|
SecLists.Org Security Mailing List Archive
Any hacker will tell you that the latest news and exploits are not
found on any web site—not even Insecure.Org. No, the cutting edge
in security research is and will continue to be the full
disclosure mailing lists such as Bugtraq. Here we provide web
archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:
 Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.
Re: I need a replacement for AutoScan Network
ToddAndMargo (Dec 23)
Hi Jasey,
EtherApe is a Monitor. I am looking for something
that goes actively looking.
Thank you anyway!
-T
Re: I need a replacement for AutoScan Network
Jasey DePriest (Dec 23)
Have you looked at EtherApe?
http://etherape.sourceforge.net/
It would probably do the detection for you although the interface is
entirely different.
-Jasey DePriest
Re: I need a replacement for AutoScan Network
ToddAndMargo (Dec 23)
Re: I need a replacement for AutoScan Network
Daniel Miller (Dec 23)
Todd,
Thanks for inquiring. I'm not sure exactly how AutoScan Network does this,
so I don't know the best way to replace that function. But here are some
ideas:
* The targets-sniffer script will sniff for packets on the network
interface and report the IPs it detects. This can be done without
specifying IP addresses on the command line. If you add `--script-args
newtargets` these IPs will be added to the scan queue, but if they are...
I need a replacement for AutoScan Network
ToddAndMargo (Dec 23)
Hi All,
Try as I may, I am not finding a decent substitute for Auto Scan
Network, which is abandoned.
http://autoscan-network.com/
Auto Scan Network stopped working as of Fedora Core 24
and Windows 7. And Auto Scan has not been maintained
since 2010. :'(
I have used Auto Scan Network to find double routers installed
on networks where customers have changed ISP and never
removed the old routers. Auto Scan instantly showed I had
devices...
Re: smb-enum-shares
Barry Dragoon (Dec 23)
I can't get it to work either. I believe it has to do with the script
smbauth.lua not being able to create a valid ntlmv2 hash to pass to the
windows operating system (OS).
The newer windows OSes are validating the request for access with a
different methodology than the earlier versions. It seems that changing
the default security policy on the local machine might work by allowing
ntlmv1 credentials to pass, but then you're...
Who uses the Nmap Windows silent install feature, and why?
Fyodor (Dec 22)
Hi folks! We were thinking of making some changes to the little-known
"silent" install feature of the Nmap Windows installer (the /S command-line
option), but I wanted to check first who (if anyone) is using it now, and
why? Basically there are a couple problems with having this feature:
1) This doesn't happen a lot, but sometimes malware/rootkits/botnets will
either include Nmap or have the compromised system download it as...
smb-enum-shares
Louis Sanchez (Dec 22)
I cannot get this to work, I'm not sure if it's a bug. See below, I
verified that the share is open using smbmap. The account I made is smbuser
with a password smbuser.
root@kali:~# nmap --script smb-enum-shares --script-args
smbuser=smbuser,smbpass=smbuser -p445 192.168.2.247
Starting Nmap 7.01 ( https://nmap.org ) at 2016-12-22 20:55 EST
Nmap scan report for Louis-Surface (192.168.2.247)
Host is up (0.00088s latency).
PORT STATE...
Pull Request - Allow the RMI script to connect using SSL
Adith Sudhakar (Dec 21)
Hi Nmap-Devs,
I recently submitted an enhancement to the rmi.lua script with the
following pull request:
https://github.com/nmap/nmap/pull/621
"The rmi-dumpregistry is a very popular nmap script which uses rmi.lua to
make a connection to a rmi registry. However, this script will not work for
RMI registries accepting only SSL connections. I've modified the rmi.lua
script to allow connections to the RMI registry over SSL. Now the RMI...
[NSE] tn3270 library review and minor updates
Phil (Dec 20)
Hi All,
Finally got around to reviewing the changes/updates to the tn3270 library/scripts. Thanks for reviewing/updating them!
I’ve done some preliminary testing and the changes work great on a few systems I looked at.
I’ve submitted the following pull request: https://github.com/nmap/nmap/pull/619 <https://github.com/nmap/nmap/pull/619>
With the following changes:
In cics-user-enum.nse added support for RACF
Deleted uneeded...
RE: smb-enum-shares.nse
Rob Nicholls (Dec 19)
Hi Barry,
Nmap’s SMB authentication library defaults to sending NTLMv1 only:
https://nmap.org/nsedoc/lib/smbauth.html
To use NTLMv2 instead you should be able to use script arguments to set the “smbtype” to “v2”, which sends LMv2 and
NTLMv2. Ron has mentioned a limitation that he couldn’t get signatures to work on v2 protocols, so if you require
signing (and I’m guessing you probably do if your environment requires NTLMv2) it...
smb-enum-shares.nse
Barry Dragoon (Dec 19)
I'm unable to use the subject script, "smb-enum-shares.nse" when I attempt
to find the shares in our NTLMv2 environment. If I scan for open shares in
our network, the "service account" I'm using will get "locked out" after 6
bad password attempts (due to group policy). I have included debugging
info below. It looks to me that smbauth isn't able to convert the NTLMv1
hash to NTLMv2 and thus the bad...
Re: NSE script contribution - http-hsts-verify
Ícaro Torres (Dec 19)
Hello Jah,
Thank you for all attention and tips.
I am sorry the delay in this response, I only saw this message yesterday in
the morning.
All the improvement recomended was done, please, see the code in the NSE
file attached.
Best Regards for all.
2016-12-16 8:22 GMT-03:00 jah <jah () zadkiel plus com>:
Re: Doubt about nmap -sP
Sundhar (Dec 18)
Hi,
Thanks for replying. As you said I scanned my network again(both with
root and as a regular user), this time I ensured that the phone is not in
standby mode but still the problem seams to exist. I also tried -sn in this
mode nmap did not discover the phone when it is being operated as root (I
tried for 5 times) but it is able to detect with same problem as that of
-sP when it is not in root.I am attaching the screen shots of all the...
Re: Doubt about nmap -sP
Jacek Wielemborek (Dec 17)
W dniu 16.12.2016 o 05:03, Sundhar pisze:
What conditions change? For example, do you get your phone up from
standby between tests? Like in first test (where the phone isn't
discovered) has the phone been in standby for a long period, then you
acivated it before the second attempt and it re-connected to the network?
Or could it be that you had one attempt as a regular user and the other
as root? I wouldn't be surprised if Nmap's...
 Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.
Nmap 7.40 Holiday Release: a dozen new NSE scripts, hundreds of new fingerprints, new Npcap, faster brute forcing, and more...
Fyodor (Dec 20)
Happy holidays from the Nmap Project! In case your Christmas break plans
involve a lot of port scanning, we're delighted to announce our holiday
Nmap 7.40 release! This version stuffs your stockings with dozens of new
features, including:
- 12 new NSE scripts
- Hundreds of updated OS and version detection detection signatures
- Faster brute force authentication cracking and other NSE library
improvements
- A much-improved...
Nmap 7.31 stability-focused point release
Fyodor (Oct 21)
Hi folks. I'm happy to report that the big Nmap 7.30 release last month
was a great success. We didn't even see as many bugs as expected for such
a large release, but we have collected and fixed the ones which did arise
in the last few weeks into a new 7.31 point release. It includes the
latest updates to our new Npcap driver, a fix for Nping on Windows, and
more.
Nmap 7.31 source code and binary packages for Linux, Windows, and Mac...
Nmap 7.30 Released with new NSE scripts, new Npcap, new Fingerprints, etc.
Fyodor (Sep 29)
Hi folks! You may have noticed that we've only been releasing Nmap betas
for the last 6 months because we've had so much new code and so many
features to integrate thanks to hard work from both our regular team and
the 5 Google Summer of Code summer interns. But we spent the last month
focused on stability and I'm pleased to announce Nmap 7.30--our first
stable release since 7.12 back in March.
Even though it's a stable...
Nmap 7.25BETA2 Birthday Release
Fyodor (Sep 01)
Hi folks! I'm happy to report that today is Nmap's 19th birthday and
instead of cake, we're celebrating open source style with a new release!
Nmap 7.25BETA1 includes dozens of performance improvements, bug fixes, and
new features. The full list is below, and includes a major LUA upgrade for
NSE scripts, a new overlapped I/O engine for better Windows performance, a
much-improved version of our new Npcap packet capturing driver,...
Nmap 7.25BETA1 Released with our new Npcap driver, 6 new NSE scripts, and more!
Fyodor (Jul 19)
Hi folks! As you may know, we've been working for the last 3 years on an
improved Windows packet capturing library named Npcap. It's based on the
original WinPcap (which hasn't been maintained in years), but we rewrote
the driver to use modern APIs (NDIS 6) for better performance. It also
improves security and enables new features. For example, Npcap allows Nmap
to do raw scans (including SYN scans and OS detection) of localhost...
Introducing the 2016 Nmap/Google Summer of Code Team!
Fyodor (May 09)
Hello everyone. Google has agreed to sponsor five amazing students to
spend this summer enhancing the Nmap Security Scanner and I'm proud to
introduce our 2015 team:
*Abhishek Singh* will be working as a Feature Creeper and Bug Hunter,
making improvements throughout the Nmap codebase. The project hasn't even
started yet and he's already found and fixed several NSE script bugs and
has other code changes in the works. Abhishek is...
Nmap 7.10 released: 12 new scripts, hundreds of OS/version fingerprints, bug fixes, and more!
Fyodor (Mar 17)
Hi Folks! Before I tell you about today's new Nmap release, I wanted to
share some Summer of Code news:
Google posted a fantastic story by one of our Summer of Code alumni about
how the program helped take him from rural China to a full-ride scholarship
at the University of Virginia graduate school! His mentor David and I had
the chance to meet him in San Francisco:...
Nmap Project Seeking Talented Programmers for Google Summer of Code 2016
Fyodor (Feb 29)
Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're one...
Nmap 7 Released!
Fyodor (Nov 19)
Hi folks! After 3.5 years of work by more than 100 contributors and 3,200
code commits since Nmap 6, we're delighted to announce Nmap 7! Compared to
Nmap 6, we now have 171 new NSE scripts, mature IPv6 support for everything
from host discovery to port scanning to OS detection, better
infrastructure, significant performance improvements, and a lot more!
For the top 7 improvements in Nmap 7, see the release notes:
https://nmap.org/7
Or...
Nmap 6.49BETA6: 10 new NSE scripts, hundreds of new OS and version detection, GSoC improvements, and more!
Fyodor (Nov 03)
Hi folks! I'm happy to announce the release of Nmap 6.49BETA6 with many
great improvements! This includes a lot of work from our Summer of Code
students as well as our regular crew of developers. The release has 10 new
NSE scripts, hundreds of new IPv4 and IPv6 OS detection signatures, and a
bunch of new version detection sigs bringing our total above 10,000! There
are dozens of other improvements as well.
As usual, Nmap 6.49BETA5...
Nmap GSoC 2015 Success Report
Fyodor (Oct 19)
Nmap hackers:
I'm pleased to report the successful completion of our 11th Google Summer
of Code. And this year all five of our students passed! They added many
great features and improvements which Nmap users are sure to enjoy. Much
of their work has already been integrated in the Nmap 6.49BETA5 release
last month, and we're working to integrate even more in the upcoming stable
version. Let's look at their accomplishments...
Nmap Project News: 6.49BETA5 release, 18th Birthday, Movie Star, Summer of Code success, Shwag, etc
Fyodor (Sep 25)
Hi folks. I know I haven't posted to this Nmap Announcement lists since
June, but we've had a very busy summer and I'm going to try and catch you
up in one go!
First of all, we've had four new releases since then, including today's
release of Nmap 6.49BETA5. They are all stability-focused releases to fix
all the bugs and problems we can find in preparation for a big upcoming
stable release in October (I hope).
As...
Nmap 6.49BETA1 released! New scripts, new signatures, new ASCII art!
Fyodor (Jun 03)
Hi Folks. I'm happy to announce the release of Nmap 6.49BETA1. This
version has hundreds of improvements, including:
* 25 new NSE scripts (total is now 494)
* Integrated all of your latest OS detection and version/service detection
submissions (including IPv6). This allows Nmap to properly identify Linux
3.18, Windows 8.1, OS X 10.10, Android 5, etc. We now have more than 10,000
service detection signatures!
* Infrastructure...
Introducing the 2015 Nmap/Google Summer of Code Team!
Fyodor (May 07)
Hello everyone. Google has agreed to sponsor five amazing students to
spend this summer enhancing the Nmap Security Scanner and I'm proud to
introduce our 2015 team:
*Andrew Farabee* will be working to refactor parts of the Nmap codebase in
ways which enable more functionality while also improving performance and
hopefully easing code maintenance too! His first task involves adding a
SOCKS proxy name resolution feature to enable scanning...
Nmap Project Seeking Talented Programmers for Google Summer of Code
Fyodor (Mar 24)
Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're...
 Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
[RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto
RedTeam Pentesting GmbH (Dec 23)
Advisory: Padding Oracle in Apache mod_session_crypto
During a penetration test, RedTeam Pentesting discovered a Padding
Oracle vulnerability in mod_session_crypto of the Apache web server.
This vulnerability can be exploited to decrypt the session data and even
encrypt attacker-specified data.
Details
=======
Product: Apache HTTP Server mod_session_crypto
Affected Versions: 2.3 to 2.5
Fixed Versions: 2.4.25
Vulnerability Type: Padding Oracle...
copy-me vulnerable to CSRF allowing unauthenticated attacker to copy posts (WordPress plugin)
dxw Security (Dec 21)
Details
================
Software: copy-me
Version: 1.0.0
Homepage: http://wordpress.org/plugins/copy-me/
Advisory report:
https://security.dxw.com/advisories/copy-me-vulnerable-to-csrf-allowing-unauthenticated-attacker-to-copy-posts/
CVE: Awaiting assignment
CVSS: 4.3 (Medium; AV:N/AC:M/Au:N/C:N/I:P/A:N)
Description
================
copy-me vulnerable to CSRF allowing unauthenticated attacker to copy posts
Vulnerability
================
This...
[0-day] RCE and admin credential disclosure in NETGEAR WNR2000
Pedro Ribeiro (Dec 21)
Hi,
tl;dr
RCE in NETGEAR WNR2000 routers, exploitable over the LAN by default or
over the WAN if remote administration is enabled.
10.000 devices affected show up in Shodan - these are the ones with
remote admin enabled. There are likely tens of thousands of vulnerable
routers in private LANs as this device is extremely popular.
As usual, NETGEAR did not respond to any of my emails, so I'm releasing
this advisory and exploit code as a...
CVE-2014-4138: MSIE 11 MSHTML CPasteCommand::ConvertBitmaptoPng heap-based buffer overflow
Berend-Jan Wever (Dec 21)
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the 37th entry in the
series. This information is available in more detail on my blog at
http://blog.skylined.nl/20161221001.html. There you can find a repro
that triggered this issue in addition to the information below, as well
as a Proof-of-Concept exploit that attempts to prove exploitability.
If you find these releases...
NEW VMSA-2016-0023 VMware ESXi updates address a cross-site scripting issue
VMware Security Response Center (Dec 20)
----------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2016-0023
Severity: Important
Synopsis: VMware ESXi updates address a cross-site
scripting issue
Issue date: 2016-12-20
Updated on: 2016-12-20 (Initial Advisory)
CVE number: CVE-2016-7463
1. Summary
VMware ESXi updates address a cross-site scripting issue.
2. Relevant Releases
VMware vSphere...
[ERPSCAN-16-035] SAP Solman - user accounts disclosure
ERPScan inc (Dec 20)
Application: SAP Solman
Versions Affected: SAP Solman 7.1-7.31
Vendor URL: http://SAP.com
Bugs: Information Disclosure
Sent: 12.07.2016
Reported: 13.07.2016
Vendor response: 13.07.2016
Date of Public Advisory: 13.09.2016
Reference: SAP Security Note 2344524
Author: Roman Bezhan (ERPScan)
Description
1. ADVISORY INFORMATION
Title:[ERPSCAN-16-035] SAP Solman – user accounts disclosure
Advisory ID:[ERPSCAN-16-035]
Risk: high...
New BlackArch Linux ISOs (2016.12.20) released!
Black Arch (Dec 20)
Dear list,
We've released the new BlackArch Linux ISOs along with many
improvements. They include more than 1600 tools now. The armv6h and
armv7h repositories are filled with about 1400 tools.
The x86_64 and i686 live ISOs now exceeds 6GB!
A short ChangeLog of the Live-ISOs:
- include linux kernel 4.8.13
- added more than 100 new tools
- updated all blackarch tools
- updated all system packages
- fix lxdm shutdown/reboot...
CVE-2014-1785: MSIE 11 MSHTML CSpliceTreeEngine::RemoveSplice use-after-free
Berend-Jan Wever (Dec 20)
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the 36th entry in the
series. This information is available in more detail on my blog at
http://blog.skylined.nl/20161220001.html. There you can find a repro
that triggered this issue in addition to the information below, as well
as a Proof-of-Concept exploit that attempts to prove exploitability.
If you find these releases...
Hotlinking Vulnerability in Glype (All Versions)
Celso Bento (Dec 19)
A vulnerability exists in the hotlinking feature of Glype on all versions
that allow the bypass and makes possible to link directly to proxified
files or develop aplications that integrate direct linking into the url.
This was found while trying to build a DDOS tool that take advantage of
installed copies of Glype worldwide. Since it wasn't possible to develop a
fast tool using common libraries such as jQuery this note was been
released....
CVE-2013-6627: Chrome Chrome HTTP 1xx base::StringTokenizerT<...>::QuickGetNext OOBR
Berend-Jan Wever (Dec 19)
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the 35th entry in the
series. This information is available in more detail on my blog at
http://blog.skylined.nl/20161219001.html. There you can find a repro
that triggered this issue in addition to the information below, it also
provides code snippets for the affected code, and a diagram that
attempts to explain the memory layout....
Re: SQL injection in Joomla extension DT Register
Elar Lang (Dec 18)
Update:
2016-12-16: CVE-2016-1000271 assigned by DWF
https://security.elarlang.eu/sql-injection-in-joomla-extension-dt-register.html
CSRF/stored XSS in Quiz And Survey Master (Formerly Quiz Master Next) allows unauthenticated attackers to do almost anything an admin can (WordPress plugin)
dxw Security (Dec 16)
Details
================
Software: Quiz And Survey Master (Formerly Quiz Master Next)
Version: 4.5.4,4.7.8
Homepage: https://wordpress.org/plugins/quiz-master-next/
Advisory report:
https://security.dxw.com/advisories/csrfstored-xss-in-quiz-and-survey-master-formerly-quiz-master-next-allows-unauthenticated-attackers-to-do-almost-anything-an-admin-can/
CVE: Awaiting assignment
CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)
Description...
Re: XenForo 1.5.x Unauthenticated Remote Code Injection
Julien Ahrens (Dec 16)
This issue does not seem to exist at all.
Among the available versions/updates for XenForo there is no version
1.5.11a as stated in this advisory. After contacting XenForo about this
advisory and the corresponding update, they told me that they are
neither aware of this vulnerability nor about the reporter.
Best Regards
Julien
CVE-2013-0090: MSIE 9 IEFRAME CView::EnsureSize use-after-free
Berend-Jan Wever (Dec 16)
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the 34th entry in the
series. This information is available in more detail on my blog at
http://blog.skylined.nl/20161216001.html. There you can find a repro
that triggered this issue in addition to the information below.
If you find these releases useful, and would like to help me make time
to continue releasing this kind of...
MSIE 9 IEFRAME CMarkupPointer::MoveToGap use-after-free
Berend-Jan Wever (Dec 16)
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the 33rd entry in the
series. This information is available in more detail on my blog at
http://blog.skylined.nl/20161215001.html. There you can find a repro
that triggered this issue in addition to the information below.
If you find these releases useful, and would like to help me make time
to continue releasing this kind of...
 Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
[SECURITY] [DSA 3744-1] libxml2 security update
Salvatore Bonaccorso (Dec 23)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3744-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
December 23, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : libxml2
CVE ID : CVE-2016-4658 CVE-2016-5131
Debian...
FreeBSD Security Advisory FreeBSD-SA-16:39.ntp
FreeBSD Security Advisories (Dec 22)
=============================================================================
FreeBSD-SA-16:39.ntp Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities of ntp
Category: contrib
Module: ntp
Announced: XXXX-XX-XX
Credits: Network Time Foundation
Affects: All supported versions of FreeBSD....
CVE-2014-4138: MSIE 11 MSHTML CPasteCommand::ConvertBitmaptoPng heap-based buffer overflow
Berend-Jan Wever (Dec 22)
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the 37th entry in the
series. This information is available in more detail on my blog at
http://blog.skylined.nl/20161221001.html. There you can find a repro
that triggered this issue in addition to the information below, as well
as a Proof-of-Concept exploit that attempts to prove exploitability.
If you find these releases...
[SECURITY] [DSA 3732-2] php-ssh2 regression update
Sebastien Delafond (Dec 21)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3732-2 security () debian org
https://www.debian.org/security/ Sebastien Delafond
December 21, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : php-ssh2
Debian Bug : 848632
The update for php5...
ASP.NET Core 5-RC1 HTTP Header Injection
Advisories (Dec 21)
#############################################################
#
# COMPASS SECURITY ADVISORY
# http://www.csnc.ch/en/downloads/advisories.html
#
#############################################################
#
# Product: ASP.NET Core
# Vendor: Microsoft https://www.microsoft.com
# CSNC ID: CSNC-2016-006
# Subject: HTTP Header Injection
# Risk: Medium
# Effect: HTTP Header manipulation
# Author: Reto Schädler (advisories ()...
[SECURITY] [DSA 3743-1] python-bottle security update
Sebastien Delafond (Dec 21)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3743-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
December 20, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : python-bottle
CVE ID : CVE-2016-9964
Debian Bug...
CVE-2014-1785: MSIE 11 MSHTML CSpliceTreeEngine::RemoveSplice use-after-free
Berend-Jan Wever (Dec 20)
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the 36th entry in the
series. This information is available in more detail on my blog at
http://blog.skylined.nl/20161220001.html. There you can find a repro
that triggered this issue in addition to the information below, as well
as a Proof-of-Concept exploit that attempts to prove exploitability.
If you find these releases...
[SYSS-2016-115] Cisco Expressway: Security Bypass Vulnerability (CWE-20)
Micha Borrmann (Dec 19)
Advisory ID: SYSS-2016-115
Product: Expressway
Manufacturer: Cisco
Affected Version(s): below X8.9
Tested Version(s): X8.8.1
Vulnerability Type: Improper Input Validation (CWE-20)
Risk Level: Medium
Solution Status: Fixed
Manufacturer Notification: 2016-11-10
Solution Date: 2016-12-05
Public Disclosure: 2016-12-14
CVE Reference: CVE-2016-9207
Author of Advisory: Micha Borrmann, SySS GmbH...
[SECURITY] [DSA 3738-1] tomcat7 security update
Sebastien Delafond (Dec 19)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3738-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
December 18, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : tomcat7
CVE ID : CVE-2016-6816 CVE-2016-8735...
Samsung DVR credentials encoded in base64 in cookie header
Jacobo Avariento (Dec 19)
Product: Samsung DVR
Impact: High
Intro
~~~~~~~~~~~~~~~
Samsung DVR Web Viewer is by default using HTTP (port 80) and transmits
the credentials encoded in the Cookie header using very bad security
practice, just encoding the login and password in BASE64 codification.
It is trivial to decode those values and gain access to Samsung DVR web
interface to monitor and control IP cameras, if the default credentials
have been changed.
Vulnerable code...
[security bulletin] HPSBMU03684 rev.1 - HPE Version Control Repository Manager (VCRM), Multiple Remote Vulnerabilities
security-alert (Dec 16)
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05356363
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c05356363
Version: 1
HPSBMU03684 rev.1 - HPE Version Control Repository Manager (VCRM), Multiple
Remote Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2016-12-15
Last...
[SECURITY] [DSA 3736-1] libupnp security update
Sebastien Delafond (Dec 16)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3736-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
December 16, 2016 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : libupnp
CVE ID : CVE-2016-6255 CVE-2016-8863
Debian...
CVE-2016-9277,CVE-2016-9966,CVE-2016-9967: Possible Privilege Escalation in telecom
unlimitsec (Dec 16)
Description of the potential vulnerability:Lack of appropriate exception handling in some receivers of the Telecom
application allows attackers crash the system easily resulting in a possible DoS attack
Affected versions: L(5.0/5.1), M(6.0)
Disclosure status: Privately disclosed.
The patch prevents system crashes by handling unexpected exceptions.
Fix:
http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016
SVE-2016-7119, SVE-2016-7120,...
CVE-2013-0090: MSIE 9 IEFRAME CView::EnsureSize use-after-free
Berend-Jan Wever (Dec 16)
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the 34th entry in the
series. This information is available in more detail on my blog at
http://blog.skylined.nl/20161216001.html. There you can find a repro
that triggered this issue in addition to the information below.
If you find these releases useful, and would like to help me make time
to continue releasing this kind of...
MSIE 9 IEFRAME CMarkupPointer::MoveToGap use-after-free
Berend-Jan Wever (Dec 15)
Since November I have been releasing details on all vulnerabilities I
found that I have not released before. This is the 33rd entry in the
series. This information is available in more detail on my blog at
http://blog.skylined.nl/20161215001.html. There you can find a repro
that triggered this issue in addition to the information below.
If you find these releases useful, and would like to help me make time
to continue releasing this kind of...
 Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.
[ERPSCAN-16-035] SAP Solman - user accounts disclosure
ERPScan inc (Dec 20)
Application: SAP Solman
Versions Affected: SAP Solman 7.1-7.31
Vendor URL: http://SAP.com
Bugs: Information Disclosure
Sent: 12.07.2016
Reported: 13.07.2016
Vendor response: 13.07.2016
Date of Public Advisory: 13.09.2016
Reference: SAP Security Note 2344524
Author: Roman Bezhan (ERPScan)
Description
1. ADVISORY INFORMATION
Title:[ERPSCAN-16-035] SAP Solman – user accounts disclosure
Advisory ID:[ERPSCAN-16-035]
Risk: high...
Faraday v2.2: Collaborative Penetration Test and Vulnerability Management Platform
Francisco Amato (Nov 23)
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that help users improve their own
work, the main purpose is to...
[ERPSCAN-16-031] SAP NetWeaver AS ABAP – directory traversal using READ DATASET
ERPScan inc (Nov 22)
Application: SAP NetWeaver AS ABAP
Versions Affected: SAP NetWeaver AS ABAP 7.4
Vendor URL: http://SAP.com
Bugs: Directory traversal
Sent: 22.04.2016
Reported: 23.04.2016
Vendor response: 23.04.2016
Date of Public Advisory: 09.08.2016
Reference: SAP Security Note 2312966
Author: Daria Prosochkina (ERPScan)
Description
1. ADVISORY INFORMATION
Title: [ERPSCAN-16-031] SAP NetWeaver AS ABAP – directory traversal
using READ DATASET...
[ERPSCAN-16-032] SAP Telnet Console – Directory traversal vulnerability
ERPScan inc (Nov 22)
Application: SAP NetWeaver AS JAVA
Versions Affected: SAP NetWeaver AS JAVA 7.1 to 7.5
Vendor URL: http://SAP.com
Bugs: Directory traversal
Sent: 04.12.2015
Reported: 05.12.2015
Vendor response: 05.12.2015
Date of Public Advisory: 09.08.2016
Reference: SAP Security Note 2280371
Author: Mathieu Geli (ERPScan)
Description
1. ADVISORY INFORMATION
Title: [ERPSCAN-16-032] SAP Telnet Console – Directory traversal vulnerability...
[ERPSCAN-16-033] SAP NetWeaver AS JAVA icman - DoS vulnerability
ERPScan inc (Nov 22)
Application: SAP NetWeaver AS JAVA
Versions Affected: SAP NetWeaver AS JAVA 7.4
Vendor URL: http://SAP.com
Bug: Denial of Service
Sent: 22.04.2016
Reported: 23.04.2016
Vendor response: 23.04.2016
Date of Public Advisory: 09.08.2016
Reference: SAP Security Note 2313835
Author: Vahagn Vardanyan (ERPScan)
Description
1. ADVISORY INFORMATION
Title: [ERPSCAN-16-033] SAP NetWeaver AS JAVA icman – DoS vulnerability
Advisory...
[ERPSCAN-16-034] SAP NetWeaver AS JAVA - XXE vulnerability in BC-BMT-BPM-DSK component
ERPScan inc (Nov 22)
Application: SAP NetWeaver AS JAVA
Versions Affected: SAP NetWeaver AS JAVA 7.4
Vendor URL: http://SAP.com
Bug: XXE
Sent: 09.03.2016
Reported: 10.03.2016
Vendor response: 10.03.2016
Date of Public Advisory: 09.08.2016
Reference: SAP Security Note 2296909
Author: Vahagn Vardanyan (ERPScan)
Description
1. ADVISORY INFORMATION
Title: [ERPSCAN-16-034] SAP NetWeaver AS JAVA – XXE vulnerability in
BC-BMT-BPM-DSK component
Advisory...
MobSF v0.9.3 is Released: Now supports Windows APPX Static Analysis
Ajin Abraham (Nov 22)
Hello Folks,
MobSF v0.9.3 is released.
About MobSF
Mobile Security Framework (MobSF) is an intelligent, all-in-one open
source mobile application (Android/iOS/Windows) automated pen-testing
framework capable of performing static and dynamic analysis. It can be
used for effective and fast security analysis of Android, iOS and
Windows mobile Applications and supports both binaries (APK, IPA &
APPX ) and zipped source code. MobSF can also...
 Firewall Wizards — Tips and tricks for firewall administrators
Revival?
Paul Robertson (Sep 11)
Since the last few attempts to revive the list have failed, I'm going to attempt a Facebook group revival experiment.
It'll be a bit broader in scope, but I'm hoping we can discuss technical security matters. The new group is
Security-Wizards on Facebook.
Paul
 Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.
Faraday v2.2: Collaborative Penetration Test and Vulnerability Management Platform
Francisco Amato (Nov 23)
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that help users improve their own
work, the main purpose is to...
MobSF v0.9.3 is Released: Now supports Windows APPX Static Analysis
Ajin Abraham (Nov 22)
Hello Folks,
MobSF v0.9.3 is released.
About MobSF
Mobile Security Framework (MobSF) is an intelligent, all-in-one open
source mobile application (Android/iOS/Windows) automated pen-testing
framework capable of performing static and dynamic analysis. It can be
used for effective and fast security analysis of Android, iOS and
Windows mobile Applications and supports both binaries (APK, IPA &
APPX ) and zipped source code. MobSF can also...
Re: IE11 is not following CORS specification for local files
Ricardo Iramar dos Santos (Oct 13)
Same attack using XSS as vector.
Imagine that https://xss-doc.appspot.com is a site about gift cards.
The XSS payload below will create a giftcard.htm file in the default
download folder.
If the victim open the file a GET to
https://mail.google.com/mail/u/0/#inbox will be submitted.
After the GET the file will perform a POST to
http://192.168.1.36/req.php using the GET response as a body.
An attacker would be able to read all the emails in the...
Re: IE11 is not following CORS specification for local files
Ricardo Iramar dos Santos (Oct 05)
I did a small improvement in this attack.
Using IE File API
(https://msdn.microsoft.com/en-us/library/hh772315(v=vs.85).aspx) an
attacker would be able to create a web page with the content below and
send to a victim.
A local file with the same content that I sent previously would be
created on download default folder.
If the victim perform the three following clicks (Save, Open and Allow
blocked content) an attacker would be able to perform any...
Welcome Faraday 2.1! Collaborative Penetration Test & Vulnerability Management Platform
Francisco Amato (Sep 22)
After a long sprint we are proud to present Faraday v2.1:
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that...
IE11 is not following CORS specification for local files
Ricardo Iramar dos Santos (Sep 21)
IE11 is not following CORS specification for local files like Chrome
and Firefox.
I've contacted Microsoft and they say this is not a security issue so
I'm sharing it.
files as supposed to be.
In order to prove I've created a malicious html file with the content below.
<html>
<script>
function createCORSRequest(method, url) {
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr) {...
nullcon 8-bit Call for Papers is open
nullcon (Aug 23)
Dear Hackers and Security Pros,
Welcome to nullcon 8-bit!
nullcon is an annual security conference held in Goa, India. The focus
of the conference is to showcase the next generation of offensive and
defensive security technology. We happily open doors to researchers
and hackers around the world and the universe , working on the next
big thing in security and request everyone to submit their new
research.
What is 8-bit?
As a tradition of...
SpiderFoot 2.7.0 released
Steve Micallef (Aug 19)
Hi all,
SpiderFoot 2.7.0 is now available, with more modules, added
functionality and bug fixes since 2.5.0 was last announced on this list.
SpiderFoot is an open source intelligence gathering / reconnaissance
tool utilising over *50* data sources and methods, all driven through a
snappy web UI.
Here's what's new since 2.5.0..
- *6* new modules:
- BotScout.com search for malicious e-mail addresses
-...
Faraday v2.0: Collaborative Penetration Test and Vulnerability Management Platform
Francisco Amato (Aug 18)
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that help users improve their own
work, the main purpose is to...
 Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.
Just so you don't have to...
Dave Aitel (Dec 17)
I went through the Shadowbroker.zip file they released. It's like, super
old boring crap but the following readme's were mistakenly included it
seems. I'll hit a few enters if you don't want to read it because you have
clearance.
-dave
# as of: 2010-07-29 18:01:21 EDT
# EBBISLAND
# (Exploit for Solaris 2.6, 2.7, 2.8, 2.9 and 2.10)
# First ensure that the vulnerable rpc service is running. You must
# be able to reach the...
Results from the 2016 Volatility Plugin Contest are in!
Andrew Case (Dec 07)
We are excited to announce that the results of the 2016 Volatility
Plugin Contest are in:
https://volatility-labs.blogspot.com/2016/12/results-from-2016-volatility-plugin.html
We received a record number of submissions this year, and we are looking
forward to seeing these plugins be adopted in the field.
We also wanted to thank Airbnb again for their donation of $999 to the
prize pool. It is great to see organizations supporting open source...
Re: Adversary Simulation
Adrian Sanabria (Dec 05)
So, this has become its own market segment now, and I think
attack/adversary simulation is really important. Yes, I agree that
accurately simulating current tactics is important, but this is a hugely
valuable capability even if the simulations are older,since the average
enterprise is far from effectively defending against more sophisticated
adversaries. And let's be honest - the attackers most likely to go after
the average organization...
Re: Adversary Simulation
Christos Kalkanis (Nov 30)
Paul,
INNUENDO was created to be a framework, or a superset if you like,
of APT functionality that was common at the time but also visible on the
horizon. The most important design decision we made was to keep
the architecture flexible enough in order to both adapt to and subsume
emerging techniques used by nation states while dealing with uncertainty
and failures on the target end. This led us to fully adopt Python as
the core of INNUENDO [1]....
Re: Adversary Simulation
benjamin heise (Nov 30)
Justin Warner actually wrote a, IMO, great overview of adversary emulation
and how to carry it out, as well as delving lightly into the Diamond Model
of Intrusion Analysis.
Does Immunity follow this same model, or have you developed your own model
for performing adversary simulation?
References:
http://www.sixdub.net/?p=762
http://www.dtic.mil/dtic/tr/fulltext/u2/a586960.pdf
V/r,
Ben
Re: Adversary Simulation
Paul Melson (Nov 30)
So are you aware of a criminal actor that uses Immunity's Innuendo in their attacks? If not, then which adversary are
you simulating?
The point to my obvious straw man is that if you really want to help your clients up their game in detecting and
responding to real threats, shouldn't you study the actors that target their industry verticals and emulate their
operations using the same tools and tactics they are known to choose?
Adversary Simulation
dave aitel (Nov 29)
So obviously everything a penetration testing company does is at some
level "Adversary Simulation". I like to call it "Focused Training" -
because penetration testing is more about education than anything else,
but the WAY you do to that is by emulating and instrumenting some sort
of adversarial process.
Ok, that said, we have for the past year offered a special service
called /Adversary Simulation
<...
they are all different.
dave aitel (Nov 10)
I haven't written much lately, but I know you'll forgive me. Lately I've
written a lot on theother blog <https://cybersecpolitics.blogspot.com/>,
cheating on you, the DailyDave reader, because I felt expending my
verbal energy on rhetorical defense against the mind-scar that is the
Vulnerability Equities Process was something someone had to do. So I did
it. Like all cheaters, I don't feel good about it.
You can wake up...
ROOTEDCON 2017 - Call for Papers
Omar Benbouazza (Nov 07)
______ _ _ ____ ___ _ _
/ / _ \ ___ ___ | |_ ___ __| |/ ___/ _ \| \ | |
/ /| |_) / _ \ / _ \| __/ _ \/ _` | | | | | | \| |
/ / | _ < (_) | (_) | || __/ (_| | |__| |_| | |\ |
/_/ |_| \_\___/ \___/ \__\___|\__,_|\____\___/|_| \_|
RootedCON 2017 - 'Call for Papers'
PLEASE, READ ALL THE DETAILS IN THIS DOCUMENT.
-=] About RootedCON
RootedCON is a Security Congress that will be celebrated...
The Many Flavors of MITM
dave aitel (Oct 28)
One thing I always look for in the IR reports I read is whether or not
anyone out there has the same kind of advanced methodology for MITM that
QUANTUM and other EQGRP tools represents. There are a lot of different
ways to do MITM. You can be close (like SILICA with Wireless attacks) or
far (SQLi in major web sites doing directed watering hole attacks) or on
the side (DNS/Naming system attacks). Sometimes MITM is a race and
sometimes it's...
Immunity is throwing a shindig in Laurel MD Nov 21st!
Dave Aitel (Oct 13)
https://twitter.com/Immunityinc/status/786561783691481088
It's not just about the beer - it's really more about sharing our
experiences throughout the year writing and enjoying the delicious brew
that is modern exploits! We have two talks, both of which will be great.
Please email admin () immunityinc com to RSVP!
-dave
Re: Book Reviews
JJ Gray (Oct 12)
Even small scale (but high event) focussed testing can have unexpected
results, case in point as happened some time ago on a remote application
test. In short the basic fuzzing of a small form field killed the
corporate mail server. It turned out that at some point early in the
applications life cycle the developer added an email alert on every
error condition. This continued through the application life cycle until
Live except at this point the...
Re: Book Reviews
Thomas Ptacek (Oct 11)
Yeah, this rang false to me too. It’s also the reason you can’t take a
client with 100 applications and run a tool that spams every discovered
endpoint with XSS vectors; their customers scream bloody murder when every
other page starts popping an alert box.
(This comes up a lot because people who don’t do large-scale testing tend
to believe XSS is something you can safely test for everywhere).
"You cannot deface websites with...
Re: Book Reviews
Dave Aitel (Oct 11)
Yes, in theory. There are scenarios where you can do all those things. None
of those are what the authors meant, to put it kindly.
-dave
Re: Book Reviews
Eric Schultz (Oct 11)
"You cannot deface websites with cross-site-scripting"
You can with stored cross site scripting.
You if the app is also vulnerable to cross site request forgery.
You can if you steal a privileged session and you have network access.
-Eric
 PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.
Re: [Security Weekly] cheap hosting
Robin Wood (Sep 23)
Resurrecting an old thread but they now have an affiliate program and I can
issue my own codes so:
20% off all servers AqUVYbUXag
50% off all big dog (whatever that is) 7E9YRUzEZy
After a month with them, their tech support is OK but not great, the server
has stayed up and not had any problems.
Robin
Re: [Security Weekly] projecting in a bight space
Jeremy Pommerening (Aug 28)
I would look for a projector with at least 6000 ANSI Lumens or better. A darker screen (grey) may also help.
Jeremy Pommerening
________________________________
From: Robin Wood <robin () digi ninja>
To: Security Weekly Mailing List <pauldotcom () mail securityweekly com>
Sent: Sunday, August 3, 2014 3:42 AM
Subject: [Security Weekly] projecting in a bight space
I've been looking at the venue for next year's...
[Security Weekly] Two Firefox security bugs related to HTTPS
ffbugishere (Aug 17)
Hello world!
We need votes for security bugs!
Adding "Security Exception" for self-signed HTTPS sites cannot be done
permanently
https://bugzilla.mozilla.org/show_bug.cgi?id=1050100
Firefox 31 doesn't supports the industry recommended best HTTPS
ciphers
https://bugzilla.mozilla.org/show_bug.cgi?id=1051210
Other browsers should have the same bugs fixed..
p.s.: We are not related to this group, but we think they worth a
penny...
Re: [Security Weekly] Java and Flash decompilers
Will Metcalf (Aug 05)
JPEXS is very nice for flash IMHO.
http://www.free-decompiler.com/flash/
Regards,
Will
Re: [Security Weekly] Java and Flash decompilers
Bradley McMahon (Aug 05)
I've used flare before to pull apart a flash site for a client.
http://www.nowrap.de/flare.html
-Brad
Re: [Security Weekly] SecurityCenter alternative
Steven McGrath (Aug 04)
SC certainly isn’t cheap (as a former SC customer that moved over to Tenable I can attest to that) however I can point
out that the data aggregation, trending, and custom reporting were huge wins in my book. I guess its a time/money
trade-off. How much time do you want to spend either cobbling together a tool or manually aggregating the data when
there is another tool already out there that can do it out of the box.
I can speak in more...
Re: [Security Weekly] Java and Flash decompilers
S. White (Aug 04)
A few I've used in the past:
JAD - http://varaneckas.com/jad/ , http://en.wikipedia.org/wiki/JAD_(JAva_Decompiler)
HP SWFscan
Adobe SWF investigator http://labs.adobe.com/technologies/swfinvestigator/
________________________________
From: Robin Wood <robin () digi ninja>
To: Security Weekly Mailing List <pauldotcom () mail securityweekly com>
Sent: Monday, August 4, 2014 5:54 AM
Subject: [Security Weekly] Java and...
[Security Weekly] DoFler @ BSidesLV
Steven McGrath (Aug 04)
This will be the 3rd year that DoFler (the Dashboard of Fail) will be at BSidesLV. This year I wrote a new spiffy
interface for maximum trolling. Let’s be honest now, everyone loves to surf for various forms of horrible on the
internet at cons :D. Also added this year is a little vulnerability analysis (using Tenable’s PVS). Every year I try
to improve it a bit based on everyone’s input, and am always welcome to more feedback.
DB...
Re: [Security Weekly] cheap hosting
Robin Wood (Aug 04)
Already sorted but thanks for the info.
Re: [Security Weekly] Java and Flash decompilers
Nathan Sweaney (Aug 04)
Here are a few others I've used with varying success in the past:
SWFInvestigator - http://labs.adobe.com/technologies/swfinvestigator/
SWFScan - from Rafal Los at HP, though the link has been deleted. (Careful,
I've seen trojaned copies online.)
Re: [Security Weekly] SecurityCenter alternative
Paul Asadoorian (Aug 04)
Thanks all for the informative discussion!
I know, I'm jumping in late, some closing thoughts on the subject:
- SecurityCenter has the unique advantage of consolidating plugin
updates, meaning you could have hundred of Nessus scanners deployed in
your organization, and the scanners get the plugin feed from your
SecurityCenter system. The removes the requirement of Internet access
(From the scanners), and greatly eases the administration...
Re: [Security Weekly] SecurityCenter alternative
k41zen (Aug 04)
Thanks for all of your help.
We are in discussions with our Tenable contact about solutions for this issue. They’ve helped me out by enabling me to
move forward to at least deploy this into a Pre-Production environment but the costs of SC are a massive stumbling
block; hence my question about something else. Appreciate we have a big Nessus fan base here of which I am a member
too, but just wondered what could be wrapped around it.
I’ll...
Re: [Security Weekly] SecurityCenter alternative
Adrien de Beaupre (Aug 04)
Hi,
I have also written a series of script to collect data from tools such as
nmap and nessus to import into MySQL called OSSAMS:
http://www.ossams.com/wp-content/uploads/2011/10/ossams-parser-SecTor-2011.zip
That leaves report writing as a series of SQL queries.
I also have a series of scripts to kick off scans, as well as a command
like XML-RPC nessus client in python if anyone is interested.
Cheers,
Adrien
Re: [Security Weekly] cheap hosting
sec list (Aug 04)
Hey Robin,
If you're still looking, might want to try out getclouder.com - they
spin up Linux containers in 5 seconds and use distributed storage, which
is pretty awesome. It's still in beta, so they offer 3 months free
service, but it has been pretty stable so far from my experience.
[Security Weekly] Java and Flash decompilers
Robin Wood (Aug 04)
Hi
I'm trying to put together a list of tools for decompiling Flash and Java
apps. From asking on another list I already have:
Java
JD-GUI
Java Decompiler http://jd.benow.ca/jd-gui/downloads/jd-gui-0.3.6.windows.zip.
Java snoop https://code.google.com/p/javasnoop/
Flash
Trillix
Flashbang https://github.com/cure53/Flashbang
Has anyone here got any others they can suggest?
Ideally I'm looking for free stuff but cheap commercial...
 Honeypots — Discussions about tracking attackers by setting up decoy honeypots or entire honeynet networks.
Honeypot malware archives
Matteo Cantoni (Feb 14)
Hello everyone,
I would like share with you for educational purposes and without any
commercial purpose, data collected by the my homemade honeypot.
Nothing new, nothing shocking, nothing sensational... but I think can
be of interest to newcomers to the world of analysis of malware,
botnets, etc... maybe for a thesis.
The files collected are divided into zip archives, in alphabetical
order, with password (which must be request via email). Some...
 Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.
Microsoft Security Bulletin Releases
Microsoft (Dec 19)
********************************************************************
Title: Microsoft Security Bulletin Releases
Issued: December 19, 2016
********************************************************************
Summary
=======
The following bulletins have undergone a major revision increment.
* MS16-155 - Important
Bulletin Information:
=====================
MS16-155
- Title: Security Update for .NET Framework (3205640)
-...
Microsoft Security Bulletin Summary for December 2016
Microsoft (Dec 13)
********************************************************************
Microsoft Security Bulletin Summary for December 2016
Issued: December 13, 2016
********************************************************************
This bulletin summary lists security bulletins released for
December 2016.
The full version of the Microsoft Security Bulletin Summary for
December 2016 can be found at
<https://technet.microsoft.com/library/security/ms16-dec...
Microsoft Security Bulletin Releases
Microsoft (Dec 13)
********************************************************************
Title: Microsoft Security Bulletin Releases
Issued: December 13, 2016
********************************************************************
Summary
=======
The following bulletins have undergone a major revision increment.
October
* MS16-118 - Critical
* MS16-120 - Critical
* MS16-122 - Critical
* MS16-123 - Important
* MS16-124 - Important
* MS16-126 - Moderate
November
*...
Microsoft Security Bulletin Minor Revisions
Microsoft (Dec 13)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: November 23, 2016
********************************************************************
Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.
Please see the appropriate bulletin for more details.
* MS16-130
* MS16-140
Bulletin Information:...
Microsoft Security Bulletin Minor Revisions
Microsoft (Nov 23)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: November 23, 2016
********************************************************************
Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.
Please see the appropriate bulletin for more details.
* MS16-130
* MS16-140
Bulletin Information:...
Microsoft Security Bulletin Releases
Microsoft (Nov 16)
********************************************************************
Title: Microsoft Security Bulletin Releases
Issued: November 15, 2016
********************************************************************
Summary
=======
The following bulletins have undergone a major revision increment.
* MS16-133 - Important
Bulletin Information:
=====================
MS16-133
- Title: Security Update for Microsoft Office (3199168)
-...
Microsoft Security Bulletin Summary for November 2016
Microsoft (Nov 08)
********************************************************************
Microsoft Security Bulletin Summary for November 2016
Issued: November 8, 2016
********************************************************************
This bulletin summary lists security bulletins released for
November 2016.
The full version of the Microsoft Security Bulletin Summary for
November 2016 can be found at
<https://technet.microsoft.com/library/security/ms16-nov...
Microsoft Security Bulletin Minor Revisions
Microsoft (Nov 08)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: November 8, 2016
********************************************************************
Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.
Please see the appropriate bulletin for more details.
* MS16-035
* MS16-091
* MS16-101
Bulletin Information:...
Microsoft Security Bulletin Summary for October 2016
Microsoft (Oct 27)
********************************************************************
Microsoft Security Bulletin Summary for October 2016
Issued: October 27, 2016
********************************************************************
This is a notification of an out-of-band security bulletin that was
added to the October Security Bulletin Summary on October 27, 2016.
The full version of the Microsoft Security Bulletin Summary for
October 2016 can be found at...
Microsoft Security Bulletin Minor Revisions
Microsoft (Oct 12)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: October 12, 2016
********************************************************************
Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.
Please see the appropriate bulletin for more details.
* MS16-121
Bulletin Information:
=====================
MS16-121...
Microsoft Security Bulletin Releases
Microsoft (Oct 11)
********************************************************************
Title: Microsoft Security Bulletin Releases
Issued: October 11, 2016
********************************************************************
Summary
=======
The following bulletins have undergone a major revision increment.
* MS16-101 - Important
Bulletin Information:
=====================
MS16-101
- Title: Security Update for Windows Authentication Methods (3178465)
-...
Microsoft Security Bulletin Summary for October 2016
Microsoft (Oct 11)
********************************************************************
Microsoft Security Bulletin Summary for October 2016
Issued: October 11, 2016
********************************************************************
This bulletin summary lists security bulletins released for
October 2016.
The full version of the Microsoft Security Bulletin Summary for
April 2016 can be found at
<https://technet.microsoft.com/library/security/ms16-oct>....
Microsoft Security Bulletin Summary for September 2016
Microsoft (Sep 13)
********************************************************************
Microsoft Security Bulletin Summary for September 2016
Issued: September 13, 2016
********************************************************************
This bulletin summary lists security bulletins released for
September 2016.
The full version of the Microsoft Security Bulletin Summary for
September 2016 can be found at
<...
Microsoft Security Advisory Notification
Microsoft (Sep 13)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 13, 2016
********************************************************************
Security Advisories Released or Updated Today
==============================================
* Microsoft Security Advisory 3181759
- Title: Vulnerabilities in ASP.NET Core View Components Could
Allow Elevation of Privilege
-...
Microsoft Security Bulletin Minor Revisions
Microsoft (Sep 02)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: September 2, 2016
********************************************************************
Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.
Please see the appropriate bulletin for more details.
* MS16-101
Bulletin Information:
=====================
MS16-101...
 Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community
Verizon: 1.5M of Contact Records Stolen, Now on Sale
Jeffrey Walton (Mar 26)
http://www.mobipicker.com/verizon-1-5m-contact-records-stolen-now-sale/:
A business to business telecommunication giant,
Verizon Enterprise Solutions, a Basking Ridge,
New Jersey-based company, has been the latest
victim of a cyber crime that stole 1.5 million contact
records of the customers of Verizon...
I don't quite understand this double talk. Could someone explain to me:
A spokesperson from Verizon said that...
Statement on Lavabit Citation in Apple Case
Jeffrey Walton (Mar 16)
(From John Young on another list):
http://www.facebook.com/KingLadar/posts/10156714933135038
As many of you already know, the government cited the Lavabit case in
a footnote. The problem is their description insinuates a precedent
that was never created. Obviously I was somewhat disturbed by their
misrepresentation. So I decided to draft a statement. And keep in
mind, these are the same people who say "trust us." Click continue to
read...
The NSA's back door has given every US secret to our enemies
Jeffrey Walton (Feb 29)
http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2
Deng Xiaoping, in 1979 - his second year as supreme leader of China -
perceived a fundamental truth that has yet to be fully grasped by most
Western leaders: Software, if properly weaponized, could be far more
destructive than any nuclear arsenal.
Under Deng’s leadership, China began one of the most ambitious and
sophisticated meta- software...
Can Spies Break Apple Crypto?
Jeffrey Walton (Feb 27)
Here's an interesting exchange between Cryptome and Michael Froomkin,
Law Professor at University of Miami, on the All Writs Act
(http://cryptome.org/2016/02/can-spies-break-apple-crypto.htm):
-----
A. Michael Froomkin:
The factual posture in the key Supreme Court precedent, New York
Telephone, involved a situation where only the subject of the order
was capable of providing the assistance at issue. This is the basis
for Apple's...
The FBI's iPhone Problem: Tactical vs. Strategic Thinking
Jeffrey Walton (Feb 23)
http://www.technewsworld.com/story/83130.html
I'm an ex-sheriff, and I've been in and out of security jobs for much
of my life, so I've got some familiarity with the issues underlying
the drama between the FBI and Apple. FBI officials -- and likely those
in every other three-letter agency and their counterparts all over the
world -- would like an easier way to do their jobs. Wouldn't we all?
If they could put cameras in...
Wanted: Cryptography Products for Worldwide Survey
Jeffrey Walton (Jan 01)
(http://www.schneier.com/crypto-gram/archives/2015/1215.html):
In 1999, Lance Hoffman, David Balenson, and others published a survey
of non-US cryptographic products. The point of the survey was to
illustrate that there was a robust international market in these
products, and that US-only export restrictions on strong encryption
did nothing to prevent its adoption and everything to disadvantage US
corporations. This was an important contribution...
 CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.
FTC Releases Alert on Fake Apps for Mobile Devices
US-CERT (Dec 22)
U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:
FTC Releases Alert on Fake Apps for Mobile Devices [
https://www.us-cert.gov/ncas/current-activity/2016/12/22/FTC-Releases-Alert-Fake-Apps-Mobile-Devices ] 12/22/2016 10:02
PM EST
Original release date: December 22, 2016
The Federal Trade Commission (FTC) has released an alert on fraudulent mobile apps designed to exploit consumers. Some
fake apps may steal...
Cisco Releases Security Updates
US-CERT (Dec 22)
U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:
Cisco Releases Security Updates [
https://www.us-cert.gov/ncas/current-activity/2016/12/22/Cisco-Releases-Security-Updates ] 12/22/2016 08:56 PM EST
Original release date: December 22, 2016
Cisco has released security updates to address a vulnerability in its Cisco CloudCenter Orchestrator. Exploitation of
this vulnerability could allow a remote attacker to...
VMware Releases Security Update
US-CERT (Dec 20)
U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:
VMware Releases Security Update [
https://www.us-cert.gov/ncas/current-activity/2016/12/20/VMware-Releases-Security-Update ] 12/20/2016 10:22 AM EST
Original release date: December 20, 2016
VMware has released a security update to address a vulnerability in vSphere Hypervisor (ESXi). Exploitation of this
vulnerability could allow a remote attacker to take...
Apple Releases Security Updates
US-CERT (Dec 14)
U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:
Apple Releases Security Updates [
https://www.us-cert.gov/ncas/current-activity/2016/12/14/Apple-Releases-Security-Updates ] 12/14/2016 08:05 PM EST
Original release date: December 14, 2016
Apple has released security updates to address vulnerabilities in iCloud for Windows, Safari, iTunes for Windows, and
macOS Sierra. Exploitation of some of these...
Joomla! Releases Security Update for CMS
US-CERT (Dec 14)
U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:
Joomla! Releases Security Update for CMS [
https://www.us-cert.gov/ncas/current-activity/2016/12/14/Joomla-Releases-Security-Update-CMS ] 12/14/2016 05:29 PM EST
Original release date: December 14, 2016
Joomla! has released version 3.6.5 of its Content Management System (CMS) software to address multiple vulnerabilities.
Exploitation of one of these...
Mozilla Releases Security Updates
US-CERT (Dec 14)
U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:
Mozilla Releases Security Updates [
https://www.us-cert.gov/ncas/current-activity/2016/12/14/Mozilla-Releases-Security-Updates ] 12/14/2016 04:46 PM EST
Original release date: December 14, 2016
Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. Exploitation of
some of these vulnerabilities may allow a remote...
Microsoft Releases December 2016 Security Bulletin
US-CERT (Dec 13)
U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:
Microsoft Releases December 2016 Security Bulletin [
https://www.us-cert.gov/ncas/current-activity/2016/12/13/Microsoft-Releases-December-2016-Security-Bulletin ]
12/13/2016 01:25 PM EST
Original release date: December 13, 2016
Microsoft has released 12 updates to address vulnerabilities in Microsoft software. Exploitation of some of these
vulnerabilities...
Adobe Releases Security Updates
US-CERT (Dec 13)
U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:
Adobe Releases Security Updates [
https://www.us-cert.gov/ncas/current-activity/2016/12/13/Adobe-Releases-Security-Updates ] 12/13/2016 12:41 PM EST
Original release date: December 13, 2016
Adobe has released security updates to address vulnerabilities in multiple products. Exploitation of some of these
vulnerabilities may allow a remote attacker to take...
McAfee Releases Security Bulletin for Virus Scan Enterprise
US-CERT (Dec 12)
U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:
McAfee Releases Security Bulletin for Virus Scan Enterprise [
https://www.us-cert.gov/ncas/current-activity/2016/12/12/McAfee-Releases-Security-Bulletin-Virus-Scan-Enterprise ]
12/12/2016 04:08 PM EST
Original release date: December 12, 2016
McAfee has released a security bulletin to address multiple vulnerabilities in Virus Scan Enterprise software versions...
Apple Releases Security Updates
US-CERT (Dec 12)
U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:
Apple Releases Security Updates [
https://www.us-cert.gov/ncas/current-activity/2016/12/12/Apple-Releases-Security-Updates ] 12/12/2016 04:18 PM EST
Original release date: December 12, 2016
Apple has released security updates to address vulnerabilities in watchOS, tvOS, and iOS. Exploitation of some of these
vulnerabilities may allow a remote attacker to take...
Google Releases Security Updates for Chrome
US-CERT (Dec 01)
U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:
Google Releases Security Updates for Chrome [
https://www.us-cert.gov/ncas/current-activity/2016/12/01/Google-Releases-Security-Updates-Chrome ] 12/01/2016 09:31 PM
EST
Original release date: December 01, 2016
Google has released Chrome version 55.0.2883.75 for Windows, Mac, and Linux. This version addresses multiple
vulnerabilities that, if exploited, may...
TA16-336A: Avalanche (crimeware-as-a-service infrastructure)
US-CERT (Dec 01)
U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:
TA16-336A: Avalanche (crimeware-as-a-service infrastructure) [ https://www.us-cert.gov/ncas/alerts/TA16-336A ]
12/01/2016 12:00 AM EST
Original release date: December 01, 2016
Systems Affected
Microsoft Windows
Overview
“Avalanche” refers to a large global network hosting infrastructure used by cyber criminals to conduct phishing and
malware...
Mozilla Releases Security Updates
US-CERT (Nov 30)
U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:
Mozilla Releases Security Updates [
https://www.us-cert.gov/ncas/current-activity/2016/11/30/Mozilla-Releases-Security-Updates ] 11/30/2016 08:28 PM EST
Original release date: November 30, 2016
Mozilla has released security updates to address a vulnerability in Firefox, Firefox ESR, and Thunderbird. Exploitation
of this vulnerability may allow a remote...
Alerts Users to Holiday Phishing Scams and Malware Campaigns
US-CERT (Nov 30)
U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:
US-CERT Alerts Users to Holiday Phishing Scams and Malware Campaigns [
https://www.us-cert.gov/ncas/current-activity/2016/11/30/US-CERT-Alerts-Users-Holiday-Phishing-Scams-and-Malware-Campaigns
] 11/30/2016 12:40 PM EST
Original release date: November 30, 2016
US-CERT reminds users to remain vigilant when browsing or shopping online this holiday season. Ecards...
Mozilla Releases Security Update
US-CERT (Nov 28)
U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:
Mozilla Releases Security Update [
https://www.us-cert.gov/ncas/current-activity/2016/11/28/Mozilla-Releases-Security-Update ] 11/28/2016 09:57 PM EST
Original release date: November 28, 2016
Mozilla has released a security update to address a vulnerability in Firefox versions 49 and 50. A remote attacker
could exploit this vulnerability to take control of an...
 Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community
CVE-2016-9963 | Exim 4.87.1 released (Was: CVE Request - Exim 4.69-4.87) - disclosure of private information)
Heiko Schlittermann (Dec 25)
I've uploaded Exim 4.87.1 to:
ftp://ftp.exim.org/pub/exim/exim4/old/
git://git.exim.org/exim.git (tag exim-4_87_1)
Whilst this release is superseeded by 4.88 already, you're urged
to upgrade to 4.87.1, if 4.88 isn't an option for you yet.
No features are added or removed. This release contains
just a fix for CVE-2016-9963
- Fix CVE-2016-9963 - Info leak from DKIM. When signing DKIM, if
either LMTP or PRDR was...
Re: Qt QXmlSimpleReader
cve-assign (Dec 24)
In case anyone immediately needs to track QXmlSimpleReader behavior,
we're assigning an ID for one issue that seems best understood at this
point:
Use CVE-2016-10040.
Qt QXmlSimpleReader
Solar Designer (Dec 24)
Hi,
To what extent has Qt's QXmlSimpleReader class been reviewed for
vulnerabilities? I found only Florian Weimer's CVE-2013-4549
"XML entity expansion denial of service", which Red Hat somehow chose
not to fix (no intent to parse untrusted XML?) even though they got
upstream to fix it.
https://bugzilla.redhat.com/show_bug.cgi?id=955375
http://lists.qt-project.org/pipermail/announce/2013-December/000036.html...
CVE-2016-9963 (Was: CVE Request - Exim 4.69-4.87 - disclosure of private information)
Heiko Schlittermann (Dec 23)
Hello,
Heiko Schlittermann <hs () schlittermann de> (Fr 16 Dez 2016 00:36:45 CET):
…
…
As at least one major distro isn't ready yet, we'll keep our initial schedule
and release the fixed versions on Dec, 25th, 10:00 UTC.
You'll find the versions in the usual places
git://git.exim.org/exim.git Tags exim-4_88, exim-4_87_1
ftp://ftp.exim.org/pub/exim/exim4/ 4.88...
[SECURITY ADVISORY] curl: uninitialized random
Daniel Stenberg (Dec 22)
uninitialized random
====================
Project curl Security Advisory, December 23, 2016 -
[Permalink](https://curl.haxx.se/docs/adv_20161223.html)
VULNERABILITY
-------------
libcurl's (new) internal function that returns a good 32bit random value was
implemented poorly and overwrote the pointer instead of writing the value into
the buffer the pointer pointed to.
This random value is used to generate nonces for Digest and NTLM...
Re: CVE request Qemu: display: virtio-gpu: out of bounds read in virtio_gpu_set_scanout
cve-assign (Dec 22)
Use CVE-2016-10029.
Re: CVE request Qemu: display: virtio-gpu-3d: OOB access while reading virgl capabilities
cve-assign (Dec 22)
Use CVE-2016-10028.
This is not yet available at
http://git.qemu.org/?p=qemu.git;a=history;f=hw/display/virtio-gpu-3d.c but
that may be an expected place for a later update.
Re: CVE-2016-9963 Exim private information leak
Kurt Seifried (Dec 22)
Red Hat has no problem with this, Merry Christmas / Happy Holidays / Happy
New years everyone!
Re: CVE Request: Smack: TLS SecurityMode.required not always enforced, leading to striptls attack
cve-assign (Dec 22)
Use CVE-2016-10027.
Re: CVE-2016-9963 Exim private information leak
Heiko Schlittermann (Dec 22)
Heiko Schlittermann <hs () schlittermann de> (Do 22 Dez 2016 11:40:35 CET):
Still one major distro is missing from the list of OKs. :-((
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
Re: CVE-2016-9963 Exim private information leak
Jeffrey Walton (Dec 22)
All they need is a toehold. When the rumors started circulating about
CRIME, a number of folks figured out the attack before Duong and Rizzo
presented it.
Jeff
Re: CVE-2016-9963 Exim private information leak
Heiko Schlittermann (Dec 22)
Jeffrey Walton <noloader () gmail com> (Do 22 Dez 2016 12:06:41 CET):
…
Partial disclousure? I think, there was no disclosure at all, beside
requesting a CVE and talking about a possible leak of private
information. Is this enough to call it "partial disclousure"?
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
Re: Curious about the security of my router fermwair.
Nicholas Prowse (Dec 22)
Jonathan,
- My suggestion is to port scan all devices eg routers you own. Then store and analyse the results. Only scan devices
you own since scanning other peoples devices / networks may be illegal.
- A wide variety of tutorials and information about port scanning is available online.
- I found through port scanning some of the devices I own earlier this year, that there were many open and filtered
ports and stated services such as telnet,...
Re: CVE-2016-9963 Exim private information leak
Jeffrey Walton (Dec 22)
Its probably worth mentioning the only people who are at a
disadvantage now are the good guys and decision makers.
The bad guys already knew about the problem, or the motivated ones
found it after the partial disclosure.
Jeff
Re: CVE-2016-9963 Exim private information leak
Heiko Schlittermann (Dec 22)
Kurt H Maier <khm () sciops net> (Do 22 Dez 2016 01:57:33 CET):
Ok, I asked the distro@vs… list to get clearance. If the major distros
supporting Exim give their ok, we're prepared to release sooner. Stay
tuned.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
 Secure Coding — The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.
Silver Bullet 123: Yanek Korff
Gary McGraw (Jul 06)
hi sc-l,
The latest installment of Silver Bullet was posted this morning. Silver Bullet episode 123 features a conversation
with Yanek Korff. Yanek worked for many years at Cigital as a system administrator back in the early days. He then
moved on to operational security work at AOL and running managed security services at Mandiant.
We talk about managing technical people in this episode. We also discuss operational security. Have a...
 Educause Security Discussion — Securing networks and computers in an academic environment.
Columbia position
Ejike, Emechete (Dec 23)
Columbia University Medical Center has an open Security Specialist position with our Information Security Office.
Is analyzing and evaluating your thing? As a member of a team of infosec geeks you will work on integrating Security
Operation tasks with cool enterprise tools, work on forensic and security operations investigations, and consult as a
security subject matter expert for risk assessments. You’ll see front-line security work –...
Re: Receiving PII info from new hires
Greg Williams (Dec 22)
We have been using filelocker2 for this type of on and off site PII data for about 4 years.
http://filelocker2.sourceforge.net/ It works very well. If anyone wants to see how it works, just send me your email
address and I'll send you an upload link. https://filelocker.uccs.edu/login
Greg Williams, ME
Director of Networks and Infrastructure
Information Technology
University of Colorado Colorado Springs
1420 Austin Bluffs Parkway, (EPC...
Re: Receiving PII info from new hires
Harry Hoffman (Dec 22)
Hi Dennis,
This is a perfect use case for DocuSign if you don't have a method within
your HR system. They are setup to provide forms that the user can enter
data into. It's all encrypted in transit and at rest so you satisfy many of
the controls needed for regulated data.
Hope this helps!
Cheers,
Harry
On Thu, Dec 22, 2016 at 11:12 AM, Dennis Levine <dennis_levine () emerson edu>
wrote:
Re: Receiving PII info from new hires
Barton, Robert W. (Dec 22)
We are in a mixed state; there is paper because things need to be verified/copied, and we are staring to use
PeopleAdmin.
Robert W. Barton
Director of Information Security
Lewis University
One University Parkway
Romeoville, IL 60446-2200
815-836-5663
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dennis
Levine
Sent: Thursday, December 22, 2016 10:12 AM
To: SECURITY () LISTSERV...
Receiving PII info from new hires
Dennis Levine (Dec 22)
Happy Holidays Everyone,
Just curious how each school handles getting PII information from new employees when they are hired. If they send it
via email, do you have a way to have them send it encrypted? What do you use?
Or do you force them to do it old school and just bring the info on paper into work the first day of hire?
Dennis
Dennis Levine | Information Security Officer | 120 Boylston Street Boston, MA 02116-4624 | (617) 824-8972 |...
Re: Sharing our Holiday Security Awareness Video
Ben Marsden (Dec 21)
Lori and Ric, these are all great. Nice work, and thanks for sharing.
-- Ben
Re: Sharing our Holiday Security Awareness Video
Ric Getter (Dec 21)
All (and Lori),
That's great! Though not holiday related, I'd like to share a few of our
short security PSAs that you may find a moment to enjoy this week. Feel
free to share.
https://youtu.be/ZUoHdnBPCRo - "So Last Year" (strong passwords)
https://youtu.be/uIWvDuIT7nw - "You've Been Phished"
https://youtu.be/RbMeybR8KNE - "Open House" (locking your workstation)
Ric
Ric Getter
PCC Media...
Sharing our Holiday Security Awareness Video
Havens, Lori (Dec 21)
All,
Some of our creative staff from the University of Rochester would like to share their most recent production of
"Frankie the Fraudster". Please feel free to share with your communities as a fun way to educate on the do's and
don'ts for protecting data. The video is on youtube: https://www.youtube.com/watch?v=FGpA6WBrU_o.
Lori
Lori Havens
Compliance Manager
University of Rochester
University IT Security and...
Use the HEISC Speakers Bureau for the 2017 Data Privacy Day or Month
Petr Brym (Dec 21)
Are you planning any special events for either the National Privacy Day
January 28th or the Privacy "Month" as observed by many organizations from
January 28th to February 28th? Have you considered inviting a speaker to
your campus? We have noted speakers within the higher education community
who are ready to speak to your needs on privacy as well as information
security topics.
Check out the HEISC Speakers Bureau:...
Identity Finder?
Telfer, Will (Dec 19)
Greetings,
I was curious as to how you all track Identity Finder (or another product) installations as employees change jobs or
get new computers. We are currently trying to monitor these "orphans" via LANDesk but it is proving to be quite
difficult to get up to date notifications when a machine that had Identity Finder installed is re-named or replaced.
Thank You,
Will Telfer, M.S.
Information Security Analyst
Information...
Senior identity management job postings
Keir Novik (Dec 16)
I'm pleased to say that we have two senior identity management positions open at Simon Fraser University in beautiful
metro Vancouver, BC.
Simon Fraser University (SFU) is currently recognized by the Maclean’s University Ranking Guide as Canada’s leading
comprehensive university and has held first or second place in each of the past seven years. Offering generous
benefits, SFU is also consistently ranked as one of Canada's Top...
Windows 10 App Removal & Sysprep Issues
Cobb, Raisha (Dec 15)
Colleagues,
I’m working with my team to harden our Windows 10 image for laptops, and we continue to run into errors with Sysprep
after removing the factory apps. (Dell Shop)
Anyone with similar experiences this and what workaround did you all perform to get pass this?
Any assistance or guidance is appreciated.
Regards,
Raisha Cobb – MSTM, CISSP, CBCP
Director of Communication Technology & Information Security Officer
Office of...
Re: Asset Inventory Solutions
King, Tom L. (CardOffice) (Dec 15)
Hi Neal,
Currently we are using Lansweeper for software inventory, but it can also do hardware. I found the price point to be
very attractive and it was fairly easy to configure and get running. It has full support for Windows environments and
some support for Linux / Macs. What I really like about the product is how easy they allow you to write custom
reports. If you have someone on your staff who is good with SQL they should be able to...
Re: Member question re: board presentations on security
Alfred Barker (Dec 15)
In addition to Brad’s wonderful comments, I’ve had great success by first understanding the key motivators of the
“board.” For example, our Chancellor has three imperatives that are held dear: 1) commitment to academic excellence and
degree completion, 2) commitment to economic development and world class research and 3) commitment to accountability,
efficiency, and innovation in higher education. Understanding this, when presenting I...
Re: O365 Operational Procedures
KILDARE,Duane (Dec 14)
Season's Greetings Security Constituents,
I am a part of a multi campus University that is moving to Office 365. A cross campus team has been established to
guide its implementation. We are putting together additional operational procedures and updating our policies that will
govern the use of this new platform. I would be grateful for templates, suggestions, etc. that can assist in this
process.
Best
Duane Kildare
Information...
 NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.
Re: Recent NTP pool traffic increase (update)
Harlan Stenn (Dec 25)
Hi Fujimura-san,
I don't recall seeing the emails you sent to webmaster, but we do have a
new group of folks watching the Servers web. We would be happy to work
with you to give you access to those entries so you can update them.
Re: DWDM on 250 Km dark fiber without re-amplification
Brandon Martin (Dec 25)
Look up Raman amplification. The short of what this does is it pumps a
ton of power into the near end of the fiber span and creates what looks
somewhat like a typical color-blind amplifier somewhere several dozen km
out on the span. You'll also need to dump a ton of power into the span
at the far end using an EDFA or similar. Even with both of those, that
distance is still going to push the raw optical power budget of even
most...
Re: Recent NTP pool traffic increase (update)
FUJIMURA Sho (Dec 24)
Hello,
I know 133.100.9.2 and 133.100.11.8 are listed.
The Server Contact is old information.
So, I sent e-mail to webmaster () ntp org a few times.
But, I have't received e-mail from them.
I'd like them to change the information.
Is there the person knowing the contact information to ntp.org?
Re: BCM5341x
Michael Loftis (Dec 24)
The chip really doesn't even function as an Ethernet switch by itself...all
of the behavior is software driven. It's the ... actualization of "software
defined networking" -- It provides a lot of low level constructs inside the
hardware to support your application, but it's really a software defined
switch.
It has many programmable offload functions the idea being you do not handle
packets on the onboard CPU....
Re: DWDM on 250 Km dark fiber without re-amplification
Faisal Imtiaz (Dec 24)
I agree with what Baldur suggested..
Only thing I would point out that ..
Hardly anyone installs 200km fiber runs without having some sort of a Regen facility.
While you can push the signal over the 200km link, in the long run you may be better off see if there a Regen facility
(typically 70/80km) that you can use to re-generate the light.
Best of luck.
Faisal Imtiaz
Snappy Internet & Telecom
----- Original Message -----
BCM5341x
Mike Hammett (Dec 24)
I've asked Broadcom directly, but being as though I don't have an intent to buy tens of thousands of chips (or any at
all), I don't expect I'll hear back. I was hoping someone here would have some insight.
Do any of you know what functionality is available on those chips? That's the chip that powers the Ubiquiti 10G
switches and I figured I would limit my most aggressive feature requests to things they can actually...
Re: Canada joins the 21st century !
Mike Hammett (Dec 24)
Most of the areas without sufficient speed can be addressed with fixed wireless, but usually the regulators become as
much of a hindrance as a help. LOS customers are no problem via 5 GHz, but they've drug their feet in allocating useful
rules for 3600 and under 700 MHz.
-----
Mike Hammett
Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
----- Original Message -----
From: "Baldur Norddahl"...
Re: DWDM on 250 Km dark fiber without re-amplification
Baldur Norddahl (Dec 24)
Hello
I have not done this as our links are not that long. However in theory
this is how I would do it. There are nice integrated solutions that will
do it as a black box, but someone else will have to tell you about that.
I am using Fiberstore as a reference because they have the necessary
components with pricing directly online, but there is of course multiple
alternatives.
So first off forget about 40G and 100G. This will be N x 10G and...
Re: Canada joins the 21st century !
Baldur Norddahl (Dec 24)
We have customers with 150/30 Mbps service on DSL and next year we will
get 300 Mbps. We are just renting access, it is the ILEC that decided to
make a large roll out with vectoring, pair bonding and VDSL2 annex 35b.
I would say that the majority around here can get at least 50/10 from
DSL. There is of course also large areas were you can not. In many cases
these areas can be "fixed" by adding another DSLAM closer to the users.
We...
Re: Canada joins the 21st century !
Joe Loiacono (Dec 24)
+1
Joe Loiacono
From: Mike Hammett <nanog () ics-il net>
To:
Cc: Nanog () nanog org
Date: 12/23/2016 08:20 AM
Subject: Re: Canada joins the 21st century !
Sent by: "NANOG" <nanog-bounces () nanog org>
The government getting involved with the Internet rarely goes well. The
FCC is a shining example of how to usually do it wrong.
-----
Mike Hammett
Intelligent Computing Solutions
Midwest...
DWDM on 250 Km dark fiber without re-amplification
Jeremy (Dec 24)
Hi all,
First, i'm sorry for my english, i'm french and i don't have a good
level in this language. But i want some informations and i'm sure,
someone will be give the good anwser about my question.
So, i'm regarding to rent a dual dark fiber in France, the estimated
distance is 225 Km, but i know there are a lot of optical switching on
the highway where it's fiber is installed (in theory, all 80 Km). So, i...
Re: Canada joins the 21st century !
Mike Hammett (Dec 23)
Fake competition. Lack of innovation competition. Lack of diversity.
As I said, there are plenty of ways to utilize independents to accomplish reasonable goals.
-----
Mike Hammett
Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
----- Original Message -----
From: "Rod Beck" <rod.beck () unitedcablecompany com>
To: "Mike Hammett" <nanog () ics-il net>
Cc: Nanog () nanog org...
Re: Canada joins the 21st century !
Lyndon Nerenberg (Dec 23)
Just as long as we have *someone* to Telus whom to chose.
Re: Canada joins the 21st century !
Rod Beck (Dec 23)
Thousands of ISPs that collectively add up to a pimple on a horse's ass. In practice you have two dominant landline
providers in each market, the ILEC and the cable company. A duopoly with a competitive fringe. Whereas other countries
like South Korea and France have achieved much higher broadband penetration rates using other approaches.
________________________________
From: NANOG <nanog-bounces () nanog org> on behalf of Mike...
Re: Wanted: volunteers with bandwidth/storage to help save climate data
Doug Barton (Dec 23)
There was no ambiguity, your argument was clear. I simply think you were
wrong. :)
Again, hard to see how the OP asking for assistance with his pet project
fits any definition of "have to deal with at an operational level."
But now I'm repeating myself, so I'll leave it at that.
Doug
 Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating
Re US government starts asking foreign travelers to disclose their social media accounts
Dave Farber (Dec 25)
Begin forwarded message:
> From: Brock <bnmeeks () verizon net>
> Date: December 25, 2016 at 9:21:36 AM EST
> To: dave () farber net
> Cc: ip <ip () listbox com>
> Subject: Re: [IP] US government starts asking foreign travelers to disclose their social media accounts
>
> Although there is good reason to be skeptical of such an approach, the use of the phrase "has started demanding" in
> the lede of...
Point of View: North Carolina no longer a democracy | News & Observer
Dave Farber (Dec 24)
http://www.newsobserver.com/opinion/op-ed/article122593759.html
-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now:...
Encryption App 'Signal' Fights Censorship With a Clever Workaround
Dave Farber (Dec 24)
Begin forwarded message:
> From: Dewayne Hendricks <dewayne () warpspeed com>
> Date: December 23, 2016 at 4:25:50 PM EST
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] Encryption App 'Signal' Fights Censorship With a Clever Workaround
> Reply-To: dewayne-net () warpspeed com
>
> Encryption App ‘Signal’ Fights Censorship With a Clever Workaround...
US government starts asking foreign travelers to disclose their social media accounts
Dave Farber (Dec 24)
Begin forwarded message:
> From: Dewayne Hendricks <dewayne () warpspeed com>
> Date: December 23, 2016 at 5:16:36 AM EST
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] US government starts asking foreign travelers to disclose their social media accounts
> Reply-To: dewayne-net () warpspeed com
>
> US government starts asking foreign travelers to disclose their...
Santa’s naughty and nice list hacked in massive data breach
Dave Farber (Dec 24)
Begin forwarded message:
> From: Ross Stapleton-Gray <ross.stapletongray () gmail com>
> Date: December 24, 2016 at 8:33:31 PM EST
> To: DAVID FARBER <dave () farber net>
> Subject: Santa’s naughty and nice list hacked in massive data breach
>
> (I would include Duffleblog in the very small pantheon of satire sites, along with The Onion and McSweeney's, that
> hit their marks consistently.)
>
>...
President Signs Law Protecting Your Right to Review
Dave Farber (Dec 24)
Begin forwarded message:
> From: Dewayne Hendricks <dewayne () warpspeed com>
> Date: December 23, 2016 at 4:28:00 PM EST
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] President Signs Law Protecting Your Right to Review
> Reply-To: dewayne-net () warpspeed com
>
> President Signs Law Protecting Your Right to Review
> The Consumer Review Fairness Act Is an Win...
The chaos theory of Donald Trump: Sowing confusion through tweets - The Washington Post
Dave Farber (Dec 24)
I wonder if anyone in Trump admin has read "On thermonuclear war" by Herman Kahn
Dave
https://www.washingtonpost.com/politics/the-chaos-theory-of-donald-trump-sowing-confusion-through-tweets/2016/12/23/11e1315c-c928-11e6-85b5-76616a33048d_story.html?utm_term=.3808ceaad4c7
-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed:...
This Is What the Resistance Sounds Like
Dave Farber (Dec 21)
Governor Jerry Brown says in this rousing, confidence-inspiring speech that if Donald Trump shuts down satellite
collection of climate data, “California will launch its own damn satellites.”
Read More:
http://www.theatlantic.com/notes/2016/12/this-is-what-the-resistance-sounds-like/510899/?utm_source=eb
-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed:...
Technology Projects Manager / Technology Projects Director
Dave Farber (Dec 20)
Begin forwarded message:
> From: Maggie Utgoff via eff-board <eff-board () eff org>
> Date: December 20, 2016 at 4:22:32 PM EST
> Subject: [E-B] Technology Projects Manager / Technology Projects Director
> Reply-To: Maggie Utgoff <mutgoff () eff org>
>
>
> https://www.eff.org/opportunities/jobs/technology-projects-manager-technology-projects-director
> --
> Maggie Utgoff
> Employee Experience Manager...
Forgers Use Fake Web Users to Steal Real Ad Revenue - NYTimes.com
Dave Farber (Dec 20)
An interesting article worth reading
http://mobile.nytimes.com/2016/12/20/technology/forgers-use-fake-web-users-to-steal-real-ad-revenue.html?em_pos=small&emc=edit_tu_20161220&nl=bits&nl_art=1&nlid=460598&ref=headline&te=1&_r=0&referer=
-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580...
Do we need a doctrine of cyber-warfare?
Dave Farber (Dec 20)
http://www.techpolicydaily.com/technology/russian-hacking-mess-long-short-view/
>
> The Russian Hacking Mess: The Long—and Short—View
> by: Claude Barfield
> December 20, 2016 6:00 am
> TECHNOLOGY
>
> REUTERS
>
> Last Friday, before departing for his Christmas vacation in Hawaii, President Barack Obama firmly promised (once
> again) that the United States would take action against Russian hacking and,...
Re EFF Ad in Wired: Tech Community Must Secure Networks Against Trump Administration
Dave Farber (Dec 20)
Begin forwarded message:
> From: "Libert, Tim" <tlibert () asc upenn edu>
> Date: December 20, 2016 at 12:56:55 PM EST
> To: "<dave () farber net>" <dave () farber net>
> Subject: Re: [IP] EFF Ad in Wired: Tech Community Must Secure Networks Against Trump Administration
>
> The problem is so much of the core infrastructure is now routed to a few select companies, well known to the NSA, and...
EFF Ad in Wired: Tech Community Must Secure Networks Against Trump Administration
Dave Farber (Dec 20)
Begin forwarded message:
> From: EFF Press via eff-board <eff-board () eff org>
> Date: December 20, 2016 at 10:00:14 AM EST
> To: <eff-all () eff org>
> Subject: [E-B] EFF Ad in Wired: Tech Community Must Secure Networks Against Trump Administration
> Reply-To: EFF Press <press () eff org>
>
>
>
>
> This is a friendly message from the Electronic Frontier Foundation. View it in a web...
Re WordPress brute force attacks – update
Dave Farber (Dec 19)
Begin forwarded message:
> From: Lauren Weinstein <lauren () vortex com>
> Date: December 19, 2016 at 4:40:07 PM EST
> To: dave () farber net
> Subject: Re: [IP] WordPress brute force attacks – update
>
>
> The simplest way to deal with this issue is to move the default WP login URL to some
> unguessable string. This can be done manually or with easy to install plugins.
> Leaving the login on the default is...
WordPress brute force attacks – update
David Farber (Dec 19)
Begin forwarded message:
From: "Evers Ridgely C." <rce () evers org>
Subject: WordPress brute force attacks – update
Date: December 19, 2016 at 3:29:44 PM EST
To: Farber David <dave () farber net>
Dave,
For IP if you wish.
As you may know, WordPress sites have been under heavy attack of late. One of my companies operates a number of them,
and the sheer number of alerts is staggering – and real.
The company from...
 The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.
Risks Digest 30.04
RISKS List Owner (Dec 20)
RISKS-LIST: Risks-Forum Digest Tuesday 20 December 2016 Volume 30 : Issue 04
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.04>
The current issue can also...
Risks Digest 30.03
RISKS List Owner (Dec 19)
RISKS-LIST: Risks-Forum Digest Monday 19 December 2016 Volume 30 : Issue 03
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.03>
The current issue can also be...
Risks Digest 30.02
RISKS List Owner (Dec 15)
RISKS-LIST: Risks-Forum Digest Thursday 15 December 2016 Volume 30 : Issue 02
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.02>
The current issue can also...
Risks Digest 30.01
RISKS List Owner (Dec 14)
RISKS-LIST: Risks-Forum Digest Wednesday 14 December 2016 Volume 30 : Issue 01
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.01>
The current issue can also...
Risks Digest 29.96
RISKS List Owner (Dec 10)
RISKS-LIST: Risks-Forum Digest Saturday 10 December 2016 Volume 29 : Issue 96
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.96>
The current issue can also...
Risks Digest 29.95
RISKS List Owner (Nov 29)
RISKS-LIST: Risks-Forum Digest Tuesday 29 November 2016 Volume 29 : Issue 95
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.95>
The current issue can also...
Risks Digest 29.94
RISKS List Owner (Nov 25)
RISKS-LIST: Risks-Forum Digest Friday 25 November 2016 Volume 29 : Issue 94
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.94>
The current issue can also be...
Risks Digest 29.93
RISKS List Owner (Nov 21)
RISKS-LIST: Risks-Forum Digest Monday 21 November 2016 Volume 29 : Issue 93
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.93>
The current issue can also be...
Risks Digest 29.92
RISKS List Owner (Nov 16)
RISKS-LIST: Risks-Forum Digest Wednesday 16 November 2016 Volume 29 : Issue 92
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.92>
The current issue can also...
Risks Digest 29.91
RISKS List Owner (Nov 13)
RISKS-LIST: Risks-Forum Digest Sunday 13 November 2016 Volume 29 : Issue 91
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.91>
The current issue can also be...
Risks Digest 29.90
RISKS List Owner (Nov 08)
RISKS-LIST: Risks-Forum Digest Tuesday 8 November 2016 Volume 29 : Issue 90
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.90>
The current issue can also be...
Risks Digest 29.89
RISKS List Owner (Oct 31)
RISKS-LIST: Risks-Forum Digest Monday 31 October 2016 Volume 29 : Issue 89
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.89>
The current issue can also be...
Risks Digest 29.88
RISKS List Owner (Oct 25)
RISKS-LIST: Risks-Forum Digest Tuesday 25 October 2016 Volume 29 : Issue 88
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.88>
The current issue can also be...
Risks Digest 29.87
RISKS List Owner (Oct 21)
RISKS-LIST: Forum Digest Friday 21 October 2016 Volume 29 : Issue 87
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.87>
The current issue can also be found...
Risks Digest 29.86
RISKS List Owner (Oct 19)
RISKS-LIST: Risks-Forum Digest Wednesday 19 October 2016 Volume 29 : Issue 86
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.86>
The current issue can also...
 BreachExchange — BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.
Oil industry networking site creator pleads guilty in U.S. hacking case
Audrey McNeil (Dec 23)
http://www.reuters.com/article/us-oilpro-crime-idUSKBN1482L5
The founder of an oil and gas networking website accused of hacking into a
rival site he had created and sold to DHI Group Inc pleaded guilty to a
computer fraud charge on Monday, prosecutors said.
Federal prosecutors in March charged David Kent, 41, with having stolen
data on more than 500,000 user resumes from Rigzone.com, which he sold for
$51 million in 2010, to boost the...
Maryland Delegate Promises New Legislation in Wake of Student Data Breach
Audrey McNeil (Dec 23)
http://www.govtech.com/education/Maryland-Delegate-
Promises-New-Legislation-in-Wake-of-Student-Data-Breach.html
A Maryland state legislator said he has been “stonewalled” in getting
information about a data breach affecting about 1,000 former Frederick
County students and will introduce legislation addressing what went wrong.
“If I, as a member of the Maryland General Assembly, cannot get answers,
then I cannot imagine how the young...
Amid Yahoo hacks, a churn of security officers
Audrey McNeil (Dec 23)
http://www.sfchronicle.com/business/article/Amid-Yahoo-
hacks-a-churn-of-security-officers-10814525.php
When Yahoo experienced the nation’s largest hacking attack, with
information stolen from more than 1 billion user accounts in August 2013,
it lacked a permanent information security chief.
The Sunnyvale company has struggled to retain top cybersecurity executives.
Since 2012, Yahoo has had three chief information security officers — a...
The sheer size of Yahoo's breach is presenting a challenge to regulators
Audrey McNeil (Dec 23)
https://news.vice.com/story/yahoos-data-breach-was-so-big-
its-presenting-a-challenge-to-regulators
Earlier this month, Yahoo revealed that it suffered a massive hack in 2013
that affected at least 1 billion user accounts. That came just three months
after the company disclosed a hack from 2014 that affected 500 million
accounts.
The breaches are thought to be the biggest of all time, presenting
uncharted territory for regulators at the Federal...
7 Common Hacking and Cyber Security Myths Exposed
Audrey McNeil (Dec 23)
http://codecondo.com/7-common-hacking-and-cyber-security-myths-exposed/
It seems a week doesn’t go by without a high profile hacking case making
the news. The reality is clear: companies need to take a much more serious
and proactive approach to their cyber defenses. Unfortunately there are a
number of myths that surround hacking and cyber security that can make it
harder for businesses to really understand how to defend themselves.
Here are...
How to Safeguard SMBs Data In 7 Steps
Audrey McNeil (Dec 23)
http://www.smallbizdaily.com/how-to-safeguard-smbs-data-in-7-steps/
A breach of data or loss of sensitive information can be disastrous for any
company, but for small businesses it could mean shutting down business the
very next day of its opening.
When considering the infrastructure of operations of a startup business, IT
is usually the least concern and lags behind other functions. This is
particularly the case for small-medium sized business...
The Cost of Ransomware Attacks Can Reach Far Beyond the Ransom Payment Itself
Audrey McNeil (Dec 23)
http://www.healthcare-informatics.com/article/cybersecurity/cost-ransomware-
attacks-can-reach-far-beyond-ransom-payment-itself
The ransomware epidemic continues to spread. According to the Federal
Bureau of Investigation, ransomware victims in the United States reported a
total of more than $209 million in losses in the first three months of 2016
alone. The U.S. Department of Justice has reported that an average of 4,000
ransomware attacks...
Hackers Slip into Networks During High Traffic Times: Here’s How to Stop Them
Audrey McNeil (Dec 23)
http://www.smartdatacollective.com/marcsollars/456611/hackers-
slip-networks-during-high-traffic-times-here-s-how-stop-them
Today’s digital attackers show extraordinary sophistication, long-term
planning, and guile. Threats are burrowing inside company networks every
time the network is busy. Peak demand events, like stores’ sales and
Holiday shopping, give criminals cover to introduce malware onto networks –
or carry out exploits such as...
How data privacy practices could make or break the sale of your company
Audrey McNeil (Dec 23)
http://www.geekwire.com/2016/data-privacy-practices-make-break-sale-company/
Yahoo’s sale to Verizon could be in jeopardy or severely discounted due to
its recent disclosure about a 2013 data breach. This isn’t just a big
company problem; smaller firms seeking to be acquired also need to be
concerned because privacy violations become a liability that transfers to
the acquiring company regardless of the acquisition size.
Over the last year,...
Definition of Insanity? Wendy’s Shareholders File Derivative Action Based on 2015-16 Data Breach
Audrey McNeil (Dec 23)
http://www.natlawreview.com/article/definition-insanity-
wendy-s-shareholders-file-derivative-action-based-2015-16-data
An old saw defines insanity as doing the same thing over and over again and
expecting a different result. Wendy’s shareholders recently flouted that
maxim by filing a derivative action this week against officers and
directors of the fast-food chain seeking recovery on behalf of the
corporation for damages arising from a data...
Yahoo Hack: Disclosure Lag Could Be a Simple Lack of Knowledge
Audrey McNeil (Dec 23)
http://gadgets.ndtv.com/internet/news/yahoo-hack-disclosure-lag-could-be-a-
simple-lack-of-knowledge-1638863
The scale of a second Yahoo breach disclosed Wednesday was staggering
enough, exposing information associated with 1 billion accounts. But
perhaps even more distressing was that the theft happened three years ago -
and had not been reported until now. That probably left a lot of consumers
wondering: Why does it take so long to find out...
Learning From A Year of Security Breaches
Inga Goddijn (Dec 22)
https://medium.com/starting-up-security/learning-from-a-year-of-security-breaches-ed036ea05d9b#.jautyh26y
This year (2016) I accepted as much incident response work as I could. I
spent about 300 hours responding to security incidents and data breaches
this year as a consultant or volunteer.
This included hands on work with an in-progress breach, or coordinating a
response with victim engineering teams and incident responders.
These lessons...
What is GDPR? Everything you need to know
Inga Goddijn (Dec 22)
http://www.itpro.co.uk/it-legislation/27814/what-is-gdpr-everything-you-need-to-know
*What is the GDPR?*
The EU's General Data Protection Regulation (GDPR)
<http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf>
is the result of four years of work by the EU to bring data protection
legislation into line with new, previously unforeseen ways that data is now
used.
Currently, the UK relies on the Data Protection...
How to create a cloud security strategy
Inga Goddijn (Dec 22)
http://www.itworldcanada.com/article/how-to-create-a-cloud-security-strategy/389402
Some CISOs get led into the cloud by their organizations, who decide they
have to take advantage of the power and flexibility of distributed systems.
Others are pushed into it by employees who simply sign up for cloud
services without management approval or knowledge.
Whichever way, the organization is going to run into trouble if it doesn’t
have a cloud...
UNL security breach puts thousands of current, former students' information at risk
Inga Goddijn (Dec 22)
http://www.ketv.com/article/unl-security-breach-puts-thousands-of-current-former-students-information-at-risk/8522433
University of Nebraska-Lincoln officials emailed students Tuesday to warn
them of a security breach.
The names, ID numbers and grades of 30,000 current and former students may
have been comprised over the last two years, the email read.
UNL officials said it discovered unauthorized access of a server that ran a
math placement...
 Metasploit — Development discussion for Metasploit, the premier open source remote exploitation tool
nullcon se7en CFP is open
nullcon (Aug 25)
Dear Friends,
Welcome to nullcon se7en!
$git commit -a <sin>
<sin> := wrath | pride | lust | envy | greed | gluttony | sloth
nullcon is an annual security conference held in Goa, India. The focus
of the conference is to showcase the next generation of offensive and
defensive security technology. We happily open doors to researchers
and hackers around the world working on the next big thing in security
and request...
Ruxcon 2015 Final Call For Presentations
cfp (Jul 05)
Ruxcon 2015 Final Call For Presentations
Melbourne, Australia, October 24-25
CQ Function Centre
http://www.ruxcon.org.au
The Ruxcon team is pleased to announce the first round of Call For Presentations for Ruxcon 2015.
This year the conference will take place over the weekend of the 24th and 25th of October at the CQ Function Centre,
Melbourne, Australia.
The deadline for submissions is the 15th of September, 2015.
.[x]. About Ruxcon .[x]....
 Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.
Re: Wireshark from PPA
Réczey Bálint (Dec 24)
Hi,
2016-12-24 14:16 GMT+01:00 Peter Wu <peter () lekensteyn nl>:
To reproduce the package please run this in a directory not managed by git:
dget https://launchpad.net/~wireshark-dev/+archive/ubuntu/stable/+files/wireshark_2.2.3+g57531cd-1~xenial1.dsc
&& \
cd wireshark-2.2.3+g57531cd/ && \
dpkg-buildpackage -b -us -uc -j10
The sbuild system the package is build may not even have git install
which could also affect the...
Enabling/disabling post dissectors
Michael Mann (Dec 24)
I started doing some cleanup on the TRANSUM post-dissector (https://code.wireshark.org/review/19406). Included in that
cleanup was removing an explicit preference to enable/disable the post-dissector (it apparently can be resource and
processor intensive) because dissectors can already be enabled/disabled through the Analyze -> Enable Protocols menu.
However this raised some questions about how to really classify post-dissectors (and are...
After a long hiatus my XDR to dissector code can actually generate a dissector that works
Richard Sharpe (Dec 24)
Hi folks,
I have pushed some initial code to here:
https://gitlab.com/realrichardsharpe/wireshark_rpcgen
This code is based on the stand-alone rpcgen in Ilumnos.
It can now handle all of RFC1832, I believe, but it is fairly
rudimentary in the following sense:
1. It does not do anything special with file handles, dates and times,
mode fields etc.
2. The names is uses are straight out of the XDR file so they look pretty ugly.
3. It probably...
Re: Packet sample repository/library?
Peter Wu (Dec 24)
You are right, I was a bit imprecise. In the context of VoIP calls, when
the 1-pass recognizes a conversation, the same conversation *should*
also be found by the 2-pass. Indeed, dissectors can add extra
information in the 2-pass (like a "Response in frame X" link) and these
would show in the tshark -2 output as well.
Re: Wireshark from PPA
Peter Wu (Dec 24)
Hey Dario,
You can try to build Debian packages with:
dpkg-buildpackage -b -us -uc -j10
(-b for binary, -uc/-us to avoid signing the builds, -j for parallelism)
Kind regards,
Peter
Re: Building latest Wireshark using VS2013
Graham Bloice (Dec 24)
It would just be one more thing to maintain and keep in step with the code
and the buildbots. As there is no "cost involved with moving to VS xxx
"latest" (apart from any corporate restrictions), the sensible advice is
just use the latest. If someone can find a definitive list of these
versions vs. VS Updates than that might be helpful.
My own view on the WSGD is that I'd prefer to keep it as simple as possible
with as few...
asn2wrs again
Eliot Lear (Dec 24)
Sorry to whine about this, but I'm struggling with the documentation a
bit. I'm trying to understand what is necessary to cause wireshark to
interpret a new OID in a certificate (a certificate extension- it's just
an IA5String). Simply including the MIB doesn't appear to be enough
(it's a very simple MIB). Listing the oid in the conformance file under
"#.REGISTER" doesn't do the trick either. I'm...
Re: Building latest Wireshark using VS2013
Andreas (Dec 24)
The installation of VS2013 was very old, I must admit. I have installed
the "VS2013 Update 5" and the errors related to C source code are vanished.
So this was really a compiler bug. Sorry for the noise.
I get this version number now at the command line. Would this an idea to
add the current version to the WSDG?
Okay, I made another mistake. I missed Cygwin packages asciidoc and
docbook-xml45. That's my mistake, but this has not...
Re: Building latest Wireshark using VS2013
Graham Bloice (Dec 23)
RTP player redesign in 2.x makes it worse than the legacy one
Peter Budny (Dec 23)
Hello,
I admit that this is only my opinion, but as someone who uses the RTP Player
in
Wireshare very regularly in my job, I hope you'll give it some
consideration:
The UI of the redesigned RTP Player in Wireshark 2.x *sucks*, and its
usability
is much worse than the old one that's now in Wireshark Legacy. To wit:
- The RTP Player (and other RTP windows) permanently take focus. Whichever
one
on top is the *only* window that's...
Re: Building latest Wireshark using VS2013
Pascal Quantin (Dec 23)
2016-12-23 10:52 GMT+01:00 João Valverde <joao.valverde () tecnico ulisboa pt>:
If I"m not mistaken, version 12.0.21005 was the first MSVC 2013 version.
Since 5 updates were released and we have no issue compiling the Wireshark
code with MSVC 2013 Update 5. The download link can be found here:
https://www.microsoft.com/en-us/download/details.aspx?id=48129
Once upgraded, my bet is that no patch will be required.
Re: Building latest Wireshark using VS2013
João Valverde (Dec 23)
I don't know much about MSVC but my best guess is broken C99 support.
Re: Building latest Wireshark using VS2013
Roland Knall (Dec 23)
Hi
The solution should rather be
if (tvb_get_ntohl(tvb, offset) != 0x20010000) {
return;
}
This follows the coding rules within the file. I can't even begin to
imagine, what msbuild is complaining about, but who really knows, what that
build-system is thinking in it's core......
The install path really does not matter, as long as you ensure, that it is
the correct iteration of cygwin (64bit for the 64bit msbuild). As...
Re: Building latest Wireshark using VS2013
Andreas (Dec 23)
I could "fix" the errors compiling the dissectors. This looks like a bug
in the VS2013 compiler I use. The function add_ipv6_address_teredo has
these lines:
if (tvb_get_ntohl(tvb, offset) != 0x20010000)
return;
guint16 mapped_port = tvb_get_ntohs(tvb, offset + 10) ^ 0xffff;
That's not accepted as a variable definition for 'mapped_port'. I could
make a workaround by changing the condition statement...
Re: Extcap limitations?
Roland Knall (Dec 23)
Hello
extcap is a frontend for WS pipes. Therefore it strongly relies on the
moment on the formates dumpcap supports on pipes, and that is only pcap atm.
There was talk and some movement in the direction of pcapng, and it is on
my list of items to be implemented in the next free timeslot (and for WS
2.4) but so far, there is no patch which could be submitted.
If you have some ideas in this regard, feel free to implement them.
kind regards...
 Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.
Re: 回复: Need help with telnet
Luke Ager (Dec 25)
Since telnet isn't exactly secure my advice would be to block it altogether if possible.
Sent from my iPhone
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/intel...
Re: [Snort-users] 回复: Need help with telnet
sepehr hashtroudilar (Dec 25)
No i cant speak in Chinese.
Let me simplify :
In my situation:
i want to detect and drop telnet cmd (send from client) bofore execution on
telnet server.
I want snort:
1. to check the stream and match rules with that.
2.If any rule matched dont send the final packet to server (witch in telnet
is always enter \r or 0d)
3.drop connection.
I know that stream5 and ftp/telnet is made for these purpose.
I tried many configuration, but all the time...
回复: Need help with telnet
eagleliujin (Dec 25)
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/intel_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to...
Need help with telnet
sepehr hashtroudilar (Dec 25)
Hi,
I have problem with telnet commands that user is typing.
The server to client is ok, and i successfully get the alert with incoming
packets from server, witch i can drop.
The problem starts with telnet behavior witch sends every character one by
one.
With stream5 i managed to get it work but i get the alert afther cmd
executed.
Witch I want is, to prevent cmd from execution (ips) and drop the packet
before is is executed.
For example: i...
Re: Snort Version 2.9.9.0 GRE (Build 56) not writing in Unified2 format
wkitty42 (Dec 23)
https://snort.org/faq/how-do-i-ask-a-good-question-on-the-snort-list
franco.esmores () donweb com
Franco Esmores (Dec 23)
franco.esmores () donweb com
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/intel
Snort Version 2.9.9.0 GRE (Build 56) not writing in Unified2 format
Franco Esmores (Dec 23)
Hello you all.
I'm having this issue that i can solve.
i've just upgraded snort to version 2.9.9.0 and there is no way to make
it write unified2 logs format.
Snort only writes "alert" in ASCII Text, and "snort.log.1482526387" wich
is PCAP file format.
This way barnyard2 can't figure out this file, thus,mysql snort database
does not record anything.
Can you help me out?
Thanks.
Greetings...
help
donne schlessinger (Dec 23)
Hello
I downloaded for Windows version, made a password, confirmed ii my email and logged in but I can no longer log in. I
thought maybe I forgot my password but when I request a new password, I get a message that says something like email
not recognized.
Thanks
Donne Schlessinger
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi...
Snort++ build 223 is now available on Snort.org!
Snort Releases (Dec 22)
Snort++ build 223 is now available on snort.org. This is the latest monthly
update available for download <https://snort.org/downloads/#snort-3.0>.
You can also get the latest updates from github
(snortadmin/snort3 <https://github.com/snortadmin/snort3>) which is
updated weekly.
There are too many changes to list here so check the ChangeLog
<https://github.com/snortadmin/snort3/blob/master/ChangeLog> for details....
Snort Subscriber Rules Update 2016-12-22
Research (Dec 22)
Talos Snort Subscriber Rules Update
Synopsis:
This release adds and modifies rules in several categories.
Details:
Talos has added and modified multiple rules in the blacklist,
exploit-kit, file-flash, malware-cnc, os-windows, policy-other,
protocol-scada and server-webapp rule sets to provide coverage for
emerging threats from these technologies.
For a complete list of new and modified rules please see:
https://www.snort.org/advisories
remove me from list
Jose Laboy (Dec 22)
Please
[tjmlogo]
Jose M. Laboy
312-432-5119
<a href="http://internet.tjmbrokerage.com/EmailDisclaimer.html";>Disclaimer</a>------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform...
Snort++ - PCAPs are missing some packets
João Soares (Dec 22)
Hi everyone,
I'm using Snort++ and saving both alert logs (alert_fast) and .pcaps of
the packets that triggered it. These are my configs:
log_pcap = {limit = 7, units = "M"}
alert_fast = {file = true, limit = 3, units = "G"}
I'm also using 12 threads, which means 12 alert or .pcap files are
created each time the respective size limit is reached.
It seems to be working for most cases, but there are some alerts...
c822775577302262c60c9417471f91c8ae6a07eb
Zakariae (Dec 22)
*MAACH Zakariae Administrateur Centre National pour la Recherche
Scientifique et Technique (CNRST)*
*Institut National de Géophysique (ING)angle avenue Allal el Fassi et
avenue des FARquartier Ryad BP 8027 NU , 10102 RABAT Mobile : 0664181578*
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one...
Snort performance: can a single snort instance with nearly 3000 rules handle 1G traffic per second?
Maxim (Dec 21)
Hi all,
Have you tested the snort performance? If I feed snort with 3,000 rules, how can I optimize its configuration to
handle 1 gigabits of traffic per second?Does any one have experience on this?
My hardware would be
Memory: 4G for snort
CPU: Intel I5
Many thanks.------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi...
Re: CVE-2016-3237 Rule
Joel Esler (jesler) (Dec 21)
This vulnerability doesn’t look like something we’d be able to detect. This is essentially trying to detect a MITM
(Man in the middle) on a password change.
We also maintain archives for these lists (some are currently inactive):
Read some old-school private security digests such as Zardoz at SecurityDigest.Org
We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.
|
Current Quarter
Archived Posts
RSS Feed
About List
Show Latest Posts
Hide Latest Posts
