SecLists.Org Security Mailing List Archive

Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:

Insecure.Org Lists

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

Zenmap 7.70 crashing on Windows 7 Jasey DePriest (Sep 14)
Good morning,

When I run Zenmap it crashes somewhere in the service discovery or script
portion. I can't be sure which since I lose the log when it crashes. It
doesn't crash against every system, but it does reliably crash against
certain systems. It may be related to firewall interference, but it wasn't
clear from the crash. Also, I can run the same command from nmap and it
runs to completion.
I was unable to get Zenmap to write...

Adding TN3270E support to Nmap Phil Young (Sep 07)
Hi All,

I’ve submitted pull request: https://github.com/nmap/nmap/pull/1318 <https://github.com/nmap/nmap/pull/1318> to add
TN3270E support as well as adding support for reading/setting Logical Units in tn3270-screen.

The support is very basic (it tells the server to do TN3270E basic) but it allows for a few more features and attacks
(such as LU enumeration). _______________________________________________
Sent through the dev...

Re: Happy "21th" birthday, Nmap! Fyodor (Sep 01)
Good catch and thanks for the patch! It looks like Dan already applied
it. Happy 21st, Nmap! Dan also recently fixed a Y3K bug affecting dates
after January 3001 (https://github.com/nmap/nmap/issues/1303). All fixed,
with just 982 years to spare!

Cheers,
Fyodor

Happy "21th" birthday, Nmap! David Fifield (Sep 01)
This reminds me of a bug that I thought I reported before, but now I
cannot find. COBOL had Y2K, Unix has its year 2038, and Nmap has its
year 2018 problem--its "21th" birthday.

$ ./nmap -v
Starting Nmap 7.70SVN ( https://nmap.org ) at 2018-09-01 10:22 MDT
Happy 21th Birthday to Nmap, may it live to be 121!

Here's a patch that will instead give the correct "21st", "22nd",
"23rd", and so on into the...

Happy birthday, Nmap! Dave Horsfall (Aug 31)
My records show that NMAP was released on this day in 1997. It's a
wonderful network scanner, which just keeps better and better.

-- Dave, merely a happy Nmap user

Re: Npcap Denis (Aug 31)
Adapter have next configuration:
[image: image.png]

Npcap Denis (Aug 31)
Hello, i'm using npcap for my program. It works like this:
- program(npcap) listen game and sending packets to main server.
- server receive raw/game packets and sending to all clients.
But this works until the game starts.

The game sends it like this:

*(A)-192.0.30.30(B)-192.0.50.50*
*(A)* -> *255.255.255.255*
*255.255.255.255* -> *(B)*
*(B)* -> *255.255.255.255*
*255.255.255.255* -> *(A)*

After the game starts, *(A)* sending...

Re: trivial PR: double the key length of self-signed cert in ncat #1310 David Fifield (Aug 29)
Looks good to me. The world has advanced since 2009 and r13218 when I
decided to set it to 1024 :)

Re: Nmap new version past 7.70 due to CVE-2018-15173 Fyodor (Aug 29)
On Mon, Aug 27, 2018 at 5:55 PM Shashi Guruprasad <sguruprasad () fortinet com>
wrote:

Hi Shashi. Thanks for your mail. Even though someone applied for a CVE
number for this, it's not actually a very serious issue. Apparently some
systems are so low in resources that they can't handle our previous depth
limit in matching service banners to our service detection signatures. On
one of those rare systems (we haven't been...

trivial PR: double the key length of self-signed cert in ncat #1310 Adrian Vollmer (Aug 29)
Hey there,

as per the contributor guidelines I'm letting you know that I
submitted a PR on Github. It's a trivial change, doubling the key
length of the private key that is generated when you use '--ssl' in
ncat without specifying your own key and certificate.

In the latest version of Debian Unstable, OpenSSL does not accept
certificates using such a short key of 1024 bit. So I suggest making
it 2048....

Nmap new version past 7.70 due to CVE-2018-15173 Shashi Guruprasad (Aug 27)
Hi Fyodor, or Daniel Miller,

Would it be possible to release a new version of nmap for fix CVE-2018-15173? Qualys is reporting this vulnerability in
our system despite installing 7.70-1. I can build from source, but it will mean that I will need to do this all the
time in the future…

Thanks and regards,
Shashi
[GH#1147]<http://issues.nmap.org/1147>[GH#1108]<http://issues.nmap.org/1108> Reduced LibPCRE resource limits so that...

Re: Google Summer of Code 2019 Fyodor (Aug 24)
On Fri, Aug 24, 2018 at 9:57 AM Jeffrey Rowell <jrowell3 () msudenver edu>
wrote:

Hi Jeff. After participating in all of the first 13 years of GSoC, we
decided to take a year off last year, as described at
http://seclists.org/nmap-dev/2018/q1/23.

We haven't decided yet on whether to come back for 2019. A lot of it
depends on how much interest we have from prospective students and
mentors. Of course it is also subject to Google...

Google Summer of Code 2019 Jeffrey Rowell (Aug 24)
Hello all,

I have used Nmap throughout my penetration testing and defense class at school, and I was wondering if Nmap will have a
project for GSOC 2019. I am looking to apply to GSOC next summer and would love to apply to Nmap if there is a project
available! However I did not see an Nmap project from GSOC 2018 so I was wondering if there is going to be any more
GSOC Nmap projects in the future? Any info is very much appreciated!

Much...

Re: Re: New script for brute-force discovery passwords and users in CMS Made Simple in version 2.2.6 George Chatzisofroniou (Aug 20)
I personally favor the extension of current NSE functionality. Instead
of iterating through the `known_apps` table, we can introduce an
argument `--http-form-brute.app` that will assume the target
installation. Extending `http-form-brute` to support a two-step login
process would be a great addition that could work against other
applications too.

George

mysql-dump-hashes.nse compatibility patch (v5.7) Robbe Van der Gucht (Aug 19)
Hi all,

authentication_string and the password field is no longer present.
Because of this the mysql-dump-hashes.nse script doesn't work any more
against recent MySQL server installations. Attached you'll find my
proposed fix.

The patch is a simple fall back. If the first query referring to the
the 'password' field fails it will attempt to use the
'authentication_string' field.

I tested this fix against MySQL...

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.

Nmap 7.70 released! Better service and OS detection, 9 new NSE scripts, new Npcap, and much more. Fyodor (Mar 20)
Nmap Community,

We're excited to make our first Nmap release of 2018--version 7.70! It
includes hundreds of new OS and service fingerprints, 9 new NSE scripts
(for a total of 588), a much-improved version of our Npcap windows packet
capturing library/driver, and service detection improvements to make -sV
faster and more accurate. And those are just a few of the dozens of
improvements described below.

Nmap 7.70 source code and binary...

Nmap GSoC 2017 Success Reports Fyodor (Oct 10)
Hello Nmap Community,

Nmap celebrated its 20th birthday last month and we also just completed our
13th Google Summer of Code. We focused on a fairly small team of four
students this year (http://seclists.org/nmap-announce/2017/2), and I'm
happy to report that every one passed! And they all have code integrated
into Nmap 7.60 already, with even more to follow for the next release.
Also this year, for the first time, every student wrote a...

Nmap 7.60 released! SSH support, SMB2/SMB3 improvements, 14 more scripts, new Npcap, GSoC work, and more Fyodor (Aug 01)
Hello everyone. I'm back from Defcon and excited to announce the new Nmap
7.60 release! It has only been a month and a half since 7.50, but we still
packed a lot into this one. Mostly because we have such an awesome GSoC
team of 8 students and mentors working on so many cool projects. The
program hasn't even ended yet, but much of their work has already been
integrated into this release.

One of the things I'm most excited...

Nmap 7.50 Released! 14 new NSE scripts, 300+ fingerprints, new Npcap, and more Fyodor (Jun 13)
Dear Nmap Community:

The Nmap project is delighted to announce the release of Nmap 7.50! It is
our first big release since last December and has hundreds of improvements
that we hope you will enjoy.

One of the things we have been worked the hardest on recently is our Npcap
packet capturing driver and library for Windows (https://nmap.org/npcap/).
It is a replacement for WinPcap, which served us well for many years, but
is no longer maintained....

Introducing the 2017 Nmap/Google Summer of Code Team! Fyodor (May 18)
Nmap community:

Thanks for all of your applications and referrals of talented students to
the Summer of Code program. Google has agreed to sponsor four students to
spend this summer enhancing the Nmap Security Scanner and I'm proud to
introduce our 2017 team! We normally mentor coders working all over the
Nmap/Zenmap/Ncat/Nping spectrum, but this year we're doubling down on the
Nmap Scripting Engine component. All four of our...

Nmap Project Seeking Talented Programmers for GSoC 2017 Fyodor (Mar 27)
Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're one...

Nmap GSoC 2016 Success Report Fyodor (Feb 07)
Happy belated new year from the Nmap Project! I'd like to take this
opportunity to send you the belated results from our 2016 Summer of Code
team. I was going to send them right after the program finished, but some
of the students were still finishing some great things so I decided to
wait. As you may recall from the team intro mail (
http://seclists.org/nmap-announce/2016/2), we had 5 students last year and
I'm happy to report that...

Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

CVE-2018-16242 - oBike Electronic Lock Bypass Antoine Neuenschwander (Sep 14)
################################################################################
# #
# CVE-2018-16242 - oBike Electronic Lock Bypass #
# #
################################################################################
#...

Disclose SSRF Vulnerability Alphan Yavaş (Sep 14)
I. VULNERABILITY
-------------------------
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory
Federation Services) Server Side Request Forgery (SSRF)

II. CVE REFERENCE
-------------------------
CVE-2018-16794

III. VENDOR
-------------------------
https://www.microsoft.com
https://msdn.microsoft.com/en-us/library/bb897402.aspx

IV. TIMELINE
-------------------------
15/08/2018 Vulnerability discovered
18/08/2018 Vendor...

Seagate Personal Cloud multiple information disclosure vulnerabilities Summer of Pwnage via Fulldisclosure (Sep 12)
------------------------------------------------------------------------
Seagate Personal Cloud multiple information disclosure vulnerabilities
------------------------------------------------------------------------
Yorick Koster, September 2017

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
Seagate Personal Cloud is a consumer-grade...

ZDI-CAN-6307 / Microsoft Baseline Security Analyzer v2.3 / XML External Entity Injection hyp3rlinx (Sep 10)
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-BASELINE-ANALYZER-v2.3-XML-INJECTION.txt
[+] ISR: Apparition Security
[+] Zero Day Initiative Program

[Vendor]
www.microsoft.com

[Product]
Microsoft Baseline Security Analyzer v2.3

Microsoft Baseline Security Analyzer (MBSA) is a software tool released by
Microsoft to determine security state by...

Vulnerabilities in KONEs Group Controller (KGC) Sebastian Neuner via Fulldisclosure (Sep 07)
Vulnerabilities in KONEs Group Controller (KGC)
-------------------------------------------------------------------------

Introduction
============
Vulnerabilities were identified in the KONE Group Controller (KGC).
These were discovered during a black box assessment and therefore the
vulnerability list should not be considered exhaustive.

The version under test was indicated as: 4.6.4

Comment added by KONE
=====================
KONE Group...

DSA-2018-156: Dell EMC VPLEX Insecure File Permissions vulnerability on Witness secure (Sep 07)
DSA-2018-156: Dell EMC VPLEX Insecure File Permissions vulnerability on Witness

Dell EMC Identifier: DSA-2018-156
CVE Identifier: CVE-2018-11078
Severity: Medium
Severity Rating: CVSS v3 Base Score: 4.0 (AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected products:
Only Witness
DELL EMC VPlex Software: GeoSynchrony all 5.4 versions
DELL EMC VPlex Software: GeoSynchrony all 5.5 versions
DELL EMC VPlex Software: GeoSynchrony all 6.0 versions...

DSA-2018-147: Dell EMC Isilon OneFS and Dell EMC IsilonSD Edge Remote Kernel Crash Vulnerability secure (Sep 07)
DSA-2018-147: Dell EMC Isilon OneFS and Dell EMC IsilonSD Edge Remote Kernel Crash Vulnerability

Dell EMC Identifier: DSA-2018-147
CVE Identifier: CVE-2018-11071
Severity: High
Severity Rating: CVSS v3 Base Score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected products:
* Dell EMC Isilon OneFS versions 7.1.1.x
* Dell EMC Isilon OneFS versions 7.2.1.x
* Dell EMC Isilon OneFS versions 8.0.0.x
*...

DSA-2018-150:RSA BSAFE® SSL-J Multiple Vulnerabilities secure (Sep 07)
DSA-2018-150:RSA BSAFE® SSL-J Multiple Vulnerabilities

Dell EMC Identifier: DSA-2018-150

CVE Identifier: CVE-2018-11068, CVE-2018-11069, CVE-2018-11070

Severity: Medium

Severity Rating: View details below for individual CVSS Score for each CVE

Affected Products:
RSA BSAFE Crypto-J versions prior to 6.2.4
RSA BSAFE SSL-J versions prior to 6.2.4

Summary:
RSA BSAFE Crypto-J and SSL-J contains fixes for multiple security vulnerabilities...

CVE-2018-15898: Subsonic Music Streamer 4.4 (Android) - Improper Certificate Validation Andrew Klaus (Sep 07)
Description:
The Subsonic Music Streamer application 4.4 for Android has Improper
Certificate Validation of the Subsonic server certificate, which might
allow man-in-the-middle attackers to obtain interaction data.

Affected Product: Subsonic Music Streamer (Android client)
Vendor of Product: Sindre Mehus
Version(s) Affected: 4.4 and below (latest as of Sept 4, 2018)

CVE: CVE-2018-15898
Status: Still unpatched as of time of writing
Vulnerability...

CVE-2018-1000664: DSub for Subsonic (Android) - Improper Certificate Validation Andrew Klaus (Sep 07)
Description:
daneren2005 DSub for Subsonic (Android client) version 5.4.1 contains a
CWE-295: Improper Certificate Validation vulnerability in HTTPS Client that
can result in any non-CA signed server certificate, including self signed
and expired, being accepted by the client. This attack appear to be
exploitable when the victim connects to a server that's MITM/Proxied by an
attacker.

Affected Product: DSub for Subsonic (Android client)...

SEC Consult SA-20180906-0 :: CSV Formula Injection in DokuWiki SEC Consult Vulnerability Lab (Sep 06)
SEC Consult Vulnerability Lab Security Advisory < 20180906-0 >
=======================================================================
title: CSV Formula Injection
product: DokuWiki
vulnerable version: 2018-04-22a "Greebo" and older versions
fixed version: None
CVE number: CVE-2018-15474
impact: Medium
homepage: https://www.dokuwiki.org
found:...

[CORE-2018-0008] - Opsview Monitor Multiple Vulnerabilities Core Security Advisories Team (Sep 04)
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/

Opsview Monitor Multiple Vulnerabilities

1. **Advisory Information**

Title: Opsview Monitor Multiple Vulnerabilities
Advisory ID: CORE-2018-0008
Advisory URL:
http://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities
Date published: 2018-09-04
Date of last update: 2018-09-04
Vendors contacted: Opsview
Release mode: Coordinated release

2. **Vulnerability...

Android Dexdump Buffer Overflow Vulnerability Veysel hataş (Sep 04)
Title : Android Dexdump Buffer Overflow Vulnerability
Discoverer: Veysel HATAS (vhatas () gmail com)
Web page : wise.cs.hacettepe.edu.tr
Test: Nexus 4 Android 5.1.1
Status: Not Fixed
Severity : High

Discovered: 04 February 2018
Reported: 03 August 2018
Published: -

Description : dexdump contains a flaw that is triggered as user-supplied
input is not properly sanitized when handling a specially crafted dex file.
This bug is triggeredin...

Defense in depth -- the Microsoft way (part 57): installation of security updates fails on Windows Embedded POSReady 2009 Stefan Kanthak (Sep 04)
Hi @ll,

on a multitude of machines running Windows Embedded POSReady 2009,
"automatic updates" show the well-known and never resolved bug which
lets the Windows Update Agent occupy one core (good luck if your CPU
has some of them and can afford to sacrifice one.-) for DAYS at 100%
load!

This nasty behaviour is documented for example in the MSKB articles
<https://support.microsoft.com/en-us/help/3102810> and
<...

[CFP] BSides San Francisco - March 2019 BSidesSF CFP via Fulldisclosure (Sep 04)
BSidesSF is soliciting papers and presentations for the 2019 annual
BSidesSF conference.

CFP: https://bsidessf.org/cfp.html

** Topics **

All topic areas related to reliability, network security, privacy,
cryptography, and information security are of interest and in scope.

Let us help you get the word out on The Next Big Thing!

** Theme **

80s!

** Submission **

https://bsidessf.org/cfp.html

** Dates and Deadlines **

September 1, 2018 –...

Other Excellent Security Lists

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

[slackware-security] ghostscript (SSA:2018-256-01) Slackware Security Team (Sep 13)
[slackware-security] ghostscript (SSA:2018-256-01)

New ghostscript packages are available for Slackware 14.2 and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/ghostscript-9.25-i586-1_slack14.2.txz: Upgraded.
This release fixes problems with argument handling, some unintended
results of the security fixes to the SAFER file access restrictions...

CVE-2018-16242 - oBike Electronic Lock Bypass Antoine Neuenschwander (Sep 13)
################################################################################
# #
# CVE-2018-16242 - oBike Electronic Lock Bypass #
# #
################################################################################
#...

CVE-2017-16639 - Tor Browser Deanonymization With SMB Filippo Cavallarin (Sep 12)
Advisory ID: SGMA18-002
Title: Tor Browser Deanonymization With SMB
Product: Tor Browser < 8.0, Firefox < 62 / < 60.2.0esr
Vendor: torproject.org, mozilla.org
Type: Information Disclosure
Risk level: 4 / 5
Credits: filippo.cavallarin () wearesegment com
CVE: CVE-2017-16639
Vendor notification: 2017-11-02
Vendor fix:...

Seagate Personal Cloud multiple information disclosure vulnerabilities Summer of Pwnage (Sep 12)
------------------------------------------------------------------------
Seagate Personal Cloud multiple information disclosure vulnerabilities
------------------------------------------------------------------------
Yorick Koster, September 2017

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
Seagate Personal Cloud is a consumer-grade...

[SYSS-2018-015] HiScout GRC Suite < 3.1.5 - Unrestricted Upload of File with Dangerous Type sebastian . auwaerter (Sep 12)
Advisory ID: SYSS-2018-015
Product: HiScout GRC Suite
Manufacturer: HiScout GmbH
Affected Version(s): < 3.1.5
Tested Version(s): 3.1.3.12
Vulnerability Type: Unrestricted Upload of File with Dangerous Type
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2018-07-26
Solution Date: 2018-09-03
Public Disclosure: 2018-09-12
CVE Reference: CVE-2018-16796
Author of Advisory: Sebastian Auwaerter, SySS GmbH...

Disclose SSRF Vulnerability Alphan Yavaş (Sep 12)
I. VULNERABILITY
-------------------------
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory
Federation Services) Server Side Request Forgery (SSRF)

II. CVE REFERENCE
-------------------------
CVE-2018-16794

III. VENDOR
-------------------------
https://www.microsoft.com
https://msdn.microsoft.com/en-us/library/bb897402.aspx

IV. TIMELINE
-------------------------
15/08/2018 Vulnerability discovered
18/08/2018 Vendor...

FreeBSD Security Advisory FreeBSD-SA-18:12.elf FreeBSD Security Advisories (Sep 12)
=============================================================================
FreeBSD-SA-18:12.elf Security Advisory
The FreeBSD Project

Topic: Improper ELF header parsing

Category: core
Module: kernel
Announced: 2018-09-12
Credits: Thomas Barabosch, Fraunhofer FKIE; Mark Johnston
Affects: All supported...

[SECURITY] [DSA 4292-1] kamailio security update Salvatore Bonaccorso (Sep 11)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4292-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
September 11, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : kamailio
CVE ID : CVE-2018-16657
Debian Bug :...

[SECURITY] [DSA 4291-1] mgetty security update Yves-Alexis Perez (Sep 11)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4291-1 security () debian org
https://www.debian.org/security/ Yves-Alexis Perez
September 11, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : mgetty
CVE ID : CVE-2018-16741

Two input...

[SECURITY] [DSA 4290-1] libextractor security update Salvatore Bonaccorso (Sep 11)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4290-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
September 10, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libextractor
CVE ID : CVE-2018-14346 CVE-2018-14347...

CVE-2017-16541 details: Deanonymize Tor Browser Users with Automount Filippo Cavallarin (Sep 10)
Hi all,
there is the details for CVE-2017-16541 (Tor Browser information disclosure),

More infos at: https://www.wearesegment.com/research/tormoil-deanonymize-tor-browser-users-with-automount/

Tor Browser version 7.0.8, and probably prior, for Mac OS X and Linux, is affected by an information disclosure
vulnerability that leads to full de-anonymization of website visitors using just a single html tag. The vulnerability
also affects Firefox...

[SECURITY] [DSA 4289-1] chromium-browser security update Michael Gilbert (Sep 10)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4289-1 security () debian org
https://www.debian.org/security/ Michael Gilbert
September 07, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : chromium-browser
CVE ID : CVE-2018-16065...

[SECURITY] [DSA 4288-1] ghostscript security update Moritz Muehlenhoff (Sep 10)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4288-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 07, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ghostscript
CVE ID : CVE-2018-15908 CVE-2018-15910...

[SECURITY] [DSA 4287-1] firefox-esr security update Moritz Muehlenhoff (Sep 10)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4287-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 07, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2018-12376 CVE-2018-12377...

[CVE-2018-15876] Ajax BootModal Login Captcha Reuse Lyderic LEFEBVRE (Sep 07)
About:
===========
Component: Ajax BootModal Login (Wordpress plugin)
Vulnerable version: 1.4.3 and possibly prior
CVE-ID: CVE-2018-15876
Author:
- Lydéric Lefebvre (https://www.linkedin.com/in/lydericlefebvre)
- Fabien Haureils (https://www.linkedin.com/in/fabien-haureils/)

Timeline:
===========
- 2018/08/25: Vulnerability found
- 2018/08/25: Advisory published on GitHub
- 2018/08/25: CVE-ID request
- 2018/08/26: Reported to developer on...

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

INFILTRATE CFP KEYNOTES Dave Aitel (Sep 11)
Doing a keynote is a lot of work - the peer review alone is brutal. And we
work hard on getting our INFILTRATE keynote speakers to present a unique
vision and perspective on our business, community, or overall strategy.
Usually, I personally call in favors from people I know or friends of
friends, and we sweeten the pot by not charging former keynoters for
tickets for all future INFILTRATES, which I think is a fair trade. :)

So I have a...

Re: Voting Village at Defcon Dave Aitel (Aug 25)
https://www.propublica.org/article/defcon-teen-did-not-hack-a-state-election

The whole thing was a sham. I know darktangent is on this list. Something
to think about for next year ...

-dave

Re: Cymothoa Exigua " (Aug 24)
I think it is worth noting that she claims multiple people felt the same
way and expressed similar independent opinions before she synthesized them
for a wider audience. What that probably means is that such comments are
not her feelings alone. What IS clear is that crypto technology is a double
edged sword and you must choose which edge of the blade you wish to wield.

Re: Voting Village at Defcon Chris Eng (Aug 23)
What even is the point of setting up “replica websites” that are only replicas in the sense that they ostensibly
perform the same function as the real sites, but otherwise do not share common code/technology and are essentially
known sacrificial sites with security bugs intentionally placed in them?

We know how much of the media operates. Did this coverage surprise anybody? Especially with quotes like this:

“These websites are so easy...

Cymothoa Exigua Dave Aitel (Aug 23)
The world is full of horrors, and one of those is Cymothoa Exigua
<https://www.google.com/search?q=fish+tongue+parasite&safe=off&source=lnms&tbm=isch&sa=X&ved=0ahUKEwi4vtLso4PdAhUGq1kKHen0D9oQ_AUICigB&biw=1440&bih=809>.
Another one of those, is groups of people who think they, somehow, have
cracked the code to developing technology in an "ethical" way, and if you
just obeyed them, everything would be...

Re: Voting Village at Defcon Kevin T. Neely (Aug 23)
Sure, it's SQLi, but I'm not sure why you'd minimize her effort. According
to the village's Twitter account, she changed the vote tallys from a
replica of the site. https://twitter.com/VotingVillageDC It would be nice
if the media reported on the recommendations that come from the findings,
but we all know that's not how the media operates.

K

Re: information operations efforts and data carving Jukka Ruohonen (Aug 23)
This was a good take on things. I generally also applaud the constructive
criticism instead of the ranting strategy...

But it is still social media. Now I've seen quite a few papers recently
about vulnerabilities viz. Twitter. Some of these are relevant; there have
been some information leakages about things I consider relevant myself
(i.e., open source). But now people are attaching the "zero-day" label to
their papers, which...

Hammerhead repost for Halvar Dave Aitel (Aug 13)
From:
https://web.archive.org/web/20040131120103/http://www.immunitysec.com:8010/29/2002
- Fishing for Obscurity

Some sharks and fish have a unique sixth sense – they can generate and
detect electrical fields, even minute ones. According to the font of all
natural knowledge, the Discovery channel (as opposed to Dawson's Creek, the
font for all social knowledge), a hammer head shark's funny looking head is
actually a voltmeter of...

Voting Village at Defcon Dave Aitel (Aug 13)
https://www.usatoday.com/story/tech/nation-now/2018/08/13/11-year-old-hacks-replica-florida-election-site-changes-results/975121002/

So I don't know a ton about the details of voting machines, but I'm pretty
sure what happened at the DEFCON voting village is not being represented at
all accurately in the media, and I'm curious why nobody in the community is
pushing back on it, specifically I think we have a duty not to be used as...

information operations efforts and data carving Dave Aitel (Aug 09)
Previously Unreleased Work:
https://docs.google.com/presentation/d/1tMlJvnUv_Qbh5mx2RYbyuTHTHr9c9ShIKBzz_JDGn_s/edit?usp=sharing
Paper on the 3M Tweets from Clemson:
https://www.cyxtera.com/blog/data-carving-the-internet-research-agency-tweets

So what you see a lot in some papers is this sort of thing (this one is
from the original Clemson paper):
[image: image.png]I always get flashbacks of that XKCD Correlation vs
Causation comic <...

FINAL CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018 Branco, Rodrigo (Aug 09)
CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018

[ - Introduction - ]

It is a pleasure to invite you to submit abstracts to iSecCon 2018, the annual Security Conference at Intel.

This prestigious conference aims to bring together esteemed speakers from the industry, government and academia to
share knowledge and leading-edge ideas about security and related topics. This is an
excellent opportunity to network with like-minded people...

Assessment Dave Aitel (Jul 20)
So soon after the Immunity deal closed we had this big all hands conference
call with everyone in the larger Cyxtera group on it, and Chris Day, who
runs the group I'm in, said, "Hey Dave, can you give everyone a quick
rundown as to what Immunity is, now that we're all one big team?" and I'll
be honest, I totally bombed.

Immunity has never done corporate verbiage. There's a tendency to be
extremely bland and generic...

Capstone disassembler framework v3.0.5 is out! Nguyen Anh Quynh (Jul 20)
Greetings,

We are very happy to announce version 3.0.5 of Capstone disassembler
framework!

In no particular order, we would like to thank CrowdStrike, CMC Infosec &
Jurriaan Bremer for sponsoring this release!

This stable version fixes some security issues in the core, as well as many
improvements, so existing users are strongly recommended to upgrade.

More details are available at http://capstone-engine.org/Version-3.0.5.html

(For those...

Peach season Dave Aitel (Jul 13)
As Ryan Naraine has pointed out I never did an announcement on this mailing list when Cyxtera<https://www.cyxtera.com>
and Immunity finally closed our deal. Partially that's because these things are in some ways anti-climactic, and
partially because I and a lot of the team at Immunity immediately went on a binge of experimenting with various large
toolkits we'd never had access to before.

For example, this one:...

CALL FOR PAPERS - INTEL SECURITY CONFERENCE (iSecCon) 2018 Branco, Rodrigo (Jul 09)

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

Microsoft Security Advisory Notification Microsoft (Sep 12)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 12, 2018
********************************************************************

Security Advisories Released or Updated on September 12, 2018
===================================================================

* Microsoft Security Advisory ADV180022

- Title: Windows Denial of Service Vulnerability
-...

Microsoft Security Update Minor Revisions Microsoft (Sep 12)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: September 12, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a minor revision increment:

* CVE-2018-8421
* CVE-2018-8468

Revision Information:
=====================

- CVE-2018-8421 | .NET Framework Remote Code Execution
Vulnerability...

Microsoft Security Update Summary for September 11, 2018 Microsoft (Sep 11)
********************************************************************
Microsoft Security Update Summary for September 11, 2018
Issued: September 11, 2018
********************************************************************

This summary lists security updates released for September 11, 2018.

Complete information for the September 2018 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>....

Microsoft Security Update Releases Microsoft (Sep 11)
********************************************************************
Title: Microsoft Security Update Releases
Issued: September 11, 2018
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment:

* CVE-2018-8154

Revision Information:
=====================

- CVE-2018-8154 | Microsoft Exchange Memory Corruption
Vulnerability
-...

Microsoft Security Advisory Notification Microsoft (Sep 11)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 11, 2018
********************************************************************

Security Advisories Released or Updated on September 11, 2018
===================================================================

* Microsoft Security Advisory ADV180002

- Title: Guidance to mitigate speculative execution...

Microsoft Security Advisory Notification Microsoft (Aug 24)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: August 24, 2018
********************************************************************

Security Advisories Released or Updated on August 24, 2018
===================================================================

* Microsoft Security Advisory ADV180018

- Title: Microsoft guidance to mitigate L1TF variant
-...

Microsoft Security Update Releases Microsoft (Aug 21)
********************************************************************
Title: Microsoft Security Update Releases
Issued: August 21, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2018-8273

Revision Information:
=====================

- CVE-2018-8273 | Microsoft SQL Server Remote Code Execution
Vulnerability
-...

Microsoft Security Update Releases Microsoft (Aug 20)
********************************************************************
Title: Microsoft Security Update Releases
Issued: August 20, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2018-0952

Revision Information:
=====================

- CVE-2018-8273 | Diagnostic Hub Standard Collector Elevation of
Privilege Vulnerability
-...

Microsoft Security Advisory Notification Microsoft (Aug 15)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: August 15, 2018
********************************************************************

Security Advisories Released or Updated on August 15, 2018
===================================================================

* Microsoft Security Advisory ADV180002

- Title: Guidance to mitigate speculative execution side-channel...

Microsoft Security Update Releases Microsoft (Aug 15)
********************************************************************
Title: Microsoft Security Update Releases
Issued: August 15, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2018-8202
* CVE-2018-8284

Revision Information:
=====================

- CVE-2018-8202 | .NET Framework Elevation of Privilege
Vulnerability
-...

Microsoft Security Update Summary for August 14, 2018 Microsoft (Aug 14)
********************************************************************
Microsoft Security Update Summary for August 14, 2018
Issued: August 14, 2018
********************************************************************

This summary lists security updates released for August 14, 2018.

Complete information for the August 2018 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>.

Critical Security...

Microsoft Security Advisory Notification Microsoft (Aug 14)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: August 14, 2018
********************************************************************

Security Advisories Released or Updated on August 14, 2018
===================================================================

* Microsoft Security Advisory ADV180018

- Title: Microsoft guidance to mitigate L1TF variant
-...

Microsoft Security Advisory Notification Microsoft (Aug 08)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: August 8, 2018
********************************************************************

Security Advisories Released or Updated on August 8, 2018
===================================================================

* Microsoft Security Advisory ADV180012

- Title: Microsoft Guidance for Speculative Store Bypass
-...

Microsoft Security Advisory Notification Microsoft (Aug 01)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: August 1, 2018
********************************************************************

Security Advisories Released or Updated on August 1, 2018
===================================================================

* Microsoft Security Advisory ADV180002

- Title: Guidance to mitigate speculative execution side-channel...

Microsoft Security Update Releases Microsoft (Aug 01)
********************************************************************
Title: Microsoft Security Update Releases
Issued: August 1, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2018-8172
* CVE-2018-8202

Revision Information:
=====================

- CVE-2018-8172 | Visual Studio Remote Code Execution
Vulnerability
-...

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

Verizon: 1.5M of Contact Records Stolen, Now on Sale Jeffrey Walton (Mar 26)
http://www.mobipicker.com/verizon-1-5m-contact-records-stolen-now-sale/:

A business to business telecommunication giant,
Verizon Enterprise Solutions, a Basking Ridge,
New Jersey-based company, has been the latest
victim of a cyber crime that stole 1.5 million contact
records of the customers of Verizon...

I don't quite understand this double talk. Could someone explain to me:

A spokesperson from Verizon said that...

Statement on Lavabit Citation in Apple Case Jeffrey Walton (Mar 16)
(From John Young on another list):
http://www.facebook.com/KingLadar/posts/10156714933135038

As many of you already know, the government cited the Lavabit case in
a footnote. The problem is their description insinuates a precedent
that was never created. Obviously I was somewhat disturbed by their
misrepresentation. So I decided to draft a statement. And keep in
mind, these are the same people who say "trust us." Click continue to
read...

The NSA's back door has given every US secret to our enemies Jeffrey Walton (Feb 29)
http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2

Deng Xiaoping, in 1979 - his second year as supreme leader of China -
perceived a fundamental truth that has yet to be fully grasped by most
Western leaders: Software, if properly weaponized, could be far more
destructive than any nuclear arsenal.

Under Deng’s leadership, China began one of the most ambitious and
sophisticated meta- software...

Can Spies Break Apple Crypto? Jeffrey Walton (Feb 27)
Here's an interesting exchange between Cryptome and Michael Froomkin,
Law Professor at University of Miami, on the All Writs Act
(http://cryptome.org/2016/02/can-spies-break-apple-crypto.htm):

-----

A. Michael Froomkin:

The factual posture in the key Supreme Court precedent, New York
Telephone, involved a situation where only the subject of the order
was capable of providing the assistance at issue. This is the basis
for Apple's...

The FBI's iPhone Problem: Tactical vs. Strategic Thinking Jeffrey Walton (Feb 23)
http://www.technewsworld.com/story/83130.html

I'm an ex-sheriff, and I've been in and out of security jobs for much
of my life, so I've got some familiarity with the issues underlying
the drama between the FBI and Apple. FBI officials -- and likely those
in every other three-letter agency and their counterparts all over the
world -- would like an easier way to do their jobs. Wouldn't we all?

If they could put cameras in...

Wanted: Cryptography Products for Worldwide Survey Jeffrey Walton (Jan 01)
(http://www.schneier.com/crypto-gram/archives/2015/1215.html):

In 1999, Lance Hoffman, David Balenson, and others published a survey
of non-US cryptographic products. The point of the survey was to
illustrate that there was a robust international market in these
products, and that US-only export restrictions on strong encryption
did nothing to prevent its adoption and everything to disadvantage US
corporations. This was an important contribution...

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

CVE-2018-1330: Libprocess might crash when decoding malformed HTTP requests or malformed JSON payload. Alex R (Sep 13)
Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Apache Mesos 1.4.0 to 1.5.0
The unsupported Apache Mesos pre-1.4.0 releases may be also affected.

Description:
When parsing a malformed JSON payload, libprocess might crash due to
an uncaught exception. Parsing chunked HTTP requests with trailers
can lead to a libprocess crash too because of the mistakenly planted
assertion. A malicious actor can therefore cause a...

OpenSC release 0.19.0 Frank Morgner (Sep 13)
Hi all!

I'm happy to announce the new OpenSC release 0.19.0, which be found here
https://github.com/OpenSC/OpenSC/releases/tag/0.19.0 including the full
list of changes.

Most notably, this release contains fixes for mutliple issues, ranging from
stack based buffer overflows to out of bounds reads and writes on the heap.
They can be triggered by malicious smartcards sending malformed responses
to APDU commands. A detailed description can be...

Cleartext passwords external services in Squash TM's web interface Guillaume Quéré (Sep 13)
SquashTM
--------
Squash TM is a web interface used to manage test cases. More at: https://www.squashtest.org/en

Description
-----------
There is a vulnerability in SquashTM's administration panel, where external services (a.k.a. automation servers) are
defined: each service's HTML page contains the cleartext password of the service's account. These external services
could be anything but a popular example is a Jenkins server....

Re: tdesktop leaks user IP address Daniel Kahn Gillmor (Sep 12)
Hi Dhiraj--

Thanks for this report -- it's good to have people looking at metadata
leakage and considering it as a security concern. It is.

However, i'm not convinced that you've described the problem you're
seeing well enough to be actionable yet. In particular, it's not clear
to me *whose IP address* you are concerned about leaking, and *where*
you are concerned about it leaking. It's also not clear to me that...

[SECURITY] New security advisory CVE-2018-8041 released for Apache Camel Andrea Cosentino (Sep 12)
A new security advisory has been released for Apache Camel, that is fixed in
the recent 2.20.4, 2.21.2 and 2.22.1 releases:

CVE-2018-8041: Apache Camel's Mail is vulnerable to path traversal

Severity: MEDIUM

Vendor: The Apache Software Foundation

Versions Affected: Camel 2.20.0 to 2.20.3, Camel 2.21.0 to 2.21.1 and Camel 2.22.0

The unsupported Camel 2.x (2.19 and earlier) versions may be also affected.

Description: Apache...

tdesktop leaks user IP address Dhiraj Mishra (Sep 11)
This is still not fix in telegram desktop team says their is nothing to
fix here and this is working has intended.

tdesktop: https://github.com/telegramdesktop/tdesktop

*Steps to reproduce:*
1. ./Telegram
2. Call end user
3. The access log on CLI reveals the end user public IP address.

By default in tdesktop p2p is enable, which open a direct communication
when calling to the other user, potentially seeing his/her IP. Telegram is
supposedly...

Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5 Larry W. Cashdollar (Sep 11)
Title: Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and
Newsletter v2.5
Author: Larry W. Cashdollar, @_larry0
Date: 2018-08-22
CVE-IDs:[CVE-2018-1002000][CVE-2018-1002001][CVE-2018-1002002][CVE-2018-1002003][CVE-2018-1002004][CVE-2018-1002005][CVE-2018-1002006][CVE-2018-1002007][CVE-2018-1002008][CVE-2018-1002009]
Download Site: https://wordpress.org/plugins/bft-autoresponder/
Vendor:...

Re: Re: Ghostscript 9.24 issues Marcus Meissner (Sep 10)
Mitre has assigned CVE-2018-16802 to these 3 commits.

Ciao, Marcus

Re: [ANNOUNCE] CVE-2018-11775: ActiveMQ Client - Missing TLS Hostname Verification Solar Designer (Sep 10)
Christopher,

Thank you for bringing this to oss-security. However, please be aware
that including essential information only by reference is against list
content guidelines here:

https://oss-security.openwall.org/wiki/mailing-lists/oss-security#list-content-guidelines

which include:

"At least the most essential part of your message (e.g., vulnerability
detail and/or exploit) should be directly included in the message itself
(and in...

Re: [ANNOUNCE] CVE-2018-11775: ActiveMQ Client - Missing TLS Hostname Verification Christopher Shannon (Sep 10)
I just realized I had a typo in the announcement, the versions
affected should be:
Apache ActiveMQ 5.0.0 - 5.15.5

The file will be updated shortly.

[ANNOUNCE] CVE-2018-11775: ActiveMQ Client - Missing TLS Hostname Verification Christopher Shannon (Sep 10)
The following security vulnerability was reported against Apache
ActiveMQ 5.15.5 and older versions.

Please check the following document and see if you’re affected by the issue.

http://activemq.apache.org/security-advisories.data/CVE-2018-11775-announcement.txt

Apache ActiveMQ 5.15.6 has been released with appropriate fixes and is
available for upgrade.

Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Sep 09)
[resending post that bounced]

Another update, that bypass is now fixed with these commits:

http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=3e5d316b72e3965b7968bb1d96baa137cd063ac6
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=643b24dbd002

The problem was that the previous
<http://git.ghostscript.com/?p=ghostpdl.git&a=commitdiff&h=5812b1b78fc4> commit
relied on catching any errors, then restoring a sane state...

Re: Ghostscript 9.24 issues Tavis Ormandy (Sep 09)
Yes, I think that's enough for all the issues I reported. There are some
more security commits in git (like this one
<http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=fb713b3818b52d8a6cf62c951eba2e1795ff9624>)
that are not from me though. That one in particular seems like a good idea,
errordict is like window.onerror in PostScript, a top-level exception
handler. It's hard to believe there are many legitimate untrusted...

perl Crypt::JWT vulnerability Jeremy Choi (Sep 07)
A vulnerability that might be able to cause bypass authentication was
discovered by myself in Perl Crypt::JWT package prior to 0.023(fix -
https://github.com/DCIT/perl-Crypt-JWT/commit/b98a59b42ded9f9e51b2560410106207c2152d6c
).
## Details

(JWT.pm)
606 # key
607 my $key = defined $args{keypass} ? [$args{key}, $args{keypass}] :
$args{key};
608 my $kid = exists $header->{kid} ? $header->{kid} :
$unprotected_header->{kid};
609 if (!defined...

Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Leonid Isaev (Sep 06)
Currently, evince, okular and gv don't. The same goes for zathura with its
poppler backend (haven't checked this, but pretty sure). But then there is also
Artifex Mupdf which, AFAIR, supports JS in pdf files (by extension, so does
zathura when viewing a pdf file using the mupdf plugin). I don't know how
complete that support is. Most importantly, many Android pdf/ebook readers
probably include JS support.

CHeers,
L.

Educause Security Discussion — Securing networks and computers in an academic environment.

Re: MFA requirement for faculty Mr. Ikram Muhammad (Sep 14)
1. Did you require it everywhere, or have exempt locations? Like on your campus network, perhaps.
No, Labs and Classrooms are exempt.

1. Did you allow devices to be "remembered?"
Yes, 7 Days.

1. Was there any blowback from "helicopter parents" that were used to accessing their "child's" account?
So far no blowback from parents, We just started rolling out to students.

1. If...

Re: Visitor Management Software Belsito, Louis D (Sep 13)
Another option... iVisitor by Veristream.
In a past life (corporate world with multiple campuses) I on-boarded/maintained iVisitor by Veristream. There was a
static input to handle visitors in reception and then there was a dynamic upload to handle the employees who were
authorized to bring visitors into a buildings. The a dynamic upload kicked off every 24 hours. We had it pulling from
Active Directory and it would add authorized employees...

Re: MFA requirement for faculty Gael Frouin (Sep 12)
Hello,

We are in the process of deploying it for all our constituents in a phased
approach (departments by departments: first administrative ones and soon
academic ones. Then we will address students) to all SSO-enabled
applications (which is "most" applications and VPN connections. Within the
next year we will have our email behind SSO as well so it will eventually
be covered.

1. Exemptions: Not required from on-campus. This has made...

Re: MFA requirement for faculty Harvard Townsend (Sep 12)
1. Currently no exemptions, but plan to exempt lab and classroom computers; still debating exempting employee
computers

2. Yes, with a 30 day "remember" period

3. Haven't rolled it out for students yet.

Re: Fw: MFA requirement for faculty Jeremy Rosenberg (Sep 12)
We lumped faculty and staff together. So they all require it and have since
the spring.

Jeremy

[LISTANNOUNCE] Recent Listserv Issues Membership (Sep 12)
Dear EDUCAUSE Listserv Participants,

Recently we experienced some issues with the Listserv platform that serves our constituent and discussion groups,
working groups, and committees.

First and foremost, we want to apologize for any disruption this may have caused you. We know you depend on these
groups to help you collaborate with your peers. We are happy to report all is back to normal.

Here's an update on what happened and how it...

Re: Fw: MFA requirement for faculty Carrie Shumaker (Sep 12)
Harvard,

UMich, both Ann Arbor and Dearborn campuses, are going to require 2FA for
faculty come January. It was already required for ERP system access, but
there was an exemption for common faculty functions such as grade entry and
class rosters. This exemption will be gone as of January, and email,
calendaring, the LMS, and any other functions using our SSO will be
protected by 2FA.

Carrie

Re: MFA requirement for faculty Tina Thorstenson (Sep 12)
We have deployed MFA for all faculty, staff, and student workers when they connect to any enterprise university service.

> • Did you require it everywhere, or have exempt locations? Like on your campus network, perhaps.
We require for all faculty, staff, and students in all locations at all times
> • Did you allow devices to be “remembered?”
Yes, 7 days
> • Was there any blowback from “helicopter...

Re: MFA requirement for faculty Cam Beasley (Sep 12)
1 - yes for all central ID usage (for active faculty/staff/students) in all web services/applications — coming in
Spring (partially rolled already)
2 - yes, 30-days
3 - yes, we use this option for those scenarios (http://eproxy.utexas.edu/)
4 - see 3

~cam.

Re: MFA requirement for faculty Gregg, Christopher S. (Sep 12)
1. Did you require it everywhere, or have exempt locations? Like on your campus network, perhaps.

We exempt on campus networks for Office365. This was instrumental in my opinion in allowing us to roll out MFA to all
users (27,000) within 6 months. This was especially so since our intranet solution is Office365 based, and the default
home page on campus computers. Requiring MFA for the intranet from on campus would have been a large...

Re: MFA requirement for faculty Jackson, William (Sep 12)
1. No. Only staff and faculty accessing remote services must have Duo Security MFA. This is for the Remote
Desktop and VPN.

2. No remembered devices allowed. The thought is that if the device is stolen the MFA protects the remote assets.

3. N/A

4. N/A

William M. Jackson Jr.
Director of Network and Desktop Support Services
Flagler College

Office Line: 904.819.6310
Mobile Line: 904.814-7877
Email: wjackson () flagler...

Re: MFA requirement for faculty Steve Niedzwiecki (Sep 12)
1. Did you require it everywhere, or have exempt locations? Like on your campus network, perhaps.

Required everywhere

1. Did you allow devices to be "remembered?"

Yes, 90 days

1. Was there any blowback from "helicopter parents" that were used to accessing their "child's" account?

Not that I've heard

1. If yes to #3, how did you deal with it?

Steve Niedzwiecki
Senior Security Architect...

Re: Visitor Management Software Gomez, Joshua (Sep 12)
I haven't heard of EasyLobby, but Envoy Visitor Management would be another viable option to look at.

Josh
Joshua Gomez | Consultant, Information Security
Information Technology Solutions
Physical Address: 1230 Elm Street, Manchester, NH 03101
Mailing Address: 2500 North River Road, Manchester, NH 03106
Office Phone: 603-626-9100 x7777 |
[SNHU horizontal logo]

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY ()...

Re: MFA requirement for faculty Telfer, Will (Sep 12)
1. Did you require it everywhere, or have exempt locations? Like on your campus network, perhaps.
No exemptions allowed for students, faculty, & staff (there is one service account used for training that has a
permanent bypass in place, but it was approved by the CIO/CISO who is my supervisor)

1. Did you allow devices to be "remembered?"
Yes, for 7 Days.

1. Was there any blowback from "helicopter parents" that...

Re: MFA requirement for faculty Hagan, Sean (Sep 12)
1. Yes, it is required regardless of physical/network location.

2. Yes, for a longer period than I would like, but it has dramatically reduced complaints during the
enrollment/familiarization process... :)

3. N/A - we do not currently require students to use MFA (we do however require student employees to use MFA).

4. N/A

And to Harvard's original question, we require use of MFA by faculty (including adjuncts)...

Internet Issues and Infrastructure

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

Playstation/Sony Support Dennis Burgess via NANOG (Sep 14)
I am looking for someone that can help me with a IP that appears banned from the PS4 network. If you are around,
please hit me off-list :)

Thanx,

Dennis Burgess, Mikrotik Certified Trainer
Author of "Learn RouterOS- Second Edition"
Link Technologies, Inc -- Mikrotik & WISP Support Services
Office: 314-735-0270 Website: http://www.linktechs.net<http://www.linktechs.net/>
Create Wireless Coverage's with...

Weekly Routing Table Report Routing Analysis Role Account (Sep 14)
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.

The posting is sent to APOPS, NANOG, AfNOG, SANOG, PacNOG, SAFNOG
TZNOG, MENOG, BJNOG, SDNOG, CMNOG, LACNOG, IRNOG and the RIPE Routing WG.

Daily listings are sent to bgp-stats () lists apnic net

For historical data, please see http://thyme.rand.apnic.net.

If you have any comments please contact Philip Smith...

Re: QWEST you have broken DNS servers Anne P. Mitchell, Esq. (Sep 14)
From Qwest/CL:

"we are aware of the issue and expect this to be resolved next month."

Google Captcha Justin Wilson (Sep 14)
In the experience of the community what causes the “Unusual traffic” messages when doing google searches? This
ISP network hands out public IP addresses to each and every customer. No batting going on. Does Google typically drop
entire /24’s into this if they see an issue? The initial troubleshooting we have done involves disconnecting the
customer router and going direct with a laptop. Still the same captcha. We clock “I...

Re: tier 4 datacenter requirement "translation" Andrew Latham (Sep 14)
I would have to go check for sure but I believe it applies to screws or
bolts that could pierce the membrane. A well sealed roof is all they
are looking for.

Re: Database that netflix/hulu use to determine who is a proxy and who isnt? Michael Crapse (Sep 14)
maxmind and the other geolocation databases have the biggest effect. if
updating that doesn't fix your problem. Geosupport () netflix com can get you
squared away

Database that netflix/hulu use to determine who is a proxy and who isnt? Drew Weaver (Sep 14)
It seems like recently one of the sources for IP info that Netflix and Hulu uses was updated with erroneous information
as access to both of the services was revoked pretty much at the same time.

Does anyone know what source they use for that information so I can request that they fix some of their information?

Thanks,
-Drew

tier 4 datacenter requirement "translation" Valeriu Vraciu (Sep 14)
Hello,

It may be somehow offtopic, but maybe someone can help understand the
meaning of a requirement for Tier 4 DC.

We have a project to build a Tier 4 datacenter. One of the requirements
specified in TIA942 and related to roof of the building sounds like this:

"double redundant with concrete deck (no mechanically attached systems)"

For my understanding (being not a native English speaker) what exactly
does this mean ?
1. no...

Re: Puerto Rico Internet Exchange Darin Steffl (Sep 14)
What is the average latency from the mainland to PR? If it's under 10ms,
there's probably not a huge push for a local IX.

But to compare to our IX in Minnesota, we are within 8ms of Chicago and we
certainly didn't need one here but a group of guys got together some
donations and donated rack space, power, etc. And now we have a very busy
IX with most of the big players on it. I think we push almost 211 gbps at
peak.

So our model...

Re: Puerto Rico Internet Exchange Mel Beckman (Sep 14)
Mike,

But why would you want, as a content provider, to have your content hosted on the island? Backhauling it over fiber is
no big deal across the short distances involved. As far as I can tell, PR has a glut of ocean floor fiber capacity,
just installed a couple years ago. We're not talking stock market trades here, where milliseconds matter. We're talking
Netflix movie reruns, which could be easily delivered with seconds of...

Re: Puerto Rico Internet Exchange Sander Steffann (Sep 14)
Hi,

This can also work the other way: once there is a local IXP, it can open opportunities for local content providers.

Cheers,
Sander

Re: Puerto Rico Internet Exchange Ben Cannon (Sep 13)
Our SF2 facility’s IXP has a Netflix OpenFiler; https://openconnect.netflix.com

That alone might be worth an XC/IXP.

Even where bandwidth is available, it can still be prohibitively expensive - conversely lowering costs could translate
to lowered fees to customers.

-Ben.

Re: Puerto Rico Internet Exchange Mel Beckman (Sep 13)
Mehmet,

In general an IX only makes sense when there are local resources to exchange. It doesn’t seem like PR has a lot of, if
any, content providers of its own, so most consumer content is coming from offshore anyway. Given modern DWDM fiber,
backhauling all that content shouldn’t be an issue. I recall that in mid-2015 PR landed the "most advanced undersea
fiber-optic cable in the Caribbean and Central America”, uniting a total of...

Re: Puerto Rico Internet Exchange Joel Jaeggli (Sep 13)
Looking at it in my mind, the decision point is really about how much traffic can be served by being there. It took a
long time to recover to pre-hurricane levels. I would hope in the longer term that it’s a growth story and makes that
more compelling, actually having a destination to put equipment in and reach peers helps of course.

Having any anycast service, to me it looks like Puerto Rico has significant connectivity landing places...

RE: Puerto Rico Internet Exchange James Breeden (Sep 13)
Mehmet,

My opinion to you (and I have no network in the Carribbean or interest in it other than a purely academic and technical
exercise) would be that you guys go ahead and start, even if you just initially split the cost of the switch and
interfaces to peer among yourselves. Once you get a base established of a lot of routes available, it may give you
better “clout” for getting some larger players to connect to your IX or at least help...

Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

Risks Digest 30.83 RISKS List Owner (Sep 13)
RISKS-LIST: Risks-Forum Digest Thursday 13 September 2018 Volume 30 : Issue 83

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.83>
The current issue can also...

Risks Digest 30.82 RISKS List Owner (Sep 04)
RISKS-LIST: Risks-Forum Digest Tuesday 4 September 2018 Volume 30 : Issue 82

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.82>
The current issue can also...

Risks Digest 30.81 RISKS List Owner (Aug 25)
RISKS-LIST: Risks-Forum Digest Saturday 25 August 2018 Volume 30 : Issue 81

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.81>
The current issue can also be...

Risks Digest 30.80 RISKS List Owner (Aug 18)
RISKS-LIST: Risks-Forum Digest Saturday 18 August 2018 Volume 30 : Issue 80

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.80>
The current issue can also be...

Risks Digest 30.79 RISKS List Owner (Aug 08)
RISKS-LIST: Risks-Forum Digest Wednesday 8 August 2018 Volume 30 : Issue 79

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.79>
The current issue can also be...

Risks Digest 30.78 RISKS List Owner (Aug 01)
RISKS-LIST: Risks-Forum Digest Wednesday 1 August 2018 Volume 30 : Issue 78

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.78>
The current issue can also be...

Risks Digest 30.77 RISKS List Owner (Jul 30)
RISKS-LIST: Risks-Forum Digest Monday 30 July 2018 Volume 30 : Issue 77

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.77>
The current issue can also be...

Risks Digest 30.76 RISKS List Owner (Jul 20)
RISKS-LIST: Risks-Forum Digest Friday 20 July 2018 Volume 30 : Issue 76

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.76>
The current issue can also be...

Risks Digest 30.75 RISKS List Owner (Jul 14)
RISKS-LIST: Risks-Forum Digest Saturday 14 July 2018 Volume 30 : Issue 75

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> and
<http://catless.ncl.ac.uk/Risks/30.75>
The current issue can also be...

Risks Digest 30.74 RISKS List Owner (Jul 05)
RISKS-LIST: Risks-Forum Digest Thursday 5 July 2018 Volume 30 : Issue 74

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.74>
The current issue can also be...

Risks Digest 30.73 RISKS List Owner (Jun 26)
RISKS-LIST: Risks-Forum Digest Tuesday 26 June 2018 Volume 30 : Issue 73

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.73>
The current issue can also be...

Risks Digest 30.72 RISKS List Owner (Jun 12)
RISKS-LIST: Risks-Forum Digest Tuesday 12 June 2018 Volume 30 : Issue 72

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.72>
The current issue can also be...

Risks Digest 30.71 RISKS List Owner (Jun 05)
RISKS-LIST: Risks-Forum Digest Tuesday 5 May 2018 Volume 30 : Issue 71

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.71>
The current issue can also be...

Risks Digest 30.70 RISKS List Owner (May 26)
RISKS-LIST: Risks-Forum Digest Saturday 26 May 2018 Volume 30 : Issue 70

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.70>
The current issue can also be...

Risks Digest 30.69 RISKS List Owner (May 16)
RISKS-LIST: Risks-Forum Digest Wednesday 16 May 2018 Volume 30 : Issue 69

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.69>
The current issue can also be...

BreachExchange — BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.

Open Source Tool Development

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

Re: Unable to Decode SSL Message Jaap Keuter (Sep 14)
This is a experimental RFC (https://tools.ietf.org/html/rfc6962 <https://tools.ietf.org/html/rfc6962>) to include a
TBSCertificate (https://tools.ietf.org/html/rfc5280 <https://tools.ietf.org/html/rfc5280>).
Someone would have to add the ASN.1 definitions to the relevant dissector. An enhancement bug
(https://bugs.wireshark.org <https://bugs.wireshark.org/>) with a capture file (not screenshot) showing this OID used
would...

Unable to Decode SSL Message Mohd Nizar Nong (Sep 14)
Hi Team,

Can suggest / advise an approach to solve below error.

[cid:image001.png@01D44C2B.387E4110]

Best Regards,
Mohd Nizar Nong
(Sr Application Support)

Infinitium Holdings Sdn Bhd
Member of Infinitium Group of Companies
Meritus @ Oasis Corporate Park,
B2-7-01, 2, Jalan PJU 1A/2, 47301,
Petaling Jaya, Selangor,
Malaysia

Tel: +60378900058 ext: 8023

Mobile: +60163701871
Email: mohdnizar () infinitium com

[...

Re: Include Wireshark logos in CC BY/BY-SA 4.0 licensed work? Jaap Keuter (Sep 14)
Tricky, probably Gerald who has to chime in here.

Re: Include Wireshark logos in CC BY/BY-SA 4.0 licensed work? panic (Sep 13)
Any ideas?

Cheers,
-- panic

Re: Pointers needed for building Wireshark 2.6.3 on a Raspberry Pi model 3B (armv7 processor?) João Valverde (Sep 13)
Proposed fix here: https://code.wireshark.org/review/c/29653/

Re: Pointers needed for building Wireshark 2.6.3 on a Raspberry Pi model 3B (armv7 processor?) Geoff Lee (Sep 13)
That’s a good question to ask :-)

I've got a couple of thoughts from the perspective of an *absolute* novice. I'll review my (currently rather scrappy)
notes and get something back to you in a day or so (got a few commitments to take care of today).

Geoff

-----Original Message-----
From: Wireshark-dev [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Jaap Keuter
Sent: 13 September, 2018 9:16 PM
To: Developer support...

Re: Pointers needed for building Wireshark 2.6.3 on a Raspberry Pi model 3B (armv7 processor?) Jaap Keuter (Sep 13)
Hi Geoff,

Congratulations on your successful build.
Now, looking back, what from your experience would be beneficial to add or change in the User’s Guide/Developer’s Guide
for the general public, if anything?

Re: Gerrit Dario Lombardo (Sep 13)
I intended to add Jasper in CC, as I told him. I just realized that the
assignee field and reviewers are close in the new UI and I clicked on the
wrong one. I'm still getting used to polygerrit.

Re: Gerrit Jasper Bongertz (Sep 13)
Hello Peter,

I think calling it as "assigned to me" was a misinterpretation on my behalf.
Dario only wanted me to be cc'd in, as you assumed.

Thanks!
Jasper

Thursday, September 13, 2018, 11:26:07 AM, you wrote:

Re: Gerrit Peter Wu (Sep 13)
Hi Jasper,

The change (https://code.wireshark.org/review/29549) does not have
downloadable builds. Not sure why Dario "assigned" you, it was probably
an attempt to copy ("cc") you on the change to make you aware of it. I
have not seen this assign function being used before.

Re: Pointers needed for building Wireshark 2.6.3 on a Raspberry Pi model 3B (armv7 processor?) Geoff Lee (Sep 12)
Posting this to report success !!!!

The `ninja -j1` suggestion made the difference. While it ran visibly slower than the simple `ninja` command which
defaults to parallel builds, `ninja -j1` just kept working away steadily and finished all the remaining 294 steps
without any hesitation. I now have wireshark 2.6.4, successfully compiled on my Raspberry Pi for an armv7 processor.

In a separate build directory (and running at a separate time,...

Re: Pointers needed for building Wireshark 2.6.3 on a Raspberry Pi model 3B (armv7 processor?) Guy Harris (Sep 12)
Probing the compiler *and* the libraries/developer header files.

Because the CMakeLists.txt file is buggy; it's making an inappropriate assumption.

The 2.6 version of the top-level CMakeLists.txt appears to (implicitly) assume that, on a system with rpmbuild and git,
you're doing a build from a cloned git directory, as per the comment.

The master branch version doesn't; perhaps we should backport the changes involved to 2.6, or...

Re: Pointers needed for building Wireshark 2.6.3 on a Raspberry Pi model 3B (armv7 processor?) João Valverde (Sep 12)
Seems like a bug in the Wireshark source distribution (you did well to
move past it).

Ninja by default runs several compilation processes in parallel. It's
possible (as you suggest) that you are hitting memory limits, in which
case you should run the command "ninja -j1" instead.

Re: Pointers needed for building Wireshark 2.6.3 on a Raspberry Pi model 3B (armv7 processor?) Geoff Lee (Sep 12)
Many thanks indeed to everyone who posted answers to help me! Much
appreciated.

(And apologies if this fails to attach to the thread properly - I foolishly
set the daily digest option when I subscribed to the list, and can't figure
out how to respond properly to individual messages. I've fixed that now).

I'm making much better progress now :-)

As explained in Guy Harris's most recent and very illuminating post,
(almost)...

Re: Capture filter expression Maynard, Chris (Sep 12)
If you need to ensure that you capture IP fragments, you can add the following to your capture filter: "ip[6:2] &
0x3fff != 0x0000". Of course you’ll get *all* fragments and not necessarily just those fragments associated with the
packets of interest. That said, you may be able to include other filters, such as host filters, to reduce the number
of irrelevant packets.

By the way, you can also use "(udp[8:4] =...

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

Snort Subscriber Rules Update 2018-09-13 Research via Snort-sigs (Sep 13)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Microsoft Vulnerability CVE-2018-8475:
A coding deficiency exists in Microsoft Windows that may lead to remote
code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 47764 through 47765.

Talos also has added and modified multiple rules in the...

Re: IOS. is there a version for Apple IPhone8 Paul Villegas via Snort-users (Sep 13)
Ty very much for all of your help I really appreciate it. This is a great community...

Sent from Tony V.

Re: IOS. is there a version for Apple IPhone8 Joel Esler (jesler) via Snort-users (Sep 13)
DL I assume means "Downloaded". No. There's no version of Snort that runs on iOS.

The only security product that we make for iOS, which Cisco worked directly with Apple on, is the Cisco Security
Connector:
https://www.cisco.com/c/en/us/products/security/security-connector/index.html

Re: IOS. is there a version for Apple IPhone8 Paul Villegas via Snort-users (Sep 12)
I apologize never meant to say DL I play a lot of PlayStation and it’s a term used there. I would really like some new
rules for my phone. Like anti intrusive rules.

Sent from

Re: IOS. is there a version for Apple IPhone8 John Byrne via Snort-users (Sep 12)
I don’t know what DL is, but you could put snort on a machine that can read the packets from your wifi and then just
hook your phone up to the wifi.

John

IOS. is there a version for Apple IPhone8 Paul Villegas via Snort-users (Sep 12)
So does anyone know if there is a version of snort that can be DL onto an iPhone8 or any iPhone?

Re: Multiple signatures 014 Marcos Rodriguez via Snort-sigs (Sep 12)
Hi Yaser,

Thanks for these submissions, we'll get these into our testing process and
get back to you as soon as possible. We'd appreciate any pcaps you'd be
willing to share. Thanks again!

Multiple signatures 014 Y M via Snort-sigs (Sep 12)
Hi,

Pcaps and ClamAV/Yara signatures are available for the majority of the cases below.

Thanks.
YM

# --------------------
# Date: 2018-08-29
# Title: A walk through the AcridRain Stealer
# Reference: Triage from: https://thisissecurity.stormshield.com/2018/08/28/acridrain-stealer/
# Tests: pcap
# Yara:
# - MALWARE_Win_Trojan_AcridRain
# ClamAV:
# - MALWARE_Win.Trojan.AcridRain
# Hashes (triage):
# -...

barnyard2 Sam Johnson (Sep 12)
I apologize if I shouldn't ask about barnyard2 here.

I have snort up and running with pulledpork snort.rules. I see logs growing in /var/log/snort so I know that is
working. For some reason barnyard does not want to write to the database when I include the snort.rules in the snort
conf. As soon as I take it out and use just a simple ICMP test in the local.rules it works fine and I see the rule
coming across and events getting written to...

Re: snort_dynamicpreprocessor Carter Waxman (cwaxman) via Snort-users (Sep 12)
If it’s not getting picked up automatically, it probably means you need to install or configure pkgconfig. Also, the
daq pkgconfig might not be installed in the place pkgconfig expects… Symlinking is a good way to keep the .pc files in
one spot.

From: Sam Johnson <Sam.Johnson () flagshipcredit com>
Date: Wednesday, September 12, 2018 at 10:01 AM
To: "Carter Waxman (cwaxman)" <cwaxman () cisco com>, "snort-users...

Re: snort_dynamicpreprocessor Sam Johnson (Sep 12)
Ah thanks carter! Setting the daq libraries with ./configure worked! Kind of strange I had to do it on one machine but
not the other…

Sam Johnson
Security Engineer II
Flagship Credit Acceptance
[image001]
Office: 484.841.2529
Mobile: 484.843.3151

From: Carter Waxman (cwaxman) <cwaxman () cisco com>
Sent: Wednesday, September 12, 2018 9:37 AM
To: Sam Johnson <Sam.Johnson () flagshipcredit com>; snort-users () lists snort org...

Re: snort_dynamicpreprocessor Carter Waxman (cwaxman) via Snort-users (Sep 12)
1. For static DAQ, use ./configure --with-daq-libraries=/usr/local/lib –with-daq-includes=/usr/local/include and
adjust those paths accordingly, then run make clean and make. ldconfig is for dynamic libraries.

1. List the contents of the package / rpm and ensure that the paths in snort.conf match the dynamic paths. The
config should be rewritten automatically if it’s our package or the packager used our spec file.

Thanks,
Carter...

Re: (no subject) Nasir Khan via Snort-users (Sep 12)
No, it isn't. .. its real time linux... ubuntu 16.0.4

Re: How to add syslog domain Ozgur Kara via Snort-devel (Sep 12)

How to add syslog domain yunus . can (Sep 12)

More Lists

Related Resources

We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.