SecLists.Org Security Mailing List Archive

Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:

Insecure.Org Lists

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

New PR: simple changing match rule for an Apache web server Gildásio Júnior (Jul 12)
Hi all,

Looking in contributing guidelines it recommends to send an e-mail about
a PR created by me. So...

I open a simple PR changing a rule to catch Apache web server
information in an specific case.

Using nmap-service-probe updated until today:

```

Starting Nmap 7.80 ( https://nmap.org ) at 2020-07-12 20:20 -03
Nmap scan report for lab (172.16.0.201)
Host is up (0.0025s latency).

PORT STATE SERVICE VERSION
80/tcp open http Apache...

NDIS Filter driver in Npcap Lisa Hofmann (Jul 10)
Hello,

for my master thesis I am currently working on a similar tool as Npcap which will also be based on NDIS 6.x. Therefore
I wanted to ask you why Npcap is using a NDIS filter driver while WinPcap uses a protocol driver?

With kind regards,

Lisa

Re: Nmap ICMP Scan Technical Question Robin Wood (Jun 26)

Re: Probe submission for OpenText Gupta SQLBase Gordon Fyodor Lyon (Jun 26)
Thanks Matthias! To better track this submission, I created an issue for
it here: https://github.com/nmap/nmap/issues/2071

We've been really focused on Npcap for the last year (because it is
critical infrastructure for Nmap), but we're about to turn a lot more of
our attention to Nmap proper!

Cheers,
Fyodor

Re: Nmap ICMP Scan Technical Question Andrew Morrison via dev (Jun 26)

Send dev mailing list submissions to HUMBERTO TOSCANO (Jun 23)

Re: How to interpret following nmap's traceroute output. Karel Gardas (Jun 23)
Oh, that would be pretty hard indeed. Anyway, I'm not against it -- as a
last resort.

So far I've tested nmap 7.80 release and it shows the same issue.

BTW: Do you have any idea of a tool which will allow me to create
virtual networks using KVM more easily?

Thanks,
Karel

Re: How to interpret following nmap's traceroute output. Arturo 'Buanzo' Busleiman (Jun 23)
For the sake of experimentation, would you be willing/able to try the same
environment and nmap tests using another hypervisor?

Re: How to interpret following nmap's traceroute output. Karel Gardas (Jun 23)
VirtualBox 6.x

Host's route looks:

$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
default _gateway 0.0.0.0 UG 100 0 0 eno1
default _gateway 0.0.0.0 UG 101 0 0
enp9s0
10.0.10.0 0.0.0.0 255.255.255.0 U 101 0 0
enp9s0
10.0.30.0 0.0.0.0 255.255.255.0 U 100 0...

Re: How to interpret following nmap's traceroute output. Robin Wood (Jun 23)
I'll let others with more nmap and networking knowledge take over from
here, I've reached my ceiling for remote debugging.

Re: How to interpret following nmap's traceroute output. Arturo 'Buanzo' Busleiman (Jun 23)
What's the hypervisor?

Re: How to interpret following nmap's traceroute output. Karel Gardas (Jun 23)
Yes, 10.0.10.14 is enter to virtual network and yes, it's routable
directly from the host. But 10.111.0.99 is deep inside the virtual
network and the 10.0.10.14 short-cut does not explain un-clear
traceroute to 10.111.0.99 as reported by nmap IMHO.

Or am I missing anything here?

Thanks!
Karel

Re: How to interpret following nmap's traceroute output. Robin Wood (Jun 23)
Is 10.0.10.14 on the same box as you are scanning from, i.e. a VM? If so,
then it may just be caused by the VM networking stack knowing about the
second subnet and so short-cutting the routing.

Re: How to interpret following nmap's traceroute output. Karel Gardas (Jun 23)
Indeed, I should consult traceroute, but well, then it looks like nmap
tracerouting bug IMHO:

traceroute to 10.111.0.99 (10.111.0.99), 30 hops max, 60 byte packets
1 _gateway (10.0.30.138) 0.253 ms 0.340 ms 0.320 ms
2 10.0.10.14 (10.0.10.14) 1.160 ms 1.146 ms 1.124 ms
3 10.1.0.12 (10.1.0.12) 2.911 ms 3.014 ms 2.999 ms
4 10.11.0.26 (10.11.0.26) 4.120 ms 4.108 ms 4.089 ms
5 10.111.0.99 (10.111.0.99) 4.191 ms 4.176 ms 4.154...

Re: How to interpret following nmap's traceroute output. Robin Wood (Jun 23)
I can't answer the nmap question but I'm curious, what does standard
traceroute to the two IPs show?

What IP are you on and what is the subnet? Is 10.0.30.138 the default
gateway defined on the host?

Robin

Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

SEC Consult SA-20200708-0 :: Multiple Critical Vulnerabilities in Multiple Rittal Products Based on Same Software SEC Consult Vulnerability Lab (Jul 10)
SEC Consult Vulnerability Lab Security Advisory < 20200708-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: Multiple Rittal Products based on same software, e.g.
CMC III PU Compact, CMC III PU 7030.000
PDU (whole portfolio),
LCP-CW, IoT Interface 3124.300
vulnerable version:...

Microsoft OneDrive client for Windows Qt QML module hijack Securify B.V. via Fulldisclosure (Jul 09)
------------------------------------------------------------------------
Microsoft OneDrive client for Windows Qt QML module hijack
------------------------------------------------------------------------
Yorick Koster, July 2020

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A file hijacking vulnerability was found in the Microsoft...

X41 D-Sec GmbH Security Advisory X41-2020-006: Memory Corruption Vulnerability in bspatch X41 D-Sec GmbH Advisories (Jul 09)
X41 D-SEC GmbH Security Advisory: X41-2020-006

Advisory X41-2020-006: Memory Corruption Vulnerability in bspatch
=================================================================
Severity Rating: High
Confirmed Affected Versions: Colin Percival's bsdiff 4.3
Confirmed Patched Versions: FreeBSD's bsdiff
(https://svnweb.freebsd.org/base/head/usr.bin/bsdiff/bspatch/bspatch.c)
Vendor: Colin Percival
Vendor URL:...

Multiple vulnerabilities found in CDATA OLTs Pierre Kim (Jul 07)
## Advisory Information

Title: Multiple vulnerabilities found in CDATA OLTs
Advisory URL: https://pierrekim.github.io/advisories/2020-cdata-0x00-olt.txt
Blog URL: https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html
Date published: 2020-07-07
Vendors contacted: None
Release mode: Full-Disclosure
CVE: None yet assigned

## Product Description

The CDATA OLTs are OEM FTTH OLTs, sold under different brands (Cdata,...

Four vulnerabilities found in MikroTik's RouterOS Q C (Jul 07)
Advisory: four vulnerabilities found in MikroTik's RouterOS

Details
=======

Product: MikroTik's RouterOS
Affected Versions: through stable 6.47
Fixed Versions: stable 6.47
Vendor URL: https://mikrotik.com/
Vendor Status: fixed version released
CVE: -
Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team

Product Description
==================

RouterOS is the operating system used on the MikroTik's devices, such as
switch,...

Microsoft Windows mshta.exe HTA File / XML External Entity Injection hyp3rlinx (Jul 07)
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-MSHTA-HTA-FILE-XML-EXTERNAL-ENTITY-INJECTION.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]www.microsoft.com

[Product]
Windows MSHTA.EXE .HTA File

An HTML Application (HTA) is a Microsoft Windows program whose source
code consists of HTML, Dynamic HTML, and one or more...

Bolt CMS <= 3.7.0 Multiple Vulnerabilities - CSRF to RCE Sivanesh Ashok (Jul 03)
##########################################################################
# Bolt CMS <= 3.7.0 Multiple Vulnerabilities #
##########################################################################

Author - Sivanesh Ashok | @sivaneshashok | stazot.com

Date : 2020-03-24
Vendor : https://bolt.cm/
Version : <= 3.7.0
CVE : CVE-2020-4040, CVE-2020-4041
Last Modified: 2020-07-03

--[ Table...

[SYSS-2020-011] Apple iOS - Exposure of Resource to Wrong Sphere (CWE-668) Philipp Buchegger (Jul 03)
Advisory ID: SYSS-2020-011
Product: Apple iOS
Manufacturer: Apple Inc.
Affected Version(s): 13.3.1, 13.5.1
Tested Version(s): 13.3.1, 13.5.1
Vulnerability Type: Exposure of Resource to Wrong Sphere (CWE-668)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2020-03-23
Solution Date: -
Public Disclosure: 2020-07-02
CVE Reference: Not yet assigned
Author of Advisory: Philipp Buchegger, SySS GmbH...

[CVE-2020-11882] o2 Business for Android "canvasm.myo2.SplashActivity" <= 1.2.0 Open Redirect Julien Ahrens (RCE Security) (Jul 03)
RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: o2 Business for Android
Vendor URL: https://play.google.com/store/apps/details?id=telefonica.de.o2business
Type: Open Redirect [CWE-601]
Date found: 2020-04-16
Date published: 2020-07-01
CVSSv3 Score: 3.3 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
CVE: CVE-2020-11882

2. CREDITS
==========
This...

CVE-2019-19935 - DOM XSS in Froala WYSIWYG HTML Editor Advisories (Jul 03)
#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product: Froala WYSIWYG HTML Editor
# Vendor: Froala
# CSNC ID: CSNC-2020-004
# CVE ID: CVE-2019-19935
# Subject: DOM XSS in Froala WYSIWYG HTML Editor
# Severity: Medium
# Effect: Remotely exploitable
# Author: Emanuel...

SEC Consult SA-20200701-0 :: Reflected Cross-Site Scripting (XSS) in EQDKP Plus CMS SEC Consult Vulnerability Lab (Jul 01)
SEC Consult Vulnerability Lab Security Advisory < 20200701-0 >
=======================================================================
title: Reflected Cross-Site Scripting (XSS) Vulnerability
product: EQDKP Plus CMS
vulnerable version: <= 2.3.29
fixed version: 2.3.30
CVE number: -
impact: Low
homepage: https://eqdkp-plus.eu/
found: 2020-04-01...

[KIS-2020-08] openSIS <= 7.4 Multiple SQL Injection Vulnerabilities Egidio Romano (Jun 30)
-----------------------------------------------------
openSIS <= 7.4 Multiple SQL Injection Vulnerabilities
-----------------------------------------------------

[-] Software Link:

https://opensis.com/

[-] Affected Versions:

Version 7.4 and prior versions.

[-] Vulnerabilities Description:

The application is affected by multiple SQL Injection vulnerabilities,
following are some examples:

1) User input passed through the...

[KIS-2020-07] openSIS <= 7.4 (Bottom.php) Local File Inclusion Vulnerability Egidio Romano (Jun 30)
--------------------------------------------------------------
openSIS <= 7.4 (Bottom.php) Local File Inclusion Vulnerability
--------------------------------------------------------------

[-] Software Link:

https://opensis.com/

[-] Affected Versions:

Version 7.4 and prior versions.

[-] Vulnerability Description:

The vulnerable code is located in the /Bottom.php script:

36....

[KIS-2020-06] openSIS <= 7.4 Incorrect Access Control Vulnerabilities Egidio Romano (Jun 30)
-------------------------------------------------------
openSIS <= 7.4 Incorrect Access Control Vulnerabilities
-------------------------------------------------------

[-] Software Link:

https://opensis.com/

[-] Affected Versions:

Version 7.4 and prior versions.

[-] Vulnerabilities Description:

The application prevents unauthenticated access to its functionalities
by including
the 'RedirectIncludes.php',...

KL-001-2020-003 : Cellebrite EPR Decryption Relies on Hardcoded AES Key Material KoreLogic Disclosures via Fulldisclosure (Jun 29)
KL-001-2020-003 : Cellebrite EPR Decryption Relies on Hardcoded AES Key Material

Title: Cellebrite EPR Decryption Relies on Hardcoded AES Key Material
Advisory ID: KL-001-2020-003
Publication Date: 2020.06.29
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2020-003.txt

1. Vulnerability Details

     Affected Vendor: Cellebrite
     Affected Product: UFED
     Affected Version: 5.0 - 7.5.0.845
     Platform:...

Other Excellent Security Lists

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

Defense in depth -- the Microsoft way (part 62): Windows shipped with end-of-life components Stefan Kanthak (Feb 25)
Hi @ll,

since Microsoft Server 2003 R2, Microsoft dares to ship and install the
abomination known as .NET Framework with every new version of Windows.

Among other components current versions of Windows and .NET Framework
include

C# compiler (C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe,
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe)
J# compiler (C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe,...

Local information disclosure in OpenSMTPD (CVE-2020-8793) Qualys Security Advisory (Feb 25)
Qualys Security Advisory

Local information disclosure in OpenSMTPD (CVE-2020-8793)

==============================================================================
Contents
==============================================================================

Summary
Analysis
Exploitation
POKE 47196, 201
Acknowledgments

==============================================================================
Summary...

LPE and RCE in OpenSMTPD's default install (CVE-2020-8794) Qualys Security Advisory (Feb 25)
Qualys Security Advisory

LPE and RCE in OpenSMTPD's default install (CVE-2020-8794)

==============================================================================
Contents
==============================================================================

Summary
Analysis
...
Acknowledgments

==============================================================================
Summary...

[SECURITY] [DSA 4633-1] curl security update Alessandro Ghedini (Feb 25)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4633-1 security () debian org
https://www.debian.org/security/ Alessandro Ghedini
February 22, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : curl
CVE ID : CVE-2019-5436 CVE-2019-5481...

Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888) Jamie R (Feb 25)
I've quoted the Cisco summary below as it's pretty accurate.

tl;dr is an admin user on the web console can gain command execution
and then escalate to root. If this is an issue in your environment,
then please patch.

Thanks to Cisco PSIRT who were responsive and professional.

Shouts to Andrew, Dave and Senad, Pedro R - if that's still even a
thing on advisories.

Ref:...

[TZO-22-2020] Qihoo360 | GDATA | Rising | Command Generic Malformed Archive Bypass Thierry Zoller (Feb 24)

[TZO-16-2020] - F-SECURE Generic Malformed Container bypass (GZIP) Thierry Zoller (Feb 24)

[slackware-security] proftpd (SSA:2020-051-01) Slackware Security Team (Feb 20)
[slackware-security] proftpd (SSA:2020-051-01)

New proftpd packages are available for Slackware 14.0, 14.1, 14.2, and -current
to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/proftpd-1.3.6c-i586-1_slack14.2.txz: Upgraded.
No CVEs assigned, but this sure looks like a security issue:
Use-after-free vulnerability in memory pools during data transfer.
(* Security...

[SECURITY] [DSA 4628-1] php7.0 security update Moritz Muehlenhoff (Feb 19)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4628-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 18, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : php7.0
CVE ID : CVE-2019-11045 CVE-2019-11046...

[SECURITY] [DSA 4629-1] python-django security update Sebastien Delafond (Feb 19)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4629-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
February 19, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : python-django
CVE ID : CVE-2020-7471
Debian Bug...

[TZO-18-2020] - Bitdefender Malformed Archive bypass (GZIP) Thierry Zoller (Feb 18)

[TZO-17-2020] - Kaspersky Generic Archive Bypass (ZIP FLNMLEN) Thierry Zoller (Feb 18)

[SECURITY] [DSA 4626-1] php7.3 security update Moritz Muehlenhoff (Feb 18)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4626-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 17, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : php7.3
CVE ID : CVE-2019-11045 CVE-2019-11046...

[SECURITY] [DSA 4627-1] webkit2gtk security update Moritz Muehlenhoff (Feb 18)
-------------------------------------------------------------------------
Debian Security Advisory DSA-4627-1 security () debian org
https://www.debian.org/security/ Alberto Garcia
February 17, 2020 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : webkit2gtk
CVE ID : CVE-2020-3862 CVE-2020-3864...

Web Application Firewall bypass via Bluecoat device RedTimmy Security (Feb 16)
Hi,
we have published a new post in our blog titled "How to hack a company by circumventing its WAF through the abuse of a
different security appliance and win bug bounties".

We basically have [ab]used a Bluecoat device behaving as a request forwarder to mask our malicious payload, avoid WAF
detection, hit an HTTP endpoint vulnerable to RCE and pop out a shell.

Full story is here:...

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

WAFs: HTTP Desynchronization as a Metric Dave Aitel via Dailydave (Jul 13)
So one thing people don't have any scope of measuring - (maybe as a set
diagram finite states?) - is the difference between two parsers for the
same protocol. Ten years ago a lot of the security community had a
discussion about "LangSec <http://langsec.org/>" which turns out to have
been entirely correct in retrospect.

NCCGroup's recently released analysis of the F5 bug is a key example of
this principle in action:...

Re: [EXTERNAL] WAF Metrics Rafal Los via Dailydave (Jul 13)
John,
Can you expand on #2? How do you measure the number of attacks stifled?

_--
Rafal
_Mobile: (404) 606-6056
_Email: Rafal.Los@Seventy7.Consulting<mailto:Rafal.Los@Seventy7.Consulting>

From: John Lampe via Dailydave <dailydave () lists aitelfoundation org>
Reply-To: John Lampe <jlampe () tenable com>
Date: Saturday, July 11, 2020 at 9:52 PM
To: Dave Aitel <dave.aitel () gmail com>
Cc: "dailydave () lists...

Re: WAF Metrics Moses Frost via Dailydave (Jul 11)
I guess some of us who grew up mapping ports and protocols into their neat
buckets will need to live with that fact that everything will eventually
ride over a multiplexed 443 socket, just something to think about before
the rant.

TL;DR - The answer to your question about measurement and effectiveness is
going to come down: "how long before you can see what I'm doing".

WAF's are a rather complex beast, but I guess they do...

Re: [EXTERNAL] WAF Metrics John Lampe via Dailydave (Jul 11)
So, I recently did an integration for a company that took their web app
scanner results and mapped those to existing WAF rules. I can think of 2
metrics based off that

1) How many real-world vulns have a corresponding check in the WAF? and
2) Once the WAF rules have been put in place to protect actually-vulnerable
endpoints, how many attacks were actually stifled?

John

WAF Metrics Dave Aitel via Dailydave (Jul 11)
So I'm making a video on metrics, of all things, and I wanted to post both this
question <https://twitter.com/daveaitel/status/1281629327776522242?s=20>and
the best answer so far to the list to see if anyone had any other ideas or
followups.

-dave

[image: image.png]

[image: image.png]

Re: Brad gets real! Konrads Smelkovs via Dailydave (Jul 06)
Linux has too many stakeholders for a sensible equities process to happen
which is why treating everyone poorly (bugs are bugs) is fairer than
coordinating disclosure. In an example, if an earth shattering Linux bug
was to emerge, why would RedHat be in the know while Russian defence
contractors who build their countries’ systems on local Linux distros would
be excluded ?

Re: Brad gets real! Shawn Webb via Dailydave (Jul 06)
Fully agreed with you there. I also dislike the culture of treating
security vulnerabilities as "just another bug." I feel there's some
form of newspeak with regards to security and the Linux kernel. There
is indeed a formalized method to report security-related bugs to the
Linux kernel (emailing security _AT _ kernel _DOT_ org). Yet Linux
developer culture says "all bugs are bugs, regardless of security
impact. A security bug...

Re: Brad gets real! Dave Aitel via Dailydave (Jul 06)
This is possibly true, although an Android vs iOS comparison here might be
more apt, from a technical perspective? But what Brad truly nails in his
talk is an overarching culture around the process of Linux kernel
development that is decidedly non-optimal when it comes to security.

For example, when proposing security features, a healthy community would
take a suggested patch and debate "What were you trying to accomplish? What
is the best...

Re: Brad gets real! Shawn Webb via Dailydave (Jul 06)
It's also hard to innovate without a userland that is tightly
integrated with the kernel (like the BSDs). On the BSD side, we're
able to ship an entire ecosystem with exploit mitigations applied
because a basic userland is shipped and integrated with the kernel.

The way in which the BSDs are structured enables innovation across the
entire ecosystem. We at HardenedBSD are able to test and deploy
exploit mitigations across the base...

Brad gets real! Dave Aitel via Dailydave (Jul 06)
https://www.youtube.com/watch?v=F_Kza6fdkSU

So I wanted to highlight this talk from Brad Spengler about the state of
Linux security. It's a damning report if you read even a little bit between
the lines. And on many levels. As Halvar points out, Android deliberately
avoided investing what they knew they needed to invest in platform security
in the effort to gather significant early market share, even knowing it
would harm their user-base in...

Data Dave Aitel via Dailydave (Jun 18)
I wanted to highlight something that I find funny did not make a much
bigger impact: DARPA's release of former INFILTRATE keynoter Bill Arbaugh's
dataset of endpoint behavioral data. See here for more information:
https://twitter.com/williamarbaugh/status/1273421101469753344?s=20

How else are you supposed to test if your Endpoint Protection DEEEEEEP
LEARNING works or does not work, as advertised? My only complaints are:
This is not as...

Code (library) economics Konrads Smelkovs via Dailydave (Jun 16)
When I want to code something from scratch, I will often look for
libraries that help me achieve it best regardless of language they are
written - for common situations Python has a good ecosystem (but web
interfaces don't look so great there anymore), if it's enterprise-y, most
likely Java (which I'll use via Jython if I can help it), if it's
Windows-ish - C# with WinApi calls. Weirdly RubyDNS/EventMachine is good
for quick...

Primordial Fire Dave Aitel (Jun 15)
I've moved to a part time contract with AppGate and I'm focused largely on
INFILTRATE now, which gives me some time to attend cyber policy briefings.
Most cyber policy briefings are the same 200 people, and they tend to be
held under Chatham House rules, which means they are not recorded and you
can't quote anyone directly. I'm not sure why, since getting someone in
Cyber Policy to say anything controversial is as impossible...

The Amygdala, Cyberwar, and You Dave Aitel (Apr 27)
Humans, like other hominids, are giant machines for social status
relationships processing, which you're going to be reminded of every time
Google news suggests some article on TMZ with people you ostensibly don't
know, but enough forced exposure has convinced you they are *in your
extended family*. I mean, this also explains the rise and fall of Facebook
and Insta-Influencers and so much more about the modern techno-dystopia....

Re: The Treadmill Konrads Smelkovs (Apr 10)
The fundamental problem with any laws is the enforcement problem, eg.
People in rural areas don’t need to obey any quarantine orders because
nobody will ever enforce it.

So, suppose that there is a market failure - people want secure software,
but market fails to deliver for whatever reasons, such as, inability of Jo
Public to distinguish between an insecure device and secure device, decay
of security on server side due to change of personnel...

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

BHIS Sorta Top Used Tools of 2018 John - Black Hills Information Security (Dec 06)
Free Webcast

Hello all,

For our next webcast we will cover some of the core tools we use all the time at Black Hills Information Security.
However, there will be a twist. We will not talk about Nessus, Nmap, or Metasploit. Why? Because there are a ton of new
(and older) tools we use that fall outside of the standard tools you see in every security book/blog out there.

Basically, we are trying to be edgy and different.

You may want to come...

BHIS Webcast - Tues 10/2 @ 11am MDT John Strand - Black Hills Information Security (Sep 26)
Hello All,

In this next webcast I want to cover what I am doing with the BHIS Systems team to create a C2/Implant/Malware test
bed. Testing our C2/malware solutions is important because vendors tend to lie or over-hype their capabilities. I will
cross reference some different malware specimens to the MITRE ATT&CK framework and we will cover how you can use these
techniques to test your defensive solutions at both the endpoint and the...

BHIS Webcast: The PenTest Pyramid of Pain 9/4 - 11am MDT Sierra - Black Hills Information Security (Aug 29)
Hello!

How are you all? We had a fantastic webcast last week with John Strand and Chris Brenton and we're still working
through some unexpected hiccups to get the recording up and posted. The podcast version is on our blog, and the YouTube
version will be posted shortly on the Active Countermeasures channel and blog as well. Thanks for all of you who
ventured over to attend!

Ready for another awesome BHIS webcast? Dakota is back and...

Webcast with CJ: Tues 7/24 at 11am Sierra - Black Hills Information Security (Jul 19)
Our upcoming webcast will be about POLICY...

Did you check out when you heard “policy”? Policy can often seem like a drudgery, but it’s also an important and
potentially overlooked part of business and procedure; it’s the framework on which security is really built!

CJ, our COO and Head of Sales has experience writing, assessing and implementing policies for many different kinds of
companies. And if you are worried it will be dry and...

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

Microsoft Security Update Minor Revisions Microsoft (Dec 11)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: December 11, 2018
********************************************************************

Summary
=======

The following CVE has undergone a minor revision
increment:

* CVE-2018-8172

Revision Information:
=====================

- CVE-2018-8172 | Visual Studio Remote Code Execution
Vulnerability
-...

Microsoft Security Update Minor Revisions Microsoft (Nov 14)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: November 14, 2018
********************************************************************

Summary
=======

The following CVEs and advisory have undergone a minor revision
increment:

* CVE-2018-8454
* CVE-2018-8552
* ADV990001

Revision Information:
=====================

- CVE-2018-8454 | Windows Audio Service...

Microsoft Security Update Minor Revisions Microsoft (Oct 24)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 24, 2018
********************************************************************

Summary
=======

The following CVE has undergone a minor revision increment:

* CVE-2018-8512

Revision Information:
=====================

- CVE-2018-8512 | Microsoft Edge Security Feature Bypass
Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 19)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 19, 2018
********************************************************************

Summary
=======

The following CVE been added to the October 2018 Security updates:

* CVE-2018-8569

Revision Information:
=====================

- CVE-2018-8569 | Yammer Desktop Application Remote Code Execution
Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 17)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 17, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2010-3190

Revision Information:
=====================

- CVE-2010-3190 | MFC Insecure Library Loading Vulnerability
-...

Microsoft Security Update Minor Revisions Microsoft (Oct 09)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: October 9, 2018
********************************************************************

Summary
=======

The following CVE has undergone a minor revision increment:

* CVE-2018-8531

Revision Information:
=====================

- CVE-2018-8531 | Azure IoT Device Client SDK Memory Corruption
Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 09)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 9, 2018
********************************************************************

Summary
=======

The following CVE been added to the October 2018 Security updates:

* CVE-2018-8292

Revision Information:
=====================

- CVE-2018-8292 | .NET Core Information Disclosure Vulnerability
-...

Microsoft Security Update Releases Microsoft (Oct 09)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 9, 2018
********************************************************************

Summary
=======

The following bulletin has undergone a major revision increment:

* MS11-025

Revision Information:
=====================

- https://docs.microsoft.com/en-us/security-updates/
SecurityBulletins/2011/ms11-025:...

Microsoft Security Update Summary for October 9, 2018 Microsoft (Oct 09)
********************************************************************
Microsoft Security Update Summary for October 9, 2018
Issued: October 9, 2018
********************************************************************

This summary lists security updates released for October 9, 2018.

Complete information for the October 2018 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>.

Please note the...

Microsoft Security Update Releases Microsoft (Oct 02)
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 2, 2018
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment:

* CVE-2018-0952

Revision Information:
=====================

- CVE-2018-0952 | Diagnostic Hub Standard Collector Elevation of
Privilege Vulnerability
-...

Microsoft Security Advisory Notification Microsoft (Sep 12)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 12, 2018
********************************************************************

Security Advisories Released or Updated on September 12, 2018
===================================================================

* Microsoft Security Advisory ADV180022

- Title: Windows Denial of Service Vulnerability
-...

Microsoft Security Update Minor Revisions Microsoft (Sep 12)
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: September 12, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a minor revision increment:

* CVE-2018-8421
* CVE-2018-8468

Revision Information:
=====================

- CVE-2018-8421 | .NET Framework Remote Code Execution
Vulnerability...

Microsoft Security Update Summary for September 11, 2018 Microsoft (Sep 11)
********************************************************************
Microsoft Security Update Summary for September 11, 2018
Issued: September 11, 2018
********************************************************************

This summary lists security updates released for September 11, 2018.

Complete information for the September 2018 security update release can
Be found at
<https://portal.msrc.microsoft.com/en-us/security-guidance>....

Microsoft Security Update Releases Microsoft (Sep 11)
********************************************************************
Title: Microsoft Security Update Releases
Issued: September 11, 2018
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment:

* CVE-2018-8154

Revision Information:
=====================

- CVE-2018-8154 | Microsoft Exchange Memory Corruption
Vulnerability
-...

Microsoft Security Advisory Notification Microsoft (Sep 11)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 11, 2018
********************************************************************

Security Advisories Released or Updated on September 11, 2018
===================================================================

* Microsoft Security Advisory ADV180002

- Title: Guidance to mitigate speculative execution...

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

Verizon: 1.5M of Contact Records Stolen, Now on Sale Jeffrey Walton (Mar 26)
http://www.mobipicker.com/verizon-1-5m-contact-records-stolen-now-sale/:

A business to business telecommunication giant,
Verizon Enterprise Solutions, a Basking Ridge,
New Jersey-based company, has been the latest
victim of a cyber crime that stole 1.5 million contact
records of the customers of Verizon...

I don't quite understand this double talk. Could someone explain to me:

A spokesperson from Verizon said that...

Statement on Lavabit Citation in Apple Case Jeffrey Walton (Mar 16)
(From John Young on another list):
http://www.facebook.com/KingLadar/posts/10156714933135038

As many of you already know, the government cited the Lavabit case in
a footnote. The problem is their description insinuates a precedent
that was never created. Obviously I was somewhat disturbed by their
misrepresentation. So I decided to draft a statement. And keep in
mind, these are the same people who say "trust us." Click continue to
read...

The NSA's back door has given every US secret to our enemies Jeffrey Walton (Feb 29)
http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2

Deng Xiaoping, in 1979 - his second year as supreme leader of China -
perceived a fundamental truth that has yet to be fully grasped by most
Western leaders: Software, if properly weaponized, could be far more
destructive than any nuclear arsenal.

Under Deng’s leadership, China began one of the most ambitious and
sophisticated meta- software...

Can Spies Break Apple Crypto? Jeffrey Walton (Feb 27)
Here's an interesting exchange between Cryptome and Michael Froomkin,
Law Professor at University of Miami, on the All Writs Act
(http://cryptome.org/2016/02/can-spies-break-apple-crypto.htm):

-----

A. Michael Froomkin:

The factual posture in the key Supreme Court precedent, New York
Telephone, involved a situation where only the subject of the order
was capable of providing the assistance at issue. This is the basis
for Apple's...

The FBI's iPhone Problem: Tactical vs. Strategic Thinking Jeffrey Walton (Feb 23)
http://www.technewsworld.com/story/83130.html

I'm an ex-sheriff, and I've been in and out of security jobs for much
of my life, so I've got some familiarity with the issues underlying
the drama between the FBI and Apple. FBI officials -- and likely those
in every other three-letter agency and their counterparts all over the
world -- would like an easier way to do their jobs. Wouldn't we all?

If they could put cameras in...

Wanted: Cryptography Products for Worldwide Survey Jeffrey Walton (Jan 01)
(http://www.schneier.com/crypto-gram/archives/2015/1215.html):

In 1999, Lance Hoffman, David Balenson, and others published a survey
of non-US cryptographic products. The point of the survey was to
illustrate that there was a robust international market in these
products, and that US-only export restrictions on strong encryption
did nothing to prevent its adoption and everything to disadvantage US
corporations. This was an important contribution...

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

Re: Contributing Back Zhang Xiao (Jul 13)
Hi Alexander,

在 2020/7/12 上午1:58, Solar Designer 写道:

Thank you, we will make it.

Actually, we are glad to make it for some customers are also pay
attention on these official web pages. We suppose it will be easy to
make it through the "notify a vulnerability publication
<https://cveform.mitre.org/>". But after I submitted the request I just
get a reply as "This CVE ID has been reserved by the CNA Hackerone and
we...

Re: Contributing Back Solar Designer (Jul 11)
Hi Xiao,

I've just added Wind River as backup for this role. Please watch for
issues on which Oracle (and others) haven't provided an initial response
to the reporter or where such response is incomplete (per the above),
and provide your own response (CC'ing the list) whenever that happens.

We've received some responses in this thread regarding the specific
example above, but I'd like more general responses please. Is...

WebKitGTK and WPE WebKit Security Advisory WSA-2020-0006 Carlos Alberto Lopez Perez (Jul 10)
------------------------------------------------------------------------
WebKitGTK and WPE WebKit Security Advisory WSA-2020-0006
------------------------------------------------------------------------

Date reported : July 10, 2020
Advisory ID : WSA-2020-0006
WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2020-0006.html
WPE WebKit Advisory URL :...

X41 D-Sec GmbH Security Advisory X41-2020-006: Memory Corruption Vulnerability in bspatch X41 D-Sec GmbH Advisories (Jul 09)
X41 D-SEC GmbH Security Advisory: X41-2020-006

Advisory X41-2020-006: Memory Corruption Vulnerability in bspatch
=================================================================
Severity Rating: High
Confirmed Affected Versions: Colin Percival's bsdiff 4.3
Confirmed Patched Versions: FreeBSD's bsdiff
(https://svnweb.freebsd.org/base/head/usr.bin/bsdiff/bspatch/bspatch.c)
Vendor: Colin Percival
Vendor URL:...

SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql Larry W. Cashdollar (Jul 09)
SQL Injection in search field of phpzag live add edit delete data tables records with ajax php mysql
Author: Larry W. Cashdollar, @_larry0
Date: 2020-05-19
CVE-ID:[CVE-2020-8519][CVE- 2020-8520][CVE- 2020-8521]
Download Site: https://www.phpzag.com/live-add-edit-delete-datatables-records-with-ajax-php-mysql/
Vendor: PHPZAG
Vendor Notified: 2020-05-19
Advisory: http://www.vapidlabs.com/advisory.php?v=213
Description: DataTables is a jQuery...

[Security Advisory] CVE-2020-8558: Kubernetes: Node setting allows for neighboring hosts to bypass localhost boundary Joel Smith (Jul 08)
Hello Open Source Community,

A security issue was discovered in kube-proxy which allows adjacent hosts
(hosts running in the same LAN or layer 2 domain) to reach TCP and UDP
services on the node(s) which are bound to 127.0.0.1. For example, if a
cluster administrator runs a TCP service that listens on 127.0.0.1:1234,
because of this bug, that service would be potentially reachable by other
hosts on the same LAN as the node, or by containers...

Xen Security Advisory 328 v3 (CVE-2020-15567) - non-atomic modification of live EPT PTE Xen . org security team (Jul 07)
Xen Security Advisory CVE-2020-15567 / XSA-328
version 3

non-atomic modification of live EPT PTE

UPDATES IN VERSION 3
====================

Public release.

ISSUE DESCRIPTION
=================

When mapping guest EPT (nested paging) tables, Xen would in some
circumstances use a series of non-atomic bitfield writes.

Depending on the compiler version and optimisation flags, Xen might...

Xen Security Advisory 327 v3 (CVE-2020-15564) - Missing alignment check in VCPUOP_register_vcpu_info Xen . org security team (Jul 07)
Xen Security Advisory CVE-2020-15564 / XSA-327
version 3

Missing alignment check in VCPUOP_register_vcpu_info

UPDATES IN VERSION 3
====================

Public release.

ISSUE DESCRIPTION
=================

The hypercall VCPUOP_register_vcpu_info is used by a guest to register
a shared region with the hypervisor. The region will be mapped into Xen address
space so it can be directly accessed....

Xen Security Advisory 321 v3 (CVE-2020-15565) - insufficient cache write-back under VT-d Xen . org security team (Jul 07)
Xen Security Advisory CVE-2020-15565 / XSA-321
version 3

insufficient cache write-back under VT-d

UPDATES IN VERSION 3
====================

Public release.

ISSUE DESCRIPTION
=================

When page tables are shared between IOMMU and CPU, changes to them
require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent,
and hence prior to flushing IOMMU TLBs CPU cached...

Xen Security Advisory 319 v3 (CVE-2020-15563) - inverted code paths in x86 dirty VRAM tracking Xen . org security team (Jul 07)
Xen Security Advisory CVE-2020-15563 / XSA-319
version 3

inverted code paths in x86 dirty VRAM tracking

UPDATES IN VERSION 3
====================

Public release.

ISSUE DESCRIPTION
=================

An inverted conditional in x86 HVM guests' dirty video RAM tracking
code allows such guests to make Xen de-reference a pointer guaranteed
to point at unmapped space.

IMPACT
======

A...

Xen Security Advisory 317 v3 (CVE-2020-15566) - Incorrect error handling in event channel port allocation Xen . org security team (Jul 07)
Xen Security Advisory CVE-2020-15566 / XSA-317
version 3

Incorrect error handling in event channel port allocation

UPDATES IN VERSION 3
====================

Public release.

ISSUE DESCRIPTION
=================

The allocation of an event channel port may fail for multiple reasons:
1) Port is already in use
2) The memory allocation failed
3) The port we try to allocate is higher than...

veyon: Veyon uses fixed logfile paths in /tmp in versions prior v4.4.0 Matthias Gerstner (Jul 07)
Hello list,

during a review [1] of the veyon classroom management software [2] for
inclusion on openSUSE Tumbleweed I noticed that it uses fixed logfile
paths in /tmp in various code components.

# Issue Description

I reported the issue for the `veyon-configurator` component to upstream
as follows:

I noticed that by default a fixed logfile path is used by
veyon-configurator. The path is /tmp/VeyonConfigurator.log. It's a bit
hard to find...

CVE-2020-13640: WordPress Plugin wpDiscuz <= 5.3.5 SQL injection asterite (Jul 06)
There is an SQL injection in wpDiscuz plugin [1] version 5.3.5 and
earlier. This vulnerability is not present in 7.X version line. Plugin
vendor is gVectors [2]. The vulnerability can be exploited without
authentication.

## Vulnerability Description ##

wpDiscuz is a plugin working with comments. It has an endpoint
"wpdLoadMoreComments" for fetching comments for post with given id. This
endpoint is vulnerable.

This is a boolean-based...

Re: Contributing Back Zhang Xiao (Jul 02)
I haven't remind MITRE before. While they have an interface to make it:

https://cve.mitre.org/about/contactus.html

See the forth topic called "*To notify us about a vulnerability
publication*". I just remind them about CVE-2020-8169 and CVE-2020-8177
with it. Hope it works. :-)

I will check the status of them on CVE/NVD website these days.

Thanks

Xiao

在 2020/7/2 下午7:34, Daniel Stenberg 写道:

Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jul 02)
Jenkins is an open source automation server which enables developers around
the world to reliably build, test, and deploy their software.

The following releases contain fixes for security vulnerabilities:

* Fortify on Demand Plugin 6.0.1
* Fortify on Demand Plugin 6.0.0
* Sonargraph Integration Plugin 3.0.1
* VncRecorder Plugin 1.35
* VncViewer Plugin 1.8

Additionally, we announce unresolved security issues in the following
plugins:

*...

Educause Security Discussion — Securing networks and computers in an academic environment.

Re: office 365 application Curt Kappenman (Jul 13)
When we moved to A3, we were able to start taking advantage of a number of updated security features in Azure, though
many are still limited until you make the P2 upgrade). I would be happy to have a conversation about these options
offline. You can contact me @ ckappenman () andersonuniversity edu<mailto:ckappenman () andersonuniversity edu> or at
864-231-2850.

Curt Kappenman
Anderson University
Anderson, SC

From: The EDUCAUSE...

office 365 application Mark Reboli (Jul 13)
We are in the process of redoing our campus agreement with Microsoft.

We are moving to office 365 A3 from A1 and I am interested if anyone has found any applications to assist with security
either in office 365 A3 (not included in A1) or any individual purchased applications that they chose from office 365
in addition to the applications that came with A3.

Mark Reboli
Network/Telecom Manager
Misericordia University
(570) 674-6753

This e-mail...

Re: Emeritus faculty privileges question Mark Reboli (Jul 10)
Please see below. Our Academic definition of emeritus is "faculty for life". These individuals are therefore kept as
faculty. I was able though to get a rule that basically states if they do not utilize the access for any 6 consecutive
months, they are terminated and accounts are set to disable/deletion in 60 days thereafter. The good news on these
accounts is they are extremely far and few. We also make them follow normal...

Emeritus faculty privileges question Davidson, Charles (Jul 10)
Hello,

Recently retirement packages for our faculty were sweetened by offering Emeritus Faculty status. Emeritus faculty are
provided the same access to their data and equipment as if they were still working for our institution. This is causing
our IT to have to rethink security, support, access and privileges for these users. How is your organization dealing
with the following concerns and how you are mitigating the risks involved?

*...

Re: Reporting: Azure Information Protection & Data Loss Prevention Uday Kiran (Jul 08)
One more query, the Microsoft DLP and Azure IP, is only for email/O365 or for endpoint and network as well?

Regards,

Uday Kiran
Snr Spl – Information Security
Office of Dir. Digital Technologies

اوداي كيران

أخصائي أول - أمن المعلومات

تكنولوجيا المعلومات

[Main logo]

Direct.: 9712 206 1182
Mobile: +971 56 501 1182
Email: ukiran () hct ac ae<mailto:ukiran () hct ac ae>
P.O.Box: 25026,...

Reporting: Azure Information Protection & Data Loss Prevention Chester, Heather (Jul 08)
Good Afternoon Educause Colleagues,
What tools or processes do you use for analyzing and resolving policy matches versus false positives for DLP / AIP on a
mass scale?

We are implementing Microsoft's Data Loss Prevention and Azure Information Protection. We are hoping to learn if you
have a policy alert/match, what is the process and tools used to educate, remedy, on a mass scale? If you have any
suggestions on reporting to data...

Re: NagiosLS and CLM recommandations Juan Machado (Jul 08)
Zepu,

We use Graylog+Grafana (open source). I highly recommend these tools.

Thanks
Juan Machado
UGA Development and Alumni Relations
IT Associate Director of Infrastructure and Security
One Press Place
1 Press Place
Athens, GA 30602
p: 706.542.8040
e: juan () uga edu<mailto:juan () uga edu>
[University of Georgia]

[Facebook]<https://www.facebook.com/universityofga> [Twitter] <https://twitter.com/universityofga> [Instagram]...

Summary Report :: Dorkbot Service [JUN 2020-06] Beasley, Cam (Jul 08)
Howdy all —

We hope you are all staying safe and healthy.

I wanted to share summary stats from the Dorkbot web application security service for Jun-2020.

++++++++++++++++++++++

Dorkbot currently serves over 2,100 higher education institutions, state/local government agencies, school districts
and other non-profits from across 7 continents (and 205 countries).

Those served include 99% of all R1, R2, R3, M1, M2 campuses and 100% of HBCUs...

Trusted CI NSF Cybersecurity Summit CFP extended to July 13th Dopheide, Jeannette M (Jul 02)
Deadline for Call for Participation (CFP) has been extended to COB on July 13th.

It is our pleasure to announce that the 2020 NSF Cybersecurity Summit is scheduled to take place Tuesday, September 22
through Thursday the 24th. Due to the impact of the global pandemic, we will hold this year’s summit on-line instead of
in-person as originally planned.

The final program is still evolving, but we will maintain the mission to provide a format...

Re: Happy Retirement, Mark Bruhn Spiars, Vince (Jul 01)
May retirement brig you opportunities for a new career, positions as a volunteer at so many organizations looking for
help or just enjoying relaxing however you choose to do it. Because of your REN-ISAC work I have received so much help
I might not otherwise, have received. Thank you for your fabulous professional contribution. Best of luck and well
wishes.

Best,
Vince Spiars

Re: Happy Retirement, Mark Bruhn Matthew Dalton (Jul 01)
Mark,

Your voice has been a voice of leadership and wisdom for many years in the higher education infosec community. You
will be missed as you enjoy a well-earned retirement!

Re: Happy Retirement, Mark Bruhn Cathy Hubbs (Jun 30)
Mark,
Wishing you well all the best as you take on your next adventure. Thank you for your numerous contributions to our
field.

Cathy Hubbs, CISO
American University
Washington DC

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of "Milford, Kim"
<kmilford () IU EDU>
Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date:...

Happy Retirement, Mark Bruhn Milford, Kim (Jun 30)
Dear colleagues,

Please join me and the rest of the REN-ISAC staff in wishing Mark Bruhn,
REN-ISAC co-founder and long-time community member, a hearty congratulations
and a fond farewell as he starts his retirement!

Defense and Electronic Warfare Operations for the Air Force to his current
position as Peer Cybersecurity Assessment Service Engagement Manager at
REN-ISAC, Mark has dedicated his career to promoting physical and
information...

Re: [External] Re: [SECURITY] Email Banner Hart, Michael (Jun 29)
Happy Monday, Phil. We don’t whitelist unless the security team has had a chance to review the service. Some services
use shared IP space for the mail servers, and we won’t whitelist them. We use this as an opportunity to deal with
these services and get them migrated into our existing solutions to get the banners removed.

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Phillip...

Re: [External] Re: [SECURITY] Email Banner Miller, Richard H. (Jun 26)
For us the responsibility for approving (whitelisting) belongs with the CISO. He approves which domains should not get
the banner

[cid:image001.png@01D4E4AE.449FC1F0]<https://www.bcm.edu/>
RICHARD MILLER
NETWORK SECURITY ARCHITECT, NETWORK ENGINEERING & SECURITY
2450 Holcombe Blvd., OW203, Houston, TX 77030
T: 713.798.3532 | E: rick () bcm edu<mailto:rick () bcm edu> | W: www.bcm.edu<http://www.bcm.edu/>

For help,...

Internet Issues and Infrastructure

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

Re: SaoPaolo to Frankfurt dc () darwincosta com (Jul 13)
Correct.

Darwin-.

Re: Anyone running C-Data OLTs? Mark Tinka (Jul 13)
Nick was being facetious :-).

Mark.

Re: Anyone running C-Data OLTs? Mike Hammett (Jul 13)
Fiscal and logistic reasons, would be my guess.

-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

Midwest-IX
http://www.midwest-ix.com

----- Original Message -----

From: "Nick Hilliard" <nick () foobar org>
To: "Mark Tinka" <mark.tinka () seacom com>
Cc: nanog () nanog org
Sent: Monday, July 13, 2020 10:25:20 AM
Subject: Re: Anyone running C-Data OLTs?

Mark Tinka wrote on...

Re: Anyone running C-Data OLTs? Mark Tinka (Jul 13)
:-).

Mark.

Re: Anyone running C-Data OLTs? Nick Hilliard (Jul 13)
Mark Tinka wrote on 13/07/2020 16:03:

Obviously he means countries like Sweden, Ireland and Switzerland.

It's not clear why there's any relationship between third world status
and the choice of PON/active FTTP equipment used in 2020. Or maybe
there's some subtlety that being lost here. Hard to tell.

Nick

Re: SaoPaolo to Frankfurt Mark Tinka (Jul 13)
WACS is also an option out of Limbe.

Naturally, the trick will be finding out which operators have capacity
on this combination of cables, for the OP.

Best place to start would be to ask the consortium members.

Mark.

Re: SaoPaolo to Frankfurt Rubens Kuhl (Jul 13)
Brazil-Angola cable is SACS, which for an European route would be paired
with WACS to go from Angola to Portugal.
Brazil-Cameroon cable is SAIL, which to get to Europe would be paired with
ACE to go from Cameroon to Portugal or France.

Rubens

Re: SaoPaolo to Frankfurt Mark Tinka (Jul 13)
One of the few applications where you wouldn't mind running a
vendor-specific technology :-).

Mark.

Re: SaoPaolo to Frankfurt Mark Tinka (Jul 13)
There is only so far you can upgrade 20-year old repeaters until
considering to replace all of them across the full length of the current
system makes building a new system a simpler option.

Repeaters aren't cheap, and you'd need more over a shorter interval
distance to increase capacity, or deploy current generation ones to
minimize cost without sacrificing ultimate capacity.

Mark.

Re: Anyone running C-Data OLTs? Mark Tinka (Jul 13)
Still don't know what "third world" means (of course I do...), but
looking at what the guy in the top seat in America is doing, we are as
equally concerned about kit coming out of there as we are coming out of
anywhere else.

I will say that where we once had confidence that the traditional
vendors had us in their best interests, that trust level is not
automatically the same in 2020.

Mark.

Re: SaoPaolo to Frankfurt Mark Tinka (Jul 13)
Are you talking about SAex?

There is SACS as well.

Mark.

Re: SaoPaolo to Frankfurt Mark Tinka (Jul 13)
Have you ever read a C&MA contract for a submarine cable build :-)?

Mark.

Re: 60ms cross continent Mark Tinka (Jul 13)
Yes, in these scenarios, we called the uplink the "back-channel" :-).
And it could be anything, including dial-up.

It was not uncommon to buy uplink via SCPC from one provider, and
downlink via DVB on an inclined orbit satellite from a totally different
provider. This was a very common model between 2000 - 2009, where your
uplink and downlink ISP's were vastly different.

And who says the Internet must be symmetric :-)?

Mark.

Re: Anyone running C-Data OLTs? Mark Tinka (Jul 13)
A number of vendors, these days, implement Active-E and GPON in the same
chassis, and you can decide what you want to run it as.

I recall Cisco picked up some company back around 2014 that gave them
this style of box in the ME4600. Not sure how it's doing nowadays.

Tejas do the same with their Ethernet boxes.

Mark.

Re: Anyone running C-Data OLTs? Mark Tinka (Jul 13)
Well, if the attacker were able to find a way into your bastion host...

Mark.

Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

Risks Digest 32.08 RISKS List Owner (Jul 07)
RISKS-LIST: Risks-Forum Digest Tuesday 7 July 2020 Volume 32 : Issue 08

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.08>
The current issue can also be found at
<...

Risks Digest 32.07 RISKS List Owner (Jul 03)
RISKS-LIST: Risks-Forum Digest Friday 3 July 2020 Volume 32 : Issue 07

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.07>
The current issue can also be found at
<...

Risks Digest 32.06 RISKS List Owner (Jun 29)
RISKS-LIST: Risks-Forum Digest Monday 29 June 2020 Volume 32 : Issue 06

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.06>
The current issue can also be found at
<...

Risks Digest 32.05 RISKS List Owner (Jun 27)
RISKS-LIST: Risks-Forum Digest Saturday 27 June 2020 Volume 32 : Issue 05

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.05>
The current issue can also be found at
<...

Risks Digest 32.04 RISKS List Owner (Jun 26)
RISKS-LIST: Risks-Forum Digest Friday 26 June 2020 Volume 32 : Issue 04

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.04>
The current issue can also be found at
<...

Risks Digest 32.03 RISKS List Owner (Jun 24)
RISKS-LIST: Risks-Forum Digest Wednesday 24 June 2020 Volume 32 : Issue 03

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.03>
The current issue can also be found at
<...

Risks Digest 32.02 RISKS List Owner (Jun 21)
RISKS-LIST: Risks-Forum Digest Sunday 21 June 2020 Volume 32 : Issue 02

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.02>
The current issue can also be found at
<...

Risks Digest 32.01 RISKS List Owner (Jun 16)
RISKS-LIST: Risks-Forum Digest Tuesday 16 June 2020 Volume 32 : Issue 01

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.01>
The current issue can also be found at
<...

Risks Digest 31.98 RISKS List Owner (Jun 12)
RISKS-LIST: Risks-Forum Digest Friday 12 June 2020 Volume 31 : Issue 98

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.98>
The current issue can also be found at
<...

Risks Digest 31.97 RISKS List Owner (Jun 09)
RISKS-LIST: Risks-Forum Digest Tuesday 9 June 2020 Volume 31 : Issue 97

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.97>
The current issue can also be found at
<...

Risks Digest 31.96 RISKS List Owner (Jun 07)
RISKS-LIST: Risks-Forum Digest Sunday 7 June 2020 Volume 31 : Issue 96

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.96>
The current issue can also be found at
<...

Risks Digest 31.95 RISKS List Owner (Jun 05)
RISKS-LIST: Risks-Forum Digest Friday 5 June 2020 Volume 31 : Issue 95

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.95>
The current issue can also be found at
<...

Risks Digest 31.94 RISKS List Owner (Jun 03)
RISKS-LIST: Risks-Forum Digest Wednesday 3 June 2020 Volume 31 : Issue 94

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.94>
The current issue can also be found at
<...

Risks Digest 31.93 RISKS List Owner (Jun 01)
RISKS-LIST: Risks-Forum Digest Monday 1 May 2020 Volume 31 : Issue 93

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.93>
The current issue can also be found at
<...

Risks Digest 31.92 RISKS List Owner (May 30)
RISKS-LIST: Risks-Forum Digest Saturday 30 May 2020 Volume 31 : Issue 92

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.92>
The current issue can also be found at
<...

BreachExchange — BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.

Open Source Tool Development

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

wiredifff: a diff tool for pcaps Aurélien Aptel (Jul 13)
Hi,

I've been working on and off on a tool that leverages wireshark (tshark)
to do side-by-side diff of network captures.

I've presented the tool at LCA 2020 and I have written an article for
APNIC about it but I somehow didn't think of mentionning it here until today.

LCA talk: https://www.youtube.com/watch?v=6yhKWq3-sr4
APNIC article: https://blog.apnic.net/2020/07/01/wirediff-a-new-tool-to-diff-network-captures/

wirediff...

Re: Reassemble serial protocols payloads Guy Harris (Jul 12)
So, for fragmentation/segmentation and reassembly, one distinction between types is between these two types:

fragmentation/segmentation and reassembly where the lower-layer protocol offers a "send a PDU" service to the
higher-layer protocol, and takes full responsibility for fragmentation/segmentation and reassembly, so that the
higher-layer protocol can arrange to be completely unaware of whether it's taking place;...

Re: Reassemble serial protocols payloads Tomasz Moń (Jul 11)
This is what I actually implemented in Patch Set 7 [1]. The only issue
is that I am hijacking the pinfo->curr_layer_num value to make
process_reassembled_data() happy.

FTDI FT dissector doesn't know if the last fragment is really the last
one unless it passes the data to the next dissector. There is
absolutely no metadata that could help with it as FTDI FT is pretty
much a direct replacement to UART (COM port) and is pretty much...

Using tools/check_dissector_urls.py in Petri-dish ? Martin Mathieson via Wireshark-dev (Jul 09)
Hi,

I find that a lack of protocol documentation often makes it hard to check
details that would make fixing simple bugs or investigating apparent
inconsistencies easier.

I could give check_dissector_urls.py similar command-line options to
cppcheck.sh (i.e. support '-l 1' to only consider the files in this
commit), which should then only take a few seconds to run for most
dissectors.

We could potentially also run it over all of the...

Re: Season of Docs Interest Tomasz Moń (Jul 09)
The list is to discuss the actual ideas on technical merits. To apply
to GSoD, submit the application using the official Technical Writer
Application Form [1]. We will get access and start ranking the
proposals after the submission deadline (in a few hours).

[1] https://bit.ly/gsod-tw-app

Season of Docs Interest Sharon Lin (Jul 09)
Hi Wireshark,

I'm a 4th year bachelors student at MIT studying computer science, and I'm
interested in working with you for Season of Docs! I recognize that it's
close to the application deadline, but I'm an avid user of Wireshark and
would really love to help with documenting tools for developers.

I noticed that there are quite a few documentation issues of varying
degrees of priority on Bugzilla, and would be happy to work...

Re: Google Summer of Docs proposal Arpan Chattopadhyay (Jul 09)
Thank you for the information. I am working on an application to your
organization and I hope you accept it.

Yours sincerely,
Arpan Chattopadhyay,
B.E.(Hons.) Electrical and Electronics
Email ID: University <f20180319 () pilani bits-pilani ac in> | Personal
<arpan612 () gmail com>

*Birla Institute of Technology and Science, Pilani*
Pilani campus,
Rajasthan-333031

ᐧ

Re: Reassembling IPP info through USB Anders Broman via Wireshark-dev (Jul 08)
-----Original Message-----
From: Wireshark-dev <wireshark-dev-bounces () wireshark org> On Behalf Of Guy
Harris
Sent: den 9 juli 2020 04:00
To: Developer support list for Wireshark <wireshark-dev () wireshark org>
Subject: Re: [Wireshark-dev] Reassembling IPP info through USB

Taps are not used for reassembly of PDUs that cover multiple TCP segments or
multiple UDP datagrams, so taps are not necessary for reassembly of...

Re: Reassembling IPP info through USB Guy Harris (Jul 08)
Taps are not used for reassembly of PDUs that cover multiple TCP segments or multiple UDP datagrams, so taps are not
necessary for reassembly of IPP-over-USB.

You *do* need to make sure that, in the first pass over the packets, the results of the reassembly are saved, just as
happens with reassembly with other packets, so that, when packets are looked at, in a possibly random order, after the
first pass, it can be determined where the packet...

Reassembling IPP info through USB Jamie Hare (Jul 08)
Hello,

I am attempting to create a dissector for IPP over USB and am running into
some issues with the reassembly. I first thought that I could just use a
reassembly table but with the way the dissectors are run multiple times is
it necessary to create a PDU/tap combo like TCP or UDP?

Best,
Jamie

Remote Developer Den, July 2020 Gerald Combs (Jul 08)
I've scheduled the next remote Developer Den for next Wednesday, July 15th. This is an online version of the Developer
Den at SharkFest, a room that we set aside for office hours where everyone is welcome to stop in, say hello, ask
questions, etc.

The link below has a "join from browser" option, so it should be possible to connect without installing Zoom's client.

----
Gerald Combs is inviting you to a scheduled Zoom...

Re: Issues in synphasor dissector eliseev_d (Jul 08)

Re: Version of Qt required? John Thacker (Jul 07)
Well, I guess foreach was officially deprecated in QT 5.7, so I suppose I
could check and do the loop with foreach for QT_VERSION < 5.7 and the
qAsConst way with 5.7 and higher.

Re: Version of Qt required? John Thacker (Jul 07)
It can be, but I think I would just as well rewrite it to use code from QT
5.3 and earlier. In this case I don't think there's from later than 5.3
that's absolutely necessary for the functionality, more just syntactic
sugar that can be done a different way.

John

Re: Version of Qt required? Pascal Quantin (Jul 07)
Hi John,

Le mar. 7 juil. 2020 à 19:09, John Thacker <johnthacker () gmail com> a écrit :

Can't this code be made conditional to the Qt version used for compiling?

Best regards,
Pascal.

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

cheap viagra to grow your penis u-canbadge.com (Jul 12)
order today, cheap viagra
https://www.u-canbadge.com/

unsubscribe
https://forms.icann.org/en/resources/compliance/registries/abuse-contact/fo
rm

re: Reach Millions of members with FB Groups Posting Kasey Kao � (Jul 12)
Reach Millions of Facebook groups members with our manual Groups Posting
service
http://www.str8-creative.io/product/facebook-groups-posting-service/

More details attached

Regards
Kasey Kao

001 (516) 926-1772, 18 Richmond St, Albany, New York
http://www.str8-creative.io/contact/
http://www.str8-creative.io/unsubscribe/

Malware pcap with corresponding snort rules Ebenezer A. Laryea via Snort-sigs (Jul 10)
Hi All,

I am student trying to do some research in automatic snort rule generation. I would like to know if anyone could point
me to publicly available malware pcap files with their corresponding snort rule(s). I found a couple (6) here
https://doc.emergingthreats.net/bin/view/Main/WebSearch?search=.pcap&scope=all but I require a lot more.

Thank you very much

Eben

Social SEO Dong Passmore (Jul 10)
The new Social SEO is here
realsocialsignals.co

Snort Subscriber Rules Update 2020-07-09 Research (Jul 09)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the deleted, file-other,
malware-cnc, malware-other and server-webapp rule sets to provide
coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

organic Premium Visits - Country targeted Kiera Krajewski � (Jul 07)
Increase sales and ranks with our targeted traffic
http://bulkwebtraffic.io

Check the pricelist attached

Regards
Kiera Krajewski

Unsubscribe option is available on the footer of our website

Malware pcap with corresponding snort rules Ebenezer A. Laryea via Snort-sigs (Jul 07)
Hi All,

I am student trying to do some research in automatic snort rule generation. I would like to know if anyone could point
me to publicly available malware pcap files with their corresponding snort rule(s). I found a couple (6) here
https://doc.emergingthreats.net/bin/view/Main/WebSearch?search=.pcap&scope=all but I require a lot more.

Thank you very much

Eben

Re: Subscription Rule Download Fails Kim Premuda (Jul 06)
Hello, Joel.

I was looking for the definition of 422 and could not find one. So, thank you for that. And, you are correct…the
filename I entered was wrong having an extra hyphen. Lately, I have been doing a fair amount of coding in CSS .less,
and, most likely, introduced the extra hyphen without realizing that I did it.

Someone else pointed out that Suricata and the Snort rule set do not mesh well. I have the option in pfSense to
uninstall...

Snort Subscriber Rules Update 2020-07-06 Research (Jul 06)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-other and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Re: Subscription Rule Download Fails Joel Esler (jesler) via Snort-sigs (Jul 06)
Hello Kim,

422 means the file doesn’t exist, your filename looks to be wrong. snortrules-snapshot-29160.tar.gz should be correct.

Also, Suricata is not fully compatible with the Snort rules language, so your results may vary.

Re: [Snort] - match entire session william de ping via Snort-sigs (Jul 05)
Tagging only works on capturing succeive packets after a successful match,
correct ?
I want to capture a few packets in the session prior to the matched packet.

Re: [Snort] - match entire session Al Lewis (allewi) via Snort-sigs (Jul 05)
Have you tried tagging the session?

http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node34.html#SECTION00475000000000000000

Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
Cisco Systems Inc.
Email: allewi () cisco com<mailto:allewi () cisco com>

From: Snort-sigs <snort-sigs-bounces () lists snort org> on behalf of william de ping via Snort-sigs <snort-sigs ()
lists snort org>
Reply-To: william de ping <bill.de.ping...

Boost ranks on seclists.org with our SEO max Plan (25% discount) Garnet Winkelman � (Jul 05)
Boost your Ranks with our SEO Max Plan
http://www.str8-creative.co/product/seo-max-package/

Get whitehat manual SEO work
Full reports in just 2 weeks

Apply 25% coupon: 25MAX

Additional details in the presentation attached

Regards
Garnet Winkelman

Unsubscribe option is available on the footer of our website

[Snort] - match entire session william de ping via Snort-sigs (Jul 05)
Hi all,

Does anyone know a way to capture the entire session even if the signature
is matched on the 4th packet of a session ?
I would somehow like to get the 2nd and 3rd packets of that session

Thank you very much
B

Subscription Rule Download Fails Kim Premuda (Jul 05)
pfSense 2.4.5

Suricata 5.0.2_3

Snort subscriber rules

I purchased thee $399 rule subscription but seem to be having trouble
getting the subscription rules to download. A month or so prior to the
purchase, I was using the Snort GPLv2 Community rules which
downloaded/updated with no problem...and still do, since I reverted back to
them. For the subscription rules in Suricata, I enter the following:

Snort Rules Filename:...

More Lists

Related Resources

We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.