SecLists.Org Security Mailing List Archive

Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:

Insecure.Org Lists

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

New TN3270 script and updates to library Phil Young (Feb 14)
Oops wrong email address.

I've created a pull request to add aid-enum.nse as well as additions to the
tn3270 lua library.

Essentially this tries every F/PA/Attention key against a given tn3270
application. It came up out of talks with people at ToorCon.

https://github.com/nmap/nmap/pull/1919

Please let me know if you have any questions

Re: ssl-enum-ciphers not returning all ciphers David Fifield (Feb 10)
I notice that r37902 nselib/tls.lua CIPHERS is missing
["TLS_AES_128_GCM_SHA256"] = 0x1301,
["TLS_AES_256_GCM_SHA384"] = 0x1302,
["TLS_CHACHA20_POLY1305_SHA256"] = 0x1303,
(Values from https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4.)

But that doesn't explain the absence of
0xC030...

[no subject] Fitri Adi (Feb 02)

ssl-enum-ciphers not returning all ciphers will (Feb 01)
I found https://seclists.org/nmap-dev/2019/q3/4 which ends with
"That said, if you get any other tool (testssl.sh, SSLLabs, openssl s_client, etc.) to show ciphers that Nmap's
ssl-enum-ciphers does not show, please let us know so we can investigate."

So, here goes:
% nmap -script ssl-enum-ciphers.nse -p 6443 localhost
Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-01 19:52 AEST
Nmap scan report for localhost (127.0.0.1)
Host...

[no subject] Fitri Adi (Jan 31)

http-enum: Add support for Atlassian products Mark Adams (Jan 30)
Hi all,

I submitted a pull request back in June of last year and responded to the
feedback that was given. Would it be possible to get a final review and get
this merged?

https://github.com/nmap/nmap/pull/1649

I know folks maintaining the project have a lot on their plate but I wanted
to ping the mailing list to see if someone was available to take a quick
look.

Thank you!

Mark

[RFC] Partial results for timed-out hosts Daniel Miller (Jan 12)
Hi, friends!

For a long time, Nmap users have been asking for a way to get partial
results for targets that have timed out during scanning as a result of the
-T5 or --host-timeout options (#64). Now, I think we have a good way to
deliver that feature, and I want to get feedback before committing it.

First, I need to point out another new feature that just got added, because
my proposal follows on from it: the "hosthint" XML output tag...

Npcap 2020 Daniel Miller (Jan 01)
Hello, friends!

2019 has been a banner year for Npcap. With the release of Wireshark 3.0 in
February 2019 including Npcap in its installer, Npcap has reached
unprecedented numbers of users. We have also had lots of interest from
companies looking to distribute Npcap OEM as a solid, modern upgrade to
WinPcap within their products. The increased attention has brought many
improvements and ironed out lots of rough spots. It has been exciting to
see...

is okey. Zin Bo (Dec 22)
zinbo434 () gmail com

Vivo 1814 Zin Bo (Dec 22)
zinbo434 () gmail com

Should Ncat --exec wait for EOF in both directions? David Fifield (Dec 16)
One of the distinguishing features of Ncat has been that it doesn't stop
when only one direction of the connection is finished sending. That is,
when it gets an EOF on stdin, it does a shutdown(fd, SHUT_WR) on the
socket; and when it gets an EOF on the socket, it closes its stdout; but
it doesn't quit until both have happened. (There's a proposal to modify
this in client mode, https://seclists.org/nmap-dev/2017/q2/94, but afaik
it...

Re: Fix off-by-one error in stun.lua David Fifield (Dec 13)
Merged in r37777.

Re: Fix off-by-one error in stun.lua Gordon Fyodor Lyon (Dec 12)
Thanks David. Good catch! Please check this fix in. I have also created
an issue for checking and fixing the possible issues you referenced in the
redis and rsync libraries: https://github.com/nmap/nmap/issues/1855

-Fyodor

[PR 1849] Updated IANA-registered names Ariel Otilibili Anieli via dev (Dec 12)
Hi,
I have updated the ALPN list; values taken from IANA:
curl -k -sL https://www.iana.org/assignments/tls-extensiontype-values/alpn-protocol-ids.csv | perl -aF, -nE 'say $& if
$F[1]=~/(?<=$).*(?=$)/' | sed -e 's/^""/"/;...

Re: UDP payload for STUN David Fifield (Dec 06)
It's in r37774.

Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

[TZO-23-2020] - AVAST Generic Archive Bypass (ZIP) Thierry Zoller (Feb 27)

[TZO-22-2020] Qihoo360 | GDATA | Rising | Command Generic Malformed Archive Bypass Thierry Zoller (Feb 27)

[TZO-16-2020] - F-SECURE Generic Malformed Container bypass (GZIP) Thierry Zoller (Feb 27)

[TZO-19-2020] - AVIRA Generic AV Bypass (ISO Container) - CVE-2020-9320 Thierry Zoller (Feb 27)

Defense in depth -- the Microsoft way (part 62): Windows shipped with end-of-life components Stefan Kanthak (Feb 27)
Hi @ll,

since Microsoft Server 2003 R2, Microsoft dares to ship and install the
abomination known as .NET Framework with every new version of Windows.

Among other components current versions of Windows and .NET Framework
include

C# compiler (C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe,
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe)
J# compiler (C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe,...

Comtrend VR-3033 Multiple Command Injection vulnerability raki ben hamouda (Feb 27)
##Timeline :
*Bug sent to vendor : 17-02-2020
*No Response after 10 days
* Public disclosure: 27-02-020

The Comtrend VR-3033 is prone to Multiple Authenticated Command Injection
vulnerability via ping and traceroute diagnostic page.
Remote attackers are able to get full control and compromise the network
managed by the router.

Note : This bug may exist in other Comtrend routers .
===============================================
Product Page :...

LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) Qualys Security Advisory (Feb 27)
Qualys Security Advisory

LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)

==============================================================================
Contents
==============================================================================

Summary
Analysis
...
Acknowledgments

==============================================================================
Summary...

Local information disclosure in OpenSMTPD (CVE-2020-8793) Qualys Security Advisory (Feb 27)
Qualys Security Advisory

Local information disclosure in OpenSMTPD (CVE-2020-8793)

==============================================================================
Contents
==============================================================================

Summary
Analysis
Exploitation
POKE 47196, 201
Acknowledgments

==============================================================================
Summary...

[SerialTweaker] Interactive modification of Java Serialized Objects Red Timmy Security (Feb 27)
Hi,

We have just released SerialTweaker to modify Java Serialized Objects.

This tool can be used for advanced Java Deserialization attacks, when
existing gadget chains don't work or when there is a whitelist mechanism
in place (like LookAheadDeserialization). In that case we have to work
with the classes that are in the whitelist and thus accepted by the
application. Instead of sending a gadget chain containing classes not
familiar to the...

Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064) Jonathan Brossard (Feb 27)
----------------------------------------------------------------------
* Hostapd fails at seeding PRNGS, *
* leading to insufficient entropy *
----------------------------------------------------------------------

--[ Vulnerabilities Summary:

Date Published: 27/02/2020
CVE Names: CVE-2016-10743 and CVE-2019-10064.
Title: Hostapd fails at seeding PRNGs
Class: CWE-331:...

CVE-2020-5497 - MITREid Connect XSS aaron bishop (Feb 27)
MITREid Connect OpenID-Connect-Java-Spring-Server
<https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server> version
1.3.3 and earlier is vulnerable to Cross-Site Scripting; the users name is
included in *topbar.tag* and *header.tag* without being sanitized. A user
can set their name to a value like:

Test</script><script>alert(1)</script>

Which will be included in JSON used by a JavaScript function in...

SEC Consult SA-20200225-0 :: Multiple Cross-site Scripting (XSS) Vulnerabilities in PHP-Fusion CMS SEC Consult Vulnerability Lab (Feb 25)
SEC Consult Vulnerability Lab Security Advisory < 20200225-0 >
=======================================================================
title: Multiple Cross-site Scripting (XSS) Vulnerabilities
product: PHP-Fusion CMS
vulnerable version: 9 - 9.03
fixed version: 9.03.30
CVE number: -
impact: Medium
homepage: https://www.php-fusion.co.uk
found: 2019-12-09...

Open-Xchange Security Advisory 2020-02-19 Open-Xchange GmbH via Fulldisclosure (Feb 20)
Dear subscribers,

we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite Dovecot and PowerDNS at HackerOne.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Product: OX App Suite / OX Documents
Vendor: OX Software GmbH

Internal reference: 67871, 68258 (Bug ID)
Vulnerability type: Server-Side Request...

D-Link DGS-1250 header injection vulnerability Harry Sintonen via Fulldisclosure (Feb 20)
D-Link DGS-1250 header injection vulnerability
==============================================
The latest version of this advisory is available at:
https://sintonen.fi/advisories/d-link-dgs-1250-header-injection.txt

Overview
--------

D-Link DGS-1250 switch is susceptible to a header injection vulnerability enabling
attacker to steal the switch configuration.

Description
-----------

D-Link DGS-1250 switch web user interface fails to sanitize...

Re: [TZO-03-2020] ESET Generic Malformed Archive Bypass (ZIP Compression Information) Thierry Zoller (Feb 18)
This was assigned CVE-2020-9264

Other Excellent Security Lists

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

Defense in depth -- the Microsoft way (part 62): Windows shipped with end-of-life components Stefan Kanthak (Feb 25)
Hi @ll,

since Microsoft Server 2003 R2, Microsoft dares to ship and install the
abomination known as .NET Framework with every new version of Windows.

Among other components current versions of Windows and .NET Framework
include

C# compiler (C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe,
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe)
J# compiler (C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe,...

Local information disclosure in OpenSMTPD (CVE-2020-8793) Qualys Security Advisory (Feb 25)
Qualys Security Advisory

Local information disclosure in OpenSMTPD (CVE-2020-8793)

==============================================================================
Contents
==============================================================================

Summary
Analysis
Exploitation
POKE 47196, 201
Acknowledgments

==============================================================================
Summary...

LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) Qualys Security Advisory (Feb 25)
Qualys Security Advisory

LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)

==============================================================================
Contents
==============================================================================

Summary
Analysis
...
Acknowledgments

==============================================================================
Summary...

[SECURITY] [DSA 4633-1] curl security update Alessandro Ghedini (Feb 25)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4633-1 security () debian org
https://www.debian.org/security/ Alessandro Ghedini
February 22, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : curl
CVE ID : CVE-2019-5436 CVE-2019-5481...

Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888) Jamie R (Feb 25)
I've quoted the Cisco summary below as it's pretty accurate.

tl;dr is an admin user on the web console can gain command execution
and then escalate to root. If this is an issue in your environment,
then please patch.

Thanks to Cisco PSIRT who were responsive and professional.

Shouts to Andrew, Dave and Senad, Pedro R - if that's still even a
thing on advisories.

Ref:...

[TZO-22-2020] Qihoo360 | GDATA | Rising | Command Generic Malformed Archive Bypass Thierry Zoller (Feb 24)

[TZO-16-2020] - F-SECURE Generic Malformed Container bypass (GZIP) Thierry Zoller (Feb 24)

[slackware-security] proftpd (SSA:2020-051-01) Slackware Security Team (Feb 20)
[slackware-security] proftpd (SSA:2020-051-01)

New proftpd packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/proftpd-1.3.6c-i586-1_slack14.2.txz: Upgraded.
No CVEs assigned, but this sure looks like a security issue:
Use-after-free vulnerability in memory pools during data transfer.
(* Security...

[SECURITY] [DSA 4628-1] php7.0 security update Moritz Muehlenhoff (Feb 19)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4628-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 18, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : php7.0
CVE ID : CVE-2019-11045 CVE-2019-11046...

[SECURITY] [DSA 4629-1] python-django security update Sebastien Delafond (Feb 19)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4629-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
February 19, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : python-django
CVE ID : CVE-2020-7471
Debian Bug...

[TZO-18-2020] - Bitdefender Malformed Archive bypass (GZIP) Thierry Zoller (Feb 18)

[TZO-17-2020] - Kaspersky Generic Archive Bypass (ZIP FLNMLEN) Thierry Zoller (Feb 18)

[SECURITY] [DSA 4626-1] php7.3 security update Moritz Muehlenhoff (Feb 18)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4626-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 17, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : php7.3
CVE ID : CVE-2019-11045 CVE-2019-11046...

[SECURITY] [DSA 4627-1] webkit2gtk security update Moritz Muehlenhoff (Feb 18)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4627-1 security () debian org
https://www.debian.org/security/ Alberto Garcia
February 17, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : webkit2gtk
CVE ID : CVE-2020-3862 CVE-2020-3864...

Web Application Firewall bypass via Bluecoat device RedTimmy Security (Feb 16)
Hi,
we have published a new post in our blog titled "How to hack a company by circumventing its WAF through the abuse of a
different security appliance and win bug bounties".

We basically have [ab]used a Bluecoat device behaving as a request forwarder to mask our malicious payload, avoid WAF
detection, hit an HTTP endpoint vulnerable to RCE and pop out a shell.

Full story is here:...

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

RootedCON 2020 - Registration, Trainings, Speakers and Hacker Night omarbv (Feb 16)
______ _ _ ____ ___ _ _
/ / _ \ ___ ___ | |_ ___ __| |/ ___/ _ \| \ | |
/ /| |_) / _ \ / _ \| __/ _ \/ _` | | | | | | \| |
/ / | _ < (_) | (_) | || __/ (_| | |__| |_| | |\ |
/_/ |_| \_\___/ \___/ \__\___|\__,_|\____\___/|_| \_|

Rooted CON 2020 will be held from 5th to 7th 2020 in Kinepolis cinemas
in Madrid (Spain). All talks are both in English and Spanish as there is
simultaneous translation (...

Ultra Dave Aitel (Feb 01)
[image: image.png]
Last week I had a conversation with a well known cyber policy expert and he
was like "I just finished reading Cryptonomicon and you always say it's
some sort of masters degree in cyber policy but I can't figure out why..."

But this US-CERT tweet, and the entire activity of behavior around the
Citrix RCE demonstrates exactly why. Because Cryptonomicon is about
vulnerabilities and the flow of information and...

Re: "Defending Forward" in time John Lampe (Jan 24)
imo, it's a general mentality that attackers have. I blogged about this 14
years ago and it seems still applicable today (
https://blogs.securiteam.com/index.php/archives/170 )

Indecision can stem from too little information or too much information.
The defender *should* have the ability to influence both of those...

John

"Defending Forward" in time Dave Aitel (Jan 24)
So I went to S4 this week, which is a good conference here in Miami Beach,
mostly about hacking/protecting utilities and other critical infrastructure
components. But I had the good fortune to run into a friend
<https://www.gocomics.com/calvinandhobbes/2018/01/16> I'd never met before.
Anyways, they were telling me about how some Android State surveillance
spyware installed at the border on everyone's phone looked for some file...

Reverse Engineering LOLs Dave Aitel (Jan 16)
If you've ever rolled with a world-class black-belt you know that no matter
how hard you are trying, they catch submissions seeming effortlessly. They
simply have a different understanding of space and movement and momentum
than you do. And the same thing is true in the cyber operations field. In
this way, the movies get the emotions around hacking completely wrong, the
dark room, the "I'm IN!" moment, the tension.

When you...

Knock knock, Neo. Dave Aitel (Jan 14)
I rewatched The Matrix recently with my kids. It holds up through the test
of time, like a few movies do, but which obviously Star Wars will not. I
gave my kids $40 to go watch the Rise of Skywalker and they decided to go
get ice cream and play TF2 instead, as a metric for cultural lock-in.

There's a lot of flashy fighting in The Matrix, none of which interests
kids above the age of 8, since they have seen every variation on superhero...

YSTS 14th Edition - Call for Papers Luiz Eduardo (Dec 23)
Where: Sao Paulo, Brazil

When: May 25th, 2020

Call for Papers Opens: December 15th, 2019

Call for Papers Close: February 29th, 2020

http://www.ysts.org

@ystscon

ABOUT THE CONFERENCE

you Sh0t the Sheriff is a very unique one-day, one-track event dedicated to
bringing cutting edge infosec content to the top-notch

professionals of the Brazilian Information Security Community.

YSTS is a an exclusive, invite-only security conference, usually...

Ghidra! Ghidra! Ghidra! Dave Aitel (Dec 12)
Here is a video I was watching today that you should also watch:
https://vimeo.com/335158460

So I know a lot of people on the list already KNOW AND USE Ghidra. But my
fav. classes are ones that scale from both beginners to advanced users
because they go into how a particular team does something that you already
might do, but in a different (and sometimes much better) way.

A question I always have in my head is "Can this random process we...

Re: The Source Dave Aitel (Dec 03)
Just to follow up on this post (originally from 2014) :)
-https://twitter.com/matthew_d_green/status/1201895122306252800?s=20
[image: image.png]

Re: Longer form questions Akendo (Dec 02)
Hey guys,

thanks for this intriguing discussion! I try to get into it and hope
that I got it correctly, I'm going to answer a bit out of the blue here.
So please be nice to the rookie here!

However, I was wondering what the bottom line here is. NIDS is dead and
how does this annoy Rob? (References are welcomed). Should we throw out
any NIDS now and jump onto the metadata train?

I try to get into the discussion here by taking the opposite...

Re: A KEYNOTE REVIEW: Bluehat 2019 Alex Stamos frank pound (Nov 19)
Although not a 0-day buildroot[0] seems to use http to download its
tarballs. It would be interesting to see which of the many embedded devices
(like cubesats and rockets??) out there use buildroot or similar systems
akin to buildroot to construct their minimal linux kernel and linux
environments. Firmware updates etc. available as binary downloads might be
constructed with such a build system. I haven't done much research on this
other...

Re: A KEYNOTE REVIEW: Bluehat 2019 Alex Stamos Alex Stamos (Nov 01)
Hi, Dave-

I'm glad you enjoyed the keynote, and I appreciate the risks from 0-day. I
would disagree with Nathan that I'm a naive empiricist. I learned something
really important when I took the CISO job at Yahoo, my first big-company VP
position under a very experienced Silicon Valley executive named Jay
Rossiter. Jay told me "Son, you are coming from a world where you could
focus on really specific and interesting challenges but...

Re: A KEYNOTE REVIEW: Bluehat 2019 Alex Stamos Arun Koshy (Nov 01)
Another candidate for airport-ad that I must highlight on this thread.
The truth hurts but it does set one free. I just personally wish to
unsee some of the stuff we've seen in negative rings these past 18 or
so months.

Re: A KEYNOTE REVIEW: Bluehat 2019 Alex Stamos Nathan Landon (Nov 01)
It’s naive empiricism, much like the discussions around terrorism:
https://www.youtube.com/watch?time_continue=33&v=9dKiLclupUM

What Dave is essentially saying (I think) and what Alex Stamos misses is that 0-days have fat tail risks.

-Nate

Re: A KEYNOTE REVIEW: Bluehat 2019 Alex Stamos Don A. Bailey (Nov 01)
Alex is exceptional but this is a critical fact that is indeed overlooked by a vocal majority.

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

BHIS Sorta Top Used Tools of 2018 John - Black Hills Information Security (Dec 06)
Free Webcast

Hello all,

For our next webcast we will cover some of the core tools we use all the time at Black Hills Information Security.
However, there will be a twist. We will not talk about Nessus, Nmap, or Metasploit. Why? Because there are a ton of new
(and older) tools we use that fall outside of the standard tools you see in every security book/blog out there.

Basically, we are trying to be edgy and different.

You may want to come...

BHIS Webcast - Tues 10/2 @ 11am MDT John Strand - Black Hills Information Security (Sep 26)
Hello All,

In this next webcast I want to cover what I am doing with the BHIS Systems team to create a C2/Implant/Malware test
bed. Testing our C2/malware solutions is important because vendors tend to lie or over-hype their capabilities. I will
cross reference some different malware specimens to the MITRE ATT&CK framework and we will cover how you can use these
techniques to test your defensive solutions at both the endpoint and the...

BHIS Webcast: The PenTest Pyramid of Pain 9/4 - 11am MDT Sierra - Black Hills Information Security (Aug 29)
Hello!

How are you all? We had a fantastic webcast last week with John Strand and Chris Brenton and we're still working
through some unexpected hiccups to get the recording up and posted. The podcast version is on our blog, and the YouTube
version will be posted shortly on the Active Countermeasures channel and blog as well. Thanks for all of you who
ventured over to attend!

Ready for another awesome BHIS webcast? Dakota is back and...

Webcast with CJ: Tues 7/24 at 11am Sierra - Black Hills Information Security (Jul 19)
Our upcoming webcast will be about POLICY...

Did you check out when you heard “policy”? Policy can often seem like a drudgery, but it’s also an important and
potentially overlooked part of business and procedure; it’s the framework on which security is really built!

CJ, our COO and Head of Sales has experience writing, assessing and implementing policies for many different kinds of
companies. And if you are worried it will be dry and...

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

Microsoft Security Update Minor Revisions Microsoft (Dec 11)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: December 11, 2018
********************************************************************

Summary
=======

The following CVE has undergone a minor revision
increment:

* CVE-2018-8172

Revision Information:
=====================

- CVE-2018-8172 | Visual Studio Remote Code Execution
Vulnerability
-...

Microsoft Security Update Minor Revisions Microsoft (Nov 14)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: November 14, 2018
********************************************************************

Summary
=======

The following CVEs and advisory have undergone a minor revision
increment:

* CVE-2018-8454
* CVE-2018-8552
* ADV990001

Revision Information:
=====================

- CVE-2018-8454 | Windows Audio Service...

Microsoft Security Update Minor Revisions Microsoft (Oct 24)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 24, 2018
********************************************************************

Summary
=======

The following CVE has undergone a minor revision increment:

* CVE-2018-8512

Revision Information:
=====================

- CVE-2018-8512 | Microsoft Edge Security Feature Bypass
Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 19)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 19, 2018
********************************************************************

Summary
=======

The following CVE been added to the October 2018 Security updates:

* CVE-2018-8569

Revision Information:
=====================

- CVE-2018-8569 | Yammer Desktop Application Remote Code Execution
Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 17)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 17, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2010-3190

Revision Information:
=====================

- CVE-2010-3190 | MFC Insecure Library Loading Vulnerability
-...

Microsoft Security Update Minor Revisions Microsoft (Oct 09)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 9, 2018
********************************************************************

Summary
=======

The following CVE has undergone a minor revision increment:

* CVE-2018-8531

Revision Information:
=====================

- CVE-2018-8531 | Azure IoT Device Client SDK Memory Corruption
Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 09)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 9, 2018
********************************************************************

Summary
=======

The following CVE been added to the October 2018 Security updates:

* CVE-2018-8292

Revision Information:
=====================

- CVE-2018-8292 | .NET Core Information Disclosure Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 09)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 9, 2018
********************************************************************

Summary
=======

The following bulletin has undergone a major revision increment:

* MS11-025

Revision Information:
=====================

- https://docs.microsoft.com/en-us/security-updates/
SecurityBulletins/2011/ms11-025:...

Microsoft Security Update Summary for October 9, 2018 Microsoft (Oct 09)
********************************************************************
Microsoft Security Update Summary for October 9, 2018
Issued: October 9, 2018
********************************************************************

This summary lists security updates released for October 9, 2018.

Complete information for the October 2018 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>.

Please note the...

Microsoft Security Update Releases Microsoft (Oct 02)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 2, 2018
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment:

* CVE-2018-0952

Revision Information:
=====================

- CVE-2018-0952 | Diagnostic Hub Standard Collector Elevation of
Privilege Vulnerability
-...

Microsoft Security Advisory Notification Microsoft (Sep 12)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 12, 2018
********************************************************************

Security Advisories Released or Updated on September 12, 2018
===================================================================

* Microsoft Security Advisory ADV180022

- Title: Windows Denial of Service Vulnerability
-...

Microsoft Security Update Minor Revisions Microsoft (Sep 12)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: September 12, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a minor revision increment:

* CVE-2018-8421
* CVE-2018-8468

Revision Information:
=====================

- CVE-2018-8421 | .NET Framework Remote Code Execution
Vulnerability...

Microsoft Security Update Summary for September 11, 2018 Microsoft (Sep 11)
********************************************************************
Microsoft Security Update Summary for September 11, 2018
Issued: September 11, 2018
********************************************************************

This summary lists security updates released for September 11, 2018.

Complete information for the September 2018 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>....

Microsoft Security Update Releases Microsoft (Sep 11)
********************************************************************
Title: Microsoft Security Update Releases
Issued: September 11, 2018
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment:

* CVE-2018-8154

Revision Information:
=====================

- CVE-2018-8154 | Microsoft Exchange Memory Corruption
Vulnerability
-...

Microsoft Security Advisory Notification Microsoft (Sep 11)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 11, 2018
********************************************************************

Security Advisories Released or Updated on September 11, 2018
===================================================================

* Microsoft Security Advisory ADV180002

- Title: Guidance to mitigate speculative execution...

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

Verizon: 1.5M of Contact Records Stolen, Now on Sale Jeffrey Walton (Mar 26)
http://www.mobipicker.com/verizon-1-5m-contact-records-stolen-now-sale/:

A business to business telecommunication giant,
Verizon Enterprise Solutions, a Basking Ridge,
New Jersey-based company, has been the latest
victim of a cyber crime that stole 1.5 million contact
records of the customers of Verizon...

I don't quite understand this double talk. Could someone explain to me:

A spokesperson from Verizon said that...

Statement on Lavabit Citation in Apple Case Jeffrey Walton (Mar 16)
(From John Young on another list):
http://www.facebook.com/KingLadar/posts/10156714933135038

As many of you already know, the government cited the Lavabit case in
a footnote. The problem is their description insinuates a precedent
that was never created. Obviously I was somewhat disturbed by their
misrepresentation. So I decided to draft a statement. And keep in
mind, these are the same people who say "trust us." Click continue to
read...

The NSA's back door has given every US secret to our enemies Jeffrey Walton (Feb 29)
http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2

Deng Xiaoping, in 1979 - his second year as supreme leader of China -
perceived a fundamental truth that has yet to be fully grasped by most
Western leaders: Software, if properly weaponized, could be far more
destructive than any nuclear arsenal.

Under Deng’s leadership, China began one of the most ambitious and
sophisticated meta- software...

Can Spies Break Apple Crypto? Jeffrey Walton (Feb 27)
Here's an interesting exchange between Cryptome and Michael Froomkin,
Law Professor at University of Miami, on the All Writs Act
(http://cryptome.org/2016/02/can-spies-break-apple-crypto.htm):

-----

A. Michael Froomkin:

The factual posture in the key Supreme Court precedent, New York
Telephone, involved a situation where only the subject of the order
was capable of providing the assistance at issue. This is the basis
for Apple's...

The FBI's iPhone Problem: Tactical vs. Strategic Thinking Jeffrey Walton (Feb 23)
http://www.technewsworld.com/story/83130.html

I'm an ex-sheriff, and I've been in and out of security jobs for much
of my life, so I've got some familiarity with the issues underlying
the drama between the FBI and Apple. FBI officials -- and likely those
in every other three-letter agency and their counterparts all over the
world -- would like an easier way to do their jobs. Wouldn't we all?

If they could put cameras in...

Wanted: Cryptography Products for Worldwide Survey Jeffrey Walton (Jan 01)
(http://www.schneier.com/crypto-gram/archives/2015/1215.html):

In 1999, Lance Hoffman, David Balenson, and others published a survey
of non-US cryptographic products. The point of the survey was to
illustrate that there was a robust international market in these
products, and that US-only export restrictions on strong encryption
did nothing to prevent its adoption and everything to disadvantage US
corporations. This was an important contribution...

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

Re: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) Florian Weimer (Mar 01)
* Alexander E. Patrakov:

I have edited the update and flagged it as security.

However, without feedback from community testing (karma), this update
cannot be pushed at this time.

The package also failed to build on Fedora 32 and 33/rawhide due to C
conformance issues, so there are no updates available there.

Thanks,
Florian

Re: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) Alexander E. Patrakov (Feb 29)
Just in case, I would like to complain here that my Fedora 31 systems
have not received an update.

There is indeed something in testing, but it is (mistakenly?) marked
as a bugfix release and not as a security update:

https://bodhi.fedoraproject.org/updates/?packages=opensmtpd

Re: Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064) Jouni Malinen (Feb 27)
On Thu, Feb 27, 2020 at 6:24 PM Jonathan Brossard <endrazine () gmail com>
wrote:

It should be noted that this is referring to an old release from 2016 and
pointing to a repository that is an ancient snapshot of the actual project
development repository, i.e., not discussing what is in the real
development tree or recent releases.

--[ Vulnerabilities Summary:

IMHO, those claims for impact are highly questionable.

It has been discovered...

Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064) Jonathan Brossard (Feb 27)
----------------------------------------------------------------------
* Hostapd fails at seeding PRNGS, *
* leading to insufficient entropy *
----------------------------------------------------------------------

--[ Vulnerabilities Summary:

Date Published: 27/02/2020
CVE Names: CVE-2016-10743 and CVE-2019-10064.
Title: Hostapd fails at seeding PRNGs
Class: CWE-331:...

Re: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) Qualys Security Advisory (Feb 26)
Qualys Security Advisory

LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)

==============================================================================
Contents
==============================================================================

Summary
Analysis
Client-side exploitation (new grammar)
Server-side exploitation (new grammar)
Old-grammar exploitation
Acknowledgments...

Re: GNU screen "out of bounds access when setting w_xtermosc after OSC 49" Amadeusz Sławiński (Feb 25)
Right, that seems correct.
There is also another fix that should've been made:
https://git.savannah.gnu.org/cgit/screen.git/commit/?id=b14e76eb5d6be889d58e37e420384e59a74eddd6
Will try to release 4.8.1 with it soon.

Amadeusz

CVE-2020-9391: Ignoring the top byte of addresses in brk causes heap corruption (AArch64) Florian Weimer (Feb 25)
AArch64 has an architectural feature where the top byte of a 64-bit
pointer is ignored. Therefore, applications can use this as storage
space for colored pointers without having to mask those bits. Recent
Linux kernels (starting with 5.4) ignore the top byte in certain system
call arguments as well. This was also done for the brk system call, but
there it can result in moving the brk in the wrong direction (downward
instead of upward)....

Re: GNU screen "out of bounds access when setting w_xtermosc after OSC 49" Salvatore Bonaccorso (Feb 25)
Hi

Regarding the affected versions,
https://bugzilla.redhat.com/show_bug.cgi?id=1801405#c6 points out that
the issue is caused by the upsteram commit
https://git.savannah.gnu.org/cgit/screen.git/commit/?h=screen-v4&id=c5db181b6e017cfccb8d7842ce140e59294d9f62
which would be only in v4.7.0.

Is this correct?

Regards,
Salvatore

Re: CVE-2020-2732: Nested VMX vulnerability P J P (Feb 25)
+-- On Mon, 24 Feb 2020, Boris Ostrovsky wrote --+
| Under certain circumstances, an L2 guest may trick the L0 hypervisor into
| accessing sensitive L1 resources that are supposed to be inaccessible to the
| L2 guest according to L1 hypervisor configuration.
|
| Only Intel processors are affected.
|
| Patches are attached.

-> https://www.spinics.net/lists/kvm/msg208259.html
->...

CVE-2020-2732: Nested VMX vulnerability Boris Ostrovsky (Feb 25)
Under certain circumstances, an L2 guest may trick the L0 hypervisor into accessing sensitive L1 resources that are
supposed to be inaccessible to the L2 guest
according to L1 hypervisor configuration.

Only Intel processors are affected.

Patches are attached. From cover letter:

vmx_check_intercept is not yet fully implemented by KVM on Intel processors,
causing e.g. the I/O or MSR interception bitmaps not to be checked.
In general we...

Re: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) Qualys Security Advisory (Feb 25)
Hi Alexander,

If there is absolutely nothing else in your configuration file, you
should be fine. Still, we recommend that you patch as soon as possible;
just in case we missed an attack vector.

With best regards,

Re: Re: GNU screen "out of bounds access when setting w_xtermosc after OSC 49" Cedric Buissart (Feb 24)
CVE-2020-9366 was assigned to this flaw via mitre.org

Re: LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) Alexander E. Patrakov (Feb 24)
I would like a bit of clarification. We use OpenSMTPD as a dumb thing
that only relays mail to a central server and never delivers it
locally. The remote server is under our control.

=============
table credentials { smarthost.example.com=myuser:mypassword }

listen on 127.0.0.1

# No local mailboxes
action to_postfix relay host
smtp+tls://smarthost.example.com () smarthost example com auth
<credentials> helo myhostname.example.com
match...

LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) Qualys Security Advisory (Feb 24)
Qualys Security Advisory

LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)

==============================================================================
Contents
==============================================================================

Summary
Analysis
...
Acknowledgments

==============================================================================
Summary...

Local information disclosure in OpenSMTPD (CVE-2020-8793) Qualys Security Advisory (Feb 24)
Qualys Security Advisory

Local information disclosure in OpenSMTPD (CVE-2020-8793)

==============================================================================
Contents
==============================================================================

Summary
Analysis
Exploitation
POKE 47196, 201
Acknowledgments

==============================================================================
Summary...

Educause Security Discussion — Securing networks and computers in an academic environment.

Re: Lab for Cybersecurity Program Alex Keller (Feb 28)
City College of San Francisco has an awesome Cyber Security program and student club:
https://cybersecurityclub.github.io/cyber-club/

with a pretty comprehensive Code of Conduct:

https://docs.google.com/document/d/1YfbzKi7IMfqTGocB571zqRlPKgwoRGeQzHKRGJuBrT0/edit

While neither official nor all encompassing, I use some version of these talking points to preface workshops and alike…

Code of Conduct

· Be lawful. Ignorance of the law...

Re: Fake G-Suite Calendar Invites Frank Barton (Feb 28)
Ron,
If you're a G-Suite School, you can look at the audit trail on calendar
events through google admin.

I haven't seen any reports from our users of this happening, but that would
be my first place to go look to see how the changes are getting in

Frank

Fake G-Suite Calendar Invites Ronald Loneker (Feb 28)
Good Morning -

Over the last few weeks, we have had two instances (including early this
morning) where members of our staff have received changes in calendar
invites that were not sent by the organizer.

Not sure if this is something that others have been noticing, and I'm not
sure whether there is a method to inject malware in these fake calendar
changes.

I know we can check header information of e-mails but is there a way to
look at...

Re: Lab for Cybersecurity Program randy (Feb 28)
You might consider using the US Cyber Range to run your lab systems. See
uscyberrange.org for details.
-r.

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the
person who sent the message, copy and paste their email address and forward the email reply. Additional participation
and subscription information can be found at https://www.educause.edu/community

Re: Updated criteria for allowing local admin privileges on workstations Joel McKenzie (Feb 28)
We have recently pushed out a policy to our Win10 systems to force the user to enter their credentials when admin privs
are needed (which I believe is on par with MacOS). This isn't perfect, but it does allow them to self-elevate w/o IT
intervention and hopefully it gives them pause to wonder if they are being prompted for credentials for something they
didn't initiate. The default setting was to just click a yes/no button when...

Re: Lab for Cybersecurity Program Dan Wasson (Feb 28)
We are in the same place of starting a Cyber Security program. Does anyone
use or have a Code of Ethics or some other agreement that students must
sign that states they will only use the learning and technology as it is
intended, and not to probe the Institution? Any examples would be
appreciated.

Dan

*Dan Wasson*
*Director Systems & LAN Management*
*Northwestern Michigan College*
*231-995-1164*
*dwasson () nmc edu <dwasson () nmc...

Re: Updated criteria for allowing local admin privileges on workstations randy (Feb 27)
There are a couple of questions I've always wanted to ask whenever the
local admin issue comes up.

1. What about BYOD? Everyone who brings their own device to your net has
admin privileges. Has that caused problems in your campus?
a. how many incidents were caused by someone having local admin privs
vs. general user privs? #/semester? #/year. Based on these stats, is this a
problem that needs to be addressed?
2. Phishing, ransomware, web...

Re: Updated criteria for allowing local admin privileges on workstations King, Ronald A. (Feb 27)
We are required to restrict admin access to only those supporting IT. For an academic lab that OIT does not maintain,
we will grant the professor and/or lab attendant admin access. If a professor requests admin access to computer, we
generally deny it. If it is a secondary machine dedicated to academic endeavors, like testing, development, or some
special software, and not used for business, we will grant him or her admin access once they put...

Re: Lab for Cybersecurity Program King, Ronald A. (Feb 27)
1. Is your lab 100% isolated from the rest of the campus and internet?

Yes, but we have two. One with Internet access and one without. Each is in an isolated physical location. The one with
Internet access is behind a dedicated firewall. These are all lab computers used for academic purposes and are
physically connected to switches behind the firewall. They allow remote work, so, we open SSH and a few other ports
based on their needs....

Re: open Security Analyst- Journey at CWU Jamie Schademan (Feb 27)
Hello, We are Hiring!

If you want to join a friendly, hard-working, passionate team with limitless potential, we'd love to meet you. Where
we live in the north west is pretty awesome too.

https://www.linkedin.com/feed/update/urn:li:activity:6638598040674545664/

Jamie

[cid:image002.png@01D5ED72.F07E6E90]
Jamie Schademan, CISM
Chief Information Security Officer
Information Security Services
Jamie.Schademan () cwu edu<...

open infosec position at DU Marcelo Lew (Feb 27)
In case anyone is interested:
https://jobs.du.edu/cw/en-us/job/492979/information-security-engineer-ii

regards,

Marcelo Lew
University of Denver
Information Security Manager
303-871-6523
[cissp email signature]

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the
person who sent the message, copy and paste their email address and forward the email reply. Additional...

Re: Updated criteria for allowing local admin privileges on workstations Judith Tabron (Feb 27)
I think Robert's policy is a good one, Jim, but I'd also say you're on the
right track if you want to more fully leverage management tools to segment
out machines that are not centrally managed. JAMF and InTune (I know
something about JAMF, nothing about InTune) might help you a bit, but you
also might want to put such users in their own Active Directory group for
different GPO management, and/or their own network.

I've had...

Taking the exams in students' laptops Uday Kiran (Feb 26)
We have been facing this issue since long time, but thought of putting it here to have your valuable feedback. We have
BYOD policy for students in general and for the semester exams they are using the same laptops.

A few students are misusing this privilege and trying to cheat the exam in various ways,

a) Someone in their friends list will take TeamViewer or any such similar technologies to take the exam remotely,
proctor sees only if...

Re: Updated criteria for allowing local admin privileges on workstations Robert Berlinger (Feb 26)
Hi Jim,

I wrote a policy to put some structure around local admin approvals that you might find helpful:

https://www.cuny.edu/wp-content/uploads/sites/4/page-assets/about/administration/offices/cis/information-security/security-policies-procedures/Local-Administrative-Privileges-2018-12-12.pdf

Robert N. Berlinger, CISSP
Chief Information Security Officer
City University Of New York
security.cuny.edu

From: The EDUCAUSE Security Community Group...

Updated criteria for allowing local admin privileges on workstations Jim A. Bole (Feb 26)
We're reviewing what valid use cases there might be for giving someone local admin privileges on their workstation (PC
or Mac).

Currently we default to no admin rights. On Macs we are running Mojave and have just started using Jamf Pro. On PCs we
are at Win10 and just starting to deploy InTune. I don't' think we haven't fully leveraged these tools capabilities to
allow users more flexibility with self-service apps, etc....

Internet Issues and Infrastructure

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

Weekly Routing Table Report Routing Analysis Role Account (Feb 28)
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.

The posting is sent to APOPS, NANOG, AfNOG, SANOG, PacNOG, SAFNOG
TZNOG, MENOG, BJNOG, SDNOG, CMNOG, LACNOG and the RIPE Routing WG.

Daily listings are sent to bgp-stats () lists apnic net

For historical data, please see http://thyme.rand.apnic.net.

If you have any comments please contact Philip Smith <pfsinoz...

Re: Contact at Disney+ Josh Luthman (Feb 27)
If you're having problems with a subnet, look here:
http://thebrotherswisp.com/index.php/geo-and-vpn/

It does help when you at least give a hint to the problem.

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Thu, Feb 27, 2020 at 8:52 AM Romeo Czumbil <Romeo.Czumbil () tierpoint com>
wrote:

RE: QUIC traffic throttled on AT&T residential Hiers, David (Feb 27)
We find that they usually impose pretty harsh QOS on a link that has an ATT voice service.

David

-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Jay Hennigan
Sent: Thursday, February 20, 2020 12:13 AM
To: nanog () nanog org
Subject: Re: QUIC traffic throttled on AT&T residential

I recall a similar idea called "The Great IPv6 Experiment" back in 2007. ;-)

Contact at Disney+ Romeo Czumbil (Feb 27)
Can somebody contact me off-list from Disney+ please

Thank you

Re: idiot reponse Rich Kulawiec (Feb 27)
There is a partial fix for this, at least for anyone using Mailman to run
their lists (e.g., nanog):

Set Mailman so that all new subscribers are moderated by default.

Either new subscriber X will one day send real content to the list
or they won't. If it's the latter, then it is very simple to use
Mailman's interface to simultaneously (a) approve the message for
distribution and (b) clear their moderation flag. If it's...

Re: idiot reponse Matthew Petach (Feb 26)

Re: idiot reponse Mark Rousell (Feb 26)
That's a very interesting point. I had not considered it as a possible
cause of this problem.

Re: idiot reponse Patrick Schultz (Feb 26)
I've also seen employees leaving companies and their addresses being rerouted to the support mailbox.

Re: idiot reponse Mark Rousell (Feb 26)
This (or what it appears to be) is happening on an increasing number of
mail lists. It's not many but it's there I don't know who is behind it
or why, but it's an increasing annoyance.

This is a quick summary of what seems to be happening:
(1) A legitimate company's or organisation's helpdesk email address is
signed up to a mail list like this one.
(2) Every time someone posts to the list, they receive an automated...

Re: idiot reponse J. Hellenthal via NANOG (Feb 26)
Wtf kinda one word response is that lol

Re: idiot reponse Selphie Keller (Feb 26)
postfix =)

/^From: .*@electricforestfestival\.com/ DISCARD

Re: Hi-Rise Building Fiber Suggestions Nick Hilliard (Feb 26)
Randy Bush wrote on 26/02/2020 16:14:

in-cabinet multimode can make sense, as long as you keep the stock types
contained, i.e. highly restricted number of transceiver and cable types.
SR4 + MTP vs LR4 + SMF is a good example here.

Nick

Re: Hi-Rise Building Fiber Suggestions Simon Leinen (Feb 26)
Randy Bush writes:

No, 3m is totally fine for passive DAC, never had any issues with those.
(5m should also be fine, we just have less experience with that because
most we use DAC mostly for server/ToR cabling, usually using QSFP(28) to
SFP+/SFP28 break-out cables.)

Re: IPv6 for Verizon FIOS Christopher Morrow (Feb 26)
Yea, it's clearly enabled 'somewhere' (most likely on a few select
edge devices: "GWR" role).
It's enabled for Joe... nor for me (in Reston, va)... I can tcpdump my
edge interface all day long I see zero ip6 packets.

"not deployed"
"in a test setup"
"for 2 yrs means zero plan to actually deploy"

#hopeisnotanoption

Re: IPv6 for Verizon FIOS j k (Feb 26)
In Ashburn, VA, Dynamic user, with Ubiquity router performing a proper
DHCPv6 request for over 3 years. Documented on my Security Onion server
showing no response.

Joe Klein

Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

Risks Digest 31.59 RISKS List Owner (Feb 21)
RISKS-LIST: Risks-Forum Digest Friday 21 February 2020 Volume 31 : Issue 59

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.59>
The current issue can also be found at
<...

Risks Digest 31.58 RISKS List Owner (Feb 15)
RISKS-LIST: Risks-Forum Digest Saturday 15 February 2020 Volume 31 : Issue 58

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.58>
The current issue can also be found at
<...

Risks Digest 31.57 RISKS List Owner (Feb 10)
RISKS-LIST: Risks-Forum Digest Monday 10 February 2020 Volume 31 : Issue 57

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.57>
The current issue can also be found at
<...

Risks Digest 31.56 RISKS List Owner (Feb 04)
RISKS-LIST: Risks-Forum Digest Tuesday 4 February 2020 Volume 31 : Issue 56

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.56>
The current issue can also be...

Risks Digest 31.55 RISKS List Owner (Jan 31)
RISKS-LIST: Risks-Forum Digest Friday 31 January 2020 Volume 31 : Issue 55

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.55>
The current issue can also be...

Risks Digest 31.54 RISKS List Owner (Jan 28)
RISKS-LIST: Risks-Forum Digest Tuesday 28 January 2020 Volume 31 : Issue 54

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.54>
The current issue can also be...

Risks Digest 31.48 RISKS List Owner (Nov 25)
RISKS-LIST: Risks-Forum Digest Monday 25 November 2019 Volume 31 : Issue 48

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.48>
The current issue can also be...

Risks Digest 31.47 RISKS List Owner (Nov 12)
RISKS-LIST: Risks-Forum Digest Tuesday 12 November 2019 Volume 31 : Issue 47

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.47>
The current issue can also...

Risks Digest 31.46 RISKS List Owner (Oct 21)
RISKS-LIST: Risks-Forum Digest Monday 21 October 2019 Volume 31 : Issue 46

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.46>
The current issue can also be...

Risks Digest 31.45 RISKS List Owner (Oct 07)
RISKS-LIST: Risks-Forum Digest Monday 7 October 2019 Volume 31 : Issue 45

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.45>
The current issue can also be...

Risks Digest 31.44 RISKS List Owner (Oct 02)
RISKS-LIST: Risks-Forum Digest Wednesday 2 October 2019 Volume 31 : Issue 44

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.44>
The current issue can also...

BreachExchange — BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.

Open Source Tool Development

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

Re: [GSOC 2020] - Álvaro Berdote - "SSH Decryption Support" Peter Wu (Mar 01)
Hi Álvaro,

Thank you for your introduction, and welcome :-)

I raised it to a few others already, but the SSH decryption project is
quite popular. Would there be other topics that would interest you as
well? Have you used Wireshark before, and noticed that something else
needed improvement?

Re: Regarding GSoC 2020 - User interface accessibility improvements Project Peter Wu (Mar 01)
Hi Deepanshu,

I already replied in private, but basically it is up to you to write a
fuller proposal. The User interface accessibility improvements project
is quite generic, and would benefit from a proposal that shows an
understanding in the area. Perhaps you know something from your personal
perspective that makes you more aware of accessibility issues?

Further in the stage, I would recommend reading...

[GSOC 2020] - Álvaro Berdote - "SSH Decryption Support" Marc Marc (Feb 29)
Good morning to everyone, my name is *Álvaro** Berdote **Jiménez*, I am
from Madrid (Spain) and I would like to introduce myself in this Community.

I am a Computer Engineering student, who is mainly interested in security
and networking area.

Recently, I read about the *Google Summer of Code (GSOC)*, and when I saw
that Wireshark was a participating organization in the program, I knew it
would be the perfect opportunity to start contributing...

Regarding GSoC 2020 - User interface accessibility improvements Project Deepanshu Chauhan (Feb 29)
Hello,

I am Deepanshu Singh Chauhan, a Third-year Information Technology
student at Guru Gobind Singh Indraprastha University-Delhi, India. I am
interested in working on the User interface accessibility improvement
Project for GSoC 2020. I have a good understanding of
basic QT and the C&C++ programming language. I have developed a small
project in QT earlier and I have gone through the Wireshark Bug Database
for QT UI.
Please let me know how...

Wireshark 2.6.15 is now available Wireshark announcements (Feb 28)
I'm proud to announce the release of Wireshark 2.6.15.

What is Wireshark?

Wireshark is the world’s most popular network protocol analyzer. It is
used for troubleshooting, analysis, development and education.

What’s New

Bug Fixes

• wnpa-sec-2020-03[1] LTE RRC dissector memory leak. Bug 16341[2].

• wnpa-sec-2020-04[3] WiMax DLMAP dissector crash. Bug 16368[4].

• wnpa-sec-2020-05[5] EAP dissector crash....

Re: Forming exported pdu for MAC-NR. Vikas Theng (Feb 28)
Thanks for your help.

Re: Forming exported pdu for MAC-NR. Pascal Quantin (Feb 28)
Hi Vikas,

Le ven. 28 févr. 2020 à 10:43, Vikas Theng <thengvikas2017 () gmail com> a
écrit :

I already explained you what was wrong in
https://www.wireshark.org/lists/wireshark-users/202002/msg00007.html and
https://www.wireshark.org/lists/wireshark-users/202002/msg00009.html. See
the attached pcap for an example that should help you getting autonomous.
Ensure that the mac_nr_udp heuristic dissector is activated (Analyze ->
Enabled...

Re: Forming exported pdu for MAC-NR. Vikas Theng (Feb 28)
Hello al,
I am trying to form mac-nr exported pdu. but getting some warning " Can't
dissect NR MAC frame because no per-frame info was attached!". same warning
for both heuristics and without heuristics. Help me regarding this issue.
please find attachment.

On Fri, Feb 28, 2020 at 10:16 AM Vikas Theng <thengvikas2017 () gmail com>
wrote:

Forming exported pdu for MAC-NR. Vikas Theng (Feb 27)
Hello all,
I need to form exported pdu for mac-nr. any possible help is appreciated.

Wireshark 3.0.9 is now available Wireshark announcements (Feb 26)
I'm proud to announce the release of Wireshark 3.0.9.

What is Wireshark?

What’s New

Bug Fixes

The following vulnerabilities have been fixed:

• wnpa-sec-2020-03[1] LTE RRC dissector memory leak. Bug 16341[2].

• wnpa-sec-2020-04[3] WiMax DLMAP dissector crash. Bug 16368[4].

• wnpa-sec-2020-05[5] EAP dissector crash. Bug 16397[6].

The following bugs have been fixed:

• Wireshark fails to build...

Wireshark 3.2.2 is now available Wireshark announcements (Feb 26)
I'm proud to announce the release of Wireshark 3.2.2.

What is Wireshark?

Wireshark is the world’s most popular network protocol analyzer. It is
used for troubleshooting, analysis, development and education.

What’s New

Automatic updates were inadvertently disabled in the Wireshark 3.2.1
64-bit and 32-bit Windows installers. If you’re running Wireshark
3.2.1 on Windows you will have to update to a later version manually....

Wireshark 3.2.2 is now available Gerald Combs (Feb 26)
I'm proud to announce the release of Wireshark 3.2.2.

What is Wireshark?

Wireshark is the world’s most popular network protocol analyzer. It is
used for troubleshooting, analysis, development and education.

What’s New

Automatic updates were inadvertently disabled in the Wireshark 3.2.1
64-bit and 32-bit Windows installers. If you’re running Wireshark
3.2.1 on Windows you will have to update to a later version manually....

Re: issue regarding run-time heuristic dissecting NR -RRC . Pascal Quantin (Feb 26)
Hi,

Le mer. 26 févr. 2020 à 20:22, Vikas Theng <thengvikas2017 () gmail com> a
écrit :

Obviously you are doing something wrong but as you did not share any info,
you will have to investigate it by yourself. For example the mac-nr
screenshot shows a framing over UDP and not an exported PDU format.
Fortunately you should have everything in hands to fix it.

Best regards.

Re: issue regarding run-time heuristic dissecting NR -RRC . Vikas Theng (Feb 26)
In run-time it is dissects it as a mac nr completely. (see attachment ).
but I when dumping it in .txt file and doing text2pacp -l 252 dummy.txt
dummy.pcapng it is not able to dissect it properly. same thing I did for
RRC NR. for RRC NR it is working fine( see attachment ). for MAC NR I want
it as exported pdu. why run-time it is dissecting and while dumping in to
file it is failing.

Re: Regarding GSoC 2020 Peter Wu (Feb 26)
Hi Arzoo,

I have already replied to your private mail. About the SSH decryption
project, and writing a good proposal, see also my reply here:
https://www.wireshark.org/lists/wireshark-dev/202002/msg00044.html

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

buy Trust Flow 30+ backlinks Kaden (Mar 01)
Buy links that have Trust Flow 30+

http://www.str8-creative.io/product/trust-flow-30-links/

fw: help me remove bad articles from google Earlene Humber (Feb 29)
Remove those annoying ripoff reports or even trustpilot reviews, scam
advisor reviews
clean up your reputation
http://monkeydigital.tk/product/reputation-management/

regards
Earlene Humber

http://monkeydigital.tk/unsubscribe/

Re: Building Extra against Snort 3 build 268 Y M via Snort-devel (Feb 28)
Great, it successfully builds now. Thank you Michael.
________________________________
From: Snort-devel <snort-devel-bounces () lists snort org> on behalf of Michael Altizer (mialtize) via Snort-devel
<snort-devel () lists snort org>
Sent: Friday, February 28, 2020 7:31 PM
To: snort-devel () lists snort org <snort-devel () lists snort org>
Subject: Re: [Snort-devel] Building Extra against Snort 3 build 268

Should be fixed...

Re: [Emerging-Sigs] DCSYNC rule James Lay via Snort-sigs (Feb 28)
Thanks Kevin!

James

Re: Building Extra against Snort 3 build 268 Michael Altizer (mialtize) via Snort-devel (Feb 28)
Should be fixed now. Thanks for pointing this out.

Thank you, Shravan!

YM
________________________________
From: Shravan Rangarajuvenkata (shrarang) <shrarang () cisco com><mailto:shrarang () cisco com>
Sent: Friday, February 28, 2020 6:36 PM
To: Y M <snort () outlook com><mailto:snort () outlook com>; snort-devel () lists snort org<mailto:snort-devel () lists
snort org> <snort-devel () lists snort org><...

Re: Building Extra against Snort 3 build 268 Y M via Snort-devel (Feb 28)
Thank you, Shravan!

YM
________________________________
From: Shravan Rangarajuvenkata (shrarang) <shrarang () cisco com>
Sent: Friday, February 28, 2020 6:36 PM
To: Y M <snort () outlook com>; snort-devel () lists snort org <snort-devel () lists snort org>
Subject: Re: [Snort-devel] Building Extra against Snort 3 build 268

snort3_extra on github has not been updated for the past 3 months. We will soon push a new update....

DCSYNC rule James Lay via Snort-sigs (Feb 28)
Anyone know if this was updated?

https://blog.didierstevens.com/2017/10/08/quickpost-mimikatz-dcsync-detection/

IN a recent engagement I did not see this hit. Thank you!

James

Re: Building Extra against Snort 3 build 268 Shravan Rangarajuvenkata (shrarang) via Snort-devel (Feb 28)
snort3_extra on github has not been updated for the past 3 months. We will soon push a new update. Thanks for bringing
this to our notice!

Thanks,
Shravan

From: Snort-devel <snort-devel-bounces () lists snort org> on behalf of Y M via Snort-devel <snort-devel () lists snort
org>
Reply-To: Y M <snort () outlook com>
Date: Friday, February 28, 2020 at 10:06 AM
To: "snort-devel () lists snort org" <snort-devel ()...

Building Extra against Snort 3 build 268 Y M via Snort-devel (Feb 28)
Hello,

I am getting an error building Extra against Snort 3 build 268. Reviewing the changelog, its looks like there have a
number of changes to appid relating to third-party. Is there away to get this build successfully?

Thank you.

OS:
CentOS 8.1

Snort 3 build command:
./configure_cmake.sh --prefix=/opt/snort --enable-tcmalloc --enable-shell --enable-large-pcap

Extra build command:
./configure_cmake.sh --prefix=/opt/snort/extra

Error:...

Is Alexa Rank important? Sunny Kroner (Feb 28)
hi there
yes it trully is, check your actual rank here
http://alexa.com/siteinfo/seclists.org

then let us improve it with any of these services below

https://www.topseoexperts.co/index.php/alexa-rank-packages/

thanks and regards
Sunny Kroner

http://www.topseoexperts.co/unsubscribe/

Re: snort seems to stop working after first hit of drop rule Stefan Mayer (Feb 27)
Hi again.

I was mistaken, snort is still not working. I tested it with two machines, one with snort from ubuntu 18.04 LTS repo,
and one with current sources, compiled from scratch.

There'a one packet in particular, coming every 100ms that I want to drop. The only rule that might apply here is the
content rule, matching against the first four bytes being 45670123, like described in my original mail.

Snort hits the rule once, does not...

Snort Subscriber Rules Update 2020-02-27 Research (Feb 27)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the indicator-scan,
malware-cnc and server-webapp rule sets to provide coverage for
emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2020-02-26 Research (Feb 26)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the browser-chrome,
malware-cnc, malware-other, os-mobile, policy-other and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2020-02-25 Research (Feb 25)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-identify,
file-image, file-office, file-pdf, indicator-obfuscation, malware-cnc,
malware-other, os-windows, policy-other, protocol-other, protocol-rpc
and server-webapp rule sets to provide coverage for emerging threats
from these technologies.

For a complete list of new and...

re: I need social traffic fast Viva Reber � (Feb 24)
hi
lists-snort-sigs

here it is, social website traffic:
http://www.mgdots.co/detail.php?id=113

Full details attached

Regards
Viva Reber

Unsubscribe option is available on the footer of our website

More Lists

Related Resources

We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.