Welcome to the ThreatPerspective Security Information Center
Welcome to the ThreatPerspective Security Information Center.
This is a portal site created by ThreatPerspective to enable our clients and other interested parties to learn more about Information Security.
Bugtraq
http://seclists.org/#bugtraq
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently![SECURITY] [DSA 2077-1] New openldap packages fix potential code execution
http://seclists.org/bugtraq/2010/Jul/264
<p>Posted by Florian Weimer on Jul 29</p>------------------------------------------------------------------------<br>
Problem type : remote...<br>[HITB-Ann] Reminder: HITB2010 Malaysia Call for Papers Closing August 9th
http://seclists.org/bugtraq/2010/Jul/263
<p>Posted by Hafez Kamal on Jul 29</p>This is a reminder that the Call for Papers for Asia's largest network<br>
Venue: Crowne Plaza Mutiara Kuala Lumpur...<br>CFP NcN 2010
http://seclists.org/bugtraq/2010/Jul/262
<p>Posted by Jose Nicolas Castellano on Jul 29</p>*************************************************<br>
** What is No cON Name...<br>[ MDVSA-2010:142 ] openldap
http://seclists.org/bugtraq/2010/Jul/261
<p>Posted by security on Jul 29</p> _______________________________________________________________________<br>
Enterprise Server 5.0...<br>PBBooking 1.0.4_3 Joomla Component Multiple Blind SQL Injection
http://seclists.org/bugtraq/2010/Jul/260
<p>Posted by Salvatore Fresta aka Drosophila on Jul 29</p>PBBooking 1.0.4_3 Joomla Component Multiple Blind SQL Injection<br>
IV....<br>[security bulletin] HPSBUX02556 SSRT100014 rev.2 - HP-UX Running rpc.ttdbserver, Remote Execution of Arbitrary Code
http://seclists.org/bugtraq/2010/Jul/259
<p>Posted by security-alert on Jul 29</p>SUPPORT COMMUNICATION - SECURITY BULLETIN<br>
Source: Hewlett-Packard Company, HP Software Security Response Team...<br>New vulnerabilities in Cetera eCommerce
http://seclists.org/bugtraq/2010/Jul/258
<p>Posted by MustLive on Jul 28</p>Hello Bugtraq!<br>
31.10.2009 - informed developers about...<br>Vulnerabilities in Cetera eCommerce
http://seclists.org/bugtraq/2010/Jul/257
<p>Posted by MustLive on Jul 28</p>Hello Bugtraq!<br>
01.03.2009 -...<br>PhotoMap Gallery 1.6.0 Joomla Component Multiple Blind SQL Injection
http://seclists.org/bugtraq/2010/Jul/256
<p>Posted by Salvatore Fresta aka Drosophila on Jul 28</p>PhotoMap Gallery 1.6.0 Joomla Component Multiple Blind SQL Injection<br>
IV....<br>[security bulletin] HPSBMA02549 SSRT090158 rev.2 - HP Insight Control Power Management for Windows, Local Unauthorized Read Access to Data
http://seclists.org/bugtraq/2010/Jul/255
<p>Posted by security-alert on Jul 28</p>SUPPORT COMMUNICATION - SECURITY BULLETIN<br>
Source: Hewlett-Packard Company, HP...<br>Jira Enterprise 4.0.1 - Multiple Low Risk Vulnerabilities
http://seclists.org/bugtraq/2010/Jul/254
<p>Posted by advisories on Jul 28</p> Jira - Multiple Low Risk Vulnerabilities<br>
Jira is prone to Cross...<br>Secunia Research: Autonomy KeyView wkssr.dll Record Parsing Buffer Overflows
http://seclists.org/bugtraq/2010/Jul/253
<p>Posted by Secunia Research on Jul 28</p>====================================================================== <br>
Vendor's Description of...<br>Secunia Research: Autonomy KeyView wkssr.dll String Indexing Vulnerability
http://seclists.org/bugtraq/2010/Jul/252
<p>Posted by Secunia Research on Jul 28</p>====================================================================== <br>
Vendor's Description of...<br>Secunia Research: Autonomy KeyView wkssr.dll Integer Underflow Vulnerability
http://seclists.org/bugtraq/2010/Jul/251
<p>Posted by Secunia Research on Jul 28</p>====================================================================== <br>
Vendor's Description of...<br>Secunia Research: Autonomy KeyView wosr.dll Data Block Parsing Buffer Overflow
http://seclists.org/bugtraq/2010/Jul/250
<p>Posted by Secunia Research on Jul 28</p>====================================================================== <br>
Vendor's Description...<br>Daily Dave
http://seclists.org/#dailydave
This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by <a href="http://www.immunitysec.com/">ImmunitySec</a> founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.Re: Things that slipped the pwnie net.
http://seclists.org/dailydave/2010/q3/16
<p>Posted by Alexander Sotirov on Jul 25</p>NGINX got a pwnie nomination by proxy, Dr. Raid's song 'Pwned' mentions the<br>
Those pics of you and your sis, they base64 encoded that shit and...<br>Call For Papers - Hackers 2 Hackers Conference 7th Edition - Brazil
http://seclists.org/dailydave/2010/q3/15
<p>Posted by Rodrigo Rubira Branco (BSDaemon) on Jul 25</p> CALL FOR PAPERS - Hackers 2 Hackers Conference 7th edition<br>
from 27 to 28 November 2010, and aims to get together industry,...<br>Re: there might be three people who missed it...
http://seclists.org/dailydave/2010/q3/14
<p>Posted by Jon Oberheide on Jul 22</p>This brings up an interesting question I had related to cross-vendor<br>
disclosure (via an innocent-sounding...<br>there might be three people who missed it...
http://seclists.org/dailydave/2010/q3/13
<p>Posted by Michal Zalewski on Jul 22</p>...so FYI:<br>
/mz<br>SILICA-U
http://seclists.org/dailydave/2010/q3/12
<p>Posted by dave on Jul 22</p>So it's been a while since I've posted about wireless penetration testing. And<br>
to implement....<br>Re: Your trusted computing base is not what you think it is! :>
http://seclists.org/dailydave/2010/q3/11
<p>Posted by Florian Weimer on Jul 19</p>Only if the key is virtually unused. If it is not, revocation is<br>
which cannot leak the key material,...<br>Mini Fuzzer Shootout
http://seclists.org/dailydave/2010/q3/10
<p>Posted by Ben Nagy on Jul 19</p>Hi all,<br>
and decided that one of the things...<br>Kiwicon IV: Our Worst CFP Yet
http://seclists.org/dailydave/2010/q3/9
<p>Posted by Kiwicon on Jul 15</p> ----[ TRULY THE FUTURE IS NOW, FOR IT IS THE YEAR<br>
|::.. . ||::.. . | |::.||::.. . ||::.|:. ||::.. . /...<br>Re: Your trusted computing base is not what you think it is! :>
http://seclists.org/dailydave/2010/q3/8
<p>Posted by Shane on Jul 15</p>The good thing about their signing key is that it's static (does not<br>
I've almost never seen a verified FF addon...<br>Your trusted computing base is not what you think it is! :>
http://seclists.org/dailydave/2010/q3/7
<p>Posted by dave on Jul 15</p>Here are some trojans signed by a key from realtek, supposably. How cool is that! You<br>
And, as pointed out:...<br>FW: Black Hat Abu Dhabi CFP - November 10 - 11 2010
http://seclists.org/dailydave/2010/q3/6
<p>Posted by The Dark Tangent on Jul 15</p>Call for Papers - Black Hat Abu Dhabi 2010<br>
East's first edition of the Las...<br>Pwnie Awards 2010
http://seclists.org/dailydave/2010/q3/5
<p>Posted by Alexander Sotirov on Jul 14</p>The Pwnie Awards ceremony will return for the fourth consecutive year to the<br>
* Best...<br>AI is a good problem to have.
http://seclists.org/dailydave/2010/q3/4
<p>Posted by dave on Jul 14</p>Lcamtuf says<br>
right...<br>"Finding 0days"
http://seclists.org/dailydave/2010/q3/3
<p>Posted by dave on Jul 12</p>In just a few days Immunity has a training called "Finding 0days" here in Miami<br>
0days tends to shift a bit depending on who the instructor is. Which generally brings...<br>Re: Solutions
http://seclists.org/dailydave/2010/q3/2
<p>Posted by Andre Gironda on Jul 07</p>Rich,<br>
Dave says that...<br>Firewall Wizards
http://seclists.org/#firewall-wizards
Tips and tricks for firewall administratorscovert timing channel data
http://seclists.org/firewall-wizards/2010/Jul/0
<p>Posted by Melissa Stockman on Jul 29</p>Hi,<br>
Melissa Stockman<br>Re: Taking a traffic snapshot with network IDS
http://seclists.org/firewall-wizards/2010/Jun/13
<p>Posted by vern on Jun 21</p>You might want to check out Bro in this regard, which IMHO excels at this<br>
Vern<br>Re: firewall-wizards Digest, Vol 50, Issue 5
http://seclists.org/firewall-wizards/2010/Jun/12
<p>Posted by Bernie on Jun 21</p>Personally I'd use wireshark Daniel. The ability to create file sets<br>
Wireshark by Laura Chappell is a great resource.<br>Re: Taking a traffic snapshot with network IDS
http://seclists.org/firewall-wizards/2010/Jun/11
<p>Posted by Marcus J. Ranum on Jun 21</p>Yack, Daniel wrote:<br>
That said, an IDS can be turned into one heck of a nice...<br>Re: Taking a traffic snapshot with network IDS
http://seclists.org/firewall-wizards/2010/Jun/10
<p>Posted by Farrukh Haroon on Jun 21</p>Instead of capturing each packet, you would be better off going via the<br>
On Fri, Jun 18, 2010 at 4:58 PM,...<br>Taking a traffic snapshot with network IDS
http://seclists.org/firewall-wizards/2010/Jun/9
<p>Posted by Yack, Daniel on Jun 21</p>There are probably one thousand ways to do this, but I wanted to toss<br>
template that says...<br>Re: Firewall Best Practice regarding XMPP traffic?
http://seclists.org/firewall-wizards/2010/Jun/8
<p>Posted by paddy joesoap on Jun 17</p>Hi Kevin and all,<br>
handle security on...<br>Re: Firewall Best Practice regarding XMPP traffic?
http://seclists.org/firewall-wizards/2010/Jun/7
<p>Posted by K K on Jun 17</p>In my experience, yes -- XMPP servers are generally deployed in the<br>
clients connect to an edge device using the legacy...<br>Firewall Best Practice regarding XMPP traffic?
http://seclists.org/firewall-wizards/2010/Jun/6
<p>Posted by paddy joesoap on Jun 16</p>Hi all,<br>
firewall helps...<br>Re: Hidden ISP firewall/filtering
http://seclists.org/firewall-wizards/2010/Jun/5
<p>Posted by Paul Melson on Jun 08</p>IPSec, but when <br>
airport, etc.) If the ports...<br>Re: Hidden ISP firewall/filtering
http://seclists.org/firewall-wizards/2010/Jun/4
<p>Posted by Kurt Buff on Jun 08</p>Layer 4 traceroute (<a rel="nofollow" href="http://pwhois.org/lft/">http://pwhois.org/lft/</a>) comes to mind, or nmap,<br>
Kurt<br>Re: Hidden ISP firewall/filtering
http://seclists.org/firewall-wizards/2010/Jun/3
<p>Posted by Craig Van Tassle on Jun 08</p>Your best bet is to check with your ISP.<br>
a box that you can wipe after you do this test.<br>R: Hidden ISP firewall/filtering
http://seclists.org/firewall-wizards/2010/Jun/2
<p>Posted by Andrea Mennini - Mobile on Jun 08</p>Try grc.com shields up. It should give you a basic idea.<br>
Subject: [fw-wiz] Hidden ISP firewall/filtering<br>Hidden ISP firewall/filtering
http://seclists.org/firewall-wizards/2010/Jun/1
<p>Posted by Jerrod Fuller on Jun 04</p> <br>
way to find out if our ISP actually has a...<br>EUSecWest 2010 MiniCFP (conf Jun 16/17) and PacSec 2010 CFP (conf Nov 10/11, deadline July 30)
http://seclists.org/firewall-wizards/2010/Jun/0
<p>Posted by Dragos Ruiu on Jun 04</p>-- EUSecWest 2010 MiniCFP (PacSec CFP Follows)<br>
at the Melkweg in Amsterdam.) Please forward submissions to...<br>IDS Focus
http://seclists.org/#focus-ids
Technical discussion about Intrusion Detection Systems. You can also read the archives of a <A HREF="http://seclists.org/ids/">previous IDS list</A>CFP: Deadline Extended: SLAML'10
http://seclists.org/focus-ids/2010/Jun/2
<p>Posted by Mohror, Kathryn on Jun 18</p> Workshop on Managing Systems via Log Analysis and Machine <br>
********...<br>Announcement: xtractr updates
http://seclists.org/focus-ids/2010/Jun/1
<p>Posted by pcapr on Jun 08</p>Just a quick note to let you know that the lite version of xtractr can<br>
If you are...<br>Performance measurement tool for IDS/IPS
http://seclists.org/focus-ids/2010/Jun/0
<p>Posted by wittybugz on Jun 01</p>Hi All,<br>
on your web...<br>Full Disclosure
http://seclists.org/#fulldisclosure
An unmoderated high-traffic forum for disclosure of security information. Fresh vulnerabilities sometimes hit this list many hours before they pass through the Bugtraq moderation queue. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. Unfortunately 80% of the posts are worthless drivel, so finding the gems takes patience.Re: Day of bugs in WordPress 2
http://seclists.org/fulldisclosure/2010/Jul/400
<p>Posted by Elazar Broad on Jul 29</p>ed or nano? :)<br>Re: Day of bugs in WordPress 2
http://seclists.org/fulldisclosure/2010/Jul/399
<p>Posted by Valdis . Kletnieks on Jul 29</p>On Thu, 29 Jul 2010 17:18:28 PDT, Zach C said:<br>
vi or emacs. Take your pick, I'm not starting an editor war. ;)<br>Re: Day of bugs in WordPress 2
http://seclists.org/fulldisclosure/2010/Jul/398
<p>Posted by Zach C on Jul 29</p>So if Drupal and WordPress, etc. are so terrible, what would you all recommend?<br>
-Zach<br>Re: Day of bugs in WordPress 2
http://seclists.org/fulldisclosure/2010/Jul/397
<p>Posted by coderman on Jul 29</p>when the bar is wordpress, .. well, you get the picture.<br>
(those modules though, most could use regular scrubbing)<br>Re: Day of bugs in WordPress 2
http://seclists.org/fulldisclosure/2010/Jul/396
<p>Posted by Christian Sciberras on Jul 29</p>Drupal or other decent [0]<br>
Please! Don't put "Drupal" and "decent" in the same sentence!<br>Re: Day of bugs in WordPress 2
http://seclists.org/fulldisclosure/2010/Jul/395
<p>Posted by coderman on Jul 29</p>Hewlett Packard has a soul mate! anyone who cares uses Drupal or other<br>
python gevent based publishing pipe...<br>Day of bugs in WordPress 2
http://seclists.org/fulldisclosure/2010/Jul/394
<p>Posted by MustLive on Jul 29</p>Hello Full-Disclosure!<br>
switched to smaller and less time-consuming, but still very...<br>[SECURITY] [DSA 2077-1] New openldap packages fix potential code execution
http://seclists.org/fulldisclosure/2010/Jul/393
<p>Posted by Florian Weimer on Jul 29</p>------------------------------------------------------------------------<br>
Problem type : remote...<br>the real stuxnet authors plz stand up
http://seclists.org/fulldisclosure/2010/Jul/392
<p>Posted by coderman on Jul 29</p>stuxnet is strategic, and misleading. ... red team off roading?<br>
0. "Blowing the Whistle on the Snitch Racket"...<br>[HITB-Ann] Reminder: HITB2010 Malaysia Call for Papers Closing August 9th
http://seclists.org/fulldisclosure/2010/Jul/391
<p>Posted by Hafez Kamal on Jul 29</p>This is a reminder that the Call for Papers for Asia's largest network<br>
Venue: Crowne Plaza Mutiara Kuala Lumpur...<br>Re: Patent Absurdity - How software patents broke the system
http://seclists.org/fulldisclosure/2010/Jul/390
<p>Posted by M.B.Jr. on Jul 28</p>I'm sorry, Rohit.<br>
Marcio Barbado, Jr.<br>[ MDVSA-2010:142 ] openldap
http://seclists.org/fulldisclosure/2010/Jul/389
<p>Posted by security on Jul 28</p> _______________________________________________________________________<br>
Enterprise Server 5.0...<br>Re: Patent Absurdity - How software patents broke the system
http://seclists.org/fulldisclosure/2010/Jul/388
<p>Posted by M.B.Jr. on Jul 28</p>Hi Rohit,<br>
So, if your company's employees write...<br>New vulnerabilities in Cetera eCommerce
http://seclists.org/fulldisclosure/2010/Jul/387
<p>Posted by MustLive on Jul 28</p>Hello Full-Disclosure!<br>
31.10.2009 - informed developers...<br>Vulnerabilities in Cetera eCommerce
http://seclists.org/fulldisclosure/2010/Jul/386
<p>Posted by MustLive on Jul 28</p>Hello Full-Disclosure!<br>
Timeline:...<br>Honeypots
http://seclists.org/#honeypots
Discussions about tracking attackers by setting up decoy honeypots or entire <A HREF="http://www.honeynet.org">honeynet</A> networks.[HITB-Ann] Reminder: HITB2010 Malaysia Call for Papers Closing August 9th
http://seclists.org/honeypots/2010/q3/1
<p>Posted by Hafez Kamal on Jul 29</p>This is a reminder that the Call for Papers for Asia's largest network<br>
Venue: Crowne Plaza Mutiara Kuala Lumpur...<br>[HITB-Announce] HITB Magazine Issue 003 + HITBSecConf2010 - Amsterdam
http://seclists.org/honeypots/2010/q3/0
<p>Posted by Hafez Kamal on Jul 04</p>Our first ever HITBSecConf in Europe is over! A big big thank you to all<br>
All conference materials from the event can be downloaded from...<br>CFP: Deadline Extended: SLAML'10
http://seclists.org/honeypots/2010/q2/8
<p>Posted by Mohror, Kathryn on Jun 16</p> Workshop on Managing Systems via Log Analysis and Machine <br>
********...<br>[HITB-Announce] HITBSecConf2010 - Malaysia Call for Papers
http://seclists.org/honeypots/2010/q2/7
<p>Posted by Hafez Kamal on May 19</p>The Call for Papers for HITB Security Conference 2010 Malaysia is now open!<br>
Keynote 1: Chris Wysopal...<br>RE: info reg Zeus bot detection and analysis
http://seclists.org/honeypots/2010/q2/6
<p>Posted by Younger Tyler on May 19</p>Any tips on how to selectively get infected with Zeus?<br>
Interesting thoughts as I am just...<br>RE: info reg Zeus bot detection and analysis
http://seclists.org/honeypots/2010/q2/5
<p>Posted by Gary Derania on May 19</p>------Original Message------<br>
analysis. I...<br>RE: info reg Zeus bot detection and analysis
http://seclists.org/honeypots/2010/q2/4
<p>Posted by Michele Zoerb on May 19</p>Interesting thoughts as I am just starting the same type of project. I want to get infected by Zeus and perform some <br>
From: listbounce () securityfocus...<br>info reg Zeus bot detection and analysis
http://seclists.org/honeypots/2010/q2/3
<p>Posted by Mayank.2.Bhatnagar on May 19</p>Hi everyone,<br>
What...<br>[HITB-Announce] HITB eZine Issue 002 out now!
http://seclists.org/honeypots/2010/q2/2
<p>Posted by Hafez Kamal on Apr 23</p>The second quarterly HITB eZine (issue 002) has been released! Grab your<br>
over 20K downloads just weeks after its...<br>[HITB-Announce] FINAL CALL - CFP for HITBSecConf2010 Amsterdam
http://seclists.org/honeypots/2010/q2/1
<p>Posted by Hafez Kamal on Apr 08</p>This is the FINAL CALL to submit your talk / presentation proposals for<br>
To submit your presentation proposals and for further details...<br>Call For Papers - hack.lu 2010 - 27-29 October - Luxembourg
http://seclists.org/honeypots/2010/q2/0
<p>Posted by Alexandre Dulaunoy on Apr 04</p>Call for Papers Hack.lu 2010<br>
Grand-Duchy of Luxembourg in October 2010 (27-29.10.2010). The...<br>Incidents
http://seclists.org/#incidents
Lightly moderated list for dicussing actual security incidents (unexplained probes, breakins, etc). Topics include information about new rootkits, backdoors, trojans, virii, and worms.Microsoft Sec Notification
http://seclists.org/#microsoft
Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.Microsoft Security Bulletin Minor Revision
http://seclists.org/microsoft/2010/q3/7
<p>Posted by Microsoft on Jul 21</p>********************************************************************<br>
-...<br>Microsoft Security Advisory Notification
http://seclists.org/microsoft/2010/q3/6
<p>Posted by Microsoft on Jul 20</p>********************************************************************<br>
-...<br>Microsoft Security Advisory Notification
http://seclists.org/microsoft/2010/q3/5
<p>Posted by Microsoft on Jul 19</p>********************************************************************<br>
-...<br>Microsoft Security Advisory Notification
http://seclists.org/microsoft/2010/q3/4
<p>Posted by Microsoft on Jul 16</p>********************************************************************<br>
-...<br>Microsoft Security Bulletin Minor Revisions
http://seclists.org/microsoft/2010/q3/3
<p>Posted by Microsoft on Jul 14</p>********************************************************************<br>
Bulletin Information:...<br>Microsoft Security Bulletin Minor Revisions
http://seclists.org/microsoft/2010/q3/2
<p>Posted by Microsoft on Jul 13</p>********************************************************************<br>
*...<br>Microsoft Security Bulletin Re-Release
http://seclists.org/microsoft/2010/q3/1
<p>Posted by Microsoft on Jul 13</p>********************************************************************<br>
-...<br>Microsoft Security Bulletin Summary for July 2010
http://seclists.org/microsoft/2010/q3/0
<p>Posted by Microsoft on Jul 13</p>********************************************************************<br>
With the...<br>Microsoft Security Bulletin Summary for June 2010
http://seclists.org/microsoft/2010/q2/5
<p>Posted by Microsoft on Jun 08</p>********************************************************************<br>
With the...<br>Microsoft Security Bulletim Summary for May 2010
http://seclists.org/microsoft/2010/q2/4
<p>Posted by Microsoft on May 11</p>********************************************************************<br>
With the...<br>Microsoft Security Bulletin Major Revision MS10-016
http://seclists.org/microsoft/2010/q2/3
<p>Posted by Microsoft on May 03</p>********************************************************************<br>
-...<br>Microsoft Security Bulletin Re-Release
http://seclists.org/microsoft/2010/q2/2
<p>Posted by Microsoft on Apr 27</p>********************************************************************<br>
-...<br>Microsoft Security Bulletin Major Revision
http://seclists.org/microsoft/2010/q2/1
<p>Posted by Microsoft on Apr 21</p>********************************************************************<br>
-...<br>Microsoft Security Bulletin Summary for April 2010
http://seclists.org/microsoft/2010/q2/0
<p>Posted by Microsoft on Apr 13</p>********************************************************************<br>
With...<br>Nmap Development
http://seclists.org/#nmap-dev
Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to <A HREF="http://nmap.org">Nmap</A> and related projects.Re: Nmap Scan Results
http://seclists.org/nmap-dev/2010/q3/217
<p>Posted by Jon Svede on Jul 29</p>I had the same issue a while back. After I left that job I decided <br>
If you a solution already though, there isn't any need to...<br>Re: Nmap Scan Results
http://seclists.org/nmap-dev/2010/q3/216
<p>Posted by Tuan Nguyen on Jul 29</p>I want to be able to parse the Nmap XML output in Java and convert it to<br>
Do you have another way to parse Nmap and convert it to Java object?<br>nmap can detect printer?
http://seclists.org/nmap-dev/2010/q3/215
<p>Posted by Jacky Jack on Jul 29</p>Hi<br>
Thanks.<br>NMap Scripts Vs Nessus
http://seclists.org/nmap-dev/2010/q3/214
<p>Posted by Jacky Jack on Jul 29</p>Hi<br>
writing/converting Nessus plugins to NSEs....<br>Re: Nmap Scan Results
http://seclists.org/nmap-dev/2010/q3/213
<p>Posted by Jon Svede on Jul 29</p>What do you want to do with the results? I.e., are you looking just<br>
Jon<br>Re: fix to build nmap on some OpenBSD archs
http://seclists.org/nmap-dev/2010/q3/212
<p>Posted by Sebastian Reitenbach on Jul 29</p>Hi,<br>
I tried to remove above two patches and removed the patch above from...<br>Re: fix to build nmap on some OpenBSD archs
http://seclists.org/nmap-dev/2010/q3/211
<p>Posted by Sebastian Reitenbach on Jul 28</p>Hi,<br>
Sebastian<br>typo in nmap-service-probes
http://seclists.org/nmap-dev/2010/q3/210
<p>Posted by Gutek on Jul 28</p>just a small typo in the "Canon iR3570 printer ftpd" fingerprint (reads<br>
A.G.<br>Re: New Feature in zenmap interface - Script Selection
http://seclists.org/nmap-dev/2010/q3/209
<p>Posted by kirubakaran S on Jul 28</p> Yes, The formatting of text in Description box is not done. It is just<br>
<a rel="nofollow" href="http://kirubakaran-blessedblogger.blogspot.com/">http://kirubakaran-blessedblogger.blogspot.com/</a><br>Re: [Ncat] I'd like to contribute a feature
http://seclists.org/nmap-dev/2010/q3/208
<p>Posted by David Fifield on Jul 28</p>Thanks for your interest! Please help us understand what you have in<br>
As for code organization, --sh-exec and --exec are handled in the files...<br>Re: [nmap-svn] r19330 - in nmap: . libnetutil
http://seclists.org/nmap-dev/2010/q3/207
<p>Posted by David Fifield on Jul 28</p>Good catch on this. We had a test for --mtu in Nping, but I guess we<br>
David Fifield<br>Re: fix to build nmap on some OpenBSD archs
http://seclists.org/nmap-dev/2010/q3/206
<p>Posted by David Fifield on Jul 28</p>Thanks. I see that this patch is mostly about not mixing code and<br>
gcc -c -I../../nbase...<br>Re: Bugfixes for smb-psexec
http://seclists.org/nmap-dev/2010/q3/205
<p>Posted by David Fifield on Jul 28</p>I think this is fine to commit now.<br>
David Fifield<br>Re: New Feature in zenmap interface - Script Selection
http://seclists.org/nmap-dev/2010/q3/204
<p>Posted by David Fifield on Jul 28</p>Thank you for testing, Kris. I agree, we should collapse single newlines<br>
David Fifield<br>Re: New Feature in zenmap interface - Script Selection
http://seclists.org/nmap-dev/2010/q3/203
<p>Posted by Kris Katterjohn on Jul 28</p>I have one comment on the Description box: the text tends to look rather goofy<br>
paragraph separation. This is just a...<br>Nmap Hackers
http://seclists.org/#nmap-hackers
Moderated list for the most important new releases and announcements regarding the <A HREF="http://nmap.org">Nmap Security Scanner</A> and related projects. We recommend that all Nmap users <a href="http://cgi.insecure.org/mailman/listinfo/nmap-hackers">subscribe</a>.Nmap Defcon Release: Version 5.35DC1
http://seclists.org/nmap-hackers/2010/7
<p>Posted by Fyodor on Jul 16</p>Hi folks. It has been 3.5 months since the last Nmap release<br>
Hat in a couple weeks (see...<br>Nmap News and Last Chance to Take the Survey
http://seclists.org/nmap-hackers/2010/6
<p>Posted by Fyodor on Apr 30</p>Hi Folks. I have some Nmap news to share with you:<br>
Drazen Popovic and Djalal Harouni will be working on...<br>Survey Reminder
http://seclists.org/nmap-hackers/2010/5
<p>Posted by Fyodor on Apr 14</p>Hi folks, I have a quick question for you:<br>
post...<br>Nmap/SecTools Survey and GSoC Deadline
http://seclists.org/nmap-hackers/2010/4
<p>Posted by Fyodor on Apr 07</p>Hello everyone. I hope you're enjoying the 5.30BETA1 release. So far<br>
summer! SoC previously brought us...<br>Nmap 5.30BETA1 Released w/37 new scripts and new Apple vuln
http://seclists.org/nmap-hackers/2010/3
<p>Posted by Fyodor on Mar 29</p>Hi folks! It has been two months since the 5.21 release and we've<br>
ipidseq. Learn about them all at...<br>Nmap 5.21 released
http://seclists.org/nmap-hackers/2010/2
<p>Posted by Fyodor on Jan 27</p>Hello everyone. I'm pleased to release Nmap 5.21, which contains zero<br>
development projects. If you want to know...<br>Lots of Nmap News
http://seclists.org/nmap-hackers/2010/1
<p>Posted by Fyodor on Jan 22</p>Hi folks. I'm happy to report that the 5.20 release went well. But<br>
If you're running from a build of the latest SVN checkout, you...<br>Nmap 5.20 Released
http://seclists.org/nmap-hackers/2010/0
<p>Posted by Fyodor on Jan 20</p>Happy new year, everyone. I'm happy to announce Nmap 5.20--our first<br>
The...<br>Nmap 5.00 Released!
http://seclists.org/nmap-hackers/2009/3
<p>Posted by Fyodor on Jul 16</p>Hello everyone. I'm delighted to announce the release of Nmap 5.00!<br>
1) The new Ncat tool aims to be your Swiss Army Knife...<br>Nmap news: stable release candidate 4.90RC1, SoC team, and new translations
http://seclists.org/nmap-hackers/2009/2
<p>Posted by Fyodor on Jun 26</p>Hi Folks. I'm pleased to announce some exciting Nmap news:<br>
Please test it out, and let us know if you find any problems...<br>Nmap 4.85BETA6 now avail w/Conficker detection
http://seclists.org/nmap-hackers/2009/1
<p>Posted by Fyodor on Apr 01</p>Hi Folks! In case you missed all the news reports yesterday, a couple<br>
millions of infections, and this massive botnet...<br>Nmap News: 4.84BETA4 release, Nmap book news, Summer of Code, Twitter, etc.
http://seclists.org/nmap-hackers/2009/0
<p>Posted by Fyodor on Mar 27</p>Hello everyone. We've seen 848 messages on nmap-dev this year, but<br>
4.85BETA4 release,...<br>Penetration Testing
http://seclists.org/#pen-test
While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.[HITB-Ann] Reminder: HITB2010 Malaysia Call for Papers Closing August 9th
http://seclists.org/pen-test/2010/Jul/57
<p>Posted by Hafez Kamal on Jul 29</p>This is a reminder that the Call for Papers for Asia's largest network<br>
Venue: Crowne Plaza Mutiara Kuala Lumpur...<br>HELP. How to dump one NDS?
http://seclists.org/pen-test/2010/Jul/56
<p>Posted by Alonso Jose da Silva II on Jul 28</p>Guys,<br>
AlonsoII<br>Re: People are bad at trust.... new article
http://seclists.org/pen-test/2010/Jul/55
<p>Posted by Pete Herzog on Jul 28</p>Jeff,<br>
-pete.<br>Re: demoing sslv2 vulns
http://seclists.org/pen-test/2010/Jul/54
<p>Posted by Saleh on Jul 28</p>Here is a demonstration for SSL Strip Attack:<br>
<a rel="nofollow" href="http://securitytube.net/SSLstrip-Tutorial-video.aspx">http://securitytube.net/SSLstrip-Tutorial-video.aspx</a><br>Re: demoing sslv2 vulns
http://seclists.org/pen-test/2010/Jul/53
<p>Posted by Robin Wood on Jul 28</p>A we've pointed out quite a few times, I was looking for attacks on<br>
and CEPT certs require a full practical examination in order...<br>Re: People are bad at trust.... new article
http://seclists.org/pen-test/2010/Jul/52
<p>Posted by Pete Herzog on Jul 28</p>Hi Saleh,<br>
prove...<br>Re: when to fix , when to not to fix the vuln.
http://seclists.org/pen-test/2010/Jul/51
<p>Posted by Tony Turner on Jul 28</p>You need to put the findings in context. It's not enough to say "Fix the<br>
have an...<br>Re: when to fix , when to not to fix the vuln.
http://seclists.org/pen-test/2010/Jul/50
<p>Posted by Jason Ross on Jul 25</p>In 2 of those 3 scenarios, this shouldn't be a question.<br>
In the third example (you...<br>Re: when to fix , when to not to fix the vuln.
http://seclists.org/pen-test/2010/Jul/49
<p>Posted by Robert Portvliet on Jul 25</p>If they gave a you a good report you should have the vulnerabilities<br>
severity of their...<br>Re: when to fix , when to not to fix the vuln.
http://seclists.org/pen-test/2010/Jul/48
<p>Posted by Todd Haverkos on Jul 25</p>a bv <vbavbalist () gmail com> writes:<br>
In the report, hopefully there are CVE numbers as...<br>Re: How to tweak tools against targets that block ICMP
http://seclists.org/pen-test/2010/Jul/47
<p>Posted by Jacky Jack on Jul 24</p>Hi Demetris Papapetrou<br>
Thanks....<br>People are bad at trust.... new article
http://seclists.org/pen-test/2010/Jul/46
<p>Posted by Pete Herzog on Jul 24</p>"People are bad at trust....<br>
A new article called Essential Trust Analysis is now available...<br>Re: How to tweak tools against targets that block ICMP
http://seclists.org/pen-test/2010/Jul/45
<p>Posted by Robert Portvliet on Jul 24</p>What is the behavior you are seeing? (Does it fail because it can't<br>
Also, take into consideration that although they are blocking...<br>when to fix , when to not to fix the vuln.
http://seclists.org/pen-test/2010/Jul/44
<p>Posted by a bv on Jul 24</p>Hi,<br>
Prove to peers and potential employers without a doubt that you...<br>Re: demoing sslv2 vulns
http://seclists.org/pen-test/2010/Jul/43
<p>Posted by Richard Miles on Jul 24</p>Hi chintan,<br>
and CEPT certs require a...<br>The RISKS Forum
http://seclists.org/#risks
Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.Risks Digest 26.11
http://seclists.org/risks/2010/q3/2
<p>Posted by RISKS List Owner on Jul 21</p>RISKS-LIST: Risks-Forum Digest Wednesday 21 July 2010 Volume 26 : Issue 11<br>
The current issue can be...<br>Risks Digest 26.10
http://seclists.org/risks/2010/q3/1
<p>Posted by RISKS List Owner on Jul 10</p>RISKS-LIST: Risks-Forum Digest Saturday 10 July 2010 Volume 26 : Issue 10<br>
The current issue can be...<br>Risks Digest 26.09
http://seclists.org/risks/2010/q3/0
<p>Posted by RISKS List Owner on Jul 03</p>RISKS-LIST: Risks-Forum Digest Saturday 3 July 2010 Volume 26 : Issue 09<br>
The current issue can be...<br>Risks Digest 26.08
http://seclists.org/risks/2010/q2/7
<p>Posted by RISKS List Owner on Jun 10</p>RISKS-LIST: Risks-Forum Digest Thursday 10 June 2010 Volume 26 : Issue 08<br>
The current issue can be...<br>Risks Digest 26.07
http://seclists.org/risks/2010/q2/6
<p>Posted by RISKS List Owner on May 29</p>RISKS-LIST: Risks-Forum Digest Saturday 29 May 2010 Volume 26 : Issue 07<br>
The current issue can be...<br>Risks Digest 26.06
http://seclists.org/risks/2010/q2/5
<p>Posted by RISKS List Owner on May 08</p>RISKS-LIST: Risks-Forum Digest Saturday 8 May 2010 Volume 26 : Issue 06<br>
The current issue can be...<br>Risks Digest 26.05
http://seclists.org/risks/2010/q2/4
<p>Posted by RISKS List Owner on May 04</p>RISKS-LIST: Risks-Forum Digest Tuesday 4 April 2010 Volume 26 : Issue 05<br>
The current issue can be...<br>Risks Digest 26.04
http://seclists.org/risks/2010/q2/3
<p>Posted by RISKS List Owner on Apr 28</p>RISKS-LIST: Risks-Forum Digest Wednesday 28 April 2010 Volume 26 : Issue 04<br>
The current issue can be...<br>Risks Digest 26.03
http://seclists.org/risks/2010/q2/2
<p>Posted by RISKS List Owner on Apr 25</p>ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)<br>
Contents:...<br>Risks Digest 26.02
http://seclists.org/risks/2010/q2/1
<p>Posted by RISKS List Owner on Apr 18</p>RISKS-LIST: Risks-Forum Digest Sunday 18 April 2010 Volume 26 : Issue 02<br>
The current issue can be...<br>Risks Digest 26.01
http://seclists.org/risks/2010/q2/0
<p>Posted by RISKS List Owner on Apr 08</p>RISKS-LIST: Risks-Forum Digest Thursday 8 April 2010 Volume 26 : Issue 01<br>
The current issue can be...<br>Security Basics
http://seclists.org/#basics
A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.[HITB-Ann] Reminder: HITB2010 Malaysia Call for Papers Closing August 9th
http://seclists.org/basics/2010/Jul/190
<p>Posted by Hafez Kamal on Jul 29</p>This is a reminder that the Call for Papers for Asia's largest network<br>
Venue: Crowne Plaza Mutiara Kuala Lumpur...<br>Re: People on Google Security blog don't understand cyber terrorism
http://seclists.org/basics/2010/Jul/189
<p>Posted by Curt Purdy on Jul 29</p>Sometimes when I am full of myself, like when I am the last man<br>
When beyond-national corporations use clueless...<br>Re: make nmap not to scan fragile devices
http://seclists.org/basics/2010/Jul/188
<p>Posted by Shawn Merdinger on Jul 29</p>Hi,<br>
it benefits your company and how your customers can tell if a site is...<br>Security Hand-on in Philly
http://seclists.org/basics/2010/Jul/187
<p>Posted by Far McKon on Jul 29</p>Hey,<br>
Philly (NYC is 2 hours away,...<br>Re: Beginner questions regarding PHP and MySQL Injection
http://seclists.org/basics/2010/Jul/186
<p>Posted by zero9zero on Jul 29</p>Well sql injection doesn't have to be in a lnput validation.. Usually they inject it through the url too...<br>
powered by Sinyal...<br>make nmap not to scan fragile devices
http://seclists.org/basics/2010/Jul/185
<p>Posted by Jacky Jack on Jul 29</p>Hi<br>
it benefits your company and how your customers can tell if a site is secure. You will...<br>Re: Fw: North Korea conflict with US and South Korea could spark cyber war
http://seclists.org/basics/2010/Jul/184
<p>Posted by Chester Enright on Jul 29</p>n3td3v...yet another example of the creation of a phony organization<br>
Please stop with...<br>Re: Wikileaks, Afghanistan war logs leaked by hackers
http://seclists.org/basics/2010/Jul/183
<p>Posted by Florian Rommel on Jul 29</p>blah blah blah... yes i would rather sit back in the times when all we heard was the propaganda of the war machine and <br>
worlds interest to know or "leaking" real information that is in direct contrast to lies published by the...<br>Re: Wikileaks, Afghanistan war logs leaked by hackers
http://seclists.org/basics/2010/Jul/182
<p>Posted by pryorda pryor on Jul 29</p>I think we should have access to all the warlogs anyways.. We are<br>
it benefits your company and how your customers can tell if a site is secure. You will find out how to...<br>Re: People on Google Security blog don't understand cyber terrorism
http://seclists.org/basics/2010/Jul/181
<p>Posted by Jan G.B. on Jul 29</p>Let's see what you posted on twitter not so long ago..<br>
In this guide we examine the importance of...<br>Re: Firefox Bypass Master password Vulnerability
http://seclists.org/basics/2010/Jul/180
<p>Posted by Andre Pawlowski on Jul 29</p>I tested this for myself with Firefox 3.6.8 and Google Chrome<br>
Andre Pawlowski...<br>FW: People on Google Security blog don't understand cyber terrorism
http://seclists.org/basics/2010/Jul/179
<p>Posted by Murda on Jul 29</p>Sorry, Tamer, I think you may have misunderstood this phrase:<br>
Incidentally(and coincidentally) my response would be the same...<br>RE: Pwnie Awards 2010 should be condemned by the security community
http://seclists.org/basics/2010/Jul/178
<p>Posted by Murda on Jul 29</p>I will bring this up at the next security community meeting. I will also<br>
going to...<br>Re: People on Google Security blog don't understand cyber terrorism
http://seclists.org/basics/2010/Jul/177
<p>Posted by Chad Perrin on Jul 29</p>While Mr. Gillett (who also responded to you) made very good points, and<br>
what...<br>RE: Fw: North Korea conflict with US and South Korea could spark cyber war
http://seclists.org/basics/2010/Jul/176
<p>Posted by Murda on Jul 29</p>I wonder if he can hear us trip-trapping on 'his' list. Just wait 'til my<br>
while there are a few trolls, andrew being...<br>Security Jobs (jobs) Mailing List
http://seclists.org/#jobs
A popular list for advertising or finding jobs in the security field. Employers post openings and job seekers post resumes (run by SecurityFocus). For privacy reasons, only the current year is archived.Vulnerability Development (vuln-dev) Mailing List
http://seclists.org/#vuln-dev
A moderated list for discussing possible security issues and devising exploits for them.VulnWatch
http://seclists.org/#vulnwatch
A non-discussion, non-patch, all-vulnerability annoucement list supported and run by a community of volunteer moderators distributed around the world.Web App Security
http://seclists.org/#webappsec
Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.[HITB-Ann] Reminder: HITB2010 Malaysia Call for Papers Closing August 9th
http://seclists.org/webappsec/2010/q3/28
<p>Posted by Hafez Kamal on Jul 29</p>This is a reminder that the Call for Papers for Asia's largest network<br>
Venue: Crowne Plaza Mutiara Kuala Lumpur...<br>Re: Fwd: Hash for data in transit
http://seclists.org/webappsec/2010/q3/27
<p>Posted by Robert Hajime Lanning on Jul 28</p>You can hash the form data, then encrypt the hash with a shared transaction<br>
SSL/TLS and second via the internal signing.<br>Re: Fwd: Hash for data in transit
http://seclists.org/webappsec/2010/q3/26
<p>Posted by richardhigh on Jul 27</p>Saleh,<br>
Request...<br>Fwd: Hash for data in transit
http://seclists.org/webappsec/2010/q3/25
<p>Posted by Saleh on Jul 26</p>---------- Forwarded message ----------<br>
Using CRC, there is absolutely...<br>Re: Hash for data in transit
http://seclists.org/webappsec/2010/q3/24
<p>Posted by Peter M. Jansson on Jul 21</p>So section 3.7.5 if the DISA Application Security and Development STIG V3R1 seems to be the requirement in question, <br>
(Actually, I worry a bit more about potential bugs in the...<br>Re: Hash for data in transit
http://seclists.org/webappsec/2010/q3/23
<p>Posted by Robert Hajime Lanning on Jul 21</p>Well, outside of an AES128-SHA1 SSL connection, there really isn't much that can<br>
client platform?<br>Re: Hash for data in transit
http://seclists.org/webappsec/2010/q3/22
<p>Posted by Richard Moore on Jul 21</p>If the intention is to protect against malicious changes (as the<br>
rich.<br>Re: Hash for data in transit
http://seclists.org/webappsec/2010/q3/21
<p>Posted by Martin Tartarelli on Jul 21</p>Hi Richard,<br>
2010/7/20 Nikhil Wagholikar <visitnikhil () gmail com>:<br>RE: Hash for data in transit
http://seclists.org/webappsec/2010/q3/20
<p>Posted by Jacqueline.Primrose on Jul 21</p>Have you checked out GlobalScape EFT?<br>
Does anyone know of any tools out there that can be used to ensure the integrity of data while in transit from a web...<br>Re: Hash for data in transit
http://seclists.org/webappsec/2010/q3/19
<p>Posted by Saleh on Jul 21</p>According to one of my friends (voulnet () gmail com)<br>
HTTPS will do good =D<br>Re: mysql selecting into outfile in an insert
http://seclists.org/webappsec/2010/q3/18
<p>Posted by Robin Wood on Jul 21</p>As I said, on my box I'm root, I've all the privs available and the<br>
--------------------------------------<br>Re: Hash for data in transit
http://seclists.org/webappsec/2010/q3/17
<p>Posted by Nikhil Wagholikar on Jul 20</p>Hi Richard,<br>
It's Finally Here - The Cenzic...<br>Re: mysql selecting into outfile in an insert
http://seclists.org/webappsec/2010/q3/16
<p>Posted by Camilo Uribe on Jul 20</p>Look for the file privilege:<br>
<a rel="nofollow" href="http://www.cenzic.com/2009HClaunch_Securityfocus">http://www.cenzic.com/2009HClaunch_Securityfocus</a>...<br>Re: Hash for data in transit
http://seclists.org/webappsec/2010/q3/15
<p>Posted by Robert Hajime Lanning on Jul 20</p>https will between the browser and the webserver.<br>Re: mysql selecting into outfile in an insert
http://seclists.org/webappsec/2010/q3/14
<p>Posted by Robin Wood on Jul 20</p>Not sure on the vulnerable app I'm testing but in my lab I'm on as<br>
--------------------------------------<br>