OK
http://seclists.org/
Colombia
Country
AS13489
Network
August 01, 2020, 08:50 AM UTC
Date & Time
Websites
Websites
Web Connectivity Test
Runtime: 4.8s

On August 01, 2020, 08:50 AM UTC, http://seclists.org/ was accessible when tested on AS13489 in Colombia.

Failures

HTTP Experiment
null
DNS Experiment
null
Control
null

DNS Queries

Resolver:
190.240.112.173
Query:
IN A seclists.org
Engine:
system
Name
Class
TTL
Type
DATA
@
IN
CNAME
seclists.org
@
IN
A
45.33.49.119

TCP Connections

Connection to 45.33.49.119:80 succeeded.

HTTP Requests

URL
GET https://seclists.org/
Response Headers
Content-Length:
216094
Accept-Ranges:
bytes
Server:
Apache/2.4.6 (CentOS)
Last-Modified:
Sat, 01 Aug 2020 08:45:02 GMT
ETag:
"34c1e-5abccebdb1fc3"
Date:
Sat, 01 Aug 2020 08:50:57 GMT
Content-Type:
text/html; charset=UTF-8
Response Body
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>

<TITLE>SecLists.Org Security Mailing List Archive</TITLE>
<META name="description" content="Security mailing list archive for the Nmap lists, Bugtraq, Full Disclosure, Security Basics, Pen-test, and dozens more. Search capabilities and RSS feeds with smart excerpts are available">
<META name="keywords" content="Security,Mailing Lists,nmap-dev,nmap-hackers,Bugtraq,Full Disclosure,Security Basics,Penetration Testing,Info Security News,Firewall Wizards,IDS Focus,Web App Security,Daily Dave,Honepots,MS Sec Notification,Funsec,CERT Advisories,Open Source Security,NANOG,Interesting People,RISKS,Metasploit,Wireshark,Snort">
<META http-equiv="Content-Type" content="text/html; charset=utf-8">

<script type="text/javascript">
<!--
function show_latest(name) {
	document.getElementById("show-" + name).style.display = "none";
	document.getElementById("hide-" + name).style.display = "inline";
	document.getElementById("latest-" + name).style.display = "block";
}
function hide_latest(name) {
	document.getElementById("show-" + name).style.display = "inline";
	document.getElementById("hide-" + name).style.display = "none";
	document.getElementById("latest-" + name).style.display = "none";
}
// Make the "Show latest posts" button visible if there's JavaScript.
document.write('<style type="text/css">\n\
.showbutton { display: inline !important };\n\
<\/style>');
-->
</script>
<link REL="SHORTCUT ICON" HREF="/shared/images/tiny-eyeicon.png" TYPE="image/png">
<META NAME="ROBOTS" CONTENT="NOARCHIVE">
<meta name="theme-color" content="#2A0D45">
<link rel="stylesheet" href="/shared/css/insecdb.css" type="text/css">
<!--Google Analytics Code-->
<script type="text/javascript">
  (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
  (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
  m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
  })(window,document,'script','//www.google-analytics.com/analytics.js','ga');

  ga('create', 'UA-11009417-1', 'auto');
  ga('send', 'pageview');

</script>
<!--END Google Analytics Code-->

<!--Google Custom Site Search boilerplate Javascript-->
<script type="text/javascript">
  (function() {
    var cx = 'partner-pub-0078565546631069:bx60rb-fytx';
    var gcse = document.createElement('script'); gcse.type = 'text/javascript'; gcse.async = true;
    gcse.src = (document.location.protocol == 'https:' ? 'https:' : 'http:') +
        '//www.google.com/cse/cse.js?cx=' + cx;
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(gcse, s);
  })();
</script>
<!--End Google Custom Site Search boilerplate Javascript-->

</HEAD>
<BODY BGCOLOR="#2A0D45" TEXT="#000000">

<TABLE CELLPADDING="0" WIDTH="100%" CELLSPACING="0">
<TR><TD ALIGN="left"><A HREF="/"><IMG BORDER=0 ALT="Home page logo"
SRC="/images/sitelogo.png" HEIGHT=90 WIDTH=168></A></TD>
<TD VALIGN="bottom" ALIGN="right">
  <!-- Begin TopBanner Code -->
  <script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
<!-- TopBanner728x90 -->
<ins class="adsbygoogle"
     style="display:inline-block;width:728px;height:90px"
     data-ad-client="ca-pub-0078565546631069"
     data-ad-slot="4776164010"></ins>
<script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script>
<!-- AdSpeed.com Serving Code 7.9.6 for [Zone] TopBanner [Any Dimension] -->
<!-- <script type="text/javascript" src="//g.adspeed.net/ad.php?do=js&amp;zid=14678&amp;wd=-1&amp;ht=-1&amp;target=_blank"></script> -->
<!-- AdSpeed.com End -->
<!-- End Banner Code -->

</TD></TR></TABLE>
<TABLE WIDTH="100%" CELLPADDING="0" CELLSPACING="0"><TR>
<TD ALIGN="left" WIDTH="130" VALIGN="top" class="sidebar">

<!-- SECWIKI PORTAL INSERT -->

<ul>
<li><a href="https://nmap.org/">Nmap Security Scanner</a>
<ul>
<li><a href="https://nmap.org/">Intro</a></li>
<li><a href="https://nmap.org/book/man.html">Ref Guide</a></li>
<li><a href="https://nmap.org/book/install.html">Install Guide</a></li>
<li><a href="https://nmap.org/download.html">Download</a></li>
<li><a href="https://nmap.org/changelog.html">Changelog</a></li>
<li><a href="https://nmap.org/book/">Book</a></li>
<li><a href="https://nmap.org/docs.html">Docs</a></li>
</ul>
<li><a href="https://seclists.org/">Security Lists</a>
<ul>
<li><a href="https://seclists.org/nmap-announce/">Nmap Announce</a></li>
<li><a href="https://seclists.org/nmap-dev/">Nmap Dev</a></li>
<li><a href="https://seclists.org/bugtraq/">Bugtraq</a></li>
<li><a href="https://seclists.org/fulldisclosure/">Full Disclosure</a></li>
<li><a href="https://seclists.org/pen-test/">Pen Test</a></li>
<li><a href="https://seclists.org/basics/">Basics</a></li>
<li><a href="https://seclists.org/">More</a></li>
</ul>
<li><a href="https://sectools.org">Security Tools</a>
<ul>
<li><a href="https://sectools.org/tag/pass-audit/">Password audit</a></li>
<li><a href="https://sectools.org/tag/sniffers/">Sniffers</a></li>
<li><a href="https://sectools.org/tag/vuln-scanners/">Vuln scanners</a></li>
<li><a href="https://sectools.org/tag/web-scanners/">Web scanners</a></li>
<li><a href="https://sectools.org/tag/wireless/">Wireless</a></li>
<li><a href="https://sectools.org/tag/sploits/">Exploitation</a></li>
<li><a href="https://sectools.org/tag/packet-crafters/">Packet crafters</a></li>
<li><a href="https://sectools.org/">More</a></li>
</ul>
<li><a href="https://insecure.org/">Site News</a></li>
<li><a href="https://insecure.org/advertising.html">Advertising</a></li>
<li><a href="https://insecure.org/fyodor/">About/Contact</a></li>
<li>
<!-- SiteSearch Google -->
<form action="https://nmap.org/search.html" id="cse-search-box-sidebar">
  <div>
    <input type="hidden" name="cx" value="partner-pub-0078565546631069:bx60rb-fytx">
    <input type="hidden" name="cof" value="FORID:9">
    <input type="hidden" name="ie" value="ISO-8859-1">
    <input type="text" name="q" size="16">
    <input type="submit" name="sa" value="Site Search">
  </div>
</form>
<!-- End SiteSearch Google -->
</li>
<!-- These can come back if I ever update them ...
<li><a href="https://insecure.org/links.html">Exceptional Links</a></li>
<li><a href="https://insecure.org/reading.html">Good Reading</a></li>
<li><a href="https://insecure.org/sploits.html">Exploit World</a></li>
-->
<li><a href="https://insecure.org/advertising.html">Sponsors:</a>
  <br><br>
  
<!-- Begin Google Sidebar Banner Code -->
<script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
<!-- SidebarSkyScraper -->
<ins class="adsbygoogle"
     style="display:inline-block;width:120px;height:600px"
     data-ad-client="ca-pub-0078565546631069"
     data-ad-slot="9829251079"></ins>
<script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script>
<!-- End Google Sidebar Banner Code -->

</li>
</ul>

</TD>
<TD BGCOLOR="#FFFFFF" VALIGN="top" ALIGN="left"><IMG
SRC="/shared/images/topleftcurve.gif" alt="/"><TABLE CELLPADDING="4" WIDTH="100%" style="table-layout: fixed;"><TR><TD BGCOLOR="#FFFFFF">
<CENTER><FONT SIZE="+2"><B>SecLists.Org Security Mailing List Archive</B></FONT></CENTER>

<P>Any hacker will tell you that the latest news and exploits are not
found on any web site&mdash;not even <A HREF="http://insecure.org">Insecure.Org</A>.  No, the cutting edge
in security research is and will continue to be the full
disclosure mailing lists such as Bugtraq.  Here we provide web
archives and RSS feeds (now including message extracts), updated in real-time, for many of our favorite lists.  Browse the individual lists below, or search them all:

<CENTER>
<!-- Google Custom SiteSearch -->
<form action="http://insecure.org/search.html" id="cse-search-box-top">
  <div>
    <input type="hidden" name="cx" value="partner-pub-0078565546631069:bx60rb-fytx">
    <input type="hidden" name="cof" value="FORID:9">
    <input type="hidden" name="ie" value="ISO-8859-1">
    <input type="text" name="q" size="60">
    <input type="submit" name="sa" value="SecSearch">
  </div>
</form>
<script type="text/javascript">
if (window.location.protocol != "https:") {
  document.write("<script type='text/javascript' src='http://www.google.com/coop/cse/brand?form=cse-search-box-top&amp;lang=en'><\/script>");
} else {
// Static copy for HTTPS pages fetched 2011-03-25.
// Changed the watermark CSS to use https.
(function() {
var f = document.getElementById('cse-search-box-top');
if (!f) {
f = document.getElementById('searchbox_demo');
}
if (f && f.q) {
var q = f.q;
var n = navigator;
var l = location;
var su = function () {
var u = document.createElement('input');
var v = document.location.toString();
var existingSiteurl = /(?:[?&]siteurl=)([^&#]*)/.exec(v);
if (existingSiteurl) {
v = decodeURI(existingSiteurl[1]);
}
var delimIndex = v.indexOf('://');
if (delimIndex >= 0) {
v = v.substring(delimIndex + '://'.length, v.length);
}
u.name = 'siteurl';
u.value = v;
u.type = 'hidden';
f.appendChild(u);
};
if (n.appName == 'Microsoft Internet Explorer') {
var s = f.parentNode.childNodes;
for (var i = 0; i < s.length; i++) {
        if (s[i].nodeName == 'SCRIPT' &&
            s[i].attributes['src'] &&
            s[i].attributes['src'].nodeValue == unescape('http:\x2F\x2Fwww.google.com\x2Fcoop\x2Fcse\x2Fbrand?form=cse-search-box-top\x26lang=en')) {
          su();
          break;
        }
      }
    } else {
      su();
    }

    
    if (n.platform == 'Win32') {
      q.style.cssText = 'border: 1px solid #7e9db9; padding: 2px;';
    }

    
    if (window.history.navigationMode) {
      window.history.navigationMode = 'compatible';
    }

    var b = function() {
      if (q.value == '') {
        q.style.background = '#FFFFFF url(https:\x2F\x2Fwww.google.com\x2Fcse\x2Fintl\x2Fen\x2Fimages\x2Fgoogle_custom_search_watermark.gif) left no-repeat';
      }
    };

    var f = function() {
      q.style.background = '#ffffff';
    };

    q.onfocus = f;
    q.onblur = b;

    
    if (!/[&?]q=[^&]/.test(l.search)) {
      b();
    }
  }
})();
}
</script>
<!-- End Google Custom SiteSearch -->
</CENTER>

<A NAME="inseclists"></A><h2 class="purpleheader">Insecure.Org Lists</h2><A NAME="nmap-dev"></A>
<div style="clear: right">
<A HREF="/nmap-dev/"><img src="/images/nmap-dev-logo.png" border="0" width="80" align="right" alt="nmap-dev logo"></A><B><A HREF="/nmap-dev/">Nmap Development</A></B> &mdash; Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to <A HREF="https://nmap.org">Nmap</A> and related projects. Subscribe <a href="https://nmap.org/mailman/listinfo/dev">here</a>.<BR><ul class="inline"><li class="first"><A HREF="/nmap-dev/2020/q3/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Current Quarter</A></li>
<li>&nbsp;<A HREF="/nmap-dev/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/nmap-dev.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="https://nmap.org/mailman/listinfo/dev"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-nmap-dev" href="javascript:show_latest('nmap-dev')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-nmap-dev" style="display: none" href="javascript:hide_latest('nmap-dev')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-nmap-dev" style="display: none">
<!-- MHonArc v2.6.19 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/nmap-dev/2020/q3/11">Re: Possible bug?</a></strong>
<em>Daniel Miller (Jul 22)</em><br>
Shaun,<br>
<br>
That&apos;s an interesting problem. I can see you&apos;re using Nmap on Windows;<br>
which version of Npcap are you using? You can get this information by<br>
running: nmap --version<br>
<br>
What is the output of the following command when port 443 is open and also<br>
when it is closed? nmap -d -p1-10,80,443<br>
<br>
Dan<br>
<br>
On Mon, Jul 20, 2020 at 1:39 AM Shaun Michelson via dev &lt;dev () nmap org&gt;<br>
wrote:<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/nmap-dev/2020/q3/10">Re: Incremental TCP scanning to find a zombie</a></strong>
<em>Paulino Calderon (Jul 20)</em><br>
You won&apos;t find it in modern operating systems but in corporate networks we often find printers, scanners, web cams, <br>
DVRs, etc still use incremental IPIDs.<br>
<br>
Cheers.<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nmap-dev/2020/q3/9">Possible bug?</a></strong>
<em>Shaun Michelson via dev (Jul 19)</em><br>
I have come across a case where, if you open port 443 on a public facing interface, nmap will report dozens of other <br>
open ports on that host. If you then close port 443, nmap cannot detect the host at all. I have replicated on multiple <br>
hosts running both Ubuntu and Windows Server OS.<br>
<br>
Attached are the results of an example nmap scan on a machine with a single port open (443), the results of which show <br>
dozens of other ports open.<br>
<br>
Also attached...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nmap-dev/2020/q3/8">Github PR #1953 scan_engine_connect: allow -g (w/ or w/o -S) for tcp connect scan</a></strong>
<em>Simone Chiarelli (Jul 19)</em><br>
scan_engine_connect: allow -g (w/ or w/o -S) for tcp connect scan<br>
<br>
Allow settings source port through bind() for tcp connect scan for ipv4/ipv6, optionally in conjuction with -S.<br>
Ports under 1024 will usually fail if not root, but for what I could see on macOS 10.15.2 they will be set when binding <br>
to INADDR_ANY/in6addr_any (0.o)_______________________________________________<br>
Sent through the dev mailing list<br>
<a  rel="nofollow" href="https://nmap.org/mailman/listinfo/dev">https://nmap.org/mailman/listinfo/dev</a>...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nmap-dev/2020/q3/7">Suggested rlimit fix for nmap, GitHub pull request #2085</a></strong>
<em>Claudia Pellegrino (Jul 19)</em><br>
Dear nmap developers,<br>
<br>
As suggested by CONTRIBUTING.md, this is to let you know that I submitted a pull request on the nmap mirror on GitHub.<br>
<br>
The pull request aims to fix an integer truncation issue with regard to rlimit.<br>
<br>
The title of the PR:<br>
<br>
Truncate rlim_cur/rlim_max if greater than INT_MAX<br>
The URL to the PR:<br>
<br>
<a  rel="nofollow" href="https://github.com/nmap/nmap/pull/2085">https://github.com/nmap/nmap/pull/2085</a><br>
The PR description:<br>
<br>
On macOS, the rlim_t type used by rlimit is 64 bits wide. For me,...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nmap-dev/2020/q3/6">bug</a></strong>
<em>Josue Carames (Jul 19)</em><br>
I am unable to type or paste anything into the target field. I am using the latest version 7.80 and I am using macOS <br>
10.15.5. <br>
<br>
I appreciate any help. <br>
<br>
P.S. I tried uninstalling it and re-installing it and the error still persists. <br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nmap-dev/2020/q3/5">PR 2073 / Avoid using sensitive information (proxy-auth) on the command line (issue #2060)</a></strong>
<em>Gaëtan Frenoy (Jul 19)</em><br>
Dear committers,<br>
<br>
As suggested in the CONTRIBUTING[1] document, here is a short mail to <br>
let you know that PR2073[2] has been submitted on GitHub.<br>
<br>
This PR implements a new feature discussed in issue #2060[3] :<br>
<br>
One can now optionally use the environment variable NCAT_PROXY_AUTH to <br>
specify SOCKS5 proxy credentials.<br>
This reduces the risk of the credentials being captured in process logs.<br>
Note that option --proxy-auth takes precedence.<br>
<br>
Thanks for...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nmap-dev/2020/q3/4">Incremental TCP scanning to find a zombie</a></strong>
<em>Daniel Wagner (Jul 19)</em><br>
This is probably the wrong place to ask, but google shows that most of <br>
the OS&apos;s out there not longer have this flaw.  Do you know any OS <br>
(either past or present) that this will work against?  I have the book <br>
but only found examples.<br>
<br>
Thank you.<br>
<br>
Regards<br>
<br>
Daniel Wagner<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/nmap-dev/2020/q3/3">AW: NDIS Filter driver in Npcap</a></strong>
<em>Lisa Hofmann (Jul 19)</em><br>
Hello Daniel,<br>
<br>
thank you for your answer. It really helped me with my problem.<br>
<br>
Best regards,<br>
<br>
Lisa<br>
<br>
________________________________<br>
Von: Daniel Miller &lt;bonsaiviking () gmail com&gt;<br>
Gesendet: Dienstag, 14. Juli 2020 22:44:32<br>
An: Lisa Hofmann<br>
Cc: dev () nmap org<br>
Betreff: Re: NDIS Filter driver in Npcap<br>
<br>
Lisa,<br>
<br>
Thanks for inquiring. I was not involved in Npcap design from the beginning, but I currently maintain it. The <br>
advantages of the...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/nmap-dev/2020/q3/2">Re: NDIS Filter driver in Npcap</a></strong>
<em>Daniel Miller (Jul 14)</em><br>
Lisa,<br>
<br>
Thanks for inquiring. I was not involved in Npcap design from the<br>
beginning, but I currently maintain it. The advantages of the filter driver<br>
implementation over protocol driver are primarily related to performance.<br>
As a protocol driver, WinPcap sits next to TCPIP and other protocol drivers<br>
and does not naturally see any of the traffic they generate. Instead, it<br>
has to instruct NDIS to loop back all traffic from other protocols when it...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/nmap-dev/2020/q3/1">New PR: simple changing match rule for an Apache web server</a></strong>
<em>Gildásio Júnior (Jul 12)</em><br>
Hi all,<br>
<br>
Looking in contributing guidelines it recommends to send an e-mail about<br>
a PR created by me. So...<br>
<br>
I open a simple PR changing a rule to catch Apache web server<br>
information in an specific case.<br>
<br>
Using nmap-service-probe updated until today:<br>
<br>
```<br>
<br>
Starting Nmap 7.80 ( <a  rel="nofollow" href="https://nmap.org">https://nmap.org</a> ) at 2020-07-12 20:20 -03<br>
Nmap scan report for lab (172.16.0.201)<br>
Host is up (0.0025s latency).<br>
<br>
PORT    STATE SERVICE VERSION<br>
80/tcp  open  http    Apache...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/nmap-dev/2020/q3/0">NDIS Filter driver in Npcap</a></strong>
<em>Lisa Hofmann (Jul 10)</em><br>
Hello,<br>
<br>
for my master thesis I am currently working on a similar tool as Npcap which will also be based on NDIS 6.x. Therefore <br>
I wanted to ask you why Npcap is using a NDIS filter driver while WinPcap uses a protocol driver?<br>
<br>
With kind regards,<br>
<br>
Lisa<br>
</p>

 

<!-- MHonArc v2.6.19 -->
<!-- MHonArc v2.6.19 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/nmap-dev/2020/q2/38">Re: Nmap ICMP Scan Technical Question</a></strong>
<em>Robin Wood (Jun 26)</em><br>
<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nmap-dev/2020/q2/37">Re: Probe submission for OpenText Gupta SQLBase</a></strong>
<em>Gordon Fyodor Lyon (Jun 26)</em><br>
Thanks Matthias!  To better track this submission, I created an issue for<br>
it here: <a  rel="nofollow" href="https://github.com/nmap/nmap/issues/2071">https://github.com/nmap/nmap/issues/2071</a><br>
<br>
We&apos;ve been really focused on Npcap for the last year (because it is<br>
critical infrastructure for Nmap), but we&apos;re about to turn a lot more of<br>
our attention to Nmap proper!<br>
<br>
Cheers,<br>
Fyodor<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nmap-dev/2020/q2/36">Re: Nmap ICMP Scan Technical Question</a></strong>
<em>Andrew Morrison via dev (Jun 26)</em><br>
<br>
</p>

 

<!-- MHonArc v2.6.19 -->
</blockquote>
</div>
<BR>
<A NAME="nmap-announce"></A>
<div style="clear: right">
<A HREF="/nmap-announce/"><img src="/images/nmap-announce-logo.png" border="0" width="80" align="right" alt="nmap-announce logo"></A><B><A HREF="/nmap-announce/">Nmap Announce</A></B> &mdash; Moderated list for the most important new releases and announcements regarding the <A HREF="https://nmap.org">Nmap Security Scanner</A> and related projects. We recommend that all Nmap users <a href="https://nmap.org/mailman/listinfo/announce">subscribe</a>.<BR><ul class="inline"><li class="first"><A HREF="/nmap-announce/2019/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Previous Year</A></li>
<li>&nbsp;<A HREF="/nmap-announce/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/nmap-announce.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="https://nmap.org/mailman/listinfo/announce"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-nmap-announce" href="javascript:show_latest('nmap-announce')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-nmap-announce" style="display: none" href="javascript:hide_latest('nmap-announce')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-nmap-announce" style="display: none">
<!-- MHonArc v2.6.19 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/nmap-announce/2019/0">Nmap Defcon Release! 80+ improvements include new NSE scripts/libs, new Npcap, etc.</a></strong>
<em>Gordon Fyodor Lyon (Aug 10)</em><br>
Fellow hackers,<br>
<br>
I&apos;m here in Las Vegas for Defcon and delighted to release Nmap 7.80.  It&apos;s<br>
the first formal Nmap release in more than a year, and I hope you find it<br>
worth the wait!<br>
<br>
The main reason for the delay is that we&apos;ve been working so hard on our<br>
Npcap Windows packet capturing driver.  As many of you know, Windows Nmap<br>
traditionally depended on Winpcap for packet capture.  That is great<br>
software, but it has been...<br>
</p>

 

<!-- MHonArc v2.6.19 -->
<!-- MHonArc v2.6.19 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/nmap-announce/2018/0">Nmap 7.70 released! Better service and OS detection, 9 new NSE scripts, new Npcap, and much more.</a></strong>
<em>Fyodor (Mar 20)</em><br>
Nmap Community,<br>
<br>
We&apos;re excited to make our first Nmap release of 2018--version 7.70!  It<br>
includes hundreds of new OS and service fingerprints, 9 new NSE scripts<br>
(for a total of 588), a much-improved version of our Npcap windows packet<br>
capturing library/driver, and service detection improvements to make -sV<br>
faster and more accurate.  And those are just a few of the dozens of<br>
improvements described below.<br>
<br>
Nmap 7.70 source code and binary...<br>
</p>

 

<!-- MHonArc v2.6.19 -->
</blockquote>
</div>
<BR>
<A NAME="fulldisclosure"></A>
<div style="clear: right">
<A HREF="/fulldisclosure/"><img src="/images/fulldisclosure-logo.png" border="0" width="80" align="right" alt="fulldisclosure logo"></A><B><A HREF="/fulldisclosure/">Full Disclosure</A></B> &mdash; A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community.  The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip.  More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.<BR><ul class="inline"><li class="first"><A HREF="/fulldisclosure/2020/Jul/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Previous Month</A></li>
<li>&nbsp;<A HREF="/fulldisclosure/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/fulldisclosure.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="https://nmap.org/mailman/listinfo/fulldisclosure"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-fulldisclosure" href="javascript:show_latest('fulldisclosure')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-fulldisclosure" style="display: none" href="javascript:hide_latest('fulldisclosure')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-fulldisclosure" style="display: none">
<!-- MHonArc v2.6.19 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/fulldisclosure/2020/Jul/36">[SYSS-2020-015]: ABUS Secvest Hybrid module (FUMO50110) - Authentication Bypass Using an Alternate Path or Channel (CWE-288) (CVE-2020-14158)</a></strong>
<em>Matthias Deeg (Jul 30)</em><br>
Advisory ID: SYSS-2020-015<br>
Product: ABUS Secvest Hybrid module (FUMO50110)<br>
Manufacturer: ABUS<br>
Affected Version(s): N/A<br>
Tested Version(s): N/A<br>
Vulnerability Type: Authentication Bypass Using an Alternate Path or<br>
                    Channel (CWE-288)<br>
Risk Level: High<br>
Solution Status: Open<br>
Manufacturer Notification: 2020-04-03<br>
Solution Date: -<br>
Public Disclosure: 2020-07-30<br>
CVE Reference: CVE-2020-14158<br>
Authors of Advisory: Michael Rüttgers, Thomas...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/fulldisclosure/2020/Jul/35">SEC Consult SA-20200728-0 :: Stored Cross-Site Scripting (XSS) Vulnerability in Namirial SIGNificant SignAnyWhere</a></strong>
<em>SEC Consult Vulnerability Lab (Jul 29)</em><br>
SEC Consult Vulnerability Lab Security Advisory &lt; 20200728-0 &gt;<br>
=======================================================================<br>
              title: Stored Cross-Site Scripting (XSS) Vulnerability<br>
            product: Namirial SIGNificant SignAnyWhere<br>
 vulnerable version: v6.10.60.25434 (SSP v4.22.60.25434)<br>
                     v6.10.100.25817 (SSP v4.22.100.25817)<br>
      fixed version: v19.76.0.26030 (SSP v19.76.0.26030)...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/fulldisclosure/2020/Jul/34">Vulnerability Repot# MAMP PRO 4.2.0 Local Privilege Escalation</a></strong>
<em>Nicholas (Jul 24)</em><br>
Hi!<br>
<br>
I have discovered a local privilege escalation vulnerability on MAMP PRO<br>
4.2.0 and would like to post it. Please kindly check the attached file.<br>
<br>
Best regards,<br>
Nicholas<br>
# Exploit Title: MAMP PRO 4.2.0 Local Privilege Escalation<br>
# Date: 2020-07-08<br>
# Exploit Author: b1nary<br>
# Vendor Homepage: <a  rel="nofollow" href="https://www.mamp.info/">https://www.mamp.info/</a><br>
# Software Link: <a  rel="nofollow" href="https://downloads.mamp.info/MAMP-PRO-WINDOWS/releases/4.2.0/MAMP_MAMP_PRO_4.2.0.exe">https://downloads.mamp.info/MAMP-PRO-WINDOWS/releases/4.2.0/MAMP_MAMP_PRO_4.2.0.exe</a><br>
# Version: 4.2.0<br>
# Tested on:...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/fulldisclosure/2020/Jul/33">Defense in depth -- the Microsoft way (part 70): CVE-2014-0315	alias MS14-019 revisited</a></strong>
<em>Stefan Kanthak (Jul 24)</em><br>
Hi @ll,<br>
<br>
This multi-part post can be read even without a MIME-compliant program!<br>
<br>
Back in 2014, I reported a vulnerability in CreateProcess()&apos;s handling of<br>
*.cmd and *.bat files that Microsoft fixed with MS14-019 alias MSKB 2922229<br>
and assigned CVE-2014-0315: command lines with a batch script as first token<br>
led to the execution of a (rogue) cmd.exe from the CWD (or the search path).<br>
<br>
&lt;...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/fulldisclosure/2020/Jul/32"> Three vulnerabilities found in MikroTik&apos;s RouterOS</a></strong>
<em>Q C (Jul 24)</em><br>
Advisory: three vulnerabilities found in MikroTik&apos;s RouterOS<br>
<br>
Details<br>
=======<br>
<br>
Product: MikroTik&apos;s RouterOS<br>
Vendor URL: <a  rel="nofollow" href="https://mikrotik.com/">https://mikrotik.com/</a><br>
Vendor Status: fixed version released<br>
CVE: -<br>
Credit: Qian Chen(@cq674350529) of Qihoo 360 Nirvan Team<br>
<br>
Product Description<br>
==================<br>
<br>
RouterOS is the operating system used on the MikroTik&apos;s devices, such as<br>
switch, router and access point.<br>
<br>
Description of vulnerabilities...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/fulldisclosure/2020/Jul/31">SEC Consult SA-20200724-0 :: Privilege Escalation Vulnerability in SteelCentral Aternity Agent</a></strong>
<em>SEC Consult Vulnerability Lab (Jul 24)</em><br>
SEC Consult Vulnerability Lab Security Advisory &lt; 20200724-0 &gt;<br>
=======================================================================<br>
              title: Privilege Escalation Vulnerability<br>
            product: SteelCentral Aternity Agent<br>
 vulnerable version: 11.0.0.120<br>
      fixed version:<br>
         CVE number: CVE-2020-15592, CVE-2020-15593<br>
             impact: Critical<br>
           homepage: <a  rel="nofollow" href="https://www.riverbed.com/gb/">https://www.riverbed.com/gb/</a>...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/fulldisclosure/2020/Jul/30">Advisory:[CVE-2020-15596]ALPS ALPINE DLL Hijacking Issue</a></strong>
<em>Caiyuan Xie (Jul 21)</em><br>
Summary:<br>
A vulnerability to DLL preloading attacks was found in the ALPS ALPINE Touchpad driver, which might allow an attacker <br>
to execute malicious code. ALPS ALPINE has released updates to mitigate this potential vulnerability.<br>
Vulnerability Details:<br>
The ALPS ALPINE Touchpad driver may try to load DLLs that are not always present in the driver package. If an attacker <br>
can gain control of one of the DLL search directories, a malicious copy of...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/fulldisclosure/2020/Jul/29">Mida Solutions eFramework &lt;= 2.9.0 Multiple Vulnerabilities</a></strong>
<em>Andrea Baesso (Jul 21)</em><br>
 =============================================<br>
 Title: Mida Solutions eFramework Multiple Vulnerabilities<br>
Date: 19/07/2020<br>
Author: Andrea Baesso<br>
Reference: <a  rel="nofollow" href="https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html">https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html</a><br>
Vendor Homepage: <a  rel="nofollow" href="https://www.midasolutions.com/">https://www.midasolutions.com/</a><br>
Software Link: ova-efw.midasolutions.com<br>
Software: Mida eFramework<br>
Versions: &lt;=2.9.0<br>
Tested on: 2.8.9, 2.9.0<br>
CVE : Mitre is aware, still waiting...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/fulldisclosure/2020/Jul/28">SEC Consult SA-20200717-0 :: Multiple Vulnerabilities in	WonderCMS</a></strong>
<em>SEC Consult Vulnerability Lab (Jul 17)</em><br>
SEC Consult Vulnerability Lab Security Advisory &lt; 20200717-0 &gt;<br>
=======================================================================<br>
              title: Multiple Vulnerabilities<br>
            product: WonderCMS<br>
 vulnerable version: &lt;=3.1.0<br>
      fixed version: -<br>
         CVE number: -<br>
             impact: High<br>
           homepage: <a  rel="nofollow" href="https://www.wondercms.com/">https://www.wondercms.com/</a><br>
              found: 2020-04-30<br>
                 by: Calvin Phang (Office...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/fulldisclosure/2020/Jul/27">APPLE-SA-2020-07-15-5 Safari 13.1.2</a></strong>
<em>Apple Product Security via Fulldisclosure (Jul 17)</em><br>
APPLE-SA-2020-07-15-5 Safari 13.1.2<br>
<br>
Safari 13.1.2 is now available and addresses the following:<br>
<br>
Safari Downloads<br>
Available for: macOS Mojave and macOS High Sierra, and included in<br>
macOS Catalina<br>
Impact: A malicious attacker may be able to change the origin of a<br>
frame for a download in Safari Reader mode<br>
Description: A logic issue was addressed with improved restrictions.<br>
CVE-2020-9912: Nikhil Mittal (@c0d3G33k) of Payatu Labs (payatu.com)...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/fulldisclosure/2020/Jul/26">APPLE-SA-2020-07-15-4 watchOS 6.2.8</a></strong>
<em>Apple Product Security via Fulldisclosure (Jul 17)</em><br>
APPLE-SA-2020-07-15-4 watchOS 6.2.8<br>
<br>
watchOS 6.2.8 is now available and addresses the following:<br>
<br>
Audio<br>
Available for: Apple Watch Series 1 and later<br>
Impact: Processing a maliciously crafted audio file may lead to<br>
arbitrary code execution<br>
Description: An out-of-bounds write issue was addressed with improved<br>
bounds checking.<br>
CVE-2020-9889: JunDong Xie and XingWei Li of Ant-financial Light-Year<br>
Security Lab<br>
<br>
Audio<br>
Available for: Apple Watch Series...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/fulldisclosure/2020/Jul/25">APPLE-SA-2020-07-15-3 tvOS 13.4.8</a></strong>
<em>Apple Product Security via Fulldisclosure (Jul 17)</em><br>
APPLE-SA-2020-07-15-3 tvOS 13.4.8<br>
<br>
tvOS 13.4.8 is now available and addresses the following:<br>
<br>
Audio<br>
Available for: Apple TV 4K and Apple TV HD<br>
Impact: Processing a maliciously crafted audio file may lead to<br>
arbitrary code execution<br>
Description: An out-of-bounds write issue was addressed with improved<br>
bounds checking.<br>
CVE-2020-9889: JunDong Xie and XingWei Li of Ant-financial Light-Year<br>
Security Lab<br>
<br>
Audio<br>
Available for: Apple TV 4K and Apple TV...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/fulldisclosure/2020/Jul/24">APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra</a></strong>
<em>Apple Product Security via Fulldisclosure (Jul 17)</em><br>
APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update<br>
2020-004 Mojave, Security Update 2020-004 High Sierra<br>
<br>
macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security<br>
Update 2020-004 High Sierra are now available and address the<br>
following:<br>
<br>
Audio<br>
Available for: macOS Catalina 10.15.5<br>
Impact: Processing a maliciously crafted audio file may lead to<br>
arbitrary code execution<br>
Description: An out-of-bounds write issue was addressed with...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/fulldisclosure/2020/Jul/23">APPLE-SA-2020-07-15-1 iOS 13.6 and iPadOS 13.6</a></strong>
<em>Apple Product Security via Fulldisclosure (Jul 17)</em><br>
APPLE-SA-2020-07-15-1 iOS 13.6 and iPadOS 13.6<br>
<br>
iOS 13.6 and iPadOS 13.6 are now available and address the following:<br>
<br>
Audio<br>
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4<br>
and later, and iPod touch 7th generation<br>
Impact: Processing a maliciously crafted audio file may lead to<br>
arbitrary code execution<br>
Description: An out-of-bounds read was addressed with improved bounds<br>
checking.<br>
CVE-2020-9888: JunDong Xie and XingWei Li of...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/fulldisclosure/2020/Jul/22">VMware ESXi: Multiple vulnerabilities [CVE-2020-3963, CVE-2020-3964, CVE-2020-3965, CVE-2020-3960]</a></strong>
<em>Cfir Cohen via Fulldisclosure (Jul 17)</em><br>
Overview<br>
=======<br>
We identified several security issues in the ESIx virtual machine<br>
monitor (VMM): a use-after-free (UAF) vulnerability in PVNVRAM, a<br>
missing return value check in EHCI USB controller leading to private<br>
heap information disclosure, and several OOB reads.<br>
<br>
All issues have been fixed by the vendor. Links to the patches are<br>
provided below.<br>
<br>
ESXi PVNVRAM Use After Free [CVE-2020-3963]<br>
======================================<br>
The...<br>
</p>

 

<!-- MHonArc v2.6.19 -->
</blockquote>
</div>
<BR>
<h2 class="purpleheader">Other Excellent Security Lists</h2><A NAME="bugtraq"></A>
<div style="clear: right">
<A HREF="/bugtraq/"><img src="/images/bugtraq-logo.png" border="0" width="80" align="right" alt="bugtraq logo"></A><B><A HREF="/bugtraq/">Bugtraq</A></B> &mdash; The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!<BR><ul class="inline"><li class="first"><A HREF="/bugtraq/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/bugtraq.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://www.securityfocus.com/archive/1/description"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-bugtraq" href="javascript:show_latest('bugtraq')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-bugtraq" style="display: none" href="javascript:hide_latest('bugtraq')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-bugtraq" style="display: none">
<!-- MHonArc v2.6.19 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/bugtraq/2020/Feb/39">Defense in depth -- the Microsoft way (part 62): Windows shipped with end-of-life components</a></strong>
<em>Stefan Kanthak (Feb 25)</em><br>
Hi @ll,<br>
<br>
since Microsoft Server 2003 R2, Microsoft dares to ship and install the<br>
abomination known as .NET Framework with every new version of Windows.<br>
<br>
Among other components current versions of Windows and .NET Framework<br>
include<br>
<br>
C# compiler (C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe,<br>
             C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe)<br>
J# compiler (C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe,...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/bugtraq/2020/Feb/38">Local information disclosure in OpenSMTPD (CVE-2020-8793)</a></strong>
<em>Qualys Security Advisory (Feb 25)</em><br>
Qualys Security Advisory<br>
<br>
Local information disclosure in OpenSMTPD (CVE-2020-8793)<br>
<br>
==============================================================================<br>
Contents<br>
==============================================================================<br>
<br>
Summary<br>
Analysis<br>
Exploitation<br>
POKE 47196, 201<br>
Acknowledgments<br>
<br>
==============================================================================<br>
Summary...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/bugtraq/2020/Feb/37">LPE and RCE in OpenSMTPD&apos;s default install (CVE-2020-8794)</a></strong>
<em>Qualys Security Advisory (Feb 25)</em><br>
Qualys Security Advisory<br>
<br>
LPE and RCE in OpenSMTPD&apos;s default install (CVE-2020-8794)<br>
<br>
==============================================================================<br>
Contents<br>
==============================================================================<br>
<br>
Summary<br>
Analysis<br>
...<br>
Acknowledgments<br>
<br>
==============================================================================<br>
Summary...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/bugtraq/2020/Feb/36">[SECURITY] [DSA 4633-1] curl security update</a></strong>
<em>Alessandro Ghedini (Feb 25)</em><br>
-------------------------------------------------------------------------<br>
Debian Security Advisory DSA-4633-1                   security () debian org<br>
<a  rel="nofollow" href="https://www.debian.org/security/">https://www.debian.org/security/</a>                       Alessandro Ghedini<br>
February 22, 2020                     <a  rel="nofollow" href="https://www.debian.org/security/faq">https://www.debian.org/security/faq</a><br>
-------------------------------------------------------------------------<br>
<br>
Package        : curl<br>
CVE ID         : CVE-2019-5436 CVE-2019-5481...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/bugtraq/2020/Feb/35">Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888)</a></strong>
<em>Jamie R (Feb 25)</em><br>
I&apos;ve quoted the Cisco summary below as it&apos;s pretty accurate.<br>
<br>
tl;dr is an admin user on the web console can gain command execution<br>
and then escalate to root. If this is an issue in your environment,<br>
then please patch.<br>
<br>
Thanks to Cisco PSIRT who were responsive and professional.<br>
<br>
Shouts to Andrew, Dave and Senad, Pedro R - if that&apos;s still even a<br>
thing on advisories.<br>
<br>
Ref:...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/bugtraq/2020/Feb/34">[TZO-22-2020] Qihoo360 | GDATA | Rising | Command Generic Malformed Archive Bypass</a></strong>
<em>Thierry Zoller (Feb 24)</em><br>
<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/bugtraq/2020/Feb/33">[TZO-16-2020] - F-SECURE Generic Malformed Container bypass (GZIP)</a></strong>
<em>Thierry Zoller (Feb 24)</em><br>
<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/bugtraq/2020/Feb/32">[slackware-security]  proftpd (SSA:2020-051-01)</a></strong>
<em>Slackware Security Team (Feb 20)</em><br>
[slackware-security]  proftpd (SSA:2020-051-01)<br>
<br>
New proftpd packages are available for Slackware 14.0, 14.1, 14.2, and -current<br>
to fix a security issue.<br>
<br>
Here are the details from the Slackware 14.2 ChangeLog:<br>
+--------------------------+<br>
patches/packages/proftpd-1.3.6c-i586-1_slack14.2.txz:  Upgraded.<br>
  No CVEs assigned, but this sure looks like a security issue:<br>
  Use-after-free vulnerability in memory pools during data transfer.<br>
  (* Security...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/bugtraq/2020/Feb/31">[SECURITY] [DSA 4628-1] php7.0 security update</a></strong>
<em>Moritz Muehlenhoff (Feb 19)</em><br>
-------------------------------------------------------------------------<br>
Debian Security Advisory DSA-4628-1                   security () debian org<br>
<a  rel="nofollow" href="https://www.debian.org/security/">https://www.debian.org/security/</a>                       Moritz Muehlenhoff<br>
February 18, 2020                     <a  rel="nofollow" href="https://www.debian.org/security/faq">https://www.debian.org/security/faq</a><br>
-------------------------------------------------------------------------<br>
<br>
Package        : php7.0<br>
CVE ID         : CVE-2019-11045 CVE-2019-11046...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/bugtraq/2020/Feb/30">[SECURITY] [DSA 4629-1] python-django security update</a></strong>
<em>Sebastien Delafond (Feb 19)</em><br>
-------------------------------------------------------------------------<br>
Debian Security Advisory DSA-4629-1                   security () debian org<br>
<a  rel="nofollow" href="https://www.debian.org/security/">https://www.debian.org/security/</a>                       Sebastien Delafond<br>
February 19, 2020                     <a  rel="nofollow" href="https://www.debian.org/security/faq">https://www.debian.org/security/faq</a><br>
-------------------------------------------------------------------------<br>
<br>
Package        : python-django<br>
CVE ID         : CVE-2020-7471<br>
Debian Bug...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/bugtraq/2020/Feb/29">[TZO-18-2020] - Bitdefender Malformed Archive bypass (GZIP)</a></strong>
<em>Thierry Zoller (Feb 18)</em><br>
<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/bugtraq/2020/Feb/28">[TZO-17-2020] - Kaspersky Generic Archive Bypass (ZIP FLNMLEN)</a></strong>
<em>Thierry Zoller (Feb 18)</em><br>
<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/bugtraq/2020/Feb/27">[SECURITY] [DSA 4626-1] php7.3 security update</a></strong>
<em>Moritz Muehlenhoff (Feb 18)</em><br>
-------------------------------------------------------------------------<br>
Debian Security Advisory DSA-4626-1                   security () debian org<br>
<a  rel="nofollow" href="https://www.debian.org/security/">https://www.debian.org/security/</a>                       Moritz Muehlenhoff<br>
February 17, 2020                     <a  rel="nofollow" href="https://www.debian.org/security/faq">https://www.debian.org/security/faq</a><br>
-------------------------------------------------------------------------<br>
<br>
Package        : php7.3<br>
CVE ID         : CVE-2019-11045 CVE-2019-11046...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/bugtraq/2020/Feb/26">[SECURITY] [DSA 4627-1] webkit2gtk security update</a></strong>
<em>Moritz Muehlenhoff (Feb 18)</em><br>
-------------------------------------------------------------------------<br>
Debian Security Advisory DSA-4627-1                   security () debian org<br>
<a  rel="nofollow" href="https://www.debian.org/security/">https://www.debian.org/security/</a>                           Alberto Garcia<br>
February 17, 2020                     <a  rel="nofollow" href="https://www.debian.org/security/faq">https://www.debian.org/security/faq</a><br>
-------------------------------------------------------------------------<br>
<br>
Package        : webkit2gtk<br>
CVE ID         : CVE-2020-3862 CVE-2020-3864...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/bugtraq/2020/Feb/25">Web Application Firewall bypass via Bluecoat device</a></strong>
<em>RedTimmy Security (Feb 16)</em><br>
Hi,<br>
we have published a new post in our blog titled &quot;How to hack a company by circumventing its WAF through the abuse of a <br>
different security appliance and win bug bounties&quot;.<br>
<br>
We basically have [ab]used a Bluecoat device behaving as a request forwarder to mask our malicious payload, avoid WAF <br>
detection, hit an HTTP endpoint vulnerable to RCE and pop out a shell.<br>
<br>
Full story is here:...<br>
</p>

 

<!-- MHonArc v2.6.19 -->
</blockquote>
</div>
<BR>
<A NAME="basics"></A>
<div style="clear: right">
<A HREF="/basics/"><img src="/images/basics-logo.png" border="0" width="80" align="right" alt="basics logo"></A><B><A HREF="/basics/">Security Basics</A></B> &mdash; A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs".  I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.<BR><ul class="inline"><li class="first"><A HREF="/basics/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/basics.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://www.securityfocus.com/archive/105/description"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-basics" href="javascript:show_latest('basics')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-basics" style="display: none" href="javascript:hide_latest('basics')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-basics" style="display: none">
<!-- MHonArc v2.6.19 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/basics/2019/Feb/0">CarolinaCon-15 is April 26-28, 2019 in Charlotte NC - Call For Papers/Presenters is now open</a></strong>
<em>Vic Vandal (Feb 03)</em><br>
We are pleased to announce that CarolinaCon-15 will be on April 26th-28th 2019 in Charlotte NC at the Renaissance <br>
Charlotte Suites.  All who are interested in speaking on any topic in the realm of hacking, cybersecurity, technology, <br>
science, robotics or any related field are invited to submit a proposal to present at the con.  Full disclosure that <br>
technology or physical security exploitation type submissions are most desirable for this storied...<br>
</p>

 

<!-- MHonArc v2.6.19 -->
</blockquote>
</div>
<BR>
<A NAME="pen-test"></A>
<div style="clear: right">
<A HREF="/pen-test/"><img src="/images/pen-test-logo.png" border="0" width="80" align="right" alt="pen-test logo"></A><B><A HREF="/pen-test/">Penetration Testing</A></B> &mdash; While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.<BR><ul class="inline"><li class="first"><A HREF="/pen-test/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/pen-test.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://www.securityfocus.com/archive/101/description"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-pen-test" href="javascript:show_latest('pen-test')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-pen-test" style="display: none" href="javascript:hide_latest('pen-test')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-pen-test" style="display: none">
<!-- MHonArc v2.6.19 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/pen-test/2018/Feb/1">44CON 2018 - 12th-14th September, London (UK)</a></strong>
<em>Steve (Feb 28)</em><br>
44CON 2018 is the UK&apos;s best annual Security Conference and Training event. The conference spans 2.5 days with training <br>
on the 10th and 11th of September, a free evening event on the 12th of September, and a full two-day conference on the <br>
13th and 14th of September. The event takes place at the ILEC Conference Centre near Earls Court, London. 44CON 2018 <br>
includes catering, private bus bar and Gin O&apos;Clock breaks. Early Bird discounted...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/pen-test/2018/Feb/0">RootedCON Security Conference - 1-3 March, Madrid (Spain)</a></strong>
<em>omarbv (Feb 11)</em><br>
On the occasion of the ninth edition of RootedCON, the most important<br>
computer security conference in the country, around  2,000 hackers will<br>
meet to discuss new questions and researchs about the cybersecurity<br>
world, with its risks and threats. National and international experts<br>
have included in their agendas this mandatory appointment to discuss new<br>
vulnerabilities, viruses, and other threats, they will also talk about<br>
countermeasures in order...<br>
</p>

 

<!-- MHonArc v2.6.19 -->
</blockquote>
</div>
<BR>
<A NAME="isn"></A>
<div style="clear: right">
<A HREF="/isn/"><img src="/images/isn-logo.png" border="0" width="80" align="right" alt="isn logo"></A><B><A HREF="/isn/">Info Security News</A></B> &mdash; Carries news items (generally from mainstream sources) that relate to security.<BR><ul class="inline"><li class="first"><A HREF="/isn/2020/Jul/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Previous Month</A></li>
<li>&nbsp;<A HREF="/isn/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/isn.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://www.infosecnews.org/"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-isn" href="javascript:show_latest('isn')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-isn" style="display: none" href="javascript:hide_latest('isn')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-isn" style="display: none">
<!-- MHonArc v2.6.19 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/isn/2020/Jul/78">Zoom private meeting passwords were easily crackable</a></strong>
<em>InfoSec News (Jul 30)</em><br>
<a  rel="nofollow" href="https://www.itnews.com.au/news/zoom-private-meeting-passwords-were-easily-crackable-551095">https://www.itnews.com.au/news/zoom-private-meeting-passwords-were-easily-crackable-551095</a><br>
<br>
By Juha Saarinen<br>
itnews.com.au<br>
July 31, 2020<br>
<br>
The automatically generated passwords protecting private Zoom meetings <br>
could be cracked with relative ease, allowing access to sensitive <br>
conferences, a researcher has discovered.<br>
<br>
Web site developer Tom Anthony decided on March 31 this year to see if he <br>
could crack the password for private Zoom meetings....<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/isn/2020/Jul/77">Pentagon needs access to defense companies&apos; networks to hunt cyberthreats, says commission</a></strong>
<em>InfoSec News (Jul 30)</em><br>
<a  rel="nofollow" href="https://www.c4isrnet.com/cyber/2020/07/30/pentagon-needs-access-to-defense-companies-networks-to-hunt-cyberthreats-says-commission/">https://www.c4isrnet.com/cyber/2020/07/30/pentagon-needs-access-to-defense-companies-networks-to-hunt-cyberthreats-says-commission/</a><br>
<br>
By Mark Pomerleau<br>
C4ISRNET.com<br>
July 30, 2020<br>
<br>
WASHINGTON -- The Pentagon must be able to hunt cyberthreats on the <br>
private networks of defense companies in order to strengthen national <br>
cybersecurity, according to one of the leaders of the Cyber Solarium <br>
Commission.<br>
<br>
Rep. Mike Gallagher, R-Wis., who co-chairs the...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/isn/2020/Jul/76">Volunteer hacker army boosts U.S. election cybersecurity</a></strong>
<em>InfoSec News (Jul 30)</em><br>
<a  rel="nofollow" href="https://www.nbcnews.com/tech/tech-news/volunteer-hacker-army-boosts-u-s-election-cybersecurity-n1235324">https://www.nbcnews.com/tech/tech-news/volunteer-hacker-army-boosts-u-s-election-cybersecurity-n1235324</a><br>
<br>
By Kevin Collier<br>
NBC News<br>
July 30, 2020<br>
<br>
As election officials across the country prepare for November without <br>
knowing if they&apos;ll receive additional federal funds, a new volunteer group <br>
hopes to ease their cybersecurity concerns for free.<br>
<br>
Some states pay private companies for cybersecurity, while others rely on <br>
in-house staff or...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/isn/2020/Jul/75">Government can avoid the ransomware question with strong cyber policy</a></strong>
<em>InfoSec News (Jul 30)</em><br>
<a  rel="nofollow" href="https://statescoop.com/corye-douglas-avoid-ransomware-question-strong-cyber-policy/">https://statescoop.com/corye-douglas-avoid-ransomware-question-strong-cyber-policy/</a><br>
<br>
By Corye Douglas<br>
STATESCOOP<br>
July 30, 2020<br>
<br>
As the number of coronavirus cases tops 4.4 million in the U.S., the shift <br>
to remote work has provided an opportunity for bad actors to more <br>
successfully conduct various types of cyberattacks, with ransomware <br>
representing one of the most devastating threats.<br>
<br>
Unvetted computers and home networks are now relied upon to...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/isn/2020/Jul/74">Multiple Tor security issues disclosed, more to come</a></strong>
<em>InfoSec News (Jul 30)</em><br>
<a  rel="nofollow" href="https://www.zdnet.com/article/multiple-tor-security-issues-disclosed-more-to-come/">https://www.zdnet.com/article/multiple-tor-security-issues-disclosed-more-to-come/</a><br>
<br>
By Catalin Cimpanu<br>
Zero Day<br>
ZDNet.com<br>
July 30, 2020<br>
<br>
Over the past week, a security researcher has published technical details <br>
about two vulnerabilities impacting the Tor network and the Tor browser.<br>
<br>
In blog posts last week and today, Dr. Neal Krawetz said he was going <br>
public with details on two alleged zero-days after the Tor Project has <br>
repeatedly failed to...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/isn/2020/Jul/73">North Korea&apos;s Lazarus brings state-sponsored hacking approach to ransomware</a></strong>
<em>InfoSec News (Jul 30)</em><br>
<a  rel="nofollow" href="https://arstechnica.com/information-technology/2020/07/north-korea-backed-hackers-dip-their-toes-into-the-ransomware-pool/">https://arstechnica.com/information-technology/2020/07/north-korea-backed-hackers-dip-their-toes-into-the-ransomware-pool/</a><br>
<br>
By Dan Goodin<br>
Ars Technica<br>
July 29, 2020<br>
<br>
Lazarus—the North Korean state hacking group behind the WannaCry worm, the <br>
theft of $81 million from a Bangladesh bank, and the attacks on Sony <br>
Pictures—is looking to expand into the ransomware craze, according to <br>
researchers from Kaspersky Lab.<br>
<br>
Like many of Lazarus’ early...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/isn/2020/Jul/72">Toll Group unveils year-long &apos;accelerated&apos; cyber resilience program</a></strong>
<em>InfoSec News (Jul 30)</em><br>
<a  rel="nofollow" href="https://www.itnews.com.au/news/toll-group-unveils-year-long-accelerated-cyber-resilience-program-551025">https://www.itnews.com.au/news/toll-group-unveils-year-long-accelerated-cyber-resilience-program-551025</a><br>
<br>
By Ry Crozier<br>
itnews.com.au<br>
July 30, 2020<br>
<br>
Toll Group is taking its first major action since recovering from two <br>
devastating ransomware attacks, kicking off a one year “accelerated cyber <br>
resilience program” run by a rebuilt security team across two countries.<br>
<br>
The logistics giant unveiled the first details of the expansive program of...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/isn/2020/Jul/71">Hackers Broke Into Real News Sites to Plant Fake Stories</a></strong>
<em>InfoSec News (Jul 30)</em><br>
<a  rel="nofollow" href="https://www.wired.com/story/hackers-broke-into-real-news-sites-to-plant-fake-stories-anti-nato/">https://www.wired.com/story/hackers-broke-into-real-news-sites-to-plant-fake-stories-anti-nato/</a><br>
<br>
By Andy Greenberg<br>
SECURITY<br>
Wired.com<br>
07.29.2020<br>
<br>
OVER THE PAST few years, online disinformation has taken evolutionary <br>
leaps forward, with the Internet Research Agency pumping out artificial <br>
outrage on social media and hackers leaking documents—both real and <br>
fabricated—to suit their narrative. More recently, Eastern Europe has <br>
faced a broad...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/isn/2020/Jul/70">YOU... SHA-1 NOT PASS! Microsoft magics away demonic hash algorithm from Windows updates, apps</a></strong>
<em>InfoSec News (Jul 30)</em><br>
<a  rel="nofollow" href="https://www.theregister.com/2020/07/29/microsoft_windows_sha_1/">https://www.theregister.com/2020/07/29/microsoft_windows_sha_1/</a><br>
<br>
By Shaun Nichols in San Francisco<br>
The Register<br>
July 29, 2020<br>
<br>
Microsoft is preparing to once and for all drop support for the SHA-1 hash <br>
algorithm.<br>
<br>
Redmond this week said that on Monday, August 3, Windows downloads signed <br>
using SHA-1 will no longer be offered by the Windows app&apos;n&apos;updates <br>
download center, the last step in a SHA-2 transition that has been going <br>
on for...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/isn/2020/Jul/69">US defense and aerospace sectors targeted in new wave of North Korean attacks</a></strong>
<em>InfoSec News (Jul 30)</em><br>
<a  rel="nofollow" href="https://www.zdnet.com/article/us-defense-and-aerospace-sectors-targeted-in-new-wave-of-north-korean-attacks/">https://www.zdnet.com/article/us-defense-and-aerospace-sectors-targeted-in-new-wave-of-north-korean-attacks/</a><br>
<br>
By Catalin Cimpanu<br>
Zero Day<br>
ZDNet.com<br>
July 30, 2020<br>
<br>
While the world was in the midst of the COVID-19 pandemic, North Korean <br>
hackers were targeting the US defense and aerospace sectors with fake job <br>
offers in the hopes of infecting employees looking for better <br>
opportunities and gaining a foothold on their organizations&apos; networks....<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/isn/2020/Jul/68">Cloudflare denies data leak after 3M customer IP addresses found on the dark web</a></strong>
<em>InfoSec News (Jul 27)</em><br>
<a  rel="nofollow" href="https://siliconangle.com/2020/07/27/cloudflare-denies-data-leak-3m-customer-ip-addresses-found-dark-web/">https://siliconangle.com/2020/07/27/cloudflare-denies-data-leak-3m-customer-ip-addresses-found-dark-web/</a><br>
<br>
By Duncan Riley<br>
SiliconAngle.com<br>
July 27, 2020<br>
<br>
Network security firm Cloudflare Inc. today denied a report that it <br>
suffered a data leak after the records of some 3 million customers were <br>
found on the shady corner of the internet called the dark web.<br>
<br>
The claim comes from the National Coordination Center for Cybersecurity at <br>
the National...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/isn/2020/Jul/67">Election Officials Are Vulnerable to Email Attacks, Report Shows</a></strong>
<em>InfoSec News (Jul 27)</em><br>
<a  rel="nofollow" href="https://www.wsj.com/articles/election-officials-are-vulnerable-to-email-attacks-report-shows-11595746800">https://www.wsj.com/articles/election-officials-are-vulnerable-to-email-attacks-report-shows-11595746800</a><br>
<br>
By Robert McMillan<br>
The Wall Street Journal<br>
July 26, 2020<br>
<br>
Many of the thousands of county and local election officials who will be <br>
administering November’s presidential election are running email systems <br>
that could leave them vulnerable to online attacks, a new report has <br>
found.<br>
<br>
Cybersecurity vendor Area 1 Security Inc. tracked more...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/isn/2020/Jul/66">A Cyberattack on Garmin Disrupted More Than Workouts</a></strong>
<em>InfoSec News (Jul 27)</em><br>
<a  rel="nofollow" href="https://www.wired.com/story/garmin-outage-ransomware-attack-workouts-aviation/">https://www.wired.com/story/garmin-outage-ransomware-attack-workouts-aviation/</a><br>
<br>
By Lily Hay Newman<br>
Security<br>
Wired.com<br>
July 27, 2020<br>
<br>
ON THURSDAY, HACKERS hit the navigation and fitness giant Garmin with a <br>
ransomware attack that took down numerous services across the company. <br>
Garmin Connect, the cloud platform that syncs user activity data, went <br>
dark, as did portions of Garmin.com. But as athletes found themselves <br>
unable to record runs and...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/isn/2020/Jul/65">Internal source code from 50 high-profile companies including Microsoft, Disney, and Nintendo has been leaked and posted online for people to access</a></strong>
<em>InfoSec News (Jul 27)</em><br>
<a  rel="nofollow" href="https://www.businessinsider.com/software-source-code-leaked-microsoft-nintendo-2020-7">https://www.businessinsider.com/software-source-code-leaked-microsoft-nintendo-2020-7</a><br>
<br>
By Katie Canales<br>
Business Insider<br>
July 27, 2020<br>
<br>
Internal software source code from more than 50 high-profile companies <br>
across tech, finance, retail, and other sectors has been leaked online.<br>
<br>
Originally reported by the tech site Bleeping Computer, a Swiss developer <br>
named Tillie Kottmann was able to pull source code from the likes of <br>
Microsoft, Nintendo,...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/isn/2020/Jul/64">Energy Unveils Blueprint for Nationwide, &apos;Unhackable&apos; Quantum Internet</a></strong>
<em>InfoSec News (Jul 27)</em><br>
<a  rel="nofollow" href="https://www.defenseone.com/technology/2020/07/energy-unveils-blueprint-nationwide-unhackable-quantum-internet/167219/">https://www.defenseone.com/technology/2020/07/energy-unveils-blueprint-nationwide-unhackable-quantum-internet/167219/</a><br>
<br>
By Brandi Vincent<br>
Staff Correspondent<br>
Defense One<br>
July 27, 2020<br>
<br>
The Energy Department on Thursday released a strategic blueprint to <br>
construct a potentially “unhackable” nationwide quantum internet.<br>
<br>
The plan to develop a prototype that relies on quantum mechanics to <br>
connect next-generation computers and sensors and...<br>
</p>

 

<!-- MHonArc v2.6.19 -->
</blockquote>
</div>
<BR>
<A NAME="firewall-wizards"></A>
<div style="clear: right">
<A HREF="/firewall-wizards/"><img src="/images/firewall-wizards-logo.png" border="0" width="80" align="right" alt="firewall-wizards logo"></A><B><A HREF="/firewall-wizards/">Firewall Wizards</A></B> &mdash; Tips and tricks for firewall administrators<BR><ul class="inline"><li class="first"><A HREF="/firewall-wizards/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/firewall-wizards.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-firewall-wizards" href="javascript:show_latest('firewall-wizards')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-firewall-wizards" style="display: none" href="javascript:hide_latest('firewall-wizards')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-firewall-wizards" style="display: none">
<!-- MHonArc v2.6.19 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/firewall-wizards/2016/Sep/0">Revival?</a></strong>
<em>Paul Robertson (Sep 11)</em><br>
Since the last few attempts to revive the list have failed, I&apos;m going to attempt a Facebook group revival experiment.  <br>
It&apos;ll be a bit broader in scope, but I&apos;m hoping we can discuss technical security matters.  The new group is <br>
Security-Wizards on Facebook. <br>
<br>
Paul<br>
</p>

 

<!-- MHonArc v2.6.19 -->
</blockquote>
</div>
<BR>
<A NAME="focus-ids"></A>
<div style="clear: right">
<A HREF="/focus-ids/"><img src="/images/focus-ids-logo.png" border="0" width="80" align="right" alt="focus-ids logo"></A><B><A HREF="/focus-ids/">IDS Focus</A></B> &mdash; Technical discussion about Intrusion Detection Systems.  You can also read the archives of a <A HREF="http://seclists.org/ids/">previous IDS list</A><BR><ul class="inline"><li class="first"><A HREF="/focus-ids/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/focus-ids.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://www.securityfocus.com/archive/96/description"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
</ul>
</div>
<BR>
<A NAME="webappsec"></A>
<div style="clear: right">
<A HREF="/webappsec/"><img src="/images/webappsec-logo.png" border="0" width="80" align="right" alt="webappsec logo"></A><B><A HREF="/webappsec/">Web App Security</A></B> &mdash; Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.<BR><ul class="inline"><li class="first"><A HREF="/webappsec/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/webappsec.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://www.securityfocus.com/archive/107/description"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-webappsec" href="javascript:show_latest('webappsec')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-webappsec" style="display: none" href="javascript:hide_latest('webappsec')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-webappsec" style="display: none">
<!-- MHonArc v2.6.19 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/webappsec/2018/q3/0">Faraday Beta V3.0 Released</a></strong>
<em>Francisco Amato (Jul 04)</em><br>
Faraday helps you to host your own vulnerability management platform<br>
now and streamline your team in one place.<br>
<br>
We are pleased to announce the newest version of Faraday v3.0. In this<br>
new version we have made major architecture changes to adapt our<br>
software to the new challenges of cyber security. We focused on<br>
processing large data volumes and to making it easier for the user to<br>
interact with Faraday in its environment.<br>
<br>
To install it you can...<br>
</p>

 

<!-- MHonArc v2.6.19 -->
</blockquote>
</div>
<BR>
<A NAME="dailydave"></A>
<div style="clear: right">
<A HREF="/dailydave/"><img src="/images/dailydave-logo.png" border="0" width="80" align="right" alt="dailydave logo"></A><B><A HREF="/dailydave/">Daily Dave</A></B> &mdash; This technical discussion list covers vulnerability research, exploit development, and security events/gossip.  It was started by <a href="http://www.immunitysec.com/">ImmunitySec</a> founder Dave Aitel and many security luminaries participate.  Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.<BR><ul class="inline"><li class="first"><A HREF="/dailydave/2020/q3/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Current Quarter</A></li>
<li>&nbsp;<A HREF="/dailydave/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/dailydave.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="https://lists.immunityinc.com/mailman/listinfo/dailydave"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-dailydave" href="javascript:show_latest('dailydave')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-dailydave" style="display: none" href="javascript:hide_latest('dailydave')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-dailydave" style="display: none">
<!-- MHonArc v2.6.19 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/dailydave/2020/q3/15">Re: [EXTERNAL] WAF Metrics</a></strong>
<em>Chuck McAuley via Dailydave (Jul 17)</em><br>
Isn’t using a WAF an “investment in technology to stop constant attacks?”<br>
<br>
-chuck<br>
From: Greg Frazier &lt;glfrazier () alum mit edu&gt;<br>
Date: Friday, July 17, 2020 at 3:46 PM<br>
To: Don Ankney &lt;dankney () hackerco de&gt;<br>
Cc: John Lampe &lt;jlampe () tenable com&gt;, Rafal Los &lt;Rafal () ishackingyou com&gt;, Chuck McAuley &lt;chuck.mcauley () keysight <br>
com&gt;, &quot;dailydave () lists aitelfoundation org&quot; &lt;dailydave () lists...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dailydave/2020/q3/14">Re: [EXTERNAL] WAF Metrics</a></strong>
<em>Greg Frazier via Dailydave (Jul 17)</em><br>
I&apos;m not parsing your argument. If you knew the bug was there, you would fix<br>
the bug. The WAF is there to mitigate the bugs that you are not aware of.<br>
Further, web accesses that are out of scope of your intended functionality<br>
but do not trigger a bug may be information gathering attacks that you<br>
would, in hindsight, have wished your WAF had blocked. I would argue that<br>
the WAF is not a stop-gap at all--it is an integral part of your...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/dailydave/2020/q3/13">Re: [EXTERNAL] WAF Metrics</a></strong>
<em>Don Ankney via Dailydave (Jul 15)</em><br>
So far, this conversation focuses on how effectively WAFs block malicious HTTP requests. I&apos;d argue that this is both a <br>
red herring and an abuse of WAF technology.  A WAF only protects the enterprise when it blocks a request that would <br>
trigger an actual bug. If there&apos;s no bug present, all that&apos;s really happening is that likely malicious requests are <br>
being logged at a much higher costs than if it were simply allowed to sit in the...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dailydave/2020/q3/12">Re: [EXTERNAL] WAF Metrics</a></strong>
<em>Chuck McAuley via Dailydave (Jul 15)</em><br>
This isn’t directly related to John’s observation below, but it got me motivated to further clarify some of the <br>
challenges involved in testing WAFs.<br>
<br>
I’ve seen many implementations over the years that try to determine the decision making process of an IPS, WAF, or <br>
similar device by simply interrogating it from the client side only. The realities of test of measurement is that it <br>
requires the user to implement both a client and server...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/dailydave/2020/q3/11">Re: [EXTERNAL] WAF Metrics</a></strong>
<em>John Lampe via Dailydave (Jul 13)</em><br>
Yeah, I guess the way I would envision it going would be:<br>
<br>
1) web app scanner sees XSS vuln on /path/to/foo.php<br>
2) my integration ties that web app scan into a format to pass to WAF<br>
3) WAF sets up anti-xss rules on /path/to/foo.php (we had to actually<br>
create a static mapping for this step)<br>
4) measure how many hits the waf blocks to that endpoint for the XSS<br>
<br>
John<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/dailydave/2020/q3/10">Re: WAF Metrics</a></strong>
<em>Chuck McAuley via Dailydave (Jul 13)</em><br>
We’ve released a mid-pandemic product that is designed to test production deployed WAF’s by doing exactly what <br>
@ranger_cha is describing.<br>
<br>
It will run tests that include both known/existing attacks that a WAF should stop and common patterns that all WAF’s <br>
should recognize and stop. Separately and clearly, so the use can see the impact of stopping both sets of assessments <br>
separately.<br>
<br>
<a  rel="nofollow" href="https://www.ixiacom.com/products/threat-simulator">https://www.ixiacom.com/products/threat-simulator</a><br>
<br>
The...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dailydave/2020/q3/9">WAFs: HTTP Desynchronization as a Metric</a></strong>
<em>Dave Aitel via Dailydave (Jul 13)</em><br>
So one thing people don&apos;t have any scope of measuring - (maybe as a set<br>
diagram finite states?) - is the difference between two parsers for the<br>
same protocol. Ten years ago a lot of the security community had a<br>
discussion about &quot;LangSec &lt;<a  rel="nofollow" href="http://langsec.org/">http://langsec.org/</a>&gt;&quot; which turns out to have<br>
been entirely correct in retrospect.<br>
<br>
NCCGroup&apos;s recently released analysis of the F5 bug is a key example of<br>
this principle in action:...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dailydave/2020/q3/8">Re: [EXTERNAL] WAF Metrics</a></strong>
<em>Rafal Los via Dailydave (Jul 13)</em><br>
John,<br>
Can you expand on #2? How do you measure the number of attacks stifled?<br>
<br>
_--<br>
Rafal<br>
_Mobile: (404) 606-6056<br>
_Email: Rafal.Los@Seventy7.Consulting&lt;<a  rel="nofollow" href="mailto:Rafal.Los@Seventy7.Consulting">mailto:Rafal.Los@Seventy7.Consulting</a>&gt;<br>
<br>
From: John Lampe via Dailydave &lt;dailydave () lists aitelfoundation org&gt;<br>
Reply-To: John Lampe &lt;jlampe () tenable com&gt;<br>
Date: Saturday, July 11, 2020 at 9:52 PM<br>
To: Dave Aitel &lt;dave.aitel () gmail com&gt;<br>
Cc: &quot;dailydave () lists...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/dailydave/2020/q3/7">Re: WAF Metrics</a></strong>
<em>Moses Frost via Dailydave (Jul 11)</em><br>
I guess some of us who grew up mapping ports and protocols into their neat<br>
buckets will need to live with that fact that everything will eventually<br>
ride over a multiplexed 443 socket, just something to think about before<br>
the rant.<br>
<br>
TL;DR - The answer to your question about measurement and effectiveness is<br>
going to come down: &quot;how long before you can see what I&apos;m doing&quot;.<br>
<br>
WAF&apos;s are a rather complex beast, but I guess they do...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dailydave/2020/q3/6">Re: [EXTERNAL] WAF Metrics</a></strong>
<em>John Lampe via Dailydave (Jul 11)</em><br>
So, I recently did an integration for a company that took their web app<br>
scanner results and mapped those to existing WAF rules. I can think of 2<br>
metrics based off that<br>
<br>
1) How many real-world vulns have a corresponding check in the WAF? and<br>
2) Once the WAF rules have been put in place to protect actually-vulnerable<br>
endpoints, how many attacks were actually stifled?<br>
<br>
John<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/dailydave/2020/q3/5">WAF Metrics</a></strong>
<em>Dave Aitel via Dailydave (Jul 11)</em><br>
So I&apos;m making a video on metrics, of all things, and I wanted to post both this<br>
question &lt;<a  rel="nofollow" href="https://twitter.com/daveaitel/status/1281629327776522242?s=20">https://twitter.com/daveaitel/status/1281629327776522242?s=20</a>&gt;and<br>
the best answer so far to the list to see if anyone had any other ideas or<br>
followups.<br>
<br>
-dave<br>
<br>
[image: image.png]<br>
<br>
[image: image.png]<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/dailydave/2020/q3/4">Re: Brad gets real!</a></strong>
<em>Konrads Smelkovs via Dailydave (Jul 06)</em><br>
Linux has too many stakeholders for a sensible equities process to happen<br>
which is why treating everyone poorly (bugs are bugs) is fairer than<br>
coordinating disclosure. In an example, if an earth shattering Linux bug<br>
was to emerge, why would RedHat be in the know while Russian defence<br>
contractors who build their countries’ systems on local Linux distros would<br>
be excluded ?<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dailydave/2020/q3/3">Re: Brad gets real!</a></strong>
<em>Shawn Webb via Dailydave (Jul 06)</em><br>
Fully agreed with you there. I also dislike the culture of treating<br>
security vulnerabilities as &quot;just another bug.&quot; I feel there&apos;s some<br>
form of newspeak with regards to security and the Linux kernel. There<br>
is indeed a formalized method to report security-related bugs to the<br>
Linux kernel (emailing security _AT _ kernel _DOT_ org). Yet Linux<br>
developer culture says &quot;all bugs are bugs, regardless of security<br>
impact. A security bug...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/dailydave/2020/q3/2">Re: Brad gets real!</a></strong>
<em>Dave Aitel via Dailydave (Jul 06)</em><br>
This is possibly true, although an Android vs iOS comparison here might be<br>
more apt, from a technical perspective? But what Brad truly nails in his<br>
talk is an overarching culture around the process of Linux kernel<br>
development that is decidedly non-optimal when it comes to security.<br>
<br>
For example, when proposing security features, a healthy community would<br>
take a suggested patch and debate &quot;What were you trying to accomplish? What<br>
is the best...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dailydave/2020/q3/1">Re: Brad gets real!</a></strong>
<em>Shawn Webb via Dailydave (Jul 06)</em><br>
It&apos;s also hard to innovate without a userland that is tightly<br>
integrated with the kernel (like the BSDs). On the BSD side, we&apos;re<br>
able to ship an entire ecosystem with exploit mitigations applied<br>
because a basic userland is shipped and integrated with the kernel.<br>
<br>
The way in which the BSDs are structured enables innovation across the<br>
entire ecosystem. We at HardenedBSD are able to test and deploy<br>
exploit mitigations across the base...<br>
</p>

 

<!-- MHonArc v2.6.19 -->
</blockquote>
</div>
<BR>
<A NAME="pauldotcom"></A>
<div style="clear: right">
<A HREF="/pauldotcom/"><img src="/images/pauldotcom-logo.png" border="0" width="80" align="right" alt="pauldotcom logo"></A><B><A HREF="/pauldotcom/">PaulDotCom</A></B> &mdash; General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.<BR><ul class="inline"><li class="first"><A HREF="/pauldotcom/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/pauldotcom.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-pauldotcom" href="javascript:show_latest('pauldotcom')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-pauldotcom" style="display: none" href="javascript:hide_latest('pauldotcom')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-pauldotcom" style="display: none">
<!-- MHonArc v2.6.19 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/pauldotcom/2018/q4/0">BHIS Sorta Top Used Tools of 2018</a></strong>
<em>John - Black Hills Information Security (Dec 06)</em><br>
Free Webcast<br>
<br>
Hello all,<br>
<br>
For our next webcast we will cover some of the core tools we use all the time at Black Hills Information Security. <br>
However, there will be a twist. We will not talk about Nessus, Nmap, or Metasploit. Why? Because there are a ton of new <br>
(and older) tools we use that fall outside of the standard tools you see in every security book/blog out there.<br>
<br>
Basically, we are trying to be edgy and different.<br>
<br>
You may want to come...<br>
</p>

 

<!-- MHonArc v2.6.19 -->
<!-- MHonArc v2.6.19 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/pauldotcom/2018/q3/2">BHIS Webcast - Tues 10/2 @ 11am MDT</a></strong>
<em>John Strand - Black Hills Information Security (Sep 26)</em><br>
Hello All,<br>
<br>
In this next webcast I want to cover what I am doing with the BHIS Systems team to create a C2/Implant/Malware test <br>
bed. Testing our C2/malware solutions is important because vendors tend to lie or over-hype their capabilities. I will <br>
cross reference some different malware specimens to the MITRE ATT&amp;CK framework and we will cover how you can use these <br>
techniques to test your defensive solutions at both the endpoint and the...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/pauldotcom/2018/q3/1">BHIS Webcast: The PenTest Pyramid of Pain 9/4 - 11am MDT</a></strong>
<em>Sierra - Black Hills Information Security (Aug 29)</em><br>
Hello!<br>
<br>
How are you all? We had a fantastic webcast last week with John Strand and Chris Brenton and we&apos;re still working <br>
through some unexpected hiccups to get the recording up and posted. The podcast version is on our blog, and the YouTube <br>
version will be posted shortly on the Active Countermeasures channel and blog as well. Thanks for all of you who <br>
ventured over to attend!<br>
<br>
Ready for another awesome BHIS webcast? Dakota is back and...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/pauldotcom/2018/q3/0">Webcast with CJ: Tues 7/24 at 11am</a></strong>
<em>Sierra - Black Hills Information Security (Jul 19)</em><br>
Our upcoming webcast will be about POLICY...<br>
<br>
Did you check out when you heard “policy”? Policy can often seem like a drudgery, but it’s also an important and <br>
potentially overlooked part of business and procedure; it’s the framework on which security is really built!<br>
<br>
CJ, our COO and Head of Sales has experience writing, assessing and implementing policies for many different kinds of <br>
companies. And if you are worried it will be dry and...<br>
</p>

 

<!-- MHonArc v2.6.19 -->
</blockquote>
</div>
<BR>
<A NAME="honeypots"></A>
<div style="clear: right">
<A HREF="/honeypots/"><img src="/images/honeypots-logo.png" border="0" width="80" align="right" alt="honeypots logo"></A><B><A HREF="/honeypots/">Honeypots</A></B> &mdash; Discussions about tracking attackers by setting up decoy honeypots or entire <A HREF="http://www.honeynet.org">honeynet</A> networks.<BR><ul class="inline"><li class="first"><A HREF="/honeypots/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/honeypots.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://www.securityfocus.com/archive/119/description"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-honeypots" href="javascript:show_latest('honeypots')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-honeypots" style="display: none" href="javascript:hide_latest('honeypots')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-honeypots" style="display: none">
<!-- MHonArc v2.6.16 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/honeypots/2013/q1/0">Honeypot malware archives</a></strong>
<em>Matteo Cantoni (Feb 14)</em><br>
Hello everyone,<br>
<br>
I would like share with you for educational purposes and without any<br>
commercial purpose, data collected by the my homemade honeypot.<br>
Nothing new, nothing shocking, nothing sensational... but I think can<br>
be of interest to newcomers to the world of analysis of malware,<br>
botnets, etc... maybe for a thesis.<br>
<br>
The files collected are divided into zip archives, in alphabetical<br>
order, with password (which must be request via email). Some...<br>
</p>

 

<!-- MHonArc v2.6.16 -->
</blockquote>
</div>
<BR>
<A NAME="microsoft"></A>
<div style="clear: right">
<A HREF="/microsoft/"><img src="/images/microsoft-logo.png" border="0" width="80" align="right" alt="microsoft logo"></A><B><A HREF="/microsoft/">Microsoft Sec Notification</A></B> &mdash; Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products&mdash;note how most have a prominent and often-misleading "mitigating factors" section.<BR><ul class="inline"><li class="first"><A HREF="/microsoft/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/microsoft.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://www.microsoft.com/technet/security/bulletin/notify.mspx"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-microsoft" href="javascript:show_latest('microsoft')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-microsoft" style="display: none" href="javascript:hide_latest('microsoft')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-microsoft" style="display: none">
<!-- MHonArc v2.6.19 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/microsoft/2018/q4/9">Microsoft Security Update Minor Revisions</a></strong>
<em>Microsoft (Dec 11)</em><br>
********************************************************************<br>
Title: Microsoft Security Update Minor Revisions<br>
Issued: December 11, 2018<br>
********************************************************************<br>
<br>
Summary<br>
=======<br>
<br>
The following CVE has undergone a minor revision<br>
increment:<br>
<br>
* CVE-2018-8172<br>
<br>
Revision Information:<br>
=====================<br>
<br>
 - CVE-2018-8172 | Visual Studio Remote Code Execution<br>
   Vulnerability<br>
 -...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/microsoft/2018/q4/8">Microsoft Security Update Minor Revisions</a></strong>
<em>Microsoft (Nov 14)</em><br>
********************************************************************<br>
Title: Microsoft Security Update Minor Revisions<br>
Issued: November 14, 2018<br>
********************************************************************<br>
<br>
Summary<br>
=======<br>
<br>
The following CVEs and advisory have undergone a minor revision<br>
increment:<br>
<br>
* CVE-2018-8454<br>
* CVE-2018-8552<br>
* ADV990001<br>
  <br>
Revision Information:<br>
=====================<br>
<br>
 - CVE-2018-8454 | Windows Audio Service...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/microsoft/2018/q4/7">Microsoft Security Update Minor Revisions</a></strong>
<em>Microsoft (Oct 24)</em><br>
********************************************************************<br>
Title: Microsoft Security Update Minor Revisions<br>
Issued: October 24, 2018<br>
********************************************************************<br>
<br>
Summary<br>
=======<br>
<br>
The following CVE has undergone a minor revision increment:<br>
<br>
* CVE-2018-8512<br>
  <br>
Revision Information:<br>
=====================<br>
<br>
 - CVE-2018-8512 | Microsoft Edge Security Feature Bypass<br>
   Vulnerability<br>
 -...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/microsoft/2018/q4/6">Microsoft Security Update Releases</a></strong>
<em>Microsoft (Oct 19)</em><br>
********************************************************************<br>
Title: Microsoft Security Update Releases<br>
Issued: October 19, 2018<br>
********************************************************************<br>
<br>
Summary<br>
=======<br>
<br>
The following CVE been added to the October 2018 Security updates:<br>
<br>
* CVE-2018-8569<br>
 <br>
Revision Information:<br>
=====================<br>
<br>
 - CVE-2018-8569 | Yammer Desktop Application Remote Code Execution <br>
   Vulnerability<br>
 -...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/microsoft/2018/q4/5">Microsoft Security Update Releases</a></strong>
<em>Microsoft (Oct 17)</em><br>
********************************************************************<br>
Title: Microsoft Security Update Releases<br>
Issued: October 17, 2018<br>
********************************************************************<br>
<br>
Summary<br>
=======<br>
<br>
The following CVEs have undergone a major revision increment:<br>
<br>
* CVE-2010-3190<br>
<br>
 Revision Information:<br>
=====================<br>
<br>
 - CVE-2010-3190 | MFC Insecure Library Loading Vulnerability<br>
 -...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/microsoft/2018/q4/4">Microsoft Security Update Minor Revisions</a></strong>
<em>Microsoft (Oct 09)</em><br>
********************************************************************<br>
Title: Microsoft Security Update Minor Revisions<br>
Issued: October 9, 2018<br>
********************************************************************<br>
<br>
Summary<br>
=======<br>
<br>
The following CVE has undergone a minor revision increment:<br>
<br>
* CVE-2018-8531<br>
  <br>
Revision Information:<br>
=====================<br>
<br>
 - CVE-2018-8531 | Azure IoT Device Client SDK Memory Corruption <br>
   Vulnerability<br>
 -...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/microsoft/2018/q4/3">Microsoft Security Update Releases</a></strong>
<em>Microsoft (Oct 09)</em><br>
********************************************************************<br>
Title: Microsoft Security Update Releases<br>
Issued: October 9, 2018<br>
********************************************************************<br>
<br>
Summary<br>
=======<br>
<br>
The following CVE been added to the October 2018 Security updates:<br>
<br>
* CVE-2018-8292<br>
 <br>
Revision Information:<br>
=====================<br>
<br>
 - CVE-2018-8292 | .NET Core Information Disclosure Vulnerability<br>
 -...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/microsoft/2018/q4/2">Microsoft Security Update Releases</a></strong>
<em>Microsoft (Oct 09)</em><br>
********************************************************************<br>
Title: Microsoft Security Update Releases<br>
Issued: October 9, 2018<br>
********************************************************************<br>
<br>
Summary<br>
=======<br>
<br>
The following bulletin has undergone a major revision increment:<br>
<br>
* MS11-025<br>
 <br>
Revision Information:<br>
=====================<br>
<br>
 - <a  rel="nofollow" href="https://docs.microsoft.com/en-us/security-updates/">https://docs.microsoft.com/en-us/security-updates/</a><br>
   SecurityBulletins/2011/ms11-025:...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/microsoft/2018/q4/1">Microsoft Security Update Summary for October 9, 2018</a></strong>
<em>Microsoft (Oct 09)</em><br>
********************************************************************<br>
Microsoft Security Update Summary for October 9, 2018<br>
Issued: October 9, 2018<br>
********************************************************************<br>
<br>
This summary lists security updates released for October 9, 2018.<br>
<br>
Complete information for the October 2018 security update release can<br>
Be found at<br>
&lt;<a  rel="nofollow" href="https://portal.msrc.microsoft.com/en-us/security-guidance">https://portal.msrc.microsoft.com/en-us/security-guidance</a>&gt;.<br>
<br>
Please note the...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/microsoft/2018/q4/0">Microsoft Security Update Releases</a></strong>
<em>Microsoft (Oct 02)</em><br>
********************************************************************<br>
Title: Microsoft Security Update Releases<br>
Issued: October 2, 2018<br>
********************************************************************<br>
<br>
Summary<br>
=======<br>
<br>
The following CVE has undergone a major revision increment:<br>
<br>
* CVE-2018-0952<br>
 <br>
Revision Information:<br>
=====================<br>
<br>
 - CVE-2018-0952 | Diagnostic Hub Standard Collector Elevation of <br>
   Privilege Vulnerability<br>
 -...<br>
</p>

 

<!-- MHonArc v2.6.19 -->
<!-- MHonArc v2.6.19 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/microsoft/2018/q3/23">Microsoft Security Advisory Notification</a></strong>
<em>Microsoft (Sep 12)</em><br>
********************************************************************<br>
Title: Microsoft Security Advisory Notification<br>
Issued: September 12, 2018<br>
********************************************************************<br>
<br>
Security Advisories Released or Updated on September 12, 2018<br>
===================================================================<br>
<br>
* Microsoft Security Advisory ADV180022<br>
<br>
 - Title: Windows Denial of Service Vulnerability<br>
 -...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/microsoft/2018/q3/22">Microsoft Security Update Minor Revisions</a></strong>
<em>Microsoft (Sep 12)</em><br>
********************************************************************<br>
Title: Microsoft Security Update Minor Revisions<br>
Issued: September 12, 2018<br>
********************************************************************<br>
<br>
Summary<br>
=======<br>
<br>
The following CVEs have undergone a minor revision increment:<br>
<br>
* CVE-2018-8421<br>
* CVE-2018-8468<br>
  <br>
Revision Information:<br>
=====================<br>
<br>
 - CVE-2018-8421 | .NET Framework Remote Code Execution <br>
   Vulnerability...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/microsoft/2018/q3/21">Microsoft Security Update Summary for September 11, 2018</a></strong>
<em>Microsoft (Sep 11)</em><br>
********************************************************************<br>
Microsoft Security Update Summary for September 11, 2018<br>
Issued: September 11, 2018<br>
********************************************************************<br>
<br>
This summary lists security updates released for September 11, 2018.<br>
<br>
Complete information for the September 2018 security update release can<br>
Be found at<br>
&lt;<a  rel="nofollow" href="https://portal.msrc.microsoft.com/en-us/security-guidance">https://portal.msrc.microsoft.com/en-us/security-guidance</a>&gt;....<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/microsoft/2018/q3/20">Microsoft Security Update Releases</a></strong>
<em>Microsoft (Sep 11)</em><br>
********************************************************************<br>
Title: Microsoft Security Update Releases<br>
Issued: September 11, 2018<br>
********************************************************************<br>
<br>
Summary<br>
=======<br>
<br>
The following CVE has undergone a major revision increment:<br>
<br>
* CVE-2018-8154<br>
 <br>
Revision Information:<br>
=====================<br>
<br>
 - CVE-2018-8154 | Microsoft Exchange Memory Corruption <br>
   Vulnerability<br>
 -...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/microsoft/2018/q3/19">Microsoft Security Advisory Notification</a></strong>
<em>Microsoft (Sep 11)</em><br>
********************************************************************<br>
Title: Microsoft Security Advisory Notification<br>
Issued: September 11, 2018<br>
********************************************************************<br>
<br>
Security Advisories Released or Updated on September 11, 2018<br>
===================================================================<br>
<br>
* Microsoft Security Advisory ADV180002<br>
<br>
 - Title: Guidance to mitigate speculative execution...<br>
</p>

 

<!-- MHonArc v2.6.19 -->
</blockquote>
</div>
<BR>
<A NAME="funsec"></A>
<div style="clear: right">
<A HREF="/funsec/"><img src="/images/funsec-logo.png" border="0" width="80" align="right" alt="funsec logo"></A><B><A HREF="/funsec/">Funsec</A></B> &mdash; While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community<BR><ul class="inline"><li class="first"><A HREF="/funsec/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/funsec.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://linuxbox.org/cgi-bin/mailman/listinfo/funsec"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-funsec" href="javascript:show_latest('funsec')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-funsec" style="display: none" href="javascript:hide_latest('funsec')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-funsec" style="display: none">
<!-- MHonArc v2.6.19 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/funsec/2016/q1/5">Verizon: 1.5M of Contact Records Stolen, Now on Sale</a></strong>
<em>Jeffrey Walton (Mar 26)</em><br>
<a  rel="nofollow" href="http://www.mobipicker.com/verizon-1-5m-contact-records-stolen-now-sale/:">http://www.mobipicker.com/verizon-1-5m-contact-records-stolen-now-sale/:</a><br>
<br>
    A business to business telecommunication giant,<br>
    Verizon Enterprise Solutions, a Basking Ridge,<br>
    New Jersey-based company, has been the latest<br>
    victim of a cyber crime that stole 1.5 million contact<br>
    records of the customers of Verizon...<br>
<br>
I don&apos;t quite understand this double talk. Could someone explain to me:<br>
<br>
    A spokesperson from Verizon said that...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/funsec/2016/q1/4">Statement on Lavabit Citation in Apple Case</a></strong>
<em>Jeffrey Walton (Mar 16)</em><br>
(From John Young on another list):<br>
<a  rel="nofollow" href="http://www.facebook.com/KingLadar/posts/10156714933135038">http://www.facebook.com/KingLadar/posts/10156714933135038</a><br>
<br>
As many of you already know, the government cited the Lavabit case in<br>
a footnote. The problem is their description insinuates a precedent<br>
that was never created. Obviously I was somewhat disturbed by their<br>
misrepresentation. So I decided to draft a statement. And keep in<br>
mind, these are the same people who say &quot;trust us.&quot; Click continue to<br>
read...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/funsec/2016/q1/3">The NSA&apos;s back door has given every US secret to our	enemies</a></strong>
<em>Jeffrey Walton (Feb 29)</em><br>
<a  rel="nofollow" href="http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2">http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2</a><br>
<br>
Deng Xiaoping, in 1979 - his second year as supreme leader of China -<br>
perceived a fundamental truth that has yet to be fully grasped by most<br>
Western leaders: Software, if properly weaponized, could be far more<br>
destructive than any nuclear arsenal.<br>
<br>
Under Deng’s leadership, China began one of the most ambitious and<br>
sophisticated meta- software...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/funsec/2016/q1/2">Can Spies Break Apple Crypto?</a></strong>
<em>Jeffrey Walton (Feb 27)</em><br>
Here&apos;s an interesting exchange between Cryptome and Michael Froomkin,<br>
Law Professor at University of Miami, on the All Writs Act<br>
(<a  rel="nofollow" href="http://cryptome.org/2016/02/can-spies-break-apple-crypto.htm">http://cryptome.org/2016/02/can-spies-break-apple-crypto.htm</a>):<br>
<br>
-----<br>
<br>
A. Michael Froomkin:<br>
<br>
The factual posture in the key Supreme Court precedent, New York<br>
Telephone, involved a situation where only the subject of the order<br>
was capable of providing the assistance at issue. This is the basis<br>
for Apple&apos;s...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/funsec/2016/q1/1">The FBI&apos;s iPhone Problem: Tactical vs. Strategic Thinking</a></strong>
<em>Jeffrey Walton (Feb 23)</em><br>
<a  rel="nofollow" href="http://www.technewsworld.com/story/83130.html">http://www.technewsworld.com/story/83130.html</a><br>
<br>
I&apos;m an ex-sheriff, and I&apos;ve been in and out of security jobs for much<br>
of my life, so I&apos;ve got some familiarity with the issues underlying<br>
the drama between the FBI and Apple. FBI officials -- and likely those<br>
in every other three-letter agency and their counterparts all over the<br>
world -- would like an easier way to do their jobs. Wouldn&apos;t we all?<br>
<br>
If they could put cameras in...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/funsec/2016/q1/0">Wanted: Cryptography Products for Worldwide Survey</a></strong>
<em>Jeffrey Walton (Jan 01)</em><br>
(<a  rel="nofollow" href="http://www.schneier.com/crypto-gram/archives/2015/1215.html">http://www.schneier.com/crypto-gram/archives/2015/1215.html</a>):<br>
<br>
In 1999, Lance Hoffman, David Balenson, and others published a survey<br>
of non-US cryptographic products. The point of the survey was to<br>
illustrate that there was a robust international market in these<br>
products, and that US-only export restrictions on strong encryption<br>
did nothing to prevent its adoption and everything to disadvantage US<br>
corporations. This was an important contribution...<br>
</p>

 

<!-- MHonArc v2.6.19 -->
</blockquote>
</div>
<BR>
<A NAME="cert"></A>
<div style="clear: right">
<A HREF="/cert/"><img src="/images/cert-logo.png" border="0" width="80" align="right" alt="cert logo"></A><B><A HREF="/cert/">CERT Advisories</A></B> &mdash; The <a href="http://www.cert.org/">Computer Emergency Response Team</a> has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.<BR><ul class="inline"><li class="first"><A HREF="/cert/2020/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Current Year</A></li>
<li>&nbsp;<A HREF="/cert/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/cert.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://www.us-cert.gov/cas/signup.html"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-cert" href="javascript:show_latest('cert')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-cert" style="display: none" href="javascript:hide_latest('cert')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-cert" style="display: none">
<!-- MHonArc v2.6.19 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/cert/2020/196">Mozilla Releases Security Update for Thunderbird</a></strong>
<em>US-CERT (Jul 17)</em><br>
Cybersecurity and Infrastructure Security Agency Logo<br>
<br>
National Cyber Awareness System:<br>
<br>
Mozilla Releases Security Update for Thunderbird [ <br>
<a  rel="nofollow" href="https://us-cert.cisa.gov/ncas/current-activity/2020/07/17/mozilla-releases-security-update-thunderbird">https://us-cert.cisa.gov/ncas/current-activity/2020/07/17/mozilla-releases-security-update-thunderbird</a> ] 07/17/2020 <br>
10:50 AM EDT <br>
Original release date: July 17, 2020<br>
<br>
Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. An attacker could exploit <br>
some of these...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/cert/2020/195">Microsoft Releases Security Update for Edge</a></strong>
<em>US-CERT (Jul 17)</em><br>
Cybersecurity and Infrastructure Security Agency Logo<br>
<br>
National Cyber Awareness System:<br>
<br>
Microsoft Releases Security Update for Edge [ <br>
<a  rel="nofollow" href="https://us-cert.cisa.gov/ncas/current-activity/2020/07/17/microsoft-releases-security-update-edge">https://us-cert.cisa.gov/ncas/current-activity/2020/07/17/microsoft-releases-security-update-edge</a> ] 07/17/2020 10:53 AM <br>
EDT <br>
Original release date: July 17, 2020<br>
<br>
Microsoft has released a security update to address a vulnerability in Edge (Chromium-based). An attacker could exploit <br>
this vulnerability to drop...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/cert/2020/194">AA20-198A: Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation</a></strong>
<em>US-CERT (Jul 17)</em><br>
Cybersecurity and Infrastructure Security Agency Logo<br>
<br>
National Cyber Awareness System:<br>
<br>
AA20-198A: Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation [ <br>
<a  rel="nofollow" href="https://us-cert.cisa.gov/ncas/alerts/aa20-198a">https://us-cert.cisa.gov/ncas/alerts/aa20-198a</a> ] 07/16/2020 08:09 AM EDT <br>
Original release date: July 16, 2020<br>
<br>
Summary<br>
<br>
&quot;This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&amp;CK) and Pre-ATT&amp;CK <br>
frameworks....<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/cert/2020/193">CISA Releases Emergency Directive on Critical Microsoft Vulnerability</a></strong>
<em>US-CERT (Jul 16)</em><br>
Cybersecurity and Infrastructure Security Agency Logo<br>
<br>
National Cyber Awareness System:<br>
<br>
CISA Releases Emergency Directive on Critical Microsoft Vulnerability [ <br>
<a  rel="nofollow" href="https://us-cert.cisa.gov/ncas/current-activity/2020/07/16/cisa-releases-emergency-directive-critical-microsoft-vulnerability">https://us-cert.cisa.gov/ncas/current-activity/2020/07/16/cisa-releases-emergency-directive-critical-microsoft-vulnerability</a><br>
 ] 07/16/2020 03:28 PM EDT <br>
Original release date: July 16, 2020<br>
<br>
The Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency Directive...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/cert/2020/192">Apple Releases Security Updates</a></strong>
<em>US-CERT (Jul 16)</em><br>
Cybersecurity and Infrastructure Security Agency Logo<br>
<br>
National Cyber Awareness System:<br>
<br>
Apple Releases Security Updates [ <br>
<a  rel="nofollow" href="https://us-cert.cisa.gov/ncas/current-activity/2020/07/16/apple-releases-security-updates">https://us-cert.cisa.gov/ncas/current-activity/2020/07/16/apple-releases-security-updates</a> ] 07/16/2020 11:17 AM EDT <br>
Original release date: July 16, 2020<br>
<br>
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of <br>
these vulnerabilities to take control of an...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/cert/2020/191">Malicious Activity Targeting COVID-19 Research, Vaccine Development</a></strong>
<em>US-CERT (Jul 16)</em><br>
Cybersecurity and Infrastructure Security Agency Logo<br>
<br>
National Cyber Awareness System:<br>
<br>
Malicious Activity Targeting COVID-19 Research, Vaccine Development [ <br>
<a  rel="nofollow" href="https://us-cert.cisa.gov/ncas/current-activity/2020/07/16/malicious-activity-targeting-covid-19-research-vaccine-development">https://us-cert.cisa.gov/ncas/current-activity/2020/07/16/malicious-activity-targeting-covid-19-research-vaccine-development</a><br>
 ] 07/16/2020 07:16 AM EDT <br>
Original release date: July 16, 2020<br>
<br>
In response to malicious activity targeting COVID-19 research and vaccine development in the United...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/cert/2020/190">Cisco Releases Security Updates for Multiple Products</a></strong>
<em>US-CERT (Jul 15)</em><br>
Cybersecurity and Infrastructure Security Agency Logo<br>
<br>
National Cyber Awareness System:<br>
<br>
Cisco Releases Security Updates for Multiple Products [ <br>
<a  rel="nofollow" href="https://us-cert.cisa.gov/ncas/current-activity/2020/07/15/cisco-releases-security-updates-multiple-products">https://us-cert.cisa.gov/ncas/current-activity/2020/07/15/cisco-releases-security-updates-multiple-products</a> ] <br>
07/15/2020 03:19 PM EDT <br>
Original release date: July 15, 2020<br>
<br>
Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote <br>
attacker...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/cert/2020/189">Oracle Releases July 2020 Security Bulletin</a></strong>
<em>US-CERT (Jul 14)</em><br>
Cybersecurity and Infrastructure Security Agency Logo<br>
<br>
National Cyber Awareness System:<br>
<br>
Oracle Releases July 2020 Security Bulletin [ <br>
<a  rel="nofollow" href="https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/oracle-releases-july-2020-security-bulletin">https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/oracle-releases-july-2020-security-bulletin</a> ] 07/14/2020 <br>
05:21 PM EDT <br>
Original release date: July 14, 2020<br>
<br>
Oracle has released its Critical Patch Update for July 2020 to address 433 vulnerabilities across multiple products. A <br>
remote attacker could...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/cert/2020/188">Google Releases Security Updates for Chrome</a></strong>
<em>US-CERT (Jul 14)</em><br>
Cybersecurity and Infrastructure Security Agency Logo<br>
<br>
National Cyber Awareness System:<br>
<br>
Google Releases Security Updates for Chrome [ <br>
<a  rel="nofollow" href="https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/google-releases-security-updates-chrome-0">https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/google-releases-security-updates-chrome-0</a> ] 07/14/2020 04:51 <br>
PM EDT <br>
Original release date: July 14, 2020<br>
<br>
Google has released Chrome version 84.0.4147.89 for Windows, Mac, and Linux. This version addresses vulnerabilities <br>
that an attacker could exploit...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/cert/2020/187">Google Releases Security Updates for Chrome</a></strong>
<em>US-CERT (Jul 14)</em><br>
Cybersecurity and Infrastructure Security Agency Logo<br>
<br>
National Cyber Awareness System:<br>
<br>
Google Releases Security Updates for Chrome [ <br>
<a  rel="nofollow" href="https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/google-releases-security-updates-chrome">https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/google-releases-security-updates-chrome</a> ] 07/14/2020 02:45 PM <br>
EDT <br>
Original release date: July 14, 2020<br>
<br>
Google has released Chrome version 84.0.4147.89 for Windows, Mac, and Linux. This version addresses vulnerabilities <br>
that an attacker could exploit to...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/cert/2020/186">Microsoft Releases July 2020 Security Updates</a></strong>
<em>US-CERT (Jul 14)</em><br>
Cybersecurity and Infrastructure Security Agency Logo<br>
<br>
National Cyber Awareness System:<br>
<br>
Microsoft Releases July 2020 Security Updates [ <br>
<a  rel="nofollow" href="https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/microsoft-releases-july-2020-security-updates">https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/microsoft-releases-july-2020-security-updates</a> ] 07/14/2020 <br>
02:13 PM EDT <br>
Original release date: July 14, 2020<br>
<br>
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could <br>
exploit some of these...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/cert/2020/185">Microsoft Addresses &apos;Wormable&apos; RCE Vulnerability in Windows DNS Server</a></strong>
<em>US-CERT (Jul 14)</em><br>
Cybersecurity and Infrastructure Security Agency Logo<br>
<br>
National Cyber Awareness System:<br>
<br>
Microsoft Addresses &apos;Wormable&apos; RCE Vulnerability in Windows DNS Server [ <br>
<a  rel="nofollow" href="https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/microsoft-addresses-wormable-rce-vulnerability-windows-dns-server">https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/microsoft-addresses-wormable-rce-vulnerability-windows-dns-server</a><br>
 ] 07/14/2020 02:14 PM EDT <br>
Original release date: July 14, 2020<br>
<br>
Microsoft has released a security update to address a remote code execution (RCE)...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/cert/2020/184">Adobe Releases Security Updates for Multiple Products</a></strong>
<em>US-CERT (Jul 14)</em><br>
Cybersecurity and Infrastructure Security Agency Logo<br>
<br>
National Cyber Awareness System:<br>
<br>
Adobe Releases Security Updates for Multiple Products [ <br>
<a  rel="nofollow" href="https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/adobe-releases-security-updates-multiple-products">https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/adobe-releases-security-updates-multiple-products</a> ] <br>
07/14/2020 01:18 PM EDT <br>
Original release date: July 14, 2020<br>
<br>
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit <br>
some of...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/cert/2020/183">Apache Releases Security Advisories for Apache Tomcat</a></strong>
<em>US-CERT (Jul 14)</em><br>
Cybersecurity and Infrastructure Security Agency Logo<br>
<br>
National Cyber Awareness System:<br>
<br>
Apache Releases Security Advisories for Apache Tomcat [ <br>
<a  rel="nofollow" href="https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/apache-releases-security-advisories-apache-tomcat">https://us-cert.cisa.gov/ncas/current-activity/2020/07/14/apache-releases-security-advisories-apache-tomcat</a> ] <br>
07/14/2020 11:33 AM EDT <br>
Original release date: July 14, 2020<br>
<br>
The Apache Software Foundation has released security advisories to address multiple vulnerabilities in Apache Tomcat. <br>
An attacker...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/cert/2020/182">AA20-195A: Critical Vulnerability in SAP NetWeaver AS Java</a></strong>
<em>US-CERT (Jul 13)</em><br>
Cybersecurity and Infrastructure Security Agency Logo<br>
<br>
National Cyber Awareness System:<br>
<br>
AA20-195A: Critical Vulnerability in SAP NetWeaver AS Java [ <a  rel="nofollow" href="https://us-cert.cisa.gov/ncas/alerts/aa20-195a">https://us-cert.cisa.gov/ncas/alerts/aa20-195a</a> ] <br>
07/13/2020 07:07 PM EDT <br>
Original release date: July 13, 2020<br>
<br>
Summary<br>
<br>
On July 13, 2020 EST, SAP released a security update to address a critical vulnerability, CVE-2020-6287 [ <br>
<a  rel="nofollow" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6287">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6287</a> ],...<br>
</p>

 

<!-- MHonArc v2.6.19 -->
</blockquote>
</div>
<BR>
<A NAME="oss-sec"></A>
<div style="clear: right">
<A HREF="/oss-sec/"><img src="/images/oss-sec-logo.png" border="0" width="80" align="right" alt="oss-sec logo"></A><B><A HREF="/oss-sec/">Open Source Security</A></B> &mdash; Discussion of security flaws, concepts, and practices in the Open Source community<BR><ul class="inline"><li class="first"><A HREF="/oss-sec/2020/q3/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Current Quarter</A></li>
<li>&nbsp;<A HREF="/oss-sec/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/oss-sec.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://oss-security.openwall.org/wiki/mailing-lists/oss-security"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-oss-sec" href="javascript:show_latest('oss-sec')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-oss-sec" style="display: none" href="javascript:hide_latest('oss-sec')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-oss-sec" style="display: none">
<!-- MHonArc v2.6.19 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/oss-sec/2020/q3/75">Fwd: X.Org security advisory: July 31, 2020: Xserver</a></strong>
<em>Matthieu Herrb (Jul 31)</em><br>
----- Forwarded message from Matthieu Herrb &lt;matthieu () herrb eu&gt; -----<br>
<br>
Date: Fri, 31 Jul 2020 15:44:44 +0200<br>
From: Matthieu Herrb &lt;matthieu () herrb eu&gt;<br>
To: xorg-announce () lists x org<br>
Cc: xorg-devel () lists x org<br>
Subject: X.Org security advisory: July 31, 2020: Xserver<br>
<br>
X.Org security advisory: July 31, 2020<br>
<br>
X Server Pixel Data Uninitialized Memory Information Disclosure...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/oss-sec/2020/q3/74">Fwd: X.Org security advisory: July 31, 2020: libX11</a></strong>
<em>Matthieu Herrb (Jul 31)</em><br>
----- Forwarded message from Matthieu Herrb &lt;matthieu () herrb eu&gt; -----<br>
<br>
Date: Fri, 31 Jul 2020 15:37:55 +0200<br>
From: Matthieu Herrb &lt;matthieu () herrb eu&gt;<br>
To: xorg-announce () lists x org<br>
Cc: xorg-devel () lists x org<br>
Subject: X.Org security advisory: July 31, 2020: libX11<br>
<br>
X.Org security advisory: July 31, 2020<br>
<br>
Heap corruption in the X input method client in libX11<br>
======================================================...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/oss-sec/2020/q3/73">Re: Alternative CET ABI</a></strong>
<em>H.J. Lu (Jul 30)</em><br>
FWIW, we can introduce a different CET PLT as long as it is compatible<br>
with the past, current and future binaries.<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/oss-sec/2020/q3/72">Re: Alternative CET ABI</a></strong>
<em>Szabolcs Nagy (Jul 30)</em><br>
The 07/30/2020 18:41, Jann Horn wrote:<br>
<br>
ld.so only needs to generate one plt entry<br>
for a function in a process and that entry<br>
can provided the canonical address that is<br>
loaded from some got entry when the address<br>
is used, so there is double indirection, but<br>
it works.<br>
<br>
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you <br>
are not the intended recipient, please notify the sender...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/oss-sec/2020/q3/71">Re: Alternative CET ABI</a></strong>
<em>Florian Weimer (Jul 30)</em><br>
* Jann Horn:<br>
<br>
Same as today.  ELF already deals with this by picking one canonical<br>
function address per process.<br>
<br>
Some targets already need PLTs for inter-DSO calls, so the problem is<br>
not new.  It happens even on x86 because the main program can refer to<br>
its PLT stubs without run-time relocations, so those determine the<br>
canonical address of those functions, and not the actual implementation<br>
in a shared object.<br>
<br>
Hopefully not, because that would...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/oss-sec/2020/q3/70">Re: Alternative CET ABI</a></strong>
<em>Jann Horn (Jul 30)</em><br>
How would this interact with function pointer comparisons? As in, if<br>
library A exports a function func1 without referencing it, and<br>
libraries B and C both take references to func1, would they end up<br>
with different function pointers (pointing to their respective PLT<br>
entries)? Would this mean that the behavior of a program that compares<br>
function pointers obtained through different shared libraries might<br>
change?<br>
<br>
I guess you could maybe canonicalize...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/oss-sec/2020/q3/69">Alternative CET ABI</a></strong>
<em>Florian Weimer (Jul 30)</em><br>
CET (and Arm BTI) restrict targets for indirect jumps and calls to<br>
landing pads which start with specially-formatted NOP instruction<br>
dedicated to this purpose (endrb64 in the x86-64 case).<br>
<br>
The traditional way of implementing ELF on top of this is to have every<br>
global function start with that NOP, and also use these NOPs in PLT<br>
stubs in the main program (which may provide the canonical address of<br>
functions, i.e. there address may be taken).<br>
<br>
The...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/oss-sec/2020/q3/68">Re: UEFI SecureBoot bypass fixes rolled out to kernels below radar</a></strong>
<em>John Haxby (Jul 30)</em><br>
Yep.  I mentioned these in my post yesterday but I didn&apos;t go into any detail as they&apos;ve been public for some little <br>
while.   The various vendor updates are patching both CVEs, as you noted.  Ubuntu punlished an advisory for these a few <br>
days ago (<a  rel="nofollow" href="https://ubuntu.com/security/notices/USN-4440-1">https://ubuntu.com/security/notices/USN-4440-1</a>), we, and others, rolled the kernel fixes in with the rest of <br>
the changes.<br>
<br>
Important and necessary as these fixes are they&apos;re not the main...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/oss-sec/2020/q3/67">UEFI SecureBoot bypass fixes rolled out to kernels below radar</a></strong>
<em>Jason A. Donenfeld (Jul 30)</em><br>
Hi,<br>
<br>
I thought I should mention that yesterday&apos;s UEFI SecureBoot bypass<br>
headlines neglected to mention the bugs I found over a month ago (with<br>
the exception of Debian&apos;s announcement, which got some details wrong<br>
initially but those have since been rectified).<br>
<br>
It appears that Linux vendors are now releasing fixes for:<br>
<br>
- CVE-2019-20908<br>
  <a  rel="nofollow" href="https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language.sh">https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language.sh</a>...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/oss-sec/2020/q3/66">Re: [CVE-2020-14331] Linux Kernel: buffer over write in vgacon_scrollback_update</a></strong>
<em>张云海 (Jul 30)</em><br>
Hi All,<br>
<br>
I update the patch as Zhang Xiao points out that the check should use &gt;<br>
instead of &gt;=,<br>
otherwise the last line will be skip.<br>
<br>
Regards,<br>
Yunhai Zhang / NSFOCUS Security Team<br>
<br>
From: Yunhai Zhang &lt;zhangyunhai () nsfocus com&gt;<br>
Date: Tue, 28 Jul 2020 09:58:03 +0800<br>
Subject: [PATCH] Fix for missing check in vgacon scrollback handling<br>
<br>
vgacon_scrollback_update() always left enbough room in the scrollback<br>
buffer for the next call, but...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/oss-sec/2020/q3/65">multiple secure boot grub2 and linux kernel vulnerabilities</a></strong>
<em>John Haxby (Jul 29)</em><br>
[This message expands slightly on the post to the distros list on 2020-07-20.]<br>
<br>
Hello All,<br>
<br>
There are several CVEs both in GRUB2 and the Linux kernel (details<br>
below) that compromise UEFI Secure boot and kernel lockdown.<br>
<br>
 * These bugs allow unsigned code to be booted and run on hardware<br>
   configured to prevent that.<br>
<br>
 * Affected vendors will be publishing fixed, re-signed shim, grub and<br>
   kernels to allow systems to continue to boot...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/oss-sec/2020/q3/64">Re: [CVE-2020-14331] Linux Kernel: buffer over write in vgacon_scrollback_update</a></strong>
<em>Solar Designer (Jul 29)</em><br>
That was in 2006.<br>
<br>
Wow.  I suppose the biggest risk here is services that just happen to<br>
run on the console (or able to access it if they re-open /dev/tty) as a<br>
result of normal system startup.  Since an ioctl() is required at least<br>
to trigger CVE-2020-14331, at least this one is limited to attacks by<br>
someone who already got code execution within one of such services, but<br>
I suppose it could in some cases be used to gain ring 0 access from a...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/oss-sec/2020/q3/63">WebKitGTK and WPE WebKit Security Advisory WSA-2020-0007</a></strong>
<em>Carlos Alberto Lopez Perez (Jul 29)</em><br>
------------------------------------------------------------------------<br>
WebKitGTK and WPE WebKit Security Advisory                 WSA-2020-0007<br>
------------------------------------------------------------------------<br>
<br>
Date reported           : July 29, 2020<br>
Advisory ID             : WSA-2020-0007<br>
WebKitGTK Advisory URL  : <a  rel="nofollow" href="https://webkitgtk.org/security/WSA-2020-0007.html">https://webkitgtk.org/security/WSA-2020-0007.html</a><br>
WPE WebKit Advisory URL :...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/oss-sec/2020/q3/62">Re: [CVE-2020-14331] Linux Kernel: buffer over write in vgacon_scrollback_update</a></strong>
<em>Eric Biggers (Jul 28)</em><br>
Thanks for the writeup.  Note that there are many open syzbot reports in the<br>
fbdev, vt, and vgacon kernel subsystems.  These subsystems aren&apos;t actively<br>
maintained (receiving drive-by fixes only), and the kernel developers recommend<br>
to not enable these subsystems if you care about security<br>
(<a  rel="nofollow" href="https://lkml.kernel.org/lkml/CAKMK7uF5zZH3CaHueWsLR96-AzT==wP8=MpymTqx-T+SRsXWHA">https://lkml.kernel.org/lkml/CAKMK7uF5zZH3CaHueWsLR96-AzT==wP8=MpymTqx-T+SRsXWHA</a> () mail gmail com/).<br>
<br>
This particular bug, for example, appears to have...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/oss-sec/2020/q3/61">[CVE-2020-14331] Linux Kernel: buffer over write in vgacon_scrollback_update</a></strong>
<em>张云海 (Jul 28)</em><br>
There is a buffer over write in drivers/video/console/vgacon.c in<br>
vgacon_scrollback_update.<br>
<br>
The issue is reported by Yunhai Zhang / NSFOCUS Security Team<br>
&lt;zhangyunhai () nsfocus com&gt;, CVE-2020-14331 assigned via Red Hat.<br>
<br>
# Affected Versions<br>
The issue is found and tested on 5.7.0-rc6.<br>
The issue is introduced in commit:<br>
15bdab959c9bb909c0317480dd9b35748a8f7887 ([PATCH] vgacon: Add support<br>
for soft scrollback)<br>
According to code review, all...<br>
</p>

 

<!-- MHonArc v2.6.19 -->
</blockquote>
</div>
<BR>
<A NAME="securecoding"></A>
<div style="clear: right">
<A HREF="/securecoding/"><img src="/images/securecoding-logo.png" border="0" width="80" align="right" alt="securecoding logo"></A><B><A HREF="/securecoding/">Secure Coding</A></B> &mdash; The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of <a href="http://www.amazon.com/dp/0596002424?tag=secbks-20">Secure Coding: Principles and Practices</a>.<BR><ul class="inline"><li class="first"><A HREF="/securecoding/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/securecoding.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://www.securecoding.org/list/"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-securecoding" href="javascript:show_latest('securecoding')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-securecoding" style="display: none" href="javascript:hide_latest('securecoding')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-securecoding" style="display: none">
<!-- MHonArc v2.6.19 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/securecoding/2016/q3/0">Silver Bullet 123: Yanek Korff</a></strong>
<em>Gary McGraw (Jul 06)</em><br>
hi sc-l,<br>
<br>
The latest installment of Silver Bullet was posted this morning.  Silver Bullet episode 123 features a conversation <br>
with Yanek Korff.  Yanek worked for many years at Cigital as a system administrator back in the early days.  He then <br>
moved on to operational security work at AOL and running managed security services at Mandiant.   <br>
<br>
We talk about managing technical people in this episode.  We also discuss operational security.  Have a...<br>
</p>

 

<!-- MHonArc v2.6.19 -->
</blockquote>
</div>
<BR>
<A NAME="educause"></A>
<div style="clear: right">
<A HREF="/educause/"><img src="/images/educause-logo.png" border="0" width="80" align="right" alt="educause logo"></A><B><A HREF="/educause/">Educause Security Discussion</A></B> &mdash; Securing networks and computers in an academic environment.<BR><ul class="inline"><li class="first"><A HREF="/educause/2020/q3/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Current Quarter</A></li>
<li>&nbsp;<A HREF="/educause/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/educause.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://www.educause.edu/groups/security"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-educause" href="javascript:show_latest('educause')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-educause" style="display: none" href="javascript:hide_latest('educause')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-educause" style="display: none">
<!-- MHonArc v2.6.19 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/educause/2020/q3/62">Banner Single Sign On via Azure AD with 2FA</a></strong>
<em>Hart, Michael (Jul 30)</em><br>
My applications services team (Not members of this constituent group) reached out to some peers on another forum.  I <br>
thought I would forward to this group to see if there were any member experienced with this, who would be willing to <br>
provide some input.  If so, please let me know and I can share their contact info.<br>
<br>
Here&apos;s the message from our Applications Services director:<br>
<br>
Hi folks,<br>
<br>
We&apos;re working to diagnose a configuration...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/educause/2020/q3/61">Re: Opportunity to influence the future of Information Security</a></strong>
<em>Theresa Semmens (Jul 30)</em><br>
Same here, good luck on this.<br>
<br>
Theresa<br>
<br>
Theresa Semmens<br>
Chief Information Security Officer<br>
Nevada System of Higher Education<br>
4505 S Maryland Parkway (MS 4016)<br>
Las Vegas, NV 89154-4016<br>
tsemmens () nshe nevada edu&lt;<a  rel="nofollow" href="mailto:tsemmens">mailto:tsemmens</a> () nshe nevada edu&gt;<br>
702-720-3318<br>
<br>
From: The EDUCAUSE Security Community Group Listserv &lt;SECURITY () LISTSERV EDUCAUSE EDU&gt; On Behalf Of David Escalante<br>
Sent: Tuesday, July 28, 2020 2:00 PM<br>
To: SECURITY ()...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/educause/2020/q3/60">Re: Opportunity to influence the future of Information Security</a></strong>
<em>Ben Marsden (Jul 28)</em><br>
David, you should totally take my spot, you can contribute *so much* more<br>
than I ever could!   As it turns out, I&apos;ll be in transit during the Panel&apos;s<br>
scheduled time on Thursday, so I can&apos;t be there live...<br>
<br>
-- Ben<br>
<br>
On Tue, Jul 28, 2020 at 5:00 PM David Escalante &lt;david.escalante () bc edu&gt;<br>
wrote:<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/educause/2020/q3/59">Re: Opportunity to influence the future of Information Security</a></strong>
<em>David Escalante (Jul 28)</em><br>
Sorry, missed the deadline on this and the form is down.  Thought it was<br>
the end of the month.  Good luck!<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/educause/2020/q3/58">Higher Education (Understanding Legal Liability Protections)</a></strong>
<em>Brian Kelly (Jul 28)</em><br>
I thought this upcoming webinar hosted by Pillsbury Winthrop Shaw Pittman would be of interest.<br>
<br>
“As places of higher learning begin welcoming students back on campus, questions remain regarding the scope of <br>
liability schools may face in connection with COVID-19. In addition, there are uncertainties regarding what steps they <br>
can take to protect their community, finances and reputation.”<br>
<br>
Topics will include:<br>
<br>
  *   Guidelines for reopening...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/educause/2020/q3/57">Re: [EXTERNAL] Re: [SECURITY] Fake Student Applications/Registrations</a></strong>
<em>James Valente (Jul 28)</em><br>
We ran into this late last year up until a few months ago.  The “fix” itself was simple but the business decision <br>
around getting that in place was a nightmare.  Someone had decided that anyone wishing to take a non-credit course <br>
should be able to just register immediately without any input from our side. This, per policy, also gave them a <br>
university email address (because they didn’t want non-campus addresses used for billing).<br>
<br>
As a...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/educause/2020/q3/56">Re: [External] [SECURITY] Faculty / Staff Account De-provisioning</a></strong>
<em>Kevin Ledbetter (Jul 27)</em><br>
Thanks for the responses.  I tend to agree with those who cite the FERPA<br>
regulations as a reason to revoke access sooner rather than later.  We just<br>
get push-back for those who feel &quot;inconvenienced&quot; by quickness to take<br>
action.<br>
<br>
Kevin<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/educause/2020/q3/55">Re: Fake Student Applications/Registrations</a></strong>
<em>Tomassetti, Tina (Jul 27)</em><br>
I remembered this happening here too so I got some info from our Asst. Dir<br>
of  Administrative Information Systems:<br>
<br>
Yes.  We shut down all of the instant admission channels such as Banner<br>
Self Service Non Matriculated applications and those now are done via<br>
Wufoo.  We also added a Re-Captcha to the Wufoo form, and advised the<br>
Registrar&apos;s Office on what to watch for on those forms that would indicate<br>
an invalid application.  If they recognize...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/educause/2020/q3/54">Re: [External]  [SECURITY] Faculty / Staff Account De-provisioning</a></strong>
<em>Joshua Webb (Jul 24)</em><br>
For the University of Washington:<br>
<br>
<a  rel="nofollow" href="https://itconnect.uw.edu/connect/productivity-platforms/uw-g-suite/account-lifecycle/">https://itconnect.uw.edu/connect/productivity-platforms/uw-g-suite/account-lifecycle/</a><br>
<br>
<a  rel="nofollow" href="https://itconnect.uw.edu/connect/productivity-platforms/uw-office-365/account-lifecycle/">https://itconnect.uw.edu/connect/productivity-platforms/uw-office-365/account-lifecycle/</a><br>
<br>
Joshua Webb<br>
________________________________<br>
From: The EDUCAUSE Security Community Group Listserv &lt;SECURITY () LISTSERV EDUCAUSE EDU&gt; on behalf of Gregg, <br>
Christopher S. &lt;csgregg () STTHOMAS EDU&gt;<br>
Sent: Friday, July 24, 2020...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/educause/2020/q3/53">Re: Fake Student Applications/Registrations</a></strong>
<em>Von Welch (Work) (Jul 24)</em><br>
Nathan,<br>
<br>
 In addition to .edu email addresses, I’ve seen cases of attackers fredulently getting EDU accounts and abusing those <br>
accounts through federated identity, e.g. InCommon, to abuse remote resources that are open to higher ed users. If your <br>
organization is an InCommon IdP, I suggest checking with your IdP operator (probably in your IdM group), for signs of <br>
outgoing abuse.<br>
<br>
Best,<br>
<br>
Von<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/educause/2020/q3/52">Segregating Servers</a></strong>
<em>Security (Jul 24)</em><br>
I am interested in how you segregate your servers. How do you separate and<br>
control traffic between servers? For example, Internet facing servers and<br>
internal servers?<br>
Do you use vlans, routing, internal firewall, none of the above, all of<br>
the above?<br>
<br>
Thanks,<br>
Matt Prescott, Security Analyst<br>
Information Technology<br>
(o) 325-674-2882<br>
Abilene Christian University<br>
[image: Abilene Christian University]<br>
<br>
**********<br>
Replies to EDUCAUSE Community Group...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/educause/2020/q3/51">Re: Fake Student Applications/Registrations</a></strong>
<em>Wesolowski, Nathan R. (Jul 24)</em><br>
Hello everyone, this is my first time posting here.<br>
<br>
Since last weekend we have observed an unusually high number of new student applications/registrations containing fake <br>
information.  After investigating, I discovered that our College was recently featured on a Chinese blog.  The blog&apos;s <br>
&quot;educational welfare&quot; category lists dozens of other colleges and universities, along with step-by-step details for <br>
obtaining free...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/educause/2020/q3/50">Re: [External] [SECURITY] Faculty / Staff Account De-provisioning</a></strong>
<em>Ben Marsden (Jul 24)</em><br>
...and access to educationally licensed material, and access to<br>
institutional resources that are sensitive,  and so much more.  all while<br>
no longer being formally bound by institutional policies and oversight?<br>
 Yes, we have considered and continue to struggle with that...   Not to<br>
mention that both faculty and staff come in a *wide* variety of flavors and<br>
levels of ties to the institution over time...  &lt;fingers-in-ears singing...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/educause/2020/q3/49">Re: [External] [SECURITY] Faculty / Staff Account De-provisioning</a></strong>
<em>Scott Norton (Jul 24)</em><br>
Does that mean you also block users from migrating data to personal accounts?<br>
If so what technical mitigations and monitoring have you implemented to support that?<br>
<br>
________________________________<br>
From: The EDUCAUSE Security Community Group Listserv &lt;SECURITY () LISTSERV EDUCAUSE EDU&gt; on behalf of Ravi Kotecha <br>
&lt;kotechar () BRANDEIS EDU&gt;<br>
Sent: Friday, July 24, 2020 9:02:02 AM<br>
To: SECURITY () LISTSERV EDUCAUSE EDU &lt;SECURITY ()...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/educause/2020/q3/48">Re: [External] [SECURITY] Faculty / Staff Account De-provisioning</a></strong>
<em>Ravi Kotecha (Jul 24)</em><br>
Hi All,<br>
<br>
To comply with FERPA and other regulations, former employees whether<br>
faculty or staff lose access to their accounts on their last day of<br>
employment. Faculty-emeritus retain access. We allow former employees who<br>
are alumni to request a new account to access alumni resources.<br>
<br>
The legal compliance and financial risk of an exposure event led to policy<br>
changes that allowed for the above.<br>
<br>
Best,<br>
Ravi<br>
<br>
**********<br>
Replies to EDUCAUSE Community...<br>
</p>

 

<!-- MHonArc v2.6.19 -->
</blockquote>
</div>
<BR>
<h2 class="purpleheader">Internet Issues and Infrastructure</h2><A NAME="nanog"></A>
<div style="clear: right">
<A HREF="/nanog/"><img src="/images/nanog-logo.png" border="0" width="80" align="right" alt="nanog logo"></A><B><A HREF="/nanog/">NANOG</A></B> &mdash; The <a href="http://www.nanog.org/">North American Network Operators' Group</a> discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.<BR><ul class="inline"><li class="first"><A HREF="/nanog/2020/Jul/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Previous Month</A></li>
<li>&nbsp;<A HREF="/nanog/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/nanog.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://www.nanog.org/mailinglist/"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-nanog" href="javascript:show_latest('nanog')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-nanog" style="display: none" href="javascript:hide_latest('nanog')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-nanog" style="display: none">
<!-- MHonArc v2.6.19 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/nanog/2020/Jul/448">Re: BGP route hijack by AS10990</a></strong>
<em>Sabri Berisha (Jul 31)</em><br>
----- On Jul 31, 2020, at 2:50 PM, Mark Tinka mark.tinka () seacom com wrote:<br>
<br>
Hi Mark,<br>
<br>
I&apos;m not sure if you read their entire Mea Culpa, but they did indicate that<br>
the root cause of this issue was the provisioning of a legacy filter that<br>
they are no longer using. So effectively, that makes it a human error.<br>
<br>
We&apos;re going to a point where a single error is no longer causing outages,<br>
something very similar to my favorite analogy: avation....<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/nanog/2020/Jul/447">Re: BGP route hijack by AS10990</a></strong>
<em>Mark Tinka (Jul 31)</em><br>
Considering Telia&apos;s scope and &quot;experience&quot;, that is one thing. But for<br>
the general good of the Internet, the number of intended or<br>
unintentional route hijacks in recent years, and all the noise that<br>
rises on this and other lists each time we have such incidents (this<br>
won&apos;t be the last), Telia should not have waited to be called out in<br>
order to get this fixed.<br>
<br>
Do we know if they are fixing this on just this customer of theirs,...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nanog/2020/Jul/446">Re: BGP route hijack by AS10990</a></strong>
<em>Sabri Berisha (Jul 31)</em><br>
----- On Jul 31, 2020, at 2:33 PM, Lukas Tribus lists () ltri eu wrote:<br>
<br>
Hi,<br>
<br>
Kudos to Telia for admitting their mistakes, and fixing their processes.<br>
<br>
Thanks,<br>
<br>
Sabri<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nanog/2020/Jul/445">Re: BGP route hijack by AS10990</a></strong>
<em>Lukas Tribus (Jul 31)</em><br>
Telia&apos;s statement:<br>
<br>
<a  rel="nofollow" href="https://blog.teliacarrier.com/2020/07/31/bgp-hijack-of-july-30-2020/">https://blog.teliacarrier.com/2020/07/31/bgp-hijack-of-july-30-2020/</a><br>
<br>
(tl;dr: it was as-path filtering only, as opposed to prefix filtering,<br>
the former has been removed as an option)<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nanog/2020/Jul/444">Weekly Routing Table Report</a></strong>
<em>Routing Analysis Role Account (Jul 31)</em><br>
This is an automated weekly mailing describing the state of the Internet<br>
Routing Table as seen from APNIC&apos;s router in Japan.<br>
<br>
The posting is sent to APOPS, NANOG, AfNOG, SANOG, PacNOG, SAFNOG<br>
TZNOG, MENOG, BJNOG, SDNOG, CMNOG, LACNOG and the RIPE Routing WG.<br>
<br>
Daily listings are sent to bgp-stats () lists apnic net<br>
<br>
For historical data, please see <a  rel="nofollow" href="http://thyme.rand.apnic.net">http://thyme.rand.apnic.net</a>.<br>
<br>
If you have any comments please contact Philip Smith &lt;pfsinoz...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nanog/2020/Jul/443">Re: BGP route hijack by AS10990</a></strong>
<em>Mark Tinka (Jul 31)</em><br>
Almost every product ever made does solve a need. You will find at least<br>
one customer who is happy with what they paid their money for.<br>
<br>
But BGP-4 is vulnerable enough as it is, and the Internet has moved on<br>
in leaps and bounds since 1994 (RFC 1654).<br>
<br>
Until we see BGP-5, we need to look after our community. And if that<br>
means holding the BGP optimizers to a higher standard, so be it.<br>
<br>
As they say, &quot;You can&apos;t blame a monkey for botching a...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nanog/2020/Jul/442">Re: BGP route hijack by AS10990</a></strong>
<em>Mark Tinka (Jul 31)</em><br>
Indeed.<br>
<br>
What I was saying is we don&apos;t know how many of the leaked routes were<br>
dropped by Telia&apos;s ROV, if any.<br>
<br>
We really shouldn&apos;t be having to discuss how bad this could have gotten,<br>
because it means we are excusing Telia&apos;s inability to do proper<br>
filtering across its eBGP sessions with its customers.<br>
<br>
Mark.<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nanog/2020/Jul/441">Re: BGP route hijack by AS10990</a></strong>
<em>Mark Tinka (Jul 31)</em><br>
Like I said, &quot;if&quot;. If they did, then they were protected. If they<br>
didn&apos;t, well...<br>
<br>
I don&apos;t have to like you, but I will always honour your ROA :-).<br>
<br>
That is my point, though - this works if ROA&apos;s are present. We know this<br>
to not be the case - so having proper filters in place is not optional.<br>
Not at least until we have 100% diffusion of ROA&apos;s + ROV. And even then,<br>
we probably still want some kind of safety net....<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nanog/2020/Jul/440">Re: BGP route hijack by AS10990</a></strong>
<em>Mike Hammett (Jul 31)</em><br>
They solve a need that isn&apos;t reasonably solved any other way that doesn&apos;t have similar drawbacks. <br>
<br>
Some optimizers need to be redesigned to be safer by default. <br>
<br>
Some networks need to be safer by default as well. <br>
<br>
----- <br>
Mike Hammett <br>
Intelligent Computing Solutions <br>
<a  rel="nofollow" href="http://www.ics-il.com">http://www.ics-il.com</a> <br>
<br>
Midwest-IX <br>
<a  rel="nofollow" href="http://www.midwest-ix.com">http://www.midwest-ix.com</a> <br>
<br>
----- Original Message -----<br>
<br>
From: &quot;Mark Tinka&quot; &lt;mark.tinka () seacom com&gt; <br>
To: nanog ()...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nanog/2020/Jul/439">Re: BGP route hijack by AS10990</a></strong>
<em>Tom Beecher (Jul 31)</em><br>
This is the correct approach. We are a very long way from being able to<br>
flip the switch to say &quot;everyone drop any RPKI UNKNOWN&quot; , so in the<br>
meantime best practices for non-ROA covered prefixes still have to be done.<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nanog/2020/Jul/438">Re: BGP route hijack by AS10990</a></strong>
<em>Job Snijders (Jul 31)</em><br>
Could it be ... we didn&apos;t see any RPKI Invalids through Telia *because*<br>
they are rejecting RPKI invalids?<br>
<br>
As far as I know the BGP Polluter software does not have a configuration<br>
setting to only ruin the day of operators without ROAs. :-)<br>
<br>
I think the system worked as designed: without RPKI ROV @ Telia the<br>
damage might have been worse.<br>
<br>
Kind regards,<br>
<br>
Job<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nanog/2020/Jul/437">Re: BGP route hijack by AS10990</a></strong>
<em>Baldur Norddahl (Jul 31)</em><br>
How do you know that none of the prefixes had ROA? The ones that had got<br>
stopped by Telias filter, so we would never know.<br>
<br>
This is exactly the situation where RPKI already works. My and yours<br>
prefixes, provided you like me have ROAs, will not be leaked through Telia<br>
and a number of other large transits. Even if they did not have proper<br>
filters in place.<br>
<br>
Driving without RPKI / ROA is like driving without a seatbelt. You are fine<br>
until the day...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nanog/2020/Jul/436">Re: BGP route hijack by AS10990</a></strong>
<em>Mark Tinka (Jul 31)</em><br>
For about a year or so, I&apos;ve been saying that the next generation of<br>
network engineers are being trained for a GUI-based point &amp; click world,<br>
as opposed to understanding what protocols and CLI do.<br>
<br>
There is no shortage of annual workshops that teach BGP Multi-Homing.<br>
<br>
Despite the horror BGP optimizers have displayed in recent years, they<br>
seem to be flying off the shelves, still. Is this a clear example of the<br>
next generation of network...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nanog/2020/Jul/435">Re: BGP route hijack by AS10990</a></strong>
<em>Mark Tinka (Jul 31)</em><br>
While I am a huge proponent for ROA&apos;s and ROV, it is a massive<br>
expectation to req filtering to work on the basis of all BGP<br>
participants creating their ROA&apos;s. It&apos;s what I would like, but there is<br>
always going to be a lag on this one.<br>
<br>
If none of the prefixes had a ROA, no amount of Telia&apos;s shiny new &quot;we<br>
drop invalids&quot; machine would have helped, as we saw with this incident.<br>
ROV really only comes into its own when the...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/nanog/2020/Jul/434">Re: BGP route hijack by AS10990</a></strong>
<em>Mark Tinka (Jul 31)</em><br>
 <br>
<br>
We started using Telia as an upstream back in 2014. When we had new<br>
prefixes to announce to the Internet, we always sent them (as we do to<br>
all our upstreams) a request to update their filters to support the<br>
same. The standard response we got back from them, in those days, was a<br>
list of ASN&apos;s permitted in an inbound filter applied to our eBGP session<br>
with them, that showed all the ASN&apos;s that belonged to us and transited<br>
through us....<br>
</p>

 

<!-- MHonArc v2.6.19 -->
</blockquote>
</div>
<BR>
<A NAME="interesting-people"></A>
<div style="clear: right">
<A HREF="/interesting-people/"><img src="/images/interesting-people-logo.png" border="0" width="80" align="right" alt="interesting-people logo"></A><B><A HREF="/interesting-people/">Interesting People</A></B> &mdash; David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating<BR><ul class="inline"><li class="first"><A HREF="/interesting-people/2020/Jul/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Previous Month</A></li>
<li>&nbsp;<A HREF="/interesting-people/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/interesting-people.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://www.listbox.com/subscribe/?list_id=247"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-interesting-people" href="javascript:show_latest('interesting-people')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-interesting-people" style="display: none" href="javascript:hide_latest('interesting-people')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-interesting-people" style="display: none">
<!-- MHonArc v2.6.19 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/interesting-people/2020/Jul/15">re: I need chep Ad Rotator traffic for seclists.org</a></strong>
<em>Derick Denicola   (Jul 31)</em><br>
hi<br>
<br>
here it is, ad rotator cheap traffic<br>
<a  rel="nofollow" href="http://www.mgdots.co/detail.php?id=111">http://www.mgdots.co/detail.php?id=111</a><br>
<br>
Pricelist attached<br>
<br>
Regards<br>
Derick Denicola  <br>
<br>
<a  rel="nofollow" href="http://www.mgdots.co/unsubscribe/">http://www.mgdots.co/unsubscribe/</a><br>
001 (516) 926-1772<br>
18 Richmond St, Albany, New York <br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/interesting-people/2020/Jul/14">cheap viagra to grow your penis</a></strong>
<em>u-canbadge.com (Jul 30)</em><br>
order today, cheap viagra<br>
<a  rel="nofollow" href="https://www.u-canbadge.com/">https://www.u-canbadge.com/</a><br>
<br>
unsubscribe<br>
<a  rel="nofollow" href="https://forms.icann.org/en/resources/compliance/registries/abuse-contact/fo">https://forms.icann.org/en/resources/compliance/registries/abuse-contact/fo</a><br>
rm<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/interesting-people/2020/Jul/13">fw: put ranks down for any website</a></strong>
<em>Negative SEO (Jul 28)</em><br>
negative seo that works<br>
<a  rel="nofollow" href="http://www.liftmyrank.co/negative-seo-services/index.html">http://www.liftmyrank.co/negative-seo-services/index.html</a><br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/interesting-people/2020/Jul/12">Domain Authority 50 for your website = 69 usd only - Guaranteed Service</a></strong>
<em>Peter (Jul 24)</em><br>
We`ll get your website to have Domain Authority 50 or we`ll refund you every<br>
cent<br>
<br>
for only 69 usd, you`ll have DA50 for your website, guaranteed<br>
<br>
Order it today:<br>
<a  rel="nofollow" href="http://www.str8-creative.co/product/moz-da-seo-plan/">http://www.str8-creative.co/product/moz-da-seo-plan/</a><br>
<br>
thanks<br>
Peter<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/interesting-people/2020/Jul/11">re: experts SEO</a></strong>
<em>Merlene Prater (Jul 22)</em><br>
www.liftmyrank.co<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/interesting-people/2020/Jul/10">cheap viagra to grow your penis</a></strong>
<em>u-canbadge.com (Jul 21)</em><br>
order today, cheap viagra<br>
<a  rel="nofollow" href="https://www.u-canbadge.com/">https://www.u-canbadge.com/</a><br>
<br>
unsubscribe<br>
<a  rel="nofollow" href="https://forms.icann.org/en/resources/compliance/registries/abuse-contact/fo">https://forms.icann.org/en/resources/compliance/registries/abuse-contact/fo</a><br>
rm<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/interesting-people/2020/Jul/9">Get organic visits from your Country seclists.org</a></strong>
<em>Jamaal Jardine   (Jul 21)</em><br>
Increase sales and ranks with our targeted traffic<br>
<a  rel="nofollow" href="http://bulkwebtraffic.io">http://bulkwebtraffic.io</a><br>
<br>
Check the pricelist attached<br>
<br>
Regards<br>
Jamaal Jardine  <br>
<br>
Unsubscribe option is available on the footer of our website<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/interesting-people/2020/Jul/8">buy DA 50-90 backlinkscheap</a></strong>
<em>Xander (Jul 17)</em><br>
Buy DA50 to 90 backlinks and increase your ranks instantly<br>
<br>
<a  rel="nofollow" href="http://www.str8-creative.io/product/250-da50-90-backlinks/">http://www.str8-creative.io/product/250-da50-90-backlinks/</a><br>
<br>
order now while the offer lasts<br>
<br>
thank you<br>
Str8 Creative Team<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/interesting-people/2020/Jul/7">cheap viagra to grow your penis</a></strong>
<em>u-canbadge.com (Jul 17)</em><br>
order today, cheap viagra<br>
<a  rel="nofollow" href="https://www.u-canbadge.com/">https://www.u-canbadge.com/</a><br>
<br>
unsubscribe<br>
<a  rel="nofollow" href="https://forms.icann.org/en/resources/compliance/registries/abuse-contact/fo">https://forms.icann.org/en/resources/compliance/registries/abuse-contact/fo</a><br>
rm<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/interesting-people/2020/Jul/6">fw: put ranks down for any website</a></strong>
<em>Negative SEO (Jul 16)</em><br>
negative seo that works<br>
<a  rel="nofollow" href="http://www.liftmyrank.co/negative-seo-services/index.html">http://www.liftmyrank.co/negative-seo-services/index.html</a><br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/interesting-people/2020/Jul/5">re: Reach Millions of members with FB Groups Posting</a></strong>
<em>Sharron Cavitt   (Jul 12)</em><br>
Reach Millions of Facebook groups members with our manual Groups Posting<br>
service<br>
<a  rel="nofollow" href="http://www.str8-creative.io/product/facebook-groups-posting-service/">http://www.str8-creative.io/product/facebook-groups-posting-service/</a><br>
<br>
More details attached<br>
<br>
Regards<br>
Sharron Cavitt  <br>
<br>
001 (516) 926-1772, 18 Richmond St, Albany, New York <br>
<a  rel="nofollow" href="http://www.str8-creative.io/contact/">http://www.str8-creative.io/contact/</a><br>
<a  rel="nofollow" href="http://www.str8-creative.io/unsubscribe/">http://www.str8-creative.io/unsubscribe/</a><br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/interesting-people/2020/Jul/4">cheap viagra to grow your penis</a></strong>
<em>u-canbadge.com (Jul 11)</em><br>
order today, cheap viagra<br>
<a  rel="nofollow" href="https://www.u-canbadge.com/">https://www.u-canbadge.com/</a><br>
<br>
unsubscribe<br>
<a  rel="nofollow" href="https://forms.icann.org/en/resources/compliance/registries/abuse-contact/fo">https://forms.icann.org/en/resources/compliance/registries/abuse-contact/fo</a><br>
rm<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/interesting-people/2020/Jul/3">cheap traffic seclists.org</a></strong>
<em>Collen Crafford   (Jul 06)</em><br>
Increase sales and ranks with our targeted traffic<br>
<a  rel="nofollow" href="http://bulkwebtraffic.io">http://bulkwebtraffic.io</a><br>
<br>
Check the pricelist attached<br>
<br>
Regards<br>
Collen Crafford  <br>
<br>
Unsubscribe option is available on the footer of our website<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/interesting-people/2020/Jul/2">Boost ranks on seclists.org with our SEO max Plan (25% discount)</a></strong>
<em>Henrietta Holquin   (Jul 05)</em><br>
Boost your Ranks with our SEO Max Plan<br>
<a  rel="nofollow" href="http://www.str8-creative.co/product/seo-max-package/">http://www.str8-creative.co/product/seo-max-package/</a><br>
<br>
Get whitehat manual SEO work<br>
Full reports in just 2 weeks<br>
<br>
Apply 25% coupon:  25MAX<br>
<br>
Additional details in the presentation attached<br>
<br>
Regards<br>
Henrietta Holquin  <br>
<br>
Unsubscribe option is available on the footer of our website<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/interesting-people/2020/Jul/1">re: experts SEO</a></strong>
<em>Kai Mattei (Jul 04)</em><br>
www.liftmyrank.co<br>
</p>

 

<!-- MHonArc v2.6.19 -->
</blockquote>
</div>
<BR>
<A NAME="risks"></A>
<div style="clear: right">
<A HREF="/risks/"><img src="/images/risks-logo.png" border="0" width="80" align="right" alt="risks logo"></A><B><A HREF="/risks/">The RISKS Forum</A></B> &mdash; Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems.  Security risks are often discussed.<BR><ul class="inline"><li class="first"><A HREF="/risks/2020/q3/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Current Quarter</A></li>
<li>&nbsp;<A HREF="/risks/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/risks.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://catless.ncl.ac.uk/Risks"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-risks" href="javascript:show_latest('risks')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-risks" style="display: none" href="javascript:hide_latest('risks')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-risks" style="display: none">
<!-- MHonArc v2.6.19 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/risks/2020/q3/8">Risks Digest 32.15</a></strong>
<em>RISKS List Owner (Jul 28)</em><br>
RISKS-LIST: Risks-Forum Digest  Tuesday 28 July 2020  Volume 32 : Issue 15<br>
<br>
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)<br>
Peter G. Neumann, founder and still moderator<br>
<br>
***** See last item for further information, disclaimers, caveats, etc. *****<br>
This issue is archived at &lt;<a  rel="nofollow" href="http://www.risks.org">http://www.risks.org</a>&gt; as<br>
  &lt;<a  rel="nofollow" href="http://catless.ncl.ac.uk/Risks/32.15">http://catless.ncl.ac.uk/Risks/32.15</a>&gt;<br>
The current issue can also be found at<br>
  &lt;...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/risks/2020/q3/7">Risks Digest 32.14</a></strong>
<em>RISKS List Owner (Jul 26)</em><br>
RISKS-LIST: Risks-Forum Digest  Sunday 26 July 2020  Volume 32 : Issue 14<br>
<br>
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)<br>
Peter G. Neumann, founder and still moderator<br>
<br>
***** See last item for further information, disclaimers, caveats, etc. *****<br>
This issue is archived at &lt;<a  rel="nofollow" href="http://www.risks.org">http://www.risks.org</a>&gt; as<br>
  &lt;<a  rel="nofollow" href="http://catless.ncl.ac.uk/Risks/32.14">http://catless.ncl.ac.uk/Risks/32.14</a>&gt;<br>
The current issue can also be found at<br>
  &lt;...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/risks/2020/q3/6">Risks Digest 32.13</a></strong>
<em>RISKS List Owner (Jul 23)</em><br>
RISKS-LIST: Risks-Forum Digest  Thursday 23 July 2020  Volume 32 : Issue 13<br>
<br>
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)<br>
Peter G. Neumann, founder and still moderator<br>
<br>
***** See last item for further information, disclaimers, caveats, etc. *****<br>
This issue is archived at &lt;<a  rel="nofollow" href="http://www.risks.org">http://www.risks.org</a>&gt; as<br>
  &lt;<a  rel="nofollow" href="http://catless.ncl.ac.uk/Risks/32.13">http://catless.ncl.ac.uk/Risks/32.13</a>&gt;<br>
The current issue can also be found at<br>
  &lt;...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/risks/2020/q3/5">Risks Digest 32.12</a></strong>
<em>RISKS List Owner (Jul 20)</em><br>
RISKS-LIST: Risks-Forum Digest  Monday 20 July 2020  Volume 32 : Issue 12<br>
<br>
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)<br>
Peter G. Neumann, founder and still moderator<br>
<br>
***** See last item for further information, disclaimers, caveats, etc. *****<br>
This issue is archived at &lt;<a  rel="nofollow" href="http://www.risks.org">http://www.risks.org</a>&gt; as<br>
  &lt;<a  rel="nofollow" href="http://catless.ncl.ac.uk/Risks/32.12">http://catless.ncl.ac.uk/Risks/32.12</a>&gt;<br>
The current issue can also be found at<br>
  &lt;...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/risks/2020/q3/4">Risks Digest 32.11</a></strong>
<em>RISKS List Owner (Jul 16)</em><br>
RISKS-LIST: Risks-Forum Digest  Thursday 16 July 2020  Volume 32 : Issue 11<br>
<br>
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)<br>
Peter G. Neumann, founder and still moderator<br>
<br>
***** See last item for further information, disclaimers, caveats, etc. *****<br>
This issue is archived at &lt;<a  rel="nofollow" href="http://www.risks.org">http://www.risks.org</a>&gt; as<br>
  &lt;<a  rel="nofollow" href="http://catless.ncl.ac.uk/Risks/32.11">http://catless.ncl.ac.uk/Risks/32.11</a>&gt;<br>
The current issue can also be found at<br>
  &lt;...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/risks/2020/q3/3">Risks Digest 32.10</a></strong>
<em>RISKS List Owner (Jul 14)</em><br>
RISKS-LIST: Risks-Forum Digest  Tuesday 14 July 2020  Volume 32 : Issue 10<br>
<br>
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)<br>
Peter G. Neumann, founder and still moderator<br>
<br>
***** See last item for further information, disclaimers, caveats, etc. *****<br>
This issue is archived at &lt;<a  rel="nofollow" href="http://www.risks.org">http://www.risks.org</a>&gt; as<br>
  &lt;<a  rel="nofollow" href="http://catless.ncl.ac.uk/Risks/32.10">http://catless.ncl.ac.uk/Risks/32.10</a>&gt;<br>
The current issue can also be found at<br>
  &lt;...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/risks/2020/q3/2">Risks Digest 32.09</a></strong>
<em>RISKS List Owner (Jul 13)</em><br>
RISKS-LIST: Risks-Forum Digest  Monday 13 July 2020  Volume 32 : Issue 09<br>
<br>
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)<br>
Peter G. Neumann, founder and still moderator<br>
<br>
***** See last item for further information, disclaimers, caveats, etc. *****<br>
This issue is archived at &lt;<a  rel="nofollow" href="http://www.risks.org">http://www.risks.org</a>&gt; as<br>
  &lt;<a  rel="nofollow" href="http://catless.ncl.ac.uk/Risks/32.09">http://catless.ncl.ac.uk/Risks/32.09</a>&gt;<br>
The current issue can also be found at<br>
  &lt;...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/risks/2020/q3/1">Risks Digest 32.08</a></strong>
<em>RISKS List Owner (Jul 07)</em><br>
RISKS-LIST: Risks-Forum Digest  Tuesday 7 July 2020  Volume 32 : Issue 08<br>
<br>
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)<br>
Peter G. Neumann, founder and still moderator<br>
<br>
***** See last item for further information, disclaimers, caveats, etc. *****<br>
This issue is archived at &lt;<a  rel="nofollow" href="http://www.risks.org">http://www.risks.org</a>&gt; as<br>
  &lt;<a  rel="nofollow" href="http://catless.ncl.ac.uk/Risks/32.08">http://catless.ncl.ac.uk/Risks/32.08</a>&gt;<br>
The current issue can also be found at<br>
  &lt;...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/risks/2020/q3/0">Risks Digest 32.07</a></strong>
<em>RISKS List Owner (Jul 03)</em><br>
RISKS-LIST: Risks-Forum Digest  Friday 3 July 2020  Volume 32 : Issue 07<br>
<br>
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)<br>
Peter G. Neumann, founder and still moderator<br>
<br>
***** See last item for further information, disclaimers, caveats, etc. *****<br>
This issue is archived at &lt;<a  rel="nofollow" href="http://www.risks.org">http://www.risks.org</a>&gt; as<br>
  &lt;<a  rel="nofollow" href="http://catless.ncl.ac.uk/Risks/32.07">http://catless.ncl.ac.uk/Risks/32.07</a>&gt;<br>
The current issue can also be found at<br>
  &lt;...<br>
</p>

 

<!-- MHonArc v2.6.19 -->
<!-- MHonArc v2.6.19 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/risks/2020/q2/40">Risks Digest 32.06</a></strong>
<em>RISKS List Owner (Jun 29)</em><br>
RISKS-LIST: Risks-Forum Digest  Monday 29 June 2020  Volume 32 : Issue 06<br>
<br>
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)<br>
Peter G. Neumann, founder and still moderator<br>
<br>
***** See last item for further information, disclaimers, caveats, etc. *****<br>
This issue is archived at &lt;<a  rel="nofollow" href="http://www.risks.org">http://www.risks.org</a>&gt; as<br>
  &lt;<a  rel="nofollow" href="http://catless.ncl.ac.uk/Risks/32.06">http://catless.ncl.ac.uk/Risks/32.06</a>&gt;<br>
The current issue can also be found at<br>
  &lt;...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/risks/2020/q2/39">Risks Digest 32.05</a></strong>
<em>RISKS List Owner (Jun 27)</em><br>
RISKS-LIST: Risks-Forum Digest  Saturday 27 June 2020  Volume 32 : Issue 05<br>
<br>
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)<br>
Peter G. Neumann, founder and still moderator<br>
<br>
***** See last item for further information, disclaimers, caveats, etc. *****<br>
This issue is archived at &lt;<a  rel="nofollow" href="http://www.risks.org">http://www.risks.org</a>&gt; as<br>
  &lt;<a  rel="nofollow" href="http://catless.ncl.ac.uk/Risks/32.05">http://catless.ncl.ac.uk/Risks/32.05</a>&gt;<br>
The current issue can also be found at<br>
  &lt;...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/risks/2020/q2/38">Risks Digest 32.04</a></strong>
<em>RISKS List Owner (Jun 26)</em><br>
RISKS-LIST: Risks-Forum Digest  Friday 26 June 2020  Volume 32 : Issue 04<br>
<br>
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)<br>
Peter G. Neumann, founder and still moderator<br>
<br>
***** See last item for further information, disclaimers, caveats, etc. *****<br>
This issue is archived at &lt;<a  rel="nofollow" href="http://www.risks.org">http://www.risks.org</a>&gt; as<br>
  &lt;<a  rel="nofollow" href="http://catless.ncl.ac.uk/Risks/32.04">http://catless.ncl.ac.uk/Risks/32.04</a>&gt;<br>
The current issue can also be found at<br>
  &lt;...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/risks/2020/q2/37">Risks Digest 32.03</a></strong>
<em>RISKS List Owner (Jun 24)</em><br>
RISKS-LIST: Risks-Forum Digest  Wednesday 24 June 2020  Volume 32 : Issue 03<br>
<br>
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)<br>
Peter G. Neumann, founder and still moderator<br>
<br>
***** See last item for further information, disclaimers, caveats, etc. *****<br>
This issue is archived at &lt;<a  rel="nofollow" href="http://www.risks.org">http://www.risks.org</a>&gt; as<br>
  &lt;<a  rel="nofollow" href="http://catless.ncl.ac.uk/Risks/32.03">http://catless.ncl.ac.uk/Risks/32.03</a>&gt;<br>
The current issue can also be found at<br>
  &lt;...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/risks/2020/q2/36">Risks Digest 32.02</a></strong>
<em>RISKS List Owner (Jun 21)</em><br>
RISKS-LIST: Risks-Forum Digest  Sunday 21 June 2020  Volume 32 : Issue 02<br>
<br>
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)<br>
Peter G. Neumann, founder and still moderator<br>
<br>
***** See last item for further information, disclaimers, caveats, etc. *****<br>
This issue is archived at &lt;<a  rel="nofollow" href="http://www.risks.org">http://www.risks.org</a>&gt; as<br>
  &lt;<a  rel="nofollow" href="http://catless.ncl.ac.uk/Risks/32.02">http://catless.ncl.ac.uk/Risks/32.02</a>&gt;<br>
The current issue can also be found at<br>
  &lt;...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/risks/2020/q2/35">Risks Digest 32.01</a></strong>
<em>RISKS List Owner (Jun 16)</em><br>
RISKS-LIST: Risks-Forum Digest  Tuesday 16 June 2020  Volume 32 : Issue 01<br>
<br>
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)<br>
Peter G. Neumann, founder and still moderator<br>
<br>
***** See last item for further information, disclaimers, caveats, etc. *****<br>
This issue is archived at &lt;<a  rel="nofollow" href="http://www.risks.org">http://www.risks.org</a>&gt; as<br>
  &lt;<a  rel="nofollow" href="http://catless.ncl.ac.uk/Risks/32.01">http://catless.ncl.ac.uk/Risks/32.01</a>&gt;<br>
The current issue can also be found at<br>
  &lt;...<br>
</p>

 

<!-- MHonArc v2.6.19 -->
</blockquote>
</div>
<BR>
<A NAME="dataloss"></A>
<div style="clear: right">
<A HREF="/dataloss/"><img src="/images/dataloss-logo.png" border="0" width="80" align="right" alt="dataloss logo"></A><B><A HREF="/dataloss/">BreachExchange</A></B> &mdash; BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.<BR><ul class="inline"><li class="first"><A HREF="/dataloss/2020/q3/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Current Quarter</A></li>
<li>&nbsp;<A HREF="/dataloss/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/dataloss.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="https://www.riskbasedsecurity.com/mailing-lists/"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-dataloss" href="javascript:show_latest('dataloss')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-dataloss" style="display: none" href="javascript:hide_latest('dataloss')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-dataloss" style="display: none">
<!-- MHonArc v2.6.19 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/dataloss/2020/q3/83">Ransomware: How clicking on one email left a whole	business in big trouble</a></strong>
<em>Destry Winant (Jul 31)</em><br>
<a  rel="nofollow" href="https://www.zdnet.com/article/ransomware-how-clicking-on-one-phishing-email-left-a-whole-business-in-big-trouble/">https://www.zdnet.com/article/ransomware-how-clicking-on-one-phishing-email-left-a-whole-business-in-big-trouble/</a><br>
<br>
 Security experts have given an insight into how a targeted ransomware<br>
attack took down the network of a food and drink manufacturer after<br>
hackers took advantage of common security vulnerabilities.<br>
<br>
The crooks used a phishing attack and took advantage of a number of<br>
vulnerabilities – from old hardware to default passwords – to...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dataloss/2020/q3/82">Hacker leaks 386 million user records from 18	companies for free</a></strong>
<em>Destry Winant (Jul 31)</em><br>
<a  rel="nofollow" href="https://www.bleepingcomputer.com/news/security/hacker-leaks-386-million-user-records-from-18-companies-for-free/">https://www.bleepingcomputer.com/news/security/hacker-leaks-386-million-user-records-from-18-companies-for-free/</a><br>
<br>
A threat actor is flooding a hacker forum with databases exposing expose<br>
over 386 million user records that they claim were stolen from eighteen<br>
companies during data breaches.<br>
<br>
Since July 21st, a seller of data breaches known as ShinyHunters has begun<br>
leaking the databases for free on a hacker forum known for selling and<br>
sharing...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dataloss/2020/q3/81">Athens ISD computers hacked;	district will pay $50K cryptocurrency ransom</a></strong>
<em>Destry Winant (Jul 31)</em><br>
<a  rel="nofollow" href="https://www.wfaa.com/article/news/local/athens-isd-computers-hacked-50k-cryptocurrency-ransom/287-d2fd74b5-7734-4dd5-86b4-59960b959a21">https://www.wfaa.com/article/news/local/athens-isd-computers-hacked-50k-cryptocurrency-ransom/287-d2fd74b5-7734-4dd5-86b4-59960b959a21</a><br>
<br>
ATHENS, Texas — Athens ISD is delaying its school start date from Aug.<br>
3 to Aug. 10, but not because of COVID-19. A news release Wednesday<br>
said the school district was the victim of a ransomware attack that<br>
&quot;wreaked havoc&quot; on the district&apos;s computers.<br>
<br>
The ransomware attack encrypted all of the...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dataloss/2020/q3/80">Morgan Stanley Hit with Class Lawsuit Over Alleged	Data Breaches</a></strong>
<em>Destry Winant (Jul 31)</em><br>
<a  rel="nofollow" href="https://advisorhub.com/morgan-stanley-hit-with-class-action-over-alleged-data-breaches/">https://advisorhub.com/morgan-stanley-hit-with-class-action-over-alleged-data-breaches/</a><br>
<br>
Former and current Morgan Stanley customers have filed a putative<br>
class-action lawsuit alleging negligence and invasion of privacy over<br>
the firm’s failure to properly scrub decommissioned hardware of<br>
personal information such as social security numbers, account numbers<br>
and other personal data.<br>
<br>
Morgan Stanley earlier this month began notifying brokers and...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/dataloss/2020/q3/79">10,	000 patients affected by data breach at University of Utah Health</a></strong>
<em>Destry Winant (Jul 30)</em><br>
<a  rel="nofollow" href="https://kutv.com/news/local/information-of-10000-patients-affected-by-data-breach-at-university-of-utah-health">https://kutv.com/news/local/information-of-10000-patients-affected-by-data-breach-at-university-of-utah-health</a><br>
<br>
SALT LAKE CITY (KUTV) — Approximately 10,000 patients&apos; information was<br>
affected by a data breach at the University of Utah Health, according<br>
to the U.S. Department of Health and Human Services.<br>
<br>
The department states information about the breach was processed on<br>
Monday, July 20.<br>
<br>
The health system stated in a press release on...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dataloss/2020/q3/78">Promo Data Breach Hits 14.6 Million User Accounts</a></strong>
<em>Destry Winant (Jul 30)</em><br>
<a  rel="nofollow" href="https://www.infosecurity-magazine.com/news/promo-data-breach-hits-146-million/">https://www.infosecurity-magazine.com/news/promo-data-breach-hits-146-million/</a><br>
<br>
An Israeli marketing video firm this week announced a major breach of<br>
user data which appears to have impacted over 14 million accounts.<br>
<br>
Promo, which describes itself as “the world’s #1 marketing video<br>
maker,” revealed in an online notice that a vulnerability in a<br>
third-party service was to blame for the incident, which also affected<br>
customers of its Slidely...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dataloss/2020/q3/77">Maze gang leaves behind bitter taste for Indian	sweets maker Haldiram&apos;s</a></strong>
<em>Destry Winant (Jul 30)</em><br>
<a  rel="nofollow" href="https://www.itwire.com/security/maze-gang-leaves-behind-bitter-taste-for-indian-sweets-maker-haldiram-s.html">https://www.itwire.com/security/maze-gang-leaves-behind-bitter-taste-for-indian-sweets-maker-haldiram-s.html</a><br>
<br>
In what looks to be an unusual choice of victim, a cyber criminal gang<br>
has used the Maze Windows ransomware to attack the well-known Indian<br>
sweets manufacturer Haldiram&apos;s and has released some data stolen from<br>
the company.<br>
<br>
Ransomware packages are designed to encrypt files found on a victim&apos;s<br>
site. The exfiltration of files is...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dataloss/2020/q3/76">SEI Investments: Vendor Hit by Ransomware,	Data Leaked</a></strong>
<em>Destry Winant (Jul 30)</em><br>
<a  rel="nofollow" href="https://www.databreachtoday.com/sei-investments-vendor-hit-by-ransomware-data-leaked-a-14722">https://www.databreachtoday.com/sei-investments-vendor-hit-by-ransomware-data-leaked-a-14722</a><br>
<br>
Fund administrator SEI Investments Co. acknowledged Monday that it<br>
suffered a data breach after one of its vendors was struck with a<br>
ransomware attack, resulting in some of its customers&apos; data being made<br>
public by the malicious actors.<br>
<br>
An SEI spokesperson tells Information Security Media Group that on May<br>
17, the vendor, M.J. Brunner, was hit with...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/dataloss/2020/q3/75">Garmin obtains decryption key after ransomware	attack</a></strong>
<em>Destry Winant (Jul 29)</em><br>
<a  rel="nofollow" href="https://metro.co.uk/2020/07/28/garmin-obtains-decryption-key-ransomware-attack-13046988/">https://metro.co.uk/2020/07/28/garmin-obtains-decryption-key-ransomware-attack-13046988/</a><br>
<br>
Garmin appears to be getting its services back up and running after a<br>
ransomware attack crippled the company last week. Users are reporting<br>
that services like Garmin Connect, which work with the company’s<br>
fitness trackers, are slowly coming back online.<br>
<br>
Last week, malicious software infected Garmin’s corporate network and<br>
encrypted its files. The...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dataloss/2020/q3/74">Cosmetics Giant Avon Leaks 19 Million Records</a></strong>
<em>Destry Winant (Jul 29)</em><br>
<a  rel="nofollow" href="https://www.infosecurity-magazine.com/news/cosmetics-giant-avon-leaks-19/">https://www.infosecurity-magazine.com/news/cosmetics-giant-avon-leaks-19/</a><br>
<br>
A misconfigured cloud server at global cosmetics brand Avon was<br>
recently discovered leaking 19 million records including personal<br>
information and technical logs.<br>
<br>
Researchers at SafetyDetectives led by Anurag Sen told Infosecurity<br>
that they found the Elasticsearch database on an Azure server publicly<br>
exposed with no password protection or encryption.<br>
<br>
“The vulnerability...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dataloss/2020/q3/73">CISO concern grows as ransomware plague hits close	to home</a></strong>
<em>Destry Winant (Jul 29)</em><br>
<a  rel="nofollow" href="https://www.zdnet.com/article/ciso-concern-grows-as-ransomware-plague-hits-close-to-home/">https://www.zdnet.com/article/ciso-concern-grows-as-ransomware-plague-hits-close-to-home/</a><br>
<br>
Garmin is currently wrestling with a ransomware-induced outage, and<br>
locally in Australia, 2020 has seen ransomware take out major<br>
companies and threaten beer supplies when it hit logistics giant Toll<br>
and beverage company Lion. Toll has only recently recovered from its<br>
second dose of the year.<br>
<br>
These sorts of attacks are starting to ring alarm bells, with...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dataloss/2020/q3/72">OCR Imposes $1 Million HIPAA Penalty on Lifespan for Lack of Encryption and Other HIPAA Failures</a></strong>
<em>Destry Winant (Jul 29)</em><br>
<a  rel="nofollow" href="https://www.modernhealthcare.com/cybersecurity/lifespan-health-system-pay-1-million-hipaa-fine">https://www.modernhealthcare.com/cybersecurity/lifespan-health-system-pay-1-million-hipaa-fine</a><br>
<br>
The HHS’ Office for Civil Rights has imposed a $1,040,000 HIPAA<br>
penalty on Lifespan Health System Affiliated Covered Entity (Lifespan<br>
ACE) following the discovery of systemic noncompliance with the HIPAA<br>
Rules.<br>
<br>
Lifespan is a not-for-profit health system based in Rhode Island that<br>
has many healthcare provider affiliates in the state. On April 21,...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/dataloss/2020/q3/71">Blinking In The Dark: A Day In The Life Of A CISO</a></strong>
<em>Destry Winant (Jul 28)</em><br>
<a  rel="nofollow" href="https://www.informationsecuritybuzz.com/articles/blinking-in-the-dark-a-day-in-the-life-of-a-ciso/">https://www.informationsecuritybuzz.com/articles/blinking-in-the-dark-a-day-in-the-life-of-a-ciso/</a><br>
<br>
It’s said that the devil never sleeps. Perhaps no other industry<br>
demonstrates this so pointedly as cybersecurity, where the enemy could<br>
be anywhere in the world — and in any time zone. Finding time to relax<br>
is tough enough in today’s digital 24/7 world. But having a job where<br>
the bad guy could sit down to begin his “work” day with a hot...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dataloss/2020/q3/70">Tech unicorn Dave admits to security breach	impacting 7.5 million users</a></strong>
<em>Destry Winant (Jul 28)</em><br>
<a  rel="nofollow" href="https://www.zdnet.com/article/tech-unicorn-dave-admits-to-security-breach-impacting-7-5-million-users/">https://www.zdnet.com/article/tech-unicorn-dave-admits-to-security-breach-impacting-7-5-million-users/</a><br>
<br>
Digital banking app and tech unicorn Dave.com confirmed today a<br>
security breach after a hacker published the details of 7,516,625<br>
users on a public forum.<br>
<br>
In an email to ZDNet today, Dave said the security breach originated<br>
on the network of a former business partner, Waydev, an analytics<br>
platform used by engineering teams.<br>
<br>
&quot;As the...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/dataloss/2020/q3/69">Garmin Risks Repeat Attack If It Paid $10 Million	Ransom</a></strong>
<em>Destry Winant (Jul 28)</em><br>
<a  rel="nofollow" href="https://www.forbes.com/sites/barrycollins/2020/07/28/garmin-risks-repeat-attack-if-it-paid-10-million-ransom/#fe57ac14a6e7">https://www.forbes.com/sites/barrycollins/2020/07/28/garmin-risks-repeat-attack-if-it-paid-10-million-ransom/#fe57ac14a6e7</a><br>
<br>
A security expert has warned that Garmin is now an even bigger target<br>
if it paid the alleged $10 million ransom to free its systems of<br>
malware.<br>
<br>
Several Garmin apps and the company’s manufacturing plants were<br>
knocked offline on Friday, after the company suffered what’s reported<br>
to be a ransomware attack. Ransomware...<br>
</p>

 

<!-- MHonArc v2.6.19 -->
</blockquote>
</div>
<BR>
<h2 class="purpleheader"><A NAME="oss"></A>Open Source Tool Development</h2><A NAME="metasploit"></A>
<div style="clear: right">
<A HREF="/metasploit/"><img src="/images/metasploit-logo.png" border="0" width="80" align="right" alt="metasploit logo"></A><B><A HREF="/metasploit/">Metasploit</A></B> &mdash; Development discussion for <a href="http://metasploit.com/">Metasploit</a>, the premier open source remote exploitation tool<BR><ul class="inline"><li class="first"><A HREF="/metasploit/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/metasploit.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://spool.metasploit.com/mailman/listinfo/framework"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-metasploit" href="javascript:show_latest('metasploit')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-metasploit" style="display: none" href="javascript:hide_latest('metasploit')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-metasploit" style="display: none">
<!-- MHonArc v2.6.19 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/metasploit/2015/q3/1">nullcon se7en CFP is open</a></strong>
<em>nullcon (Aug 25)</em><br>
Dear Friends,<br>
<br>
              Welcome to nullcon se7en!<br>
<br>
$git commit -a &lt;sin&gt;<br>
<br>
&lt;sin&gt; := wrath | pride | lust | envy | greed | gluttony | sloth<br>
<br>
nullcon is an annual security conference held in Goa, India. The focus<br>
of the conference is to showcase the next generation of offensive and<br>
defensive security technology. We happily open doors to researchers<br>
and hackers around the world working on the next big thing in security<br>
and request...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/metasploit/2015/q3/0">Ruxcon 2015 Final Call For Presentations</a></strong>
<em>cfp (Jul 05)</em><br>
Ruxcon 2015 Final Call For Presentations<br>
Melbourne, Australia, October 24-25<br>
CQ Function Centre<br>
<br>
<a  rel="nofollow" href="http://www.ruxcon.org.au">http://www.ruxcon.org.au</a><br>
<br>
The Ruxcon team is pleased to announce the first round of Call For Presentations for Ruxcon 2015.<br>
<br>
This year the conference will take place over the weekend of the 24th and 25th of October at the CQ Function Centre, <br>
Melbourne, Australia.<br>
<br>
The deadline for submissions is the 15th of September, 2015.<br>
<br>
.[x]. About Ruxcon .[x]....<br>
</p>

 

<!-- MHonArc v2.6.19 -->
</blockquote>
</div>
<BR>
<A NAME="wireshark"></A>
<div style="clear: right">
<A HREF="/wireshark/"><img src="/images/wireshark-logo.png" border="0" width="80" align="right" alt="wireshark logo"></A><B><A HREF="/wireshark/">Wireshark</A></B> &mdash; Discussion of the free and open source <a href="http://www.wireshark.org/">Wireshark</a> network sniffer.  No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.<BR><ul class="inline"><li class="first"><A HREF="/wireshark/2020/Jul/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Previous Month</A></li>
<li>&nbsp;<A HREF="/wireshark/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/wireshark.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://www.wireshark.org/lists/"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-wireshark" href="javascript:show_latest('wireshark')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-wireshark" style="display: none" href="javascript:hide_latest('wireshark')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-wireshark" style="display: none">
<!-- MHonArc v2.6.19 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/wireshark/2020/Jul/134">LUA-script in Tshark</a></strong>
<em>Gisle Vanem (Jul 31)</em><br>
Hello list.<br>
<br>
I use this .lua-script:<br>
   <a  rel="nofollow" href="https://github.com/VE3NEA/Afedri-Dissector/blob/master/afedri.lua">https://github.com/VE3NEA/Afedri-Dissector/blob/master/afedri.lua</a><br>
<br>
to dissect traffic to/from my newly acquired short-wave radio.<br>
First I used windump to generate a 4GByte capture (10 minutes<br>
of control + data on port 50000). Then wanting to see the details<br>
of these Afedri protocols, I started Tshark in verbose mode (-V):<br>
   tshark -X afedri.lua -V -O Afedri,Afedri-iq -c20 -r recording-1.pcap | less<br>
<br>
But I...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/wireshark/2020/Jul/130">Re: GitLab update and migration timeline</a></strong>
<em>Gerald Combs (Jul 31)</em><br>
As far as I can tell, that&apos;s the case. Custom domains are available for GitLab pages (their static site hosting <br>
feature), but not projects. I&apos;d be delighted to be proven wrong.<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/wireshark/2020/Jul/129">Re: GitLab update and migration timeline</a></strong>
<em>Guy Harris (Jul 31)</em><br>
So all those gitlab.randomfreesoftwareproject.org sites require the project in question to maintain its own servers, as <br>
opposed to, for example, having a CNAME record for gitlab.randomfreesoftwareproject.org that points to gitlab.com, and <br>
GitLab&apos;s servers looking at the Host: header and realizing that if the host is gitlab.randomfreesoftwareproject.org, <br>
it&apos;s the GitLab site for the project?  (I&apos;m assuming here that browsers...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/wireshark/2020/Jul/128">GitLab update and migration timeline</a></strong>
<em>Gerald Combs (Jul 31)</em><br>
I think we&apos;re finally ready to start migrating our code review, bug/issue tracking, and wiki infrastructure to GitLab. <br>
The bug to issue conversion scripts preserve bug metadata, comments, and attachments, and prettifies markup where it <br>
can. The wiki conversion script preserves markup and attachments. A test repository with output from the bug/issue and <br>
wiki migration scripts can be found at<br>
<br>
<a  rel="nofollow" href="https://gitlab.com/wireshark/migration-test">https://gitlab.com/wireshark/migration-test</a><br>
<br>
A...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/wireshark/2020/Jul/127">Re: LUA dissector - combine data from 2 UDP packets, display issue</a></strong>
<em>Michael Poroger (Jul 31)</em><br>
Something I build by myself. The idea is similar to this<br>
&lt;<a  rel="nofollow" href="https://osqa-ask.wireshark.org/questions/55621/lua-udp-reassembly">https://osqa-ask.wireshark.org/questions/55621/lua-udp-reassembly</a>&gt;<br>
implementation (in the answer) - just storing the data between packet X-1<br>
to packet X.<br>
<br>
Not sure about the actual implementation (as already on weekend), but I<br>
think that this is not persistent storage, as if the data in the packet is<br>
complete, the storage is set to an empty one. In any case, if packet X-1<br>
does not...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/wireshark/2020/Jul/126">Re: Clue on sshdump w/special characters in passwords</a></strong>
<em>Jason Lixfeld (Jul 31)</em><br>
Although this particular example wasn’t on the command line, I tried it on the command line previously, both quoted and <br>
escaped, neither seemed to work.<br>
<br>
I will open a bug report.  Thank you.<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/wireshark/2020/Jul/125">Re: Clue on sshdump w/special characters in	passwords</a></strong>
<em>Jeff Morriss (Jul 31)</em><br>
If this reflects what was actually sent on the command line:<br>
--remote-password XXXXXXXXXX<br>
<br>
then it sounds like a quoting problem to me. That is, it should be:<br>
--remote-password &quot;XXXXXXXXX&quot;<br>
<br>
I&apos;d suggest opening a bug report: <a  rel="nofollow" href="https://bugs.wireshark.org">https://bugs.wireshark.org</a><br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/wireshark/2020/Jul/124">Re: LUA dissector - combine data from 2 UDP packets, display issue</a></strong>
<em>Jeff Morriss (Jul 31)</em><br>
Probably a question better for the -dev list but...<br>
<br>
Are you using epan&apos;s reassembly routines or something you built yourself?<br>
If it&apos;s something you built yourself, are you storing the reassembled data<br>
in persistent storage which is available when (re)dissecting the 2nd frame<br>
(where the reassembled data is used)?<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/wireshark/2020/Jul/123">LUA dissector - combine data from 2 UDP packets,	display issue</a></strong>
<em>Michael Poroger (Jul 31)</em><br>
Hello users :)<br>
<br>
I&apos;ve successfully created a dissector which combines data from 2 UDP<br>
packets. Every time I select this kind of packet, I&apos;m getting an error on<br>
the packet details on the custom protocol section.<br>
<br>
Only when I select the previous packet and then the current packet, I can<br>
see the dissection as I expect and without any error.<br>
<br>
How to solve the issue?<br>
<br>
(Unfortunately, I can&apos;t provide the screenshots as it is in my private...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/wireshark/2020/Jul/122">Re: Some apparent type bugs</a></strong>
<em>John Thacker (Jul 31)</em><br>
I created change 38006 &lt;<a  rel="nofollow" href="https://code.wireshark.org/review/#/c/38006/">https://code.wireshark.org/review/#/c/38006/</a>&gt; for<br>
these two. Both of them wanted the length in order to increment the offset.<br>
They were<br>
written assuming that it would return just the value in the length field,<br>
not the total length (including the fixed width<br>
of the length field itself).<br>
<br>
John<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/wireshark/2020/Jul/121">Re: Some apparent type bugs</a></strong>
<em>Jaap Keuter (Jul 31)</em><br>
Hi,<br>
<br>
Okay, I’ve pushed a change (38004 &lt;<a  rel="nofollow" href="https://code.wireshark.org/review/38004">https://code.wireshark.org/review/38004</a>&gt;) for the first ones.<br>
<br>
Thanks,<br>
Jaap<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/wireshark/2020/Jul/120">Re: Some apparent type bugs</a></strong>
<em>Jaap Keuter (Jul 31)</em><br>
Hi,<br>
<br>
Don’t know, just noticed the UINT part and thought about returning &apos;a value&apos; should be possible.<br>
Will have to look into this more closely to see if and what makes sense.<br>
<br>
Thanks,<br>
Jaap<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/wireshark/2020/Jul/119">Re: Some apparent type bugs</a></strong>
<em>Martin Mathieson via Wireshark-dev (Jul 31)</em><br>
Oops.<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/wireshark/2020/Jul/118">Re: Some apparent type bugs</a></strong>
<em>Martin Mathieson via Wireshark-dev (Jul 31)</em><br>
Oh yeah.  Need to make that RE even more unreadable :)<br>
<br>
It is likely that there are &apos;allowed&apos; entries wrong or missing.  The script<br>
defines this collection of checks, then runs them all over each dissector<br>
file.  I was surprised not to find more issues than I did.<br>
<br>
# These are all of the APIs in proto.c that check a set of types at<br>
runtime. &apos;is not of type&apos;<br>
apiChecks = []...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/wireshark/2020/Jul/117">Re: Some apparent type bugs</a></strong>
<em>John Thacker (Jul 31)</em><br>
There&apos;s a UINT passed in that&apos;s the fixed length of the length field,<br>
there&apos;s the total length (which is the value in the length field of<br>
the variable bytes plus the passed in fixed UINT) returned by<br>
proto_tree_add_item_ret_length(), and then there&apos;s the value of the<br>
variable length field only.<br>
<br>
Is the proposed change to have proto_tree_add_item_ret_uint() return the<br>
value contained in the variable length field<br>
instead of the...<br>
</p>

 

<!-- MHonArc v2.6.19 -->
</blockquote>
</div>
<BR>
<A NAME="snort"></A>
<div style="clear: right">
<A HREF="/snort/"><img src="/images/snort-logo.png" border="0" width="80" align="right" alt="snort logo"></A><B><A HREF="/snort/">Snort</A></B> &mdash; Everyone's favorite open source IDS, <a href="http://www.snort.org/">Snort</a>. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.<BR><ul class="inline"><li class="first"><A HREF="/snort/2020/q3/index.html"><img src="/images/current-icon-16x16.png" border=0 width=16 height=16 alt="->">Current Quarter</A></li>
<li>&nbsp;<A HREF="/snort/"><img src="/images/archive-icon-16x16.png" border=0 width=16 height=16 alt="Archive icon">Archived Posts</A></li>
<li>&nbsp;<A HREF="/rss/snort.rss"><img src="/images/feed-icon-16x16.png" border=0 width=16 height=16 alt="RSS icon">RSS Feed</A></li>
<li>&nbsp;<A HREF="http://www.snort.org/community/mailing-lists"><img src="/images/about-icon-16x16.png" border=0 width=16 height=16 alt="About icon">About List</A></li>
<li class="showbutton" style="display: none">&nbsp;<a id="show-snort" href="javascript:show_latest('snort')"><img src="/images/plus-icon-16x16.png" border=0 width=16 height=16 alt="Latest icon">Show Latest Posts</a><a id="hide-snort" style="display: none" href="javascript:hide_latest('snort')"><img src="/images/minus-icon-16x16.png" border=0 width=16 height=16 alt="-">Hide Latest Posts</a></li>
</ul>
<blockquote id="latest-snort" style="display: none">
<!-- MHonArc v2.6.19 -->

 

<p class="excerpt">
<strong><a href="http://seclists.org/snort/2020/q3/48">re: I need chep Ad Rotator traffic for seclists.org</a></strong>
<em>Ethelyn Eversole   (Jul 31)</em><br>
hi<br>
<br>
here it is, ad rotator cheap traffic<br>
<a  rel="nofollow" href="http://www.mgdots.co/detail.php?id=111">http://www.mgdots.co/detail.php?id=111</a><br>
<br>
Pricelist attached<br>
<br>
Regards<br>
Ethelyn Eversole  <br>
<br>
<a  rel="nofollow" href="http://www.mgdots.co/unsubscribe/">http://www.mgdots.co/unsubscribe/</a><br>
001 (516) 926-1772<br>
18 Richmond St, Albany, New York <br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/snort/2020/q3/47">Snort Subscriber Rules Update 2020-07-30</a></strong>
<em>Research (Jul 30)</em><br>
Talos Snort Subscriber Rules Update<br>
<br>
Synopsis:<br>
This release adds and modifies rules in several categories.<br>
<br>
Details:<br>
Talos has added and modified multiple rules in the browser-webkit,<br>
file-other, malware-other and server-webapp rule sets to provide<br>
coverage for emerging threats from these technologies.<br>
<br>
For a complete list of new and modified rules please see:<br>
<br>
<a  rel="nofollow" href="https://www.snort.org/advisories">https://www.snort.org/advisories</a><br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/snort/2020/q3/46">Re: ENABLED vs DISABLED</a></strong>
<em>Joel Esler (jesler) via Snort-sigs (Jul 29)</em><br>
Dear Anthony,<br>
<br>
Thanks for your email.  I believe you will find what you are looking for here: <br>
<a  rel="nofollow" href="https://www.snort.org/faq/why-are-rules-commented-out-by-default">https://www.snort.org/faq/why-are-rules-commented-out-by-default</a><br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/snort/2020/q3/45">rank fast  with unethical methods</a></strong>
<em>Carmina Dahlquist (Jul 29)</em><br>
The new ways to rank fast<br>
blackhatseoservices.tk<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/snort/2020/q3/44">ENABLED vs DISABLED</a></strong>
<em>Filice II, Anthony via Snort-sigs (Jul 29)</em><br>
All,<br>
<br>
Does anyone know why this new release shows DISABLED. Especially when several are still currently being exploited?<br>
<br>
* 1:54637 &lt;-&gt; DISABLED &lt;-&gt; SERVER-WEBAPP Zoom Client ZoomOpener remote code execution attempt (server-webapp.rules)<br>
* 1:54636 &lt;-&gt; DISABLED &lt;-&gt; SERVER-WEBAPP Zoom Client ZoomOpener remote code execution attempt (server-webapp.rules)<br>
* 1:54650 &lt;-&gt; DISABLED &lt;-&gt; SERVER-WEBAPP Apache Kylin REST...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/snort/2020/q3/43">Re: 2.9.15.0 rules fail to download</a></strong>
<em>Joel Esler (jesler) via Snort-sigs (Jul 29)</em><br>
We are aware of an issue with certain versions of Snort rules and are working to fix it.<br>
<br>
Sent from my  iPad<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/snort/2020/q3/42">2.9.15.0 rules fail to download</a></strong>
<em>Pettersson, Emil (Jul 29)</em><br>
Hi,<br>
<br>
Our download of 2.9.15.0 rules are failing starting after update released yesterday. Md5 at <br>
<a  rel="nofollow" href="https://www.snort.org/rules/snortrules-snapshot-29150.tar.gz.md5?oinkcode=[OMITTED">https://www.snort.org/rules/snortrules-snapshot-29150.tar.gz.md5?oinkcode=[OMITTED</a>&lt;<a  rel="nofollow" href="https://www.snort.org/rules/snortrules-snapshot-29150.tar.gz.md5?oinkcode=%5bOMITTED">https://www.snort.org/rules/snortrules-snapshot-29150.tar.gz.md5?oinkcode=%5bOMITTED</a>&gt;]<br>
 is giving a file not found rather than a hash. <br>
<a  rel="nofollow" href="https://www.snort.org/rules/snortrules-snapshot-29150.tar.gz?oinkcode=[OMITTED">https://www.snort.org/rules/snortrules-snapshot-29150.tar.gz?oinkcode=[OMITTED</a>&lt;...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/snort/2020/q3/41">Re: How to set the priority of new preprocessor written for layer 2 traffic in SNORT2?</a></strong>
<em>Chamara Devanarayana via Snort-devel (Jul 28)</em><br>
Hi Ali,<br>
Have a look at my repository.<br>
<a  rel="nofollow" href="https://github.com/chamara84/snort-2.9_RTDS/blob/master/snort-2.9.14.1/src/preprocessors/spp_goose.c">https://github.com/chamara84/snort-2.9_RTDS/blob/master/snort-2.9.14.1/src/preprocessors/spp_goose.c</a><br>
Look at the files spp_goose.c and /src/decode.c and /src/decode.h<br>
I wrote it to modify Goose frames. You might be able to match your code with that and fix your problem. I do not get an <br>
error like yours.<br>
<br>
Best regards,<br>
Chamara<br>
<br>
From: Snort-devel &lt;snort-devel-bounces () lists snort org&gt; On Behalf Of...<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/snort/2020/q3/40">Snort Subscriber Rules Update 2020-07-28</a></strong>
<em>Research (Jul 28)</em><br>
Talos Snort Subscriber Rules Update<br>
<br>
Synopsis:<br>
This release adds and modifies rules in several categories.<br>
<br>
Details:<br>
Talos has added and modified multiple rules in the browser-chrome,<br>
malware-cnc, malware-other and server-webapp rule sets to provide<br>
coverage for emerging threats from these technologies.<br>
<br>
For a complete list of new and modified rules please see:<br>
<br>
<a  rel="nofollow" href="https://www.snort.org/advisories">https://www.snort.org/advisories</a><br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/snort/2020/q3/39">fw: put ranks down for any website</a></strong>
<em>Tammie Crampton   (Jul 28)</em><br>
negative seo that works<br>
<a  rel="nofollow" href="http://www.liftmyrank.co/negative-seo-services/index.html">http://www.liftmyrank.co/negative-seo-services/index.html</a><br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/snort/2020/q3/38">Re: Snort 3 per DAQ-instance variables</a></strong>
<em>Y M via Snort-devel (Jul 27)</em><br>
Thank you, Michael.<br>
________________________________<br>
From: Snort-devel &lt;snort-devel-bounces () lists snort org&gt; on behalf of Michael Altizer (mialtize) via Snort-devel <br>
&lt;snort-devel () lists snort org&gt;<br>
Sent: Saturday, July 25, 2020 9:33 PM<br>
To: snort-devel () lists snort org &lt;snort-devel () lists snort org&gt;<br>
Subject: Re: [Snort-devel] Snort 3 per DAQ-instance variables<br>
<br>
Yes, I removed that functionality with the switch to libdaq3...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/snort/2020/q3/37">cheap viagra to grow your penis</a></strong>
<em>u-canbadge.com (Jul 27)</em><br>
order today, cheap viagra<br>
<a  rel="nofollow" href="https://www.u-canbadge.com/">https://www.u-canbadge.com/</a><br>
<br>
unsubscribe<br>
<a  rel="nofollow" href="https://forms.icann.org/en/resources/compliance/registries/abuse-contact/fo">https://forms.icann.org/en/resources/compliance/registries/abuse-contact/fo</a><br>
rm<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/snort/2020/q3/36">Re: Question regarding content of a rule</a></strong>
<em>Joel Esler (jesler) via Snort-sigs (Jul 27)</em><br>
This rule has been deleted, however.<br>
<br>
Digits in between pipes (for instance below |09|) is looking for 09 in hex, not ascii.<br>
<br>
Since this is a DNS lookup, |09| is the number of bytes in the next sequence “tiptronic”.<br>
</p>
<p class="excerpt">
<strong><a href="http://seclists.org/snort/2020/q3/35">Question regarding content of a rule</a></strong>
<em>Matej Lietava via Snort-sigs (Jul 27)</em><br>
Hi guys,<br>
<br>
Sorry I am quite new to snort and I have been checking our the various rules that are in the snort3 rules file.I am <br>
writing my on rule parser and small detection engine that will work off of the snort rules. I have been trying to <br>
understand the rule options but I am quite confused when it comes to some of the content options. Some of the <br>
signatures are just byte code indicated by |. I understand that but I don&apos;t understand what...<br>
</p>


<p class="excerpt">
<strong><a href="http://seclists.org/snort/2020/q3/34">Re: Snort 3 per DAQ-instance variables</a></strong>
<em>Michael Altizer (mialtize) via Snort-devel (Jul 25)</em><br>
Yes, I removed that functionality with the switch to libdaq3 earlier last year.  I didn&apos;t have a compelling use case <br>
for it anymore and it overcomplicated things a lot.  Most of what it would have previously been used for was solved by <br>
providing an instance ID/instance total to the DAQ module instantiation instead.  The libdaq3 library still supports <br>
the flexibility should we ever need to bring back that level of granularity in DAQ module...<br>
</p>

 

<!-- MHonArc v2.6.19 -->
</blockquote>
</div>
<BR>
<h2 class="purpleheader">More Lists</h2>We also maintain archives for these lists (some are currently inactive):<table border=1 cellpadding=5 cellspacing=0><tr><td><a href="/politech/">Declan McCullagh's Politech</a></td><td><a href="/tcpdump/">TCPDump/LibPCAP Dev</a></td><td><a href="/incidents/">Security Incidents</a></td></tr><tr><td><a href="/vuln-dev/">Vulnerability Development</a></td><td><a href="/vulnwatch/">Vulnerability Watch</a></td><td></td></tr></table><br>

<h2 class="purpleheader">Related Resources</h2>

Read some old-school private security digests such as Zardoz at <A HREF="http://securitydigest.org">SecurityDigest.Org</A><BR>

<P>We're always looking for great network security related lists to archive.  To suggest one, <a href="mailto:fyodor@nmap.org">mail Fyodor</a>.
<BR><BR>

</TD></TR>
</TABLE>
</TD></TR>
<TR><TD></TD><TD ALIGN="center">
<FONT COLOR="#FFFFFF">
[ <A HREF="https://nmap.org"><FONT COLOR="#FFFFFF">Nmap</FONT></A> |
  <A HREF="https://sectools.org"><FONT COLOR="#FFFFFF">Sec Tools</FONT></A> |
  <A HREF="https://seclists.org/"><FONT COLOR="#FFFFFF">Mailing Lists</FONT></A> |
  <A HREF="https://insecure.org/"><FONT COLOR="#FFFFFF">Site News</FONT></A> |
  <A HREF="https://insecure.org/fyodor/"><FONT COLOR="#FFFFFF">About/Contact</FONT></A> |
  <A HREF="https://insecure.org/advertising.html"><FONT COLOR="#FFFFFF">Advertising</FONT></A> |
  <A HREF="https://insecure.org/privacy.html"><FONT COLOR="#FFFFFF">Privacy</FONT></A> ]<BR>
</FONT>

<!-- SiteSearch Google -->
<div class="gcse-searchbox-only" data-resultsUrl="https://nmap.org/search.html"></div>
<!-- End SiteSearch Google -->

<!-- Bottom Banner -->
<!-- Adsense -->
<script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
<!-- PageBottom728x90 -->
<ins class="adsbygoogle"
     style="display:inline-block;width:728px;height:90px"
     data-ad-client="ca-pub-0078565546631069"
     data-ad-slot="2743510915"></ins>
<script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script>
<!-- End Bottom Banner -->
</TD></TR>
</TABLE>
</BODY>
</HTML>

URL
GET http://seclists.org/
Response Headers
Date:
Sat, 01 Aug 2020 08:50:57 GMT
Content-Length:
306
Content-Type:
text/html; charset=iso-8859-1
Location:
https://seclists.org/
Server:
Apache/2.4.6 (CentOS)
Response Body
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://seclists.org/">here</a>.</p>
<hr>
<address>Apache/2.4.6 (CentOS) Server at seclists.org Port 80</address>
</body></html>

Report ID

20200801T085036Z_AS13489_Wp072dcBwAEpTATo1eeeHgyTgzNiPC3UA5168UOEO1tY8tISL1

Platform

android

OONI Probe version

2.4.0

Measurement Kit version

0.10.11

Raw Measurement Data