SecLists.Org Security Mailing List Archive

Any hacker will tell you that the latest news and exploits are not found on any web site—not even Insecure.Org. No, the cutting edge in security research is and will continue to be the full disclosure mailing lists such as Bugtraq. Here we provide web archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:

Insecure.Org Lists

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

NSE Scripts Vinamra Bhatia (Feb 22)
Greetings everyone,
I loved the NMap Scripting Engine. So I learned Lua and now I want to
contribute by making some scripts or modifying NSE libraries. I have been
through some of the libraries and saw how they integrate together and I am
looking forward to contribute to it.
Can someone help me with some scripts to add? I don't find many bugs
related to NSE on issues.nmap.org
Thanks
Vinamra

Re: Request for Comments: New IPv6 OS detection machine learning engine Varunram Ganesh (Feb 20)
I think PCA might be a better choice considering we have a dataset of slightly greater than 300 fingerprints and for
neural networks to work correctly, we would need as many fingerprints as features. That being said, as you mentioned,
it'd be helpful to have more fingerprints to make the algorithm better (and maybe implement neural networks in the
future).
Cheers,Varunram _______________________________________________
Sent through the...

Re: Beefing up the docs john (Feb 20)
I for one would love to see this, fyodors book is great but i think
there are lots of things that could be updated, especially the scripts
section. I would also be great to see some more tutorials and examples.
I have never found a good guide on how to interpret nmap scan results.
Perhaps that's because it really is a bit of an art but i think we could
definitely add some guidance hear.

Other things that would have been usefull when i...

Beefing up the docs stripes (Feb 20)
Hi all,

I'm looking for a side project to work on, and one of the things I was
thinking of doing is beefing up the documentation for Nmap.

I've been working in security documentation for quite some time, and I
also use Nmap as a sysdmin/infosec professional, and I was wondering
what anyone's thoughts were on this.

It looks like some of the NSEs need documentation, some more examples
need to be documented, and even any coding...

Re: Request for Comments: New IPv6 OS detection machine learning engine Mathias Morbitzer (Feb 20)
This seems like a legitimate assumption. I'm wondering if this will
changes once all our light bulps have IPv6 Internet access... :)

I'm quoting Prabhjyot's "RFC" email [1] here:

"Advantages of MSRF:
i) It represents the actual hierarchy of operating systems more closely.
What I mean is that, two linux kernel are more similar than
a linux kernel and a windows system.
ii) The combined size of all models in msrf is...

An unexpected error has crashed Zenmap. Varunram Ganesh (Feb 17)
Hi there,
Could you give us a little more info on what caused Zenmap to crash?
Cheers,Varunram _______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Re: Ncrack rdp issue Fotis Chantzis (Feb 16)
Hello,
Ncrack RDP should be working properly against Windows Server 2003 and 2008.
Could you provide us with a tcpdump/wireshark dump to see what is going on
there? Another option would be to rerun Ncrack with the -d9 option and
print the output.

Re: gmake NMAP7.40 got error on solaris 10 Jitender khattar (Feb 15)
in which file we need to add this , we are using nmap version 7.40 we
dont have lprefix.h

Ncrack rdp issue Mr President (Feb 15)
Hello ,

I have try your Ncrack cracker with RDP (3389) i have only problems .

I have setup Windows server 2003 and Windows Server 2008 64 Bit on my
V-Machines and have running NCRack RDP my problem its:

root@localhost:/usr/vendetta# ncrack -u Administrator -P pass.txt -p 3389
81.169.129.194

Starting Ncrack 0.5 ( http://ncrack.org ) at 2017-02-13 11:58 GMT
Stats: 0:00:02 elapsed; 0 services completed (1 total)
Rate: 0.00; Found: 0; About 0.00%...

[no subject] Hemal Davara (Feb 15)
Version: 7.25BETA1
Traceback (most recent call last):
File "/usr/bin/zenmap", line 188, in <module>
zenmapGUI.App.run()
File "/usr/lib/python2.7/dist-packages/zenmapGUI/App.py", line 351, in run
window = new_window()
File "/usr/lib/python2.7/dist-packages/zenmapGUI/App.py", line 187, in
new_window
from zenmapGUI.MainWindow import ScanWindow
File...

An unexpected error has crashed Zenmap. Fahad Ali (Feb 15)
Version: 7.40
Traceback (most recent call last):
File "zenmap", line 188, in <module>
File "zenmapGUI\App.pyo", line 351, in run
File "zenmapGUI\App.pyo", line 187, in new_window
File "zenmapGUI\MainWindow.pyo", line 145, in <module>
File "zenmapGUI\ScanInterface.pyo", line 142, in <module>
File "zenmapGUI\ScanToolbar.pyo", line 131, in <module>
File...

GSoC 2017 my name is Jack Jack Jia (Feb 14)
hello all,

I am studying Computer Science at Wuhan University of Technology,China. I
am interested in participating in Google Summer of Code 2017 with the Nmap
project.

I am a network enthusiast and have been a user for 2 years. I've always
wanted to be involved in Nmap project even though I lack some large-scale
open source development experience.I think the coming gsoc is a great
opportunity for me to try to develop a module in...

Re: [NSE] New script: google-people-enum.nse Paulino Calderon (Feb 14)
Hi,

Unfortunately the API does not let you list all email addresses without knowing them. You will have to create your own
username list, keep in mind that a lot of places use the same naming scheme so we have been able to obtain dozens of
valid email addresses just following the naming scheme with common names and last names.

Cheers.

Re: [NSE] New script: google-people-enum.nse David Muscut (Feb 14)
Hi Paulino,

Is it possible to use this script to enumerate email addresses without
knowing the correct prefix (i.e. the string before the @) or do you need a
good username library to start with?

- D

Caution about NSE data packing Daniel Miller (Feb 13)
Hey, all,

I ran into a case where some NSE scripts were misbehaving on Solaris on
SPARC, and I found that the cause was a call to bin.pack [1] that relied on
"I" being packed little-endian. But SPARC is big-endian, so without an
explicit "<" to force litte-endianness, the wrong behavior was used.

I've gone through all the cases I could find of format strings without the
explicit byte order modifiers ("<"...

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe.

Nmap GSoC 2016 Success Report Fyodor (Feb 07)
Happy belated new year from the Nmap Project! I'd like to take this
opportunity to send you the belated results from our 2016 Summer of Code
team. I was going to send them right after the program finished, but some
of the students were still finishing some great things so I decided to
wait. As you may recall from the team intro mail (
http://seclists.org/nmap-announce/2016/2), we had 5 students last year and
I'm happy to report that...

Nmap 7.40 Holiday Release: a dozen new NSE scripts, hundreds of new fingerprints, new Npcap, faster brute forcing, and more... Fyodor (Dec 20)
Happy holidays from the Nmap Project! In case your Christmas break plans
involve a lot of port scanning, we're delighted to announce our holiday
Nmap 7.40 release! This version stuffs your stockings with dozens of new
features, including:

- 12 new NSE scripts
- Hundreds of updated OS and version detection detection signatures
- Faster brute force authentication cracking and other NSE library
improvements
- A much-improved...

Nmap 7.31 stability-focused point release Fyodor (Oct 21)
Hi folks. I'm happy to report that the big Nmap 7.30 release last month
was a great success. We didn't even see as many bugs as expected for such
a large release, but we have collected and fixed the ones which did arise
in the last few weeks into a new 7.31 point release. It includes the
latest updates to our new Npcap driver, a fix for Nping on Windows, and
more.

Nmap 7.31 source code and binary packages for Linux, Windows, and Mac...

Nmap 7.30 Released with new NSE scripts, new Npcap, new Fingerprints, etc. Fyodor (Sep 29)
Hi folks! You may have noticed that we've only been releasing Nmap betas
for the last 6 months because we've had so much new code and so many
features to integrate thanks to hard work from both our regular team and
the 5 Google Summer of Code summer interns. But we spent the last month
focused on stability and I'm pleased to announce Nmap 7.30--our first
stable release since 7.12 back in March.

Even though it's a stable...

Nmap 7.25BETA2 Birthday Release Fyodor (Sep 01)
Hi folks! I'm happy to report that today is Nmap's 19th birthday and
instead of cake, we're celebrating open source style with a new release!
Nmap 7.25BETA1 includes dozens of performance improvements, bug fixes, and
new features. The full list is below, and includes a major LUA upgrade for
NSE scripts, a new overlapped I/O engine for better Windows performance, a
much-improved version of our new Npcap packet capturing driver,...

Nmap 7.25BETA1 Released with our new Npcap driver, 6 new NSE scripts, and more! Fyodor (Jul 19)
Hi folks! As you may know, we've been working for the last 3 years on an
improved Windows packet capturing library named Npcap. It's based on the
original WinPcap (which hasn't been maintained in years), but we rewrote
the driver to use modern APIs (NDIS 6) for better performance. It also
improves security and enables new features. For example, Npcap allows Nmap
to do raw scans (including SYN scans and OS detection) of localhost...

Introducing the 2016 Nmap/Google Summer of Code Team! Fyodor (May 09)
Hello everyone. Google has agreed to sponsor five amazing students to
spend this summer enhancing the Nmap Security Scanner and I'm proud to
introduce our 2015 team:

*Abhishek Singh* will be working as a Feature Creeper and Bug Hunter,
making improvements throughout the Nmap codebase. The project hasn't even
started yet and he's already found and fixed several NSE script bugs and
has other code changes in the works. Abhishek is...

Nmap 7.10 released: 12 new scripts, hundreds of OS/version fingerprints, bug fixes, and more! Fyodor (Mar 17)
Hi Folks! Before I tell you about today's new Nmap release, I wanted to
share some Summer of Code news:

Google posted a fantastic story by one of our Summer of Code alumni about
how the program helped take him from rural China to a full-ride scholarship
at the University of Virginia graduate school! His mentor David and I had
the chance to meet him in San Francisco:...

Nmap Project Seeking Talented Programmers for Google Summer of Code 2016 Fyodor (Feb 29)
Hi folks. I'm delighted to report that Nmap has been accepted by Google to
participate in this year's Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We're one...

Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

ProjectSend r754 - IDOR & Authentication Bypass Vulnerability Vulnerability Lab (Feb 22)
Document Title:
===============
ProjectSend r754 - IDOR & Authentication Bypass Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2031

Release Date:
=============
2017-02-21

Vulnerability Laboratory ID (VL-ID):
====================================
2031

Common Vulnerability Scoring System:
====================================
5.3

Product & Service Introduction:...

Lock Photos Album&Videos Safe v4.3 - Directory Traversal Vulnerability Vulnerability Lab (Feb 22)
Document Title:
===============
Lock Photos Album&Videos Safe v4.3 - Directory Traversal Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2032

Release Date:
=============
2017-02-21

Vulnerability Laboratory ID (VL-ID):
====================================
2032

Common Vulnerability Scoring System:
====================================
7.8

Product & Service Introduction:...

[SYSS-2016-117] ABUS Secvest (FUAA50000) - Missing Protection against Replay Attacks Matthias Deeg (Feb 21)
Advisory ID: SYSS-2016-117
Product: ABUS Secvest (FUAA50000)
Manufacturer: ABUS
Affected Version(s): v1.01.00
Tested Version(s): v1.01.00
Vulnerability Type: Missing Protection against Replay Attacks
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2016-11-28
Solution Date: -
Public Disclosure: 2017-02-20
CVE Reference: Not yet assigned
Author of Advisory: Matthias Deeg (SySS GmbH)...

Multiple cross-site request forgery (CSRF) vulnerabilities in the DIGISOL (DG-HR 1400) Wireless Router Indrajith AN (Feb 21)
Title:
====

D-link wireless router DIR-816L – Cross-Site Request Forgery (CSRF)
vulnerability

Credit:
======

Name: Indrajith.A.N

Date:
====

21-02-2017

Vendor:
======

DIGISOL router is a product of Smartlink Network Systems Ltd. is one of
India's leading networking company. It was established in the year 1993 to
prop the Indian market in the field of Network Infrastructure.

Product:
=======

DIGISOL DG-HR1400 is a wireless Router...

Blindspot Advisory: Java/Python FTP Injections Allow for Firewall Bypass Timothy D. Morgan (Feb 21)
Overview
Recently, an vulnerability in Java's FTP URL handling code has been published which allows for protocol stream
injection. It has been shown[1] that this flaw could be used to leverage existing XXE or SSRF vulnerabilities to send
unauthorized email from Java applications via the SMTP protocol. While technically interesting, the full impact of this
protocol stream injection has not been fully accounted for in existing public...

Siklu EtherHaul Unauthenticated Remote Command Execution Vulnerability (<7.4.0) Ian Ling (Feb 21)
[+] Credits: Ian Ling
[+] Website: iancaling.com
[+] Source: http://blog.iancaling.com/post/155127766533

Vendor:
=================
https://www.siklu.com/

Product:
======================
-Siklu EtherHaul (EH-*)

Vulnerability Details:
=====================

Siklu EtherHaul devices are vulnerable to an unauthenticated remote command
execution (RCE) vulnerability. This vulnerability allows an attacker to
execute commands and retrieve information...

Recon Montreal 2017 Call For Papers - June 16 - 18 - Montreal, Canada cfpmontreal2017 (Feb 21)
\ +
-6)) + +
\
+

+ + +
+

__\u/__
. - ., _ '

'
▀▄ ▄▀
+...

NETGEAR DGN2200v1/v2/v3/v4 - 'ping.cgi' Remote Command Execution Kroppoloe (Feb 21)
# Exploit Title: NETGEAR Firmware DGN2200v1/v2/v3/v4 NON-ADMIN AUTHENTICATED RCE
# Date: 2017-02-18
# Exploit Author: SivertPL
# Vendor Homepage: http://netgear.com/
# Software Link:
http://www.downloads.netgear.com/files/GDC/DGN2200/DGN2200%20Firmware%20Version%201.0.0.20%20-%20Initial%20Release%20(NA).zip
# Version: 10.0.0.20 (initial) - 10.0.0.50 (latest, still 0-day!)
# Tested on: DGN2200v1,v2,v3,v4

There's a pretty nice command...

APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1 Apple Product Security (Feb 21)
APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1

Logic Pro X 10.3.1 is now available and addresses the following:

Projects
Available for: OS X Yosemite v10.10 or later (64 bit)
Impact: Opening a maliciously crafted GarageBand Project file may
lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2017-2374: Tyler Bohan of Cisco Talos

Installation note:

Logic Pro X may be obtained...

APPLE-SA-2017-02-21-1 GarageBand 10.1.6 Apple Product Security (Feb 21)
APPLE-SA-2017-02-21-1 GarageBand 10.1.6

GarageBand 10.1.6 is now available and addresses the following:

Projects
Available for: OS X Yosemite v10.10 or later
Impact: Opening a maliciously crafted GarageBand Project file may
lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2017-2374: Tyler Bohan of Cisco Talos

Installation note:

GarageBand may be obtained from the Mac...

PHPShell v2.4 Cross Site Scripting hyp3rlinx (Feb 21)
[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/PHPSHELL-v2.4-CROSS-SITE-SCRIPTING.txt
[+] ISR: ApparitionSec

Vendor:
==========
sourceforge.net/projects/phpshell/
phpshell.sourceforge.net/

Product:
=============
PHPShell v2.4

Vulnerability Type:
====================
Cross Site Scripting

CVE Reference:
==============
N/A

Security Issue:
================...

PHPShell v2.4 Session Fixation hyp3rlinx (Feb 21)
[+] Credits: John Page AKA hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/PHPSHELL-v2.4-SESSION-FIXATION.txt
[+] ISR: ApparitionSec

Vendor:
==================================
sourceforge.net/projects/phpshell/
phpshell.sourceforge.net/

Product:
==============
PHPShell v2.4

Vulnerability Type:
===================
Session Fixation

CVE Reference:
==============
N/A

Security Issue:...

Sawmill Enterprise v8.7.9 Pass The Hash Authentication Bypass hyp3rlinx (Feb 21)
[+] Credits: John Page AKA Hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/SAWMILL-PASS-THE-HASH-AUTHENTICATION-BYPASS.txt
[+] ISR: ApparitionSec

Vendor:
===============
www.sawmill.net

Product:
========================
Sawmill Enterprise v8.7.9

sawmill8.7.9.4_x86_windows.exe
hash: b7ec7bc98c42c4908dfc50450b4521d0

Sawmill is a powerful heirarchical log analysis tool that runs on every...

Album Lock v4.0 iOS - Directory Traversal Vulnerability Vulnerability Lab (Feb 20)
Document Title:
===============
Album Lock v4.0 iOS - Directory Traversal Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2033

Release Date:
=============
2017-02-20

Vulnerability Laboratory ID (VL-ID):
====================================
2033

Common Vulnerability Scoring System:
====================================
7.2

Product & Service Introduction:...

PDFMate PDF Converter Pro 1.7.5.0 - Buffer Overflow Vulnerability Vulnerability Lab (Feb 20)
Document Title:
===============
PDFMate PDF Converter Pro 1.7.5.0 - Buffer Overflow Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2029

Release Date:
=============
2017-01-30

Vulnerability Laboratory ID (VL-ID):
====================================
2029

Common Vulnerability Scoring System:
====================================
5.9

Product & Service Introduction:...

Other Excellent Security Lists

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

[security bulletin] HPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information security-alert (Feb 21)
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05398322

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05398322
Version: 1

HPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX
running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive
Information

NOTICE: The information in this Security Bulletin should be acted...

APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1 Apple Product Security (Feb 21)
APPLE-SA-2017-02-21-2 Logic Pro X 10.3.1

Logic Pro X 10.3.1 is now available and addresses the following:

Projects
Available for: OS X Yosemite v10.10 or later (64 bit)
Impact: Opening a maliciously crafted GarageBand Project file may
lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2017-2374: Tyler Bohan of Cisco Talos

Installation note:

Logic Pro X may be obtained...

PDFMate PDF Converter Pro 1.7.5.0 - Buffer Overflow Vulnerability Vulnerability Lab (Feb 20)
Document Title:
===============
PDFMate PDF Converter Pro 1.7.5.0 - Buffer Overflow Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2029

Release Date:
=============
2017-01-30

Vulnerability Laboratory ID (VL-ID):
====================================
2029

Common Vulnerability Scoring System:
====================================
5.9

Product & Service Introduction:...

[SECURITY] [DSA 3790-1] spice security update Salvatore Bonaccorso (Feb 16)
-------------------------------------------------------------------------
Debian Security Advisory DSA-3790-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
February 16, 2017 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : spice
CVE ID : CVE-2016-9577 CVE-2016-9578
Debian...

[SYSS-2017-004] Simplessus Files: Path Traversal adrian . vollmer (Feb 16)
Advisory ID: SYSS-2017-004
Product: Simplessus Files
Manufacturer: Simplessus
Affected Version(s): 3.7.7
Tested Version(s): 3.7.7
Vulnerability Type: Path Traversal (CWE-22)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: January 25, 2017
Solution Date: January 25, 2017
Public Disclosure: February 16, 2017
CVE Reference: Not yet assigned
Author of Advisory: Dr. Adrian Vollmer, SySS GmbH...

[SYSS-2017-001] Simplessus Files: SQL Injection adrian . vollmer (Feb 16)
Advisory ID: SYSS-2017-001
Product: Simplessus Files
Manufacturer: Simplessus
Affected Version(s): 3.7.7
Tested Version(s): 3.7.7
Vulnerability Type: SQL Injection (CWE-89)
Risk Level: High
Solution Status: Open
Manufacturer Notification: January 25, 2017
Solution Date: January 25, 2017
Public Disclosure: February 16, 2017
CVE Reference: Not yet assigned
Author of Advisory: Dr. Adrian Vollmer, SySS GmbH...

KL-001-2017-003 : Trendmicro InterScan Remote Root Access Vulnerability KoreLogic Disclosures (Feb 15)
KL-001-2017-003 : Trendmicro InterScan Remote Root Access Vulnerability

Title: Trendmicro InterScan Remote Root Access Vulnerability
Advisory ID: KL-001-2017-003
Publication Date: 2017.02.15
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-003.txt

1. Vulnerability Details

Affected Vendor: Trendmicro
Affected Product: InterScan Web Security Virtual Appliance
Affected Version: OS Version...

KL-001-2017-001 : Trendmicro InterScan Arbitrary File Write KoreLogic Disclosures (Feb 15)
KL-001-2017-001 : Trendmicro InterScan Arbitrary File Write

Title: Trendmicro InterScan Arbitrary File Write
Advisory ID: KL-001-2017-001
Publication Date: 2017.02.15
Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-001.txt

1. Vulnerability Details

Affected Vendor: Trendmicro
Affected Product: InterScan Web Security Virtual Appliance
Affected Version: OS Version 3.5.1321.el6.x86_64; Application...

Cisco Security Advisory: Cisco UCS Director Privilege Escalation Vulnerability Cisco Systems Product Security Incident Response Team (Feb 15)
Cisco Security Advisory: Cisco UCS Director Privilege Escalation Vulnerability

Advisory ID: cisco-sa-20170215-ucs

Revision 1.0

For Public Release 2017 February 15 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the web-based GUI of Cisco UCS Director could allow an authenticated, local attacker to execute
arbitrary workflow items with just an end-user profile.

The...

CVE-2017-5585: SQL injection in OpenText Documentum Content Server 7.3 (PostgreSQL builds only) Andrey B. Panfilov (Feb 15)
CVE Identifier: CVE-2017-5585
Vendor: OpenText
Affected products: OpenText Documentum Content Server 7.3 (PostgreSQL builds only)
Researcher: Andrey B. Panfilov
Severity Rating: CVSS v3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Fix: not available

Description:

Previously announced fix for CVE-2014-2520 seems to be incomplete: when PostgreSQL Database is used and
return_top_results_row_based config option is set to false, Content...

CVE-2017-5586: Remote code execution in OpenText Documentum D2 Andrey B. Panfilov (Feb 15)
CVE Identifier: CVE-2017-5586
Vendor: OpenText
Affected products: Documentum D2 version 4.x
Researcher: Andrey B. Panfilov
Severity Rating: CVSS v3 Base Score: 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Description: Document D2 contains vulnerable BeanShell (bsh) and Apache Commons libraries and accepts serialised data
from untrusted sources, which leads to remote code execution

Proof of concept:...

[security bulletin] HPESBHF03703 rev.1 - HPE Network Products including Comware v7 and VCX using OpenSSL, Remote Unauthorized Disclosure of Information security-alert (Feb 14)
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05390893

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05390893
Version: 1

HPESBHF03703 rev.1 - HPE Network Products including Comware v7 and VCX using
OpenSSL, Remote Unauthorized Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible....

Cisco Security Response: Cisco Smart Install Protocol Misuse Cisco Systems Product Security Incident Response Team (Feb 14)
Cisco Security Response: Cisco Smart Install Protocol Misuse

Response ID: cisco-sr-20170214-smi

Revision 1.0

For Public Release 2017 February 14 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Several researchers have reported on the use of Smart Install (SMI) protocol messages
toward Smart Install clients, also known as integrated branch clients (IBC), allowing an
unauthenticated,...

[security bulletin] HPESBGN03697 rev.1 - HPE Business Service Management (BSM), Remote Disclosure of Information security-alert (Feb 14)
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05390849

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05390849
Version: 1

HPESBGN03697 rev.1 - HPE Business Service Management (BSM), Remote Disclosure
of Information

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2017-02-14
Last Updated:...

[security bulletin] HPSBMU03691 rev.1 - HPE Insight Control, Multiple Remote Vulnerabilities security-alert (Feb 14)
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05390722

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05390722
Version: 1

HPSBMU03691 rev.1 - HPE Insight Control, Multiple Remote Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2017-02-14
Last Updated: 2017-02-14...

Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.

[ERPSCAN-16-035] SAP Solman - user accounts disclosure ERPScan inc (Dec 20)
Application: SAP Solman

Versions Affected: SAP Solman 7.1-7.31

Vendor URL: http://SAP.com

Bugs: Information Disclosure

Sent: 12.07.2016

Reported: 13.07.2016

Vendor response: 13.07.2016

Date of Public Advisory: 13.09.2016

Reference: SAP Security Note 2344524

Author: Roman Bezhan (ERPScan)

Description

1. ADVISORY INFORMATION

Title:[ERPSCAN-16-035] SAP Solman – user accounts disclosure

Advisory ID:[ERPSCAN-16-035]

Risk: high...

Faraday v2.2: Collaborative Penetration Test and Vulnerability Management Platform Francisco Amato (Nov 23)
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that help users improve their own
work, the main purpose is to...

[ERPSCAN-16-031] SAP NetWeaver AS ABAP – directory traversal using READ DATASET ERPScan inc (Nov 22)
Application: SAP NetWeaver AS ABAP

Versions Affected: SAP NetWeaver AS ABAP 7.4

Vendor URL: http://SAP.com

Bugs: Directory traversal

Sent: 22.04.2016

Reported: 23.04.2016

Vendor response: 23.04.2016

Date of Public Advisory: 09.08.2016

Reference: SAP Security Note 2312966

Author: Daria Prosochkina (ERPScan)

Description

1. ADVISORY INFORMATION

Title: [ERPSCAN-16-031] SAP NetWeaver AS ABAP – directory traversal
using READ DATASET...

[ERPSCAN-16-032] SAP Telnet Console – Directory traversal vulnerability ERPScan inc (Nov 22)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.1 to 7.5

Vendor URL: http://SAP.com

Bugs: Directory traversal

Sent: 04.12.2015

Reported: 05.12.2015

Vendor response: 05.12.2015

Date of Public Advisory: 09.08.2016

Reference: SAP Security Note 2280371

Author: Mathieu Geli (ERPScan)

Description

1. ADVISORY INFORMATION

Title: [ERPSCAN-16-032] SAP Telnet Console – Directory traversal vulnerability...

[ERPSCAN-16-033] SAP NetWeaver AS JAVA icman - DoS vulnerability ERPScan inc (Nov 22)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.4

Vendor URL: http://SAP.com

Bug: Denial of Service

Sent: 22.04.2016

Reported: 23.04.2016

Vendor response: 23.04.2016

Date of Public Advisory: 09.08.2016

Reference: SAP Security Note 2313835

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: [ERPSCAN-16-033] SAP NetWeaver AS JAVA icman – DoS vulnerability

Advisory...

[ERPSCAN-16-034] SAP NetWeaver AS JAVA - XXE vulnerability in BC-BMT-BPM-DSK component ERPScan inc (Nov 22)
Application: SAP NetWeaver AS JAVA

Versions Affected: SAP NetWeaver AS JAVA 7.4

Vendor URL: http://SAP.com

Bug: XXE

Sent: 09.03.2016

Reported: 10.03.2016

Vendor response: 10.03.2016

Date of Public Advisory: 09.08.2016

Reference: SAP Security Note 2296909

Author: Vahagn Vardanyan (ERPScan)

Description

1. ADVISORY INFORMATION

Title: [ERPSCAN-16-034] SAP NetWeaver AS JAVA – XXE vulnerability in
BC-BMT-BPM-DSK component

Advisory...

MobSF v0.9.3 is Released: Now supports Windows APPX Static Analysis Ajin Abraham (Nov 22)
Hello Folks,

MobSF v0.9.3 is released.

About MobSF

Mobile Security Framework (MobSF) is an intelligent, all-in-one open
source mobile application (Android/iOS/Windows) automated pen-testing
framework capable of performing static and dynamic analysis. It can be
used for effective and fast security analysis of Android, iOS and
Windows mobile Applications and supports both binaries (APK, IPA &
APPX ) and zipped source code. MobSF can also...

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

Arachni Framework v1.5 & WebUI v0.5.11 have been released (Web Application Security Scanner) Tasos Laskos (Feb 01)
Hey folks,

There's a new version of Arachni, a modular and high-performance Web Application Security Scanner Framework.

The highlights of this release are:

* Added arachni_reproduce utility allowing issues in reports to be reproduced.
* Browser updated to the latest PhantomJS version for improved support of modern webapps.
* New SAX based HTML parser allowing for much faster and lightweight parsing.
* Improved XSS, SQL injection,...

Faraday v2.3: Collaborative Penetration Test and Vulnerability Management Platform Francisco Amato (Jan 31)
We are very proud to present the first 2017 edition of the Faraday
Platform! Faraday v2.3 is ready to download!

Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email....

RVAsec 2017 Call for Presentations (CFP Sullo (Jan 23)
The CFP for RVAsec 2017 is underway!

____________________________________
RVAsec // June 8-9th, 2017 // Richmond, VA

RVAsec is a Richmond, VA based security convention that brings top
industry speakers to the midatlantic region. In its fourth year,
RVAsec 2016 attracted nearly 400 security professionals from across
the country.

Talks must be 50 minutes in length, and submissions will need to
select from one of two tracks: business or...

Faraday v2.2: Collaborative Penetration Test and Vulnerability Management Platform Francisco Amato (Nov 23)
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that help users improve their own
work, the main purpose is to...

MobSF v0.9.3 is Released: Now supports Windows APPX Static Analysis Ajin Abraham (Nov 22)
Hello Folks,

MobSF v0.9.3 is released.

About MobSF

Mobile Security Framework (MobSF) is an intelligent, all-in-one open
source mobile application (Android/iOS/Windows) automated pen-testing
framework capable of performing static and dynamic analysis. It can be
used for effective and fast security analysis of Android, iOS and
Windows mobile Applications and supports both binaries (APK, IPA &
APPX ) and zipped source code. MobSF can also...

Re: IE11 is not following CORS specification for local files Ricardo Iramar dos Santos (Oct 13)
Same attack using XSS as vector.
Imagine that https://xss-doc.appspot.com is a site about gift cards.
The XSS payload below will create a giftcard.htm file in the default
download folder.
If the victim open the file a GET to
https://mail.google.com/mail/u/0/#inbox will be submitted.
After the GET the file will perform a POST to
http://192.168.1.36/req.php using the GET response as a body.
An attacker would be able to read all the emails in the...

Re: IE11 is not following CORS specification for local files Ricardo Iramar dos Santos (Oct 05)
I did a small improvement in this attack.
Using IE File API
(https://msdn.microsoft.com/en-us/library/hh772315(v=vs.85).aspx) an
attacker would be able to create a web page with the content below and
send to a victim.
A local file with the same content that I sent previously would be
created on download default folder.
If the victim perform the three following clicks (Save, Open and Allow
blocked content) an attacker would be able to perform any...

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

Re: Improvements Tracy Reed (Feb 16)
On Wed, Feb 15, 2017 at 08:46:34AM PST, Jordan Wiens spake thusly:

In the industry that I see there is huge pressure from the c-suite to
buy a pre-packaged product (aka silver bullet) and strong disincentive
to spend time rolling your own custom franken-solution which the
management will have no faith in because one of their own employees
built it instead of a big name which can boast about magic quadrants and
such.

Re: Improvements Wim Remes (Feb 16)
Isn't this what Phantom and other "security orchestration" companies are
pushing right now?

The biggest roadblock is that every traditional security vendor is trying
to be the "data hub", hoarding information. Badly constructed and horribly
documented APIs, stupid myopic dashboards, rate limiting on APIs, etc. etc.
are the trademarks of those data hoarders. I wonder how long it takes
before they realize they're...

Re: Improvements Jordan Wiens (Feb 15)
When I last played defender over a decade ago at a large university, we
built what sounds like exactly the same sort of system. It was an ugly mess
of perl and it worked fantastically. The rules were crude and didn't have
nearly the visibility into the network (partially because the host
inspection technologies didn't exist and partially because as a university
security engineering you often don't have permission to touch most of...

Tactical OPSEC in INNUENDO Dave Aitel (Feb 15)
https://vimeo.com/200421115

If you have ten minutes in some line at RSAC, and you want to see a great
video, then click that link above. :)

The summary is this: You only want your implant to use the web for C2 when
there are people using the web! No implant should be going out over HTTPS
when everyone in the office is at home watching Desperate Housewives of
Pyongyang!

One mantra we have when building INNUENDO is that OPSEC is often much...

Improvements Dave Aitel (Feb 15)
http://www.securityweek.com/crowdstrike-sues-nss-labs-prevent-publication-test-results

[image: fRPrLXf.jpg]
One thing I've had problems with is learning that people can "get gud".
It's one of the reasons I always cringe at the inevitable policy trope of
"Cyber war is easier for attackers than defenders. Yesterday I was talking
to a professional CISO - one of the ones I've known for years out of the
NYC scene....

For Daily Dave.... SUZANNE KECMER (Feb 13)
Hi!

It’s been quite some time since we have last connected (INFILTRATE 2014 to be exact)! Since then, I have left
investment banking for a start-up(ish) venture inside the Advanced Research Institutes of Norwich University (NUARI).
In partnership with DHS, NUARI has developed a distributed (virtual) live exercise platform---specifically to address
the strategic and business process implications of cyber issues pertaining to critical...

Bug Bounties dave aitel (Feb 08)
<death threats for bug bounties image>
(https://myasides.com/bug-bounty-programs/)

So occasionally I get into it on Twitter with the bug bounties crowd,
and they call me a hater. But mostly what I hate is the hype around bug
bounties. . . which is considerable. If you've been dipping your toe
into the policy world you can't avoid it, but even from outside there
you get to see the DoD launch a bug bounties program (at INFILTRATE...

Learning the Wrong Lessons from team-offense.. Haroon Meer (Feb 08)
Heya(s)

The kind folks at t2.fi (which is a pretty great conference) have uploaded
the video of our talk: "Learning the wrong lessons from Offense" (
http://t2.fi/2017/02/05/haroon-meer-keynote-2016/)

The central premise is that there are lessons to learn from offense, but
that for the most part we have been looking to learn the wrong ones..

Like much of our stuff, it features thoughts stolen from Adam Shostack,
Halvar, Dino, four,...

Confusion and hosts and reputation dave aitel (Feb 07)
So I've spent some time today trying to understand the various hoopla
around "domain fronting". And it's a TOCTOU bug that cloud providers
could fix, but hopefully won't. Previous state of the art in bypassing
WebSense and Cisco's proxy and FortiGate and the rest was just to hack
some random PHP website. This never gets old, and is a good warm-up for
real hacking.

The basic understanding is that when you make an...

Re: Webex and RCE Kristian Erik Hermansen (Jan 30)
Other than this new remote code execution, wasn't it widely known that even
older versions of WebEx would download sub-resource JAR files over
unencrypted HTTP and just run them without verification? As such, remote
code execution for WebEx (on a hostile network) has been going on a long
time and, as with anything, surely there are additional vectors no one has
found yet and others have kept their lips sealed about ;) Yeah, this is why
many...

Re: Webex and RCE Ryan Duff (Jan 26)
It should also be worth noting that Cisco's "fix" for this is to only allow
this behavior from "https://*.webex.com"; or "https://*.webex.com.cn";.

First off, I really hope those domains aren't at all vulnerable to XSS or
this could still be exploited. But the largest issue here in my eyes is
that their "fix" is to basically say "now, only Cisco can arbitrarily
execute code on your...

Webex and RCE dave aitel (Jan 24)
Trainings tend to be about the past. They are more war stories than
distilled wisdom. Like when we teach you how to do a client-side and
then a kernel exploit
<http://infiltratecon.com/training.html#click-here-for-ring0>, that's
because that's the attack path that's been most successful for us in the
past.

But a lot of hacking is less brute force than that - a lot of it is just
knowing where to look, or gaining expertise in...

Re: #HackingTogether.org Dave Aitel (Jan 23)
Just as a secondary note, we always offer non-alcoholic cocktails at
INFILTRATE for similar reasons...

-dave

Exploits are chameleons dave aitel (Jan 23)
To mathematicians, exploits are proofs to theorems. To foreign policy
people who specialize in export control, they are "dual-use items", and
to people in information security they are simply ground truths of our
shifting domains.

To state it more simply: Vendor advisories lie to you. Or they present
"alternative truths", sometimes on purpose, sometimes not. Exploits are
your only way to dispel this action in a definitive...

#HackingTogether.org Rob Fuller (Jan 23)
I'm soo late to this game but I made a video to describe my feelings about
it and help where I can to spread the word:

https://www.youtube.com/watch?v=Wggu_qaYJaQ

part of http://hackingtogether.org/

We on this list are for the most part already participating in a social
group that has support. I'm not saying we don't have problems, but the ones
that don't have such support, who aren't part of any groups or you only see...

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

Re: [Security Weekly] cheap hosting Robin Wood (Sep 23)
Resurrecting an old thread but they now have an affiliate program and I can
issue my own codes so:

20% off all servers AqUVYbUXag
50% off all big dog (whatever that is) 7E9YRUzEZy

After a month with them, their tech support is OK but not great, the server
has stayed up and not had any problems.

Robin

Re: [Security Weekly] projecting in a bight space Jeremy Pommerening (Aug 28)
I would look for a projector with at least 6000 ANSI Lumens or better. A darker screen (grey) may also help.

Jeremy Pommerening

________________________________
From: Robin Wood <robin () digi ninja>
To: Security Weekly Mailing List <pauldotcom () mail securityweekly com>
Sent: Sunday, August 3, 2014 3:42 AM
Subject: [Security Weekly] projecting in a bight space

I've been looking at the venue for next year's...

[Security Weekly] Two Firefox security bugs related to HTTPS ffbugishere (Aug 17)
Hello world!

We need votes for security bugs!

Adding "Security Exception" for self-signed HTTPS sites cannot be done
permanently
https://bugzilla.mozilla.org/show_bug.cgi?id=1050100

Firefox 31 doesn't supports the industry recommended best HTTPS
ciphers
https://bugzilla.mozilla.org/show_bug.cgi?id=1051210

Other browsers should have the same bugs fixed..

p.s.: We are not related to this group, but we think they worth a
penny...

Re: [Security Weekly] Java and Flash decompilers Will Metcalf (Aug 05)
JPEXS is very nice for flash IMHO.

http://www.free-decompiler.com/flash/

Regards,

Will

Re: [Security Weekly] Java and Flash decompilers Bradley McMahon (Aug 05)
I've used flare before to pull apart a flash site for a client.
http://www.nowrap.de/flare.html

-Brad

Re: [Security Weekly] SecurityCenter alternative Steven McGrath (Aug 04)
SC certainly isn’t cheap (as a former SC customer that moved over to Tenable I can attest to that) however I can point
out that the data aggregation, trending, and custom reporting were huge wins in my book. I guess its a time/money
trade-off. How much time do you want to spend either cobbling together a tool or manually aggregating the data when
there is another tool already out there that can do it out of the box.

I can speak in more...

Re: [Security Weekly] Java and Flash decompilers S. White (Aug 04)
A few I've used in the past:

JAD - http://varaneckas.com/jad/ , http://en.wikipedia.org/wiki/JAD_(JAva_Decompiler)

HP SWFscan

Adobe SWF investigator http://labs.adobe.com/technologies/swfinvestigator/

________________________________
From: Robin Wood <robin () digi ninja>
To: Security Weekly Mailing List <pauldotcom () mail securityweekly com>
Sent: Monday, August 4, 2014 5:54 AM
Subject: [Security Weekly] Java and...

[Security Weekly] DoFler @ BSidesLV Steven McGrath (Aug 04)
This will be the 3rd year that DoFler (the Dashboard of Fail) will be at BSidesLV. This year I wrote a new spiffy
interface for maximum trolling. Let’s be honest now, everyone loves to surf for various forms of horrible on the
internet at cons :D. Also added this year is a little vulnerability analysis (using Tenable’s PVS). Every year I try
to improve it a bit based on everyone’s input, and am always welcome to more feedback.

DB...

Re: [Security Weekly] cheap hosting Robin Wood (Aug 04)
Already sorted but thanks for the info.

Re: [Security Weekly] Java and Flash decompilers Nathan Sweaney (Aug 04)
Here are a few others I've used with varying success in the past:

SWFInvestigator - http://labs.adobe.com/technologies/swfinvestigator/
SWFScan - from Rafal Los at HP, though the link has been deleted. (Careful,
I've seen trojaned copies online.)

Re: [Security Weekly] SecurityCenter alternative Paul Asadoorian (Aug 04)
Thanks all for the informative discussion!

I know, I'm jumping in late, some closing thoughts on the subject:

- SecurityCenter has the unique advantage of consolidating plugin
updates, meaning you could have hundred of Nessus scanners deployed in
your organization, and the scanners get the plugin feed from your
SecurityCenter system. The removes the requirement of Internet access
(From the scanners), and greatly eases the administration...

Re: [Security Weekly] SecurityCenter alternative k41zen (Aug 04)
Thanks for all of your help.

We are in discussions with our Tenable contact about solutions for this issue. They’ve helped me out by enabling me to
move forward to at least deploy this into a Pre-Production environment but the costs of SC are a massive stumbling
block; hence my question about something else. Appreciate we have a big Nessus fan base here of which I am a member
too, but just wondered what could be wrapped around it.

I’ll...

Re: [Security Weekly] SecurityCenter alternative Adrien de Beaupre (Aug 04)
Hi,

I have also written a series of script to collect data from tools such as
nmap and nessus to import into MySQL called OSSAMS:
http://www.ossams.com/wp-content/uploads/2011/10/ossams-parser-SecTor-2011.zip
That leaves report writing as a series of SQL queries.
I also have a series of scripts to kick off scans, as well as a command
like XML-RPC nessus client in python if anyone is interested.

Cheers,
Adrien

Re: [Security Weekly] cheap hosting sec list (Aug 04)
Hey Robin,

If you're still looking, might want to try out getclouder.com - they
spin up Linux containers in 5 seconds and use distributed storage, which
is pretty awesome. It's still in beta, so they offer 3 months free
service, but it has been pretty stable so far from my experience.

[Security Weekly] Java and Flash decompilers Robin Wood (Aug 04)
Hi
I'm trying to put together a list of tools for decompiling Flash and Java
apps. From asking on another list I already have:

Java
JD-GUI
Java Decompiler http://jd.benow.ca/jd-gui/downloads/jd-gui-0.3.6.windows.zip.

Java snoop https://code.google.com/p/javasnoop/

Flash
Trillix
Flashbang https://github.com/cure53/Flashbang

Has anyone here got any others they can suggest?

Ideally I'm looking for free stuff but cheap commercial...

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

Microsoft Security Bulletin Summary for February 2017 Microsoft (Feb 21)
********************************************************************
Microsoft Security Bulletin Summary for February 2017
Issued: February 21, 2017
********************************************************************

This bulletin summary lists security bulletins released for
February 2017.

The full version of the Microsoft Security Bulletin Summary for
February 2017 can be found at
<https://technet.microsoft.com/library/security/ms17-feb...

Microsoft Security Advisory Notification Microsoft (Jan 27)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: January 27, 2017
********************************************************************

Security Advisories Released or Updated Today
==============================================

* Microsoft Security Advisory 4010983
- Title: Vulnerability in ASP.NET Core MVC 1.1.0 Could Allow Denial of
Service
-...

Microsoft Security Advisory Notification Microsoft (Jan 10)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: January 10, 2017
********************************************************************

Security Advisories Released or Updated Today
==============================================

* Microsoft Security Advisory 3214296
- Title: Vulnerabilities in Identity Model Extensions Token Signing
Verification
-...

Microsoft Security Bulletin Summary for January 2017 Microsoft (Jan 10)
********************************************************************
Microsoft Security Bulletin Summary for January 2017
Issued: January 10, 2017
********************************************************************

This bulletin summary lists security bulletins released for
January 2017.

The full version of the Microsoft Security Bulletin Summary for
January 2017 can be found at
<https://technet.microsoft.com/library/security/ms17-jan>....

Microsoft Security Bulletin Releases Microsoft (Dec 19)
********************************************************************
Title: Microsoft Security Bulletin Releases
Issued: December 19, 2016
********************************************************************

Summary
=======

The following bulletins have undergone a major revision increment.

* MS16-155 - Important

Bulletin Information:
=====================

MS16-155

- Title: Security Update for .NET Framework (3205640)
-...

Microsoft Security Bulletin Summary for December 2016 Microsoft (Dec 13)
********************************************************************
Microsoft Security Bulletin Summary for December 2016
Issued: December 13, 2016
********************************************************************

This bulletin summary lists security bulletins released for
December 2016.

The full version of the Microsoft Security Bulletin Summary for
December 2016 can be found at
<https://technet.microsoft.com/library/security/ms16-dec...

Microsoft Security Bulletin Releases Microsoft (Dec 13)
********************************************************************
Title: Microsoft Security Bulletin Releases
Issued: December 13, 2016
********************************************************************

Summary
=======

The following bulletins have undergone a major revision increment.

October
* MS16-118 - Critical
* MS16-120 - Critical
* MS16-122 - Critical
* MS16-123 - Important
* MS16-124 - Important
* MS16-126 - Moderate

November
*...

Microsoft Security Bulletin Minor Revisions Microsoft (Dec 13)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: November 23, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-130
* MS16-140

Bulletin Information:...

Microsoft Security Bulletin Minor Revisions Microsoft (Nov 23)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: November 23, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-130
* MS16-140

Bulletin Information:...

Microsoft Security Bulletin Releases Microsoft (Nov 16)
********************************************************************
Title: Microsoft Security Bulletin Releases
Issued: November 15, 2016
********************************************************************

Summary
=======

The following bulletins have undergone a major revision increment.

* MS16-133 - Important

Bulletin Information:
=====================

MS16-133

- Title: Security Update for Microsoft Office (3199168)
-...

Microsoft Security Bulletin Summary for November 2016 Microsoft (Nov 08)
********************************************************************
Microsoft Security Bulletin Summary for November 2016
Issued: November 8, 2016
********************************************************************

This bulletin summary lists security bulletins released for
November 2016.

The full version of the Microsoft Security Bulletin Summary for
November 2016 can be found at
<https://technet.microsoft.com/library/security/ms16-nov...

Microsoft Security Bulletin Minor Revisions Microsoft (Nov 08)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: November 8, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-035
* MS16-091
* MS16-101

Bulletin Information:...

Microsoft Security Bulletin Summary for October 2016 Microsoft (Oct 27)
********************************************************************
Microsoft Security Bulletin Summary for October 2016
Issued: October 27, 2016
********************************************************************

This is a notification of an out-of-band security bulletin that was
added to the October Security Bulletin Summary on October 27, 2016.

The full version of the Microsoft Security Bulletin Summary for
October 2016 can be found at...

Microsoft Security Bulletin Minor Revisions Microsoft (Oct 12)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: October 12, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-121

Bulletin Information:
=====================

MS16-121...

Microsoft Security Bulletin Releases Microsoft (Oct 11)
********************************************************************
Title: Microsoft Security Bulletin Releases
Issued: October 11, 2016
********************************************************************

Summary
=======

The following bulletins have undergone a major revision increment.

* MS16-101 - Important

Bulletin Information:
=====================

MS16-101

- Title: Security Update for Windows Authentication Methods (3178465)
-...

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

Verizon: 1.5M of Contact Records Stolen, Now on Sale Jeffrey Walton (Mar 26)
http://www.mobipicker.com/verizon-1-5m-contact-records-stolen-now-sale/:

A business to business telecommunication giant,
Verizon Enterprise Solutions, a Basking Ridge,
New Jersey-based company, has been the latest
victim of a cyber crime that stole 1.5 million contact
records of the customers of Verizon...

I don't quite understand this double talk. Could someone explain to me:

A spokesperson from Verizon said that...

Statement on Lavabit Citation in Apple Case Jeffrey Walton (Mar 16)
(From John Young on another list):
http://www.facebook.com/KingLadar/posts/10156714933135038

As many of you already know, the government cited the Lavabit case in
a footnote. The problem is their description insinuates a precedent
that was never created. Obviously I was somewhat disturbed by their
misrepresentation. So I decided to draft a statement. And keep in
mind, these are the same people who say "trust us." Click continue to
read...

The NSA's back door has given every US secret to our enemies Jeffrey Walton (Feb 29)
http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2

Deng Xiaoping, in 1979 - his second year as supreme leader of China -
perceived a fundamental truth that has yet to be fully grasped by most
Western leaders: Software, if properly weaponized, could be far more
destructive than any nuclear arsenal.

Under Deng’s leadership, China began one of the most ambitious and
sophisticated meta- software...

Can Spies Break Apple Crypto? Jeffrey Walton (Feb 27)
Here's an interesting exchange between Cryptome and Michael Froomkin,
Law Professor at University of Miami, on the All Writs Act
(http://cryptome.org/2016/02/can-spies-break-apple-crypto.htm):

-----

A. Michael Froomkin:

The factual posture in the key Supreme Court precedent, New York
Telephone, involved a situation where only the subject of the order
was capable of providing the assistance at issue. This is the basis
for Apple's...

The FBI's iPhone Problem: Tactical vs. Strategic Thinking Jeffrey Walton (Feb 23)
http://www.technewsworld.com/story/83130.html

I'm an ex-sheriff, and I've been in and out of security jobs for much
of my life, so I've got some familiarity with the issues underlying
the drama between the FBI and Apple. FBI officials -- and likely those
in every other three-letter agency and their counterparts all over the
world -- would like an easier way to do their jobs. Wouldn't we all?

If they could put cameras in...

Wanted: Cryptography Products for Worldwide Survey Jeffrey Walton (Jan 01)
(http://www.schneier.com/crypto-gram/archives/2015/1215.html):

In 1999, Lance Hoffman, David Balenson, and others published a survey
of non-US cryptographic products. The point of the survey was to
illustrate that there was a robust international market in these
products, and that US-only export restrictions on strong encryption
did nothing to prevent its adoption and everything to disadvantage US
corporations. This was an important contribution...

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

Linux kernel: CVE-2017-6074: DCCP double-free vulnerability (local root) Andrey Konovalov (Feb 22)
Hi,

This is an announcement about CVE-2017-6074 [1] which is a double-free
vulnerability I found in the Linux kernel. It can be exploited to gain
kernel code execution from an unprivileged processes.

Fixed on Feb 17, 2017:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4

The oldest version that was checked is 2.6.18 (Sep 2006), which is
vulnerable. However, the bug was...

CVE-2016-7078: Foreman organization/location authorization vulnerability Dominic Cleal (Feb 22)
CVE-2016-7078: Foreman user with no organizations or locations can see
all resources

A user account that is associated to no organizations or locations is
able to view resources from all organizations/locations in the web UI or
API, when either the organization or location feature is enabled. The
user remains subject to permissions and filters on their assigned roles.

Mitigation: ensure all users are assigned to at least one organization
or...

RE: CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode 李强 (Feb 21)
FYI

The PoC for this is below:

/*
* CVE-2017-2615 PoC
*
* Qiang Li of the Gear Team, Qihoo 360 Inc.
*
* #gcc poc.c -o poc
* #./poc
*
*/
#include <sys/io.h>
#include <stdio.h>

void write_sr(int idx,int val)
{
outb(idx,0x3c4);
outb(val,0x3c5);
}
void write_gr(int idx,int val)
{
outb(idx,0x3ce);
outb(val,0x3cf);
}

int main()
{
iopl(3);
write_sr(0x07,1);...

[SECURITY ADVISORY]: curl SSL_VERIFYSTATUS ignored Daniel Stenberg (Feb 21)
SSL_VERIFYSTATUS ignored
========================

Project curl Security Advisory, February 22, 2017 -
[Permalink](https://curl.haxx.se/docs/adv_20170222.html)

VULNERABILITY
-------------

curl and libcurl support "OCSP stapling", also known as the TLS Certificate
Status Request extension (using the `CURLOPT_SSL_VERIFYSTATUS` option). When
telling curl to use this feature, it uses that TLS extension to ask for a
fresh proof of the...

Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf Leo Famulari (Feb 21)
As announced previously [0], MITRE is no longer assigning CVEs based on
messages to this list. Will you request the CVE IDs via the new web
form? [1]

[0]
http://seclists.org/oss-sec/2017/q1/351

[1]
https://cveform.mitre.org/

CVE Request - Multiple vulnerabilities in gdk-pixbuf Ariel Zelivanski (Feb 21)
Hello,

I just reported several vulnerabilities in gdk-pixbuf. I am adding the
relevant details but you can also refer to the bug reports in the links. If
suitable please assign CVEs.

1. An dangerous integer underflow in io-icns.c [1]
--------------------------------------------------
io-icns.c is the source code for the loader of Macintosh icons.

An integer underflow I found allows an attacker to lead to different calls
to...

Re: CVE-2017-2620 Qemu: display: cirrus: out-of-bounds access issue while in cirrus_bitblt_cputovideo P J P (Feb 21)
+-- On Tue, 21 Feb 2017, P J P wrote --+
| Quick emulator(Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is
| vulnerable to an out-of-bounds access issue. It could occur while copying VGA
| data in cirrus_bitblt_cputovideo.
|
| A privileged user inside guest could use this flaw to crash the Qemu process
| resulting in DoS OR potentially execute arbitrary code on the host with
| privileges of Qemu process on the host.

Upstream patch:...

Xen Security Advisory 209 (CVE-2017-2620) - cirrus_bitblt_cputovideo does not check if memory region is safe Xen . org security team (Feb 21)
Xen Security Advisory CVE-2017-2620 / XSA-209
version 3

cirrus_bitblt_cputovideo does not check if memory region is safe

UPDATES IN VERSION 3
====================

Public release.

ISSUE DESCRIPTION
=================

In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine
cirrus_bitblt_cputovideo fails to check wethehr the specified memory
region is safe.

IMPACT
======

A malicious guest...

CVE-2017-2620 Qemu: display: cirrus: out-of-bounds access issue while in cirrus_bitblt_cputovideo P J P (Feb 21)
Hello,

Quick emulator(Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is
vulnerable to an out-of-bounds access issue. It could occur while copying VGA
data in cirrus_bitblt_cputovideo.

A privileged user inside guest could use this flaw to crash the Qemu process
resulting in DoS OR potentially execute arbitrary code on the host with
privileges of Qemu process on the host.

Reference:
----------
->...

Re: Blindspot Advisory: Java/Python FTP Injections Allow for Firewall Bypass Timothy D. Morgan (Feb 20)
Sorry Alexander. I was sort of in a rush. Thanks for converting it and posting it.

Though, truth be known... I am pretty good about keeping my advisory pages available at the same URLs. The very first
advisory I ever published is still at the same location after 15 years. ;-)

Best,
tim

Re: Blindspot Advisory: Java/Python FTP Injections Allow for Firewall Bypass Solar Designer (Feb 20)
Thanks, Timothy. For archival (since web pages tend to be gone after a
few years) and per oss-security list content guidelines, we'd like full
advisories to be posted right in here (including links as well is OK and
encouraged; including only links is not).

Attached is a mostly auto-converted text version of the above advisory.
(I only deleted the web page header/footer portions not specific to it.)

Alexander
Monday, February 20, 2017...

Blindspot Advisory: Java/Python FTP Injections Allow for Firewall Bypass Timothy D. Morgan (Feb 20)
Recently, an vulnerability in Java's FTP URL handling code has been published which allows for protocol stream
injection. It has been shown[1] that this flaw could be used to leverage existing XXE or SSRF vulnerabilities to send
unauthorized email from Java applications via the SMTP protocol. While technically interesting, the full impact of this
protocol stream injection has not been fully accounted for in existing public analysis....

TCPDF: CVE-2017-6100: LFI posting internal files externally abusing default parameter Salvatore Bonaccorso (Feb 19)
Hi

CVE-2017-6100 has been assigned for the following issue in TCPDF:

https://sourceforge.net/p/tcpdf/bugs/1005/

tcpdf allows to upload files from the server generating PDF-files to
an external FTP.

The issue was discovered by Frans Rosén.

Regards,
Salvatore

mupdf: mujstest: stack-based buffer overflow in main (jstest_main.c) Agostino Sarubbo (Feb 18)
Description:
Mujstest, which is part of mupdf is a scriptable tester for mupdf + js.

A crafted image posted early for another issue, causes a stack overflow.

The complete ASan output:

# mujstest $FILE
==32127==ERROR: AddressSanitizer: stack-buffer-overflow on address
0x7fff29560b00 at pc 0x00000047cbf3 bp 0x7fff29560630 sp 0x7fff2955fde0
WRITE of size 1453 at 0x7fff29560b00 thread T0
#0 0x47cbf2 in __interceptor_strcpy...

OpenID Connect authentication module for Apache: CVE-2017-6059 CVE-2017-6062 Salvatore Bonaccorso (Feb 17)
Hi

MITRE has assigned two CVEs for the OpenID Connect authentication
module for Apache (https://github.com/pingidentity/mod_auth_openidc):

CVE-2017-6059:

https://github.com/pingidentity/mod_auth_openidc/issues/212

mod_auth_openidc showss user-supplied content on error pages.

CVE-2017-6062:

https://github.com/pingidentity/mod_auth_openidc/issues/222

OIDCUnAuthAction pass does not scrub request headers

Regards,
Salvatore

Educause Security Discussion — Securing networks and computers in an academic environment.

Re: Project RedCAP Jones, Dan J (Feb 21)
Frank,

I’ve managed security around REDcap for several on-prem validated (FISMA) environments. I’d be happy to discuss.

Best,

Dan Jones
Director, Information Security
Worcester Polytechnic Institute

From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV
EDUCAUSE EDU>> on behalf of Frank Barton <bartonf () HUSSON EDU<mailto:bartonf () HUSSON EDU>>...

Re: Penetration Testing RFP Ideas Ruth Ginzberg (Feb 21)
Procurement person here...

An RFP is a perfect vehicle to ensure that you don't get stuck taking a low-ball bid.

I'm not familiar with your state's requirements regarding competitive solicitations, but generally if you do a bid you
need to take the lowest bidder, but if you do an RFP you get to do a qualitative evaluation of each proposal, and cost
will be figured in only after you've determined that the proposer would...

Re: Data Loss Prevention (DLP) Jeff Borton (Feb 21)
Just wanted to thank everyone for their feedback on Data Loss Prevention.

Re: Project RedCAP Pedersen, Krystal (Feb 21)
Hi Everyone,

Just curious on this topic, has anyone hosted REDCap in AWS? If yes, I’d like to pick your brain

Thanks

Krystal Pedersen, CISA
Director of Information Security & Compliance
krystal.pedersen () umassmed edu

Confidentiality Notice:
This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain
confidential, proprietary, and privileged information. Any unauthorized review,...

Re: Penetration Testing RFP Ideas Brad Judy (Feb 21)
The approach we just took here was to RFP to create a list of vendors that could then be contracted quickly for
individual engagements. It was a bit different than most RFP processes since there was not a scope of work in the RFP,
just an evaluation of each vendor’s documentation, processes, pricing, etc. against a variety of factors (industry best
practices, company experience, etc.).

Our process here is designed to prevent being forced...

Re: Penetration Testing RFP Ideas Penn, Blake C (Feb 21)
I would recommend including PCI DSS 11.3 into the RFP since it is already canned language.

Regards,

Blake Penn
Information Security Policy and Compliance Manager
Cyber Security
Georgia Institute of Technology
(404) 385-5480

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Justin
Harwood
Sent: February 21, 2017 13:26
To: SECURITY ()...

Penetration Testing RFP Ideas Justin Harwood (Feb 21)
I was wanting to ask this community if there is anyone else in here that has written an RFP lately for
internal/external penetration testing services? I’m looking for ideas on how I’m crafting out the document that lists
out all the technical requirements and things I want to be considered in order to help decide the best vendor to
choose? What I’m looking for is ideas to ensure that I have enough information so that I don’t get a...

VT SANS Onsite SEC 501 Adv. Security Essentials 3/6-11/2017. Early bird date approaching randy (Feb 17)
Just a reminder that the early bird registration date for the SANS class
we're hosting here in March is coming up soon.
Details on the class are at www.cpe.vt.edu/isect. There is a simulcast
option available if you don't want to travel to VA Tech.
Let me know if you have any questions.
Thanks.
-Randy Marchany
VA Tech IT Security Office and Lab

Re: Workday and External Audits Santucci, Anthony (Feb 17)
I would also be interested in learning of your experiences.

--------------------------------------------
*Anthony J. Santucci*
*Manager, Service Management*
*Information Systems*
*Wake Forest University*

On Thu, Feb 16, 2017 at 4:59 PM, Colin Abbott <colin.abbott () mcgill ca>
wrote:

Workday and External Audits Colin Abbott (Feb 16)
Hi,

For those of you that have implemented Workday and have been through an external audit, I am curious as to what
processes and controls the auditors focused their attention on for a SaaS based ERP.

Thanks
Colin

Colin Abbott, CISSP | IT Security Architect | McGill University | Network and Communication Services | 514-398-5070

Re: Data Loss Prevention (DLP) Jeff Borton (Feb 15)
Had not though about the dynamic of students realizing that your detecting this type of information, will definitely
need to account for that as well.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of James
Valente
Sent: Wednesday, February 15, 2017 10:23 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Data Loss Prevention (DLP)

I don’t unless it’s something...

Re: Ellucian Luminis Velislav K Pavlov (Feb 15)
Outstanding. Very helpful!

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kevin
Smith
Sent: Wednesday, February 15, 2017 12:22 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Ellucian Luminis

This message is from a mail system outside of Office 365
Hi Velislav,

We recently went through a similar effort, these are the logs we are having Splunk consume for Luminis...

Re: Ellucian Luminis Kevin Smith (Feb 15)
Hi Velislav,

We recently went through a similar effort, these are the logs we are having Splunk consume for Luminis & CAS:

Luminis:
luminis.log - has a max size of 10MB and 5 backups are retained.
catalina.log - has no file size restriction, but it purges each time server gets restarted.
luminis_access.log - has no file size restriction and it retains on the server.

CAS:
Cas.log - has a max size of 1MB and 10 backups are retained....

Compliance, Policy, Risk, and Audit function Penn, Blake C (Feb 15)
After having built up a somewhat robust SecOps/SecEng function within Cyber, we are now looking to build out a
similarly robust function on the GRC side of things. Can anyone share (either on or off-list) details related to this
part of cyber within your respective institutions - staffing levels, org charts, PDs, etc., or know of any related
resources?

Thanks in advance,

Blake Penn

Information Security Policy and Compliance Manager

Cyber...

Ellucian Luminis Velislav K Pavlov (Feb 15)
Colleagues,

We are investigating the event logging capabilities of Ellucian Luminis and CAS. Do you have any experience you can
share? The platform has many moving pieces? The particular interest is to log and audit who logged in to the portal,
what they did, when, from where, and feed all of that information into our centralized log management for parsing and
correlation. The current process is ad-hoc and provides incomplete information. Any...

Internet Issues and Infrastructure

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

Juniper QFX port VLAN statistics via SNMP - is it possible? Stanislaw (Feb 22)
Hi everybody,
Is it possible to obtain switched traffic statistics in a port+vlan
aspect via SNMP on Juniper QFX switches?

For example, Extreme switches have a 'vlan monitor' feature:
configure ports all monitor vlan <vlan_name>
then its counters are available by OID .1.3.6.1.4.1.1916.1.2.8.2.1.8 and
.1.3.6.1.4.1.1916.1.2.8.2.1.7

Does anyone know if Juniper has a similar feature?

Re: Updating Geolocation of /24 within corporate /16 Richard Hesse (Feb 21)
If you have a peering session with Google or one of their cache boxes, you
can set a GeoIP publishing endpoint using their online portal at
isp.google.com. That's only for Google though.

-richard

Re: Juniper Advertise MED on EBGP session. Keenan Tims (Feb 21)
I also spent a significant amount of time trying to figure out a way to
do this, and was using communities for a while before I found a
solution. It turns out that the expression knob lets you use the
existing metric as an input, and this works to export the iBGP MED, at
least on my 12.3X48 SRX:

then {
metric {
expression {
metric multiplier 1;
}
}
}

Keenan

Re: WWV Broadcast Outages Majdi S. Abbas (Feb 21)
I wouldn't expect this to cause any serious synchonization
problem; anyone using HF for time has to have the ability to hold
over for a miniumum of several hours anyway due to the vagaries of
normal shortwave propagation. (Even 24-48 hour disruptions aren't
uncommon after a large solar event.)

That said, I and many others "still use" WWV -- there aren't
exactly a surplus of suitable backup methods to GPS...

Re: Juniper Advertise MED on EBGP session. Olivier Benghozi (Feb 21)
What metric do you intend to advertise to an eBGP peer?

iBGP MED to eBGP MED ? MED being a non-transitive attribute, I guess it's not expected to work if you don't explicitly
set a MED in the export policy (you might rely on setting and matching communities for that) or on the peer group.
It's not be expected to work on Cisco without explicitly setting the MED, either.

IGP metric to MED ? It seems to just work as is here, at...

WWV Broadcast Outages Sean Donelan (Feb 21)
If any network operators still use WWV for time synchronization.

Due to an electrical up-grade, Radio Station WWV will be off the air on
all frequencies on February 21 and 22, 2017. The outages will occur
between 7:00 AM and 5:00 PM Mountain Standard Time, and will not exceed 8
hours in duration each day.

https://www.nist.gov/pml/time-and-frequency-division/time-services/wwv-broadcast-outages

Re: Juniper Advertise MED on EBGP session. Ruairi Carroll (Feb 21)
Unless I'm going insane, I think you're trying to use the IGP metric as
MED?

If so, then :
https://www.juniper.net/documentation/en_US/junos12.3/topics/topic-map/bgp-med.html#jd0e3487

/Ruairi

Juniper Advertise MED on EBGP session. Leo Bicknell (Feb 21)
I tried to pull an old trick out of my playbook this morning and
failed. I'd like to advertise BGP Metrics on an EBGP session,
specifically the existing internal metrics. I know how to do this
on a Cisco, but I tried on a Juniper and it seems to be impossible.

I can set a metric in a policy, or put a default metric on the
session as a whole, or even set it to IGP. But none of those are
what I want. I want the existing metrics advertised...

Deadline To Volunteer for the 2017 ARIN Nomination Committee Has Been Extended to 24 February 2017 John Curran (Feb 21)
NANOGers -

The deadline to volunteer for the 2017 ARIN Nomination Committee (NomCom) has been
extended to 12:00 PM EST, Friday, 24 February 2017. For more information on the ARIN
NomCom, its role and how to volunteer, please reference the following announcement:
<https://www.arin.net/announcements/2017/20170217.html> (& attached below)

Thanks!
/John

John Curran
President and CEO
ARIN

===

DEADLINE TO VOLUNTEER FOR...

Deadline To Volunteer for the 2017 ARIN Nomination Committee Has Been Extended to 24 February 2017 John Curran (Feb 21)
NANOGers -

The deadline to volunteer for the 2017 ARIN Nomination Committee (NomCom) has been
extended to 12:00 PM EST, Friday, 24 February 2017. For more information on the ARIN
NomCom, its role and how to volunteer, please reference the following announcement:
<https://www.arin.net/announcements/2017/20170217.html> (& attached below)

Thanks!
/John

John Curran
President and CEO
ARIN

===

DEADLINE TO VOLUNTEER FOR...

Re: RPKI coverage statistics Hank Nussbacher (Feb 20)
Suggest reading:
https://www.nanog.org/sites/default/files/3_Gilad_Are_We_There_v1.pdf
from NANOG 69 earlier this month.

Regards,
Hank

Re: RPKI coverage statistics Nagarjun Govindraj via NANOG (Feb 20)
I am trying to solve the problem of BGP IP prefix hijack detection for the
AS we own using RPKI system.
But IP addresses covered under RPKI system is very less under 10%.
How is community dealing with UNKNOWN state for the prefixes when queried
against RPKI system.
Reply from the community members shows that majority are using RPKI system.
Is community using anyother methods on top of RPKI ?

Regards,
Nagarjun

Deadline Approaching IJRITCC Journal Call for Papers (Celebrating 50th publication issue) Editor IJRITCC (Feb 20)
Welcome to this very special issue, marking IJRITCC's 50th publication issue - a special time for celebration and
reflection.

Impact Factor 5.837 Citation in Thomson Reuters Google Scholar Academia Scribd Slideshare etc.

International Journal on Recent and Innovation Trends in Computing and Communication (IJRITCC)
ISSN: 2321-8169
https://www.ijritcc.org

CALL FOR PAPERS - February- 2017 (Paper Submission Deadline 28 - February-2017)...

OADM spliting Jeremy (Feb 20)
Hello the nanog list,

I'm searching for a OADM CWDM splitting module which can be placed in a
BEP outdoor box (this OADM module must have a EAST input and a WEST
output, with the capacity to active the split for each waves or not)
with the 2 mux/demux rack 19". Classics CWDM waves needs (1470-1610 nm
with 8 channels).

If you know a good BPE which can accept 10 x 1.5 fibers opticals cables
I/O and with SC connectors, we like it...

[TSP 2017] Call for Reviewers - IEEE R8 Technically Co-Sponsored 40th Int. Conf. on Telecommunications and Signal Processing, Barcelona, Spain, July 5-7, 2017 TSP 2017 (Feb 20)
Dear Colleague,

The Organizing Committee of the 2017 40th International Conference on
Telecommunications and Signal Processing (TSP - /http://tsp.vutbr.cz//)
seeks for acknowledged specialists to participate in the review process
and support the TSP community with the evaluation of 2 or 3 manuscripts.
To appreciate this effort, we are glad to offer to reviewers an
authorization for reduced conference registration fee.

The TSP 2017...

Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating

How Peter Thiel's Palantir helped the NSA spy on the whole world David Farber (Feb 22)
Begin forwarded message:

From: Dewayne Hendricks <dewayne () warpspeed com>
Subject: [Dewayne-Net] How Peter Thiel's Palantir helped the NSA spy on the whole world
Date: February 22, 2017 at 9:00:53 AM EST
To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
Reply-To: dewayne-net () warpspeed com

How Peter Thiel’s Palantir helped the NSA spy on the whole world
By Sam Biddle
Feb 22 2017
<...

Our Miserable 21st Century Dave Farber (Feb 21)
---------- Forwarded message ---------
From: Dewayne Hendricks <dewayne () warpspeed com>
Date: Tue, Feb 21, 2017 at 6:58
Our Miserable 21st Century
To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>

[Note: This item comes from friend Mike Cheponis. DLH]

Our Miserable 21st Century
>From work to income to health to social mobility, the year 2000 marked the
beginning of what has become a distressing era for the...

What America’s Last Red Scare Can Tell Us About Trump and Russia - Defense One David Farber (Feb 21)
> http://www.defenseone.com/ideas/2017/02/what-americas-last-red-scare-can-tell-us-about-trump-and-russia/135564/?oref=d-river
>
> <http://www.defenseone.com/ideas/2017/02/what-americas-last-red-scare-can-tell-us-about-trump-and-russia/135564/?oref=d-river>

From the end

"People should repeatedly ask why “the Democrats in particular, but [also] a number of other establishment politicians,
including some Republicans, are...

say NO to DHS Social Media Password Requirement David Farber (Feb 21)
NO to DHS Social Media Password Requirement

21 February 2017

Co alition Condemns DHS Proposal to Demand Passwords to Enter the U.S.

The undersigned coalition of human rights and civil liberties organizations, trade associations, and experts in
security, technology, and the law expresses deep concern about the comments made by Secretary John Kelly at the House
Homeland Security Committee hearing on February 7th, 2017, suggesting the...

The global network has become dangerously unstable David Farber (Feb 21)
A bit over heated. djf

Begin forwarded message:

From: Dewayne Hendricks <dewayne () warpspeed com>
Subject: [Dewayne-Net] The global network has become dangerously unstable
Date: February 21, 2017 at 6:33:46 AM EST
To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
Reply-To: dewayne-net () warpspeed com

The global network has become dangerously unstable
By Niall Ferguson
Feb 20 2017
<...

Email lists containing Harvard student private info.... Dave Farber (Feb 20)
Begin forwarded message:

> From: Harvey Silverglate <Harvey () harveysilverglate com>
> Date: February 20, 2017 at 4:30:29 PM EST
> To: "dave () farber net" <dave () farber net>
> Subject: Email lists containing Harvard student private info....
>
> Dave,
> This might be of interest to some members of your list:
>
> https://www.thecrimson.com/article/2017/2/21/hcs-emails-public/...

DEAR PAUL RYAN Dave Farber (Feb 20)
---------- Forwarded message ---------
From: Lawrence Landweber <larry.landweber () gmail com>
Date: Mon, Feb 20, 2017 at 2:50 PM
Subject: DEAR PAUL RYAN
To: Dave Farber <dave () farber net>
Cc: Lawrence Landweber <larry.landweber () gmail com>

Dave
Here is the poem for IP.
Regards and thanks
Larry

DEAR PAUL RYAN
<http://p.feedblitz.com/r3.asp?l=132017201&f=8753&c=5486011&u=54918514>

<...

The previous owners of used "smart" cars can still control them via the cars' apps (not just cars!) Dave Farber (Feb 20)
Begin forwarded message:

> From: Lauren Weinstein <lauren () vortex com>
> Date: February 20, 2017 at 12:40:02 PM EST
> To: nnsquad () nnsquad org
> Subject: [ NNSquad ] The previous owners of used "smart" cars can still control them via the cars' apps (not just
> cars!)
>
>
> The previous owners of used "smart" cars can still control them via the cars' apps (not just cars!)
>...

Why I’m Concerned About the Independence of U.S. Statistical Agencies Dave Farber (Feb 20)
Begin forwarded message:

> From: Richard Forno <rforno () infowarrior org>
> Date: February 20, 2017 at 10:44:20 AM EST
> To: Infowarrior List <infowarrior () attrition org>
> Cc: Dave Farber <dave () farber net>
> Subject: Why I’m Concerned About the Independence of U.S. Statistical Agencies
>
>
>
> Why I’m Concerned About the Independence of U.S. Statistical Agencies
> Brent Moulton...

Re Techdirt's First Amendment Fight For Its Life David Farber (Feb 20)
Begin forwarded message:

From: Paul Alan Levy <plevy () citizen org>
Subject: RE: [IP] Re Techdirt's First Amendment Fight For Its Life
Date: February 20, 2017 at 9:04:07 AM EST
To: "'dave () farber net'" <dave () farber net>, ip <ip () listbox com>

Massachusetts has an anti-SLAPP statute, but it has a particularly narrow scope – what steps are free speech activists
in Massachusetts taking to expand...

MD Anderson Benches IBM Watson In Setback For Artificial Intelligence In Medicine Dave Farber (Feb 20)
---------- Forwarded message ---------
From: Dewayne Hendricks <dewayne () warpspeed com>
Date: Mon, Feb 20, 2017 at 5:24 AM
Subject: [Dewayne-Net] MD Anderson Benches IBM Watson In Setback For
Artificial Intelligence In Medicine
To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>

MD Anderson Benches IBM Watson In Setback For Artificial Intelligence In
Medicine
By Matthew Herper
Feb 19 2017
<...

Re Techdirt's First Amendment Fight For Its Life Dave Farber (Feb 19)
Begin forwarded message:

> From: Dave Crocker <dcrocker () gmail com>
> Date: February 19, 2017 at 6:48:04 PM EST
> To: dave () farber net, ip <ip () listbox com>
> Subject: Re: [IP] Techdirt's First Amendment Fight For Its Life
>
> The defense has filed for dismissal. Their submission is thoughtful. I'm especially intrigued to see their reliance
> on our 1977 Rand Report R-2134 on the email work we...

Re The robot that takes your job should pay taxes, says Bill Gates Dave Farber (Feb 19)
Begin forwarded message:

> From: Patrick Sinz <patrick_sinz () yahoo com>
> Date: February 19, 2017 at 4:31:41 PM EST
> To: "dave () farber net" <dave () farber net>
> Subject: Re: [IP] The robot that takes your job should pay taxes, says Bill Gates
> Reply-To: Patrick Sinz <patrick_sinz () yahoo com>
>
> This is so nice from him, so how much taxes exactly does Microsoft pays on its income and...

Re Techdirt's First Amendment Fight For Its Life David Farber (Feb 19)
Begin forwarded message:

From: "James S. Tyre" <jstyre () eff org>
Subject: RE: [IP] Re Techdirt's First Amendment Fight For Its Life
Date: February 19, 2017 at 3:44:19 PM EST
To: <dave () farber net>, "'ip'" <ip () listbox com>

Dave, <>

A much newer Techdirt post is at
https://www.techdirt.com/articles/20170216/17220136729/techdirt-survival-fund-i-support-journalism.shtml
<...

Re Techdirt's First Amendment Fight For Its Life Dave Farber (Feb 19)
---------- Forwarded message ---------
From: Joe Mornin <joe () mornin org>
Date: Sun, Feb 19, 2017 at 2:41 PM
Subject: Re: [IP] Re Techdirt's First Amendment Fight For Its Life
To: <dave () farber net>

> an expedited and simplified procedure at the start to determine if the
case is meritless and should be dismissed forthwith

This exists:

> A "motion to dismiss" asks the court to decide that a claim, even if...

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

Risks Digest 30.15 RISKS List Owner (Feb 21)
RISKS-LIST: Risks-Forum Digest Tuesday 21 February 2017 Volume 30 : Issue 15

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.15>
The current issue can also...

Risks Digest 30.14 RISKS List Owner (Feb 17)
RISKS-LIST: Risks-Forum Digest Friday 17 February 2017 Volume 30 : Issue 14

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.14>
The current issue can also be...

Risks Digest 30.13 RISKS List Owner (Feb 07)
RISKS-LIST: Risks-Forum Digest Tuesday 7 February 2017 Volume 30 : Issue 13

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.13>
The current issue can also be...

Risks Digest 30.12 RISKS List Owner (Feb 01)
RISKS-LIST: Risks-Forum Digest Wednesday 1 February 2017 Volume 30 : Issue 12

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.12>
The current issue can also...

Risks Digest 30.11 RISKS List Owner (Jan 28)
RISKS-LIST: Risks-Forum Digest Saturday 28 January 2017 Volume 30 : Issue 11

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.11>
The current issue can also...

Risks Digest 30.10 RISKS List Owner (Jan 22)
RISKS-LIST: Risks-Forum Digest Sunday 22 January 2017 Volume 30 : Issue 10

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.10>
The current issue can also be...

Risks Digest 30.09 RISKS List Owner (Jan 17)
RISKS-LIST: Risks-Forum Digest Tuesday 17 January 2017 Volume 30 : Issue 09

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.09>
The current issue can also be...

Risks Digest 30.08 RISKS List Owner (Jan 10)
RISKS-LIST: Risks-Forum Digest Tuesday 10 January 2017 Volume 30 : Issue 08

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.08>
The current issue can also be...

Risks Digest 30.07 RISKS List Owner (Jan 08)
RISKS-LIST: Risks-Forum Digest Sunday 8 January 2017 Volume 30 : Issue 07

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.07>
The current issue can also be...

Risks Digest 30.06 RISKS List Owner (Dec 30)
RISKS-LIST: Risks-Forum Digest Friday 30 December 2016 Volume 30 : Issue 06

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.06>
The current issue can also be...

Risks Digest 30.05 RISKS List Owner (Dec 26)
RISKS-LIST: Risks-Forum Digest Monday 26 December 2016 Volume 30 : Issue 05

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.05>
The current issue can also be...

Risks Digest 30.04 RISKS List Owner (Dec 20)
RISKS-LIST: Risks-Forum Digest Tuesday 20 December 2016 Volume 30 : Issue 04

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.04>
The current issue can also...

Risks Digest 30.03 RISKS List Owner (Dec 19)
RISKS-LIST: Risks-Forum Digest Monday 19 December 2016 Volume 30 : Issue 03

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.03>
The current issue can also be...

Risks Digest 30.02 RISKS List Owner (Dec 15)
RISKS-LIST: Risks-Forum Digest Thursday 15 December 2016 Volume 30 : Issue 02

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.02>
The current issue can also...

Risks Digest 30.01 RISKS List Owner (Dec 14)
RISKS-LIST: Risks-Forum Digest Wednesday 14 December 2016 Volume 30 : Issue 01

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/30.01>
The current issue can also...

BreachExchange — BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.

How Fraud Victims 'Punish' Their Banks Audrey McNeil (Feb 21)
http://www.databreachtoday.com/how-fraud-victims-punish-their-banks-a-9734

Would you leave a bank after an unauthorized charge on a credit card or a
strange debit from an account? It's a question for financial institutions
evaluating the impact of a security breach.

A new study by Carnegie Mellon University researchers suggests that some
customers will, in fact, leave even if they receive quick refunds of losses
due to fraud. The study is...

4 Best Practices To Build Customer Trust Audrey McNeil (Feb 21)
http://customerthink.com/4-best-practices-to-build-customer-trust/

Customers demand trust from businesses they transact with for various
reasons. A financial institution, for example, has access to confidential
customer information that they should strictly protect. A retail store has
access to contact information like phone number and email address that
customers hope would not be misused. Even the mom and pop store your
neighborhood may lose...

Eighth Circuit Undoes Target Data Breach Settlement Class Audrey McNeil (Feb 21)
http://www.lexology.com/library/detail.aspx?g=5e3fa3f6-bef6-4fec-b99b-
c28300dfa2b9

The $10 million settlement class in the Target data breach case was
unraveled by the Eighth Circuit Court of Appeals in a recent decision that
will force the district court to address the impact of the Supreme Court’s
decision in Spokeo v. Robins. The Eighth Circuit remanded the case to the
district court, finding that the lower court did not conduct a rigorous...

Cybersecurity Threats and Safeguards in 2017 Audrey McNeil (Feb 21)
http://www.business2community.com/cybersecurity/cybersecurity-threats-
safeguards-2017-01777506

There is no doubt the superhighway of the internet has improved life for
organizations the world over, but with each new innovation comes another
avenue for a cyberattack to travel down. Vulnerabilities in cybersecurity
are no longer just a concern, but a widespread epidemic. Last year data
breaches rose a whopping 40%, with 37 million records exposed...

EU General Data Protection Regulation: Five Questions to ask your CISO Audrey McNeil (Feb 20)
https://www.scmagazineuk.com/eu-general-data-protection-
regulation-five-questions-to-ask-your-ciso/article/630898/

The European General Data Protection Regulation (GDPR) comes into force on
25 May 2018, and it will have a huge impact on the way businesses store and
collect personal information belonging to persons located in the European
Union (EU). The regulation applies to all businesses that hold and process
data that was collected in the...

How does the board make informed decisions on cyber risk? Audrey McNeil (Feb 20)
http://www.itsecurityguru.org/2017/02/17/board-make-
informed-decisions-cyber-risk/

Picture the scene: your organisations’ name splashed across the papers for
all the wrong reasons. Employee data lost, customer data leaked online,
passwords stolen. With the number of data breaches increasing every day,
this scene is all too familiar. As the challenges of information security
continue to garner the attention of business executives, information...

$5.5 Million HIPAA Settlement Shines Light on Importance of Audit Controls Audrey McNeil (Feb 20)
https://www.insurancenewsnet.com/oarticle/5-5-million-
hipaa-settlement-shines-light-on-importance-of-audit-controls

Memorial Healthcare Systems (MHS) has paid the U.S. Department of Health
and Human Services (HHS) $5.5 million to settle potential violations of the
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy
and Security Rules and agreed to implement a robust corrective action plan.
MHS is a nonprofit corporation...

Cyber security is everybody’s business Audrey McNeil (Feb 20)
http://www.advocatedaily.com/peter-murphy-cyber-security-
is-everybodys-business.html

Business leaders may fail to uphold their legal responsibilities if they
don't take reasonable steps to prepare their companies for cyberattacks and
information security breaches, says Toronto technology and business lawyer
Peter Murphy, who has acted as counsel on some of Canada’s most notorious
privacy breaches.

The impact can be as debilitating to an...

Risk Based Security, NIST and University of Maryland Team Up To Tackle Security Effectiveness Inga Goddijn (Feb 20)
https://www.riskbasedsecurity.com/2017/02/risk-based-security-nist-and-university-of-maryland-team-up-to-tackle-security-effectiveness/

The research team at Risk Based Security analyzes and catalogs thousands of
data breaches every year. From that work, a few central themes arise time
and again. One such theme is that breaches can happen at even the most
security-conscious organizations. Another is the tenacity and skill of
attackers when it...

How the employment contract can prevent information theft Audrey McNeil (Feb 17)
http://www.hcamag.com/hr-news/how-the-employment-contract-
can-prevent-information-theft-231276.aspx

Consider an employee who is exposed to plans/products in development and
then departs to go to a competitor and reveal those secrets.

Should the employer cover this predicament in the employment contract?

Ideally there should be clauses in the employment contract that make issues
of copyright ownership and confidential information very clear,...

Could corporate spying be a larger threat to business security than cyber attacks? Audrey McNeil (Feb 17)
http://www.cityam.com/259028/could-corporate-spying-larger-
threat-business-security-than

When a fresh-faced graduate reported promptly one morning for his first day
at a financial institution, he offered up a passport as identification.

Reception staff checked his name off a list of other new recruits and
issued him with a building pass to join scheduled induction sessions.

He never attended the meetings, and instead swept through the...

Can Your Poor Internet Security Hurt Your Marketing Efforts? Audrey McNeil (Feb 17)
https://www.advancedwebranking.com/blog/can-poor-internet-security-
hurt-marketing/

No matter how successful your brand’s marketing is, poor cybersecurity can
result in data breaches that have the potential to cause irreversible
damage to your reputation. Customers are more likely to stay loyal to
brands with which they feel safe doing business, and any data breach can
break that trust.

About 64% of marketers believe that word-of-mouth is the...

When Ransomware Strikes: Does Your Company Have a Data Disaster Recovery Plan? Audrey McNeil (Feb 17)
http://infosecisland.com/blogview/24882-When-Ransomware-Strikes-Does-Your-
Company-Have-a-Data-Disaster-Recovery-Plan.html

Last year, nearly half of businesses were hit by ransomware. In the first
half of 2016 alone, ransomware cost enterprises $209M. Even worse, experts
predict that ransomware “will spin out of control” in 2017. Apparent in the
headlines, ransomware is rampant and those who commit the attacks aren’t
discriminating against...

Cyber Security: What CISOs Should Know In 2017 Audrey McNeil (Feb 17)
http://www.cxotoday.com/story/cyber-security-what-cisos-should-know-in-2017/

Cyber-attacks have become commonplace. In many ways, the only “news” is
that they continue to grow in frequency and variety. When dealing with the
day to day, it can be difficult to tally the mounting toll associated with
this awful state of affairs—and even more challenging to predict what
surprises lie ahead. Based on industry trends, legal framework changes,...

Cybersecurity legislation may do more harm than good Audrey McNeil (Feb 17)
http://www.virginiabusiness.com/opinion/article/
cybersecurity-legislation-may-do-more-harm-than-good

A paramount concern for the commonwealth’s businesses — large and small —
is cybersecurity. During the current session of the General Assembly, state
Sen. Glen Sturtevant proposed an update to Virginia’s cyber crime statute.
The amendment would have made it a felony for cyber criminals to use
ransomware. This was a worthwhile bill...

Open Source Tool Development

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

Re: Default enabled dissectors Andy Ling (Feb 22)
Actually there _is_ a global disabled_protos file. Have a look here

https://www.wireshark.org/docs/wsug_html_chunked/ChAppFilesConfigurationSection.html

Hope it helps.

Well, it’s close. It seems to behave differently to the “user” one.
The file doesn’t exist by default. So if I create one and add my list of protocols to it, they don’t
get loaded. Which means they aren’t available to be enabled if someone wants to. Whereas
the user...

Re: Search for binary symbols across Wireshark releases with the help of ABI Navigator Jaap Keuter (Feb 22)
I like it.

Re: Default enabled dissectors Dario Lombardo (Feb 22)
Actually there _is_ a global disabled_protos file. Have a look here

https://www.wireshark.org/docs/wsug_html_chunked/ChAppFilesConfigurationSection.html

Hope it helps.

Re: Default enabled dissectors Dario Lombardo (Feb 22)
At the moment I can't figure out how.

Ideally a sistem-wide disabled_protos file would solve the issues. Any
thoughts from the list about this feature?

Re: Default enabled dissectors Andy Ling (Feb 22)
If the don't clash, you can then customize the list of the disabled protos. In Linux it is in

.config/wireshark/disabled_protos

I don't know where it is on windows but it won't be hard to find out. You can ship your version with this custom file.

It lives in %APP_DATA%\Wireshark. Which is a per user folder. So how do I customise the contents
of this file such that it gets copied there as part of the installation?

Thanks for the...

Re: Default enabled dissectors Dario Lombardo (Feb 22)
If the don't clash, you can then customize the list of the disabled protos.
In Linux it is in

.config/wireshark/disabled_protos

I don't know where it is on windows but it won't be hard to find out. You
can ship your version with this custom file.

Re: Default enabled dissectors Andy Ling (Feb 22)
Thanks for the reply. I forgot to say, I’m building for Windows using cmake in case that makes a difference.

Do you mean others are not to be compiled or compiled but disabled?

I meant compiled, but disabled. Currently we have to provide a “readme” to tell people to turn off particular
dissectors.

If the former, you have to patch the dissectors list (which file depends on your build subsystem, cmake or autotools)
to disable the...

Re: Default enabled dissectors Dario Lombardo (Feb 22)
Hi Andy
Do you mean others are not to be compiled or compiled but disabled?
If the former, you have to patch the dissectors list (which file depends on
your build subsystem, cmake or autotools) to disable the unwanted ones. If
the latter, you can't AFAIK. If 2 dissectors clash, they can't be loaded.
Even if you disable them. You'd get an error like

Err Duplicate protocol name "FOO"! This might be caused by an...

Default enabled dissectors Andy Ling (Feb 22)
Hi,

I am adding our own dissectors to Wireshark and building an installer from source. All the custom stuff
makes this quite easy, which is great.

What I want to know is, is there a way to specify which dissectors are enabled by default?
One of our dissectors is CORBA GIOP based and it clashes with other similar ones. So I'd
like to turn those off by default in our installer.

Thanks for any help

Andy Ling...

Search for binary symbols across Wireshark releases with the help of ABI Navigator Andrey Ponomarenko (Feb 22)
Hello,

I'd like to present a new project called "ABI Navigator" for searching binary symbols (functions, global data, etc.) in
Wireshark and other open-source libraries: https://abi-laboratory.pro/index.php?view=navigator

The project allows to find out in which versions of the library some symbol is defined, added, removed or changed. The
data is taken from the ABI Tracker project:...

Re: Crash in epan/geoip_db.c João Valverde (Feb 21)
Fixes 850393b57bdd7011780f4cf897d4a2467f58a673. Please push to Gerrit.
Bonus points for fixing the cast too.

Crash in epan/geoip_db.c Gisle Vanem (Feb 21)
Hi list.

I got a crash in epan/geoip_db.c and MSVCRT:free().
Due to the use of g_free() at line 379:

case GEOIP_ASNUM_EDITION:
raw_val = GeoIP_name_by_ipnum(gi, addr);
if (raw_val) {
ret = db_val_to_utf_8(raw_val, gi);
g_free((char*)raw_val); << line 379
}

In my case, the 'raw_val' was not allocated by Glib, but
by MSVC's...

Communication between dumpcap and wireshark partially broken when using rpcap Joerg Mayer (Feb 20)
Hello,

can someone with some understanding of the communication between dumpcap and
wireshark please take a look at bug 13418 (13102 might be a duplicate but I'm
not totally sure)? It looks like dumpcap when talking to a rpcap interface is
returning strange stuff to Wireshark.

Thanks
Jörg

Create an account Angielee Johnson (Feb 20)
I am currently in a Network collage class and need to create an Wiki account

Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10

Re: HP ERM Gene Cumm (Feb 20)
Nope, no specification found, unfortunately. Just observation of
known port states and happening to notice that value changed. See
also the samples I uploaded over the weekend. The only combination I
can think of that I didn't check is if a frame is 802.1q tagged with
VLAN ID 0 in order to apply a non-default priority.

Thanks for the suggestion to rename it.

I do however suspect hp_erm.unknown1 might have been allocated for a
timestamp...

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

Re: Barnyard2 launching problem Abdullah AL-Mutairy (Feb 22)
Thanks for replying

What i want to do is to check which rules in snort is frequently used or which attacks are frequent to my home
network.
In order to know that i have to read the snort log file which in in format (snort.log.xxxxx) ex: snort.log.14737277

After that maybe i can take specific rules and discard unused rules in my home network.

BTW, i used barnyard2 and it is installed in usr/src/ directory as the guide explain.

Thanks a...

Re: Process Snort alerts on real time James Lay (Feb 22)
Use Barnyard2 to process the u2 files, or take a look at the the alert
full method.
James

Snort-users () lists sourceforge net

https://lists.sourceforge.net/lists/listinfo/snort-users

http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot_______________________________________________
Snort-users...

Unsubscribe snort mailing Sang Nguyen Van (Feb 22)
Dear Snort administrator,

I accessed this link https://lists.sourceforge.net/
lists/listinfo/snort-users but cannot unsubscribe. Can you help me to
unsubscribe?
Thank you very much!

Best regards,
NGUYEN Van Sang
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot...

Process Snort alerts on real time Nora Aron (Feb 22)
Thanks Marcin,
Yes, that is great for static logs. But unfortunately my problem is not the
same than in that thread, unless there is something that I misunderstood.
I also could obtain the content of the packet in hexadecimal from u2Spewfoo
( after parsing it ).
But, u2Spewfoo is only for static logs as well. So I am trying to use the
SpoolEventReader from ids-tools that provides you real time events, already
converted to a readable format. The...

Re: Snort read file to generate u2 logs. Al Lewis (allewi) (Feb 22)
Yes. The place where the inspected traffic comes from (network interface or file) shouldn’t matter.

Does the file/pcap traffic have bad checksums? If so add “-k none” to snort when you start it.

Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi () cisco com<mailto:allewi () cisco com>

From: Paul Li <paul () scybersecurity com<mailto:paul () scybersecurity com>>
Date: Tuesday,...

Re: content-based rules not detected Bhargava Jandhyala (bjandhya) (Feb 22)
Please use this rule

alert tcp $HOME_NET any → $EXTERNAL_NET any (msg:”Worm detected”; content:"|d9 74 24 44|"; rev:1;
classtype:malicious-code; )

no need any commend for payload-based rules.

For your help, some example

alert tcp any any -> any any (\
msg:"Rule 2 -- alert since decode buffer searched by default"; \
content:"|5a 7d 87 ff 00 02 03 28 05|"; \
sid:2; rev:1)

Thanks,
Bhargava...

Re: (no subject) Al Lewis (allewi) (Feb 22)
Please go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users

Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi () cisco com<mailto:allewi () cisco com>

From: 조규리 <des3222 () naver com<mailto:des3222 () naver com>>
Reply-To: 조규리 <des3222 () naver com<mailto:des3222 () naver com>>
Date: Tuesday, February 21,...

content-based rules not detected praveen kumar (Feb 22)
Hello ,

I have written content-based rule that matches for the payload (contents)
of certain packets(against .pcap file) and that rule doesn't seem to work.
ex:
Step 1: I have added this rule in local.rules
*alert tcp $HOME_NET any → $EXTERNAL_NET any (msg:”Worm detected”;
content:”|d9 74 24 44|”; sid:1000006;rev:1; classtype:malicious-code; )*
and, included local.rules in *snot.conf* file and also added...

(no subject) 조규리 (Feb 21)
Dear Snort team,

Please delete my e-mail address to send any information. That means i want to stop subscribing yours.

Thanks
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go...

Re: Snort read file to generate u2 logs. Paul Li (Feb 21)
（Sorry the previous email was broke. ）

Al, do you indicate that Snort should generate .u2 files when it reads from
a file?

Thanks,
Paul

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot_______________________________________________
Snort-users mailing list
Snort-users () lists...

Re: Snort read file to generate u2 logs. Paul Li (Feb 21)
Yes, Al, there's .log file generated in the directory /var/log/snort. also,
the same user can generate .u2 log when snort reads directly from the
network interface.

So do you indicate that

On Tue, Feb 21, 2017 at 10:57 PM, Al Lewis (allewi) <allewi () cisco com>
wrote:

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech...

Re: Snort read file to generate u2 logs. Paul Li (Feb 21)
Yes, Al, there's .log file generated in the directory /var/log/snort. also,
the same user can generate .u2 log when snort reads directly from the
network interface.

So do you indicate that Snort should generate .u2 logs when it reads a file?

Thanks,
Paul

On Tue, Feb 21, 2017 at 10:57 PM, Al Lewis (allewi) <allewi () cisco com>
wrote:

------------------------------------------------------------------------------
Check out the...

Re: Snort read file to generate u2 logs. Al Lewis (allewi) (Feb 21)
Have you checked if the snort user has permissions to write to the output directory?

Are the logs created when you run snort as root?

Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi () cisco com<mailto:allewi () cisco com>

From: Paul Li <paul () scybersecurity com<mailto:paul () scybersecurity com>>
Date: Tuesday, February 21, 2017 at 10:17 PM
To: 'snort-users'...

Snort read file to generate u2 logs. Paul Li (Feb 21)
I'm using Snort read a file to generate alerts with the following command:

sudo snort -q -u snort-user -g snort-group -c /etc/snort/snort.conf -r
file-name

Snort can generate alerts but doesn't create u2 log files, neither other
output (e.g., csv) , although the same snort.conf file will generate both
alerts and .u2 files.) Wondering if there's a way Snort can generate
specified format logs when reading a file.

Thanks,
Paul...

Re: Barnyard2 launching problem Marcin Dulak (Feb 21)
the old tools like barnyard2, snorby, sguil etc. are no longer maintained.
Maybe try https://securityonion.net/

where barnyard2 has been installed?
which barnyard2

barnyard is not needed for reading the logs. Assuming you have unified2 log
https://github.com/jasonish/py-idstools will do, see
http://seclists.org/snort/2017/q1/11

Marcin

------------------------------------------------------------------------------
Check out the vibrant tech...

More Lists

Related Resources

We're always looking for great network security related lists to archive. To suggest one, mail Fyodor.