SecLists.Org Security Mailing List Archive

Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:

Insecure.Org Lists

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

Talk on NSE's use of coroutines at Lua Workshop 2017 Patrick Donnelly (Oct 04)
If anyone in the bay area would like to participate, please register
and attend (it's free!):

http://www.lua.org/wshop17.html#abstracts

A video recording is planned. I will share to nmap-dev when it is available.

Re: nsock READ timeout Fotis Chantzis (Oct 02)
Can you please paste the output of the ssh client with verbose output on
when connecting to that server? (ssh -vv <user>@192.168.1.1)
What ssh version is the server running on the raspberry?

nsock READ timeout Gerald Roy (Oct 02)
Hi,

Running NCrack 0.6 on a Raspberry Pi 3 Raspbian with the command
ncrack -U 1user -P 1password -vv -d 10 -t 4 -iX mynmap.xml -oN ncrack.log

I get the output below. It looks like it's not doing much. 192.168.1.22
is a DD-WRT router.

ssh://192.168.1.1:22 (EID 223) Attempts: total 0 completed 0 supported 0
--- rate 0.00
ssh://192.168.1.1:22 (EID 224) nsock READ timeout!
ssh://192.168.1.1:22 (EID 224) Attempts: total 0 completed 0...

Re: New Feature for Nmap Daniel Miller (Sep 26)
Thanks for the suggestion! We already have a "map" feature in Zenmap, the
official GUI for Nmap [1]. But text-mode outputs can sometimes be useful,
too. Since Nmap already emits all of its findings in machine-parseable XML,
we are not likely to add another output format to Nmap itself, but there
are a couple of potentially interesting options:

You could write a post-processing script to convert the XML into a tabular
or text tree...

New Feature for Nmap Who Am I? (Sep 26)
Hello there.

I was looking to add a new feature to Nmap that I thought would be useful.
However, I would like to get the opinion of other individuals as well so I
can decide whether to move forward with the idea.

So, here is what I'm thinking of:

Sometimes with Nmap, I like to run a ping scan on my network. The output is
usually something like this after running "*nmap -sn 67.207.82.167/20
<http://67.207.82.167/20>*":...

Re: possible bug, nmap v7.40 Daniel Miller (Sep 26)
I remembered this issue when I saw a question and answer on
unix.stackexchange.com [1], so I thought I'd send an update. This is due to
a bug in the netfilter nat module in Linux 4.8. The code change which
introduced the bug was reverted in 4.8.16, and kernel 4.9 is not affected.

Thanks for reporting it!

Dan

https://unix.stackexchange.com/a/337496/16171

Re: nmap doesn't allow tracing of blocked ports Daniel Miller (Sep 25)
Neil,

I just remembered another method you can use with Nmap: the firewalk NSE
script [1]. Scan the target with some host discovery option that succeeds
(either the default or some other non-blocked port number with -PS) and put
the blocked port number in the list of ports to scan with -p. You also have
to use the --traceroute option so that the script knows how many hops to
expect. Here's my example using port 445:

nmap -p445 --script...

Re: nmap doesn't allow tracing of blocked ports Daniel Miller (Sep 25)
Neil,

You may be able to use the Nping tool that is bundled with Nmap. It has a
traceroute feature, though the output may be a little tricky to read.
Here's an example run where my ISP is blocking port 445 just beyond my home
router:

nping --traceroute --tcp -p 445 scanme.nmap.org

Starting Nping 0.7.60SVN ( https://nmap.org/nping ) at 2017-09-25 15:06 CDT
SENT (0.1146s) TCP 192.168.1.58:62865 > 45.33.32.156:445 S ttl=1 id=24490...

nmap doesn't allow tracing of blocked ports Neil Mayhew (Sep 25)
My use-case is public WiFi networks that block port 22. I need to find
out where the blocking is occurring so that I can submit an unblocking
request to the appropriate administrator.

My problem is that nmap's traceroute can't be used with TCP ports that
are blocked, because nmap refuses to run a trace to closed ports even
when I request it explicitly. For example,

$ sudo nmap --traceroute -PS22 -sn gitlab.com
...
TRACEROUTE (using...

systeminfo and nmap? Mike . (Sep 24)
hello all

i was looking at the windows cmd SYSTEMINFO, which dumps lots of config/machine info, including service pack
levels/etc. i am gonna assume this uses RPC when used on a remote level to call some named pipe which, then dumps the
info requested?? how would this differ from using the various SMB/RPC dump scripts that NMAP offers us? same info?
more? also, could this command be incorporated into a script? if this is silly on my behalf,...

smb-protocols script crashes against NetApp William Faulk (Sep 24)
The error is:

/usr/local/bin/../share/nmap/nselib/unicode.lua:201: bad argument #2
to 'unpack' (data string too short)
stack traceback:
[C]: in function 'string.unpack'
/usr/local/bin/../share/nmap/nselib/unicode.lua:201: in
function 'unicode.utf16_dec'
/usr/local/bin/../share/nmap/nselib/unicode.lua:70: in
function 'unicode.transcode'
(...tail calls...)...

[no subject] adama toure (Sep 22)
moi je voudrais travaillé avec vous car moi je fais l'electronique

Re: nmap scans on FreeBSD showing incorrect results Vincent Stemen (Sep 21)
Hi Daniel.
OK. As before, ports 1000-1004 are unfiltered, so the correct results are

PORT STATE SERVICE
1000/tcp open cadlock
1001/tcp open webpush
1002/tcp closed windows-icfw
1003/tcp closed unknown
1004/tcp closed unknown

Here's an incorrect scan with -d2.

=====================

# nmap -n -d2 -p 1000-1030 pt02

Starting Nmap 7.40 ( https://nmap.org ) at 2017-09-21 21:29 CDT
Fetchfile found /usr/local/share/nmap/nmap-services...

Re: wanted to work on some idea Fyodor (Sep 21)
Hi Vempati. Thanks for your interest--we're always happy to hear about new
ideas. Did you have any particular features or ideas in mind to
differentiate nroute from other traceroute-style tools? Also, have you
looked at the traceroute feature of our Nping tool? It allows for
traceroute-style testing using all the common probe types:
https://nmap.org/book/nping-man-probe-modes.html

Cheers,
Fyodor

Version: 7.60,Traceback (most recent call last):, File "zenmapGUI\ScanInterface.pyo", line 618, in verify_execution, File "zenmapCore\NmapCommand.pyo", line 254, in close, WindowsError: [Error 32] The process can not access the file because it is being ... 👮 🚔🕴🚔👮 (Sep 21)
Version: 7.60
Traceback (most recent call last):
File "zenmapGUI\ScanInterface.pyo", line 618, in verify_execution
File "zenmapCore\NmapCommand.pyo", line 254, in close
WindowsError: [Error 32] The process can not access the file because it is being used by another process:
'c:\\users\\"username"\\appdata\\local\\temp\\zenmap-_2vr5m.xml'

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.

Nmap 7.60 released! SSH support, SMB2/SMB3 improvements, 14 more scripts, new Npcap, GSoC work, and more Fyodor (Aug 01)
Hello everyone. I'm back from Defcon and excited to announce the new Nmap
7.60 release! It has only been a month and a half since 7.50, but we still
packed a lot into this one. Mostly because we have such an awesome GSoC
team of 8 students and mentors working on so many cool projects. The
program hasn't even ended yet, but much of their work has already been
integrated into this release.

One of the things I'm most excited...

Nmap 7.50 Released! 14 new NSE scripts, 300+ fingerprints, new Npcap, and more Fyodor (Jun 13)
Dear Nmap Community:

The Nmap project is delighted to announce the release of Nmap 7.50! It is
our first big release since last December and has hundreds of improvements
that we hope you will enjoy.

One of the things we have been worked the hardest on recently is our Npcap
packet capturing driver and library for Windows (https://nmap.org/npcap/).
It is a replacement for WinPcap, which served us well for many years, but
is no longer maintained....

Introducing the 2017 Nmap/Google Summer of Code Team! Fyodor (May 18)
Nmap community:

Thanks for all of your applications and referrals of talented students to
the Summer of Code program. Google has agreed to sponsor four students to
spend this summer enhancing the Nmap Security Scanner and I'm proud to
introduce our 2017 team! We normally mentor coders working all over the
Nmap/Zenmap/Ncat/Nping spectrum, but this year we're doubling down on the
Nmap Scripting Engine component. All four of our...

Nmap Project Seeking Talented Programmers for GSoC 2017 Fyodor (Mar 27)
Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're one...

Nmap GSoC 2016 Success Report Fyodor (Feb 07)
Happy belated new year from the Nmap Project! I'd like to take this
opportunity to send you the belated results from our 2016 Summer of Code
team. I was going to send them right after the program finished, but some
of the students were still finishing some great things so I decided to
wait. As you may recall from the team intro mail (
http://seclists.org/nmap-announce/2016/2), we had 5 students last year and
I'm happy to report that...

Nmap 7.40 Holiday Release: a dozen new NSE scripts, hundreds of new fingerprints, new Npcap, faster brute forcing, and more... Fyodor (Dec 20)
Happy holidays from the Nmap Project! In case your Christmas break plans
involve a lot of port scanning, we're delighted to announce our holiday
Nmap 7.40 release! This version stuffs your stockings with dozens of new
features, including:

- 12 new NSE scripts
- Hundreds of updated OS and version detection detection signatures
- Faster brute force authentication cracking and other NSE library
improvements
- A much-improved...

Nmap 7.31 stability-focused point release Fyodor (Oct 21)
Hi folks. I'm happy to report that the big Nmap 7.30 release last month
was a great success. We didn't even see as many bugs as expected for such
a large release, but we have collected and fixed the ones which did arise
in the last few weeks into a new 7.31 point release. It includes the
latest updates to our new Npcap driver, a fix for Nping on Windows, and
more.

Nmap 7.31 source code and binary packages for Linux, Windows, and Mac...

Nmap 7.30 Released with new NSE scripts, new Npcap, new Fingerprints, etc. Fyodor (Sep 29)
Hi folks! You may have noticed that we've only been releasing Nmap betas
for the last 6 months because we've had so much new code and so many
features to integrate thanks to hard work from both our regular team and
the 5 Google Summer of Code summer interns. But we spent the last month
focused on stability and I'm pleased to announce Nmap 7.30--our first
stable release since 7.12 back in March.

Even though it's a stable...

Nmap 7.25BETA2 Birthday Release Fyodor (Sep 01)
Hi folks! I'm happy to report that today is Nmap's 19th birthday and
instead of cake, we're celebrating open source style with a new release!
Nmap 7.25BETA1 includes dozens of performance improvements, bug fixes, and
new features. The full list is below, and includes a major LUA upgrade for
NSE scripts, a new overlapped I/O engine for better Windows performance, a
much-improved version of our new Npcap packet capturing driver,...

Nmap 7.25BETA1 Released with our new Npcap driver, 6 new NSE scripts, and more! Fyodor (Jul 19)
Hi folks! As you may know, we've been working for the last 3 years on an
improved Windows packet capturing library named Npcap. It's based on the
original WinPcap (which hasn't been maintained in years), but we rewrote
the driver to use modern APIs (NDIS 6) for better performance. It also
improves security and enables new features. For example, Npcap allows Nmap
to do raw scans (including SYN scans and OS detection) of localhost...

Introducing the 2016 Nmap/Google Summer of Code Team! Fyodor (May 09)
Hello everyone. Google has agreed to sponsor five amazing students to
spend this summer enhancing the Nmap Security Scanner and I'm proud to
introduce our 2015 team:

*Abhishek Singh* will be working as a Feature Creeper and Bug Hunter,
making improvements throughout the Nmap codebase. The project hasn't even
started yet and he's already found and fixed several NSE script bugs and
has other code changes in the works. Abhishek is...

Nmap 7.10 released: 12 new scripts, hundreds of OS/version fingerprints, bug fixes, and more! Fyodor (Mar 17)
Hi Folks! Before I tell you about today's new Nmap release, I wanted to
share some Summer of Code news:

Google posted a fantastic story by one of our Summer of Code alumni about
how the program helped take him from rural China to a full-ride scholarship
at the University of Virginia graduate school! His mentor David and I had
the chance to meet him in San Francisco:...

Nmap Project Seeking Talented Programmers for Google Summer of Code 2016 Fyodor (Feb 29)
Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're one...

Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

WordPress does not hash or expire wp_signups.activation_key allowing an attacker with SQL injection to create accounts dxw Security (Oct 07)
Details
================
Software: WordPress
Version: 4.8.2
Homepage: https://wordpress.org/
Advisory report: https://security.dxw.com/advisories/wordpress-signups-activation/
CVE: CVE-2017-14990
CVSS: 0 (Low; AV:L/AC:H/Au:M/C:N/I:N/A:N)

Description
================
WordPress does not hash or expire wp_signups.activation_key allowing an attacker with SQL injection to create accounts

Vulnerability
================
When creating new users with a...

CVE-2017-13706, Lansweeper 6.0.100.29 XXE Vulnerability Barkın Kılıç (Oct 07)
=============================================
- Release date: October 06th, 2017
- Discovered by: Barkın Kılıç, Mehmet Dursun İnce

- Severity: High
=============================================

I. VULNERABILITY
-------------------------

Lansweeper XXE vulnerability.

II. INTRODUCTION
-------------------------

Lansweeper an Asset Management and Network Inventory Tool (v6.0.100.29 and
probably all previous versions) is affected by a XXE...

Nullcon Goa 2018 Call For Papers is Open! Yuliya Pliavaka (Oct 06)
Dear InfoSec Gurus,

Nullcon is an annual Information Security Conference held in Goa, India.
The focus of the conference is to showcase the next generation of offensive
and defensive security technology. We happily open doors to researchers and
hackers around the world and the universe, working on the next big thing in
security and request everyone to submit their new research.

Submission Topics

We are interested in new and cutting edge...

ESA-2017-111: RSA Archer® GRC Platform Multiple Vulnerabilities EMC Product Security Response Center (Oct 06)
ESA-2017-111: RSA Archer® GRC Platform Multiple Vulnerabilities
EMC Identifier: ESA-2017-111

CVE Identifier: CVE-2017-8016, CVE-2017-8025, CVE-2017-14369, CVE-2017-14370, CVE-2017-14371, CVE-2017-14372

Severity Rating: CVSSv3 Base Score: See below for scores of individual CVEs

Affected Products:
RSA Archer versions prior to 6.2.0.5

Summary:
RSA Archer GRC 6.2.0.5 Platform contains fixes for several vulnerabilities that could potentially...

ESA-2017-112: EMC Network Configuration Manager Reflected Cross-Site Scripting Vulnerability EMC Product Security Response Center (Oct 06)
ESA-2017-112: EMC Network Configuration Manager Reflected Cross-Site Scripting Vulnerability

EMC Identifier: ESA-2017-112
CVE Identifier: CVE-2017-8017
Severity Rating: CVSSv3 Base Score: 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected products:
* EMC Network Configuration Manager (NCM) 9.3.x
* EMC Network Configuration Manager (NCM) 9.4.0.x
* EMC Network Configuration Manager (NCM) 9.4.1.x
* EMC Network...

APPLE-SA-2017-10-05-1 macOS High Sierra 10.13 Supplemental Update Apple Product Security (Oct 06)
APPLE-SA-2017-10-05-1 macOS High Sierra 10.13 Supplemental Update

macOS High Sierra 10.13 Supplemental Update is now available
and addresses the following:

StorageKit
Available for: macOS High Sierra 10.13
Impact: A local attacker may gain access to an encrypted APFS volume
Description: If a hint was set in Disk Utility when creating an APFS
encrypted volume, the password was stored as the hint. This was
addressed by clearing hint storage if...

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) - SQL Injection Marcin Wołoszyn (Oct 06)
(This is re-submission of corrected advisory due to accidental CVE-ID swapping)

Title: OpenText Document Sciences xPression (formerly EMC Document
Sciences xPression) - SQL Injection
Author: Marcin Woloszyn
Date: 27. September 2017
CVE: CVE-2017-14757

Affected Software:
==================
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression)

Exploit was tested on:
======================
v4.5SP1 Patch 13 (older...

SmartBear SoapUI - Remote Code Execution via Deserialization Etnies (Oct 06)
Title: SmartBear SoapUI - Remote Code Execution via Deserialization
Author: Jakub Palaczynski
Date: 12. July 2017

Exploit tested on:
==================
SoapUI 5.3.0
Also works on older versions.

Vulnerability:
**************

Remote Code Execution via Deserialization:
=================================

SoapUI by default listens on all interfaces on TCP port 1198 where you
can find SoapUI Integration (RMI) instance. SoapUI uses vulnerable
Java...

DefenseCode Security Advisory: Magento Commerce CSRF, Stored Cross Site Scripting #2 DefenseCode (Oct 06)
             DefenseCode Security Advisory
    Magento Commerce CSRF, Stored Cross Site Scripting

Advisory ID: DC-2017-09-002
Advisory Title: Magento CSRF, Stored Cross Site Scripting
Advisory URL:
http://www.defensecode.com/advisories/DC-2017-09-002_Magento_CSRF_Stored_Cross_Site_Scripting.pdf

Software: Magento Commerce, CE
Software Language: PHP
Version: Magento CE 1 prior to 1.9.3.6, Magento Commerce prior to
1.14.3.6, Magento...

DefenseCode Security Advisory: Magento Commerce CSRF, Stored Cross Site Scripting #1 DefenseCode (Oct 06)
            DefenseCode Security Advisory
   Magento Commerce CSRF, Stored Cross Site Scripting

Advisory ID: DC-2017-09-001
Advisory Title: Magento CSRF, Stored Cross Site Scripting
Advisory URL:
http://www.defensecode.com/advisories/DC-2017-09-001_Magento_CSRF_Stored_Cross_Site_Scripting.pdf

Software: Magento Commerce, CE
Software Language: PHP
Version: Magento CE 1 prior to 1.9.3.6, Magento Commerce prior to
1.14.3.6, Magento 2.0...

CVE-2017-9292, Lansweeper 6.0.0.63 XSS vulnerability Giovanni Cerrato (Oct 06)
=============================================
- Release date: October 05th, 2017
- Discovered by: Giovanni Cerrato, Giovanni Guido and BackBox team

- Severity: Medium
=============================================

I. VULNERABILITY
-------------------------

Lansweeper XSS vulnerability.

II. INTRODUCTION
-------------------------

Lansweeper an Asset Management and Network Inventory Tool (v6.0.0.63 and
probably all previous versions) is...

SSD Advisory – Tiandy IP cameras Sensitive Information Disclosure Maor Shwartz (Oct 03)
SSD Advisory – Tiandy IP cameras Sensitive Information Disclosure

Full report: https://blogs.securiteam.com/index.php/archives/3444
Twitter: @SecuriTeam_SSD
Weibo: SecuriTeam_SSD

Vulnerability Summary
The following advisory describes sensitive information Disclosure found in
Tiandy IP cameras version 5.56.17.120

Tianjin Tiandy Digital Technology Co., Ltd ( Tiandy Tech) is “one of top 10
leading CCTV manufacturer in China and a global...

SSD Advisory – Horde Groupware Unauthorized File Download Maor Shwartz (Oct 03)
SSD Advisory – Horde Groupware Unauthorized File Download

Full report: https://blogs.securiteam.com/index.php/archives/3454
Twitter: @SecuriTeam_SSD
Weibo: SecuriTeam_SSD

Vulnerability Summary
The following advisory describes an unauthorized file download
vulnerability found in Horde Groupware version 5.2.21.

Horde Groupware Webmail Edition is “a free, enterprise ready, browser based
communication suite. Users can read, send and organize...

SSD Advisory – Mac OS X 10.12 Quarantine Bypass Maor Shwartz (Oct 03)
SSD Advisory – Mac OS X 10.12 Quarantine Bypass

Full report: https://blogs.securiteam.com/index.php/archives/3449
Twitter: @SecuriTeam_SSD
Weibo: SecuriTeam_SSD

Vulnerability summary
Mac OS X contains a vulnerability that allows bypassing of the Apple
Quarantine and the execution of arbitrary JavaScript code without any
restrictions.

Credit
A security researcher from WeAreSegment, Filippo Cavallarin, has reported
this vulnerability to Beyond...

SSD Advisory – Netgear ReadyNAS Surveillance Unauthenticated Remote Command Execution Maor Shwartz (Oct 03)
SSD Advisory – Netgear ReadyNAS Surveillance Unauthenticated Remote Command
Execution

Full report: https://blogs.securiteam.com/index.php/archives/3409
Twitter: @SecuriTeam_SSD
Weibo: SecuriTeam_SSD

Vulnerability summary
The following advisory describes an Unauthenticated Remote Command
Execution vulnerability found in Netgear ReadyNAS Surveillance.

Netgear ReadyNAS Surveillance – Small businesses and corporate branch
offices require a...

Other Excellent Security Lists

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.

SpiderFoot 2.11 released Steve Micallef (Aug 14)
Hi all,

For the folks here interested in OSINT, recon and threat intel, I'm
pleased to announce SpiderFoot 2.11 is now out.

SpiderFoot now has over 100 modules to collect data utilising APIs from
SHODAN, BuiltWith, RIPE, AlienVault OTX, Robtex, HaveIBeenPwned? as well
as typical recon techniques like DNS brute-forcing, port scanning, web
spidering and more. It's open source, written in Python, documented and
usable with both a...

Faraday v2.6: Collaborative Penetration Test and Vulnerability Management Platform Francisco Amato (Jul 24)
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that helps users improve their
own work, the main purpose is to...

File Upload in Integration Gateway (PSIGW) ERPScan inc (Jul 20)
1. ADVISORY INFORMATION
Title: File Upload in Integration Gateway (PSIGW)
Advisory ID: [ERPSCAN-17-039]
Advisory URL: https://erpscan.com/advisories/erpscan-17-039-file-upload-integration-gateway-psigw-peoplesoft/
Risk: High
Date published: 18.07.2017
Vendor contacted: Oracle

2. VULNERABILITY INFORMATION
Class: File Upload
Impact: Remote command execution on the server
Remotely Exploitable: Yes
Locally Exploitable: Yes
CVE Name: CVE-2017-10061...

Multiple XSS (POST request) Vulnerabilities in TestServlet (PeopleSoft) ERPScan inc (Jul 20)
1. ADVISORY INFORMATION
Title: Multiple XSS (POST request) Vulnerabilities in TestServlet (PeopleSoft)
Advisory ID: [ERPSCAN-17-037]
Advisory URL: https://erpscan.com/advisories/erpscan-17-037-multiple-xss-vulnerabilities-testservlet-peoplesoft/
Risk: Medium
Date published: 18.07.2017
Vendor contacted: Oracle

2. VULNERABILITY INFORMATION
Class: XSS [CWE-79]
Impact: Modify displayed content from a Web site, steal authentication
information of a...

Directory Traversal vulnerability in Integration Gateway (PSIGW) ERPScan inc (Jul 20)
1. ADVISORY INFORMATION
Title: Directory Traversal vulnerability in Integration Gateway (PSIGW)
Advisory ID: [ERPSCAN-17-038]
Advisory URL: https://erpscan.com/advisories/erpscan-17-038-directory-traversal-vulnerability-integration-gateway-psigw/
Risk: High
Date published: 18.07.2017
Vendor contacted: Oracle

2. VULNERABILITY INFORMATION
Class: Directory Traversal
Impact: Read, delete, rewrite file from the system
Remotely Exploitable: Yes
CVE...

[HITB-Announce] HITB GSEC 2017 CommSec CFP Closes July 31st Hafez Kamal (Jul 15)
REMINDER: CFP Submission dateline is on the 31st of July 2017 23:59 SGT

Alongside HITBGSEC 2017 Singapore, we are calling on the community of hackers, makers, builders and breakers to send us
their 30 minute talk abstracts for consideration to be included in a separate 2-day single-track of talks (24th and
25th August). Access to these track of talks is completely FREE TO ATTEND and we are encouraging everyone to come! If
you're in...

ekoparty: Call for Papers 2017! Open! Francisco Amato (Jul 12)
ekoparty security conference
Training September 25-26, 2017
Conference September 27-29, 2017
Buenos Aires

Submit at: http://cfp.ekoparty.org

We are really proud to announce the thirteenth edition of the Ekoparty
Security Conference.

Once again, in this unique event, security specialist from all over
Latin America and the World will have the chance to get acquainted
with the most important researches of the year.

Ekoparty has become the most...

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

Re: Eulogy Matt Georgy (Oct 06)
He was a great guy and a real patriot. He will be missed.

Eulogy dave aitel (Oct 06)
It's 11am. I'm pretty drunk right now. Lee would have liked to have
known that his passing was noticed.

For those of you who knew him.

-dave

Re: Equitablefax the grugq (Oct 03)
Hey

I wasn’t either since it doesn’t impact me, but I had to research it for this week’s news segment on Risky.Biz ==>
https://risky.biz/RB471/

During the research it became clear that the public narrative and the facts were diverging quite a bit. In particular
this “failure to patch” story line. Yes, they were slow to patch. However, their upstream provider didn’t even make the
patch available until weeks after the compromise...

Re: Equitablefax spacerog () spacerogue net (Oct 03)
Thank you for this timeline because honestly I haven't been paying that
close attention.

Based on this it looks like Equifax did actually patch, just not fast
enough, and by the time they got around to it the bad guys where already
inside. Based on this list the delta from patch release to install was
<91 days. Am I reading this correctly?

If so then the absolute shit ton of criticism heaped on Equifax for not
patching is IMO...

Re: Equitablefax Arrigo Triulzi (Oct 03)
Just in passing: "Equifax is ISO/IEC 27001:2013 certified by a reputable independent third party.”[0]. Asset management
is a core part of ISO27001:2013.

Cheers,

Arrigo

[0] https://www.equifax.com/assets/WFS/the_work_number_best_practices_in_data_security.pdf (1st page)

Twitter dave aitel (Sep 29)
Right now everyone is going on and on about how Russians spent 256K on
ads on Twitter to influence the election. Much less understood is how
great Twitter ads are for targeting phishing attacks! I wrote this whole
article while back here
<https://tindertipsforgirls.blogspot.com/2016/03/paying-for-okcupid-is-stupid.html>
on it. People are genuinely good at phishing now. The "Fake RedTube
subscription <...

Re: Equitablefax the grugq (Sep 29)
I’m not going to address any of the points in the excellent post by Katie but rather put some facts together in a
timeline so people can see the Equihax event better. The “if only bug bounty” claptrap is, as Katie points out (much
more politely), complete bullshit.

Timeline of events:

2017-03-06: Apache announces struts bug
2017-03-07: PoC exploit released to public

2017-03-10: Equihax compromised via struts exploit. Genius hackers use...

Re: Why people aren't stealing ADFS secrets? James Pleger (Sep 28)
I'm not holding out much hope on the OneLogin side, the breach they had earlier this year sounded really bad. Maybe
that event woke up the other identity providers though.

http://www.zdnet.com/article/onelogin-security-chief-new-details-data-breach/

Re: Equitablefax Katie M (Sep 28)
I actually tried helping coordinate one of the new bugs that someone found
and wanted to report to Equifax. Unfortunately, before they had time to
even look up from their current conflagration, eyebrows still singed, a
reporter published it.

At this instant, even one bug report, while completely helpful in the
micro-sense, is process-wise another tax on the resources they have working
on the big breach. It still has to go into the queue of their...

Re: Why people aren't stealing ADFS secrets? Kyle Creyts (Sep 27)
Or other SAML IDP private keys. ADFS is good, but stealing them from IDP
vendors might be much more efficient, and open many more doors. One hopes
that Google, OneLogin, Okta, and friends all do the needful to compartment
and protect these private keys.

On Wed, Sep 27, 2017 at 1:00 PM Konrads Smelkovs <konrads.smelkovs () gmail com>
wrote:

Re: Equitablefax Katie M (Sep 27)
Having a bug bounty program wouldn't have helped Equifax. Only Equifax
could have helped Equifax. The root cause of the problem wasn't that they
didn't know about the bug, it was that they face the same patch
prioritization risk vs resource balance that all orgs gamble with. They
lost that gamble, which is what every breach represents: a lost bet on the
tradeoffs. Simply knowing about a bug, via a bug bounty or otherwise, is
just...

Why people aren't stealing ADFS secrets? Konrads Smelkovs (Sep 27)
I was thinking about long term persistence and clearly, it would make a lot
of sense to steal the private key of the ADFS certificate that is used to
authenticate SAML claims. Anyone seen it done?

Re: Equitablefax Kristian Erik Hermansen (Sep 27)
But clearly Equifax didn't know ALL public facing attack surfaces
controlled by Equifax which were affected by that vulnerability. A bug
bounty likely would have surfaced those missing attack surfaces. Internal
folks always make assumptions about their own network, which is biased and
almost never reality.

- Based on the company's investigation, Equifax believes the
unauthorized accesses to certain files containing personal...

Re: Equitablefax Chuck McAuley (Sep 27)
In the US, the roads are owned by someone (Private Individual, Town, State, Country). They can set the rules for
driving on them as they see fit.

Who owns the Internet? In the US, definitely not the government. I guess you could argue it would be ISPs. They could
govern who peers. But why would they care?

More noise should be made that the current credit scoring model cannot be trusted after this PII data has been leaked.
I can't see a...

Re: Equitablefax Kristian Erik Hermansen (Sep 27)
If Equifax had a public bug bounty program, someone would have reported the
Java RCE in March 2017 and picked up $10K or more for it. But no, Equifax
did not have a public bug bounty program. Say what you will about the pros
and cons of a bug bounty program, especially for financial institutions
which "know better than the public how to protect themselves", but at least
in this case a known issue would have been well documented much...

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

Re: [Security Weekly] cheap hosting Robin Wood (Sep 23)
Resurrecting an old thread but they now have an affiliate program and I can
issue my own codes so:

20% off all servers AqUVYbUXag
50% off all big dog (whatever that is) 7E9YRUzEZy

After a month with them, their tech support is OK but not great, the server
has stayed up and not had any problems.

Robin

Re: [Security Weekly] projecting in a bight space Jeremy Pommerening (Aug 28)
I would look for a projector with at least 6000 ANSI Lumens or better. A darker screen (grey) may also help.

Jeremy Pommerening

________________________________
From: Robin Wood <robin () digi ninja>
To: Security Weekly Mailing List <pauldotcom () mail securityweekly com>
Sent: Sunday, August 3, 2014 3:42 AM
Subject: [Security Weekly] projecting in a bight space

I've been looking at the venue for next year's...

[Security Weekly] Two Firefox security bugs related to HTTPS ffbugishere (Aug 17)
Hello world!

We need votes for security bugs!

Adding "Security Exception" for self-signed HTTPS sites cannot be done
permanently
https://bugzilla.mozilla.org/show_bug.cgi?id=1050100

Firefox 31 doesn't supports the industry recommended best HTTPS
ciphers
https://bugzilla.mozilla.org/show_bug.cgi?id=1051210

Other browsers should have the same bugs fixed..

p.s.: We are not related to this group, but we think they worth a
penny...

Re: [Security Weekly] Java and Flash decompilers Will Metcalf (Aug 05)
JPEXS is very nice for flash IMHO.

http://www.free-decompiler.com/flash/

Regards,

Will

Re: [Security Weekly] Java and Flash decompilers Bradley McMahon (Aug 05)
I've used flare before to pull apart a flash site for a client.
http://www.nowrap.de/flare.html

-Brad

Re: [Security Weekly] SecurityCenter alternative Steven McGrath (Aug 04)
SC certainly isn’t cheap (as a former SC customer that moved over to Tenable I can attest to that) however I can point
out that the data aggregation, trending, and custom reporting were huge wins in my book. I guess its a time/money
trade-off. How much time do you want to spend either cobbling together a tool or manually aggregating the data when
there is another tool already out there that can do it out of the box.

I can speak in more...

Re: [Security Weekly] Java and Flash decompilers S. White (Aug 04)
A few I've used in the past:

JAD - http://varaneckas.com/jad/ , http://en.wikipedia.org/wiki/JAD_(JAva_Decompiler)

HP SWFscan

Adobe SWF investigator http://labs.adobe.com/technologies/swfinvestigator/

________________________________
From: Robin Wood <robin () digi ninja>
To: Security Weekly Mailing List <pauldotcom () mail securityweekly com>
Sent: Monday, August 4, 2014 5:54 AM
Subject: [Security Weekly] Java and...

[Security Weekly] DoFler @ BSidesLV Steven McGrath (Aug 04)
This will be the 3rd year that DoFler (the Dashboard of Fail) will be at BSidesLV. This year I wrote a new spiffy
interface for maximum trolling. Let’s be honest now, everyone loves to surf for various forms of horrible on the
internet at cons :D. Also added this year is a little vulnerability analysis (using Tenable’s PVS). Every year I try
to improve it a bit based on everyone’s input, and am always welcome to more feedback.

DB...

Re: [Security Weekly] cheap hosting Robin Wood (Aug 04)
Already sorted but thanks for the info.

Re: [Security Weekly] Java and Flash decompilers Nathan Sweaney (Aug 04)
Here are a few others I've used with varying success in the past:

SWFInvestigator - http://labs.adobe.com/technologies/swfinvestigator/
SWFScan - from Rafal Los at HP, though the link has been deleted. (Careful,
I've seen trojaned copies online.)

Re: [Security Weekly] SecurityCenter alternative Paul Asadoorian (Aug 04)
Thanks all for the informative discussion!

I know, I'm jumping in late, some closing thoughts on the subject:

- SecurityCenter has the unique advantage of consolidating plugin
updates, meaning you could have hundred of Nessus scanners deployed in
your organization, and the scanners get the plugin feed from your
SecurityCenter system. The removes the requirement of Internet access
(From the scanners), and greatly eases the administration...

Re: [Security Weekly] SecurityCenter alternative k41zen (Aug 04)
Thanks for all of your help.

We are in discussions with our Tenable contact about solutions for this issue. They’ve helped me out by enabling me to
move forward to at least deploy this into a Pre-Production environment but the costs of SC are a massive stumbling
block; hence my question about something else. Appreciate we have a big Nessus fan base here of which I am a member
too, but just wondered what could be wrapped around it.

I’ll...

Re: [Security Weekly] SecurityCenter alternative Adrien de Beaupre (Aug 04)
Hi,

I have also written a series of script to collect data from tools such as
nmap and nessus to import into MySQL called OSSAMS:
http://www.ossams.com/wp-content/uploads/2011/10/ossams-parser-SecTor-2011.zip
That leaves report writing as a series of SQL queries.
I also have a series of scripts to kick off scans, as well as a command
like XML-RPC nessus client in python if anyone is interested.

Cheers,
Adrien

Re: [Security Weekly] cheap hosting sec list (Aug 04)
Hey Robin,

If you're still looking, might want to try out getclouder.com - they
spin up Linux containers in 5 seconds and use distributed storage, which
is pretty awesome. It's still in beta, so they offer 3 months free
service, but it has been pretty stable so far from my experience.

[Security Weekly] Java and Flash decompilers Robin Wood (Aug 04)
Hi
I'm trying to put together a list of tools for decompiling Flash and Java
apps. From asking on another list I already have:

Java
JD-GUI
Java Decompiler http://jd.benow.ca/jd-gui/downloads/jd-gui-0.3.6.windows.zip.

Java snoop https://code.google.com/p/javasnoop/

Flash
Trillix
Flashbang https://github.com/cure53/Flashbang

Has anyone here got any others they can suggest?

Ideally I'm looking for free stuff but cheap commercial...

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

The following CVE has undergone a major revision increment. Microsoft (Oct 04)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 4, 2017
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment.

* CVE-2017-8695

CVE Revision Information:
=====================

CVE-2017-8695

- Title: CVE-2017-8695 | Graphics Component Information Disclosure
Vulnerability...

The following CVEs have been revised in the September 2017 Security Updates. Microsoft (Oct 03)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 3, 2017
********************************************************************

Summary
=======

The following CVEs have been revised in the September 2017 Security
Updates.

* CVE-2017-8759

Revision Information:
=====================

CVE-2017-8759

- Title: CVE-2017-8759 | .NET Framework Remote Code Execution...

The following CVE has undergone a major revision increment. Microsoft (Sep 26)
********************************************************************
Title: Microsoft Security Update Releases
Issued: September 26, 2017
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment.

* CVE-2017-8628

CVE Revision Information:
=====================

CVE-2017-8628

- Title: CVE-2017-8628 | Microsoft Bluetooth Driver Spoofing
Vulnerability
-...

The following CVE has been revised in the June 2017 Security Updates. Microsoft (Sep 20)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: September 20, 2017
********************************************************************

Summary
=======

The following CVE has been revised in the June 2017 Security
Updates.

* CVE-2017-8529

Revision Information:
=====================

CVE-2017-8529

- Title: CVE-2017-8529 | Microsoft Browser Information Disclosure...

The following Defense in Depth Update has undergone a major revision increment. Microsoft (Sep 19)
********************************************************************
Title: Microsoft Security Update Releases
Issued: September 19, 2017
********************************************************************

Summary
=======

The following Defense in Depth Update has undergone a major
revision increment.

* ADV170015

Revision Information:
=====================

ADV170015

- Title: ADV170015 | Microsoft Office Defense in Depth Update
-...

Microsoft Security Update Minor Revisions Microsoft (Sep 15)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: September 15, 2017
********************************************************************

Summary
=======

The following CVEs have been revised in the September 2017 Security
Updates.

* CVE-2017-8676
* CVE-2017-8682
* CVE-2017-8695
* CVE-2017-8728
* CVE-2017-8742

Revision Information:
=====================

CVE-2017-8676...

Microsoft Security Update Releases Microsoft (Sep 15)
********************************************************************
Title: Microsoft Security Update Releases
Issued: September 14, 2017
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment.

* CVE-2017-11767

CVE Revision Information:
=====================

CVE-2017-11767

- Title: CVE-2017-11767 | Scripting Engine Memory Corruption
Vulnerability...

The following CVEs have been revised in the September 2017 Security Updates. Microsoft (Sep 12)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: September 12, 2017
********************************************************************

Summary
=======

The following CVEs have been revised in the September 2017 Security
Updates.

* CVE-2017-8686
* CVE-2017-8707
* CVE-2017-8708
* CVE-2017-8710
* CVE-2017-8714
* CVE-2017-8750
* CVE-2017-8759

Revision Information:...

The following CVEs and security bulletins have undergone a major revision increment. Microsoft (Sep 12)
********************************************************************
Title: Microsoft Security Update Releases
Issued: Septemner 12, 2017
********************************************************************

Summary
=======

The following CVEs and security bulletins have undergone a major
revision increment.

* CVE-2016-0165
* CVE-2016-3238
* CVE-2016-3326
* CVE-2016-3376
* CVE-2017-0213
* CVE-2017-8529
* CVE-2017-8599
* MS16-039
* MS16-APR
*...

This summary lists security updates released for September 2017. Microsoft (Sep 12)
********************************************************************
Microsoft Security Update Summary for September 2017
Issued: September 12, 2017
********************************************************************

This summary lists security updates released for September 2017.

Complete information for the September 2017 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>.

Critical...

The following CVEs and Microsoft security bulletin have undergone a minor revision increment Microsoft (Aug 23)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: August 23, 2017
********************************************************************

Summary
=======

The following CVEs and Microsoft security bulletin have undergone a
minor revision increment

* CVE-2016-7292
* CVE-2017-0167
* MS16-149

Revision Information:
=====================

CVE-2016-7292

- Title:...

The following CVE has been revised in the July 2017 Security Updates. Microsoft (Aug 16)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: August 16, 2017
********************************************************************

Summary
=======

The following CVE has been revised in the July 2017 Security Updates.

* CVE-2017-8607

Revision Information:
=====================

CVE-2017-8607

- Title: CVE-2017-8607 | Scripting Engine Memory Corruption...

The following CVEs have been revised in the July 2017 Security Updates. Microsoft (Aug 15)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: August 10, 2017
********************************************************************

NOTE: Second email attempt for this mailer.

Summary
=======

The following CVEs have been revised in the July 2017 Security Updates.

* CVE-2017-8572

Revision Information:
=====================

CVE-2017-8572

- Title: CVE-2017-8572 |...

The following CVE has undergone a major revision increment. Microsoft (Aug 14)
********************************************************************
Title: Microsoft Security Update Releases
Issued: August 10, 2017
********************************************************************

NOTE: Second email attempt for this mailer.

Summary
=======

The following CVE has undergone a major revision increment.

* CVE-2017-8658

CVE Revision Information:
=====================

CVE-2017-8658

- Title: CVE-2017-8658 | Scripting...

The following CVE has undergone a major revision increment. Microsoft (Aug 14)
********************************************************************
Title: Microsoft Security Update Releases
Issued: August 14, 2017
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment.

* CVE-2017-8665

CVE Revision Information:
=====================

CVE-2017-8665

- Title: CVE-2017-8665 | Xamarin.iOS Elevation Of Privilege
Vulnerability
-...

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

Verizon: 1.5M of Contact Records Stolen, Now on Sale Jeffrey Walton (Mar 26)
http://www.mobipicker.com/verizon-1-5m-contact-records-stolen-now-sale/:

A business to business telecommunication giant,
Verizon Enterprise Solutions, a Basking Ridge,
New Jersey-based company, has been the latest
victim of a cyber crime that stole 1.5 million contact
records of the customers of Verizon...

I don't quite understand this double talk. Could someone explain to me:

A spokesperson from Verizon said that...

Statement on Lavabit Citation in Apple Case Jeffrey Walton (Mar 16)
(From John Young on another list):
http://www.facebook.com/KingLadar/posts/10156714933135038

As many of you already know, the government cited the Lavabit case in
a footnote. The problem is their description insinuates a precedent
that was never created. Obviously I was somewhat disturbed by their
misrepresentation. So I decided to draft a statement. And keep in
mind, these are the same people who say "trust us." Click continue to
read...

The NSA's back door has given every US secret to our enemies Jeffrey Walton (Feb 29)
http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2

Deng Xiaoping, in 1979 - his second year as supreme leader of China -
perceived a fundamental truth that has yet to be fully grasped by most
Western leaders: Software, if properly weaponized, could be far more
destructive than any nuclear arsenal.

Under Deng’s leadership, China began one of the most ambitious and
sophisticated meta- software...

Can Spies Break Apple Crypto? Jeffrey Walton (Feb 27)
Here's an interesting exchange between Cryptome and Michael Froomkin,
Law Professor at University of Miami, on the All Writs Act
(http://cryptome.org/2016/02/can-spies-break-apple-crypto.htm):

-----

A. Michael Froomkin:

The factual posture in the key Supreme Court precedent, New York
Telephone, involved a situation where only the subject of the order
was capable of providing the assistance at issue. This is the basis
for Apple's...

The FBI's iPhone Problem: Tactical vs. Strategic Thinking Jeffrey Walton (Feb 23)
http://www.technewsworld.com/story/83130.html

I'm an ex-sheriff, and I've been in and out of security jobs for much
of my life, so I've got some familiarity with the issues underlying
the drama between the FBI and Apple. FBI officials -- and likely those
in every other three-letter agency and their counterparts all over the
world -- would like an easier way to do their jobs. Wouldn't we all?

If they could put cameras in...

Wanted: Cryptography Products for Worldwide Survey Jeffrey Walton (Jan 01)
(http://www.schneier.com/crypto-gram/archives/2015/1215.html):

In 1999, Lance Hoffman, David Balenson, and others published a survey
of non-US cryptographic products. The point of the survey was to
illustrate that there was a robust international market in these
products, and that US-only export restrictions on strong encryption
did nothing to prevent its adoption and everything to disadvantage US
corporations. This was an important contribution...

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

ImageMagick : CVE-2017-14989 : heap use-after-free in RenderFreetype NOIRFATE (Oct 09)
Description:
The RenderFreetype function in MagickCore/annotate.c in ImageMagick allows attackers to cause a denial of service via a
crafted font file.

Affected version:
ImageMagick 7.0.7-3 (maybe previous versions are affected as well)

Fixed version:
ImageMagick 7.0.7-7

Commit fix:
https://github.com/ImageMagick/ImageMagick/commit/97740ccc177ee264e79091fa573d994eb6b05628

Details:
https://github.com/ImageMagick/ImageMagick/issues/781...

OpenEXR : CVE-2017-14988 : DOS in Header::readfrom NOIRFATE (Oct 09)
Description:
The Header::readfrom function may allocate any size of memory specified by user via a crafted exr image file, and cause
DOS.

Affected version:
openexr 2.2.0

Fixed version:
No upstream fix available

Details:
https://github.com/openexr/openexr/issues/248

Credit:
This bug was discovered by Yihan Lian of GearTeam at Qihoo360

CVE:
CVE-2017-14988

Re: The Internet Bug Bounty: Data Processing (hackerone.com) Reed Loden (Oct 09)
On Sun, Oct 8, 2017 at 11:24 PM Michael Niedermayer <michael () niedermayer cc>
wrote:

Awesome! Thanks for getting back to us.

We've added FFmpeg to the scope at the bottom of
https://hackerone.com/ibb-data.

Happy hacking,
~reed
(for the IBB)

Re: The Internet Bug Bounty: Data Processing (hackerone.com) Michael Niedermayer (Oct 08)
Hi

Your mails where misidentified as spam on my side at least, and while
i admit i saw them and wanted to reply later i forgot and somehow
apparently everyone else forgot to reply too.
Finally replied and yes of course FFmpeg wants to participate

Thanks

答复: [oss-security] CVE-2017-14160: libvorbis-1.3.5 bark_noise_hybridmp() integer signedness bug 连一汉 (Oct 08)
I have add poc-attachment on https://gitlab.xiph.org/xiph/vorbis/issues/2330 :)

-----邮件原件-----
发件人: Guido Günther [mailto:agx () sigxcpu org]
发送时间: 2017年10月1日 2:36
收件人: 连一汉
抄送: oss-security () lists openwall com
主题: Re: [oss-security] CVE-2017-14160: libvorbis-1.3.5 bark_noise_hybridmp() integer signedness bug

Hi,

Where can the reproducer for this be found? Can you attach it to...

Re: Several Privilege Escalation issues in Kanboard <= 1.0.46 Henri S. (Oct 08)
I usually request one CVE identifier per issue type if they are fixed in the
same version and reported by the same person. Could you notify the list when
you have received the CVEs, thanks.

Reflected XSS vulnerability in Shaarli v0.9.1 chbi (Oct 07)
Hi,

I've discovered a security issue in Shaarli v0.9.1
(https://github.com/shaarli/Shaarli)

A reflected XSS vulnerability in Shaarli v0.9.1 allows an
unauthenticated attacker to inject JavaScript. If the victim is an
administrator, an attacker can (for example) takeover the admin session
or change global settings or add/delete links. It is also possible to
execute JavaScript against unauthenticated users.

Fix:...

Stored XSS vulnerabilities in Flyspray chbi (Oct 07)
Hi,

I've discovered two security issues in Flyspray (http://www.flyspray.org/)

A stored XSS vulnerability in Flyspray before 1.0-rc6 allows an
authenticated user to inject JavaScript to gain administrator privileges.

Fix:
https://github.com/Flyspray/flyspray/commit/754ec5d04348ef7ecb8cb02ade976dc412b031f8

A stored XSS vulnerability in Flyspray between 1.0-rc4 and 1.0-rc6
allows an authenticated user to inject JavaScript to gain...

CVE-2017-15038 Qemu: 9p: virtfs: information disclosure when reading extended attributes P J P (Oct 05)
Hello,

Quick Emulator(Qemu) built with the VirtFS, host directory sharing via Plan 9
File System(9pfs) support, is vulnerable to an information disclosure issue.
It could occur while accessing extended attributes of a file due to a race
condition.

A user inside guest could use this flaw to disclose uninitialised heap memory
contents on the host.

Upstream patch:
---------------
->...

[CVE-2017-14604] .desktop vulnerability again Yves-Alexis Perez (Oct 05)
Hi list,

I'm currently in the process of uploading a nautilus package fixing CVE-2017-
14604 which is again a vulnerability in the handling of desktop file. As I
don't think it's been discussed here, it might be a good idea to do a wrap-up,
and maybe start a discussion if people are interested and have good ideas.

There was some publicity on this at beginning of the year with a blog post
using that vulnerability in order to...

[CVE-2017-14614] GridGain Visor GUI Console - File System Path Traversal Andrey Bazhenov (Oct 05)
Severity: Important

Vendor: GridGain Systems

Versions Affected:

* GridGain 8.1.4 and earlier
* GridGain 1.9.6 and earlier
* GridGain 1.8.11 and earlier
* GridGain 1.7.15 and earlier

Impact:
The vulnerability impacts GridGain Visor GUI Management Console users. Visor allows open log files of remote cluster
nodes and observe them locally. To get the logs a user needs to provide a path to the files. Visor does not...

Fwd: X server fixes for CVE-2017-13721 & CVE-2017-13723 Alan Coopersmith (Oct 04)
-------- Forwarded Message --------
Subject: X server fixes for CVE-2017-13721 & CVE-2017-13723
Date: Wed, 4 Oct 2017 15:22:58 -0700
From: Alan Coopersmith <alan.coopersmith () oracle com>
Reply-To: xorg () lists freedesktop org
To: xorg-announce () lists x org

The X.Org Foundation today published fixes for CVE-2017-13721 & CVE-2017-13723
as part of the xorg-server 1.19.4 release.

Git commits for these vulnerabilities:...

Several Privilege Escalation issues in Kanboard <= 1.0.46 chbi (Oct 04)
Hi,

I've discovered several security issues in Kanboard <= 1.0.46
(https://kanboard.net)

1)
By altering form data an authenticated user can edit Name, Email,
Identifier, Description,... of a private project of another user.

2)
By altering form data an authenticated user can add a new task to a
private project of another user.

3)
By altering form data an authenticated user can edit columns of a
private project of another user.

4)
By...

binutils: infinite loop in find_abstract_instance_name (dwarf2.c) Agostino Sarubbo (Oct 04)
Description:
binutils is a set of tools necessary to build programs.

The relevant ASan output of the issue:

# nm -A -a -l -S -s --special-syms --synthetic --with-symbol-versions -D $FILE
==22616==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc2948efe8 (pc 0x0000004248eb bp 0x7ffc2948f8e0 sp
0x7ffc2948efe0 T0)
#0 0x4248ea in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*,...

binutils: divide-by-zero in decode_line_info (dwarf2.c) Agostino Sarubbo (Oct 04)
Description:
binutils is a set of tools necessary to build programs.

The complete ASan output of the issue:

# nm -A -a -l -S -s --special-syms --synthetic --with-symbol-versions -D $FILE
==11125==ERROR: AddressSanitizer: FPE on unknown address 0x7f5e01fd42e5 (pc 0x7f5e01fd42e5 bp 0x7ffdaa5de290 sp
0x7ffdaa5de0e0 T0)
#0 0x7f5e01fd42e4 in decode_line_info /var/tmp/portage/sys-devel/binutils-9999/work/binutils/bfd/dwarf2.c
#1...

Educause Security Discussion — Securing networks and computers in an academic environment.

Re: College Support of VPN on open Wi-Fi Kevin Crider (Oct 07)
This wasn’t my department that worked through the case(s), but yes I think that was pretty much what we did…plus a
little hand slap or lecture.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Frank
Barton
Sent: Saturday, October 7, 2017 6:45 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] College Support of VPN on open Wi-Fi

Kevin, so did you immediately...

Re: College Support of VPN on open Wi-Fi Frank Barton (Oct 07)
Kevin, so did you immediately classify the account as compromised? Lock it
out and make the student show up in person to get a new password?

I'm curious what you do in those cases

Frank

Re: College Support of VPN on open Wi-Fi Kevin Crider (Oct 06)
YES. Funny, we just discussed this yesterday and have this blocked already...mainly I think YouTube was the end point.

We discovered this by seeing in logs users were logged here on campus, and 8 times oversees also...all at once...

The big security issue I think was just the fact that users were sharing passwords!

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On...

Re: College Support of VPN on open Wi-Fi McClenon, Brady (Oct 06)
Anyone concerned about legal implications if their institution is providing overseas students a VPN tunnel that could
be used by the student to circumvent country or regional restrictions on content from providers like Netflix or Hulu?

Brady McClenon
IT Security Administrator
ITS - IT Security
SUNY Oneonta

Information Security is Everyone's Responsibility! Learn more at http://staysafeonline.org/ncsam/

-----Original Message-----
From:...

Re: College Support of VPN on open Wi-Fi Johnson, Matthew (Oct 06)
A good portion of our VPN access is from students / staff/ and faculty
traveling overseas. We encourage its use when people travel or return to
their home as it provides an additional level of protection when they
connect back to our internal resources.

To protect these accounts we recently enabled Duo two factor authentication
for all VPN connections. This will ensure that the proper account is
connecting through the VPN and only one...

Re: College Support of VPN on open Wi-Fi Valdis Kletnieks (Oct 05)
On Wed, 04 Oct 2017 23:44:35 -0000, "Corn, Michael" said:

Also make plans for how to deal with people that travel to California, or across
the state, and errant Geo-IP suddenly decides they're outside the US. Make sure
that your help desk is able to deal with these glitches *AND* that the procedure
is at least somewhat social engineering proof....

(Yes, I know that last part is a challenge involving tradeoffs ... :)

IAM Practices in Higher Ed - Survey Katelyn Ilkani (Oct 05)
Greetings!

I am conducting research on IAM practices in Higher Ed, looking at people, process and technology decisions. This
research will be used in both my master's thesis for the Executive Masters in Cybersecurity from Brown University, as
well as a Tambellini Group report on IAM Trends in Higher Ed. Participants will receive information on trends
identified from survey results. The survey should take about 5 minutes to complete and...

Re: College Support of VPN on open Wi-Fi Corn, Michael (Oct 04)
One thing to consider if you're rethinking your VPN strategy. Include a checkbox somewhere that, if checked, permits
access to the VPN from overseas. By default it should not be checked. This will provide some protection to accounts
from abuse since VPNs are frequent targets for use from overseas (esp. for those targeting your library resources).
MC

----------------------
Michael Corn | Chief Information Security Officer
mcorn () ucsd edu...

College Support of VPN on open Wi-Fi James Farr (Oct 04)
We have employees who require access to College resources from off campus.
These users request access, go through a vetting process, then are provided
a College managed VPN solution.

We also have employees who may be traveling and only need College email or
cloud storage. We encourage the use of VPN’s on open wireless networks.
We are evaluating what level of support we want to offer employees whose
only Wi-Fi interactions with college...

Quarterly HEISC Survey on Current Risks & Top Issues (Vote by Oct. 12) Valerie Vogel (Oct 04)
Greetings,

The Q4 HEISC survey on current risks and top issues is now open. This survey includes 2 questions and should only take
a few minutes of your time. Responses will be accepted through Thursday, October 12.

https://www.surveymonkey.com/r/66QMWNB

Background: Last year, we introduced a monthly informal poll to the Higher Education Information Security Council
(HEISC) working groups to get a general sense about current risks or top...

Re: High Sierra and Banner Ronald King (Oct 03)
Thank you all for your advise and help. It does appear to be java related
to a degree. We use a simple landing page after authentication that
redirects users based on the link they clock. Self-Service (WbSIS) seems to
be our problem, but, only with High Sierra with Safari 11. For Sierra with
Safari 11, the redirect is fine. The same is true for iOS 11. We have tried
the Develop mode with IE11. The UVic link is great and I have passed
along. We...

Re: High Sierra and Banner Matt Brehm (Oct 03)
There are issues with Safari running java, in addition to other browsers.
For Safari functionality, we have had to run it as if it were IE11. This in
addition to whitelisting Java to allow domain and port access.

https://www.imore.com/how-view-websites-your-mac-require-internet-explorer-or-pc

Matthew Brehm
IT <http://intranet.pcc.edu/departments/technology-solutions/> - TSA (RC)
971-722-7494
Building 2 Room 250
*Portland Community...

Re: High Sierra and Banner Ric Getter (Oct 03)
FYI,
I did some poking around and found this post from University of Victoria (
https://www.uvic.ca/systems/status/notices/current/macos-high-sierra-release.php)
that mentions Banner and the need to re-enable Java plug-ins for it to run
after upgrading to High Sierra. They didn't mention any other issues,
though.

Ric

Ric Getter
PCC Media Production/PCC-TV
Educational Advisory Council Membership Chair
Portland Community College - Sylvania...

Re: High Sierra and Banner Mahmud Rahman (Oct 03)
We don't have any Macs on campus on High Sierra but our Desktop team is
putting one in place so we can test Banner. Is the issue Java or a new
version of Safari that won't work with Java-based Oracle Forms?

Mahmud Rahman MFA '04
Director of Systems and Banner Services, ITS
Mills College, Oakland CA
(510)430-2257
mrahman () mills edu

Re: High Sierra and Banner Blackwood, James (Oct 03)
What version of Banner are you on? If you’re still on the 8.x version (we are) then you may be having problems with
Java functionality. I’m running High Sierra and haven’t had any issues but I’m using the ESR version of Firefox.

James

They’re not able to access banner after Mac upgrade? Or is it some other sort of problem?

-Adam

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On...

Internet Issues and Infrastructure

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

Re: Anyone from AT&T DNS? Mark Andrews (Oct 08)
In message <CAN414UfOQH-rOsJ4V_idiv-2UQi0jVM=w5AOs6HmnA-NkDvESg () mail gmail com>, Jay Farrell via NANOG writes:

DNS labels can be octet string [0..63] with the zero length octet
string being being reserved or the root label and '*' for the
wildcard label (there is no way to turn this off).

Hostnames on the other hand are restricted to LDH.

Unfortunately many tools are not written by people who understand
the difference....

Re: Anyone from AT&T DNS? Mark Andrews (Oct 08)
In message <50298399-672D-4BA1-A726-7128B84B89FF () apple com>, Matt Peterman writes:

Which is "128925.168.207.107.in-addr.arpa." when fed into a domain
name parser. DNS escapes sequences are DECIMAL not OCTAL. I suggest
that you log a bug report.

128/25.168.207.107.in-addr.arpa. == 128\04725.168.207.107.in-addr.arpa

RFC 1035

\DDD where each D is a digit is the octet corresponding to
the decimal...

Re: Hurricane Maria: Summary of communication status - and lack of Mike Hammett (Oct 08)
A quick perspective from the US Virgin Islands of how the carriers have fared / performed:

AT&T = had a couple towers with some cell coverage after Irma and Maria. A testament to good engineering at the tower,
and redundancy in their network design. Primarily microwave backhaul, but leasing some fiber from the ILEC named Viya.
AT&T has a major undersea cable station and POP on STT in downtown Charlotte Amalie. They have been making...

RE: Cisco ISE Mann, Jason (Oct 07)
Yes I would be curious as to what issues you are running into? We currently use ACS to do 802.1x authentication for all
of our Wired/Wireless clients and will move that functionality over to ISE. We would also like to start doing
provisioning/nac and certificate authority on the ISE, as well as PXGrid into InfoBlox, NetScout, F5, APIC-EM, and
Cisco Prime 3.1

-----Original Message-----
From: Rheams, Doug [mailto:doug.rheams ()...

Re: Hurricane Maria: Summary of communication status - and lack of Javier J (Oct 07)
@ Jean

Interesting stuff. Please keep this thread updated with info on that
initiative.

Re: Cisco ISE Scott Morris (Oct 06)
There are other products out there that give more successful results much quicker and with much less effort.

While I won’t spam the list with things, I’d be happy to share my experience off-list if desired.

Scott

-----Original Message-----
From: NANOG <nanog-bounces () nanog org> on behalf of Smoot Carl-Mitchell <smoot () tic com>
Date: Friday, October 6, 2017 at 10:09 PM
To: "Christopher J. Wolff" <cjwolff () nola...

Re: Cisco ISE Smoot Carl-Mitchell (Oct 06)
ISE is challenging. I helped deploy and manage a 2.1.0.474
installation with about 5,000 end points. The hardest part was
designing the access policies There is also some quirkiness depending
on what switches you have in your environment. Different switches and
different IOS levels require in some cases slightly different
switchport configurations. Keeping everything in sync can also be
painful. I ended up writing a web based tool to audit...

Re: Hurricane Maria: Summary of communication status - and lack of Jean-Francois Mezei (Oct 06)
I have not ound the official announcements, but the press is reporting
that the FCC has granted Google rights to fly 30 of its "Loon" high
altitude ballons to provide cellular cervice in Puerto Rico for up to 6
months.

(From my readings, there are glorified relays of ground based signals
(which I assume some antennas have to be oriented to face up towards the
balloons).

The Loon will use spectrum allocated to the carriers they relay...

Re: Hurricane Maria: Summary of communication status - and lack of Sean Donelan (Oct 06)
In addition to government and carriers working on the large-scale
infrastructure to restore telecommunications in Puerto Rico, U.S. Virgin
Islands and other Caribbean islands; I've found the following
non-government organizations with people on the ground in the disaster
areas working on communications needed emergency and relief efforts.

I've limited this list to those groups I've been able to confirm on the
ground response,...

Re: Cisco ISE Darin Herteen (Oct 06)
Any particular part of the product giving you trouble or just the migration to the product itself ?

Running 5.7 here a multi-vendor endpoint environment using both TACACS+ & RADIUS for device administration and have
been curious about the pain I may or may not have ahead of me...

________________________________
From: NANOG <nanog-bounces () nanog org> on behalf of Christopher J. Wolff <cjwolff () nola gov>
Sent: Friday,...

Re: Cisco ISE Christopher J. Wolff (Oct 06)
Proceed with extreme caution. You may want to have that end of life ACS deployment bake for another six months. You
will want to have the highest level of Cisco engineering engaged should you choose to go this direction.

As would I. We are going to start a project that is replacing ACS 5.7 with ISE 2.X

-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Christopher J. Wolff
Sent: Friday, October 6, 2017...

RE: Cisco ISE Mann, Jason (Oct 06)
As would I. We are going to start a project that is replacing ACS 5.7 with ISE 2.X

-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Christopher J. Wolff
Sent: Friday, October 6, 2017 2:41 PM
To: nanog () nanog org
Subject: Cisco ISE

Is anyone successfully deploying ISE 2.X? I’m six months into it on about 10,000 endpoints and it seems like it’s a
highly challenged product. I’d love to hear your...

Cisco ISE Christopher J. Wolff (Oct 06)
Is anyone successfully deploying ISE 2.X? I’m six months into it on about 10,000 endpoints and it seems like it’s a
highly challenged product. I’d love to hear your experiences on or off-list. Thanks in advance.

Re: RFC 1918 network range choices Ryan Harden (Oct 06)
Interesting you call sections 2,4,5 a security model when section 6 explicitly states "Security issues are not
addressed in this memo.”

Sections 2, 4, and 5 are motivational and design considerations. Using RFC1918 space is not and should not be
considered a security practice.

/Ryan

Ryan Harden
Research and Advanced Networking Architect
University of Chicago - ASN160
P: 773.834.5441

Re: RFC 1918 network range choices Daniel Karrenberg (Oct 06)
If I recall correctly not one of the authors was a "big supporter". Some
things are not full of beauty and glory; yet they have to be done.
I recall a number of conversations with Jon about this, at least one of
them face-to-face. I am convinced he fully agreed that it was necessary.

Daniel

Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating

Why Freada Kapor Klein thinks there's a moral crisis in Silicon Valley Dave Farber (Oct 08)
Begin forwarded message:

> From: the keyboard of geoff goodfellow <geoff () iconia com>
> Date: October 8, 2017 at 6:52:30 PM EDT
> To: "E-mail Pamphleteer Dave Farber's Interesting People list" <ip () listbox com>
> Subject: Why Freada Kapor Klein thinks there's a moral crisis in Silicon Valley
>
> Why Freada Kapor Klein thinks there's a moral crisis in Silicon Valley
> Andrew Keen
>...

Why Facebook is in a hole over data mining [is cuz earns nearly $20 per user per year (in the US and Canada) by monetising their data.]" Dave Farber (Oct 08)
Begin forwarded message:

> From: the keyboard of geoff goodfellow <geoff () iconia com>
> Date: October 8, 2017 at 4:23:17 PM EDT
> To: "E-mail Pamphleteer Dave Farber's Interesting People list" <ip () listbox com>
> Subject: Why Facebook is in a hole over data mining [is cuz earns nearly $20 per user per year (in the US and Canada)
> by monetising their data.]"
>
> Why Facebook is in a hole...

Re Google to Provide Cellphone Service to Storm-Ravaged Puerto Rico Using Balloons Dave Farber (Oct 08)
Begin forwarded message:

> From: Bob Hinden <bob.hinden () gmail com>
> Date: October 8, 2017 at 12:53:51 PM EDT
> To: Dave Farber <dave () farber net>
> Cc: Bob Hinden <bob.hinden () gmail com>
> Subject: Re: [IP] Re Google to Provide Cellphone Service to Storm-Ravaged Puerto Rico Using Balloons
>
> Dave,
>
> For IP.
>
> I disagree with Ellen on this. Puerto Rico does not working power...

Re Google to Provide Cellphone Service to Storm-Ravaged Puerto Rico Using Balloons Dave Farber (Oct 07)
Begin forwarded message:

> From: Ellen Ullman <ullman () well com>
> Date: October 7, 2017 at 3:28:23 PM EDT
> To: dave <dave () farber net>
> Subject: Re: [IP] Google to Provide Cellphone Service to Storm-Ravaged Puerto Rico Using Balloons
> Reply-To: Ellen Ullman <ullman () well com>
>
> A reply for IP, if you wish.
>
> The Loon Balloons are a perfect example of billionaires "fixing"...

'Our minds can be hijacked': the tech insiders who fear a smartphone dystopia | Technology | The Guardian Dave Farber (Oct 07)
> Begin forwarded message:
>
> From: Allan Davidson <alland () heckerty com>
> Subject: 'Our minds can be hijacked': the tech insiders who fear a smartphone dystopia | Technology | The Guardian
> Date: October 7, 2017 at 12:14:39 PM EDT
> To: Dave Farber <dave () farber net>
>
> Hi Dave,
>
>> Thought this story might interest list members.
>
> Allan
>
>
>>...

Google to Provide Cellphone Service to Storm-Ravaged Puerto Rico Using Balloons Dave Farber (Oct 07)
Begin forwarded message:

> From: jonathan.spira () accuramediagroup com
> Date: October 7, 2017 at 12:56:16 PM EDT
> To: dfarber <dave () farber net>
> Subject: Google to Provide Cellphone Service to Storm-Ravaged Puerto Rico Using Balloons
>
> Dave
>
> Good use of the public airwaves:
>
> Google to Provide Cellphone Service to Storm-Ravaged Puerto Rico Using Balloons
>
> http://accura.cc/2b8v8c...

As U.S. Retreats From World Organizations, China Steps in to Fill the Void | Foreign Policy Dave Farber (Oct 06)
“REPORT
As U.S. Retreats From World Organizations, China Steps in to Fill the Void
Beijing is trying to repurpose abandoned international agencies like UNESCO to serve its strategic interests — such as
controlling the internet.
http://foreignpolicy.com/2017/10/06/as-u-s-retreats-from-world-organizations-china-steps-in-the-fill-the-void/

-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS...

Re Publishers seek removal of millions of papers from ResearchGate Dave Farber (Oct 06)
Begin forwarded message:

> From: Sven Bilen <SBilen () engr psu edu>
> Date: October 6, 2017 at 12:12:48 PM EDT
> To: "dave () farber net" <dave () farber net>
> Subject: RE: [IP] Publishers seek removal of millions of papers from ResearchGate
>
> Dave,
>
> As an academic, I use ResearchGate heavily. There is clear value for academics having these types of dedicated
> social networks as they...

Stoking Islamophobia and secession in Texas -- from an office in Russia DAVID FARBER (Oct 06)
Begin forwarded message:

> From: Lauren Weinstein <lauren () vortex com>
> Date: October 6, 2017 at 1:02:40 AM EDT
> To: nnsquad () nnsquad org
> Subject: [ NNSquad ] Stoking Islamophobia and secession in Texas -- from an office in Russia
>
>
> Stoking Islamophobia and secession in Texas -- from an office in Russia
>
> http://www.cnn.com/2017/10/05/politics/heart-of-texas-russia-event/index.html
>
>...

For indecisive types: Apple iPhone 8 Plus versus iPhone X: Which iPhone Is For Me? Dave Farber (Oct 06)
Begin forwarded message:

> From: jonathan.spira () accuramediagroup com
> Date: October 6, 2017 at 9:49:41 AM EDT
> To: dfarber <dave () farber net>
> Subject: For indecisive types: Apple iPhone 8 Plus versus iPhone X: Which iPhone Is For Me?
>
> Dave
>
> Of possible interest to you and other IPers given that this is a well-documented comparison of the two new iPhone
> models.
>
> Apple iPhone 8 Plus...

Nobel Peace Prize and the End of War Dave Farber (Oct 06)
Begin forwarded message:

> From: John Horgan <jhorgan () stevens edu>
> Date: October 6, 2017 at 11:28:42 AM EDT
> To: Dave Farber <farber () gmail com>
> Cc: John Horgan <jhorgan () stevens edu>
> Subject: Nobel Peace Prize and the End of War
>
> Dave, thought your list might find this post on today's Nobel Peace Prize announcement interesting. John Horgan
>
> Nobel Prize for Efforts to Ban...

Publishers seek removal of millions of papers from ResearchGate Dave Farber (Oct 06)
Begin forwarded message:

> From: Richard Forno <rforno () infowarrior org>
> Date: October 6, 2017 at 7:11:36 AM EDT
> To: Infowarrior List <infowarrior () attrition org>
> Cc: Dave Farber <dave () farber net>
> Subject: Publishers seek removal of millions of papers from ResearchGate
>
> Publishers seek removal of millions of papers from ResearchGate
>
> Academic social network accused of infringing...

Pre-Venta, ULTIMAS UNIDADES DISPONIBLES no responder (Oct 06)
Su Cliente de Mail NO soporta mensajes en formato HTML.

Para ver correctamente el contenido del correo COPIE y PEGUE la siguiente URL
en su Navegador Web (Chrome / Internet Explorer / FireFox / Safari)

https://app.embluemail.com/Online/VO.aspx?6c4h-R-ek5bi7ajbKwIKEi-R-9i:,i,9-R-0

Sobre Stock, saldos y remanentes Super Oportunidad!!! Mayorista de Vinos (Oct 05)

MAYORISTA VINOS

Productos con sobre stock, saldos y discontinuos

precios unicos, cantidad de cajas limitada.

 

Vinos

Lagarde Malbec y Cabernet x 6 precio lista $ 1.218.-  Oferta $ 899.-  10 cajas

Lagarde Sauvignon Blanc x 6 precio de lista $ 1.218.-  Oferta $ 899.- 4 cajas

Escorihuela Gascon Malbec x 6 precio de lista $ 1.411.- Oferta $ 1.069.- 12 cajas

Escorihuela Gran Reserva Malbec x 6...

Sundar Pichai says the future of Google is AI. But Can He Fix the Algorithm? Dave Farber (Oct 05)
Begin forwarded message:

> From: Dewayne Hendricks <dewayne () warpspeed com>
> Date: October 5, 2017 at 10:56:09 AM EDT
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] Sundar Pichai says the future of Google is AI. But Can He Fix the Algorithm?
> Reply-To: dewayne-net () warpspeed com
>
> Sundar Pichai says the future of Google is AI. But Can He Fix the...

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

Risks Digest 30.47 RISKS List Owner (Sep 29)
RISKS-LIST: Risks-Forum Digest Friday 29 September 2017 Volume 30 : Issue 47

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.47>
The current issue can also...

Risks Digest 30.46 RISKS List Owner (Sep 11)
RISKS-LIST: Risks-Forum Digest Monday 11 September 2017 Volume 30 : Issue 46

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.46>
The current issue can also...

Risks Digest 30.44 RISKS List Owner (Aug 31)
RISKS-LIST: Risks-Forum Digest Thursday 31 August 2017 Volume 30 : Issue 44

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.44>
The current issue can also be...

Risks Digest 30.43 RISKS List Owner (Aug 14)
RISKS-LIST: Risks-Forum Digest Monday 14 August 2017 Volume 30 : Issue 43

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.43>
The current issue can also be...

Risks Digest 30.42 RISKS List Owner (Aug 07)
RISKS-LIST: Risks-Forum Digest Monday 7 August 2017 Volume 30 : Issue 42

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.42>
The current issue can also be...

Risks Digest 30.41 RISKS List Owner (Aug 01)
RISKS-LIST: Risks-Forum Digest Tuesday 1 August 2017 Volume 30 : Issue 41

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.41>
The current issue can also be...

Risks Digest 30.40 RISKS List Owner (Jul 28)
RISKS-LIST: Risks-Forum Digest Friday 28 July 2017 Volume 30 : Issue 40

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.40>
The current issue can also be...

Risks Digest 30.39 RISKS List Owner (Jul 22)
RISKS-LIST: Risks-Forum Digest Saturday 22 July 2017 Volume 30 : Issue 39

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.39>
The current issue can also be...

Risks Digest 30.38 RISKS List Owner (Jul 17)
RISKS-LIST: Risks-Forum Digest Monday 17 July 2017 Volume 30 : Issue 38

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.38>
The current issue can also be...

Risks Digest 30.37 RISKS List Owner (Jul 14)
RISKS-LIST: Risks-Forum Digest Friday 14 July 2017 Volume 30 : Issue 37

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.37>
The current issue can also be...

Risks Digest 30.36 RISKS List Owner (Jul 07)
RISKS-LIST: Risks-Forum Digest Friday 7 July 2017 Volume 30 : Issue 36

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.36>
The current issue can also be...

Risks Digest 30.35 RISKS List Owner (Jun 28)
RISKS-LIST: Risks-Forum Digest Wednesday 28 June 2017 Volume 30 : Issue 35

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.35>
The current issue can also be...

Risks Digest 30.34 RISKS List Owner (Jun 24)
RISKS-LIST: Risks-Forum Digest Saturday 24 June 2017 Volume 30 : Issue 34

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.34>
The current issue can also be...

Risks Digest 30.32 RISKS List Owner (Jun 10)
RISKS-LIST: Risks-Forum Digest Saturday 10 June 2017 Volume 30 : Issue 32

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.32>
The current issue can also be...

Risks Digest 30.31 RISKS List Owner (Jun 08)
RISKS-LIST: Risks-Forum Digest Thursday 8 June 2017 Volume 30 : Issue 31

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.31>
The current issue can also be...

BreachExchange — BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.

Open Source Tool Development

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

Re: XXXX: avoid appending xxxx multiple times to frame.protocols field Evan Huus (Oct 06)
It sounds to me like it shouldn’t be a set or a list, but a tree?

Evan

Re: XXXX: avoid appending xxxx multiple times to frame.protocols field Michael Mann via Wireshark-dev (Oct 06)
There's also this explanation: https://www.wireshark.org/lists/wireshark-dev/201701/msg00005.html

-----Original Message-----
From: Pascal Quantin <pascal.quantin () gmail com>
To: Developer support list for Wireshark <wireshark-dev () wireshark org>
Sent: Fri, Oct 6, 2017 3:06 am
Subject: Re: [Wireshark-dev] XXXX: avoid appending xxxx multiple times to frame.protocols field

Hi Roland,

2017-10-06 8:23 GMT+02:00 Roland Knall...

Re: XXXX: avoid appending xxxx multiple times to frame.protocols field Roland Knall (Oct 06)
There is code, that depends on the sequence. It is important to know
sometimes, if it is the first or the last entry.

I could do with a shortcut, but then we have to store the sequence
internally ( which is not a big issue ), but would prefer to have a signal
in the list. e.g. eth:epl:*opensafety fo determine, that that protocol is
repeated multiple times.

I do not like the solution in general, much rather would hae to have
individual packets,...

Re: XXXX: avoid appending xxxx multiple times to frame.protocols field Guy Harris (Oct 06)
And there's code that depends on that entry being

eth:epl:opensafety:opensafety:opensafety

rather than just being

eth:epl:opensafety

even with three sequential openSAFETY packets atop Ethernet POWERLINK?

Re: XXXX: avoid appending xxxx multiple times to frame.protocols field Roland Knall (Oct 06)
Yeap, that is exactly the case with for instance openSAFETY. Usually a list
would be eth:epl:opensafety|opensafety|opensafety (using | to better define
the parrallel behavior).

Same goes for nearly all industrial ethernet protocols, who implement bus
coppler devices, where by definition multiple protocols can be seen on the
overlying fieldbus in a single packet.

cheers

Re: XXXX: avoid appending xxxx multiple times to frame.protocols field Pascal Quantin (Oct 06)
Hi Roland,

2017-10-06 8:23 GMT+02:00 Roland Knall <rknall () gmail com>:

Here it is: https://code.wireshark.org/review/19464

Re: XXXX: avoid appending xxxx multiple times to frame.protocols field Guy Harris (Oct 05)
So there are cases where, for example, for code that examines the protocol list, that code would need to see, for
example, eth:ip:tcp:x11:x11:x11 for a TCP segment containing three X11 requests or replies, rather than just seeing
eth:ip:tcp:x11?

(BTW, the protocol list is a linearization of a structure that's not linear - x11:x11:x11 doesn't mean X11 inside X11
inside X11, it means 3 X11's inside TCP. Hopefully no software...

Re: XXXX: avoid appending xxxx multiple times to frame.protocols field Roland Knall (Oct 05)
Personally I think moving to a set would reduce functionality for some
applications. Industrial ethernet applications for instance heavily rely on
multiple protocols being transported in single frames multiple times (one
UDP packet contains a lot of openSAFETY frames, which themselve could
contain data dissectors).

So -1 for me for moving to a set.

@Pascal - could you point me in the direction of Michael's change you
mentioned (pino...

Re: XXXX: avoid appending xxxx multiple times to frame.protocols field Pascal Quantin (Oct 05)
Hi Guy,

Le 5 oct. 2017 23:20, "Guy Harris" <guy () alum mit edu> a écrit :

A given frame's dissection can have multiple packets for a given protocol,
if, at any protocol layer, a PDU can contain multiple PDUs for the next
layer above it (or parts of multiple PDUs, as with byte-stream protocols
such as TCP).

Some recent changes have been submitted to fix that for particular
protocols.

However, the underlying problem is...

XXXX: avoid appending xxxx multiple times to frame.protocols field Guy Harris (Oct 05)
A given frame's dissection can have multiple packets for a given protocol, if, at any protocol layer, a PDU can contain
multiple PDUs for the next layer above it (or parts of multiple PDUs, as with byte-stream protocols such as TCP).

Some recent changes have been submitted to fix that for particular protocols.

However, the underlying problem is that frame.protocols is intended to be a set (in which a given item can occur only
once)...

Re: Help on data from wiresharck Anne Blankert (Oct 05)
I interpret

2336 191.200998 HuaweiTe_21:8d:a5 Broadcast ARP 60 Who has
169.254.88.123? Tell 192.168.1.111

as:

A network device, made by Huawei, is asking all machines connected to the
network for the MAC-address of machine with link-local ipv4 address
169.254.88.123.
The network device claims the answer should be sent to 192.168.1.111.
Normally, this means that the Huawei device is using ip 192.168.1.111.

For some reason device...

Re: Help on data from wiresharck Guy Harris (Oct 04)
Not necessarily. "HuaweiTe" is short for "Huawei Technologies Co.", and Huawei offer servers:

http://e.huawei.com/en/products/cloud-computing-dc/servers

and storage equipment:

http://e.huawei.com/en/products/cloud-computing-dc/storage

and networking equipment:

http://e.huawei.com/en/products/enterprise-networking/switches

http://e.huawei.com/en/products/enterprise-networking/routers

as...

Re: Help on data from wiresharck Graham Bloice (Oct 04)
On 4 October 2017 at 12:07, Antonio Bernabei <abernabei () otticabernabei com>
wrote:

The element "HuaweiTe_21:8d:a5" indicates a device with a MAC address
corresponding to one issued by HuaweiTe and probably using IP address
192.168.1.111 was sending the request.

A MAC address contains info about the device vendor and a unique per-device
value. See the Wiki page on Ethernet addresses for for info:...

Re: Help on data from wiresharck Antonio Bernabei (Oct 04)
But why there is

HuaweiTe

Is it a phone trying to connect to our lan? Maybe by wifi?

Thanks

Il 04/10/2017 12:52, sunil singh ha scritto:

---
Questa e-mail è stata controllata per individuare virus con Avast antivirus.
https://www.avast.com/antivirus

Re: Help on data from wiresharck sunil singh (Oct 04)
Hi,

Host unit/ controlling unit and slave unit ip/vlan configuration check
required.

br//
sunil singh

On 03-Oct-2017 2:55 PM, "Antonio Bernabei" <abernabei () otticabernabei com>
wrote:

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

Re: how to permanently supress noisy rules for snort running Ubuntu Purvesh Patolia (Oct 08)
No there is no process that I am aware of? How do I verify that?

Thank you,
Purvesh Patolia
Network & Systems Administrator | Angoss Software Corporation
416-593-2437 | ppatolia () angoss com<mailto:name () angoss com> | www.angoss.com<http://www.angoss.com>
KnowledgeSEEKER® | KnowledgeSTUDIO® | KnowledgeREADER™ | ScorecardBUILDER™ | KnowledgeCLOUD™
[Email-signature-banner_09_25_2017]<http://bit.ly/2xsHOaX>
This...

Re: how to permanently supress noisy rules for snort running Ubuntu Purvesh Patolia (Oct 08)
So is there a document? Or some process to see what is causing the supress to fail? Can someone help me?

Thank you,
Purvesh Patolia
Network & Systems Administrator | Angoss Software Corporation
416-593-2437 | ppatolia () angoss com<mailto:name () angoss com> | www.angoss.com<http://www.angoss.com>
KnowledgeSEEKER® | KnowledgeSTUDIO® | KnowledgeREADER™ | ScorecardBUILDER™ | KnowledgeCLOUD™...

Re: High Amount of http_inspect: OVERSIZE REQUEST-URI DIRECTORY wkitty42 (Oct 07)
wow... that's really old...

i will do this this once in private... the NOTE at the end of my post(s) still
applies so this reply is also CC'd to the snort list...

in your snort.conf, look for the "preprocessor http_inspect" section... then
look for the "oversize_dir_length" setting and adjust the number larger or
smaller as desired... you should read the README.http_inspect file, as well...
probably the other...

(no subject) Việt Nam via Snort-users (Oct 06)

OpenAppid rules explanation and behavior, Snort Inline DAQ afpacket Tarek Ben Soltane via Snort-users (Oct 06)
Dear All,
I hope you are doing great.
I am running Snort 2.9.9 Inline Mode With DAQ. I am able to drop rules
correctly.
I recently installed openappid and I have created a rule to drop facebook
access such as:

"drop tcp any any -> any any (msg:"OpenAppID: Use of Facebook"; appid:
facebook; sid:100007; rev:1;)"

I am not sure if this rule is correct, But I can see the alerts on my
terminal such as:

"[Drop] [**]...

Re: snort packet rate filter rules issue on linux kernel 4.4.74 alex cheimarios via Snort-devel (Oct 05)
Looks like it works on Ubuntu with kernel 4 though. So it could have been
something in the kernel config.

Snort Subscriber Rules Update 2017-10-05 Research (Oct 05)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the blacklist,
file-multimedia, file-other, malware-cnc, policy-other and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Re: Services Offered by Freelance Network and Infrastructure Engineer Joel Esler (jesler) via Snort-users (Oct 04)
We do not allow advertising on the Snort lists. As listed in the “About” section for this list:

Services Offered by Freelance Network and Infrastructure Engineer Turritopsis Dohrnii Teo En Ming via Snort-users (Oct 04)
Worldwide Announcement 4th October 2017

This announcement addresses individuals and Small and Medium Businesses (SMB).

As a freelance network and infrastructure engineer based in Singapore,
I am offering the following services:

1. Basic installation and configuration of Cisco routers and switches

2. Basic installation and configuration of Cisco Adaptive Security
Appliance (ASA) VPN Firewalls

3. Basic installation and configuration of...

Re: Step #1 Set the Network Variables Paul O'Brien via Snort-users (Oct 04)
I apologize, I use pulled pork for rules. I have over 30,000 active rules according to pulled pork. I realize that
might be excessive for a home network but reviewing 30,000 rules seems like it might be the reason people just suppress
noisy rules. Any other suggestions?

Thanks,
Dan

"Better is a poor man who walks in his integrity than a rich man who is crooked in his ways." - Proverbs 28:6

Sent from my iPhone

Re: Step #1 Set the Network Variables Marcin Dulak via Snort-users (Oct 04)
snort rules are not consistent in the usage of the variables. Go over all
your active rules and verify they contain any variables relevant for your
case.

Best regards,

Marcin

Step #1 Set the Network Variables Dan O'Brien via Snort-users (Oct 04)
Good morning Snort Users,

In my quest to have a configured NIDS, I realized I may have put the cart
before the horse during setup. I used a guide to setup my system and I am
trying to learn as I go. Yesterday, in researching the http_inspect
preprocessor, I happened to open the snort.conf and realized I may have
suppressed some rules instead of setting up some of the primary settings.
Instead of just suppressing rule 120/3, I would like to try...

Setting up Snort Rules (for a first timer) Ibrahim Ahmed via Snort-users (Oct 03)
Hi everyone,

First time snort user here. A question about setting up the rules in Snort
2.9.9.

snort.conf lists the following under its *Step #7: 'Customize your rule se*t'
section.

*# site specific rulesinclude $RULE_PATH/local.rulesinclude
$RULE_PATH/app-detect.rulesinclude $RULE_PATH/attack-responses.rulesinclude
$RULE_PATH/backdoor.rules*

I see that all of these rules, '*app-detect*', '*attack-responses*',...

Re: Rule set comparison Joel Esler (jesler) via Snort-users (Oct 03)
Hello,

I'm new to SNORT. I want to establish a good rule set base. I have downloaded and installed the latest Registered rule
set. I also downloaded the rules from GitHub.

Comparing the two sets I have found that although the Registered set has newer copyright notices, some of the rule
files from GitHub have more rules. For instance the icmp.rules file in the Registered set is empty, whereas the one
from GitHub has several...

Snort Subscriber Rules Update 2017-10-03 Research (Oct 03)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-other,
malware-cnc, malware-other, protocol-dns, pua-adware and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

More Lists

Related Resources

We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.