SecLists.Org Security Mailing List Archive

Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:

Insecure.Org Lists

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

GitHub PR #1383 - Script for unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload Kostas Milonas (Nov 05)
Hello everyone.

I'm sending this to inform you about a pull request I created on GitHub.
Its a script about CVE-2018-9206, the unauthenticated arbitrary file upload
vulnerability in Blueimp's jQuery-File-Upload plugin.

The pull request is:
#1383: Script for unauthenticated arbitrary file upload vulnerability in
Blueimp jQuery-File-Upload

You can see a brief summary about the script on the pull request's
description.
I can also...

Re: Improving address exclusion matching David Fifield (Nov 03)
That's great! Nice work.

Recommeded C/C++ IDE for NMAP Geffrey Velasquez (Nov 02)
Hello list,

Please, could you suggest a C/C++ IDE to navigate through the NMAP source
code?

Best regards,
Geffrey

Re: Port 9050 Question Daniel Miller (Nov 01)
Jarrod,

"filtered" means that something is blocking communication on that port. It
does not indicate that anything is using that port. On the contrary, if the
port is filtered, it is less likely that it is being used by anything. Most
likely, the client's network or your own network is configured to block
communications on port 9050, possibly in an attempt to prevent
communication over SOCKS proxies.

Dan

On Thu, Nov 1, 2018 at...

Re: Ncat proxy pivoting Robin Wood (Nov 01)
This is for netcat but will probably work on ncat:

http://www.michaelboman.org/books/penetration-testing-notes/netcat

There is also a SANS paper done by Ed Skoudis that covers similar
stuff that is really worth reading.

Robin

Re: Ncat proxy pivoting David Fifield (Nov 01)
Do you mean something like this?
https://nmap.org/ncat/guide/ncat-tricks.html#ncat-chain
ncat -lk localhost 1234 --sh-exec "ncat remote.example 5678"

Ncat proxy pivoting Pavel Kreuzt (Oct 31)
I'm testing ncat as a proxy to pivot from a internal network to the
internet (since generic pivoting techniques only allow to pivot to a single
host). Is there any special syntax to chain together ncat proxy and an
outgoing tunnel?
So far I've tried port forwarding from the ncat proxy host to a broker on
my machine and conecting the browser to this broker as a proxy, and tried
also using local port forwarding instead of a broker. But it...

GitHub PRs #1376, #1377, #1378 - D-Link router vulnerabilities Kostas Milonas (Oct 31)
Hello everyone.

I created the following 3 pull requests that add an equal number of scripts
regarding
D-Link router vulnerabilities disclosed a couple of weeks ago.

#1376: Add script for D-Link router directory traversal vulnerability
#1377: Add script for D-Link router shell command injection vulnerability
#1378: Add script for D-Link router plaintext password file exposure

References:
- https://seclists.org/fulldisclosure/2018/Oct/36
-...

GitHub PR #1374 - Improve the accuracy of script http-vuln-cve2017-1001000.nse Kostas Milonas (Oct 31)
Hello everyone.

Firstly, congratulations for this great tool!

This is my first contribution to the project!
I opened the pull request #1374 on GitHub (
https://github.com/nmap/nmap/pull/1374).
The objective of this is to improve the accuracy of the script
http-vuln-cve2017-1001000.nse.

Made two fixes where the script:

1. failed with an error when the Wordpress API returned an empty response
on the GET request.
2. incorrectly marked the target...

Port 9050 Question Jarrod Fodemski (Oct 31)
Hello,

I’ve doing an audit for a client and my scan is returning port 9050 (tor-socks) as filtered. I don’t want to raise an
alarm unnecessarily that one of their IT staff is using Tor for anything on the company network, but I can’t make any
sense of this. I was wondering if anyone else has seen this (I could find nothing in Google searches) or if you might
have any ideas what would cause this?

Any feedback is greatly appreciated....

Improving address exclusion matching Daniel Miller (Oct 31)
Back in 2012, David posted an interesting message to this list:
https://seclists.org/nmap-dev/2012/q4/420

He suggested that our existing method for checking a candidate address
against a list of excluded addresses was slower than it should be, and that
it was noticeably affecting some users' scan times. I've been thinking
about this off and on since then (6 years doesn't seem all that long at
this age :)), and I recently had a...

Re: Service fingerprint update / fix for libssh (patch) Fyodor (Oct 23)
On Wed, Oct 17, 2018 at 9:27 PM Brandon Enright via dev <dev () nmap org>
wrote:

Thanks Brandon, and also David for the additional research. I've applied
the patch.

Cheers,
Fyodor

Zenmap 7.70 issue Sellers, Bryan E (Oct 23)
We use Zenmap all the time to view the nmap xml scans. The issue we keep running into is that you cannot copy and paste
the IP addresses, Services, and or anything in the Ports/Hosts tabs. We have installed the latest 7.70 version and have
run it on Windows 10, Kali, Windows 2012, Windows 7 with the same issue. Is there a particular reason that those areas
don't allow copy and paste? The Target, Profile, and Command area allow copy and...

SSH - get welcome banner message Antoniy Nikolaev (Oct 23)
Hello,

I am trying to get an issue.net message (Welcome or Warning banner message
from /etc/issue.net file) from a remote SSH server, this message appears
immediately after connecting to the server (before the password login
prompt).
Can someone please tell me if there is a way to get this SSH issue.net
banner message with Nmap or maybe with some NSE scripts without login? Any
help would be greatly appreciated.

Many thanks,
Antoniy

Re: Service fingerprint update / fix for libssh (patch) David Fifield (Oct 18)
Looks right to me.
https://git.libssh.org/projects/libssh.git/tree/include/libssh/priv.h?id=60037f327540f9ff2255cb6cc6bba78ea1f066b9#n159
#ifndef CLIENT_BANNER_SSH2
#define CLIENT_BANNER_SSH2 "SSH-2.0-libssh_" SSH_STRINGIFY(LIBSSH_VERSION)
#endif /* CLIENT_BANNER_SSH2 */
It's called "CLIENT"_BANNER_SSH2 but it's also sent by the server code.

It switched from hyphen to underscore in 2016...

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.

Nmap 7.70 released! Better service and OS detection, 9 new NSE scripts, new Npcap, and much more. Fyodor (Mar 20)
Nmap Community,

We're excited to make our first Nmap release of 2018--version 7.70! It
includes hundreds of new OS and service fingerprints, 9 new NSE scripts
(for a total of 588), a much-improved version of our Npcap windows packet
capturing library/driver, and service detection improvements to make -sV
faster and more accurate. And those are just a few of the dozens of
improvements described below.

Nmap 7.70 source code and binary...

Nmap GSoC 2017 Success Reports Fyodor (Oct 10)
Hello Nmap Community,

Nmap celebrated its 20th birthday last month and we also just completed our
13th Google Summer of Code. We focused on a fairly small team of four
students this year (http://seclists.org/nmap-announce/2017/2), and I'm
happy to report that every one passed! And they all have code integrated
into Nmap 7.60 already, with even more to follow for the next release.
Also this year, for the first time, every student wrote a...

Nmap 7.60 released! SSH support, SMB2/SMB3 improvements, 14 more scripts, new Npcap, GSoC work, and more Fyodor (Aug 01)
Hello everyone. I'm back from Defcon and excited to announce the new Nmap
7.60 release! It has only been a month and a half since 7.50, but we still
packed a lot into this one. Mostly because we have such an awesome GSoC
team of 8 students and mentors working on so many cool projects. The
program hasn't even ended yet, but much of their work has already been
integrated into this release.

One of the things I'm most excited...

Nmap 7.50 Released! 14 new NSE scripts, 300+ fingerprints, new Npcap, and more Fyodor (Jun 13)
Dear Nmap Community:

The Nmap project is delighted to announce the release of Nmap 7.50! It is
our first big release since last December and has hundreds of improvements
that we hope you will enjoy.

One of the things we have been worked the hardest on recently is our Npcap
packet capturing driver and library for Windows (https://nmap.org/npcap/).
It is a replacement for WinPcap, which served us well for many years, but
is no longer maintained....

Introducing the 2017 Nmap/Google Summer of Code Team! Fyodor (May 18)
Nmap community:

Thanks for all of your applications and referrals of talented students to
the Summer of Code program. Google has agreed to sponsor four students to
spend this summer enhancing the Nmap Security Scanner and I'm proud to
introduce our 2017 team! We normally mentor coders working all over the
Nmap/Zenmap/Ncat/Nping spectrum, but this year we're doubling down on the
Nmap Scripting Engine component. All four of our...

Nmap Project Seeking Talented Programmers for GSoC 2017 Fyodor (Mar 27)
Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're one...

Nmap GSoC 2016 Success Report Fyodor (Feb 07)
Happy belated new year from the Nmap Project! I'd like to take this
opportunity to send you the belated results from our 2016 Summer of Code
team. I was going to send them right after the program finished, but some
of the students were still finishing some great things so I decided to
wait. As you may recall from the team intro mail (
http://seclists.org/nmap-announce/2016/2), we had 5 students last year and
I'm happy to report that...

Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

Re: Royal TS/X - Information Disclosure Jakub Palaczynski (Nov 05)
Hello,

I would like to inform that actual fix for this vulnerability was released
in versions:

- Royal TSX (for macOS) 3.3.1 - Release Date: 2018-09-13
- Royal TS (for Windows) 4.3.60728 - Release Date: 2018-07-28

Kind regards
Jakub Palaczynski

śr., 31 paź 2018, 06:43: Jakub Palaczynski <jakub.palaczynski () gmail com>
napisał(a):

Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings. Hakan Bayır (Nov 05)
I. VULNERABILITY
-------------------------
SQL Injection

II. CVE REFERENCE
-------------------------
CVE-2018-18949

III. VENDOR
-------------------------
https://www.manageengine.com

IV. TIMELINE
-------------------------
09/10/18 Vulnerability discovered
09/10/18 Vendor contacted
02/11/2018 OPManager replay that they fixed

V. CREDIT
-------------------------
Hakan Bayir at Biznet Bilisim A.S.

VI. DESCRIPTION
-------------------------
Zoho...

Security issue in the password reset mechanism of Forcepoint Secure Messaging product (tested in version 8.5) Eitan shav (Nov 05)
When the user wants to reset his password, he then gets a password reset link to his mail. (The reset password page is
made of "new password"
field and "reset password" button)

This password reset link will be valid only if:
1.the link wasn't used before.
2.the link was used within 24 hours of the password reset
request.

If the conditions are not met, the user will get some
error message saying "this link is not...

Cradlepoint vulnerabilities CrazyOwl via Fulldisclosure (Nov 05)
Many vulnerabilities in the built-in software of the Cradlepoint Router. 100000 such routers can be seen in the shodan
(https://www.shodan.io/search?query=cradlepointhttpservice). These vulnerabilities were reported to Cradlepoint in
august.

A hardcoded password allows you to retrieve sensitive information, including the default password:
* go to http://[router IP]/plt?password=W6rqCjk5ijRs6Ya5bv55
* router default password is last 8...

KL-001-2018-009 : Dell OpenManage Network Manager Multiple Vulnerabilities KoreLogic Disclosures (Nov 05)
KL-001-2018-009 : Dell OpenManage Network Manager Multiple Vulnerabilities

Title: Dell OpenManage Network Manager Multiple Vulnerabilities
Advisory ID: KL-001-2018-009
Publication Date: 2018.11.05
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-009.txt

1. Vulnerability Details

Affected Vendor: Dell
Affected Product: OpenManage Network Manager
Affected Version: 6.2.0.51 SP3
Platform: Embedded...

APPLE-SA-2018-10-30-14 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan Apple Product Security (Nov 02)
APPLE-SA-2018-10-30-14 Additional information for APPLE-SA-2018-7-9-4
macOS High Sierra 10.13.6, Security Update 2018-004 Sierra,
Security Update 2018-004 El Capitan

macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, and
Security Update 2018-004 El Capitan address the following:

AMD
Available for: macOS High Sierra 10.13.5
Impact: A malicious application may be able to determine kernel
memory layout
Description: An information...

APPLE-SA-2018-10-30-13 Additional information for APPLE-SA-2018-9-24-2 iTunes 12.9 for Windows Apple Product Security (Nov 02)
APPLE-SA-2018-10-30-13 Additional information for
APPLE-SA-2018-9-24-2 iTunes 12.9 for Windows

iTunes 12.9 for Windows addresses the following:

CFNetwork
Available for: Windows 7 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative...

APPLE-SA-2018-10-30-11 Additional information for APPLE-SA-2018-9-24-6 tvOS 12 Apple Product Security (Nov 02)
APPLE-SA-2018-10-30-11 Additional information for
APPLE-SA-2018-9-24-6 tvOS 12

tvOS 12 addresses the following:

Auto Unlock
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A malicious application may be able to access local users
AppleIDs
Description: A validation issue existed in the entitlement
verification. This issue was addressed with improved validation of
the process entitlement.
CVE-2018-4321: Min (Spark) Zheng,...

APPLE-SA-2018-10-30-12 Additional information APPLE-SA-2018-10-08-2 iCloud for Windows 7.7 Apple Product Security (Nov 02)
APPLE-SA-2018-10-30-12 Additional information
APPLE-SA-2018-10-08-2 iCloud for Windows 7.7

iCloud for Windows 7.7 addresses the following:

CFNetwork
Available for: Windows 7 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry...

APPLE-SA-2018-10-30-9 Additional information for APPLE-SA-2018-9-24-1 macOS Mojave 10.14 Apple Product Security (Nov 02)
APPLE-SA-2018-10-30-9 Additional information for
APPLE-SA-2018-9-24-1 macOS Mojave 10.14

macOS Mojave 10.14 addresses the following:

Bluetooth
Available for: iMac (21.5-inch, Late 2012), iMac (27-inch, Late 2012)
, iMac (21.5-inch, Late 2013), iMac (21.5-inch, Mid 2014), iMac
(Retina 5K, 27-inch, Late 2014), iMac (21.5-inch, Late 2015),
Mac mini (Mid 2011), Mac mini Server (Mid 2011), Mac mini (Late 2012)
, Mac mini Server (Late 2012), Mac mini...

APPLE-SA-2018-10-30-10 Additional information for APPLE-SA-2018-9-24-5 watchOS 5 Apple Product Security (Nov 02)
APPLE-SA-2018-10-30-10 Additional information for
APPLE-SA-2018-9-24-5 watchOS 5

watchOS 5 addresses the following:

CFNetwork
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry added October...

APPLE-SA-2018-10-30-8 Additional information for APPLE-SA-2018-9-24-4 iOS 12 Apple Product Security (Nov 02)
APPLE-SA-2018-10-30-8 Additional information for
APPLE-SA-2018-9-24-4 iOS 12

iOS 12 addresses the following:

Accounts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local app may be able to read a persistent account
identifier
Description: This issue was addressed with improved entitlements.
CVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.

Auto Unlock
Available for: iPhone 5s and...

APPLE-SA-2018-10-30-7 iCloud for Windows 7.8 Apple Product Security (Nov 02)
APPLE-SA-2018-10-30-7 iCloud for Windows 7.8

iCloud for Windows 7.8 is now available and addresses the following:

CoreCrypto
Available for: Windows 7 and later
Impact: An attacker may be able to exploit a weakness in the
Miller-Rabin primality test to incorrectly identify prime numbers
Description: An issue existed in the method for determining prime
numbers. This issue was addressed by using pseudorandom bases for
testing of primes....

APPLE-SA-2018-10-30-6 iTunes 12.9.1 Apple Product Security (Nov 02)
APPLE-SA-2018-10-30-6 iTunes 12.9.1

iTunes 12.9.1 is now available and addresses the following:

CoreCrypto
Available for: Windows 7 and later
Impact: An attacker may be able to exploit a weakness in the
Miller-Rabin primality test to incorrectly identify prime numbers
Description: An issue existed in the method for determining prime
numbers. This issue was addressed by using pseudorandom bases for
testing of primes.
CVE-2018-4398: Martin...

APPLE-SA-2018-10-30-5 tvOS 12.1 Apple Product Security (Nov 02)
APPLE-SA-2018-10-30-5 tvOS 12.1

tvOS 12.1 is now available and addresses the following:

CoreCrypto
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An attacker may be able to exploit a weakness in the
Miller-Rabin primality test to incorrectly identify prime numbers
Description: An issue existed in the method for determining prime
numbers. This issue was addressed by using pseudorandom bases for
testing of primes.
CVE-2018-4398:...

Other Excellent Security Lists

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

[slackware-security] mariadb (SSA:2018-309-01) Slackware Security Team (Nov 05)
[slackware-security] mariadb (SSA:2018-309-01)

New mariadb packages are available for Slackware 14.1 and 14.2 to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/mariadb-10.0.37-i586-1_slack14.2.txz: Upgraded.
This update fixes bugs and security issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3282...

KL-001-2018-009 : Dell OpenManage Network Manager Multiple Vulnerabilities KoreLogic Disclosures (Nov 05)
KL-001-2018-009 : Dell OpenManage Network Manager Multiple Vulnerabilities

Title: Dell OpenManage Network Manager Multiple Vulnerabilities
Advisory ID: KL-001-2018-009
Publication Date: 2018.11.05
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-009.txt

1. Vulnerability Details

Affected Vendor: Dell
Affected Product: OpenManage Network Manager
Affected Version: 6.2.0.51 SP3
Platform: Embedded...

Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings. Hakan Bayır (Nov 05)
I. VULNERABILITY
-------------------------
SQL Injection

II. CVE REFERENCE
-------------------------
CVE-2018-18949

III. VENDOR
-------------------------
https://www.manageengine.com

IV. TIMELINE
-------------------------
09/10/18 Vulnerability discovered
09/10/18 Vendor contacted
02/11/2018 OPManager replay that they fixed

V. CREDIT
-------------------------
Hakan Bayir at Biznet Bilisim A.S.

VI. DESCRIPTION
-------------------------
Zoho...

[SECURITY] [DSA 4333-1] icecast2 security update Moritz Muehlenhoff (Nov 04)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4333-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
November 04, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : icecast2
CVE ID : CVE-2018-18820

Nick Rolfe...

[SECURITY] [DSA 4334-1] mupdf security update Moritz Muehlenhoff (Nov 04)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4334-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
November 04, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mupdf
CVE ID : CVE-2017-17866 CVE-2018-5686...

[SECURITY] [DSA 4332-1] ruby2.3 security update Salvatore Bonaccorso (Nov 04)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4332-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
November 03, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ruby2.3
CVE ID : CVE-2018-16395 CVE-2018-16396...

[SECURITY] [DSA 4331-1] curl security update Alessandro Ghedini (Nov 04)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4331-1 security () debian org
https://www.debian.org/security/ Alessandro Ghedini
November 02, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : curl
CVE ID : CVE-2018-16839 CVE-2018-16842

Two...

[SECURITY] [DSA 4330-1] chromium-browser security update Michael Gilbert (Nov 04)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4330-1 security () debian org
https://www.debian.org/security/ Michael Gilbert
November 02, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : chromium-browser
CVE ID : CVE-2018-5179...

Disclose Vulnerability alphan yavaş (Nov 02)
I. VULNERABILITY
-------------------------
Cisco WebEx Meetings Server XML External Entity

II. CVE REFERENCE
-------------------------
CVE-2018-18895

III. VENDOR
-------------------------
http://cisco.com

IV. TIMELINE
------------------------
18/09/2018 Vulnerability discovered
19/09/2018 Vendor contacted
24/10/2018 Cisco replay that they will fix it.

V. CREDIT
-------------------------
Alphan Yavas from Biznet Bilisim A.S.

VI. DESCRIPTION...

[slackware-security] curl (SSA:2018-304-01) Slackware Security Team (Oct 31)
[slackware-security] curl (SSA:2018-304-01)

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/curl-7.62.0-i586-1_slack14.2.txz: Upgraded.
This release fixes the following security issues:
SASL password overflow via integer overflow.
Use-after-free in handle close.
Warning message...

October 2018 Sourcetree Advisory Anton Black (Oct 31)
This email refers to the advisory found at
https://confluence.atlassian.com/display/SOURCETREEKB/Sourcetree+Security+Advisory+2018-10-31
.

CVE ID:

* CVE-2018-13396.
* CVE-2018-13397.

Product: Sourcetree.

Affected Sourcetree product versions:

1.0b2 <= version < 3.0.0
0.5.1.0 <= version < 3.0.0

Fixed Sourcetree product versions:

* for macOS, Sourcetree 3.0.0 has been released with a fix for these issues.
* for Windows, Sourcetree...

OpenText Brava! Enterprise and Brava! Server Components Sensitive Data Exposure luke . bailiff (Oct 31)
Vulnerable Application: Brava! Enterprise and Brava! Server Components

Affected Versions: Brava! Enterprise and Brava! Server Components have this as the default configuration, from Brava!
7.5 to the latest Brava! 16.4 on Windows.

Not Affected Versions: Linux installs do not automatically create the share.

Potential Security Impact: Sensitive Data Exposure

If the files within your implementation are sensitive, this may expose sensitive...

Zoho ManageEngine OpManager 12.3 allows Self XSS Vulnerability Hakan Bayır (Oct 31)
I. VULNERABILITY
-------------------------
Zoho ManageEngine OpManager 12.3 allows Self XSS Vulnerability

II. CVE REFERENCE
-------------------------
CVE-2018-18716

III. VENDOR
-------------------------
https://www.manageengine.com

IV. TIMELINE
-------------------------
09/10/18 Vulnerability discovered
09/10/18 Vendor contacted
26/10/2018 OPManager replay that they fixed

V. CREDIT
-------------------------
Hakan Bayir at Biznet Bilisim A.S....

Zoho ManageEngine OpManager 12.3 allows Stored XSS Hakan Bayır (Oct 31)
I. VULNERABILITY
-------------------------
Zoho ManageEngine OpManager 12.3 allows stored XSS

II. CVE REFERENCE
-------------------------
CVE-2018-18715

III. VENDOR
-------------------------
https://www.manageengine.com

IV. TIMELINE
-------------------------
09/10/18 Vulnerability discovered
09/10/18 Vendor contacted
26/10/2018 OPManager replay that they fixed

V. CREDIT
-------------------------
Hakan Bayir at Biznet Bilisim A.S.

VI....

APPLE-SA-2018-10-30-12 Additional information APPLE-SA-2018-10-08-2 iCloud for Windows 7.7 Apple Product Security (Oct 31)
APPLE-SA-2018-10-30-12 Additional information
APPLE-SA-2018-10-08-2 iCloud for Windows 7.7

iCloud for Windows 7.7 addresses the following:

CFNetwork
Available for: Windows 7 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4126: Bruno Keith (@bkth_) working with Trend Micro's Zero
Day Initiative
Entry...

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

Wormy worms. Dave Aitel (Oct 22)
https://www.youtube.com/watch?v=L96bfxIisq4

So I spent some time last week watching this talk, and a few of the other
Hack.lu talks. A large part of this talk is about a historical walkthrough
of both public work on the subject, and public examples of various worms
which operated as semi-parasitic patching cycles.

It left me with a lot of questions though:

- In the future, will all worms patch hosts as they move through, as a
form of...

INFILTRATE 2019 - How Far Is The Horizon? Dave Aitel (Oct 18)
[image: IMG_20181016_075725-EFFECTS.jpg]
Come talk at INFILTRATE this year! CFP Here <http://infiltratecon.org/cfp/>.

Here is why you should:

- This is the only conference where the audience is other exploit writers
- You get a very valuable peer review of your talk, for free!
- Obviously we treat you well, pay your way, and even have profit
sharing on the conference
- We have the best food and venue of any security...

INFILTRATE 2019 Dave Aitel (Oct 16)
Brainspace multi-language dogs vs cats video:
https://vimeo.com/295031710/cab5239619

Exploiting branch target prediction, Jann Horn, INFILTRATE 2018
https://vimeo.com/270442911

So I wanted to point people at the above videos today, in case you missed
them on Twitter, or in case you are not even on Twitter because social
media is evil and you want to save your mana for dealing with people in the
local PTA.

The INFILTRATE 2019 CFP is about to...

INFILTRATE CFP KEYNOTES Dave Aitel (Sep 11)
Doing a keynote is a lot of work - the peer review alone is brutal. And we
work hard on getting our INFILTRATE keynote speakers to present a unique
vision and perspective on our business, community, or overall strategy.
Usually, I personally call in favors from people I know or friends of
friends, and we sweeten the pot by not charging former keynoters for
tickets for all future INFILTRATES, which I think is a fair trade. :)

So I have a...

Re: Voting Village at Defcon Dave Aitel (Aug 25)
https://www.propublica.org/article/defcon-teen-did-not-hack-a-state-election

The whole thing was a sham. I know darktangent is on this list. Something
to think about for next year ...

-dave

Re: Cymothoa Exigua " (Aug 24)
I think it is worth noting that she claims multiple people felt the same
way and expressed similar independent opinions before she synthesized them
for a wider audience. What that probably means is that such comments are
not her feelings alone. What IS clear is that crypto technology is a double
edged sword and you must choose which edge of the blade you wish to wield.

Re: Voting Village at Defcon Chris Eng (Aug 23)
What even is the point of setting up “replica websites” that are only replicas in the sense that they ostensibly
perform the same function as the real sites, but otherwise do not share common code/technology and are essentially
known sacrificial sites with security bugs intentionally placed in them?

We know how much of the media operates. Did this coverage surprise anybody? Especially with quotes like this:

“These websites are so easy...

Cymothoa Exigua Dave Aitel (Aug 23)
The world is full of horrors, and one of those is Cymothoa Exigua
<https://www.google.com/search?q=fish+tongue+parasite&safe=off&source=lnms&tbm=isch&sa=X&ved=0ahUKEwi4vtLso4PdAhUGq1kKHen0D9oQ_AUICigB&biw=1440&bih=809>.
Another one of those, is groups of people who think they, somehow, have
cracked the code to developing technology in an "ethical" way, and if you
just obeyed them, everything would be...

Re: Voting Village at Defcon Kevin T. Neely (Aug 23)
Sure, it's SQLi, but I'm not sure why you'd minimize her effort. According
to the village's Twitter account, she changed the vote tallys from a
replica of the site. https://twitter.com/VotingVillageDC It would be nice
if the media reported on the recommendations that come from the findings,
but we all know that's not how the media operates.

K

Re: information operations efforts and data carving Jukka Ruohonen (Aug 23)
This was a good take on things. I generally also applaud the constructive
criticism instead of the ranting strategy...

But it is still social media. Now I've seen quite a few papers recently
about vulnerabilities viz. Twitter. Some of these are relevant; there have
been some information leakages about things I consider relevant myself
(i.e., open source). But now people are attaching the "zero-day" label to
their papers, which...

Hammerhead repost for Halvar Dave Aitel (Aug 13)
From:
https://web.archive.org/web/20040131120103/http://www.immunitysec.com:8010/29/2002
- Fishing for Obscurity

Some sharks and fish have a unique sixth sense – they can generate and
detect electrical fields, even minute ones. According to the font of all
natural knowledge, the Discovery channel (as opposed to Dawson's Creek, the
font for all social knowledge), a hammer head shark's funny looking head is
actually a voltmeter of...

Voting Village at Defcon Dave Aitel (Aug 13)
https://www.usatoday.com/story/tech/nation-now/2018/08/13/11-year-old-hacks-replica-florida-election-site-changes-results/975121002/

So I don't know a ton about the details of voting machines, but I'm pretty
sure what happened at the DEFCON voting village is not being represented at
all accurately in the media, and I'm curious why nobody in the community is
pushing back on it, specifically I think we have a duty not to be used as...

information operations efforts and data carving Dave Aitel (Aug 09)
Previously Unreleased Work:
https://docs.google.com/presentation/d/1tMlJvnUv_Qbh5mx2RYbyuTHTHr9c9ShIKBzz_JDGn_s/edit?usp=sharing
Paper on the 3M Tweets from Clemson:
https://www.cyxtera.com/blog/data-carving-the-internet-research-agency-tweets

So what you see a lot in some papers is this sort of thing (this one is
from the original Clemson paper):
[image: image.png]I always get flashbacks of that XKCD Correlation vs
Causation comic <...

FINAL CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018 Branco, Rodrigo (Aug 09)
CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018

[ - Introduction - ]

It is a pleasure to invite you to submit abstracts to iSecCon 2018, the annual Security Conference at Intel.

This prestigious conference aims to bring together esteemed speakers from the industry, government and academia to
share knowledge and leading-edge ideas about security and related topics. This is an
excellent opportunity to network with like-minded people...

Assessment Dave Aitel (Jul 20)
So soon after the Immunity deal closed we had this big all hands conference
call with everyone in the larger Cyxtera group on it, and Chris Day, who
runs the group I'm in, said, "Hey Dave, can you give everyone a quick
rundown as to what Immunity is, now that we're all one big team?" and I'll
be honest, I totally bombed.

Immunity has never done corporate verbiage. There's a tendency to be
extremely bland and generic...

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

Microsoft Security Update Minor Revisions Microsoft (Oct 24)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 24, 2018
********************************************************************

Summary
=======

The following CVE has undergone a minor revision increment:

* CVE-2018-8512

Revision Information:
=====================

- CVE-2018-8512 | Microsoft Edge Security Feature Bypass
Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 19)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 19, 2018
********************************************************************

Summary
=======

The following CVE been added to the October 2018 Security updates:

* CVE-2018-8569

Revision Information:
=====================

- CVE-2018-8569 | Yammer Desktop Application Remote Code Execution
Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 17)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 17, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2010-3190

Revision Information:
=====================

- CVE-2010-3190 | MFC Insecure Library Loading Vulnerability
-...

Microsoft Security Update Minor Revisions Microsoft (Oct 09)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 9, 2018
********************************************************************

Summary
=======

The following CVE has undergone a minor revision increment:

* CVE-2018-8531

Revision Information:
=====================

- CVE-2018-8531 | Azure IoT Device Client SDK Memory Corruption
Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 09)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 9, 2018
********************************************************************

Summary
=======

The following CVE been added to the October 2018 Security updates:

* CVE-2018-8292

Revision Information:
=====================

- CVE-2018-8292 | .NET Core Information Disclosure Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 09)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 9, 2018
********************************************************************

Summary
=======

The following bulletin has undergone a major revision increment:

* MS11-025

Revision Information:
=====================

- https://docs.microsoft.com/en-us/security-updates/
SecurityBulletins/2011/ms11-025:...

Microsoft Security Update Summary for October 9, 2018 Microsoft (Oct 09)
********************************************************************
Microsoft Security Update Summary for October 9, 2018
Issued: October 9, 2018
********************************************************************

This summary lists security updates released for October 9, 2018.

Complete information for the October 2018 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>.

Please note the...

Microsoft Security Update Releases Microsoft (Oct 02)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 2, 2018
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment:

* CVE-2018-0952

Revision Information:
=====================

- CVE-2018-0952 | Diagnostic Hub Standard Collector Elevation of
Privilege Vulnerability
-...

Microsoft Security Advisory Notification Microsoft (Sep 12)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 12, 2018
********************************************************************

Security Advisories Released or Updated on September 12, 2018
===================================================================

* Microsoft Security Advisory ADV180022

- Title: Windows Denial of Service Vulnerability
-...

Microsoft Security Update Minor Revisions Microsoft (Sep 12)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: September 12, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a minor revision increment:

* CVE-2018-8421
* CVE-2018-8468

Revision Information:
=====================

- CVE-2018-8421 | .NET Framework Remote Code Execution
Vulnerability...

Microsoft Security Update Summary for September 11, 2018 Microsoft (Sep 11)
********************************************************************
Microsoft Security Update Summary for September 11, 2018
Issued: September 11, 2018
********************************************************************

This summary lists security updates released for September 11, 2018.

Complete information for the September 2018 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>....

Microsoft Security Update Releases Microsoft (Sep 11)
********************************************************************
Title: Microsoft Security Update Releases
Issued: September 11, 2018
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment:

* CVE-2018-8154

Revision Information:
=====================

- CVE-2018-8154 | Microsoft Exchange Memory Corruption
Vulnerability
-...

Microsoft Security Advisory Notification Microsoft (Sep 11)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 11, 2018
********************************************************************

Security Advisories Released or Updated on September 11, 2018
===================================================================

* Microsoft Security Advisory ADV180002

- Title: Guidance to mitigate speculative execution...

Microsoft Security Advisory Notification Microsoft (Aug 24)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: August 24, 2018
********************************************************************

Security Advisories Released or Updated on August 24, 2018
===================================================================

* Microsoft Security Advisory ADV180018

- Title: Microsoft guidance to mitigate L1TF variant
-...

Microsoft Security Update Releases Microsoft (Aug 21)
********************************************************************
Title: Microsoft Security Update Releases
Issued: August 21, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2018-8273

Revision Information:
=====================

- CVE-2018-8273 | Microsoft SQL Server Remote Code Execution
Vulnerability
-...

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

Verizon: 1.5M of Contact Records Stolen, Now on Sale Jeffrey Walton (Mar 26)
http://www.mobipicker.com/verizon-1-5m-contact-records-stolen-now-sale/:

A business to business telecommunication giant,
Verizon Enterprise Solutions, a Basking Ridge,
New Jersey-based company, has been the latest
victim of a cyber crime that stole 1.5 million contact
records of the customers of Verizon...

I don't quite understand this double talk. Could someone explain to me:

A spokesperson from Verizon said that...

Statement on Lavabit Citation in Apple Case Jeffrey Walton (Mar 16)
(From John Young on another list):
http://www.facebook.com/KingLadar/posts/10156714933135038

As many of you already know, the government cited the Lavabit case in
a footnote. The problem is their description insinuates a precedent
that was never created. Obviously I was somewhat disturbed by their
misrepresentation. So I decided to draft a statement. And keep in
mind, these are the same people who say "trust us." Click continue to
read...

The NSA's back door has given every US secret to our enemies Jeffrey Walton (Feb 29)
http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2

Deng Xiaoping, in 1979 - his second year as supreme leader of China -
perceived a fundamental truth that has yet to be fully grasped by most
Western leaders: Software, if properly weaponized, could be far more
destructive than any nuclear arsenal.

Under Deng’s leadership, China began one of the most ambitious and
sophisticated meta- software...

Can Spies Break Apple Crypto? Jeffrey Walton (Feb 27)
Here's an interesting exchange between Cryptome and Michael Froomkin,
Law Professor at University of Miami, on the All Writs Act
(http://cryptome.org/2016/02/can-spies-break-apple-crypto.htm):

-----

A. Michael Froomkin:

The factual posture in the key Supreme Court precedent, New York
Telephone, involved a situation where only the subject of the order
was capable of providing the assistance at issue. This is the basis
for Apple's...

The FBI's iPhone Problem: Tactical vs. Strategic Thinking Jeffrey Walton (Feb 23)
http://www.technewsworld.com/story/83130.html

I'm an ex-sheriff, and I've been in and out of security jobs for much
of my life, so I've got some familiarity with the issues underlying
the drama between the FBI and Apple. FBI officials -- and likely those
in every other three-letter agency and their counterparts all over the
world -- would like an easier way to do their jobs. Wouldn't we all?

If they could put cameras in...

Wanted: Cryptography Products for Worldwide Survey Jeffrey Walton (Jan 01)
(http://www.schneier.com/crypto-gram/archives/2015/1215.html):

In 1999, Lance Hoffman, David Balenson, and others published a survey
of non-US cryptographic products. The point of the survey was to
illustrate that there was a robust international market in these
products, and that US-only export restrictions on strong encryption
did nothing to prevent its adoption and everything to disadvantage US
corporations. This was an important contribution...

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

[CVE-2018-16471] Possible XSS vulnerability in Rack Aaron Patterson (Nov 05)
There is a possible vulnerability in Rack. This vulnerability has been
assigned the CVE identifier CVE-2018-16471.

Versions Affected: All.
Not affected: None.
Fixed Versions: 2.0.6, 1.6.11

Impact
------
There is a possible XSS vulnerability in Rack. Carefully crafted requests can
impact the data returned by the `scheme` method on `Rack::Request`.
Applications that expect the scheme to be limited to "http" or...

[CVE-2018-16470] Possible DoS vulnerability in Rack Aaron Patterson (Nov 05)
There is a possible DoS vulnerability in the multipart parser in Rack. This
vulnerability has been assigned the CVE identifier CVE-2018-16470.

Versions Affected: 2.0.4, 2.0.5
Not affected: <= 2.0.3
Fixed Versions: 2.0.6

Impact
------
There is a possible DoS vulnerability in the multipart parser in Rack.
Carefully crafted requests can cause the multipart parser to enter a
pathological state, causing the parser to use CPU resources...

Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Billy Brumley (Nov 02)
It's a fair comment.

I've been doing SCA a while now; L1 dcache timings (SMT), L1 icache
timings (SMT), remote timings, bug attacks, Flush+Reload, etc. Outside
of bug attacks (which are deterministic), this is the most
reproducible vector I've ever seen. I feel like that's one reason
holding back disabling SMT, because they are not trivial to reproduce.

If you have the setup I described:...

Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Solar Designer (Nov 02)
Hi BBB,

I think your work is top-notch and much needed. Thank you!

I'm surprised this specific side-channel wasn't(?) explored in academic
papers before. I had suggested it should be:

https://www.openwall.com/lists/oss-security/2015/08/12/8

"Yet another thing to target, and one I considered
and briefly played with on P4 with HT in 2005 when I saw Colin
Percival's paper, would be utilization of different execution units...

CVE-2018-18439, CVE-2018-18440 - U-Boot verified boot bypass vulnerabilities Andrea Barisani (Nov 02)
Security advisory: U-Boot verified boot bypass
==============================================

The Universal Boot Loader - U-Boot [1] verified boot feature allows
cryptographic authentication of signed kernel images, before their execution.

This feature is essential in maintaining a full chain of trust on systems which
are secure booted by means of an hardware anchor.

Multiple techniques have been identified that allow to execute arbitrary...

CVE-2018-16847 QEMU: nvme: Out-of-bounds r/w buffer access in cmb operations P J P (Nov 02)
Hello,

An OOB heap buffer r/w access issue was found in the NVM Express Controller
emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme devices. A
guest user/process could use this flaw to crash the QEMU process resulting in
DoS or potentially run arbitrary code with privileges of the QEMU process.

Upstream patch:
---------------
-> https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html

This issue was...

CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Billy Brumley (Nov 01)
Howdy Folks,

We recently discovered a new CPU microarchitecture attack vector. The
nature of the leakage is due to execution engine sharing on SMT (e.g.
Hyper-Threading) architectures. More specifically, we detect port
contention to construct a timing side channel to exfiltrate
information from processes running in parallel on the same physical
core. Report is below.

Thanks for reading!

BBB

# Report

We steal an OpenSSL (<= 1.1.0h) P-384...

Icecast 2.4.4 - CVE-2018-18820 - buffer overflow in url-auth Thomas B . Rücker (Nov 01)
We released a new version of Icecast.
It is a security release and we recommend to update all
Icecast installations of versions below 2.4.4 to it.

-   Fix buffer overflows in URL auth code, [CVE-2018-18820]. [#2342]
    * This security issue affects all Icecast servers running version
2.4.0, 2.4.1, 2.4.2 or 2.4.3 if there is a "mount" definition
that enables URL authentication.
    * A malicious client could send...

Xen Security Advisory 278 v2 (CVE-2018-18883) - x86: Nested VT-x usable even when disabled Xen . org security team (Nov 01)
Xen Security Advisory CVE-2018-18883 / XSA-278
version 2

x86: Nested VT-x usable even when disabled

UPDATES IN VERSION 2
====================

CVE assigned.

ISSUE DESCRIPTION
=================

When running HVM guests, virtual extensions are enabled in hardware because
Xen is using them. As a result, a guest can blindly execute the
virtualisation instructions, and will exit to Xen for...

CVE-2018-18849 Qemu: lsi53c895a: OOB msg buffer access leads to DoS P J P (Oct 31)
Hello,

An out of bounds memory access issue was found in the LSI53C895A SCSI Host Bus
Adapter emulation while writing a message in lsi_do_msgin. It could occur
during migration if the 'msg_len' field has an invalid value. A user/process
could use this flaw to crash the Qemu process resulting in DoS.

Upstream patch:
---------------
-> https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg06682.html

This issue was...

Re: Linux 4.19.0-rc3 Bluetooth out-of-bounds-read and use-after-free Greg KH (Oct 31)
security@k.o generally tells all people who submit syzbot reports to
just contact the upstream developers on their mailing list for issues
reported by that tool, as that is what the tool's team does.

And I think we did that for this report as well, but never heard
anything back :(

thanks,

greg k-h

CVE-2018-11759 Apache Tomcat JK (mod_jk) Connector path traversal Mark Thomas (Oct 31)
CVE-2018-11759 Apache Tomcat JK (mod_jk) Connector path traversal

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Apache Tomcat JK mod_jk Connector 1.2.0 to 1.2.44

Description:
The Apache Web Server (httpd) specific code that normalised the
requested path before matching it to the URI-worker map did not handle
some edge cases correctly. If only a sub-set of the URLs supported by
Tomcat were exposed via httpd,...

Re: Re: Travis CI MITM RCE Jakub Wilk (Oct 31)
* Daniel Kahn Gillmor <dkg () fifthhorseman net>, 2018-10-29, 08:52:

Ubuntu Precise and later releases have the import screener backported to
gnupg(2) packages:
https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/1409117

Linux 4.19.0-rc3 Bluetooth out-of-bounds-read and use-after-free Solar Designer (Oct 31)
No message preview for long message of 275396 bytes.

glusterfs: multiple flaws Siddharth Sharma (Oct 31)
Hi,

We were informed about several security flaws affecting glusterfs.
All of the following bugs were reported by Michael Hanselmann (hansmi.ch).

CVE-2018-14651
==============
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929,
CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated
attacker could use one of these flaws to execute arbitrary code, create
arbitrary files, or cause denial of service...

Educause Security Discussion — Securing networks and computers in an academic environment.

Re: DMCA notification question... Baillio, Aaron (Nov 05)
We tend to ignore any requests that don't come through the official channel just because as you stated, there is a
well-documented method on how these are to be processed. You may want to inform your provider of the official channels
and proper reporting. You may also want to validate that it's an actual DMCA violation. They should be able to
forward any requests from any recording agency if they're just passing it on. That...

DMCA notification question... Wallace, Joe (Nov 05)
One of the members of my networking team forwarded a copyright infringement notice to me this morning that was
forwarded to us from our upstream provider, stating there was a site on our network hosting an acestream channel.

My confusion comes in with how I should handle this notice. Since our Institute is registered, and active, as the
Service Provider with copyright.org, all DMCA notifications are to be reported in accordance to the...

Re: HECVAT alternative for On-Prem Vendors Escue, Charles E (Nov 03)
I would echo what Laura said. There are a few areas where we have used the HECVAT-Lite version internally to at least
understand the system's basic operation.

Definitely interested in what others are doing.

Thanks,

Charlie

Charles Escue, CISSP
Extended Information Security Manager
University Information Security Office
Institutional Assurance
cescue () iu edu

On 11/1/18, 09:39, "The EDUCAUSE Security Community Group Listserv...

Fwd: Mark your calendars: SANS Class, March 11-16, 2019 (monthly reminder) randy (Nov 02)
Just wanted to remind you that VT will be offering another SANS class this
coming March so mark your calendars. Details below:

0. INFO: www,cpe.vt.edu/isect
1. WHAT: SEC 555 SIEM with Tactical Analytics
2. WHERE: VA Tech, Blacksburg, VA. Simulcast option available
3. *WHEN: 3/11-16/2019*
4. COST: EDU (K-12, Community College, 4yr Higher Education, state.local
govt)
a. Early Bird (before 2/25/19) Class +GIAC - $3499/person, Class only:
$2250...

NCSAM 2018 Highlights Valerie Vogel (Nov 01)
As the 15th anniversary of National Cybersecurity Awareness Month (NCSAM) wraps up, we would like to thank the higher
education community another amazingly successful celebration! Colleges and universities continue to offer fun, creative
activities and events for students, faculty, staff, and their local communities. Here are just a few highlights.

* NCSAM Champions: Over 260 higher education institutions showed their support as official...

Summary Report :: Dorkbot Service [OCT 2018-10] Cam Beasley (Nov 01)
howdy all —

i wanted to share high level stats from the Dorkbot service for the past month.
Dorkbot subscribers include 70% of all R1 campuses along with several other campuses across 5 continents.

[month = October 2018]

total campuses subscribed = 563 (+13 campuses compared to previous month)

——————
verified XSS vulnerable pages = 1,861 (+124% compared to previous month)
verified SQLi vulnerable pages = 221 (+225% compared to...

Re: HECVAT alternative for On-Prem Vendors Laura Raderman (Nov 01)
There’s nothing specifically for on-prem, but you could just look at a subset of the existing questions to apply to
on-prem.

Laura

Laura Raderman
ISO Policy & Compliance Coordinator
Carnegie Mellon University
lraderman () cmu edu

HECVAT alternative for On-Prem Vendors Tyler Newell (Nov 01)
Community,

We started using the HECVAT for cloud vendor assessments a little more than a year ago and have been very happy with it
especially when a vendor has already filled one out so we aren't waiting to receive it back.

That said, we've had contract expirations for some of our on-premise vendors and wanted to run them through a similar
process to properly assess their product(s). I wasn't able to find a standardized...

Security Operations Center Manager Opportunity Gomez, Joshua (Oct 31)
Hello Security Group,

SNHU in Manchester, NH is looking to hire a new Security Operations Center Manager to join our Information Security
team. To apply or get more information about the job, please visit the link below

https://snhu.wd5.myworkdayjobs.com/en-US/External_Career_Site/job/Manchester-NH---Elm-Street/Security-Operations-Center-Manager_R0003549

Joshua Gomez | Consultant, Information Security
Information Technology Solutions...

New analyst position at UCSD Corn, Michael (Oct 31)
Hello everyone,

We've just opened a new position at UCSD - a security analyst that will support our risk and compliance efforts. It'll
take someone with good technical skills since it'll not just measure compliance with things like PCI and CUI but help
build it. You can review the job description here

https://jobs.ucsd.edu/bulletin/job.aspx?jobnum_in=96517

Feel free to reach out to me with questions or to discuss the...

Job Posting: Cyber Systems Academic Chair & Asst Prof Angela K. Hollman (Oct 31)
Is this an appropriate forum to post an academic position announcement for a Cyber Systems department chair and also an
Assistant Professor opening? If not, please disregard. If yes, I can send a link to those interested.

Sincerely,

———————————
Angela K. Hollman, PhD
Cyber Systems
University of Nebraska at Kearney
(308) 865-8718
unk.edu/csit<http://unk.edu/csit>
@degreeinnetwork

Hello security@,

REN-ISAC is...

Job Posting: REN-ISAC Lead Security Engineer Doug Pearson (Oct 31)
Hello security@,

REN-ISAC is seeking a talented and motivated person to join our team:

Lead Security Engineer
https://iujobs.peopleadmin.com/postings/68713

This technical position provides a unique, interesting, and rewarding opportunity to work among a global community of
peers and to make a difference at that scale.

"Lead" is the job level, in REN-ISAC parlance, above "senior" and below "principal".

A...

Re: O365 A1 and OneDrive Baillio, Aaron (Oct 31)
Unfortunately no. We don't have any DLP on the endpoints. That's kind of why we favor the cloud just because we have
more visibility and control there.

Aaron

From: The EDUCAUSE Security Community Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Patricia
Malek
Sent: Wednesday, October 31, 2018 9:26 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] O365 A1 and OneDrive

Aaron,

Your matrix is...

Re: O365 A1 and OneDrive David D Grisham (Oct 31)
I didn't see an answer to Michael Schalip's post about anyone moving to O365 & OneDrive in a Health Science Center.
Further, if you have a hospital or hospital system that will be in the same network as the Health Science Center did
you include the healthcare components or just education and research?
We are concerned about securing the healthcare component's email systems.
Cheers.-grish David Grisham
David Grisham, PhD,...

Re: [External]Re: [SECURITY] O365 A1 and OneDrive McHugh, Susan (Oct 31)
Hi,
Just because we are sort of talking about this...I was wondering if anyone has any "rules" or policies regarding
sending PII to internal staff. When we had an exchange platform, everything stayed within our network and would email
PII internally, since we moved to O365 I told them no. What are you doing about emailing PII to internal staff?

____________________
Susan McHugh
Chief Information Officer
Mount Wachusett Community...

Internet Issues and Infrastructure

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

Re: China ’s Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom’ s BGP Hijacking Tore Anderson (Nov 05)
* Harley H

Hi,

I looked a bit into the Scandinavia to Japan claim last week for a Norwegian
journalist, who obviously found this rather sensational claim very intriguing.
The article (Norwegian, but Google Translate does a decent job) is found at
https://www.digi.no/artikler/internettrafikk-fra-norge-og-sverige-ble-kapret-og-omdirigert-til-kina/449797?key=vS1EOiG1
in case you're interested.

happened was that SK Broadband (AS9318) was...

Re: Super typhoon Yutu strikes U.S. territories of Guam and CNMI Sean Donelan (Nov 04)
1 confirmed fatality (unchanged)

The island of Rota (relatively small) has all services restored.

Ssipsn (the largest) and Tinian still have service outages.

Saipan:
6 of 9 power feeders offline; 29 generators installed
12 of 19 gas stations operational; 3 on line power
Cellular service is 61% operational (37 of 60 towers operating)
cell service remains intermittent
Exchange office operating with 96 of backup power, inter-island...

Re: Brocade SLX Internet Edge Adam Rothschild (Nov 02)
I have no horse in this race, however one need only look at the NYIIX
outages list to see how well the Brocade/Extreme SLX platform works on
at-scale service provider networks...

Weekly Routing Table Report Routing Analysis Role Account (Nov 02)
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.

The posting is sent to APOPS, NANOG, AfNOG, SANOG, PacNOG, SAFNOG
TZNOG, MENOG, BJNOG, SDNOG, CMNOG, LACNOG and the RIPE Routing WG.

Daily listings are sent to bgp-stats () lists apnic net

For historical data, please see http://thyme.rand.apnic.net.

If you have any comments please contact Philip Smith <pfsinoz...

FCC Broadband advisory working group in disaster response and recovery Sean Donelan (Nov 01)
The FCC has announced the members of the Broadband Deployment Advisory
Committee working group on disaster response and recovery.

Chair:
Red Grasso, FirstNet State Point of Contact
North Carolina Department of Information Technology

Vice-Chair:
Jonathan Adelstein, President & Chief Executive Officer*
Wireless Infrastructure Association

Members:
Andrew Afflerbach, Chief Executive Officer and Director of Engineering,
CTC Technology and...

Re: Brocade SLX Internet Edge Blake Hudson (Nov 01)
Chris Welti wrote on 11/1/2018 10:03 AM:

I love the nitty gritty detail in this author's post and I'm glad he
concludes by stating clearly that while the base card (spec sheet says:
"On-chip tables for 256K IPv4 or 64K IPv6 routes" and "On-chip tables
for 786K IPv4 host routes, MAC, and labels") can actually hold a full
BGP table today when configured appropriately, Cisco still recommends
the scale cards for...

Re: Brocade SLX Internet Edge Mike Hammett (Nov 01)
Some of it is Extreme, some of it is Arris.

The only issue I've had with anything Brocade\Foundry is lack of features in older platforms. They've always been solid
for me.

-----
Mike Hammett
Intelligent Computing Solutions

Midwest Internet Exchange

The Brothers WISP

----- Original Message -----

From: "Daniel Corbe" <dcorbe () hammerfiber com>
To: "Julien Goodwin" <nanog () studio442 com au>...

Re: Brocade SLX Internet Edge Chris Welti (Nov 01)
Nicolas Fevrier has a very detailed blog post on how Cisco handles the prefixes on their Broadcom Jericho based NCS
5500 gear.
https://xrdocs.io/cloud-scale-networking/tutorials/2017-08-03-understanding-ncs5500-resources-s01e02/

I'm pretty sure the principle is more or less the same for the Jericho based platforms on Arista and Extreme.

Best regards,
Chris

Re: Brocade SLX Internet Edge Saku Ytti (Nov 01)
Hey,

They all do in principle the same thing. There are memories for
longest path lookup and memories for exact lookup. I believe the trick
is to put specific prefix size, like /24 to exact lookup table,
relieving the LPM table stress greatly. Then in parallel ask both, and
take more specific result.

There are variation to this, like having multiple separate exact match
tables, and populating each with different prefix size, and so forth....

Re: Brocade SLX Internet Edge Colton Conor (Nov 01)
I think Extreme is doing the same thing with their Extreme OptiScale™ that
Arista is doing with their Arista FlexRoute™ and EOS NetDB™. They are both
using Broadcom Jericho /Qurman with extenal TCAM, but still has a hardware
limitiation on route table size. Then in software they filer right?

Question is who has a better solution Arista or Extreme for this?

Also, the question is can any whitebox vendors do the same thing, with the
same...

RE: Brocade SLX Internet Edge Kevin Burke (Nov 01)
Thanks for everyone who responded on and off list.

As a small company that is happy to still be in business the pricing is too good to ignore. A "gently used" ASR-9006
is something like $45k for one plus a shelf spare. A brand new SLX 9540 is something like $30k for one plus a shelf
spare.

There were some common things. Software is behind where we would like. The occasional bug like that SSH one. Also
there are some relatively...

Re: Brocade SLX Internet Edge Jörg Kost (Nov 01)
Hi,

I do have some 9540s near exchange points, but they are not 100%
productive right now, basically waiting for the next software release
this month and a maintenance window. In my eyes the device is filling
the gap between the CES/CER series and the MLX/SLX9850. It will be also
interesting where Bro<H><H><H> Extreme is going to position the new,
bigger (?) brother 9640 next year.

Our 9540s take full feeds right now...

Re: Brocade SLX Internet Edge Daniel Corbe (Oct 31)
I’m just going to echo what a few others have been saying. Brocade (now
Extreme) have come a long way since the Foundry days; and the SLX isn’t
based on the old Netiron code. The platform is a completely different
animal.

I’ve been a happy Brocade customer for a while now.

Re: Brocade SLX Internet Edge Julien Goodwin (Oct 31)
Yep, they fixed backspace via SSH (at least for MLX) a few years ago.
Sad that they didn't fix the console ports at the same time.

Re: Brocade SLX Internet Edge Brandon Martin (Oct 31)
Works fine for me using OpenSSH in most Linux-y terminal emulators
(Konsole, Linux console, Gnome terminal). I didn't do any special
configuration.

Now, over serial, enjoy your ctrl-H unless you do some remapping.

I've never had any real problems with the hardware. The software can
leave something to be desired especially on the old Foundry stuff that
can't run the modern software, but if you just want it to push packets...

Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

Risks Digest 30.90 RISKS List Owner (Nov 01)
RISKS-LIST: Risks-Forum Digest Thursday 2 November 2018 Volume 30 : Issue 90

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.90>
The current issue can also...

(no subject) RISKS List Owner (Oct 30)
23-Oct-2018 21:40:01-GMT,18244;000000000000
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
precedence: bulk
Subject: Risks Digest 30.89

RISKS-LIST: Risks-Forum Digest Tuesday 30 October 2018 Volume 30 : Issue 89

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information,...

(no subject) RISKS List Owner (Oct 23)
20-Oct-2018 0:23:38-GMT,165138;000000000004
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
precedence: bulk
Subject: Risks Digest 30.88

RISKS-LIST: Risks-Forum Digest Tuesday 23 October 2018 Volume 30 : Issue 88

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further...

Risks Digest 30.87 RISKS List Owner (Oct 19)
RISKS-LIST: Risks-Forum Digest Friday 19 October 2018 Volume 30 : Issue 87

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.87>
The current issue can also be...

Risks Digest 30.86 RISKS List Owner (Oct 11)
RISKS-LIST: Risks-Forum Digest Thursday 11 October 2018 Volume 30 : Issue 86

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.86>
The current issue can also...

Risks Digest 30.85 RISKS List Owner (Oct 02)
RISKS-LIST: Risks-Forum Digest Tuesday 2 October 2018 Volume 30 : Issue 85

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.85>
The current issue can also be...

Risks Digest 30.84 RISKS List Owner (Sep 28)
RISKS-LIST: Risks-Forum Digest Friday 28 September 2018 Volume 30 : Issue 84

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.84>
The current issue can also...

Risks Digest 30.83 RISKS List Owner (Sep 13)
RISKS-LIST: Risks-Forum Digest Thursday 13 September 2018 Volume 30 : Issue 83

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.83>
The current issue can also...

Risks Digest 30.82 RISKS List Owner (Sep 04)
RISKS-LIST: Risks-Forum Digest Tuesday 4 September 2018 Volume 30 : Issue 82

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.82>
The current issue can also...

Risks Digest 30.81 RISKS List Owner (Aug 25)
RISKS-LIST: Risks-Forum Digest Saturday 25 August 2018 Volume 30 : Issue 81

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.81>
The current issue can also be...

Risks Digest 30.80 RISKS List Owner (Aug 18)
RISKS-LIST: Risks-Forum Digest Saturday 18 August 2018 Volume 30 : Issue 80

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.80>
The current issue can also be...

Risks Digest 30.79 RISKS List Owner (Aug 08)
RISKS-LIST: Risks-Forum Digest Wednesday 8 August 2018 Volume 30 : Issue 79

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.79>
The current issue can also be...

Risks Digest 30.78 RISKS List Owner (Aug 01)
RISKS-LIST: Risks-Forum Digest Wednesday 1 August 2018 Volume 30 : Issue 78

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.78>
The current issue can also be...

Risks Digest 30.77 RISKS List Owner (Jul 30)
RISKS-LIST: Risks-Forum Digest Monday 30 July 2018 Volume 30 : Issue 77

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.77>
The current issue can also be...

Risks Digest 30.76 RISKS List Owner (Jul 20)
RISKS-LIST: Risks-Forum Digest Friday 20 July 2018 Volume 30 : Issue 76

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.76>
The current issue can also be...

BreachExchange — BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.

Open Source Tool Development

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

Re: joincap: Merge multiple pcap files together, gracefully Assaf (Nov 04)
Because it is slower (multple passes), needs more steps and harder to
automate ☺

Re: joincap: Merge multiple pcap files together, gracefully phreakocious (Nov 03)
If starting from the beginning is your problem when you run into one of
these situations (which should be handled as suggested above) .. Why not
divide things up into smaller groups and then join the final products?
This way, you only have to merge a smaller set if you run into a problem.
In many cases, 'capinfos -A' is enough to show a problem in a pcap.
Another option would be to do something like a 'tcpdump -qnr' to just...

Re: joincap: Merge multiple pcap files together, gracefully Assaf (Nov 03)
You are correct. I still prefer it my way.
This helped me tremendously, and the more common "error" for me is getting
a damaged pcap files rather than mistyping the command.

Re: Question Jaap Keuter (Nov 02)
Hi,

You could try, but what kind of analysis were you seeking?

Re: joincap: Merge multiple pcap files together, gracefully Guy Harris (Nov 02)
If the user mistyped the pathname of a file, it only saves them time if the contents of the file whose pathname they
typed didn't need to be in the resulting file. If they *did* expect that file's packets to be in the file, they end up
with a file that doesn't contain what they think it did....

Re: joincap: Merge multiple pcap files together, gracefully Assaf (Nov 02)
Thanks for your comments and feedback. It means a lot to me. :-)

You are right, It's a matter of preference.

merge job, so I made joincap deal with it silently.

Usually if an input file doesn't exists (2) or is a directory (3) the user
can't do anything to fix this other then fixing the command line, so
joincap just ignores it and saves the user some time.
And if an input file is damaged (1), the user will probably want to fix...

Question Jeff Childs (Nov 01)
Can I submit a capture file for analysis ?

Re: Bug 2.6.4 mac Maynard, Chris (Oct 30)
The best place to report a Wireshark bug is at https://bugs.wireshark.org/bugzilla/ so it can be better tracked,
although you might want to search the bug list first to see if it’s already been reported.
- Chris

From: Wireshark-dev [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Paul D
Sent: Tuesday, October 30, 2018 11:01 AM
To: wireshark-dev () wireshark org
Subject: [Wireshark-dev] Bug 2.6.4 mac

Open large capture which takes...

Bug 2.6.4 mac Paul D (Oct 30)
Open large capture which takes wireshark a few seconds to parse, and which
contains SIP + RTP (concatenate a local capture with a small example sip
capture from the web somewhere if need be) e.g.
https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=SIP_CALL_RTP_G711

Go to telephony voip calls.

Press play streams, cancel (or escape), play streams again (while wireshark
is still reparsing the capture file) and crash....

Re: Anyone at the Hotel? Richard Sharpe (Oct 28)
See you in the morning at breakfast.

What time do people normally get to breakfast?

Re: Anyone at the Hotel? Pascal Quantin (Oct 28)
Hi Richard,
We are out of the restaurant, heading back to the hotel.

Le dim. 28 oct. 2018 à 21:32, Richard Sharpe <realrichardsharpe () gmail com>
a écrit :

Anyone at the Hotel? Richard Sharpe (Oct 28)
Hi folks,

Who is at the hotel already?

Anyone not had dinner yet?

A Wireshark dissector generator for both C and Lua Richard Sharpe (Oct 27)
Hi folks,

I have updated my dissector generator and it can now generate
dissectors in C and Lua.

I also now include a jar file of all the class files so you do not
have to build the dissector generator, you can simply type:

java -jar WiresharkGenerator.jar -l some-proto-file

and it will spit out a Lua dissector for your protocol.

You do need to install the Antlr4 runtime, however.

You can find it at:...

Decrypt encrypted eapol key data (in 802.11 4-way handshake) Mikael Kanstrup (Oct 25)
Hi,

I'm analyzing a couple of wireless sniffer logs and trying to dig into the
key exchange messages passed during the 4-way handshake process.
Specifically I need to decrypt the encrypted key data field of message 3/4.

Can this be done already with Wireshark? If not supported I'm thinking
Wireshark might already internally decrypt this field to get the GTK and
verify PTK. With slight modification I can perhaps get this printed to the...

Re: How do I use wireshark to investigate Snort IDS alert "A Network Trojan was Detected"? Turritopsis Dohrnii Teo En Ming (Oct 24)
Good afternoon from Singapore Hugo,

Thank you for the insight.

Yes, I have tried to look into the software firewall logs in my Windows client operating system but unfortunately my
software firewall did not record much information. I might need to re-configure firewall logging in my software
firewall or choose another software firewall altogether. Which software firewall for Windows would you recommend? My
requirement is to log everything.

I...

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

Re: Multiple signatures 017 Marcos Rodriguez (Nov 05)
Hi Yaser,

Thanks so much for the latest batch of goodness. We'd appreciate any
pcaps, etc you'd be willing to share! Thanks again!

Generic ICMP event rule Sam Johnson (Nov 05)
Hello all,

Trying to disable the generic ICMP event rule but having some trouble with it. For clarification it's this rule:

[**] [1:10000001:1] Snort Alert [1:10000001:1] [**] [Classification: Generic ICMP event]

I added the 1:10000001 (and even the 1:10000001:1 - not sure which one it is) to the disablesid.conf file for pulled
pork. Ran pulled pork, yet it's still firing. I don't see that ID in snort.rules or in the...

Multiple signatures 017 Y M via Snort-sigs (Nov 05)
Hi,

You folks beat me to the octopus sigs! Pcaps and Yara/ClamAV signatures for the majority of the cases below are
available.

Have a good week!
YM

# --------------------
# Date: 2018-10-27
# Title: New TeleBots backdoor: First evidence linking Industroyer to NotPetya
# Reference: Triage from: https://www.welivesecurity.com/2018/10/11/new-telebots-backdoor-linking-industroyer-notpetya/
# Tests: syntax only
# Yara:
# -...

Re: [SUSPICIOUS] Re: Snort3: binder and wizard inspectors Carter Waxman (cwaxman) via Snort-users (Nov 05)
The full list for your install can be found with:

snort --plugin-path=/usr/local/lib/snort/ --help-plugins | grep ^inspector

Replace /usr/local/lib/snort with the install paths you have and note that --plugin-path must come before
--help-plugins.

-Carter
From: Snort-users <snort-users-bounces () lists snort org> on behalf of Meridoff via Snort-users <Snort-users () lists
snort org>
Reply-To: Meridoff <oagvozd () gmail com>...

Re: I think snort is not listening Focas Kandulo via Snort-users (Nov 05)
Thanks for the tip!

Em seg, 5 de nov de 2018 às 15:03, Al Lewis (allewi) <allewi () cisco com>
escreveu:

Re: I think snort is not listening Al Lewis (allewi) via Snort-users (Nov 05)
Hello,

Snort will either need to be inline or have the traffic spanned from your network to it somehow.

Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
Cisco Systems Inc.
Email: allewi () cisco com<mailto:allewi () cisco com>

From: Snort-users <snort-users-bounces () lists snort org> on behalf of Focas Kandulo via Snort-users <Snort-users ()
lists snort org>
Reply-To: Focas Kandulo <focaskandulo () gmail com>
Date: Monday,...

I think snort is not listening Focas Kandulo via Snort-users (Nov 05)

Re: Snort3: binder and wizard inspectors Meridoff via Snort-users (Nov 03)
Thanks a lot ! Many things became more clear.

And final question is : where I can get supported services (their names)
and/or services names supoorted for each inspector ?
I can look into snort.lua/defaults.lua files but may be exists other way.
Their names almost always identical, but some differs: 'ftp_server'
inspector and 'ftp' service and some others..

вс, 4 нояб. 2018 г. в 1:36, Russ via Snort-users <...

Comodo Firewall, Comodo Dragon, svchost.exe and MS Office 2016 Triggering Snort IDS Alerts "A Network Trojan was Detected" Turritopsis Dohrnii Teo En Ming (Nov 03)
Good morning from Singapore,

Thank you Wei Chea for recommending sysmon and osquery to me.

I have finally been able to pinpoint which Windows processes are triggering Snort Intrusion Detection System (IDS)
alerts "A Network Trojan was detected".

These Windows processes are: Comodo Firewall 10 cmdagent.exe, Comodo Dragon web browser Updater, svchost.exe and
Microsoft Office 2016 Click-to-Run.

I shall reproduce all the 65 Sysmon...

Re: Snort3: binder and wizard inspectors Russ via Snort-users (Nov 03)
See below.
Russ

Binder has first match wins logic for each of the things it looks for
(stream inspector, service inspector, policy). Wizard searches for all
matches in parallel, with first match wins at any given step.

Yes.

You can't define services in the binder rules, you can only use existing
services.

Same thing. You can define match criteria for a service, but it only
helps if an inspector supports that service....

Re: Snort 3 netmap cant access gateway on FREEBSD Russ via Snort-devel (Nov 03)
The stats are showing that Snort passed 16 packets and they were all
ARP. See the other response from Michael. The problem is with your
network, not Snort or DAQ. Think of your FreeBSD Snort system as a
bump-in-the-wire.

Re: Snort 3 netmap cant access gateway on FREEBSD yunus . can (Nov 03)
--------------------------------------------------
o")~ Snort++ 3.0.0-247
--------------------------------------------------
Loading /usr/local/snort/etc/snort/snort.lua:
ssh
pop
binder
stream_tcp
gtp_inspect
dce_http_proxy
stream_icmp
normalizer
ftp_server
stream_udp
search_engine
dce_smb
file_log
daq
ips...

Snort3: binder and wizard inspectors Meridoff via Snort-users (Nov 02)
Hello, it's very brief info in manual about using wizard and binder.

I have some questions concerning the most common use of them.

1. Binder and wizard has "first match wins" logic in their config ?

2. In binder we have "when" table - the match logic and "use" table - what
to do if match occure. Are the keys in when{} have AND logic? (e.g.:
when.ports and when.nets etc.. must match togather if specified)...

Re: Snort 3 netmap cant access gateway on FREEBSD Michael Altizer via Snort-devel (Nov 02)
Re-reading your earlier email, it looks like you're trying to run this
inline on some interfaces attached to different subnets, even with IPs
on them. Don't do that, netmap bridging is L2 and not designed for that.

Re: Snort 3 netmap cant access gateway on FREEBSD Michael Altizer via Snort-devel (Nov 02)
For reference, I just tested on FreeBSD 11.2 with LibDAQ 2.2.2 and the
latest Snort3 code and it's working fine here. Conveniently, you don't
even have to recompile the kernel anymore since I first wrote those
instructions - netmap is built in and working.

Steps (my two interfaces being bridged in inline mode are em0 and em1, I
installed things into /root/install/...):
1. Build and install libdaq 2.2.2
2. Build and install snort3...

More Lists

Related Resources

We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.