[CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321)

SecLists.Org Security Mailing List Archive

Any hacker will tell you that the latest news and exploits are not
found on any web site—not even Insecure.Org. No, the cutting edge
in security research is and will continue to be the full
disclosure mailing lists such as Bugtraq. Here we provide web
archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists. Browse the individual lists below, or search them all:

Insecure.Org Lists

nmap-dev logoNmap Development

— Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to

Nmap

and related projects. Subscribe

here

.

Re: Error on Windows 7 after installing nmap 7.30
postal dude (Oct 25)
Hello,

I’ve had a similar issue:

dnet: Failed to open device eth0

Seems something was wrong with the interface mapping:

eth0 <none>
<none> \Device\NPF_{B3A3B88A-9AF8-4BFD-8C8C-F13D6B23C727}

I’ve fixed it by resetting my network interfaces with ‘netsh int ip reset’:

eth0 \Device\NPF_{AFEA0EA3-4828-4CDD-BEBF-E466073E768B}

pd

Re: Error on Windows 7 after installing nmap 7.30
Keith Christian (Oct 25)
Yang,

Sorry, cannot verify, Symantec anti-virus is quarantining npcap. I’ll
have to wait for a tested nmap release incorporating NPcap 0.10 r10+.

Keith

Re: nping showing both unreachable and successful replies for localhost under Win 7 32
Michael D. Lawler (Oct 25)
Yep, this is now working great.

At 01:21 AM 10/25/2016, 食肉大灰兔V5 wrote:

Re: nping showing both unreachable and successful replies for localhost under Win 7 32
食肉大灰兔V5 (Oct 24)
Hi Michael,

I missed that:) I should have fixed this issue in latest Npcap 0.10 r12,
please try it at: https://github.com/nmap/npcap/releases

Cheers,
Yang

Re: nping showing both unreachable and successful replies for localhost under Win 7 32
Michael D. Lawler (Oct 24)
Yes, the new version fixes it for 127.0.0.1, but
not if you ping the local IP address of your
machine. either with ip address or machine name

Starting Nping 0.7.31 ( https://nmap.org/nping )
at 2016-10-25 00:29 Eastern Daylight Time
SENT (0.1320s) ICMP [192.168.1.100 >
192.168.1.100 Echo request (type=8/code=0) id=358
seq=1] IP [ttl=64 id=50100 iplen=28 ]
RCVD (0.1880s) ICMP [192.168.1.100 >
192.168.1.100 Echo reply (type=0/code=0)…

Re: nping showing both unreachable and successful replies for localhost under Win 7 32
食肉大灰兔V5 (Oct 24)
Hi Michael,

I should have fixed this issue in latest Npcap 0.10 r11, please try it at:
https://github.com/nmap/npcap/releases

Cheers,
Yang

On Sat, Oct 22, 2016 at 9:16 PM, Michael D. Lawler <mdlawler () lawlers us>
wrote:

Re: Error on Windows 7 after installing nmap 7.30
食肉大灰兔V5 (Oct 24)
Hi Keith,

Please try latest Npcap 0.10 r10 here:
https://github.com/nmap/npcap/releases and try again. I have fixed a
related bug in that version.

Cheers,
Yang

Re: Error on Windows 7 after installing nmap 7.30
Keith Christian (Oct 24)
7.31 was installed this morning and exhibits the same symptoms:

Mon 10/24/2016 8:36:12.40 C:\Users\keith\Downloads>nmap 192.168.2.5

Starting Nmap 7.31 ( https://nmap.org ) at 2016-10-24 08:36
Mountain Daylight Time
dnet: Failed to open device eth1
QUITTING!

Again: 7.12 works without issues.

(Difficult to install “debug” builds on this corporate PC, sorry.)

FWIW, Pertinent “systeminfo”…

Re: nping showing both unreachable and successful replies for localhost under Win 7 32
食肉大灰兔V5 (Oct 24)
Hi Michael,

Can you provide your DiagReport, install.log and NPFInstall.log based on:
https://github.com/nmap/npcap#bug-report? Also do you have any idea that
which is the last workable Npcap version?

Cheers,
Yang

On Sat, Oct 22, 2016 at 9:16 PM, Michael D. Lawler <mdlawler () lawlers us>
wrote:

Re: Processing of malformed HTTP header names
Paulino Calderon (Oct 24)
Hello,

I just noticed this behavior/bug last week while I was adding a signature for Oracle Web Logic Console. The call failed
because of the malformed header.
I’m not aware of any problems that this change will cause so I think it’s safe to apply this.

Cheers.

Processing of malformed HTTP header names
nnposter (Oct 23)
I would like to solicit input on modifying http.lua to allow processing
of HTTP responses even if they contain a malformed header, such as an
invalid character in the name or just superfluous whitespace between the
name and the colon. As of now http.lua rejects such responses.

A real-world example on which NSE scripts fail:

HTTP/1.1 200 OK
Server: Netgear
Content-Type: text/html
Pragma: no-cache
Last Modified: Fri, 16 July 2001…

Re: How to correctly reply to the Nmap-dev list?
食肉大灰兔V5 (Oct 22)
Hi Fyodor,

Thanks for the info!

Cheers,
Yang

Re: Formal CPE conformance?
David Fifield (Oct 22)
You should fix those bugs when you see them.

The CPE dictionary itself is full of errors and inconsistencies. In the
early days of CPE support I wanted to conform closely with CPE and even
took the time to file reports for bugs and omissions in the dictionary.
But it wasn’t very rewarding as getting anything changed upstream took
ages. Not to mention that the majority of nmap-service-probes’s devices
aren’t even present in the…

nping showing both unreachable and successful replies for localhost under Win 7 32
Michael D. Lawler (Oct 22)
This is with 7.31 and npcap 0.10R9

Starting Nping 0.7.31 ( https://nmap.org/nping ) at 2016-10-22 09:15
Eastern Daylight Time
SENT (0.1420s) ICMP [127.0.0.1 > 127.0.0.1 Echo request
(type=8/code=0) id=47715 seq=1] IP [ttl=64 id=23497 iplen=28 ]
RCVD (0.2040s) ICMP [127.0.0.1 > 127.0.0.1 Echo reply (type=0/code=0)
id=47715 seq=1] IP [ttl=128 id=27914 iplen=28 ]
RCVD (0.2040s) ICMP [127.0.0.1 > 127.0.0.1 Protocol 1 unreachable…

Formal CPE conformance?
nnposter (Oct 21)
I have noticed that the service probe file is not always using standard
CPE entries. As an example, one entry has been “dlink:dls-2750u”.

In r36385 I have fixed the obvious typo, changing it to “dlink:dsl-2750u”.

However, reviewing the official CPE dictionary, the entry should be
“d-link:dsl2750u”.

I can fix this particular one but my question is whether such deviations
from official CPE entries are purely…

nmap-announce logoNmap Announce

— Moderated list for the most important new releases and announcements regarding the

Nmap Security Scanner

and related projects. We recommend that all Nmap users

subscribe

.

Nmap 7.31 stability-focused point release
Fyodor (Oct 21)
Hi folks. I’m happy to report that the big Nmap 7.30 release last month
was a great success. We didn’t even see as many bugs as expected for such
a large release, but we have collected and fixed the ones which did arise
in the last few weeks into a new 7.31 point release. It includes the
latest updates to our new Npcap driver, a fix for Nping on Windows, and
more.

Nmap 7.31 source code and binary packages for Linux, Windows, and Mac…

Nmap 7.30 Released with new NSE scripts, new Npcap, new Fingerprints, etc.
Fyodor (Sep 29)
Hi folks! You may have noticed that we’ve only been releasing Nmap betas
for the last 6 months because we’ve had so much new code and so many
features to integrate thanks to hard work from both our regular team and
the 5 Google Summer of Code summer interns. But we spent the last month
focused on stability and I’m pleased to announce Nmap 7.30–our first
stable release since 7.12 back in March.

Even though it’s a stable…

Nmap 7.25BETA2 Birthday Release
Fyodor (Sep 01)
Hi folks! I’m happy to report that today is Nmap’s 19th birthday and
instead of cake, we’re celebrating open source style with a new release!
Nmap 7.25BETA1 includes dozens of performance improvements, bug fixes, and
new features. The full list is below, and includes a major LUA upgrade for
NSE scripts, a new overlapped I/O engine for better Windows performance, a
much-improved version of our new Npcap packet capturing driver,…

Nmap 7.25BETA1 Released with our new Npcap driver, 6 new NSE scripts, and more!
Fyodor (Jul 19)
Hi folks! As you may know, we’ve been working for the last 3 years on an
improved Windows packet capturing library named Npcap. It’s based on the
original WinPcap (which hasn’t been maintained in years), but we rewrote
the driver to use modern APIs (NDIS 6) for better performance. It also
improves security and enables new features. For example, Npcap allows Nmap
to do raw scans (including SYN scans and OS detection) of localhost…

Introducing the 2016 Nmap/Google Summer of Code Team!
Fyodor (May 09)
Hello everyone. Google has agreed to sponsor five amazing students to
spend this summer enhancing the Nmap Security Scanner and I’m proud to
introduce our 2015 team:

*Abhishek Singh* will be working as a Feature Creeper and Bug Hunter,
making improvements throughout the Nmap codebase. The project hasn’t even
started yet and he’s already found and fixed several NSE script bugs and
has other code changes in the works. Abhishek is…

Nmap 7.10 released: 12 new scripts, hundreds of OS/version fingerprints, bug fixes, and more!
Fyodor (Mar 17)
Hi Folks! Before I tell you about today’s new Nmap release, I wanted to
share some Summer of Code news:

Google posted a fantastic story by one of our Summer of Code alumni about
how the program helped take him from rural China to a full-ride scholarship
at the University of Virginia graduate school! His mentor David and I had
the chance to meet him in San Francisco:…

Nmap Project Seeking Talented Programmers for Google Summer of Code 2016
Fyodor (Feb 29)
Hi folks. I’m delighted to report that Nmap has been accepted by Google to
participate in this year’s Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We’re one…

Nmap 7 Released!
Fyodor (Nov 19)
Hi folks! After 3.5 years of work by more than 100 contributors and 3,200
code commits since Nmap 6, we’re delighted to announce Nmap 7! Compared to
Nmap 6, we now have 171 new NSE scripts, mature IPv6 support for everything
from host discovery to port scanning to OS detection, better
infrastructure, significant performance improvements, and a lot more!

For the top 7 improvements in Nmap 7, see the release notes:

https://nmap.org/7

Or…

Nmap 6.49BETA6: 10 new NSE scripts, hundreds of new OS and version detection, GSoC improvements, and more!
Fyodor (Nov 03)
Hi folks! I’m happy to announce the release of Nmap 6.49BETA6 with many
great improvements! This includes a lot of work from our Summer of Code
students as well as our regular crew of developers. The release has 10 new
NSE scripts, hundreds of new IPv4 and IPv6 OS detection signatures, and a
bunch of new version detection sigs bringing our total above 10,000! There
are dozens of other improvements as well.

As usual, Nmap 6.49BETA5…

Nmap GSoC 2015 Success Report
Fyodor (Oct 19)
Nmap hackers:

I’m pleased to report the successful completion of our 11th Google Summer
of Code. And this year all five of our students passed! They added many
great features and improvements which Nmap users are sure to enjoy. Much
of their work has already been integrated in the Nmap 6.49BETA5 release
last month, and we’re working to integrate even more in the upcoming stable
version. Let’s look at their accomplishments…

Nmap Project News: 6.49BETA5 release, 18th Birthday, Movie Star, Summer of Code success, Shwag, etc
Fyodor (Sep 25)
Hi folks. I know I haven’t posted to this Nmap Announcement lists since
June, but we’ve had a very busy summer and I’m going to try and catch you
up in one go!

First of all, we’ve had four new releases since then, including today’s
release of Nmap 6.49BETA5. They are all stability-focused releases to fix
all the bugs and problems we can find in preparation for a big upcoming
stable release in October (I hope).

As…

Nmap 6.49BETA1 released! New scripts, new signatures, new ASCII art!
Fyodor (Jun 03)
Hi Folks. I’m happy to announce the release of Nmap 6.49BETA1. This
version has hundreds of improvements, including:

* 25 new NSE scripts (total is now 494)

* Integrated all of your latest OS detection and version/service detection
submissions (including IPv6). This allows Nmap to properly identify Linux
3.18, Windows 8.1, OS X 10.10, Android 5, etc. We now have more than 10,000
service detection signatures!

* Infrastructure…

Introducing the 2015 Nmap/Google Summer of Code Team!
Fyodor (May 07)
Hello everyone. Google has agreed to sponsor five amazing students to
spend this summer enhancing the Nmap Security Scanner and I’m proud to
introduce our 2015 team:

*Andrew Farabee* will be working to refactor parts of the Nmap codebase in
ways which enable more functionality while also improving performance and
hopefully easing code maintenance too! His first task involves adding a
SOCKS proxy name resolution feature to enable scanning…

Nmap Project Seeking Talented Programmers for Google Summer of Code
Fyodor (Mar 24)
Hi folks. I’m delighted to report that Nmap has been accepted by Google to
participate in this year’s Summer of Code internship program. This
innovative and extraordinarily generous program provides $5,500 stipends to
college and graduate students anywhere in the world who spend the summer
improving Nmap from home! They gain valuable experience, get paid,
strengthen their résumés, and write code for millions of users. We’re…

fulldisclosure logoFull Disclosure

— A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

[CSS] POINTYFEATHER / tar extract pathname bypass (CVE-2016-6321)
Harry Sintonen (Oct 26)
—————- t2’16 special vulnerability release —————–

Vulnerability: POINTYFEATHER aka Tar extract pathname bypass
Credits: Harry Sintonen / FSC1V Cyber Security Services
Date: 2016-10-27
Impact: File overwrite in certain situations
Classifier: Full spectrum cyber
CVSS: 4.3.2
Threat level: Manatee

//NORDIC EYES ONLY//NOFORN//PUBLIC//EXPLOIT GLOBAL//…

CVE-2016-1240 – Tomcat packaging on Debian-based distros – Local Root Privilege Escalation
Dawid Golunski (Oct 26)
I added a simple PoC video for the CVE-2016-1240 vulnerability.

In the PoC I used Ubuntu 16.04 with the latest tomcat7 package
(version: 7.0.68-ubuntu-0.1) installed from the default ubuntu repos
which appears vulnerable still.

The video poc can be found at:

http://legalhackers.com/videos/Apache-Tomcat-DebPkg-Root-PrivEsc-Exploit.html

New VMSA-2016-0017 – VMware product updates address multiple information disclosure issues
VMware Security Response Center (Oct 25)
————————————————————————-
VMware Security Advisory

Advisory ID: VMSA-2016-0017
Severity: Moderate
Synopsis: VMware product updates address multiple information
disclosure issues
Issue date: 2016-10-25
Updated on: 2016-10-25 (Initial Advisory)
CVE number: CVE-2016-5328, CVE-2016-5329

1. Summary

VMware product updates address information disclosure issues in…

AST-2016-007: UPDATE
Asterisk Security Team (Oct 25)
On September 8, the Asterisk development team released the AST-2016-007
security advisory. The security advisory involved an RTP resource
exhaustion that could be targeted due to a flaw in the “allowoverlap”
option of chan_sip. Due to new information presented to us by Walter
Doekes, we have made the following updates to the advisory.

In the “Description” section, the following text has been added:

UPDATE (20 October,…

daloRADIUS 0.9-9 – Multiple vulnerabilities leading to arbitrary shell execution
fwagglechop (Oct 24)
I know ancient PHP apps is kinda cheating, but there are people running this…

Abstract
——–

“daloRADIUS is an advanced RADIUS web management application aimed at
managing hotspots and general-purpose ISP deployments. It features
user management, graphical reporting, accounting, a billing engine and
integrates with GoogleMaps for geo-locating.”[1]

While auditing this software for a business we found multiple
potential security…

APPLE-SA-2016-10-24-5 watchOS 3.1
Apple Product Security (Oct 24)
APPLE-SA-2016-10-24-5 watchOS 3.1

watchOS 3.1 is now available and addresses the following:

CoreGraphics
Available for: All Apple Watch models
Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary
code execution
Description: A memory corruption issue was addressed through improved
memory handling.
CVE-2016-4673: Marco Grassi (@marcograss) of KeenLab (@keen_lab),
Tencent

FontParser
Available for: All Apple Watch models
Impact:…

APPLE-SA-2016-10-24-4 tvOS 10.0.1
Apple Product Security (Oct 24)
APPLE-SA-2016-10-24-4 tvOS 10.0.1

tvOS 10.0.1 is now available and addresses the following:

CFNetwork Proxies
Available for: Apple TV (4th generation)
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A phishing issue existed in the handling of proxy
credentials. This issue was addressed by removing unsolicited proxy
password authentication prompts.
CVE-2016-7579: Jerry Decime…

APPLE-SA-2016-10-24-3 Safari 10.0.1
Apple Product Security (Oct 24)
APPLE-SA-2016-10-24-3 Safari 10.0.1

Safari 10.0.1 is now available and addresses the following:

WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-4666: Apple

WebKit
Available for: OS X Yosemite v10.10.5, OS X…

APPLE-SA-2016-10-24-2 macOS Sierra 10.12.1
Apple Product Security (Oct 24)
APPLE-SA-2016-10-24-2 macOS Sierra 10.12.1

macOS Sierra 10.12.1 is now available and addresses the following:

AppleGraphicsControl
Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed through improved
lock state checking.
CVE-2016-4662: Apple

AppleSMC
Available for: macOS Sierra 10.12
Impact: A…

APPLE-SA-2016-10-24-1 iOS 10.1
Apple Product Security (Oct 24)
APPLE-SA-2016-10-24-1 iOS 10.1

iOS 10.1 is now available and addresses the following:

CFNetwork Proxies
Available for: iPhone 5 and later, iPad 4th generation and later,
iPod touch 6th generation and later
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A phishing issue existed in the handling of proxy
credentials. This issue was addressed by removing unsolicited proxy
password…

Apple macOS 10.12.1/iOS 10 SecureTransport SSL handshake OCSP MiTM and DoS
[CXSEC] (Oct 24)
Apple macOS 10.12.1/iOS 10 SecureTransport SSL handshake OCSP MiTM and DoS
Credit: Maksymilian Arciemowicz (https://cxsecurity.com/)
URL: https://cxsecurity.com/issue/WLB-2016100213

— 0. Description —-

The latest macOS and iOS have weak OCSP validation process which allow
attacker to send OCSP requests (up to 200k) in name of victim during
MiTM attack.

— 1. MiTM and handshake OCSP verification —
Apple’s SecureTransport trusts and…

Security Vulnerability : Cisco web site CSRF in change password lead to full account take over
mohamed sayed (Oct 24)
Dear Team ,

Hope this email finds you well , Please be informed that i found a Major
Security vulnerability in the Main Cisco Web Site https://www.cisco.com/

*Introduction*

The vulnerability allows a remote hacker to force Victim`s browser to send
reset password for their accounts and then the Hacker will be able to take
the ownership of this account.
———————-

*Description and Steps To reproduce the issue *

1-Go to Main Cisco…

XSS on public PGP servers
John Strander (Oct 23)

New release: UFONet v0.8 – “U-NATi0n!”
psy (Oct 23)
Hi,

I am glad to present a new release of this tool:

http://ufonet.03c8.net

UFONet abuses OSI Layer 7-HTTP to create/manage ‘zombies’ and to conduct
different attacks using; GET/POST, multithreading, proxies, origin
spoofing methods, cache evasion techniques, etc.

FAQ: http://ufonet.03c8.net/FAQ.html

———

– Added XML-RPC Pingback exploitation (WP, Drupal, etc…)
– Added AES256+HMAC-SHA1 messagery system
– Added Statistics…

Defense in depth — the Microsoft way (part 45): filesystem redirection fails to redirect the application directory
Stefan Kanthak (Oct 20)
Hi @ll,

on x64 editions of Windows, RegEdit.exe exists both as
%windir%\regedit.exe and %windir%\SysWOW64\regedit.exe.

<https://msdn.microsoft.com/en-us/library/aa384187.aspx> states

| […] whenever a 32-bit application attempts to access […]
| %windir%\regedit.exe is redirected to %windir%\SysWOW64\regedit.exe.

But what is the “application directory” when a 32-bit application
runs %windir%\regedit.exe?
Is it %windir% or…

Other Excellent Security Lists

bugtraq logoBugtraq

— The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

CVE-2016-1240 – Tomcat packaging on Debian-based distros – Local Root Privilege Escalation
Dawid Golunski (Oct 26)
I added a simple PoC video for the CVE-2016-1240 vulnerability.

In the PoC I used Ubuntu 16.04 with the latest tomcat7 package
(version: 7.0.68-ubuntu-0.1) installed from the default ubuntu repos
which appears vulnerable still.

The video poc can be found at:

http://legalhackers.com/videos/Apache-Tomcat-DebPkg-Root-PrivEsc-Exploit.html

[SECURITY] [DSA 3700-1] asterisk security update
Moritz Muehlenhoff (Oct 26)
————————————————————————-
Debian Security Advisory DSA-3700-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
October 25, 2016 https://www.debian.org/security/faq
————————————————————————-

Package : asterisk
CVE ID : CVE-2015-3008 CVE-2016-2232…

[SECURITY] [DSA 3701-1] nginx security update
Florian Weimer (Oct 26)
————————————————————————-
Debian Security Advisory DSA-3701-1 security () debian org
https://www.debian.org/security/ Florian Weimer
October 25, 2016 https://www.debian.org/security/faq
————————————————————————-

Package : nginx
CVE ID : CVE-2016-1247

Dawid Golunski reported…

FreeBSD Security Advisory FreeBSD-SA-16:15.sysarch [REVISED]
FreeBSD Security Advisories (Oct 26)
=============================================================================
FreeBSD-SA-16:15.sysarch [REVISED] Security Advisory
The FreeBSD Project

Topic: Incorrect argument validation in sysarch(2)

Category: core
Module: kernel
Announced: 2016-10-25
Credits: Core Security, ahaha from Chaitin Tech
Affects: All…

CVE-2016-6804 Apache OpenOffice Windows Installer Untrusted Search Path
Dennis E. Hamilton (Oct 25)
CVE-2016-6804
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6804>
Apache OpenOffice Advisory
<https://www.openoffice.org/security/cves/CVE-2016-6804.html>

Title: Windows Installer Execution of Arbitrary Code with Elevated Privileges

Version 1.0
Announced October 11, 2016

Description

The Apache OpenOffice installer for Windows contained a defective
operation that allows execution of arbitrary code with elevated
privileges….

wincvs-2.0.2.4 Privilege Escalation
apparitionsec (Oct 25)
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/WINCVS-PRIVILEGE-ESCALATION.txt

[+] ISR: ApparitionSec

Vendor:
======================
cvsgui.sourceforge.net
www.wincvs.org

Product:
===========
WinCvs v2.1.1.1 (Build 1)
downloads as wincvs-2.0.2.4
v2.0.2.4

WinCVS is a free app for Windows that will help you simplify the development of files for groups of…

APPLE-SA-2016-10-24-3 Safari 10.0.1
Apple Product Security (Oct 24)
APPLE-SA-2016-10-24-3 Safari 10.0.1

Safari 10.0.1 is now available and addresses the following:

WebKit
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6,
and macOS Sierra 10.12
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed
through improved memory handling.
CVE-2016-4666: Apple

WebKit
Available for: OS X Yosemite v10.10.5, OS X…

[SECURITY] [DSA 3698-1] php5 security update
Salvatore Bonaccorso (Oct 24)
————————————————————————-
Debian Security Advisory DSA-3698-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
October 24, 2016 https://www.debian.org/security/faq
————————————————————————-

Package : php5
CVE ID : not yet available

Several…

Puppet Enterprise Web Interface Authentication Redirect
hyp3rlinx (Oct 21)
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/PUPPET-AUTHENTICATION-REDIRECT.txt

[+] ISR: ApparitionSec

Vendor:
==============
www.puppet.com

Product:
================================
Puppet Enterprise Web Interface
Version < 2016.4.0

Puppet Enterprise is the leading platform for automatically delivering, operating and securing your infrastructure….

Puppet Enterprise Web Interface User Enumeration
apparitionsec (Oct 21)
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/PUPPET-USER-ENUMERATION.txt

[+] ISR: ApparitionSec

Vendor:
==============
www.puppet.com

Product:
===============================
Puppet Enterprise Web Interface

Tested in version < 2016.4.0

Puppet Enterprise is the leading platform for automatically delivering, operating and securing your…

Puppet Enterprise Web Interface Authentication Redirect
apparitionsec (Oct 21)
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/PUPPET-AUTHENTICATION-REDIRECT.txt

[+] ISR: ApparitionSec

Vendor:
==============
www.puppet.com

Product:
================================
Puppet Enterprise Web Interface
Version < 2016.4.0

Puppet Enterprise is the leading platform for automatically delivering, operating and securing your infrastructure….

Oracle Netbeans IDE v8.1 Import Directory Traversal
apparitionsec (Oct 21)
[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/ORACLE-NETBEANS-IDE-DIRECTORY-TRAVERSAL.txt

[+] ISR: ApparitionSec

Vendor:
===============
www.oracle.com

Product:
=================
Netbeans IDE v8.1

Vulnerability Type:
=========================
Import Directory Traversal

CVE Reference:
==============
CVE-2016-5537

Vulnerability Details:…

ESA-2016-111: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability
EMC Product Security Response Center (Oct 20)
ESA-2016-111: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability

EMC Identifier: ESA-2016-111
CVE Identifier: CVE-2016-0909
Severity Rating: CVSSv3 Base Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected products:
• EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and older

Summary:
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3 and older…

Defense in depth — the Microsoft way (part 44): complete failure of Windows Update
Stefan Kanthak (Oct 20)
Hi @ll,

since more than a year now, Windows Update fails (not only, but most
notably) on FRESH installations of Windows 7/8/8.1 (especially their
32-bit editions), which then get NO security updates at all [°]!

One of the many possible causes: Windows Update Client runs out of
(virtual) memory during the search for updates and yields 0x8007000E
alias E_OUTOFMEMORY [‘].

According to <https://support.microsoft.com/en-us/kb/3050265>…

[CVE-2016-5195] “Dirty COW” Linux privilege escalation vulnerability
dirtycow (Oct 20)
Debian: https://security-tracker.debian.org/tracker/CVE-2016-5195

Redhat: https://access.redhat.com/security/cve/cve-2016-5195

FAQ: https://dirtycow.ninja/

basics logoSecurity Basics

— A high-volume list which permits people to ask “stupid questions” without being derided as “n00bs”. I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.

“The Blind SQL Injection Issue” explanation
Mihamina RAKOTOMANDIMBY (May 31)
Hi members,

A web application of mine has been scanned by a “security tool”.
It reports some issues about “Blind SQL Injection Issue”

The test result seems to indicate a vulnerability
because it shows that values can be appended to parameter
values, indicating that they were embedded in an SQL
query. In this test, three (or sometimes four)
requests are sent. The last is logically equal to the original,
and the next-to-last…

pen-test logoPenetration Testing

— While this list is intended for “professionals”, participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.

[ERPSCAN-16-030] SAP NetWeaver – buffer overflow vulnerability
ERPScan inc (Oct 17)
Application: SAP NetWeaver KERNEL

Versions Affected: SAP NetWeaver KERNEL 7.0-7.5

Vendor URL: http://SAP.com

Bugs: Denial of Service

Sent: 09.03.2016

Reported: 10.03.2016

Vendor response: 10.03.2016

Date of Public Advisory: 12.07.2016

Reference: SAP Security Note 2295238

Author: Dmitry Yudin (ERPScan)

Description

1. ADVISORY INFORMATION

Title: [ERPSCAN-16-030] SAP NetWeaver – buffer overflow vulnerability

Advisory ID:…

[ERPSCAN-16-029] SAP NetWeaver AS JAVA – deserialization of untrusted user value
ERPScan inc (Oct 17)
Application: SAP EP-RUNTIME component

Versions Affected: SAP EP-RUNTIME 7.5

Vendor URL: http://SAP.com

Bugs: Denial of Service

Sent: 22.04.2016

Reported: 23.04.2016

Vendor response: 23.04.2016

Date of Public Advisory: 12.07.2016

Reference: SAP Security Note 2315788

Author: Mathieu Geli (ERPScan)

Description

1. ADVISORY INFORMATION

Title: [ERPSCAN-16-029] SAP NetWeaver AS JAVA – deserialization of
untrusted user value

Advisory ID:…

[ERPSCAN-16-028] SAP Adaptive Server Enterprise – DoS vulnerability
ERPScan inc (Oct 17)
Application: SAP Adaptive Server Enterprise

Versions Affected: SAP Adaptive Server Enterprise 16

Vendor URL: http://SAP.com

Bugs: Denial of Service

Sent: 01.02.2016

Reported: 02.02.2016

Vendor response: 02.02.2016

Date of Public Advisory: 12.07.2016

Reference: SAP Security Note 2330839

Author: Vahagn Vardanyan(ERPScan)

Description

1. ADVISORY INFORMATION

Title: [ERPSCAN-16-028] SAP Adaptive Server Enterprise – DoS…

IE11 is not following CORS specification for local files
Ricardo Iramar dos Santos (Sep 22)
IE11 is not following CORS specification for local files like Chrome
and Firefox.
I’ve contacted Microsoft and they say this is not a security issue so
I’m sharing it.

files as supposed to be.
In order to prove I’ve created a malicious html file with the content below.

<html>
<script>
function createCORSRequest(method, url) {
var xhr = new XMLHttpRequest();
if (“withCredentials” in xhr) {…

Welcome Faraday 2.1! Collaborative Penetration Test & Vulnerability Management Platform
Francisco Amato (Sep 22)
After a long sprint we are proud to present Faraday v2.1:

Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that…

Recon Europe 2017 Call For Papers – January 27 – 29, 2017 – Brussels, Belgium
cfpbrussels2017 (Sep 22)
` . R E C O N * B R U S S E L S .
. . C F P ‘ .
https://recon.cx
. 27 – 29 January 2017 . .
. ‘ Brussels, Belgium .
\ .
-6)) +
\ † ….

t2’16: Challenge to be released 2016-09-10 10:00 EEST
Tomi Tuominen (Sep 01)
It is that time of the year again.

Unicorns attract competitors, copycats and charlatans. For a VC, the road to losing the principal is paved with poor
decisions, bad luck and ultimately betting on the wrong horse. One of the challengers in the unregulated
pay-per-hitchhike app industry, Astley Auto Association, has been trying to raise a C round. Its founder and CEO, a
controversial character, is claimed to represent the darker side of the…

firewall-wizards logoFirewall Wizards

— Tips and tricks for firewall administrators

Revival?
Paul Robertson (Sep 11)
Since the last few attempts to revive the list have failed, I’m going to attempt a Facebook group revival experiment.
It’ll be a bit broader in scope, but I’m hoping we can discuss technical security matters. The new group is
Security-Wizards on Facebook.

Paul

webappsec logoWeb App Security

— Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

Re: IE11 is not following CORS specification for local files
Ricardo Iramar dos Santos (Oct 13)
Same attack using XSS as vector.
Imagine that https://xss-doc.appspot.com is a site about gift cards.
The XSS payload below will create a giftcard.htm file in the default
download folder.
If the victim open the file a GET to
https://mail.google.com/mail/u/0/#inbox will be submitted.
After the GET the file will perform a POST to
http://192.168.1.36/req.php using the GET response as a body.
An attacker would be able to read all the emails in the…

Re: IE11 is not following CORS specification for local files
Ricardo Iramar dos Santos (Oct 05)
I did a small improvement in this attack.
Using IE File API
(https://msdn.microsoft.com/en-us/library/hh772315(v=vs.85).aspx) an
attacker would be able to create a web page with the content below and
send to a victim.
A local file with the same content that I sent previously would be
created on download default folder.
If the victim perform the three following clicks (Save, Open and Allow
blocked content) an attacker would be able to perform any…

Welcome Faraday 2.1! Collaborative Penetration Test & Vulnerability Management Platform
Francisco Amato (Sep 22)
After a long sprint we are proud to present Faraday v2.1:

Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that…

IE11 is not following CORS specification for local files
Ricardo Iramar dos Santos (Sep 21)
IE11 is not following CORS specification for local files like Chrome
and Firefox.
I’ve contacted Microsoft and they say this is not a security issue so
I’m sharing it.

files as supposed to be.
In order to prove I’ve created a malicious html file with the content below.

<html>
<script>
function createCORSRequest(method, url) {
var xhr = new XMLHttpRequest();
if (“withCredentials” in xhr) {…

nullcon 8-bit Call for Papers is open
nullcon (Aug 23)
Dear Hackers and Security Pros,

Welcome to nullcon 8-bit!
nullcon is an annual security conference held in Goa, India. The focus
of the conference is to showcase the next generation of offensive and
defensive security technology. We happily open doors to researchers
and hackers around the world and the universe , working on the next
big thing in security and request everyone to submit their new
research.

What is 8-bit?
As a tradition of…

SpiderFoot 2.7.0 released
Steve Micallef (Aug 19)
Hi all,

SpiderFoot 2.7.0 is now available, with more modules, added
functionality and bug fixes since 2.5.0 was last announced on this list.
SpiderFoot is an open source intelligence gathering / reconnaissance
tool utilising over *50* data sources and methods, all driven through a
snappy web UI.

Here’s what’s new since 2.5.0..
– *6* new modules:
– BotScout.com search for malicious e-mail addresses
-…

Faraday v2.0: Collaborative Penetration Test and Vulnerability Management Platform
Francisco Amato (Aug 18)
Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that help users improve their own
work, the main purpose is to…

dailydave logoDaily Dave

— This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by

ImmunitySec

founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can’t really fault Dave for being self-promotional on a list named DailyDave.

Immunity is throwing a shindig in Laurel MD Nov 21st!
Dave Aitel (Oct 13)
https://twitter.com/Immunityinc/status/786561783691481088

It’s not just about the beer – it’s really more about sharing our
experiences throughout the year writing and enjoying the delicious brew
that is modern exploits! We have two talks, both of which will be great.
Please email admin () immunityinc com to RSVP!

-dave

Re: Book Reviews
JJ Gray (Oct 12)
Even small scale (but high event) focussed testing can have unexpected
results, case in point as happened some time ago on a remote application
test. In short the basic fuzzing of a small form field killed the
corporate mail server. It turned out that at some point early in the
applications life cycle the developer added an email alert on every
error condition. This continued through the application life cycle until
Live except at this point the…

Re: Book Reviews
Thomas Ptacek (Oct 11)
Yeah, this rang false to me too. It’s also the reason you can’t take a
client with 100 applications and run a tool that spams every discovered
endpoint with XSS vectors; their customers scream bloody murder when every
other page starts popping an alert box.

(This comes up a lot because people who don’t do large-scale testing tend
to believe XSS is something you can safely test for everywhere).

“You cannot deface websites with…

Re: Book Reviews
Dave Aitel (Oct 11)
Yes, in theory. There are scenarios where you can do all those things. None
of those are what the authors meant, to put it kindly.

-dave

Re: Book Reviews
Eric Schultz (Oct 11)
“You cannot deface websites with cross-site-scripting”

You can with stored cross site scripting.

You if the app is also vulnerable to cross site request forgery.

You can if you steal a privileged session and you have network access.

-Eric

Book Reviews
Dave Aitel (Oct 10)
2 Book Reviews in this post.

1. Lab Girl
<https://www.amazon.com/Lab-Girl-Hope-Jahren-ebook/dp/B00Z3FYQS4/ref=tmm_kin_swatch_0?_encoding=UTF8&qid=1476112205&sr=8-1>
:
Probably the best book I’ve read all year. Immediately go and purchase and
read this. Speaks well to the hacker spirit, but is written like poetry.

2.
http://cybersecpolitics.blogspot.com/2016/10/book-review-cyber-war-vs-cyber-realities.html

Read my review…

Why there’s an INFILTRATE
dave aitel (Sep 29)
It was one of our first INFILTRATEs when Thomas Lim gave a keynote
saying
<http://immunityinc.com/infiltratemovies/movies/thomaslim_keynote.mp4>,
in specific, that there were far too many security conferences. And he
was, of course right. And also one of our first keynotes when Thomas
Dullien talked about weird machines and JIT engines
<http://www.slideshare.net/scovetta/fundamentals-of-exploitationrevisited>and
the philosophy of bug…

Re: Deep down the certificate pinning rabbit hole of “Tor Browser Exposed”
Ryan Duff (Sep 19)
Hey everyone,

I have posted a full technical writeup and wrap-up for this bug. Check it
out here:
https://medium.com/@flyryan/postmortem-of-the-firefox-and-tor-certificate-pinning-vulnerability-rabbit-hole-bd507c1403b4#.oawicwift

Thanks!

-Ryan

Deep down the certificate pinning rabbit hole of “Tor Browser Exposed”
Ryan Duff (Sep 15)
Hey everyone,

I spent a decent portion of my day looking into the claim by the Tor-Fork
developer that you could get cross-platform RCE on Tor Browser if you’re
able to both MitM a connection and forge a single TLS certificate for
addons.mozilla.org. This is well within the capability of any decently
resourced nation-state. Definitely read @movrcx’s write-up first to see his
claim. It’s here:…

Re: The difference between block-based fuzzing and AFL
Michal Zalewski (Sep 15)
I don’t look at the it this way.

To put it bluntly, the overriding principle behind AFL is that it
intentionally takes away choice and forces you to simplify problems
instead of complicating the test suite.

Quite often, that’s the right thing to do, even if it *feels*
insulting or wrong to a pro. There are fuzzing frameworks that are
incredibly flexible and expressive, allowing you to create complex
protocol specs, fiddle with dozens…

Tor Browser Exposed: Anti-Privacy Implantation at Mass Scale
Joshua (Sep 13)
Howdy folks,

An article was written on how a nation state could conduct an attack on all Tor Browser platforms. Enjoy!

https://medium.com/@movrcx/tor-browser-exposed-anti-privacy-implantation-at-mass-scale-bd68e9eb1e95#.fjup01gkm_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

Re: iPhone Security
Kristian Erik Hermansen (Sep 13)
Thanks to Apple for finally fixing the issues today with latest
updates and not crediting where credit is due. And, you should really
update to get the patches just released…

“CVE-2016-4741: Description: An issue existed in iOS updates, which
did not properly secure user communications. This issue was addressed
by using HTTPS for software updates.”

Re: The difference between block-based fuzzing and AFL
Ryan Stortz (Sep 13)
I don’t think it’s an apples-to-oranges comparison to compare these fuzzers
against the Cyber Grand Challenge test set (
https://github.com/trailofbits/cb-multios). In fact, the CGC test set is a
perfect shooting gallery. The test set is entirely comprised of network
services that implement protocols that represent real world software.
DECREE has no knowledge of file systems or files at all. The protocols are
frequently simplified, but…

Re: The difference between block-based fuzzing and AFL
Andrew Ruef (Sep 13)
The benefit of a tool like AFL is that it’s black-box: you don’t need a grammar, you don’t need a complicated, rich and
deep specification of a protocol like RPC that encapsulates checksums, encryption, etc.

AFL (and fuzzers like it) have a strategy to work around their lack of knowledge/a deep specification, though: just
recompile your application to skip checksums and turn off encryption.

Augh! It’s so cheesy! The indignity! You…

The difference between block-based fuzzing and AFL
Dave Aitel (Sep 13)
So let’s take a quick break from thinking about how messed up Wassenaar is
or what random annoying thing the EFF or ACLU said about 0day today and
talk about fuzzers. AFL has everyone’s mind share, but I you have to point
out that it is still a VERY specialized tool.

The process of taking a file, sending it into some processing unit, and
then figuring out if it crashes, sounds easy and generic. But in practice
you have to carefully…

pauldotcom logoPaulDotCom

— General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

Re: [Security Weekly] cheap hosting
Robin Wood (Sep 23)
Resurrecting an old thread but they now have an affiliate program and I can
issue my own codes so:

20% off all servers AqUVYbUXag
50% off all big dog (whatever that is) 7E9YRUzEZy

After a month with them, their tech support is OK but not great, the server
has stayed up and not had any problems.

Robin

Re: [Security Weekly] projecting in a bight space
Jeremy Pommerening (Aug 28)
I would look for a projector with at least 6000 ANSI Lumens or better.  A darker screen (grey) may also help.
 
Jeremy Pommerening

________________________________
From: Robin Wood <robin () digi ninja>
To: Security Weekly Mailing List <pauldotcom () mail securityweekly com>
Sent: Sunday, August 3, 2014 3:42 AM
Subject: [Security Weekly] projecting in a bight space

I’ve been looking at the venue for next year’s…

[Security Weekly] Two Firefox security bugs related to HTTPS
ffbugishere (Aug 17)
Hello world!

We need votes for security bugs!

Adding “Security Exception” for self-signed HTTPS sites cannot be done
permanently
https://bugzilla.mozilla.org/show_bug.cgi?id=1050100

Firefox 31 doesn’t supports the industry recommended best HTTPS
ciphers
https://bugzilla.mozilla.org/show_bug.cgi?id=1051210

Other browsers should have the same bugs fixed..

p.s.: We are not related to this group, but we think they worth a
penny…

Re: [Security Weekly] Java and Flash decompilers
Will Metcalf (Aug 05)
JPEXS is very nice for flash IMHO.

http://www.free-decompiler.com/flash/

Regards,

Will

Re: [Security Weekly] Java and Flash decompilers
Bradley McMahon (Aug 05)
I’ve used flare before to pull apart a flash site for a client.
http://www.nowrap.de/flare.html

-Brad

Re: [Security Weekly] SecurityCenter alternative
Steven McGrath (Aug 04)
SC certainly isn’t cheap (as a former SC customer that moved over to Tenable I can attest to that) however I can point
out that the data aggregation, trending, and custom reporting were huge wins in my book. I guess its a time/money
trade-off. How much time do you want to spend either cobbling together a tool or manually aggregating the data when
there is another tool already out there that can do it out of the box.

I can speak in more…

Re: [Security Weekly] Java and Flash decompilers
S. White (Aug 04)
A few I’ve used in the past:

JAD – http://varaneckas.com/jad/ , http://en.wikipedia.org/wiki/JAD_(JAva_Decompiler)

HP SWFscan 

Adobe SWF investigator http://labs.adobe.com/technologies/swfinvestigator/

________________________________
From: Robin Wood <robin () digi ninja>
To: Security Weekly Mailing List <pauldotcom () mail securityweekly com>
Sent: Monday, August 4, 2014 5:54 AM
Subject: [Security Weekly] Java and…

[Security Weekly] DoFler @ BSidesLV
Steven McGrath (Aug 04)
This will be the 3rd year that DoFler (the Dashboard of Fail) will be at BSidesLV. This year I wrote a new spiffy
interface for maximum trolling. Let’s be honest now, everyone loves to surf for various forms of horrible on the
internet at cons :D. Also added this year is a little vulnerability analysis (using Tenable’s PVS). Every year I try
to improve it a bit based on everyone’s input, and am always welcome to more feedback.

DB…

Re: [Security Weekly] cheap hosting
Robin Wood (Aug 04)
Already sorted but thanks for the info.

Re: [Security Weekly] Java and Flash decompilers
Nathan Sweaney (Aug 04)
Here are a few others I’ve used with varying success in the past:

SWFInvestigator – http://labs.adobe.com/technologies/swfinvestigator/
SWFScan – from Rafal Los at HP, though the link has been deleted. (Careful,
I’ve seen trojaned copies online.)

Re: [Security Weekly] SecurityCenter alternative
Paul Asadoorian (Aug 04)
Thanks all for the informative discussion!

I know, I’m jumping in late, some closing thoughts on the subject:

– SecurityCenter has the unique advantage of consolidating plugin
updates, meaning you could have hundred of Nessus scanners deployed in
your organization, and the scanners get the plugin feed from your
SecurityCenter system. The removes the requirement of Internet access
(From the scanners), and greatly eases the administration…

Re: [Security Weekly] SecurityCenter alternative
k41zen (Aug 04)
Thanks for all of your help.

We are in discussions with our Tenable contact about solutions for this issue. They’ve helped me out by enabling me to
move forward to at least deploy this into a Pre-Production environment but the costs of SC are a massive stumbling
block; hence my question about something else. Appreciate we have a big Nessus fan base here of which I am a member
too, but just wondered what could be wrapped around it.

I’ll…

Re: [Security Weekly] SecurityCenter alternative
Adrien de Beaupre (Aug 04)
Hi,

I have also written a series of script to collect data from tools such as
nmap and nessus to import into MySQL called OSSAMS:
http://www.ossams.com/wp-content/uploads/2011/10/ossams-parser-SecTor-2011.zip
That leaves report writing as a series of SQL queries.
I also have a series of scripts to kick off scans, as well as a command
like XML-RPC nessus client in python if anyone is interested.

Cheers,
Adrien

Re: [Security Weekly] cheap hosting
sec list (Aug 04)
Hey Robin,

If you’re still looking, might want to try out getclouder.com – they
spin up Linux containers in 5 seconds and use distributed storage, which
is pretty awesome. It’s still in beta, so they offer 3 months free
service, but it has been pretty stable so far from my experience.

[Security Weekly] Java and Flash decompilers
Robin Wood (Aug 04)
Hi
I’m trying to put together a list of tools for decompiling Flash and Java
apps. From asking on another list I already have:

Java
JD-GUI
Java Decompiler http://jd.benow.ca/jd-gui/downloads/jd-gui-0.3.6.windows.zip.

Java snoop https://code.google.com/p/javasnoop/

Flash
Trillix
Flashbang https://github.com/cure53/Flashbang

Has anyone here got any others they can suggest?

Ideally I’m looking for free stuff but cheap commercial…

honeypots logoHoneypots

— Discussions about tracking attackers by setting up decoy honeypots or entire

honeynet

networks.

Honeypot malware archives
Matteo Cantoni (Feb 14)
Hello everyone,

I would like share with you for educational purposes and without any
commercial purpose, data collected by the my homemade honeypot.
Nothing new, nothing shocking, nothing sensational… but I think can
be of interest to newcomers to the world of analysis of malware,
botnets, etc… maybe for a thesis.

The files collected are divided into zip archives, in alphabetical
order, with password (which must be request via email). Some…

microsoft logoMicrosoft Sec Notification

— Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading “mitigating factors” section.

Microsoft Security Bulletin Minor Revisions
Microsoft (Oct 12)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: October 12, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-121

Bulletin Information:
=====================

MS16-121…

Microsoft Security Bulletin Releases
Microsoft (Oct 11)
********************************************************************
Title: Microsoft Security Bulletin Releases
Issued: October 11, 2016
********************************************************************

Summary
=======

The following bulletins have undergone a major revision increment.

* MS16-101 – Important

Bulletin Information:
=====================

MS16-101

– Title: Security Update for Windows Authentication Methods (3178465)
-…

Microsoft Security Bulletin Summary for October 2016
Microsoft (Oct 11)
********************************************************************
Microsoft Security Bulletin Summary for October 2016
Issued: October 11, 2016
********************************************************************

This bulletin summary lists security bulletins released for
October 2016.

The full version of the Microsoft Security Bulletin Summary for
April 2016 can be found at
<https://technet.microsoft.com/library/security/ms16-oct>….

Microsoft Security Bulletin Summary for September 2016
Microsoft (Sep 13)
********************************************************************
Microsoft Security Bulletin Summary for September 2016
Issued: September 13, 2016
********************************************************************

This bulletin summary lists security bulletins released for
September 2016.

The full version of the Microsoft Security Bulletin Summary for
September 2016 can be found at
<…

Microsoft Security Advisory Notification
Microsoft (Sep 13)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 13, 2016
********************************************************************

Security Advisories Released or Updated Today
==============================================

* Microsoft Security Advisory 3181759
– Title: Vulnerabilities in ASP.NET Core View Components Could
Allow Elevation of Privilege
-…

Microsoft Security Bulletin Minor Revisions
Microsoft (Sep 02)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: September 2, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-101

Bulletin Information:
=====================

MS16-101…

Microsoft Security Bulletin Releases
Microsoft (Aug 22)
********************************************************************
Title: Microsoft Security Bulletin Releases
Issued: August 22, 2016
********************************************************************

Summary
=======

The following bulletins have undergone a major revision increment.

* MS16-099 – Critical

Bulletin Information:
=====================

MS16-099

– Title: Security Update for Microsoft Office (3177451)
-…

Microsoft Security Bulletin Minor Revisions
Microsoft (Aug 18)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: August 18, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-075
* MS16-AUG

Bulletin Information:
=====================…

Microsoft Security Bulletin Minor Revisions
Microsoft (Aug 12)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: August 12, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-102

* MS16-AUG

Bulletin Information:
=====================…

Microsoft Security Bulletin Minor Revisions
Microsoft (Aug 11)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: August 11, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-035

* MS16-99

* MS16-102

* MS16-AUG

Bulletin…

Microsoft Security Bulletin Minor Revisions
Microsoft (Aug 10)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: August 10, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-101
* MS16-AUG

Bulletin Information:
=====================…

Microsoft Security Bulletin Minor Revisions
Microsoft (Aug 09)
********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: August 09, 2016
********************************************************************

Summary
=======
The following bulletins and/or bulletin summaries have undergone a
minor revision increment.

Please see the appropriate bulletin for more details.

* MS16-077

Bulletin Information:
=====================

MS16-077…

Microsoft Security Bulletin Summary for August 2016
Microsoft (Aug 09)
********************************************************************
Microsoft Security Bulletin Summary for August 2016
Issued: August 09, 2016
********************************************************************

This bulletin summary lists security bulletins released for
August 2016.

The full version of the Microsoft Security Bulletin Summary for
August 2016 can be found at
<https://technet.microsoft.com/library/security/ms16-aug>….

Microsoft Security Bulletin Releases
Microsoft (Aug 09)
********************************************************************
Title: Microsoft Security Bulletin Releases
Issued: August 9, 2016
********************************************************************

Summary
=======

The following bulletins have undergone a major revision increment.

* MS16-054 – Critical
* MS16-MAY

Bulletin Information:
=====================

MS16-054

– Title: Security Update for Microsoft Office (3155544)
-…

Microsoft Security Advisory Notification
Microsoft (Aug 09)
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: August 9, 2016
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Microsoft Security Advisory 3179528
– Title: Update for Kernel Mode Blacklist
https://technet.microsoft.com/library/security/3179528.aspx
-…

funsec logoFunsec

— While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

Verizon: 1.5M of Contact Records Stolen, Now on Sale
Jeffrey Walton (Mar 26)
http://www.mobipicker.com/verizon-1-5m-contact-records-stolen-now-sale/:

A business to business telecommunication giant,
Verizon Enterprise Solutions, a Basking Ridge,
New Jersey-based company, has been the latest
victim of a cyber crime that stole 1.5 million contact
records of the customers of Verizon…

I don’t quite understand this double talk. Could someone explain to me:

A spokesperson from Verizon said that…

Statement on Lavabit Citation in Apple Case
Jeffrey Walton (Mar 16)
(From John Young on another list):
http://www.facebook.com/KingLadar/posts/10156714933135038

As many of you already know, the government cited the Lavabit case in
a footnote. The problem is their description insinuates a precedent
that was never created. Obviously I was somewhat disturbed by their
misrepresentation. So I decided to draft a statement. And keep in
mind, these are the same people who say “trust us.” Click continue to
read…

The NSA’s back door has given every US secret to our enemies
Jeffrey Walton (Feb 29)
http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2

Deng Xiaoping, in 1979 – his second year as supreme leader of China –
perceived a fundamental truth that has yet to be fully grasped by most
Western leaders: Software, if properly weaponized, could be far more
destructive than any nuclear arsenal.

Under Deng’s leadership, China began one of the most ambitious and
sophisticated meta- software…

Can Spies Break Apple Crypto?
Jeffrey Walton (Feb 27)
Here’s an interesting exchange between Cryptome and Michael Froomkin,
Law Professor at University of Miami, on the All Writs Act
(http://cryptome.org/2016/02/can-spies-break-apple-crypto.htm):

—–

A. Michael Froomkin:

The factual posture in the key Supreme Court precedent, New York
Telephone, involved a situation where only the subject of the order
was capable of providing the assistance at issue. This is the basis
for Apple’s…

The FBI’s iPhone Problem: Tactical vs. Strategic Thinking
Jeffrey Walton (Feb 23)
http://www.technewsworld.com/story/83130.html

I’m an ex-sheriff, and I’ve been in and out of security jobs for much
of my life, so I’ve got some familiarity with the issues underlying
the drama between the FBI and Apple. FBI officials — and likely those
in every other three-letter agency and their counterparts all over the
world — would like an easier way to do their jobs. Wouldn’t we all?

If they could put cameras in…

Wanted: Cryptography Products for Worldwide Survey
Jeffrey Walton (Jan 01)
(http://www.schneier.com/crypto-gram/archives/2015/1215.html):

In 1999, Lance Hoffman, David Balenson, and others published a survey
of non-US cryptographic products. The point of the survey was to
illustrate that there was a robust international market in these
products, and that US-only export restrictions on strong encryption
did nothing to prevent its adoption and everything to disadvantage US
corporations. This was an important contribution…

cert logoCERT Advisories

— The

Computer Emergency Response Team

has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

Joomla! Releases Security Update for CMS
US-CERT (Oct 26)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

 

Joomla! Releases Security Update for CMS [
https://www.us-cert.gov/ncas/current-activity/2016/10/25/Joomla-Releases-Security-Update-CMS ] 10/25/2016 01:08 PM EDT
Original release date: October 25, 2016

Joomla! has released version 3.6.4 of its Content Management System (CMS) software to address multiple vulnerabilities.
Exploitation of some of these…

Week Four of National Cyber Security Awareness Month
US-CERT (Oct 25)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

 

Week Four of National Cyber Security Awareness Month [
https://www.us-cert.gov/ncas/current-activity/2016/10/25/Week-Four-National-Cyber-Security-Awareness-Month ] 10/25/2016
02:35 AM EDT
Original release date: October 25, 2016

In partnership with DHS, the National Cyber Security Alliance has released information on Navigating Your Continuously
Connected…

Apple Releases Security Updates
US-CERT (Oct 24)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

 

Apple Releases Security Updates [
https://www.us-cert.gov/ncas/current-activity/2016/10/24/Apple-Releases-Security-Updates ] 10/24/2016 04:32 PM EDT
Original release date: October 24, 2016

Apple has released security updates to address vulnerabilities in iOS, watchOS, tvOS, Safari, and macOS Sierra.
Exploitation of some of these vulnerabilities may allow a…

Cisco Releases Security Update
US-CERT (Oct 24)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

 

Cisco Releases Security Update [
https://www.us-cert.gov/ncas/current-activity/2016/10/24/Cisco-Releases-Security-Update ] 10/24/2016 05:23 PM EDT
Original release date: October 24, 2016

Cisco has released a security update to address a vulnerability in its WebEx Meetings Player. Exploitation of this
vulnerability could allow a remote attacker to take control…

Linux Kernel Vulnerability
US-CERT (Oct 21)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

 

Linux Kernel Vulnerability [ https://www.us-cert.gov/ncas/current-activity/2016/10/21/Linux-Kernel-Vulnerability ]
10/21/2016 12:50 PM EDT
Original release date: October 21, 2016

US-CERT is aware of a Linux kernel vulnerability known as Dirty COW (CVE-2016-5195). Exploitation of this vulnerability
may allow an attacker to take control of an affected system….

Mozilla Releases Security Update for Firefox
US-CERT (Oct 20)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

 

Mozilla Releases Security Update for Firefox [
https://www.us-cert.gov/ncas/current-activity/2016/10/20/Mozilla-Releases-Security-Update-Firefox ] 10/20/2016 10:58 PM
EDT
Original release date: October 20, 2016

Mozilla has released Firefox 49.0.2 to address a security vulnerability. Exploitation of this vulnerability may allow a
remote attacker to take…

ISC Releases Security Advisory
US-CERT (Oct 20)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

 

ISC Releases Security Advisory [
https://www.us-cert.gov/ncas/current-activity/2016/10/20/ISC-Releases-Security-Advisory ] 10/20/2016 09:20 PM EDT
Original release date: October 20, 2016

The Internet Systems Consortium (ISC) has released a security advisory to highlight a vulnerability in versions of BIND
software released before May 2013, and in third-party…

Oracle Releases Security Bulletin
US-CERT (Oct 18)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

 

Oracle Releases Security Bulletin [
https://www.us-cert.gov/ncas/current-activity/2016/10/18/Oracle-Releases-Security-Bulletin ] 10/18/2016 04:23 PM EDT
Original release date: October 18, 2016

Oracle has released its Critical Patch Update for October 2016 to address 247 vulnerabilities across multiple products.
Exploitation of some of these vulnerabilities may…

Week Three of National Cyber Security Awareness Month
US-CERT (Oct 17)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

 

Week Three of National Cyber Security Awareness Month [
https://www.us-cert.gov/ncas/current-activity/2016/10/17/Week-Three-National-Cyber-Security-Awareness-Month ]
10/17/2016 09:35 PM EDT
Original release date: October 17, 2016

In partnership with DHS, the National Cyber Security Alliance has released information on recognizing cyber crime […

TA16-288A: Heightened DDoS Threat Posed by Mirai and Other Botnets
US-CERT (Oct 14)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

 

TA16-288A: Heightened DDoS Threat Posed by Mirai and Other Botnets [ https://www.us-cert.gov/ncas/alerts/TA16-288A ]
10/14/2016 07:59 PM EDT
Original release date: October 14, 2016

Systems Affected

Internet of Things (IoT)—an emerging network of devices (e.g., printers, routers, video cameras, smart TVs) that
connect to one another via the Internet, often…

Google Releases Security Update for Chrome
US-CERT (Oct 13)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

 

Google Releases Security Update for Chrome [
https://www.us-cert.gov/ncas/current-activity/2016/10/13/Google-Releases-Security-Update-Chrome ] 10/13/2016 07:53 AM
EDT
Original release date: October 13, 2016

Google has released Chrome version 54.0.2840.59 to address multiple vulnerabilities for Windows, Mac, and Linux.
Exploitation of some of these…

Cisco Releases Security Updates
US-CERT (Oct 12)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

 

Cisco Releases Security Updates [
https://www.us-cert.gov/ncas/current-activity/2016/10/12/Cisco-Releases-Security-Updates ] 10/12/2016 01:52 PM EDT
Original release date: October 12, 2016

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit
some of these vulnerabilities to take control of an…

Adobe Releases Security Updates
US-CERT (Oct 11)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

 

Adobe Releases Security Updates [
https://www.us-cert.gov/ncas/current-activity/2016/10/11/Adobe-Releases-Security-Updates ] 10/11/2016 03:40 PM EDT
Original release date: October 11, 2016

Adobe has released security updates to address vulnerabilities in Flash Player and the Creative Cloud Desktop
Application. Exploitation of some of these vulnerabilities may…

Microsoft Releases Security Updates
US-CERT (Oct 11)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

 

Microsoft Releases Security Updates [
https://www.us-cert.gov/ncas/current-activity/2016/10/11/Microsoft-Releases-Security-Updates ] 10/11/2016 04:37 PM EDT
Original release date: October 11, 2016

Microsoft has released 10 updates to address vulnerabilities in Microsoft software. Exploitation of some of these
vulnerabilities could allow a remote attacker to…

Week Two of National Cyber Security Awareness Month
US-CERT (Oct 11)
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

 

Week Two of National Cyber Security Awareness Month [
https://www.us-cert.gov/ncas/current-activity/2016/10/11/Week-Two-National-Cyber-Security-Awareness-Month ] 10/11/2016
12:18 PM EDT
Original release date: October 11, 2016

October is National Cyber Security Awareness Month, an annual campaign to raise awareness about cybersecurity. In
partnership with DHS,…

oss-sec logoOpen Source Security

— Discussion of security flaws, concepts, and practices in the Open Source community

kernel: low-severity vfio driver integer overflow
Vlad Tsyrklevich (Oct 26)
The vfio driver allows direct user access to devices. The
VFIO_DEVICE_SET_IRQS ioctl for vfio PCI devices has a state machine
confusion bug where specifying VFIO_IRQ_SET_DATA_NONE along with
another bit in VFIO_IRQ_SET_DATA_TYPE_MASK in hdr.flags allows integer
overflow checks to be skipped for hdr.start/hdr.count. This might
allow memory corruption later in vfio_pci_set_msi_trigger() with user
access to an appropriate vfio device file, but it…

Re: CVE request: DoS loading a SVG in Firefox
Gustavo Grieco (Oct 26)
This issue was recently minimized and isolated to the circular use of
xlink:hrefs:

https://bugzilla.mozilla.org/show_bug.cgi?id=1297206#c5

Is a CVE suitable for this DoS?

Regards,
Gustavo.

2016-10-06 12:09 GMT-03:00 Gustavo Grieco <gustavo.grieco () gmail com>:

CVE requests: some issues in gif2webp
Gustavo Grieco (Oct 26)
Hello,

We recently reported some issues in gif2webp. These issues were tested in
ArchLinux using libwebp 0.5.1 (recompiled with ASAN support).

* NULL pointer derreference

Bug report: https://bugs.chromium.org/p/webp/issues/detail?id=310 (private)

Fix:
https://chromium.googlesource.com/webm/libwebp/+/806f6279aef4de8deca01c8e727db4a508716e95

* Several integer overflows:

Report: https://bugs.chromium.org/p/webp/issues/detail?id=314 (private)…

Re: Re: librsvg and cairo are causing libpng to write out-of-bounds
Gustavo Grieco (Oct 26)
A patch was recently proposed:

https://bugs.freedesktop.org/attachment.cgi?id=127421

thanks to John Bowler and his detailed analysis of this issue:

https://bugs.freedesktop.org/show_bug.cgi?id=98165

Can we have a CVE, now that we know it was an integer overflow and we have
a patch?

Regards,
Gustavo.

2016-10-06 21:02 GMT-03:00 John Bowler <john.cunningham.bowler () gmail com>:

Re: CVE-2016-5195 “Dirty COW” Linux kernel privilege escalation vulnerability
Solar Designer (Oct 26)
A lot was said about this vulnerability in lots of places, so I won’t
dare to try and repeat all or post it in here (sorry!) Many exploits
exist now, as summarized at:

https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs

The exploits vary in whether they use /proc/self/mem (newer kernels
only) or PTRACE_POKEDATA (both newer and older kernels) and in what they
target: generic read-only write, SUID root program, libc, or vDSO.
All of…

Re: CVE-2016-1240 – Tomcat packaging on Debian-based distros – Local Root Privilege Escalation
Solar Designer (Oct 26)
Dawid,

You call out distro vendors on very real security issues. In fact,
those distros should be embarrassed to still have previous millennium’s
issues like this, which are trivial to spot. It probably means that
their security teams are too disconnected from their packagers, and are
not proactive. You also bring this valuable information to the
oss-security community. Thank you for this.

However, as you probably realize, you also…

CVE-2016-4455: subscription-manager: incorrect permisions in /var/lib/rhsm/
Cedric Buissart (Oct 26)
Hi,

This is to disclose the following CVE:

CVE-2016-4455: subscription-manager: incorrect permissions in /var/lib/rhsm/
Description :

It was found that subscription-manager assigned incorrect permissions to
content in /var/lib/rhsm/, causing an information disclosure flaw. An
unprivileged local attacker could use this flaw to access sensitive data
that could later be used for a social engineering attack.

Upstream patch :…

Re: Re: jasper: memory allocation failure in jas_malloc (jas_malloc.c)
Simon McVittie (Oct 26)
It depends on the purpose of your software, and how it runs (for example
a one-shot command-line tool vs. a long-running daemon). If a
command-line tool for converting JPEG2000 to JPEG (or whatever) exits
unexpectedly due to a failed attempt to allocate multiple gigabytes
of memory, that isn’t really any worse than exiting unsuccessfully
because an arbitrary limit on image size was exceeded: the user isn’t
getting their desired JPEG…

Re: Re: jasper: memory allocation failure in jas_malloc (jas_malloc.c)
Agostino Sarubbo (Oct 26)
Tavis,

more or less I agree with you, but since time ago I saw that similar bugs
reveiced a CVE, I thought that these type of bugs could interest the community
and them I’m sharing them.
If I’m not mistaken, CWE-789 covers these type of bugs.

CVE-2016-1240 – Tomcat packaging on Debian-based distros – Local Root Privilege Escalation
Dawid Golunski (Oct 25)
I added a simple PoC video for the CVE-2016-1240 vulnerability.

In the PoC I used Ubuntu 16.04 with the latest tomcat7 package
(version: 7.0.68-ubuntu-0.1) installed from the default ubuntu repos
which appears vulnerable still.

The video poc can be found at:

http://legalhackers.com/videos/Apache-Tomcat-DebPkg-Root-PrivEsc-Exploit.html

Re: Addition to linux-distros for Arch Linux
Solar Designer (Oct 25)
Hi,

Added. Note that Levente’s key expires 2016-12-31.

To others requesting membership: it’s still frozen for now. Allan’s
request was much simpler since it’s about changes in who’s subscribed
for a distro that is already subscribed.

Alexander

Re: CVE-2016-7545 — SELinux sandbox escape – Firejail is CVE-2016-9016
Yves-Alexis Perez (Oct 25)
Thanks!

Re: Re: jasper: memory allocation failure in jas_malloc (jas_malloc.c)
Tavis Ormandy (Oct 25)
I’m not sure I understand the concern here. Isn’t it usually expected
that the administrator configures appropriate ulimits, and the code
should just handle allocation failure gracefully?

If we are considering *not* implementing arbitrary hardcoded limits a
security problem, that seems like a significant change in software
design philosophy (I’ve heard it called the zero-one-infinity rule
before).

Tavis.

Re: CVE-2016-7545 — SELinux sandbox escape
up201407890 (Oct 25)
Quoting “Yves-Alexis Perez” <corsac () debian org>:

Think so, CC’ing mitre.

—————————————————————-
This message was sent using IMP, the Internet Messaging Program.

Re: CVE-2016-7545 — SELinux sandbox escape – Firejail is CVE-2016-9016
cve-assign (Oct 25)
The ID for the similar Firejail vulnerability is CVE-2016-9016.
An additional reference is:

https://firejail.wordpress.com/download-2/release-notes/

securecoding logoSecure Coding

— The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of

Secure Coding: Principles and Practices

.

Silver Bullet 123: Yanek Korff
Gary McGraw (Jul 06)
hi sc-l,

The latest installment of Silver Bullet was posted this morning. Silver Bullet episode 123 features a conversation
with Yanek Korff. Yanek worked for many years at Cigital as a system administrator back in the early days. He then
moved on to operational security work at AOL and running managed security services at Mandiant.

We talk about managing technical people in this episode. We also discuss operational security. Have a…

[CFP] Workshop: Who are you?! Adventures in Authentication at SOUPS 2016 – Next week!
Larry Koved (Jun 20)
Title: Who are you?! Adventures in Authentication

Workshop to be held at the Twelfth Symposium on Usable Privacy and
Security – SOUPS 2016
When: June 22, 2016
Where: Denver, CO

URL: https://www.usenix.org/conference/soups2016/workshop-who-are-you

Description:

Authentication, or the act of proving that someone is who they claim to
be, is a cornerstone of security. As more time is spent using computers,
authentication is becoming both more…

Silver Bullet 122: David Nathans
Gary McGraw (Jun 07)
Hi sc-l,

The latest episode of Silver Bullet features a conversation with David Nathans from Siemens Healthcare. David got his
start in security ops, and even wrote a book about that. But he completely understands why product security is
essential in the modern world and has been moving things in the right direction when it comes to medical devices.

Have a listen: http://bit.ly/SB-nathans

As always, your feedback is welcome.

gem…

Jack from Codiscope: Static Analysis for Node.JS
Gary McGraw (May 20)
Hi sc-l,

New tech stacks call for new static analysis approaches. Check out Jacks (free for developers) from Codiscope:

https://codiscope.com/not-your-fathers-code-review/

gem

https://www.garymcgraw.com/
@cigitalgem

[CFP] Workshop CFP: Who are you?! Adventures in Authentication at SOUPS 2016 – 1 week until the submission deadline
Larry Koved (May 10)
Title: Who are you?! Adventures in Authentication

Workshop to be held at the Twelfth Symposium on Usable Privacy and
Security – SOUPS 2016
When: June 22, 2016
Where: Denver, CO

URL: https://www.usenix.org/conference/soups2016/workshop-who-are-you

Description:

Authentication, or the act of proving that someone is who they claim to
be, is a cornerstone of security. As more time is spent using computers,
authentication is becoming both more…

Silver Bullet 121: Marty Hellman
Gary McGraw (May 10)
hi sc-l,

While I was away in Europe, Silver Bullet 121 went live. This episode is an interview with recent Turing award winner
and public key crypto inventor Marty Hellman. I met Marty this year at RSA the night he won the Turing award. He’s a
hugely interesting guy.

We talk math, crypto, politics, and the history of the first two crypto wars. Marty put his own career (and freedom)
on the line in the first! It’s super interesting….

c0c0n 2016 | The cy0ps c0n – Call For Papers & Call For Workshops
c0c0n 2016 – The CyOps Conference (Apr 25)
___ ___ ___ ___ __ __
/ _ \ / _ \ |__ \ / _ \/_ | / /
___| | | | ___| | | |_ __ ) | | | || |/ /_
/ __| | | |/ __| | | | ‘_ \ / /| | | || | ‘_ \
| (__| |_| | (__| |_| | | | | / /_| |_| || | (_) |
\___|\___/ \___|\___/|_| |_| |____|\___/ |_|\___/

#################################################################
c0c0n 2016 | The cy0ps c0n – Call For Papers & Call…

[CFP] Workshop CFP: Who are you?! Adventures in Authentication at SOUPS 2016
Larry Koved (Apr 25)
Title: Who are you?! Adventures in Authentication

Workshop to be held at the Twelfth Symposium on Usable Privacy and
Security – SOUPS 2016
When: June 22, 2016
Where: Denver, CO

URL: https://www.usenix.org/conference/soups2016

Description:

Authentication, or the act of proving that someone is who they claim to
be, is a cornerstone of security. As more time is spent using computers,
authentication is becoming both more common and…

Silver Bullet celebrates a decade of shows: Gary McGraw
Gary McGraw (Apr 01)
hi sc-l,

Hard to believe, but Silver Bullet has been running for ten years—120 months of shows in a row without missing a
month. To celebrate this accomplishment, we shot a video for episode 120 out by the Shenandoah river at my house. And
we turned the tables on the interview. Marcus Ranum, inventor of the firewall, interviews me.

We discuss: software security, internet of (crappy) things, the surveillance state, advisory board work,…

educause logoEducause Security Discussion

— Securing networks and computers in an academic environment.

Re: Netwrix & STEALTHbits
Fisher, Matthew C (Oct 26)
We have used NetWrix for several years now for both AD and VMWare auditing and both have worked well for us.

Matt Fisher
Wofford College

—–Original Message—–
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Penn,
Blake
Sent: Wednesday, October 19, 2016 4:11 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Netwrix & STEALTHbits

Anyone out there had any…

Re: Netwrix & STEALTHbits
Harry Zahlis (Oct 25)
We have been using the Netwrix products: “Auditing of Active Directory and Auditing of Windows File Servers” for the
past 19 months. We have been very happy with our decision on the purchase and the ease of deployment of the products.

We have use the Active Directory solution to provide us with daily reports on all changes made and to provide us with
real-time alerts on specific objects in Active Directory like domain admins and…

Re: Organizations residing on campus
Drews, Jane E (Oct 24)
Mandi,

We have a few non-university organizations that operate on our campus. If
they get network service, we require completion of a SLA (service level
agreement). It is used for two purposes. The first is to provide contact
information/procedures (both sides) in the event of a problem such as
network outage or a security event involving them. The second is to
clearly state and agree that responsibility for security of their devices
rests…

Domain Admin Password Policy
Bonnie Johnson (Oct 24)
Hello,

There was a great discussion regarding password requirements recently. Along these lines, we are revisiting the
requirements for Domain Admin passwords. Would anyone be willing to share their policy and/or practice?

Thank you kindly,

Bonnie

P.S. Go Cubs!

Bonnie Johnson | Director, Information Security | Roosevelt University |
430 S. Michigan Ave, AUD 370| Chicago, IL 60605-1394 |
PH: 312-341-6352 | FAX: 312-341-3858 | bjohnson47 ()…

Re: Netwrix & STEALTHbits
Boyd, Daniel (Oct 20)
We’re currently using Netwrix, auditing AD and server changes in an 80+ server, ~2600 user environment. I’ve not
noticed any performance issues, but I will say that you can’t just turn it on and say go. We get alerts and notices
throughout the day for everything from AD changes to issues with end points as well as complete recorded RDP sessions
to our servers. It took some time to tame the beast.

Most all of our reports are…

Vacancy: Assistant Professor in Computer Science
Kees Leune (Oct 19)
See below. Cybersecurity expertise definitely won’t hurt 😉

——————————
Assistant Professor
Job department/School: *Mathematics and Computer Science*
FT/PT/Temp: *Full time*
openings: *1*
Job Title: *Assistant Professor*
Location: *Garden City, N.Y.*
——————————
Description

*Assistant Professor*

*Mathematics and Computer Science*

*Tenure-Track*

*Start Date: Fall 2017*

The Adelphi University…

Re: Netwrix & STEALTHbits
Rob Milman (Oct 19)
Hi Blake,

I’ve used the full Netwrix suite in the past. It’s a very good product and works as advertised. My only concern would
be scalability for use in the post-secondary enterprise environment. The company I used it at was a mid-sized 400
person environment and it would bog down if I requested a report that spanned longer than a month. I’m not sure how it
would scale for a larger enterprise. We are currently evaluating…

Netwrix & STEALTHbits
Penn, Blake (Oct 19)
Anyone out there had any experiences with Netwrix or STEALTHbits products that you would be willing to share?

Thanks,

Blake Penn
Information Security Policy and Compliance Manager
Cyber Security
Georgia Institute of Technology
(404) 385-5480

AU’s looking for a future InfoSec leader to join our team!
Eric Weakland (Oct 19)
Greetings,
American University, located in our nation’s capital, Washington DC, is seeking a person to fill a Senior Information
Security Engineer position. You’ll join a fun team committed to not only preventing and reducing risk, but to providing
excellent customer service. Our CIO David Swartz, our CISO Cathy Hubbs and myself actively support Educause/HEISC
initiatives.
We’re looking for someone with at least 5 years of…

Security Analyst positions at UC Office of the President
Jon Good (Oct 18)
The University of California Office of the President is seeking qualified candidates for two Senior Operational
Security Analyst positions. These positions are part of a growing security operations team.

Qualified candidates will have wide-ranging experience in IT security operations with emphasis on application, OS, and
network security processes and practices. The Senior Operational Security Analyst will mesh professional experience and…

HEISC October Update: New Resources & List Reminders
Valerie Vogel (Oct 17)
We are halfway through National Cyber Security Awareness Month<http://www.educause.edu/ncsam>! Here are just a few
highlights of new HEISC resources for the community and reminders about participating on this list.

New HEISC Resources

* Recording, slides, and chat
transcript<https://library.educause.edu/resources/2016/9/nist-sp-800-171-and-cui-with-ron-ross-webinar> from the
September 29 virtual “coffee chat” about NIST…

Re: Organizations residing on campus
Gregg, Christopher S. (Oct 14)
This is something we are starting to work through now. We have several entities on our campus who have varying levels
of connection to the university, and we have a long history of treating them all as full members of the university in
terms of being granted accounts, using university leased computers (with and without a chargeback), having their
website hosted by the university, receiving technical support, etc. We are working with our…

Migration from Banner to Workday
Colin Abbott (Oct 13)
Hello,

We are embarking on our migration from Banner HR to Workday and I was wondering if anyone on this list has already
gone through this project and has lessons learned to share relating to security?

A few questions that we are looking at:

-Which option have you chosen to secure APIs?

-Is the day to day security management of user access managed by the business or central IT?

-Are you using multi-factor authentication?

– Do you…

Re: Organizations residing on campus
Hudson, Edward (Oct 13)
Mandi
Our policies spell out that they are applicable to “Auxiliaries, external businesses and organizations that use campus
information assets.”
You can find a public copy of them here: http://www.calstate.edu/icsuam/documents/Section8000.pdf

Regards
Ed Hudson, CISM
Director, Information Security
[cid:image003.jpg@01C82769.5BAE0640]
401 Golden Shore
Long Beach, CA 90802
Tel 562-951-8431
ehudson () calstate edu

I subscribe to e-mail…

Organizations residing on campus
Mandi Witkovsky (Oct 13)
We have several non-university entities (non-profit organizations) who have space to operate on campus. Most of the
time, all we provide is phones and internet access, but sometimes it gets hairy when the org wants to run servers on
premise. Does anyone have published standards or guidelines that they give to these types of entities so they know
what is allowed, and what expectations for security, and what the expectations are on both sides?…

Internet Issues and Infrastructure

nanog logoNANOG

— The

North American Network Operators’ Group

discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

Re: Spitballing IoT Security
Jean-Francois Mezei (Oct 26)
You still need to have a SOHO router, which could simply block any
incoming calls unless a port has been opened for a specific IP address.
(or UPnP for computers).

A camera showing the baby in 4K resolution along witgh sounds of him
crying on dolby surround to the mother who is at work would likely
saturate upload just as much as the virus sending DNS requests. This
falls into the tonne of feathers weighting as much as a tonne of lead
category.

Re: Spitballing IoT Security
Valdis . Kletnieks (Oct 26)
On Wed, 26 Oct 2016 15:02:46 -0700, “Ronald F. Guilmette” said:

Actually, it seems to be going to wireless/bluetooth, and DHCP from the
household router. Note that although a minor difference, it’s one that
can be leveraged. If we can change the dynamic from “plug it in and it
Just Works” to “plug it in, and click the pop-up from your router confirming
that you just added a device, and it Just Works after…

Re: Spitballing IoT Security
Ronald F. Guilmette (Oct 26)
In message <20161026123043.GA10916 () thyrsus com>,
“Eric S. Raymond” <esr () thyrsus com> wrote:

So basically, this is a proposal to “fix” the problem for all IoT devices
that are behind SOHO routers.

I am compelled to note that the grand vision of the Home of the Future[tm],
as it has been presented to me at least, looks rather more like this:

http://p.globalsources.com/IMAGES/PDT/BIG/053/B1088622053.jpg

Re: Spitballing IoT Security
Valdis . Kletnieks (Oct 26)
On Wed, 26 Oct 2016 20:53:51 +0200, JORDI PALET MARTINEZ said:

This only works if the company perceives a very real danger of having to
pay for damages in case of a breach.

Re: Spitballing IoT Security
Mark Andrews (Oct 26)
In message <11718.1477517100 () segfault tristatelogic com>, “Ronald F. Guilmette” writes:

FCC regulation has caused manufactures to do a US version and a rest
of the world version. They have over regulated. A simple list
for location should be enough with default on unknown which leaves
Wifi off until set.

Mark

Re: Spitballing IoT Security
Ronald F. Guilmette (Oct 26)
In message <20161026120634.GA20735 () gsp org>,
Rich Kulawiec <rsk () gsp org> wrote:

Well, see, this is why I was clear at the outset that in order for this
scheme to work, I’ll first need to be elected King of the World.

connectable device shall be sold or marketed *unless* it has been certified
(i.e. by some reliable entity that knows how to test these things) to be
incapable of being converted into a weapon, i.e. incapable…

Re: Spitballing IoT Security
Jean-Francois Mezei (Oct 26)
My smart TV not only hasn’t gotten updates in years, but Sharp has
stopped selling TVs in Canada. (not sure if they still sell TVs elsewhere).

When manufacturers provide a 2 year support on a device that will last
10 years, it is a problem which is why they really need to get it right
when product is released and not rely on patches.

With regards to liability. Good luck suing a chinese outfit that no
longer exists.

And pray tell, who gets…

Re: Spitballing IoT Security
Mark Andrews (Oct 26)
In message <CAF-Wqd5sO0x5muw6uPDxMXd+h1ebCCtL9Ke9uMEc7k364OfHLA () mail gmail com>, Ken Matlock writes:

Actually things have changed a lot in a positive direction.

* Router manufactures are using device specific passwords.
* Microsoft, Apple, Linux and *BSD issue regular fixes for their
products and users do intall them.
* My smart TV has automatic updates available and turned on.
* Other products do the same.

Now not everyone does…

Re: Spitballing IoT Security
bzs (Oct 26)
Re: certification of IoT devices analogous to UL etc

Another potentially useful channel to give this idea legs are
insurance companies, get them involved if possible.

They underwrite the risks particularly liability risks for
manufacturers. That’s why “Underwriters Laboratory” is called that,
ultimately it’s an arm of the insurance industry.

If the insurance companies tell a manufacturer they won’t cover risk
for any…

Re: Spitballing IoT Security
Ken Matlock (Oct 26)
As a relative ‘outsider’ I see a lot of finger-pointing and phrasing this
as (effectively) someone else’s fault.

To me this is a failing on a number of levels all contributing to the
problem.

1) The manufacturer – Backdoors, hidden accounts, remote access
capabilities, no proper security testing. No enforcing of security updates.
2) The end-user – No initiative on the end-user’s perspective to gain even
a basic understanding…

Re: Spitballing IoT Security
Mel Beckman (Oct 26)
Why does everyone think the Master Plan for World Domination has to be Evil? 🙂

-mel beckman

Re: Spitballing IoT Security
Jean-Francois Mezei (Oct 26)
re: having gadgets certified (aka UL/CSA for electric stuff).

Devil is in the details. Who would certify it ? And who would set the
standards for certification?

How fast would those standards change? updated with each new attack?
Would standards update require agreement of multiple parties who rarely
agree?

Consider vendor X who starts to develop product based on standards
available in Oct 2016, but by the time he gets to market, standards…

Re: Spitballing IoT Security
jim deleskie (Oct 26)
So device is certified, bug is found 2 years later. How does this help.
The info to date is last week’s issue was patched by the vendor in Sept
2015, I believe is what I read. We know bugs will creep in, (source anyone
that has worked with code forever) Also certification assuming it would
work, in what country, would I need one, per country I sell into? These
are not the solutions you are looking for ( Jedi word play on purpose)

Re: Spitballing IoT Security
Eric S. Raymond (Oct 26)
Mel Beckman <mel () beckman org>:

That is a good idea and I am officially adopting it as part of the Evil
Master Plan for World Domination. 🙂

I may recruit you to help draft the RFC.

Re: Spitballing IoT Security
JORDI PALET MARTINEZ (Oct 26)
Exactly, I was arguing exactly the same with some folks this week during the RIPE meeting.

The same way that certifications are needed to avoid radio interferences, etc., and if you don’t pass those
certifications, you can’t sell the products in some countries (or regions in case of EU for example), authorities
should make sure that those certifications have a broader scope, including security and probably some other features to
ensure…

interesting-people logoInteresting People

— David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating

Debunking the Patriot Act as It Turns 15
Dave Farber (Oct 26)
Begin forwarded message:

> From: Richard Forno <rforno () infowarrior org>
> Date: October 26, 2016 at 5:00:12 PM EDT
> To: Infowarrior List <infowarrior () attrition org>
> Cc: Dave Farber <dave () farber net>
> Subject: Debunking the Patriot Act as It Turns 15
>
>
> https://www.eff.org/deeplinks/2016/10/debunking-patriot-act-it-turns-15
>
> October 26, 2016 | By Kate Tummarello
>
>…

Google Fiber No Longer Coming to a City Near You
David Farber (Oct 26)
> http://gizmodo.com/google-fiber-halts-operations-in-ten-cities-1788214992
> <http://gizmodo.com/google-fiber-halts-operations-in-ten-cities-1788214992>

——————————————-
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription:…

The Authoritarian Internet Power Grab – The Wall Street Journal.
Dave Farber (Oct 26)
———- Forwarded message ———-
From: *Mark* <mark () tmtstrategies com>
Date: Wednesday, October 26, 2016
Subject: DL- Fwd: The Authoritarian Internet Power Grab – The Wall Street
Journal.
To: Dave <dave () farber net>

FYI . . .

—– Forwarded message from Bill Frezza <Bill.Frezza () cei org> —–
Date: Wed, 26 Oct 2016 10:44:57 +0000
From: Bill Frezza <Bill.Frezza () cei org>
Subject: The Authoritarian…

The Pentagon’s ‘Terminator Conundrum’: Robots That Could Kill on Their Own
Dave Farber (Oct 25)
Begin forwarded message:

> From: Hendricks Dewayne <dewayne () warpspeed com>
> Date: October 25, 2016 at 11:41:24 AM EDT
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] The Pentagon’s ‘Terminator Conundrum’: Robots That Could Kill on Their Own
> Reply-To: dewayne-net () warpspeed com
>
> The Pentagon’s ‘Terminator Conundrum’: Robots That…

AT&T Is Spying on Americans for Profit, New Documents Reveal
David Farber (Oct 25)
Begin forwarded message:

From: Hendricks Dewayne <dewayne () warpspeed com>
Subject: [Dewayne-Net] AT&T Is Spying on Americans for Profit, New Documents Reveal
Date: October 25, 2016 at 10:13:54 AM EDT
To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
Reply-To: dewayne-net () warpspeed com

[Note: This item comes from friend David Isenberg. DLH]

AT&T Is Spying on Americans for Profit, New Documents…

Re Someone Is Learning How to Take Down the Internet
Dave Farber (Oct 24)
Begin forwarded message:

> From: Ross Stapleton-Gray <ross.stapletongray () gmail com>
> Date: October 24, 2016 at 4:31:38 PM EDT
> To: DAVID FARBER <dave () farber net>
> Subject: Re: [IP] Someone Is Learning How to Take Down the Internet
>
> I hear “sophisticated” thrown around a lot, in reporting on cybersecurity… I think that’s a lazy word. What
> exactly would we say is sophisticated…

Re Every LTE call, text, can be intercepted, blacked out, hacker finds
Dave Farber (Oct 24)
Begin forwarded message:

> From: Thomas Leavitt <thomas () thomasleavitt org>
> Date: October 24, 2016 at 2:38:13 PM EDT
> To: Dave Farber <dave () farber net>
> Subject: Re: [IP] Every LTE call, text, can be intercepted, blacked out, hacker finds
>
> Dave,
>
> This comment in response to the article seems cogent, I don’t have the background to evaluate accuracy, but it seems
> legit?
>
>…

Someone Is Learning How to Take Down the Internet
Dave Farber (Oct 24)
Begin forwarded message:

> From: Hendricks Dewayne <dewayne () warpspeed com>
> Date: October 24, 2016 at 2:10:48 PM EDT
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] Someone Is Learning How to Take Down the Internet
> Reply-To: dewayne-net () warpspeed com
>
> [Note: Given the events of last week, I thought it was appropriate to post this item from September…

Internet Policy] ‘Smart’ home devices used as weapons in website attack (was RE: [Chapter-delegates] Hack http://www.bbc.com/news/technology-37738823)
Dave Farber (Oct 24)
Begin forwarded message:

> From: Suzanne Woolf <suzworldwide () gmail com>
> Date: October 23, 2016 at 2:13:51 PM EDT
> To: David Sarokin <sarokin () gmail com>
> Cc: “internetpolicy () elists isoc org” <internetpolicy () elists isoc org>, Glenn McKnight <mcknight.glenn () gmail
> com>, ISOC Chapter Delegates <chapter-delegates () elists isoc org>
> Subject: Re: [Internet Policy]…

Every LTE call, text, can be intercepted, blacked out, hacker finds
Dave Farber (Oct 24)
———- Forwarded message ———-
From: *Lauren Weinstein* <lauren () vortex com>
Date: Sunday, October 23, 2016
Subject: [ NNSquad ] Every LTE call, text, can be intercepted, blacked out,
hacker finds
To: nnsquad () nnsquad org

Every LTE call, text, can be intercepted, blacked out, hacker finds

http://www.theregister.co.uk/2016/10/23/every_lte_call_
text_can_be_intercepted_blacked_out_hacker_finds/

The Third Generation…

Re ] Hacked Cameras, DVRs Powered Today’s Massive Internet Outage
Dave Farber (Oct 23)
———- Forwarded message ———-
From: *Brett Glass* <brett () lariat net>
Date: Sunday, October 23, 2016
Subject: [Dewayne-Net] Hacked Cameras, DVRs Powered Today’s Massive
Internet Outage
To: dave () farber net

Dave, and everyone:

While my small ISP couldn’t do much about the massive denial of service
attacks that plagued the Internet this week (except to answer the phone
calls from frustrated customers who could not…

Re Pittsburgh’s new artificially intelligent stoplights could mean no more pointless idling
Dave Farber (Oct 23)
———- Forwarded message ———-
From: *Libert, Tim* <tlibert () asc upenn edu>
Date: Sunday, October 23, 2016
Subject: Re Pittsburgh’s new artificially intelligent stoplights could mean
no more pointless idling
To: “dave () farber net” <dave () farber net>

Other complaints notwithstanding, the CEO is a research professor of
robotics at CMU, long way from the sales dept… http://www.cs.cmu.edu/~sfs/

Re Pittsburgh’s new artificially intelligent stoplights could mean no more pointless idling
Dave Farber (Oct 23)
———- Forwarded message ———-
From: *Bob Frankston* <Bob19-0501 () bobf frankston com>
Date: Sunday, October 23, 2016
Subject: Re Pittsburgh’s new artificially intelligent stoplights could mean
no more pointless idling
To: dave () farber net, ip <ip () listbox com>
Cc: John Gilmore <gnu () toad com>

Went to https://www.surtrac.net/. This seems to be a CMU research project
focused on congested city roads. There is…

Urgent product inquiry
Nijo Thomas (Oct 23)
Dear sir/madam

We are One of the largest multi services provider here in Kuwait. After going through your website which was given to
us by one of your customer, attached i send you our interested product from your company. Pls inform us your MOQ, lead
time and costing details this will greatly help us determine what quantity we order from you. we hope we will establish
a long term business relationship.

what your MOQ, lead time and costing…

Re Pittsburgh’s new artificially intelligent stoplights could mean no more pointless idling
Dave Farber (Oct 23)
Begin forwarded message:

> From: “Bob Frankston” <Bob19-0501 () bobf frankston com>
> Date: October 23, 2016 at 7:54:41 PM EDT
> To: dave () farber net, ” ‘ip'” <ip () listbox com>
> Cc: “John Gilmore” <gnu () toad com>
> Subject: RE: [IP] Re Pittsburgh’s new artificially intelligent stoplights could mean no more pointless idling
>
> Went to…

risks logoThe RISKS Forum

— Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

Risks Digest 29.88
RISKS List Owner (Oct 25)
RISKS-LIST: Risks-Forum Digest Tuesday 25 October 2016 Volume 29 : Issue 88

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.88>
The current issue can also be…

Risks Digest 29.87
RISKS List Owner (Oct 21)
RISKS-LIST: Forum Digest Friday 21 October 2016 Volume 29 : Issue 87

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.87>
The current issue can also be found…

Risks Digest 29.86
RISKS List Owner (Oct 19)
RISKS-LIST: Risks-Forum Digest Wednesday 19 October 2016 Volume 29 : Issue 86

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.86>
The current issue can also…

Risks Digest 29.85
RISKS List Owner (Oct 15)
RISKS-LIST: Risks-Forum Digest Saturday 15 October 2016 Volume 29 : Issue 85

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org>
<http://catless.ncl.ac.uk/Risks/29.85>
The current issue can also be…

Risks Digest 29.84
RISKS List Owner (Oct 12)
RISKS-LIST: Risks-Forum Digest Wednesday 12 October 2016 Volume 29 : Issue 84

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.84>
The current issue can also…

Risks Digest 29.83
RISKS List Owner (Oct 10)
RISKS-LIST: Risks-Forum Digest Monday 10 October 2016 Volume 29 : Issue 83

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.83>
The current issue can also be…

Risks Digest 29.82
RISKS List Owner (Oct 08)
RISKS-LIST: Risks-Forum Digest Saturday 8 October 2016 Volume 29 : Issue 82

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.82>
The current issue can also be…

Risks Digest 29.81
RISKS List Owner (Oct 04)
RISKS-LIST: Risks-Forum Digest Tuesday 4 October 2016 Volume 29 : Issue 81

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.81>
The current issue can also be…

Risks Digest 29.80
RISKS List Owner (Oct 03)
RISKS-LIST: Risks-Forum Digest Monday 3 October 2016 Volume 29 : Issue 80

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.80>
The current issue can also be…

Risks Digest 29.79
RISKS List Owner (Sep 24)
RISKS-LIST: Risks-Forum Digest Saturday 24 September 2016 Volume 29 : Issue 79

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.79>
The current issue can also…

Risks Digest 29.78
RISKS List Owner (Sep 22)
RISKS-LIST: Risks-Forum Digest Thursday 22 September 2016 Volume 29 : Issue 78

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.78>
The current issue can also…

Risks Digest 29.77
RISKS List Owner (Sep 16)
RISKS-LIST: Risks-Forum Digest Friday 16 September 2016 Volume 29 : Issue 77

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.77>
The current issue can also…

Risks Digest 29.76
RISKS List Owner (Sep 12)
RISKS-LIST: Risks-Forum Digest Monday 12 September 2016 Volume 29 : Issue 76

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.76>
The current issue can also…

Risks Digest 29.75
RISKS List Owner (Sep 06)
RISKS-LIST: Risks-Forum Digest Tuesday 6 September 2016 Volume 29 : Issue 75

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.75>
The current issue can also…

Risks Digest 29.74
RISKS List Owner (Sep 02)
RISKS-LIST: Risks-Forum Digest Friday 2 September 2016 Volume 29 : Issue 74

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/29.74>
The current issue can also be…

dataloss logoBreachExchange

— BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.

Lax on security, many SMBs ripe for the picking by cyber criminals
Audrey McNeil (Oct 26)
http://thirdcertainty.com/guest-essays/lax-on-security-
many-smbs-ripe-for-the-picking-by-cyber-criminals/

Enterprises are cyber crime targets, and, as a result, big-company IT is
always “looking over their shoulder.” However, hacking is moving down
market, and small- and medium-size businesses (SMBs) are now targets as
well.

The ramifications are serious. For example, if an accountant’s unencrypted
laptop were lost or stolen, tax…

Breaches happen – the key is being prepared
Audrey McNeil (Oct 26)
http://www.scmagazineuk.com/breaches-happen–the-key-is-
being-prepared/article/527218/

The fallout of a substantial breach at Yahoo!, in which the names, email
addresses, passwords, telephone numbers and more than half a billion
customers had been compromised by hackers is continuing to pile pressure on
the company. This highlights the delays in breaches being detected and the
time it can take an organisation to identify the scale and take…

5 Ways to Manage New Threats in Today’s Cybersecurity Landscape
Audrey McNeil (Oct 26)
http://www.aim.ph/blog/5-ways-to-manage-new-threats-in-todays-cybersecurity-
landscape/

As technology evolves, so do the security threats that continue to hound IT
networks. New vulnerabilities and sophisticated methods are regularly being
discovered by experts and IT support teams, many of which are likely being
exploited by cyber criminals as soon as they are found.

This is because they have better tools, knowledge and expertise by which to…

UK data watchdog eyeballs Virgin Media after 50, 000 CVs exposed online
Audrey McNeil (Oct 26)
http://arstechnica.co.uk/security/2016/10/virgin-media-
50000-cv-applicants-exposed-ico/

Virgin Media could face a data breach probe after a job hunter uploaded his
CV to the cable firm’s graduate recruitment site and discovered he had
access to as many as 50,000 past and present CVs from fellow applicants.

The Information Commissioner’s Office told Ars on Tuesday morning that it
was looking at the sizeable data gaffe.

Student…

The folly of data-breach notification and how it can be fixed
Audrey McNeil (Oct 26)
http://www.seattletimes.com/opinion/the-folly-of-data-
breach-notification-and-how-it-can-be-fixed/

The headlines announcing compromise of perhaps 1 billion user files at
Yahoo underscore the pervasive nature of data breaches in today’s online
environment. Yahoo is sending notifications to its account holders,
notifying them that their personal data have been hacked.

Like the breaches at Target, Premera and thousands of other firms, the…

Cyber Security and Loss Recovery – A New Alternative for Organizations
Audrey McNeil (Oct 25)
http://www.jdsupra.com/legalnews/cyber-security-and-
loss-recovery-a-new-89910/

The largest data breaches ever have occurred since 2015, and targets have
encompassed a wide spectrum of entities. Organizations affected range from
U.S. DOJ and the IRS—where citizens’ personally identifying information was
stolen and released by hackers—to universities like the University of
Central Florida and the University of California–Berkeley—where…

The Legal Repercussions Of Tech-Based HIPAA Breaches
Audrey McNeil (Oct 25)
http://www.healthworkscollective.com/jennacyprus/357207/legal-
repercussions-tech-based-hipaa-breaches

HIPAA regulations defining the proper protocols for handling sensitive
medical information have been a great boon for patients, allowing them to
pursue appropriate care – confident that doctors, insurance
representatives, and other involved parties will protect their privacy –
but are medical professionals honoring these practices? As many…

The Business Guide to Developing a Cyber Security Incident Response Plan
Audrey McNeil (Oct 25)
http://www.aim.ph/blog/the-business-guide-to-developing-
a-cyber-security-incident-response-plan/

Remember the 1995 movie, The Net? In the scene post her stolen identity,
the protagonist, a computer programmer, says the most unthinkable thing,
“Our whole world is sitting there on a computer. It’s in the computer,
everything … is stored in there. It’s like this little electronic shadow
on each and every one of us, just, just begging for…

The Cost Of Data Breaches Will Get Even Higher
Audrey McNeil (Oct 25)
http://www.huffingtonpost.co.uk/alastair-paterson/the-cost-
of-data-breaches_b_12573436.html

We all know cyberattacks are a fact of business life these days and it is
no longer a question of if you get attacked, but instead when will you be
compromised.

When the ‘inevitable happened’, it used to be that a company was hit
financially as a by-product of being hacked by cybercriminals due to
factors like the impact on their reputation;…

Where are the real cybersecurity threats?
Audrey McNeil (Oct 25)
http://www.usatoday.com/story/money/2016/10/24/where-real-
cybersecurity-threats/92666966/

October is National Cyber Security Awareness month and a good time to
consider what the threats to our cybersecurity are and what we can and
should be doing about them. Sometimes it seems like the problems of
cybersecurity are overwhelming, but with concerted efforts by individuals,
businesses and governments we can dramatically reduce the level of this…

Promoting a Workplace Cybersecurity Culture
Audrey McNeil (Oct 25)
https://www.govloop.com/community/blog/promoting-workplace-cybersecurity-
culture/

Cybersecurity awareness ranks high on the federal government’s agenda and
rightly so. Data breaches at federal agencies affect not only the entity in
question, but potentially countless U.S. citizens whose private information
it might possess.

Earlier this year, a hack of the FBI and Department of Homeland Security
resulted in the contact information of nearly…

Security Awareness Training Can Prevent Disaster
Audrey McNeil (Oct 24)
http://www.business.com/technology/robert-siciliano-security-breach/

According to numerous studies, employees are responsible for about 80
percent of all data leaks. It only takes one worker who is a bit careless
to mess everything up. Let’s look at this example:

Your employee, Mary, receives an email on her personal account with the
subject line, “Lose 10 Pounds in One Weekend.” She clicks on the link in
the email to get more…

Bad Email Habits Die Hard
Audrey McNeil (Oct 21)
http://opensources.info/bad-email-habits-die-hard/

As much as we try to instill good email habits in the workplace, one slipup
can lead to a security breach causing confidential information to get in
the wrong hands. It’s one thing to email the wrong colleague a link to your
favorite YouTube video, but it’s another thing to inadvertently share W-2
forms, company credit card information, or discover you’ve been caught by a
phishing scam….

Cybersecurity Data Breaches and Mandatory Privacy Breach Reporting: Lessons from Alberta
Audrey McNeil (Oct 21)
http://www.jdsupra.com/legalnews/cybersecurity-data-breaches-and-61996/

In an increasingly interconnected and digitized world, data breaches have
become ever more common. The wealth of personal information that
corporations have in their possession means that such breaches can occur in
even the most benign circumstances. Although many corporations have
developed sophisticated privacy and cybersecurity protocols to minimize
these risks, data…

UK Banks not reporting cyber-attacks
Audrey McNeil (Oct 21)
http://www.scmagazineuk.com/uk-banks-not-reporting-cyber-
attacks/article/560288/

Many cyber-attacks on large UK banks never go reported according to
experts. Reuters reported that despite the Financial Conduct Authority
reporting a large uptick in reported attacks against banks, reaching 75 so
far this year, many banks are still not reporting those attacks.

The international newswire quoted Shlomo Touboul, chief executive of
Illusive Networks…

Open Source Tool Development

metasploit logoMetasploit

— Development discussion for

Metasploit

, the premier open source remote exploitation tool

nullcon se7en CFP is open
nullcon (Aug 25)
Dear Friends,

Welcome to nullcon se7en!

$git commit -a <sin>

<sin> := wrath | pride | lust | envy | greed | gluttony | sloth

nullcon is an annual security conference held in Goa, India. The focus
of the conference is to showcase the next generation of offensive and
defensive security technology. We happily open doors to researchers
and hackers around the world working on the next big thing in security
and request…

Ruxcon 2015 Final Call For Presentations
cfp (Jul 05)
Ruxcon 2015 Final Call For Presentations
Melbourne, Australia, October 24-25
CQ Function Centre

http://www.ruxcon.org.au

The Ruxcon team is pleased to announce the first round of Call For Presentations for Ruxcon 2015.

This year the conference will take place over the weekend of the 24th and 25th of October at the CQ Function Centre,
Melbourne, Australia.

The deadline for submissions is the 15th of September, 2015.

.[x]. About Ruxcon .[x]….

wireshark logoWireshark

— Discussion of the free and open source

Wireshark

network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

Re: Replacing AsciiDoc by Asciidoctor for faster documentation?
Peter Wu (Oct 26)
Since the syntax is supposedly backwards compatible (Asciidoctor claims
this and backs it up through its tests), it should be possible to
provide for both a2x and asciidoctor. The Ubuntu buildbots could benefit
from this change as well.

The Lua documentation is part of the WSDG, I plan to make more changes
in that area, but the delay makes it mildly annoying.

The required changes should not be evasive, but I could not quickly find
how to to the…

Re: Replacing AsciiDoc by Asciidoctor for faster documentation?
Graham Bloice (Oct 26)
The requirement for Ruby is a bit of a bind, yet another script language
runtime to install and therefore more manual steps in the Windows build env
setup.

While the time saving might be attractive is there that much churn in the
docs that you actually rebuild them a lot?

Replacing AsciiDoc by Asciidoctor for faster documentation?
Peter Wu (Oct 26)
Hi,

The current documentation generator is really, really, really slow. It
takes 35 seconds to generate developer-guide.xml using a2x
(asciidoc.py). Looking for ways to make it faster, I found Asciidoctor.
An initial attempt showed that it could generate a document within a
second.

Seeing references to Asciidoctor in the source tree, I was wondering if
somebody has actually looked at adding Asciidoctor support? One obstacle
I have now run into…

Re: Intro and lua question
Maynard, Chris (Oct 24)
You might also want to take a look at Hadriel Kaplan’s fpm.lua example posted at
https://wiki.wireshark.org/Lua/Examples. It solves this problem without using dissect_tcp_pdus().
– Chris

Re: How to evaluate hex/ebcdic packet data LUA
Jerry White (Oct 24)
You, sir, are my new hero. It all works. Thank you!

Jerry

Re: Changes to the Wireshark Wiki
Graham Bloice (Oct 24)
Hi Eddi,

Presentations and their supporting files such as captures are to be sent to
sharkfest () riverbed org where they are added to the SharkFest retrospective
site (https://sharkfest.wireshark.org/retrospective.html), as requested on
the Instructors “Know before you go” emails sent by Janice:

– Please provide your slide decks and recorded presentations for
uploading to the SharkFest’16 Europe website Retrospective page…

Re: Changes to the Wireshark Wiki
Alexis La Goutte (Oct 24)
Hi Eddi,

You can now edit the Wiki (added to EditorGroup)

The Wiki is good place to add pcap/explication/other stuff about SMB (and
SMB3)

Cheers

Re: How to evaluate hex/ebcdic packet data LUA
Guy Harris (Oct 23)
OK, so that field is a 1-character EBCDIC string?

That won’t work for EBCDIC.

All strings are kept as UTF-8 internally to Wireshark; this means that Wireshark translates them from the character
encoding in the packet to UTF-8, and therefore that Wireshark must be told what the encoding for the field is.

Therefore, you should do

tree:add_packet_field(pf_mgi_flag, tvbuf:range(19,1), ENC_EBCDIC)

to add it to the protocol tree.

To…

How to evaluate hex/ebcdic packet data LUA
Jerry White (Oct 23)
I’m having a dickens of a time working with the packet data in my Lua
dissector. I’m trying to see if a particular byte has a particular value.
This byte exists in three different places in the below code, and all I
want to do is test if it contains 0xc4, and I just can’t get it right. Any
help is appreciated.

local mgi = Proto(“mymgi”, “Somos MGI Protocol”)
local pf_mgi_flag =…

Changes to the Wireshark Wiki
Eddi Blenkers (Oct 23)
Dear all,

I have created an account on the Wireshark Wiki, using my handle from
ask.wireshark.org (packethunter).

During the Sharkfest EU this week I gave a presentation on SMB. A number
of attendees have requested the traces that were used to prepared the
presentation. I feel, that the Wireshark wiki is probably the best place
to make the traces available to a larger audience.

Please let me know, if there is a better way to publish the trace…

Re: IE data not dissected yet for GTPV2 LDN
Pascal Quantin (Oct 22)
2016-10-22 18:23 GMT+02:00 Pascal Quantin <pascal.quantin () gmail com>:

In fact its encoding was straightforward, so I added it (with a few other
ones) in this patch: https://code.wireshark.org/review/#/c/18396/

Note that it will be merged in Wireshark 2.3.0 development tree and will
not be backported in Wireshark 2.2.x releases.

Pascal.

Re: IE data not dissected yet for GTPV2 LDN
Pascal Quantin (Oct 22)
Hi Ashish,

2016-10-21 20:40 GMT+02:00 Ashish Sagar <ashish_sagar () affirmednetworks com>:

Please fill an enhancement bug request on https://bugs.wireshark.org with
your pcap file attached.

Best regards,
Pascal.

IE data not dissected yet for GTPV2 LDN
Ashish Sagar (Oct 22)
Hi,

When opening a pcap file with Version 2.2.1, for GTP V2 message decode, I am getting a message: IE data not dissected
yet”.

[cid:image001.jpg@01D22BA9.0FEC7DB0]

Thanks
Ashish

Re: Intro and lua question
Peter Wu (Oct 21)
[..]

As Michael noted, if the length can be derived from the header, then you
can use the dissect_tcp_pdus Lua function (in the C library code it is
called tcp_dissect_pdus instead. It is documented at
https://www.wireshark.org/docs/wsdg_html_chunked/lua_module_Proto.html

Here is an example of using dissect_tcp_pdus, it has abirtrary numbers,
but it should show the idea. Read mgi.dissector first, then
get_mgi_length, then dissect_mgi for a…

Re: Lua file io
Jerry White (Oct 21)
Yes, but I was too stupid to realize its relevance. I’ll give another look.
🙂

snort logoSnort

— Everyone’s favorite open source IDS,

Snort

. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

Re: snort inline mode and bridge
Vincent Li (Oct 26)
it is not a problem, but some optimal improvement I would like to see.
I have a lower end PC with two NIC running snort IPS bridge mode
between my ISP modem and my router at home. I use pulledpork to
update signatures every day and I scripted snort to restart to take
the updated signatures after new signatures finishing downloading. the
snort restart takes about 5 minutes to finish and during these 5
minutes period, my home Internet is down…

Re: Windows broken on snort.conf
Seshaiah Erugu (serugu) (Oct 26)
I will create a bug to change this error msg.

Thanks,
Seshaiah Erugu.

From: Russ Combs (rucombs)
Sent: Wednesday, October 26, 2016 7:00 PM
To: Seshaiah Erugu (serugu) <serugu () cisco com>; Michael Steele <michaels () winsnort com>; snort-devel () lists
sourceforge net
Subject: Re: [Snort-devel] Windows broken on snort.conf

We at least should fix the error message. “Invalid keyword ‘}’ for server…

Re: Windows broken on snort.conf
Russ (Oct 26)
We at least should fix the error message. “Invalid keyword ‘}’ for
server configuration” should be more like “unsupported decompression:
‘lzma'”.

——————————————————————————
The Command Line: Reinvented for Modern Developers
Did the resurgence of CLI tooling catch you by surprise?
Reconnect with the command line and become more productive.
Learn the…

Re: Windows broken on snort.conf
Seshaiah Erugu (serugu) (Oct 26)
Hi Michale,

Geoffrey Serrao responded to your query. Please find the attachment.

Thanks,
Seshaiah Erugu.

From: Michael Steele [mailto:michaels () winsnort com]
Sent: Wednesday, October 26, 2016 6:11 PM
To: snort-devel () lists sourceforge net
Subject: [Snort-devel] Windows broken on snort.conf

I’ve asked about this before and have yet to get any response from the Development team.

The below line in the snort.conf breaks Windows because…

Windows broken on snort.conf
Michael Steele (Oct 26)
I’ve asked about this before and have yet to get any response from the
Development team.

The below line in the snort.conf breaks Windows because there is a missing
library to decompress.

decompress_swf { deflate lzma } \

What do we need to do as Windows users so we don’t lose this function?

Is there going to be a fix available soon, and are you looking into it?

Kindest regards,

Michael……

Re: Can Snort notify a user program when it finishes processing a packet?
Russ (Oct 26)
Did you trying adding a rule that will trigger on each packet?

alert ip any any -> any any ( sid:1; msg:”packet”; )

Depending on what you are trying to do, you could also use the abcip DAQ
and just give it input when you are ready.

It the existing Snort I/O isn’t suitable, we can pick it up on devel …
for Snort++. 🙂

——————————————————————————
The Command Line:…

Snort Subscriber Rules Update 2016-10-25
Research (Oct 25)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-flash rule sets
to provide coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Can Snort notify a user program when it finishes processing a packet?
Chang Liu (Oct 25)
Dear all,

I am trying to integrate Snort in my program.
The function I want to implement is that my program sends a packet to the
Snort, Snort processes this packet, and notify me when it finishes
processing, and my program reads the alerts triggered if any.

I have tried a couple of solutions but still not satisfied:
– run a snort instance every time there is a new packet to sent. However,
there is a long overhead in loading Snort before it…

Re: Can Snort notify a user program when it finishes processing a packet?
Chang Liu (Oct 25)
Dear all,

Thanks for your reply. I understand that Snort can standalone examine
packets, but my intent is to interact with Snort from my program, and based
on the decision made by Snort, other follow-up steps will be taken
afterwards in my program. I will try posting this question in snort-dev.

Thanks
Chang

——————————————————————————
The Command Line: Reinvented for Modern Developers
Did the…

Re: snort inline mode and bridge
Russ (Oct 25)
Please restate the original problem. I don’t think fail open is what
you are after.

——————————————————————————
The Command Line: Reinvented for Modern Developers
Did the resurgence of CLI tooling catch you by surprise?
Reconnect with the command line and become more productive.
Learn the new .NET and ASP.NET CLI. Get your free copy!
http://sdm.link/telerik

Re: snort inline mode and bridge
Vincent Li (Oct 25)
so I tried to build snort with –enable-inline-init-failopen, it did
not sovle the problem I have. it looks to me the InlineFailOpen is
called near to the end of SnortMain after SnortInit (which take most
of the time during snort restart) and before PacketLoop();

I tried to hack the code to call InlineFailOpen before SnortInit, but
I had memory segment fault after starting up snort and pass traffic
through it, I assume some memory has to be…

Snort Subscriber Rules Update 2016-10-25
Research (Oct 25)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the blacklist,
file-image, malware-cnc, os-linux, protocol-scada and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Re: Can Snort notify a user program when it finishes processing a packet?
Jim Campbell (Oct 25)
Chang,

If the primary thrust of your effort is to use your program to
accomplish something, then the answer he gave you is correct.

If the intent is to set up a system that will examine each packet coming
in to your network then Snort is capable of doing that by itself. Snort
can be configured as an Intrusion Detection System (IDS) in which it
simply reports on packets failing some criteria. An IDS doesn’t drop
packets.

Snort can…

Re: Snort IDS
Jim Campbell (Oct 25)
Dave,

When you have configured Snort as an IPS you then “tune” the system by
determining which of the types of packets being dropped are not a
problem. You then enter the Generator ID and SID ID (e.g., 119:19) into
the /etc/snort/disablesid.conf file. Snort then stops dropping those
types of files.

Hope this helps,

Jim Campbell

——————————————————————————
The Command Line:…

Re: Snort IDS
Dave Osbourne (Oct 25)
Oh dear – I miss read that, indeed, my reply was for I*P*S….

——————————————————————————
The Command Line: Reinvented for Modern Developers
Did the resurgence of CLI tooling catch you by surprise?
Reconnect with the command line and become more productive.
Learn the new .NET and ASP.NET CLI. Get your free copy!
http://sdm.link/telerik_______________________________________________
Snort-users…

More Lists

We also maintain archives for these lists (some are currently inactive):

Related Resources

Read some old-school private security digests such as Zardoz at SecurityDigest.Org

We’re always looking for great network security related lists to archive. To suggest one, mail Fyodor.

Source: Full Disclosure @ October 26, 2016 at 06:36PM

0
Share