Welcome to the ThreatPerspective Security Information Center
Welcome to the Security Information Center
This is a portal site created by ThreatPerspective to enable our clients and other interested parties to learn more about Information Security. The boxes on the left correlate to free information and tools that realate to Information Security. The boxes on the right are various Information Security related news feeds.
Tenable Network Security#7 Nessus Versus Malware - Top Ten Things You Didn't Know About NessusTenable Network Security Podcast 110Tenable Network Security Episode 109Tenable Network Security Podcast Episode 108Microsoft Patch Tuesday - January 2012Tenable Network Security Podcast Episode 107An introduction to Nessus - The VideoMicrosoft Patch Management Integration with Nessus - Part 1 WSUSMicrosoft Patch Tuesday - December 2011Tenable Network Security Podcast Episode 106Bugtraq
http://seclists.org/#bugtraq
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!AdaCore Security Advisory SA-2012-L119-003 Hash collisions in AWS
http://seclists.org/bugtraq/2012/Jan/168
<p>Posted by Thomas Quinot on Jan 27</p>AdaCore Security Advisory<br>
Impact:...<br>[HITB-Announce] Reminder: HITB2012AMS Call For Papers Closing Soon
http://seclists.org/bugtraq/2012/Jan/167
<p>Posted by Hafez Kamal on Jan 27</p>This is a gentle reminder that the Call for Papers for the third annual<br>
featuring keynote speakers Andy Ellis (Chief...<br>[ GLSA 201201-15 ] ktsuss: Privilege escalation
http://seclists.org/bugtraq/2012/Jan/166
<p>Posted by Sean Amoss on Jan 27</p>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br>
Date: January 27, 2012...<br>[SECURITY] [DSA 2394-1] libxml2 security update
http://seclists.org/bugtraq/2012/Jan/165
<p>Posted by Luciano Bello on Jan 27</p>-------------------------------------------------------------------------<br>
Problem type : remote...<br>ESA-2012-007: RSA, The Security Division of EMC, announces security fixes for RSA enVision
http://seclists.org/bugtraq/2012/Jan/164
<p>Posted by Security_Alert on Jan 26</p>ESA-2012-007: RSA, The Security Division of EMC, announces security fixes for RSA enVision<br>
This release addresses an environmental variable disclosure vulnerability. The...<br>ESA-2012-005: EMC NetWorker buffer overflow vulnerability
http://seclists.org/bugtraq/2012/Jan/163
<p>Posted by Security_Alert on Jan 26</p>ESA-2012-005: EMC NetWorker buffer overflow vulnerability. <br>
denial...<br>Cisco Security Advisory: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability
http://seclists.org/bugtraq/2012/Jan/162
<p>Posted by Cisco Systems Product Security Incident Response Team on Jan 26</p>Cisco Security Advisory: Cisco IronPort Appliances Telnet Remote Code<br>
allow a remote,...<br>ZDI-12-018 : Symantec PCAnywhere awhost32 Remote Code Execution Vulnerability
http://seclists.org/bugtraq/2012/Jan/161
<p>Posted by ZDI Disclosures on Jan 25</p>ZDI-12-018 : Symantec PCAnywhere awhost32 Remote Code Execution<br>
vulnerable installations of Symantec PCAnywhere....<br>NX Web Companion Spoofing Arbitrary Code Execution Vulnerability
http://seclists.org/bugtraq/2012/Jan/160
<p>Posted by otr on Jan 25</p># Vuln Title: NX Web Companion Spoofing Arbitrary Code Execution<br>
Machine software...<br>[SECURITY] [DSA-2393-1] bip security update
http://seclists.org/bugtraq/2012/Jan/159
<p>Posted by dann frazier on Jan 25</p>-------------------------------------------------------------------------<br>
Problem type :...<br>D-Link DIR-601 TFTP Directory Traversal Vulnerability
http://seclists.org/bugtraq/2012/Jan/158
<p>Posted by robkraus on Jan 25</p>Vulnerability title: D-Link DIR-601 TFTP Directory Traversal Vulnerability<br>
Solutionary public disclosure URL:...<br>CSRF (Cross-Site Request Forgery) in DClassifieds
http://seclists.org/bugtraq/2012/Jan/157
<p>Posted by advisory on Jan 25</p>Advisory ID: HTB23067<br>
Credit: High-Tech Bridge SA Security Research Lab (...<br>Multiple vulnerabilities in OSclass
http://seclists.org/bugtraq/2012/Jan/156
<p>Posted by advisory on Jan 25</p>Advisory ID: HTB23068<br>
Credit: High-Tech Bridge SA Security...<br>NGS00117 Patch Notification: Symantec PCAnywhere Local Privilege Escalation
http://seclists.org/bugtraq/2012/Jan/155
<p>Posted by Research () NGSSecure on Jan 25</p>High Risk Vulnerability in Symantec PCAnywhere <br>
An updated version of the software has been released to address these vulnerabilities:...<br>NGS00118 Patch Notification: Symantec PCAnywhere Remote Code Execution as SYSTEM
http://seclists.org/bugtraq/2012/Jan/154
<p>Posted by Research () NGSSecure on Jan 25</p>Critical Vulnerability in Symantec PCAnywhere <br>
An updated version of the software has been released to address these vulnerabilities:...<br>CERT Advisories
http://seclists.org/#cert
The <a href="http://www.cert.org/">Computer Emergency Response Team</a> has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.TA12-024A -- "Anonymous" DDoS Activity
http://seclists.org/cert/2012/13
<p>Posted by US-CERT Technical Alerts on Jan 24</p> National Cyber Alert System<br>
industry...<br>Current Activity - Denial-of-Service Malware Campaign
http://seclists.org/cert/2012/12
<p>Posted by Current Activity on Jan 24</p>US-CERT Current Activity<br>
US-CERT encourages users and administrators to do the following...<br>Current Activity - Google Releases Chrome 16.0.912.77
http://seclists.org/cert/2012/11
<p>Posted by Current Activity on Jan 24</p>US-CERT Current Activity<br>
US-CERT encourages users and administrators to review the Google...<br>Current Activity - Symantec pcAnywhere Hotfix
http://seclists.org/cert/2012/10
<p>Posted by Current Activity on Jan 24</p>US-CERT Current Activity<br>
pcAnywhere hot fix...<br>Current Activity - Best Practices for Recovery from the Malicious Erasure of Files
http://seclists.org/cert/2012/9
<p>Posted by Current Activity on Jan 19</p>US-CERT Current Activity<br>
wiping, or "zeroing out," the hard disk...<br>Current Activity - Oracle Releases Critical Patch Update for January 2012
http://seclists.org/cert/2012/8
<p>Posted by Current Activity on Jan 18</p>US-CERT Current Activity<br>
* 1 for Oracle Supply Chain Products Suite...<br>Current Activity - Phishing Campaign Using Spoofed US-CERT Email Addresses
http://seclists.org/cert/2012/7
<p>Posted by Current Activity on Jan 11</p>US-CERT Current Activity<br>
number of private sector organizations as well as federal, state,...<br>Current Activity - Adobe Releases Security Advisory for Adobe Reader and Acrobat
http://seclists.org/cert/2012/6
<p>Posted by Current Activity on Jan 10</p>US-CERT Current Activity<br>
* Adobe Reader 9.4.7 and earlier...<br>Current Activity - Microsoft Releases January Security Bulletin
http://seclists.org/cert/2012/5
<p>Posted by Current Activity on Jan 10</p>US-CERT Current Activity<br>
operate with elevated...<br>TA12-010A -- Microsoft Updates for Multiple Vulnerabilities
http://seclists.org/cert/2012/4
<p>Posted by US-CERT Technical Alerts on Jan 10</p> National Cyber Alert System<br>
Microsoft Developer Tools and Software....<br>Current Activity - Phishing Campaign Using Spoofed US-CERT E-mail Addresses
http://seclists.org/cert/2012/3
<p>Posted by Current Activity on Jan 10</p>US-CERT Current Activity<br>
state, and local governments. US-CERT began receiving reports of...<br>TA12-006A -- Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack
http://seclists.org/cert/2012/2
<p>Posted by US-CERT Technical Alerts on Jan 06</p> National Cyber Alert System<br>
configure secure...<br>Current Activity - Google Releases Chrome 16.0.912.75
http://seclists.org/cert/2012/1
<p>Posted by Current Activity on Jan 06</p>US-CERT Current Activity<br>
Chrome Releases blog entry and update to...<br>Current Activity - Microsoft Releases Advance Notification for January Security Bulletin
http://seclists.org/cert/2012/0
<p>Posted by Current Activity on Jan 05</p>US-CERT Current Activity<br>
Developer...<br>Current Activity - Multiple Programming Language Implementations Vulnerable to Hash Table Collision Attacks
http://seclists.org/cert/2011/217
<p>Posted by Current Activity on Dec 28</p>US-CERT Current Activity<br>
launch a denial-of-service...<br>Daily Dave
http://seclists.org/#dailydave
This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by <a href="http://www.immunitysec.com/">ImmunitySec</a> founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.Cyber Politics By Other Means
http://seclists.org/dailydave/2012/q1/14
<p>Posted by Dave Aitel on Jan 27</p>Dear DD - attached is some red meat. :><br>
<...<br>Alligators
http://seclists.org/dailydave/2012/q1/13
<p>Posted by Dave Aitel on Jan 19</p>INFILTRATE 2012 is over (as of an hour from now). I will say that all<br>
And here is Mark's Prezi:...<br>Open Bars
http://seclists.org/dailydave/2012/q1/12
<p>Posted by Dave Aitel on Jan 09</p>So we ordered quite a few open bars for INFILTRATE people - one of which<br>
<...<br>Security Event Horizons
http://seclists.org/dailydave/2012/q1/11
<p>Posted by Dave Aitel on Jan 09</p>Every so often you see a ton of effort from a security person go into a<br>
own...<br>New Paper - Acquisition and Analysis of Volatile Memory from Android Devices
http://seclists.org/dailydave/2012/q1/10
<p>Posted by Andrew Case on Jan 09</p>We are writing to announce that our paper on Android memory forensics has<br>
Andrew<br>Re: Symantec AV source compromised and the questions it raises
http://seclists.org/dailydave/2012/q1/9
<p>Posted by Michal Zalewski on Jan 06</p>This reminds me of the wise words of the chairman of Trend Micro:<br>
now looks like Symantec will,...<br>Symantec AV source compromised and the questions it raises
http://seclists.org/dailydave/2012/q1/8
<p>Posted by Mohammad Hosein on Jan 06</p>"Sadly, we'll likely never know the answer."<br>
forums and tweets are...<br>Symantec AV source compromised and the questions it raises
http://seclists.org/dailydave/2012/q1/7
<p>Posted by William Arbaugh on Jan 06</p>Security Week ran a story that Symantec's AV source was obtained (and soon to be released) via a compromise of an <br>
since the source is 4+ years old....<br>Apache Struts
http://seclists.org/dailydave/2012/q1/6
<p>Posted by Dave Aitel on Jan 06</p>Just how bad is that Sec-Consult Apache Struts vulnerability...<br>
<param...<br>Re: INFILTRATE Book Club Part 2
http://seclists.org/dailydave/2012/q1/5
<p>Posted by h1kari on Jan 05</p>Hey guys,<br>
have a...<br>INFILTRATE Book Club Part 2
http://seclists.org/dailydave/2012/q1/4
<p>Posted by Dave Aitel on Jan 04</p>So I personally wasn't a huge fan, but more than one person has<br>
At this year's INFILTRATE, due to a few factors, we have...<br>InfoSec Southwest 2012 CFP First-round Speaker Selections
http://seclists.org/dailydave/2012/q1/3
<p>Posted by I)ruid on Jan 04</p>Hello,<br>
Keynote...<br>Re: WebHacking and lcamtuf
http://seclists.org/dailydave/2012/q1/2
<p>Posted by Michal Zalewski on Jan 03</p>Okay!<br>
PS. And yeah, thanks for the review :-)<br>WebHacking and lcamtuf
http://seclists.org/dailydave/2012/q1/1
<p>Posted by Dave Aitel on Jan 02</p>So this is my review of lcamtuf's book, which is this: It's the best<br>
only...<br>INFILTRATE book club part 1
http://seclists.org/dailydave/2012/q1/0
<p>Posted by Dave Aitel on Jan 02</p>For those of you traveling to INFILTRATE (in just a few short days!) I<br>
(Syriana) that were based on his books, just...<br>Educause Security Discussion
http://seclists.org/#educause
Securing networks and computers in an academic environment.Re: Free Download of Matt Ivester's Book Available Now (until Jan. 30)!
http://seclists.org/educause/2012/q1/244
<p>Posted by Pollock, Joseph on Jan 27</p>My response was immediate and reflexive when I saw I would have to create an Amazon account - No Way. It's not worth <br>
comfortable telling the caller that I wanted information only and have no...<br>Re: Free Download of Matt Ivester's Book Available Now (until Jan. 30)!
http://seclists.org/educause/2012/q1/243
<p>Posted by John Ladwig on Jan 27</p>I need to look over the descriptions of DPD, to see to what degree they cover the issue of the current massive trend of <br>
I haven't dug down deeply into Amazon's Kindle and other user/privacy...<br>Re: Free Download of Matt Ivester's Book Available Now (until Jan. 30)!
http://seclists.org/educause/2012/q1/242
<p>Posted by Morrow Long on Jan 27</p>They might even get a few to install the Kindle app or buy a Kindle.<br>
I don't think your rant was...<br>Re: Free Download of Matt Ivester's Book Available Now (until Jan. 30)!
http://seclists.org/educause/2012/q1/241
<p>Posted by Morrow Long on Jan 27</p>And actually you can now read it in the Cloud -- you don't have to install<br>
Subject: Re: [SECURITY] Free Download of Matt...<br>Re: Free Download of Matt Ivester's Book Available Now (until Jan. 30)!
http://seclists.org/educause/2012/q1/240
<p>Posted by Wayne S. Martin on Jan 27</p>I apologize for the tone, I shouldn't have been so direct. I suppose where I'm confused is that I view Data Privacy <br>
IMHO, Wayne<br>Re: Free Download of Matt Ivester's Book Available Now (until Jan. 30)!
http://seclists.org/educause/2012/q1/239
<p>Posted by Charlie Derr on Jan 27</p>As someone who understood John's irony (and agrees with it), the reason for the irony is that to some of us, the word <br>
exchange they (probably? hopefully?) get a bunch of new people to sign...<br>Re: Free Download of Matt Ivester's Book Available Now (until Jan. 30)!
http://seclists.org/educause/2012/q1/238
<p>Posted by Tonkin, Derek K. on Jan 27</p>I apologize for the tone, I shouldn't have been so direct. I suppose where I'm confused is that I view Data Privacy <br>
I'm curious what the stance is of others on the list. As...<br>Re: Free Download of Matt Ivester's Book Available Now (until Jan. 30)!
http://seclists.org/educause/2012/q1/237
<p>Posted by Chuck Dunn on Jan 27</p>Valarie,<br>
publisher. It's...<br>Re: Free Download of Matt Ivester's Book Available Now (until Jan. 30)!
http://seclists.org/educause/2012/q1/236
<p>Posted by Don M. Blumenthal on Jan 27</p>I have an Amazon account from which I download Kindle books regularly for a Kindle, iPad, and Android phone, and have <br>
intend to download the book but, despite the fact that I can understand why free distribution is being done this way, I...<br>Re: Free Download of Matt Ivester's Book Available Now (until Jan. 30)!
http://seclists.org/educause/2012/q1/235
<p>Posted by Mclaughlin, Kevin (mclaugkl) on Jan 27</p>I love my Kindle, I love my Kindle IPhone App, I love my Kindle Android app and I love my Kindle computer app. By the <br>
University of Cincinnati...<br>Re: Free Download of Matt Ivester's Book Available Now (until Jan. 30)!
http://seclists.org/educause/2012/q1/234
<p>Posted by Tonkin, Derek K. on Jan 27</p>John,<br>
to complain about? I'm not sure what privacy concerns you have with Amazon but it didn't take...<br>Re: Free Download of Matt Ivester's Book Available Now (until Jan. 30)!
http://seclists.org/educause/2012/q1/233
<p>Posted by Valerie Vogel on Jan 27</p>Please note: Although the download is only for Kindle, Amazon has free reading apps for the iPad and other devices. <br>
<a rel="nofollow" href="http://www.amazon.com/lol-OMG-Reputation-Citizenship-Cyberbullying-ebook/dp/B0060FRNNQ">http://www.amazon.com/lol-OMG-Reputation-Citizenship-Cyberbullying-ebook/dp/B0060FRNNQ</a>...<br>Re: Free Download of Matt Ivester's Book Available Now (until Jan. 30)!
http://seclists.org/educause/2012/q1/232
<p>Posted by John Ladwig on Jan 27</p>And, you can't download the free book without logging in to Amazon. And, near as I can tell, it's Kindle- or <br>
To: The EDUCAUSE Security Constituent Group...<br>Free Download of Matt Ivester's Book Available Now (until Jan. 30)!
http://seclists.org/educause/2012/q1/231
<p>Posted by Valerie Vogel on Jan 27</p>Starting today (through January 30), you can download Matt Ivester's book - "lol...OMG! What Every Student Needs to <br>
Matt Ivester will also be joining us for a special EDUCAUSE Policy webinar next Monday, January 30, 1-2 pm EST....<br>Re: Google announces privacy changes, no opt out for users
http://seclists.org/educause/2012/q1/230
<p>Posted by Mike Porter on Jan 27</p>Without knowing what our contract states, and what portions of the<br>
PGP Fingerprint: F4 AE E1...<br>Firewall Wizards
http://seclists.org/#firewall-wizards
Tips and tricks for firewall administratorsIDS Focus
http://seclists.org/#focus-ids
Technical discussion about Intrusion Detection Systems. You can also read the archives of a <A HREF="http://seclists.org/ids/">previous IDS list</A>Full Disclosure
http://seclists.org/#fulldisclosure
A <a href="http://seclists.org/fulldisclosure/2010/Mar/459">lightly moderated</a> high-traffic forum for disclosure of security information. Fresh vulnerabilities sometimes hit this list many hours before they pass through the Bugtraq moderation queue. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. Unfortunately, most of the posts are worthless drivel, so finding the gems takes patience...twitter rights
http://seclists.org/fulldisclosure/2012/Jan/536
<p>Posted by RandallM on Jan 28</p>is posting attacking us gov site, or exposing personal info of another<br>
What is twitters take?<br>FatCat Auto SQLl Injector
http://seclists.org/fulldisclosure/2012/Jan/535
<p>Posted by sandeep k on Jan 28</p>This is an automatic SQL Injection tool called as FatCat, Use of FatCat for<br>
vulnerability and start exploiting...<br>FatCat Auto SQLl Injector
http://seclists.org/fulldisclosure/2012/Jan/534
<p>Posted by sandeep k on Jan 28</p>This is an automatic SQL Injection tool called as FatCat, Use of FatCat for<br>
vulnerability and start exploiting...<br>[ GLSA 201201-17 ] Chromium: Multiple vulnerabilities
http://seclists.org/fulldisclosure/2012/Jan/533
<p>Posted by Tim Sammut on Jan 27</p>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br>
Date: January 28,...<br>Re: when did piracy/theft become expression of freedom
http://seclists.org/fulldisclosure/2012/Jan/532
<p>Posted by Zach C. on Jan 27</p>the<br>
you prefer,...<br>Re: when did piracy/theft become expression of freedom
http://seclists.org/fulldisclosure/2012/Jan/531
<p>Posted by Thor (Hammer of God) on Jan 27</p>These arguments do more harm than good. You can't base property law on what people may not have done (of course there <br>
street and buy a similar product for less money. That...<br>Re: when did piracy/theft become expression of freedom
http://seclists.org/fulldisclosure/2012/Jan/530
<p>Posted by Valdis . Kletnieks on Jan 27</p>On Fri, 27 Jan 2012 18:06:28 GMT, Michael Schmidt said:<br>
2) Who gets those...<br>[ GLSA 201201-16 ] X.Org X Server/X Keyboard Configuration Database: Screen lock bypass
http://seclists.org/fulldisclosure/2012/Jan/529
<p>Posted by Alex Legler on Jan 27</p>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br>
Title: X.Org X Server/X Keyboard Configuration Database: Screen...<br>[SECURITY] [DSA 2396-1] qemu-kvm security update
http://seclists.org/fulldisclosure/2012/Jan/528
<p>Posted by Moritz Muehlenhoff on Jan 27</p>-------------------------------------------------------------------------<br>
Problem type :...<br>Re: when did piracy/theft become expression of freedom
http://seclists.org/fulldisclosure/2012/Jan/527
<p>Posted by Laurelai on Jan 27</p>Yeah and the US is becoming a police state, so using US law as examples<br>
of morality is pretty shaky ground.<br>[SECURITY] [DSA 2395-1] wireshark security update
http://seclists.org/fulldisclosure/2012/Jan/526
<p>Posted by Moritz Muehlenhoff on Jan 27</p>-------------------------------------------------------------------------<br>
Problem type...<br>Re: when did piracy/theft become expression of freedom
http://seclists.org/fulldisclosure/2012/Jan/525
<p>Posted by Michael Schmidt on Jan 27</p>You want to be very careful with that line of thought. You are taking the creator the rightful owners profits, which <br>
When you make a copy, you are performing a step that the manufacturer takes with physical products. Just because...<br>Advisory: Remote Command Execution in Gitorious
http://seclists.org/fulldisclosure/2012/Jan/524
<p>Posted by joernchen of Phenoelit on Jan 27</p>Hi,<br>
joernchen<br>Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities
http://seclists.org/fulldisclosure/2012/Jan/523
<p>Posted by research () vulnerability-lab com on Jan 27</p>Title:<br>
and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time...<br>[ GLSA 201201-15 ] ktsuss: Privilege escalation
http://seclists.org/fulldisclosure/2012/Jan/522
<p>Posted by Sean Amoss on Jan 27</p>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br>
Date: January 27, 2012...<br>Funsec
http://seclists.org/#funsec
While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community..twitter rights
http://seclists.org/funsec/2012/q1/113
<p>Posted by RandallM on Jan 28</p>is posting attacking us gov site, or exposing personal info of another<br>
What is twitters take?<br>Really simple security blog
http://seclists.org/funsec/2012/q1/112
<p>Posted by Robert Slade on Jan 27</p>This was a new one to me, anyway.<br>
for your boss :-)<br>Twitter nation-based censorship
http://seclists.org/funsec/2012/q1/111
<p>Posted by Robert Slade on Jan 27</p>A large stake in Twitter was recently bought by a Saudi prince. He said he agreed with the concept.<br>
Of course, this timing is simply a coincidence. There couldn't possibly be any relationship.<br>Privacy Policy
http://seclists.org/funsec/2012/q1/110
<p>Posted by Rob, grandpa of Ryan, Trevor, Devon & Hannah on Jan 26</p>This seems vaguely familiar, but what the heck:<br>
victoria.tc.ca/techrev/rms.htm <a rel="nofollow" href="http://www.infosecbc.org/links">http://www.infosecbc.org/links</a>...<br>OK, we don't need the Borg for "Total Recall"
http://seclists.org/funsec/2012/q1/109
<p>Posted by Rob, grandpa of Ryan, Trevor, Devon & Hannah on Jan 26</p><a rel="nofollow" href="http://www.scientificamerican.com/article.cfm?id=totaling-recall">http://www.scientificamerican.com/article.cfm?id=totaling-recall</a><br>
victoria.tc.ca/techrev/rms.htm <a rel="nofollow" href="http://www.infosecbc.org/links">http://www.infosecbc.org/links</a>...<br>[HITB-Announce] Reminder: HITB2012AMS Call For Papers Closing Soon
http://seclists.org/funsec/2012/q1/108
<p>Posted by Hafez Kamal on Jan 26</p>This is a gentle reminder that the Call for Papers for the third annual<br>
featuring keynote speakers Andy Ellis (Chief...<br>Resistance is futile: you will be assimilated ...
http://seclists.org/funsec/2012/q1/107
<p>Posted by Rob, grandpa of Ryan, Trevor, Devon & Hannah on Jan 26</p><a rel="nofollow" href="http://thenextweb.com/socialmedia/2012/01/25/facebook-is-killing-local-social-">http://thenextweb.com/socialmedia/2012/01/25/facebook-is-killing-local-social-</a><br>
victoria.tc.ca/techrev/rms.htm <a rel="nofollow" href="http://www.infosecbc.org/links">http://www.infosecbc.org/links</a>...<br>Re: Teaching reporters infosec ...
http://seclists.org/funsec/2012/q1/106
<p>Posted by Kyle Creyts on Jan 25</p>Flashy and interesting like using the mouse to move your cursor around,<br>
not quite "strong" protection, but better than nothing in some cases.<br>Re: Teaching reporters infosec ...
http://seclists.org/funsec/2012/q1/105
<p>Posted by Paul M Moriarty on Jan 25</p>While doing something flashy and interesting with your left hand, type your message quickly with your right hand. The <br>
keyloggers fall for it every time. :)<br>Re: Teaching reporters infosec ...
http://seclists.org/funsec/2012/q1/104
<p>Posted by Patrick Laverty on Jan 25</p>I thought this line interesting:<br>
What does that mean to trick a keylogger?<br>Re: Teaching reporters infosec ...
http://seclists.org/funsec/2012/q1/103
<p>Posted by Paul M Moriarty on Jan 25</p>It's a step in the right direction, though clearly it will be a long journey.<br>
- Paul -<br>Teaching reporters infosec ...
http://seclists.org/funsec/2012/q1/102
<p>Posted by Robert Slade on Jan 25</p><a rel="nofollow" href="http://www.cjr.org/the_news_frontier/teaching_cyber-security.php">http://www.cjr.org/the_news_frontier/teaching_cyber-security.php</a><br>
CISSP...<br>Re: Google Docs illegal in Norway
http://seclists.org/funsec/2012/q1/101
<p>Posted by Paul Ferguson on Jan 25</p>Funny you should mention that:<br>
- ferg<br>Re: Google Docs illegal in Norway
http://seclists.org/funsec/2012/q1/100
<p>Posted by Jeffrey Walton on Jan 25</p>The PATRIOT Act is gestapo legislation - its a subversion of the<br>
who drafted and...<br>BitDefender, you've created a monster! (story ...)
http://seclists.org/funsec/2012/q1/99
<p>Posted by Robert Slade on Jan 25</p>www.infosecurity-magazine.com/view/23465/viruses-and-worms-are-evolving-into-frankenmalware/<br>
threats from 25 years ago and dress...<br>Honeypots
http://seclists.org/#honeypots
Discussions about tracking attackers by setting up decoy honeypots or entire <A HREF="http://www.honeynet.org">honeynet</A> networks.[HONEYPOTS] Cyber Warfare / Network Defense Simulation
http://seclists.org/honeypots/2012/q1/1
<p>Posted by Teóphilo Athos Brauns on Jan 24</p>Hi,<br>
managed to create a whole...<br>Cyber Warfare / Network Defense Simulation
http://seclists.org/honeypots/2012/q1/0
<p>Posted by Teóphilo Athos Brauns on Jan 24</p>Hi,<br>
managed to create a...<br>CanSecWest 2012 Mar 7-9; 2nd call for papers, closes next week, Monday. Dec 5 2011
http://seclists.org/honeypots/2011/q4/0
<p>Posted by Dragos Ruiu on Dec 01</p>So after a dozen years or so organizing conferences, you <br>
submissions and missing  the CFP. So for my control set,...<br>Incidents
http://seclists.org/#incidents
Lightly moderated list for dicussing actual security incidents (unexplained probes, breakins, etc). Topics include information about new rootkits, backdoors, trojans, virii, and worms.Packet Storm ≈ Full Disclosure Information SecurityPacket Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers
http://packetstormsecurity.org/
Packet Storm
http://packetstormsecurity.org/
http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1363314962&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1363314962.1327781348.1327781348.1327781348.1%3B%2B__utmz%3D32867617.1327781348.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)Students Busted For Hacking Computers, Changing Grades
http://packetstormsecurity.org/news/view/20518/Students-Busted-For-Hacking-Computers-Changing-Grades.html
European Parliament Rapporteur Quits In Acta Protest
http://packetstormsecurity.org/news/view/20514/European-Parliament-Rapporteur-Quits-In-Acta-Protest.html
Kelios Botnet Suspect Denies Microsoft Accusations
http://packetstormsecurity.org/news/view/20519/Kelios-Botnet-Suspect-Denies-Microsoft-Accusations.html
Anonymous' Topiary Gets A Plea Date
http://packetstormsecurity.org/news/view/20520/Anonymous-Topiary-Gets-A-Plea-Date.html
US Lawmakers Question Google Over Privacy Policy
http://packetstormsecurity.org/news/view/20517/US-Lawmakers-Question-Google-Over-Privacy-Policy.html
Judges Set Timetable For McKinnon Case Resolution
http://packetstormsecurity.org/news/view/20516/Judges-Set-Timetable-For-McKinnon-Case-Resolution.html
Facebook And Washington State Take On A Clickjacker
http://packetstormsecurity.org/news/view/20515/Facebook-And-Washington-State-Take-On-A-Clickjacker.html
Linux Vendors Urgently Patch A Security Flaw
http://packetstormsecurity.org/news/view/20513/Linux-Vendors-Urgently-Patch-A-Security-Flaw.html
Sophos Warns Of Rising Android Malware Threats In 2012
http://packetstormsecurity.org/news/view/20512/Sophos-Warns-Of-Rising-Android-Malware-Threats-In-2012.html
How Google Keeps Your Secrets Private
http://packetstormsecurity.org/news/view/20511/How-Google-Keeps-Your-Secrets-Private.html
FBI Plans Social Network Map Alert Mash-Up Application
http://packetstormsecurity.org/news/view/20510/FBI-Plans-Social-Network-Map-Alert-Mash-Up-Application.html
Backlash Over Google Move To Change Privacy Settings
http://packetstormsecurity.org/news/view/20509/Backlash-Over-Google-Move-To-Change-Privacy-Settings.html
O2 Caught Revealing Users' Mobile Phone Numbers
http://packetstormsecurity.org/news/view/20508/O2-Caught-Revealing-Users-Mobile-Phone-Numbers.html
Judges Probe Minister's Role In McKinnon Extradition Saga
http://packetstormsecurity.org/news/view/20507/Judges-Probe-Ministers-Role-In-McKinnon-Extradition-Saga.html
Gitorious Remote Command Execution
http://packetstormsecurity.org/files/109178/advisory_gitorious.txt
Gitorious versions prior to 2.1.1 suffer from a remote command execution vulnerability.HP Diagnostics Server magentservice.exe Overflow
http://packetstormsecurity.org/files/109177/hp_magentservice.rb.txt
This Metasploit module exploits a stack buffer overflow in HP Diagnostics Server magentservice.exe service. By sending a specially crafted packet, an attacker may be able to execute arbitrary code. Originally found and posted by AbdulAziz Harir via ZDI.MS12-004 midiOutPlayNextPolyEvent Heap Overflow
http://packetstormsecurity.org/files/109176/ms12_004_midi.rb.txt
This Metasploit module exploits a heap overflow vulnerability in the Windows Multimedia Library (winmm.dll). The vulnerability occurs when parsing specially crafted MIDI files. Remote code execution can be achieved by using Windows Media Player's ActiveX control. Exploitation is done by supplying a specially crafted MIDI file with specific events, causing the offset calculation being higher than how much is available on the heap (0x400 allocated by WINMM!winmmAlloc), and then allowing us to either "inc al" or "dec al" a byte. This can be used to corrupt an array (CImplAry) we setup, and force the browser to confuse types from tagVARIANT objects, which leverages remote code execution under the context of the user. At this time, for IE 8 target, JRE (Java Runtime Environment) is required to bypass DEP (Data Execution Prevention). Note: Based on our testing, the vulnerability does not seem to trigger when the victim machine is operated via rdesktop.AWS Hash Collisions
http://packetstormsecurity.org/files/109175/SA-2012-L119-003.txt
AdaCore Security Advisory - All AWS releases and wavefronts prior to 2012-01-21 suffer from hash collision vulnerabilities.Studio Manolibera Listarivisteuk SQL Injection
http://packetstormsecurity.org/files/109174/smlistarivisteuk-sql.txt
Studio Manolibera's listarivisteuk.php suffers from a remote SQL injection vulnerability.Dark D0rk3r 0.5
http://packetstormsecurity.org/files/109171/darkd0rk3r-0.5.py.txt
Dark D0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors.IBBY SQL Injection
http://packetstormsecurity.org/files/109169/ibbynouvelles-sql.txt
IBBY's nouvelles.php suffers from a remote SQL injection vulnerability.Kraken Payload Generator Beta 1.0
http://packetstormsecurity.org/files/109170/kraken-script.rar
Kraken Payload Generator is a bash script that makes use of msfpayload to generate various shellcode.Fortigate UTM WAF Appliance Cross Site Scripting
http://packetstormsecurity.org/files/109168/VL-144.txt
The Fortigate UTM WAF appliance suffers from persistent and reflective cross site scripting vulnerabilities.Adobe Cross Site Scripting
http://packetstormsecurity.org/files/109167/adobesite-xss.txt
Adobe's forgotten password flow suffers from a cross site scripting vulnerability.Gentoo Linux Security Advisory 201201-16
http://packetstormsecurity.org/files/109166/glsa-201201-16.txt
Gentoo Linux Security Advisory 201201-16 - A debugging functionality in the X.Org X Server that is bound to a hotkey by default can be used by local attackers to circumvent screen locking utilities. Versions less than 2.4.1-r3 are affected.Debian Security Advisory 2396-1
http://packetstormsecurity.org/files/109165/dsa-2396-1.txt
Debian Linux Security Advisory 2396-1 - Nicolae Mogoraenu discovered a heap overflow in the emulated e1000e network interface card of KVM, a solution for full virtualization on x86 hardware, which could result in denial of service or privilege escalation.Debian Security Advisory 2395-1
http://packetstormsecurity.org/files/109164/dsa-2395-1.txt
Debian Linux Security Advisory 2395-1 - Laurent Butti discovered a buffer underflow in the LANalyzer dissector of the Wireshark network traffic analyzer, which could lead to the execution of arbitrary code.Interactive Web Design SQL Injection
http://packetstormsecurity.org/files/109156/interactivewebdesign-sql.txt
Interactive Web Design suffers from a remote SQL injection vulnerability.Global Media Service SQL Injection
http://packetstormsecurity.org/files/109155/gms-sql.txt
Global Media Service suffers from a remote SQL injection vulnerability.Gentoo Linux Security Advisory 201201-15
http://packetstormsecurity.org/files/109154/glsa-201201-15.txt
Gentoo Linux Security Advisory 201201-15 - Two vulnerabilities have been found in ktsuss, allowing local attackers to gain escalated privileges. Versions less than or equal to 1.4 are affected.Debian Security Advisory 2394-1
http://packetstormsecurity.org/files/109153/dsa-2394-1.txt
Debian Linux Security Advisory 2394-1 - Many security problems had been fixed in libxml2, a popular library to handle XML data files.vBSEO 3.6.0 proc_deutf() Remote PHP Code Injection
http://packetstormsecurity.org/files/109179/vbseo-exec.rb.txt
This Metasploit module exploits a vulnerability in the 'proc_deutf()' function defined in /includes/functions_vbseocp_abstract.php. User input passed through 'char_repl' POST parameter isn't properly sanitized before being used in a call to preg_replace() function which uses the 'e' modifier. This can be exploited to inject and execute arbitrary code leveraging the PHP's complex curly syntax.Peel SHOPPING 2.8 / 2.9 Cross Site Scripting / SQL Injection
http://packetstormsecurity.org/files/109130/peelshopping-sqlxss.txt
Peel SHOPPING versions 2.8 and 2.9 suffer from cross site scripting and remote SQL injection vulnerabilities.RSA enVision Variable Disclosure
http://packetstormsecurity.org/files/109129/ESA-2012-007.txt
RSA has announced security fixes to address an environmental variable disclosure vulnerability in RSA enVision 4.x.EMC NetWorker Buffer Overflow
http://packetstormsecurity.org/files/109128/ESA-2012-005.txt
EMC NetWorker Server 7.5.x and 7.6.x contain a buffer overflow vulnerability which may possibly be exploited to cause a denial of service or, possibly, arbitrary code execution.xClick Cart 1.0.1 / 1.0.2 Cross Site Scripting
http://packetstormsecurity.org/files/109126/xclickcart-xss.txt
xClick Cart versions 1.0.1 and 1.0.2 suffer from a cross site scripting vulnerability.Register Plus 3.5.1 Cross Site Scripting / Code Execution
http://packetstormsecurity.org/files/109125/registerplus-shellxss.txt
Register Plus versions 3.5.1 and below for WordPress suffer from code execution, cross site scripting and path disclosure vulnerabilities.Sysax Multi Server 5.50 Create Folder Buffer Overflow
http://packetstormsecurity.org/files/109124/sysax2.rb.txt
This Metasploit module exploits a stack buffer overflow in the create folder function in Sysax Multi Server 5.50. This issue was fixed in 5.52. You must have valid credentials to trigger the vulnerability. Your credentials must also have the create folder permission and the HTTP option has to be enabled. This Metasploit module will log into the server, get your a SID token and then proceed to exploit the server. Successful exploits result in LOCALSYSTEM access. This exploit works on XP and 2003.Cisco Security Advisory 20120126-ironport
http://packetstormsecurity.org/files/109123/cisco-sa-20120126-ironport.txt
Cisco Security Advisory - Cisco IronPort Email Security Appliances (ESA) and Cisco IronPort Security Management Appliances (SMA) contain a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code with elevated privileges. Workarounds that mitigate this vulnerability are available.Info Security News
http://seclists.org/#isn
Carries news items (generally from mainstream sources) that relate to security.DHS disputes memo on purported railway computer breach
http://seclists.org/isn/2012/Jan/80
<p>Posted by InfoSec News on Jan 25</p><a rel="nofollow" href="http://news.cnet.com/8301-27080_3-57366341-245/dhs-disputes-memo-on-purported-railway-computer-breach/">http://news.cnet.com/8301-27080_3-57366341-245/dhs-disputes-memo-on-purported-railway-computer-breach/</a><br>
"Following more in-depth analysis, it appears that...<br>Re: The digital hacktivist
http://seclists.org/isn/2012/Jan/79
<p>Posted by InfoSec News on Jan 25</p>Forwarded from: security curmudgeon <jericho (at) attrition.org><br>
: out of information that is freely available...<br>IT pros say data breach assessment is more valuable than notification, study says
http://seclists.org/isn/2012/Jan/78
<p>Posted by InfoSec News on Jan 25</p><a rel="nofollow" href="http://www.computerworld.com/s/article/9223706/IT_pros_say_data_breach_assessment_is_more_valuable_than_notification_study_says">http://www.computerworld.com/s/article/9223706/IT_pros_say_data_breach_assessment_is_more_valuable_than_notification_study_says</a><br>
the day the European Union's proposed a...<br>DOD to allow Android on classified networks
http://seclists.org/isn/2012/Jan/77
<p>Posted by InfoSec News on Jan 25</p><a rel="nofollow" href="http://fcw.com/articles/2012/01/24/android-smart-phones-tablets-classified-sipr-network.aspx">http://fcw.com/articles/2012/01/24/android-smart-phones-tablets-classified-sipr-network.aspx</a><br>
approving the standards, according to Michael...<br>Symantec advises users to turn off PCAnywhere in hack aftermath
http://seclists.org/isn/2012/Jan/76
<p>Posted by InfoSec News on Jan 25</p><a rel="nofollow" href="http://www.v3.co.uk/v3-uk/news/2141452/symantec-advises-users-pcanywhere-hack-aftermath">http://www.v3.co.uk/v3-uk/news/2141452/symantec-advises-users-pcanywhere-hack-aftermath</a><br>
attackers gaining access to...<br>Newt Threatens China and Russia With Cyberwar
http://seclists.org/isn/2012/Jan/75
<p>Posted by InfoSec News on Jan 25</p><a rel="nofollow" href="http://www.wired.com/dangerroom/2012/01/newt-goes-to-cyberwar/">http://www.wired.com/dangerroom/2012/01/newt-goes-to-cyberwar/</a><br>
“I think that we have to treat state-based covert activities as the...<br>Royal Canadian Navy officer charged with espionage
http://seclists.org/isn/2012/Jan/74
<p>Posted by InfoSec News on Jan 25</p><a rel="nofollow" href="http://www.theargus.ca/articles/news/2012/01/royal-canadian-navy-officer-charged-with-espionage">http://www.theargus.ca/articles/news/2012/01/royal-canadian-navy-officer-charged-with-espionage</a><br>
of Information Act, which superseded the Official Secrets Act shortly...<br>10K Reasons to Worry About Critical Infrastructure
http://seclists.org/isn/2012/Jan/73
<p>Posted by InfoSec News on Jan 24</p><a rel="nofollow" href="http://www.wired.com/threatlevel/2012/01/10000-control-systems-online/">http://www.wired.com/threatlevel/2012/01/10000-control-systems-online/</a><br>
Infrastructure software vendors and critical...<br>Microsoft Names Alleged Botnet Operator Behind Kelihos
http://seclists.org/isn/2012/Jan/72
<p>Posted by InfoSec News on Jan 24</p><a rel="nofollow" href="http://www.darkreading.com/insider-threat/167801100/security/client-security/232500407/microsoft-names-alleged-botnet-operator-behind-kelihos.html">http://www.darkreading.com/insider-threat/167801100/security/client-security/232500407/microsoft-names-alleged-botnet-operator-behind-kelihos.html</a><br>
been added to...<br>Linux vendors rush to patch privilege escalation flaw after root exploits emerge
http://seclists.org/isn/2012/Jan/71
<p>Posted by InfoSec News on Jan 24</p><a rel="nofollow" href="http://www.computerworld.com/s/article/9223675/Linux_vendors_rush_to_patch_privilege_escalation_flaw_after_root_exploits_emerge">http://www.computerworld.com/s/article/9223675/Linux_vendors_rush_to_patch_privilege_escalation_flaw_after_root_exploits_emerge</a><br>
by JA1/4ri Aedla and...<br>Navy faces crushing demand for information warfare systems
http://seclists.org/isn/2012/Jan/70
<p>Posted by InfoSec News on Jan 24</p><a rel="nofollow" href="http://www.nextgov.com/nextgov/ng_20120124_9453.php">http://www.nextgov.com/nextgov/ng_20120124_9453.php</a><br>
Last year, the Navy installed...<br>The digital hacktivist
http://seclists.org/isn/2012/Jan/69
<p>Posted by InfoSec News on Jan 24</p><a rel="nofollow" href="http://www.livemint.com/2012/01/24210113/The-digital-hacktivist.html">http://www.livemint.com/2012/01/24210113/The-digital-hacktivist.html</a><br>
<a rel="nofollow" href="http://securityerrata.org/errata/charlatan/ankit_fadia/">http://securityerrata.org/errata/charlatan/ankit_fadia/</a> -...<br>Hackers manipulated railway computers, TSA memo says
http://seclists.org/isn/2012/Jan/68
<p>Posted by InfoSec News on Jan 24</p><a rel="nofollow" href="http://www.nextgov.com/nextgov/ng_20120123_3491.php">http://www.nextgov.com/nextgov/ng_20120123_3491.php</a><br>
while" and...<br>U.S. Government Online Security Website Hacked
http://seclists.org/isn/2012/Jan/67
<p>Posted by InfoSec News on Jan 24</p><a rel="nofollow" href="http://www.pcworld.com/businesscenter/article/248644/us_government_online_security_website_hacked.html">http://www.pcworld.com/businesscenter/article/248644/us_government_online_security_website_hacked.html</a><br>
threatened "a...<br>Cameras May Open Up the Board Room to Hackers
http://seclists.org/isn/2012/Jan/66
<p>Posted by InfoSec News on Jan 24</p><a rel="nofollow" href="http://www.nytimes.com/2012/01/23/technology/flaws-in-videoconferencing-systems-put-boardrooms-at-risk.html">http://www.nytimes.com/2012/01/23/technology/flaws-in-videoconferencing-systems-put-boardrooms-at-risk.html</a><br>
occasionally zooming...<br>Metasploit
http://seclists.org/#metasploit
Development discussion for <a href="http://metasploit.com/">Metasploit</a>, the premier open source remote exploitation toolRe: wdbrpc_memory_dump.rb bug and question
http://seclists.org/metasploit/2012/q1/45
<p>Posted by Robin Wood on Jan 25</p>The only reason I moved the original file away was in case it<br>
some time in the future....<br>Re: wdbrpc_memory_dump.rb bug and question
http://seclists.org/metasploit/2012/q1/44
<p>Posted by Joshua J. Drake on Jan 25</p>Robin,<br>
supported. This is due to some strangeness with ruby's...<br>Re: wdbrpc_memory_dump.rb bug and question
http://seclists.org/metasploit/2012/q1/43
<p>Posted by Robin Wood on Jan 25</p>I've just reproduced this showing the directory exists but the file<br>
[*] Dumping 0x10000000 bytes from base...<br>Re: mssql_enum bug
http://seclists.org/metasploit/2012/q1/42
<p>Posted by Robin Wood on Jan 24</p>I've created a ticket for it, I'll see about getting a PCAP but it is<br>
Robin<br>Re: wdbrpc_memory_dump.rb bug and question
http://seclists.org/metasploit/2012/q1/41
<p>Posted by Robin Wood on Jan 24</p>The directory existed. I had started dumping with a 2 on the end and<br>
Robin<br>Re: mssql_enum bug
http://seclists.org/metasploit/2012/q1/40
<p>Posted by HD Moore on Jan 24</p>Our hand-coded MSSQL driver likely can't cope with MSSQL 7 - a Redmine<br>
-HD<br>Re: wdbrpc_memory_dump.rb bug and question
http://seclists.org/metasploit/2012/q1/39
<p>Posted by HD Moore on Jan 24</p>This is a problem with your local filesystem - you may need to mkdir<br>
-HD<br>Re: http_ntlm module output file format
http://seclists.org/metasploit/2012/q1/38
<p>Posted by Robin Wood on Jan 24</p>I was planning to have a go, just wanted to check there was no reason<br>
Robin<br>Re: http_ntlm module output file format
http://seclists.org/metasploit/2012/q1/37
<p>Posted by Tod Beardsley on Jan 24</p>The SMB capture module will output a John the Ripper compatible file.<br>
Robin...<br>http_ntlm module output file format
http://seclists.org/metasploit/2012/q1/36
<p>Posted by Robin Wood on Jan 24</p>I'm playing with NBNS spoofing from this post on Packetstan<br>
Robin<br>Re: mssql_enum bug
http://seclists.org/metasploit/2012/q1/35
<p>Posted by Robin Wood on Jan 24</p>I just tried to connect to this with the MS SQL Enterprise Manager<br>
Robin<br>mssql_enum bug
http://seclists.org/metasploit/2012/q1/34
<p>Posted by Robin Wood on Jan 24</p>Everything is set correctly and Nessus reported the install as having<br>
the specified...<br>wdbrpc_memory_dump.rb bug and question
http://seclists.org/metasploit/2012/q1/33
<p>Posted by Robin Wood on Jan 24</p>First the bug, I think this is because I set an offset but pointed it<br>
/Users/robin/.msf4/logs/vxworks_memory3.dump...<br>Re: H.D. Moore in NY Times
http://seclists.org/metasploit/2012/q1/32
<p>Posted by HD Moore on Jan 23</p>Additional information on the blog:<br>
<a rel="nofollow" href="https://community.rapid7.com/community/solutions/metasploit/blog/2012/01/23/video-conferencing-and-self-selecting-targets">https://community.rapid7.com/community/solutions/metasploit/blog/2012/01/23/video-conferencing-and-self-selecting-targets</a><br>Re: possible bug in auxiliary/gather/shodan_search
http://seclists.org/metasploit/2012/q1/31
<p>Posted by Jonathan Cran on Jan 23</p>BG - I believe this has been resolved in the trunk by sinn3r, can you<br>
jcran<br>Microsoft Sec Notification
http://seclists.org/#microsoft
Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.Microsoft Security Bulletin Minor Revisions
http://seclists.org/microsoft/2012/q1/10
<p>Posted by Microsoft on Jan 27</p>********************************************************************<br>
* MS12-004 -...<br>Microsoft Security Bulletin Minor Revisions
http://seclists.org/microsoft/2012/q1/9
<p>Posted by Microsoft on Jan 24</p>********************************************************************<br>
=====================...<br>Microsoft Security Bulletin Minor Revisions
http://seclists.org/microsoft/2012/q1/8
<p>Posted by Microsoft on Jan 18</p>********************************************************************<br>
Bulletin Information:...<br>Microsoft Security Bulletin Minor Revisions
http://seclists.org/microsoft/2012/q1/7
<p>Posted by Microsoft on Jan 17</p>********************************************************************<br>
-...<br>Microsoft Security Bulletin Minor Revisions
http://seclists.org/microsoft/2012/q1/6
<p>Posted by Microsoft on Jan 16</p>********************************************************************<br>
* MS12-007 - Important...<br>Microsoft Security Bulletin Re-Releases
http://seclists.org/microsoft/2012/q1/5
<p>Posted by Microsoft on Jan 11</p>********************************************************************<br>
* MS12-007 -...<br>Microsoft Security Bulletin Minor Revisions
http://seclists.org/microsoft/2012/q1/4
<p>Posted by Microsoft on Jan 11</p>********************************************************************<br>
-...<br>Microsoft Security Bulletin Summary for January 2012
http://seclists.org/microsoft/2012/q1/3
<p>Posted by Microsoft on Jan 10</p>********************************************************************<br>
With...<br>Microsoft Security Advisory Notification
http://seclists.org/microsoft/2012/q1/2
<p>Posted by Microsoft on Jan 10</p>********************************************************************<br>
-...<br>Microsoft Security Bulletin Minor Revisions
http://seclists.org/microsoft/2012/q1/1
<p>Posted by Microsoft on Jan 10</p>********************************************************************<br>
* MS11-099 - Important...<br>Microsoft Security Bulletin Advance Notification for January 2012
http://seclists.org/microsoft/2012/q1/0
<p>Posted by Microsoft on Jan 08</p>********************************************************************<br>
Notification for January 2012 can be found at...<br>Microsoft Security Bulletin Minor Revisions
http://seclists.org/microsoft/2011/q4/33
<p>Posted by Microsoft on Dec 30</p>********************************************************************<br>
* MS11-100 - Critical...<br>Microsoft Security Advisory Notification
http://seclists.org/microsoft/2011/q4/32
<p>Posted by Microsoft on Dec 29</p>********************************************************************<br>
-...<br>Microsoft Security Bulletin Summary for December 2011
http://seclists.org/microsoft/2011/q4/31
<p>Posted by Microsoft on Dec 29</p>********************************************************************<br>
December 2011 can be found at...<br>Microsoft Security Bulletin Advance Notification for December 2011
http://seclists.org/microsoft/2011/q4/30
<p>Posted by Microsoft on Dec 28</p>********************************************************************<br>
Notification for December 2011 can be...<br>Nmap Development
http://seclists.org/#nmap-dev
Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to <A HREF="http://nmap.org">Nmap</A> and related projects. Subscribe <a href="http://cgi.insecure.org/mailman/listinfo/nmap-dev">here</a>.New VA Modules: MSF: 2, Nessus: 11
http://seclists.org/nmap-dev/2012/q1/245
<p>Posted by New VA Module Alert Service on Jan 28</p>This report describes any new scripts/modules/exploits added to Nmap,<br>
VMWare...<br>Re: Exception fail / crash
http://seclists.org/nmap-dev/2012/q1/244
<p>Posted by Henri Doreau on Jan 27</p>2012/1/27 Henri Doreau <henri.doreau () gmail com>:<br>
Regards.<br>Re: Exception fail / crash
http://seclists.org/nmap-dev/2012/q1/243
<p>Posted by Henri Doreau on Jan 27</p>2012/1/27 David Fifield <david () bamsoftware com>:<br>
with the bitfields used by select(), but that's expensive...<br>Re: Exception fail / crash
http://seclists.org/nmap-dev/2012/q1/242
<p>Posted by David Fifield on Jan 27</p>Can you describe the bug and fix?<br>
David Fifield<br>New VA Modules: NSE: 3, OpenVAS: 2, MSF: 3, Nessus: 10
http://seclists.org/nmap-dev/2012/q1/241
<p>Posted by New VA Module Alert Service on Jan 27</p>This report describes any new scripts/modules/exploits added to Nmap,<br>
allowing access are marked using the keyword Willing in...<br>Re: Exception fail / crash
http://seclists.org/nmap-dev/2012/q1/240
<p>Posted by Henri Doreau on Jan 27</p>2012/1/27 Ron <ron () skullsecurity net>:<br>
Thanks for testing, I have committed it as r27935.<br>Re: Exception fail / crash
http://seclists.org/nmap-dev/2012/q1/239
<p>Posted by Ron on Jan 27</p>The patch fixed the issue. Thanks!<br>
Ron<br>Re: Exception fail / crash
http://seclists.org/nmap-dev/2012/q1/238
<p>Posted by Henri Doreau on Jan 27</p>2012/1/27 Ron <ron () skullsecurity net>:<br>
Regards.<br>Re: Exception fail / crash
http://seclists.org/nmap-dev/2012/q1/237
<p>Posted by Ron on Jan 27</p>I got it loaded in gdb. I don't really know how to use gdb, though, so let me know if there are any commands you want <br>
ms=<optimized out>,...<br>Re: Exception fail / crash
http://seclists.org/nmap-dev/2012/q1/236
<p>Posted by Henri Doreau on Jan 27</p>2012/1/27 Ron <ron () skullsecurity net>:<br>
Regards.<br>Exception fail / crash
http://seclists.org/nmap-dev/2012/q1/235
<p>Posted by Ron on Jan 27</p>Hey,<br>
not *fuzz* and not *firewalk* and not...<br>New VA Modules: OpenVAS: 2, MSF: 1, Nessus: 28
http://seclists.org/nmap-dev/2012/q1/234
<p>Posted by New VA Module Alert Service on Jan 26</p>This report describes any new scripts/modules/exploits added to Nmap,<br>
EPractize Labs Subscription Manager 'showImg.php' PHP Code Injection...<br>Re: Unused captures in nmap-service-probes
http://seclists.org/nmap-dev/2012/q1/233
<p>Posted by David Fifield on Jan 26</p>Thank you. This was very helpful. I committed your patch, some<br>
David Fifield<br>New VA Modules: NSE: 2, OpenVAS: 25, Nessus: 26
http://seclists.org/nmap-dev/2012/q1/232
<p>Posted by New VA Module Alert Service on Jan 25</p>This report describes any new scripts/modules/exploits added to Nmap,<br>
r27899 iax2-brute...<br>Problems downloading
http://seclists.org/nmap-dev/2012/q1/231
<p>Posted by Brian Poppe on Jan 24</p>Your servers are constantly timing out when trying to download the Windows installer. The speeds will be 140-150KB/s <br>
Just...<br>Nmap Hackers
http://seclists.org/#nmap-hackers
Moderated list for the most important new releases and announcements regarding the <A HREF="http://nmap.org">Nmap Security Scanner</A> and related projects. We recommend that all Nmap users <a href="http://cgi.insecure.org/mailman/listinfo/nmap-hackers">subscribe</a>.Updates on Download.Com caught adding malware to Nmap installer
http://seclists.org/nmap-hackers/2011/6
<p>Posted by Fyodor on Dec 06</p>Hi Folks. A lot has happened since yesterday's email about<br>
software as a gift to the community, only to have it used as bait by...<br>C|Net Download.Com is now bundling Nmap with malware!
http://seclists.org/nmap-hackers/2011/5
<p>Posted by Fyodor on Dec 05</p>Hi Folks. I've just discovered that C|Net's Download.Com site has<br>
The way it works is that C|Net's download page (screenshot attached)...<br>SecTools.Org relaunched based on your survey responses!
http://seclists.org/nmap-hackers/2011/4
<p>Posted by Fyodor on Nov 04</p>Hi folks! Remember the latest Nmap survey that almost 3,000 of you<br>
lets you nominate your...<br>Nmap 5.59BETA1 Released!
http://seclists.org/nmap-hackers/2011/3
<p>Posted by Fyodor on Jun 30</p>Hi Folks. Other than the recent informal IPv6 commemorative edition,<br>
o 40 new...<br>Happy World IPv6 Day From the Nmap Project!
http://seclists.org/nmap-hackers/2011/2
<p>Posted by Fyodor on Jun 08</p>Hi Folks. You have probably heard that today is World IPv6 Day, with<br>
That system now has native IPv6 support. So...<br>Nmap 5.51 and SoC Opportunity
http://seclists.org/nmap-hackers/2011/1
<p>Posted by Fyodor on Apr 05</p>Hi Folks! I'm happy to report that the Nmap 5.50 release was a big<br>
threat to...<br>Nmap 5.50: Now with Gopher protocol support!
http://seclists.org/nmap-hackers/2011/0
<p>Posted by Fyodor on Jan 28</p>Hi folks! It has been a year since the last Nmap stable release<br>
application protocols,...<br>Nmap Defcon Release: Version 5.35DC1
http://seclists.org/nmap-hackers/2010/7
<p>Posted by Fyodor on Jul 16</p>Hi folks. It has been 3.5 months since the last Nmap release<br>
Hat in a couple weeks (see...<br>Nmap News and Last Chance to Take the Survey
http://seclists.org/nmap-hackers/2010/6
<p>Posted by Fyodor on Apr 30</p>Hi Folks. I have some Nmap news to share with you:<br>
Drazen Popovic and Djalal Harouni will be...<br>Survey Reminder
http://seclists.org/nmap-hackers/2010/5
<p>Posted by Fyodor on Apr 14</p>Hi folks, I have a quick question for you:<br>
survey up, tabulate and share results, choose the prize winners,...<br>Nmap/SecTools Survey and GSoC Deadline
http://seclists.org/nmap-hackers/2010/4
<p>Posted by Fyodor on Apr 07</p>Hello everyone. I hope you're enjoying the 5.30BETA1 release. So far<br>
summer! SoC...<br>Nmap 5.30BETA1 Released w/37 new scripts and new Apple vuln
http://seclists.org/nmap-hackers/2010/3
<p>Posted by Fyodor on Mar 29</p>Hi folks! It has been two months since the 5.21 release and we've<br>
ipidseq. Learn about them all at...<br>Nmap 5.21 released
http://seclists.org/nmap-hackers/2010/2
<p>Posted by Fyodor on Jan 27</p>Hello everyone. I'm pleased to release Nmap 5.21, which contains zero<br>
development projects. If you want to...<br>Lots of Nmap News
http://seclists.org/nmap-hackers/2010/1
<p>Posted by Fyodor on Jan 22</p>Hi folks. I'm happy to report that the 5.20 release went well. But<br>
If you're running from a build of the latest SVN...<br>Nmap 5.20 Released
http://seclists.org/nmap-hackers/2010/0
<p>Posted by Fyodor on Jan 20</p>Happy new year, everyone. I'm happy to announce Nmap 5.20--our first<br>
o massive OS and version detection DB updates (10,000+ signatures)...<br>OpenVAS
http://seclists.org/#openvas
Development and announcements regarding <a href="http://www.openvas.com/">OpenVAS</a>, a free network security scanner which forked from Nessus. This is a combination of the English openvas-announce, openvas-devel, openvas-discuss, and openvas-plugins lists.Windows 7 scan
http://seclists.org/openvas/2012/q1/114
<p>Posted by Guillaume Castagnino on Jan 27</p>Hi,<br>
For point...<br>smb_reg_service_pack.nasl (10401)
http://seclists.org/openvas/2012/q1/113
<p>Posted by Guillaume Castagnino on Jan 27</p>Hi list,<br>
report = string("The ", winName, " ",...<br>Re: gsad not responding -> 100% CPU
http://seclists.org/openvas/2012/q1/112
<p>Posted by Andreas Pflug on Jan 27</p>Am 27.01.12 15:17, schrieb Andreas Pflug:<br>
I'm talking about gsad 2.0.1.<br>gsad not responding -> 100% CPU
http://seclists.org/openvas/2012/q1/111
<p>Posted by Andreas Pflug on Jan 27</p>When connecting to gsad via port 9392, the daemon will enter an endless<br>
this, the daemon has to be killed.<br>Re: Small bug in vnc_security_types.nasl
http://seclists.org/openvas/2012/q1/110
<p>Posted by Michael Meyer on Jan 27</p>Hello,<br>
Micha <br>Task startup takes forever
http://seclists.org/openvas/2012/q1/109
<p>Posted by Derek Wuelfrath on Jan 26</p>Hi list,<br>
132761198046E74B...<br>Small bug in vnc_security_types.nasl
http://seclists.org/openvas/2012/q1/108
<p>Posted by Torbjorn . Wictorin on Jan 26</p>hello,<br>
Uppsala...<br>Re: Regression GSD1.20->1.21: can't save report
http://seclists.org/openvas/2012/q1/107
<p>Posted by Andreas Pflug on Jan 26</p>Am 26.01.2012 20:55, schrieb Matthew Mundell:<br>
All versions are the latest from the debian 6 repository, it's 2.0.4.<br>Re: Regression GSD1.20->1.21: can't save report
http://seclists.org/openvas/2012/q1/106
<p>Posted by Matthew Mundell on Jan 26</p>Thanks Andreas. This sounds related to the OMP time format change. Which<br>
version of OpenVAS Manager are you using?<br>Re: Downtime next monday (30th)
http://seclists.org/openvas/2012/q1/105
<p>Posted by Jan-Oliver Wagner on Jan 26</p>You mean www.openvas.com I guess.<br>
Jan<br>GSD schedule ignores start date/time
http://seclists.org/openvas/2012/q1/104
<p>Posted by Andreas Pflug on Jan 26</p>Creating a schedule using GSD 1.2.1 doesn't allow setting the start date<br>
and time; the current date and time is always used.<br>Re: Downtime next monday (30th)
http://seclists.org/openvas/2012/q1/103
<p>Posted by Tim Brown on Jan 26</p>Any chance to use the US mirror for the website?<br>
Tim<br>Regression GSD1.20->1.21: can't save report
http://seclists.org/openvas/2012/q1/102
<p>Posted by Andreas Pflug on Jan 26</p>With GSD 1.2.1, saving of reports fails silently on Windows as well as<br>
Andreas<br>Downtime next monday (30th)
http://seclists.org/openvas/2012/q1/101
<p>Posted by Jan-Oliver Wagner on Jan 26</p>Hello,<br>
Jan<br>Install instructions on Debian6
http://seclists.org/openvas/2012/q1/100
<p>Posted by Andreas Pflug on Jan 25</p>The installation instructions at<br>
Andreas<br>Open Source Security
http://seclists.org/#oss-sec
Discussion of security flaws, concepts, and practices in the Open Source community(maybe) CVE request: libvpx before 1.0 crasher
http://seclists.org/oss-sec/2012/q1/315
<p>Posted by Hanno Böck on Jan 28</p>libvpx (webm library) has released a new version that fixes a crasher<br>
(e.g. backends of video...<br>Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients
http://seclists.org/oss-sec/2012/q1/314
<p>Posted by Kurt Seifried on Jan 27</p>Confirmed the code is basically identical, didn't actually run them to<br>
test (since it's been fixed in OpenBSD for quite some time now).<br>Re: non-Linux advance notification list
http://seclists.org/oss-sec/2012/q1/313
<p>Posted by Solar Designer on Jan 27</p>Hi,<br>
Or a port-security@ exploder that you're...<br>Re: non-Linux advance notification list
http://seclists.org/oss-sec/2012/q1/312
<p>Posted by Stuart Henderson on Jan 27</p>Could you add myself for OpenBSD ports please? If acceptable I'll send a<br>
public key out of band. Thanks.<br>Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients
http://seclists.org/oss-sec/2012/q1/311
<p>Posted by Kurt Seifried on Jan 27</p>Ok so we (myself and vdanen () redhat com) have done some more research and<br>
debug1: Remote: Forced...<br>Re: non-Linux advance notification list
http://seclists.org/oss-sec/2012/q1/310
<p>Posted by Solar Designer on Jan 27</p>...<br>
Alexander<br>Re: non-Linux advance notification list
http://seclists.org/oss-sec/2012/q1/309
<p>Posted by Solar Designer on Jan 27</p>...<br>
Alexander<br>Re: Subscribe to linux-distros
http://seclists.org/oss-sec/2012/q1/308
<p>Posted by Ramon de C Valle on Jan 27</p>Thanks.<br>Re: Subscribe to linux-distros
http://seclists.org/oss-sec/2012/q1/307
<p>Posted by Solar Designer on Jan 27</p>Subscribed.<br>
Alexander<br>Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients
http://seclists.org/oss-sec/2012/q1/306
<p>Posted by Yves-Alexis Perez on Jan 27</p>That was my question, in fact. Are separate keys (to the same user<br>
Regards,<br>Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients
http://seclists.org/oss-sec/2012/q1/305
<p>Posted by Kurt Seifried on Jan 27</p>I created three separate keys, so three separate accounts. I can't see<br>
some automated job by the backup user) for example.<br>Re: Subscribe to linux-distros
http://seclists.org/oss-sec/2012/q1/304
<p>Posted by Kurt Seifried on Jan 27</p>I can confirm he is.<br>Re: CVE request: PostfixAdmin SQL injections and XSS
http://seclists.org/oss-sec/2012/q1/303
<p>Posted by Christian Boltz on Jan 27</p>Hello,<br>
which was found by Matthias Bethke <msbethke [at] sourceforge...<br>Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients
http://seclists.org/oss-sec/2012/q1/302
<p>Posted by Yves-Alexis Perez on Jan 27</p>By the way, is the ForceCommand (and other directives) really supposed<br>
Regards,<br>Subscribe to linux-distros
http://seclists.org/oss-sec/2012/q1/301
<p>Posted by Ramon de C Valle on Jan 27</p>Hi Solar,<br>
sub...<br>PaulDotCom
http://seclists.org/#pauldotcom
General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.XSS challenge, Filter #2 is up, can you break it?
http://seclists.org/pauldotcom/2012/q1/114
<p>Posted by Abraham Aranguren on Jan 28</p>Hi folks,<br>
Thanks for trying!<br>Re: Bitcasa invites
http://seclists.org/pauldotcom/2012/q1/113
<p>Posted by Frank Forresrer on Jan 24</p>I have infinite invites now.<br>
Sent from my iPod<br>Re: CC numbers stored on planes
http://seclists.org/pauldotcom/2012/q1/112
<p>Posted by David Freedman on Jan 24</p>Agreed. We already agreed that the log server and anywhere that data gets<br>
We have included this DB as an in scope system as per...<br>Re: CC numbers stored on planes
http://seclists.org/pauldotcom/2012/q1/111
<p>Posted by Robin Wood on Jan 24</p>One place I've found that isn't always automatically considered in scope is<br>
that machine isn't in the normal flow of data so people forget...<br>Re: CC numbers stored on planes
http://seclists.org/pauldotcom/2012/q1/110
<p>Posted by Tony Turner on Jan 24</p>Not yet. The SIG is moving very slowly. The only things I've seen so far are a comprehensive problem statement <br>
together and the issues that are preventing airlines from becoming compliant....<br>Re: CC numbers stored on planes
http://seclists.org/pauldotcom/2012/q1/109
<p>Posted by David Freedman on Jan 24</p>I love Robin's point about being concerned with the assessor's abilities to<br>
solid compensating controls for the airlines? I mean this with...<br>Re: CC numbers stored on planes
http://seclists.org/pauldotcom/2012/q1/108
<p>Posted by Scott Rosenthal on Jan 24</p>My response wasn't about assuming that they were PCI compliant I was<br>
question was that he was merely questioning the storage of those cards. I...<br>Re: Bitcasa invites
http://seclists.org/pauldotcom/2012/q1/107
<p>Posted by Xavier Mertens on Jan 24</p>Am I not too late? Still one available? <br>
Tx!<br>Re: CC numbers stored on planes
http://seclists.org/pauldotcom/2012/q1/106
<p>Posted by Robin Wood on Jan 24</p><br>Re: CC numbers stored on planes
http://seclists.org/pauldotcom/2012/q1/105
<p>Posted by Bill Swearingen on Jan 24</p>Trent and I have discussed this with a stewardess, yes it is stored into<br>
stripe data on a valid...<br>Re: CC numbers stored on planes
http://seclists.org/pauldotcom/2012/q1/104
<p>Posted by Tony Turner on Jan 24</p>Many airlines are not PCI compliant. There are complexities to their business model with airports, common use platforms <br>
Sent from Yahoo! Mail on Android<br>Re: CC numbers stored on planes
http://seclists.org/pauldotcom/2012/q1/103
<p>Posted by Scott Rosenthal on Jan 24</p>Hi Robin, here in the states many if not all of the airlines are required<br>
Scott<br>Re: Bitcasa invites
http://seclists.org/pauldotcom/2012/q1/102
<p>Posted by Udiggity on Jan 24</p>I'd love one of you have any more<br>
Please excuse typos, I'm on my mobile<br>Re: CC numbers stored on planes
http://seclists.org/pauldotcom/2012/q1/101
<p>Posted by Bacon Zombie on Jan 24</p>the fact that you can use a CC that is 10 years out of date I'm sure they<br>
On Jan 24, 2012 5:43 AM, "Robin Wood" <robin () digininja org> wrote:<br>CC numbers stored on planes
http://seclists.org/pauldotcom/2012/q1/100
<p>Posted by Robin Wood on Jan 23</p>I've been on quite a few planes where the duty free and the bar allow<br>
Robin<br>Penetration Testing
http://seclists.org/#pen-test
While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.[HITB-Announce] Reminder: HITB2012AMS Call For Papers Closing Soon
http://seclists.org/pen-test/2012/Jan/14
<p>Posted by Hafez Kamal on Jan 27</p>This is a gentle reminder that the Call for Papers for the third annual<br>
featuring keynote speakers Andy Ellis (Chief...<br>DoS attacks using Exploit Pack
http://seclists.org/pen-test/2012/Jan/13
<p>Posted by noreply on Jan 22</p>DoS attacks by using Exploit Pack<br>
<a rel="nofollow" href="http://exploitpack.com">http://exploitpack.com</a>...<br>Technology Neutral Healthcheck
http://seclists.org/pen-test/2012/Jan/12
<p>Posted by cribbar on Jan 19</p>Can I ask if any of you have roles as security admins or managers if you have<br>
3rd party offering a solution/application for you that will give...<br>Re: Goofile 1.0 - Command line google search for files by domain
http://seclists.org/pen-test/2012/Jan/11
<p>Posted by James Condron on Jan 18</p>Tom,<br>
then having this value set to...<br>Exploit Pack - New release
http://seclists.org/pen-test/2012/Jan/10
<p>Posted by noreply on Jan 18</p>Exploit Pack is a Security Tool that will assist you while you test the <br>
Make your workstation safe by testing it...<br>Goofile 1.0 - Command line google search for files by domain
http://seclists.org/pen-test/2012/Jan/9
<p>Posted by tom on Jan 18</p>Greetings!<br>
Prove to peers and potential employers without a doubt that you can actually do a proper penetration...<br>Re: Best route to penetration testing learning
http://seclists.org/pen-test/2012/Jan/8
<p>Posted by wlandymore on Jan 11</p>Thanks for the tips guys. I've seen the offensive-security.com website and I<br>
Archangel Amael wrote:<br>Re: Best route to penetration testing learning
http://seclists.org/pen-test/2012/Jan/7
<p>Posted by robertwood50 on Jan 07</p>The SANS courses are pretty good in that you will actually be learning useful information, not just information <br>
it is put into practice. For reading I would...<br>Re: Best route to penetration testing learning
http://seclists.org/pen-test/2012/Jan/6
<p>Posted by Archangel Amael on Jan 07</p>Hello,<br>
metasploit and some other pentesting tools, check out...<br>Best route to penetration testing learning
http://seclists.org/pen-test/2012/Jan/5
<p>Posted by wlandymore on Jan 06</p>I'm new to penetration testing and recently took the CEH. I found that it was<br>
Thanks.<br>AppSec DC 2012 CFP EXTENDED!
http://seclists.org/pen-test/2012/Jan/4
<p>Posted by AppSec DC on Jan 06</p>All,<br>
move the platform we ask that...<br>Arachni v0.4 has been released (Open Source Web Application Security Scanner Framework)
http://seclists.org/pen-test/2012/Jan/3
<p>Posted by Tasos Laskos on Jan 06</p>Hi guys,<br>
* Updated WebUI to provide access to HPG...<br>RE: Nmap
http://seclists.org/pen-test/2012/Jan/2
<p>Posted by S Walker on Jan 02</p>Just an added note to the current replies (which are all great for hosts not in the local broadcast domain): It is <br>
----------------------------------------...<br>Re: Nmap
http://seclists.org/pen-test/2012/Jan/1
<p>Posted by Juan Pablo on Jan 02</p>Sorry for the late answer...<br>
Here...<br>[TOOL RELEASE] Technitium MAC Address Changer v6 (FREEWARE)
http://seclists.org/pen-test/2012/Jan/0
<p>Posted by Shreyas Zare on Jan 02</p>Hi,<br>
windows drivers to access Ethernet Network (LAN)....<br>The Passive Vulnerability Scanner (PVS) Plugins
http://www.tenablesecurity.com/tenable_plugins.pdf
All the newest security checks for the Tenable Passive Vulnerability Scanner (PVS)PVS Pluginshttp://www.tenablesecurity.com/images/RssLogo.jpg
http://www.tenablesecurity.com/
CentOS version detection
INFO
Copyright Tenable Network Security Inc. 2012]]>
http://www.tenablesecurity.com/6296.html
Opera < 11.61 Multiple Vulnerabilities
HIGH
Copyright Tenable Network Security Inc. 2012]]>
http://www.tenablesecurity.com/6295.html
Google Chrome < 16.0.912.77 Multiple Vulnerabilities
Copyright Tenable Network Security Inc. 2012]]>
http://www.tenablesecurity.com/6294.html
Schweitzer Engineering Laboratories (SEL) Management Server Detection (SCADA) default level 1 credentials
MEDIUM
Copyright Tenable Network Security Inc. 2012]]>
http://www.tenablesecurity.com/6293.html
Netwave Video server detection
INFO
Copyright Tenable Network Security Inc. 2012]]>
http://www.tenablesecurity.com/6292.html
SIP server deteciton
INFO
Copyright Tenable Network Security Inc. 2012]]>
http://www.tenablesecurity.com/6291.html
DCS Video server deteciton
INFO
Copyright Tenable Network Security Inc. 2012]]>
http://www.tenablesecurity.com/6290.html
Polycom Audio/Video server detection
INFO
Copyright Tenable Network Security Inc. 2012]]>
http://www.tenablesecurity.com/6289.html
OpenSSL 0.9.8s / 1.0.0f DTLS Denial of Service
Copyright Tenable Network Security Inc. 2012]]>
http://www.tenablesecurity.com/6288.html
Modicon PLC HTTP Default Account/Password Detection (SCADA)
HIGH