SecLists.Org Security Mailing List Archive

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe to nmap-dev here.

• Previous Quarter
• Archived Posts
• RSS Feed
• About List
• nmap-devLatest Posts

libnsock ssl_init_helper(): OpenSSL legacy provider failed to load. Peter Jones (Sep 14)
Hi,

My OS is Windows 11 21H2 - 22000.978

I installed ncat and get this error when sending a file:

C:\Users\Peter Jones\Downloads\sjasmplus-1.20.1.win\sjasmplus-1.20.1.win>ncat 192.168.1.111 <output.bin
libnsock ssl_init_helper(): OpenSSL legacy provider failed to load.

Ncat: No connection could be made because the target machine actively refused it. .

C:\Users\Peter Jones\Downloads\sjasmplus-1.20.1.win\sjasmplus-1.20.1.win>winver...

Live Capture Performance to Rival Wireshark Matthew Davis (Sep 12)
Hello.

The project I work on is a Windows-only, 64-bit-only application that
collects and processes application layer messages across various
system-specific protocols. Our legacy application used the old Windows raw
socket mechanism (before migrating to WinPcap 4.1.3) to read the packets
off the wire. Our revamped application is using the OEM version of Npcap
with MUCH better success.

However...

A recent survey of our log files from the...

Re: Nmap 7.93 - 25th Anniversary Release! - build failures Kevin Brott (Sep 12)
Debian 11.4 ...
# gmake
....
gmake[1]: Entering directory '/usr/src/LOCAL/NMAP/nmap-7.93/ncat'
gcc -o ncat -g -O2 -Wall   ncat_main.o ncat_connect.o ncat_core.o ncat_posix.o ncat_listen.o ncat_proxy.o ncat_ssl.o
base64.o http.o util.o sys_wrap.o http_digest.o ncat_lua.o ../nsock/src/libnsock.a ../nbase/libnbase.a -lssl -lcrypto
-lpcap -lm -llua5.3 -ldl
/usr/bin/ld: http_digest.o: in function `make_nonce':...

Zenmap scan commands on Automotive ECU Ilin, Adrian Robert (Sep 12)
Information Classification: Internal

Hello,

Zenmap version 7.92
Operating System Windows 10
We connected an automotive ECU to the laptop using the RadMoon2 media converter.
https://intrepidcs.com/products/automotive-ethernet-tools/rad-moon2/
We are able to see the messages from the ECU in WireShark (messages from 172.16.4.200, 172.16.201.200, 172.16.202.200)
- see the attached log.
We run these commands in Zenmap:...

ncat: perform half-duplex shutdown upon EOF James Stanley (Sep 12)
I have submitted a pull request on github:
https://github.com/nmap/nmap/pull/2510

The summary is:

Previously, |netexec()| would cease all communication as soon as it read EOF
from either the child proces *or* the remote side. This meant (for example)
when the other end of the TCP socket calls |shutdown(fd, SHUT_WR)|, the
child
process doesn't get a chance to send any more response, drain its
buffers, etc.

The new behaviour is to...

Re: Nmap 7.93 - 25th Anniversary Release! - build failures Kevin Brott (Sep 01)
Debian 11.4 ...
# gmake
....
gmake[1]: Entering directory '/usr/src/LOCAL/NMAP/nmap-7.93/ncat'
gcc -o ncat -g -O2 -Wall   ncat_main.o ncat_connect.o ncat_core.o ncat_posix.o ncat_listen.o ncat_proxy.o ncat_ssl.o
base64.o http.o util.o sys_wrap.o http_digest.o ncat_lua.o ../nsock/src/libnsock.a ../nbase/libnbase.a -lssl -lcrypto
-lpcap -lm -llua5.3 -ldl
/usr/bin/ld: http_digest.o: in function `make_nonce':...

Re: ncat: Windows build difficulties David Fifield (Aug 15)
It's strange that there haven't been other reports of the same problem,
but the way to file a bug report is with a GitHub issue:
https://github.com/nmap/nmap/blob/d66644be63e64a94687160da005d65cbf0b51280/CONTRIBUTING.md#bug

Re: ncat: Windows build difficulties Adam Baxter (Aug 11)
Interestingly, https://github.com/microsoft/vcpkg/tree/master/ports/nmap carries a number of patches which might be
useful here upstream, too.

--Adam

Re: ncat: Windows build difficulties Adam Baxter (Aug 11)
Hi David,

Good catch, thanks. At the time of writing, "CompileAsCpp" is set in 3 places in
https://svn.nmap.org/nmap/ncat/ncat.vcxproj. What's the process to get this changed?

--Adam

Re: ncat: Windows build difficulties David Fifield (Aug 11)
I think this error occurs when trying to compile C code with a C++
compiler. The pointer conversion is implicit in C but must be explicit
in C++.

I'm not sure how the C++ compiler came to be used, though—maybe check
the changes you made to the solution file.

ncat: Windows build difficulties Adam Baxter (Aug 11)
Hi,
I'm attempting to build ncat statically for Windows using VS2022 and I've run into the following issues:
* applink.c missing from static build of openssl 3.0.5 - fixed by downloading
https://github.com/openssl/openssl/blob/master/ms/applink.c into the correct path

* vcxproj/sln file not set up to build ncat for x64 - fixed by fiddling with the solution configuration. I'm not sure
how this was generated but I could provide a...

Report a Bug of Zenmap zjjncsn via dev (Aug 10)
????7.92(????)
??????Nmap??????????Nmap??????????????????????????????????????????Nmap????????????????????????????????????????????

version 7.92(Chinese)
When I'm in nmap output tab, it can display normally. But once I&nbsp;switch to another tab and switch back, it can't
display. And the output box will be gray. (Look at the video.)
Sorry for my poor English.

Shining&nbsp;Chen
zjjncsn () qq com...

Re: Nmap uses PCRE library and scan tool report one vulnerability CVE-2022-1586 & CVE-2022-1587 to PCRE2 library Gordon Fyodor Lyon (Jun 20)
Hi Shivani. Thanks for the report. Those two vulnerabilities are in the
PCRE2 (2nd generation) PCRE library. Although we plan to upgrade to PCRE2
soon, Nmap is currently still using the 1st generation PCRE which is not
susceptible to these bugs. When we do upgrade, we will be sure to use a
fixed version of PCRE2.

Also, Nmap version 4.6 and 5.21 are ancient and well worth upgrading for
other reasons.

On Mon, Jun 20, 2022 at 1:47 PM Sharma,...

Nmap uses PCRE library and scan tool report one vulnerability CVE-2022-1586 & CVE-2022-1587 to PCRE2 library Sharma, Shivani via dev (Jun 20)
Hi Team,
We are using Nmap 4.6 and 5.21 in our project and scan tool reports one vulnerability to Nmap which is related to PCRE2.
As per vulnerabilities ,CVE-2022-1586: This involves a unicode property matching issue in JIT-compiled regular
expressions. The issue occurs because the character was not fully read in case-less matching within JIT.
CVE-2022-1587: This comes with PCRE2 library in the get_recurse_data_length() function of the...

dhcp script not being seen as open? Mike . (Jun 20)
was testing with my router today i noticed this. sent out a dhcp OFFER i am assuming that is what the script is
sending out, and i notice i get back OPEN/FILTERED. if i am receiving a reply back, why is nmap not seeing this,
marking that as such, and calling it OPEN? it is receiving a valid packet response. am i missing something? here is the
output>

from the nmap side of the NSE debug on

NSE: Script scanning 192.168.0.1.
Initiating NSE...

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe to stay informed.

• Current Year
• Archived Posts
• RSS Feed
• About List
• nmap-announceLatest Posts

Nmap 7.93 - 25th Anniversary Release! Gordon Fyodor Lyon (Sep 01)
Dear Nmap community,

Twenty five years ago today, I released the first version of Nmap in a
Phrack article named The Art of Port Scanning (https://nmap.org/p51-11.html).
I never thought I'd still be at it a quarter of a century later, but that's
because I also didn't anticipate such a wonderful community of users and
contributors spanning those decades. You've helped Nmap blossom from a
fairly simple port scanner to a...

Npcap Versions 1.70 and 1.71 improve Windows packet capturing performance, stability, security, and compatibility Gordon Fyodor Lyon (Sep 01)
Hello folks. While the Nmap Project has been quiet lately (this is my
first post of the year), I'm happy to share some great progress on both
Nmap and Npcap development. Starting with our Npcap Windows packet
capturing/sending library, I'm happy to report that we quietly released
Version 1.70 in June and then 1.71 on August 19. They include many key
improvements:

* Performance: A major overhaul of Packet.dll sped up routines that...

Npcap 1.60 Release: Code Hardening, Compatibility, and Bug Fixes Gordon Fyodor Lyon (Dec 08)
Hi Nmap (and Npcap) hackers! I hope you're enjoying the start of the
holidays. For your first stocking stuffer, we're happy to release Npcap
Version 1.60! We also released (but never actually announced) Version 1.55
in September. We put out Versions 1.12 and 1.11 of the SDK too. None of
these try to wow you with major new features. We're excited about a lot of
those in the pipeline, but we focused the last few months on...

Nmap 7.92 Defcon Release! Gordon Fyodor Lyon (Aug 07)
Hi folks. Many of us can't attend Defcon in person this year due to global
pandemic, but we won't let that stop our traditional Defcon Nmap release!
We just posted Nmap 7.92 to https://nmap.org/download.html. It includes
dozens of performance improvements, feature enhancements, and bug fixes
that we've made over the last 10 months.

The biggest improvement (at least for Windows users) is the inclusion of
version 1.50 of Npcap (...

Npcap 1.50 Release Brings Nmap & Wireshark to Windows ARM devices Gordon Fyodor Lyon (Jun 28)
Hi folks. The Nmap Project is pleased to release Npcap version 1.50 at
https://npcap.org. There are many improvements in this release, but the
one we're most excited about is support for the ARM architecture! This
allows apps like Nmap and Wireshark to run for the first time on a newer
generation of hardware which often includes all-day battery life and
always-on LTE/5G capabilities. Devices vary from the $349 Samsung Galaxy
Book Go...

Npcap 1.30 Released: Raw WiFi + Better Performance Gordon Fyodor Lyon (Apr 12)
Hi folks. The Nmap Project is pleased to release Npcap Version 1.30 at
https://npcap.org. We hope Nmap and Wireshark users will be especially
happy with the raw WiFi improvements, since you tend to be particularly
savvy about low-level network inspection. It turns out that some of the
issues we thought were caused by lower level hardware drivers were actually
bugs in our driver. Oops! But at least that means we can fix them
ourselves, and we did....

Npcap 1.20 released Gordon Fyodor Lyon (Mar 16)
Nmap/Npcap Community:

I'm happy to report the release of version 1.20 of the Npcap Windows packet
capturing/sending driver! It's the first release of 2021 and includes
better capabilities for selecting timestamp methods as well as many other
improvements and bug fixes. These include updating the underlying libpcap
library to version 1.10 and building our installer now with NSIS 3. More
details on all this are available from the...

Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

• Previous Month
• Archived Posts
• RSS Feed
• About List
• fulldisclosureLatest Posts

APPLE-SA-2022-10-27-15 Additional information for APPLE-SA-2022-10-24-7 Safari 16.1 Apple Product Security via Fulldisclosure (Oct 30)
APPLE-SA-2022-10-27-15 Additional information for APPLE-SA-2022-10-24-7 Safari 16.1

Safari 16.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213495.

WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: The issue was addressed with improved UI handling.
WebKit Bugzilla: 243693...

APPLE-SA-2022-10-27-14 Additional information for APPLE-SA-2022-09-12-5 Safari 16 Apple Product Security via Fulldisclosure (Oct 30)
APPLE-SA-2022-10-27-14 Additional information for APPLE-SA-2022-09-12-5 Safari 16

Safari 16 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213442.

Safari Extensions
Available for: macOS Big Sur and macOS Monterey
Impact: A website may be able to track users through Safari web
extensions
Description: A logic issue was addressed with improved state
management.
WebKit...

APPLE-SA-2022-10-27-13 watchOS 9 Apple Product Security via Fulldisclosure (Oct 30)
APPLE-SA-2022-10-27-13 watchOS 9

watchOS 9 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213486.

Accelerate Framework
Available for: Apple Watch Series 4 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2022-42795: ryuzaki

AppleAVD...

APPLE-SA-2022-10-27-12 Additional information for APPLE-SA-2022-10-24-5 watchOS 9.1 Apple Product Security via Fulldisclosure (Oct 30)
APPLE-SA-2022-10-27-12 Additional information for APPLE-SA-2022-10-24-5 watchOS 9.1

watchOS 9.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213491.

AppleMobileFileIntegrity
Available for: Apple Watch Series 4 and later
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements....

APPLE-SA-2022-10-27-11 tvOS 16 Apple Product Security via Fulldisclosure (Oct 30)
APPLE-SA-2022-10-27-11 tvOS 16

tvOS 16 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213487.

Accelerate Framework
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2022-42795:...

APPLE-SA-2022-10-27-10 Additional information for APPLE-SA-2022-10-24-6 tvOS 16.1 Apple Product Security via Fulldisclosure (Oct 30)
APPLE-SA-2022-10-27-10 Additional information for APPLE-SA-2022-10-24-6 tvOS 16.1

tvOS 16.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213492.

AppleMobileFileIntegrity
Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple
TV HD
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing...

APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7 Apple Product Security via Fulldisclosure (Oct 30)
APPLE-SA-2022-10-27-9 Additional information for APPLE-SA-2022-09-12-3 macOS Big Sur 11.7

macOS Big Sur 11.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213443.

AppleMobileFileIntegrity
Available for: macOS Big Sur
Impact: An app may be able to access user-sensitive data
Description: An issue in code signature validation was addressed with
improved checks....

APPLE-SA-2022-10-27-8 Additional information for APPLE-SA-2022-10-24-4 macOS Big Sur 11.7.1 Apple Product Security via Fulldisclosure (Oct 30)
APPLE-SA-2022-10-27-8 Additional information for APPLE-SA-2022-10-24-4 macOS Big Sur 11.7.1

macOS Big Sur 11.7.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213493.

AppleMobileFileIntegrity
Available for: macOS Big Sur
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements....

APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6 Apple Product Security via Fulldisclosure (Oct 30)
APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6

macOS Monterey 12.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213444.

AppleMobileFileIntegrity
Available for: macOS Monterey
Impact: An app may be able to access user-sensitive data
Description: An issue in code signature validation was addressed with
improved checks....

APPLE-SA-2022-10-27-6 Additional information for APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1 Apple Product Security via Fulldisclosure (Oct 30)
APPLE-SA-2022-10-27-6 Additional information for APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1

macOS Monterey 12.6.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213494.

AppleMobileFileIntegrity
Available for: macOS Monterey
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements....

APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13 Apple Product Security via Fulldisclosure (Oct 30)
APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13

macOS Ventura 13 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213488.

Accelerate Framework
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac...

APPLE-SA-2022-10-27-4 Additional information for APPLE-SA-2022-09-12-2 iOS 15.7 and iPadOS 15.7 Apple Product Security via Fulldisclosure (Oct 30)
APPLE-SA-2022-10-27-4 Additional information for APPLE-SA-2022-09-12-2 iOS 15.7 and iPadOS 15.7

iOS 15.7 and iPadOS 15.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213445.

Apple Neural Engine
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An...

APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16 Apple Product Security via Fulldisclosure (Oct 30)
APPLE-SA-2022-10-27-3 Additional information for APPLE-SA-2022-09-12-1 iOS 16

iOS 16 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213446.

Accelerate Framework
Available for: iPhone 8 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory consumption issue was addressed with improved
memory handling....

APPLE-SA-2022-10-27-2 Additional information for APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16 Apple Product Security via Fulldisclosure (Oct 30)
APPLE-SA-2022-10-27-2 Additional information for APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16

iOS 16.1 and iPadOS 16 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213489.

Apple Neural Engine
Available for: iPhone 8 and later, iPad Pro (all models), iPad Air
3rd generation and later, iPad 5th generation and later, iPad mini
5th generation and later
Impact: An app may be...

APPLE-SA-2022-10-27-1 iOS 15.7.1 and iPadOS 15.7.1 Apple Product Security via Fulldisclosure (Oct 30)
APPLE-SA-2022-10-27-1 iOS 15.7.1 and iPadOS 15.7.1

iOS 15.7.1 and iPadOS 15.7.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213490.

Apple Neural Engine
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An app may be able to execute arbitrary code...

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

• Archived Posts
• RSS Feed
• About List

Security Basics — A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.

• Archived Posts
• RSS Feed
• About List

Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.

• Archived Posts
• RSS Feed
• About List

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

• Archived Posts
• RSS Feed
• About List

Firewall Wizards — Tips and tricks for firewall administrators

• Archived Posts
• RSS Feed
• About List

IDS Focus — Technical discussion about Intrusion Detection Systems. You can also read the archives of a previous IDS list

• Archived Posts
• RSS Feed
• About List

Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

• Archived Posts
• RSS Feed
• About List

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

• Previous Quarter
• Archived Posts
• RSS Feed
• About List
• dailydaveLatest Posts

Chapter 2 Dave Aitel via Dailydave (Sep 04)
(Note, this is a continuation of our previous story chapter since sometimes
it's more fun to read fiction than to wonder what's going on these days
with Cloudflare or whatever.

https://lists.aitelfoundation.org/archives/list/dailydave () lists aitelfoundation
org/thread/GAPKL6MWOQ6S2K3DN32FHBOHHT7KNEBZ/
)

Chapter 2

Re: "Market Failures" Bryan Buckman via Dailydave (Aug 29)
"And as critical as Twitter is, we have the exact same dynamic with
our privatized water and power companies - who have no plans to make
strategic investments in security or anything really - which is why on
public calls you can hear them humiliating themselves asking Jen
Easterly to absorb the entire costs of their security programs. "

Long time lurker, first time poster. This hits me where I live because
I run a Red Team for a large...

Re: "Market Failures" Haroon Meer via Dailydave (Aug 25)
Heya(s)

I knew if i did this long enough, i'd find a discussion where i disagreed
with Halvar..

We've been talking about the market-failure in infosec for a while. If
anyone is bored, we once gave an entire talk titled "The products we
deserve" which some smart people said doesn't suck (
https://youtu.be/GHuQC1qLnJ4)

When I started optimyze, a lot of my acquaintances asked me: "Why not a

I deeply believe this is...

Re: "Market Failures" Jhonatan via Dailydave (Aug 25)
Good morning everyone, greetings from Bogota DC, Colombia.

I consider that for the government is cheaper to make a deal with a
software company to install a backdoor in their products in order to
"improve the service or whatever" or "terms and conditions... etc..." as
opposed to paying millions of dollars for a zero day vulnerability in the
most used products by users in the world, Microsoft Windows, Adobe,
Microsoft Office,...

Re: "Market Failures" Nathan Landon via Dailydave (Aug 25)
This reasoning is similar to why selling iOS 0-days for a million dollars a pop for a talented computer scientist is
not the most economically appealing choice when you can potentially build and sell a neat $1 app to 100 million people.

Re: "Market Failures" Konrads Klints via Dailydave (Aug 25)
I couldn't quite figure out where Dave was mistaken with his "market failure" analogy - instinctively it didn't feel
right. Twitter's market is selling customer data and attention to advertisers and as long as the a) platform is up b)
eyes are peeled to the feed, the market is working[1]; i.e. they don't need better security.

What we are facing however is a "policy market failure", meaning that Internet...

Re: "Market Failures" Arun Koshy via Dailydave (Aug 25)
mic-drop moment , if there ever was one. And folks who have played
this game from about the time of the old h/p/v groups realize this "
law " [1]

[1] -
https://www.reuters.com/article/us-whatsapp-w00w00/elite-security-posse-fostered-founders-of-whatsapp-napster-idUSBREA260KF20140307

Re: "Market Failures" Thomas Dullien via Dailydave (Aug 24)
Hey all,

2022 is a year in which I post to Dailydave *at least twice*. This hasn't
happened in a while.

Dave's last paragraph hits on something that I have repeated to startup
founders and other folks in security for the last few years. When I started
optimyze, a lot of my acquaintances asked me: "Why not a security
company?". And my reply was always a variant of the following:

In B2B, there are three categories of product,...

"Market Failures" Dave Aitel via Dailydave (Aug 24)
If you were at a talk at Defcon this year in the Policy track, you probably
heard someone talk about how they, as a government official, are there to
address "market failures". And immediately you thought: This is a load of
nonsense.

Because that government official is not allowed to, and has no intentions
of, addressing any market failures whatsoever. If the Government was going
to address market failures, they'd have to find...

Re: Defcon 30 Konrads Klints via Dailydave (Aug 23)
But then, who is great at giving career advice? Some things change very slowly - your basic advice how to get along in
any corporation remains probably the same - fit into the culture, network within and outside, be moderately
disagreeable, avoid ethnic humor, etc. About the same as in 1990s.

Some thing change: people I interview for jobs for junior to mid-senior roles in cyber security (consulting) largely do
well or poorly based on three...

Re: Phase changes in international relations Konrads Klints via Dailydave (Aug 23)
William Gibson’s transition from the bridge cycle and Johnny Mnemonic with its meta verse-cyberspace to Blue Ant cycle
with it’s careful amplification of trends through nudges etc captures this beautifully

Re: Phase changes in international relations Pukhraj Singh via Dailydave (Aug 22)
I am one of those people who find this problem so pressing that I have
side-lined my SIEM engineering job to pursue an international
relations degree. It has been an epiphany to say the least.

- The lack of empiricism in cyber policy has transformed it
into a credibility problem, centred around personalities. This problem
is not going away anytime soon.

- If it is going to remain a subjective discipline, then
there are...

Phase changes in international relations Dave Aitel via Dailydave (Aug 22)
Right now, there is a, to put it mildly, ongoing discussion between
proponents of coercion and deterrence in cyber policy, and adherents of a
new theory, called *persistent engagement.* Maybe the sum total of the
people in the argument is less than a thousand, but as academic circles go,
it heavily influences the US Defense Department and IC, and through that,
the rest of the world, so it is fun to watch. Also obviously it has added
to infosec...

Re: Defcon 30 Ken Pfeil via Dailydave (Aug 21)
As usual, Halvar, great thoughts to ponder.

I’m kind of fond of my glasses, although I’ve yet to hit the point of yelling “get off my lawn”. If you look back we
should be proud of what we’ve built (be it on stilts at times) but never lose sight of where that ship seems to be
sailing to.

A lot of us are at the “tail end” of our careers, with many building that career on “unmentionables”. It was good to us
then, fairly good...

Re: Defcon 30 Richard Thieme via Dailydave (Aug 21)
So well said. When I was given an “Uber contributor” acknowledgement last week after 26 years speaking at Def Con, it
felt like a “lifetime achievement award” and we all know what that means.

I just started the third book in the Möbius trilogy and have speeches slated so not done yet. But life is certainly
different in every way.

Thanks for saying that.

Sent from my iPad

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

• Archived Posts
• RSS Feed
• About List

Honeypots — Discussions about tracking attackers by setting up decoy honeypots or entire honeynet networks.

• Archived Posts
• RSS Feed
• About List

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

• Archived Posts
• RSS Feed
• About List

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

• Archived Posts
• RSS Feed
• About List

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

• Archived Posts
• RSS Feed
• About List

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

• Current Quarter
• Archived Posts
• RSS Feed
• About List
• oss-secLatest Posts

CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing Gary D. Gregory (Nov 04)
Description:

Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics.
However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be
abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the
resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.

This...

Multiple vulnerabilities affecting UYUNI/SUSE Manager Paolo Perego (Nov 04)
Hello list, during a scheduled audit for the UYUNI / SUSE Manager project, three
security issues were found and tracked with a CVE identifier.

1. Issues

1.1 CVE-2022-31255: directory path traversal vulnerability in
CobblerSnipperViewAction

When viewing cobbler autoinstallation snippet, it is possible to evade
from /var/lib/cobbler/snippet path using the "path" request parameter
and accessing files outside the webserver root...

WebKitGTK and WPE WebKit Security Advisory WSA-2022-0010 Carlos Alberto Lopez Perez (Nov 04)
------------------------------------------------------------------------
WebKitGTK and WPE WebKit Security Advisory WSA-2022-0010
------------------------------------------------------------------------

Date reported : November 04, 2022
Advisory ID : WSA-2022-0010
WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2022-0010.html
WPE WebKit Advisory URL :...

CVE-2022-37866: Apache Ivy: Ivy Path traversal Stefan Bodewig (Nov 04)
Severity: medium

Description:

When Apache Ivy downloads artifacts from a repository it stores them in
the local file system based on a user-supplied "pattern" that may
include placeholders for artifacts coordinates like the organisation,
module or version.

If said coordinates contain "../" sequences - which are valid characters
for Ivy coordinates in general - it is possible the artifacts are stored
outside of Ivy's...

CVE-2022-37865: Apache Ivy allow create/overwrite any file on the system Stefan Bodewig (Nov 04)
Severity: medium

Description:

With Apache Ivy 2.4.0 an optional packaging attribute has been
introduced that allows artifacts to be unpacked on the fly if they used
pack200 or zip packaging.

For artifacts using the "zip", "jar" or "war" packaging Ivy prior to
2.5.1 doesn't verify the target path when extracting the archive. An
archive containing absolute paths or paths that try to traverse
"upwards"...

Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Demi Marie Obenour (Nov 03)
-fno-strict-aliasing is definitely the right call. I use it pretty much
everywhere, as complying with the strict aliasing rules is often just
not worth the effort. I suspect that wl_container_of (used in every C
program using libwayland) may violate strict aliasing, and I am nearly
certain X11 clients do.

Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Sam James (Nov 03)
I should add - the LTO warnings with GCC here (-Wfree-nonheap-object) are possibly
false positives, but Clang doesn't emit them IIRC and I think it's a valuable
resource to dig into.

Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Sam James (Nov 03)
I'd like to thank the OpenSSL developers for being open to the
CI improvements I've been making lately.

Something I think that should be revisited is the priority
of undefined behaviour in the codebase.

Undefined behaviour can - and has [0][1] - led to misbehaviour
at runtime.

Part of living with "Modern C" is embracing the
techniques we have available to enhance compiler diagnostics
and detect problems. That includes LTO,...

Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Kurt H Maier (Nov 03)
Thanks, Nicola, that makes me feel a lot better about this thread.

khm

CVE-2022-33684: Apache Pulsar: Disabled Certificate Validation for OAuth Client Credential Requests makes C++/Python Clients vulnerable to MITM attack Michael Marshall (Nov 03)
Severity: high

Description:

The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client
Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. This vulnerability allows an
attacker to perform a man in the middle attack and intercept and/or modify the GET request that is sent to the
ClientCredentialFlow 'issuer url'. The intercepted credentials can...

Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Nicola Tuveri (Nov 03)
I can also add that at least this member of the OpenSSL Technical
Committee is following the discussion, and I believe I am not the only
one.

The feedback shared here on oss-security is read and carefully
considered, and I know it will be discussed within OTC to continue the
ongoing process of improving the OpenSSL project and its procedures.

I totally concur with Tavis Ormandy:

Personally, I'd like to thank you all for the feedback so...

Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Kurt H Maier (Nov 03)
I'm aware of your and Hanno's work. In the past it has not appeared
ex-post-facto in response to a thread where someone is trying to guess
which programming language theory would squash the bug. That's why I'm
expressing confusion. Feel free to ignore me.

khm

Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Tavis Ormandy (Nov 03)
Hanno and I have contributed months of programmer time on openssl
research and produced a ton of CRITICAL/HIGH issues over the years, not
to mention nss, gnutls, etc. What you're looking at isn't Monday-morning
quarterbacking on an unrelated list - this is active prolific opensource
security researchers discussing their opensource security work on the
opensource security mailing list :)

Tavis.

CVE-2022-32287: Apache UIMA prior to 3.3.1 has a path traversal vulnerability when extracting (PEAR) archives Richard Eckart de Castilho (Nov 03)
Severity: low

Description:

A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows
an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue
affects Apache UIMA Apache UIMA version 3.3.0 and prior versions.

Note that PEAR files should never be installed into an UIMA installation from untrusted sources because PEAR...

Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786) Neal H. Walfield (Nov 03)
If you are careless, then this can indeed result in a panic, but that
is not inevitable. Here's how I'd copy a buffer in Rust:

fn main() -> Result<(), anyhow::Error> {
let mut dest = vec![10; 0];
let source = vec![10; 1];
let dest_offset = 0;
let source_offset = 0;
let len = 11;

dest.get_mut(source_offset..source_offset+len)
.ok_or(anyhow::anyhow!("Index out of...

Secure Coding — The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.

• Archived Posts
• RSS Feed
• About List

Educause Security Discussion — Securing networks and computers in an academic environment.

• Archived Posts
• RSS Feed
• About List

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

• Current Month
• Archived Posts
• RSS Feed
• About List
• nanogLatest Posts

Weekly Global IPv4 Routing Table Report Routing Table Analysis Role Account (Nov 04)
This is an automated weekly mailing describing the state of the Global
IPv4 Routing Table as seen from APNIC's router in Japan.

The posting is sent to APOPS, NANOG, AfNOG, SANOG, PacNOG, SAFNOG
TZNOG, MENOG, BJNOG, SDNOG, CMNOG, LACNOG and the RIPE Routing WG.

Daily listings are sent to bgp-stats () lists apnic net.

For historical data, please see https://thyme.apnic.net.

If you have any comments please contact Philip Smith <pfsinoz...

RE: Jon Postel Re: 202210301538.AYC Vasilenko Eduard via NANOG (Nov 04)
I do not understand why you believe that only AD matters,
if the real management is done mostly by Chairs.
Ed/
-----Original Message-----
From: NANOG [mailto:nanog-bounces+vasilenko.eduard=huawei.com () nanog org] On Behalf Of Fred Baker
Sent: Friday, November 4, 2022 7:34 PM
To: Donald Eastlake <d3e3e3 () gmail com>
Cc: North American Network Operators' Group <nanog () nanog org>
Subject: Re: Jon Postel Re: 202210301538.AYC...

Re: Jon Postel Re: 202210301538.AYC Fred Baker (Nov 04)
Sent using a machine that autocorrects in interesting ways...

There were two such cases - Jeff Schiller and myself. The situation was that in 1997 (IIRC) we had four areas with a
single AD, and the IESG told the nomcom that the imbalance was strange. At its option, the nomcom could extend the term
of a sitting AD that wasn’t up for renewal/replacement by one year to even things out. They did. In 2001, I resigned,
and I think Jeff resigned...

Re: Jon Postel Re: 202210301538.AYC William Allen Simpson (Nov 04)
As I'd mentioned already, Randy Bush has also had some cogent thoughts
over the years. That's where I'd first heard this phrasing long ago.
Credit where credit is due.

I've been involved since 1979. Hostility to an ITU-style organization
arises from the earliest days of the NSFnet (which was government
funded), in part because ATT was using the existing standards bodies to
prevent the academic Internet itself from going...

bet365 contact Rafael Ganascim (Nov 04)
Anyone from bet365 on here or have contact details for them? We got
access denied from an entire ASN, and whois contacts and support
doesn't help.

Re: Understanding impact of RPKI and ROA on existing advertisements Randy Bush (Nov 03)
for the 312th time. origin validation was never designed to stop
attacks. it was designed to ameliorate mistakes.

if you want to use the rpki to reduce attacks, use bgpsec.

randy

RE: Understanding impact of RPKI and ROA on existing advertisements Jakob Heitz (jheitz) via NANOG (Nov 03)
There are a lot of ROAs out there that make it EASIER to hijack
a route rather than harder.

If you register an ROA for a route and also advertise that route
in BGP, then an attacker who prepends your ASN has to at least
compete with your route with an AS_PATH length and will lose
in most of the Internet (but not all of it).

However, if you don't advertise the route, then the attacker has nothing
to compete with and his prepended route will...

WATCH NOW | NANOG 86 Talks, NANOG U + "Internet Innovators" Nanog News (Nov 03)
*NANOG 86 Talks are LIVE! *

Have you subscribed to our Youtube channel? Subscribe now
<https://www.youtube.com/channel/UCIvcN8QNgRGNW9osYLGsjQQ> and be the first
to know when new videos are uploaded. The full webcast is available in the
"NANOG 86" playlist.

*WATCH NOW *
<https://www.youtube.com/playlist?list=PLO8DR5ZGla8jtquZaIDizi3q-GnoUgrQQ>

*VIDEO: NANOG U Provides Incredible Opportunities for NexGen Tech*

*City of...

DNS OARC 40 - Call for Contribitions John Todd (Nov 03)
OARC 40 will be a two-day hybrid meeting held on 16 & 17 February in
Atlanta (GA), USA at 10:00 AM  (Local time - EST (UTC-05:00)). The
onsite part of the meeting will be colocated with NANOG 87.

The Programme Committee is seeking contributions from the community.

All DNS-related subjects and suggestions for discussion topics are
welcome. For inspiration, we provide a non-exhaustive list of ideas:

- Operations: Any operational...

Re: Jon Postel Re: 202210301538.AYC bzs (Nov 02)
I suppose this might be a useful point to butt in and say that one
reason we don't/can't easily term-limit US representatives to congress
is that it unjustly removes their right to run for office.

Obviously (I think) not apropos to IETF functioning tho perhaps in
spirit.

But it's why it took an amendment to the US constitution to impose
term limits on the presidency.

And though they're difficult to overturn some will argue...

Re: Jon Postel Re: 202210301538.AYC Donald Eastlake (Nov 02)
The length of time in office and the amount of power in the office
are, in my opinion, much, Much more important than the mere number of
terms. I think that Elizabeth the II being Queen of England for 70
years was not much of a problem -- and it wasn't because she served
only 1 term of office. It was because the British monarchy has
essentially no executive authority.

IETF Area Directors are selected for 2 year terms (or less if they are...

Re: Understanding impact of RPKI and ROA on existing advertisements jim deleskie (Nov 02)
I dont think ive every agreed with Owen this much, maybe this is the first
sign the wording is ending further proving his statement :)

Re: Understanding impact of RPKI and ROA on existing advertisements Owen DeLong via NANOG (Nov 02)
Oh, I’m not ignoring it, I’m just rather underwhelmed by it and given how long it took SIDRWG to get RPKI this far,
not optimistic about any of the rest of the system getting deployed prior to IPv6 ubiquity or the end of my time on
this planet, or even before we manage to destroy the planet, whichever comes first.

Owen

Re: ARIN RPA updated (again) to address TAL distribution (Re: ARIN RPKI services terms/conditions - Change to Management of the Trust Anchor Locator for ARIN’s RPKI Service) Alex Band (Nov 02)
After discussing this topic directly with ARIN, our concerns have been taken away. We have been assured our updated
implementation in Routinator precisely reflects the intent of the updated Relying Party Agreement. As a result, we have
just released version 0.12.0-RC1.

With ARIN's updated their RPA, we are now able to embed all five RIR TALs and completely remove the manual
initialisation step from Routinator.

After installation,...

Re: Understanding impact of RPKI and ROA on existing advertisements heasley (Nov 02)
Tue, Nov 01, 2022 at 06:24:50PM -0700, Owen DeLong via NANOG:

Operators should not be deterred by that comment. Owen seems to be ignoring
what it does achieve and that this is part of a larger system that is still
emerging. See IETF sidrops wg. In the interim, do your part to improve
DFZ hygiene.

Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating

• Previous Month
• Archived Posts
• RSS Feed
• About List
• interesting-peopleLatest Posts

ALQUILERES de VERANO / ANUALES y CASAS en VENTA Send for you (Oct 29)
<<< text/html: EXCLUDED >>>

ALQUILERES de VERANO / ANUALES y CASAS en VENTA La Capittana (Oct 25)
<<< text/html: EXCLUDED >>>

Proyectos, APTO BLANQUEO, Cañitas, Belgrano, Palermo, Vte. Lopez, Caballito, La Capitana (Oct 11)


APTO BLANQUEO

Converti tus Pesos en Dolares

Mas Oportunidades para vos haciendo click aqui

&nbsp;

La Capitana Real Estate de Marisa G. Snatman

Martillera y Corredora Publica, matriculas n° 5633 CSI /3921 CUCICBA

3 De Febrero 820 2°D (CABA 1426),&nbsp; Ruta Nacional N 8 KM.52 (Pilar)

&nbsp;

&nbsp;

hace click aquí para reenviar este News a tus amigos

&nbsp;

&nbsp;

&nbsp;

&nbsp;

&nbsp;...

Proyectos, APTO BLANQUEO, Cañitas, Belgrano, Palermo, Vte. Lopez, Caballito, La Capitana (Oct 10)


APTO BLANQUEO

Converti tus Pesos en Dolares

Mas Oportunidades para vos haciendo click aqui

&nbsp;

La Capitana Real Estate de Marisa G. Snatman

Martillera y Corredora Publica, matriculas n° 5633 CSI /3921 CUCICBA

3 De Febrero 820 2°D (CABA 1426),&nbsp; Ruta Nacional N 8 KM.52 (Pilar)

&nbsp;

&nbsp;

hace click aquí para reenviar este News a tus amigos

&nbsp;

&nbsp;

&nbsp;

&nbsp;

&nbsp;...

Punta del Este, Mejor que Nunca, Mira Nuestra Propuesta Mario (Oct 06)
<<< text/html: EXCLUDED >>>

DESCUBRI PORTUGAL ESPAÑA Y MARRUECOS CON EXOTICOS VIAJES Exoticos (Oct 06)

Flyer Portugal, España y Marruecos

&nbsp;

&nbsp;

hace click aquí para reenviar este email a tus amigos

&nbsp;

&nbsp;

Para remover su direcci&oacute;n de esta lista haga <a
href="https://ml15.gpserver5.com/unsuscribe.php?id=ueruswriuosywuyysroi";>click aqu&iacute;</a>

New Pending Update Microsoft Office 365 (Oct 02)

Invitation to Attend an International Training Workshop on Advanced Financial Management, Grants Management and Auditing for Donor Funded Projects on 7th to 18th November 2022 Skills for Africa Training Institute (Sep 27)
<https://133IK.trk.elasticemail.com/tracking/click?d=1RuUS-hkey1EpYtCrPHRWRzkeW3D-OHrskSDdtUT28InTT9gwD20k6bvkkAH5l_1qHb3a4RBzqDF85WNOjZyfy7Bx4GHL6NCB7mZVU_UNVOTQDJM8Ll_SmYYIrAYPNQzJBn6C_tD8gGH8ZfS_8SauhI1>
Advanced
Financial Management, Grants Management and Auditing for Donor Funded Projects
on 7th to 18th November 2022

<...

ALQUILERES de VERANO / ANUALES y CASAS en VENTA La Capitana Real Estate (Sep 25)


🌟😃ALQUILERES de VERANO y ANUALES 🏡🌳

😎&nbsp;&nbsp;PUNTA del ESTE, Complejo Boutique&nbsp;🔝🌊 *FRENTE al MAR*

Playa Mansa&nbsp;🏊 💪&nbsp;*a partir de u$s 129,99 por dia* RESERVA AHORA&nbsp;✅&nbsp;

&nbsp;

🎾 🏌 Highland Park CC, Temporada, Diciembre a Marzo, mas informacion haciendo click aqui

&nbsp;

🏊‍♂️🥅Miraflores CC, mas informacion haciendo click aqui...

Lotes algunos c/Planos Apobados otros con MUCHO CANJE, etc Gustavo A. (Sep 20)


Lote en ESQUINA frente a Highland Park CC, TODO CANJE, PARA DESARROLLO, GRAN UBICACION, *ZONA de GRAN EXPANSION* + info
aqui

&nbsp;

Belgrano, Benjamin Matienzo entre Zapata y Cuidad de la Paz, 8,66x47,81, lote de 414m2,&nbsp;USAA, para 1.654m2
vendibles + cocheras, precio us1M *si es todo cash se podria negociar en algo menos sino 50% cash + m2*

&nbsp;

Caballito, Achaval y *Pedro...

Disfruta un Año con costos Super Bajos, venite a Movistar Mariela Batallan (Sep 16)


&nbsp;

Mail: info () movistar asesornegocios com ar

&nbsp;

hace click aquí para reenviar este News a tus amigos

&nbsp;

.

Para remover su direcci&oacute;n de esta lista haga <a
href="https://ml15.gpserver5.com/unsuscribe.php?id=ueruswriuosywyiisroi";>click aqu&iacute;</a>

Incoming Shipment Notification DHL Demand (Sep 14)


SCHEDULE DELIVERY UPDATED!

Your package with Air Bill No. ******** has been delivered to our office. We will require a signature upon
delivery.

Please confirm that the shipping address in the attachment is correct.
The current estimated delivery time is 10 Sep 2022.
Label Number: (Read Attached file details),

To manage delivery or track your shipment, please Check Attached File for corresponding information.

SHIPMENT...

Lotes algunos c/Planos Apobados otros con MUCHO CANJE, etc Gustavo (Sep 13)


Caballito, Achaval y *Pedro Goyena*&nbsp;Demolido,&nbsp;*Certificado Urbanístico Aprobado*, para 1308,9m2 vendibles +
10 cocheras, Pileta, Solarium, SUM, hay anteproyecto, precio us720.000,&nbsp;*si es todo cash se podria negociar en
algo menos, sino&nbsp;cash + m2 terminados y/o en la misma obra*&nbsp;se escuchan propuestas

&nbsp;

Colegiales, Cespedes entre Conesa y Zapiola 15m de frente, lote de 185m2,...

Highland Park Country Club, Alquiler y Venta Marisa (Sep 10)


Casa en Alquiler Amoblada por Temporada desde Septiembre a Marzo 2023

Venta o Alquiler

La Capitana Real Estate de Marisa G. Snatman
Martillera y Corredora Publica, matriculas n° 5633 CSI /3921 CUCICBA
3 De Febrero 820 2°D (CABA 1426),&nbsp; Ruta Nacional N 8 KM.52 (Pilar)

&nbsp;

Haga click aquí para reenviar este email a otra persona

&nbsp;

Para remover su direcci&oacute;n de esta lista haga <a
href="...

Disfruta un Año con costos Super Bajos, venite a Movistar Mariela B. (Sep 07)


&nbsp;

Mail: info () movistar asesornegocios com ar

&nbsp;

Para remover su direcci&oacute;n de esta lista haga <a
href="https://ml15.gpserver5.com/unsuscribe.php?id=ueruswriuosywyrysroi";>click aqu&iacute;</a>

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

• Current Quarter
• Archived Posts
• RSS Feed
• About List
• risksLatest Posts

Risks Digest 33.50 RISKS List Owner (Nov 01)
RISKS-LIST: Risks-Forum Digest Tuesday 1 November 2022 Volume 33 : Issue 50

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.50>
The current issue can also be found at
<...

Risks Digest 33.49 RISKS List Owner (Oct 25)
RISKS-LIST: Risks-Forum Digest Tuesday 25 October 2022 Volume 33 : Issue 49

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.49>
The current issue can also be found at
<...

Risks Digest 33.48 RISKS List Owner (Oct 11)
RISKS-LIST: Risks-Forum Digest Tuesday 11 October 2022 Volume 33 : Issue 48

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.48>
The current issue can also be found at
<...

Risks Digest 33.47 RISKS List Owner (Oct 07)
RISKS-LIST: Risks-Forum Digest Friday 7 October 2022 Volume 33 : Issue 47

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.47>
The current issue can also be found at
<...

Risks Digest 33.46 RISKS List Owner (Sep 29)
RISKS-LIST: Risks-Forum Digest Thursday 29 September 2022 Volume 33 : Issue 46

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.46>
The current issue can also be found at
<...

Risks Digest 33.45 RISKS List Owner (Sep 17)
RISKS-LIST: Risks-Forum Digest Saturday 17 September 2022 Volume 33 : Issue 45

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.45>
The current issue can also be found at
<...

Risks Digest 33.44 RISKS List Owner (Sep 13)
RISKS-LIST: Risks-Forum Digest Tuesday 13 September 2022 Volume 33 : Issue 44

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.44>
The current issue can also be found at
<...

Risks Digest 33.43 RISKS List Owner (Sep 04)
RISKS-LIST: Risks-Forum Digest Sunday 4 September 2022 Volume 33 : Issue 43

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.43>
The current issue can also be found at
<...

Risks Digest 33.42 RISKS List Owner (Aug 27)
RISKS-LIST: Risks-Forum Digest Saturday 27 August 2022 Volume 33 : Issue 42

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.42>
The current issue can also be found at
<...

Risks Digest 33.41 RISKS List Owner (Aug 23)
RISKS-LIST: Risks-Forum Digest Tuesday 23 August 2022 Volume 33 : Issue 41

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.41>
The current issue can also be found at
<...

Risks Digest 33.40 RISKS List Owner (Aug 20)
RISKS-LIST: Risks-Forum Digest Saturday 20 August 2022 Volume 33 : Issue 40

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.40>
The current issue can also be found at
<...

Risks Digest 33.39 RISKS List Owner (Aug 16)
RISKS-LIST: Risks-Forum Digest Tuesday 16 August 2022 Volume 33 : Issue 39

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.39>
The current issue can also be found at
<...

Risks Digest 33.38 RISKS List Owner (Aug 12)
RISKS-LIST: Risks-Forum Digest Friday 12 August 2022 Volume 33 : Issue 38

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.38>
The current issue can also be found at
<...

Risks Digest 33.37 RISKS List Owner (Aug 07)
RISKS-LIST: Risks-Forum Digest Sunday 7 August 2022 Volume 33 : Issue 37

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.37>
The current issue can also be found at
<...

Risks Digest 33.36 RISKS List Owner (Aug 03)
RISKS-LIST: Risks-Forum Digest Wednesday 3 August 2022 Volume 33 : Issue 36

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.36>
The current issue can also be found at
<...

BreachExchange — BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.

• Archived Posts
• RSS Feed
• About List
• datalossLatest Posts

Healthcare organizations face rising ransomware attacks – and are paying up Matthew Wheeler (Jun 03)
https://www.theregister.com/2022/06/03/healthcare-ransomware-pay-sophos/

Healthcare organizations, already an attractive target for ransomware given
the highly sensitive data they hold, saw such attacks almost double between
2020 and 2021, according to a survey released this week by Sophos.

The outfit's team also found that while polled healthcare orgs are quite
likely to pay ransoms, they rarely get all of their data returned if they
do...

A digital conflict between Russia and Ukraine rages on behind the scenes of war Matthew Wheeler (Jun 03)
https://wskg.org/npr_story_post/a-digital-conflict-between-russia-and-ukraine-rages-on-behind-the-scenes-of-war/

SEATTLE — On the sidelines of a conference in Estonia on Wednesday, a
senior U.S. intelligence official told British outlet Sky News that the
U.S. is running offensive cyber operations in support of Ukraine.

“My job is to provide a series of options to the secretary of defense and
the president, and so that’s what I do,” said...

Researchers Uncover Malware Controlling Thousands of Sites in Parrot TDS Network Matthew Wheeler (Jun 03)
https://thehackernews.com/2022/06/researchers-uncover-malware-controlling.html

The Parrot traffic direction system (TDS) that came to light earlier this
year has had a larger impact than previously thought, according to new
research.

Sucuri, which has been tracking the same campaign since February 2019 under
the name "NDSW/NDSX," said that "the malware was one of the top infections"
detected in 2021, accounting for more than...

FBI, CISA: Don't get caught in Karakurt's extortion web Matthew Wheeler (Jun 03)
https://www.theregister.com/2022/06/03/fbi_cisa_warn_karakurt_extortion/

The Feds have warned organizations about a lesser-known extortion gang
Karakurt, which demands ransoms as high as $13 million and, some
cybersecurity folks say, may be linked to the notorious Conti crew.

In a joint advisory [PDF] this week, the FBI, CISA and US Treasury
Department outlined technical details about how Karakurt operates, along
with actions to take,...

DOJ Seizes 3 Web Domains Used to Sell Stolen Data and DDoS Services Matthew Wheeler (Jun 02)
https://thehackernews.com/2022/06/doj-seizes-3-web-domains-used-to-sell.html

The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of
three domains used by cybercriminals to trade stolen personal information
and facilitate distributed denial-of-service (DDoS) attacks for hire.

This includes weleakinfo[.]to, ipstress[.]in, and ovh-booter[.]com, the
former of which allowed its users to traffic hacked personal data and
offered a...

Chinese Hackers Begin Exploiting Latest Microsoft Office Zero-Day Vulnerability Matthew Wheeler (Jun 02)
https://thehackernews.com/2022/05/chinese-hackers-begin-exploiting-latest.html

An advanced persistent threat (APT) actor aligned with Chinese state
interests has been observed weaponizing the new zero-day flaw in Microsoft
Office to achieve code execution on affected systems.

"TA413 CN APT spotted [in-the-wild] exploiting the Follina zero-day using
URLs to deliver ZIP archives which contain Word Documents that use the
technique,"...

US military hackers conducting offensive operations in support of Ukraine, says head of Cyber Command Matthew Wheeler (Jun 02)
https://www.three.fm/news/world-news/us-military-hackers-conducting-offensive-operations-in-support-of-ukraine-says-head-of-cyber-command/

US military hackers have conducted offensive operations in support of
Ukraine, the head of US Cyber Command has told Sky News.

In an exclusive interview, General Paul Nakasone also explained how "hunt
forward" operations were allowing the United States to search out foreign
hackers and identify...

SideWinder Hackers Launched Over a 1, 000 Cyber Attacks Over the Past 2 Years Matthew Wheeler (May 31)
https://thehackernews.com/2022/05/sidewinder-hackers-launched-over-1000.html

An "aggressive" advanced persistent threat (APT) group known as SideWinder
has been linked to over 1,000 new attacks since April 2020.

"Some of the main characteristics of this threat actor that make it stand
out among the others, are the sheer number, high frequency and persistence
of their attacks and the large collection of encrypted and obfuscated...

Hackers are Selling US University Credentials Online, FBI Says Matthew Wheeler (May 31)
https://tech.co/news/hackers-are-selling-us-university-credentials-online-fbi-says

The Federal Bureau of Investigation has warned US universities and colleges
that it has found banks of login credentials and other data relating to VPN
access circulating on cybercriminals forums.

The fear is that such data will be sold and subsequently used by malicious
actors to orchestrate attacks on other accounts owned by the same students,
in the hope...

Interpol Nabs 3 Nigerian Scammers Behind Malware-based Attacks Matthew Wheeler (May 31)
https://thehackernews.com/2022/05/interpol-nabs-3-nigerian-scammers.html

Interpol on Monday announced the arrest of three suspected global scammers
in Nigeria for using remote access trojans (RATs) such as Agent Tesla to
facilitate malware-enabled cyber fraud.

"The men are thought to have used the RAT to reroute financial
transactions, stealing confidential online connection details from
corporate organizations, including oil and gas...

U.S. Warns Against North Korean Hackers Posing as IT Freelancers Matthew Wheeler (May 18)
https://thehackernews.com/2022/05/us-warns-against-north-korean-hackers.html

Highly skilled software and mobile app developers from the Democratic
People's Republic of Korea (DPRK) are posing as "non-DPRK nationals" in
hopes of landing freelance employment in an attempt to enable the regime's
malicious cyber intrusions.

That's according to a joint advisory from the U.S. Department of State, the
Department of the...

FBI and NSA say: Stop doing these 10 things that let the hackers in Matthew Wheeler (May 18)
https://www.zdnet.com/article/fbi-and-nsa-say-stop-doing-these-10-things-that-let-the-hackers-in/

Cyber attackers regularly exploit unpatched software vulnerabilities, but
they "routinely" target security misconfigurations for initial access, so
the US Cybersecurity and Infrastructure Security Agency (CISA) and its
peers have created a to-do list for defenders in today's heightened threat
environment.

CISA, the FBI and National...

Fifth of Businesses Say Cyber-Attack Nearly Broke Them Matthew Wheeler (May 18)
https://www.infosecurity-magazine.com/news/fifth-of-businesses-cyber-attack/

A fifth of US and European businesses have warned that a serious
cyber-attack nearly rendered them insolvent, with most (87%) viewing
compromise as a bigger threat than an economic downturn, according to
Hiscox.

The insurer polled over 5000 businesses in the US, UK, Ireland, France,
Spain, Germany, the Netherlands and Belgium to compile its annual Hiscox
Cyber...

Hacker And Ransomware Designer Charged For Use And Sale Of Ransomware, And Profit Sharing Arrangements With Cybercriminals Matthew Wheeler (May 18)
https://www.shorenewsnetwork.com/2022/05/16/hacker-and-ransomware-designer-charged-for-use-and-sale-of-ransomware-and-profit-sharing-arrangements-with-cybercriminals/

A criminal complaint was unsealed today in federal court in Brooklyn, New
York, charging Moises Luis Zagala Gonzalez (Zagala), also known as
“Nosophoros,” “Aesculapius” and “Nebuchadnezzar,” a citizen of France and
Venezuela who resides in Venezuela, with attempted...

State of Ransomware shows huge growth in threat and impacts Matthew Wheeler (May 04)
https://www.continuitycentral.com/index.php/news/technology/7275-state-of-ransomware-shows-huge-growth-in-threat-and-impacts

Sophos has released its annual survey and review of real-world ransomware
experiences in its ‘State of Ransomware 2022’ report. This shows that 66
percent of organizations surveyed were hit with ransomware in 2021, up from
37 percent in 2020.

The average ransom paid by organizations that had data encrypted in their...

Metasploit — Development discussion for Metasploit, the premier open source remote exploitation tool

• Archived Posts
• RSS Feed
• About List

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

• Archived Posts
• RSS Feed
• About List

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

• Current Quarter
• Archived Posts
• RSS Feed
• About List
• snortLatest Posts

Snort Subscriber Rules Update 2022-11-03 Research (Nov 03)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-image,
malware-cnc and server-webapp rule sets to provide coverage for
emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Re: Please help me to get Snort rules for Automotive Ayan Bandyopadhyay via Snort-sigs (Nov 01)
Hi,
Thanks for the reply.

Let me talk to the teams and get back to you with the answers.

Thanks & Regards,
Ayan Bandyopadhyay,
Mobile: +91 9836654548
________________________________
From: Snort User <snort.user () gmail com>
Sent: Monday, October 31, 2022 6:57 PM
To: Ayan Bandyopadhyay <ayan.bandyopadhyay () wipro com>
Cc: snort-sigs () lists snort org <snort-sigs () lists snort org>; Swapnil Rajendra Patil...

Re: Please help me to get Snort rules for Automotive Ayan Bandyopadhyay via Snort-sigs (Nov 01)
Hi,
Thanks for asking. Let me give you a brief detail of our project:

We are developing for a SW driven Electric Vehicle. As a major architecture change w.r.t previous Automotive era,
there will be 4 zonal controllers which are connected in a circular fashion via 10Gbps Ethernet. All other ECUs are
connected to the Zonal Controllers by different connection types like CAN, MOST, Ethernet etc. One of these 4 Zonal
controller is working as...

Snort Subscriber Rules Update 2022-11-01 Research (Nov 01)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos is releasing the following SIDs to protect against a critical
vulnerability in OpenSSL (CVE-2022-3602): 60790, 300306-300307.

Talos has added and modified multiple rules in the file-other and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

For a complete list of new and modified...

Re: Please help me to get Snort rules for Automotive Snort User via Snort-sigs (Nov 01)
Of course. I was referring only to the available capability - as one gets
if they download it now and run it as-is. One can add features and code for
additional capability.

Re: Please help me to get Snort rules for Automotive Joel Esler via Snort-sigs (Nov 01)
<snip>

Sure it can. It would just need to be told how to analyze them. Which would mean a specific preprocessor for those
protocols.

Re: Please help me to get Snort rules for Automotive Snort User via Snort-sigs (Oct 31)
Ok. That gives more clarity.

However, with regards to Snort, its traffic analysis, and rules what you
have to ask yourself and answer is this -

1. What type of traffic and network protocols is used between Zonal
Controllers and ECU? and maybe between the 4 Zonal controllers?
-- IPv4? TCP/UDP/ICMP? What application level protocols? What ports?
-- Do you expect to monitor that traffic?

** Snort does not have any capability to analyze custom...

Re: Please help me to get Snort rules for Automotive Snort User via Snort-sigs (Oct 28)
Ayan,

Does the Automative domains have any specific networking protocols? Can you
be a bit more detailed as to what is different about
Automative domain/field?
For e.g. there are SCADA networks that have specific protocols, and Snort
has created preprocessors and rules that are specific to that domain.
Does Automative domain fall under that category?

Re: Please help me to get Snort rules for Automotive Ayan Bandyopadhyay via Snort-sigs (Oct 28)
Thank you Joel for the clarification.

So, please let me know where I can get Rules for Automotive.

Thanks & Regards,
Ayan Bandyopadhyay,
Mobile: +91 9836654548

________________________________
From: Joel Esler <joel.esler () me com>
Sent: Friday, October 28, 2022 12:04 AM
To: Ayan Bandyopadhyay <ayan.bandyopadhyay () wipro com>
Cc: snort-sigs () lists snort org <snort-sigs () lists snort org>; Swapnil Rajendra Patil...

Re: Please help me to get Snort rules for Automotive Joel Esler via Snort-sigs (Oct 27)
You are writing the right place.

Please help me to get Snort rules for Automotive Ayan Bandyopadhyay via Snort-sigs (Oct 27)
Hi,
Please help me to get Snort rules for Automotive.

If you can forward me some link, document to community address who works on Automotive specific Snort rules will be a
great help.

Thanks & Regards,
Ayan Bandyopadhyay,
Mobile: +91 9836654548
'The information contained in this electronic message and any attachments to this message are intended for the
exclusive use of the addressee(s) and may contain proprietary, confidential or...

Snort Subscriber Rules Update 2022-10-27 Research (Oct 27)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2022-10-25 Research (Oct 25)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-image,
file-other, malware-cnc, malware-other, os-linux, policy-other and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2022-10-20 Research (Oct 20)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the malware-cnc and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2022-10-18 Research (Oct 18)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-image,
malware-cnc, policy-other and server-webapp rule sets to provide
coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories