SecLists.Org Security Mailing List Archive

Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:

Insecure.Org Lists

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

[sparc64] nmap.git sigbus on a recent change Anatoly Pugachev (Nov 09)
Hello!

Could someone please look at this issue
https://github.com/nmap/nmap/issues/2173

Thanks.

Re: NSE script contribution - dkron-discovery Ícaro Torres (Nov 04)
Hello David,

Sorry for the delay, I only was able to see the code right now, thanks a
lot for the revision and tips. Follows attached the new version of the
script.

Best regards.

Em qua., 4 de nov. de 2020 às 13:28, David Fifield <david () bamsoftware com>
escreveu:

Re: NSE script contribution - dkron-discovery David Fifield (Nov 04)
Hi, thanks for this contribution. Here is some quick review.

-- @args dkron-discovery.path The URL path to request. The default path is "/".
local http_response = http.get(host, port, "/dashboard")

The doc comment doesn't match the code, and dkron-discovery.path is not
used.

if string.match(http_response.rawbody, "Dkron %d.%d.%d") then
dkron_version = string.match(http_response.rawbody,...

--script=ssl-cert | deviation of results Christoph Gruber (Nov 04)
Hi!

Running on debian
me@my:~$ nmap legacy.ppro.com --script ssl-cert
Starting Nmap 7.80 ( https://nmap.org ) at 2020-11-04 13:41 CET
Nmap scan report for legacy.ppro.com (54.77.199.142)
Host is up (0.043s latency).
rDNS record for 54.77.199.142: ec2-54-77-199-142.eu-west-1.compute.amazonaws.com
Not shown: 998 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
| ssl-cert: Subject: commonName=legacy.ppro.com
| Subject...

NSE script contribution - dkron-discovery Ícaro Torres (Nov 04)
Hello,

I would like to contribute with the NSE script dkron-discovery. It will
look for the URI "/dashboard" in the port 8080 of the host running dKron
service, and if this is available it will grab the installed version.

description = [[
Dkron is a system service for workload automation that runs scheduled jobs,
just like the cron unix service but distributed in several machines in a
cluster. Default TCP port is 8080.
]]

This could...

Re: Nmap trouble Daniel Miller (Oct 31)
Hello, and thank you for reporting this. This issue was also reported on
our issue tracker here: https://issues.nmap.org/2157

We have added a fix for the crash issue, but there may be additional
problems which will prevent you from running Nmap within Zenmap, namely the
UnicodeDecodeError mentioned in the traceback. Please let us know if you
have further problems.

Dan

Nmap trouble 권세인 (Oct 22)
Hi! I'm nmap user from Korea.
I'm having trouble using nmap and pop-up message tell me sending email to you.
Please fix this problem! thanks :)

Version: 7.91
Traceback (most recent call last):
File "zenmapGUI\ScanInterface.pyo", line 389, in start_scan_cb
File "zenmapGUI\ScanInterface.pyo", line 516, in execute_command
TypeError: coercing to Unicode: need string or buffer, exceptions.UnicodeDecodeError found

Problems with WlanHelper santiago montoto (Oct 22)
Hello,

I installed Wireshark and latest version of Npcap with Support raw 802.11 traffic option checked. I try to to select
Monitor Mode in Wireshark for my WiFi but it was not possible. Then I tried to run WlanHelper with (administrative
privileges) and it says that wlanhelper is not recognized as internal or external command, operable program or batch...
I am using instructions of the following website:...

Re: nping --ipv6 source determination Artem Egorenkov (Oct 15)
I can believe you guys are extremely busy, no pressure here.
Just wanted to make sure you are aware of the existence of this PR.

Take your time and thank you for your hard work! :)

Thanks,
Artem

Re: nping --ipv6 source determination Gordon Fyodor Lyon (Oct 14)
Thanks for the reminder, Artem. We spent a long time super-focused on
Npcap since that's such a critical part of Nmap. But this put us behind a
lot of other Nmap "maintenance" (like reviewing pull requests and
organizing issues and integrating OS/service fingerprint updates). We're
working on that backlog now.

Cheers,
Fyodor

[no subject] 971770054 (Oct 14)
Version: 7.91
Traceback (most recent call last):
  File "zenmapGUI\ScanInterface.pyo", line 389, in start_scan_cb
  File "zenmapGUI\ScanInterface.pyo", line 516, in execute_command
TypeError: coercing to Unicode: need string or buffer, exceptions.UnicodeDecodeError found_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at...

Re: Scan fails - Win10 1909, nmap 7.90, npcap 1.00 Kurt Buff, GSEC/GCIH/PCIP (Oct 14)
Zounds!

Looks as if 7,91 has fixed my problem - I'm currently running an intense
scan via zenmap against a /24, and it hasn't faulted.

Thanks you, nmap devs.

Kurt

Scan fails - Win10 1909, nmap 7.90, npcap 1.00 Kurt Buff, GSEC/GCIH/PCIP (Oct 14)
Scan:
nmap -T4 -A -v 10.5.0.0/24

Fails with:
Assertion failed: ch1->index == ch1_idx, file src\gh_heap.c, line 148

Ran this through zenmap.

Machine is Dell Latitude 5400 on a Dell USB C docking station, which has a
Realtek USB GbE family NIC.

If there's any other data I can provide, please let me know.

Thanks,

Kurt

npcap blocking DHCP from getting IP address Jair Gabriel Filho (Oct 13)
Hi.
I´m facing a problem since npcap 0.9997 (and 1.0 too).
The network card can not get an ip address from DHCP, since the server seem
too be too slow for that.
It is a similar problem with "Cisco portfast" not enabled in their switches
ports.
I am using Windows 10 Pro.
Every time I turn the machine on, there is no network address.
When I disable the network card and then enable it, it is solved.
When I disable npacp (using 1.0 now but...

NSE script contribution - docker-api-exposed Ícaro Torres (Oct 12)
Hello,

I would like to contribute with the NSE script docker-api-exposed. It will
look for the URI "/containers/json" in the port 2375 of the host and show
the JSON content announced by the Docker API.

This could help pentesters or blue/purple teams to work with this kind of
exposure.

Best Regards.

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.

Nmap 7.91 Bugfix Release Gordon Fyodor Lyon (Oct 14)
Hello everyone. I'm glad Nmap 7.90 was so well received! There were so
many improvements that the official announcement (
https://seclists.org/nmap-announce/2020/1) was a bit unwieldy. So Daniel
Miller (who made most of those changes) Tweeted his top highlights at
https://twitter.com/bonsaiviking/status/1313247253197393920

While we do work hard to avoid bugs during development and to catch them
pre-release through continuous integration...

Nmap 7.90 Released! First release since August 2019. Gordon Fyodor Lyon (Oct 03)
Hello everyone. Hot on the heels of the big Npcap 1.00 release (
https://seclists.org/nmap-announce/2020/0), we're delighted to announce a
new Nmap--version 7.90! It's the first Nmap release since Defcon 2019, even
though we've made 16 Npcap releases since then. Raw packets are so
fundamental to Nmap that we really wanted to get it right. With the
production-ready and highly performant Npcap 1.00 driver included, we can
finally...

Npcap 1.00 was just released and a new Nmap is on the way! Gordon Fyodor Lyon (Sep 28)
Hello everyone. I hope you are all safe and well during this nasty
pandemic. I obviously haven't been wearing my marketing hat enough given
that this is my first mail to the Nmap Announcement list since last
August's Nmap 7.80 release. But we've been heads-down programming since
then and have great news to report!

The biggest news is that, after more than 7 years of development and 170
previous public releases, we're...

Nmap Defcon Release! 80+ improvements include new NSE scripts/libs, new Npcap, etc. Gordon Fyodor Lyon (Aug 10)
Fellow hackers,

I'm here in Las Vegas for Defcon and delighted to release Nmap 7.80. It's
the first formal Nmap release in more than a year, and I hope you find it
worth the wait!

The main reason for the delay is that we've been working so hard on our
Npcap Windows packet capturing driver. As many of you know, Windows Nmap
traditionally depended on Winpcap for packet capture. That is great
software, but it has been...

Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

Other Excellent Security Lists

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

Defense in depth -- the Microsoft way (part 62): Windows shipped with end-of-life components Stefan Kanthak (Feb 25)
Hi @ll,

since Microsoft Server 2003 R2, Microsoft dares to ship and install the
abomination known as .NET Framework with every new version of Windows.

Among other components current versions of Windows and .NET Framework
include

C# compiler (C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe,
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe)
J# compiler (C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe,...

Local information disclosure in OpenSMTPD (CVE-2020-8793) Qualys Security Advisory (Feb 25)
Qualys Security Advisory

Local information disclosure in OpenSMTPD (CVE-2020-8793)

==============================================================================
Contents
==============================================================================

Summary
Analysis
Exploitation
POKE 47196, 201
Acknowledgments

==============================================================================
Summary...

LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) Qualys Security Advisory (Feb 25)
Qualys Security Advisory

LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)

==============================================================================
Contents
==============================================================================

Summary
Analysis
...
Acknowledgments

==============================================================================
Summary...

[SECURITY] [DSA 4633-1] curl security update Alessandro Ghedini (Feb 25)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4633-1 security () debian org
https://www.debian.org/security/ Alessandro Ghedini
February 22, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : curl
CVE ID : CVE-2019-5436 CVE-2019-5481...

Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888) Jamie R (Feb 25)
I've quoted the Cisco summary below as it's pretty accurate.

tl;dr is an admin user on the web console can gain command execution
and then escalate to root. If this is an issue in your environment,
then please patch.

Thanks to Cisco PSIRT who were responsive and professional.

Shouts to Andrew, Dave and Senad, Pedro R - if that's still even a
thing on advisories.

Ref:...

[TZO-22-2020] Qihoo360 | GDATA | Rising | Command Generic Malformed Archive Bypass Thierry Zoller (Feb 24)

[TZO-16-2020] - F-SECURE Generic Malformed Container bypass (GZIP) Thierry Zoller (Feb 24)

[slackware-security] proftpd (SSA:2020-051-01) Slackware Security Team (Feb 20)
[slackware-security] proftpd (SSA:2020-051-01)

New proftpd packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/proftpd-1.3.6c-i586-1_slack14.2.txz: Upgraded.
No CVEs assigned, but this sure looks like a security issue:
Use-after-free vulnerability in memory pools during data transfer.
(* Security...

[SECURITY] [DSA 4628-1] php7.0 security update Moritz Muehlenhoff (Feb 19)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4628-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 18, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : php7.0
CVE ID : CVE-2019-11045 CVE-2019-11046...

[SECURITY] [DSA 4629-1] python-django security update Sebastien Delafond (Feb 19)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4629-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
February 19, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : python-django
CVE ID : CVE-2020-7471
Debian Bug...

[TZO-18-2020] - Bitdefender Malformed Archive bypass (GZIP) Thierry Zoller (Feb 18)

[TZO-17-2020] - Kaspersky Generic Archive Bypass (ZIP FLNMLEN) Thierry Zoller (Feb 18)

[SECURITY] [DSA 4626-1] php7.3 security update Moritz Muehlenhoff (Feb 18)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4626-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 17, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : php7.3
CVE ID : CVE-2019-11045 CVE-2019-11046...

[SECURITY] [DSA 4627-1] webkit2gtk security update Moritz Muehlenhoff (Feb 18)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4627-1 security () debian org
https://www.debian.org/security/ Alberto Garcia
February 17, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : webkit2gtk
CVE ID : CVE-2020-3862 CVE-2020-3864...

Web Application Firewall bypass via Bluecoat device RedTimmy Security (Feb 16)
Hi,
we have published a new post in our blog titled "How to hack a company by circumventing its WAF through the abuse of a
different security appliance and win bug bounties".

We basically have [ab]used a Bluecoat device behaving as a request forwarder to mask our malicious payload, avoid WAF
detection, hit an HTTP endpoint vulnerable to RCE and pop out a shell.

Full story is here:...

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

Deana Shick on INFILTRATE ONLINE Dave Aitel via Dailydave (Oct 30)
Happy Friday! For those of you who enjoy laughing at my video editing job
or want to learn about how big companies do vulnerability management "at
scale" or what the alternatives are to CVSS, we've recently published a new
fifteen minute video: https://vimeo.com/473562240 .

-dave

Things to Watch! Dave Aitel via Dailydave (Oct 19)
It's MONDAY, and I wanted to send over the shorts we did with Chris Eng and
Ben Edwards. I think there's a lot of value in a robust question and answer
session with paper authors. Too often papers are supposed to stand on their
own without any real discussion.

(PHP IS DOUBLE PLUS UNGOOD)
https://vimeo.com/457850389/373c907909

(CVSS, an INTRODUCTION TO FAIL)
https://vimeo.com/454453494/330060fbb2

(XXE)
https://vimeo.com/464273744...

Identity + Host Dave Aitel via Dailydave (Sep 21)
Recently Thomas Dullien wrote a blogpost
<http://addxorrol.blogspot.com/2020/07/the-missing-os.html> asking what the
OS of the future really looks like, considering the computer of the future
is a distributed mega-engine. I would, annoyingly, posit that the
algorithms that make sense to understand in that world are those already
implemented in the many species of social insects.

In that sense, I think there are things missing from his list...

R2 Browser Hacking Class Review Dave Aitel via Dailydave (Aug 13)
Sometimes we review books on this list, but I spent last week, for seven
days in a row, taking the R2-RingZer0-Amy-Burnett Browser Hacking
<https://ringzer0.training/advanced-browser-exploitation.html> class. But
before I do, I want to point out that 36 Minutes into this video (
https://vimeo.com/442583799) I ask Marco Ivaldi about what it's like to
switch from management back into the technical field. "It's hard, but...

Dino-VSS Dave Aitel via Dailydave (Aug 10)
[image: image.png]

Bistahieversor or MS08-067?

If you had to list out the problems with CVSS it would be like analyzing
the anatomical issues of a children's drawing. No part of it fits together
properly. Here's a problem: Scoring of threats is not one dimensional, and
numbers can't carry the whole story. We need a vulnerability scoring system
that's extensible, and programable.

But I have an alternative: Take each...

Re: [EXTERNAL] WAF Metrics Chuck McAuley via Dailydave (Jul 17)
Isn’t using a WAF an “investment in technology to stop constant attacks?”

-chuck
From: Greg Frazier <glfrazier () alum mit edu>
Date: Friday, July 17, 2020 at 3:46 PM
To: Don Ankney <dankney () hackerco de>
Cc: John Lampe <jlampe () tenable com>, Rafal Los <Rafal () ishackingyou com>, Chuck McAuley <chuck.mcauley () keysight
com>, "dailydave () lists aitelfoundation org" <dailydave () lists...

Re: [EXTERNAL] WAF Metrics Greg Frazier via Dailydave (Jul 17)
I'm not parsing your argument. If you knew the bug was there, you would fix
the bug. The WAF is there to mitigate the bugs that you are not aware of.
Further, web accesses that are out of scope of your intended functionality
but do not trigger a bug may be information gathering attacks that you
would, in hindsight, have wished your WAF had blocked. I would argue that
the WAF is not a stop-gap at all--it is an integral part of your...

Re: [EXTERNAL] WAF Metrics Don Ankney via Dailydave (Jul 15)
So far, this conversation focuses on how effectively WAFs block malicious HTTP requests. I'd argue that this is both a
red herring and an abuse of WAF technology. A WAF only protects the enterprise when it blocks a request that would
trigger an actual bug. If there's no bug present, all that's really happening is that likely malicious requests are
being logged at a much higher costs than if it were simply allowed to sit in the...

Re: [EXTERNAL] WAF Metrics Chuck McAuley via Dailydave (Jul 15)
This isn’t directly related to John’s observation below, but it got me motivated to further clarify some of the
challenges involved in testing WAFs.

I’ve seen many implementations over the years that try to determine the decision making process of an IPS, WAF, or
similar device by simply interrogating it from the client side only. The realities of test of measurement is that it
requires the user to implement both a client and server...

Re: [EXTERNAL] WAF Metrics John Lampe via Dailydave (Jul 13)
Yeah, I guess the way I would envision it going would be:

1) web app scanner sees XSS vuln on /path/to/foo.php
2) my integration ties that web app scan into a format to pass to WAF
3) WAF sets up anti-xss rules on /path/to/foo.php (we had to actually
create a static mapping for this step)
4) measure how many hits the waf blocks to that endpoint for the XSS

John

Re: WAF Metrics Chuck McAuley via Dailydave (Jul 13)
We’ve released a mid-pandemic product that is designed to test production deployed WAF’s by doing exactly what
@ranger_cha is describing.

It will run tests that include both known/existing attacks that a WAF should stop and common patterns that all WAF’s
should recognize and stop. Separately and clearly, so the use can see the impact of stopping both sets of assessments
separately.

https://www.ixiacom.com/products/threat-simulator

The...

WAFs: HTTP Desynchronization as a Metric Dave Aitel via Dailydave (Jul 13)
So one thing people don't have any scope of measuring - (maybe as a set
diagram finite states?) - is the difference between two parsers for the
same protocol. Ten years ago a lot of the security community had a
discussion about "LangSec <http://langsec.org/>" which turns out to have
been entirely correct in retrospect.

NCCGroup's recently released analysis of the F5 bug is a key example of
this principle in action:...

Re: [EXTERNAL] WAF Metrics Rafal Los via Dailydave (Jul 13)
John,
Can you expand on #2? How do you measure the number of attacks stifled?

_--
Rafal
_Mobile: (404) 606-6056
_Email: Rafal.Los@Seventy7.Consulting<mailto:Rafal.Los@Seventy7.Consulting>

From: John Lampe via Dailydave <dailydave () lists aitelfoundation org>
Reply-To: John Lampe <jlampe () tenable com>
Date: Saturday, July 11, 2020 at 9:52 PM
To: Dave Aitel <dave.aitel () gmail com>
Cc: "dailydave () lists...

Re: WAF Metrics Moses Frost via Dailydave (Jul 11)
I guess some of us who grew up mapping ports and protocols into their neat
buckets will need to live with that fact that everything will eventually
ride over a multiplexed 443 socket, just something to think about before
the rant.

TL;DR - The answer to your question about measurement and effectiveness is
going to come down: "how long before you can see what I'm doing".

WAF's are a rather complex beast, but I guess they do...

Re: [EXTERNAL] WAF Metrics John Lampe via Dailydave (Jul 11)
So, I recently did an integration for a company that took their web app
scanner results and mapped those to existing WAF rules. I can think of 2
metrics based off that

1) How many real-world vulns have a corresponding check in the WAF? and
2) Once the WAF rules have been put in place to protect actually-vulnerable
endpoints, how many attacks were actually stifled?

John

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

BHIS Sorta Top Used Tools of 2018 John - Black Hills Information Security (Dec 06)
Free Webcast

Hello all,

For our next webcast we will cover some of the core tools we use all the time at Black Hills Information Security.
However, there will be a twist. We will not talk about Nessus, Nmap, or Metasploit. Why? Because there are a ton of new
(and older) tools we use that fall outside of the standard tools you see in every security book/blog out there.

Basically, we are trying to be edgy and different.

You may want to come...

BHIS Webcast - Tues 10/2 @ 11am MDT John Strand - Black Hills Information Security (Sep 26)
Hello All,

In this next webcast I want to cover what I am doing with the BHIS Systems team to create a C2/Implant/Malware test
bed. Testing our C2/malware solutions is important because vendors tend to lie or over-hype their capabilities. I will
cross reference some different malware specimens to the MITRE ATT&CK framework and we will cover how you can use these
techniques to test your defensive solutions at both the endpoint and the...

BHIS Webcast: The PenTest Pyramid of Pain 9/4 - 11am MDT Sierra - Black Hills Information Security (Aug 29)
Hello!

How are you all? We had a fantastic webcast last week with John Strand and Chris Brenton and we're still working
through some unexpected hiccups to get the recording up and posted. The podcast version is on our blog, and the YouTube
version will be posted shortly on the Active Countermeasures channel and blog as well. Thanks for all of you who
ventured over to attend!

Ready for another awesome BHIS webcast? Dakota is back and...

Webcast with CJ: Tues 7/24 at 11am Sierra - Black Hills Information Security (Jul 19)
Our upcoming webcast will be about POLICY...

Did you check out when you heard “policy”? Policy can often seem like a drudgery, but it’s also an important and
potentially overlooked part of business and procedure; it’s the framework on which security is really built!

CJ, our COO and Head of Sales has experience writing, assessing and implementing policies for many different kinds of
companies. And if you are worried it will be dry and...

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

Microsoft Security Update Minor Revisions Microsoft (Dec 11)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: December 11, 2018
********************************************************************

Summary
=======

The following CVE has undergone a minor revision
increment:

* CVE-2018-8172

Revision Information:
=====================

- CVE-2018-8172 | Visual Studio Remote Code Execution
Vulnerability
-...

Microsoft Security Update Minor Revisions Microsoft (Nov 14)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: November 14, 2018
********************************************************************

Summary
=======

The following CVEs and advisory have undergone a minor revision
increment:

* CVE-2018-8454
* CVE-2018-8552
* ADV990001

Revision Information:
=====================

- CVE-2018-8454 | Windows Audio Service...

Microsoft Security Update Minor Revisions Microsoft (Oct 24)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 24, 2018
********************************************************************

Summary
=======

The following CVE has undergone a minor revision increment:

* CVE-2018-8512

Revision Information:
=====================

- CVE-2018-8512 | Microsoft Edge Security Feature Bypass
Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 19)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 19, 2018
********************************************************************

Summary
=======

The following CVE been added to the October 2018 Security updates:

* CVE-2018-8569

Revision Information:
=====================

- CVE-2018-8569 | Yammer Desktop Application Remote Code Execution
Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 17)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 17, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2010-3190

Revision Information:
=====================

- CVE-2010-3190 | MFC Insecure Library Loading Vulnerability
-...

Microsoft Security Update Minor Revisions Microsoft (Oct 09)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 9, 2018
********************************************************************

Summary
=======

The following CVE has undergone a minor revision increment:

* CVE-2018-8531

Revision Information:
=====================

- CVE-2018-8531 | Azure IoT Device Client SDK Memory Corruption
Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 09)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 9, 2018
********************************************************************

Summary
=======

The following CVE been added to the October 2018 Security updates:

* CVE-2018-8292

Revision Information:
=====================

- CVE-2018-8292 | .NET Core Information Disclosure Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 09)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 9, 2018
********************************************************************

Summary
=======

The following bulletin has undergone a major revision increment:

* MS11-025

Revision Information:
=====================

- https://docs.microsoft.com/en-us/security-updates/
SecurityBulletins/2011/ms11-025:...

Microsoft Security Update Summary for October 9, 2018 Microsoft (Oct 09)
********************************************************************
Microsoft Security Update Summary for October 9, 2018
Issued: October 9, 2018
********************************************************************

This summary lists security updates released for October 9, 2018.

Complete information for the October 2018 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>.

Please note the...

Microsoft Security Update Releases Microsoft (Oct 02)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 2, 2018
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment:

* CVE-2018-0952

Revision Information:
=====================

- CVE-2018-0952 | Diagnostic Hub Standard Collector Elevation of
Privilege Vulnerability
-...

Microsoft Security Advisory Notification Microsoft (Sep 12)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 12, 2018
********************************************************************

Security Advisories Released or Updated on September 12, 2018
===================================================================

* Microsoft Security Advisory ADV180022

- Title: Windows Denial of Service Vulnerability
-...

Microsoft Security Update Minor Revisions Microsoft (Sep 12)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: September 12, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a minor revision increment:

* CVE-2018-8421
* CVE-2018-8468

Revision Information:
=====================

- CVE-2018-8421 | .NET Framework Remote Code Execution
Vulnerability...

Microsoft Security Update Summary for September 11, 2018 Microsoft (Sep 11)
********************************************************************
Microsoft Security Update Summary for September 11, 2018
Issued: September 11, 2018
********************************************************************

This summary lists security updates released for September 11, 2018.

Complete information for the September 2018 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>....

Microsoft Security Update Releases Microsoft (Sep 11)
********************************************************************
Title: Microsoft Security Update Releases
Issued: September 11, 2018
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment:

* CVE-2018-8154

Revision Information:
=====================

- CVE-2018-8154 | Microsoft Exchange Memory Corruption
Vulnerability
-...

Microsoft Security Advisory Notification Microsoft (Sep 11)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 11, 2018
********************************************************************

Security Advisories Released or Updated on September 11, 2018
===================================================================

* Microsoft Security Advisory ADV180002

- Title: Guidance to mitigate speculative execution...

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

Verizon: 1.5M of Contact Records Stolen, Now on Sale Jeffrey Walton (Mar 26)
http://www.mobipicker.com/verizon-1-5m-contact-records-stolen-now-sale/:

A business to business telecommunication giant,
Verizon Enterprise Solutions, a Basking Ridge,
New Jersey-based company, has been the latest
victim of a cyber crime that stole 1.5 million contact
records of the customers of Verizon...

I don't quite understand this double talk. Could someone explain to me:

A spokesperson from Verizon said that...

Statement on Lavabit Citation in Apple Case Jeffrey Walton (Mar 16)
(From John Young on another list):
http://www.facebook.com/KingLadar/posts/10156714933135038

As many of you already know, the government cited the Lavabit case in
a footnote. The problem is their description insinuates a precedent
that was never created. Obviously I was somewhat disturbed by their
misrepresentation. So I decided to draft a statement. And keep in
mind, these are the same people who say "trust us." Click continue to
read...

The NSA's back door has given every US secret to our enemies Jeffrey Walton (Feb 29)
http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2

Deng Xiaoping, in 1979 - his second year as supreme leader of China -
perceived a fundamental truth that has yet to be fully grasped by most
Western leaders: Software, if properly weaponized, could be far more
destructive than any nuclear arsenal.

Under Deng’s leadership, China began one of the most ambitious and
sophisticated meta- software...

Can Spies Break Apple Crypto? Jeffrey Walton (Feb 27)
Here's an interesting exchange between Cryptome and Michael Froomkin,
Law Professor at University of Miami, on the All Writs Act
(http://cryptome.org/2016/02/can-spies-break-apple-crypto.htm):

-----

A. Michael Froomkin:

The factual posture in the key Supreme Court precedent, New York
Telephone, involved a situation where only the subject of the order
was capable of providing the assistance at issue. This is the basis
for Apple's...

The FBI's iPhone Problem: Tactical vs. Strategic Thinking Jeffrey Walton (Feb 23)
http://www.technewsworld.com/story/83130.html

I'm an ex-sheriff, and I've been in and out of security jobs for much
of my life, so I've got some familiarity with the issues underlying
the drama between the FBI and Apple. FBI officials -- and likely those
in every other three-letter agency and their counterparts all over the
world -- would like an easier way to do their jobs. Wouldn't we all?

If they could put cameras in...

Wanted: Cryptography Products for Worldwide Survey Jeffrey Walton (Jan 01)
(http://www.schneier.com/crypto-gram/archives/2015/1215.html):

In 1999, Lance Hoffman, David Balenson, and others published a survey
of non-US cryptographic products. The point of the survey was to
illustrate that there was a robust international market in these
products, and that US-only export restrictions on strong encryption
did nothing to prevent its adoption and everything to disadvantage US
corporations. This was an important contribution...

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

The importance of mutual authentication: Local Privilege Escalation in X11 Demi M. Obenour (Nov 09)
# The importance of mutual authentication: Local Privilege Escalation in X11

While X11 servers authenticate their clients, X11 clients *do not*
authenticate the server. This can be exploited to take control of an X
application by impersonating the server it is expecting to connect to.

Exploiting this vulnerability is not trivial. Typically, the X11
socket is either in `/tmp/.X11-unix` (which is sticky) or in the
abstract namespace....

Linux kernel slab-out-of-bounds Read in fbcon Minh Yuan (Nov 09)
Hi,

We recently discovered a slab-out-of-bounds read in fbcon in the latest
kernel ( v5.10-rc2 for now).

The root cause of this vulnerability is that "fbcon_copy_font" did not
handle "vc->vc_font.data" and "vc->vc_font.height" consistently. However,
the patch <https://lkml.org/lkml/2020/9/27/223> for VT_RESIZEX and the patch
<https://lkml.org/lkml/2020/9/24/720> for fbcon_get_font() can't...

[CVE-2020-25704] Linux kernel: perf_event_parse_addr_filter memory leak 尹亮 (Nov 09)
CVE assigned:
CVE-2020-25704

Patch:
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=7bdb157cdebbf95a1cd94ed2e01b338714075d00

Details:

Hi,

There is a memory leak in perf_event_parse_addr_filter. Here is the detail.

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/kernel/events/core.c?h=v5.9.3#n9991
9991 static int
9992 perf_event_parse_addr_filter(struct perf_event *event, char *fstr,...

RE: Linux kernel: crypto: bcm - Verify GCM/CCM key length in setkey(Internet mail) P J P (Nov 06)
+-- On Wed, 4 Nov 2020, kiyin(絨剛混) wrote --+
| I submitted the request in 2020/10/09. except for an auto replay email "CVE
| Request 971543 for CVE ID Request(Internet mail)",

* You can also reply to the above "CVE Request ..." email to check.

| I got no response until now. I wonder whether they ignore personal request.

* Maybe subsequent email went to spam folder? They don't generally ignore
requests.

Thank...

Advisory: ES2020-02 - Asterisk crash due to INVITE flood over TCP Sandro Gauci (Nov 06)
# Asterisk crash due to INVITE flood over TCP

- Fixed versions: 13.37.1, 16.14.1, 17.8.1, 18.0.1
- Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2020-02-asterisk-tcp-invite-crash
- Asterisk Security Advisory: https://downloads.asterisk.org/pub/security/AST-2020-001.html
- Tested vulnerable versions: 17.5.1, 17.6.0
- Timeline:
- Report date: 2020-08-31
- Triaged: 2020-09-01
- Fix provided...

CVE-2020-27347: tmux buffer overflow in escape sequence parser snizovtsev (Nov 05)
Hi,

I recently discovered a bug in tmux (terminal multiplexer) which could
lead to crash or code execution. The bug was in
`input_csi_dispatch_sgr_colon` function which is used by tmux server
process.

The problem is that a bound check for a stack-allocated array `p` is
bypassed if 8th chunk of input buffer is empty:

while ((out = strsep(&ptr, ":")) != NULL) {
if (*out != '\0') {...

CVE-2020-25669: Linux Kernel use-after-free in sunkbd_reinit - Nop (Nov 04)
Hi,

We found a use-after-free read in sunkbd_reinit located in
drivers/input/keyboard/sunkbd.c,
and reproduced it in the latest kernel version (v5.9.4 for now) with
CONFIG_KEYBOARD_SUNKBD=y and CONFIG_KASAN=y.

The root cause of this BUG is :

The function sunkbd_reinit having been scheduled by sunkbd_interrupt before
the struct sunkbd being freed.
Though the dangling pointer is set to NULL in sunkbd_disconnect, there is
still an alias in...

Git LFS (git-lfs) - Remote Code Execution (RCE) exploit CVE-2020-27955 - Clone to Pwn Dawid Golunski (Nov 04)
/*
Go PoC exploit for git-lfs - Remote Code Execution (RCE)
vulnerability CVE-2020-27955
git-lfs-RCE-exploit-CVE-2020-27955.go

Discovered by Dawid Golunski
https://legalhackers.com
https://exploitbox.io

Affected (RCE exploit):
Git / GitHub CLI / GitHub Desktop / Visual Studio / GitKraken /
SmartGit / SourceTree etc.
Basically the whole Windows dev world which uses git.

Usage:
Compile: go build...

[CVE-2020-17510] Apache Shiro Authentication Bypass Vulnerability Brian Demers (Nov 04)
Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially
crafted HTTP request may cause an authentication bypass.

If you are NOT using Shiro’s Spring Boot Starter
(`shiro-spring-boot-web-starter`), you must configure add the
ShiroRequestMappingConfig auto configuration[1] to your application or
configure the equivalent manually[2].

[0] https://www.apache.org/security/
[1]...

Multiple vulnerabilities in Jenkins plugins Daniel Beck (Nov 04)
Jenkins is an open source automation server which enables developers around
the world to reliably build, test, and deploy their software.

The following releases contain fixes for security vulnerabilities:

* Active Directory Plugin 2.20
* Ansible Plugin 1.1
* AppSpider Plugin 1.0.13
* AWS Global Configuration Plugin 1.6
* Azure Key Vault Plugin 2.1
* Kubernetes Plugin 1.27.4
* Mercurial Plugin 2.12
* SQLPlus Script Runner Plugin 2.0.13
*...

RE: Linux kernel: crypto: bcm - Verify GCM/CCM key length in setkey(Internet mail) 尹亮 (Nov 04)
Hi Tausif,
I submitted the request in 2020/10/09. except for an auto replay email "CVE Request 971543 for CVE ID
Request(Internet mail)", I got no response until now. I wonder whether they ignore personal request.

Regards,
kiyin.

Re: Linux kernel: crypto: bcm - Verify GCM/CCM key length in setkey Mohammad Tausif Siddiqui (Nov 04)
Hi Kiyin, do you have an update to the CVE assignment from Mitre here?

Re: CVE-2020-25668: Linux kernel concurrency use-after-free in vt Minh Yuan (Nov 04)
Hi all,

the patch (commit 90bfdeef83f1d6c696039b6a917190dcbbad3220) for this issue
is available now.

https://github.com/torvalds/linux/commit/90bfdeef83f1d6c696039b6a917190dcbbad3220

Regards,

Yuan Ming

Minh Yuan <yuanmingbuaa () gmail com> 于2020年10月30日周五下午2:29写道：

sddm: CVE-2020-28049: local privilege escalation due to race condition in creation of the Xauthority file Matthias Gerstner (Nov 04)
Hello list,

a local privilege escalation has been discovered in the sddm display
manager [1].

sddm passes the -auth and -displayfd command line arguments when
starting the Xserver. It then waits for the display number to be
received from the Xserver via the `displayfd`, before the Xauthority
file specified via the `-auth` parameter is actually written. This
results in a race condition, creating a time window in which no valid
Xauthority file is...

Security Issues in the spice-vdagentd daemon Matthias Gerstner (Nov 04)
Hello list,

please find below a security report regarding the spice-vdagentd [1].

Attached to this mail is a tarball containing the final set of patches
that upstream developed to address the issues. These patches are by now
already published in the upstream git repository. Furthermore attached
is a tarball containing scripts and source code to reproduce some of the
issues discussed in the report below. CVEs have been assigned by
upstream for...

Educause Security Discussion — Securing networks and computers in an academic environment.

Re: CUI network Policies and Procedures Jennifer Minella (Nov 09)
Hi Jonathan, we're in the process of pursuing CMMC ML3 and working with different resources who are in the funnel to be
auditors in the program once finalized. While we do offer that type of consulting as a service, I'm happy to answer any
questions I can if you have specific info you're looking for. I think at this point we're through the first pass,
control elements of NIST are mapped to DFARS and CMMC and the rest of...

New EDUCAUSE QuickPoll on risk, privacy and compliance Brian Kelly (Nov 09)
Good evening – This week’s QuickPoll is of interest to our community. Please complete by tomorrow (Tuesday, 11/10)
evening.
Results will be published on Friday.

This week’s EDUCAUSE Quickpoll explores the scope and organizational reporting lines of specific functions related to
risk, privacy, and compliance. It also examines how the pandemic may be affecting these critical areas.

Please take the poll before it closes tomorrow (Tuesday,...

Job Opening University Illinois at Urbana-Champaign Barnes, Joe (Nov 09)
Afternoon,

I wanted to make everyone aware of an opening at the University of Illinois. Please see below. Please pass on to
anyone you think may be interested.

Thanks
Joe

***********************************
Joe Barnes, CISSP
Chief Privacy & Security Officer
University of Illinois at Urbana-Champaign
jdbarns1 () illinois edu<mailto:jdbarns1 () illinois edu>

From:
Sent: Monday, November 9, 2020 3:01 PM
To:
Subject: GRC Job Posting...

Re: A user granted with admin rights failed a phishing test Dave Broucek (Nov 09)
We also do not make it a punitive action when someone clicks on our Live Phishing Simulation emails for the same
reasons.

My team will send a follow up session, which they are aware will be sent. We also reach out to those that click to
discuss. Which is really a conversation to scope what made them think that the email was real enough to click on the
link, and strategies to help them understand the clues that it might be phishing. This is...

Re: A user granted with admin rights failed a phishing test randy (Nov 09)
I agree with Jerry. The purpose of phishing "tests" is to increase
awareness and not be punitive. Punitive actions will more likely cause
individuals to NOT report they clicked on a link. Admins can fall for
phishes just as easily as general users :-). I don't think they would get
their admin rights revoked. Establish a baseline, run your test during a
defined period of time (~1 month), measure your "hit" rate against...

Re: A user granted with admin rights failed a phishing test Smith, Jason (Nov 09)
The idea of fostering an open relationship with users is an important one, but at the end of the day a user who falls
for a phish today (real or test) has signaled they present significantly more risk than your other users who avoided
it. Hopefully additional training will help that person, but attackers iterate new attack methods much faster than we
can train them (or even detect them).

With all the tools out there for a support desk to...

Re: Minimum DLP rules & thresholds for all users Jeff Choo (Nov 09)
Hi Jim

1. We are in Office 365 environment so we use the built-in DLP feature to set up a blanket standard DLP policy across
all users under the same domain. We then make an exception for individuals who tends to handle a lot of PII or FERPA
related data with external partners such as our HR dept or Registrar Dept so they don't have to report for rule
exceptions every time.

2. We use the standard templates in Office 365 that cover...

Re: A user granted with admin rights failed a phishing test Rob Milman (Nov 09)
+1 for Ken’s response.

We have the same strategy.

Regards,

Rob

[cid:image001.png@01D6B693.583B0900]
Rob Milman
Associate Director, Information Security
Information Technology Services

Southern Alberta Institute of Technology
EH Crandell Building, GA 214
1301 – 16 Avenue NW, Calgary AB, T2M 0L4

(Office) 403.774.5401 (Cell) 403.606.3173
rob.milman () sait ca<mailto:rob.milman () sait ca>

[cid:image002.png@01D6B693.583B0900]

From:...

Re: A user granted with admin rights failed a phishing test Ken Munro (Nov 09)
Hi.

I also think that punitive measures should not be taken. Our cybersecurity training platform automatically notifies the
user they click on a phishing link, and assigns them a contemplative survey asking questions about why they clicked it.
We also have the option to assign them a remedial phishing module, which I do for staff but not faculty.

We say that no one will be reprimanded for clicking on simulated phishing links. We do not...

Re: A user granted with admin rights failed a phishing test Jerry Tylutki (Nov 09)
I disagree that any punitive action should be taken. Phishing tests are in
their nature deceptive and attempt to trap the individual; revoking access,
potentially impacting the responsibilities of that person, is not the path
I would take. Phishing campaigns are one part of a larger security
education and training program. Raise awareness. Increase education.

I am open and communicative when preparing to send out a phishing email --
I want the...

Re: Minimum DLP rules & thresholds for all users Ken Munro (Nov 09)
We use Office 365 DLP.

We monitor for SSN (or SIN in Canada), health card numbers, driver's licenses, passport numbers, credit card numbers,
and bank account numbers. We monitor all accounts.

Our thresholds are low. Any number (1 or above) of these numbers are reported, but in a weekly and monthly summary
email, not for each incident. I would run a custom report in the Office 365 Security and Compliance center to get more
details.

We...

Minimum DLP rules & thresholds for all users Jim A. Bole (Nov 09)
I would like to get some feedback from folks that have deployed a DLP solution:
1. What are the minimum rules and thresholds you've applied across your org to all/most users, as opposed to more
granular rules you may have applied to specific groups requiring increased security/privacy?
2. Since SSN is often regarded as a key piece of PII, what rules/thresholds have you applied for SSNs and what
regulatory criteria supports it...

Re: A user granted with admin rights failed a phishing test Apollo Dalamar (Nov 09)
G'day Jared,

I would most certainly revoke Admin Rights until the individual can pass
some of the assessments associated with the Cyber Security Training.
Allude the individual that there would be some form of auditing /
supervision for a graceful period. In the interim, monitor appropriate
audit logs for a graceful period to make sure the individual is adhering to
protocols.
Additionally, have the individual sign some form of legal binding...

Re: A user granted with admin rights failed a phishing test Hiram Wong (Nov 09)
Hi Jared,

I think, at least partially, your reaction should be dependent on how many
times the particular user fails the phishing test. You can escalate and
increase the requirements with each additional failure of your phishing
test. I would also consider notifying their immediate supervisor and
escalating as needed.

Hope this helps.

Hiram

On Mon, Nov 9, 2020 at 8:20 AM Jared Evans <jared.evans () gallaudet edu>
wrote:

A user granted with admin rights failed a phishing test Jared Evans (Nov 09)
Hello,

I would ask about what actions are typically taken when a user who has been
granted admin rights (limited to few workstations within their workspace)
failed a phishing test with the user giving out the user credentials.

Additional cybersecurity training is a given but are the admin rights
temporarily revoked until the training is completed?

Internet Issues and Infrastructure

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

Re: Phoenix-IX Contact Mike Hammett (Nov 09)
Paul's LinkedIn seems to show that he checked out in April. Let me know if you have any success reaching anyone there.

-----
Mike Hammett
Intelligent Computing Solutions

Midwest Internet Exchange

The Brothers WISP

----- Original Message -----

From: "Kate Gerry" <kgerry () outlook com>
To: "Bill Woodcock" <woody () pch net>
Cc: nanog () nanog org
Sent: Monday, November 9, 2020 5:44:42 PM
Subject:...

Re: Phoenix-IX Contact Kate Gerry (Nov 09)
Just a heads-up, I never heard a word from anybody at Phoenix-IX.

Is there anybody still running the IX? Or is it just on autopilot? It'd be nice if anybody had some information on
whatever happened to Paul. Hopefully he is okay!

Re: CNAME records in place of A records Arne Jensen (Nov 09)
Den 09-11-2020 kl. 01:10 skrev Matt Palmer:

DNSSEC?

A lot of public sector/government stuff, at least around here, should
have had DNSSEC enabled already.

e-Boks, as being the stuff that all state/municipalities sends
electronic communication through (unless you're excluded from
"electronic mail"):

-> https://dnssec-analyzer.verisignlabs.com/www.e-boks.dk

Sure, there DNSSEC on the actual domain name, but the CNAME...

Spoofer Report for NANOG for Oct 2020 CAIDA Spoofer Project (Nov 09)
In response to feedback from operational security communities,
CAIDA's source address validation measurement project
(https://spoofer.caida.org) is automatically generating monthly
reports of ASes originating prefixes in BGP for systems from which
we received packets with a spoofed source address.
We are publishing these reports to network and security operations
lists in order to ensure this information reaches operational
contacts in these...

Re: Strange connectivity issue Frontier EVPL Tim Burke (Nov 09)
I'm amazed you can get *anything* to work with Logix involved. Haven't
heard of many issues with PSLightwave in Houston, however... they seem
to be one of the only halfway decent options here.

Re: CNAME records in place of A records Mark Andrews (Nov 08)
Given the number of ISPs (and others) that ask ISC to support CNAME at the APEX
to whom we have to politely say:

“No. It is not permitted by this part of RFC 1034.”

<quoted text>

It’s well worth reiterating.

Re: CNAME records in place of A records Matt Palmer (Nov 08)
Yes. I didn't think that was something that needed to be explained on NANOG,
though.

- Matt

Re: CNAME records in place of A records Mark Andrews (Nov 08)
Which is why there are HTTPS and SVCB records coming and SRV exists.
You don’t need CNAME, you need indirection. Indirection does require
a small amount of client support.

Re: CNAME records in place of A records Rob McEwen (Nov 08)
except - don't forget that the root of a domain (that domain without
"www." or any other label) - cannot have a CNAME as the "A" record - fwiw...

Re: CNAME records in place of A records Matt Palmer (Nov 08)
The closest thing to a *security* issue I can think of is IP agility in the
face of DDoS attacks -- most booter-style attacks are dumb as rocks, and
null-routing the target IP and moving all the customers on that IP to
another one is the easiest solution.

However, there are many *other* great reasons to get customers to CNAME onto
their SaaS vendors, including:

* No need to coordinate routine renumbering events;
* IPv6 support;
* CAA record...

Re: Disney+ Geolocation (again) Mike Hammett (Nov 08)
Did you ask what the correct avenue was? I'm assuming you did. I'm also assuming they were of no additional help.

-----
Mike Hammett
Intelligent Computing Solutions

Midwest Internet Exchange

The Brothers WISP

----- Original Message -----

From: "Seth Mattinen" <sethm () rollernet us>
To: Nanog () nanog org
Sent: Sunday, November 8, 2020 11:20:17 AM
Subject: Re: Disney+ Geolocation (again)

I was told to go...

Re: Disney+ Geolocation (again) Seth Mattinen (Nov 08)
I was told to go to help.disneyplus.com to resolve this, which just
gives you the "you're on a VPN" page if you type in "error 73". I called
anyway, and as I assumed they can't help me as an ISP calling in. (I did
test to confirm with a friend's account but I'm not the account holder.)
Even then, that doesn't help the overall "yeah our service works with
every major streaming service *except*...

Re: Disney+ Geolocation (again) Mike Hammett (Nov 08)
Ugh, they used to.

I can't stand these consumer-focused organizations that are irresponsible to the greater operator community.

-----
Mike Hammett
Intelligent Computing Solutions

Midwest Internet Exchange

The Brothers WISP

----- Original Message -----

From: "Seth Mattinen" <sethm () rollernet us>
To: Nanog () nanog org
Sent: Sunday, November 8, 2020 9:24:11 AM
Subject: Disney+ Geolocation (again)

People...

Disney+ Geolocation (again) Seth Mattinen (Nov 08)
People can't watch Disney+. Looked at old emails, read them. Checked
every geolocation site for my netblocks (which return ok). Emailed to
netadmin () disneystreaming com

They responded with "We do not service these requests via this email".

Now what? Anyone have a secret contact that can actually help?

~Seth

Re: CNAME records in place of A records Doug Barton (Nov 06)
Or NS records, since you mentioned it. :)

Doug

Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

Risks Digest 32.36 RISKS List Owner (Nov 08)
RISKS-LIST: Risks-Forum Digest Sunday 8 November 2020 Volume 32 : Issue 36

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.36>
The current issue can also be found at
<...

Risks Digest 32.35 RISKS List Owner (Nov 02)
RISKS-LIST: Risks-Forum Digest Monday 2 November 2020 Volume 32 : Issue 35

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.35>
The current issue can also be found at
<...

Risks Digest 32.34 RISKS List Owner (Oct 27)
RISKS-LIST: Risks-Forum Digest Tuesday 27 October 2020 Volume 32 : Issue 34

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.34>
The current issue can also be found at
<...

Risks Digest 32.33 RISKS List Owner (Oct 24)
RISKS-LIST: Risks-Forum Digest Saturday 24 October 2020 Volume 32 : Issue 33

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.33>
The current issue can also be found at
<...

Risks Digest 32.32 RISKS List Owner (Oct 15)
RISKS-LIST: Risks-Forum Digest Thursday 15 October 2020 Volume 32 : Issue 32

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.32>
The current issue can also be found at
<...

Risks Digest 32.31 RISKS List Owner (Oct 10)
RISKS-LIST: Risks-Forum Digest Saturday 10 October 2020 Volume 32 : Issue 31

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.31>
The current issue can also be found at
<...

Risks Digest 32.30 RISKS List Owner (Oct 02)
RISKS-LIST: Risks-Forum Digest Friday 2 October 2020 Volume 32 : Issue 30

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.30>
The current issue can also be found at
<...

Risks Digest 32.29 RISKS List Owner (Sep 25)
RISKS-LIST: Risks-Forum Digest Friday 25 September 2020 Volume 32 : Issue 29

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.29>
The current issue can also be found at
<...

Risks Digest 32.28 RISKS List Owner (Sep 22)
RISKS-LIST: Risks-Forum Digest Tuesday 22 September 2020 Volume 32 : Issue 28

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.28>
The current issue can also be found at
<...

Risks Digest 32.27 RISKS List Owner (Sep 18)
RISKS-LIST: Risks-Forum Digest Friday 18 September 2020 Volume 32 : Issue 27

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.27>
The current issue can also be found at
<...

Risks Digest 32.26 RISKS List Owner (Sep 13)
RISKS-LIST: Risks-Forum Digest Sunday 13 September 2020 Volume 32 : Issue 26

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.26>
The current issue can also be found at
<...

Risks Digest 32.25 RISKS List Owner (Sep 07)
RISKS-LIST: Risks-Forum Digest Monday 7 September 2020 Volume 32 : Issue 25

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.25>
The current issue can also be found at
<...

Risks Digest 32.24 RISKS List Owner (Aug 29)
RISKS-LIST: Risks-Forum Digest Saturday 29 August 2020 Volume 32 : Issue 24

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.24>
The current issue can also be found at
<...

Risks Digest 32.23 RISKS List Owner (Aug 25)
RISKS-LIST: Risks-Forum Digest Tuesday 25 August 2020 Volume 32 : Issue 23

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.23>
The current issue can also be found at
<...

Risks Digest 32.22 RISKS List Owner (Aug 24)
RISKS-LIST: Risks-Forum Digest Monday 24 August 2020 Volume 32 : Issue 22

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.22>
The current issue can also be found at
<...

BreachExchange — BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.

Open Source Tool Development

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

Growing memory with tshark & Lua Thomas Baudelet (Nov 09)
Hi Devs,

When Wireshark profiles are correctly tuned (few protocols, disabled TCP
reassembly & analysis, bytes tracking, timestamps calculations, IP
defrag), tshark memory doesn't grow at all.

Simply adding a simple Lua script with 1 listener and 1 field, without
doing nothing with them, then the memory grows along with pcap file.

As tshark memory alone doesn't grow due to correct profile, I'd have
expected Lua to forget...

Remote Developer Den, November 2020 Gerald Combs (Nov 09)
I've scheduled the next remote Developer Den for next Tuesday, November 17th. This is remote version of the Developer
Den at SharkFest, a room that we set aside for office hours where everyone is welcome to stop in, say hello, ask
questions, etc.

The link below has a "join from browser" option, so it should be possible to connect without installing Zoom's client.

----
Gerald Combs is inviting you to a scheduled Zoom...

A-I/F in the Telephony menu Alex Nik (Nov 08)
Hello, folks,

I found out the the A-I/F stands for A-Interface (GSM Signal Interface Between BSC and MSC). The A-I/F version is used
in Wireshark only and I assume is not a standard. Could someone fix the menu names please - change to “A-Interface”?
Unless it has a different meaning =)

Thanks

Alex___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev ()...

Re: IP Address from pInfo->src Guy Harris (Nov 07)
pinfo->src, like pinfo->dst, is an "address" structure.

That structure contains:

a "type" field, giving the type of address;

a "len" field, giving the length of the address, in bytes;

a "data" field, pointing to a blob of data containing the value of the address, which is "len" bytes long.

*IF* the "type" field has the value AT_IPv4, *then* the address...

IP Address from pInfo->src Vinay Meher (Nov 07)
Hi,
I am developing a plugin for WireShark. I need the IP Address but the
pInfo->src has members with no interpretable fields for the IP Address in
the IPv4 format.
Kindly advise to retrieve the same.

Thanking in advance,
Vinay Meher

Re: Is there a way to internationalize the text of dissector's preference? Alexis La Goutte (Nov 06)
Hi,

It is possible, you can push a patch (with WIP status) for looking ?

Docs: Repetition of "This menu (contains items to)" in 3.4 - The Menu Jonathan Laschet (Nov 06)
https://www.wireshark.org/docs/wsug_html_chunked/ChUseMenuSection.html

And imo they don't really contribute to the text

"Go
to a specific packet. See Section 3.8, “The “Go” Menu”

is imo better than the current

"Go
This menu contains items to go to a specific packet. See Section 3.8, “The
“Go” Menu”

Docs: Black icons invisible with Firefox-extension "Dark background and light text" Jonathan Laschet (Nov 06)
https://www.wireshark.org/docs/wsug_html_chunked/PrefaceTypographicConventions.html

for example

Extension:

https://addons.mozilla.org/en-US/firefox/addon/dark-background-light-text/

Re: Is there a way to internationalize the text of dissector's preference? qiangxiong.huang (Nov 06)
Hi, Alexis La Goutte

I just want to internationalize for the title and description of preference in packet-xxx.c. 
Is this possible to use glib wrapper gettext() as Guy Harris said?

------------------ Original ------------------
From:
"alexis.lagoutte"...

Re: Marking GitLab issues as duplicates Jaap Keuter (Nov 06)
"Clear as mud” ;)

Thanks for sharing

Marking GitLab issues as duplicates Guy Harris (Nov 05)
If you type a / at the beginning of a comment, it pops up a menu of "quick actions".

One of those actions is /dup{licate}. If you type

/duplicate #NNNNN

and save that comment, GitLab will mark the issue in which you make the comment as a duplicate of issue #NNNNN.

This is extraordinarily well documented, in a place that's easy to find, just as many other GitLab features are
documented in a place easy to find./sarcasm....

Re: Is there a way to internationalize the text of dissector's preference? Alexis La Goutte (Nov 05)
Hi Huang,

No, there is a actually no way for translate packet-xxx.c files

Cheers

On Thu, Nov 5, 2020 at 2:31 PM qiangxiong.huang <qiangxiong.huang () qq com>
wrote:

Re: Is there a way to internationalize the text of dissector's preference? Guy Harris (Nov 05)
Currently, no.

What *could* be done would be to use, in the non-Qt code, the GLib wrappers for gettext():

https://developer.gnome.org/glib/stable/glib-I18N.html

(GLib itself requires gettext() to be present, so, if you're building Wireshark, you have the gettext() API available
and you have any tools needed to process .po files). Then we'd create .po files for various languages; Transifex can,
as far as I know, handle .po...

Is there a way to internationalize the text of dissector's preference? qiangxiong.huang (Nov 05)
It seems that only qt releated code (in .cpp) can be internationalized by QString::tr().Is there a way to
internationalize the text of dissector preference which is usually set in epan/dissectors/packet-xxx.c ?

Regards,
Huang Qiangxiong___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:...

Re: Handling malformed packet exceptions from within ASN.1 dissectors Richard Sharpe (Nov 03)
Yeah, I found them. But then I found that the ASN.1 dissectors already
handle the situation and my problem was elsewhere :-)

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

Re: AppId FTP service detector problem Meridoff via Snort-devel (Nov 05)
Sure, here it is.

My client is WIndows7 running FileZilla to go to anonymous ftp at
ftp.botik.ru.

My gate is Linux with snort 3.0.1 (build 4), Lua 5.1, that do nat
masquerade for Internet access from LAN.

Snort is in NFQ/TAP mode. Nfqueue rule is setup OK and works. Using only 1
thread in snort (for simplicity).

Configs and pcaps are included.

Files description:

1. configBAD (when no alerts at all) - is the same as configOK (when alerts...

re: Get more real traffic to seclists.org with Pop under ads Reyes Rinehart � (Nov 04)
hi
Real Pop under ads traffic from only 0.00015$ per visit
http://www.str8-creative.co/product/worldwide-website-traffic/

Regards
Reyes Rinehart

Unsubscribe option is available on the footer of our website

Snort Subscriber Rules Update 2020-11-04 Research (Nov 04)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-office,
file-other, malware-cnc, malware-other, os-windows, policy-other and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Re: AppId FTP service detector problem Shravan Rangarajuvenkata (shrarang) via Snort-devel (Nov 04)
We tried to reproduce this issue locally but could not.

Is it possible for you to send a pcap with the traffic for which you are seeing this issue? Can you also send your
snort3 configuration (the Lua files)?

Thanks,
Shravan

From: Snort-devel <snort-devel-bounces () lists snort org> on behalf of "Shravan Rangarajuvenkata (shrarang) via
Snort-devel" <snort-devel () lists snort org>
Reply-To: "Shravan...

cheat your way into top 10 Dong Passmore (Nov 04)
The new ways to rank fast
blackhatseoservices.tk

Snort Subscriber Rules Update 2020-11-02 Research (Nov 02)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-office,
file-other, malware-cnc, malware-other and server-webapp rule sets to
provide coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

re: SEO that works Katrice Stabile � (Nov 02)
hi

After checking seclists.org we strongly advise you take any of our services
here

http://www.liftmyrank.co/affordable-seo-services-small-businesses/

Pricelist attached

Regards
Katrice Stabile

http://www.liftmyrank.co/unsubscribe/

Snort Subscriber Rules Update 2020-10-29 Research (Oct 29)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the browser-chrome,
browser-ie, browser-plugins, exploit-kit, file-executable, file-flash,
file-image, file-java, file-multimedia, file-office, file-other,
file-pdf, indicator-compromise, malware-backdoor, malware-cnc,
malware-other, os-linux, os-windows, policy-other, pua-other,...

re: re: Boost SEO with quality EDU backlinks Brandon (Oct 28)
hi there

1000 Edu blog backlinks to improve your backlinks base and increase SEO
metrics and ranks
http://www.str8-creative.io/product/edu-backlinks/

Improve domain authority with more .edu blog backlinks

Unsubscribe from this newsletter
http://www.str8-creative.io/unsubscribe/

Re: AppId FTP service detector problem Steve G via Snort-devel (Oct 27)
thank you! i found in rules inappopate I DID NOT GO TO THESE SITES! IS
THIS REAL OR EXAMPLE?

Snort Subscriber Rules Update 2020-10-27 Research (Oct 27)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the browser-chrome,
browser-ie, browser-plugins, browser-webkit, exploit-kit, file-flash,
file-identify, file-java, file-multimedia, file-office, file-other,
file-pdf, malware-backdoor, malware-cnc, malware-other, malware-tools,
os-other, os-windows, policy-other, protocol-other,...

Re: AppId FTP service detector problem Sg via Snort-devel (Oct 26)

Re: AppId FTP service detector problem Sg via Snort-devel (Oct 26)

Re: AppId FTP service detector problem Shravan Rangarajuvenkata (shrarang) via Snort-devel (Oct 23)
Thanks for reporting the issue! We will try to reproduce this issue locally and will reach out to you if we need any
help.

Thanks,
Shravan

From: Snort-devel <snort-devel-bounces () lists snort org> on behalf of Meridoff via Snort-devel <snort-devel () lists
snort org>
Reply-To: Meridoff <oagvozd () gmail com>
Date: Friday, October 23, 2020 at 2:17 PM
To: "snort-devel () lists snort org" <snort-devel () lists...

AppId FTP service detector problem Meridoff via Snort-devel (Oct 23)
Hello, I have manual rules with appid:ftp ,ftp_data and other ftp_* appids
rules.

None of them are working on FTP-traffic if I use snort3-malware-other rules
(and may be some others).

If I use only my manual appid ftp rule, then all is OK:
ftp/ftp_data/ftp_passive and so on are WORKS fine!

When I include snort3-malware-other rule file in config : manual appid
rule doesn't work.

Inspectors ftp-server/client/wizard/binder are in config....

More Lists

Related Resources

We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.