SecLists.Org Security Mailing List Archive

Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:

Insecure.Org Lists

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

Pull Request 1455: Update TN3270 Library and Scripts Phil Young (Feb 01)
Hi All,

I’ve created pull request 1455 https://github.com/nmap/nmap/pull/1455 <https://github.com/nmap/nmap/pull/1455> which
includes the change outlined below. I’ve tested them all against my test LPAR. Thank you.

Pull Request:

I've updated the TN3270 library and updated all the scripts that use the library to ensure compatability.

tn3270.lua: I've re-written the telnet negotiations component to use the options list...

Ncat HTTP proxy Digest: honor "algorithm" param David Fifield (Feb 01)
I noticed a copy-and-paste error in the Ncat HTTP proxy Digest
authentication. An unknown algorithm in credentials like
algorithm="foobar" was still being treated as ALGORITHM_MD5.

That led me to find that the server was not even checking the algorithm
param, and always acting as if it were ALGORITHM_MD5.

This patch fixes the copy-and-paste error and makes it so that
Proxy-Authenticate and Proxy-Authorization headers that have an...

Re: Fwd: nmap-os-db question David Fifield (Jan 31)
There's a paragraph on this phenomenon in the documentation:
https://nmap.org/book/osdetect-methods.html#osdetect-t
Even though an eight-bit field like TTL can never hold values
greater than 0xFF, this test occasionally results in values of
0x100 or higher. This occurs when a system (could be the source,
a target, or a system in between) corrupts or otherwise fails to
correctly decrement the TTL. It...

Re: PR #1449 - Fix "attempt to call a nil value" in http-vuln-cve2017-5638.nse Scott Myers (Jan 31)
When scanning for hosts vulnerable to cve2017-5638, I received the following error trace:

nmap --script http-vuln-cve2017-5638 10.X.X.X -n -d
...
NSE: Script scanning 10.X.X.X.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 20:44
NSE: Starting http-vuln-cve2017-5638 against 10.200.13.156:80.
NSE: http-vuln-cve2017-5638 against 10.200.13.156:80 threw an error!
...cal/bin/../share/nmap/scripts/http-vuln-cve2017-5638.nse:65: attempt to...

Re: Nmap with GSoC Fyodor (Jan 31)
On Wed, Jan 23, 2019 at 3:29 AM jeremie daniel <jeremiedaniel48 () gmail com>
wrote:

Hi Jeremie. Thanks so much for thinking of us, but I'm afraid we aren't
participating in GSoC this year. After doing it for 13 years in a row, we
decided to take a little break for at least last year and this year. I
still hope you apply for one of the many great organizations who are sure
to participate this summer!

Cheers,
Fyodor

Fwd: nmap-os-db question ludeksubrt (Jan 31)
"
Hello nmap gurus,

I am a fan of nmap and especially OS detection. But one thing is still
unclear. In the nmap-os-db the value T= is usually range. For example T1(R=
Y%DF=Y%T=3B-45%TG=40%S=O%A=S+%F=AS%RD=0%Q=) where T is in range 3B(59)-45
(69) which is exactly 5 away form expected value 0x40(64). When I am
performing some test scans in lab environment (all in the same LAN) the scan
output looks like T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)...

dll and lib of npcap Zuo, Haochen (Jan 31)
Hi,

My name is Haochen Zuo, a master student from RWTH Aachen, Germany. Now I'm using Npcap repository to finish my master
thesis. Having learned Npcap for several weeks, I met some question about its dll and lib.

I have downloaded both sdk npcap-sdk-1.01-1 and the repository from Github. Well my purpose is to get the timestamp
generated from the very low level, say from NIC if possible, in order to calculate the network latency. Now I...

passing a domain to mssql scripts Robin Wood (Jan 31)
Hi
How do I pass domain creds to an mssql script? I tried
mssql.domain=xxx but that gave an error about openssl.encrypt:

nmap -p 1433 --script ms-sql-config -oA xxx -empty --script-args
mssql.username=qqq,mssql.password=xxx,mssql.domain=abc -d abc

NSE: Starting ms-sql-config against abc (1.2.3.2:1433).
NSE: [ms-sql-config 1.2.3.2:1433] brandedVersion: 2005, #lookup: 5
NSE: [ms-sql-config 1.2.3.2:1433] brandedVersion: nil, #lookup: 0
NSE:...

Re: broken link on website Daniel Miller (Jan 31)
Robin,

Thanks for pointing this out! There was a bug in our linking code due to
trailing whitespace in the filename being linked. This also affected about
3 dozen other scripts pages. Should all be working now!

Dan

broken link on website Robin Wood (Jan 30)
Hi
Just spotted the link to ms-sql-empty-password.nse off this page is broken:

https://nmap.org/nsedoc/scripts/ms-sql-brute.html

It is going to:

https://nmap.org/nsedoc/ms-sql-empty-password.nse.html

Instead of:

https://nmap.org/nsedoc/scripts/ms-sql-empty-password.html

Robin

GitHub PR #1446 - HTTP fingerprints for Cisco routers RV320 & RV325 unauthenticated diagnostic data & configuration export Kostas Milonas (Jan 29)
Hello everyone.

I created a Github pull request containing HTTP fingerprints for the
vulnerability CVE-2019-1653 regarding
Cisco routers RV320 & RV325 unauthenticated diagnostic data & configuration
export.

The URL of the pull request is:
https://github.com/nmap/nmap/pull/1446

Thank you in advance for reviewing,
Kostas

NSE script to scan PCOM PLCs Luís Rosa (Jan 26)
Hi folks,

I've submitted a new scan [0] to enumerate and collect information from
PLCs using PCOM protocol from Unitronics.
It might also be useful add PCOM default TCP port (20256) to nmap-services
database.

[0] https://github.com/nmap/nmap/pull/1445

Re: [ncat][RFC] Ability to control hostname resolution for proxy nnposter (Jan 25)
There are currently two GitHub tickets asking for local resolution:

https://github.com/nmap/nmap/pull/1214
https://github.com/nmap/nmap/issues/1230

The common theme is that the proxy server cannot resolve the destination
but the Ncat host can.

My proposal preserves the current Ncat behavior unless the new
--proxy-dns option is used. In other words, "--proxy-dns remote" is the
default. This means that there is no direct downside...

Re: [ncat][RFC] Ability to control hostname resolution for proxy David Fifield (Jan 25)
I think I would choose (1), (2), (3) in order of preference. But I don't
know what the desired use case for local resolution is.

About (3), it would in general be nice to have something in Nmap where
you can say, "use this IP address, but pretend it has this DNS name."
For example when running http-* scripts, a name may resolve to 5
addresses, but you are only interested in a specific one of them, but
you still need a DNS name to...

Re: [ncat][RFC] Ability to control hostname resolution for proxy nnposter (Jan 25)
I agree. It is definitely overloading the concept of a protocol.

Back to my proposal, what would be your vote?
(1) ignore; do nothing
(2) proceed with it
(3) the feature should be somehow supported but not this way

Cheers,
nnposter

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.

Nmap 7.70 released! Better service and OS detection, 9 new NSE scripts, new Npcap, and much more. Fyodor (Mar 20)
Nmap Community,

We're excited to make our first Nmap release of 2018--version 7.70! It
includes hundreds of new OS and service fingerprints, 9 new NSE scripts
(for a total of 588), a much-improved version of our Npcap windows packet
capturing library/driver, and service detection improvements to make -sV
faster and more accurate. And those are just a few of the dozens of
improvements described below.

Nmap 7.70 source code and binary...

Nmap GSoC 2017 Success Reports Fyodor (Oct 10)
Hello Nmap Community,

Nmap celebrated its 20th birthday last month and we also just completed our
13th Google Summer of Code. We focused on a fairly small team of four
students this year (http://seclists.org/nmap-announce/2017/2), and I'm
happy to report that every one passed! And they all have code integrated
into Nmap 7.60 already, with even more to follow for the next release.
Also this year, for the first time, every student wrote a...

Nmap 7.60 released! SSH support, SMB2/SMB3 improvements, 14 more scripts, new Npcap, GSoC work, and more Fyodor (Aug 01)
Hello everyone. I'm back from Defcon and excited to announce the new Nmap
7.60 release! It has only been a month and a half since 7.50, but we still
packed a lot into this one. Mostly because we have such an awesome GSoC
team of 8 students and mentors working on so many cool projects. The
program hasn't even ended yet, but much of their work has already been
integrated into this release.

One of the things I'm most excited...

Nmap 7.50 Released! 14 new NSE scripts, 300+ fingerprints, new Npcap, and more Fyodor (Jun 13)
Dear Nmap Community:

The Nmap project is delighted to announce the release of Nmap 7.50! It is
our first big release since last December and has hundreds of improvements
that we hope you will enjoy.

One of the things we have been worked the hardest on recently is our Npcap
packet capturing driver and library for Windows (https://nmap.org/npcap/).
It is a replacement for WinPcap, which served us well for many years, but
is no longer maintained....

Introducing the 2017 Nmap/Google Summer of Code Team! Fyodor (May 18)
Nmap community:

Thanks for all of your applications and referrals of talented students to
the Summer of Code program. Google has agreed to sponsor four students to
spend this summer enhancing the Nmap Security Scanner and I'm proud to
introduce our 2017 team! We normally mentor coders working all over the
Nmap/Zenmap/Ncat/Nping spectrum, but this year we're doubling down on the
Nmap Scripting Engine component. All four of our...

Nmap Project Seeking Talented Programmers for GSoC 2017 Fyodor (Mar 27)
Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're one...

Nmap GSoC 2016 Success Report Fyodor (Feb 07)
Happy belated new year from the Nmap Project! I'd like to take this
opportunity to send you the belated results from our 2016 Summer of Code
team. I was going to send them right after the program finished, but some
of the students were still finishing some great things so I decided to
wait. As you may recall from the team intro mail (
http://seclists.org/nmap-announce/2016/2), we had 5 students last year and
I'm happy to report that...

Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

Reflected XSS in n SolarWinds Serv-U FTP Server Chris (Feb 01)
Issue: Reflected Cross-Site Scripting
CVE: CVE-2018-19934
Security researcher: Chris Moberly @ The Missing Link Security
Product name: Serv-U FTP Server
Product version: Tested on 15.1.6.25 (current as of Dec 2018)
Fixed in: Serv-U 15.1.6 hotfix 3

# Overview
The Serv-U FTP Server is vulnerable to a reflected cross-site scripting
attack at the following injection points:...

Privilege Escalation + Remote Code Execution in SolarWinds Serv-U FTP Server Chris (Feb 01)
CVE: CVE-2018-15906
Attack type: Remote, authenticated
Discovered by: Chris Moberly @ The Missing Link Security
Operating Systems: Verified on Win10 and Win2016
Vulnerable version: Tested on 15.1.6 (current as of August 2018).
Fixed in: Serv-U 15.1.6 Hotfix 2

# Description
SolarWinds Serv-U FTP Server is vulnerable to privilege escalation from remote
authenticated users by leveraging the CSV user import...

[CVE-2018-14013] Reflected Cross-Site Scripting (XSS) vulnerabilities in Zimbra Collaboration Sysdream Labs (Feb 01)
# [CVE-2018-14013] Reflected Cross-Site Scripting (XSS) vulnerabilities
in Zimbra Collaboration

## Description

Two XSS vulnerabilities have been discovered in Zimbra Collaboration
(initially in version 8.8.8).
Zimbra Collaboration is an open source messaging and collaboration solution.

## Vulnerability records

**Access Vector**: Remote

**Security Risk**: Medium

**Vulnerability**: CWE-79

**CVSS Base Score**: 6.1

**CVSS String**:...

Multiple Reflected Cross-site Scripting Vulnerabilities in WeBid 1.2.2 Daniel Bishtawi (Feb 01)
Hello,

We are glad to inform you about the vulnerabilities we reported in WeBid
1.2.2.

Here are the details:

Advisory by Netsparker
Name: Multiple Reflected Cross-site Scripting Vulnerabilities in WeBid 1.2.2
Affected Software: WeBid
Affected Versions: 1.2.2
Homepage: http://www.webidsupport.com/
Vulnerability: Reflected Cross-site Scripting
Severity: High
Status: Not Fixed
CVSS Score (3.0): 6.3
Netsparker Advisory Reference: NS-18-053

For...

Reflected Cross-site Scripting Vulnerability in Collabtive 3.1 Daniel Bishtawi (Feb 01)
Hello,

We are glad to inform you about the vulnerabilities we reported in
Collabtive 3.1.

Here are the details:

Advisory by Netsparker
Name: Reflected Cross-site Scripting in Collabtive 3.1
Affected Software: Collabtive
Affected Versions: 3.1
Homepage: https://www.collabtive.com/
Vulnerability: Reflected Cross-site Scripting
Severity: Medium
Status: Not Fixed
CVSS Score (3.0): AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Netsparker Advisory Reference:...

Multiple APIs Vulnerabilities in CUJO Firewall CUJ0 FAIL (Feb 01)
*TL;DR:* Despite CUJO Firewall is a cute device and quite challenging to
break from hardware hacking point of view... the APIs (which are just a
click away, once bypassed pinning and apk's obfuscation) suffer of
authorization bypass issues.
An attacker could easily enumerate all existing users, and for each of
them, create a new 24/7 schedule that will be automatically enabled and
will automatically pause internet.
Which will end up into a...

Re: Multiple Reflected Cross-site Scripting Vulnerabilities in Coppermine 1.5.46 Henri Salo (Jan 29)
Fixed in 1.5.48. Vendor advisory: http://forum.coppermine-gallery.net/index.php/topic,79577.0.html

You might want to repeat your security testing on modified parts of the
application.

APPLE-SA-2019-1-24-1 iTunes 12.9.3 for Windows Apple Product Security via Fulldisclosure (Jan 25)
APPLE-SA-2019-1-24-1 iTunes 12.9.3 for Windows

iTunes 12.9.3 for Windows is now available and addresses the
following:

AppleKeyStore
Available for: Windows 7 and later
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-6235: Brandon Azad

Core Media
Available for: Windows 7 and later
Impact: A malicious application may be able to...

APPLE-SA-2019-1-22-3 watchOS 5.1.3 Apple Product Security via Fulldisclosure (Jan 25)
APPLE-SA-2019-1-22-3 watchOS 5.1.3

watchOS 5.1.3 is now available and addresses the following:

AppleKeyStore
Available for: All Apple Watch models
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-6235: Brandon Azad

Core Media
Available for: All Apple Watch models
Impact: A malicious application may be able to elevate privileges...

APPLE-SA-2019-1-22-6 iCloud for Windows 7.10 Apple Product Security via Fulldisclosure (Jan 25)
APPLE-SA-2019-1-22-6 iCloud for Windows 7.10

iCloud for Windows 7.10 is now available and addresses the following:

SQLite
Available for: Windows 7 and later
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2018-20346: Tencent Blade Team
CVE-2018-20505: Tencent Blade Team
CVE-2018-20506: Tencent Blade Team

WebKit...

APPLE-SA-2019-1-22-4 tvOS 12.1.2 Apple Product Security via Fulldisclosure (Jan 25)
APPLE-SA-2019-1-22-4 tvOS 12.1.2

tvOS 12.1.2 is now available and addresses the following:

AppleKeyStore
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-6235: Brandon Azad

CoreAnimation
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious application...

APPLE-SA-2019-1-22-5 Safari 12.0.3 Apple Product Security via Fulldisclosure (Jan 25)
APPLE-SA-2019-1-22-5 Safari 12.0.3

Safari 12.0.3 is now available and addresses the following:

Safari Reader
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
macOS Mojave 10.14.3
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: A cross-site scripting issue existed in Safari. This
issue was addressed with improved URL validation.
CVE-2019-6228: Ryan Pickren...

APPLE-SA-2019-1-22-1 iOS 12.1.3 Apple Product Security via Fulldisclosure (Jan 25)
APPLE-SA-2019-1-22-1 iOS 12.1.3

iOS 12.1.3 is now available and addresses the following:

AppleKeyStore
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-6235: Brandon Azad

Bluetooth
Available for: iPhone 5s and later, iPad Air and later, and iPod...

APPLE-SA-2019-1-22-2 macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra Apple Product Security via Fulldisclosure (Jan 25)
APPLE-SA-2019-1-22-2 macOS Mojave 10.14.3,
Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra

macOS Mojave 10.14.3, Security Update 2019-001 High Sierra,
Security Update 2019-001 Sierra are now available
and addresses the following:

AppleKeyStore
Available for: macOS Mojave 10.14.2
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A memory corruption issue was addressed with improved...

CA20190124-01: Security Notice for CA Automic Workload Automation James Williams via Fulldisclosure (Jan 25)
CA20190124-01: Security Notice for CA Automic Workload Automation

Issued: January 24, 2019
Last Updated: January 24, 2019

CA Technologies Support is alerting customers to a potential risk with
CA Automic Workload Automation Automic Web Interface (AWI). A
vulnerability exists that can allow an attacker to potentially conduct
persistent cross site scripting (XSS) attacks.

The vulnerability, CVE-2019-6504, has a medium risk rating and
concerns...

Other Excellent Security Lists

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

[SYSS-2018-032] COYO - Cross-Site Scripting simon . moser (Feb 01)
Advisory ID: SYSS-2018-032
Product: COYO
Manufacturer: COYO GmbH
Affected Version(s): 9.0.8, 10.0.11, 12.0.4
Tested Version(s): 9.0.8, 10.0.11, 10.0.33, 12.0.4
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2018-09-06
Solution Date: 2019-01-16
Public Disclosure: 2019-02-01
CVE Reference: CVE-2018-16519
Author of Advisory: Simon Moser, SySS GmbH...

[SYSS-2018-037] Pages for Bitbucket Server - Cross-Site Scripting simon . moser (Jan 31)
Advisory ID: SYSS-2018-037
Product: Pages for Bitbucket Server
Manufacturer: Simplenia AG
Affected Version(s): 2.6.0 and before
Tested Version(s): 2.6.0
Vulnerability Type: Cross-Site Scripting (CWE-79)
Risk Level: Medium
Solution Status: Fixed
Manufacturer Notification: 2018-11-26
Solution Date: 2018-12-19
Public Disclosure: 2019-01-31
CVE Reference: CVE-2018-19498
Author of Advisory: Simon Moser, SySS GmbH...

[slackware-security] Slackware 14.2 kernel (SSA:2019-030-01) Slackware Security Team (Jan 30)
[slackware-security] Slackware 14.2 kernel (SSA:2019-030-01)

New kernel packages are available for Slackware 14.2 to fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/linux-4.4.172/*: Upgraded.
These updates fix various bugs and many (mostly minor) security issues.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your...

[SECURITY] [DSA 4378-1] php-pear security update Salvatore Bonaccorso (Jan 30)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4378-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
January 30, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : php-pear
CVE ID : CVE-2018-1000888
Debian Bug :...

[SECURITY] [DSA 4377-1] rssh security update Moritz Muehlenhoff (Jan 30)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4377-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 30, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : rssh
CVE ID : CVE-2019-1000018
Debian Bug :...

[SECURITY] [DSA 4376-1] firefox-esr security update Moritz Muehlenhoff (Jan 30)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4376-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
January 30, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2018-18500 CVE-2018-18501...

[slackware-security] mozilla-firefox (SSA:2019-029-01) Slackware Security Team (Jan 29)
[slackware-security] mozilla-firefox (SSA:2019-029-01)

New mozilla-firefox packages are available for 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-60.5.0esr-i686-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:...

[SECURITY] [DSA 4375-1] spice security update Salvatore Bonaccorso (Jan 29)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4375-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
January 29, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : spice
CVE ID : CVE-2019-3813
Debian Bug :...

Fwd: CA20190124-01: Security Notice for CA Automic Workload Automation James Williams (Jan 28)
CA20190124-01: Security Notice for CA Automic Workload Automation

Issued: January 24, 2019
Last Updated: January 24, 2019

CA Technologies Support is alerting customers to a potential risk with
CA Automic Workload Automation Automic Web Interface (AWI). A
vulnerability exists that can allow an attacker to potentially conduct
persistent cross site scripting (XSS) attacks.

The vulnerability, CVE-2019-6504, has a medium risk rating and
concerns...

[SECURITY] [DSA 4374-1] qtbase-opensource-src security update Sebastien Delafond (Jan 28)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4374-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
January 28, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : qtbase-opensource-src
CVE ID : CVE-2018-15518...

[SECURITY] [DSA 4373-1] coturn security update Yves-Alexis Perez (Jan 28)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4373-1 security () debian org
https://www.debian.org/security/ Yves-Alexis Perez
January 28, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : coturn
CVE ID : CVE-2018-4056 CVE-2018-4058...

Microsoft Windows ".contact" File HTML Injection Mailto: Link Remote Code Execution 0day ZDI-CAN-75 apparitionsec (Jan 27)
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-CONTACT-FILE-HTML-INJECTION-MAILTO-LINK-ARBITRARY-CODE-EXECUTION.txt
[+] ISR: ApparitionSec
[+] Zero Day Initiative Program
[+] ZDI-CAN-7591

[Vendor]
www.microsoft.com

[Product]
Microsoft .CONTACT File

A file with the CONTACT file extension is a Windows Contact file. They're...

[SECURITY] [DSA 4372-1] ghostscript security update Salvatore Bonaccorso (Jan 27)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4372-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
January 26, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ghostscript
CVE ID : CVE-2019-6116

Tavis Ormandy...

CVE-2019-6690: Improper Input Validation in python-gnupg Stig Palmquist (Jan 27)
CVE-2019-6690: Improper Input Validation in python-gnupg
========================================================

We discovered a way to inject data through the passphrase property of
the gnupg.GPG.encrypt() and gnupg.GPG.decrypt() methods when symmetric
encryption is used.

The supplied passphrase is not validated for newlines, and the library
passes --passphrase-fd=0 to the gpg executable, which expects the
passphrase on the first line of...

SEC Consult SA-20190124-0 :: Cross-site scripting in CA Automic Workload Automation Web Interface (AWI) SEC Consult Vulnerability Lab (Jan 24)
SEC Consult Vulnerability Lab Security Advisory < 20190124-0 >
=======================================================================
title: Cross-site scripting
product: CA Automic Workload Automation Web Interface (AWI)
(formerly Automic Automation Engine, UC4)
vulnerable version: 12.0, 12.1, 12.2
fixed version: 12.0.6 HF2, 12.1.3 HF3, 12.2.1 HF1
CVE number: CVE-2019-6504...

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

INFILTRATE Talks Dave Aitel (Jan 28)
We've announced all but one of the INFILTRATE 2019 speakers!
http://infiltratecon.com/speakers/

Probably the hardest question to answer about a CFP I've found is "Why
wasn't this particular great talk chosen?" and I've gotten a few of these
since the announcement letters went out. Part of the answer sometimes is
balance. You don't want an entire conference of Heap Overflows or Fuzzing
or Mobile attacks any of...

Make your stack executable! Dave Aitel (Jan 25)
So in case you missed it, we announced last week that we've teamed up with
Azeria and Vector35 to do two extra classes at INFILTRATE this year. They
are already filling up, so I wanted to make sure that everyone knew about
them and I didn't have to deal with last minute complaining about lack of
seats. :)

[image: image.png]

-dave

Modern Meanness Dave Aitel (Jan 24)
"Every man loves what he is good at", said Thomas Shadwell, poet laureate
of England, a few hundred years ago. Coincidentally, a few years ago I was
on a TF2 server with a different Thomas Shadwell. I actually grew up with
Team Fortress Classic, and then when I had kids I got back into TF2 because
its advanced level of whimsey is oddly addictive, not just to meet British
hackers.

Zoom forward to today and Thomas <https://zemn.me/...

INFILTRATE talk announcement: Marco Ivaldi, The Story of a Solaris 0day Dave Aitel (Jan 22)
[cid:2f7cd9e5-b7e5-402e-8627-97751f587af5]

I don't want to talk too much about the talk, but I do want to talk a bit about INFILTRATE and what it was like in the
2000's to be a Unix hacker. Because almost everyone wrote _some_ exploits. These days, the supply chain is as vertical
as a glowworm's saliva lure, and equally sticky. You could specialize in blockchain security and literally never even
venture off the particular...

Bring a question, and sunblock. Dave Aitel (Jan 14)
https://twitter.com/daveaitel/status/1084837761796980736

Project Zero released about five different bugs today in Windows:
https://bugs.chromium.org/p/project-zero/issues/detail?id=1683

This is my favorite bit:
"""
*Ultimately I warned you after cases 36544 and 37954 that you should be
fixing the root cause of normal user’s being able to use the Session
Moniker not playing whack-a-mole with COM objects. Of course you didn’t...

EuskalHack Security Congress Call For Papers Joxean Koret (Jan 14)

      _____          _         _ _   _            _
     | ____|   _ ___| | ____ _| | | | | __ _  ___| | __
     |  _|| | | / __| |/ / _` | | |_| |/ _` |/ __| |/ /
     | |__| |_| \__ \   < (_| | |  _  | (_| | (__|   <       ...

Re: CVSS is the worst compression algorithm ever Nathaniel Ferguson (Jan 11)
Well that's not entirely true, a significant percentage of work comes from vendors seeking to acquire or utilize
another product or an institution going through some sort of audit wherein both cases the client is someone that
doesn't really even want to be going through it and it's something being forced on them. Those are the instances I've
encountered where the sort of negotiating down or into entire absence findings are...

Re: CVSS is the worst compression algorithm ever Adrian Sanabria (Jan 11)
Everywhere I've ever pentested, we've used a low/medium/high or
low/medium/high/critical scale - this is my first encounter with DREAD.
What you describe though - clients attempting to negotiate down the
severity of vulns on the report - was common regardless of the scoring
system used. I don't see DREAD being unique in that respect.

Reflecting, it's probably what pushed me towards the binary system I ended
up using. No score...

Re: CVSS is the worst compression algorithm ever Adam Shostack (Jan 11)
Okay, I'll respond generally about DREAD. The issue comes up when
people say "We'll treat a DREAD rating of >= 8 as critical." Then
someone looks at your discoverability of 7, and says "hmm, if this
were a 6, then DREAD would be 7.9...can we change it?" Lacking any
guidance on the difference, it's hard to say no.

Really, it's often "You're being unreasonable by making
discoverability a 7...

Re: CVSS is the worst compression algorithm ever Adrian Sanabria (Jan 11)
I probably shouldn't have brought it up - I'm not involved much on the
pentesting side. I know we've discussed replacing it, but finding little
out there to replace it with.

In my own work, I find most of my pentesting results come down to a binary
value (hackable, not hackable) and some sense of likelihood of it getting
exploited by a malicious party. Highs/mediums/lows all seem pointless when
emulating the attacker perspective....

Re: CVSS is the worst compression algorithm ever Adrian Sanabria (Jan 11)
I understand the limitations and challenges of CVSS. We already do a lot of
what you mentioned to come up with a risk score. Some of it, I'm still
trying to figure out how to do. The bottom line though, is that we find the
factors that go into the score (CIA, exploitability, exploit availability,
attack vector, etc) to be useful. The score *itself*, is what I was talking
about not being terribly useful, though it does go into our model also....

Re: CVSS is the worst compression algorithm ever Dennis Groves (Jan 10)
+1 Wim. You covered that perfectly.

Re: CVSS is the worst compression algorithm ever Adam Shostack (Jan 10)
I'm sorry, but I need to rant a little.

A decade back, I wrote a "DREAD is DEAD, please stop" blog post for
Microsoft. If you are getting consistent scoring out of DREAD, you
are not using DREAD (as described in Writing Secure Code 1, which I
think is the first public description).

You are using some derivitive that adds tools to provide for
that consistency. Those tools may be as simple as a set of examples
of each of the...

Re: CVSS is the worst compression algorithm ever Monroe, Bruce (Jan 10)
Uh no. CVSS scores a vulnerability and if it’s a vendor we’re scoring that without knowing how you have the vulnerable
software/firmware/hardware/ect deployed in your environment. It’s why the CVSS Base Score is worst case. The resulting
CVSS V3 vulnerability score is one element you can then calculate into your overall risk factoring. It’s the orgs job
consuming the CVSS V3x vulnerability score to determine their risk and set their...

Re: CVSS is the worst compression algorithm ever Thierry Zoller (Jan 10)
CVSS needs to be embedded as a parameter/criteria in a Risk Evaluation;
it is not a risk indicator in itself and should not be used for patch
prioritisation in itself.

The importance of the asset (business process it supports, revenue
generated by adjacent processes etc.) .i.e the "criticality"[1] of an
asset needs to be taken into account when risk scoring and prioritising
remediation.

[1] Of course other factors like for example...

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

BHIS Sorta Top Used Tools of 2018 John - Black Hills Information Security (Dec 06)
Free Webcast

Hello all,

For our next webcast we will cover some of the core tools we use all the time at Black Hills Information Security.
However, there will be a twist. We will not talk about Nessus, Nmap, or Metasploit. Why? Because there are a ton of new
(and older) tools we use that fall outside of the standard tools you see in every security book/blog out there.

Basically, we are trying to be edgy and different.

You may want to come...

BHIS Webcast - Tues 10/2 @ 11am MDT John Strand - Black Hills Information Security (Sep 26)
Hello All,

In this next webcast I want to cover what I am doing with the BHIS Systems team to create a C2/Implant/Malware test
bed. Testing our C2/malware solutions is important because vendors tend to lie or over-hype their capabilities. I will
cross reference some different malware specimens to the MITRE ATT&CK framework and we will cover how you can use these
techniques to test your defensive solutions at both the endpoint and the...

BHIS Webcast: The PenTest Pyramid of Pain 9/4 - 11am MDT Sierra - Black Hills Information Security (Aug 29)
Hello!

How are you all? We had a fantastic webcast last week with John Strand and Chris Brenton and we're still working
through some unexpected hiccups to get the recording up and posted. The podcast version is on our blog, and the YouTube
version will be posted shortly on the Active Countermeasures channel and blog as well. Thanks for all of you who
ventured over to attend!

Ready for another awesome BHIS webcast? Dakota is back and...

Webcast with CJ: Tues 7/24 at 11am Sierra - Black Hills Information Security (Jul 19)
Our upcoming webcast will be about POLICY...

Did you check out when you heard “policy”? Policy can often seem like a drudgery, but it’s also an important and
potentially overlooked part of business and procedure; it’s the framework on which security is really built!

CJ, our COO and Head of Sales has experience writing, assessing and implementing policies for many different kinds of
companies. And if you are worried it will be dry and...

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

Microsoft Security Update Minor Revisions Microsoft (Dec 11)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: December 11, 2018
********************************************************************

Summary
=======

The following CVE has undergone a minor revision
increment:

* CVE-2018-8172

Revision Information:
=====================

- CVE-2018-8172 | Visual Studio Remote Code Execution
Vulnerability
-...

Microsoft Security Update Minor Revisions Microsoft (Nov 14)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: November 14, 2018
********************************************************************

Summary
=======

The following CVEs and advisory have undergone a minor revision
increment:

* CVE-2018-8454
* CVE-2018-8552
* ADV990001

Revision Information:
=====================

- CVE-2018-8454 | Windows Audio Service...

Microsoft Security Update Minor Revisions Microsoft (Oct 24)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 24, 2018
********************************************************************

Summary
=======

The following CVE has undergone a minor revision increment:

* CVE-2018-8512

Revision Information:
=====================

- CVE-2018-8512 | Microsoft Edge Security Feature Bypass
Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 19)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 19, 2018
********************************************************************

Summary
=======

The following CVE been added to the October 2018 Security updates:

* CVE-2018-8569

Revision Information:
=====================

- CVE-2018-8569 | Yammer Desktop Application Remote Code Execution
Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 17)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 17, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2010-3190

Revision Information:
=====================

- CVE-2010-3190 | MFC Insecure Library Loading Vulnerability
-...

Microsoft Security Update Minor Revisions Microsoft (Oct 09)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 9, 2018
********************************************************************

Summary
=======

The following CVE has undergone a minor revision increment:

* CVE-2018-8531

Revision Information:
=====================

- CVE-2018-8531 | Azure IoT Device Client SDK Memory Corruption
Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 09)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 9, 2018
********************************************************************

Summary
=======

The following CVE been added to the October 2018 Security updates:

* CVE-2018-8292

Revision Information:
=====================

- CVE-2018-8292 | .NET Core Information Disclosure Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 09)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 9, 2018
********************************************************************

Summary
=======

The following bulletin has undergone a major revision increment:

* MS11-025

Revision Information:
=====================

- https://docs.microsoft.com/en-us/security-updates/
SecurityBulletins/2011/ms11-025:...

Microsoft Security Update Summary for October 9, 2018 Microsoft (Oct 09)
********************************************************************
Microsoft Security Update Summary for October 9, 2018
Issued: October 9, 2018
********************************************************************

This summary lists security updates released for October 9, 2018.

Complete information for the October 2018 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>.

Please note the...

Microsoft Security Update Releases Microsoft (Oct 02)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 2, 2018
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment:

* CVE-2018-0952

Revision Information:
=====================

- CVE-2018-0952 | Diagnostic Hub Standard Collector Elevation of
Privilege Vulnerability
-...

Microsoft Security Advisory Notification Microsoft (Sep 12)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 12, 2018
********************************************************************

Security Advisories Released or Updated on September 12, 2018
===================================================================

* Microsoft Security Advisory ADV180022

- Title: Windows Denial of Service Vulnerability
-...

Microsoft Security Update Minor Revisions Microsoft (Sep 12)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: September 12, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a minor revision increment:

* CVE-2018-8421
* CVE-2018-8468

Revision Information:
=====================

- CVE-2018-8421 | .NET Framework Remote Code Execution
Vulnerability...

Microsoft Security Update Summary for September 11, 2018 Microsoft (Sep 11)
********************************************************************
Microsoft Security Update Summary for September 11, 2018
Issued: September 11, 2018
********************************************************************

This summary lists security updates released for September 11, 2018.

Complete information for the September 2018 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>....

Microsoft Security Update Releases Microsoft (Sep 11)
********************************************************************
Title: Microsoft Security Update Releases
Issued: September 11, 2018
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment:

* CVE-2018-8154

Revision Information:
=====================

- CVE-2018-8154 | Microsoft Exchange Memory Corruption
Vulnerability
-...

Microsoft Security Advisory Notification Microsoft (Sep 11)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 11, 2018
********************************************************************

Security Advisories Released or Updated on September 11, 2018
===================================================================

* Microsoft Security Advisory ADV180002

- Title: Guidance to mitigate speculative execution...

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

Verizon: 1.5M of Contact Records Stolen, Now on Sale Jeffrey Walton (Mar 26)
http://www.mobipicker.com/verizon-1-5m-contact-records-stolen-now-sale/:

A business to business telecommunication giant,
Verizon Enterprise Solutions, a Basking Ridge,
New Jersey-based company, has been the latest
victim of a cyber crime that stole 1.5 million contact
records of the customers of Verizon...

I don't quite understand this double talk. Could someone explain to me:

A spokesperson from Verizon said that...

Statement on Lavabit Citation in Apple Case Jeffrey Walton (Mar 16)
(From John Young on another list):
http://www.facebook.com/KingLadar/posts/10156714933135038

As many of you already know, the government cited the Lavabit case in
a footnote. The problem is their description insinuates a precedent
that was never created. Obviously I was somewhat disturbed by their
misrepresentation. So I decided to draft a statement. And keep in
mind, these are the same people who say "trust us." Click continue to
read...

The NSA's back door has given every US secret to our enemies Jeffrey Walton (Feb 29)
http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2

Deng Xiaoping, in 1979 - his second year as supreme leader of China -
perceived a fundamental truth that has yet to be fully grasped by most
Western leaders: Software, if properly weaponized, could be far more
destructive than any nuclear arsenal.

Under Deng’s leadership, China began one of the most ambitious and
sophisticated meta- software...

Can Spies Break Apple Crypto? Jeffrey Walton (Feb 27)
Here's an interesting exchange between Cryptome and Michael Froomkin,
Law Professor at University of Miami, on the All Writs Act
(http://cryptome.org/2016/02/can-spies-break-apple-crypto.htm):

-----

A. Michael Froomkin:

The factual posture in the key Supreme Court precedent, New York
Telephone, involved a situation where only the subject of the order
was capable of providing the assistance at issue. This is the basis
for Apple's...

The FBI's iPhone Problem: Tactical vs. Strategic Thinking Jeffrey Walton (Feb 23)
http://www.technewsworld.com/story/83130.html

I'm an ex-sheriff, and I've been in and out of security jobs for much
of my life, so I've got some familiarity with the issues underlying
the drama between the FBI and Apple. FBI officials -- and likely those
in every other three-letter agency and their counterparts all over the
world -- would like an easier way to do their jobs. Wouldn't we all?

If they could put cameras in...

Wanted: Cryptography Products for Worldwide Survey Jeffrey Walton (Jan 01)
(http://www.schneier.com/crypto-gram/archives/2015/1215.html):

In 1999, Lance Hoffman, David Balenson, and others published a survey
of non-US cryptographic products. The point of the survey was to
illustrate that there was a robust international market in these
products, and that US-only export restrictions on strong encryption
did nothing to prevent its adoption and everything to disadvantage US
corporations. This was an important contribution...

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

Educause Security Discussion — Securing networks and computers in an academic environment.

Groundhog Day, Price Corrections randy (Feb 01)
Yes, you are seeing this note again. The CORRECT prices are in this email.
Sorry for the confusion.

-----------------------
0. INFO: www,cpe.vt.edu/isect
1. WHAT: SEC 555 SIEM with Tactical Analytics
2. WHERE: VA Tech, Blacksburg, VA. *Simulcast option available*
3. *WHEN: 3/11-16/2019*
4. COST: EDU (K-12, Community College, 4yr Higher Education, state.local
govt)
a. Early Bird (before 2/25/19) Class +GIAC - $3319/person, Class only:
$2550...

Reminder: Early Bird registration for VA Tech SANS Onsite class approaching randy (Feb 01)
0. INFO: www,cpe.vt.edu/isect
1. WHAT: SEC 555 SIEM with Tactical Analytics
2. WHERE: VA Tech, Blacksburg, VA. *Simulcast option available*
3. *WHEN: 3/11-16/2019*
4. COST: EDU (K-12, Community College, 4yr Higher Education, state.local
govt)
a. Early Bird (before 2/25/19) Class +GIAC - $3499/person, Class only:
$2250
b. After 2/25/2018, Class+GIAC - $3899/person, Class only: $3050/person

If you have any questions, please let me know....

Security 2019 Program & Registration Now Available Valerie Vogel (Jan 31)
Greetings,

The 2019 Security Professionals Conference program and registration launched this week! We hope you can join us for our
17th annual event in Chicago, May 13 – 15.

Please review the agenda, register, and make your hotel & travel plans.

* Home page: https://events.educause.edu/security-professionals-conference/2019
* Agenda: https://events.educause.edu/security-professionals-conference/2019/agenda
* Hotel &...

Re: Google IR scripts, was Re: [SECURITY] [EXTERNAL] Re: [SECURITY] REN-ISAC TAG Service Announcement: O365 Community Scripts Repository Manjak, Martin (Jan 30)
Kevin,

One of the goals of this project was to encourage other communities of interest (e.g., GAFE schools) to replicate this
effort using the RI GitHub space and the licensing model as a template for similar collections of contributions.

Marty Manjak
CISO
University at Albany

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Kevin Wilcox
Sent: Monday, January 28, 2019 5:31 PM
To:...

EDUCAUSE Live Webinar on Artificial Intelligence in Education: Legal & Ethical Considerations, 1/29, 1-2 pm ET Valerie Vogel (Jan 29)
We hope you’ll join us at 1 pm EST (10 am PT) for today’s EDUCAUSE Live! webinar:

Artificial Intelligence in Education: Legal Considerations and Ethical Questions
Guest speaker: Elana Zeide, PULSE Fellow in AI, Law & Policy at UCLA
Adobe Connect login page:
http://educause.acms.com/edulive<...

SANS Aggregate Purchase Program Ends Soon! Herring, Todd William (Jan 29)
Colleagues,
Twice each year, SANS and REN-ISAC partner on a special Aggregate Purchase Program to bring special savings to
educational institutions in the U.S. and Canada. SANS' best-in-class security training is still available at steep
discounts until January 31, 2019. As you know, through our partnership with SANS, the Aggregate Purchase Program
offers a massive discount on SANS' most popular offerings: Online Training, Security...

FW: SECURITY Digest - 25 Jan 2019 to 28 Jan 2019 (#2019-13) Garmon, Joel (Jan 29)
Consider using and contributing

The Technical Advisory Group (TAG), a standing REN-ISAC committee[1], is very pleased to announce a new service: A
public GitHub repository[2] of member-contributed O365 scripts for security incident analysis and response.

-----Original Message-----
From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of SECURITY
automatic digest system
Sent: Tuesday, January...

Re: Google IR scripts, was Re: [SECURITY] [EXTERNAL] Re: [SECURITY] REN-ISAC TAG Service Announcement: O365 Community Scripts Repository Kevin Wilcox (Jan 28)
On Mon, 28 Jan 2019 at 23:21, Valdis Kletnieks <valdis.kletnieks () vt edu>
wrote:

A TeamDrive create log, a Drive file permission change log and a token
usage log all wrapped in their version of JSON, shipped via syslog, boiled
in a Splunk forwarder and presented with at-read attempts at enrichment? =)

Given I'm a massive fan of Scottish cuisine, that's a bit unfair to the
haggis...

kmw

Re: Google IR scripts, was Re: [SECURITY] [EXTERNAL] Re: [SECURITY] REN-ISAC TAG Service Announcement: O365 Community Scripts Repository Valdis Kletnieks (Jan 28)
On Mon, 28 Jan 2019 17:31:05 -0500, Kevin Wilcox said:

What is the Google equivalent of haggis?

Google IR scripts, was Re: [SECURITY] [EXTERNAL] Re: [SECURITY] REN-ISAC TAG Service Announcement: O365 Community Scripts Repository Kevin Wilcox (Jan 28)
Some haggis and blood pudding would be amazing, thanks =)

On a serious note (not that haggis and blood pudding aren't serious
business), is the community interested in a Google equivalent of some of
these?

I maintain:

https://github.com/kevinwilcox/python-google-api

where I have some more "hands-on" stuff written (they're written as people
ask for them or I need to use them in my personal domains - I don't have
tokens...

Re: [EXTERNAL] Re: [SECURITY] REN-ISAC TAG Service Announcement: O365 Community Scripts Repository Hart, Michael (Jan 28)
1,200 in iTunes gift cards, please.

I in a meeting so I cannot converse right now. send me pictures of the back of the cards. company reimburse you later.

Kindest regards,

<Your Boss>
<Contact number scraped from website>

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Jimenez, Julio
Sent: Monday, January 28, 2019 3:24 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject:...

Re: [EXTERNAL] Re: [SECURITY] REN-ISAC TAG Service Announcement: O365 Community Scripts Repository Jimenez, Julio (Jan 28)
I'll get some on the way home, anything else?

Julio Jim?nez
OSCP OSWP CEH CNDA PCCSA
Information Security Officer
Information Technology Services
Fayetteville State University
910 672 2988
jjimenez () unsfu edu

________________________________
From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Stephen Fugale
<stephen.fugale () VILLANOVA EDU>
Sent: Monday, January 28, 2019...

Re: REN-ISAC TAG Service Announcement: O365 Community Scripts Repository Stephen Fugale (Jan 28)
We need milk

Stephen Fugale
Vice President &
Chief Information Officer
Villanova University

Greetings Everyone;

The Technical Advisory Group (TAG), a standing REN-ISAC committee[1], is very pleased to announce a new service: A
public GitHub repository[2] of member-contributed O365 scripts for security incident analysis and response.

In addition to the scripts, here's some of the information you will find on the site:...

REN-ISAC TAG Service Announcement: O365 Community Scripts Repository Manjak, Martin (Jan 28)
Greetings Everyone;

The Technical Advisory Group (TAG), a standing REN-ISAC committee[1], is very pleased to announce a new service: A
public GitHub repository[2] of member-contributed O365 scripts for security incident analysis and response.

In addition to the scripts, here's some of the information you will find on the site:

o A description of the different types of O365 logs available by license tier.
o...

Call for Volunteers: HECVAT Team Phase IV (by 2/1) Valerie Vogel (Jan 25)
Greetings,

We are seeking new members to participate in Phase IV of the HECVAT project. Two of the focus areas during this cycle
include the creation of standard contract language for data security, as well as the development of standard security
vendor report templates. We are also planning to reach out to volunteers from a November 2018 discussion as part of the
next phase. The team will begin meeting in mid-February and work will conclude...

Internet Issues and Infrastructure

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

Re: RTBH no_export Tom Hill (Feb 03)
This works wonderfully, from past experience. :)

Re: DNS Flag Day, Friday, Feb 1st, 2019 Mark Andrews (Feb 02)
RedHat or third party RPM’s you have chosen to run on RedHat? RedHat is
notorious for not updating packages they include in the base system and to
the best of my knowledge they haven’t dug these changes out of BIND 9.13 (which
is a development series) and back ported them. BIND 9.14 is yet to be released.

Now PowerDNS have released their new recursive server and if you happen to have
installed that on RedHat it may have been what you saw....

Re: DNS Flag Day, Friday, Feb 1st, 2019 Stephen Satchell (Feb 02)
So has Red Hat (RHEL and Centos). I woke up to a rather large update
this morning.

Re: RTBH no_export Randy Bush (Feb 01)
and what exactly do you think that means. in ietf terms, it is a formal
spec which does not specify a protocol. it is still a formal spec.

randy

Re: DNS Flag Day, Friday, Feb 1st, 2019 Mark Andrews (Feb 01)
Google has started their rollout.

https://groups.google.com/forum/#!msg/public-dns-announce/-qaRKDV9InA/tExCFrppAgAJ

Weekly Routing Table Report Routing Analysis Role Account (Feb 01)
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.

The posting is sent to APOPS, NANOG, AfNOG, SANOG, PacNOG, SAFNOG
TZNOG, MENOG, BJNOG, SDNOG, CMNOG, LACNOG and the RIPE Routing WG.

Daily listings are sent to bgp-stats () lists apnic net

For historical data, please see http://thyme.rand.apnic.net.

If you have any comments please contact Philip Smith <pfsinoz...

Re: Waves between Buffalo and Manhattan Rob Wcislo (Feb 01)
GTT has this route via legacy Hibernia
[Image]
Rob Wcislo
VP, Sales
GTT
(954)305-2289

GTT can sell waves between Buffalo-NYC bypassing Albany via Newark.

From: NANOG <nanog-bounces () nanog org> On Behalf Of Tom Beecher
Sent: Friday, January 18, 2019 3:58 PM
To: NANOG Mailing List <nanog () nanog org>
Subject: Re: Waves between Buffalo and Manhattan

If it's for the use case I suspect it would be for, Firstlight and Windstream...

Re: Effects of Cold Front on Internet Infrastructure - U.S. Midwest Fletcher Kittredge (Feb 01)
Mel;

You are absolutely right. I should have been more specific in my
description of the problem.

Re: Effects of Cold Front on Internet Infrastructure - U.S. Midwest Tom Beecher (Feb 01)
“Sold you fiber , not working fiber” is at the same time amazing lawerying
and insanely facepalmy. :)

RapidScale Network Contact Nathanael Catangay Cariaga (Feb 01)
Good day to all. I would like to reach out to any Rapid Scale network
contact on this list. Have some few clarifications on the latency spike
within the RapidScale network when doing traceroutes going to some IPs.

Thanks in advance.

-nathan

RPKI Documentation as an open source project Alex Band (Feb 01)
Hey all,

A couple on months ago we started putting together an FAQ on RPKI [0] which led to quite a number of community
contributions. We decided to expand upon this project and write comprehensive RPKI documentation, as an open source
project.

Other than reading every RFC on the topic, this should give operators a good understanding of the moving parts
involved, and how to use RPKI in the real world.

We got to the point where we think we...

Re: Calling LinkedIn, Amazon and Akamai @ DE-CIX NY Nick Hilliard (Feb 01)
Bryan Holloway wrote on 01/02/2019 01:00:

use edge ACLs on the IXP infrastructure to block BGP on the old IP
address range. You can then use ARP ping to work out who's still got
the old IP addresses configured.

Nick

Re: Calling LinkedIn, Amazon and Akamai @ DE-CIX NY Julien Goodwin (Feb 01)
Or just ACL ARP traffic for that subnet (assuming your equipment allows
you to configure such a filter, most kit can probably program such an
ACL, although perhaps not to configure it in the OS)

Re: Google you have a problem. Christopher Morrow (Jan 31)
:) it's very easy to rile you up.

Re: Google you have a problem. Mark Andrews (Jan 31)
It was 9:29 AM Feb 1 AEST when I reported this so yes it was FRIDAY.

Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

Risks Digest 31.04 RISKS List Owner (Jan 28)
RISKS-LIST: Risks-Forum Digest Monday 28 January 2019 Volume 31 : Issue 04

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.04>
The current issue can also be...

Risks Digest 31.03 RISKS List Owner (Jan 17)
RISKS-LIST: Risks-Forum Digest Thursday 17 January 2019 Volume 31 : Issue 03

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.03>
The current issue can also...

Risks Digest 31.02 RISKS List Owner (Jan 11)
RISKS-LIST: Risks-Forum Digest Friday 11 January 2019 Volume 31 : Issue 02

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.02>
The current issue can also be...

Risks Digest 31.01 RISKS List Owner (Jan 04)
RISKS-LIST: Risks-Forum Digest Friday 4 January 2019 Volume 31 : Issue 01

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.01>
The current issue can also be...

Risks Digest 30.98 RISKS List Owner (Dec 27)
RISKS-LIST: Risks-Forum Digest Friday 27 December 2018 Volume 30 : Issue 98

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.98>
The current issue can also be...

Risks Digest 30.97 RISKS List Owner (Dec 20)
RISKS-LIST: Risks-Forum Digest Thursday 20 December 2018 Volume 30 : Issue 97

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.97>
The current issue can also...

Risks Digest 30.96 RISKS List Owner (Dec 12)
RISKS-LIST: Risks-Forum Digest Wednesday 12 December 2018 Volume 30 : Issue 96

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.96>
The current issue can also...

Risks Digest 30.95 RISKS List Owner (Dec 08)
RISKS-LIST: Risks-Forum Digest Saturday 8 December 2018 Volume 30 : Issue 95

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.95>
The current issue can also...

Risks Digest 30.94 RISKS List Owner (Dec 03)
RISKS-LIST: Risks-Forum Digest Monday 3 December 2018 Volume 30 : Issue 94

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.94>
The current issue can also be...

Risks Digest 30.93 RISKS List Owner (Dec 01)
RISKS-LIST: Risks-Forum Digest Saturday 1 November 2018 Volume 30 : Issue 93

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.93>
The current issue can also...

Risks Digest 30.92 RISKS List Owner (Nov 21)
RISKS-LIST: Risks-Forum Digest Wednesday 21 October 2018 Volume 30 : Issue 92

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.92>
The current issue can also...

Risks Digest 30.91 RISKS List Owner (Nov 06)
RISKS-LIST: Risks-Forum Digest Tuesday 6 November 2018 Volume 30 : Issue 91

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.91>
The current issue can also be...

Risks Digest 30.90 RISKS List Owner (Nov 01)
RISKS-LIST: Risks-Forum Digest Thursday 2 November 2018 Volume 30 : Issue 90

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.90>
The current issue can also...

(no subject) RISKS List Owner (Oct 30)
23-Oct-2018 21:40:01-GMT,18244;000000000000
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
precedence: bulk
Subject: Risks Digest 30.89

RISKS-LIST: Risks-Forum Digest Tuesday 30 October 2018 Volume 30 : Issue 89

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information,...

(no subject) RISKS List Owner (Oct 23)
20-Oct-2018 0:23:38-GMT,165138;000000000004
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
precedence: bulk
Subject: Risks Digest 30.88

RISKS-LIST: Risks-Forum Digest Tuesday 23 October 2018 Volume 30 : Issue 88

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further...

BreachExchange — BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.

Open Source Tool Development

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

Re: help Ascii protocol Pascal Quantin (Feb 01)
Hi Anis,

Le ven. 1 févr. 2019 à 17:38, Anis Siad <anis.siad () ixblue com> a écrit :

If you look at epan/tvbuff.h, you will find plenty of functions dedicated
to string handling.
For example you can use tvb_find_guint8() to find the offset for the next
comma. Or alternatively use tvb_get_string_enc() & co to fetch all the
buffer in a single string from the tvb, and then wmem_strsplit() to get a
list of tokens. I gues the...

help Ascii protocol Anis Siad (Feb 01)
Hello,

So I need some help. I have ascii protocol (text based) but I don't know
how to dissect this protocol in C.

I explained the problem here:
<https://ask.wireshark.org/question/7093/ascii-dissector-non-constant-leng
th/>
https://ask.wireshark.org/question/7093/ascii-dissector-non-constant-lengt
h/

So is there any function to transform a tvb into an ascii or string ? Or
are they any function to split a tvb with a split liken...

Force rebase in Gerrit Dario Lombardo (Feb 01)
Hi,
Yesterday I cherry-picked a change into master-2.4 (
https://code.wireshark.org/review/c/31842/). I triggered the PD and it
failed due to something not related to the change. Now the master-2.4 has
been fixed and I need to rebase the change. Gerrit shows me

Change is up to date with the target branch already (master-2.4)

I try to force the rebase using refs/heads/master-2.4 as ref, but I get
"Could not perform action: base revision is...

Re: What is best way to use other protocol subdissectors? Michael Mann via Wireshark-dev (Jan 31)
What is the format of the IEEE-1722 "CAN message"? From my experience there are many different formats for CAN, so I
think it's abstracted as best it can be. The SocketCAN "packet format" isCAN ID (4 bytes). Since CAN IDs are
typically 11 or 29-bits, SocketCAN uses some of the higher bits for other flags.Payload length (1 byte)"Padding" (3
bytes)<CAN payload> (size based on payload length)....

Re: master: link fails on Ubuntu 14.04 Bertin Nicolas (Jan 31)
Hello Peter,

Removing CMakeCache.txt was the missing part!
Now, with your fix, it builds fine with and without libgnutls
Thanks!

Re: patching ASN.1 dissectors Pascal Quantin (Jan 31)
Le jeu. 31 janv. 2019 à 14:56, Dario Lombardo <lomato () gmail com> a écrit :

It is already properly initialized: the dissect_UniDialoguePDU_PDU calls
asn1_ctx_init() which properly sets the structure to 0.

Maybe that's not the right fix: if that's the case which patch do you

An exported PDU can be called from another dissector (presumably the
registered OID in this case). IMHO the right fix is to modify the tcap.cnf
file so...

Re: patching ASN.1 dissectors Dario Lombardo (Jan 31)
Sure you may.
I started from bug https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15464
.
In dissect_UniDialoguePDU_PDU, the asn1_ctx context is created. But later,
in dissect_tcap_AARQ_application_context_name, actx->value_ptr is casted
and used.
I figured out that the right way to patch the code was to init the asn1_ctx
with a proper value_ptr, when created.
Maybe that's not the right fix: if that's the case which patch do you...

Re: patching ASN.1 dissectors Pascal Quantin (Jan 31)
Hi Dario,

Le jeu. 31 janv. 2019 à 14:24, Dario Lombardo <lomato () gmail com> a écrit :

This function is auto-generated by asn2wrs.py based on the EXPORTS
directive found in tcap.cnf.
May I ask you what you want to fix? I hardly see what could be buggy in the
function itself (all the EXPORTS functions assume that you have a byte
aligned buffer; if this not the case for this specific payload then the
EXPORTS directive should not be used...

patching ASN.1 dissectors Dario Lombardo (Jan 31)
Hi
I want to fix a bug in the tcap dissector, specifically in the
function dissect_UniDialoguePDU_PDU. This is a generated dissector,
therefore I've looked for the generating code, but I got lost in the maze
of the generation of this dissector.
Any help on which code in the tree I should change for this specific
function?
Thanks.
Dario.

Re: master: link fails on Ubuntu 14.04 Peter Wu (Jan 31)
I just merged the patch, so if you pull from master, it should be
available.

As for installing GnuTLS 3.2, have you tried:

sudo apt-get install libgnutls28-dev

You might have to remove CMakeCache.txt (specifically the values related
to GNUTLS) in order to find the new version.

Re: master: link fails on Ubuntu 14.04 Bertin Nicolas (Jan 31)
Hello Peter,

In fact, I'm still trying figure out how to install GnuTLS 3.2.x on my box. I can only get version 2.8
Well, I will wait for you fix to be merged !

Thanks

Re: master: link fails on Ubuntu 14.04 Peter Wu (Jan 31)
Hi Nicolas,

Ubuntu 14.04 has two GnuTLS versions available, 2.8.x and 3.x. Support
for the former was dropped in master. If RSA decryption support is
important to you, install libgnutls28-dev for the 3.x version.

Of course the build should not fail if the GnUTLS 3.x version is
missing, this should fix the build issue without GnuTLS:
https://code.wireshark.org/review/31837

master: link fails on Ubuntu 14.04 Bertin Nicolas (Jan 31)
Hello,

After synchronizing with master yesterday, I got this link error (see below) when building on Ubuntu 14.04

ui/qt/CMakeFiles/qtui.dir/rsa_keys_frame.cpp.o: In function `RsaKeysFrame::verifyKey(char const*, char const*, int*,
QString&)':
/home/bertin/devs/hwc/wireshark/wireshark.devs/ui/qt/rsa_keys_frame.cpp:64: undefined reference to `secrets_verify_key'
ui/qt/CMakeFiles/qtui.dir/rsa_keys_frame.cpp.o: In function...

Re: Memory leak debugging - current master passes all tests! Peter Wu (Jan 30)
I have used a coverage checker (llvm-cov) during development of a single
dissector, but not the whole project. From my notes:

# epan/dissectors/CMakeList.txt after "set_target_properties(dissectors PROPERTIES"
set(COV_FLAGS "-fprofile-instr-generate -fcoverage-mapping")
set(COV_FLAGS "${COV_FLAGS}" PARENT_SCOPE)
set_source_files_properties(packet-wireguard.c PROPERTIES COMPILE_FLAGS...

Re: What is best way to use other protocol subdissectors? Dmitriy Linikov (Jan 30)
I want wireshark to treat ACF-CAN submessages of IEEE1722 like any regular
can message that is handled by packet-socketcan: decode payload and use the
same filters.

I think the reason for that is that you are adding hf variables to a

The example of such code can be seen in packet-caneth.c which is also a
transport protocol for CAN messages over Ethernet. It defines "can.id" and
other "can.xxx" hf in addition to its own...

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

for be in inline mode but crash for my setup as static daq Dorian ROSSE via Snort-users (Feb 03)
Do the Following command :

Running inline Snort

ifconfig eth1 promisc up

ifconfig eth2 promisc up

snort --daq afpacket -i eth1:eth2 -Q -c snort.conf
where eth<value> or other internet card can be found by ‘ifconfig’ command line

then I downloaded the snort.conf then I rename the file for launch the last down command line !

That return this :

snort --daq afpacket -i enp5s0 -Q -c snort.confEnabling inline operation
Running in IDS...

I went to set up the oinkmaster.conf in /etc Dorian ROSSE via Snort-users (Feb 03)
I went to set up the oinkmaster.conf in /etc

Regards.

Dorian ROSSE.

no available daq… (very long e-mail) Dorian ROSSE via Snort-users (Feb 03)
Hello,

When I run this command line I have an anwser Failure but daq is set up which all daq just ipq isn’t set up :

snort --daq-dir=../daq-2.0.6 --daq-list
No available DAQ modules (try adding directories with --daq-dir).

(I follown this web page : https://www.snort.org/faq/readme-daq)

Now I will try to run all this command line following but I don’t know how to set up var value ☹

snort \
[--daq pcap] \
[--daq-mode inline] \...

Re: snort.conf missing Dorian ROSSE via Snort-users (Feb 03)
I went to do a fresh install of snort finally run this commad line after the compile of snort rules can put snort.conf
in the snort directory by this command line :

sudo cp /etc/snort.conf /

Regards.

Dorian ROSSE.

________________________________
De : Dorian ROSSE <dorianbrice () hotmail fr>
Envoyé : Tuesday, January 22, 2019 7:59:04 PM
À : Joel Esler (jesler)
Cc : Lucas Smith; snort-users () lists snort org
Objet : Re: [Snort-users]...

Do my cook is good ? Dorian ROSSE via Snort-users (Feb 03)
Hello,

Thank you in advance to ckeck my cook for nfq and return to me if I have right or false about nfq because the iptables
should enable ipq…

Regards.

Dorian ROSSE.

Re: nfq problem Dorian ROSSE via Snort-users (Feb 02)
Fix it !

firstly install all needing by :

apt-get install libnetfilter-queue-dev libnetfilter-queue1 libnetfilter-log-dev libnetfilter-log1 libnfnetlink-dev
libnfnetlink0

then do this command line :

sudo iptables -I FORWARD -j QUEUE

then run in daq-2.0.6/ :

./configure

now your nfq is enabled 😊

Regards.

Dorian ROSSE.

________________________________
De : Dorian ROSSE
Envoyé : Friday, February 1, 2019 10:20:47 AM
À : snort-users ()...

Re: help: how to use port_scan with snort3.0 ？ Russ via Snort-users (Feb 02)
A couple of things are going on. You didn't send sid:11118 but if it
looks like like sid:11116 it is alerting on all TCP packets. In
addition, the alert is showing the port_scan pseudo packet instead of
the original TCP packet. We will fix that.

To get the correct alerts, you need to add the builtin port_scan rules
to your configuration, for example:

ips = { rules = [[ alert ( gid:122; sid:1; msg:"tcp port...

Re: Ask for daq static Dorian ROSSE via Snort-users (Feb 02)
For Watch make Failure I run this command line in daq-2.0.6/ :

‘sudo make check’

It return this error :

Makefile:770: recipe for target 'libdaq_static_modules_la-daq_pcap.lo' failed
make[1]: *** [libdaq_static_modules_la-daq_pcap.lo] Error 1
make[1]: Leaving directory '/opt/daq-2.0.6/os-daq-modules'
Makefile:406: recipe for target 'check-recursive' failed
make: *** [check-recursive] Error 1

What should I do...

Re: Ask for daq static Dorian ROSSE via Snort-users (Feb 02)
For Watch make Failure I run this command line in daq-2.0.6/ :

‘sudo make check’

It return this error :

Makefile:770: recipe for target 'libdaq_static_modules_la-daq_pcap.lo' failed
make[1]: *** [libdaq_static_modules_la-daq_pcap.lo] Error 1
make[1]: Leaving directory '/opt/daq-2.0.6/os-daq-modules'
Makefile:406: recipe for target 'check-recursive' failed
make: *** [check-recursive] Error 1

What should I do...

Re: help: how to use port_scan with snort3.0 ？ Dorian ROSSE via Snort-users (Feb 02)
I think Nmap is hungry 😂

If it ask some needing give them!

I found this in Google It talk about lua script in Nmap!

https://www.hackingtutorials.org/scanning-tutorials/port-scanning-and-os-detection-with-nmap/

I hope It will help you :)

If you need more help ask our help,

Regards.

Dorian Rosse.

________________________________
From: sofardware <sofardware () 126 com>
Sent: Saturday, February 2, 2019 8:06:45 AM
To: Dorian ROSSE;...

Re: help: how to use port_scan with snort3.0 ？ Dorian ROSSE via Snort-users (Feb 02)
Sorry but I can't help you I can only help for easy problem maybe you should follow your new program problem?

You were speaking about a program not tell in the first e-mail also you should check the program Readme I think,

Regards.

Dorian Rosse.

________________________________
From: sofardware <sofardware () 126 com>
Sent: Saturday, February 2, 2019 8:06:45 AM
To: Dorian ROSSE; snort-users () lists snort org
Subject: Re:RE:...

Re: help: how to use port_scan with snort3.0 ？ sofardware via Snort-users (Feb 01)
Thank you Russ . Now I have it worked to alert for portscan，bug still a problem：
When do tcp portscan with nmap：
I must add an ips rule for alerting tcp protocol like below，then the portcan can alert after the protocol alert like
the bottom print。If no tcp protocol alert rule，then no tcp portscan alert。I want to know why？？？
when I delete “port_scan = default_med_port_scan” in snort.lua， the tcp protocol ips alert can...

help: how to use port_scan with snort3.0 ？ sofardware via Snort-users (Feb 01)
Hi all，
who can tell me how to use port_scan with snort3.0 ？ Thanks for your help.
I have try it with \snortrules-snapshot-3000\etc\snort_defaults.lua and snort.lua to detect scan from nmap,
but no any alert ._______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users...

Re: how to use port_scan with snort3.0 Russ via Snort-users (Feb 01)
Hi,

Did you check the Snort++ user manual? There is a section on
port_scan. It is similar to but updated from Snort 2. You can use the
default configurations like this:

port_scan = default_med_port_scan

(taken from the example snort.lua) or you can copy and tweak any of the
configs from snort_defaults.lua. With Snort 3 port_scan is completely
configurable so it is just a matter of tweaking the thresholds to meet
your...

iptables problems for NFQ and IPQ Dorian ROSSE via Snort-users (Feb 01)
Hello,

I follown the readme :

You might find useful IPQ info here:

http://snort-inline.sourceforge.net/

Use this to examine your iptables:

sudo /sbin/iptables -L

Use something like this to set up NFQ:

sudo /sbin/iptables
-I <table> [<protocol stuff>] [<state stuff>]
-j NFQUEUE --queue-num 1

Use something like this to set up IPQ:

sudo iptables -I FORWARD -j QUEUE

Firstly the link useful...

More Lists

Related Resources

We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.