief.
Earlier this week, Scott Charney, Microsoft's vice president for...
Facebook founder Mark Zuckerberg 'hacked into emails of rivals and journalists'
InfoSec News (Mar 07)
http://www.dailymail.co.uk/news/worldnews/article-1255888/Facebook-founder-Mark-Zuckerberg-hacked-emails-rivals-journalists.html
By Mail Foreign Service
06th March 2010
Facebook founder Mark Zuckerberg has been accused of hacking into the
email accounts of rivals and journalists.
The CEO of the world's most successful social networking website was
accused of at least two breaches of privacy in a series of articles run
by...
Westin Bonaventure Los Angeles latest victim of hotel hackers
InfoSec News (Mar 07)
http://content.usatoday.com/communities/hotelcheckin/post/2010/03/hackers-breach-westin-bonaventure-los-angeles-networks-cybercriminal/1
By Barbara De Lollis
USA TODAY
Hotel Check-In
March 07, 2010
You may have to monitor your credit card statements - and even place a
fraud alert on your card - if you ate or parked your car at the Westin
Bonaventure Hotel & Suites in Los Angeles between April 2009 and
December 2009.
Why? The Westin...
Linux Advisory Watch: March 6th, 2010
InfoSec News (Mar 07)
+----------------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| March 6th, 2010 Volume 11, Number 10 |
| |
| Editorial Team: Dave Wreski <dwreski () linuxsecurity com> |
| Benjamin D. Thomas <bthomas () linuxsecurity...
At RSA, Some Security Pros Don't Practice What They Preach
InfoSec News (Mar 07)
http://www.darkreading.com/vulnerability_management/security/encryption/showArticle.jhtml?articleID=223101624
By Tim Wilson
DarkReading
March 05, 2010
SAN FRANCISCO -- RSA Conference 2010 -- You'd think the behavior of
wireless users at one of the industry's biggest security conferences
would be -- well, secure.
Not so, says a quick study from wireless security company Motorola
AirDefense.
In a study during the first two days of the show,...
Iowa Homeland Security Web site "compromised"
InfoSec News (Mar 05)
http://www.desmoinesregister.com/article/20100304/NEWS/100304002/1001/Iowa-Homeland-Security-Web-site-compromised
By WILLIAM PETROSKI
dmreg.com
March 4, 2010
The Iowa Homeland Security and Emergency Management Division's Web site
has been "compromised," a state official said today.
David Miller, the division's administrator, said the incident also
affects other Web sites hosted by the Iowa Department of Public Defense.
"The...
Re: Nation's cybersecurity suffers from a lack of information sharing
InfoSec News (Mar 05)
Forwarded from: Richard Forno <rforno (at) infowarrior.org>
Talk about a blast from the past!
This article could be ripped from FCW's archives with only the dates and
names changed .... I mean, didn't we hear industry and gov folks say the
same thing in 1997, 2000, 2003, 2005, 2007 and 2009 about critical
infrastructure protection, Y2K, homeland security, etc? Heck, the
Nation even has a "National Strategy for Information...
 Firewall Wizards — Tips and tricks for firewall administrators
Call for papers: ISP-10, Orlando, USA, July 2010
James Heralds (Feb 22)
It would be highly appreciated if you could share this announcement with
your colleagues, students and individuals whose research is in information
security, cryptography, privacy, and related areas.
Call for papers: ISP-10, Orlando, USA, July 2010
The 2010 International Conference on Information Security and Privacy
(ISP-10) (website:
http://www.PromoteResearch.org<http://www.promoteresearch.org/>) will
be held during 12-14 of July 2010...
Re: Inline 2 port POE Firewall
bruces (Feb 16)
What about the RouterBoard 433 series boards. Three NICs and POE,
firewall on RouterOS is Linux 2.6 based, so iptables is there. If you
want gigabit ethernet, the 600 series has that.
Regards,
Bruce
Quoting Kerry Milestone <km4 () sanger ac uk>:
Inline 2 port POE Firewall
Kerry Milestone (Feb 16)
Hello,
i'm looking for an in-line firewall which runs on power over the ethernet. Two ports, one in and one out - running
something like iptables or monowall etc.
Ideally, i'd like to see a yoggie style small device, but their SOHO doesn't run on poe and USB is out of the question.
~ I've seen some bareboards, but in our case it would be really handy to purchase working units (when required) for a
fairly cheap price - rather than have to...
Re: Login straight to priv mode in PIX with TACACS server
John Morrison (Feb 12)
Michel,
If you set the PIX to use tacacs+ and then local it will use local if
it cannot contact the TACACS+ server, The easiest way to make sure it
cannot contact the TACACS+ server is to remove the network cables.
Login straight to priv mode in PIX with TACACS server
Michel Ferreira (Feb 11)
Hi,
I've successfully configured my PIX 506E (6.3) to authenticate with my
TACACS+ Server (ACS 4.1), however I want to know if there's any way to
put the user straight in priv mode (enable) just after login, without
the need to input the 'enable' command.
I'm questioning this because I don't want to include the "aaa
authentication enable console tacacs+ LOCAL" command, since with this
command if I need console access I still will be...
Draft paper submission deadline is extended: ISP-10
James Heralds (Feb 05)
Draft paper submission deadline is extended: ISP-10
The 2010 International Conference on Information Security and Privacy
(ISP-10) (website:
http://www.PromoteResearch.org<http://www.promoteresearch.org/>)
will be held during 12-14 of July 2010 in Orlando, FL, USA. ISP is an
important event in the areas of information security, privacy, cryptography
and related topics.
The conference will be held at the same time and location where...
Hackito Ergo Sum 2010 - Call For Paper - HES2010 CFP
endrazine (Feb 04)
Hackito Ergo Sum 2010 - Call For Paper - HES2010 CFP
http://hackitoergosum.org
Hackito Ergo Sum conference will be held from April 8th to 10th 2010 in
Paris, France.
It is part of the series of conference "Hacker Space Fest" taking place
since 2008 in France and all over Europe.
HES2010 will focus on hardcore computer security, insecurity,
vulnerability analysis, reverse engineering, research and hacking.
INTRO
The goal of this...
Re: Is it possible to control access between clients on same LAN with a firewall?
pkc_mls (Jan 28)
William Fitzgerald a écrit :
this is exactly the point.
there are some firewalls that can do layer2 filtering. (bridge mode,
transparent mode, layer2).
this is another option, but you can have some difficulties to find a
local firewall
on a printer.
you should check in the dd-wrt doc or ask the dd-wrt mailing list if it
can be configured with bridge interface
on the LAN.
Re: Is it possible to control access between clients on same LAN with a firewall?
Paul D. Robertson (Jan 27)
I'm going to give you the non-firewall, imperfect but quick and easy
solution because with my quick reading of the postings I've approved, I
didn't see anyone suggest it yet- and it works no matter what you're using
as a router, assuming that it operations normally, and someone hasn't been
too clever in making it work...
Supernet the router, so use something like say 10.10.0.0/255.255.0.0 as
the "internal" network on the router....
Re: Is it possible to control access between clients on same LAN with a firewall?
William Fitzgerald (Jan 27)
Hi everyone,
Thanks for the constructive feedback.
I'll read into the proposed areas such as private vlans and the possible
configurations of vlans within dd-wrt.
I now know what some of the terminology used is (private vlan etc) in
order to hone in on the correct types of documentation to read.
kind regards,
Will.
PS: This reply may not get to you for some time, as I seem to need
moderator approval to post to the list.
Pete.LeMay wrote:
Re: Is it possible to control access between clients on same LAN with a firewall?
Will Brickles (Jan 27)
Using DD-WRT, what comes to mind immediately is to put your devices into separate VLANs and then use iptables to
restrict traffic between the VLANs. I don't know how flexible DD-WRT is when it comes to VLANs, but it might be your
best bet on such a platform. A configuration guide for VLANs I came across is at
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=1160 - it sounds as if you are already familiar with iptables.
Using other (much more...
Re: Is it possible to control access between clients on same LAN with a firewall?
K K (Jan 27)
Yes.
The most transparent (to the host) technique is what Cisco calls
"private VLAN", see:
http://en.wikipedia.org/wiki/Private_VLAN
There are other approaches to get the same results, all require either
a firewall with lots of interfaces (real or virtual) or a very smart
switch.
Kevin
Re: Is it possible to control access between clients on same LAN with a firewall?
Paul Melson (Jan 26)
With DD-WRT you can assign a different VLAN to each interface of the
router and then use iptables rules to manage traffic between devices.
This requires either a high degree of customization of your router or
the use of static IP addressing on some of the VLANs. Which for a
home network may not be so bad. Keep in mind that if you uplink other
switches to the router that the firewall cannot protect two devices
connected to that switch from each...
Re: Is it possible to control access between clients on same LAN with a firewall?
Mark (Jan 26)
Will:
The issue here is that computers on the same LAN do not forward packets to
the default gateway (your firewall), but use ARP and layer 2 to communicate.
The firewall never even pays attention to this traffic. The fact that the
firewall and switch are occupying the same physical device (your WRT54G)
makes no nevermind (as we say in the south). Even if you could make your
firewall filter the traffic, in essence you would be creating a...
Re: Is it possible to control access between clients on same LAN with a firewall?
Eric Gearhart (Jan 26)
You sound like you might already know this, but I may as well
summarize it for the audience. Normally in "production networks" you
separate different servers on a network based on their purpose... for
example, application servers go into an "application VLAN," database
servers go into a "database VLAN," and publicly accessible servers go
in their own separate DMZ (preferably they also hang off their own
separate...
 IDS Focus — Technical discussion about Intrusion Detection Systems. You can also read the archives of a previous IDS list
Call for Papers: EC2ND 2010
Konrad Rieck (Mar 08)
Dear Colleagues,
Please find attached the Call for Papers for EC2ND 2010,
the sixth European Conference on Computer Network Defense,
which will be held in Berlin, Germany, October 28-29, 2010.
Please feel free to distribute this announcement. We apologize
if you receive multiple copies of this message.
Best Regards,
The EC2ND 2010 Organization Committee
* * * * * *
6th European Conference on Computer...
Announcing xtractr (on pcapr)
kowsik (Feb 22)
We are happy to announce xtractr, a collaborative cloud app for
indexing, searching, extracting and reporting on large pcaps. xtractr
enables network/support engineers and testers to troubleshoot the
network, isolate problems, identify field issues and perform network
forensics.
You can learn more about xtractr on our blog: http://bit.ly/d7yrKl or
watch a demo: http://www.pcapr.net/xtractr
Thanks,
K.
---
http://www.pcapr.net/...
CFP: Workshop on the Analysis of System Logs
Kathryn Mohror (Feb 05)
Workshop on the Analysis of System Logs (WASL) 2010
http://www.systemloganalysis.com
Call for Papers
===============================
October 3, 2010
Vancouver, Canada
(at OSDI)
===============================
FULL PAPER SUBMISSION: Sunday, June 13, 2010
AUTHOR...
 Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.
Re: Need a real Java web application with vulnerabilities
Yu Qu (Mar 08)
Hi, Peine and others:
I have encountered similar problems too, my suggestion is please try to google the alphabetic strings like this:
"sql injection vulnerability CVE site:web.nvd.nist.gov jsp"
I believe that some positive results can be found. I'm also looking forward to other suggestions, thx!
Best wishes!
------------------------------------
Yu Qu
Ph.D. Candidate Student
Ministry of Education Key Lab for Intelligent...
RE: [WEB SECURITY] Re: Need a real Java web application with vulnerabilities
Calderon, Juan Carlos (GE, Corporate, consultant) (Mar 08)
Yeah, Steve's is just a nice approach, my experience is the same, you
will hardly find a non vulnerable custom application.
Besides you will improve your internal systems security, but fix them
fast or you could suddenly have those vulnerabilities exploited in
production and some grades changed :).
Regards,
JC
-----Original Message-----
From: Steve Pinkham [mailto:steve.pinkham () gmail com]
Sent: Lunes, 08 de Marzo de 2010 12:04 p.m.
To:...
Re: Need a real Java web application with vulnerabilities
Morgan Reed (Mar 08)
Sounds like the right approach, though I'm not aware of any Java based CMS.
I'd suggest your best bet is to go trawling some of the various
vulnerability databases around the place for a suitable candidate.
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus...
Re: [WEB SECURITY] Re: Need a real Java web application with vulnerabilities
Steve Pinkham (Mar 08)
Rogan Dawes wrote:
> Unfortunately, your first requirement seems to suggest against your
> suggestion. :-)
>
> As an open source app, the student would be able to see the change logs,
> and any security announcements for the app, and would be able to make
> use of those to identify known vulnerabilities in that version of the
app.
>
> I suggest you look for a project that may have had a history of
>...
Security BSides Austin - sponsors needed!
Benjamin Tomhave (Mar 08)
Hi folks,
We need your help. We're still looking for sponsors for this weekend's
Security BSides Austin, which is set to occur the same day as the
kickoff for SxSW Interactive (a major developer conference). We have
official sponsorship from Astaro and Panda, plus a couple unofficial
sponsors. We'd love to see your organization involved, too! We're hoping
for a successful inaugural event in Austin, TX, so that next year we can
become officially...
Re: Need a real Java web application with vulnerabilities
Marc-André Laverdière (Mar 08)
You can have a try at Securibench. Some of the apps in there don't run without
some serious armtwisting though, but its good enough for manual review and
static analysis.
Marc-André Laverdière
Software Security Scientist
Innovation Labs, Tata Consultancy Services
Hyderabad, India
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck....
Re: Need a real Java web application with vulnerabilities
Federico Maggi (Mar 08)
OWASP's WebGoat Project has designed a non-trivial web application in Java, exactly for this purpose.
Ciao,
-- Federico
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
Re: Need a real Java web application with vulnerabilities
Kvetch (Mar 08)
Check out Daffodil CRM - http://sourceforge.net/projects/daffodilcrm/
It has SQL injection, XSS and some coding opportunities.
Nick Baronian
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
Re: Need a real Java web application with vulnerabilities
Wagner Elias (Mar 08)
OWASP Broken Web App Project contains WebGoat an app vulnerable in Java.
http://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project#tab=Project_Details
Regards
2010/3/8 Holger Peine <Holger.Peine () fh-hannover de>:
Need a real Java web application with vulnerabilities
Holger Peine (Mar 08)
Hello,
I have a student who wants to perform a mostly manual security review
of some Java web application as his master's thesis work. I am well
aware of pedagogical, deliberately insecure applications like Webgoat
and many others. However, we need a real application for this:
- Real code, since the job should create a realistic experience for
the student, and the results should not be readily available
in advance (as with Webgoat etc.)
-...
SamuraiWTF 0.8 released
Kevin Johnson (Mar 05)
Hi all,
I have just finished releasing SamuraiWTF 0.8. It is available at http://samurai.inguardians.com
and is a huge update. It includes metasploit, target applications
and tons of tool updates. It is now DVD sized as it has out grown the
CD release.
Thank you
Kevin Johnson and the SamuraiWTF project team
Senior Security Analyst
InGuardians, Inc.
office: 202.448.8958
cell: 904.403.8024
removing version identifying attribution data
Robin Wood (Mar 04)
With a lot of open source web apps there is usually some kind of file
or comment block in the code that identifies the author and gives
attribution. The problem with most of these is that they end up
leaking information about the version of the app being used.
I'm very keen on keeping attribution in place and wouldn't want to
release software without giving due credit but at the same time I'd
rather not expose my clients to data leakage which I...
Vulnerabilities Animated Clips
Maty Siman (Mar 03)
One of the biggest challenges of the security community is to build true
SDLC (Secure development Life Cycle).
The biggest obstacle is that application developers at large lack the
know-how and motivation to address application risk.
At Checkmarx labs we thought that a new approach to application developers
might help them cross the barrier.
We have developed as a pilot including two short animated clips that should
help developers understand a...
Advanced PHP Hacking
Laurent OUDOT at TEHTRI-Security (Mar 03)
Hi,
I'd like to announce a Security Master's Dojo course during next
CanSecWest 2010 in Vancouver (March 22-26 2010).
Title: Advanced PHP Hacking (!)
PHP is a worldwide web language used by individuals as well as companies
(Facebook...). This session aims at providing a hands-on focused PHP
Hacking experience. After this course, you will really know how
attackers work and move through PHP hax0ring so that they can jump
deeper down to your...
Re: Cookie Secure Attribute - Clarification
51l3n73y3s (Mar 01)
I would make the attribute as Secure and then also set the requireSSL of the
form to true. In this way the server will discard it if it's over HTTP.
Regards, Sandeep
--------------------------------------------------
From: "arvind doraiswamy" <arvind.doraiswamy () gmail com>
Sent: Sunday, February 28, 2010 12:23 PM
To: <webappsec () securityfocus com>
Subject: Re: Cookie Secure Attribute - Clarification
This list is...
 Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.
Re: Mike Bailey's Flash presentation is good.
Florian Weimer (Mar 09)
Bugs in web application frameworks are typically not fixed in the
frameworks, but are classified as application bugs instead. Each
application has to work around them. That creates enough commonality
that makes scanners not entirely useless.
Mike Bailey's Flash presentation is good.
dave (Mar 09)
People in the web application security space are often more into
"scanners" than people finding memory corruption bugs. I'm not sure what
the root cause is there - perhaps the set of bug classes that are
useful in web applications includes an abnormally large number of
automatable possibilities? Perhaps it's just a sign of the immaturity of
the field in general.
But web application hacking can be as complex as a CLOUDBURST style...
Re: Does anyone have video of this?
Nate Lawson (Mar 04)
I'm not sure why you're so excited about this. This panel is up every
year and mostly has the same people on it.
Basically you have Shamir and Rivest as the only two active
cryptographers with Whit Diffie as comedy relief. Brian Snow retired
from the NSA a while ago. It may be a fun format to watch for a Access
Hollywood level overview of recent crypto news, but nothing
groundbreaking has ever been presented here.
As for the NSA, crypto is such...
Perforce
Intevydis (Mar 04)
Hi,
Usually I tend to ignore articles related to "sophisticated" aurora
attacks but according to
http://www.wired.com/threatlevel/2010/03/source-code-hacks many
companies use Perforce, big surprise..
About two years ago we've performed a quick testing of Perforce 2008.1
and released some bugs with Vulndisco:
1. p4s.exe DoS (crash)
to trigger send the following data to port "...
Re: Does anyone have video of this?
Dave Aitel (Mar 04)
Btw, for those who missed it:
"""
You find it at:
http://media.omediaweb.com/rsa2010/video-only.htm?id=1-5
And the other media from:
http://www.rsaconference.com/2010/usa/recordings/keynote-catalog.htm?utm_source=us10showdaily&utm_medium=email&utm_campaign=Wednesday
"""
-dave
Does anyone have video of this?
Dave Aitel (Mar 02)
NSA, cryptoexperts jab at RSA Conference Cryptographers' Panel
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1407881,00.html
FIRST 2010!
dave (Mar 02)
I'm giving a keynote at FIRST 2010. As you might imagine, FIRST is an
incident response conference (largely), and is chaired by Steve Adegbite
(Microsoft). It's in Miami, so I'm skating on home ice, as Justin Seitz
would say.
http://conference.first.org/program/program.aspx
Here's my abstract. I'm promising to "shed light" which will probably be
via a laser pointer!
"""
Incident response happens when your secure...
Month of PHP Security 2010 - CALL FOR PAPERS
Stefan Esser (Feb 27)
Month of PHP Security 2010 - CALL FOR PAPERS
--------------------------------------------
Three years ago, in March 2007, the Hardened-PHP project had organized
the Month of PHP Bugs. During one month more than 40 vulnerabilities in
the PHP interpreter were disclosed in order to improve the overall
security of PHP. Now, three years later, SektionEins GmbH will
continue in the same spirit and organize the Month of PHP Security.
The intention of...
dnsmap v0.30 + embedded devices discovery trick
Adrian P. (Feb 25)
Hello folks,
Just wanted to let you know that we recently released a new version of dnsmap.
dnsmap is a command line tool originally released in 2006 which helps
discover target subdomains and IP ranges during the initial stages of
an infrastructure pentest. dnsmap is a passive(ish) discovery tool
meant to be used before an actual active attack. It’s an alternative
to other discovery techniques such as whois lookups, scanning large IP
ranges,...
Re: XSS in viewstate
Nicolas RUFF (Feb 21)
Hello,
I already had a look at that in the past, and it appears that ViewState
data is encoded using System.Web.UI.LosFormatter (LOS meaning Limited
Object Serialization).
Everything can be found in System.Web.dll (from the .NET Framework). It
might even be available in the source
(http://referencesource.microsoft.com/netframework.aspx).
There is at least one Open Source project that began to reimplement the
serialization logic (but it...
Re: XSS in viewstate
David Byrne (Feb 19)
We usually see MAC protection turned off on at least one page during an
assessment. Does this mean that you can always have XSS if MAC
protection is turned off? That would be pretty cool.
I'm not familiar with Expression Language, but the TrustWave advisory
indicates that things can be executed on the server as well. What's the
story there?
-dave
( https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt )
Chris Weber wrote:
Re: XSS in viewstate
David Byrne (Feb 19)
In our original advisory, we did comment that Microsoft hinted at this vulnerability in a rather buried document
(http://support.microsoft.com/kb/829743), but we could find no other references to it on Microsoft's website or
anywhere else. While there are plenty of comments about application developers abusing the view state, this is the
first time (as far as we know) that the .Net framework was demonstrated to be vulnerable to XSS through the...
Re: XSS in viewstate
dave (Feb 19)
We usually see MAC protection turned off on at least one page during an
assessment. Does this mean that you can always have XSS if MAC
protection is turned off? That would be pretty cool.
I'm not familiar with Expression Language, but the TrustWave advisory
indicates that things can be executed on the server as well. What's the
story there?
-dave
( https://www.trustwave.com/spiderlabs/advisories/TWSL2010-001.txt )
Chris Weber wrote:
Re: XSS in viewstate
David Byrne (Feb 19)
http://www.hacking-lab.com/misc/downloads/ViewState_Afames.pdf
This, on first glance, looks real to me. Does anyone have any comments
on it? ViewState is pretty complex and fairly opaque. If I understand
properly, MS does not publish the full specs to it? Maybe the Mono team
found them somewhere?
-dave
Re: XSS in viewstate
Raw Data (Feb 19)
Hi Dave,
This problem has been hinted by MS since the release of .Net2.0, even
my team was able to reproduce this a while ago, so I was a bit
surprise when this advisory was released, as I thought this was
already known.
non-encrypted/signed Viewstate. The problem lies with applications
that are load-balanced and using signed/encrypted Viewstate.
When Viewstate is used on a single machine, the encryption key/signing
MAC is managed internally...
 Honeypots — Discussions about tracking attackers by setting up decoy honeypots or entire honeynet networks.
Re: DNS honeypots?
Jason Ross (Mar 03)
But it would have the advantage of allowing you to capture further
traffic for analysis through whatever tools you choose.
Re: DNS honeypots?
Alexandre Dulaunoy (Mar 03)
We have used various techniques to make DNS honeypots. But there is
an easy to do "fake" DNS server using Net::DNS::Nameserver :
http://search.cpan.org/~olaf/Net-DNS/
You can even find a simple example in the POD :
http://search.cpan.org/~olaf/Net-DNS/lib/Net/DNS/Nameserver.pm
If you want to make a low-interaction nameserver, you can filter
the request and answer to limit the malicious queries but still gain
information by doing and...
Re: DNS honeypots?
Brent Huston (Mar 03)
Likely nothing today, most malware isn't smart enough to figure that out.
Re: DNS honeypots?
Jason Lewis (Mar 03)
Slightly related, I was wondering what might happen if I made every
query to the honeypot resolve back to the honeypot?
Re: DNS honeypots?
Brent Huston (Mar 03)
One of the tactics our clients use is that they stand up one of our HoneyPoint Agents on a decoy box and then send all
malicious and failed queries to that IP address. The HoneyPoint Agent then absorbs the traffic for analysis.
You can find a little bit about it from one of our customers here, they wrote it up with us: http://hurl.ws/cbhp
Let me know if that helps!
Re: DNS honeypots?
chr1x (Mar 02)
This post looks pretty interesting!
Let's analyze your requirement:
1. Logging malicious queries
2. Reject/Deny any possible dns attack attempt
Well, from my point of view, going from the Honeypot concept which is
track hackers, probably the best way that you can follow is to setup an
IPS instead a Sensor. Personally, I don't see the purpose to have
"Reactive" honeypot if the objective of a honeypot is to be the most
open possible...
Re: DNS honeypots?
Jason Lewis (Mar 02)
I just figured I'd setup something to log access and see what shows
up. I wasn't planning on directing traffic to the system.
Re: DNS honeypots?
Jason Lewis (Mar 02)
Cool, this is the kind of thing I was thinking of doing. I was hoping
I wouldn't have to reinvent the wheel.
Thanks.
Re: DNS honeypots?
Jason Ross (Mar 02)
There's quite a lot of (bad and good) bots "out there" looking for DNS
servers, particularly ones that appear to permit recursive queries to
the Internet. Just leaving a box on the net that meets those criteria
will collect a fair amount of queries.
Re: DNS honeypots?
Valdis . Kletnieks (Mar 02)
On Tue, 02 Mar 2010 15:00:43 EST, Jason Lewis said:
Out of curiosity, how do you get traffic directed to the honeypot without
listing it in an NS entry for an SOA? Give it a hostname like ns1.exampe.com
and hope that works?
Re: DNS honeypots?
Jason Ross (Mar 02)
Below is how I've got BIND set up in Debian Linux for a similar purpose.
It sends all the queries to a log file, and returns an A record (and MX)
of whatever value you'd like (I used RFC1918 space for this example).
Not sure it's perfect, but it works pretty well for my purposes.
Cheers,
Re: DNS honeypots?
Tillmann Werner (Mar 02)
Jason,
No need to run a server, you can simply sniff DNS traffic destined to
that box. If you don't want to send back an ICMP port unreachable
message, just block them using a packet filter.
I have some DNS sniffer code for exactly that purpose I can send to you
off-list if you are interested. tcpdump does the job, too, but mine
integrates DNS processing and logging (for IN/A record queries via UDP).
Tillmann
DNS honeypots?
Jason Lewis (Mar 02)
Anyone have any pointers to dns honeypots or maybe just BIND
configurations that would allow logging of malicious queries without
actually executing them?
Honeynet Project Forensic Challenge 2010/2 - browsers under attack
christian . seifert (Feb 27)
The Honeynet Project has revived an successful program from the past: The Honeynet Project Forensic Challenge 2010. The
purpose of the Forensic Challenges is to take learning one step farther. Instead of having the Honeynet Project analyze
attacks and share their findings, Forensic Challenges give the security community the opportunity to do so. In the end,
individuals and organizations not only learn about threats, but also learn how to...
 MS Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products -- note how most have a prominent and often-misleading "mitigating factors" section.
Microsoft Security Bulletin Major Revisions
Microsoft (Mar 09)
********************************************************************
Title: Microsoft Security Bulletin Major Revisions
Issued: March 9, 2010
********************************************************************
Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.
* MS09-033 - Important
Bulletin Information:
=====================
* MS09-033 - Important
-...
Microsoft Security Bulletin Summary for March 2010
Microsoft (Mar 09)
********************************************************************
Microsoft Security Bulletin Summary for March 2010
Issued: March 9, 2010
********************************************************************
This bulletin summary lists security bulletins released for
March 2010.
The full version of the Microsoft Security Bulletin Summary for
March 2010 can be found at
http://www.microsoft.com/technet/security/bulletin/ms10-mar.mspx.
With...
Microsoft Security Bulletin Summary for February 2010
Microsoft (Feb 09)
********************************************************************
Microsoft Security Bulletin Summary for February 2010
Issued: February 9, 2010
********************************************************************
This bulletin summary lists security bulletins released for
February 2010.
The full version of the Microsoft Security Bulletin Summary for
February 2010 can be found at...
Microsoft Security Bulletin Summary for January 2010
Microsoft (Jan 21)
********************************************************************
Microsoft Security Bulletin Summary for January 2010
Issued: January 21, 2010
********************************************************************
This bulletin summary lists the out-of-band security bulletin
released on January 21, 2010.
The full version of the Microsoft Security Bulletin Summary for
January 2010 can be found at...
Microsoft Security Bulletin Major Revision
Microsoft (Jan 14)
********************************************************************
Title: Microsoft Security Bulletin Major Revision
Issued: January 13, 2010
********************************************************************
Summary
=======
The following bulletin has undergone a major revision increment.
* MS09-073 - Important
Bulletin Information:
=====================
* MS09-073 - Important
-...
Microsoft Security Bulletin Summary for January 2010
Microsoft (Jan 12)
********************************************************************
Microsoft Security Bulletin Summary for January 2010
Issued: January 12, 2010
********************************************************************
This bulletin summary lists security bulletins released for
January 2010.
The full version of the Microsoft Security Bulletin Summary for
January 2010 can be found at
http://www.microsoft.com/technet/security/bulletin/ms10-jan.mspx....
Microsoft Security Bulletin Re-Release
Microsoft (Jan 12)
********************************************************************
Title: Microsoft Security Bulletin Re-Release
Issued: January 12, 2010
********************************************************************
Summary
=======
The following bulletin has undergone a major revision increment.
* MS09-035 - Moderate
Bulletin Information:
=====================
* MS09-035 - Moderate
-...
Microsoft Security Bulletin Major Revisions
Microsoft (Dec 08)
********************************************************************
Title: Microsoft Security Bulletin Major Revisions
Issued: December 8, 2009
********************************************************************
Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.
* MS08-037 - Important
Bulletin Information:
=====================
* MS08-037 - Important...
Microsoft Security Bulletin Summary for December 2009
Microsoft (Dec 08)
********************************************************************
Microsoft Security Bulletin Summary for December 2009
Issued: December 8, 2009
********************************************************************
This bulletin summary lists security bulletins released for
December 2009.
The full version of the Microsoft Security Bulletin Summary for
December 2009 can be found at...
Microsoft Security Bulletin Major Revisions
Microsoft (Nov 24)
********************************************************************
Title: Microsoft Security Bulletin Major Revisions
Issued: November 24, 2009
********************************************************************
Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.
* MS08-076 - Important
Bulletin Information:
=====================
* MS08-076 - Important...
Microsoft Security Bulletin Major Revisions
Microsoft (Nov 10)
********************************************************************
Title: Microsoft Security Bulletin Major Revisions
Issued: November 10, 2009
********************************************************************
Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.
* MS09-051 - Critical
* MS09-045 - Critical
Bulletin Information:
=====================
*...
Microsoft Security Bulletin Summary for November 2009
Microsoft (Nov 10)
********************************************************************
Microsoft Security Bulletin Summary for November 2009
Issued: November 10, 2009
********************************************************************
This bulletin summary lists security bulletins released for
November 2009.
The full version of the Microsoft Security Bulletin Summary for
November 2009 can be found at...
Microsoft Security Bulletin Advance Notification for November 2009
Microsoft (Nov 05)
********************************************************************
Microsoft Security Bulletin Advance Notification for November 2009
Issued: November 5, 2009
********************************************************************
This is an advance notification of security bulletins that
Microsoft is intending to release on November 10, 2009.
The full version of the Microsoft Security Bulletin Advance
Notification for November 2009 can be found...
Microsoft Security Bulletin Major Revisions
Microsoft (Nov 03)
********************************************************************
Title: Microsoft Security Bulletin Major Revisions
Issued: November 2, 2009
********************************************************************
Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.
* MS09-054 - Critical
Bulletin Information:
=====================
* MS09-054 - Critical
-...
Microsoft Security Bulletin Major Revisions
Microsoft (Oct 28)
********************************************************************
Title: Microsoft Security Bulletin Major Revisions
Issued: October 28, 2009
********************************************************************
Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.
* MS09-062 - Critical
Bulletin Information:
=====================
* MS09-062 - Critical
-...
 Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community
Re: Ford's SyncMyRide -- all your voice are belong to us?
Shawn Merdinger (Mar 10)
I kinda think it gets better...or worse ;)
the "Vehicle Health Report" only requires a VIN. Those are easy to
get, such as from Ebay Motors (and of course plenty of other places,
the vehicle dashboard, accident reports, etc.).
With the vehicle's VIN, *it seems* that anyone can go to SyncMyRide
website, then register someone else's car to anyone's contact
information (cell phone, email) to receive "Vehicle Health Reports."...
Re: Ford's SyncMyRide -- all your voice are belong to us?
Benjamin Brown (Mar 10)
creeptastic
On Wed, Mar 10, 2010 at 10:36 AM, Shawn Merdinger <shawnmer () gmail com>wrote:
Ford's SyncMyRide -- all your voice are belong to us?
Shawn Merdinger (Mar 10)
Interesting news:
http://www.darkreading.com/vulnerability_management/security/client/showArticle.jhtml?articleID=223200163
Ya gotta love this lovely tidbit of fine print from the SyncMyRide
terms and conditions:
http://www.syncmyride.com/Own/Modules/PageTools/TermsAndConditions.aspx
<snip>
Ford's Service provider Tellme Networks, Inc. ("Tellme"), a subsidiary
of Microsoft Corporation, may record and retain user voice...
Re: Bank security
Dave Paris (Mar 10)
::sniff:: I love happy endings. :)
Re: Bank security
Joel Esler (Mar 09)
GodDAMN those icebergs.
Re: Hitler and Cloud Computing Security mashup YouTube video : http://www.youtube.com/watch?v=VjfaCoA2sQk
Benjamin Brown (Mar 09)
http://www.youtube.com/watch?v=fQ97CZU_7kA&feature=PlayList&p=E1D776E2C30908A3&index=15
Re: Bank security
Rich Kulawiec (Mar 09)
Well, at that very moment an iceberg the size of Rhode Island broke
off into the southern Atlantic, sending a wave careening into the
side of an ocean liner full of dyspeptic tourists on holiday from
Camden, New Jersey, sweeping overboard the laptop of the secondary
accountant's assistant and with it the only copy of the security
policy for the entire company. As the news of this rippled (heh)
through the fabric of the corporation, causing chaos...
Re: Hitler and Cloud Computing Security mashup YouTube video : http://www.youtube.com/watch?v=VjfaCoA2sQk
Adriel T. Desautels (Mar 09)
I think I need to post that on my blog.
Adriel T. Desautels
ad_lists () netragard com
--------------------------------------
Subscribe to our blog
http://snosoft.blogspot.com
Google Responds To Privacy Concerns With Unsettlingly Specific Apology
Morrow Long (Mar 09)
Google Responds To Privacy Concerns With Unsettlingly Specific Apology
http://www.theonion.com/content/news/google_responds_to_privacy?utm_source=EMTF_Onion
...
"Added Schmidt, "Whether you're Michael Paulson who lives at 3425
Longview Terrace and makes $86,400 a year, or Jessica Goldblatt from
Lynnwood, WA, who already has well-established trust issues, we at
Google would just like to say how very, truly sorry we are."
...
Hitler and Cloud Computing Security mashup YouTube video : http://www.youtube.com/watch?v=VjfaCoA2sQk
Morrow Long (Mar 09)
Hitler and Cloud Computing Security
http://www.youtube.com/watch?v=VjfaCoA2sQk
Sleepy-time tips for extreme multitaskers
Juha-Matti Laurio (Mar 09)
http://www.wired.com/underwire/2010/03/alt-text-dreams/
:)
Juha-Matti
APWG Q4 '09 report out
Juha-Matti Laurio (Mar 09)
Q4 report has been released recently -
http://www.antiphishing.org/reports/apwg_report_Q4_2009.pdf
Juha-Matti
Re: Bank security
Mike Preston (Mar 09)
I just had a backup of a PCI DSS DB uploaded via anon FTP for a server
I'm working on. Can't get much more clueless than that considering that
they had:
- a valid login to an alternative secure sftp server.
- both my and their own GPG credentials to allow it to be encrypted.
- over 10 years experience as a 'system administrator' responsible for
the companies PKI.
The only mitigating factor was that the upload directory doesn't allow
downloads,...
Re: Bank security
Joel Esler (Mar 08)
Okay, so then what they do!? You've got me on the edge of my seat here.
Re: Bank security
chaim . rieger (Mar 08)
Just had a gov agency send me an email that contained private and personal info (not mine)
Called em on it and they went oops
Sent via BlackBerry from T-Mobile
 CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, bulletins, tips, and current activity lists.
TA10-068A -- Microsoft Updates for Multiple Vulnerabilities
US-CERT Technical Alerts (Mar 09)
National Cyber Alert System
Technical Cyber Security Alert TA10-068A
Microsoft Updates for Multiple Vulnerabilities
Original release date:
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Windows
* Microsoft Office
Overview
Microsoft has released updates to address vulnerabilities in
Microsoft Windows and Microsoft Office.
I. Description
Microsoft has released...
Current Activity - Microsoft Releases March Security Bulletin
Current Activity (Mar 09)
US-CERT Current Activity
Microsoft Releases March Security Bulletin
Original release date: March 9, 2010 at 1:44 pm
Last revised: March 9, 2010 at 1:44 pm
Microsoft has released an update to address vulnerabilities in
Microsoft Windows and Office as part of the Microsoft Security
Bulletin Summary for March 2010. These vulnerabilities may allow an
attacker to execute arbitrary code.
US-CERT encourages users and administrators to review the...
SB10-067 -- Vulnerability Summary for the Week of March 1, 2010
US-CERT Security Bulletins (Mar 08)
Vulnerability Summary for the Week of March 1, 2010
This bulletin provides a summary of new vulnerabilities that have been
recorded by the National Institute of Standards and Technology (NIST)
National Vulnerability Database (NVD) the week of March 1, 2010. It is
available here:
http://www.us-cert.gov/cas/bulletins/SB10-067.html
For instructions on subscribing to or unsubscribing from this
mailing list, visit <...
Current Activity - Energizer DUO USB Battery Charger Software Allows Remote System Access
Current Activity (Mar 08)
US-CERT Current Activity
Energizer DUO USB Battery Charger Software Allows Remote System Access
Original release date: March 8, 2010 at 10:26 am
Last revised: March 8, 2010 at 10:26 am
US-CERT is aware of a backdoor in the software for the Energizer DUO
USB battery charger. This backdoor may allow a remote attacker to list
directories, send and receive files, and execute programs on an
affected system. The software, which has been...
New US-CERT PGP Key
US-CERT Technical Alerts (Mar 05)
New US-CERT PGP Key
US-CERT has generated a new US-CERT Publications PGP key. We use this
key to sign all publications, including documents sent to this list.
Effective immediately, this new key (key ID 0x093916B7) is available
and will be valid until Saturday, October 1, 2011. This key replaces the
current PGP key (key ID 0xBEE871AC).
To obtain further information or to download the new
US-CERT publications PGP key, please visit
<...
New US-CERT PGP Key
US-CERT Security Bulletins (Mar 05)
New US-CERT PGP Key
US-CERT has generated a new US-CERT Publications PGP key. We use this
key to sign all publications, including documents sent to this list.
Effective immediately, this new key (key ID 0x093916B7) is available
and will be valid until Saturday, October 1, 2011. This key replaces the
current PGP key (key ID 0xBEE871AC).
To obtain further information or to download the new
US-CERT publications PGP key, please visit
<...
Cyber Security Tip -- New US-CERT PGP Key
US-CERT Security Tips (Mar 05)
New US-CERT PGP Key
US-CERT has generated a new US-CERT Publications PGP key. We use this
key to sign all publications, including documents sent to this list.
Effective immediately, this new key (key ID 0x093916B7) is available
and will be valid until Saturday, October 1, 2011. This key replaces the
current PGP key (key ID 0xBEE871AC).
To obtain further information or to download the new
US-CERT publications PGP key, please visit
<...
Current Activity - Cisco Releases Multiple Security Advisories
Current Activity (Mar 04)
US-CERT Current Activity
Cisco Releases Multiple Security Advisories
Original release date: March 4, 2010 at 6:00 pm
Last revised: March 4, 2010 at 6:00 pm
Cisco has released three security advisories to address
vulnerabilities.
Security advisory cisco-sa-20100303-cucm, addresses multiple
vulnerabilities in the Cisco Unified Communications Manager which
affect the Session Initiation Protocol (SIP), Skinny Client Control
Protocol (SCCP), and...
Current Activity - Microsoft Releases Advance Notification for March Security Bulletin
Current Activity (Mar 04)
US-CERT Current Activity
Microsoft Releases Advance Notification for March Security Bulletin
Original release date: March 4, 2010 at 1:57 pm
Last revised: March 4, 2010 at 1:57 pm
Microsoft has issued a Security Bulletin Advance Notification,
indicating that its March release cycle will contain two bulletins.
These bulletins will have a severity rating of Important and will be
for Microsoft Windows and Microsoft Office. Release of these...
Current Activity - Microsoft Re-Releases Security Bulletin MS10-015
Current Activity (Mar 03)
US-CERT Current Activity
Microsoft Re-Releases Security Bulletin MS10-015
Original release date: March 3, 2010 at 10:02 am
Last revised: March 3, 2010 at 10:02 am
Microsoft has re-released the security update described in Microsoft
Security Bulletin MS10-015. This release contains an updated
installation package that does not allow the security update to be
installed on computers infected with malicious code. Microsoft has
also released a...
Current Activity - U.S. Census Bureau 2010 Census Campaign Warning
Current Activity (Mar 03)
US-CERT Current Activity
U.S. Census Bureau 2010 Census Campaign Warning
Original release date: March 3, 2010 at 11:21 am
Last revised: March 3, 2010 at 11:21 am
US-CERT asks users to be vigilant during the U.S. Census Bureau's 2010
Census campaign and to watch for potential census scams.
According to the U.S. Census 2010 website, they began delivery of the
printed census forms to every resident in the United States on March
1, 2010. The only...
Current Activity - Microsoft Releases Security Advisory to Address VBScript Vulnerability
Current Activity (Mar 02)
US-CERT Current Activity
Microsoft Releases Security Advisory to Address VBScript Vulnerability
Original release date: March 2, 2010 at 8:36 am
Last revised: March 2, 2010 at 8:36 am
Microsoft has released a security advisory to address a vulnerability
in VBScript. The advisory indicates that this vulnerability exists in
the way that VBScript interacts with Windows Help files when using
Internet Explorer. By convincing a user to view a...
SB10-060 -- Vulnerability Summary for the Week of February 22, 2010
US-CERT Security Bulletins (Mar 01)
Vulnerability Summary for the Week of February 22, 2010
This bulletin provides a summary of new vulnerabilities that have been
recorded by the National Institute of Standards and Technology (NIST)
National Vulnerability Database (NVD) the week of February 22, 2010. It is
available here:
http://www.us-cert.gov/cas/bulletins/SB10-060.html
For instructions on subscribing to or unsubscribing from this
mailing list, visit <...
Cyber Security Tip ST04-022 -- Understanding Your Computer: Web Browsers
US-CERT Security Tips (Feb 25)
Cyber Security Tip ST04-022
Understanding Your Computer: Web Browsers
Web browsers allow you to navigate the internet. There are a variety of
options available, so you can choose the one that best suits your needs.
How do web browsers work?
A web browser is an application that finds and displays web pages. It
coordinates communication between your computer and the web server where a...
TA10-055A -- Malicious Activity Associated with "Aurora" Internet Explorer Exploit
US-CERT Technical Alerts (Feb 24)
National Cyber Alert System
Technical Cyber Security Alert TA10-055A
Malicious Activity Associated with "Aurora" Internet Explorer Exploit
Original release date:
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
* Microsoft Internet Explorer 6, 7, and 8 on supported editions of Windows XP,...
 Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community
CVE Request: DeviceKit privilege escalation via pluggable storage device labels
Vincent Danen (Mar 10)
This is quite old, but I don't think a CVE name has ever been assigned
to it. The issue is with how DeviceKit handled labels for pluggable
storage devices. A local unprivileged user could use this flaw to
elevate privileges. It has been corrected upstream.
References:
https://bugzilla.redhat.com/show_bug.cgi?id=523178
http://cgit.freedesktop.org/DeviceKit/DeviceKit-disks/commit/?id=62f883c7d38e75d0669c162529062a1e81d00da2...
CVE Request -- Dovecot v1.2.11 -- DoS (excessive CPU use) by processing email with huge header
Jan Lieskovsky (Mar 10)
Hi Steve, vendors,
Dovecot upstream has released latest v1.2.11 version of Dovecot IMAP server:
[1] http://www.dovecot.org/list/dovecot-news/2010-March/000152.html
addressing one denial of service issue (from upstream announcement):
"mbox users really should upgrade, because by sending a message with
a huge header you could basically cause a DoS (this problem exists only
with v1.2.x, not with v1.0 or v1.1)."...
Re: phpmyvisites 2.3
Anthon Pang (Mar 10)
Should the CVE be against clickheat instead? Looking at the
sourceforge project page, clickHeat is a standalone app, which
suggests only a loosely coupled integration with PMV.
Sent from my iPhone
CVE Request -- aMSN -- improper SSL certificate validation (MITM)
Jan Lieskovsky (Mar 10)
Hi Steve, vendors,
Gabriel Menezes Nunes reported:
[1] http://seclists.org/bugtraq/2009/Jun/239
a deficiency in the way aMSN messenger validated SSL certificates when
connecting to the MSN server. A remote attacker could conduct man-in-the-middle
attacks and / or impersonate trusted servers.
Affected version:
Issue originally reported against aMSN v0.97.2, but further research showed [4]
latest aMSN v0.98.3 still...
Re: CVE Request: libesmtp does not check NULL bytes in commonName
Ludwig Nussel (Mar 10)
Jan Lieskovsky wrote:
I've created the attached patch to fix that problem
The attached patch includes the patch from Debian. However, the
match_domain() function probably should be rewritten anyways I
guess. It matches patters such as 'foo.bar.*' which is rather weird.
libESMTP also uses the Common Name as fallback even if a dNSName in
subjectAltName is present but doesn't match. The Common Name should
be ignored in that case according to...
CVE Request -- SpamAssassin Mail Filter -- arbitrary shell command injection (priv esc)
Jan Lieskovsky (Mar 10)
Hi Steve, vendors,
Security researcher called "Kingcope" pointed out:
[1] http://lists.grok.org.uk/pipermail/full-disclosure/2010-March/073489.html
a deficiency in the way Mail Filter plugin for the SpamAssassin
spam filter sanitized certain mail header field, when spamass-milter
was run with the expand flag (-x option).
Affected versions:
Flaw reported against v0.3.1. Others may be also affected....
phpmyvisites 2.3
Henri Salo (Mar 10)
There is a security vulnerability in phpMyVisites 2.3. Is there a CVE
assigned for that issue?
http://www.phpmyvisites.us/phpmv2/CHANGELOG
---
Henri Salo
CVE Request -- MediaWiki - v1.15.2
Jan Lieskovsky (Mar 09)
Hi Steve, vendors,
MediaWiki upstream has released latest v1.15.2 version:
[1] http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html
fixing two security issues (from upstream advisory):
a, a CSS validation issue was discovered which allows editors to display
external images in wiki pages.
b, a data leakage vulnerability was discovered in thumb.php which affects
wikis which restrict access to...
Re: CVE Request: libesmtp does not check NULL bytes in commonName
Jan Lieskovsky (Mar 09)
Hi Steve,
Kees Cook wrote:
any progress while assigning CVE ids for these issues?
From what I can tell, two should be enough:
a, libESMTP doesn't properly handle NULL character in Common Name
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408
http://ioactive.com/pdfs/PKILayerCake.pdf (issue 2c)
b, libESMTP's match_component() accepts two strings as equal
if they start equal but don't...
CVE Request: postgresql integer overflow in hash table size calculation
Vincent Danen (Mar 09)
I've been looking and can't find a CVE name for this issue. Could one
be assigned?
An integer overflow flaw was found in the way postgresql used to
calculate size for the hashtable for joined relations. An attacker could
formulate a specially-crafted sql query, which once processed would lead
to denial of service (postgresql daemon crash).
References:
https://bugzilla.redhat.com/show_bug.cgi?id=546621...
Re: CVE Request -- cURL/libCURL 7.20.0
Jan Lieskovsky (Mar 09)
Hi Steve,
Jan Lieskovsky wrote:
Any update with assigning CVE id for this?
Thanks, Jan.
CVE Request -- Drupal v6.16 / v5.22 SA-CORE-2010-001
Jan Lieskovsky (Mar 08)
Hi Steve, vendors,
multiple security issues have been addressed within SA-CORE-2010-001:
* Installation cross site scripting
* Open redirection
* Locale module cross site scripting
* Blocked user session regeneration
References:
[1] http://drupal.org/node/731710
[2] http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036472.html
[3] http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036619.html...
Re: WANTED: mikmod patches
Kees Cook (Mar 06)
http://secunia.com/secunia_research/2009-55/
Looks like the CVEs need to be updated -- they were assigned only for
WinAmp originally:
CVE-2009-3995:
http://secunia.com/secunia_research/2009-52/ "Impulse Tracker Instrument"
http://secunia.com/secunia_research/2009-53/ "Impulse Tracker Sample"
CVE-2009-3996:
http://secunia.com/secunia_research/2009-56/ "Ultratracker File"
Dyon, do you have any reproducers you could...
Re: Samba symlink 0day flaw
Steven M. Christey (Mar 05)
Yes, I think this is fair game for CVE.
Use CVE-2010-0926, to be filled in later.
- Steve
Re: CVE Request: gnome-screensaver termination by pressing "Enter"
Marcus Meissner (Mar 05)
Can someone, Stephen, assign a CVE id please?
Ciao, Marcus
 NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.
IPv6 enabled carriers?
Charles Mills (Mar 10)
Does anyone have a list of carriers who are IPv6 capable today?
I would assume this would be rolled out in larger cities first but
anything outside of "testbed environments" and "trials" as in
Comcast's recent announcement seems to be all that is available.
I'm being tasked with coming up with an IPv6 migration plan for a data center.
Mostly interested in if ATT, Level3, GLBX, Saavis, Verizon Business
and Qwest are capable...
MPLS VLAN service
James Jones (Mar 10)
I am looking for MPLS L2 VPN that will let give a ethernet port in
springfield, MA @ one federal TO Wellington, NZ @ AT&T House. Can anyone
here do this? Also can you provide me with some ball park pricing.
Please reply off list.
Res: CRS-3 x T1600
GIULIANO (UOL) (Mar 10)
JUNIPER Networks did a press note about the new T-1600 components:
http://www.juniper.net/us/en/company/press-center/press-releases/2010/pr_2010_02_04-08_30.html
And now CISCO with the new components for the CRS-1 ... to increase it
to "new" CRS-3.
T1600 - 250 Gbps full duplex / slot
CRS-3 - 120 Gbps full duplex / slot
CISCO is MUCH better using marketing than JUNIPER : )
Both companies looks like want to reach 4 Tbps capacity with...
CRS-3 x T1600
GIULIANO (UOL) (Mar 10)
JUNIPER Networks did a press note about the new T-1600 components:
http://www.juniper.net/us/en/company/press-center/press-releases/2010/pr_2010_02_04-08_30.html
And now CISCO with the new components for the CRS-1 ... to increase it
to "new" CRS-3.
Both companies looks like want to reach 4 Tbps capacity with their CORE
Routers.
I think JUNIPER have been tested 100 Gbps ethernet line card for so long....
RE: CRS-3
Huizinga, Rene (Mar 10)
Cisco and linerate...if it would be a Juniper I could say OK, on a Cisco, first see then believe.
Also, seeing CRS-1's, is the '3' in CRS-3 the multiplier or magnitude of problems to be expected compared to its
'little' buggy sister.. ? :)
-----Original Message-----
From: Bob Snyder [mailto:rsnyder () toontown erial nj us]
Sent: Wednesday, 10 March, 2010 17:30
To: nanog () nanog org
Subject: Re: CRS-3
Is that the cost for a nameplate you...
Re: CRS-3
Bob Snyder (Mar 10)
Is that the cost for a nameplate you can stick on an empty rack with
dark glass so you can fool people visiting your datacenter? I've put
together BoMs for the CRS-1, and the pricing was at least an order of
magnitude higher.
Linecards are interesting. We get a 100Gb card, we get a linerate
14-port 10Gb card, but apparently there's still only a single port
OC-768 40Gb card.
Bob
Re: IP4 Space
Owen DeLong (Mar 10)
True
I'm not convinced of this, however. I spend much of my time talking to
groups of people about this. I have managed to get several members of
such groups from denial to bargaining and sometimes eve depression
in a single session.
On rare occasion, acceptance even starts to set in.
I think it is getting better and continuing to talk about it will help.
Owen
Cisco XR 12000 Series Router demonstration has been delayed...
Jonathan Bayles (Mar 10)
<parody>
The issue occurred during preventative maintenance of one of our data centers when a human error caused an electrical
overload on the systems. This caused Cisco.com and other applications to go down. Because of the severity of the
overload, the redundancy measures in some of the applications and power systems were impacted as well, though the
system did shut down as designed to protect the people and the equipment. As a result,...
Re: T1 aggregation and data center gateways
Alexander Harrowell (Mar 10)
I think I'll leave this to my new sig.
Re: T1 aggregation and data center gateways
Tim Franklin (Mar 10)
The obvious answer is that if your corporate email policy makes you look like an idiot, post to mailing lists from a
personal email address that doesn't make you look like an idiot.
This also spares the list from "out-of-office" messages from Exchange servers too stupid to refrain from sending such
messages to mailing lists.
Regards,
Tim.
Re: T1 aggregation and data center gateways
Scott Morris (Mar 10)
Isn't that just CYA? Thank the lawyers and "corporate compliance
offices" and professional whiners.
Scott
John Peach wrote:
[snip]
________________________________
THIS MESSAGE IS INTENDED ONLY FOR PERSONAL AND CONFIDENTIAL USE OF THE INDIVIDUA
L OR ENTITY TO WHOM IT IS ADDRESSED AND MAY CONTAIN INFORMATION THAT IS PRIVILEG
ED, CONFIDENTIAL, AND EXEMPT FROM DISCLOSURE UNDER APPLICABLE LAW. If the reader
of this message...
Re: IP4 Space
Andy Koch (Mar 10)
Or 374 days on the competing prediction http://ipv4depletion.com/?page_id=4
Re: IP4 Space
Jens Link (Mar 10)
Owen DeLong <owen () delong com> writes:
So am I. But most IT people I talk to are still at the denial phase. And
there is not much one can do about it.
Jens, 566 days to go
Policies from experience
Djamel Sadok (Mar 10)
Hi everyone,
I am curious regarding the use of "policies", rules or goals to manage a
network at the three levels: business, traffic engineering and routing. I
have these questions:
1) What examples of policies could be enforced at each level? (the simplest
case being that of routing policies using EGP that I can think of)?
2) Could there be a clear cut in terms of policies between these three
levels: business, routing and TE ?
3)...
Re: CRS-3
Gregory Hicks (Mar 09)
days. :-)
The press release at
http://newsroom.cisco.com/dlls/2010/prod_030910.html states that the
pricing for the CRS-3 STARTS AT $90K...
 Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating
Cyberdeterrence -- Call for papers from the National Research Council , and a prize competition
Dave Farber (Mar 10)
Begin forwarded message:
> From: "Lin, Herb" <HLin () nas edu>
> Date: March 10, 2010 12:53:01 PM EST
> To: dave () farber net, ip <ip () v2 listbox com>
> Subject: Cyberdeterrence -- Call for papers from the National
> Research Council , and a prize competition
>
> Dave – for IP if you wish
>
> The National Research Council (NRC) is undertaking a project
> entitled “Deterring...
re: How not to put computers in control -- Toyota as runaway machines
Dave Farber (Mar 10)
Begin forwarded message:
> From: Dan Gillmor <dan () gillmor com>
> Date: March 10, 2010 11:18:49 AM EST
> To: dave () farber net
> Subject: Re: [IP] How not to put computers in control -- Toyota as
> runaway machines
>
> The writer below pointed to yesterday's CNN piece, which the news
> channel ran incessantly during the day. He was right to note that
> the problem is poor risk procedures, but that's not...
Re: How not to put computers in control -- Toyota as runaway machines
David Farber (Mar 10)
Begin forwarded message:
From: Scott Alexander <salex () dsalex org>
Date: March 10, 2010 10:56:05 AM EST
To: dave () farber net
Cc: egerck () nma com
Subject: Re: [IP] How not to put computers in control -- Toyota as runaway machines
I wonder if it's as simple as this. I agree that it would be good design (particularly in hindsight) to say that there
should be some sort of override, that that override should be fail safe, and that it...
Scary 'Pelosism'
David Farber (Mar 10)
Begin forwarded message:
From: Richard Forno <rforno () infowarrior org>
Date: March 9, 2010 4:40:47 PM EST
To: Richard Forno <rforno () infowarrior org>
Cc: Dave Farber <dave () farber net>
Subject: OT: Scary 'Pelosism'
This following line is from Speaker Pelosi's Remarks at the 2010 Legislative Conference for National Association of
Counties (http://www.speaker.gov/newsroom/pressreleases?id=1576)
Regarding the health care...
Important new Internet anonymity case
David Farber (Mar 10)
Begin forwarded message:
From: "Paul Levy" <plevy () citizen org>
Date: March 9, 2010 5:55:57 PM EST
To: <dave () farber net>
Subject: Important new Internet anonymity case
The New Jersey Superior Court Appellate Division, whose decision in Dendrite v. Doe remains the gold standard for state
court appellate decisions addressing the procedures and standards to be used to decide whether to require the
identification of...
The future of intense winter storms
David Farber (Mar 10)
Begin forwarded message:
From: dewayne () warpspeed com (Dewayne Hendricks)
Date: March 4, 2010 10:15:29 AM EST
To: Dewayne-Net Technology List <xyzzy () warpspeed com>
Subject: [Dewayne-Net] The future of intense winter storms
The future of intense winter storms
Posted by: JeffMasters, 2:43 PM GMT on March 03, 2010
<http://www.wunderground.com/blog/JeffMasters/comment.html?entrynum=1441>
When Winter Storm Xynthia powered ashore...
How not to put computers in control -- Toyota as runaway machines
Dave Farber (Mar 10)
>From: "Ed Gerck, Ph.D." <egerck () nma com>
>To: "David Farber" <dave () farber net>, "Ip Ip" <ip () v2 listbox com>
>Date: March 10, 2010 07:13:44 AM EST
>Subject: (updated) How not to put computers in control -- Toyota as runaway machines
>
>[Dave: please use this version, if possible]
>
>How not to put computers in control -- Toyota as runaway machines
>
>The...
THE FRONT FELL OFF (the oil tanker)
Dave Farber (Mar 10)
Begin forwarded message:
> From: Bill Daul <bdaul () pacbell net>
> Date: March 9, 2010 10:32:08 PM EST
> To: Dave Farber <dave () farber net>
> Subject: THE FRONT FELL OFF (the oil tanker)
>
> Dave,
>
> I so very appreciate your list. I thought I would submit something
> to bring a smile to the group and would NOT offend anyone. These
> guys are Aussie comedians. I think our IP group would love...
The Response to Google Fiber
David Farber (Mar 09)
Begin forwarded message:
From: dewayne () warpspeed com (Dewayne Hendricks)
Date: March 5, 2010 9:14:55 AM EST
To: Dewayne-Net Technology List <xyzzy () warpspeed com>
Subject: [Dewayne-Net] The Response to Google Fiber
The Response to Google Fiber
[Commentary] Incumbents will spend millions of dollars, as they always have, to block Google fiber.
Google has become a large, highly profitable company; it has money and an army of lobbyists...
Breaking Down the Walls Conference
Dave Farber (Mar 09)
>From: <bobr () bobrosenberg phoenix az us>
>To: "Dave Farber" <dave () farber net>
>Date: March 09, 2010 07:57:11 PM EST
>Subject: Breaking Down the Walls Conference
>
>Dave
>
>Perhaps for I.P.
>
>Bob
>
>
>BREAKING DOWN THE WALLS
>Presented by ASU
>Co-Sponsored by Phoenix Committee on Foreign Relations
>March 31 - April 2, 2010
>The Wyndham, Phoenix, AZ
>
>REGISTER...
EFF releases iPhone developer license agreement
David Farber (Mar 09)
http://www.tuaw.com/2010/03/09/eff-releases-iphone-developer-license-agreement/
-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Cisco returns us to yesteryear with IMS and the PSxN?
Dave Farber (Mar 09)
Begin forwarded message:
> From: Bob Frankston <Bob19-0501 () bobf frankston com>
> Date: March 9, 2010 12:43:32 PM EST
> To: 'Lauren Weinstein' <lauren () vortex com>, nnsquad () nnsquad org
> Cc: dave () farber net
> Subject: Cisco returns us to yesteryear with IMS and the PSxN?
>
> This sounds a lot like IMS repackaged. Having the network know about
> subscribers is a giant step backwards as is baking-in...
re: Laptops in the classroom -- a reverse of direction
Dave Farber (Mar 09)
Begin forwarded message:
> From: "David P. Reed" <dpreed () reed com>
> Date: March 9, 2010 11:51:51 AM EST
> To: dave () farber net
> Cc: ip <ip () v2 listbox com>
> Subject: Re: [IP] ] Laptops in the classroom -- a reverse of direction
>
> Isn't the deeper question one of why teachers cannot command
> attention in their own classrooms?
>
> I used to read a book held inside my 8th grade...
] Laptops in the classroom -- a reverse of direction
Dave Farber (Mar 09)
Anyone care to estimate time to jailbreak the ipad. djf
Begin forwarded message:
> From: Adam Fields <ip20398470293845 () aquick org>
> Date: March 9, 2010 10:42:59 AM EST
> To: David Farber <dave () farber net>
> Cc: ip <ip () v2 listbox com>
> Subject: Re: [IP] Laptops in the classroom -- a reverse of direction
>
> For IP, if you wish:
>
> On Tue, Mar 09, 2010 at 10:33:42AM -0500, David Farber...
"Your Papers, Please!" - Get Your Fingerprints Ready! Cross-Party Senate Alliance Pushing National ID Card
David Farber (Mar 09)
Begin forwarded message:
From: Lauren Weinstein <lauren () vortex com>
Date: March 9, 2010 2:56:36 AM EST
To: dave () farber net
Subject: "Your Papers, Please!" - Get Your Fingerprints Ready! Cross-Party Senate Alliance Pushing National ID Card
"Your Papers, Please!" - Get Your Fingerprints Ready! Cross-Party
Senate Alliance Pushing National ID Card...
 The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.
Risks Digest 25.95
RISKS List Owner (Feb 28)
RISKS-LIST: Risks-Forum Digest Sunday 28 February 2010 Volume 25 : Issue 95
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.95.html>
The current issue can be...
Risks Digest 25.94
RISKS List Owner (Feb 14)
RISKS-LIST: Risks-Forum Digest Sunday 14 February 2010 Volume 25 : Issue 94
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.94.html>
The current issue can be...
Risks Digest 25.93
RISKS List Owner (Jan 29)
RISKS-LIST: Risks-Forum Digest Friday 29 January 2010 Volume 25 : Issue 93
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.93.html>
The current issue can be...
Risks Digest 25.92
RISKS List Owner (Jan 26)
RISKS-LIST: Risks-Forum Digest Tuesday 26 January 2010 Volume 25 : Issue 92
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.92.html>
The current issue can be...
Risks Digest 25.91
RISKS List Owner (Jan 19)
RISKS-LIST: Risks-Forum Digest Tuesday 19 January 2010 Volume 25 : Issue 91
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.91.html>
The current issue can be...
Risks Digest 25.90
RISKS List Owner (Jan 08)
RISKS-LIST: Risks-Forum Digest Friday 8 January 2010 Volume 25 : Issue 90
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.90.html>
The current issue can be...
Risks Digest 25.89
RISKS List Owner (Jan 07)
RISKS-LIST: Risks-Forum Digest Thursday 7 January 2010 Volume 25 : Issue 89
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.89.html>
The current issue can be...
Risks Digest 25.88
RISKS List Owner (Dec 26)
RISKS-LIST: Risks-Forum Digest Saturday 26 December 2009 Volume 25 : Issue 88
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.88.html>
The current issue can...
Risks Digest 25.87
RISKS List Owner (Dec 15)
RISKS-LIST: Risks-Forum Digest Tuesday 15 December 2009 Volume 25 : Issue 87
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.87.html>
The current issue can...
Risks Digest 25.86
RISKS List Owner (Dec 14)
RISKS-LIST: Risks-Forum Digest Monday 14 December 2009 Volume 25 : Issue 86
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.86.html>
The current issue can be...
Risks Digest 25.85
RISKS List Owner (Nov 28)
RISKS-LIST: Risks-Forum Digest Saturday 28 November 2009 Volume 25 : Issue 85
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.85.html>
The current issue can...
Risks Digest 25.84
RISKS List Owner (Nov 25)
RISKS-LIST: Risks-Forum Digest Weds 25 November 2009 Volume 25 : Issue 84
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.84.html>
The current issue can be...
Risks Digest 25.83
RISKS List Owner (Nov 06)
RISKS-LIST: Risks-Forum Digest Friday 6 November 2009 Volume 25 : Issue 83
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.83.html>
The current issue can be...
Risks Digest 25.82
RISKS List Owner (Oct 20)
RISKS-LIST: Risks-Forum Digest Tuesday 20 October 2009 Volume 25 : Issue 82
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.82.html>
The current issue can be...
Risks Digest 25.81
RISKS List Owner (Oct 12)
RISKS-LIST: Risks-Forum Digest Monday 12 October 2009 Volume 25 : Issue 81
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/25.81.html>
The current issue can be...
 Data Loss — Data Loss covers large-scale personal data loss and theft incidents. This archive combines the main list (news releases) and the discussion list.
LifeLock Will Pay $12 Million to Settle Charges by the FTC and 35 States
security curmudgeon (Mar 09)
http://www.databreaches.net/?p=10553
LifeLock Will Pay $12 Million to Settle Charges by the FTC and 35 States
That Identity Theft Prevention and Data Security Claims Were False
March 9, 2010 by admin
LifeLock, Inc. has agreed to pay $11 million to the Federal Trade
Commission and $1 million to a group of 35 state attorneys general to
settle charges that the company used false claims to promote its identity
theft protection services, which...
Mystery hacker a folk hero for struggling population of Latvia
security curmudgeon (Mar 09)
http://www.irishtimes.com/newspaper/world/2010/0308/1224265794239.html
The Irish Times - Monday, March 8, 2010
Mystery hacker a folk hero for struggling population of Latvia
LATVIA LETTER: The person known as Neo has been embarrassing the .fat
cats. in a country with the EU.s highest rate of unemployment, writes
DANIEL McLAUGHLIN
IN THEIR hour of need the people of Latvia, the European country hardest
hit by the economic crisis, have found...
follow-up: Hancock Fabrics confirms skimmers found in some stores
security curmudgeon (Mar 07)
http://www.databreaches.net/?p=10474
Hancock Fabrics confirms skimmers found in some stores
March 5, 2010 by admin
Hancock Fabrics today confirmed what had been reported in the media back
in October and November of 2009: customers in a number of states had their
debit and credit card data stolen by skimmers in some of the stores. The
data theft occurred during the period of August-September, 2009, but
reports of fraud did not appear in the...
NHS in 7 new data blunders
security curmudgeon (Mar 07)
http://www.thesun.co.uk/sol/homepage/news/article730304.ece
NHS in 7 new data blunders
By EMMA MORTON
Health and Science Editor
Published: 26 Jan 2008
THE NHS has owned up to seven new breaches of security involving patient
details, The Sun can reveal.
In one incident, the confidential records of more than 1.7 million
patients were lost.
In another, a doctor's name was used in a Google search - which came up
with a link that accessed...
CA: Westin hotel in LA reports possible data breac
lyger (Mar 05)
http://www.computerworld.com/s/article/9166898/Westin_hotel_in_LA_reports_possible_data_breach?taxonomyId=84
People who stayed at the Westin Bonaventure Hotel & Suites in Los Angeles
last year and used their credit or debit card to eat there should keep a
close eye on their bank statements.
Hotel officials disclosed Friday that the hotel's four restaurants, along
with its valet parking operation, may have been hacked at some time...
TX: UT Southwestern employee accused of selling patient information
lyger (Mar 05)
http://www.wfaa.com/news/crime/UT-Southwestern-employee-accused-of-se-86684637.html
Authorities arrested an employee at UT Southwestern Medical Center after
she allegedly stole patent information and possibly their identities.
Hundreds of patients' personal information - including birth dates,
addresses, phone numbers and financial data - was stolen before Tracy
Renay Thomas' arrest and termination, police said.
Thomas is accused of...
Public employees union slams Alaska data loss deal
security curmudgeon (Mar 05)
http://www.businessweek.com/ap/financialnews/D9E8IENO1.htm
The Associated Press March 5, 2010, 10:46AM ET
Public employees union slams Alaska data loss deal
By JEREMY HSIEH
A union representing 8,000 Alaska government workers is calling on the
state to renegotiate terms of an identity theft settlement with the firm
responsible for losing personal data of 77,000 current and former public
employees.
In a letter to the administration sent...
Arkansas National Guard alerting soldiers of data loss
security curmudgeon (Mar 05)
http://ktlo.com/wire/newsfri/00371_National_Guard_hard_drive_stolen_052208.php
Arkansas National Guard alerting soldiers of data loss
By: Press release
CAMP JOSEPH T. ROBINSON, Ark. - A team of Guardsmen searching data known
to be contained on an external hard drive that was reported missing on
February 22 has discovered approximately 35,000 current and former members
of the Arkansas Army National Guard are affected by the loss.
While the...
Monster botnet held 800,000 people's details
security curmudgeon (Mar 05)
http://www.theregister.co.uk/2010/03/04/mariposa_police_hunt_more_botherders/
Monster botnet held 800,000 people's details
Fourth zombie admin could be in South America
By John Leyden
Posted in Crime, 4th March 2010 12:33 GMT
The Mariposa botnet had the power to dwarf Georgia and Estonia
cyberattacks if it had been used to launch denial of service attacks, say
Spanish police.
Months of investigations by the Guardia Civil in Spain, the FBI...
UK: Argos exposes customers' credit-card numbers in emails
kirniki (Mar 03)
http://www.pcpro.co.uk/news/security/356020/argos-exposes-customers-credit-card-numbers-in-emails
High street retailer Argos has compromised its customers' security by
sending their credit-card details - including the vital security code
- in unencrypted emails.
The company has been including the customer's full name, address,
credit-card number and three-digit CCV security code in order
confirmation emails, which are sent once a customer has...
Heartland Breach: Colorado Bank Reports New Fraud
lyger (Mar 03)
(/me looks at calendar... hm, over a year now...)
http://www.bankinfosecurity.com/articles.php?art_id=2259
A Colorado bank has come forward to reveal that as many as 5,000 of its
customers were at risk because of new fraudulent transactions tied to the
Heartland Payment Systems data breach.
First National Bank of Durango, a $399 million institution, went public
with the news on March 1, after several customers reported that their
debit...
Why trust a hotel chain that.s had three data breaches in a year?
security curmudgeon (Mar 03)
http://www.networkworld.com/community/node/58056
Why trust a hotel chain that.s had three data breaches in a year?
Question arises after third reported incident in 12 months involving
Wyndham Hotels
By Paul McNamara on Mon, 03/01/10 - 3:23pm.
Never mind three strikes and you're out. How about three strikes and I'm
not even thinking about checking in to your hotel?
Granted, even the most security-conscious of companies can be victimized
by...
Lawsuit: Patient records leaked through peer-to-peer network
kirniki (Mar 02)
http://www.kcchronicle.com/articles/2010/02/26/16209753/index.xml
A class action lawsuit claims an Elgin clinic released confidential
information of its patients – including their HIV or AIDS status –
over file sharing computer networks.
The complaint, filed Thursday against The Open Door Clinic of Greater
Elgin, names four people as “John Doe,” including one man from St.
Charles, and a fifth “Jane Doe,” on behalf of “all those...
FL: Stolen laptop contained Shands medical records
lyger (Mar 02)
http://www.alligator.org/news/local/article_78b3fb9e-25b0-11df-8026-001cc4c03286.html
Shands at UF sent notification letters to about 12,500 people Monday
warning them that a laptop containing their personal and medical
information was stolen Jan. 27.
According to a press release from Shands, an employee had uploaded the
information onto his home laptop for work-related purposes.
The laptop held information about patients referred to the...
FTC: ID theft complaints drop, credit woes grow
Jeffrey Walton (Mar 01)
http://redtape.msnbc.com/2010/02/for-the-first-time-since-the-federal-trade-commission-started-counting-10-years-ago-the-number-of-americans-reporting-identi.html
"For the first time since the Federal Trade Commission started
counting 10 years ago, the number of Americans reporting identity
theft dropped in 2009, the agency said Thursday. The drop was
significant – about 10 percent – but doesn't necessarily indicate the
crime is...
 Metasploit — Development discussion for Metasploit, the premier open source remote exploitation tool
Re: Downloading legacy versions of metasploit
HD Moore (Mar 10)
The last development snapshot of 2.7 (2.8-dev) is in the SVN tree:
$ svn co https://www.metasploit.com/svn/framework2/trunk/ msf2/
-HD
Downloading legacy versions of metasploit
Stever (Mar 10)
I'm trying to download a legacy version of metasploit (2.7). I'm going
through a particular tutorial and one of the scripts requires 2.7 since
it's written in perl. However, I cannot find legacy versions of the
product on the website. Is there an area where I can download older
versions?
Duplicate posts
xyberpix (Mar 09)
Hi All,
Anyone else seeing duplicate posts appearing?
TIA
xyberpix
Re: install framework 3.3.3.exe
Loaden (Mar 08)
AntiVir identificates one or more exploits by signature.
That's normal. Put Metasploit on AntiVir ignorelist.
install framework 3.3.3.exe
Daniele Grossi (Mar 08)
I download framewor 3.3.3.exe and istall it on a notebook with Vista.
I have avira Antivir Premium as antivirus.
Now during installation process, the antivirus signal some virus .
How it is possible?
these are the messagges.
Thanks in advanvce
Dan - Itay
....................
messagges:
Inizia con la scansione di 'C:\Program Files\Metasploit'
C:\Program Files\Metasploit\Framework3\msf3\data\exploits\CVE-2009-3867.jar
[0] Tipo di archivio:...
Re: multiscript problems?
ricky-lee birtles (Mar 08)
The update fixed things Carlos.
Thanks
Regards,
-- Mr R Birtles
Re: multiscript problems?
Carlos Perez (Mar 07)
Please do a "svn up" and re test, just updated the script.
Cheers,
Carlos
Re: multiscript problems?
Carlos Perez (Mar 07)
in fact you are using the script correctly, I believe there has been some changes to the Meterpreter scripting code, I
will take a look at it
multiscript problems?
ricky-lee birtles (Mar 07)
Is there somthing up with multiscript .rb or is there somthing I am doing wrong?
usr () endure:~/tools/msf3-dev$ cat Multi_2.rc
use exploit/multi/handler
set ExitOnSession false
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 77.97.189.69
set LPORT 443
set AutoRunScript multiscript.rb -s tmp.lst
exploit -j
usr () endure:~/tools/msf3-dev$ cat tmp.lst
scraper.rb
metsvc.rb -A
usr () endure:~/tools/msf3-dev$
usr () endure:~/tools/msf3-dev$...
Re: exploit(ie_winhlp32) F1
SuNeEl (Mar 06)
nice thanx did work after svn update
Re: exploit(ie_winhlp32) F1
HD Moore (Mar 05)
As the error states, you must set URIPATH to /
-HD
Re: exploit(ie_winhlp32) F1
SuNeEl (Mar 05)
using msf3 on redhat
when I
set uripath /md
it shows though I set srvport 80
Started reverse handler on 192.168.23.14:8080
[-] Exploit failed: Using WebDAV requires SRVPORT=80 and URIPATH=/
metodos postexploit
luis alfonso jimenez mejia (Mar 05)
which is the best technique to use postexploit, besides the netcat and
considerations must be taken to remotely enable remote desktop windows, or
vnc in order to argue about the methods postexploit
Re: cmd/windows/reverse_perl not being executed.
danuxx (Mar 05)
Thanks joshua I will try to see if ORD payload works for me.
Not sure if egghunter works since I have only 268 bytes before and 75 bytes after EIP, so I cannot overwrite more
memory to place the egg+shellcode. Any clue?
Sent via BlackBerry from T-Mobile
-----Original Message-----
From: "Joshua J. Drake" <jdrake () metasploit com>
Date: Fri, 5 Mar 2010 11:46:44
To: Danux<danuxx () gmail com>
Cc: <framework () spool...
Re: cmd/windows/reverse_perl not being executed.
Joshua J. Drake (Mar 05)
Danux,
The cmd/windows/reverse_perl payload is NOT shellcode. Instead, it is
a collection of shell commands that do what shellcode would normally
do. The cmd/* payloads are for use with command execution
vulnerabilities.
If you're tight on space, one of the following should work:
1. Use a different method of placing shellcode in memory
2. Use an ORD payload (usually much smaller)
3. USe the EggHunter mixin
If this were a command execution...
 Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.
Re: Filter using command line
Nutkins, Thomas (Mar 10)
This is the way I do it.....from a DOS prompt in Windows
"c:\Program Files\Wireshark\tshark.exe" -r 500MB_capture_file.cap -R "ip.addr==127.0.0.1" -w output_file_name.cap
Substitute 127.0.0.1 for your IP address.
Cheers,
Tom
________________________________
From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of Boaz Galil
Sent: 10 March 2010 17:08
To: Community support...
Filter using command line
Boaz Galil (Mar 10)
Dear experts,
I have packet capture file that contains 500MB data.
I would like to filter specific traffic of specific IP address.
Unfortunately when I open the wireshark GUI eventually the wireshark will
crash (due to the fact that this is a big capture file).
I don’t want to split the file to smaller files, is it possible to do the
filter using command line?
Thanks in advance,
Re: capture filter with multiple vlans
Filonenko Alexander-AAF013 (Mar 10)
Works great! Thank you
Getting Error while building in Windows Wireshark Version 1.2.6
Reddy Nagendra-GKTC37 (Mar 10)
Microsoft (R) Program Maintenance Utility Version 6.00.8168.0
Copyright (C) Microsoft Corp 1988-1998. All rights reserved.
bison -d -p ascend ascend-grammar.y -o ascend-grammar.c
/usr/bin/m4:stdin:1: cannot open `m4sugar/foreach.m4': No such file or
directory
Can Any one help me regarding this ?
Thanks,
NAGENDRA
tshark session/flow logging
Salman Malik (Mar 09)
Hello
If I have a captured trace of some traffic. Is it possible for me to get statistics of each flow (identified by a
src/dst IP and src/dst port) using tshark ? Also I have got "IP over IP traffic" or more specifically GPRS traffic (at
GN interface) , how can the headers beneath GTP headers be analysed statistically ?
Re: Extracting SSL Certficates
Sake Blok (Mar 09)
Yes, that's possible. open the tracefile
1) make sure the setting "Allow subdissector to reassemble TCP streams" is on in the TCP protocol preferences
2) Then go to the packet which contains the SSL handshake message "Certificate"
3) In the packet detail pane, expand the SSL protocol
4) Expand the "Certificate" TLS record
5) Expand the "certificate" handshake protocol
6) Expand the list of certificates....
Extracting SSL Certficates
P E (Mar 09)
Is it possible to extract the x509 ssl certificate from a pcap file? I'm
trying to compare a ssl certificate that I have with the one captured in a
traffic capture. Searching the archives (and google) have only provided
discussions on decrypting ssl traffic which is more than I need.
Thanks in advance.
Re: Regarding TCP Options
Guy Harris (Mar 09)
Perhaps there was a bug in 0.99.0 that caused it not to display the TCP options correctly for your particular trace?
(The code to display TCP options has been in Ethereal/Wireshark for a long time, so it's not that 0.99.0 can't display
TCP options. There might be *particular* TCP options that it doesn't know about, but it should at least be able to
display them as raw data.)
The current version of Wireshark on *ALL* platforms is 1.2.6;...
Re: Help with tshark display filter
Boonie (Mar 09)
David,
Can you provide us with a PCAP that contains a few of these packets?
Dave
----- Original Message -----
From: Starr, David
To: wireshark-users () wireshark org
Sent: Tuesday, March 09, 2010 4:33 PM
Subject: [Wireshark-users] Help with tshark display filter
I need to scan through several hundred capture files and pull out all of the 9 character ID's on certain request
packets.
I'm using the following tshark command:...
Re: Wireshark in Network - Windows/Linux
Guy Harris (Mar 09)
There is no Wireshark-specific network protocol that it and only it uses.
If you do a Web search for
detecting sniffers
you can find some techniques that, although not *guaranteed* to find programs that capture network packets, such as
Wireshark (and tcpdump and snoop and Microsoft Network Monitor and NetScout Sniffer and WildPackets
{Ether,Token,Airo,Omni}Peek and...), can sometimes detect those programs on a network. For example:...
Re: Regarding TCP Options
Karthik Balaguru (Mar 09)
I have been continuing the process of analysis by using a latest
version of wireshark. I just now verified with Version 1.2.5 (SVN Rev
31296) on Windows OS, it seems to display the 'TCP options' field
properly. But, I wonder why the 0.99.0 version (linux) does not
display it. Just as you have conveyed that it is displaying for
0.99.6(Linux) version, i too think that it should work for 0.99.0
version also. I will re-analyze the logs of version...
Where can I find these Pyhon Modules?
brown wrap (Mar 09)
gcr [ ~ ]$ wireshark
Gtk-Message: Failed to load module "pk-gtk-module": libpk-gtk-module.so: cannot open shared object file: No such file
or directory
Gtk-Message: Failed to load module "canberra-gtk-module": libcanberra-gtk-module.so: cannot open shared object file: No
such file or directory
Re: Regarding TCP Options
Abhijit Bare (Mar 09)
I just tried wireshark 1.2.2 (Windows) and ethereal 0.99.6 (Linux). I can
see TCP options in both.
Can you post a pcap file?
- Abhijit
Wireshark in Network - Windows/Linux
Karthik Balaguru (Mar 09)
Hi,
How to determine the presence of wireshark in a network ? Are there
any specific packet types exchanged while it is present in the network
so that it can be used to determine its presence in the network ? Any
specific tool to identify its presence in either Windows or Linux ?
Any ideas ?
Thx in advans,
Karthik Balaguru
Save UDP packets payload
Manuel Tonella (Mar 09)
With WIRESHARK I used to analyze a RTP with functionality :
Telephony -> RTP -> Stream Analysis and after I save RTP payload.
What can I do this from command line ?
If I use
Only statistics can be printed and saved.
I need save payload contains G.711 A-LAW packets.
Best Regards
 Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.
Sourcefire VRT Certified Snort Rules Update 2010-03-10
Research (Mar 10)
Sourcefire VRT Certified Snort Rules Update
Synopsis:
The Sourcefire VRT is aware of a vulnerability in Microsoft Internet
Explorer.
Details:
Microsoft Internet Explorer (2010-0806):
Microsoft Internet Explorer contains a programming error that may allow
a remote attacker to execute code on an affected system.
A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 3, SID 16482.
For a...
Re: BUG: corner case involving http_cookie
Will Metcalf (Mar 10)
Ahhh ok so I want to make sure I understand correctly in 2.8.5 the
default 300 byte cutoff is not only applied to http_responses but also
http_requests (README.http_inspect) if there are http normalizations.
Is there not still a potential evasion here based on the tests below
as packet being normalized or potentially matching on one or more
rules can be fairly unpredictable? Would your recommended
configuration then be to set client_flow_depth...
Re: BUG: corner case involving http_cookie
Steven Sturges (Mar 10)
Seems that what is really coming into play is the flow depth.
That is going to limit how much of the raw data is searched
with the pattern matcher.
To summarize how it works with 2.8.6:
1) If HTTP normalizes headers and cookies, the amount of raw data
searched by fast pattern matcher is determined by client (or server)
flow depth settings.
2) If there are no HTTP normalizations, flow depth is not applied, so
all of the raw data is searched....
Re: BUG: corner case involving http_cookie
Matt Jonkman (Mar 10)
Appreciate the clarification Steve. But I'm concerned, this will make
hundreds if not a few thousand rules not work correctly in our set and
in vrt/snort gpl. If someone has http_inspect on in a recent snort, but
does NOT have ALL of their http related rules converted to the new form
using the http_* modifiers (which we have none converted) then they're
going to have massive problems, no? I think a lot of people are missing
a lot of things right...
Re: BUG: corner case involving http_cookie
Will Metcalf (Mar 10)
Right so the reason that I cc'd the emerging list is that they are not
using the http_* modifiers to maintain compatibility with older
versions of snort. Shouldn't this buffer at least be available to
match on via rawbytes which is what would be consistent with what you
have done with telnet and dcerpc. Does this also not add a potential
evasion method if this is the intended behavior, one that perhaps
VRT/ET should be made aware of. I...
Re: The same GID and SID in rule duplicates previous rule in Snort-2.8.5.2
Joel Esler (Mar 10)
Bai,
Each rule must have it's own sid. This changed, I think, back in 2.7.x
Joel
The same GID and SID in rule duplicates previous rule in Snort-2.8.5.2
bai haoquan (Mar 10)
Hi,
I had already update my snort from 2.6.1 to 2.8.5.2, my old snort is used in
a web project, and in this project, the user's rules is generated
automatically. In these rules, there are some rules with the same sid, for
example :
alert TCP 192.168.123.110 any -> 192.168.123.113 1111 (msg:"tcp";
content:"tcp";sid:1000001;)
alert UDP 192.168.123.110 any -> 192.168.123.113 1234 (msg:"udp";...
Re: BUG: corner case involving http_cookie
Steven Sturges (Mar 10)
Will--
In the 2nd rule the only content is an HTTP cookie. Without using
http_cookie, it would try to match the raw data.
With HTTP Inspect enabled, it is separating the headers, cookie,
method, etc from the raw data, hence all of the modifier keywords
that you can use with content -- can use more than one together.
Without specifying http_cookie in the rule and when HTTP Inspect
enabled (and cookie inspection enabled in 2.8.6), if the...
Re: BUG: corner case involving http_cookie
Will Metcalf (Mar 10)
hmmm I don't think so. Look at first test. both rules fire.
Regards,
Will
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
Re: BUG: corner case involving http_cookie
beenph (Mar 09)
I will try a wild guess, what is your event_queue size like?
Its probably a bug or something that need clarification regarding
http_cookie and http_inspect, but mabey http_cookie enable a modifier
in http_inspect that alter alerting behavior when event_queue is at 1
(since i guess both "alerts" are part of the same normalized http
stream)
-elz
ps: didin't run the pcap and rules test....
BUG: corner case involving http_cookie
Will Metcalf (Mar 09)
failing to use the http_cookie modifier on a rule where there is
another rule that matches the same packet makes a rule that should
fire fail.
src/snort -V
,,_ -*> Snort! <*-
o" )~ Version 2.8.5.3 (Build 124)
'''' By Martin Roesch & The Snort Team:
http://www.snort.org/snort/snort-team
Copyright (C) 1998-2009 Sourcefire, Inc., et al.
Using PCRE version: 7.8 2008-09-05
src/snort -k none -q...
Re: stream based av and snort/Stream5
lynch meng (Mar 09)
on tue, 9 Mar 2010 15:59:54 -0500, randy () procyonlabs com wrote:
about larger files problem, streamav_size option will be added. av
engine will be skipped
when over size file encountered.
lynch.meng
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel...
Re: stream based av and snort/Stream5
Randal T. Rioux (Mar 09)
As Snort is not currently multi-threaded, wouldn't this have terrible
consequences when larger files are encountered?
Then again, does the threading factor even matter? I'm not too familiar
with the internals of preprocessors (do/can they lock?).
Randy
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs...
Snort.org shared object rules cause a Segmentation fault on FreeBSD 7.2 after a few packets
rob iscool (Mar 09)
Dear people at Snort.org.
Snort.org shared object rules cause a Segmentation fault on FreeBSD 7.2
after a few packets.
I am using Snort Version 2.8.5.3 (Build 124) with the
latest rules.
P.S. Please build the shared object rules on
FreeBSD 7.2.
Thank you for all your hard work
Robert
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for...
Sourcefire VRT Certified Snort Rules Update 2010-03-09
Research (Mar 09)
Sourcefire VRT Certified Snort Rules Update
Synopsis:
The Sourcefire VRT is aware of vulnerabilities affecting Microsoft
Excel, Microsoft Movie Maker, Opera and Apache HTTPD for Windows.
Details:
Microsoft Security Advisory (MS10-016):
Microsoft Windows Movie Maker contains a programming error that may
allow a remote attacker to execute code on an affected system.
A rule to detect attacks targeting this vulnerability is included in
this...
We also maintain archives for these lists (some are currently inactive):
Read some old-school private security digests such as Zardoz at SecurityDigest.Org
We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.
|
Current Quarter
Archived Posts
RSS Feed
About List
Show Latest Posts
Hide Latest Posts