SecLists.Org Security Mailing List Archive

Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:

Insecure.Org Lists

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

Compilation error and compilation warnings Vincent Dumont (Oct 13)
Hi guys,

I am writing to you concerning some warnings and an error during the
compilation step of Nmap 7.30 on MacOS 10.12 Sierra.

If you could review my fix suggestion (git pull request at
https://github.com/nmap/nmap/pull/568
<https://github.com/nmap/nmap/pull/568> - PR #568), I would be glad to
commit that afterwards directly to the SVN trunk.

Cheers,

Vincent Dumont

Re: Error on Windows 7 after installing nmap 7.30 食肉大灰兔V5 (Oct 11)
Hi Keith,

Please download latest Npcap 0.10 r7 debug version here:
https://github.com/nmap/npcap/releases/download/v0.10-r7/npcap-0.10-r7-debug.exe.
And try to run the Nmap command that has error again. Then submit the
DiagReport and as many as possible kinds of logs documented here:
https://htmlpreview.github.io/?https://github.com/nmap/npcap/blob/master/docs/npcap-guide-wrapper.html#npcap-issues
.

At least you need to submit these:
1)...

Re: Error on Windows 7 after installing nmap 7.30 Daniel Miller (Oct 11)
Keith,

This does sound like a different problem than I experienced. I've CC'd Yang
Luo, who is primarily responsible for the Npcap packet capture library,
which may be related. Please continue to keep the dev () nmap org mailing list
CC'd so that others can help or benefit from the discussion in the archives.

To ensure this is not a symptom of a different problem which has already
been fixed, please download and install the...

Re: Does npcap completely replace Winpcap? Unistallation WinpCap for other tools (e.g. Wireshark) possible? 食肉大灰兔V5 (Oct 09)
Hi Ben,

Npcap is developed based on WinPcap. It has added many good features like:

1. NDIS 6 Support
2. Latest libpcap API Support
3. Extra Security
4. WinPcap Compatibility
5. Loopback Packet Capture and Injection
6. Raw 802.11 Packet Capture

For details please refer to: https://github.com/nmap/npcap#features

That's why we developed the "WinPcap Compatible Mode". If you install Npcap
without checking the last "Install...

Does npcap completely replace Winpcap? Unistallation WinpCap for other tools (e.g. Wireshark) possible? Ben Stover (Oct 09)
As I noticed npcap is released with new nmap tool.

It claims to be better than the "old" Winpcap driver.

So if I install npcap: Does it completely replace the Winpcap driver - even for other progams?

As you know the well known tool "Wireshark" uses Winpcap.

So if I uninstall Winpcap driver to have only ONE capture driver does Wireshark accept this or does it stop working?

A complete replacement should only work if the API...

Re: Error on Windows 7 after installing nmap 7.30 Daniel Miller (Oct 08)
Keith,

Thanks for bringing this to our attention. I have seen the "failed to open
device" error before, but it usually only happens once, and subsequent runs
are not affected. Does the error persist beyond the first run?

Dan

Re: Error on Windows 7 after installing nmap 7.30 Keith Christian (Oct 07)
I re-installed this on the Windows 7 machine as Administrator and no
improvement. Never had this issue with Windows Nmap before.

Hope the development team will have a few minutes to look at this
soon, thanks in advance for creating Nmap and your continuing efforts.

Re: Crash report Daniel Miller (Oct 06)
Aaron,

Thanks for the bug report. We've made lots of improvement to memory
management in Zenmap since 6.47, the version you are using. Please check
out 7.30, the latest stable release available from
https://nmap.org/download.html

Dan

On Tue, Oct 4, 2016 at 7:05 AM, Aaron Schmidt <Aaron.Schmidt () davita com>
wrote:

Mainframe Service Probes (JMON and RSED) Phil Young (Oct 06)
I've been digging around with some of the open ports on a mainframe and
have some new service probes to add to nmap. These services don't send any
data until you send something to them.

##############################NEXT PROBE##############################
# RSE for IBM Explorer for z/OS (FMID HALG300)
Probe TCP RSE q|ZmFrZTpmYWtl0\x00\x30\x00|
rarity 9
ports 4035
sslports 4035

match rse m|^\xa2\x85\x99\xa5\x85\x99@| p/IBM Explorer...

Re: Crash Report Daniel Miller (Oct 06)
متشکرم

This is a known bug in Zenmap that has been fixed in the latest release,
available from https://nmap.org/download.html . You may need to delete the
corrupted zenmap.conf file in your user profile to avoid warnings.

Dan

Re: npcap 0.10. r2 disables wlan adapter in Windows 7 64bit 食肉大灰兔V5 (Oct 06)
OK. So it's probably not a bug introduced by a specific version. I have
added that software to the "Incompatible Software List" here:
https://htmlpreview.github.io/?https://github.com/nmap/npcap/blob/master/docs/npcap-guide-wrapper.html#npcap-incompatible

Cheers,
Yang

Re: Nmap Error Daniel Miller (Oct 05)
Victor, Gustavo,

Thanks for reporting this! There was a problem with our new Spanish
language translation of Zenmap in the About page: one of the strings was
missing a "%s", resulting in this crash. I've fixed it in r36354, and you
can replace the locale/es/LC_MESSAGES/zenmap.mo file with the attached one,
which contains the fix.

Dan

Nmap Error Victor Hugo Morales Hernández (Oct 05)
[image: Imágenes integradas 1]

Version: 7.30
Traceback (most recent call last):
File "zenmapGUI\MainWindow.pyo", line 743, in _show_about_cb
File "zenmapGUI\About.pyo", line 217, in __init__
TypeError: not all arguments converted during string formatting

*Salu2*

Crash Report apple (Oct 05)
hi

Version: 7.10
Traceback (most recent call last):
File "zenmap", line 188, in <module>
File "zenmapGUI\App.pyo", line 330, in run
File "zenmapGUI\App.pyo", line 187, in new_window
File "zenmapGUI\MainWindow.pyo", line 201, in __init__
File "zenmapCore\UmitConf.pyo", line 340, in get_x
TypeError: int() argument must be a string or a...

Re: npcap 0.10. r2 disables wlan adapter in Windows 7 64bit 食肉大灰兔V5 (Oct 04)
Hi,

So it seems that Npcap conflicts with this anti-virus software. Well, this
kind of things happens from time to time. But I don't want to conflict with
them if possible. It still will be very helpful if you test previous Npcap
versions. And I will add the filter driver list to DiagReport, so I can
know the conflicts at the first time.

Cheers,
Yang

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.

Nmap 7.30 Released with new NSE scripts, new Npcap, new Fingerprints, etc. Fyodor (Sep 29)
Hi folks! You may have noticed that we've only been releasing Nmap betas
for the last 6 months because we've had so much new code and so many
features to integrate thanks to hard work from both our regular team and
the 5 Google Summer of Code summer interns. But we spent the last month
focused on stability and I'm pleased to announce Nmap 7.30--our first
stable release since 7.12 back in March.

Even though it's a stable...

Nmap 7.25BETA2 Birthday Release Fyodor (Sep 01)
Hi folks! I'm happy to report that today is Nmap's 19th birthday and
instead of cake, we're celebrating open source style with a new release!
Nmap 7.25BETA1 includes dozens of performance improvements, bug fixes, and
new features. The full list is below, and includes a major LUA upgrade for
NSE scripts, a new overlapped I/O engine for better Windows performance, a
much-improved version of our new Npcap packet capturing driver,...

Nmap 7.25BETA1 Released with our new Npcap driver, 6 new NSE scripts, and more! Fyodor (Jul 19)
Hi folks! As you may know, we've been working for the last 3 years on an
improved Windows packet capturing library named Npcap. It's based on the
original WinPcap (which hasn't been maintained in years), but we rewrote
the driver to use modern APIs (NDIS 6) for better performance. It also
improves security and enables new features. For example, Npcap allows Nmap
to do raw scans (including SYN scans and OS detection) of localhost...

Introducing the 2016 Nmap/Google Summer of Code Team! Fyodor (May 09)
Hello everyone. Google has agreed to sponsor five amazing students to
spend this summer enhancing the Nmap Security Scanner and I'm proud to
introduce our 2015 team:

*Abhishek Singh* will be working as a Feature Creeper and Bug Hunter,
making improvements throughout the Nmap codebase. The project hasn't even
started yet and he's already found and fixed several NSE script bugs and
has other code changes in the works. Abhishek is...

Nmap 7.10 released: 12 new scripts, hundreds of OS/version fingerprints, bug fixes, and more! Fyodor (Mar 17)
Hi Folks! Before I tell you about today's new Nmap release, I wanted to
share some Summer of Code news:

Google posted a fantastic story by one of our Summer of Code alumni about
how the program helped take him from rural China to a full-ride scholarship
at the University of Virginia graduate school! His mentor David and I had
the chance to meet him in San Francisco:...

Nmap Project Seeking Talented Programmers for Google Summer of Code 2016 Fyodor (Feb 29)
Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're one...

Nmap 7 Released! Fyodor (Nov 19)
Hi folks! After 3.5 years of work by more than 100 contributors and 3,200
code commits since Nmap 6, we're delighted to announce Nmap 7! Compared to
Nmap 6, we now have 171 new NSE scripts, mature IPv6 support for everything
from host discovery to port scanning to OS detection, better
infrastructure, significant performance improvements, and a lot more!

For the top 7 improvements in Nmap 7, see the release notes:

https://nmap.org/7

Or...

Nmap 6.49BETA6: 10 new NSE scripts, hundreds of new OS and version detection, GSoC improvements, and more! Fyodor (Nov 03)
Hi folks! I'm happy to announce the release of Nmap 6.49BETA6 with many
great improvements! This includes a lot of work from our Summer of Code
students as well as our regular crew of developers. The release has 10 new
NSE scripts, hundreds of new IPv4 and IPv6 OS detection signatures, and a
bunch of new version detection sigs bringing our total above 10,000! There
are dozens of other improvements as well.

As usual, Nmap 6.49BETA5...

Nmap GSoC 2015 Success Report Fyodor (Oct 19)
Nmap hackers:

I'm pleased to report the successful completion of our 11th Google Summer
of Code. And this year all five of our students passed! They added many
great features and improvements which Nmap users are sure to enjoy. Much
of their work has already been integrated in the Nmap 6.49BETA5 release
last month, and we're working to integrate even more in the upcoming stable
version. Let's look at their accomplishments...

Nmap Project News: 6.49BETA5 release, 18th Birthday, Movie Star, Summer of Code success, Shwag, etc Fyodor (Sep 25)
Hi folks. I know I haven't posted to this Nmap Announcement lists since
June, but we've had a very busy summer and I'm going to try and catch you
up in one go!

First of all, we've had four new releases since then, including today's
release of Nmap 6.49BETA5. They are all stability-focused releases to fix
all the bugs and problems we can find in preparation for a big upcoming
stable release in October (I hope).

As...

Nmap 6.49BETA1 released! New scripts, new signatures, new ASCII art! Fyodor (Jun 03)
Hi Folks. I'm happy to announce the release of Nmap 6.49BETA1. This
version has hundreds of improvements, including:

* 25 new NSE scripts (total is now 494)

* Integrated all of your latest OS detection and version/service detection
submissions (including IPv6). This allows Nmap to properly identify Linux
3.18, Windows 8.1, OS X 10.10, Android 5, etc. We now have more than 10,000
service detection signatures!

* Infrastructure...

Introducing the 2015 Nmap/Google Summer of Code Team! Fyodor (May 07)
Hello everyone. Google has agreed to sponsor five amazing students to
spend this summer enhancing the Nmap Security Scanner and I'm proud to
introduce our 2015 team:

*Andrew Farabee* will be working to refactor parts of the Nmap codebase in
ways which enable more functionality while also improving performance and
hopefully easing code maintenance too! His first task involves adding a
SOCKS proxy name resolution feature to enable scanning...

Nmap Project Seeking Talented Programmers for Google Summer of Code Fyodor (Mar 24)
Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're...

Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

New OpenSSL double-free and invalid free vulnerabilities in X509 parsing Guido Vranken (Oct 12)
These vulnerabilities were found in the latest OpenSSL (1.1.0b).
Triggering these vulnerabilities is not trivial -- they rely on memory
shortages (malloc/realloc failures) or failing to acquire a thread
lock while the X509 data is being parsed. Possibly exploitation can be
achieved by exploiting a memory leak/accumulation (such as the
recently discovered CVE-2016-6304). Proof of concepts and more
extensive commentary at the link below....

[SYSS-2016-075] Targus Multimedia Presentation Remote - Insufficient Verification of Data Authenticity (CWE-345), Mouse Spoofing Attack Matthias Deeg (Oct 12)
Advisory ID: SYSS-2016-075
Product: Multimedia Presentation Remote
Manufacturer: Targus
Affected Version(s): Model AMP09-EU
Tested Version(s): Model AMP09-EU
Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345)
Mouse Spoofing Attack
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2016-08-16
Solution Date: -
Public Disclosure: 2016-10-12
CVE Reference: Not yet assigned
Authors of...

[SYSS-2016-074] Logitech Wireless Presenter R400 - Insufficient Verification of Data Authenticity (CWE-345), Keystroke Injection Vulnerability Matthias Deeg (Oct 12)
Advisory ID: SYSS-2016-074
Product: Wireless Presenter R400
Manufacturer: Logitech
Affected Version(s): Model R-R0008
Tested Version(s): Model R-R0008
Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345)
Keystroke Injection Vulnerability
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2016-08-12
Solution Date: -
Public Disclosure: 2016-10-12
CVE Reference: Not yet assigned
Authors of...

NEW VMSA-2016-0016 - vRealize Operations (vROps) updates address privilege escalation vulnerability VMware Security Response Center (Oct 11)
---------------------------------------------------------------------------
---
VMware Security Advisory

Advisory ID: VMSA-2016-0016
Severity: Critical
Synopsis: vRealize Operations (vROps) updates address privilege
escalation
vulnerability
Issue date: 2016-10-11
Updated on: 2016-10-11 (Initial Advisory)
CVE number: CVE-2016-7457

1. Summary

vRealize Operations (vROps) updates address...

Onapsis Security Advisory ONAPSIS-2016-057: Oracle E-Business Suite Cross Site Scripting (XSS) Onapsis Research (Oct 11)
Onapsis Security Advisory ONAPSIS-2016-057: Oracle E-Business Suite Cross Site Scripting (XSS)

1. Impact on Business
=====================
By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users
connected to the system.

Risk Level: Medium

2. Advisory Information
=======================
- Public Release Date: 09/22/2016
- Last Revised: 09/22/2016
- Security Advisory ID:...

Onapsis Security Advisory ONAPSIS-2016-056: Oracle E-Business Suite Cross Site Scripting (XSS) Onapsis Research (Oct 11)
Onapsis Security Advisory ONAPSIS-2016-056: Oracle E-Business Suite Cross Site Scripting (XSS)

1. Impact on Business
=====================
By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users
connected to the system.

Risk Level: Medium

2. Advisory Information
=======================
- Public Release Date: 09/22/2016
- Last Revised: 09/22/2016
- Security Advisory ID:...

Onapsis Security Advisory ONAPSIS-2016-055: Oracle E-Business Suite Cross Site Scripting (XSS) Onapsis Research (Oct 11)
Onapsis Security Advisory ONAPSIS-2016-055: Oracle E-Business Suite Cross Site Scripting (XSS)

1. Impact on Business
=====================
By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users
connected to the system.

Risk Level: Medium

2. Advisory Information
=======================
- Public Release Date: 09/22/2016
- Last Revised: 09/22/2016
- Security Advisory ID:...

Onapsis Security Advisory ONAPSIS-2016-053: Oracle E-Business Suite Cross Site Scripting (XSS) Onapsis Research (Oct 11)
Onapsis Security Advisory ONAPSIS-2016-053: Oracle E-Business Suite Cross Site Scripting (XSS)

1. Impact on Business
=====================
By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users
connected to the system.

Risk Level: Medium

2. Advisory Information
=======================
- Public Release Date: 09/22/2016
- Last Revised: 09/22/2016
- Security Advisory ID:...

Onapsis Security Advisory ONAPSIS-2016-052: Oracle E-Business Suite Cross Site Scripting (XSS) Onapsis Research (Oct 11)
Onapsis Security Advisory ONAPSIS-2016-052: Oracle E-Business Suite Cross Site Scripting (XSS)

1. Impact on Business
=====================
By exploiting this vulnerability, a remote attacker could steal sensitive business information by targeting other users
connected to the system.

Risk Level: Medium

2. Advisory Information
=======================
- Public Release Date: 09/22/2016
- Last Revised: 09/22/2016
- Security Advisory ID:...

Onapsis Security Advisory ONAPSIS-2016-051: SAP Business Objects Memory Corruption Onapsis Research (Oct 11)
Onapsis Security Advisory ONAPSIS-2016-051: SAP Business Objects Memory Corruption

1. Impact on Business
=====================
By exploiting this vulnerability an attacker could hide audit information logged by the SAP system.

Risk Level: Low

2. Advisory Information
=======================
- Public Release Date: 09/22/2016
- Last Revised: 09/22/2016
- Security Advisory ID: ONAPSIS-2016-051
- Onapsis SVS ID: ONAPSIS-00247
- CVE: CVE-2016-7437
-...

Onapsis Security Advisory ONAPSIS-2016-005: SAP SLDREG memory corruption Onapsis Research (Oct 11)
Onapsis Security Advisory ONAPSIS-2016-005: SAP SLDREG memory corruption

1. Impact on Business
=====================
By exploiting this vulnerability, an attacker could potentially abuse of technical functions to access and/or
compromise the business information.

Risk Level: Low

2. Advisory Information
=======================
- Public Release Date: 09/22/2016
- Last Revised: 09/22/2016
- Security Advisory ID: ONAPSIS-2016-005
- Onapsis SVS...

Onapsis Security Advisory ONAPSIS-2016-050: SAP OS Command Injection in SCTC_REFRESH_CONFIG_CTC Onapsis Research (Oct 11)
Onapsis Security Advisory ONAPSIS-2016-050: SAP OS Command Injection in SCTC_REFRESH_CONFIG_CTC

1. Impact on Business
=====================
By exploiting this vulnerability an authenticated user will be able to take full control of the system.

Risk Level: Critical

2. Advisory Information
=======================
- Public Release Date: 09/22/2016
- Last Revised: 09/22/2016
- Security Advisory ID: ONAPSIS-2016-050
- Onapsis SVS ID: ONAPSIS-00252...

Onapsis Security Advisory ONAPSIS-2016-049: SAP OS Command Injection in SCTC_REORG_SPOOL Onapsis Research (Oct 11)
Onapsis Security Advisory ONAPSIS-2016-049: SAP OS Command Injection in SCTC_REORG_SPOOL

1. Impact on Business
=====================
By exploiting this vulnerability an authenticated user will be able to take full control of the system.

Risk Level: Critical

2. Advisory Information
=======================
- Public Release Date: 09/22/2016
- Last Revised: 09/22/2016
- Security Advisory ID: ONAPSIS-2016-049
- Onapsis SVS ID: ONAPSIS-00255
- CVE:...

Onapsis Security Advisory ONAPSIS-2016-002: SAP UCON Security Protection bypass Onapsis Research (Oct 11)
Onapsis Security Advisory ONAPSIS-2016-002: SAP UCON Security Protection bypass

1. Impact on Business
=====================
By exploiting this vulnerability, an attacker could bypass protections implemented in the SAP systems, potentially
executing arbitrary business processes.

Risk Level: Medium

2. Advisory Information
=======================
- Public Release Date: 09/22/2016
- Last Revised: 09/22/2016
- Security Advisory ID:...

Re: Critical Vulnerability in Ubiquiti UniFi Rob Thomas (Oct 11)
The impression I get from Tim Pham's emails is that the 'Unify Manager' is doing some behind-the-scenes tunnelling, and
bringing the Mongo interface from the server to the client (Eg, Mac or Windows device) and you are then able to connect
to localhost (on the client) which tunnels through to the server.

However, after much searching, I am unable to locate this application. Googling insinuates that it is this (unreleased)...

Other Excellent Security Lists

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

[security bulletin] HPSBNS03661 rev.1 - NonStop Backbox, Remote Disclosure of Information security-alert (Oct 13)
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05307589

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05307589
Version: 1

HPSBNS03661 rev.1 - NonStop Backbox, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2016-10-12
Last Updated: 2016-10-12

Potential...

Snort v2.9.7.0-WIN32 DLL Hijack apparitionsec (Oct 12)
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/SNORT-DLL-HIJACK.txt

[+] ISR: ApparitionSec

Vendor:
=============
www.snort.org

Product:
===================
Snort v2.9.7.0-WIN32

Snort is an open-source, free and lightweight network intrusion detection system (NIDS) software for Linux and Windows
to detect emerging threats.

Vulnerability Type:...

ZendStudio IDE v13.5.1 Privilege Escalation apparitionsec (Oct 12)
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/ZEND-STUDIO-PRIVILEGE-ESCALATION.txt

[+] ISR: ApparitionSec

Vendor:
============
www.zend.com

Product:
======================
ZendStudio IDE v13.5.1

Zend Studio is the leading PHP IDE. It is the only PHP IDE that combines mobile development with PHP and includes a
sample mobile
app with source code....

Cisco Security Advisory: Cisco Meeting Server Client Authentication Bypass Vulnerability Cisco Systems Product Security Incident Response Team (Oct 12)
Cisco Meeting Server Client Authentication Bypass Vulnerability

Advisory ID: cisco-sa-20161012-msc

Revision 1.0

For Public Release 2016 October 12 16:00 UTC (GMT)
Last Updated 2016 October 12 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the Extensible Messaging and Presence Protocol (XMPP)
service of the Cisco Meeting Server (CMS) could allow an unauthenticated,...

Multiple Vulnerabilities in Plone CMS Sebastian Perez (Oct 12)
[Product Description]
Plone is a free and open source content management system built on
top of the Zope application server. Plone is positioned as an
"Enterprise CMS" and is most commonly used for intranets and as part
of the web presence of large organizations

[Systems Affected]
Product : Plone
Version : All supported Plone versions (4.3.11 and any earlier 4.x
version, 5.0.6 and any earlier 5.x version). Previous versions...

[security bulletin] HPSBPV03516 rev.2 - HP VAN SDN Controller, Multiple Vulnerabilities security-alert (Oct 11)
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04819635

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04819635
Version: 2

HPSBPV03516 rev.2 - HP VAN SDN Controller, Multiple Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2015-09-29
Last Updated: 2016-10-10

Potential...

Facebook API v2.1 - RFC6749 Open Redirect Vulnerability Vulnerability Lab (Oct 11)
Document Title:
===============
Facebook API v2.1 - RFC6749 Open Redirect Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=1972

Vulnerability Magazine:
https://www.vulnerability-db.com/?q=articles/2016/10/10/facebook-api-v21-hit-rfc6749-open-redirect-attack-vulnerability

Release Date:
=============
2016-10-10

Vulnerability Laboratory ID (VL-ID):
====================================...

Contenido v4.9.11 CMS - (Backend) Multiple XSS Vulnerabilities admin () evolution-sec com (Oct 11)
Document Title:
===============
Contenido v4.9.11 - (Backend) Multiple XSS Vulnerabilities

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1928

Release Date:
=============
2016-10-10

Vulnerability Laboratory ID (VL-ID):
====================================
1928

Common Vulnerability Scoring System:
====================================
3.7

Product & Service Introduction:...

[SEARCH-LAB advisory] AVTECH IP Camera, NVR, DVR multiple vulnerabilities Gergely Eberhardt (Oct 11)
Avtech devices multiple vulnerabilities

--------------------------------------------------

Platforms / Firmware confirmed affected:
- Every Avtech device (IP camera, NVR, DVR) and firmware version. [4]
contains the list of confirmed firmware versions, which are affected.
- Product page: http://www.avtech.com.tw/

ôAVTECH, founded in 1996, is one of the worldÆs leading CCTV
manufacturers. With stably increasing revenue and practical business...

SEC Consult SA-20161011-0 :: XXE vulnerability in RSA Enterprise Compromise Assessment Tool (ECAT) SEC Consult Vulnerability Lab (Oct 11)
SEC Consult Vulnerability Lab Security Advisory < 20161011-0 >
=======================================================================
title: XML External Entity Injection (XXE)
product: RSA Enterprise Compromise Assessment Tool (ECAT)
vulnerable version: 4.1.0.1
fixed version: 4.1.2.0
CVE Number: -
impact: Medium
homepage: https://www.rsa.com
found: 2016-04-27...

[SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks matthias . deeg (Oct 11)
Advisory ID: SYSS-2016-043
Product: Microsoft Wireless Desktop 2000
Manufacturer: Microsoft
Affected Version(s): Ver. A
Tested Version(s): Ver. A
Vulnerability Type: Cryptographic Issues (CWE-310)
Insufficient Protection against Replay Attacks
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2016-05-19
Solution Date: -
Public Disclosure: 2016-10-05
CVE Reference: Not yet assigned
Authors of Advisory:...

[SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks matthias . deeg (Oct 11)
Advisory ID: SYSS-2016-043
Product: Microsoft Wireless Desktop 2000
Manufacturer: Microsoft
Affected Version(s): Ver. A
Tested Version(s): Ver. A
Vulnerability Type: Cryptographic Issues (CWE-310)
Insufficient Protection against Replay Attacks
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2016-05-19
Solution Date: -
Public Disclosure: 2016-10-05
CVE Reference: Not yet assigned
Authors of Advisory:...

Crashing Android devices with large Assisted-GPS Data Files [CVE-2016-5348] Nightwatch Cybersecurity Research (Oct 10)
Original at:
https://wwws.nightwatchcybersecurity.com/2016/10/04/advisory-cve-2016-5348-2/

Summary

Android devices can be crashed remotely forcing a halt and then a soft
reboot by a MITM attacker manipulating assisted GPS/GNSS data provided
by Qualcomm. This issue affects the open source code in AOSP and
proprietary code in a Java XTRA downloader provided by Qualcomm. The
Android issue was fixed by in the October 2016 Android bulletin....

[SYSS-2016-068] Fujitsu Wireless Keyboard Set LX901 - Cryptographic Issues (CWE-310), Missing Protection against Replay Attacks matthias . deeg (Oct 10)
Advisory ID: SYSS-2016-068
Product: Wireless Keyboard Set LX901
Manufacturer: Fujitsu
Affected Version(s): Model No. GK900
Tested Version(s): Model No. GK900
Vulnerability Type: Cryptographic Issues (CWE-310)
Missing Protection against Replay Attacks
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2016-07-07
Solution Date: -
Public Disclosure: 2016-10-05
CVE Reference: Not yet assigned
Authors of Advisory:...

[SYSS-2016-033] Microsoft Wireless Desktop 2000 - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) matthias . deeg (Oct 10)
Advisory ID: SYSS-2016-033
Product: Microsoft Wireless Desktop 2000
Manufacturer: Microsoft
Affected Version(s): Ver. A
Tested Version(s): Ver. A
Vulnerability Type: Insufficient Protection of Code (Firmware) and
Data (Cryptographic Key)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2016-04-22
Solution Date: -
Public Disclosure: 2016-10-05
CVE Reference: Not yet assigned
Authors of Advisory: Gerhard...

Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.

IE11 is not following CORS specification for local files Ricardo Iramar dos Santos (Sep 22)
IE11 is not following CORS specification for local files like Chrome
and Firefox.
I've contacted Microsoft and they say this is not a security issue so
I'm sharing it.

files as supposed to be.
In order to prove I've created a malicious html file with the content below.

<html>
<script>
function createCORSRequest(method, url) {
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr) {...

Welcome Faraday 2.1! Collaborative Penetration Test & Vulnerability Management Platform Francisco Amato (Sep 22)
After a long sprint we are proud to present Faraday v2.1:

Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that...

Recon Europe 2017 Call For Papers - January 27 - 29, 2017 - Brussels, Belgium cfpbrussels2017 (Sep 22)
` . R E C O N * B R U S S E L S .
. . C F P ' .
' https://recon.cx
. 27 - 29 January 2017 . .
. ' Brussels, Belgium .
\ .
-6)) +
\ † ....

t2'16: Challenge to be released 2016-09-10 10:00 EEST Tomi Tuominen (Sep 01)
It is that time of the year again.

Unicorns attract competitors, copycats and charlatans. For a VC, the road to losing the principal is paved with poor
decisions, bad luck and ultimately betting on the wrong horse. One of the challengers in the unregulated
pay-per-hitchhike app industry, Astley Auto Association, has been trying to raise a C round. Its founder and CEO, a
controversial character, is claimed to represent the darker side of the...

[ERPSCAN-16-022] SAP Hybris E-commerce Suite VirtualJDBC – Default Credentials ERPScan inc (Aug 19)
Application: SAP Hybris E-commerce Suite

Versions Affected: SAP Hybris E-commerce Suite 5.1.0.3

Vendor URL: http://sap.com

Bugs: Default credentials

Sent: 01.02.2016

Vendor response: 02.02.2016

Date of Public Advisory: 10.05.2016

Author:...

[ERPSCAN-16-023] Potential backdoor via hardcoded system ID ERPScan inc (Aug 19)
Application: SAP АBAP BASIS

Versions Affected: SAP АBAP BASIS 7.4

Vendor URL: http://SAP.com

Bugs: Hardcoded credentials

Sent: 01.02.2016

Reported: 02.02.2016

Vendor response: 02.02.2016

Date of Public Advisory: 10.05.2016

Reference:...

Faraday v2.0: Collaborative Penetration Test and Vulnerability Management Platform Francisco Amato (Aug 19)
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that help users improve their own
work, the main purpose is to...

SpiderFoot 2.7.0 released Steve Micallef (Aug 19)
Hi all,

SpiderFoot 2.7.0 is now available, with more modules, added
functionality and bug fixes since 2.5.0 was last announced on this list.
SpiderFoot is an open source intelligence gathering / reconnaissance
tool utilising over *50* data sources and methods, all driven through a
snappy web UI.

Here's what's new since 2.5.0..
- *6* new modules:
- BotScout.com search for malicious e-mail addresses
-...

Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime Edition (Build 8) Rv3Lab.org (Aug 11)
###################################################

01. ### Advisory Information ###

Title: Directory Traversal Vulnerability in ColoradoFTP v1.3 Prime
Edition (Build 8)
Date published: n/a
Date of last update: n/a
Vendors contacted: ColoradoFTP author Sergei Abramov
Discovered by: Rv3Laboratory [Research Team]
Severity: High

02. ### Vulnerability Information ###

OVE-ID: OVE-20160718-0006
CVSS v2 Base Score: 8.5
CVSS v2 Vector:...

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

Re: IE11 is not following CORS specification for local files Ricardo Iramar dos Santos (Oct 13)
Same attack using XSS as vector.
Imagine that https://xss-doc.appspot.com is a site about gift cards.
The XSS payload below will create a giftcard.htm file in the default
download folder.
If the victim open the file a GET to
https://mail.google.com/mail/u/0/#inbox will be submitted.
After the GET the file will perform a POST to
http://192.168.1.36/req.php using the GET response as a body.
An attacker would be able to read all the emails in the...

Re: IE11 is not following CORS specification for local files Ricardo Iramar dos Santos (Oct 05)
I did a small improvement in this attack.
Using IE File API
(https://msdn.microsoft.com/en-us/library/hh772315(v=vs.85).aspx) an
attacker would be able to create a web page with the content below and
send to a victim.
A local file with the same content that I sent previously would be
created on download default folder.
If the victim perform the three following clicks (Save, Open and Allow
blocked content) an attacker would be able to perform any...

Welcome Faraday 2.1! Collaborative Penetration Test & Vulnerability Management Platform Francisco Amato (Sep 22)
After a long sprint we are proud to present Faraday v2.1:

Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that...

IE11 is not following CORS specification for local files Ricardo Iramar dos Santos (Sep 21)
IE11 is not following CORS specification for local files like Chrome
and Firefox.
I've contacted Microsoft and they say this is not a security issue so
I'm sharing it.

files as supposed to be.
In order to prove I've created a malicious html file with the content below.

<html>
<script>
function createCORSRequest(method, url) {
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr) {...

nullcon 8-bit Call for Papers is open nullcon (Aug 23)
Dear Hackers and Security Pros,

Welcome to nullcon 8-bit!
nullcon is an annual security conference held in Goa, India. The focus
of the conference is to showcase the next generation of offensive and
defensive security technology. We happily open doors to researchers
and hackers around the world and the universe , working on the next
big thing in security and request everyone to submit their new
research.

What is 8-bit?
As a tradition of...

SpiderFoot 2.7.0 released Steve Micallef (Aug 19)
Hi all,

SpiderFoot 2.7.0 is now available, with more modules, added
functionality and bug fixes since 2.5.0 was last announced on this list.
SpiderFoot is an open source intelligence gathering / reconnaissance
tool utilising over *50* data sources and methods, all driven through a
snappy web UI.

Here's what's new since 2.5.0..
- *6* new modules:
- BotScout.com search for malicious e-mail addresses
-...

Faraday v2.0: Collaborative Penetration Test and Vulnerability Management Platform Francisco Amato (Aug 18)
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that help users improve their own
work, the main purpose is to...

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

Immunity is throwing a shindig in Laurel MD Nov 21st! Dave Aitel (Oct 13)
https://twitter.com/Immunityinc/status/786561783691481088

It's not just about the beer - it's really more about sharing our
experiences throughout the year writing and enjoying the delicious brew
that is modern exploits! We have two talks, both of which will be great.
Please email admin () immunityinc com to RSVP!

-dave

Re: Book Reviews JJ Gray (Oct 12)
Even small scale (but high event) focussed testing can have unexpected
results, case in point as happened some time ago on a remote application
test. In short the basic fuzzing of a small form field killed the
corporate mail server. It turned out that at some point early in the
applications life cycle the developer added an email alert on every
error condition. This continued through the application life cycle until
Live except at this point the...

Re: Book Reviews Thomas Ptacek (Oct 11)
Yeah, this rang false to me too. It’s also the reason you can’t take a
client with 100 applications and run a tool that spams every discovered
endpoint with XSS vectors; their customers scream bloody murder when every
other page starts popping an alert box.

(This comes up a lot because people who don’t do large-scale testing tend
to believe XSS is something you can safely test for everywhere).

"You cannot deface websites with...

Re: Book Reviews Dave Aitel (Oct 11)
Yes, in theory. There are scenarios where you can do all those things. None
of those are what the authors meant, to put it kindly.

-dave

Re: Book Reviews Eric Schultz (Oct 11)
"You cannot deface websites with cross-site-scripting"

You can with stored cross site scripting.

You if the app is also vulnerable to cross site request forgery.

You can if you steal a privileged session and you have network access.

-Eric

Book Reviews Dave Aitel (Oct 10)
2 Book Reviews in this post.

1. Lab Girl
<https://www.amazon.com/Lab-Girl-Hope-Jahren-ebook/dp/B00Z3FYQS4/ref=tmm_kin_swatch_0?_encoding=UTF8&qid=1476112205&sr=8-1>
:
Probably the best book I've read all year. Immediately go and purchase and
read this. Speaks well to the hacker spirit, but is written like poetry.

2.
http://cybersecpolitics.blogspot.com/2016/10/book-review-cyber-war-vs-cyber-realities.html
-
Read my review...

Why there's an INFILTRATE dave aitel (Sep 29)
It was one of our first INFILTRATEs when Thomas Lim gave a keynote
saying
<http://immunityinc.com/infiltratemovies/movies/thomaslim_keynote.mp4>,
in specific, that there were far too many security conferences. And he
was, of course right. And also one of our first keynotes when Thomas
Dullien talked about weird machines and JIT engines
<http://www.slideshare.net/scovetta/fundamentals-of-exploitationrevisited>and
the philosophy of bug...

Re: Deep down the certificate pinning rabbit hole of "Tor Browser Exposed" Ryan Duff (Sep 19)
Hey everyone,

I have posted a full technical writeup and wrap-up for this bug. Check it
out here:
https://medium.com/@flyryan/postmortem-of-the-firefox-and-tor-certificate-pinning-vulnerability-rabbit-hole-bd507c1403b4#.oawicwift

Thanks!

-Ryan

Deep down the certificate pinning rabbit hole of "Tor Browser Exposed" Ryan Duff (Sep 15)
Hey everyone,

I spent a decent portion of my day looking into the claim by the Tor-Fork
developer that you could get cross-platform RCE on Tor Browser if you're
able to both MitM a connection and forge a single TLS certificate for
addons.mozilla.org. This is well within the capability of any decently
resourced nation-state. Definitely read @movrcx's write-up first to see his
claim. It's here:...

Re: The difference between block-based fuzzing and AFL Michal Zalewski (Sep 15)
I don't look at the it this way.

To put it bluntly, the overriding principle behind AFL is that it
intentionally takes away choice and forces you to simplify problems
instead of complicating the test suite.

Quite often, that's the right thing to do, even if it *feels*
insulting or wrong to a pro. There are fuzzing frameworks that are
incredibly flexible and expressive, allowing you to create complex
protocol specs, fiddle with dozens...

Tor Browser Exposed: Anti-Privacy Implantation at Mass Scale Joshua (Sep 13)
Howdy folks,

An article was written on how a nation state could conduct an attack on all Tor Browser platforms. Enjoy!

https://medium.com/@movrcx/tor-browser-exposed-anti-privacy-implantation-at-mass-scale-bd68e9eb1e95#.fjup01gkm_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

Re: iPhone Security Kristian Erik Hermansen (Sep 13)
Thanks to Apple for finally fixing the issues today with latest
updates and not crediting where credit is due. And, you should really
update to get the patches just released...

"CVE-2016-4741: Description: An issue existed in iOS updates, which
did not properly secure user communications. This issue was addressed
by using HTTPS for software updates."

Re: The difference between block-based fuzzing and AFL Ryan Stortz (Sep 13)
I don't think it's an apples-to-oranges comparison to compare these fuzzers
against the Cyber Grand Challenge test set (
https://github.com/trailofbits/cb-multios). In fact, the CGC test set is a
perfect shooting gallery. The test set is entirely comprised of network
services that implement protocols that represent real world software.
DECREE has no knowledge of file systems or files at all. The protocols are
frequently simplified, but...

Re: The difference between block-based fuzzing and AFL Andrew Ruef (Sep 13)
The benefit of a tool like AFL is that it’s black-box: you don’t need a grammar, you don’t need a complicated, rich and
deep specification of a protocol like RPC that encapsulates checksums, encryption, etc.

AFL (and fuzzers like it) have a strategy to work around their lack of knowledge/a deep specification, though: just
recompile your application to skip checksums and turn off encryption.

Augh! It’s so cheesy! The indignity! You...

The difference between block-based fuzzing and AFL Dave Aitel (Sep 13)
So let's take a quick break from thinking about how messed up Wassenaar is
or what random annoying thing the EFF or ACLU said about 0day today and
talk about fuzzers. AFL has everyone's mind share, but I you have to point
out that it is still a VERY specialized tool.

The process of taking a file, sending it into some processing unit, and
then figuring out if it crashes, sounds easy and generic. But in practice
you have to carefully...

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

Re: [Security Weekly] cheap hosting Robin Wood (Sep 23)
Resurrecting an old thread but they now have an affiliate program and I can
issue my own codes so:

20% off all servers AqUVYbUXag
50% off all big dog (whatever that is) 7E9YRUzEZy

After a month with them, their tech support is OK but not great, the server
has stayed up and not had any problems.

Robin

Re: [Security Weekly] projecting in a bight space Jeremy Pommerening (Aug 28)
I would look for a projector with at least 6000 ANSI Lumens or better. A darker screen (grey) may also help.

Jeremy Pommerening

________________________________
From: Robin Wood <robin () digi ninja>
To: Security Weekly Mailing List <pauldotcom () mail securityweekly com>
Sent: Sunday, August 3, 2014 3:42 AM
Subject: [Security Weekly] projecting in a bight space

I've been looking at the venue for next year's...

[Security Weekly] Two Firefox security bugs related to HTTPS ffbugishere (Aug 17)
Hello world!

We need votes for security bugs!

Adding "Security Exception" for self-signed HTTPS sites cannot be done
permanently
https://bugzilla.mozilla.org/show_bug.cgi?id=1050100

Firefox 31 doesn't supports the industry recommended best HTTPS
ciphers
https://bugzilla.mozilla.org/show_bug.cgi?id=1051210

Other browsers should have the same bugs fixed..

p.s.: We are not related to this group, but we think they worth a
penny...

Re: [Security Weekly] Java and Flash decompilers Will Metcalf (Aug 05)
JPEXS is very nice for flash IMHO.

http://www.free-decompiler.com/flash/

Regards,

Will

Re: [Security Weekly] Java and Flash decompilers Bradley McMahon (Aug 05)
I've used flare before to pull apart a flash site for a client.
http://www.nowrap.de/flare.html

-Brad

Re: [Security Weekly] SecurityCenter alternative Steven McGrath (Aug 04)
SC certainly isn’t cheap (as a former SC customer that moved over to Tenable I can attest to that) however I can point
out that the data aggregation, trending, and custom reporting were huge wins in my book. I guess its a time/money
trade-off. How much time do you want to spend either cobbling together a tool or manually aggregating the data when
there is another tool already out there that can do it out of the box.

I can speak in more...

Re: [Security Weekly] Java and Flash decompilers S. White (Aug 04)
A few I've used in the past:

JAD - http://varaneckas.com/jad/ , http://en.wikipedia.org/wiki/JAD_(JAva_Decompiler)

HP SWFscan

Adobe SWF investigator http://labs.adobe.com/technologies/swfinvestigator/

________________________________
From: Robin Wood <robin () digi ninja>
To: Security Weekly Mailing List <pauldotcom () mail securityweekly com>
Sent: Monday, August 4, 2014 5:54 AM
Subject: [Security Weekly] Java and...

[Security Weekly] DoFler @ BSidesLV Steven McGrath (Aug 04)
This will be the 3rd year that DoFler (the Dashboard of Fail) will be at BSidesLV. This year I wrote a new spiffy
interface for maximum trolling. Let’s be honest now, everyone loves to surf for various forms of horrible on the
internet at cons :D. Also added this year is a little vulnerability analysis (using Tenable’s PVS). Every year I try
to improve it a bit based on everyone’s input, and am always welcome to more feedback.

DB...

Re: [Security Weekly] cheap hosting Robin Wood (Aug 04)
Already sorted but thanks for the info.

Re: [Security Weekly] Java and Flash decompilers Nathan Sweaney (Aug 04)
Here are a few others I've used with varying success in the past:

SWFInvestigator - http://labs.adobe.com/technologies/swfinvestigator/
SWFScan - from Rafal Los at HP, though the link has been deleted. (Careful,
I've seen trojaned copies online.)

Re: [Security Weekly] SecurityCenter alternative Paul Asadoorian (Aug 04)
Thanks all for the informative discussion!

I know, I'm jumping in late, some closing thoughts on the subject:

- SecurityCenter has the unique advantage of consolidating plugin
updates, meaning you could have hundred of Nessus scanners deployed in
your organization, and the scanners get the plugin feed from your
SecurityCenter system. The removes the requirement of Internet access
(From the scanners), and greatly eases the administration...

Re: [Security Weekly] SecurityCenter alternative k41zen (Aug 04)
Thanks for all of your help.

We are in discussions with our Tenable contact about solutions for this issue. They’ve helped me out by enabling me to
move forward to at least deploy this into a Pre-Production environment but the costs of SC are a massive stumbling
block; hence my question about something else. Appreciate we have a big Nessus fan base here of which I am a member
too, but just wondered what could be wrapped around it.

I’ll...

Re: [Security Weekly] SecurityCenter alternative Adrien de Beaupre (Aug 04)
Hi,

I have also written a series of script to collect data from tools such as
nmap and nessus to import into MySQL called OSSAMS:
http://www.ossams.com/wp-content/uploads/2011/10/ossams-parser-SecTor-2011.zip
That leaves report writing as a series of SQL queries.
I also have a series of scripts to kick off scans, as well as a command
like XML-RPC nessus client in python if anyone is interested.

Cheers,
Adrien

Re: [Security Weekly] cheap hosting sec list (Aug 04)
Hey Robin,

If you're still looking, might want to try out getclouder.com - they
spin up Linux containers in 5 seconds and use distributed storage, which
is pretty awesome. It's still in beta, so they offer 3 months free
service, but it has been pretty stable so far from my experience.

[Security Weekly] Java and Flash decompilers Robin Wood (Aug 04)
Hi
I'm trying to put together a list of tools for decompiling Flash and Java
apps. From asking on another list I already have:

Java
JD-GUI
Java Decompiler http://jd.benow.ca/jd-gui/downloads/jd-gui-0.3.6.windows.zip.

Java snoop https://code.google.com/p/javasnoop/

Flash
Trillix
Flashbang https://github.com/cure53/Flashbang

Has anyone here got any others they can suggest?

Ideally I'm looking for free stuff but cheap commercial...

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

Microsoft Security Bulletin Minor Revisions Microsoft (Oct 12)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: October 12, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-121

Bulletin Information:
=====================

MS16-121...

Microsoft Security Bulletin Releases Microsoft (Oct 11)
********************************************************************
Title: Microsoft Security Bulletin Releases
Issued: October 11, 2016
********************************************************************

Summary
=======

The following bulletins have undergone a major revision increment.

* MS16-101 - Important

Bulletin Information:
=====================

MS16-101

- Title: Security Update for Windows Authentication Methods (3178465)
-...

Microsoft Security Bulletin Summary for October 2016 Microsoft (Oct 11)
********************************************************************
Microsoft Security Bulletin Summary for October 2016
Issued: October 11, 2016
********************************************************************

This bulletin summary lists security bulletins released for
October 2016.

The full version of the Microsoft Security Bulletin Summary for
April 2016 can be found at
<https://technet.microsoft.com/library/security/ms16-oct>....

Microsoft Security Bulletin Summary for September 2016 Microsoft (Sep 13)
********************************************************************
Microsoft Security Bulletin Summary for September 2016
Issued: September 13, 2016
********************************************************************

This bulletin summary lists security bulletins released for
September 2016.

The full version of the Microsoft Security Bulletin Summary for
September 2016 can be found at
<...

Microsoft Security Advisory Notification Microsoft (Sep 13)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 13, 2016
********************************************************************

Security Advisories Released or Updated Today
==============================================

* Microsoft Security Advisory 3181759
- Title: Vulnerabilities in ASP.NET Core View Components Could
Allow Elevation of Privilege
-...

Microsoft Security Bulletin Minor Revisions Microsoft (Sep 02)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: September 2, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-101

Bulletin Information:
=====================

MS16-101...

Microsoft Security Bulletin Releases Microsoft (Aug 22)
********************************************************************
Title: Microsoft Security Bulletin Releases
Issued: August 22, 2016
********************************************************************

Summary
=======

The following bulletins have undergone a major revision increment.

* MS16-099 - Critical

Bulletin Information:
=====================

MS16-099

- Title: Security Update for Microsoft Office (3177451)
-...

Microsoft Security Bulletin Minor Revisions Microsoft (Aug 18)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: August 18, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-075
* MS16-AUG

Bulletin Information:
=====================...

Microsoft Security Bulletin Minor Revisions Microsoft (Aug 12)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: August 12, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-102

* MS16-AUG

Bulletin Information:
=====================...

Microsoft Security Bulletin Minor Revisions Microsoft (Aug 11)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: August 11, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-035

* MS16-99

* MS16-102

* MS16-AUG

Bulletin...

Microsoft Security Bulletin Minor Revisions Microsoft (Aug 10)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: August 10, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-101
* MS16-AUG

Bulletin Information:
=====================...

Microsoft Security Bulletin Minor Revisions Microsoft (Aug 09)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: August 09, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-077

Bulletin Information:
=====================

MS16-077...

Microsoft Security Bulletin Summary for August 2016 Microsoft (Aug 09)
********************************************************************
Microsoft Security Bulletin Summary for August 2016
Issued: August 09, 2016
********************************************************************

This bulletin summary lists security bulletins released for
August 2016.

The full version of the Microsoft Security Bulletin Summary for
August 2016 can be found at
<https://technet.microsoft.com/library/security/ms16-aug>....

Microsoft Security Bulletin Releases Microsoft (Aug 09)
********************************************************************
Title: Microsoft Security Bulletin Releases
Issued: August 9, 2016
********************************************************************

Summary
=======

The following bulletins have undergone a major revision increment.

* MS16-054 - Critical
* MS16-MAY

Bulletin Information:
=====================

MS16-054

- Title: Security Update for Microsoft Office (3155544)
-...

Microsoft Security Advisory Notification Microsoft (Aug 09)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: August 9, 2016
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory 3179528
- Title: Update for Kernel Mode Blacklist
- https://technet.microsoft.com/library/security/3179528.aspx
-...

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

Verizon: 1.5M of Contact Records Stolen, Now on Sale Jeffrey Walton (Mar 26)
http://www.mobipicker.com/verizon-1-5m-contact-records-stolen-now-sale/:

A business to business telecommunication giant,
Verizon Enterprise Solutions, a Basking Ridge,
New Jersey-based company, has been the latest
victim of a cyber crime that stole 1.5 million contact
records of the customers of Verizon...

I don't quite understand this double talk. Could someone explain to me:

A spokesperson from Verizon said that...

Statement on Lavabit Citation in Apple Case Jeffrey Walton (Mar 16)
(From John Young on another list):
http://www.facebook.com/KingLadar/posts/10156714933135038

As many of you already know, the government cited the Lavabit case in
a footnote. The problem is their description insinuates a precedent
that was never created. Obviously I was somewhat disturbed by their
misrepresentation. So I decided to draft a statement. And keep in
mind, these are the same people who say "trust us." Click continue to
read...

The NSA's back door has given every US secret to our enemies Jeffrey Walton (Feb 29)
http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2

Deng Xiaoping, in 1979 - his second year as supreme leader of China -
perceived a fundamental truth that has yet to be fully grasped by most
Western leaders: Software, if properly weaponized, could be far more
destructive than any nuclear arsenal.

Under Deng’s leadership, China began one of the most ambitious and
sophisticated meta- software...

Can Spies Break Apple Crypto? Jeffrey Walton (Feb 27)
Here's an interesting exchange between Cryptome and Michael Froomkin,
Law Professor at University of Miami, on the All Writs Act
(http://cryptome.org/2016/02/can-spies-break-apple-crypto.htm):

-----

A. Michael Froomkin:

The factual posture in the key Supreme Court precedent, New York
Telephone, involved a situation where only the subject of the order
was capable of providing the assistance at issue. This is the basis
for Apple's...

The FBI's iPhone Problem: Tactical vs. Strategic Thinking Jeffrey Walton (Feb 23)
http://www.technewsworld.com/story/83130.html

I'm an ex-sheriff, and I've been in and out of security jobs for much
of my life, so I've got some familiarity with the issues underlying
the drama between the FBI and Apple. FBI officials -- and likely those
in every other three-letter agency and their counterparts all over the
world -- would like an easier way to do their jobs. Wouldn't we all?

If they could put cameras in...

Wanted: Cryptography Products for Worldwide Survey Jeffrey Walton (Jan 01)
(http://www.schneier.com/crypto-gram/archives/2015/1215.html):

In 1999, Lance Hoffman, David Balenson, and others published a survey
of non-US cryptographic products. The point of the survey was to
illustrate that there was a robust international market in these
products, and that US-only export restrictions on strong encryption
did nothing to prevent its adoption and everything to disadvantage US
corporations. This was an important contribution...

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

Re: CVE Request: another recursion in GRE cve-assign (Oct 14)
Use CVE-2016-8666.

Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) P J P (Oct 13)
Hello John,

+-- On Thu, 13 Oct 2016, John Haxby wrote --+
| On 13/10/16 13:46, Vladis Dronov wrote:
| > https://bugzilla.redhat.com/show_bug.cgi?id=1373499 (reproducer, patch)
|
| This bug isn't accessible. Do you think you could post the reproducer
| or open the bug please?

Please see this one:
-> https://bugzilla.redhat.com/show_bug.cgi?id=1373966

Thank you.

docker2aci: infinite loop in deps walking(CVE-2016-8579) 张开翔 (Oct 13)
Hello,

It was found that docker2aci fall into an infinite loop while traversing the dependency ancestry of a malformed image
file.
,this flaw may cause excessive CPU cycles & resources consume on the host. The happens because no essential check for
duplicated
image ID found in getAncestry() in docker2aci,

CVE-2016-8579 was assigned to this flaw by cve-assign () mitre org<mailto:cve-assign () mitre org>. Here the reply from
CVE...

Re: CVE request: kernel - local DoS due to a page lock order bug in the XFS seek hole/data implementation cve-assign (Oct 13)
Use CVE-2016-8660.

CVE Request: another recursion in GRE Marcus Meissner (Oct 13)
Hi,

While debugging the issue CVE-2016-7039, SUSE engineer Michal Kubecek also spotted
a similar problem fixed earlier this year.

If a packet has the layout: | IPv4 header | GRE header | IPv4 header | GRE header | ...
depending on left over stack it could run the kernel out of stack due to
recursion and so crash the kernel.
This might be hard to hit with regular Ethernet MTUs, but easier with Jumbo frames.

Michal has a testcase in...

Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) John Haxby (Oct 13)
This bug isn't accessible. Do you think you could post the reproducer
or open the bug please?

jch

Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) Vladis Dronov (Oct 13)
Hello, David,

Could you, please, tell, if you plan to submit that patch of yours to be merged upstream?

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer

----- Original Message -----
From: "Greg KH" <greg () kroah com>
To: oss-security () lists openwall com
Sent: Thursday, October 13, 2016 2:57:17 PM
Subject: Re: [oss-security] kernel: Stack corruption while reading /proc/keys (CVE-2016-7042)

Nope, I...

CVE request: kernel - local DoS due to a page lock order bug in the XFS seek hole/data implementation CAI Qian (Oct 13)
Running the trinity syscall fuzzer inside a docker container as an non-privileged user below,

$ trinity -g vfs --arch 64 --disable-fds=sockets --disable-fds=perf --disable-fds=epoll
--disable-fds=eventfd --disable-fds=pseudo --disable-fds=timerfd --disable-fds=memfd
--disable-fds=drm

always trigger a deadlock/hang at the fdatasync() syscall within 30 minutes with traces
(including sysrq-w info as well) like this,...

Re: cve request: systemd-machined: information exposure for docker containers CAI Qian (Oct 13)
----- Original Message -----

It turns out this CVE is against oci-register-machine NOT systemd. The fix is here,

https://github.com/projectatomic/oci-register-machine/pull/22

CAI Qian

Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) Greg KH (Oct 13)
Nope, I don't think that security () kernel org was sent the patch, but if
the maintainer of the subsytem already knows about it (it looks like he
wrote the patch), then there was no need to let that alias know about
it, right?

Any idea if this is going to be submitted to be merged upstream?

thanks,

greg k-h

kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) Vladis Dronov (Oct 13)
Hello,

It was found that when gcc stack protector is turned on, proc_keys_show() can
cause a panic in the Linux kernel due to the stack corruption. This happens
because xbuf[] is not big enough to hold a 64-bit timeout value rendered as weeks.

CVE-2016-7042 was assigned to this flaw internally by the Red Hat. Please, use it
in the public communications regarding this flaw.

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1373966...

Re: bubblewrap LPE Simon McVittie (Oct 13)
It needs to be setuid root (or CAP_SYS_ADMIN, which might as well be setuid
root) to be useful on any distribution whose kernel doesn't normally allow
unprivileged users to open user-namespaces; in particular, Debian, RHEL,
and backports to older/LTS Ubuntu (but not current Ubuntu).

I assume the developers of Bubblewrap wouldn't have done this if the
kernel (or at least *a* kernel they care about) didn't require it.
But hopefully...

Re: CVE Request -- Broadcom Wifi Driver Brcmfmac brcmf_cfg80211_start_ap Buffer Overflow cve-assign (Oct 13)
Use CVE-2016-8658.

Re: bubblewrap LPE cve-assign (Oct 13)
Use CVE-2016-8659 for this issue in which there is unintended
functionality of attaching to the process because of the details
of the code near 1707.

Re: CVE Request -- Broadcom Wifi Driver Brcmfmac brcmf_cfg80211_start_ap Buffer Overflow freener (Oct 12)
hi,
I found a stack buffer overflow vulnerability in Broadcom wifi driver
brcmfmac, this issue has been fixed, I would like to
request a CVE-ID for this issue.

Description
=========

Cfg80211 module in kernel is the main interface to operate on wifi.
This module defines an operation data structure which stores many
commands and callback functions to control the wifi, and those
callback functions are implemented in wifi driver finally,...

Secure Coding — The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.

Silver Bullet 123: Yanek Korff Gary McGraw (Jul 06)
hi sc-l,

The latest installment of Silver Bullet was posted this morning. Silver Bullet episode 123 features a conversation
with Yanek Korff. Yanek worked for many years at Cigital as a system administrator back in the early days. He then
moved on to operational security work at AOL and running managed security services at Mandiant.

We talk about managing technical people in this episode. We also discuss operational security. Have a...

[CFP] Workshop: Who are you?! Adventures in Authentication at SOUPS 2016 - Next week! Larry Koved (Jun 20)
Title: Who are you?! Adventures in Authentication

Workshop to be held at the Twelfth Symposium on Usable Privacy and
Security - SOUPS 2016
When: June 22, 2016
Where: Denver, CO

URL: https://www.usenix.org/conference/soups2016/workshop-who-are-you

Description:

Authentication, or the act of proving that someone is who they claim to
be, is a cornerstone of security. As more time is spent using computers,
authentication is becoming both more...

Silver Bullet 122: David Nathans Gary McGraw (Jun 07)
Hi sc-l,

The latest episode of Silver Bullet features a conversation with David Nathans from Siemens Healthcare. David got his
start in security ops, and even wrote a book about that. But he completely understands why product security is
essential in the modern world and has been moving things in the right direction when it comes to medical devices.

Have a listen: http://bit.ly/SB-nathans

As always, your feedback is welcome.

gem...

Jack from Codiscope: Static Analysis for Node.JS Gary McGraw (May 20)
Hi sc-l,

New tech stacks call for new static analysis approaches. Check out Jacks (free for developers) from Codiscope:

https://codiscope.com/not-your-fathers-code-review/

gem

https://www.garymcgraw.com/
@cigitalgem

[CFP] Workshop CFP: Who are you?! Adventures in Authentication at SOUPS 2016 - 1 week until the submission deadline Larry Koved (May 10)
Title: Who are you?! Adventures in Authentication

Workshop to be held at the Twelfth Symposium on Usable Privacy and
Security - SOUPS 2016
When: June 22, 2016
Where: Denver, CO

URL: https://www.usenix.org/conference/soups2016/workshop-who-are-you

Description:

Authentication, or the act of proving that someone is who they claim to
be, is a cornerstone of security. As more time is spent using computers,
authentication is becoming both more...

Silver Bullet 121: Marty Hellman Gary McGraw (May 10)
hi sc-l,

While I was away in Europe, Silver Bullet 121 went live. This episode is an interview with recent Turing award winner
and public key crypto inventor Marty Hellman. I met Marty this year at RSA the night he won the Turing award. He’s a
hugely interesting guy.

We talk math, crypto, politics, and the history of the first two crypto wars. Marty put his own career (and freedom)
on the line in the first! It’s super interesting....

c0c0n 2016 | The cy0ps c0n - Call For Papers & Call For Workshops c0c0n 2016 - The CyOps Conference (Apr 25)
___ ___ ___ ___ __ __
/ _ \ / _ \ |__ \ / _ \/_ | / /
___| | | | ___| | | |_ __ ) | | | || |/ /_
/ __| | | |/ __| | | | '_ \ / /| | | || | '_ \
| (__| |_| | (__| |_| | | | | / /_| |_| || | (_) |
\___|\___/ \___|\___/|_| |_| |____|\___/ |_|\___/

#################################################################
c0c0n 2016 | The cy0ps c0n - Call For Papers & Call...

[CFP] Workshop CFP: Who are you?! Adventures in Authentication at SOUPS 2016 Larry Koved (Apr 25)
Title: Who are you?! Adventures in Authentication

Workshop to be held at the Twelfth Symposium on Usable Privacy and
Security - SOUPS 2016
When: June 22, 2016
Where: Denver, CO

URL: https://www.usenix.org/conference/soups2016

Description:

Authentication, or the act of proving that someone is who they claim to
be, is a cornerstone of security. As more time is spent using computers,
authentication is becoming both more common and...

Silver Bullet celebrates a decade of shows: Gary McGraw Gary McGraw (Apr 01)
hi sc-l,

Hard to believe, but Silver Bullet has been running for ten years---120 months of shows in a row without missing a
month. To celebrate this accomplishment, we shot a video for episode 120 out by the Shenandoah river at my house. And
we turned the tables on the interview. Marcus Ranum, inventor of the firewall, interviews me.

We discuss: software security, internet of (crappy) things, the surveillance state, advisory board work,...

Educause Security Discussion — Securing networks and computers in an academic environment.

Migration from Banner to Workday Colin Abbott (Oct 13)
Hello,

We are embarking on our migration from Banner HR to Workday and I was wondering if anyone on this list has already
gone through this project and has lessons learned to share relating to security?

A few questions that we are looking at:

-Which option have you chosen to secure APIs?

-Is the day to day security management of user access managed by the business or central IT?

-Are you using multi-factor authentication?

- Do you...

Re: Organizations residing on campus Hudson, Edward (Oct 13)
Mandi
Our policies spell out that they are applicable to “Auxiliaries, external businesses and organizations that use campus
information assets.”
You can find a public copy of them here: http://www.calstate.edu/icsuam/documents/Section8000.pdf

Regards
Ed Hudson, CISM
Director, Information Security
[cid:[email protected]]
401 Golden Shore
Long Beach, CA 90802
Tel 562-951-8431
ehudson () calstate edu

I subscribe to e-mail...

Organizations residing on campus Mandi Witkovsky (Oct 13)
We have several non-university entities (non-profit organizations) who have space to operate on campus. Most of the
time, all we provide is phones and internet access, but sometimes it gets hairy when the org wants to run servers on
premise. Does anyone have published standards or guidelines that they give to these types of entities so they know
what is allowed, and what expectations for security, and what the expectations are on both sides?...

Re: Microsoft MFA vs. Duo Kurtz, Eric (Oct 12)
Chris,
We are starting to look at this too (being an O365/AD prem user). I like that the Microsoft MFA will do conditional
MFA based on analytics of login locations and not just force MFA to all clients for O365 logins. I think you need the
EMS license to do this though. And they now have the MFA server so you can integrate with other apps like radius. I'd
be interested to hear about your comparison and implementation.

Eric Kurtz...

Re: password length and required reset Haas, Mike (Oct 12)
That 3rd shift custodian is an attack vector only, if his account becomes compromised you may be able to reach his
manager via the custodians compromised email, get the manager to download or click on a malicious payload because it
was sent by someone he knows. Now you possibly have access to a more privileged users desktop bypassing the MFA they
have in place potentially.

Sent from my iPhone
-------------------------
Michael Haas
Information...

Re: password length and required reset Mike Cunningham (Oct 12)
When you talk about required MFA for ALL users are you including students in that list of ALL? Or is all a reference
to employees only. And if employees only does that apply to a 3rd shift custodian who only has an account to enter time
and request leave and look at a pay check.

Mike Cunningham

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Drews,
Jane E
Sent: Wednesday,...

Microsoft MFA vs. Duo Gregg, Christopher S. (Oct 12)
It looks like there has been a fair amount of discussion around Duo and rolling out MFA, usually Duo on the list.

Has anyone here run a recent comparison between using the Microsoft multifactor authentication solution vs. Duo?

Duo appears to be incredibly popular in the higher ed space, and I have heard nothing but good things about it.

We're an Office365 shop, and we already have Azure AD Premium licenses for the self-service password...

Re: password length and required reset Drews, Jane E (Oct 12)
Justin,

Our current password policy has two tiers, which has worked well for us. For ‘regular’ accounts the minimum length is
9 characters with 365 day aging, among other things. For ‘privilege’ accounts, the minimum is 15 characters with 180
day aging. We’ve automated notification of expiring passwords so people don’t have to know which tier they’re in.

We are currently looking to revise our policy to introduce stricter...

Re: PCI-DSS SAQ Sign-off Mardecia Bell (Oct 11)
The University Controller

Mardecia

Re: PCI-DSS SAQ Sign-off McClenon, Brady (Oct 11)
We have a merchant ID, or multiple, for each office. Each office director signs off. So basically, each person
responsible for creating and enforcing/overseeing compliant office procedures signs.

Brady McClenon
Information Technology Security Administrator
Information Technology Services - IT Security
B237 Milne Library
SUNY College at Oneonta
607-436-3203

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV...

Re: password length and required reset Adam Maynard (Oct 11)
14 Characters is kinda crazy, unless you’re working with highly sensitive or DOD data (then MFA anyway). It’s really a
burden for users.

There’s a new realization that non-user
friendly<https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/> passwords with a
short change
period<http://arstechnica.com/security/2016/08/frequent-password-changes-are-the-enemy-of-security-ftc-technologist-says/...

Re: PCI-DSS SAQ Sign-off Ramon Rentas (Oct 11)
Director of Budget & Institutional Services.

Ramón
---
Ramón L. Rentas
Infrastructure & Enterprise Application Services
Macalester College
*Never email your
password to anyone!*

The information transmitted may contain confidential material and is
intended only for the person or entity to which it is addressed. Any
review, retransmission, dissemination or other use of, or taking...

Re: password length and required reset Justin Store (Oct 11)
Hello Everyone,

We just kicked-off a project to increase our current length of 8 up to 14.
We chose 14 (with complexity) because it addresses the threat of offline
cracking with rainbow tables and brute forcing while also meeting the
recommendations in the CIS benchmarks for our primary OSs (Win10 and Server
2012) with further guidance taking from CIS Critical Security Control 5.7
which looks for passwords longer than 14 characters for systems...

Re: Questions about your VPN Steven Alexander (Oct 11)
We require MFA for VPN access; currently we use Duo.

Most of the district IT staff have access. We provide access to administrators on request or to faculty/staff on the
request of their administrator. Requests are generally granted but we do ask questions and will bring HR into the loop
as necessary (e.g. to confirm that an hourly employee should be doing work from home).

We don’t require a managed workstation but we set them up with...

Re: Membership in REN-ISAC Herring, Todd William (Oct 11)
Thanks for your endorsement of REN-ISAC, Aaron and Mike. It's always nice to hear.

Adam, if you'd like more information, feel free to contact me offline.

Todd

Todd Herring
Membership Services Director, REN-ISAC
therring () ren-isac net<mailto:therring () ren-isac net>
Office: 317.278.5387
http://www.ren-isac.net
-------------------------------------------------
From: The EDUCAUSE Security Constituent Group Listserv [...

Internet Issues and Infrastructure

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

Re: Excessive Netflix DNS Traffic? Josh Reynolds (Oct 13)
Same here :)

RE: Anyone from Facebook here? Doug Porter (Oct 13)
Mark:

Thanks. We saw this on bind-users and are tracking in t13843732.

Re: Two BGP peering sessions on single Comcast Fiber Connection? Ryan, Spencer (Oct 13)
Run your IPv4 peer to one router and IPv6 to another. Boom, redundancy!

Spencer Ryan | Senior Systems Administrator | sryan () arbor net<mailto:sryan () arbor net>
Arbor Networks
+1.734.794.5033 (d) | +1.734.846.2053 (m)
www.arbornetworks.com<http://www.arbornetworks.com/>

________________________________
From: NANOG <nanog-bounces () nanog org> on behalf of Jörg Kost <jk () ip-clear de>
Sent: Thursday, October 13, 2016...

Re: Two BGP peering sessions on single Comcast Fiber Connection? Jörg Kost (Oct 13)
So how do they connect ip6 sessions? ;-)

Jörg

Re: Two BGP peering sessions on single Comcast Fiber Connection? Dovid Bender (Oct 13)
Whenever we set up a bgp peer we do that to minimize downtime when doing
maint. It's hit or miss. HE required a second physicall connection NTT was
more than accommodating.

Re: Two BGP peering sessions on single Comcast Fiber Connection? Mike Poublon (Oct 13)
I started a thread around the same topic back on 10/16 of 2014. A
Comcast engineer (who ultimately spoke to the national product manager)
came back after discussing and said the same thing "We don't support
that". I got a slightly longer explanation of:

--------------------------------------------

In a nutshell, when we design a product we do it to accommodate the most
typical customer cases.
Given that the design includes a...

Re: Excessive Netflix DNS Traffic? Ryan, Spencer (Oct 13)
I was going to point you to the reddit thread about it, but it looks to be your thread :)

Spencer Ryan | Senior Systems Administrator | sryan () arbor net<mailto:sryan () arbor net>
Arbor Networks
+1.734.794.5033 (d) | +1.734.846.2053 (m)
www.arbornetworks.com<http://www.arbornetworks.com/>

________________________________
From: NANOG <nanog-bounces () nanog org> on behalf of Eamon Bauman <eamon () eamonbauman com>
Sent:...

Two BGP peering sessions on single Comcast Fiber Connection? rar (Oct 13)
After a many month wait, we were ready to turn up our BGP peering sessions on a new Comcast fiber connection.

With our other providers (Level 3 and Verizon) we have edge routers that directly connect between the provider's on
premise connection and our primary and a backup core routers. Each core router has a multihop BGP session with the
provider's BGP router. The goal is to keep the single BGP router from being a single point of...

Excessive Netflix DNS Traffic? Eamon Bauman (Oct 13)
Hi all,

Is anyone seeing excessive DNS traffic from game consoles (Xbox One, PS4)
running Netflix? Starting 9/29 we have been seeing significant volume of
DNS traffic from game consoles on our campus to our caching recursive
boxes. Logs show repeated requests for api-global.netflix.com and
nrdp.nccp.netflix.com.

Anyone else experiencing this?

Eamon

Re: A perl script to convert Cisco IOS/Nexus/ASA configurations to HTML for easier comprehension Jesse McGraw (Oct 13)
Lee,

FWIW, the script will work under straight Windows and I use it there
frequently.

I think Strawberry perl comes with cpanm (cpanminus) pre-installed so
you can do:

"cpanm Carton"

and then cd to wherever you've got the script saved and do:

"carton install"

to install the dependencies

Or, if you've got a set of configs with nothing sensitive/private left
in them, try the simple web version I...

Re: A perl script to convert Cisco IOS/Nexus/ASA configurations to HTML for easier comprehension Hank Nussbacher (Oct 13)
Have you tried Bash on Windows 10:
http://www.howtogeek.com/249966/how-to-install-and-use-the-linux-bash-shell-on-windows-10/
http://www.pcworld.com/article/3106463/windows/how-to-get-bash-on-windows-10-with-the-anniversary-update.html

-Hank

Re: Level 3 voice outage voytek (Oct 13)
Can anyone who was affected by last week's outage confirm that 911
services were impacted (I assume they were)?

Anyone know if the current outage is in any way related to this one from
last week?
http://downdetector.com/status/level3/map/

Re: A perl script to convert Cisco IOS/Nexus/ASA configurations to HTML for easier comprehension Lee (Oct 13)
I'm using Windows + Cygwin; maybe it's just that I don't have them
installed, but there is no sudo or apt so setup.sh isn't going to work
for me. So while I was interested in seeing what this bit looked like

I'm not willing to take any more time on this.

I appreciate all the people who've tried to help but at least for now, I'm done.

Thanks,
Lee

DEC-IX Summit New York livestream Joly MacFie (Oct 13)
https://livestream.com/internetsociety/de-cix

Re: A perl script to convert Cisco IOS/Nexus/ASA configurations to HTML for easier comprehension Jason Hellenthal (Oct 13)
Thanks for chiming in Jesse.

Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating

The American Way Dave Farber (Oct 13)
Begin forwarded message:

> From: Hendricks Dewayne <dewayne () warpspeed com>
> Date: October 13, 2016 at 10:24:58 AM EDT
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] The American Way
> Reply-To: dewayne-net () warpspeed com
>
> [Note: This item comes from friend David Rosenthal. DLH]
>
> The American Way
> President Obama promised to fight...

re A Letter from Iceland: #CanYouHearUs.IS Dave Farber (Oct 13)
Begin forwarded message:

> From: Hasan Diwan <hasan.diwan () gmail com>
> Date: October 13, 2016 at 1:44:12 PM EDT
> To: "dave () farber net" <dave () farber net>
> Subject: Re: [IP] re A Letter from Iceland: #CanYouHearUs.IS
>
>
>> On 13 October 2016 at 08:42, David Farber <farber () gmail com> wrote:
>> The population is relatively homogeneous
>
> What does this have to do with...

FBI Director James Comey will probably not be happy with Facebook's latest messenger security Dave Farber (Oct 13)
Begin forwarded message:

> From: "Charley Kline" <csk () mail com>
> Date: October 13, 2016 at 12:40:09 PM EDT
> To: "Dave Farber" <dave () farber net>
> Subject: FBI Director James Comey will probably not be happy with Facebook's latest messenger security
>
> The Facebook Messenger mobile app now has a “secret conversation” mode providing end-to-end encryption that even
> Facebook...

re A Letter from Iceland: #CanYouHearUs.IS David Farber (Oct 13)
Begin forwarded message:

From: Charles Jackson <clj () jacksons net>
Subject: Re: [IP] A Letter from Iceland: #CanYouHearUs.IS
Date: October 13, 2016 at 11:35:13 AM EDT
To: Dave Farber <dave () farber net>

It is important to keep in mind that the population of Iceland is about 300,000---about the same as the population of
the Lubbock TX metropolitan statistical area. The population is relatively homogeneous---consisting...

A Letter from Iceland: #CanYouHearUs.IS David Farber (Oct 13)
Begin forwarded message:

From: Hendricks Dewayne <dewayne () warpspeed com>
Subject: [Dewayne-Net] A Letter from Iceland: #CanYouHearUs.IS
Date: October 13, 2016 at 9:12:45 AM EDT
To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
Reply-To: dewayne-net () warpspeed com

A Letter from Iceland: #CanYouHearUs.IS
By Larry Lessig
Oct 13 2016
<...

re Facebook has repeatedly trended fake news since firing its human editors David Farber (Oct 12)
Begin forwarded message:

From: "Synthesis:Law and Technology" <synthesis.law.and.technology () gmail com>
Subject: Re: [IP] Facebook has repeatedly trended fake news since firing its human editors
Date: October 12, 2016 at 1:53:10 PM EDT
To: David Farber <dave () farber net>
Cc: ip <ip () listbox com>

Dave,

With respect, absent statistics from the time before trending became fully automated, this data is...

Facebook has repeatedly trended fake news since firing its human editors dfarber (Oct 12)
Begin forwarded message:

From: Lauren Weinstein <lauren () vortex com>
Subject: [ NNSquad ] Facebook has repeatedly trended fake news since firing its human editors
Date: October 12, 2016 at 12:25:40 PM EDT
To: nnsquad () nnsquad org

Facebook has repeatedly trended fake news since firing its human editors...

Mossberg: Why does Siri seem so dumb? David Farber (Oct 12)
Begin forwarded message:

From: Hendricks Dewayne <dewayne () warpspeed com>
Subject: [Dewayne-Net] Mossberg: Why does Siri seem so dumb?
Date: October 12, 2016 at 11:36:11 AM EDT
To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
Reply-To: dewayne-net () warpspeed com

Mossberg: Why does Siri seem so dumb?
And if doesn’t get smarter soon, what does it mean for Apple?
By Walt Mossberg
Oct 12 2016
<...

The Key Leadership Skill that Steve Jobs and Ben Franklin Share - Knowledge@Wharton David Farber (Oct 12)
> http://knowledge.wharton.upenn.edu/article/steve-jobs-benjamin-franklin-common/?utm_source=kw_newsletter&utm_medium=email&utm_campaign=2016-10-11
>
> <http://knowledge.wharton.upenn.edu/article/steve-jobs-benjamin-franklin-common/?utm_source=kw_newsletter&utm_medium=email&utm_campaign=2016-10-11>

-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed:...

Re Smart machines and the future of jobs Dave Farber (Oct 11)
Begin forwarded message:

> From: Bob Hinden <bob.hinden () gmail com>
> Date: October 11, 2016 at 2:29:59 PM EDT
> To: Dave Farber <dave () farber net>
> Cc: Bob Hinden <bob.hinden () gmail com>
> Subject: Re: [IP] Smart machines and the future of jobs
>
> Dave,
>
> For IP if you wish.
>
> I agree this is going to be a big societal issue going forward. While I think it is going to take...

Barlow benefit concert Oct 24 7:30pm at Sweetwater in Mill Valley Dave Farber (Oct 11)
http://www.sweetwatermusichall.com/event/1347933-everyday-miracle-benefit-for-mill-valley/
>
> Barlow's friends and family are staging a benefit concert to fund his
> Wellness Trust on Monday, October 24 in Mill Valley. It's at the
> Sweetwater Music Hall and will include music by many of Barlow's
> friends and collaborators, including Bob Weir, Jerry Harrison, Lukas
> Nelson, Members of String Cheese Incident,...

NSA could put undetectable "trapdoors" in millions of crypto keys Dave Farber (Oct 11)
Begin forwarded message:

> From: Hendricks Dewayne <dewayne () warpspeed com>
> Date: October 11, 2016 at 10:19:57 AM EDT
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] NSA could put undetectable "trapdoors" in millions of crypto keys
> Reply-To: dewayne-net () warpspeed com
>
> NSA could put undetectable “trapdoors” in millions of crypto keys
>...

Smart machines and the future of jobs Dave Farber (Oct 10)
Begin forwarded message:

> From: Hendricks Dewayne <dewayne () warpspeed com>
> Date: October 10, 2016 at 7:44:11 AM EDT
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] Smart machines and the future of jobs
> Reply-To: dewayne-net () warpspeed com
>
> [Note: This item comes from reader Randall Head. DLH]
>
> Smart machines and the future of jobs
> By...

Re: Spotify is causing a major problem for economists Dave Farber (Oct 09)
Begin forwarded message:

> From: Hendricks Dewayne <dewayne () warpspeed com>
> Date: October 9, 2016 at 2:38:18 PM EDT
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] Re: Spotify is causing a major problem for economists
> Reply-To: dewayne-net () warpspeed com
>
> [Note: This comment comes from friend Steve Schear. DLH]
>
> From: Steven Schear...

CIA 'Siren Servers' can predict social uprisings 3-5 days in advance Dave Farber (Oct 08)
Begin forwarded message:

> From: Hendricks Dewayne <dewayne () warpspeed com>
> Date: October 8, 2016 at 8:23:40 AM EDT
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] CIA 'Siren Servers' can predict social uprisings 3-5 days in advance
> Reply-To: dewayne-net () warpspeed com
>
> CIA ‘Siren Servers’ can predict social uprisings 3-5 days in advance...

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

Risks Digest 29.84 RISKS List Owner (Oct 12)
RISKS-LIST: Risks-Forum Digest Wednesday 12 October 2016 Volume 29 : Issue 84

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.84>
The current issue can also...

Risks Digest 29.83 RISKS List Owner (Oct 10)
RISKS-LIST: Risks-Forum Digest Monday 10 October 2016 Volume 29 : Issue 83

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.83>
The current issue can also be...

Risks Digest 29.82 RISKS List Owner (Oct 08)
RISKS-LIST: Risks-Forum Digest Saturday 8 October 2016 Volume 29 : Issue 82

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.82>
The current issue can also be...

Risks Digest 29.81 RISKS List Owner (Oct 04)
RISKS-LIST: Risks-Forum Digest Tuesday 4 October 2016 Volume 29 : Issue 81

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.81>
The current issue can also be...

Risks Digest 29.80 RISKS List Owner (Oct 03)
RISKS-LIST: Risks-Forum Digest Monday 3 October 2016 Volume 29 : Issue 80

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.80>
The current issue can also be...

Risks Digest 29.79 RISKS List Owner (Sep 24)
RISKS-LIST: Risks-Forum Digest Saturday 24 September 2016 Volume 29 : Issue 79

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.79>
The current issue can also...

Risks Digest 29.78 RISKS List Owner (Sep 22)
RISKS-LIST: Risks-Forum Digest Thursday 22 September 2016 Volume 29 : Issue 78

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.78>
The current issue can also...

Risks Digest 29.77 RISKS List Owner (Sep 16)
RISKS-LIST: Risks-Forum Digest Friday 16 September 2016 Volume 29 : Issue 77

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.77>
The current issue can also...

Risks Digest 29.76 RISKS List Owner (Sep 12)
RISKS-LIST: Risks-Forum Digest Monday 12 September 2016 Volume 29 : Issue 76

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.76>
The current issue can also...

Risks Digest 29.75 RISKS List Owner (Sep 06)
RISKS-LIST: Risks-Forum Digest Tuesday 6 September 2016 Volume 29 : Issue 75

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.75>
The current issue can also...

Risks Digest 29.74 RISKS List Owner (Sep 02)
RISKS-LIST: Risks-Forum Digest Friday 2 September 2016 Volume 29 : Issue 74

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.74>
The current issue can also be...

Risks Digest 29.72 RISKS List Owner (Aug 24)
RISKS-LIST: Risks-Forum Digest Wednesday 24 August 2016 Volume 29 : Issue 72

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.72>
The current issue can also...

Risks Digest 29.71 RISKS List Owner (Aug 22)
RISKS-LIST: Risks-Forum Digest Monday 22 August 2016 Volume 29 : Issue 71

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.71>
The current issue can also be...

Risks Digest 29.70 RISKS List Owner (Aug 18)
RISKS-LIST: Risks-Forum Digest Thursday 17 August 2016 Volume 29 : Issue 70

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.70>
The current issue can also be...

Risks Digest 29.69 RISKS List Owner (Aug 16)
RISKS-LIST: Risks-Forum Digest Tuesday 16 August 2016 Volume 29 : Issue 69

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.69.html>
The current issue can...

BreachExchange — BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.

Businesses Using New Tech to Manage Cyber Threats Audrey McNeil (Oct 12)
http://www.cpapracticeadvisor.com/news/12267305/businesses-
using-new-tech-to-manage-cyber-threats

There is a distinct shift in how organizations are now viewing
cybersecurity, with forward-thinking organizations understanding that an
investment in cybersecurity and privacy solutions can facilitate business
growth and foster innovation. The Global State of Information Security®
Survey 2017, released today by PwC US in conjunction with CIO and...

How 'Security Fatigue' Affects Our Choices Online Audrey McNeil (Oct 12)
http://www.eweek.com/security/how-security-fatigue-affects-
our-choices-online.html

An overabundance of security news and alerts has led to "security fatigue,"
which is causing users to make bad choices when it comes to online
security, suggests a reportfrom the National Institute of Standards and
Technology (NIST).

Although the report just came out Oct. 4, the data collection for the study
took place from January to March 2011 and...

HIPAA Compliance – Not Just an Issue for Health Care Providers Audrey McNeil (Oct 12)
http://www.jdsupra.com/legalnews/hipaa-compliance-
not-just-an-issue-for-31185/

Many people believe that compliance with the Health Insurance Portability
and Accountability Act of 1996 (“HIPAA”) is solely an issue for health care
providers and their affiliates. However, nothing could be further from the
truth. As described below, any employer that sponsors a self-insured group
health plan for its employees will have substantial HIPAA...

Dropbox's Layered Approach to Password Security Audrey McNeil (Oct 12)
http://www.databreachtoday.com/dropboxs-layered-approach-
to-password-security-a-9441

Dropbox has battened down its security hatches. There's good reason: The
company was one of many this year that have faced nightmarish news that
rumors of a password breach were, in fact, true. It's still unclear how
Dropbox and companies including Yahoo, LinkedIn, MySpace and Twitter were
hacked, or why the stolen data only circulated more widely...

How to Mitigate Data Breaches In Health IT Audrey McNeil (Oct 12)
http://www.information-management.com/news/security/
how-to-mitigate-data-breaches-in-health-it-10029944-1.html

What once was only science fiction is now our reality, anything and
everything can be hacked.

For healthcare providers, ‘anything’ includes not only patient records and
claims information, but sentient things like drug pumps and pacemakers. In
addition, healthcare has operational functionality that make this space
particularly...

Sprouts Data Breach Class Action Lawsuits Consolidated in Arizona Audrey McNeil (Oct 12)
https://topclassactions.com/lawsuit-settlements/lawsuit-
news/346589-sprouts-data-breach-class-action-lawsuits-consolidated-arizona/

A group of class action lawsuits alleging that Sprouts, a natural foods
store chain, released W-2 information about its employees as part of a
phishing scam were consolidated by the Judicial Panel on Multidistrict
Litigation.

According to the class actions, a Sprouts payroll employee received an
email believed to...

Data Breach Class Action Case Dismissed Against Barnes & Noble Audrey McNeil (Oct 11)
http://www.jdsupra.com/legalnews/data-breach-class-
action-case-dismissed-12038/

A federal judge in Illinois dismissed the class action lawsuit filed
against Barnes & Noble stemming from a data breach in 2013. The breach
occurred when credit and debit card PIN pads were compromised at 63 Barnes
& Noble stores.

The Judge found that the consumers did not plead sufficient harm in order
to state a claim against Barnes & Noble and were...

In Data Breach Suit, Federal Court Holds Banks To Higher Standard Than Customers Audrey McNeil (Oct 11)
http://www.jdsupra.com/legalnews/in-data-breach-suit-
federal-court-holds-38060/

On Wednesday, September 28, 2016, an Illinois federal district
judgedismissed data breach-related claims brought by numerous banks against
a grocer citing the sophistication of the business relationship between the
banks and the grocer as a main reason the claims could not proceed.

Between December 2012 and March 2013, Schnucks, a grocery chain
headquartered in St....

Your Company Needs a Communications Plan for Data Breaches Audrey McNeil (Oct 11)
https://hbr.org/2016/10/your-company-needs-a-communications-plan-for-data-
breaches

In an instant, any business can find itself in the frightening position of
watching the brand you’ve worked so hard to build being taken to its knees
by a cyber breach. Few things are more damaging to a brand’s reputation
than a hack in the headlines, and in the event of a public security
incident, it’s highly likely that the Chief Marketing Officer (CMO)...

BuzzFeed Hacked By OurMine In Response To Alleged Expose Audrey McNeil (Oct 11)
http://www.valuewalk.com/2016/10/buzzfeed-hack/

After the threatening and robbing of Kim Kardashian in Paris past week,
celebrities are concerned whether her frequent use of social media made her
more vulnerable, and might be reassessing their social media sharing.
However, for famous and prominent people, this will not resolve another
threat, hacking.

OurMine, the hacking group, known for insinuating the digital accounts of
CEOs, VCs, and...

Leading The Path With Information Governance Audrey McNeil (Oct 11)
http://www.hitechanswers.net/leading-path-information-governance/

Security Issues

When hearing the words “information governance”, at first glance, you think
‘does this deal with the government’? In fact, it is a part of something
larger than we expected: healthcare information and data security. Lately
in the healthcare news, we have been hearing a significant increase
surrounding cyber security threats to healthcare industry most...

HIE breach raises new, unanticipated questions Audrey McNeil (Oct 11)
http://www.fiercehealthcare.com/it/hie-s-breach-raises-
new-unanticipated-questions

Yet again a tree fell down in the health IT forest and it didn’t make a
sound.

But it should. One of the worst fears about health IT has been realized,
and it’s probably just the tip of the iceberg.

Boston-based Codman Square Health Center reported to the Department of
Health and Human Services last month that an employee of an outside vendor
obtained...

How to shield your company from cyber enforcement Audrey McNeil (Oct 10)
http://www.networkworld.com/article/3128763/leadership-
management/how-to-shield-your-company-from-cyber-enforcement.html

A lot has changed in the world of cyber regulation. September 2015 saw the
widely reported SEC administrative proceeding against RT Jones for
violating the “Safeguard Rule” in failing to establish and implement
written cyber protection policies. Next was Morgan Stanley. And this past
March the Consumer Financial...

Fighting new cyber-threats the 'old-fashioned' way doesn't work Audrey McNeil (Oct 10)
http://www.scmagazineuk.com/fighting-new-cyber-threats-
the-old-fashioned-way-doesnt-work/article/524170/

With all the sophisticated tools at their disposal, the first reaction by
IT remediation teams charged with fixing the damage caused by hackers and
rooting them out of a network is usually the best - and often the only -
response available. According to a recent survey from the SANS Institute,
these IT remediation teams “manually isolate...

Protect Your Business from Crafty Hackers Audrey McNeil (Oct 10)
http://nationalcybersecurity.com/protect-business-crafty-hackers/

We’d all like to believe we are immune to cybersecurity threats, but the
truth is that anyone could be hacked at any time. It doesn’t matter if you
own a large enterprise company or are an individual doing a little online
shopping, hackers are hungry for your personal information.

This is especially true for small businesses. In fact, nearly half of small
businesses suffered...

Open Source Tool Development

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

Re: Linking on OSX Sierra Francisco Javier Sanchez-Roselly (Oct 13)
hi All,

i have been following the thread as it was impossible for me to install Wireshark from the sources in Sierra -the
previous El Capitan installation worked nicely-.

i have tried the steps described in README.macos, afterwards i have installed the ‘required' ports but my install hangs
because of an error on ‘uic-qt5’. finally i did configure successfully disabling qt, but wireshark-gtk stops because of
a missed image file.

i...

RPCAP module for hydra Dario Lombardo (Oct 13)
I'd like to share with you that a new module has been added to thc-hydra,
the password cracker.
This is a module to crack a RPCAP access. I didn't have tested it so far,
but it's on my todo list.
Have fun!
Dario.

https://github.com/vanhauser-thc/thc-hydra/pull/165

Re: Linking on OSX Sierra Graham Bloice (Oct 12)
CMake standard repair #1 :-)

Re: Linking on OSX Sierra Evan Huus (Oct 12)
Completely blowing away the build directory and starting again seems
to have fixed it. That was really weird, especially since (to my
knowledge) I don't even have a source build of libpcap on this
machine.

Anywho, thanks everyone for the help!

Re: Linking on OSX Sierra Guy Harris (Oct 12)
Yeah, that's one of a pile of test programs I wrote to test various libpcap features.

The binary is *not* part of a libpcap installation, so there shouldn't be an executable for it unless the test programs
were built.

Evan, what happens if you remove the build directory entirely, re-create it, do a cmake in it, and then redo the build?

Re: Linking on OSX Sierra Jeff Morriss (Oct 12)
Just for fun I did a quick search for that Usage output (minus the
"Wireshark" prefix which is clearly $0) and found this program which has
that exact output:

https://github.com/the-tcpdump-group/libpcap/blob/master/tests/capturetest.c

Re: Linking on OSX Sierra Evan Huus (Oct 11)
`run/wireshark` is a shell script pointing to
`./run/Wireshark.app/Contents/MacOS/Wireshark` the way it should. That
file is a Mach-O 64-bit executable x86_64. Running that file directly
has the same issues, so I suppose something is overwriting it or
mis-linking it or something.

Re: Linking on OSX Sierra Roland Knall (Oct 08)
Just a quick info, I am running on Sierra as well, and had to update Xcode
as well as the command-line utilities. Wireshark build s and runs fine here.

Fyi, I am using Qt5.7 and ports

regards
Roland

Re: The best practice to capture on the raw 802.11 interface on Windows Yang Luo (Oct 07)
And although I didn't find the evidence in the code, I hope that Wireshark
won't call pcap_can_set_rfmon() for adapters which are not even wireless
adapters. Because if we open the adapter in pcap_can_set_rfmon(), this
function will be slower than before and impacts the performance for a large
amount of calling I think.

Cheers,
Yang

Re: The best practice to capture on the raw 802.11 interface on Windows Yang Luo (Oct 07)
Hi Guy,

Thanks for the clarification! I still have one question.

*I can't find a way to check which 802.11 operation modes an adapter
supports without querying OID in Npcap driver.* I have posted a question
here:
http://stackoverflow.com/questions/39928736/how-to-get-the-supported-802-11-operation-modes-for-a-wlan-adapter-in-user-mode.
But I don't think I can get a satisfactory answer. You also said in a
previous post (...

Re: Linking on OSX Sierra Guy Harris (Oct 07)
...and that's not Wireshark's "invalid command-line argument" error message.

So what does "file run/wireshark" print?

And if it's a shell script, what does it contain?

Re: Linking on OSX Sierra Gerald Combs (Oct 07)
Weird. ./run/wireshark should be a shell script generated by CMakeLists.txt
that execs run/Wireshark.app/Contents/MacOS/Wireshark. Does running
run/Wireshark.app/Contents/MacOS/Wireshark behave differently?

Re: Docker image for WS Build Roland Knall (Oct 07)
I've got used to the manual approach. But will take a look at it.

Regards
Roland

Re: The best practice to capture on the raw 802.11 interface on Windows Guy Harris (Oct 07)
Yes, they *have* chosen it.

For Wi-Fi adapters, there's a checkbox in the Capture Options dialog, in the "Monitor" column. If that checkbox is
checked, the user has said that, if they've selected that interface as one on which to captures, when they start the
capture, it should capture in monitor mode. If it's not checked, they've said that it should not capture in monitor
mode.

This does, in fact, work...

Re: The best practice to capture on the raw 802.11 interface on Windows Yang Luo (Oct 07)
Hi Guy,

I have encountered one issue when implementing as what you said. This is:

*What value should PacketGetNetType() return for a wireless
adapter? NdisMedium802_3 or NdisMediumRadio80211?*

This value reflects on Wireshark Capture Options's "Link-layer header", and
controls how Wireshark dissects the packets. As you said, whether the
traffic is fake Ethernet or raw 802.11 is based on whether the monitor mode
is enabled....

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

error Savan Patel (Oct 14)
ERROR: c:\Snort\etc\snort.conf(250) Missing/incorrect dynamic engine lib
specifier.
Fatal Error, Quitting..
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change...

Re: snort inline mode and bridge Y M (Oct 13)
Hello Vincent,

I haven't tried this before, but when building Snort, there is this build option:

"--enable-inline-init-failopen Enable Fail Open during initialization for Inline Mode (adds pthread support
implicitly)"

Have you tried this? I would be interested to know if this achieves what you need.

YM

________________________________
From: Vincent Li <vincent.mc.li () gmail com>
Sent: Friday, October 14, 2016 1:59:05...

snort inline mode and bridge Vincent Li (Oct 13)
Hi,

I am running snort in IPS afpacket inline mode (-i eth0:eth1) on a
lower end PC between my ISP modem and my home router in my home
network. I use pulledpork to update signatures daily. I noticed that
if snort needs to be restarted ( I have not test reload on ubuntu
16.04 with systemd) to take the new signatures, during the restart
period, my home Internet is down for a few minutes because it took too
long for snort to load these rules on...

Incomplete Header with HTTP Inspect Original Client IP enabled Daniel Garczek (Oct 13)
Hi Snort Community,

I am using the enable_xff option within the http inspect preprocessor to
parse and log the original client IP present in the X-Forwarded-For or
True-Client-IP HTTP request headers. As soon as I launch Snort, I start
getting alerts labeled http_inspect: INVALID IP IN TRUE-CLIENT-IP/XFF
HEADER.

Looking at the payload in Snorby, I notice that the X-Forwarded-For or
True-Client-IP is incomplete. Usually one or two octets of the...

Snort Subscriber Rules Update 2016-10-13 Research (Oct 13)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the browser-other,
file-flash, file-office, file-pdf, malware-cnc and server-webapp rule
sets to provide coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

IPv6 ASCII Logging Error in Windows Randy Chow (Oct 12)
Hello everyone, hopefully someone can help. I have snort all configured and running until it hits a IPv6 packet then
fails to make directory and crashes out. I use ascii to log as I just want it organized nicely by folders. People are
saying use -b, but that does not allow desperate folders for each IP. I can use an older version to disable IPv6, but
it is not suggested. Thank you....

Snort IPS with one NIC Dave Corsello (Oct 12)
I am considering using a remotely hosted server as a web server, and
would like to know if it is possible to protect it with Snort IPS. I've
been using Snort inline for several years using the usual 3
interfaces--two bridged and one for management. Can Snort be run in IPS
mode to protect the local server with only one network interface? Seems
like this must have been asked many times before--sorry if this is a repeat....

Re: snort rules to track Potential Criticality windows event Arun Saini (Oct 11)
Can anyone help or guide here on below?
How to get these events in snort??

Arun Saini
about.me/arun.saini
Mobile: +91-9890738762
in.linkedin.com/in/mailarunsaini

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot_______________________________________________
Snort-users mailing list...

Snort Subscriber Rules Update 2016-10-11 Research (Oct 11)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the exploit-kit,
file-flash and malware-cnc rule sets to provide coverage for emerging
threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2016-10-11 Research (Oct 11)
Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Security Bulletin MS16-118:
Microsoft Internet Explorer suffers from programming errors that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 40364 through 40365,
40372 through 40375, 40378...

Razorback a bv (Oct 11)
Hi all,

I was trying to find open source solutions for finding and preventing APTs
so razorback came from our lovely snort. I tried to download virtual
appliances but most of them were undownloable but could an older one and
open in on vmware. There are no so documentation about deployement
features etc. I wanna ask the people here who evaluated or deployed
razorback and have some feedback recommandations.

Regards...

Doubt about rule at Snort Jader Friderichs Vieira (Oct 07)
Hello, I'm making a study about the rules of Snort and the tool Weka Data Mining together.

So, I do not have experience with Snort and I'd like to helps to create a rule. I'm using two fundamental attributes to
my project.

Same_srv_rate =% of connections to the same service

The first question, How could I get this ? because there is a calculation to get this result and I did not find the
form to make this.

2 flag - I need a...

Re: Snort vs Proofpoint Emerging Threats Dave Killion (Oct 07)
And that's mostly what everyone is counting on you to do.

There's a similar problem with "Cyber Threat Intelligence" feeds as well -
no one knows what they don't know, so if there isn't overlap, should you
get both???

It's a thing, for sure...

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech...

Re: Snort vs Proofpoint Emerging Threats Shawn Maggard (Oct 06)
Thank you all for your help. We will probably go with both to make sure we
are covered.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net...

Snort Subscriber Rules Update 2016-10-06 Research (Oct 06)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the browser-ie,
exploit-kit, file-pdf, malware-cnc, protocol-dns and server-webapp rule
sets to provide coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

More Lists

Related Resources

We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.