<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>

<TITLE>SecLists.Org Security Mailing List Archive</TITLE>
<META name="description" content="Security mailing list archive for the Nmap lists, Bugtraq, Full Disclosure, Security Basics, Pen-test, and dozens more. Search capabilities and RSS feeds with smart excerpts are available">
<META name="keywords" content="Security,Mailing Lists,nmap-dev,nmap-hackers,Bugtraq,Full Disclosure,Security Basics,Penetration Testing,Info Security News,Firewall Wizards,IDS Focus,Web App Security,Daily Dave,Honepots,MS Sec Notification,Funsec,CERT Advisories,Open Source Security,NANOG,Interesting People,RISKS,Metasploit,Wireshark,Snort">
<META http-equiv="Content-Type" content="text/html; charset=utf-8">

<script type="text/javascript">
<!--
function show_latest(name) {
	document.getElementById("show-" + name).style.display = "none";
	document.getElementById("hide-" + name).style.display = "inline";
	document.getElementById("latest-" + name).style.display = "block";
}
function hide_latest(name) {
	document.getElementById("show-" + name).style.display = "inline";
	document.getElementById("hide-" + name).style.display = "none";
	document.getElementById("latest-" + name).style.display = "none";
}
// Make the "Show latest posts" button visible if there's JavaScript.
document.write('<style type="text/css">\n\
.showbutton { display: inline !important };\n\
<\/style>');
-->
</script>
<link REL="SHORTCUT ICON" HREF="/shared/images/tiny-eyeicon.png" TYPE="image/png">
<META NAME="ROBOTS" CONTENT="NOARCHIVE">
<link rel="stylesheet" href="/shared/css/insecdb.css" type="text/css">
<!--Google Analytics-->
<script type="text/javascript">

  var _gaq = _gaq || [];
  _gaq.push(['_setAccount', 'UA-11009417-1']);
  _gaq.push(['_trackPageview']);

  (function() {
    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
  })();

</script>

<!--Google Custom Site Search boilerplate Javascript-->
<script>
  (function() {
    var cx = 'partner-pub-0078565546631069:bx60rb-fytx';
    var gcse = document.createElement('script'); gcse.type = 'text/javascript'; gcse.async = true;
    gcse.src = (document.location.protocol == 'https:' ? 'https:' : 'http:') +
        '//www.google.com/cse/cse.js?cx=' + cx;
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(gcse, s);
  })();
</script>
<!--End Google Custom Site Search boilerplate Javascript-->

</HEAD>
<BODY BGCOLOR="#2A0D45" TEXT="#000000">

<TABLE CELLPADDING="0" WIDTH="100%" CELLSPACING="0">
<TR><TD ALIGN="left"><A HREF="/"><IMG BORDER=0 ALT="Home page logo"
SRC="/images/sitelogo.png" HEIGHT=90 WIDTH=168></A></TD>
<TD VALIGN="bottom" ALIGN="right">
<!-- Begin TopBanner Code -->
<!-- AdSpeed.com Serving Code 7.9.5 for [Zone] TopBanner [Any Dimension] -->
<script type="text/javascript" src="http://g.adspeed.net/ad.php?do=js&amp;zid=14678&amp;wd=-1&amp;ht=-1&amp;target=_top"></script>
<!-- AdSpeed.com End -->
<!-- End Banner Code -->

</TD></TR></TABLE>
<TABLE WIDTH="100%" CELLPADDING="0" CELLSPACING="0"><TR>
<TD ALIGN="left" WIDTH="130" VALIGN="top" class="sidebar">

<!-- SECWIKI PORTAL INSERT -->

<ul>
<li><a href="http://nmap.org/">Nmap Security Scanner</a>
<ul>
<li><a href="http://nmap.org/">Intro</a></li>
<li><a href="http://nmap.org/book/man.html">Ref Guide</a></li>
<li><a href="http://nmap.org/book/install.html">Install Guide</a></li>
<li><a href="http://nmap.org/download.html">Download</a></li>
<li><a href="http://nmap.org/changelog.html">Changelog</a></li>
<li><a href="http://nmap.org/book/">Book</a></li>
<li><a href="http://nmap.org/docs.html">Docs</a></li>
</ul>
<li><a href="http://seclists.org/">Security Lists</a>
<ul>
<li><a href="http://seclists.org/nmap-hackers/">Nmap Hackers</a></li>
<li><a href="http://seclists.org/nmap-dev/">Nmap Dev</a></li>
<li><a href="http://seclists.org/bugtraq/">Bugtraq</a></li>
<li><a href="http://seclists.org/fulldisclosure/">Full Disclosure</a></li>
<li><a href="http://seclists.org/pen-test/">Pen Test</a></li>
<li><a href="http://seclists.org/basics/">Basics</a></li>
<li><a href="http://seclists.org/">More</a></li>
</ul>
<li><a href="http://sectools.org">Security Tools</a>
<ul>
<li><a href="http://sectools.org/tag/crackers/">Pass crackers</a></li>
<li><a href="http://sectools.org/tag/sniffers/">Sniffers</a></li>
<li><a href="http://sectools.org/tag/vuln-scanners/">Vuln Scanners</a></li>
<li><a href="http://sectools.org/tag/web-scanners/">Web scanners</a></li>
<li><a href="http://sectools.org/tag/wireless/">Wireless</a></li>
<li><a href="http://sectools.org/tag/sploits/">Exploitation</a></li>
<li><a href="http://sectools.org/tag/packet-crafters/">Packet crafters</a></li>
<li><a href="http://sectools.org/">More</a></li>
</ul>
<li><a href="http://insecure.org/">Site News</a></li>
<li><a href="http://insecure.org/advertising.html">Advertising</a></li>
<li><a href="http://insecure.org/fyodor/">About/Contact</a></li>
<li>
<!-- SiteSearch Google -->
<form action="http://insecure.org/search.html" id="cse-search-box-sidebar">
  <div>
    <input type="hidden" name="cx" value="partner-pub-0078565546631069:bx60rb-fytx">
    <input type="hidden" name="cof" value="FORID:9">
    <input type="hidden" name="ie" value="ISO-8859-1">
    <input type="text" name="q" size="16">
    <input type="submit" name="sa" value="Site Search">
  </div>
</form>
<!-- End SiteSearch Google -->
</li>
<!-- These can come back if I ever update them ...
<li><a href="http://insecure.org/links.html">Exceptional Links</a></li>
<li><a href="http://insecure.org/reading.html">Good Reading</a></li>
<li><a href="http://insecure.org/sploits.html">Exploit World</a></li>
-->
<li><a href="http://insecure.org/advertising.html">Sponsors:</a>

<br><br>
<!-- Begin Sidebar 1 Banner Code -->
<A HREF="http://www.solarwinds.com/log-event-manager.aspx?CMP=SYN-BAD-NMAP-Q42013_security-LEM-PP-120x90"><IMG SRC="/shared/images/p/solarwinds/1311_LEM_No_Compromises_120x90_v2.jpg" BORDER=0 HEIGHT=90 WIDTH=120 ALT="SolarWinds"></A>
<!-- End Sidebar 1 Banner Code -->
<br><br>
<!-- Begin Sidebar 2 Banner Code -->
<script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
<!-- SidebarSkyScraper -->
<ins class="adsbygoogle"
     style="display:inline-block;width:120px;height:600px"
     data-ad-client="ca-pub-0078565546631069"
     data-ad-slot="9829251079"></ins>
<script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script>
<!-- End Sidebar 2 Banner Code -->

<BR><BR>

</TD>
<TD BGCOLOR="#FFFFFF" VALIGN="top" ALIGN="left"><IMG
SRC="/shared/images/topleftcurve.gif" alt="/"><TABLE CELLPADDING="4" WIDTH="100%" style="table-layout: fixed;"><TR><TD BGCOLOR="#FFFFFF">
<CENTER><FONT SIZE="+2"><B>SecLists.Org Security Mailing List Archive</B></FONT></CENTER>

<P>Any hacker will tell you that the latest news and exploits are not
found on any web site&mdash;not even <A HREF="http://insecure.org">Insecure.Org</A>.  No, the cutting edge
in security research is and will continue to be the full
disclosure mailing lists such as Bugtraq.  Here we provide web
archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists.  Browse the individual lists below, or search them all:

<CENTER>
<!-- Google Custom SiteSearch -->
<form action="http://insecure.org/search.html" id="cse-search-box-top">
  <div>
    <input type="hidden" name="cx" value="partner-pub-0078565546631069:bx60rb-fytx">
    <input type="hidden" name="cof" value="FORID:9">
    <input type="hidden" name="ie" value="ISO-8859-1">
    <input type="text" name="q" size="60">
    <input type="submit" name="sa" value="SecSearch">
  </div>
</form>
<script type="text/javascript">
if (window.location.protocol != "https:") {
  document.write("<script type='text/javascript' src='http://www.google.com/coop/cse/brand?form=cse-search-box-top&amp;lang=en'><\/script>");
} else {
// Static copy for HTTPS pages fetched 2011-03-25.
// Changed the watermark CSS to use https.
(function() {
var f = document.getElementById('cse-search-box-top');
if (!f) {
f = document.getElementById('searchbox_demo');
}
if (f && f.q) {
var q = f.q;
var n = navigator;
var l = location;
var su = function () {
var u = document.createElement('input');
var v = document.location.toString();
var existingSiteurl = /(?:[?&]siteurl=)([^&#]*)/.exec(v);
if (existingSiteurl) {
v = decodeURI(existingSiteurl[1]);
}
var delimIndex = v.indexOf('://');
if (delimIndex >= 0) {
v = v.substring(delimIndex + '://'.length, v.length);
}
u.name = 'siteurl';
u.value = v;
u.type = 'hidden';
f.appendChild(u);
};
if (n.appName == 'Microsoft Internet Explorer') {
var s = f.parentNode.childNodes;
for (var i = 0; i < s.length; i++) {
        if (s[i].nodeName == 'SCRIPT' &&
            s[i].attributes['src'] &&
            s[i].attributes['src'].nodeValue == unescape('http:\x2F\x2Fwww.google.com\x2Fcoop\x2Fcse\x2Fbrand?form=cse-search-box-top\x26lang=en')) {
          su();
          break;
        }
      }
    } else {
      su();
    }

    
    if (n.platform == 'Win32') {
      q.style.cssText = 'border: 1px solid #7e9db9; padding: 2px;';
    }

    
    if (window.history.navigationMode) {
      window.history.navigationMode = 'compatible';
    }

    var b = function() {
      if (q.value == '') {
        q.style.background = '#FFFFFF url(https:\x2F\x2Fwww.google.com\x2Fcse\x2Fintl\x2Fen\x2Fimages\x2Fgoogle_custom_search_watermark.gif) left no-repeat';
      }
    };

    var f = function() {
      q.style.background = '#ffffff';
    };

    q.onfocus = f;
    q.onblur = b;

    
    if (!/[&?]q=[^&]/.test(l.search)) {
      b();
    }
  }
})();
}
</script>
<!-- End Google Custom SiteSearch -->
</CENTER>

<A NAME="inseclists"></A><h2 class="purpleheader">Insecure.Org Lists</h2><A NAME="nmap-dev"></A>
<div style="clear: right">
<A HREF="/nmap-dev/"><img src="/images/nmap-dev-logo.png" border="0" width="80" align="right" alt="nmap-dev logo"></A><B><A HREF="/nmap-dev/">Nmap Development</A></B> &mdash; Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to <A HREF="http://nmap.org">Nmap</A> and related projects. Subscribe <a href="http://nmap.org/mailman/listinfo/dev">here</a>.<BR><ul class="inline"><li class="first"><A HREF="/nmap-dev/2014/q1/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Current Quarter</A></li>
<li>&nbsp;<A HREF="/nmap-dev/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/nmap-dev.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://nmap.org/mailman/listinfo/dev"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-nmap-dev" href="javascript:show_latest('nmap-dev')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-nmap-dev" style="display: none" href="javascript:hide_latest('nmap-dev')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-nmap-dev" style="display: none">
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/nmap-dev/2014/q1/20">Re: time_t changes in OpenBSD-current</a></strong>
<em>Daniel Miller (Jan 07)</em><br>
Note that the %ll specifier is C99 and may not be supported on all<br>
compilers (check VC++ perhaps?)<br>
<br>
Dan<br>
<br>
Ref: <a  rel="nofollow" href="http://www.cplusplus.com/reference/cstdio/printf/">http://www.cplusplus.com/reference/cstdio/printf/</a><br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nmap-dev/2014/q1/19">Re: ncat-test.py?</a></strong>
<em>David Fifield (Jan 07)</em><br>
How do you plan to run multiple server tests in parallel? They all need<br>
to listen on different ports. A proposal we had on the list, which I<br>
think is a good one, is to add support for &quot;ncat -l 0&quot; to listen on any<br>
free port, and have the listening port be written to stderr in a<br>
machine-readable format so the test program knows what it is.<br>
<br>
David Fifield<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nmap-dev/2014/q1/18">Re: time_t changes in OpenBSD-current</a></strong>
<em>David Fifield (Jan 07)</em><br>
Thanks for this patch. Do we need to also add a cast to (long long) so<br>
it will work on other platforms where time_t is long or unsigned long?<br>
<br>
David<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/nmap-dev/2014/q1/17">Re: NSE scripts for scanning IPv6 sub-nets</a></strong>
<em>Raul Fuentes (Jan 06)</em><br>
Hello David, sorry for the late answer but the holidays  and no  Internet<br>
 were bad combo,<br>
<br>
What do you think about adapting the scripts to match our existing IPv6<br>
<br>
&quot;adapting&quot; here?   change names, and the shared vars or something else?<br>
<br>
Yes, with the current version are almost the same,  the only difference<br>
(aside the performance)  is if you want to use the script &quot;itsismx-dhcpv6.<br>
<br>
2013/12/28 David Fifield &lt;david () bamsoftware...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nmap-dev/2014/q1/16">Nsock port scanning</a></strong>
<em>Jacek Wielemborek (Jan 06)</em><br>
List,<br>
<br>
On CCC we talked a bit about the scanning pipeline and if I understood it <br>
correctly, one of the steps we have to take first is to implement port scanning <br>
using Nsock. Yesterday I finally got around to that and created nmap-nsock-scan <br>
branch, where I wanted to experiment with adding TCP connect scanning using <br>
Nsock. I&apos;m happy to announce that I&apos;ve got a proof of concept ready and I <br>
wanted to ask you guys what should I do...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/nmap-dev/2014/q1/15">Re: [nmap-svn] r32619 - nmap</a></strong>
<em>Daniel Miller (Jan 05)</em><br>
Jacek,<br>
<br>
I completely sympathize with your irritation at the tabs-vs-spaces<br>
disparity, but this can be such a polarizing topic that I think it<br>
deserves some discussion on the dev list before a wholesale change.<br>
Here are the points of discussion that I think should be decided<br>
before making this sort of commit:<br>
<br>
1. Tabs or spaces?<br>
2. If spaces, how many?<br>
3. Same for Lua, python, C?<br>
4. Where should it be documented?<br>
<br>
For the record, I think 2 spaces...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nmap-dev/2014/q1/14">Re: ncat-test.py?</a></strong>
<em>Jacek Wielemborek (Jan 05)</em><br>
01/01/2014 19:15:11 Jacek Wielemborek &lt;d33tah () gmail com&gt;:<br>
<br>
Hi again,<br>
<br>
I did a bit of experimentation and wrote a first prototype of ncat-test.py. <br>
It&apos;s currently just a proof-of-concept and has some kludges, but I wanted to <br>
ask you guys if it&apos;s generally the direction we&apos;d like to go for. <br>
<br>
In case you wanted to take a look at the code before reading the rest of the <br>
e-mail, it&apos;s in the SVN...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/nmap-dev/2014/q1/13">time_t changes in OpenBSD-current</a></strong>
<em>Giovanni Bechis (Jan 04)</em><br>
Hi,<br>
in september OpenBSD changed time_t to long long on all platforms, this change broke nmap on 32 bits platforms.<br>
IMHO the main reason is that timing.cc class stores data in a double and some precision is lost.<br>
The following patch seems to fix the problem, maybe a bit more work is needed.<br>
 Thanks &amp; Cheers<br>
   Giovanni Bechis_______________________________________________<br>
Sent through the dev mailing list<br>
<a  rel="nofollow" href="http://nmap.org/mailman/listinfo/dev">http://nmap.org/mailman/listinfo/dev</a>...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/nmap-dev/2014/q1/12">Zmap detecting more hosts than Nmap</a></strong>
<em>Jacek Wielemborek (Jan 03)</em><br>
List,<br>
<br>
We already talked a bit about it on 30C3, but I figured that since quite a lot <br>
of folks weren&apos;t there, I&apos;d move the discussion to nmap-dev.<br>
<br>
On 30C3, I heard an interesting talk by J. Alex Halderman, the author of ZMap. <br>
In his presentation, he - among other things - compared ZMap to Nmap, pointing <br>
out that despite its stateless approach, his tool actually finds more hosts <br>
compared to Nmap in its &quot;aggresive&quot; mode....<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nmap-dev/2014/q1/11">NCAT: SOCKS5 patch</a></strong>
<em>Petr Stodůlka (Jan 03)</em><br>
Hi,<br>
<br>
I did update of older patch for SOCKS5 support written by Marek Lukaszuk <br>
[1] , which was not merged because there were tests missing [2]. So I <br>
wrote some tests for SOCKS5 too. Can you look on it and say me if it&apos;s <br>
OK for merging or some next changes are needed?<br>
<br>
Thank you.<br>
<br>
Regards,<br>
Petr Stodulka<br>
<br>
[1] <a  rel="nofollow" href="http://seclists.org/nmap-dev/2011/q2/925">http://seclists.org/nmap-dev/2011/q2/925</a><br>
[2] <a  rel="nofollow" href="http://seclists.org/nmap-dev/2013/q1/391">http://seclists.org/nmap-dev/2013/q1/391</a><br>
<br>
diff --git a/ncat/ncat.h b/ncat/ncat.h<br>
index...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/nmap-dev/2014/q1/10">Re: [NSE] All-Seeing Eye version detection and info</a></strong>
<em>Marin Maržić (Jan 02)</em><br>
Commit confirmed to be working great!<br>
<br>
Happy New Year, have a great one,<br>
Marin<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nmap-dev/2014/q1/9">Re: [NSE] ventrilo-info Ventrilo server version detection and info</a></strong>
<em>Marin Maržić (Jan 02)</em><br>
Hey,<br>
<br>
Happy New Year dev () nmap org!<br>
(and sorry again for the slow replies)<br>
<br>
These should replace the existing &quot;match teamspeak2&quot; lines, and they will<br>
act as &quot;softmatches&quot; for the script (while still extracting as much info<br>
as possible should the script not be there):<br>
<br>
match teamspeak2 m|^\xf4\xbe\x04\x00\x00\x00\x00\x00....\x02\x00\x00\x00.....(.{29}).([^\0]+)\0+[^\0]|s p/TeamSpeak 2/ <br>
o/$2/ i/name: $1; no password/<br>
match...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nmap-dev/2014/q1/8">nping problem</a></strong>
<em>James Wall (Jan 02)</em><br>
I just got a new macbook pro and the first program I installed was nmap.<br>
Everything is working fine except for nping.<br>
I get the following error<br>
<br>
dyld: Library not loaded: /Users/david/macports-10.5/lib/libssl.1.0.0.dylib<br>
  Referenced from: /usr/local/bin/nping<br>
  Reason: image not found<br>
Trace/BPT trap: 5<br>
<br>
I don&apos;t have macports installed and I don&apos;t know who the user david is.<br>
Any suggestions would be great.<br>
<br>
Thanks for a truly amazing...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nmap-dev/2014/q1/7">Re: nmap-6.40/osscan2.cc: 2 * bad assert statement ?</a></strong>
<em>Jacek Wielemborek (Jan 02)</em><br>
02/01/2014 08:40:17 David Binderman &lt;dcb314 () hotmail com&gt;:<br>
<br>
Thanks, that definitely makes more sense. Committed in r32586._______________________________________________<br>
Sent through the dev mailing list<br>
<a  rel="nofollow" href="http://nmap.org/mailman/listinfo/dev">http://nmap.org/mailman/listinfo/dev</a><br>
Archived at <a  rel="nofollow" href="http://seclists.org/nmap-dev/">http://seclists.org/nmap-dev/</a><br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nmap-dev/2014/q1/6">nmap-6.40/osscan2.cc: 2 * bad assert statement ?</a></strong>
<em>David Binderman (Jan 02)</em><br>
Hello there,<br>
<br>
I just ran the static analysis checker &quot;cppcheck&quot; over <br>
the source code of nmap-6.40. It said many things, including<br>
<br>
1.<br>
<br>
[osscan2.cc:2651]: (warning) Logical disjunction always evaluates to true: replyNo&gt;= 0 || replyNo &lt; 6.<br>
<br>
Source code is<br>
<br>
  assert(replyNo&gt;= 0 || replyNo &lt; 6);<br>
<br>
Maybe<br>
<br>
  assert(replyNo&gt;= 0 &amp;&amp; replyNo &lt; 6);<br>
<br>
would be better code. <br>
<br>
2.<br>
<br>
[osscan2.cc:2696]: (warning) Logical...<br>
</p>

 

<!-- MHonArc v2.6.16 -->
</blockquote>
</div>
<BR>
<A NAME="nmap-announce"></A>
<div style="clear: right">
<B><A HREF="/nmap-announce/">Nmap Announce</A></B> &mdash; Moderated list for the most important new releases and announcements regarding the <A HREF="http://nmap.org">Nmap Security Scanner</A> and related projects. We recommend that all Nmap users <a href="http://nmap.org/mailman/listinfo/announce">subscribe</a>.<BR><ul class="inline"><li class="first"><A HREF="/nmap-announce/2013/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Previous Year</A></li>
<li>&nbsp;<A HREF="/nmap-announce/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/nmap-announce.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://nmap.org/mailman/listinfo/announce"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-nmap-announce" href="javascript:show_latest('nmap-announce')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-nmap-announce" style="display: none" href="javascript:hide_latest('nmap-announce')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-nmap-announce" style="display: none">
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/nmap-announce/2013/2">Nmap Team Launches 5-Gigapixel &quot;Icons of the Web&quot; Project</a></strong>
<em>Fyodor (Dec 19)</em><br>
Fellow Nmap Hackers,<br>
<br>
Perhaps you remember in 2010 how we capped off a massive scan of the top<br>
million Internet web sites by creating a giant interactive collage, with<br>
each site scaled by its popularity?  Well, I&apos;m happy to report that we<br>
restarted our scanners this year and have launched a brand new and much<br>
improved edition of Icons of the Web at <a  rel="nofollow" href="http://nmap.org/favicon/">http://nmap.org/favicon/</a>!  It&apos;s<br>
interesting to see how things have changed in just 3...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/nmap-announce/2013/1">Nmap 6.40 Released! New scripts, new signatures, better performance!</a></strong>
<em>Fyodor (Aug 19)</em><br>
Hi Folks.  It has been a while since the last stable Nmap release, but<br>
I&apos;m pleased to release Nmap 6.40 and I think you&apos;ll consider it worth<br>
the wait!  It includes 14 new NSE scripts, hundreds of new OS and<br>
service detection signatures, a new --lua-exec feature for scripting<br>
Ncat, initial support for NSE and version scanning through a chain of<br>
proxies, improved target specification, many performance enhancements<br>
and bug fixes, and much...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/nmap-announce/2013/0">Nmap Project Seeking Talented Programmers for Google Summer of Code</a></strong>
<em>Fyodor (Apr 26)</em><br>
Hi Folks.  I&apos;m happy to announce that the Nmap Project has again been<br>
accepted into the Google Summer of Code program. This innovative and<br>
extraordinarily generous program provides $5,000 stipends to college and<br>
graduate students who spend the summer improving Nmap! They gain valuable<br>
experience, get paid, strengthen their résumés, and write code for millions<br>
of users.<br>
<br>
Previous SoC students helped create the Nmap Scripting Engine, Zenmap...<br>
</p>

 

<!-- MHonArc v2.6.16 -->
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/nmap-announce/2012/4">Nmap 6.25 holiday season release! 85 new scripts, better performance, 	Windows 8 enhancements, and more</a></strong>
<em>Fyodor (Nov 30)</em><br>
Hi folks.  It has been more than five months since the Nmap 6.01<br>
release, and I&apos;m pleased to announce a new version for you to enjoy<br>
during the holidays!  Nmap 6.25 contains hundreds of improvements,<br>
including 85 new NSE scripts, nearly 1,000 new OS and service<br>
detection fingerprints, performance enhancements such as the new<br>
kqueue and poll I/O engines, better IPv6 traceroute support, Windows 8<br>
improvements, and much more!  It also includes...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/nmap-announce/2012/3">Nmap 6.01 Released</a></strong>
<em>Fyodor (Jun 22)</em><br>
Hi folks!  I&apos;m happy to report that the Nmap 6.00 release<br>
(<a  rel="nofollow" href="http://nmap.org/6">http://nmap.org/6</a> ) last month was a huge success, with hundreds of<br>
thousands of downloads and a bunch of positive articles and reviews.<br>
But any release this big is going to uncover a few issues, so we&apos;ve<br>
released Nmap 6.01 to address them.  This should also appease the more<br>
conservative users who always wait for the first patch update before<br>
installing a major software release....<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/nmap-announce/2012/2">Nmap 6 Released!</a></strong>
<em>Fyodor (May 21)</em><br>
Hi folks!  After almost three years of work, 3,924 code commits, and<br>
more than a dozen point releases since Nmap 5, I&apos;m delighted to<br>
announce the release of Nmap 6!  It includes a more powerful Nmap<br>
Scripting Engine, 289 new scripts, better web scanning, full IPv6<br>
support, the Nping packet prober, faster scans, and much more!<br>
<br>
For the top 6 improvements in Nmap 6, see the release notes:<br>
<br>
<a  rel="nofollow" href="http://nmap.org/6">http://nmap.org/6</a><br>
<br>
Or you can go straight to the...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/nmap-announce/2012/1">Last Chance to Apply for the Nmap/Google Summer of Code!</a></strong>
<em>Fyodor (Apr 04)</em><br>
Hi Folks.  I&apos;m happy to announce that the Nmap Project has again been<br>
accepted into the Google Summer of Code program.  This innovative and<br>
extraordinarily generous program provides $5,000 stipends to college<br>
and graduate students who want to spend the summer improving Nmap!<br>
They gain valuable experience, get paid, strengthen their résumé, and<br>
write code for millions of users.<br>
<br>
Previous SoC students helped create the Nmap Scripting Engine,...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/nmap-announce/2012/0">Nmap 5.61TEST5 released with 43 new scripts,	improved OS &amp; version detection, and more!</a></strong>
<em>Fyodor (Mar 09)</em><br>
Hi folks!  We&apos;ve been working hard for the last 2 months since<br>
5.61TEST4, and I&apos;m pleased to announce the results: Nmap 5.61TEST5.<br>
This release has 43 new scripts, including new brute forcers for http<br>
proxies, SOCKS proxies, Asterisk IAX2, Membase, MongoDB, Nessus<br>
XMLRPC, Redis, the WinPcap remote capture daemon, the VMWare auth<br>
daemon, and old-school rsync.  Better check that your passwords are<br>
strong!  Some other fun scripts are...<br>
</p>

 

<!-- MHonArc v2.6.16 -->
</blockquote>
</div>
<BR>
<h2 class="purpleheader">Other Excellent Security Lists</h2><A NAME="bugtraq"></A>
<div style="clear: right">
<A HREF="/bugtraq/"><img src="/images/bugtraq-logo.png" border="0" width="80" align="right" alt="bugtraq logo"></A><B><A HREF="/bugtraq/">Bugtraq</A></B> &mdash; The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!<BR><ul class="inline"><li class="first"><A HREF="/bugtraq/2014/Jan/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Current Month</A></li>
<li>&nbsp;<A HREF="/bugtraq/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/bugtraq.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://www.securityfocus.com/archive/1/description"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-bugtraq" href="javascript:show_latest('bugtraq')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-bugtraq" style="display: none" href="javascript:hide_latest('bugtraq')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-bugtraq" style="display: none">
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/bugtraq/2014/Jan/10">Open-Xchange Security Advisory 2014-01-06</a></strong>
<em>Martin Braun (Jan 06)</em><br>
Open-Xchange Security Advisory 2014-01-06<br>
<br>
Product: Open-Xchange AppSuite<br>
Vendor: Open-Xchange GmbH<br>
<br>
Internal reference: 30203 (Bug ID)<br>
Vulnerability type: CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page)<br>
Vulnerable version: 7.4.0 and earlier<br>
Vulnerable component: backend<br>
Fixed version: 7.4.0-rev21, 7.4.1-rev9<br>
Report confidence: Confirmed<br>
Solution status: Fixed by Vendor<br>
Vendor notification: 2013-12-06<br>
Solution date:...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/bugtraq/2014/Jan/9">[SECURITY] [DSA 2836-1] devscripts security update</a></strong>
<em>Raphael Geissert (Jan 06)</em><br>
-------------------------------------------------------------------------<br>
Debian Security Advisory DSA-2836-1                   security () debian org<br>
<a  rel="nofollow" href="http://www.debian.org/security/">http://www.debian.org/security/</a>                          Raphael Geissert<br>
January 05, 2014                       <a  rel="nofollow" href="http://www.debian.org/security/faq">http://www.debian.org/security/faq</a><br>
-------------------------------------------------------------------------<br>
<br>
Package        : devscripts<br>
Vulnerability  : arbitrary code execution...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/bugtraq/2014/Jan/8">[SECURITY] [DSA 2835-1] asterisk security update</a></strong>
<em>Moritz Muehlenhoff (Jan 06)</em><br>
-------------------------------------------------------------------------<br>
Debian Security Advisory DSA-2835-1                   security () debian org<br>
<a  rel="nofollow" href="http://www.debian.org/security/">http://www.debian.org/security/</a>                        Moritz Muehlenhoff<br>
January 05, 2014                       <a  rel="nofollow" href="http://www.debian.org/security/faq">http://www.debian.org/security/faq</a><br>
-------------------------------------------------------------------------<br>
<br>
Package        : asterisk<br>
Vulnerability  : buffer overflow<br>
Problem type   :...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/bugtraq/2014/Jan/7">[security bulletin] HPSBMU02895 SSRT101253 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code</a></strong>
<em>security-alert (Jan 03)</em><br>
Note: the current version of the following document is available here:<br>
<a  rel="nofollow" href="https://h20564.www2.hp.com/portal/site/hpsc/public/kb/">https://h20564.www2.hp.com/portal/site/hpsc/public/kb/</a><br>
docDisplay?docId=emr_na-c03822422<br>
<br>
SUPPORT COMMUNICATION - SECURITY BULLETIN<br>
<br>
Document ID: c03822422<br>
Version: 1<br>
<br>
HPSBMU02895 SSRT101253 rev.1 - HP Data Protector, Remote Increase of<br>
Privilege, Denial of Service (DoS), Execution of Arbitrary Code<br>
<br>
NOTICE: The information in this Security Bulletin should be acted upon as...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/bugtraq/2014/Jan/6">Path Traversal in eduTrac</a></strong>
<em>High-Tech Bridge Security Research (Jan 02)</em><br>
Advisory ID: HTB23190<br>
Product: eduTrac<br>
Vendor: 7 Media Web Solutions, LLC.<br>
Vulnerable Version(s): 1.1.1-Stable and probably prior<br>
Tested Version: 1.1.1-Stable<br>
Advisory Publication:  December 11, 2013  [without technical details]<br>
Vendor Notification: December 11, 2013 <br>
Vendor Patch: December 16, 2013 <br>
Public Disclosure: January 2, 2014 <br>
Vulnerability Type: Path Traversal [CWE-22]<br>
CVE Reference: CVE-2013-7097<br>
Risk Level: Medium <br>
CVSSv2 Base Score:...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/bugtraq/2014/Jan/5">[CVE-2013-6480] Libcloud doesn&apos;t send scrub_data query parameter when destroying a DigitalOcean node</a></strong>
<em>Tomaz Muraus (Jan 01)</em><br>
[CVE-2013-6480] Libcloud doesn&apos;t send scrub_data query parameter when<br>
destroying a DigitalOcean node<br>
<br>
Severity: Low<br>
<br>
Vendor: Apache Software Foundation<br>
<br>
Project: Apache Libcloud (<a  rel="nofollow" href="http://libcloud.apache.org/">http://libcloud.apache.org/</a>)<br>
<br>
Affected Versions: Apache Libcloud 0.12.3 to 0.13.3 (version prior to<br>
0.12.3 don&apos;t include a DigitalOcean driver)<br>
<br>
Description:<br>
<br>
DigitalOcean recently changed the default API behavior from scrub to<br>
non-scrub when destroying a VM....<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/bugtraq/2014/Jan/4">[SECURITY] [DSA 2834-1] typo3-src security update</a></strong>
<em>Salvatore Bonaccorso (Jan 01)</em><br>
-------------------------------------------------------------------------<br>
Debian Security Advisory DSA-2834-1                   security () debian org<br>
<a  rel="nofollow" href="http://www.debian.org/security/">http://www.debian.org/security/</a>                      Salvatore Bonaccorso<br>
January 01, 2014                       <a  rel="nofollow" href="http://www.debian.org/security/faq">http://www.debian.org/security/faq</a><br>
-------------------------------------------------------------------------<br>
<br>
Package        : typo3-src<br>
Vulnerability  : several<br>
Problem type   : remote...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/bugtraq/2014/Jan/3">CFP - IEEE Co-sponsored CyberSec2014 - Lebanon Section</a></strong>
<em>The Third International Conference on Cyber Security, Cyber Warfare, and Digital Forensic (Jan 01)</em><br>
All the registered papers will be submitted to IEEE for potential<br>
inclusion to IEEE Xplore as well as other Abstracting and Indexing (A&amp;I)<br>
databases.<br>
<br>
TITLE: The Third International Conference on Cyber Security, Cyber<br>
Warfare, and Digital Forensic (CyberSec2014)<br>
<br>
EVENT VENUE: Lebanese University, Lebanon<br>
<br>
CONFERENCE DATES: Apr. 29  May 1, 2014<br>
<br>
EVENT URL: <a  rel="nofollow" href="http://sdiwc.net/conferences/2014/cybersec2014/">http://sdiwc.net/conferences/2014/cybersec2014/</a><br>
<br>
OBJECTIVE: To provide a medium for...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/bugtraq/2014/Jan/2">[SECURITY] [DSA 2833-1] openssl security update</a></strong>
<em>Moritz Muehlenhoff (Jan 01)</em><br>
-------------------------------------------------------------------------<br>
Debian Security Advisory DSA-2833-1                   security () debian org<br>
<a  rel="nofollow" href="http://www.debian.org/security/">http://www.debian.org/security/</a>                        Moritz Muehlenhoff<br>
January 01, 2014                       <a  rel="nofollow" href="http://www.debian.org/security/faq">http://www.debian.org/security/faq</a><br>
-------------------------------------------------------------------------<br>
<br>
Package        : openssl<br>
Vulnerability  : several<br>
Problem type   : local...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/bugtraq/2014/Jan/1">[SECURITY] [DSA 2832-1] memcached security update</a></strong>
<em>Salvatore Bonaccorso (Jan 01)</em><br>
-------------------------------------------------------------------------<br>
Debian Security Advisory DSA-2832-1                   security () debian org<br>
<a  rel="nofollow" href="http://www.debian.org/security/">http://www.debian.org/security/</a>                      Salvatore Bonaccorso<br>
January 01, 2014                       <a  rel="nofollow" href="http://www.debian.org/security/faq">http://www.debian.org/security/faq</a><br>
-------------------------------------------------------------------------<br>
<br>
Package        : memcached<br>
Vulnerability  : several<br>
Problem type   : remote...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/bugtraq/2014/Jan/0">[SECURITY] [DSA 2831-1] puppet security update</a></strong>
<em>Luciano Bello (Jan 01)</em><br>
-------------------------------------------------------------------------<br>
Debian Security Advisory DSA-2831-1                   security () debian org<br>
<a  rel="nofollow" href="http://www.debian.org/security/">http://www.debian.org/security/</a>                             Luciano Bello<br>
December 31, 2013                      <a  rel="nofollow" href="http://www.debian.org/security/faq">http://www.debian.org/security/faq</a><br>
-------------------------------------------------------------------------<br>
<br>
Package        : puppet<br>
Vulnerability  : insecure temporary files<br>
Problem...<br>
</p>

 

<!-- MHonArc v2.6.16 -->
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/bugtraq/2013/Dec/149">[SECURITY] [DSA 2830-1] ruby-i18n security update</a></strong>
<em>Florian Weimer (Dec 31)</em><br>
-------------------------------------------------------------------------<br>
Debian Security Advisory DSA-2830-1                   security () debian org<br>
<a  rel="nofollow" href="http://www.debian.org/security/">http://www.debian.org/security/</a>                            Florian Weiemr<br>
December 30, 2013                      <a  rel="nofollow" href="http://www.debian.org/security/faq">http://www.debian.org/security/faq</a><br>
-------------------------------------------------------------------------<br>
<br>
Package        : ruby-i18n<br>
Vulnerability  : cross-site scripting<br>
Problem...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/bugtraq/2013/Dec/148">[security bulletin] HPSBMU02959 rev.1 - HP Service Manager WebTier and Windows Client, Cross-Site Scripting (XSS), Execution of Arbitrary Code and other Vulnerabilities</a></strong>
<em>security-alert (Dec 31)</em><br>
Note: the current version of the following document is available here:<br>
<a  rel="nofollow" href="https://h20564.www2.hp.com/portal/site/hpsc/public/kb/">https://h20564.www2.hp.com/portal/site/hpsc/public/kb/</a><br>
docDisplay?docId=emr_na-c04052075<br>
<br>
SUPPORT COMMUNICATION - SECURITY BULLETIN<br>
<br>
Document ID: c04052075<br>
Version: 1<br>
<br>
HPSBMU02959 rev.1 - HP Service Manager WebTier and Windows Client, Cross-Site<br>
Scripting (XSS), Execution of Arbitrary Code and other Vulnerabilities<br>
<br>
NOTICE: The information in this Security Bulletin should be...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/bugtraq/2013/Dec/147">CALL FOR PAPERS - Hackers 2 Hackers Conference 11th edition</a></strong>
<em>Rodrigo Rubira Branco \(BSDaemon\) (Dec 30)</em><br>
CALL FOR PAPERS - Hackers 2 Hackers Conference 11th edition<br>
<br>
The call for papers for H2HC 11th edition is now open. H2HC is a hacker<br>
conference taking place in Sao Paulo, Brazil, from 18 to 19 of October<br>
2014.<br>
<br>
Our public key is available at:<br>
<a  rel="nofollow" href="https://www.h2hc.com.br/divulgacao/public.key">https://www.h2hc.com.br/divulgacao/public.key</a><br>
<br>
[ - Introduction - ]<br>
<br>
For the eleventh consecutive year and past success we have been having,<br>
the annual Hackers 2 Hackers Conference will be held again in Sao...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/bugtraq/2013/Dec/146">[SECURITY] [DSA 2829-1] hplip security update</a></strong>
<em>Moritz Muehlenhoff (Dec 30)</em><br>
-------------------------------------------------------------------------<br>
Debian Security Advisory DSA-2829-1                   security () debian org<br>
<a  rel="nofollow" href="http://www.debian.org/security/">http://www.debian.org/security/</a>                        Moritz Muehlenhoff<br>
December 28, 2013                      <a  rel="nofollow" href="http://www.debian.org/security/faq">http://www.debian.org/security/faq</a><br>
-------------------------------------------------------------------------<br>
<br>
Package        : hplip<br>
Vulnerability  : several<br>
Problem type   : remote...<br>
</p>

 

<!-- MHonArc v2.6.16 -->
</blockquote>
</div>
<BR>
<A NAME="fulldisclosure"></A>
<div style="clear: right">
<A HREF="/fulldisclosure/"><img src="/images/fulldisclosure-logo.png" border="0" width="80" align="right" alt="fulldisclosure logo"></A><B><A HREF="/fulldisclosure/">Full Disclosure</A></B> &mdash; A <a href="http://seclists.org/fulldisclosure/2010/Mar/459">lightly moderated</a> high-traffic forum for disclosure of security information.  Fresh vulnerabilities sometimes hit this list many hours before they pass through the Bugtraq moderation queue.  The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip.  Unfortunately, most of the posts are worthless drivel, so finding the gems takes patience.<BR><ul class="inline"><li class="first"><A HREF="/fulldisclosure/2014/Jan/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Current Month</A></li>
<li>&nbsp;<A HREF="/fulldisclosure/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/fulldisclosure.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://lists.grok.org.uk/full-disclosure-charter.html"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-fulldisclosure" href="javascript:show_latest('fulldisclosure')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-fulldisclosure" style="display: none" href="javascript:hide_latest('fulldisclosure')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-fulldisclosure" style="display: none">
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/fulldisclosure/2014/Jan/23">[HITB-Announce] HITB Magazine Issue 10 Out Now</a></strong>
<em>Hafez Kamal (Jan 07)</em><br>
Issue #10 is now available!<br>
<br>
Hello readers and welcome to the somewhat overdue Issue 010 of HITB<br>
Magazine. As they say, better late than never!<br>
<br>
Since the last issue, we&apos;ve also changed the HITB Security Conference<br>
Call for Papers submission guidelines to now require speakers to submit<br>
a research &apos;white paper&apos; to accompany their talk. The first round of<br>
papers came to us via #HITB2013KUL in October and thankfully we now have<br>
loads...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/fulldisclosure/2014/Jan/22">Re: Open phones for privacy/anonymity applications, Guardian</a></strong>
<em>Bzzz (Jan 06)</em><br>
No, in most countries this was taken in account and rejected<br>
by the authorities because the certification is tied to the<br>
electronics apparatus and not to the software/firmware that<br>
drives it (with the frequency range exception in the mobile<br>
domain, but this is already covered by other rules than<br>
certification).<br>
<br>
For once, authorities where quite wise (but don&apos;t take that for<br>
granted in other domains;)<br>
<br>
JY<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/fulldisclosure/2014/Jan/21">Re: Open phones for privacy/anonymity	applications, Guardian</a></strong>
<em>Anonymous (Jan 06)</em><br>
Since the GSM f/w controls a radio, and thus the power, it may need a<br>
FCC certification.  In which case you would need someone to finance<br>
the certification every time a new version of the Gnu firmware is<br>
released (FSF perhaps?).<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/fulldisclosure/2014/Jan/20">Re: DoS vulnerability in Adobe Flash Player (BSOD)</a></strong>
<em>sixtyvividtails (Jan 06)</em><br>
Do you have any plans to release more details regarding this denial of<br>
service vulnerability? BSOD crashdump, may be?<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/fulldisclosure/2014/Jan/19">[SECURITY] [DSA 2836-1] devscripts security update</a></strong>
<em>Raphael Geissert (Jan 06)</em><br>
-------------------------------------------------------------------------<br>
Debian Security Advisory DSA-2836-1                   security () debian org<br>
<a  rel="nofollow" href="http://www.debian.org/security/">http://www.debian.org/security/</a>                          Raphael Geissert<br>
January 05, 2014                       <a  rel="nofollow" href="http://www.debian.org/security/faq">http://www.debian.org/security/faq</a><br>
-------------------------------------------------------------------------<br>
<br>
Package        : devscripts<br>
Vulnerability  : arbitrary code execution...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/fulldisclosure/2014/Jan/18">[SECURITY] [DSA 2835-1] asterisk security update</a></strong>
<em>Moritz Muehlenhoff (Jan 05)</em><br>
-------------------------------------------------------------------------<br>
Debian Security Advisory DSA-2835-1                   security () debian org<br>
<a  rel="nofollow" href="http://www.debian.org/security/">http://www.debian.org/security/</a>                        Moritz Muehlenhoff<br>
January 05, 2014                       <a  rel="nofollow" href="http://www.debian.org/security/faq">http://www.debian.org/security/faq</a><br>
-------------------------------------------------------------------------<br>
<br>
Package        : asterisk<br>
Vulnerability  : buffer overflow<br>
Problem type   :...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/fulldisclosure/2014/Jan/17">Re: &quot;the Fairphone is fatally flawed for security&quot;</a></strong>
<em>coderman (Jan 05)</em><br>
baseband attack (remote injection, carrier cooperation, other vector)<br>
 leads to -&gt; bus access<br>
  leads to -&gt; storage, RAM, GPS and audio, etc.<br>
<br>
baseband vulnerabilities are difficult to identify and weaponize, but<br>
growing ever more pervasive.<br>
<br>
see also these QUANTUMINSERTs:<br>
&quot;30C3 Baseband Exploitation in 2013&quot;<br>
<a  rel="nofollow" href="http://www.youtube.com/watch?v=_5DqsPCCtiI">http://www.youtube.com/watch?v=_5DqsPCCtiI</a><br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/fulldisclosure/2014/Jan/16">&quot;the Fairphone is fatally flawed for security&quot;</a></strong>
<em>Bernhard Kuemel (Jan 05)</em><br>
Hi!<br>
<br>
The fairphone (<a  rel="nofollow" href="http://www.fairphone.com/">http://www.fairphone.com/</a>) is a socially fairly produced<br>
smartphone, similar to fairtrade products.<br>
<br>
<a  rel="nofollow" href="http://replicant.us/2013/11/fairphone/">http://replicant.us/2013/11/fairphone/</a> says:<br>
<br>
&quot;However, things are not looking so good when it comes to evaluating the<br>
platform that was chosen for the Fairphone: the modem is embedded in the<br>
System on a Chip (SoC) which leads us to believe that it is poorly<br>
isolated from the rest of the platform and could access critical...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/fulldisclosure/2014/Jan/15">Re: SCADA StrangeLove 30C3 releases: all in one</a></strong>
<em>coderman (Jan 05)</em><br>
i&apos;m waiting for the day Parastoo starts using these methods.  right<br>
now their cyber vector appears limited to cutting fibers...<br>
<br>
<a  rel="nofollow" href="http://cryptome.org/2014/01/parastoo-pge-metcalf.htm">http://cryptome.org/2014/01/parastoo-pge-metcalf.htm</a><br>
<br>
what disturbs me most is that despite wide spread and persistent<br>
vulnerabilities in our critical infrastructure, there is nothing more<br>
than token security efforts applied this last decade. (except the<br>
security applied to keeping infrastructure information secret...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/fulldisclosure/2014/Jan/14">SCADA StrangeLove 30C3 releases: all in one</a></strong>
<em>scadastrangelove (Jan 04)</em><br>
Hi list.<br>
<br>
Just a collection of our 30C3 releases in one post.<br>
<br>
ICS/SCADA/PLC Google/Shodan Cheat Sheet<br>
THC Hydra with Siemens S7-300 support<br>
Slides and video from SCADA Strangelove 2<br>
talk&lt;<a  rel="nofollow" href="https://events.ccc.de/congress/2013/Fahrplan/events/5582.html">https://events.ccc.de/congress/2013/Fahrplan/events/5582.html</a>&gt;<br>
.<br>
&quot;A Hacker Disneyland&quot; by @ygoltsev and @arbitrarycode<br>
&quot;Firebird/interbase database engine hacks&quot; by @GiftsUngiven...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/fulldisclosure/2014/Jan/13">Re: Securelist.com (Kaspersky) released a misleading information about Kelihos Botnet actual status</a></strong>
<em>アドリアンヘンドリック (Jan 03)</em><br>
Following the previously posted about the Kelihos botnet current status,<br>
<br>
at BotConf<br>
<br>
We did our part as per promised, and disclosed the every operation aspect<br>
in details against this botnet including the criminal responsible behind<br>
all acts (a Russia Federation nationality individual).<br>
All of the verdict and data were reported officially to the Group IB in<br>
Russia Federation for the legal case follow, we look forward to have the<br>
finalization in...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/fulldisclosure/2014/Jan/12">DAVOSET v.1.1.5</a></strong>
<em>MustLive (Jan 01)</em><br>
Hello participants of Mailing List.<br>
<br>
Happy New Year!<br>
<br>
After making public release of DAVOSET<br>
(<a  rel="nofollow" href="http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html">http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html</a>),<br>
I&apos;ve made next update of the software. At 31st of December DAVOSET v.1.1.5<br>
was released - DDoS attacks via other sites execution tool<br>
(<a  rel="nofollow" href="http://websecurity.com.ua/davoset/">http://websecurity.com.ua/davoset/</a>). This is New Year Edition ;-).<br>
<br>
Video demonstration of DAVOSET:...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/fulldisclosure/2014/Jan/11">[CVE-2013-6480] Libcloud doesn&apos;t send scrub_data query parameter when destroying a DigitalOcean node</a></strong>
<em>Tomaz Muraus (Jan 01)</em><br>
[CVE-2013-6480] Libcloud doesn&apos;t send scrub_data query parameter when<br>
destroying a DigitalOcean node<br>
<br>
Severity: Low<br>
<br>
Vendor: Apache Software Foundation<br>
<br>
Project: Apache Libcloud (<a  rel="nofollow" href="http://libcloud.apache.org/">http://libcloud.apache.org/</a>)<br>
<br>
Affected Versions: Apache Libcloud 0.12.3 to 0.13.3 (version prior to<br>
0.12.3 don&apos;t include a DigitalOcean driver)<br>
<br>
Description:<br>
<br>
DigitalOcean recently changed the default API behavior from scrub to<br>
non-scrub when destroying a VM....<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/fulldisclosure/2014/Jan/10">[SECURITY] [DSA 2834-1] typo3-src security update</a></strong>
<em>Salvatore Bonaccorso (Jan 01)</em><br>
-------------------------------------------------------------------------<br>
Debian Security Advisory DSA-2834-1                   security () debian org<br>
<a  rel="nofollow" href="http://www.debian.org/security/">http://www.debian.org/security/</a>                      Salvatore Bonaccorso<br>
January 01, 2014                       <a  rel="nofollow" href="http://www.debian.org/security/faq">http://www.debian.org/security/faq</a><br>
-------------------------------------------------------------------------<br>
<br>
Package        : typo3-src<br>
Vulnerability  : several<br>
Problem type   : remote...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/fulldisclosure/2014/Jan/9">Re: Open phones for privacy/anonymity	applications, Guardian</a></strong>
<em>Lodewijk andré de la porte (Jan 01)</em><br>
I love being mentioned but that was not my statement.<br>
</p>

 

<!-- MHonArc v2.6.16 -->
</blockquote>
</div>
<BR>
<A NAME="basics"></A>
<div style="clear: right">
<A HREF="/basics/"><img src="/images/basics-logo.png" border="0" width="80" align="right" alt="basics logo"></A><B><A HREF="/basics/">Security Basics</A></B> &mdash; A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs".  I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.<BR><ul class="inline"><li class="first"><A HREF="/basics/2013/Dec/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Previous Month</A></li>
<li>&nbsp;<A HREF="/basics/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/basics.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://www.securityfocus.com/archive/105/description"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-basics" href="javascript:show_latest('basics')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-basics" style="display: none" href="javascript:hide_latest('basics')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-basics" style="display: none">
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/basics/2013/Dec/3">Re: don&apos;t understand the output of nmap -sV</a></strong>
<em>Luther Blissett (Dec 23)</em><br>
I&apos;d say nmap just gave you a probable guess on the service running on<br>
those ports according to the &quot;SNMPv3&quot; string found on the fingerprint.<br>
However, since this specific fingerprint does not match nmap&apos;s fp<br>
database, it alerts you to confirm that the service is really this and<br>
to feedback community by sending your results. Once you and others have<br>
done this nmap can grow it&apos;s certainty of service version.<br>
<br>
 <br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/basics/2013/Dec/2">PHP openssl_x509_parse POC Demo.... Is my Demo viable?</a></strong>
<em>Jeffrey Roberts (Dec 18)</em><br>
Greetings!<br>
<br>
I am attempting to test my machines to see if they are vulnerable to<br>
<br>
<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420</a><br>
<br>
I am using the example certificate from<br>
<br>
<a  rel="nofollow" href="http://www.exploit-db.com/exploits/30395/">http://www.exploit-db.com/exploits/30395/</a><br>
<br>
My demo can be found at<br>
<br>
<a  rel="nofollow" href="https://gist.github.com/jeffreyroberts/8006715">https://gist.github.com/jeffreyroberts/8006715</a><br>
<br>
My questions is, is my POC/Demo viable?<br>
<br>
When I execute the gist, this is the output<br>
<br>
[ec2-user () bakerscloud ~]$ php...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/basics/2013/Dec/1">don&apos;t understand the output of nmap -sV</a></strong>
<em>Lentes, Bernd (Dec 18)</em><br>
Hi,<br>
<br>
i try to check if a SNMP service is available. I did the following:<br>
<br>
pc59093:~ # nmap -sU -sV -p161,162 pc53200<br>
<br>
The response was:<br>
<br>
Starting Nmap 4.75 ( <a  rel="nofollow" href="http://nmap.org">http://nmap.org</a> ) at 2013-12-13 21:59 CET<br>
Interesting ports on pc53200.xxxxxxxxxxxxx:<br>
PORT    STATE SERVICE VERSION<br>
161/udp open  snmp    SNMPv3 server<br>
162/udp open  snmp    SNMPv3 server<br>
2 services unrecognized despite returning data. If you know the service/version, please submit the...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/basics/2013/Dec/0">CarolinaCon-10 / 2014 - Call for Presenters/Speakers</a></strong>
<em>Vic Vandal (Dec 03)</em><br>
h4x0rs, stuff breakers, InfoSec pros, g33k girls, international spies, and script kidz,<br>
<br>
CarolinaCon-10 will occur on May 16th-18th 2014 in Raleigh NC (USA).  We are now officially accepting <br>
speaker/paper/demo submissions for the event. <br>
<br>
If you are somewhat knowledgeable in any interesting field of hacking, technology, robotics, science, global <br>
thermonuclear war, etc. (but mostly hacking), and are interested in presenting at CarolinaCon-10, we...<br>
</p>

 

<!-- MHonArc v2.6.16 -->
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/basics/2013/Nov/19">[HITB-Announce] #HITB2014AMS Call for Papers Now Open</a></strong>
<em>Hafez Kamal (Nov 28)</em><br>
Hi everyone - The Call for Papers for the 5th annual HITB Security<br>
Conference in Amsterdam is now open. #HITB2014AMS takes place at the<br>
Beurs van Berlage from the 27th - 30th of May 2014. The official<br>
conference hotel for the event is the Hilton DoubleTree.<br>
<br>
As always we start with 2-days of hands on technical trainings followed<br>
by a 2-day triple track conference. However, 2014 also sees the<br>
introduction of a brand new addition to the HITB line...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/basics/2013/Nov/18">RE: FP BugCON 2014 - Mexico City</a></strong>
<em>Tamara Vera (Nov 08)</em><br>
Ecuador?<br>
<br>
-----Mensaje original-----<br>
De: listbounce () securityfocus com [<a  rel="nofollow" href="mailto:listbounce">mailto:listbounce</a> () securityfocus com] En nombre de Carlos A. Lozano<br>
Enviado el: miércoles, 06 de noviembre de 2013 22:02<br>
Para: bugtraq () securityfocus com; security-basics () securityfocus com; PaulDotCom Security Weekly Mailing List<br>
Asunto: CFP BugCON 2014 - Mexico City<br>
<br>
-[ BugCON Security Conference: Safety is just a myth...! ]-<br>
<br>
Call For Papers - BugCON 2014<br>
<br>
      _...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/basics/2013/Nov/17">CFP BugCON 2014 - Mexico City</a></strong>
<em>Carlos A. Lozano (Nov 07)</em><br>
-[ BugCON Security Conference: Safety is just a myth...! ]-<br>
<br>
Call For Papers - BugCON 2014<br>
<br>
      _ .-. _<br>
     /o`\^/`o\<br>
    |o o | o o|<br>
     \o _|_ o/<br>
      `(@I@)`<br>
        /^\<br>
<br>
--[ Description<br>
<br>
BugCON Security Conference is one of the most important security<br>
conferences in Mexico. BugCON 2014 will take place in Mexico City from<br>
May 7th to 9th, 2014.<br>
<br>
----[ Background<br>
<br>
BugCON Security Conference: Safety is just a myth...! is the biggest<br>
security...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/basics/2013/Nov/16">Re: msf &gt; use auxiliary/scanner/vnc/vnc_login</a></strong>
<em>ToddAndMargo (Nov 05)</em><br>
I have Kali inside a virtual machine, just to check things out<br>
and compare.<br>
<br>
Hi Eric,<br>
<br>
    Thank you for the tips.<br>
<br>
Hind sight.<br>
<br>
But, on the other hand, even though it was really<br>
frustrating to figure out, I did figure it out.  And, I got<br>
to see first hand the manure Kaspersky was feeding me.<br>
They did a good job.  Especially telling me at one point<br>
that every (256) computer was active on the network.  Nice<br>
way of obscuring things.  Most of the...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/basics/2013/Nov/15">Re: msf &gt; use auxiliary/scanner/vnc/vnc_login</a></strong>
<em>Eric Schultz (Nov 05)</em><br>
ToddAndMargo,<br>
<br>
I&apos;d recommend checking out Kali Linux instead of using Scientific<br>
Linux. Kali is designed for doing security work, and is installed with<br>
needed tools already configured. I think this would aid you in the<br>
future, as it&apos;s one less thing to troubleshoot.<br>
<br>
Since you are learning the basics, I&apos;d also recommend shutting off<br>
antivirus programs while testing to prevent unexcpected and difficult<br>
to pinpoint errors. Once you...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/basics/2013/Nov/14">Re: [Solved] Re: msf &gt; use auxiliary/scanner/vnc/vnc_login</a></strong>
<em>jason m (Nov 05)</em><br>
Allowing threads full of drivel like this, by a repeat offender, is <br>
doing a disservice to the professionals using it.<br>
<br>
------------------------------------------------------------------------<br>
Securing Apache Web Server with thawte Digital Certificate<br>
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how <br>
it benefits your company and how your customers can tell if a site is secure....<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/basics/2013/Nov/13">Re: msf &gt; use auxiliary/scanner/vnc/vnc_login</a></strong>
<em>ToddAndMargo (Nov 04)</em><br>
 &gt; On Oct 31, 2013 1:34 PM, &quot;ToddAndMargo&quot; &lt;ToddAndMargo () zoho com<br>
 &gt; &lt;<a  rel="nofollow" href="mailto:ToddAndMargo">mailto:ToddAndMargo</a> () zoho com&gt;&gt; wrote:<br>
 &gt;<br>
 &gt;     Hi All,<br>
 &gt;<br>
 &gt;     I decided to test Metasploit against an open VNC<br>
 &gt;     server, following the following directions:<br>
 &gt;<br>
 &gt; <br>
<a  rel="nofollow" href="https://www.rapid7.com/db/__modules/auxiliary/scanner/vnc/__vnc_login">https://www.rapid7.com/db/__modules/auxiliary/scanner/vnc/__vnc_login</a> <br>
&lt;<a  rel="nofollow" href="https://www.rapid7.com/db/modules/auxiliary/scanner/vnc/vnc_login">https://www.rapid7.com/db/modules/auxiliary/scanner/vnc/vnc_login</a>&gt;<br>
 &gt;...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/basics/2013/Nov/12">[Solved] Re: msf &gt; use auxiliary/scanner/vnc/vnc_login</a></strong>
<em>ToddAndMargo (Nov 04)</em><br>
It occurred that if history is any indicator, the mailing list<br>
nazi will bounce this, so I am Cc:ing all those that helped me.<br>
<br>
Solution at bottom of letter<br>
<br>
Hi All,<br>
<br>
I figured it out.  While looking up iformation requested by<br>
the Metasploit form, on a lark, I opened an xterm and elevated<br>
to root. Then I cd&apos;ed into /usr/local/bin.  And I ran msfconsole<br>
directly.  Guess who started working!<br>
<br>
I had been rinning:<br>
    /usr/bin/gksu -u root...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/basics/2013/Nov/11">Re: msf &gt; use auxiliary/scanner/vnc/vnc_login</a></strong>
<em>ToddAndMargo (Nov 04)</em><br>
Hi Ben,<br>
<br>
I have never been able to get IRC to work on Scientific Linux.<br>
:&apos;(<br>
<br>
-T<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/basics/2013/Nov/10">Re: msf &gt; use auxiliary/scanner/vnc/vnc_login</a></strong>
<em>ToddAndMargo (Nov 04)</em><br>
Hi All,<br>
<br>
I figured it out.  While looking up iformation requested by<br>
the Metasploit form, on a lark, I opened an xterm and elevated<br>
to root. Then I cd&apos;ed into /usr/local/bin.  And I ran msfconsole<br>
directly.  Guess who started working!<br>
<br>
I had been rinning:<br>
    /usr/bin/gksu -u root  &quot;/usr/local/bin/msfconsole&quot;<br>
from my Xfce Pane2lanucher.  So, I tried<br>
   /usr/bin/gksu -u root  &quot;cd /usr/local/bin; /usr/local/bin/msfconsole&quot;...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/basics/2013/Nov/9">Re: vnc-brute script question</a></strong>
<em>ToddAndMargo (Nov 04)</em><br>
Hi All,<br>
<br>
Figured it out.  This is horse manure coming from Kaspersky<br>
End Point Security 10&apos;s Network Attack Blocker.  It has<br>
been feeding me all kinds of this random poop for hours.<br>
<br>
I put myself in its exclusion list and now things are<br>
operating normally, including the VNC server.<br>
<br>
This is actually a nice feature of End Point.<br>
<br>
-T<br>
</p>

 

<!-- MHonArc v2.6.16 -->
</blockquote>
</div>
<BR>
<A NAME="pen-test"></A>
<div style="clear: right">
<A HREF="/pen-test/"><img src="/images/pen-test-logo.png" border="0" width="80" align="right" alt="pen-test logo"></A><B><A HREF="/pen-test/">Penetration Testing</A></B> &mdash; While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.<BR><ul class="inline"><li class="first"><A HREF="/pen-test/2014/Jan/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Current Month</A></li>
<li>&nbsp;<A HREF="/pen-test/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/pen-test.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://www.securityfocus.com/archive/101/description"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-pen-test" href="javascript:show_latest('pen-test')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-pen-test" style="display: none" href="javascript:hide_latest('pen-test')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-pen-test" style="display: none">
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/pen-test/2014/Jan/0">Arachni v0.4.6-0.4.3 has been released (Open Source Web Application Security Scanner Framework)</a></strong>
<em>Tasos Laskos (Jan 01)</em><br>
Hey folks,<br>
<br>
There&apos;s a new version of Arachni, an Open Source, modular and<br>
high-performance Web Application Security Scanner Framework written in Ruby.<br>
<br>
Brief list of changes:<br>
<br>
Framework<br>
----------<br>
* Massively decreased RAM consumption.<br>
* Amount of performed requests cut down by 1/3 -- and thus 1/3 decrease in scan times.<br>
* Overhauled timing attack and boolean/differential analysis algorithms to fix<br>
  SQLi false-positives with misbehaving...<br>
</p>

 

<!-- MHonArc v2.6.16 -->
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/pen-test/2013/Dec/2">Release: Faraday Penetration Test IDE</a></strong>
<em>Francisco Amato (Dec 17)</em><br>
We are happy to announce our first release of Faraday (beta), an open<br>
source collaborative Penetration Test IDE console that uses the same<br>
tools you use every day.<br>
<br>
Faraday introduces a new concept (IPE) Integrated Penetration-Test Environment<br>
<br>
We built a plugin system, where all the I/O from the terminal gets<br>
interpreted, if we have a plugin for the command, the output is<br>
processed and added to a knowledge base in a transparent way.<br>
<br>
Our idea...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/pen-test/2013/Dec/1">ShmooCon Epilogue CFP / CFT</a></strong>
<em>Rob Fuller (Dec 10)</em><br>
What: SHMOOCON EPILOGUE 2014<br>
Location: 2214 Rock Hill Rd, Herndon, VA 20170<br>
Date: Jan 20, 2014 (MLK day) - 10 AM to 10 PM<br>
Cost: $10 per meal (Lunch/Dinner)<br>
Info Page: <a  rel="nofollow" href="http://novahackers.blogspot.com/p/shmoo.html">http://novahackers.blogspot.com/p/shmoo.html</a><br>
<br>
Yup, we&apos;re doing it again. ShmooCon Epilogue 2014 is a go! What is<br>
ShmooCon Epilogue? It&apos;s a 1-track all day event the day after ShmooCon<br>
(Monday which is a US holiday). We provide lunch and dinner (for the<br>
small entrance fee)....<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/pen-test/2013/Dec/0">PwnWiki.io</a></strong>
<em>Rob Fuller (Dec 01)</em><br>
Micah and I are merging the Post Exploitation Wiki with a few other<br>
projects to include the following:<br>
<br>
+ Kali Linux Documentation Project<br>
+ WebApp Defaults Project<br>
+ Q (Metasploit Repo)<br>
+ (And of course the PwnWiki which has all the content of the Post<br>
Exploitation Command Lists and wiki)<br>
<br>
Into one central place for information all under the &quot;PwnWiki Team&quot;<br>
banner instead of just /mubix/. We would love to have some more help.<br>
If you are...<br>
</p>

 

<!-- MHonArc v2.6.16 -->
</blockquote>
</div>
<BR>
<A NAME="isn"></A>
<div style="clear: right">
<A HREF="/isn/"><img src="/images/isn-logo.png" border="0" width="80" align="right" alt="isn logo"></A><B><A HREF="/isn/">Info Security News</A></B> &mdash; Carries news items (generally from mainstream sources) that relate to security.<BR><ul class="inline"><li class="first"><A HREF="/isn/2014/Jan/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Current Month</A></li>
<li>&nbsp;<A HREF="/isn/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/isn.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://www.infosecnews.org/"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-isn" href="javascript:show_latest('isn')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-isn" style="display: none" href="javascript:hide_latest('isn')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-isn" style="display: none">
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/isn/2014/Jan/4">FireEye Computer Security Firm Acquires Mandiant</a></strong>
<em>InfoSec News (Jan 03)</em><br>
<a  rel="nofollow" href="http://www.nytimes.com/2014/01/03/technology/fireeye-computer-security-firm-acquires-mandiant.html">http://www.nytimes.com/2014/01/03/technology/fireeye-computer-security-firm-acquires-mandiant.html</a><br>
<br>
By NICOLE PERLROTH and DAVID E. SANGER<br>
New York Times<br>
January 2, 2014<br>
<br>
SAN FRANCISCO -- In a deal that may have broad repercussions for companies <br>
and governments fending off sophisticated hackers and state-sponsored <br>
digital attacks, FireEye, a provider of security software, has acquired <br>
Mandiant, a company known for emergency responses to...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/isn/2014/Jan/3">Time for a U.S. Cyber Force</a></strong>
<em>InfoSec News (Jan 03)</em><br>
<a  rel="nofollow" href="http://www.usni.org/magazines/proceedings/2014-01/time-us-cyber-force">http://www.usni.org/magazines/proceedings/2014-01/time-us-cyber-force</a><br>
<br>
Proceedings Magaizine - January 2014<br>
Vol. 140/1/1,331<br>
<br>
By Admiral James Stavridis, U.S. Navy (Retired)<br>
and David Weinstein<br>
<br>
Instead of each armed service having its own version of a cyber command, <br>
why not create a separate entity altogether that would serve all branches? <br>
In November 1918, U.S. Army Brigadier General Billy Mitchell made the <br>
following observation: “The day...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/isn/2014/Jan/2">NSA seeks to build quantum computer that could crack most types of encryption</a></strong>
<em>InfoSec News (Jan 03)</em><br>
<a  rel="nofollow" href="http://www.washingtonpost.com/world/national-security/nsa-seeks-to-build-quantum-computer-that-could-crack-most-types-of-encryption/2014/01/02/8fff297e-7195-11e3-8def-a33011492df2_story.html">http://www.washingtonpost.com/world/national-security/nsa-seeks-to-build-quantum-computer-that-could-crack-most-types-of-encryption/2014/01/02/8fff297e-7195-11e3-8def-a33011492df2_story.html</a><br>
<br>
By Steven Rich and Barton Gellman<br>
The Washington Post<br>
January 2, 2014<br>
<br>
In room-size metal boxes ­secure against electromagnetic leaks, the <br>
National Security Agency is racing to build a computer that could break <br>
nearly every kind of encryption used to...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/isn/2014/Jan/1">How to be notified that your password has been stolen</a></strong>
<em>InfoSec News (Jan 03)</em><br>
<a  rel="nofollow" href="http://www.zdnet.com/how-to-be-notified-that-your-password-has-been-stolen-7000024674/">http://www.zdnet.com/how-to-be-notified-that-your-password-has-been-stolen-7000024674/</a><br>
<br>
By Larry Seltzer<br>
Zero Day<br>
ZDNet News<br>
January 2, 2014<br>
<br>
About a month ago I told you about have i been pwned?, a new site at which <br>
you could learn if your email address was included in one of several large <br>
data breaches.<br>
<br>
The main improvement that needed to be added to the site, as its creator <br>
Troy Hunt himself acknowledged, was a notification service to...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/isn/2014/Jan/0">4-year long HIPAA breach uncovered</a></strong>
<em>InfoSec News (Jan 03)</em><br>
<a  rel="nofollow" href="http://www.healthcareitnews.com/news/four-year-long-hipaa-data-breach-discovered">http://www.healthcareitnews.com/news/four-year-long-hipaa-data-breach-discovered</a><br>
<br>
By Erin McCann<br>
Associate Editor<br>
Healthcare IT News<br>
January 2, 2014<br>
<br>
In the world of HIPAA privacy and security breaches, 2013 was a big year, <br>
and the last days of December proved no exception.<br>
<br>
The five-hospital Riverside Health System in southeast Virginia announced <br>
earlier this week that close to 1,000 of its patients are being notified <br>
of a privacy breach that...<br>
</p>

 

<!-- MHonArc v2.6.16 -->
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/isn/2013/Dec/58">Attackers Wage Network Time Protocol-Based DDoS Attacks</a></strong>
<em>InfoSec News (Dec 31)</em><br>
<a  rel="nofollow" href="http://www.darkreading.com/attacks-breaches/attackers-wage-network-time-protocol-bas/240165063">http://www.darkreading.com/attacks-breaches/attackers-wage-network-time-protocol-bas/240165063</a><br>
<br>
By Kelly Jackson Higgins<br>
Dark Reading<br>
December 30, 2013<br>
<br>
Attackers have begun exploiting an oft-forgotten network protocol in a new <br>
spin on distributed denial-of-service (DDoS) attacks, as researchers <br>
spotted a spike in so-called NTP reflection attacks this month.<br>
<br>
The Network Time Protocol, or NTP, syncs time between machines on the <br>
network, and...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/isn/2013/Dec/57">Target confirms customer PINs were taken in breach, maintains data is safe</a></strong>
<em>InfoSec News (Dec 31)</em><br>
<a  rel="nofollow" href="http://www.computerworld.com/s/article/9245053/Target_confirms_customer_PINs_were_taken_in_breach_maintains_data_is_safe">http://www.computerworld.com/s/article/9245053/Target_confirms_customer_PINs_were_taken_in_breach_maintains_data_is_safe</a><br>
<br>
By Chris Kanaracus<br>
IDG News Service<br>
December 27, 2013<br>
<br>
Target has confirmed that hackers obtained customer debit card PINs <br>
(personal identification numbers) in the massive data breach suffered by <br>
the retailer during the busy holiday shopping season, but says customers <br>
should be safe, as the numbers were encrypted.<br>
<br>
Some 40...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/isn/2013/Dec/56">NSA Hackers Get the &apos;Ungettable&apos; With Rich Catalog of Custom	Tools</a></strong>
<em>InfoSec News (Dec 31)</em><br>
<a  rel="nofollow" href="http://www.wired.com/threatlevel/2013/12/nsa-hacking-catalogue/">http://www.wired.com/threatlevel/2013/12/nsa-hacking-catalogue/</a><br>
<br>
By Kim Zetter<br>
Threat Level Wired.com<br>
12.30.13<br>
<br>
While most Americans spend their time shopping Amazon, Target and <br>
Apple.com, the National Security Agency’s elite team of hackers spends its <br>
time shopping a secret high-end catalog of custom tools designed to <br>
subvert firewalls, servers, and routers made by U.S. firms, impersonate a <br>
GSM base station to intercept mobile phone calls,...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/isn/2013/Dec/55">BBC server took over by Russian cybercriminal</a></strong>
<em>InfoSec News (Dec 31)</em><br>
<a  rel="nofollow" href="http://news.techworld.com/security/3495137/bbc-server-took-over-by-russian-cybercriminal/">http://news.techworld.com/security/3495137/bbc-server-took-over-by-russian-cybercriminal/</a><br>
<br>
By Sam Shead<br>
Techworld<br>
30 December 2013<br>
<br>
A Russian hacker gained access to a BBC server over the Christmas period <br>
and attempted to sell access to it to other cybercriminals, reports <br>
suggest.<br>
<br>
US firm Hold Security told Reuters and the Financial Times that it had <br>
spotted the hacker advertising the exploit on an underground cybercrime <br>
forum.<br>
<br>
The BBC’s...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/isn/2013/Dec/54">China Is the Top Foreign Investor in U.S. Firms Critical to National Security</a></strong>
<em>InfoSec News (Dec 31)</em><br>
<a  rel="nofollow" href="http://www.defenseone.com/threats/2013/12/china-top-foreign-investor-us-firms-critical-national-security/75899/">http://www.defenseone.com/threats/2013/12/china-top-foreign-investor-us-firms-critical-national-security/75899/</a><br>
<br>
By Tim Fernholz<br>
Quartz<br>
December 23, 2013<br>
<br>
China overtook the United Kingdom last year as the country that received <br>
the most scrutiny of its US investments, according to the US government.<br>
<br>
The Committee on Foreign Investment in the US (CFIUS) is charged with <br>
reviewing mergers, acquisitions, and other transactions where a foreign...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/isn/2013/Dec/53">Happy Holidays To All!</a></strong>
<em>InfoSec News (Dec 25)</em><br>
Merry Holidays to everyone reading InfoSec News!<br>
<br>
In the coming days as we enjoy our holiday festivities with friends and<br>
family, I ask that you take the time to remember the soldiers, support<br>
workers, and security personnel that work tirelessly to protect us. For<br>
as long as I can remember, there have always been members of the Armed<br>
Forces working on Christmas in places so far removed from the comfort<br>
and safety of their homes, and this year is...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/isn/2013/Dec/52">Panda hackers tried for online gambling</a></strong>
<em>InfoSec News (Dec 20)</em><br>
<a  rel="nofollow" href="http://www.shanghaidaily.com/article/article_xinhua.aspx?id=188746">http://www.shanghaidaily.com/article/article_xinhua.aspx?id=188746</a><br>
<br>
Xinhua<br>
Dec 20,2013<br>
<br>
HANGZHOU -- Two Chinese hackers, previously imprisoned for creating a <br>
notorious computer virus, stood trial again on Thursday for allegedly <br>
running online gambling games.<br>
<br>
A court in Lishui City, east China&apos;s Zhejiang Province, heard the case <br>
against 26 people including Zhang Shun and Li Jun, creators of &quot;joss-stick <br>
burning panda&quot; that...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/isn/2013/Dec/51">Bitcoin-only poker site resets user credentials after 42, 000 passwords leak</a></strong>
<em>InfoSec News (Dec 20)</em><br>
<a  rel="nofollow" href="http://arstechnica.com/security/2013/12/bitcoin-only-poker-site-resets-user-credentials-after-42000-passwords-leak/">http://arstechnica.com/security/2013/12/bitcoin-only-poker-site-resets-user-credentials-after-42000-passwords-leak/</a><br>
<br>
By Dan Goodin<br>
Ars Technica<br>
Dec 19 2013<br>
<br>
An online poker service that deals solely in Bitcoin has issued a <br>
mandatory password reset one day after someone published login credentials <br>
for more than 42,000 enthusiasts of the card game and digital currency.<br>
<br>
An advisory published Thursday by Seals with Clubs warns, &quot;Our database...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/isn/2013/Dec/50">Inside knowledge likely in Target breach, experts say</a></strong>
<em>InfoSec News (Dec 20)</em><br>
<a  rel="nofollow" href="http://www.csoonline.com/article/744905/inside-knowledge-likely-in-target-breach-experts-say">http://www.csoonline.com/article/744905/inside-knowledge-likely-in-target-breach-experts-say</a><br>
<br>
By Antone Gonsalves<br>
csoonline.com<br>
December 19, 2013<br>
<br>
The Target security breach that left millions of debit and credit card holders <br>
at risk of becoming victims of fraud left experts pondering the question of how <br>
such a massive theft might have occurred.<br>
<br>
Theories varied, but the scant details released by the retailer Thursday left <br>
some experts...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/isn/2013/Dec/49">DHS Opens 100+ Cyber Internships to College Students</a></strong>
<em>InfoSec News (Dec 20)</em><br>
<a  rel="nofollow" href="http://www.nextgov.com/cio-briefing/wired-workplace/2013/12/dhs-opens-100-cyber-internships-college-students/75734/">http://www.nextgov.com/cio-briefing/wired-workplace/2013/12/dhs-opens-100-cyber-internships-college-students/75734/</a><br>
<br>
By Brittany Ballenstedt<br>
Nextgov.com<br>
December 19, 2013<br>
<br>
The Homeland Security Department has opened up more than 100 volunteer <br>
positions across the country to college students pursuing a degree in a <br>
cybersecurity-related field.<br>
<br>
The 2014 Secretary’s Honors Program Cyber Student Volunteer Initiative <br>
will provide unpaid student...<br>
</p>

 

<!-- MHonArc v2.6.16 -->
</blockquote>
</div>
<BR>
<A NAME="firewall-wizards"></A>
<div style="clear: right">
<A HREF="/firewall-wizards/"><img src="/images/firewall-wizards-logo.png" border="0" width="80" align="right" alt="firewall-wizards logo"></A><B><A HREF="/firewall-wizards/">Firewall Wizards</A></B> &mdash; Tips and tricks for firewall administrators<BR><ul class="inline"><li class="first"><A HREF="/firewall-wizards/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/firewall-wizards.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-firewall-wizards" href="javascript:show_latest('firewall-wizards')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-firewall-wizards" style="display: none" href="javascript:hide_latest('firewall-wizards')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-firewall-wizards" style="display: none">
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/firewall-wizards/2013/Nov/6">Re: Quote cybersecurity unquote</a></strong>
<em>Anton Chuvakin (Nov 10)</em><br>
On Wed, Oct 2, 2013 at 7:00 PM, Stephen P. Berry &lt;spb () meshuggeneh net&gt;wrote:<br>
<br>
Actually, &quot;the whole cyber thing&quot; is even more interesting that that.  At a<br>
recent event  (called - please don&apos;t laugh - &quot;World Cyberspace Cooperation<br>
Summit&quot;), I&apos;ve heard sentiment similar to the following: &quot;&apos;cyber risk<br>
mitigation&apos; is now a board-level priority, [while the infosec is not]&quot; The<br>
world has gone...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/firewall-wizards/2013/Nov/5">Re: Quote cybersecurity unquote</a></strong>
<em>David Lang (Nov 07)</em><br>
the problem is that your 3K systems may all be running the same vulnerable code. <br>
You need a sysadmin to create and maintain your template that you then run <br>
everywhere.<br>
<br>
And you do need these systems to log, and if you have logs, you need to worry <br>
about rotation, retention, etc.<br>
<br>
Far too many people make the exact same mistake in thinking that since it <br>
&quot;Cloud&quot; you no longer need all the infrastructure tools to manage things. The...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/firewall-wizards/2013/Nov/4">Re: Quote cybersecurity unquote</a></strong>
<em>Marcin Antkiewicz (Nov 07)</em><br>
[..]<br>
<br>
Hold on. There are multiple trends in security here that you lump into the<br>
same bag:<br>
- &quot;Cloud&quot; describes little more than a billing model (subscription O&amp;M),<br>
and a form of provisioning (the &quot;elasticity&quot;), and some business glue.<br>
Amazon sells you a slice of a hypervisor, Google used to sell managed<br>
python execution containers, SalesForce lets you build a CRM-related<br>
applications as plugins into their data and...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/firewall-wizards/2013/Nov/3">Re: Quote cybersecurity unquote</a></strong>
<em>David Lang (Nov 06)</em><br>
unfortunantly you are misinterpreting what they are leaving up to Amazon and <br>
Google.<br>
<br>
They aren&apos;t outsourceing the system administration, all they are outsourcing is <br>
the hardware administration.<br>
<br>
In the process they are deciding that system administrators aren&apos;t needed and <br>
just get in the way. The developers can take over doing everything because it is <br>
easy enough that any developer can get a cloud system online.<br>
<br>
This is the same...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/firewall-wizards/2013/Nov/2">Re: Quote cybersecurity unquote</a></strong>
<em>mjr (Nov 05)</em><br>
Paul D. Robertson wrote:<br>
<br>
Add to that, The Cloud. I finally realized that The Cloud is a good <br>
thing. What<br>
it means is that those who cannot do IT are going to stop trying. If <br>
they can&apos;t<br>
do system administration or system operations, they&apos;re going to step away<br>
from the plate and let Amazon or Google or whoever do it. Overall, this is<br>
probably for the best.<br>
<br>
That leaves the home users. Shiny eye-grabbing mac stuff and iPad stuff are...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/firewall-wizards/2013/Nov/1">Re: Quote cybersecurity unquote</a></strong>
<em>Paul D. Robertson (Nov 05)</em><br>
Stephen P. Berry wrote:<br>
<br>
  I completely missed it, but I&apos;m considering doing another advocacy thing<br>
  like Personal Firewall Day, but longer- but it won&apos;t be in November, and<br>
  it hopefully won&apos;t be under the radar.<br>
<br>
   I don&apos;t know about the job market, but I assume all this pen testing<br>
  hoopla has someone actually doing the remediation, though I guess it may<br>
    the the companies doing the testing- that&apos;s certainly my...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/firewall-wizards/2013/Nov/0">Quote cybersecurity unquote</a></strong>
<em>Stephen P. Berry (Nov 01)</em><br>
It is apparently national cyber security awareness month, a fact which<br>
I was made aware of by a bunch of fluff news pieces.<br>
<br>
This got me thinking:  is network/information security, in the sense that<br>
long-time readers of firewall-wizards have practiced it, a dying profession?<br>
In the aforementioned news coverage there&apos;s prominent discussion of<br>
so-called hackers for hire, but none whatsoever of the sort of systems and<br>
infrastructure-focused...<br>
</p>

 

<!-- MHonArc v2.6.16 -->
</blockquote>
</div>
<BR>
<A NAME="focus-ids"></A>
<div style="clear: right">
<A HREF="/focus-ids/"><img src="/images/focus-ids-logo.png" border="0" width="80" align="right" alt="focus-ids logo"></A><B><A HREF="/focus-ids/">IDS Focus</A></B> &mdash; Technical discussion about Intrusion Detection Systems.  You can also read the archives of a <A HREF="http://seclists.org/ids/">previous IDS list</A><BR><ul class="inline"><li class="first"><A HREF="/focus-ids/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/focus-ids.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://www.securityfocus.com/archive/96/description"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
</ul>
</div>
<BR>
<A NAME="webappsec"></A>
<div style="clear: right">
<A HREF="/webappsec/"><img src="/images/webappsec-logo.png" border="0" width="80" align="right" alt="webappsec logo"></A><B><A HREF="/webappsec/">Web App Security</A></B> &mdash; Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.<BR><ul class="inline"><li class="first"><A HREF="/webappsec/2014/q1/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Current Quarter</A></li>
<li>&nbsp;<A HREF="/webappsec/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/webappsec.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://www.securityfocus.com/archive/107/description"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-webappsec" href="javascript:show_latest('webappsec')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-webappsec" style="display: none" href="javascript:hide_latest('webappsec')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-webappsec" style="display: none">
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/webappsec/2014/q1/2">SpiderFoot 2.1.0 released</a></strong>
<em>Steve Micallef (Jan 05)</em><br>
Hi everyone,<br>
<br>
SpiderFoot 2.1.0 is now available, a major update over 2.0.5 which was <br>
released back in September.<br>
<br>
Major improvements are as follows:<br>
<br>
- Identifies sites co-hosted on IPs of your target.<br>
- Checks whether your target, affiliates or co-hosts have a bad <br>
reputation (PhishTank, Google<br>
  SafeBrowsing, McAfee SiteAdvisor, abuse.ch and many more.)<br>
- Identifies the ISPs and BGP AS of your target.<br>
- Smarter at identifying owned netblocks....<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/webappsec/2014/q1/1">CFP - IEEE Co-sponsored CyberSec2014 - Lebanon Section</a></strong>
<em>The Third International Conference on Cyber Security, Cyber Warfare, and Digital Forensic (Jan 02)</em><br>
All the registered papers will be submitted to IEEE for potential<br>
inclusion to IEEE Xplore as well as other Abstracting and Indexing (A&amp;I)<br>
databases.<br>
<br>
TITLE: The Third International Conference on Cyber Security, Cyber<br>
Warfare, and Digital Forensic (CyberSec2014)<br>
<br>
EVENT VENUE: Lebanese University, Lebanon<br>
<br>
CONFERENCE DATES: Apr. 29  May 1, 2014<br>
<br>
EVENT URL: <a  rel="nofollow" href="http://sdiwc.net/conferences/2014/cybersec2014/">http://sdiwc.net/conferences/2014/cybersec2014/</a><br>
<br>
OBJECTIVE: To provide a medium for...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/webappsec/2014/q1/0">Arachni v0.4.6-0.4.3 has been released (Open Source Web Application Security Scanner Framework)</a></strong>
<em>Tasos Laskos (Jan 02)</em><br>
Hey folks,<br>
<br>
There&apos;s a new version of Arachni, an Open Source, modular and<br>
high-performance Web Application Security Scanner Framework written in Ruby.<br>
<br>
Brief list of changes:<br>
<br>
Framework<br>
----------<br>
* Massively decreased RAM consumption.<br>
* Amount of performed requests cut down by 1/3 -- and thus 1/3 decrease in scan times.<br>
* Overhauled timing attack and boolean/differential analysis algorithms to fix<br>
  SQLi false-positives with misbehaving...<br>
</p>

 

<!-- MHonArc v2.6.16 -->
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/webappsec/2013/q4/6">DEFCON DCG Kerala Information Security Meet 2014 CFP is Open Now.</a></strong>
<em>Ajin Abraham (Dec 28)</em><br>
About DEFCON DCG Kerala<br>
=================<br>
<br>
Defcon DCG Kerala (DC0497) is a Defcon USA Registered group for<br>
promoting and demonstrating research and development in the field of<br>
Information Security. We are a group of Information Security<br>
Enthusiasts actively interested in promoting information security.<br>
Defcon Kerala is a platform for security analysts, ethical hackers,<br>
professionals and students to present their technical research papers<br>
and show...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/webappsec/2013/q4/5">WebSurgery v1.1 released (Web application security testing suite)</a></strong>
<em>John Stamatakis (Nov 11)</em><br>
Overview<br>
========<br>
Sunrise is proudly announces WebSurgery v1.1! <br>
<br>
WebSurgery is a suite of tools for security testing of web applications. It<br>
is designed to address the ongoing needs of security auditors so to<br>
facilitate them with web application planning and exploitation. Suite<br>
currently contains a spectrum of efficient, fast and stable web tools<br>
(Crawler, Bruteforcer, Fuzzer, Proxy, Editor) and some extra functionality<br>
tools (Scripting Filters,...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/webappsec/2013/q4/4">[CVE-2013-2751, CVE-2013-2752] NETGEAR ReadyNAS Remote Root</a></strong>
<em>Craig Young (Oct 22)</em><br>
NETGEAR ReadyNAS with firmware 4.2.x before 4.2.24 and 4.1.x before<br>
4.1.12 is prone to command injection from an unauthenticated HTTP GET<br>
request.  This vulnerability can lead to complete root access as<br>
outlined on the Tripwire blog:<br>
<a  rel="nofollow" href="http://www.tripwire.com/state-of-security/vulnerability-management/readynas-flaw-allows-root-access-unauthenticated-http-request/">http://www.tripwire.com/state-of-security/vulnerability-management/readynas-flaw-allows-root-access-unauthenticated-http-request/</a><br>
<br>
If you have not already, I strongly advise all ReadyNAS administrators<br>
to apply the...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/webappsec/2013/q4/3">OWASP Vulnerable Web Applications Directory Project</a></strong>
<em>psiinon (Oct 19)</em><br>
The OWASP Vulnerable Web Applications Directory (VWAD) Project is a<br>
comprehensive and well maintained registry of all known vulnerable web<br>
applications currently available. These vulnerable web applications<br>
can be used by web developers, security auditors and penetration<br>
testers to put in practice their knowledge and skills during training<br>
sessions (and especially afterwards), as well as to test at any time<br>
the multiple hacking tools and...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/webappsec/2013/q4/2">Re: OWASP Vulnerable Web Applications Directory Project</a></strong>
<em>psiinon (Oct 19)</em><br>
And in converting my original email to text format the link got lost ;)<br>
<br>
The project is here:<br>
<a  rel="nofollow" href="https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project">https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project</a><br>
<br>
Simon<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/webappsec/2013/q4/1">OWASP Xenotix XSS Exploit Framework 4.5 is Relesed</a></strong>
<em>Ajin Abraham (Oct 16)</em><br>
Hello,<br>
         OWASP Xenotix XSS Exploit Framework V4.5 is Released.<br>
<br>
OWASP Xenotix XSS Exploit Framework is an advanced Cross Site<br>
Scripting (XSS) vulnerability detection and exploitation framework. It<br>
provides Zero False Positive scan results with its unique Triple<br>
Browser Engine (Trident, WebKit, and Gecko) embedded scanner. It is<br>
claimed to have the world’s 2nd largest XSS Payloads of about 1500+<br>
distinctive XSS Payloads for effective XSS...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/webappsec/2013/q4/0">ImmuniWeb® Self-Fuzzer</a></strong>
<em>ImmuniWeb® Self-Fuzzer (Oct 02)</em><br>
ImmuniWeb® Self-Fuzzer is a simple Firefox browser extension designed to <br>
detect Cross-Site Scripting (XSS) and SQL Injection vulnerabilities in <br>
web applications.<br>
<br>
It demonstrates how rapidly and easily these two most common types of <br>
web vulnerabilities can be found even by a person who is not familiar <br>
with web security.<br>
<br>
ImmuniWeb® Self-Fuzzer is not a web application security scanner or <br>
crawler, but a real-time web fuzzer. Once being...<br>
</p>

 

<!-- MHonArc v2.6.16 -->
</blockquote>
</div>
<BR>
<A NAME="dailydave"></A>
<div style="clear: right">
<A HREF="/dailydave/"><img src="/images/dailydave-logo.png" border="0" width="80" align="right" alt="dailydave logo"></A><B><A HREF="/dailydave/">Daily Dave</A></B> &mdash; This technical discussion list covers vulnerability research, exploit development, and security events/gossip.  It was started by <a href="http://www.immunitysec.com/">ImmunitySec</a> founder Dave Aitel and many security luminaries participate.  Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.<BR><ul class="inline"><li class="first"><A HREF="/dailydave/2014/q1/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Current Quarter</A></li>
<li>&nbsp;<A HREF="/dailydave/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/dailydave.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://lists.immunitysec.com/mailman/listinfo/dailydave"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-dailydave" href="javascript:show_latest('dailydave')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-dailydave" style="display: none" href="javascript:hide_latest('dailydave')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-dailydave" style="display: none">
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/dailydave/2014/q1/1">Stuxnet Class</a></strong>
<em>Dave Aitel (Jan 06)</em><br>
<a  rel="nofollow" href="http://opencfp.immunityinc.com/cfp/1/">http://opencfp.immunityinc.com/cfp/1/</a><br>
<br>
So far we have 13 talks up for your review - the system is working<br>
pretty well I think and I know there will be a few more added shortly.<br>
So submit your talks now! Sometimes people wonder if program analysis<br>
and related topics are offensive, and *I* think they are. The crowd gets<br>
to decide!<br>
<br>
Even during the holiday season I noticed people were signing up for the<br>
Master Class (reminder: THIS SELLS OUT EVERY...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dailydave/2014/q1/0">Systems Programming</a></strong>
<em>Dave Aitel (Jan 06)</em><br>
So the thing about writing trojans is that they end up being large scale<br>
systems programs. What I mean by that, is one second your thinking about<br>
all the cool stuff you can do with covert channels and P2P networks and<br>
internal cryptographics, and the very next second, once any of that<br>
stuff is even halfway working, you are neck deep in figuring out COM<br>
programming and what the hell an Apartment Threading Model is.<br>
<br>
Windows NAMES all the painful...<br>
</p>

 

<!-- MHonArc v2.6.16 -->
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/dailydave/2013/q4/70">ObamaCare California website -- 500K users&apos; info	vulnerable to exfiltration</a></strong>
<em>Kristian Erik Hermansen (Dec 26)</em><br>
Happy Holidays to the list! :)<br>
<br>
ObamaCare California flaws exposing half a million members&apos; data.<br>
Informed them earlier of some issues, but due to short staff and<br>
people on vacation, it is probably taking Accenture longer to react.<br>
With such large flaws, hopefully they will get fixed sooner rather<br>
than later...<br>
<br>
<a  rel="nofollow" href="http://www.reddit.com/r/netsec/comments/1tqb1q/obamacare_california_website_flaws_500k_users/">http://www.reddit.com/r/netsec/comments/1tqb1q/obamacare_california_website_flaws_500k_users/</a><br>
<br>
<a  rel="nofollow" href="http://youtu.be/adwNpYJ_Ksk">http://youtu.be/adwNpYJ_Ksk</a>...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dailydave/2013/q4/69">Re: 2013 - A New Hope</a></strong>
<em>Haroon Meer (Dec 26)</em><br>
Hi Dave (all)<br>
<br>
Your point on corporations vs. governments is well made, but I still<br>
don&apos;t easily get to the point where we have killed off the &quot;Cyber is<br>
asymmetric&quot; meme.<br>
<br>
It is clear from the leaks that the US IC has invested a lot (more<br>
than many other countries can afford to), and reaps the rewards of<br>
that investment (backing your argument that its symmetrical) but at<br>
the same time, &quot;leaks&quot; which are to be...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dailydave/2013/q4/68">Re: 2013 - A New Hope</a></strong>
<em>Katie M (Dec 26)</em><br>
  We, with our background in attacks/offense, who have taken on the mission<br>
to defend, have embedded ourselves inside these corporations for years to<br>
essentially &quot;backdoor&quot; more meaningful security improvements into them.<br>
Over these years, we have been buffeted from both sides by our<br>
offense-oriented brethren and by the often conservative organizations who<br>
pay our salaries, as we raged against the corporate machine.<br>
<br>
This year, as the...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/dailydave/2013/q4/67">Re: 2013 - A New Hope</a></strong>
<em>Dominique Brezinski (Dec 24)</em><br>
I think you just highlighted the catalyst for a truly Gibson-esque future<br>
where the power of corporations greatly supersedes governments. When<br>
corporations are forced to turn their resources and innovation towards<br>
defending against governments, their agility and cross-border capability<br>
will play to their advantage. Taxation is an example on the finance side.<br>
We will see how it plays out on the information side.<br>
<br>
Dom<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dailydave/2013/q4/66">2013 - A New Hope</a></strong>
<em>Dave Aitel (Dec 24)</em><br>
2013 - A New Hope<br>
<br>
So I hesitate to make predictions, but I think it&apos;s important to at some<br>
level acknowledge that 2013 was a huge year for information security. A<br>
few things happened... :<br>
<br>
o The rebirth of managed security services.<br>
<br>
When you don&apos;t care about bringing hackers to court, but you DO care<br>
about the security of your IP, you start to evolve a very different<br>
fabric on your network and you need a completely different...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/dailydave/2013/q4/65">The NSA Task Force Document.</a></strong>
<em>Dave Aitel (Dec 19)</em><br>
I wanted to cover some of the issues with the NSA Task Force document. I&apos;ll<br>
begin abruptly here:<br>
<br>
The document recommends splitting the NSA up quite a bit - specifically<br>
moving defense (INFOSEC otherwise known as IAD) to one organization, and<br>
offense (SIGINT, TAO, etc.) to another.<br>
<br>
It also recommends drastic changes to the way classified information is<br>
stored and used, and a massive about-shift in how the SIGINT community<br>
handles 0day.<br>
<br>
As...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dailydave/2013/q4/64">Capstone 1.0 disassembly framework release!</a></strong>
<em>Nguyen Anh Quynh (Dec 19)</em><br>
Hi,<br>
<br>
We are excited to announce the 1.0 version for Capstone, the multi-arch,<br>
multi-platform disassembly framework you are longing for!<br>
<br>
Why this engine is unique? Capstone offers some unparalleled features:<br>
<br>
- Support all important hardware architectures: ARM, ARM64 (aka ARMv8),<br>
Mips &amp; X86.<br>
- Clean/simple/lightweight/intuitive architecture-neutral API.<br>
- Provide details on disassembled instruction (called “decomposer” by<br>
others).<br>
-...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/dailydave/2013/q4/63">Re: Failing at Segue</a></strong>
<em>Anton Chuvakin (Dec 12)</em><br>
BTW, how *BAD* is it, really? Lately I&apos;ve been hearing numbers like<br>
5-10% of IT security/infosec budget being spent around IR (presumably<br>
including the cost of &quot;rinse-and-repeat&apos;ing&quot; those owned boxes. Does<br>
it sound about right to the esteemed list members here?<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/dailydave/2013/q4/62">Re: Failing at Segue</a></strong>
<em>Dave Dittrich (Dec 11)</em><br>
To your first point, I would rephrase it as &quot;You have to assume YOU CAN BE<br>
BREACHED&quot; and then accept that of {protection,detection,reaction} (or per<br>
NIST, {identify, protect, detect, respond, and recover}), you spent far too<br>
much money on trivially defeatable &quot;protection&quot; and &quot;detection&quot;, and<br>
seriously (to your detriment) UNDERFUNDED &quot;reaction&quot; or &quot;respond and<br>
recover.&quot; Information sharing helps...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/dailydave/2013/q4/61">Failing at Segue</a></strong>
<em>Dave Aitel (Dec 10)</em><br>
People are strange. For example, they often say &quot;You have to assume you<br>
are compromised!&quot; and then in the very next breath they are buying more<br>
perimeter equipment like Fireeye and WAF and whatnot. Likewise, people<br>
measuring &quot;click-rates&quot; on how many people clicked a phishing email, but<br>
a lot of the best client-side attacks are after hackers penetrate into<br>
your network. You don&apos;t see that much of it in the public eye...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/dailydave/2013/q4/60">Trying to parse the Washington Post&apos;s file format.</a></strong>
<em>Dave Aitel (Dec 09)</em><br>
&quot;The agency, from top to bottom, leadership to rank and file, feels that<br>
it is had no support from the White House even though it&apos;s been carrying<br>
out publicly approved intelligence missions,&quot; said Joel Brenner, NSA<br>
inspector general from 2002 to 2006. &quot;They feel they&apos;ve been hung out to<br>
dry, and they&apos;re right.&quot;...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dailydave/2013/q4/59">INFILTRATE, Java,	and Snow (which we have none of down here)</a></strong>
<em>Dave Aitel (Dec 09)</em><br>
Talks we are looking for at INFILTRATE 2014 (May, here in South Beach)<br>
include things that walk people through the process of finding and<br>
exploiting 0days in things. Which sounds obvious, but frankly a lot of<br>
talks focus on their successful exploit, and don&apos;t talk about the many<br>
failures and issues that had to be fought through on the way to #.<br>
<br>
As a demonstration, Immunity&apos;s own Esteban gave this talk last year, and<br>
I thought it was...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/dailydave/2013/q4/58">INFILTRATE, ILLITHID, INNUENDO, and more I words.</a></strong>
<em>Dave Aitel (Dec 02)</em><br>
So Nico pointed me at this the other day: <a  rel="nofollow" href="http://seatool.org/">http://seatool.org/</a> which is a<br>
SMT solver exploit analysis thingy. I don&apos;t know if that &quot;product<br>
category&quot; has a Gartner Magic Rectangle yet. Regardless, these tools are<br>
fun to check out, and I&apos;m hopeful we&apos;ll see some of this kind of work at<br>
INFILTRATE 2014!<br>
<br>
For our own work, supported by the CFT program at DARPA, we built a tool<br>
called ILLITHID. We&apos;ve not gone public with...<br>
</p>

 

<!-- MHonArc v2.6.16 -->
</blockquote>
</div>
<BR>
<A NAME="pauldotcom"></A>
<div style="clear: right">
<A HREF="/pauldotcom/"><img src="/images/pauldotcom-logo.png" border="0" width="80" align="right" alt="pauldotcom logo"></A><B><A HREF="/pauldotcom/">PaulDotCom</A></B> &mdash; General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.<BR><ul class="inline"><li class="first"><A HREF="/pauldotcom/2014/q1/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Current Quarter</A></li>
<li>&nbsp;<A HREF="/pauldotcom/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/pauldotcom.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-pauldotcom" href="javascript:show_latest('pauldotcom')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-pauldotcom" style="display: none" href="javascript:hide_latest('pauldotcom')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-pauldotcom" style="display: none">
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/pauldotcom/2014/q1/1">Re: Tenable PVS on a pen test</a></strong>
<em>David Maynor (Jan 06)</em><br>
Simple seems best for me. I like to run PVS on a VM running at the same time as my attack VM. That way it doesn’t <br>
matter where my target is I am getting the front/back analysis. It works really well in this config along with a Kali <br>
image. You have no idea when a ../../.. at the most random time will get you a word file back. PVS is really good a <br>
keeping this straight for you.<br>
<br>
I am trying to finish up a blog post about pentesting with PVS...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/pauldotcom/2014/q1/0">Re: Tenable PVS on a pen test</a></strong>
<em>Ron Gula (Jan 02)</em><br>
We’ve had a lot of interest in PVS from the pen tester community.<br>
<br>
As a sniffer, you should deploy it on a span port, but that isn’t always an option.<br>
<br>
If you can deploy it on a heavily visited system, you can run it there. The PVS runs fine on Sharepoint, Exchange, .etc <br>
and it will fingerprint and record the vulns of all systems that visit it over HTTP, SMB, .etc.<br>
<br>
The most ideal deployment of the PVS is with cooperation from the team you...<br>
</p>

 

<!-- MHonArc v2.6.16 -->
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/pauldotcom/2013/q4/160">Re: Reverse shell script</a></strong>
<em>xgermx (Dec 29)</em><br>
You may want to look into something like EgressBuster from TrustedSec<br>
(David Kennedy), written in Python.<br>
<a  rel="nofollow" href="https://www.trustedsec.com/july-2012/egress-buster-reverse-bypassav/">https://www.trustedsec.com/july-2012/egress-buster-reverse-bypassav/</a><br>
Or FireBuster, which is written in PowerShell. <a  rel="nofollow" href="http://roo7break.co.uk/?p=758">http://roo7break.co.uk/?p=758</a><br>
Both will attempt to brute force their way, port-by-port, until they find a<br>
way out of the network (very noisy!)<br>
<br>
I don&apos;t think these tools natively play very nicely with internal proxies,<br>
so...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/pauldotcom/2013/q4/159">Tenable PVS on a pen test</a></strong>
<em>Larry Petty (Dec 27)</em><br>
I&apos;m a long time nessus user and love it. (I am forced to use Qualys for<br>
MSSP clients due to Tenable licensing,  but that&apos;s a different topic.) I<br>
recently purchased a PVS license and have been using it with great success<br>
on security arch reviews and internal vulnerability assessments.<br>
<br>
I know some are using PVS on pen tests. How is this being employed without<br>
the use of a network tap or span port?  In my experience,  most customers...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/pauldotcom/2013/q4/158">Reverse shell script</a></strong>
<em>Larry Petty (Dec 27)</em><br>
I&apos;m looking for a better way to get my Mac mini&apos;s and Window&apos;s machines to<br>
call home when I ship them to a client. I would like a solution that tries<br>
various outbound ports if the first fails.<br>
<br>
I&apos;m currently using OpenVPN. This generally works,  but won&apos;t check another<br>
port if 443 falls.<br>
<br>
Do you know of a solution for each OS? Maybe a script that does a reverse<br>
shell on a list of ports?<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/pauldotcom/2013/q4/157">Early Christmas present: WhiteChapel-NG released</a></strong>
<em>Rob Fuller (Dec 27)</em><br>
Only requirement is Ruby on Rails and Postgres (easy to put with your<br>
metasploit instance)<br>
<br>
<a  rel="nofollow" href="https://github.com/mubix/whitechapel-ng">https://github.com/mubix/whitechapel-ng</a><br>
<br>
Demo site: <a  rel="nofollow" href="http://whitechapel-dev-64104.use1.actionbox.io/">http://whitechapel-dev-64104.use1.actionbox.io/</a><br>
<br>
99.9% of the work was done by @Nullthreat<br>
<br>
If you don&apos;t know what White-Chapel is, it&apos;s a interface that<br>
generates password hashes based on clear text passwords and stores<br>
them. It&apos;s a way to store all of your cracked password in a way that...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/pauldotcom/2013/q4/156">Re: Average attorney fees for pen-test	contracts/contract	template</a></strong>
<em>Jason Drury (Dec 19)</em><br>
Legalzoom has a &quot;Legal Plans Attorneys&quot; you may want to check out: <br>
<a  rel="nofollow" href="https://www.legalzoom.com/attorneys-lawyers/legal-plans/business">https://www.legalzoom.com/attorneys-lawyers/legal-plans/business</a><br>
<br>
Hello,<br>
<br>
I am working on budgeting for the insurance and legal for the pen-testing side of my business.<br>
I wanted to have an idea of what are usually the average fees for getting contracts drafted or a contract template <br>
drafted by an attorney in the case of penetration testing projects.<br>
<br>
I know a lot of...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/pauldotcom/2013/q4/155">Re: Import and Export Encryption standard</a></strong>
<em>Dean Will (Dec 18)</em><br>
not sure if this is what you wanted. Put this together a couple of years ago. please do not use my name or email with <br>
this.<br>
thanks<br>
<br>
Will Sends:<br>
<br>
****INTERNET E-MAIL PRIVILEGED INFORMATION FOOTER**** <br>
<br>
This email, including any attached files, may contain confidential and privileged information for the sole use of the <br>
intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/pauldotcom/2013/q4/154">Toolsmith Tool of the Year</a></strong>
<em>Tim Tomes (Dec 18)</em><br>
All,<br>
<br>
Voting for Toolsmith Tool of the Year is going on now. Recon-ng was<br>
nominated as the May entry. I certainly would appreciate your vote. Thanks<br>
all!<br>
<br>
<a  rel="nofollow" href="http://holisticinfosec.blogspot.com/">http://holisticinfosec.blogspot.com/</a><br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/pauldotcom/2013/q4/153">Re: [GPWN-list] Average attorney fees for pen-test	contracts/contract template</a></strong>
<em>Jamil Ben Alluch (Dec 18)</em><br>
Very true.<br>
<br>
I do most of my business in Canada.<br>
<br>
ᐧ<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/pauldotcom/2013/q4/152">Average attorney fees for pen-test contracts/contract	template</a></strong>
<em>Jamil Ben Alluch (Dec 18)</em><br>
Hello,<br>
<br>
I am working on budgeting for the insurance and legal for the pen-testing<br>
side of my business.<br>
I wanted to have an idea of what are usually the average fees for getting<br>
contracts drafted or a contract template drafted by an attorney in the case<br>
of penetration testing projects.<br>
<br>
I know a lot of times it might be very project dependent, but I wanted to<br>
get a general idea of how much this would normally cost and get a feel for<br>
the variation...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/pauldotcom/2013/q4/151">Re: [GPWN-list] Average attorney fees for pen-test	contracts/contract template</a></strong>
<em>Robin Wood (Dec 18)</em><br>
What country are you in? Will make a lot of difference I&apos;d imagine.<br>
<br>
Robin<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/pauldotcom/2013/q4/150">Re: Import and Export Encryption standard</a></strong>
<em>V IP (Dec 13)</em><br>
Hi,<br>
Can someone provide a pointer as where to get Import and Export Encryption standard for each countries?<br>
Thanks<br>
                                          _______________________________________________<br>
Pauldotcom mailing list<br>
Pauldotcom () mail pauldotcom com<br>
<a  rel="nofollow" href="http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom">http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom</a><br>
Main Web Site: <a  rel="nofollow" href="http://pauldotcom.com">http://pauldotcom.com</a><br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/pauldotcom/2013/q4/149">Re: RES: New IP addresses range for google?</a></strong>
<em>KP (Dec 10)</em><br>
Yoi just have to love the French.  Nice job to those that found it so<br>
quickly and lets hope not much was taken from those that did it thos time.<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/pauldotcom/2013/q4/148">RES:  New IP addresses range for google?</a></strong>
<em>Samuel Riesz (Dec 10)</em><br>
<a  rel="nofollow" href="http://nakedsecurity.sophos.com/2013/12/09/serious-security-google-finds-fake-but-trusted-ssl-certificates-for-its-domains-made-in-france/">http://nakedsecurity.sophos.com/2013/12/09/serious-security-google-finds-fake-but-trusted-ssl-certificates-for-its-domains-made-in-france/</a><br>
<br>
__________________________________<br>
Samuel Riesz<br>
________________________________<br>
De: pauldotcom-bounces () mail pauldotcom com [pauldotcom-bounces () mail pauldotcom com] em nome de Liam Randall <br>
[liam.randall () gigaco com]<br>
Enviado: terça-feira, 10 de dezembro de 2013 12:42<br>
Para: PaulDotCom Security Weekly...<br>
</p>

 

<!-- MHonArc v2.6.16 -->
</blockquote>
</div>
<BR>
<A NAME="honeypots"></A>
<div style="clear: right">
<A HREF="/honeypots/"><img src="/images/honeypots-logo.png" border="0" width="80" align="right" alt="honeypots logo"></A><B><A HREF="/honeypots/">Honeypots</A></B> &mdash; Discussions about tracking attackers by setting up decoy honeypots or entire <A HREF="http://www.honeynet.org">honeynet</A> networks.<BR><ul class="inline"><li class="first"><A HREF="/honeypots/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/honeypots.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://www.securityfocus.com/archive/119/description"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-honeypots" href="javascript:show_latest('honeypots')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-honeypots" style="display: none" href="javascript:hide_latest('honeypots')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-honeypots" style="display: none">
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/honeypots/2013/q1/0">Honeypot malware archives</a></strong>
<em>Matteo Cantoni (Feb 14)</em><br>
Hello everyone,<br>
<br>
I would like share with you for educational purposes and without any<br>
commercial purpose, data collected by the my homemade honeypot.<br>
Nothing new, nothing shocking, nothing sensational... but I think can<br>
be of interest to newcomers to the world of analysis of malware,<br>
botnets, etc... maybe for a thesis.<br>
<br>
The files collected are divided into zip archives, in alphabetical<br>
order, with password (which must be request via email). Some...<br>
</p>

 

<!-- MHonArc v2.6.16 -->
</blockquote>
</div>
<BR>
<A NAME="microsoft"></A>
<div style="clear: right">
<A HREF="/microsoft/"><img src="/images/microsoft-logo.png" border="0" width="80" align="right" alt="microsoft logo"></A><B><A HREF="/microsoft/">Microsoft Sec Notification</A></B> &mdash; Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products&mdash;note how most have a prominent and often-misleading "mitigating factors" section.<BR><ul class="inline"><li class="first"><A HREF="/microsoft/2013/q4/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Previous Quarter</A></li>
<li>&nbsp;<A HREF="/microsoft/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/microsoft.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://www.microsoft.com/technet/security/bulletin/notify.mspx"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-microsoft" href="javascript:show_latest('microsoft')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-microsoft" style="display: none" href="javascript:hide_latest('microsoft')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-microsoft" style="display: none">
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/microsoft/2013/q4/24">Microsoft Security Bulletin Minor Revisions</a></strong>
<em>Microsoft (Dec 21)</em><br>
********************************************************************<br>
Title: Microsoft Security Bulletin Minor Revisions<br>
Issued: December 20, 2013<br>
********************************************************************<br>
<br>
Summary<br>
=======<br>
The following bulletins have undergone minor revision increments. <br>
Please see the bulletins for more details.<br>
  <br>
 * MS13-096<br>
 * MS13-098<br>
<br>
Bulletin Information:<br>
=====================<br>
<br>
* MS13-096 - Critical<br>
<br>
  -...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/microsoft/2013/q4/23">Microsoft Security Bulletin Minor Revisions</a></strong>
<em>Microsoft (Dec 19)</em><br>
********************************************************************<br>
Title: Microsoft Security Bulletin Minor Revisions<br>
Issued: December 18, 2013<br>
********************************************************************<br>
<br>
Summary<br>
=======<br>
The following bulletins have undergone minor revision increments. <br>
Please see the bulletins for more details.<br>
  <br>
 * MS13-075<br>
 * MS13-098<br>
<br>
Bulletin Information:<br>
=====================<br>
<br>
* MS13-075 - Important<br>
<br>
  -...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/microsoft/2013/q4/22">Microsoft Security Bulletin Minor Revisions</a></strong>
<em>Microsoft (Dec 17)</em><br>
********************************************************************<br>
Title: Microsoft Security Bulletin Minor Revisions<br>
Issued: December 16, 2013<br>
********************************************************************<br>
<br>
Summary<br>
=======<br>
The following bulletins have undergone minor revision increments. <br>
Please see the bulletins for more details.<br>
  <br>
 * MS13-081<br>
 * MS13-062<br>
 * MS13-054<br>
 * MS13-050<br>
 * MS13-046 <br>
 * MS13-039<br>
 * MS13-006<br>
 * MS13-004<br>
 *...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/microsoft/2013/q4/21">Microsoft Security Advisory Notification</a></strong>
<em>Microsoft (Dec 13)</em><br>
********************************************************************<br>
Title: Microsoft Security Advisory Notification<br>
Issued: December 13, 2013<br>
********************************************************************<br>
<br>
Security Advisories Updated or Released Today<br>
==============================================<br>
<br>
* Microsoft Security Advisory (2915720)<br>
  - Title: Changes in Windows Authenticode Signature Verification<br>
  -...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/microsoft/2013/q4/20">Microsoft Security Advisory Notification</a></strong>
<em>Microsoft (Dec 12)</em><br>
********************************************************************<br>
Title: Microsoft Security Advisory Notification<br>
Issued: December 12, 2013<br>
********************************************************************<br>
<br>
Security Advisories Updated or Released Today<br>
==============================================<br>
<br>
* Microsoft Security Advisory (2916652)<br>
  - Title: Improperly Issued Digital Certificates Could Allow<br>
    Spoofing<br>
  -...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/microsoft/2013/q4/19">Microsoft Security Bulletin Minor Revisions</a></strong>
<em>Microsoft (Dec 11)</em><br>
********************************************************************<br>
Title: Microsoft Security Bulletin Minor Revisions<br>
Issued: December 10, 2013<br>
********************************************************************<br>
<br>
Summary<br>
=======<br>
The following bulletins have undergone minor revision increments. <br>
Please see the bulletins for more details.<br>
  <br>
 * MS13-096<br>
 * MS13-105<br>
<br>
Bulletin Information:<br>
=====================<br>
<br>
* MS13-096 - Critical<br>
<br>
  -...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/microsoft/2013/q4/18">Microsoft Security Advisory Notification</a></strong>
<em>Microsoft (Dec 10)</em><br>
********************************************************************<br>
Title: Microsoft Security Advisory Notification<br>
Issued: December 10, 2013<br>
********************************************************************<br>
<br>
Security Advisories Updated or Released Today<br>
==============================================<br>
<br>
* Microsoft Security Advisory (2915720)<br>
  - Title: Changes in Windows Authenticode Signature Verification<br>
  -...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/microsoft/2013/q4/17">Microsoft Security Bulletin Summary for December 2013</a></strong>
<em>Microsoft (Dec 10)</em><br>
********************************************************************<br>
Microsoft Security Bulletin Summary for December 2013<br>
Issued: December 10, 2013<br>
********************************************************************<br>
<br>
This bulletin summary lists security bulletins released for <br>
December 2013.<br>
<br>
The full version of the Microsoft Security Bulletin Summary for <br>
December 2013 can be found at <br>
<a  rel="nofollow" href="http://technet.microsoft.com/security/bulletin/ms13-dec">http://technet.microsoft.com/security/bulletin/ms13-dec</a>....<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/microsoft/2013/q4/16">Microsoft Security Advisory Notification</a></strong>
<em>Microsoft (Dec 09)</em><br>
********************************************************************<br>
Title: Microsoft Security Advisory Notification<br>
Issued: December 9, 2013<br>
********************************************************************<br>
<br>
Security Advisories Updated or Released Today<br>
==============================================<br>
<br>
* Microsoft Security Advisory (2916652)<br>
  - Title: Improperly Issued Digital Certificates Could Allow<br>
    Spoofing<br>
  -...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/microsoft/2013/q4/15">Microsoft Security Bulletin Advance Notification for December 2013</a></strong>
<em>Microsoft (Dec 05)</em><br>
********************************************************************<br>
Microsoft Security Bulletin Advance Notification for December 2013<br>
Issued: December 5, 2013<br>
********************************************************************<br>
<br>
This is an advance notification of security bulletins that <br>
Microsoft is intending to release on December 10, 2013.<br>
<br>
The full version of the Microsoft Security Bulletin Advance <br>
Notification for December 2013 can be...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/microsoft/2013/q4/14">Microsoft Security Advisory Notification</a></strong>
<em>Microsoft (Nov 27)</em><br>
********************************************************************<br>
Title: Microsoft Security Advisory Notification<br>
Issued: November 27, 2013<br>
********************************************************************<br>
<br>
Security Advisories Updated or Released Today<br>
==============================================<br>
<br>
* Microsoft Security Advisory (2914486)<br>
  - Title: Vulnerability in Microsoft Windows Kernel Could Allow<br>
    Elevation of Privilege<br>
  -...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/microsoft/2013/q4/13">Microsoft Security Advisory Notification</a></strong>
<em>Microsoft (Nov 12)</em><br>
********************************************************************<br>
Title: Microsoft Security Advisory Notification<br>
Issued: November 12, 2013<br>
********************************************************************<br>
<br>
Security Advisories Updated or Released Today<br>
==============================================<br>
<br>
* Microsoft Security Advisory (2755801)<br>
  - Title: Update for Vulnerabilities in Adobe Flash Player in <br>
    Internet Explorer<br>
  -...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/microsoft/2013/q4/12">Microsoft Security Bulletin Summary for November 2013</a></strong>
<em>Microsoft (Nov 12)</em><br>
********************************************************************<br>
Microsoft Security Bulletin Summary for November 2013<br>
Issued: November 12, 2013<br>
********************************************************************<br>
<br>
This bulletin summary lists security bulletins released for <br>
November 2013.<br>
<br>
The full version of the Microsoft Security Bulletin Summary for <br>
November 2013 can be found at <br>
<a  rel="nofollow" href="http://technet.microsoft.com/security/bulletin/ms13-nov">http://technet.microsoft.com/security/bulletin/ms13-nov</a>....<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/microsoft/2013/q4/11">Microsoft Security Bulletin Advance Notification for November 2013</a></strong>
<em>Microsoft (Nov 07)</em><br>
********************************************************************<br>
Microsoft Security Bulletin Advance Notification for November 2013<br>
Issued: November 7, 2013<br>
********************************************************************<br>
<br>
This is an advance notification of security bulletins that <br>
Microsoft is intending to release on November 12, 2013.<br>
<br>
The full version of the Microsoft Security Bulletin Advance <br>
Notification for November 2013 can be...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/microsoft/2013/q4/10">Microsoft Security Bulletin Minor Revisions</a></strong>
<em>Microsoft (Nov 06)</em><br>
********************************************************************<br>
Title: Microsoft Security Bulletin Minor Revisions<br>
Issued: November 6, 2013<br>
********************************************************************<br>
<br>
Summary<br>
=======<br>
The following bulletins have undergone minor revision increments. <br>
Please see the bulletins for more details.<br>
  <br>
 * MS13-067<br>
 * MS13-084<br>
 * MS13-SEP<br>
 * MS13-OCT<br>
<br>
Bulletin Information:<br>
=====================<br>
<br>
* MS13-067 -...<br>
</p>

 

<!-- MHonArc v2.6.16 -->
</blockquote>
</div>
<BR>
<A NAME="funsec"></A>
<div style="clear: right">
<A HREF="/funsec/"><img src="/images/funsec-logo.png" border="0" width="80" align="right" alt="funsec logo"></A><B><A HREF="/funsec/">Funsec</A></B> &mdash; While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community<BR><ul class="inline"><li class="first"><A HREF="/funsec/2014/q1/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Current Quarter</A></li>
<li>&nbsp;<A HREF="/funsec/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/funsec.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://linuxbox.org/cgi-bin/mailman/listinfo/funsec"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-funsec" href="javascript:show_latest('funsec')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-funsec" style="display: none" href="javascript:hide_latest('funsec')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-funsec" style="display: none">
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/funsec/2014/q1/3">[HITB-Announce] HITB Magazine Issue 10 Out Now</a></strong>
<em>Hafez Kamal (Jan 07)</em><br>
Issue #10 is now available!<br>
<br>
Hello readers and welcome to the somewhat overdue Issue 010 of HITB<br>
Magazine. As they say, better late than never!<br>
<br>
Since the last issue, we&apos;ve also changed the HITB Security Conference<br>
Call for Papers submission guidelines to now require speakers to submit<br>
a research &apos;white paper&apos; to accompany their talk. The first round of<br>
papers came to us via #HITB2013KUL in October and thankfully we now have<br>
loads...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/funsec/2014/q1/2">Accuracy of Internet polls and reviews ...</a></strong>
<em>Rob, grandpa of Ryan, Trevor, Devon &amp; Hannah (Jan 07)</em><br>
<a  rel="nofollow" href="http://www.cbc.ca/newsblogs/yourcommunity/2014/01/sea-world-accused-of-fishy-">http://www.cbc.ca/newsblogs/yourcommunity/2014/01/sea-world-accused-of-fishy-</a><br>
pr-practices-rigging-blackfish-poll.html<br>
<br>
or<br>
<br>
<a  rel="nofollow" href="http://is.gd/7QYKhL">http://is.gd/7QYKhL</a><br>
<br>
&quot;It would appear curious then, with so much public outcry, that in a Dec. 31 <br>
Orlando Business Journal poll asking readers whether or not CNNs Blackfish <br>
documentary [had] changed [their] perception of SeaWorld 99 per cent of <br>
respondents claimed &quot;No.&quot;<br>
<br>
&quot;Sensing something fishy,...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/funsec/2014/q1/1">Facebook sued for invading users’ priv	acy</a></strong>
<em>Jeffrey Walton (Jan 03)</em><br>
<a  rel="nofollow" href="http://bgr.com/2014/01/03/facebook-class-action-suit-messages-privacy/">http://bgr.com/2014/01/03/facebook-class-action-suit-messages-privacy/</a><br>
<br>
Two Facebook users this week filed a class action complaint against<br>
the social network, Ars Technica reports, alleging that the messaging<br>
system inside Facebook is not as private as it’s advertised to be, and<br>
that the company actively mines for data from personal messages and<br>
generates likes based on the content exchanged between users. Facebook<br>
described its messaging...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/funsec/2014/q1/0">Saving the world from bamboo ...</a></strong>
<em>Rob, grandpa of Ryan, Trevor, Devon &amp; Hannah (Jan 02)</em><br>
&quot;U.S. customs officials last week destroyed 11 rare flutes by a respected Canadian <br>
musician who was returning home via New York&apos;s John F. Kennedy International <br>
Airport. But the agency isn&apos;t apologizing for the incident -- it says the flutes were <br>
an ecological threat.&quot;<br>
 <br>
<a  rel="nofollow" href="http://thecable.foreignpolicy.com/posts/2014/1/2/is_2014_the_year_scotland_fina">http://thecable.foreignpolicy.com/posts/2014/1/2/is_2014_the_year_scotland_fina</a><br>
lly_gains_independence#sthash.4UeLPJv3.6vLAZAHx.dpuf<br>
<br>
======================...<br>
</p>

 

<!-- MHonArc v2.6.16 -->
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/funsec/2013/q4/98">My New Year&apos;s Resolution</a></strong>
<em>Rob, grandpa of Ryan, Trevor, Devon &amp; Hannah (Dec 31)</em><br>
1920 x 1080<br>
<br>
======================  (quote inserted randomly by Pegasus Mailer)<br>
rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org<br>
I&apos;m all in favor of keeping dangerous weapons out of the hands of<br>
fools.  Let&apos;s start with typewriters.           - Frank Lloyd Wright<br>
victoria.tc.ca/techrev/rms.htm <a  rel="nofollow" href="http://www.infosecbc.org/links">http://www.infosecbc.org/links</a><br>
<a  rel="nofollow" href="http://blogs.securiteam.com/index.php/archives/author/p1/">http://blogs.securiteam.com/index.php/archives/author/p1/</a>...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/funsec/2013/q4/97">NSA hardware intercepting gear</a></strong>
<em>Rob, grandpa of Ryan, Trevor, Devon &amp; Hannah (Dec 31)</em><br>
<a  rel="nofollow" href="http://www.scribd.com/collections/4411280/Applebaum-NSA-Files">http://www.scribd.com/collections/4411280/Applebaum-NSA-Files</a><br>
<br>
I really should apply for a job with the NSA.  I&apos;ve got all these old files from a <br>
quarter century ago, where we discussed all these things they are doing now.  If <br>
they are trying to resurrect the AF/91 virus myth (aka the &quot;Desert Storm&quot; virus, <br>
which the Pentagon press office once mistakenly confirmed existed), I&apos;m sure <br>
there are some great ideas in all of our...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/funsec/2013/q4/96">TSA&apos;s 12 Banned Items of Christmas</a></strong>
<em>Rob, grandpa of Ryan, Trevor, Devon &amp; Hannah (Dec 27)</em><br>
<a  rel="nofollow" href="http://www.youtube.com/watch?v=luNfghUnvFg">http://www.youtube.com/watch?v=luNfghUnvFg</a><br>
<br>
OK, maybe a bit late, but you can use it as a self-check coming home from visiting <br>
for Christmas ...<br>
<br>
======================  (quote inserted randomly by Pegasus Mailer)<br>
rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org<br>
I&apos;m fairly sure Linux exists principally because writing an<br>
operating system probably seems like a good way to pass the<br>
&lt;bignum&gt; months of...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/funsec/2013/q4/95">Re: Exclusive: Secret contract tied NSA and security industry pioneer</a></strong>
<em>Jeffrey Walton (Dec 20)</em><br>
I wonder what the NSA got in return for the $25 million deal with Certicom.<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/funsec/2013/q4/94">Re: Exclusive: Secret contract tied NSA and security industry pioneer</a></strong>
<em>Rich Kulawiec (Dec 20)</em><br>
Indeed.<br>
<br>
Now: everyone who thinks that the NSA only did this *once* raise<br>
your hand.<br>
<br>
That&apos;s what I thought.<br>
<br>
---rsk<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/funsec/2013/q4/93">OK,	who&apos;s still interested in going to the RSA conf this year?</a></strong>
<em>Rob, grandpa of Ryan, Trevor, Devon &amp; Hannah (Dec 20)</em><br>
&quot;NSA created and promulgated a flawed formula for generating random numbers to <br>
create a &quot;back door&quot; in encryption products. Reuters later reported that RSA <br>
became the most important distributor of that formula by rolling it into a software <br>
tool called Bsafe that is used to enhance security in personal computers and many <br>
other products.<br>
<br>
&quot;Undisclosed until now was that RSA received $10 million in a deal that set the <br>
NSA...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/funsec/2013/q4/92">Exclusive: Secret contract tied NSA and security industry	pioneer</a></strong>
<em>Paul Ferguson (Dec 20)</em><br>
Whoa, Nelly.<br>
<br>
&quot;As a key part of a campaign to embed encryption software that it could<br>
crack into widely used computer products, the U.S. National Security<br>
Agency arranged a secret $10 million contract with RSA, one of the most<br>
influential firms in the computer security industry, Reuters has learned.<br>
<br>
&quot;Documents leaked by former NSA contractor Edward Snowden show that the<br>
NSA created and promulgated a flawed formula for generating random...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/funsec/2013/q4/91">It&apos;ll work!  Trust us!</a></strong>
<em>Rob, grandpa of Ryan, Trevor, Devon &amp; Hannah (Dec 20)</em><br>
The &quot;Northern Gateway Pipeline&quot; (nee &quot;Enbridge Pipeline,&quot; and rebranded because <br>
of violent opposition to the initial inept PR campaign) has passed it&apos;s initial <br>
review.<br>
<br>
So we are told, because the Website where the decision was posted immediately <br>
folded under the load of requests for the details.<br>
<br>
It&apos;s hard to have confidence in the people building a pipeline, and telling you that <br>
the immense dangers will all be...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/funsec/2013/q4/90">Re: Texting via vodka</a></strong>
<em>RL Vaughn (Dec 20)</em><br>
                                                  There  ^^^^<br>
Fixed it for you, right, eh?<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/funsec/2013/q4/89">Texting via vodka</a></strong>
<em>Rob, grandpa of Ryan, Trevor, Devon &amp; Hannah (Dec 20)</em><br>
In an important breakthrough in communications technology, researchers have <br>
managed to transmit data without using wires. light, or radio waves.<br>
<br>
<a  rel="nofollow" href="http://www.ecanadanow.com/science/2013/12/20/researchers-successfully-send-">http://www.ecanadanow.com/science/2013/12/20/researchers-successfully-send-</a><br>
text-using-vodka/<br>
<br>
<a  rel="nofollow" href="http://timesofindia.indiatimes.com/home/science/In-a-first-text-message-using-">http://timesofindia.indiatimes.com/home/science/In-a-first-text-message-using-</a><br>
vodka-sent/articleshow/27669583.cms<br>
<br>
(Please note that this research does not appear to advocate texting while drunk.)<br>
<br>
(Given...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/funsec/2013/q4/88">My Choice?  No, thanks.</a></strong>
<em>Rob, grandpa of Ryan, Trevor, Devon &amp; Hannah (Dec 20)</em><br>
UPS is out to steal your data.  They want you to give it to them.<br>
<br>
 <a  rel="nofollow" href="http://articles.latimes.com/2013/oct/28/business/la-fi-lazarus-20131029">http://articles.latimes.com/2013/oct/28/business/la-fi-lazarus-20131029</a><br>
<br>
In the beginning (and you can go back and check the RISKS-Forum Digest <br>
archives), UPS deployed those clipboards with the digitizing pads for signatures.  <br>
And we hollered and said that next they&apos;d be selling databases of signatures (with <br>
associated names and addresses).  And they said they&apos;d...<br>
</p>

 

<!-- MHonArc v2.6.16 -->
</blockquote>
</div>
<BR>
<A NAME="cert"></A>
<div style="clear: right">
<A HREF="/cert/"><img src="/images/cert-logo.png" border="0" width="80" align="right" alt="cert logo"></A><B><A HREF="/cert/">CERT Advisories</A></B> &mdash; The <a href="http://www.cert.org/">Computer Emergency Response Team</a> has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.<BR><ul class="inline"><li class="first"><A HREF="/cert/2013/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Previous Year</A></li>
<li>&nbsp;<A HREF="/cert/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/cert.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://www.us-cert.gov/cas/signup.html"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-cert" href="javascript:show_latest('cert')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-cert" style="display: none" href="javascript:hide_latest('cert')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-cert" style="display: none">
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/cert/2013/67">Alert - Upcoming Mail Delivery Changes</a></strong>
<em>US-CERT Alerts (May 10)</em><br>
National Cyber Awareness System<br>
US-CERT Alert - Upcoming Mail Delivery Changes<br>
<br>
Thank you for being a subscriber to our US-CERT Alerts product.  We<br>
are striving to keep our capabilities at the leading edge of<br>
communication.  You may have noticed we&apos;ve redesigned and upgraded our<br>
website recently and as a part of that process, on May 14th, we are<br>
migrating to GovDelivery as our email subscription service.  As a<br>
current subscriber you will...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/cert/2013/66">Current Activity - Upcoming Mail Delivery Changes</a></strong>
<em>Current Activity (May 10)</em><br>
National Cyber Awareness System<br>
<br>
Thank you for being a subscriber to our US-CERT Current Activity<br>
product.  We are striving to keep our capabilities at the leading edge<br>
of communication.  You may have noticed we&apos;ve redesigned and upgraded<br>
our website recently and as a part of that process, on May 14th, we<br>
are migrating to GovDelivery as our email subscription service.  As a<br>
current subscriber you will need to do nothing.  You will notice a...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/cert/2013/65">Current Activity - Microsoft Releases Advance Notification for May 2013 Security Bulletin</a></strong>
<em>Current Activity (May 09)</em><br>
National Cyber Awareness System<br>
Microsoft Releases Advance Notification for May 2013 Security Bulletin<br>
<br>
Original release date: May 09, 2013<br>
<br>
Microsoft has issued a Security Bulletin Advanced Notification<br>
indicating that its May release will contain 10 bulletins. These<br>
bulletins will have the severity rating of critical and important and<br>
will be for Microsoft Windows, Office, Internet Explorer, .NET<br>
Framework, Lync, and Windows Essentials. These...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/cert/2013/64">Current Activity - Adobe Releases Security Advisory for ColdFusion</a></strong>
<em>Current Activity (May 09)</em><br>
National Cyber Awareness System<br>
Adobe Releases Security Advisory for ColdFusion<br>
<br>
Original release date: May 09, 2013<br>
<br>
Adobe has identified a critical vulnerability affecting ColdFusion 10,<br>
9.0.2, 9.0.1, 9.0, and earlier versions for Windows, Macintosh, and<br>
UNIX. This vulnerability (CVE-2013-3336) could permit an unauthorized<br>
user to remotely retrieve files stored on a server. There are reports<br>
that an exploit of this vulnerability is publicly...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/cert/2013/63">Current Activity - Microsoft Releases Security Advisory for Internet Explorer</a></strong>
<em>Current Activity (May 07)</em><br>
National Cyber Awareness System<br>
Microsoft Releases Security Advisory for Internet Explorer<br>
<br>
Original release date: May 07, 2013<br>
<br>
Microsoft is investigating public reports of a remote code execution<br>
vulnerability in Internet Explorer 8 and is aware of attacks that<br>
attempt to exploit this vulnerability. This vulnerability may allow an<br>
attacker to execute arbitrary code if a user accesses a specially<br>
crafted website. Microsoft is actively working...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/cert/2013/62">Current Activity - Cisco Releases Security Advisories</a></strong>
<em>Current Activity (Apr 25)</em><br>
National Cyber Awareness System<br>
Cisco Releases Security Advisories<br>
<br>
Original release date: April 25, 2013<br>
<br>
Cisco has released three security advisories to address vulnerabilities<br>
affecting Cisco NX-OS-based products, Cisco Device Manager, and Cisco<br>
Unified Computing System. These vulnerabilities may allow an attacker to<br>
bypass authentication controls, execute arbitrary code, obtain sensitive<br>
information, or cause a denial-of-service condition....<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/cert/2013/61">Current Activity - Apple Releases Security Updates for Safari</a></strong>
<em>Current Activity (Apr 18)</em><br>
National Cyber Awareness System<br>
Apple Releases Security Updates for Safari<br>
<br>
Original release date: April 18, 2013<br>
<br>
Apple has released security updates for Safari 6.0.4 WebKit to address<br>
multiple vulnerabilities. These vulnerabilities could allow a remote<br>
attacker to execute arbitrary code or cause a denial-of-service<br>
condition.<br>
<br>
Safari 6.0.4 WebKit updates are available for the following versions:<br>
 * OS X Lion v10.7.5<br>
 * OS X Lion Server v10.7.5...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/cert/2013/60">Alert TA13-107A: Oracle has released multiple updates for Java SE</a></strong>
<em>US-CERT Alerts (Apr 18)</em><br>
National Cyber Awareness System<br>
TA13-107A: Oracle has released multiple updates for Java SE<br>
<br>
Original release date: April 17, 2013<br>
<br>
Systems Affected<br>
<br>
 * JDK and JRE 7 Update 17 and earlier<br>
 * JDK and JRE 6 Update 43 and earlier<br>
 * JDK and JRE 5.0 Update 41 and earlier<br>
 * JavaFX 2.2.7 and earlier<br>
<br>
Overview<br>
<br>
Oracle has released a Critical Patch Update (CPU) for Java SE. Oracle<br>
strongly recommends that customers apply CPU fixes as soon as possible....<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/cert/2013/59">Current Activity - Scams Exploiting Boston Marathon Explosion</a></strong>
<em>Current Activity (Apr 17)</em><br>
National Cyber Awareness System<br>
Scams Exploiting Boston Marathon Explosion<br>
<br>
Original release date: April 17, 2013<br>
<br>
Malicious actors are exploiting the April 15 explosions at the Boston<br>
Marathon in attempts to collect money intended for charities and to<br>
spread malicious code. Fake websites and social networking accounts have<br>
been set up to take advantage of those interested in learning more<br>
details about the explosions or looking to contribute to...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/cert/2013/58">Current Activity - Malicious Actors May Take Advantage of Boston Marathon Explosion</a></strong>
<em>Current Activity (Apr 17)</em><br>
National Cyber Awareness System<br>
Malicious Actors May Take Advantage of Boston Marathon Explosion<br>
<br>
Original release date: April 17, 2013<br>
<br>
Historically, scammers, spammers, and other malicious actors capitalize<br>
on major news events by registering domain names related to the events.<br>
Malicious actors may attempt to exploit the April 15, 2013 explosions at<br>
the Boston Marathon in this way. Some may use fake domains to take<br>
advantage of those interested...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/cert/2013/57">Current Activity - Oracle Releases April 2013 Security Advisory</a></strong>
<em>Current Activity (Apr 17)</em><br>
National Cyber Awareness System<br>
Oracle Releases April 2013 Security Advisory<br>
<br>
Original release date: April 17, 2013<br>
<br>
Oracle has released its Critical Patch Update for April 2013 to address<br>
128 vulnerabilities across multiple products. This update contains the<br>
following security fixes:<br>
 * 4 for Oracle Database Server<br>
 * 29 for Oracle Fusion Middleware<br>
 * 6 for Oracle E-Business Suite<br>
 * 3 for Oracle Supply Chain Products Suite<br>
 * 11 for Oracle...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/cert/2013/56">Current Activity - WordPress Sites Targeted by Mass Brute-force Botnet Attack</a></strong>
<em>Current Activity (Apr 15)</em><br>
National Cyber Awareness System<br>
WordPress Sites Targeted by Mass Brute-force Botnet Attack<br>
<br>
Original release date: April 15, 2013<br>
<br>
US-CERT is aware of an ongoing campaign targeting the content management<br>
software WordPress, a free and open source blogging tool and web<br>
publishing platform based on PHP and MySQL. All hosting providers<br>
offering WordPress for web content management are potentially targets.<br>
Hackers reportedly are utilizing over 90,000...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/cert/2013/55">Current Activity - Microsoft Releases April 2013 Security Bulletin</a></strong>
<em>Current Activity (Apr 09)</em><br>
National Cyber Awareness System<br>
Microsoft Releases April 2013 Security Bulletin<br>
<br>
Original release date: April 04, 2013 | Last revised: April 09, 2013<br>
<br>
Microsoft has released updates to address vulnerabilities in Microsoft<br>
Windows, Office, Internet Explorer, Server Software, and Security<br>
Software as part of the Microsoft Security Bulletin summary for April<br>
2013. These vulnerabilities could allow remote code execution, elevation<br>
of privilege,...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/cert/2013/54">Current Activity - Microsoft Releases Advance Notification for April 2013 Security Bulletin</a></strong>
<em>Current Activity (Apr 04)</em><br>
National Cyber Awareness System<br>
Microsoft Releases Advance Notification for April 2013 Security Bulletin<br>
<br>
Original release date: April 04, 2013<br>
<br>
Microsoft has issued a Security Bulletin Advance Notification indicating<br>
that its April release will contain nine bulletins. These bulletins will<br>
have the severity rating of critical and important and will be for<br>
Microsoft Windows, Office, Internet Explorer, Server Software, and<br>
Security Software. These...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/cert/2013/53">Current Activity - Mozilla Releases Multiple Updates</a></strong>
<em>Current Activity (Apr 03)</em><br>
National Cyber Awareness System<br>
Mozilla Releases Multiple Updates<br>
<br>
Original release date: April 03, 2013<br>
<br>
The Mozilla Foundation has released updates to address multiple<br>
vulnerabilities. These vulnerabilities could allow an attacker to<br>
initiate a cross-site scripting attack or obtain sensitive information,<br>
enable privilege escalation or execute arbitrary code, or cause a<br>
denial-of-service condition.<br>
<br>
Updates to the following products are...<br>
</p>

 

<!-- MHonArc v2.6.16 -->
</blockquote>
</div>
<BR>
<A NAME="oss-sec"></A>
<div style="clear: right">
<A HREF="/oss-sec/"><img src="/images/oss-sec-logo.png" border="0" width="80" align="right" alt="oss-sec logo"></A><B><A HREF="/oss-sec/">Open Source Security</A></B> &mdash; Discussion of security flaws, concepts, and practices in the Open Source community<BR><ul class="inline"><li class="first"><A HREF="/oss-sec/2014/q1/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Current Quarter</A></li>
<li>&nbsp;<A HREF="/oss-sec/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/oss-sec.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://oss-security.openwall.org/wiki/mailing-lists/oss-security"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-oss-sec" href="javascript:show_latest('oss-sec')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-oss-sec" style="display: none" href="javascript:hide_latest('oss-sec')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-oss-sec" style="display: none">
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/oss-sec/2014/q1/31">Bug#732283: CVE Request: Proc::Daemon writes pidfile with mode 666</a></strong>
<em>cve-assign (Jan 07)</em><br>
Use CVE-2013-7135.<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/oss-sec/2014/q1/30">CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference</a></strong>
<em>Guido Berhoerster (Jan 07)</em><br>
Hi,<br>
<br>
an openSUSE user discovered that it is trivial to crash<br>
lightdm-gtk-greeter by entering an empty username due to a NULL<br>
pointer dereference. When a greeter crashes the lightdm daemon<br>
exits.<br>
This constitutes a local denial of service which can be triggered<br>
by any unprivileged attacker requiring the intervention of an<br>
administrator to restart lightdm. It affects all versions of<br>
lightdm-gtk-greeter.<br>
<br>
The initial downstream report is at...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/oss-sec/2014/q1/29">CVE split and a missed file</a></strong>
<em>P J P (Jan 07)</em><br>
    Hello,<br>
<br>
Recently Mitre split up a cve &apos;CVE-2013-6405&apos; into 3 separate CVEs. Each for <br>
subset of files touched by a commit &apos;bceaa90240&apos;.<br>
<br>
  -&gt; <a  rel="nofollow" href="https://git.kernel.org/linus/bceaa90240b6019ed73b49965eac7d167610be69">https://git.kernel.org/linus/bceaa90240b6019ed73b49965eac7d167610be69</a><br>
<br>
But the 3 new CVEs do not seem to cover patch to a file<br>
<br>
   -&gt; net/ieee802154/dgram.c.<br>
<br>
Is that intentional or a miss. (just checking)<br>
<br>
===<br>
Name: CVE-2013-6405<br>
Status: Candidate<br>
URL:...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/oss-sec/2014/q1/28">CVE Request: graphviz: stack-based buffer overflow in yyerror()</a></strong>
<em>Ratul Gupta (Jan 07)</em><br>
Hello,<br>
<br>
Graphviz, a collection of tools for the manipulation and layout of <br>
graphs, was recently reported to be affected by a buffer overflow <br>
vulnerability.<br>
<br>
The vulnerability is caused due to an error within the &quot;yyerror()&quot; <br>
function (lib/cgraph/scan.l) and can be exploited to cause a stack-based <br>
buffer overflow via a specially crafted file.<br>
<br>
Can a CVE please be assigned to this issue?<br>
<br>
References:...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/oss-sec/2014/q1/27">MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)</a></strong>
<em>Solar Designer (Jan 07)</em><br>
Hi,<br>
<br>
While CFPs are not allowed in here, conference proceedings and<br>
e-magazine issue announcements may be if they are relevant to Open<br>
Source security.  Even though Hafez&apos;s posting reads a bit too much like<br>
an ad (yet does not include e.g. a table of contents for the magazine<br>
issue, which could have been helpful), the magazine does have some<br>
relevant content:<br>
<br>
The MongoDB article is based on Mikhail Firstov&apos;s materials first<br>
presented...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/oss-sec/2014/q1/26">[HITB-Announce] HITB Magazine Issue 10 Out Now</a></strong>
<em>Hafez Kamal (Jan 07)</em><br>
Issue #10 is now available!<br>
<br>
Hello readers and welcome to the somewhat overdue Issue 010 of HITB<br>
Magazine. As they say, better late than never!<br>
<br>
Since the last issue, we&apos;ve also changed the HITB Security Conference<br>
Call for Papers submission guidelines to now require speakers to submit<br>
a research &apos;white paper&apos; to accompany their talk. The first round of<br>
papers came to us via #HITB2013KUL in October and thankfully we now have<br>
loads...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/oss-sec/2014/q1/25">[notification] CVE-2013-6888: uscan: remote code execution</a></strong>
<em>Raphael Geissert (Jan 06)</em><br>
Hi,<br>
<br>
Given the recent issues in uscan (part of devscripts) I took a look at<br>
it and found a few other issues.<br>
The bugs fixed by the following commit basically allow remote code<br>
execution when uscan is used to download upstream&apos;s tarball. With and<br>
without repacking (contrary to the commit message).<br>
<br>
<a  rel="nofollow" href="http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git;a=commitdiff;h=02c6850d973e3e1246fde72edab27f03d63acc52">http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git;a=commitdiff;h=02c6850d973e3e1246fde72edab27f03d63acc52</a><br>
<br>
This was assigned...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/oss-sec/2014/q1/24">CVE Request: cross-site scripting vulnerabilities in movable type 6.0.1, 5.2.9, and 5.161</a></strong>
<em>Salvatore Bonaccorso (Jan 06)</em><br>
Hi<br>
<br>
A movable type update to 6.0.1, 5.29 and 5.161 fixes cross-site<br>
scripting attacks, from the announcement:<br>
<br>
 [0]  <a  rel="nofollow" href="http://movabletype.org/news/2013/11/movable_type_601_529_and_5161_released_to_close_security_vul.html">http://movabletype.org/news/2013/11/movable_type_601_529_and_5161_released_to_close_security_vul.html</a><br>
<br>
Looking trough the git repository at [1], there is at least [2] which<br>
seems to indicate the fix for the 5.2.x branch (I cannot say tough if<br>
this the complete one).<br>
<br>
 [1] <a  rel="nofollow" href="https://github.com/movabletype/movabletype">https://github.com/movabletype/movabletype</a><br>
 [2]...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/oss-sec/2014/q1/23">Re: kwallet crypto misuse</a></strong>
<em>gremlin (Jan 04)</em><br>
 &gt;&gt;&gt; UTF-16 encoding combined with Blowfish&apos;s 64 bit block size<br>
 &gt;&gt;&gt; means there are just four password characters per block.<br>
<br>
 &gt;&gt; But this is: any and all passwords, being used for encryption<br>
 &gt;&gt; key generation, must be hashed, then salted, then hashed<br>
 &gt;&gt; again. SHA-256 may be a good choice for generating Blowfish<br>
 &gt;&gt; 256-bit key this way.<br>
<br>
 &gt; what kind of hashing and salting are you talking...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/oss-sec/2014/q1/22">Re: kwallet crypto misuse</a></strong>
<em>cve-assign (Jan 04)</em><br>
The short answer is that CVE-2013-7252 was assigned because of the<br>
sentence &quot;It is quite obvious that this is a programming error&quot; in the<br>
<a  rel="nofollow" href="http://security.stackexchange.com/a/44010/32167">http://security.stackexchange.com/a/44010/32167</a> post. The motivation<br>
for the CVE assignment isn&apos;t that the end result is ECB.<br>
<br>
To try to make this slightly more general, we&apos;ll mention two scenarios<br>
in which a vendor writes some code, and the code has a certain<br>
characteristic for which the...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/oss-sec/2014/q1/21">Re: kwallet crypto misuse</a></strong>
<em>Daniel Kahn Gillmor (Jan 03)</em><br>
yes, agreed.  thanks for proposing some clear terminology for the<br>
conversation :)<br>
<br>
so we have:<br>
<br>
 * master password<br>
 * master key (derived from master password)<br>
 * stored passwords (and other data)<br>
<br>
The dictionary or brute-force attacks you&apos;re talking about are often<br>
used for people attempting to discover the master password from the<br>
master key -- but that&apos;s not the threat we&apos;re talking about here,<br>
because the master key isn&apos;t...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/oss-sec/2014/q1/20">Re: kwallet crypto misuse</a></strong>
<em>Simon McVittie (Jan 03)</em><br>
My understanding was that kwallet is like gnome-keyring or the Firefox<br>
password store: it contains a large number of stored passwords, all<br>
encrypted with a (key derived from a) master password. (Terminology in<br>
this email is borrowed from Firefox, and might not match KWallet.)<br>
It&apos;s important to distinguish between the stored passwords and the<br>
master password.<br>
<br>
Issue 1[1] described in that blog post: the *master* password is<br>
passed through a...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/oss-sec/2014/q1/19">Re: kwallet crypto misuse</a></strong>
<em>Daniel Kahn Gillmor (Jan 03)</em><br>
what kind of hashing and salting are you talking about?  i don&apos;t think<br>
hashing and salting makes sense in the context that you were quoting<br>
above.  Are you aware that kwallet stores a database of passwords that<br>
need to be able to be produced back for the user (or the user&apos;s<br>
applications) in the clear?<br>
<br>
        --dkg<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/oss-sec/2014/q1/18">Re: Neo4J CSRF: Potential CVE candidate</a></strong>
<em>cve-assign (Jan 03)</em><br>
Use CVE-2013-7259 for the CSRF. There is no CVE assignment for the<br>
documented Section 19.15 behavior.<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/oss-sec/2014/q1/17">Re: CVE for freerdp int overflow?</a></strong>
<em>cve-assign (Jan 03)</em><br>
The function in question is in the client code for the Remote Desktop<br>
Protocol Licensing Extension described on the<br>
<a  rel="nofollow" href="http://msdn.microsoft.com/en-us/library/cc241880.aspx">http://msdn.microsoft.com/en-us/library/cc241880.aspx</a> web page. The<br>
code is part of the reading of a Server License Request packet. The<br>
integer overflow affects a malloc argument. After this, the client<br>
would normally make separate malloc calls and write (a potentially<br>
very large amount of) data from the server into that separately...<br>
</p>

 

<!-- MHonArc v2.6.16 -->
</blockquote>
</div>
<BR>
<A NAME="securecoding"></A>
<div style="clear: right">
<A HREF="/securecoding/"><img src="/images/securecoding-logo.png" border="0" width="80" align="right" alt="securecoding logo"></A><B><A HREF="/securecoding/">Secure Coding</A></B> &mdash; The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of <a href="http://www.amazon.com/dp/0596002424?tag=secbks-20">Secure Coding: Principles and Practices</a>.<BR><ul class="inline"><li class="first"><A HREF="/securecoding/2013/q4/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Previous Quarter</A></li>
<li>&nbsp;<A HREF="/securecoding/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/securecoding.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://www.securecoding.org/list/"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-securecoding" href="javascript:show_latest('securecoding')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-securecoding" style="display: none" href="javascript:hide_latest('securecoding')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-securecoding" style="display: none">
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/securecoding/2013/q4/12">Silver Bullet 93: Yoshi Kohno</a></strong>
<em>Gary McGraw (Dec 26)</em><br>
hi sc-l,<br>
<br>
When it rains, it pours.  Just in time for xmas eve, here is Silver Bullet episode 93.   The podcast features a <br>
discussion with Yoshi Kohno (a cigital alum) who is now a computer science professor at University of Washington.<br>
<br>
You&apos;ve probably heard of Yoshi&apos;s car hacking stuff (or maybe even seen it on Nova).  Yoshi has one of the best <br>
vulnerability finding minds in the business....<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/securecoding/2013/q4/11">SearchSecurity: Scaling Architectural Risk Analysis</a></strong>
<em>Gary McGraw (Dec 26)</em><br>
hi sc-l,<br>
<br>
Following on the heels of our SearchSecurity article on Architectural Risk Analysis (probably the most difficult <br>
touchpoint in software security), Jim DelGrosso and I write about  how to scale ARA.<br>
<br>
<a  rel="nofollow" href="http://bit.ly/19Jmk7f">http://bit.ly/19Jmk7f</a>  (or <br>
<a  rel="nofollow" href="http://searchsecurity.techtarget.com/opinion/McGraw-Software-insecurity-and-scaling-architecture-risk-analysis">http://searchsecurity.techtarget.com/opinion/McGraw-Software-insecurity-and-scaling-architecture-risk-analysis</a>)<br>
<br>
Merry new year to you all.   We welcome your feedback.<br>
<br>
gem<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/securecoding/2013/q4/10">Re: BSIMM-V Article in Application Development Times</a></strong>
<em>Sammy Migues (Dec 22)</em><br>
Hi Stephen,<br>
<br>
I agree that would be interesting. While we have data at the firm level for all BSIMM participants, and at the BU level <br>
for many BSIMM participants, we don&apos;t formally capture data on development methodology (as opposed to software security <br>
activities) for each development team (which may number well into the double digits for many BSIMM participants).<br>
<br>
Also, in nearly all cases, it would be very hard to characterize an entire...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/securecoding/2013/q4/9">US DoD RFI on software assurance</a></strong>
<em>Jeremy Epstein (Dec 20)</em><br>
All,<br>
<br>
This may be of interest - an RFI is a way to both provide information and<br>
influence future procurements by pointing out areas that need to be<br>
emphasized.<br>
<br>
<a  rel="nofollow" href="https://www.fbo.gov/index?s=opportunity&amp;mode=form&amp;id=3c867a45671f0cde56fca2bf81bdaf44&amp;tab=documents&amp;tabmode=list">https://www.fbo.gov/index?s=opportunity&amp;mode=form&amp;id=3c867a45671f0cde56fca2bf81bdaf44&amp;tab=documents&amp;tabmode=list</a><br>
<br>
--Jeremy<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/securecoding/2013/q4/8">Re: BSIMM-V Article in Application Development Times</a></strong>
<em>Antti Vähä-Sipilä (Dec 20)</em><br>
One of the reasons not to do this is that publishing data that would be split into too many or too small pools would <br>
potentially allow someone to reverse-engineer the exact results of some of the participating companies. Aggregate data <br>
provides a level of anonymity.<br>
<br>
Moreover, I think this sort of split would be largely arbitrary. Especially for large companies, it&apos;s often not <br>
straightforward to classify them as agile or non-agile. Many...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/securecoding/2013/q4/7">Re: BSIMM-V Article in Application Development Times</a></strong>
<em>Stephen de Vries (Dec 17)</em><br>
Hi Gary,<br>
<br>
In the current BSIMM-V dataset is it possible to narrow the data down to only organisations practising Agile dev?  I <br>
think it would be interesting to see which BSIMM activities are popular with agile houses, and which not.<br>
<br>
Ideally, it would be nice to not only differentiate between Agile and non-agile, but different degrees of agile based <br>
on the length of iterations and/or the frequency of deployments.  E.g. less-agile = 3 month...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/securecoding/2013/q4/6">BSIMM-V Article in Application Development Times</a></strong>
<em>Gary McGraw (Dec 17)</em><br>
hi sc-l,<br>
<br>
Read it and pass it on: <a  rel="nofollow" href="http://adtmag.com/blogs/watersworks/2013/12/bsimm-v-released.aspx">http://adtmag.com/blogs/watersworks/2013/12/bsimm-v-released.aspx</a><br>
<br>
Salubrious solstice!  One week and one day to go.<br>
<br>
gem<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/securecoding/2013/q4/5">CFP: WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR	PAPERS</a></strong>
<em>Larry Koved (Dec 10)</em><br>
WEB 2.0 SECURITY AND PRIVACY 2014 WORKSHOP CALL FOR PAPERS<br>
<br>
IMPORTANT DATES<br>
Paper submission deadline: February 26, 2014 (11:59pm US-PST)<br>
Workshop acceptance notification date: March 29, 2014<br>
Workshop date: Sunday, May 18, 2014<br>
Workshop paper submission web site: <br>
<a  rel="nofollow" href="https://www.easychair.org/conferences/?conf=w2sp2014">https://www.easychair.org/conferences/?conf=w2sp2014</a><br>
<br>
W2SP brings together researchers, practitioners, web programmers, policy <br>
makers, and others interested in the latest understanding...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/securecoding/2013/q4/4">CFP: Mobile Security Technologies (MoST) 2014</a></strong>
<em>Larry Koved (Dec 10)</em><br>
<a  rel="nofollow" href="http://mostconf.org/2014/cfp.html">http://mostconf.org/2014/cfp.html</a> <br>
<br>
Mobile Security Technologies (MoST) 2014<br>
<br>
co-located with <br>
The 34th IEEE Symposium on Security and Privacy (IEEE S&amp;P 2014) <br>
an event of<br>
The IEEE Computer Society&apos;s Security and Privacy Workshops (SPW 2014) <br>
<br>
Mobile Security Technologies (MoST) brings together researchers, <br>
practitioners, policy makers, and hardware and software developers of <br>
mobile systems to explore the latest understanding and...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/securecoding/2013/q4/3">Silver Bullet 92: Jon Callas</a></strong>
<em>Gary McGraw (Nov 27)</em><br>
hi sc-l,<br>
<br>
Just in time for turkey-induced coma listening time, Silver Bullet episode 92 features Jon Callas.  Jon is an old <br>
school geek (on the net since 1979) who has occupied a front row seat during all of the crypto wars.  His company <br>
Silent Circle is actively trying to build a real secure email solution that even the NSA can&apos;t break.  We had a very <br>
interesting chat.  We even talked directly about Snowden.  I hope you like it:...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/securecoding/2013/q4/2">BSIMM-V is alive</a></strong>
<em>Gary McGraw (Oct 30)</em><br>
hi sc-l,<br>
<br>
I am proud to announce that the BSIMM-V document is complete and the website has been entirey revised/updated.  Please <br>
download a copy of BSIMM-V today: <a  rel="nofollow" href="http://bsimm.com">http://bsimm.com</a><br>
<br>
BSIMM-V describes the software security initiatives at sixty-seven firms, including: Adobe, Aetna, Bank of America, <br>
Box, Capital One, Comerica Bank, EMC, Epsilon, F-Secure, Fannie Mae, Fidelity, Goldman Sachs, HSBC, Intel, Intuit, <br>
JPMorgan Chase &amp; Co., Lender...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/securecoding/2013/q4/1">Silver Bullet 91: Caroline Wong</a></strong>
<em>Gary McGraw (Oct 30)</em><br>
hi sc-l,<br>
<br>
Episode 91 of Silver Bullet features a conversation with Cigital&apos;s Caroline Wong.  We talk a lot about BSIMM (behind <br>
the scenes) as part of the BSIMM-V launch.  BSIMM-V will be officially released at 9am EST 10.30.13!<br>
<br>
As an experienced practitioner (Symantec, eBay, Zynga), Caroline brings a management perspective to the BSIMM project, <br>
directly focused on metrics and measurement.  (Nothing like real data.)  We also discuss bug...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/securecoding/2013/q4/0">Silver Bullet 90: Matthew Green</a></strong>
<em>Gary McGraw (Oct 06)</em><br>
hi sc-l,<br>
<br>
On one of the best Silver Bullet security podcasts in many a moon, I interview Matthew Green, research professor at <br>
Johns Hopkins university.  Remember that university professor whose NSA-related posting was given a takedown notice?  <br>
That was Matthew.  Find out what he thought of all that:<br>
<br>
<a  rel="nofollow" href="http://www.cigital.com/silver-bullet/show-090/">http://www.cigital.com/silver-bullet/show-090/</a><br>
<br>
We also discuss, the difference between theoretical crypto and applied crypto, why software...<br>
</p>

 

<!-- MHonArc v2.6.16 -->
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/securecoding/2013/q3/31">Atlanta event OCT 1st</a></strong>
<em>Gary McGraw (Sep 25)</em><br>
hi sc-l,<br>
<br>
As part of gearing up our Atlanta office, Cigital is co-sponsoring an event with TAG (technology association of <br>
georgia) on Tuesday October 1st.  The event will feature a fireside chat with Marcus Ranum and me about software and <br>
software security.  &quot;Why is software still so bad, and what are we doing about it?&quot; is the official abstract.<br>
<br>
The event is open to TAG members and others in the Atlanta area.  If you&apos;re...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/securecoding/2013/q3/30">AppSecUSA November</a></strong>
<em>Tom Brennan - OWASP (Sep 25)</em><br>
November 20th and 21st  many of your SC-L peers will be in attendance of AppSecUSA presented by OWASP Foundation. This <br>
is a time to reconnect face-to-face with your peers from around the world.<br>
<br>
<a  rel="nofollow" href="http://appsecusa.org/2013/speakers/">http://appsecusa.org/2013/speakers/</a><br>
<br>
* Participate in one of the many activities planned including open-mic<br>
<br>
<a  rel="nofollow" href="http://appsecusa.org/2013/activities/">http://appsecusa.org/2013/activities/</a><br>
<br>
* Attend one of the many summit working session on new and existing projects...<br>
</p>

 

<!-- MHonArc v2.6.16 -->
</blockquote>
</div>
<BR>
<A NAME="educause"></A>
<div style="clear: right">
<A HREF="/educause/"><img src="/images/educause-logo.png" border="0" width="80" align="right" alt="educause logo"></A><B><A HREF="/educause/">Educause Security Discussion</A></B> &mdash; Securing networks and computers in an academic environment.<BR><ul class="inline"><li class="first"><A HREF="/educause/2014/q1/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Current Quarter</A></li>
<li>&nbsp;<A HREF="/educause/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/educause.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://www.educause.edu/groups/security"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-educause" href="javascript:show_latest('educause')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-educause" style="display: none" href="javascript:hide_latest('educause')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-educause" style="display: none">
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/educause/2014/q1/0">Establishing Program Committee for Security 2015</a></strong>
<em>Valerie Vogel (Jan 06)</em><br>
We are currently selecting program committee members for the 2015 Security Professionals Conference. If you would like <br>
to be a part of continuing the tradition of the Security Professionals Conference organized by EDUCAUSE, Internet2, and <br>
the REN-ISAC, then I would encourage you to volunteer for the Program Committee.<br>
<br>
Please visit the EDUCAUSE Volunteer Opportunities&lt;<a  rel="nofollow" href="http://www.educause.edu/careers/volunteer-opportunities">http://www.educause.edu/careers/volunteer-opportunities</a>&gt; website and...<br>
</p>

 

<!-- MHonArc v2.6.16 -->
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/educause/2013/q4/261">Re: SANS STH and Canvas</a></strong>
<em>Miguel A. Glez. de la Torre (Dec 20)</em><br>
I would be interested also in hear how other are working on it.<br>
<br>
I found this link, we’re in a mixed 1 and 2, so we need some order J<br>
<br>
<a  rel="nofollow" href="https://www.securingthehuman.org/resources/security-awareness-roadmap/">https://www.securingthehuman.org/resources/security-awareness-roadmap/</a><br>
<br>
Ing. Miguel Angel González de la Torre, MCC<br>
<br>
Director Seguridad de la Información<br>
Dirección de Tecnologías de Información<br>
Firma_Tec<br>
Tel.: 52 (81) 8158 2000, ext. 2936. Fax: 81 81582287<br>
Enlace intercampus: 80-689-2936....<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/educause/2013/q4/260">Re: SANS STH and Canvas</a></strong>
<em>Nick Recchia (Dec 20)</em><br>
Folks,<br>
<br>
I am interested to learn of other schools who have implemented SANS *STH* *with<br>
Canvas LMS.<br>
Feel free to contact me offline.<br>
<br>
Thanks in advance,<br>
-Nick<br>
<br>
*correction: I had originally intended to say *STH *(Securing the Human),<br>
not VLE (virtual learning environment).<br>
<br>
On Fri, Dec 20, 2013 at 8:30 AM<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/educause/2013/q4/259">SANS VLE and Canvas</a></strong>
<em>Nick Recchia (Dec 20)</em><br>
Folks,<br>
<br>
I am interested to learn of other schools who have implemented SANS VLE<br>
with Canvas LMS.<br>
Feel free to contact me offline.<br>
<br>
Thanks in advance,<br>
-Nick<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/educause/2013/q4/258">uptick in http scanning?</a></strong>
<em>Brian Helman (Dec 20)</em><br>
I&apos;ve noticed an uptick in the scanning of our network for http services over the last week.  These scans have been <br>
extremely basic -- sequentially looking for http only.  They are different in that, once they find a web server, they <br>
don&apos;t do anything other than move on to the next IP (unlike the usual php/cgi scans).<br>
<br>
Anyone else noticing similar behavior?  The sheer number of them is making me wonder if there&apos;s a new tool out...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/educause/2013/q4/257">Re: SECURITY Digest - 12 Dec 2013 to 16 Dec 2013 (#2013-219)</a></strong>
<em>Kim Cary (Dec 17)</em><br>
PSoft is web based. HTTPS access is allowed from anywhere.<br>
<br>
Kim<br>
<br>
~=|=~<br>
<br>
Kim Cary<br>
Chief Information Security Officer<br>
Pepperdine University<br>
<br>
Please process all unexpected email requests according to the skills at<br>
phishing.pepperdine.edu - if suspicious, delete; if it seems real or you<br>
can&apos;t decide, contact the purported sender via published phone number, web<br>
or email address.<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/educause/2013/q4/256">PCI-DSS 3.0</a></strong>
<em>Russ Leathe (Dec 17)</em><br>
Has anyone out their become 3.0 compliant?  Would you mind sharing on how you got there?<br>
<br>
Thanks<br>
<br>
Russ<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/educause/2013/q4/255">Re: Remote access to SIS/ERP?</a></strong>
<em>Hanson, Mike (Dec 16)</em><br>
Dave,<br>
<br>
We do allow access to Banner and the reporting component via VPN with dual<br>
factor authentication.<br>
<br>
Mike<br>
<br>
Mike Hanson, CISSP<br>
Network Security Manager<br>
The College of St. Scholastica<br>
Duluth, MN<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/educause/2013/q4/254">Re: Remote access to SIS/ERP?</a></strong>
<em>Miller,James R (Dec 16)</em><br>
Sorry, meant to type VPN. Darn these small keyboards.<br>
<br>
Sent from my iPhone<br>
<br>
We use BPN<br>
<br>
Sent from my iPhone<br>
<br>
We o, through VPN.<br>
<br>
Theresa<br>
<br>
Hi,<br>
<br>
Looking to answer the &quot;well, what do other schools do?&quot; question here...<br>
<br>
Do you allow remote access to Banner (or whatever system you use) for employees working from home, on the road, etc.? <br>
If so, how are you doing it -- VPN, VDI, Citrix or similar, LogMeIn/GoToMyPC, over the open Internet,...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/educause/2013/q4/253">Re: Remote access to SIS/ERP?</a></strong>
<em>Miller,James R (Dec 16)</em><br>
We use BPN<br>
<br>
Sent from my iPhone<br>
<br>
We o, through VPN.<br>
<br>
Theresa<br>
<br>
Hi,<br>
<br>
Looking to answer the &quot;well, what do other schools do?&quot; question here...<br>
<br>
Do you allow remote access to Banner (or whatever system you use) for employees working from home, on the road, etc.? <br>
If so, how are you doing it -- VPN, VDI, Citrix or similar, LogMeIn/GoToMyPC, over the open Internet, etc.? And do you <br>
require any additional authentication (such as two-factor...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/educause/2013/q4/252">Re: Remote access to SIS/ERP?</a></strong>
<em>Theresa Rowe (Dec 16)</em><br>
We o, through VPN.<br>
<br>
Theresa<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/educause/2013/q4/251">Re: Biometric Survey for Higher Education</a></strong>
<em>Valerie Vogel (Dec 16)</em><br>
Please consider completing the biometrics survey below. Kevin needs 40<br>
more responses (90 total). Your input is appreciated and may help us<br>
publish a new ECAR paper for the higher ed infosec community.<br>
Best,<br>
Valerie<br>
<br>
Valerie Vogel Program Manager<br>
<br>
EDUCAUSE<br>
Uncommon Thinking for the Common Good<br>
direct: 202.331.5374 | main: 202.872.4200 | educause.edu<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/educause/2013/q4/250">Sharing a Holiday Security Awareness Video</a></strong>
<em>Havens, Lori (Dec 12)</em><br>
We wanted to share our rendition of a classic holiday jingle - Grandma gets phished by a hacker instead of run over by <br>
a reindeer!   We used this as part of our security awareness campaign to remind others to be careful when clicking <br>
links found within their email.<br>
<br>
The video is on youtube at <a  rel="nofollow" href="https://www.youtube.com/watch?v=vhIQ8yTw6z4">https://www.youtube.com/watch?v=vhIQ8yTw6z4</a><br>
<br>
Please feel free to share with your communities as a fun way to educate on the do&apos;s and don&apos;ts when...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/educause/2013/q4/249">Re: Job Opening - Network Engineer/Computing Security Analyst - Northwestern University in Qatar</a></strong>
<em>John K Lerchey (Dec 12)</em><br>
Hi,<br>
<br>
I would appreciate it if folks interested in the NU-Q position please respond to the sender, and not to the entire <br>
list.  I love that jobs are posted here, but really don&apos;t feel that further discussion is helpful. :)<br>
<br>
Thanks!<br>
<br>
John<br>
<br>
From: The EDUCAUSE Security Constituent Group Listserv [<a  rel="nofollow" href="mailto:SECURITY">mailto:SECURITY</a> () LISTSERV EDUCAUSE EDU] On Behalf Of <br>
Alexander W. Miranda<br>
Sent: Thursday, December 12, 2013 10:37 AM<br>
To: SECURITY () LISTSERV...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/educause/2013/q4/248">Re: Job Opening - Network Engineer/Computing Security Analyst - Northwestern University in Qatar</a></strong>
<em>Alexander W. Miranda (Dec 12)</em><br>
Hi,<br>
I&apos;ve submitted to the job. It seems like a great opportunity.<br>
<br>
R,<br>
Alexander<br>
</p>

 

<!-- MHonArc v2.6.16 -->
</blockquote>
</div>
<BR>
<h2 class="purpleheader">Internet Issues and Infrastructure</h2><A NAME="nanog"></A>
<div style="clear: right">
<A HREF="/nanog/"><img src="/images/nanog-logo.png" border="0" width="80" align="right" alt="nanog logo"></A><B><A HREF="/nanog/">NANOG</A></B> &mdash; The <a href="http://www.nanog.org/">North American Network Operators' Group</a> discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.<BR><ul class="inline"><li class="first"><A HREF="/nanog/2014/Jan/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Current Month</A></li>
<li>&nbsp;<A HREF="/nanog/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/nanog.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://www.nanog.org/mailinglist/"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-nanog" href="javascript:show_latest('nanog')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-nanog" style="display: none" href="javascript:hide_latest('nanog')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-nanog" style="display: none">
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/nanog/2014/Jan/122">Re: 10gbps peering subscriber switch recommendation</a></strong>
<em>Nick Hilliard (Jan 07)</em><br>
it&apos;s the merchant silicon boxes which are driving high density 10g prices<br>
down, but most of these boxes tends to come with small fibs and tiny<br>
buffers which limits their deployment usefulness.  Still, if they work for<br>
your requirements, they are completely awesome.<br>
<br>
Nick<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nanog/2014/Jan/121">Amazon help</a></strong>
<em>Blair Trosper (Jan 07)</em><br>
Can someone from AWS/Amazon netops contact me off-list for help an issue?<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nanog/2014/Jan/120">Re: Open source hardware</a></strong>
<em>TGLASSEY (Jan 07)</em><br>
Arnd - the German Government is most likely a partner meaning <br>
overloading the NSA is pointless if you could.<br>
<br>
Todd<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/nanog/2014/Jan/119">Re: Comcast/Level3 issues</a></strong>
<em>McElearney, Kevin (Jan 06)</em><br>
³Paul²,<br>
<br>
I don¹t read this list often, and rarely have seen a private message<br>
reposted as you did, but at the risk of DFTT, give me some time to think<br>
through a discussion topic for this list which touches on some of these<br>
issues.<br>
<br>
        - Kevin<br>
<br>
DISCLOSURE: On DSLR, I am ccneteng when I visit there.<br>
<a  rel="nofollow" href="http://www.dslreports.com/profile?find=ccneteng">http://www.dslreports.com/profile?find=ccneteng</a><br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nanog/2014/Jan/118">Re: 10gbps peering subscriber switch recommendation</a></strong>
<em>Randy Bush (Jan 06)</em><br>
the nice thing about buying bgp devices that can not hold a full table<br>
is that you can expense them in the year of purchase as opposed to<br>
amortizing them over 5 years or so.<br>
<br>
randy<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nanog/2014/Jan/117">Re: turning on comcast v6</a></strong>
<em>Owen DeLong (Jan 06)</em><br>
Huh???<br>
<br>
I don&apos;t think I said anything even remotely like that.<br>
<br>
Owen<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nanog/2014/Jan/116">Re: Comcast/Level3 issues</a></strong>
<em>Paul WALL (Jan 06)</em><br>
Kevin,<br>
<br>
Thank you for the info.  Can you say how many quarters or years until<br>
Comcast is resolved?<br>
<br>
I&apos;ve seen references to that obscure whitepaper (co-authored,<br>
ironically, by Patrick Gilmore) before on the broadbandreports forums,<br>
by someone with a lot of knowledge on Comcast&apos;s network and internal<br>
politics/peering discussions.  Do you know who the poster is?...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nanog/2014/Jan/115">Re: turning on comcast v6</a></strong>
<em>Paul Ferguson (Jan 06)</em><br>
Some people do not want switches making IP address assignments. That&apos;s<br>
all. :-)<br>
<br>
- ferg<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nanog/2014/Jan/114">Re: turning on comcast v6</a></strong>
<em>Owen DeLong (Jan 06)</em><br>
The obvious solution to that is to install real IPv6 routers.<br>
<br>
The port isn&apos;t particularly trusted, but it is allowed to send RAs which are forwarded to the network by default.<br>
Obviously a sane switch would allow this configuration to be changed. We&apos;re not talking about the security model for a <br>
network, we&apos;re talking about the default behavior of a switch.<br>
<br>
Defaults are, inherently guesses to some extent. Nonetheless, a switch...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nanog/2014/Jan/113">Re: turning on comcast v6</a></strong>
<em>Ricky Beam (Jan 06)</em><br>
Like every win7 and win8 machine on the planet?  (IPv6 is installed and  <br>
enabled by default. Few places have IPv6 enabled on their LAN, so a single  <br>
RA would, indeed, 0wn3z those machines instantly.)<br>
<br>
One cannot **GUESS** the security for a network. You must either *know* or  <br>
*not know* what&apos;s on a port.  What makes a port &quot;uplink&quot; (read:  <br>
&quot;trusted&quot;)? The only way to know for sure, without creating surprises or...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nanog/2014/Jan/112">Re: 10gbps peering subscriber switch recommendation</a></strong>
<em>Nitzan Tzelniker (Jan 06)</em><br>
A little bit overkill in term of number of ports but you can consider the<br>
new Trident 2 switches Juniper EX-5100, Cisco Nexus 3100 .....<br>
They have unified TCAM that can store 128K v4 routes<br>
<br>
Nitzan<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nanog/2014/Jan/111">Re: NANOG Digest, Vol 72, Issue 17</a></strong>
<em>Ralph Droms (rdroms) (Jan 06)</em><br>
Well, not exactly.  The authors of RFC 3315, smarting (if I recall correctly) from the local options debacle in DHCPv4, <br>
didn&apos;t set aside any experimental option codes for DHCPv6.  Oops and mea culpa.<br>
<br>
Having said that, I suppose I can&apos;t formally recommend that an implementor use an option code somewhere near the top of <br>
the range and implement a quick extension to a client and server for the default router option, which would result in...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nanog/2014/Jan/110">Re: IXP + government transparency report</a></strong>
<em>Martin Hannigan (Jan 06)</em><br>
Bill,<br>
<br>
 OIX certified organizations must provide an accurate and monthly report on<br>
Government Information Requests and actions taken related to the requests.<br>
You can see an example here <a  rel="nofollow" href="http://xmission.com/transparency">http://xmission.com/transparency</a><br>
<br>
With regards to Patriot 215 and FISA 701, there are recommendations for<br>
warrant canaries. Obviously, much trickier.<br>
<br>
I think the point is about leadership and taking small, but giant, steps. I<br>
hope that everyone in the...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nanog/2014/Jan/109">Re: IXP + government transparency report</a></strong>
<em>Bill Woodcock (Jan 06)</em><br>
…and is this function being conducted completely without dependencies inside the U.S.?<br>
<br>
                                -Bill<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nanog/2014/Jan/108">IXP + government transparency report</a></strong>
<em>Martin Hannigan (Jan 06)</em><br>
As well as being first to be open-ix certified, I think LINX hit a second<br>
first that is as interesting;<br>
<br>
<a  rel="nofollow" href="https://www.linx.net/service/publicpeering/novafiles/nova-usgov-reports.html">https://www.linx.net/service/publicpeering/novafiles/nova-usgov-reports.html</a><br>
<br>
Applause +LINX<br>
<br>
Best,<br>
<br>
-M&lt;<br>
</p>

 

<!-- MHonArc v2.6.16 -->
</blockquote>
</div>
<BR>
<A NAME="interesting-people"></A>
<div style="clear: right">
<A HREF="/interesting-people/"><img src="/images/interesting-people-logo.png" border="0" width="80" align="right" alt="interesting-people logo"></A><B><A HREF="/interesting-people/">Interesting People</A></B> &mdash; David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating<BR><ul class="inline"><li class="first"><A HREF="/interesting-people/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/interesting-people.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://www.listbox.com/subscribe/?list_id=247"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
</ul>
</div>
<BR>
<A NAME="risks"></A>
<div style="clear: right">
<A HREF="/risks/"><img src="/images/risks-logo.png" border="0" width="80" align="right" alt="risks logo"></A><B><A HREF="/risks/">The RISKS Forum</A></B> &mdash; Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems.  Security risks are often discussed.<BR><ul class="inline"><li class="first"><A HREF="/risks/2014/q1/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Current Quarter</A></li>
<li>&nbsp;<A HREF="/risks/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/risks.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://catless.ncl.ac.uk/Risks"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-risks" href="javascript:show_latest('risks')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-risks" style="display: none" href="javascript:hide_latest('risks')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-risks" style="display: none">
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/risks/2014/q1/2">Risks Digest 27.69</a></strong>
<em>RISKS List Owner (Jan 07)</em><br>
RISKS-LIST: Risks-Forum Digest  Monday 6 January 2014  Volume 27 : Issue 69<br>
<br>
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)<br>
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy<br>
<br>
***** See last item for further information, disclaimers, caveats, etc. *****<br>
This issue is archived at &lt;<a  rel="nofollow" href="http://www.risks.org">http://www.risks.org</a>&gt; as<br>
  &lt;<a  rel="nofollow" href="http://catless.ncl.ac.uk/Risks/27.69.html">http://catless.ncl.ac.uk/Risks/27.69.html</a>&gt;<br>
The current issue can be...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/risks/2014/q1/1">Risks Digest 27.68</a></strong>
<em>RISKS List Owner (Jan 03)</em><br>
RISKS-LIST: Risks-Forum Digest  Friday 3 January 2014  Volume 27 : Issue 68<br>
<br>
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)<br>
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy<br>
<br>
***** See last item for further information, disclaimers, caveats, etc. *****<br>
This issue is archived at &lt;<a  rel="nofollow" href="http://www.risks.org">http://www.risks.org</a>&gt; as<br>
  &lt;<a  rel="nofollow" href="http://catless.ncl.ac.uk/Risks/27.68.html">http://catless.ncl.ac.uk/Risks/27.68.html</a>&gt;<br>
The current issue can be...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/risks/2014/q1/0">Risks Digest 27.67</a></strong>
<em>RISKS List Owner (Jan 01)</em><br>
RISKS-LIST: Risks-Forum Digest  Wednesday 1 January 2014  Volume 27 : Issue 67<br>
<br>
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)<br>
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy<br>
<br>
***** See last item for further information, disclaimers, caveats, etc. *****<br>
This issue is archived at &lt;<a  rel="nofollow" href="http://www.risks.org">http://www.risks.org</a>&gt; as<br>
  &lt;<a  rel="nofollow" href="http://catless.ncl.ac.uk/Risks/27.67.html">http://catless.ncl.ac.uk/Risks/27.67.html</a>&gt;<br>
The current issue can...<br>
</p>

 

<!-- MHonArc v2.6.16 -->
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/risks/2013/q4/16">Risks Digest 27.66</a></strong>
<em>RISKS List Owner (Dec 26)</em><br>
RISKS-LIST: Risks-Forum Digest  Thursday 26 December 2013  Volume 27 : Issue 66<br>
<br>
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)<br>
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy<br>
<br>
***** See last item for further information, disclaimers, caveats, etc. *****<br>
This issue is archived at &lt;<a  rel="nofollow" href="http://www.risks.org">http://www.risks.org</a>&gt; as<br>
  &lt;<a  rel="nofollow" href="http://catless.ncl.ac.uk/Risks/27.66.html">http://catless.ncl.ac.uk/Risks/27.66.html</a>&gt;<br>
The current issue can...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/risks/2013/q4/15">Risks Digest 27.65</a></strong>
<em>RISKS List Owner (Dec 20)</em><br>
RISKS-LIST: Risks-Forum Digest  Thursday 19 December 2013  Volume 27 : Issue 65<br>
<br>
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)<br>
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy<br>
<br>
***** See last item for further information, disclaimers, caveats, etc. *****<br>
This issue is archived at &lt;<a  rel="nofollow" href="http://www.risks.org">http://www.risks.org</a>&gt; as<br>
  &lt;<a  rel="nofollow" href="http://catless.ncl.ac.uk/Risks/27.65.html">http://catless.ncl.ac.uk/Risks/27.65.html</a>&gt;<br>
The current issue can...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/risks/2013/q4/14">Risks Digest 27.64</a></strong>
<em>RISKS List Owner (Dec 19)</em><br>
RISKS-LIST: Risks-Forum Digest Wednesday 18 December 2013  Volume 27 : Issue 64<br>
<br>
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)<br>
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy<br>
<br>
***** See last item for further information, disclaimers, caveats, etc. *****<br>
This issue is archived at &lt;<a  rel="nofollow" href="http://www.risks.org">http://www.risks.org</a>&gt; as<br>
  &lt;<a  rel="nofollow" href="http://catless.ncl.ac.uk/Risks/27.64.html">http://catless.ncl.ac.uk/Risks/27.64.html</a>&gt;<br>
The current issue can...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/risks/2013/q4/13">Risks Digest 27.63</a></strong>
<em>RISKS List Owner (Dec 05)</em><br>
RISKS-LIST: Risks-Forum Digest  Wednesday 4 November 2013  Volume 27 : Issue 63<br>
<br>
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)<br>
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy<br>
<br>
***** See last item for further information, disclaimers, caveats, etc. *****<br>
This issue is archived at &lt;<a  rel="nofollow" href="http://www.risks.org">http://www.risks.org</a>&gt; as<br>
  &lt;<a  rel="nofollow" href="http://catless.ncl.ac.uk/Risks/27.63.html">http://catless.ncl.ac.uk/Risks/27.63.html</a>&gt;<br>
The current issue can...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/risks/2013/q4/12">Risks Digest 27.62</a></strong>
<em>RISKS List Owner (Nov 26)</em><br>
RISKS-LIST: Risks-Forum Digest  Monday 25 November 2013  Volume 27 : Issue 62<br>
<br>
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)<br>
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy<br>
<br>
***** See last item for further information, disclaimers, caveats, etc. *****<br>
This issue is archived at &lt;<a  rel="nofollow" href="http://www.risks.org">http://www.risks.org</a>&gt; as<br>
  &lt;<a  rel="nofollow" href="http://catless.ncl.ac.uk/Risks/27.62.html">http://catless.ncl.ac.uk/Risks/27.62.html</a>&gt;<br>
The current issue can be...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/risks/2013/q4/11">Risks Digest 27.61</a></strong>
<em>RISKS List Owner (Nov 19)</em><br>
RISKS-LIST: Risks-Forum Digest  Tuesday 19 November 2013  Volume 27 : Issue 61<br>
<br>
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)<br>
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy<br>
<br>
***** See last item for further information, disclaimers, caveats, etc. *****<br>
This issue is archived at &lt;<a  rel="nofollow" href="http://www.risks.org">http://www.risks.org</a>&gt; as<br>
  &lt;<a  rel="nofollow" href="http://catless.ncl.ac.uk/Risks/27.61.html">http://catless.ncl.ac.uk/Risks/27.61.html</a>&gt;<br>
The current issue can...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/risks/2013/q4/10">Risks Digest 27.60</a></strong>
<em>RISKS List Owner (Nov 18)</em><br>
RISKS-LIST: Risks-Forum Digest  Monday 18 November 2013  Volume 27 : Issue 60<br>
<br>
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)<br>
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy<br>
<br>
***** See last item for further information, disclaimers, caveats, etc. *****<br>
This issue is archived at &lt;<a  rel="nofollow" href="http://www.risks.org">http://www.risks.org</a>&gt; as<br>
  &lt;<a  rel="nofollow" href="http://catless.ncl.ac.uk/Risks/27.60.html">http://catless.ncl.ac.uk/Risks/27.60.html</a>&gt;<br>
The current issue can be...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/risks/2013/q4/9">Risks Digest 27.59</a></strong>
<em>RISKS List Owner (Nov 05)</em><br>
RISKS-LIST: Risks-Forum Digest  Tuesday 5 November 2013  Volume 27 : Issue 59<br>
<br>
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)<br>
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy<br>
<br>
***** See last item for further information, disclaimers, caveats, etc. *****<br>
This issue is archived at &lt;<a  rel="nofollow" href="http://www.risks.org">http://www.risks.org</a>&gt; as<br>
  &lt;<a  rel="nofollow" href="http://catless.ncl.ac.uk/Risks/27.59.html">http://catless.ncl.ac.uk/Risks/27.59.html</a>&gt;<br>
The current issue can be...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/risks/2013/q4/8">Risks Digest 27.58</a></strong>
<em>RISKS List Owner (Nov 01)</em><br>
RISKS-LIST: Risks-Forum Digest  Friday 1 November 2013  Volume 27 : Issue 58<br>
<br>
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)<br>
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy<br>
<br>
***** See last item for further information, disclaimers, caveats, etc. *****<br>
This issue is archived at &lt;<a  rel="nofollow" href="http://www.risks.org">http://www.risks.org</a>&gt; as<br>
  &lt;<a  rel="nofollow" href="http://catless.ncl.ac.uk/Risks/27.58.html">http://catless.ncl.ac.uk/Risks/27.58.html</a>&gt;<br>
The current issue can be...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/risks/2013/q4/7">Risks Digest 27.57</a></strong>
<em>RISKS List Owner (Oct 24)</em><br>
RISKS-LIST: Risks-Forum Digest  Wednesday 23 October 2013  Volume 27 : Issue 57<br>
<br>
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)<br>
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy<br>
<br>
***** See last item for further information, disclaimers, caveats, etc. *****<br>
This issue is archived at &lt;<a  rel="nofollow" href="http://www.risks.org">http://www.risks.org</a>&gt; as<br>
  &lt;<a  rel="nofollow" href="http://catless.ncl.ac.uk/Risks/27.57.html">http://catless.ncl.ac.uk/Risks/27.57.html</a>&gt;<br>
The current issue can...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/risks/2013/q4/6">Risks Digest 27.56</a></strong>
<em>RISKS List Owner (Oct 21)</em><br>
RISKS-LIST: Risks-Forum Digest  Monday 21 October 2013  Volume 27 : Issue 56<br>
<br>
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)<br>
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy<br>
<br>
***** See last item for further information, disclaimers, caveats, etc. *****<br>
This issue is archived at &lt;<a  rel="nofollow" href="http://www.risks.org">http://www.risks.org</a>&gt; as<br>
  &lt;<a  rel="nofollow" href="http://catless.ncl.ac.uk/Risks/27.56.html">http://catless.ncl.ac.uk/Risks/27.56.html</a>&gt;<br>
The current issue can be...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/risks/2013/q4/5">Risks Digest 27.55</a></strong>
<em>RISKS List Owner (Oct 17)</em><br>
RISKS-LIST: Risks-Forum Digest  Thursday 17 October 2013  Volume 27 : Issue 55<br>
<br>
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)<br>
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy<br>
<br>
***** See last item for further information, disclaimers, caveats, etc. *****<br>
This issue is archived at &lt;<a  rel="nofollow" href="http://www.risks.org">http://www.risks.org</a>&gt; as<br>
  &lt;<a  rel="nofollow" href="http://catless.ncl.ac.uk/Risks/27.55.html">http://catless.ncl.ac.uk/Risks/27.55.html</a>&gt;<br>
The current issue can...<br>
</p>

 

<!-- MHonArc v2.6.16 -->
</blockquote>
</div>
<BR>
<A NAME="dataloss"></A>
<div style="clear: right">
<A HREF="/dataloss/"><img src="/images/dataloss-logo.png" border="0" width="80" align="right" alt="dataloss logo"></A><B><A HREF="/dataloss/">Data Loss</A></B> &mdash; Data Loss covers large-scale personal data loss and theft incidents. This archive combines the main list (news releases) and the discussion list.<BR><ul class="inline"><li class="first"><A HREF="/dataloss/2014/q1/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Current Quarter</A></li>
<li>&nbsp;<A HREF="/dataloss/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/dataloss.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://datalossdb.org/mailing_list"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-dataloss" href="javascript:show_latest('dataloss')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-dataloss" style="display: none" href="javascript:hide_latest('dataloss')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-dataloss" style="display: none">
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/dataloss/2014/q1/19">String of Data Breaches Show Holiday Season Vulnerability</a></strong>
<em>Audrey McNeil (Jan 06)</em><br>
<a  rel="nofollow" href="http://www.moneynews.com/Personal-Finance/Data-Breach-Holiday-Vulnerability/2014/01/02/id/544933">http://www.moneynews.com/Personal-Finance/Data-Breach-Holiday-Vulnerability/2014/01/02/id/544933</a><br>
<br>
A string of cyber attacks over the holidays — involving Snapchat Inc.,<br>
Microsoft Corp.’s Skype and Target Corp. — underscore how companies tend to<br>
be more vulnerable to hacking during the end-of-year season.<br>
<br>
Snapchat saw data for 4.6 million of its users exposed on the Internet on<br>
Dec. 31, just weeks after a Target breach revealed 40 million...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dataloss/2014/q1/18">Algorithms are changing the face of situational	awareness and online security</a></strong>
<em>Audrey McNeil (Jan 06)</em><br>
<a  rel="nofollow" href="http://www.securityinfowatch.com/article/11288329/where-human-technical-tasks-may-need-several-minutes-to-be-performed-an-algorithm-may-only-need-a-few-seconds">http://www.securityinfowatch.com/article/11288329/where-human-technical-tasks-may-need-several-minutes-to-be-performed-an-algorithm-may-only-need-a-few-seconds</a><br>
<br>
There&apos;s no doubt that the age of online information has created new<br>
national security threats, which have made it a priority for enterprise and<br>
governments to ensure the security of their network and IT infrastructure.<br>
The use of anthropological techniques presents an alternative...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dataloss/2014/q1/17">5 Monitoring Initiatives For 2014</a></strong>
<em>Audrey McNeil (Jan 06)</em><br>
<a  rel="nofollow" href="http://www.darkreading.com/monitoring/5-monitoring-initiatives-for-2014/240165105">http://www.darkreading.com/monitoring/5-monitoring-initiatives-for-2014/240165105</a><br>
<br>
Security information and event management systems (SIEMs) became much more<br>
common in 2013, while more companies talked about using massive data sets<br>
to fuel better visibility into the potential threats inside their networks.<br>
<br>
Yet effective security monitoring has a long way to go. To better secure<br>
their networks and improve visibility into the threats on their...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dataloss/2014/q1/16">The ‘Uncertainty Index’</a></strong>
<em>Audrey McNeil (Jan 06)</em><br>
<a  rel="nofollow" href="http://www.cnmeonline.com/blog/the-uncertainty-index/">http://www.cnmeonline.com/blog/the-uncertainty-index/</a><br>
<br>
The potential business impact of cyber attacks and data loss, along with<br>
high-profile data breaches experienced by organisations like LexisNexis<br>
andEvernote, seems to have done little to convince small and mid-size<br>
businesses that they should be making cyber security a priority.<br>
<br>
 Recently, the Ponemon Instituteand Sophos released a study: Risk of an<br>
Uncertain Security Strategy, which reveals...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dataloss/2014/q1/15">If you think just because you use different passwords for different services you&apos;re safe, think again</a></strong>
<em>Audrey McNeil (Jan 06)</em><br>
<a  rel="nofollow" href="http://www.zdnet.com/if-you-think-just-because-you-use-different-passwords-for-different-services-youre-safe-think-again-7000024435/">http://www.zdnet.com/if-you-think-just-because-you-use-different-passwords-for-different-services-youre-safe-think-again-7000024435/</a><br>
<br>
According to the common wisdom on passwords, you should pick different<br>
passwords for different accounts. But<br>
if your way of remembering your passwords is to make them slight variations<br>
of one another, you could be making hackers&apos; lives easier than you might<br>
think.<br>
<br>
Most people know it&apos;s bad practice to...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/dataloss/2014/q1/14">Is rapid detection the new prevention?</a></strong>
<em>Audrey McNeil (Jan 03)</em><br>
<a  rel="nofollow" href="http://www.networkworld.com/news/2014/010214-outlook-security-277111.html?hpg1=bn">http://www.networkworld.com/news/2014/010214-outlook-security-277111.html?hpg1=bn</a><br>
<br>
There&apos;s a trend underway in the information security field to shift from a<br>
prevention mentality — in which organizations try to make the perimeter<br>
impenetrable and avoid breaches — to a focus on rapid detection, where they<br>
can quickly identify and mitigate threats.<br>
<br>
Some vendors are already addressing this<br>
shift,&lt;...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dataloss/2014/q1/13">Cyber Terrorism</a></strong>
<em>Audrey McNeil (Jan 03)</em><br>
<a  rel="nofollow" href="http://www.lloyds.com/news-and-insight/news-and-features/market-news/industry-news-2013/cyber-terrorism">http://www.lloyds.com/news-and-insight/news-and-features/market-news/industry-news-2013/cyber-terrorism</a><br>
<br>
Industrial facilities from nuclear plants to dams are increasingly coming<br>
under attack from cyber terrorists bent on causing physical damage and<br>
disruption from behind their computer terminals. But with the insurance<br>
market yet to plug the gap between cyber and physical terrorism risk, the<br>
Lloyd’s market has a key role to play in finding the...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dataloss/2014/q1/12">Snapchat hack should be wake-up call</a></strong>
<em>Audrey McNeil (Jan 03)</em><br>
<a  rel="nofollow" href="http://www.usatoday.com/story/tech/columnist/2014/01/02/snapchat-breach-new-tech-economy-john-shinal-usa-today/4250487/">http://www.usatoday.com/story/tech/columnist/2014/01/02/snapchat-breach-new-tech-economy-john-shinal-usa-today/4250487/</a><br>
<br>
This new year of 2014 may very well be the one in which the ability (or<br>
failure) of social networks to protect their users&apos; data becomes a<br>
competitive advantage (or disadvantage).<br>
<br>
If so, Snapchat has started the year off in a bad way, by having its<br>
servers hacked and the user names and mobile numbers of 4.8 million...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dataloss/2014/q1/11">The True Cost of Cyberattacks on Companies</a></strong>
<em>Audrey McNeil (Jan 03)</em><br>
<a  rel="nofollow" href="http://www.theepochtimes.com/n3/427830-the-true-cost-of-cyberattacks-on-companies/">http://www.theepochtimes.com/n3/427830-the-true-cost-of-cyberattacks-on-companies/</a><br>
<br>
Target Corporation is just learning the true cost of its data breach, which<br>
exposed 40 million credit card customers.<br>
<br>
Consequences of the breach include three class action lawsuits, a<br>
regulatory probe, loss of consumer confidence, and a 3 percent drop in<br>
sales compared to the same time last year. Perhaps the biggest one is yet<br>
to come: a blow to its reputation....<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dataloss/2014/q1/10">The Target Data Breach Lawsuits: Why Every Company	Should Care</a></strong>
<em>Audrey McNeil (Jan 03)</em><br>
<a  rel="nofollow" href="http://www.datasecuritylawjournal.com/2013/12/30/the-target-data-breach-lawsuits-why-every-company-should-care/">http://www.datasecuritylawjournal.com/2013/12/30/the-target-data-breach-lawsuits-why-every-company-should-care/</a><br>
<br>
Plaintiffs’ lawyers were falling over themselves last week in a race to the<br>
courthouse to sue Target as a result of its recent data breach.  By at<br>
least one report, over 40 lawsuits have already been filed against Target,<br>
the first of which was filed the day after the breach became public.  This<br>
post will provide an overview of the...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/dataloss/2014/q1/9">How to Improve HIPAA Training</a></strong>
<em>Audrey McNeil (Jan 02)</em><br>
<a  rel="nofollow" href="http://www.databreachtoday.com/blogs/how-to-improve-hipaa-training-p-1595">http://www.databreachtoday.com/blogs/how-to-improve-hipaa-training-p-1595</a><br>
<br>
It&apos;s important to pay more attention to HIPAA training. A huge portion of<br>
health data breaches occur because staff members lack knowledge, make<br>
mistakes or act out of malicious intent. Organizations can effectively<br>
mitigate the first two factors, and impact the third, with effective<br>
training and ongoing awareness.<br>
<br>
Many executives express the flawed opinion that...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dataloss/2014/q1/8">Security Strategy Lacking in Midsize Businesses</a></strong>
<em>Audrey McNeil (Jan 02)</em><br>
<a  rel="nofollow" href="http://midsizeinsider.com/en-us/article/security-strategy-lacking-in-midsize-bus">http://midsizeinsider.com/en-us/article/security-strategy-lacking-in-midsize-bus</a><br>
<br>
According to a new study, most small to medium-size businesses (SMBs) do<br>
not have a viable security strategy in place. As Dan Kusnetzky reported in<br>
an article on ZDNet, security does not appear to be a priority for SMBs.<br>
<br>
Responsibility Left to Unprepared IT Staff<br>
<br>
The study, conducted by Sophos and the Ponemon Institute, surveyed 2,000<br>
people responsible for their...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dataloss/2014/q1/7">Federal departments consider banning USB keys in wake of dozens of security breaches</a></strong>
<em>Audrey McNeil (Jan 02)</em><br>
<a  rel="nofollow" href="http://news.nationalpost.com/2014/01/01/federal-departments-consider-banning-usb-devices/">http://news.nationalpost.com/2014/01/01/federal-departments-consider-banning-usb-devices/</a><br>
<br>
A USB key handed out to an employee in the federal department that helps<br>
Canadian companies compete for domestic and foreign security contracts<br>
vanished early in 2013.<br>
<br>
A week-long trail of emails, phone calls led security officials to conclude<br>
it was “impossible to assess [the] compromise” related to the loss of the<br>
device. Nor was it clear who was...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dataloss/2014/q1/6">Number of lost NHS patient records on increase</a></strong>
<em>Audrey McNeil (Jan 02)</em><br>
<a  rel="nofollow" href="http://www.scotsman.com/news/health/number-of-lost-nhs-patient-records-on-increase-1-3253057">http://www.scotsman.com/news/health/number-of-lost-nhs-patient-records-on-increase-1-3253057</a><br>
<br>
MINISTERS are facing calls to tighten up patient privacy rules after<br>
hundreds of incidents of confidential medical data being lost were reported<br>
across Scotland’s health boards.<br>
<br>
Patient notes were found in public places within NHS buildings, with<br>
private documents also left in car parks and on public transport, the<br>
catalogue of more than 700 cases...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dataloss/2014/q1/5">Correction: Data Breach: The Downside of Data Loss for	SMBs</a></strong>
<em>Audrey McNeil (Jan 02)</em><br>
(Due to a pasting error, this article was previously sent out with the<br>
wrong URL. The correct one is:<br>
<a  rel="nofollow" href="http://midsizeinsider.com/en-us/article/data-breach-the-downside-of-data-loss-f">http://midsizeinsider.com/en-us/article/data-breach-the-downside-of-data-loss-f</a><br>
Please accept our apologies.)<br>
<br>
Preferred business practices dictate cybersecurity, but data protection<br>
methodologies are a requirement for endpoint devices that contain customer<br>
data to protect against the possibility of a data breach. Customer data is<br>
among the most...<br>
</p>

 

<!-- MHonArc v2.6.16 -->
</blockquote>
</div>
<BR>
<h2 class="purpleheader"><A NAME="oss"></A>Open Source Tool Development</h2><A NAME="metasploit"></A>
<div style="clear: right">
<A HREF="/metasploit/"><img src="/images/metasploit-logo.png" border="0" width="80" align="right" alt="metasploit logo"></A><B><A HREF="/metasploit/">Metasploit</A></B> &mdash; Development discussion for <a href="http://metasploit.com/">Metasploit</a>, the premier open source remote exploitation tool<BR><ul class="inline"><li class="first"><A HREF="/metasploit/2013/q4/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Previous Quarter</A></li>
<li>&nbsp;<A HREF="/metasploit/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/metasploit.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://spool.metasploit.com/mailman/listinfo/framework"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-metasploit" href="javascript:show_latest('metasploit')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-metasploit" style="display: none" href="javascript:hide_latest('metasploit')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-metasploit" style="display: none">
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/metasploit/2013/q4/5">Linux Meterpreter vs Linux Metsvc?</a></strong>
<em>6d5c0b19 (Nov 21)</em><br>
Hullo,<br>
<br>
Quick question:  What&apos;s the difference<br>
between linux/x86/meterpreter/bind_tcp  and linux/x86/metsvc_bind_tcp?<br>
<br>
Thanks!<br>
<br>
John<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/metasploit/2013/q4/4">Re: unsubscribe</a></strong>
<em>Tod Beardsley (Nov 13)</em><br>
Unsubscribe info is here:<br>
<br>
<a  rel="nofollow" href="https://mail.metasploit.com/mailman/listinfo/framework">https://mail.metasploit.com/mailman/listinfo/framework</a><br>
<br>
or in the mail headers of this message.<br>
<br>
Sorry to see you go! Can I offer you $10 off your Framework mailing list<br>
subscription? :)<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/metasploit/2013/q4/3">unsubscribe</a></strong>
<em>Bugtrace (Nov 13)</em><br>
tks<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/metasploit/2013/q4/2">msfconsole - banner information problem</a></strong>
<em>Memorysticka (Nov 02)</em><br>
Hello,<br>
I have problem with Metasploit in Kali.<br>
<br>
1. I installed Kali.<br>
2. Update and upgrade.<br>
3. Before run Metasploit, I start postgresql and metasploit service like <br>
in <a  rel="nofollow" href="http://docs.kali.org/general-use/sta...mework-in-kali">http://docs.kali.org/general-use/sta...mework-in-kali</a> <br>
&lt;<a  rel="nofollow" href="http://docs.kali.org/general-use/starting-metasploit-framework-in-kali">http://docs.kali.org/general-use/starting-metasploit-framework-in-kali</a>&gt;<br>
4. ...and I have new version MSF.<br>
<br>
But...<br>
My problem is when I start msfconsole - on banner once I have <br>
information about:<br>
1196 exp, 681 aux, 187...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/metasploit/2013/q4/1">Re: Help with java/meterpreter/war_bind_http payload handler</a></strong>
<em>Michael Schierl (Nov 01)</em><br>
Hello Josh,<br>
<br>
Am 09.09.2013 17:50, schrieb Joshua Smith:<br>
<br>
since apparently that week still is not over despite already having 53<br>
days (and you seem to have disappeared from IRC, too?) - could anyone<br>
else please have a look?<br>
<br>
Fullquote retained since it has been quite a while ago:<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/metasploit/2013/q4/0">Fwd: [metasploit-framework] Add module for OSVDB 93696	(#2444)</a></strong>
<em>Tod Beardsley (Oct 01)</em><br>
Best exploit pull request ever. Description of, pointer to, and help<br>
offered with, vulnerable software installation, verification steps, and<br>
screens of alternative exploit scenarios in action.<br>
<br>
Thanks Juan! I&apos;ll want to work this into the documentation on &quot;How to PR<br>
against Metasploit&quot; some day soon.<br>
<br>
---------- Forwarded message ----------<br>
From: Juan Vazquez &lt;notifications () github com&gt;<br>
Date: Tue, Oct 1, 2013 at 11:52 AM...<br>
</p>

 

<!-- MHonArc v2.6.16 -->
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/metasploit/2013/q3/29">Re: Help with java/meterpreter/war_bind_http payload	handler</a></strong>
<em>Joshua Smith (Sep 09)</em><br>
I would like to help on the Ruby side, if I&apos;m able.  My java sucks.  But, I won&apos;t have spare cycles for about a week.  <br>
I have to finish a side job I&apos;ve been slow on.<br>
<br>
-Josh<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/metasploit/2013/q3/28">Help with java/meterpreter/war_bind_http payload handler</a></strong>
<em>Michael Schierl (Sep 09)</em><br>
Hello all,<br>
<br>
For some time (first commit was Mar 29, 2012) I&apos;ve been trying to build<br>
a payload handler that works both with custom generated war files with<br>
multi/handler, and with exploits that put war files to a publicly<br>
available webserver (like the tomcat and jboss ones) and that tunnels<br>
the payload communication (Java Meterpreter) over that http(s)<br>
connection - which is especially useful if egress ports are filtered<br>
from the network where...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/metasploit/2013/q3/27">Call for Paper/Event - nullcon Goa 2014</a></strong>
<em>nullcon (Sep 07)</em><br>
Hello All,<br>
<br>
V are V<br>
<br>
On our fifth Anniversary we are super excited to officially open the<br>
CFP (Call for PARTYcipation!). Yes, this is going to be the biggest<br>
nullcon till now with lot of sub-events, CTFs, villages, workshops,<br>
talks, parties.<br>
<br>
Time to tickle your gray cells and submit your research.<br>
<br>
Date:<br>
Training 12-13th Feb 2014<br>
Conference: 14-15th Feb 2014<br>
<br>
CFP V<br>
<br>
----------<br>
<br>
Submit under any of the below V options<br>
<br>
Papers (45 mins - 1 hr)...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/metasploit/2013/q3/26">Re: module for exploitation CVE 2013 - 4124</a></strong>
<em>Tod Beardsley (Aug 27)</em><br>
Hi Ruyk - Best way is to just jump in with a pull request to our Github<br>
repo. See <a  rel="nofollow" href="http://r-7.co/MSF-DEV">http://r-7.co/MSF-DEV</a> for a HOWTO and you&apos;ll get all the<br>
criticism you can stand. :)<br>
<br>
sure that my code is clear enough for pushing it into github repo. Can<br>
anyone criticize it (Im new metasploit user, maybe I miss something<br>
important)?<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/metasploit/2013/q3/25">module for exploitation CVE 2013 - 4124</a></strong>
<em>Ruyk (Aug 27)</em><br>
Hello!<br>
<br>
I wrote metasploit module for exploitation CVE 2013-4124, but I&apos;m not <br>
sure that my code is clear enough for pushing it into github repo. Can <br>
anyone criticize it (Im new metasploit user, maybe I miss something <br>
important)?<br>
<br>
I tested exploit under Debian 6.0 x86 with 3.5.21 samba version.<br>
<br>
Thx.<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/metasploit/2013/q3/24">Re: no response for my pull requests</a></strong>
<em>Tod Beardsley (Aug 13)</em><br>
Hi Anwar! We&apos;re currently treading lightly on the Meterpreter code base --<br>
even the Java stuff. Sorry for the holdup on your pull requests, we&apos;re<br>
moving forward on that front as best we can, but changes that involve a<br>
bunch of lines in a bunch of files will tend to take longer if only because<br>
we need to budget time on them and pull together sufficient testing<br>
resources to ensure regression-free changes.<br>
<br>
You might want to get a hold of...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/metasploit/2013/q3/23">no response for my pull requests</a></strong>
<em>Anwar Mohamed (Aug 13)</em><br>
Hello,<br>
I have requested to pull new changes for android meterpreter in both<br>
jav-payload repo and metasploit-framework repo and both got no revision or<br>
reply<br>
<br>
is this normal or just I am too enthusiastic for my requests to be merged !?<br>
<br>
they are at<br>
<a  rel="nofollow" href="https://github.com/rapid7/metasploit-javapayload/pull/3">https://github.com/rapid7/metasploit-javapayload/pull/3</a><br>
<br>
<a  rel="nofollow" href="https://github.com/rapid7/metasploit-framework/pull/2174">https://github.com/rapid7/metasploit-framework/pull/2174</a><br>
<br>
thank you<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/metasploit/2013/q3/22">Metasploit, TOR and paylods</a></strong>
<em>Vojtěch Polášek (Aug 03)</em><br>
Hi,<br>
I am doing some security tests and I tried to exploit a remoote machine<br>
over internet using apache_chunked.<br>
I wanted to try it through TOR proxy, so I set up<br>
set Proxies socks4 127.0.0.1:9050<br>
I used windows/meterpreter/bind_tcp, because reverse is nonsense with proxy.<br>
I didn&apos;t get any shell and I took a bit longer, because of that proxy.<br>
But when I tried the same machine and same payload without proxy, I got:<br>
exploid failed disconnected,...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/metasploit/2013/q3/21">Re: Wait notification state in meterpreter session</a></strong>
<em>Matt Weeks (Jul 31)</em><br>
Alternatively, you could open a TCP connection and just use existing port<br>
forwarding features. Probably easier but more of a hack.<br>
</p>

 

<!-- MHonArc v2.6.16 -->
</blockquote>
</div>
<BR>
<A NAME="wireshark"></A>
<div style="clear: right">
<A HREF="/wireshark/"><img src="/images/wireshark-logo.png" border="0" width="80" align="right" alt="wireshark logo"></A><B><A HREF="/wireshark/">Wireshark</A></B> &mdash; Discussion of the free and open source <a href="http://www.wireshark.org/">Wireshark</a> network sniffer.  No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.<BR><ul class="inline"><li class="first"><A HREF="/wireshark/2014/Jan/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Current Month</A></li>
<li>&nbsp;<A HREF="/wireshark/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/wireshark.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://www.wireshark.org/lists/"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-wireshark" href="javascript:show_latest('wireshark')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-wireshark" style="display: none" href="javascript:hide_latest('wireshark')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-wireshark" style="display: none">
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/wireshark/2014/Jan/44">[HITB-Announce] HITB Magazine Issue 10 Out Now</a></strong>
<em>Hafez Kamal (Jan 07)</em><br>
Issue #10 is now available!<br>
<br>
Hello readers and welcome to the somewhat overdue Issue 010 of HITB<br>
Magazine. As they say, better late than never!<br>
<br>
Since the last issue, we&apos;ve also changed the HITB Security Conference<br>
Call for Papers submission guidelines to now require speakers to submit<br>
a research &apos;white paper&apos; to accompany their talk. The first round of<br>
papers came to us via #HITB2013KUL in October and thankfully we now have<br>
loads...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/wireshark/2014/Jan/43">Re: Git + Gerrit: next steps</a></strong>
<em>Gerald Combs (Jan 06)</em><br>
I&apos;ve been trying to come up with a response that&apos;s less awful than &quot;find<br>
an OpenID provider you trust or set up your own&quot; but so far I&apos;ve been<br>
unsuccessful.<br>
<br>
Gerrit supports several authentication methods (OpenID, LDAP, and HTTP)<br>
but each one seems to assume that you have an existing account<br>
somewhere. I.e. if we switch to LDAP or HTTP authentication the account<br>
will have to be created and managed elsewhere.<br>
<br>
The wiki and...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/wireshark/2014/Jan/42">Re: tshark: Difference between -R and -Y</a></strong>
<em>Evan Huus (Jan 06)</em><br>
Live capture with two-pass dissection is effectively undefined<br>
behaviour at this point (I&apos;m surprised you&apos;re seeing any packets at<br>
all to be honest).<br>
<br>
Everything should work as expected when reading from a capture file.<br>
<br>
Evan<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/wireshark/2014/Jan/41">tshark: Difference between -R and -Y</a></strong>
<em>Joerg Mayer (Jan 05)</em><br>
Hello,<br>
<br>
I just found out that I don&apos;t understand what -R does.<br>
<br>
If I run<br>
tshark -2 -R &quot;udp.port==53&quot; -i wlan0<br>
then it seems that I see all packets (arp, dns, lldp, ...)<br>
if I instead run<br>
tshark -2 -Y &quot;udp.port==53&quot; -i wlan0<br>
I only see dns.<br>
The manpage is not helpful either to explain what I am seeing<br>
(snv HEAD / r54612)<br>
<br>
Can someone please explain what is going on here?<br>
<br>
Thanks<br>
    Jörg<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/wireshark/2014/Jan/40">Re: cmake giving options the compiler does not	understand</a></strong>
<em>Guy Harris (Jan 05)</em><br>
So is the issue that the tests have the ordinal number of the flag, rather than the name of the flag, in the name of <br>
the test, with that name being used when caching results, so that the cache is bogus if you&apos;ve reordered the flags <br>
since the cached results are generated?<br>
<br>
(Presumably this also caused some flag that *does* work *not* to be added, as the results of the test of <br>
-Wshorten-64-to-32 were used on that flag.)<br>
<br>
Apparently GNU GCC...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/wireshark/2014/Jan/39">Re: cmake giving options the compiler does not	understand</a></strong>
<em>Jeff Morriss (Jan 05)</em><br>
Yep:<br>
<br>
-- Checking for flag: -Wshorten-64-to-32<br>
-- Performing Test WS_C_FLAG_VALID39<br>
-- Performing Test WS_C_FLAG_VALID39 - Failed<br>
<br>
Well it doesn&apos;t do the full check on this (cached) pass, it just says:<br>
<br>
-- Checking for flag: -Wjump-misses-init<br>
-- Checking for flag: -Wshorten-64-to-32<br>
-- C-Flags:  -Wall -W -Wextra -Wendif-labels [...]<br>
<br>
I first hit the problem on Fedora 18 (I&apos;d have to check on the compiler <br>
version but it was gcc).  The...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/wireshark/2014/Jan/38">https://ask.wireshark.org seems having problem</a></strong>
<em>Edmond Cukalla (Jan 05)</em><br>
ask.wireshark.org seems having problem:<br>
500 Server Error<br>
sorry, system error<br>
system error log is recorded, error will be fixed as soon as possible<br>
please report the error to the site administrators if you wish<br>
Any update will be appreciated.<br>
<br>
Thanks,<br>
Edmond.<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/wireshark/2014/Jan/37">Remove update.c (and nio-ie5.[ch])</a></strong>
<em>Alexis La Goutte (Jan 05)</em><br>
Hi,<br>
<br>
i found by hazard this file : nio-ie5.c and check the source, the file is<br>
used by update.c.<br>
Check the svn log and update.c has never (really) used... may be remove<br>
this files ?<br>
<br>
(The check update use Spkarle in Windows and Mac OS X).<br>
<br>
Regards,<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/wireshark/2014/Jan/36">Re: [Wireshark-commits] rev 54557: /trunk/ /trunk/image/: about.qrc /trunk/ui/qt/: CMakeLists.txt Makefile.am Makefile.common QtShark.pro about_dialog.cpp about_dialog.h about_dialog.ui main_window.h main_window_slots.cpp ...</a></strong>
<em>Alexis La Goutte (Jan 05)</em><br>
Hi,<br>
<br>
It is possible to indicate the path of Global Plugin for GTK and Qt ? (in<br>
Folders Tab)<br>
<br>
Regards,<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/wireshark/2014/Jan/35">how to read the wireshark src code</a></strong>
<em>?????????? (Jan 05)</em><br>
fellows:        can you tell me how to read the wireshark src code and the access <br>
point?(????????????????????wireshark????????????????<br>
<br>
????___________________________________________________________________________<br>
Sent via:    Wireshark-dev mailing list &lt;wireshark-dev () wireshark org&gt;<br>
Archives:    <a  rel="nofollow" href="http://www.wireshark.org/lists/wireshark-dev">http://www.wireshark.org/lists/wireshark-dev</a><br>
Unsubscribe: <a  rel="nofollow" href="https://wireshark.org/mailman/options/wireshark-dev">https://wireshark.org/mailman/options/wireshark-dev</a>...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/wireshark/2014/Jan/34">Re: cmake giving options the compiler does not	understand</a></strong>
<em>Guy Harris (Jan 05)</em><br>
Presumably CMake then reports something such as<br>
<br>
        -- Checking for flag: -Wshorten-64-to-32<br>
        -- Performing Test WS_C_FLAG_VALID44<br>
        -- Performing Test WS_C_FLAG_VALID44 - Failed<br>
<br>
in that case, meaning it thinks -Wshorten-64-to-32 isn&apos;t supported by the C compiler?<br>
<br>
Presumably CMake then reports something such as<br>
<br>
        -- Checking for flag: -Wshorten-64-to-32<br>
        -- Performing Test WS_C_FLAG_VALID44<br>
        --...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/wireshark/2014/Jan/33">Re: cmake giving options the compiler does not	understand</a></strong>
<em>Jeff Morriss (Jan 05)</em><br>
Just looking for a way to reproduce the problem.  The idea it was <br>
caching the &quot;wrong&quot; thing popped into my head.<br>
<br>
I think it explains well why I hit it and why Alexis said he <br>
occasionally hits it: when we hit it it&apos;s probably because someone <br>
reordered the flags.<br>
<br>
Could the variable to store the names simply include the compiler <br>
option?  It doesn&apos;t appear that the code relies on them being numbered <br>
1,2,3,4...  Well, that...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/wireshark/2014/Jan/32">Re: [Wireshark-commits] rev 54557: /trunk/ /trunk/image/: about.qrc /trunk/ui/qt/: CMakeLists.txt Makefile.am Makefile.common QtShark.pro about_dialog.cpp about_dialog.h about_dialog.ui main_window.h main_window_slots.cpp ...</a></strong>
<em>Joerg Mayer (Jan 04)</em><br>
OK, while the plugin list is emptry I do see unistim in<br>
[Edit] -&gt; [Preferences] -&gt; [Protocols] -&gt; [UNISTIM]<br>
So I guess the plugins get loaded and just not displayed in the<br>
about dialog.<br>
<br>
Ciao<br>
   Jörg<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/wireshark/2014/Jan/31">Re: cmake giving options the compiler does not understand</a></strong>
<em>Joerg Mayer (Jan 04)</em><br>
OK, I still tend to regard this as a caching problem. It also looks like<br>
an unusual use case what you are doing. What prompted you to do that?<br>
<br>
Ciao<br>
      Jörg<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/wireshark/2014/Jan/30">Re: cmake giving options the compiler does not	understand</a></strong>
<em>Jeff Morriss (Jan 04)</em><br>
Ah, OK, I found a way to reproduce it (in current SVN):<br>
<br>
1) rm -rf _cmake_build<br>
2) mkdir _cmake_build &amp;&amp; cd _cmake_build<br>
3) vi ../CMakeLists.txt<br>
4) Move the &quot;-Wshorten-64-to-32&quot; flag from where it is in the file to <br>
just after &quot;-Wshadow&quot;<br>
5) cmake ..<br>
6) make # just to show that it works (I stopped the build after a few C <br>
files were compiled)<br>
7) vi ../CMakeLists.txt<br>
8) Put &quot;-Wshorten-64-to-32&quot; back where it...<br>
</p>

 

<!-- MHonArc v2.6.16 -->
</blockquote>
</div>
<BR>
<A NAME="snort"></A>
<div style="clear: right">
<A HREF="/snort/"><img src="/images/snort-logo.png" border="0" width="80" align="right" alt="snort logo"></A><B><A HREF="/snort/">Snort</A></B> &mdash; Everyone's favorite open source IDS, <a href="http://www.snort.org/">Snort</a>. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.<BR><ul class="inline"><li class="first"><A HREF="/snort/2014/q1/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Current Quarter</A></li>
<li>&nbsp;<A HREF="/snort/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/snort.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://www.snort.org/community/mailing-lists"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-snort" href="javascript:show_latest('snort')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-snort" style="display: none" href="javascript:hide_latest('snort')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-snort" style="display: none">
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/snort/2014/q1/32">Re: FATAL ERROR: /etc/snort/rules/file-office.rules(32) Undefined variable in the string: $EXTERNAL_NET.</a></strong>
<em>Jason Buker (Jan 07)</em><br>
Yeah, somehow I messed up my snort.conf.  I fixed the last FATAL but now I<br>
have another one:<br>
<br>
1/7/14 1:23:18.305 PM snort[98762]: FATAL ERROR: /etc/snort/snort.conf(44)<br>
Unknown rule type: 5250.<br>
<br>
Your help is appreciated!<br>
<br>
-Jason<br>
<br>
------------------------------------------------------------------------------<br>
Rapidly troubleshoot problems before they affect your business. Most IT <br>
organizations don&apos;t have a clear picture of how application...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/snort/2014/q1/31">Re: FATAL ERROR: /etc/snort/rules/file-office.rules(32) Undefined variable in the string: $EXTERNAL_NET.</a></strong>
<em>Jason Buker (Jan 07)</em><br>
Your right somehow I dorked up the config file.<br>
<br>
This is what I have now but now I¹m getting a message about stream5<br>
needing enabled.. <br>
<br>
1/7/14 1:03:32.537 PM snort[98265]: FATAL ERROR:<br>
/etc/snort/rules/file-office.rules(32): Stream5 must be enabled to use the<br>
&apos;to_client&apos; option.<br>
<br>
My snort.conf:<br>
var HOME_NET any<br>
<br>
var EXTERNAL_NET any<br>
<br>
var HTTP_PORTS 80<br>
<br>
var FILE_DATA_PORTS [$HTTP_PORTS,110,143]<br>
<br>
var RULE_PATH rules<br>
<br>
var...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/snort/2014/q1/30">Re: FATAL ERROR: /etc/snort/rules/file-office.rules(32) Undefined variable in the string: $EXTERNAL_NET.</a></strong>
<em>Jeremy Hoel (Jan 07)</em><br>
Looking at the message it looks like you have an error in your<br>
snort.conf; with the variable $EXTERNAL_NET.<br>
<br>
Post it to the list any maybe one of us can help you.<br>
<br>
------------------------------------------------------------------------------<br>
Rapidly troubleshoot problems before they affect your business. Most IT <br>
organizations don&apos;t have a clear picture of how application performance <br>
affects their revenue. With AppDynamics, you get 100%...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/snort/2014/q1/29">FATAL ERROR: /etc/snort/rules/file-office.rules(32) Undefined variable in the string: $EXTERNAL_NET.</a></strong>
<em>Jason Buker (Jan 07)</em><br>
Finally managed to get snort installed on OSX (Maverick)..<br>
<br>
However, the messages are showing up in the messages:<br>
1/7/14 8:55:28.042 AM snort[84645]:<br>
+++++++++++++++++++++++++++++++++++++++++++++++++++<br>
1/7/14 8:55:28.042 AM snort[84645]: Initializing rule chains...<br>
1/7/14 8:55:28.043 AM snort[84645]: FATAL ERROR:<br>
/etc/snort/rules/file-office.rules(32) Undefined variable in the string:<br>
$EXTERNAL_NET.<br>
1/7/14 8:55:28.044 AM com.apple.launchd[1]:...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/snort/2014/q1/28">[HITB-Announce] HITB Magazine Issue 10 Out Now</a></strong>
<em>Hafez Kamal (Jan 07)</em><br>
Issue #10 is now available!<br>
<br>
Hello readers and welcome to the somewhat overdue Issue 010 of HITB<br>
Magazine. As they say, better late than never!<br>
<br>
Since the last issue, we&apos;ve also changed the HITB Security Conference<br>
Call for Papers submission guidelines to now require speakers to submit<br>
a research &apos;white paper&apos; to accompany their talk. The first round of<br>
papers came to us via #HITB2013KUL in October and thankfully we now have<br>
loads...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/snort/2014/q1/27">Not receiving packets</a></strong>
<em>Wayne Andersen (Jan 07)</em><br>
I have a new install of snort, I have compiled daq and snort from sources.<br>
<br>
I just used the default configure directives and received no errors.<br>
<br>
When I run snort everything checks out and operates perfectly except <br>
that it is not reading any packets from any of my interfaces, eth0 or eth1.<br>
<br>
-T reports everything good.<br>
<br>
I can capture packets using tcpdump no problem,<br>
and in fact I can capture from either interface to a file and then run <br>
snort...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/snort/2014/q1/26">Re: OPENFPC Proxy merge</a></strong>
<em>Kevin Ross (Jan 06)</em><br>
Oh just for some clarity in case someone is looking at this to fix their<br>
instance; the .so only was a typo on my part when copying the file missing<br>
the .0 off the end. So basically the .2 stuff is what it is now but both<br>
libwsutil and libwiretap is looking for .so.0 so doing a find for the file<br>
and then copying it into the filename it is looking for fixed it for me.<br>
Obviously when wireshark was updated which provides these for mergecap it...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/snort/2014/q1/25">Re: OPENFPC Proxy merge</a></strong>
<em>Kevin Ross (Jan 06)</em><br>
Yipeee I got it working (at least on one local collector but I imagine I<br>
will get it working on my other one and the web interface will work). I got<br>
the following 2 errors (the second came up after I fixed the first)<br>
<br>
Merge command is &quot;/usr/bin/mergecap -w /tmp/1389009687-2.pcap<br>
/tmp/mN8Mph4zQ0/1389009687-2.pcap-1389009508.pcap&quot;<br>
/usr/bin/mergecap: error while loading shared libraries: libwiretap.so.0:<br>
cannot open shared object file: No...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/snort/2014/q1/24">Re: Time out never expires - A 403 error occurred, please wait for the 15 minute timeout</a></strong>
<em>Joel Esler (jesler) (Jan 06)</em><br>
What is your Snort.org account name?<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/snort/2014/q1/23">Re: Time out never expires - A 403 error occurred, please wait for the 15 minute timeout</a></strong>
<em>waldo kitty (Jan 05)</em><br>
1. are you using the same oinkcode on more than one system that is updating?<br>
2. have you verified that your oinkcode is correct in the places you have it <br>
entered?<br>
3. what happens if you try to download the rules from the web site manually with <br>
your browser using the same account/oinkcode?<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/snort/2014/q1/22">Time out never expires - A 403 error occurred, please wait for the 15 minute timeout</a></strong>
<em>ResQue (Jan 05)</em><br>
The 403 wait 15min time out error never seems to expire, i waited for at <br>
lest 8+ hours this time but i am still getting the same error message <br>
when i run pulledpork, could someone please confirm that my pulledpork <br>
config is correct.<br>
<br>
I attached the config files as well as the full output from <br>
pulledpork.pl -vv<br>
<br>
ResQue<br>
C:\Program Files\ConEmu&gt;perl c:\Snort\pulledpork-0.7.0\pulledpork.pl -c c:\Snort\pulledpork-0.7.0\etc\pulledpork.conf <br>
-Tvv...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/snort/2014/q1/21">Is it possible to compile Barnyard2 with MinGW/MSYS</a></strong>
<em>ResQue (Jan 05)</em><br>
Is it possible to compile Barnyard2 with MinGW/MSYS?<br>
Or is there something in the code that is dependent on POSIX related <br>
calls or functions, i would rather not use cygwin unless i have to.<br>
<br>
I just tried to run autogen.sh, and this is the output i got, it seems <br>
to be partially working until it gets to autom4te, i could really do <br>
with some advice from someone more experienced.<br>
<br>
./autogen.sh<br>
Found libtoolize<br>
autoreconf: Entering directory...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/snort/2014/q1/20">Is it possible to compile Barnyard2 with MinGW/MSYS</a></strong>
<em>ResQue (Jan 05)</em><br>
Is it possible to compile Barnyard2 with MinGW/MSYS?<br>
Or is there something in the code that is dependent on POSIX related <br>
calls or functions, i would rather not use cygwin unless i have to.<br>
<br>
I just tried to run autogen.sh, and this is the output i got, it seems <br>
to be partily working untill it gets to autom4te, i could really do with <br>
some advice from someone more experienced.<br>
<br>
./autogen.sh<br>
Found libtoolize<br>
autoreconf: Entering directory...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/snort/2014/q1/19">Re: Snort is not able to forward report to Base.</a></strong>
<em>Doug Burks (Jan 04)</em><br>
Hi Stephen,<br>
<br>
Have you considered Security Onion?  You can be up and running in about 15<br>
minutes:<br>
<a  rel="nofollow" href="http://www.securityonion.net">http://www.securityonion.net</a><br>
------------------------------------------------------------------------------<br>
Rapidly troubleshoot problems before they affect your business. Most IT <br>
organizations don&apos;t have a clear picture of how application performance <br>
affects their revenue. With AppDynamics, you get 100% visibility into your <br>
Java,.NET, &amp;...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/snort/2014/q1/18">Re: How to configure Snort to run with pf_ring</a></strong>
<em>Doug Burks (Jan 04)</em><br>
Hi Sua,<br>
<br>
PF_RING is a Linux kernel module and therefore doesn&apos;t run on Windows.<br>
<br>
If you&apos;d like to try Snort with PF_RING on Linux, you can download<br>
Security Onion and be up and running in about 15 minutes:<br>
<a  rel="nofollow" href="http://www.securityonion.net">http://www.securityonion.net</a><br>
</p>

 

<!-- MHonArc v2.6.16 -->
</blockquote>
</div>
<BR>
<h2 class="purpleheader">More Lists</h2>We also maintain archives for these lists (some are currently inactive):<table border=1 cellpadding=5 cellspacing=0><tr><td><a href="/politech/">Declan McCullagh's Politech</a></td><td><a href="/tcpdump/">TCPDump/LibPCAP Dev</a></td><td><a href="/incidents/">Security Incidents</a></td></tr><tr><td><a href="/vuln-dev/">Vulnerability Development</a></td><td><a href="/vulnwatch/">Vulnerability Watch</a></td><td></td></tr></table><br>

<h2 class="purpleheader">Related Resources</h2>

Read some old-school private security digests such as Zardoz at <A HREF="http://securitydigest.org">SecurityDigest.Org</A><BR>

<P>We're always looking for great network security related lists to archive.  To suggest one, <a href="mailto:fyodor@insecure.org">mail Fyodor</a>.
<BR><BR>

</TD></TR>
</TABLE>
</TD></TR>
<TR><TD></TD><TD ALIGN="center">
<FONT COLOR="#FFFFFF">
[ <A HREF="http://nmap.org"><FONT COLOR="#FFFFFF">Nmap</FONT></A> |
  <A HREF="http://sectools.org"><FONT COLOR="#FFFFFF">Sec Tools</FONT></A> |
  <A HREF="http://seclists.org/"><FONT COLOR="#FFFFFF">Mailing Lists</FONT></A> |
  <A HREF="http://insecure.org/"><FONT COLOR="#FFFFFF">Site News</FONT></A> |
  <A HREF="http://insecure.org/fyodor/"><FONT COLOR="#FFFFFF">About/Contact</FONT></A> |
  <A HREF="http://insecure.org/advertising.html"><FONT COLOR="#FFFFFF">Advertising</FONT></A> |
  <A HREF="http://insecure.org/privacy.html"><FONT COLOR="#FFFFFF">Privacy</FONT></A> ]<BR>
</FONT>

<!-- SiteSearch Google -->
<gcse:searchbox-only></gcse:searchbox-only>
<!-- End SiteSearch Google -->

<!-- Bottom Banner -->
<script type="text/javascript"><!--
google_ad_client = "pub-0078565546631069";
/* PageBottom728x90 */
google_ad_slot = "2743510915";
google_ad_width = 728;
google_ad_height = 90;
//-->
</script>
<script type="text/javascript"><!--
if (document.location.protocol != "https:") {
document.write("<script type='text/javascript' src='http://pagead2.googlesyndication.com/pagead/show_ads.js'><\/script>");
}
//-->
</script>
<!-- End Bottom Banner -->

</TD></TR>
</TABLE>
</BODY>
</HTML>

