SecLists.Org Security Mailing List Archive

Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:

Insecure.Org Lists

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

zenmap crash in Fedora 34 louzaoh (Apr 22)
This is the message I've got:

➜ zenmap
File "/usr/bin/zenmap", line 114
except ImportError, e:
^
SyntaxError: invalid syntax

➜ rpm -qa zenmap\*
zenmap-7.91-1.noarch

Regards.,

Nmap Bug in payload.cc: corrupted UDP packets during -sU scan mzet via dev (Apr 02)
Hi List,

It was observed that UDP packets that are sent during an UDP port scanning (-sU) are corrupted.

Background:

To make UDP scanning more effective, for many services (ports) Nmap takes content of UDP packets from nmap-payloads
file. Logic for handling this is implemented in payload.cc source file.

Issue:

Due to subtle implementation issue (introduced in...

[NSE] Hex digits in URL encoding should be upper-case nnposter (Apr 01)
For visibility to the broad Nmap community:

I have created issue #2281 to start using upper-case hexadecimal digits
for URL encoding inside NSE. More details at

https://github.com/nmap/nmap/issues/2281

Please leave any comments there.

Cheers,
nnposter

Re: Empty do_ipv4 function in address-info nnposter (Mar 27)
I agree that there is no obvious reason why to have the function there
at all. On the other hand, the script description is pretty clear:

"Shows extra information about IPv6 addresses, such as..."

In other words, there should be no expectation that the script does
anything with IPv4.

Cheers,
nnposter

Empty do_ipv4 function in address-info Toni Ruottu (Mar 27)
Hi!

In the current version of address-info.nse the do_ipv4 function body is
completely empty. Is this a mistake? If it is not a mistake I would at
least expect a comment that explains why the function doesn't do anything.

Cheers, --Toni

PR 2278 - improvement on script ssl-enum-ciphers Sulidi Maimaitiming (Mar 26)
Hi Nmap team,

I have been using the ssl-enum-ciphers script to detect the presence of
weak tls protocols and ciphers and it is a great tool.
However I've noticed many ciphers are rated A for cipher strength (while
they are flagged as weak on SSL Labs for instance), and then I realised
there was a list of warnings aggregated at the port level.
Plus the aggregated output is not always consistent...
I opened a PR on GitHub (...

Re: ssl-enum-ciphers.nse not showing TLS_ECDHE* ciphers nnposter (Mar 20)
<snip>

<snip>>

The script has been updated in r38199. Please see the following comment
for the root cause:

https://github.com/nmap/nmap/issues/1187#issuecomment-803503496

Cheers,
nnposter

Re: Nmap Issue : "kernel: RPC: fragment too large:" Dario Ciccarone (dciccaro) via dev (Mar 16)
https://serverfault.com/questions/652188/nfs-share-problems-rpc-fragment-too-large-xxxxx - second answer on a Google
search for "kernel: RPC: fragment too large:"

With the most absolute respect, and from a professional to another: it would certainly help *immensely* if you could
provide information such as:

* Nmap version and command-line options used
* Operating system, patch level on the host being used to run nmap
*...

Nmap Issue : "kernel: RPC: fragment too large:" PENISSON , TIMOTHÉ (Mar 16)
Hello,
I use Nmap to scan machines and in the logs of some of them, we see this kind of messages appearing in the logs:
"kernel: RPC: fragment too large:".
This message appears globally on all servers scanned by Nmap with an NFS mount.
Is this behavior known by the Nmap community? Is it linked to a specific conf or script?
Is there a workaround to avoid this?

Thanks for your help,

Sincerely,

[Bloc marque]

Timothé PENISSON
MOE...

I keep getting this error every time I try to open the scripting window on windows 10 to input an nse Mike Myers (Mar 16)
Here is the stack trace…

Version: 7.90
Traceback (most recent call last):
File "zenmapGUI\ScriptInterface.pyo", line 261, in script_list_timer_callback
File "zenmapGUI\ScriptInterface.pyo", line 270, in initial_script_list_cb
File "zenmapGUI\ScriptInterface.pyo", line 307, in handle_initial_script_list_output
NameError: global name 'os' is not defined

Thanks for any help. I can use the command...

ssl-enum-ciphers.nse not showing TLS_ECDHE* ciphers Guido van Rooij (Mar 16)
With nmap 7.60, I scanned the host with IP address 3.132.36.206 with the below reesulst:

Starting Nmap 7.60 ( https://nmap.org ) at 2021-03-10 11:06 UTC
Nmap scan report for ec2-3-132-36-206.us-east-2.compute.amazonaws.com (3.132.36.206)
Host is up (0.094s latency).

PORT STATE SERVICE VERSION
443/tcp open ssl/http Golang net/http server (Go-IPFS json-rpc or InfluxDB API)
| ssl-enum-ciphers:
| TLSv1.0:
|...

Microsoft publishes Nmap NSE script for detecting Exchange Server SSRF Vulnerability (CVE-2021-26855) Gordon Fyodor Lyon (Mar 16)
It's kind of awesome to see that MS released an Nmap NSE script last week
for detecting the new Exchange Server SSRF Vulnerability (CVE-2021-26855).
They posted it to their GitHub here:

View:
https://github.com/microsoft/CSS-Exchange/blob/main/Security/src/http-vuln-cve2021-26855.nse
Download:
https://github.com/microsoft/CSS-Exchange/releases/latest/download/http-vuln-cve2021-26855.nse

Cheers,
Fyodor

Re: ncat socks5 client is broken nnposter (Mar 15)
Thank you for identifying the issue and proposing a fix. A slightly
modified code has been committed as r38198.

https://github.com/nmap/nmap/commit/024bbf84f137b6e937f8a702cb0718544e48483a

Cheers,
nnposter

ssl-enum-ciphers.nse not showing TLS_ECDHE* ciphers Guido van Rooij (Mar 12)
With nmap 7.60, I scanned the host with IP address 3.132.36.206 with the below reesulst:

Starting Nmap 7.60 ( https://nmap.org ) at 2021-03-10 11:06 UTC
Nmap scan report for ec2-3-132-36-206.us-east-2.compute.amazonaws.com (3.132.36.206)
Host is up (0.094s latency).

PORT STATE SERVICE VERSION
443/tcp open ssl/http Golang net/http server (Go-IPFS json-rpc or InfluxDB API)
| ssl-enum-ciphers:
| TLSv1.0:
|...

Should NPING continue to return traceroute results once the a final destination has been reached? Chris Swinney (Mar 08)
Hi all,

Running

nping bbc.co.uk -traceroute -tcp -p 443

Will continue to return results and increment outgoing TTL even though the final destination was found. The result
become difficult to read and irrelevant. Should this be the case?

Cheers

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.

Npcap 1.30 Released: Raw WiFi + Better Performance Gordon Fyodor Lyon (Apr 12)
Hi folks. The Nmap Project is pleased to release Npcap Version 1.30 at
https://npcap.org. We hope Nmap and Wireshark users will be especially
happy with the raw WiFi improvements, since you tend to be particularly
savvy about low-level network inspection. It turns out that some of the
issues we thought were caused by lower level hardware drivers were actually
bugs in our driver. Oops! But at least that means we can fix them
ourselves, and we did....

Npcap 1.20 released Gordon Fyodor Lyon (Mar 16)
Nmap/Npcap Community:

I'm happy to report the release of version 1.20 of the Npcap Windows packet
capturing/sending driver! It's the first release of 2021 and includes
better capabilities for selecting timestamp methods as well as many other
improvements and bug fixes. These include updating the underlying libpcap
library to version 1.10 and building our installer now with NSIS 3. More
details on all this are available from the...

Nmap 7.91 Bugfix Release Gordon Fyodor Lyon (Oct 14)
Hello everyone. I'm glad Nmap 7.90 was so well received! There were so
many improvements that the official announcement (
https://seclists.org/nmap-announce/2020/1) was a bit unwieldy. So Daniel
Miller (who made most of those changes) Tweeted his top highlights at
https://twitter.com/bonsaiviking/status/1313247253197393920

While we do work hard to avoid bugs during development and to catch them
pre-release through continuous integration...

Nmap 7.90 Released! First release since August 2019. Gordon Fyodor Lyon (Oct 03)
Hello everyone. Hot on the heels of the big Npcap 1.00 release (
https://seclists.org/nmap-announce/2020/0), we're delighted to announce a
new Nmap--version 7.90! It's the first Nmap release since Defcon 2019, even
though we've made 16 Npcap releases since then. Raw packets are so
fundamental to Nmap that we really wanted to get it right. With the
production-ready and highly performant Npcap 1.00 driver included, we can
finally...

Npcap 1.00 was just released and a new Nmap is on the way! Gordon Fyodor Lyon (Sep 28)
Hello everyone. I hope you are all safe and well during this nasty
pandemic. I obviously haven't been wearing my marketing hat enough given
that this is my first mail to the Nmap Announcement list since last
August's Nmap 7.80 release. But we've been heads-down programming since
then and have great news to report!

The biggest news is that, after more than 7 years of development and 170
previous public releases, we're...

Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

Backdoor.Win32.Agent.afq / Remote Heap Corruption malvuln (Apr 28)
Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/853754de6b8ffbe1321a8c91aab5c232_C.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.afq
Vulnerability: Remote Heap Corruption
Description: The malwares built-in server "UberWWW v. 1.1" listens on TCP
port 8080. Third-party attackers who can reach the infected host can send a
2000 byte HTTP Post...

Backdoor.Win32.Agent.afq / Directory Traversal malvuln (Apr 28)
Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/853754de6b8ffbe1321a8c91aab5c232_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.afq
Vulnerability: Directory Traversal
Description: The malwares built-in server "UberWWW v. 1.1" listens on TCP
port 8080. The server allows third-party attackers to read arbitrary files
outside of its root...

Backdoor.Win32.Agent.afq / Missing Authentication malvuln (Apr 28)
Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/853754de6b8ffbe1321a8c91aab5c232.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.afq
Vulnerability: Missing Authentication
Description: The malwares built-in server "UberWWW v. 1.1" listens on TCP
port 8080. There is no authentication, third-party attackers who can reach
the server can list any...

Trojan-Dropper.Win32.Injector.aobl / Insecure Permissions malvuln (Apr 28)
Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/842f6f21a2a83792e98900df90c9340b.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Dropper.Win32.Injector.aobl
Vulnerability: Insecure Permissions
Description: The malware creates a insecure dir named "winholder" under c:\
drive and grants change (C) permissions to the authenticated user group.
Standard users...

Trojan-Dropper.Win32.Dycler.vrp / Insecure Permissions malvuln (Apr 28)
Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/1d6d6d3c077250b7b3ad053e71054ecc.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Dropper.Win32.Dycler.vrp
Vulnerability: Insecure Permissions
Description: The malware creates an insecure dir named "Drivers" under c:\
drive and grants change (C) permissions to the authenticated user group.
Standard users can...

XSS stored in PFSense 2.5.0 CVE-2021-27933 William Costa (Apr 27)
I. VULNERABILITY
-------------------------
Store XSS Attacks vulnerabilities in PFSense Version 2.5.0
II. BACKGROUND
-------------------------
The pfSense project is a free network firewall distribution, based on the
FreeBSD operating system with a custom kernel and including third party
free software packages for additional functionality. Through this package,
system pfSense software is able to provide most of the functionality of
common...

APPLE-SA-2021-04-26-10 Xcode 12.5 Apple Product Security via Fulldisclosure (Apr 27)
APPLE-SA-2021-04-26-10 Xcode 12.5

Xcode 12.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212320.

Git
Available for: macOS Big Sur 11 and later
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: This issue was addressed with improved checks.
CVE-2021-21300: an anonymous researcher

To check that the Xcode has been updated:

* Select...

APPLE-SA-2021-04-26-9 iTunes 12.11.3 for Windows Apple Product Security via Fulldisclosure (Apr 27)
APPLE-SA-2021-04-26-9 iTunes 12.11.3 for Windows

iTunes 12.11.3 for Windows addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212319.

CFNetwork
Available for: Windows 10 and later
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2021-1857: an...

APPLE-SA-2021-04-26-8 iCloud for Windows 12.3 Apple Product Security via Fulldisclosure (Apr 27)
APPLE-SA-2021-04-26-8 iCloud for Windows 12.3

iCloud for Windows 12.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212321.

CFNetwork
Available for: Windows 10 and later via the Microsoft Store
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A memory initialization issue was addressed with
improved memory handling....

APPLE-SA-2021-04-26-7 Safari 14.1 Apple Product Security via Fulldisclosure (Apr 27)
APPLE-SA-2021-04-26-7 Safari 14.1

Safari 14.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212318.

WebKit
Available for: macOS Catalina and macOS Mojave
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2021-1825: Alex Camboe of Aon’s...

APPLE-SA-2021-04-26-5 watchOS 7.4 Apple Product Security via Fulldisclosure (Apr 27)
APPLE-SA-2021-04-26-5 watchOS 7.4

watchOS 7.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212324.

AppleMobileFileIntegrity
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to bypass Privacy
preferences
Description: An issue in code signature validation was addressed with
improved checks.
CVE-2021-1849: Siguza

Audio
Available...

APPLE-SA-2021-04-26-6 tvOS 14.5 Apple Product Security via Fulldisclosure (Apr 27)
APPLE-SA-2021-04-26-6 tvOS 14.5

tvOS 14.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212323.

AppleMobileFileIntegrity
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to bypass Privacy
preferences
Description: An issue in code signature validation was addressed with
improved checks.
CVE-2021-1849: Siguza

Assets
Available for:...

APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave Apple Product Security via Fulldisclosure (Apr 27)
APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave

Security Update 2021-003 Mojave addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212327.

APFS
Available for: macOS Mojave
Impact: A local user may be able to read arbitrary files
Description: The issue was addressed with improved permissions logic.
CVE-2021-1797: Thomas Tempelmann

Audio
Available for: macOS Mojave...

Worm.Win32.Busan.k / Insecure Communication Protocol malvuln (Apr 27)
Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/bcad7aa6cb6cb9d94377cd88acbca1c9.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Worm.Win32.Busan.k
Vulnerability: Insecure Communication Protocol
Description: Busan.k launches a windows cmd console on the infected host so
that it can send and receive messages back and forth over TCP port 2121.
The worm uses unencrypted...

Virus.Win32.Banka.a / Insecure Permissions malvuln (Apr 27)
Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/6a3329d12323f4920dbf13afe1be6acd.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Virus.Win32.Banka.a
Vulnerability: Insecure Permissions
Description: Banka.a creates an insecure dir named "Anak Bangka Hidden
Folders" under c:\ drive and grants change (C) permissions to the
authenticated user group. The virus also...

Other Excellent Security Lists

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

Plausible. Dave Aitel via Dailydave (Apr 11)
A while back I was chatting with someone at INFILTRATE, over fried
alligator and more alcohol than I probably should have imbibed, and he
said, "We're going to make fuzzing obsolete, because we have more CPUs on
the problem than anyone can reasonably duplicate, and we're going to
exhaust the space".

And it's PLAUSIBLE in a way. I've watched a few of the live streams that
Brandon Falk does, and you can see how like,...

News Roundups! Dave Aitel via Dailydave (Feb 01)
So lately I've been doing little news roundups on the YouTubes....
Yesterday's is here: https://youtu.be/xgiymt_0isY

Neal Stephenson, in his most recent book, *Fall*, had a character that was
an interesting play on the traditional fantasy "giant" in the sense that
she was normal size, but fractally dense. I feel like we are living that
kind of time - in the sense that gravity is really a measure of how much
stuff is happening...

Re: Fully Automated CONOPs Exercise Pukhraj Singh via Dailydave (Jan 28)
Folks like Joe Slowik
<https://www.youtube.com/watch?v=n7XqxRXwFZ4&ab_channel=CYBERWARCON>, Grugq
<https://www.blackhat.com/docs/webcast/12142017-the-triple-a-threat.pdf>and you
<https://cybersecpolitics.blogspot.com/2016/09/the-stern-stewart-summit-germany-and.html>(Dave)
have tried to articulate the CONOPS for worms since long. In their current
forms, worms look like IO packages in full-spectrum missions. Ignoring...

Re: Fully Automated CONOPs Exercise Dave Aitel via Dailydave (Jan 28)
I mean, the goal of the question is to start putting some meat on the idea
of what "harm" is and how that is reflected both from a policy and
technical perspective. But also: It's useful to put some real definitions
around what is required to make people comfortable with fully-automated
techniques.

I don't think the idea that we are going to come up with and enforce norms
is as useful as figuring out what the norms really are...

Re: Fully Automated CONOPs Exercise Dave Dittrich via Dailydave (Jan 28)
Did any of them mention international humanitarian law, specifically
discrimination, respecting territory of neutral ("green") actors and
their infrastructure, and avoiding harm to neutral third parties and
non-combatants? The problem with most worms is the inability to
accurately discriminate targets and resulting harm. This is an area
where technical experts need to be balanced with operators and policy
makers to ensure that...

Fully Automated CONOPs Exercise Dave Aitel via Dailydave (Jan 27)
So one of my new fav questions to ask policy teams is what they would do if
they were told to switch their offensive team entirely to worms. Nothing
else. Just worms. What needs to change to make that happen - from op tempo
to supply chain to personnel to policy and technological investment.

And how would their defensive team need to change strategically if they
were facing such an offensive team.

It's a fun thing to see people wrap their...

"Severely lacking". Dave Aitel via Dailydave (Jan 20)
Recently I read this post from Maddie Stone of Google's Project Zero:
https://googleprojectzero.blogspot.com/2020/07/detection-deficit-year-in-review-of-0.html
. In particular, it has a bolded line of "*As a community, our ability to
detect 0-days being used in the wild is severely lacking to the point that
we can’t draw significant conclusions due to the lack of (and biases in)
the data we have collected.*" which is the most...

[mm4.emwd.com] Please Confirm Your E-mail Address noreply (Jan 07)
Hello from mm4.emwd.com!

You're receiving this e-mail because user SeclistsDD has given yours as an e-mail address to connect their account.

To confirm this is correct, go to
https://lists.aitelfoundation.org/accounts/confirm-email/MzAw:1kxbbR:J_gxtLGlz_7WONRMX9blDLA1rXc/

Thank you from mm4.emwd.com!
mm4.emwd.com

Re: The Lost Decade of Security Metrics Andre Gironda via Dailydave (Jan 05)
MITRE ATK > CVE/CVSS
Enterprise v8 is more granular than ever before for vuln purposes, but
always has been extensive for threat purposes

If you want to express CVEs in maldocs or malware (including webshells) may
I suggest Yara and/or Suricata (maybe shortcuts such as JA3 or JARM if TLS
applies)?
If you want to express CVEs in runtime app infra may I suggest
caldera_pathfinder? e.g., this is heartbleed --...

Re: The Lost Decade of Security Metrics toby via Dailydave (Jan 05)
I don't think you are wrong but your comparison of CVSS and the multiple
(also separately bad) metrics for a WAF isn't effective or accurate.

The values going into CVSS have something in common; they are attempts to
characterize the importance of the vulnerability in question. You are
making (have made before) the claim that the importance of a vulnerability
is too variable and specific to an environment or an attack scenario to be...

Re: The Lost Decade of Security Metrics Chuck McAuley via Dailydave (Jan 05)
Throughput* is perhaps the wrong unit of measure. Most of the time you would be interested in measuring
“requests/second” or “transactions/second”. Aside from say a content ingesting site/repeater
(facebook/twitter/instagram), almost all content for a WAF to handle is inbound, using low amounts of available
bandwidth. The outbound content is rarely inspected by such a device, with the exception of 5xx error or similar
(headers).

A...

The Lost Decade of Security Metrics Dave Aitel via Dailydave (Jan 05)
A thousand years ago I subscribed to the Security Metrics mailing list.
Metrics are important - or rather, I think good decision making is
important, and without metrics your decision making is essentially luck.
But we haven't seen any progress on this in a decade, and I wanted to talk
about the meta-reason why: Oversimplification in the hopes of scaling.

There's a theme in security metrics, a deep Wrong, that the community
cannot...

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

BHIS Sorta Top Used Tools of 2018 John - Black Hills Information Security (Dec 06)
Free Webcast

Hello all,

For our next webcast we will cover some of the core tools we use all the time at Black Hills Information Security.
However, there will be a twist. We will not talk about Nessus, Nmap, or Metasploit. Why? Because there are a ton of new
(and older) tools we use that fall outside of the standard tools you see in every security book/blog out there.

Basically, we are trying to be edgy and different.

You may want to come...

BHIS Webcast - Tues 10/2 @ 11am MDT John Strand - Black Hills Information Security (Sep 26)
Hello All,

In this next webcast I want to cover what I am doing with the BHIS Systems team to create a C2/Implant/Malware test
bed. Testing our C2/malware solutions is important because vendors tend to lie or over-hype their capabilities. I will
cross reference some different malware specimens to the MITRE ATT&CK framework and we will cover how you can use these
techniques to test your defensive solutions at both the endpoint and the...

BHIS Webcast: The PenTest Pyramid of Pain 9/4 - 11am MDT Sierra - Black Hills Information Security (Aug 29)
Hello!

How are you all? We had a fantastic webcast last week with John Strand and Chris Brenton and we're still working
through some unexpected hiccups to get the recording up and posted. The podcast version is on our blog, and the YouTube
version will be posted shortly on the Active Countermeasures channel and blog as well. Thanks for all of you who
ventured over to attend!

Ready for another awesome BHIS webcast? Dakota is back and...

Webcast with CJ: Tues 7/24 at 11am Sierra - Black Hills Information Security (Jul 19)
Our upcoming webcast will be about POLICY...

Did you check out when you heard “policy”? Policy can often seem like a drudgery, but it’s also an important and
potentially overlooked part of business and procedure; it’s the framework on which security is really built!

CJ, our COO and Head of Sales has experience writing, assessing and implementing policies for many different kinds of
companies. And if you are worried it will be dry and...

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

Microsoft Security Update Minor Revisions Microsoft (Dec 11)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: December 11, 2018
********************************************************************

Summary
=======

The following CVE has undergone a minor revision
increment:

* CVE-2018-8172

Revision Information:
=====================

- CVE-2018-8172 | Visual Studio Remote Code Execution
Vulnerability
-...

Microsoft Security Update Minor Revisions Microsoft (Nov 14)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: November 14, 2018
********************************************************************

Summary
=======

The following CVEs and advisory have undergone a minor revision
increment:

* CVE-2018-8454
* CVE-2018-8552
* ADV990001

Revision Information:
=====================

- CVE-2018-8454 | Windows Audio Service...

Microsoft Security Update Minor Revisions Microsoft (Oct 24)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 24, 2018
********************************************************************

Summary
=======

The following CVE has undergone a minor revision increment:

* CVE-2018-8512

Revision Information:
=====================

- CVE-2018-8512 | Microsoft Edge Security Feature Bypass
Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 19)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 19, 2018
********************************************************************

Summary
=======

The following CVE been added to the October 2018 Security updates:

* CVE-2018-8569

Revision Information:
=====================

- CVE-2018-8569 | Yammer Desktop Application Remote Code Execution
Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 17)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 17, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2010-3190

Revision Information:
=====================

- CVE-2010-3190 | MFC Insecure Library Loading Vulnerability
-...

Microsoft Security Update Minor Revisions Microsoft (Oct 09)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 9, 2018
********************************************************************

Summary
=======

The following CVE has undergone a minor revision increment:

* CVE-2018-8531

Revision Information:
=====================

- CVE-2018-8531 | Azure IoT Device Client SDK Memory Corruption
Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 09)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 9, 2018
********************************************************************

Summary
=======

The following CVE been added to the October 2018 Security updates:

* CVE-2018-8292

Revision Information:
=====================

- CVE-2018-8292 | .NET Core Information Disclosure Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 09)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 9, 2018
********************************************************************

Summary
=======

The following bulletin has undergone a major revision increment:

* MS11-025

Revision Information:
=====================

- https://docs.microsoft.com/en-us/security-updates/
SecurityBulletins/2011/ms11-025:...

Microsoft Security Update Summary for October 9, 2018 Microsoft (Oct 09)
********************************************************************
Microsoft Security Update Summary for October 9, 2018
Issued: October 9, 2018
********************************************************************

This summary lists security updates released for October 9, 2018.

Complete information for the October 2018 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>.

Please note the...

Microsoft Security Update Releases Microsoft (Oct 02)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 2, 2018
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment:

* CVE-2018-0952

Revision Information:
=====================

- CVE-2018-0952 | Diagnostic Hub Standard Collector Elevation of
Privilege Vulnerability
-...

Microsoft Security Advisory Notification Microsoft (Sep 12)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 12, 2018
********************************************************************

Security Advisories Released or Updated on September 12, 2018
===================================================================

* Microsoft Security Advisory ADV180022

- Title: Windows Denial of Service Vulnerability
-...

Microsoft Security Update Minor Revisions Microsoft (Sep 12)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: September 12, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a minor revision increment:

* CVE-2018-8421
* CVE-2018-8468

Revision Information:
=====================

- CVE-2018-8421 | .NET Framework Remote Code Execution
Vulnerability...

Microsoft Security Update Summary for September 11, 2018 Microsoft (Sep 11)
********************************************************************
Microsoft Security Update Summary for September 11, 2018
Issued: September 11, 2018
********************************************************************

This summary lists security updates released for September 11, 2018.

Complete information for the September 2018 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>....

Microsoft Security Update Releases Microsoft (Sep 11)
********************************************************************
Title: Microsoft Security Update Releases
Issued: September 11, 2018
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment:

* CVE-2018-8154

Revision Information:
=====================

- CVE-2018-8154 | Microsoft Exchange Memory Corruption
Vulnerability
-...

Microsoft Security Advisory Notification Microsoft (Sep 11)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 11, 2018
********************************************************************

Security Advisories Released or Updated on September 11, 2018
===================================================================

* Microsoft Security Advisory ADV180002

- Title: Guidance to mitigate speculative execution...

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

Verizon: 1.5M of Contact Records Stolen, Now on Sale Jeffrey Walton (Mar 26)
http://www.mobipicker.com/verizon-1-5m-contact-records-stolen-now-sale/:

A business to business telecommunication giant,
Verizon Enterprise Solutions, a Basking Ridge,
New Jersey-based company, has been the latest
victim of a cyber crime that stole 1.5 million contact
records of the customers of Verizon...

I don't quite understand this double talk. Could someone explain to me:

A spokesperson from Verizon said that...

Statement on Lavabit Citation in Apple Case Jeffrey Walton (Mar 16)
(From John Young on another list):
http://www.facebook.com/KingLadar/posts/10156714933135038

As many of you already know, the government cited the Lavabit case in
a footnote. The problem is their description insinuates a precedent
that was never created. Obviously I was somewhat disturbed by their
misrepresentation. So I decided to draft a statement. And keep in
mind, these are the same people who say "trust us." Click continue to
read...

The NSA's back door has given every US secret to our enemies Jeffrey Walton (Feb 29)
http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2

Deng Xiaoping, in 1979 - his second year as supreme leader of China -
perceived a fundamental truth that has yet to be fully grasped by most
Western leaders: Software, if properly weaponized, could be far more
destructive than any nuclear arsenal.

Under Deng’s leadership, China began one of the most ambitious and
sophisticated meta- software...

Can Spies Break Apple Crypto? Jeffrey Walton (Feb 27)
Here's an interesting exchange between Cryptome and Michael Froomkin,
Law Professor at University of Miami, on the All Writs Act
(http://cryptome.org/2016/02/can-spies-break-apple-crypto.htm):

-----

A. Michael Froomkin:

The factual posture in the key Supreme Court precedent, New York
Telephone, involved a situation where only the subject of the order
was capable of providing the assistance at issue. This is the basis
for Apple's...

The FBI's iPhone Problem: Tactical vs. Strategic Thinking Jeffrey Walton (Feb 23)
http://www.technewsworld.com/story/83130.html

I'm an ex-sheriff, and I've been in and out of security jobs for much
of my life, so I've got some familiarity with the issues underlying
the drama between the FBI and Apple. FBI officials -- and likely those
in every other three-letter agency and their counterparts all over the
world -- would like an easier way to do their jobs. Wouldn't we all?

If they could put cameras in...

Wanted: Cryptography Products for Worldwide Survey Jeffrey Walton (Jan 01)
(http://www.schneier.com/crypto-gram/archives/2015/1215.html):

In 1999, Lance Hoffman, David Balenson, and others published a survey
of non-US cryptographic products. The point of the survey was to
illustrate that there was a robust international market in these
products, and that US-only export restrictions on strong encryption
did nothing to prevent its adoption and everything to disadvantage US
corporations. This was an important contribution...

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216) Ariadne Conill (Apr 29)
Hello,

Yeah, we've always built with --disable-isc-spnego, so no problem there.

I wound up just upgrading every branch still supportd to 9.16.15. Seemed
like the easiest way.

Ariadne

Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216) Ondřej Surý (Apr 29)
Hi Ariande,

BIND 9.17.x was using the system SPNEGO since 9.17.2 (I think).

Also for older versions, it should be enough to use --disable-isc-spnego if you can’t patch it (that’s what I am doing
for Debian buster). It just won’t work with Heimdal krb5, but it compiles just fine with MIT krb5.

Cheers,
Ondrej

Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216) Ariadne Conill (Apr 29)
Hello,

These directories only have patches for CVE-2021-25214 and CVE-2021-25215.
A patch for CVE-2021-25216 appears to be missing. In some supported
branches of Alpine, we erroneously followed a development branch of BIND,
so I am trying to determine if there is anything I need to backport to
cover CVE-2021-25216.

Thanks in advance for any advice you can provide on this.

Ariadne

ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216) Michael McNally (Apr 28)
On April 28, 2021, we (Internet Systems Consortium) disclosed three
vulnerabilities affecting our BIND 9 software:

CVE-2021-25214: A broken inbound incremental zone update (IXFR)
can cause named to terminate unexpectedly
https://kb.isc.org/docs/cve-2021-25214

CVE-2021-25215: An assertion check can fail while answering queries for
DNAME records that require the DNAME to be processed to resolve itself...

[CVE-2021-30128] Unsafe deserialization in OFBiz jleroux () apache org (Apr 27)
Severity:
High, possible RCE

Vendor:
The Apache Software Foundation

Versions Affected:
OFBiz versions prior to 17.12.07

Description:
Apache OFBiz has unsafe deserialization prior to 17.12.07 version

Mitigation:
Upgrade to at least 17.12.07
or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12212 & OFBIZ-12221

Credit:
Litch1 from the Security Team of Alibaba Cloud <litch1chk () gmail com>

References:...

[CVE-2021-29200] RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI jleroux () apache org (Apr 27)
Severity:
High, possible RCE

Vendor:
The Apache Software Foundation

Versions Affected:
OFBiz versions prior to 17.12.07

Description:
Apache OFBiz has unsafe deserialization prior to 17.12.07 version
An unauthenticated user can perform a RCE attack

Mitigation:
Upgrade to at least 17.12.07
or apply one of the patches at https://issues.apache.org/jira/browse/OFBIZ-12216

Credit:
r00t4dm at Cloud-Penetrating Arrow Lab <r00t4dm () gmail com>...

CVE-2021-30638: An Information Disclosure due to insufficient input validation exists in Apache Tapestry 5.4.0 and later Thiago H. de Paula Figueiredo (Apr 27)
Description:

Information Exposure vulnerability in context asset handling of Apache
Tapestry allows an attacker to download files inside WEB-INF if using a
specially-constructed URL. This was caused by an incomplete fix for
CVE-2020-13953. This issue affects Apache Tapestry Apache Tapestry 5.4.0
version to Apache Tapestry 5.6.3; Apache Tapestry 5.7.0 version and Apache
Tapestry 5.7.1.

Solution:

For Tapestry 5.4.0 to 5.6.3: upgrade to 5.6.4...

CVE-2021-28125: Apache Superset Open Redirect daniel gaspar (Apr 27)
Description:

Apache Superset up to and including 1.0.1 allowed for the creation of
an external URL that could be malicious. By not checking user input
for open redirects the URL shortener functionality would allow for a
malicious user to create a short URL for a dashboard that could
convince the user to click the link.

Mitigation:

Upgrade to 1.1.0 or above

Credit:

Found and reported by Gianluca Veltri, Dario Castrogiovanni

Reply to: users...

CVE-2020-17517: Apache Ozone: Ozone S3 Gateway allows bucket and key access to non authenticated users Bharat Viswanadham (Apr 26)
Description:

The S3 buckets and keys in a secure Apache Ozone Cluster must be
inaccessible to anonymous access by default. The current security
vulnerability allows access to keys and buckets through a curl command
or an unauthenticated HTTP request. This enables unauthorized access
to buckets and keys thereby exposing data to anonymous clients or
users. This affected Apache Ozone prior to the 1.1.0 release.

Mitigation:

Upgrade to the latest...

virtualbox: CVE-2021-25319: missing sticky bit in openSUSE packaging for /etc/box allows local root exploit for members of vboxusers group Matthias Gerstner (Apr 26)
Hi,

somewhat related to CVE-2021-2264 I noticed an openSUSE specific
security issue in the openSUSE packaging for virtualbox [1]. To enable
the autostart feature in virtualbox as outlined in the upstream manual
[2] our packagers introduced a group 'vboxusers' that is granted write
access to the directory /etc/vbox as the "autostart DB". Contrary to
what the manual says the directory was not packaged with the sticky bit
set,...

virtualbox: CVE-2021-2264: vboxautostart-service.sh allows injection of parameters in 'su' invocation Matthias Gerstner (Apr 26)
Hello,

I recently discovered an issue in the script "vboxautostart-service.sh"
which is distributed by Oracle as part of their virtualbox RPMs [1]. By
default this script is not used but it can be enabled by an
Administrator according to the manual [2].

In the context of the autostart feature a directory "$VBOXAUTOSTART_DB"
(by default /etc/vbox) is used. Local users in the system are granted
write access to this directory....

Re: DNS rebinding vulnerability in npupnp Gabriel Corona (Apr 25)
Le 20/04/2021 à 09:54, Gabriel Corona a écrit :

This is CVE-2021-31718.

Gabriel

Re: kopano-core 11.0.1.77: Remote DoS with out-of-bounds access Robert Scheck (Apr 24)
The affected Zarafa versions are identically to CVE-2021-28994 (verified),
thus all versions since Zarafa 6.30.0 Beta 1 (SVN Rev. 13713) are affected.

Given the crash and error messages in old Zarafa versions look different
than in more recent Zarafa/Kopano versions, here is how it looked for me
when verifying the Zarafa version introducing the flaw:

Pid 1545 caught SIGABRT (6), out of memory or unhandled exception, traceback:
backtrace length:...

Re: Malicious commits to Linux kernel as part of university study Thomas Ward (Apr 24)
Clarification is from 2020. That clarification doesn't address the fact that this is still technically research
misconduct regardless of the clarifications. The Linux Kernel has banned commits from University of Michigan because
of a large volume of noise and useless patch requests among other things. So it still requires a misconduct evaluation.

⁣Get BlueMail for Android

-------- Original Message --------
From: Silas...

Re: Malicious commits to Linux kernel as part of university study Silas (Apr 24)
Hello,

They issued a clarification as well:
https://www-users.cs.umn.edu/~kjlu/papers/clarifications-hc.pdf

- S

Educause Security Discussion — Securing networks and computers in an academic environment.

Opportunity for HBCU's and MSI's to participate in 2021 Four Nations Cybersecurity Virtual Study Tour Brian Kelly (Apr 29)
Good morning,
I’m writing to invite Historically Black Colleges & Universities (HBCU) and Minority Serving Institution (MSI) to
participate in the upcoming CAUDIT<https://www.caudit.edu.au/> Four-Nation Cybersecurity virtual study tour, it will be
in collaboration with
EDUCAUSE<https://www.educause.edu/focus-areas-and-initiatives/policy-and-security/cybersecurity-program> and
REN-ISAC<https://www.ren-isac.net/>, and...

Internet2 Routing Security Webinar Paul Howell (Apr 28)
Internet2 Security Architect Steven Wallace will present Internet2’s routing table reports on Thursday, May 6 from 2-3
p.m. ET. The route table reports provide Internet2 Connectors and campus network operators with information to assist
them in adopting best practices to secure their networks and the global Internet.

The reports highlight any misalignment with MANRS (Mutually Agreed Norms for Route Security) practices. Each route
announced...

CMMC Program Manager Corn, Michael (Apr 27)
Good people,

In support of our CMMC center of excellence we've just opened a position for our CMMC program manager. Feel free to
ping me with any questions, but please share this with anyone who you feel might be interested.
thanks
MC

https://jobs.ucsd.edu/bulletin/job.aspx?jobnum_in=109117

----------------------
Michael Corn | Chief Information Security Officer
mcorn () ucsd edu
University of California San Diego | ITS - Information...

Re: Virtual CISO Garrett McManaway (Apr 26)
I would recommend reaching out to Dan, he is familiar with the EDU space and especially good at communicating
security/technical issues to non-It people.

https://www.linkedin.com/in/danielaayala/

Garrett McManaway
CISO & Sr. Director
C&IT - Information Security and Compliance
Wayne State University
Phone: 313-577-3454

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Dr....

Job Opportunity - University of Illinois - Identity and Access Management Barnes, Joe (Apr 26)
Good morning,

We have multiple openings for Identity and Access Management Specialist at various levels of experience. Working in
person, remote, or hybrid is an option and will continue to be beyond pandemic. More details, including a link to
apply can be found here: https://jobs.illinois.edu/academic-job-board/job-details?jobID=145047. Posting closes May 6,
2021. Come join our growing team.

Please pass along to anyone who you think...

Re: Virtual CISO Tej Patel (Apr 23)
OculusIT (https://www.oculusit.com/it-consulting/#cisoservices) - happy to share experiences directly.

Best,

--Tej

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Dr. Christopher
Davis
Sent: Friday, April 23, 2021 10:11 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Virtual CISO

Has anyone employed the services of a virtual CISO (or company) to help them design and...

Re: Virtual CISO David Eilken (Apr 23)
I might suggest BobCat Cyber. He's an ex-EY security consultant that could
be price competitive if that is a key criteria for you. He's very solid and
thorough. Started his career at Mitre.

Best,
Dave Eilken
[image: Maricopa Community College District Office logo]
DAVID EILKEN MA, MBA, CISSP-ISSMP
MARICOPA COMMUNITY COLLEGES
Information Security Officer | ITS
2411 West 14th Street, Tempe, AZ 85281
david.eilken () domail maricopa edu...

Re: Virtual CISO Koppel, Lorna (Apr 23)
I suggest talking to SideChannel – they provide virtual/fractional CISOs. Started by some VERY smart CISOs that like
to help smaller companies/institutions.
Reach out to Brian Haugli or visit https://www.sidechannel.com/

Lorna L. Koppel
Director of Information Security
Office of Information Security (OIS)
Tufts University
169 Holland
Street<...

Re: Virtual CISO Mattehew Prescott (Apr 23)
We didn't do a vCISO but we have and are using Vantage Consulting,
www.vantagetcg.com. They are an EDUCAUSE partner.

Thanks,
Matt Prescott, Security Analyst
Information Technology
(o) 325-674-2882
Abilene Christian University
[image: Abilene Christian University]

On Fri, Apr 23, 2021 at 9:10 AM Dr. Christopher Davis <CDavis () franciscan edu>
wrote:

**********
Replies to EDUCAUSE Community Group emails are sent to the entire...

Virtual CISO Dr. Christopher Davis (Apr 23)
Has anyone employed the services of a virtual CISO (or company) to help them design and implement a security program
for their school? Any recommendations, good or bad, are appreciated!

Pax Christi,

Dr. Chris Davis
Director of Information Technology Services
[Franciscan University logo]
Franciscan University of Steubenville
1235 University Blvd., Steubenville, OH 43952
740-284-5192 | cdavis () franciscan edu

St. Isidore, please pray that God...

Re: Emeriti Faculty Licensing Carter, Cyrus B (Apr 22)
I was curious about what you said. I found this article.
https://support.microsoft.com/en-us/topic/manage-graduating-student-licenses-and-content-in-microsoft-365-education-ba3142c7-fa7d-46d2-9efd-f1ee751cd400

basically If the institution wishes to maintain the email for alumni they can. But keeping the specific student license
is not part of the deal. This part below is FREE part that may be what was referenced by our Vendor regarding alumni....

Re: Emeriti Faculty Licensing Carter, Cyrus B (Apr 21)
That may be true. And it may be part of the license type we have . I was just repeating what was told to me. Either way
we are not going that route so is a moot point for us. I know this doesn't help anyone else with the question that
was posed. Sorry.

Get Outlook for Android<https://aka.ms/ghei36>

________________________________
From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on...

Re: Emeriti Faculty Licensing Mandi Witkovsky (Apr 21)
I'm not a licensing expert but I have always been told that per MS licensing, alumni are only entitled to email.

mandi

Mandi Witkovsky
Director, Identity and Access Management
for the Purdue University system
witkovsm () pfw edu<mailto:witkovsm () pfw edu>

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Carter, Cyrus B
Sent: Wednesday, April 21, 2021 2:41 PM
To: SECURITY ()...

Re: Emeriti Faculty Licensing Carter, Cyrus B (Apr 21)
We are currently migrating our Student tenant into our main tenant (fac/staff) in Azure AD. That was brought up if we
wanted to setup Alumni constituency to allow users to keep some of the office365 components. Its my understanding that
it is free but you as the institution would still have to manage it. As of now our leadership does not wish to
implement this for alumni because its just one more thing that would require us to manage and...

!!UPDATED TIMES!! [REGISTRATION OPEN] 2021 REN-ISAC Blended Threat Workshop - OSU Sarah Bigham (Apr 21)
<<< text/html; charset=utf-8: Unrecognized >>>

Internet Issues and Infrastructure

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

Re: Myanmar internet - something to think about if you're having a bad day Sabri Berisha (Apr 29)
----- On Apr 28, 2021, at 11:32 AM, Eric Kuhnke <eric.kuhnke () gmail com> wrote:

Hi,

Even my third-grader was able to figure out that she needed a VPN when I blocked Roblox's IP space (128.116.0.0/17) on
my home router.

Other than, as reports said, soldiers snipping cables in datacenters, regimes will have a difficult time completely
blocking whatever they don't like. Even China can't do it.

Thanks,

Sabri

NIST RPKI Monitor version 2.0 Sriram, Kotikalapudi (Fed) via NANOG (Apr 29)
We (NIST) have released a new version of the NIST RPKI Monitor (v2.0):

https://www.nist.gov/services-resources/software/nist-rpki-deployment-monitor

We are open to adding more features and analyses based on user feedback. Your comments/suggestions are welcome. Thank
you.

Sriram

Re: Broken Mini-SAS cable removal? nick hatch (Apr 29)
It's not purpose-built, but you may find a traveller hook / Shrum tool
useful. Carolina Roller is one manufacturer. Ironically, this tool has
been adopted by the locksport community, but is intended for use in
textile manufacturing.

Re: Something that should put a smile on everybody's face today Bryan Fields (Apr 28)
Mel,

Looking at the usage guidelines
https://www.nanog.org/resources/usage-guidelines/, did you notice the section
"How to report a violation of these guidelines"? #1 states "Subscribers who
are subject to or wish to report a violation of these guidelines should
contact us at admins [at] nanog.org." Did you make such a complaint?

I didn't notice anything stating reporting it on-list is an option. In fact
rule #15...

Re: Something that should put a smile on everybody's face today George Metz (Apr 28)
Respectfully Mel, the patent with Blackbird may well have been that -
my reading of the past case agrees with yours for the most part - but
the current case is Sable Networks suing Cloudflare over a patent
involving routers. Given the patent involved and the choice of
Cloudflare as a target, this well could snowball into a situation
where ANYONE using a router would be considered to be infringing, and
I submit that such a broad possible hit...

Re: Myanmar internet - something to think about if you're having a bad day Eric Kuhnke (Apr 28)
None of them are a good option. In the specific case of Pakistan, the
periodic shutdowns and blockages have been 'moderate' enough, if that's an
appropriate word to use, that *most* of the time, Telenor's customers have
ordinary Internet service. Over the long run it is probably a benefit that
its customers have their LTE data services.

Within that specific example I should also note that there has been very
little effort put...

Re: Something that should put a smile on everybody's face today Mel Beckman (Apr 28)
Bill,

Blackbird chooses its victims based on whether any of a couple dozen vague patents they hold can plausibly be used to
extort money out of a victim company. BB doesn’t go after service providers in particular, it just happens to have
chosen a service provider (unwisely, it turns out) in this case.

There are no operational issues here. No individual Internet protocol or technology “many of us use” was named. The
patent was invalid...

Re: Myanmar internet - something to think about if you're having a bad day Christopher Morrow (Apr 28)
(I'm sure i'll regret this, but...)

So, what would be the correct set of actions here (for a company)?

it sounds like some version of the proposal is:
"Pull up stakes, stop offering services in places that may/do impose
'draconian' methods of 'censorship'"
(note intentionally quoted draconian/censorship - I don't mean/want to
put a value on those words)

or perhaps:
"Lobby the...

Re: Myanmar internet - something to think about if you're having a bad day Eric Kuhnke (Apr 28)
It should be noted that Telenor has been one of the nationwide license
holders for 3GPP cellular bands in Pakistan for a long time, and has
encountered the same issues with regional network shutdowns, and government
orders to block certain netblocks or services.

Not to the same extent as what's going on right now in Myanmar, but
absolutely it meets the definition of what a (western European, North
American) person would consider to be...

Re: Something that should put a smile on everybody's face today Mel Beckman (Apr 28)
Michael,

No, I explained very clearly that my comments about DoD address space were not related to any single party — in fact,
government malfeasance with citizen data has gone on equally with every administration since J. Edgar Hoover ran the
FBI. THAT is clearly an operational issue, since operators have to decide if they’re going to let this bizarre IP space
enter their networks.

But your comments do drip — with venom and bile —...

Re: Something that should put a smile on everybody's face today William Herrin (Apr 28)
Hi Mel,

If the patents at issue pertained to copier toner I might agree with
you. They're networking patents purporting to govern technologies many
if not most of us use.

Regards,
Bill Herrin

Re: Something that should put a smile on everybody's face today Michael Thomas (Apr 28)
Snort. Your gubbermint conspiracy theories about the DoD address space
dripped of politics.

They were sued because they are a service provider with money and they
are fighting back asking for the community to help out. As William said,
that seems pretty on-topic to me. This community is in a good position
to provide that help which would be of benefit to NANOG in general.
Again, on-topic for network operators.

Mike

Re: Something that should put a smile on everybody's face today Mel Beckman (Apr 28)
Michael,

Sorry, but Cloudfare wasn’t sued because they’re a service provider. This dispute is no different than if they had
gotten into an argument over a copier toner scammer. And your snide remark about my comments, claiming they are
political, is uncalled for. I fastidiously avoid making political comments, and take pains to explain my operational
concerns if there might be any doubt (as I did with the Parler cancellations).

I never...

Re: Something that should put a smile on everybody's face today Michael Thomas (Apr 28)
Doubly so because this is exactly the right community that can help
eliminate an industry scourge with its knowledge of prior art, etc.

Mike

Re: Something that should put a smile on everybody's face today Michael Thomas (Apr 28)
Cloudflare is a service provider. Getting sued by patent trolls is an
operational issue. And you're a fine one to complain about political
axes to grind.

Mike

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

Risks Digest 32.62 RISKS List Owner (Apr 25)
RISKS-LIST: Risks-Forum Digest Sunday 25 April 2021 Volume 32 : Issue 62

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.62>
The current issue can also be found at
<...

Risks Digest 32.61 RISKS List Owner (Apr 23)
RISKS-LIST: Risks-Forum Digest Friday 23 April 2021 Volume 32 : Issue 61

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.61>
The current issue can also be found at
<...

Risks Digest 32.60 RISKS List Owner (Apr 17)
RISKS-LIST: Risks-Forum Digest Saturday 17 April 2021 Volume 32 : Issue 60

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.60>
The current issue can also be found at
<...

Risks Digest 32.59 RISKS List Owner (Apr 04)
RISKS-LIST: Risks-Forum Digest Sunday 4 April 2021 Volume 32 : Issue 59

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.59>
The current issue can also be found at
<...

Risks Digest 32.58 RISKS List Owner (Apr 01)
RISKS-LIST: Risks-Forum Digest Thursday 1 April 2021 Volume 32 : Issue 58

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.58>
The current issue can also be found at
<...

Risks Digest 32.57 RISKS List Owner (Mar 23)
RISKS-LIST: Risks-Forum Digest Tuesday 23 March 2021 Volume 32 : Issue 57

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.57>
The current issue can also be found at
<...

Risks Digest 32.56 RISKS List Owner (Mar 19)
RISKS-LIST: Risks-Forum Digest Friday 19 March 2021 Volume 32 : Issue 56

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.56>
The current issue can also be found at
<...

Risks Digest 32.55 RISKS List Owner (Mar 16)
RISKS-LIST: Risks-Forum Digest Tuesday March 2021 Volume 32 : Issue 55

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.55>
The current issue can also be found at
<...

Risks Digest 32.54 RISKS List Owner (Mar 13)
RISKS-LIST: Risks-Forum Digest Saturday 13 March 2021 Volume 32 : Issue 54

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.54>
The current issue can also be found at
<...

Risks Digest 32.53 RISKS List Owner (Mar 12)
RISKS-LIST: Risks-Forum Digest Friday 12 February 2021 Volume 32 : Issue 53

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.53>
The current issue can also be found at
<...

Risks Digest 32.52 RISKS List Owner (Mar 06)
RISKS-LIST: Risks-Forum Digest Saturday 6 March 2021 Volume 32 : Issue 52

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.52>
The current issue can also be found at
<...

Risks Digest 32.51 RISKS List Owner (Feb 22)
RISKS-LIST: Risks-Forum Digest Monday 22 February 2021 Volume 32 : Issue 51

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.51>
The current issue can also be found at
<...

Risks Digest 32.50 RISKS List Owner (Feb 19)
RISKS-LIST: Risks-Forum Digest Friday 19 February 2021 Volume 32 : Issue 50

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.50>
The current issue can also be found at
<...

Risks Digest 32.49 RISKS List Owner (Feb 12)
RISKS-LIST: Risks-Forum Digest Friday 12 February 2021 Volume 32 : Issue 49

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.49>
The current issue can also be found at
<...

Risks Digest 32.48 RISKS List Owner (Feb 05)
RISKS-LIST: Risks-Forum Digest Friday 5 February 2021 Volume 32 : Issue 48

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.48>
The current issue can also be found at
<...

BreachExchange — BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.

Open Source Tool Development

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

Re: Problem with parsing NGAP UL Configuration Request Pascal Quantin (Apr 28)
Hi Dincer,

Le mer. 28 avr. 2021 à 17:07, Dincer Beken <dbeken () blackned de> a écrit :

Your TransportLayerAddress item has a length of 132 bits, which neither
match an IPv4 only address (32 bits), of 1Pv6 only address (128 bits) or an
IPv4 followed by an IPv6 address (160 bits). Thus wireshark does not try to
decode the payload of this unknown length. If you tried to encode an IPv4
and/or IPv6 address, then you have a bug.

Best...

Problem with parsing NGAP UL Configuration Request Dincer Beken (Apr 28)
Hello all,

I am trying to handle the 5G UL Ran configuration transfer message. I am encoding an XN TNL Information Item with
asn1c. All IEs and messages so far have worked well, but the Tunnel Information item does not work for me.
I cannot see the Tunnel Information elements (IPs.).

I am using wireshark version 3.40. I have attached the capture.

I am stuck on this and would appreciate any help. If anyone here is experienced with...

Re: How to disable QT_MULTIMEDIA_LIB during cmake Jirka Novak (Apr 28)
Hi Roland,

I see your merge request. So my task is to review it and make it
running with QT_MULTIMEDIA_LIB undefined, right? BTW it was my original
idea to do.

Best regards,

Jirka Novak

Re: How to disable QT_MULTIMEDIA_LIB during cmake Roland Knall (Apr 28)
A merge request has been generated for this:
https://gitlab.com/wireshark/wireshark/-/merge_requests/2849

cheers

Am Mi., 28. Apr. 2021 um 14:33 Uhr schrieb Roland Knall <rknall () gmail com>:

Re: How to disable QT_MULTIMEDIA_LIB during cmake Roland Knall (Apr 28)
I have created a change which handles the CMAKE stuff correctly (analog to
extcap & pcap, ...)

I would need some help from you Jirka for the RTP specifics.

kind regards
Roland

Am Mi., 28. Apr. 2021 um 14:01 Uhr schrieb John Thacker <
johnthacker () gmail com>:

Re: How to disable QT_MULTIMEDIA_LIB during cmake John Thacker (Apr 28)
In general some features can be disabled, see CMakeOptions.txt for a list,
but Qt Multimedia Lib cannot be disabled easily.

If you look at cmakeconfig.h.in:
<https://gitlab.com/wireshark/wireshark/-/blob/master/cmakeconfig.h.in#L320>

/* Define to the version of this package. */
#cmakedefine PACKAGE_VERSION

/* Define if we have QtMultimedia */
#define QT_MULTIMEDIA_LIB 1

/* Define if we have QtMacExtras */
#cmakedefine QT_MACEXTRAS_LIB 1...

Re: Having problem tracing multiple ip addresses Robert Blair (Apr 27)
** Reply to message from Hugo van der Kooij via Wireshark-users
<wireshark-users () wireshark org> on Mon, 26 Apr 2021 07:23:43 +0000

On another OS I have used IP tracing many times, on Ubuntu only two or three
times. After seeing the trace from wireshark I now have no clue what is going
on.

When I started with these IoT devices I had both of the routers WIFI interfaces
with the same SSID and password. This caused problems trying to...

Re: Status label for issues Uli Heilmeier (Apr 27)
Am 27.04.21 um 09:28 schrieb Guy Harris:

Yes, I'm aware of it. This is something I've already mentioned in my first mail. For this label only automation (bot)
makes sense. As long as there is no automation we will have a closed issue with a false state.

For the Gitlab API there is no difference between manually closed issued and issues marked as duplicate.
Both have the state closed. Marked as duplicate issues have a additional note...

Re: Status label for issues Guy Harris (Apr 27)
The last of those is, well, a duplicate of the "(duplicated)" in the status box at the top (if the close is done right,
by entering

/duplicate #{bug number}

into a comment and saving the comment).

Re: Status label for issues Uli Heilmeier (Apr 27)
I see your point.

We had this status field at Bugzilla and it worked sufficiently well (at least for dissector bugs).

At the moment it is very hard to see if someone has already had a look at an issue, if she/he was able to reproduce it,
if a sample capture is missing etc.

Regarding additional tooling I will have a closer look at triage-ops the next days.

Am 27.04.21 um 09:06 schrieb Roland Knall:

Re: Status label for issues Uli Heilmeier (Apr 27)
Am 27.04.21 um 09:06 schrieb Guy Harris:

Yes, you're totally right. os::windows, os::macos, os::linux and os::other should be enough.

Currently we have os::unix with the description "AIX, HP-UX, Solaris, and other Unices"

Re: Status label for issues Roland Knall (Apr 27)
It wasn't clear to me, that your list was the original list + new entries.

I have especially an issue with the new ws-status labels and their
transitions. Judging from a company, where we have about 50 developers
whose daily bread it is to transition properly in Jira, I cannot see an
open-source project with no additional tooling to properly transition
between e.g. unconfirmed => confirmed => in-progress.

That is my main concern.

Am...

Re: Status label for issues Guy Harris (Apr 27)
So does "unix" mean:

1) has some possibly very-remote code base connection to some UNIX that AT&T put out;

2) is eligible to use the UNIX(R) trademark;

3) other?

If it's 1), then I *guess* Linux is the only UN*X that doesn't fit into that category, although macOS, being a 4.4-Lite
derivative, would fit into that category as well.

If it's 2), then 1) the *BSDs don't count and 2) at...

Re: Status label for issues Uli Heilmeier (Apr 26)
Diff between current and proposal list:

- incident
- question
- cli::tshark
+ ui::tshark
- ui::gtk
- version::0.x
- version::1.0
- version::1.10
- version::1.12
- version::1.2
- version::1.4
- version::1.6
- version::1.8
- version::2.0
- version::2.2
- version::2.4
- version::2.6
- version::3.0
+ version::outdated
+ ws-status::unconfirmed
+ ws-status::confirmed
+ ws-status::waiting-for-response
+ ws-status::in-progress
+ ws-status::invalid
+...

Re: Status label for issues Roland Knall (Apr 26)
The list seems to be duplicated with the lists from above. Anyhow, it seems
we just have too many labels already, and I am still not convinced that
they can be used properly and consistently at this point

I would clean up the proposal list first, then from there figure out which
items we need on the list

cheers
Roladn

Am Mo., 26. Apr. 2021 um 21:17 Uhr schrieb Uli Heilmeier <zeugs () heilmeier eu

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

Snort Subscriber Rules Update 2021-04-27 Research (Apr 27)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the app-detect,
browser-ie, browser-other, exploit-kit, file-pdf, malware-cnc,
malware-other, policy-other and server-webapp rule sets to provide
coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:...

Snort Blog: 2.9.8.3 Shared Object end-of-life Joel Esler (jesler) via Snort-sigs (Apr 22)
https://blog.snort.org/2021/04/2983-shared-object-end-of-life.html

2.9.8.3 Shared Object end-of-life

Attention users of SNORTⓇ version 2.9.8.3: This serves as your official end-of-life notification. However, this EOL
notification is a bit unique.

We will be moving to an “end of life” for shared object rules for Snort version 2.9.8.3 in 90 days, (July 20, 2021).
After that, for an indeterminate amount of time after July 20, we will...

Snort Subscriber Rules Update 2021-04-22 Research (Apr 22)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the and server-other
rule sets to provide coverage for emerging threats from these
technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2021-04-21 Research (Apr 21)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the browser-chrome,
malware-cnc, policy-other, protocol-voip, server-apache and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Re: Fwd: question. Russ Combs (rucombs) via Snort-devel (Apr 20)
This should be posted to snort-users or snort-sigs. snort-devel is for bugs and related development work.

Russ

________________________________
From: Snort-devel <snort-devel-bounces () lists snort org> on behalf of juan patricioo via Snort-devel <snort-devel ()
lists snort org>
Sent: Thursday, April 15, 2021 4:09 PM
To: snort-devel () lists snort org <snort-devel () lists snort org>
Subject: [Snort-devel] Fwd: question....

Snort Subscriber Rules Update 2021-04-20 Research (Apr 20)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the malware-cnc and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Fwd: question. juan patricioo via Snort-devel (Apr 19)
---------- Forwarded message ---------
De: juan patricioo <cursoredesinap9644 () gmail com>
Date: jue, 15 abr 2021 a las 21:59
Subject: question.
To: <snort-users () lists snort org>

Hello, im trying to do a rule in snort that can capture de text on a text
field in the next formulary:

http://cekb.unileon.es/formulario.html

[image: image.png]

Im trying:

*alert tcp any any -> any 80 (msg:"script text";...

Snort Subscriber Rules Update 2021-04-15 Research (Apr 15)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the browser-chrome,
file-pdf, indicator-obfuscation, malware-backdoor, malware-cnc and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2021-04-13 Research (Apr 13)
Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2021-28310:
A coding deficiency exists in Microsoft Win32k that may lead to an
escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 57403 through 57404.

Microsoft Vulnerability...

Snort Blog: New "Snort 3 and me" webinar series launches on April 20 Joel Esler (jesler) via Snort-sigs (Apr 08)
We’re launching some webinars about the transition to Snort 3. They are totally free, and your information will not be
used for any marketing purposes.

Snort Subscriber Rules Update 2021-04-08 Research (Apr 08)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the browser-other and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2021-04-06 Research (Apr 06)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the and file-other rule
sets to provide coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2021-04-01 Research (Apr 01)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the browser-ie,
exploit-kit, indicator-obfuscation, indicator-shellcode, malware-cnc,
netbios, protocol-dns, protocol-voip, server-oracle and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.

For a complete list of new and modified rules please...

Snort Subscriber Rules Update 2021-03-30 Research (Mar 30)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the browser-other,
malware-cnc, os-windows, protocol-tftp and server-webapp rule sets to
provide coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Blog: Official EOL Notice for 2.9.15.0, 2.9.15.1 and 2.9.16.0 Joel Esler (jesler) via Snort-sigs (Mar 29)
https://blog.snort.org/2021/03/official-eol-notice-for-29150-29151-and.html

Official EOL Notice for 2.9.15.0, 2.9.15.1 and 2.9.16.0

Attention Snort User and Integrators:

This blog post serves as your official 90-day notice that we will be EOL'ing rule support for versions 2.9.15.0,
2.9.15.1, and 2.9.16.0 as of 2021-06-21 or June 21, 2021.

As we release new versions of Snort, occasionally we have to decommission older versions, lowering...

More Lists

Related Resources

We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.