— Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to and related projects. • • • • • Giacomo Succi (Dec 17) Hi everyone, I've a very 'simple' question. Is it possible, in your opinion, to compile the NPcap lib (and later NMap maybe) for Windows 10 IoT on an ARM platform (Raspberry Pi 3 to be precise)? Thanks a lot in advance. Cakephp Apache Windows.

Microsoft® Office Professional Plus 2016 for $9.95. Get the complete suite of Office Pro Plus products for the one-time low price of $9.95. Download Now! Sep 12, 2008. Here is an Air Force announcement, your service or agency codes may be different. I just logged on to hup.microsoft.com and gave my work email; Bill:) mailed back the code I used to order. Only $20 more than the price of Open Office. A bargain at half the price! AntiVirus and Firewall are downloadable.

Best regards Giacomo Yash Chaudhary (Dec 13) Re: Please tell which IDE do you use for LUA? Rob Dartnell via dev (Dec 13) Hi, Please see the bug below, and let me know if you need me to raise it formally on your forum.I thought it should go to homebrew/brew team, however they've directed me here instead:Nmap - Closed port inconsistency Issue #20951 Homebrew/homebrew-core Nmap - Closed port inconsistency Issue #20951 Homebrew/homebrew-core Brew Nmap version 7.60 (latest version) Using the '--reason'. Vincent Dumont (Dec 11) Hey guys, I've sent a PR (#1076) a few days ago aiming to fix Issue #839:. Please tell me if anything's wrong with the modifications. If it can be merged to the SVN repo, I would be glad to do it since I still have my credentials to do so.

Also, I am now looking at the issues list to see what I could work on next. Any high priority tasks I can work on? Cheers, Vincent Dumont Daniel Roberson (Dec 09) Hello. I've written an NSE script to fingerprint Telnet services. Please see the following PR: This is my first NSE script and first time working with Lua, so I may have goofed something up. As far as I can tell this meets the style guidelines.

If anything needs to be changed, let me know. Kind regards.

Daniel oshikhena follorunsho (Dec 07) Dear Dev tram, When i execute the commanf nmap -sT -sV -p 1521 --script=oracle-sid-brute 192.168.43.157 on system i get the error output below. My system runs windows 8 and i have oracle 11g express edition on it Starting Nmap 6.46 ( ) at 2017-12-07 10:39 W. Central Africa Standard Time Nmap scan report for AMAVAL (169.254.0.66) Host is up (0.0020s latency). Other addresses for AMAVAL (not scanned): 192.168.43.157 PORT. Fyodor (Dec 07) Hi S. Thanks for the note.

The issue you describe is that, if you do an Nmap SYN scan against a target, the target will send a SYN/ACK back from each open port that you probe. The TCP stack of the host doing the scanning sees this SYN/ACK and doesn't know what it relates to (since Nmap sent the raw packet rather than using the sockets API), and so the scanning host sends a RST/ACK back to the target to say 'I didn't expect this.

Stefan Hajnoczi (Dec 06) Hi, I have sent a pull request adding AF_VSOCK address family support to ncat: Here is the pull request summary for your convenience: This pull request adds support for the AF_VSOCK address family that has been in Linux since 3.9. AF_VSOCK facilitates hostguest communication for VMware, KVM, and Hyper-V hypervisors. Addresses are represented as pairs. Phil (Dec 05) A while ago a change was made to the ‘find’ function in the tn3270 library.

These changes broke the scrips tso-enum, two-brute, cics-info and cics-enum. I’ve created a pull request to address these fixes: Daniel Miller (Dec 01) Ben, There is the nmap-announce list for announcements of general interest to Nmap users, and we welcome all forms of discussion about Nmap here on nmap-dev. You can also get in touch with Nmap users on our IRC channel, #nmap on Freenode IRC, or on Reddit on /r/nmap. — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community.

The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue. • • • • • EMC Product Security Response Center (Dec 23) ESA-2017-155: EMC VNX1 and VNX2 Family Reflected Cross Site Scripting Vulnerability in VNX Control Station EMC Identifier: ESA-2017-155 CVE Identifier: CVE-2017-14383 Severity Rating: CVSS v3 Base Score: 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) Affected products: Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 Dell EMC VNX1 versions prior to Operating Environment for File 7.1.80.8 Summary: A fix is available for.

Ryan Dewhurst (Dec 23) Hi, If you email plugins-at-wordpress.org they will attempt to contact the author, and if unable to, they usually remove the plugin from their repository. Thanks, Ryan bashis (Dec 23) [STX] Subject: Vitek RCE and Information Disclosure (and possible other OEM) Attack vector: Remote Authentication: Anonymous (no credentials needed) Researcher: bashis (December 2017) PoC: Release date: December 22, 2017 Full Disclosure: 0-day heap: Executable + Non-ASLR stack: Executable + ASLR -[Manufacture Logo]- _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ___. Zmx (Dec 23) Next step, email from DoubleClick. — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently! • • • • • Apple Product Security (Dec 14) APPLE-SA-2017-12-13-1 iOS 11.2.1 iOS 11.2.1 is now available and addresses the following: HomeKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A remote attacker may be able to unexpectedly alter application state Description: A message handling issue was addressed with improved input validation.

CVE-2017-13903: Tian Zhang Installation note: This update is available through iTunes and Software. Apple Product Security (Dec 14) APPLE-SA-2017-12-13-2 tvOS 11.2.1 tvOS 11.2.1 is now available and addresses the following: HomeKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: A remote attacker may be able to unexpectedly alter application state Description: A message handling issue was addressed with improved input validation. CVE-2017-13903: Tian Zhang Installation note: Apple TV will periodically check for software updates. Alternatively, you may. Asterisk Security Team (Dec 14) Asterisk Project Security Advisory - AST-2017-012 Product Asterisk Summary Remote Crash Vulnerability in RTCP Stack Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate.

Apple Product Security (Dec 14) APPLE-SA-2017-12-13-7 Additional information for APPLE-SA-2017-12-6-4 tvOS 11.2 tvOS 11.2 addresses the following: IOSurface Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13861: Ian Beer of Google Project Zero Kernel Available for: Apple TV 4K and Apple TV. Kretschmann (Dec 14) 1. ADVISORY SUMMARY Kemp Load Balancers - Module Application Firewall Pack (AFP) - Web Application Firewall (WAF) does not inspect HTTP POST data Risk: high Application: Kemp Load Balancers - Module Application Firewall Pack (AFP) Versions Affected: 7.1.30 (Nov 2015) to 7.2.40 (Oct 2017) // Older versions are probably affected too, but they were not checked Vendor: KEMP Technologies Vendor URL: Sent to. Apple Product Security (Dec 14) APPLE-SA-2017-12-13-5 Safari 11.0.2 Safari 11.0.2 addresses the following: WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.2 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7156: an anonymous researcher CVE-2017-7157: an anonymous researcher CVE-2017-13856.

Michael Gilbert (Dec 13) ------------------------------------------------------------------------- Debian Security Advisory DSA-4064-1 security () debian org Michael Gilbert December 12, 2017 ------------------------------------------------------------------------- Package: chromium-browser CVE ID: CVE-2017-15407. Atlassian (Dec 11) This email refers to the advisory found at and. CVE ID: * CVE-2017-14591. Product: Fisheye and Crucible. Affected Fisheye and Crucible product versions: version. — A high-volume list which permits people to ask 'stupid questions' without being derided as 'n00bs'.

I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well. • • • • Hafez Kamal (Dec 16) This is the FINAL CALL to submit your research papers to the 8th annual Hack In The Box Security Conference in The Netherlands. CFP is closing December 31st @ 23:59 CET!

Call for Papers: Event Website: HITBSecConf has always been an attack oriented deep-knowledge research event aimed at not only bringing the security community together, but one that also highlights. Jackie Blanco (Nov 01) You are invited to participate in the following conference: THE FIFTH INTERNATIONAL CONFERENCE ON CYBER SECURITY, CYBER WELFARE AND DIGITAL FORENSIC (CyberSec2017) Venue: St. Mary's University, Addis Ababa, Ethiopia Dates: April 22-24, 2017 URL: The conference aims to enable researchers build connections between different digital applications. — While this list is intended for 'professionals', participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing. • • • • • Francisco Amato (Nov 13) Faraday is the Integrated Multiuser Risk Environment you have always been looking for!

It maps and leverages all the data you generate in real time, letting you track and understand your audits. Our dashboard for CISOs and managers uncovers the risks and impacts and risks being assessed by the audit in real-time without a single email. Developed with a specialized set of functionalities that helps users improve their own work, the main purpose is. — Carries news items (generally from mainstream sources) that relate to security.

• • • • InfoSec News (Feb 05) By Jai Vijayan DarkReading.com 2/4/2016 Critics maintain that Norse Corp. Is peddling threat data as threat intelligence.

A massive and potentially company-ending shakeup at security vendor Norse Corp. In recent weeks amid controversy over its practices may be a signal that the threat intelligence industry is finally maturing.

InfoSec News (Feb 05) By Jim Reno InfoWorld.com Feb 4, 2016 A few weeks ago on a Saturday morning I tried to pay a medical bill online and received the following message: Sorry! In order to serve you better, our website will be down for scheduled maintenance from Friday 6:00 PM to Sunday 6:00 PM. OK, I get it.

Stuff happens. However, the following week I. InfoSec News (Feb 05) By Kaveh Waddell The Atlantic February 4, 2016 A nuclear scientist formerly employed by the federal government admitted Tuesday that he tried to infect the computers of about 80 government employees whom he believed had access to nuclear materials and weapons. According to court documents released by the Justice.

InfoSec News (Feb 05) By Lim Yan Liang The Straits Times Feb 4, 2016 Singapore will face more cyber attacks as technology is increasingly used in everyday life, from smart traffic lights and driverless trains to the ubiquitous smartphones. The greater risk, which is inevitable as Singapore pushes to be a Smart Nation, was flagged yesterday by the managing director of the Infocomm. InfoSec News (Feb 05) By Krzysztof Polak ComputerWeekly.com 04 Feb 2016 The internet of things (IoT) has gone from an industry buzzword to a highly promising phenomenon in central and eastern Europe – but IT specialists are concerned about how to protect networks from the extra strain of new connected devices. The driving force behind IoT is the desire to gain. — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

• • • • • Francisco Amato (Nov 14) Faraday is the Integrated Multiuser Risk Environment you have always been looking for! It maps and leverages all the data you generate in real time, letting you track and understand your audits. Our dashboard for CISOs and managers uncovers the risks and impacts and risks being assessed by the audit in real-time without a single email. Developed with a specialized set of functionalities that helps users improve their own work, the main purpose is. Francisco Amato (Jul 24) Faraday is the Integrated Multiuser Risk Environment you were looking for! It maps and leverages all the knowledge you generate in real time, letting you track and understand your audits. Our dashboard for CISOs and managers uncovers the impact and risk being assessed by the audit in real-time without the need for a single email.

Developed with a specialized set of functionalities that helps users improve their own work, the main purpose is to. — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave. • • • • • Luiz Eduardo (Dec 18) Where: Sao Paulo, Brazil When: May 21st, 2018 Call for Papers Opens: December 15th, 2017 Call for Papers Close: February 28th, 2018 @ystscon ABOUT THE CONFERENCE you Sh0t the Sheriff is a very unique, one-day, event dedicated to bringing cutting edge talks to the top-notch professionals of the Information Security Community. The conference’s main goal is to bring the attendees to the current state of the information.

Jordan Wiens (Dec 11) There's long been a bit of friction (some real, some manufactured) between academic security research in the Ivory Tower and much of the rest of our community practicing in the field. Many many people have spent long hours paving the road from the tower to the town and vice-versa. Bratus in particular seems to have dedicated his career to the cause (thanks, Sergey!). Some security cons have adopted a bit of needed rigor from the academic. Jared DeMott (Dec 05) I make this point a lot also - to folks feeling overwhelmed - keeping the pace with info overload is new. It's a very interesting challenge.:) Dave Aitel (Dec 04) So for a while it was like being on a treadmill trying to keep up with the security communities technical advances.

These days, it's like being a guy on a skateboard while several fireman shoot you with firehoses from different directions. Even staying current on one platform seems impossible for super-experts.

I say this, because I noted someone pointing out that the DirtyCow patch maybe didn't work, and maybe didn't work in an. Kyle Creyts (Dec 01) I think commodity malware have come much further than legitimate tools in some regards, and are much further behind in others. Notably, almost all commodity criminal implants have an specificity of mission not commonly found in the group of attack frameworks you highlight. The typical level of specificity is 'I want to make money off this implant' and one typical outcome of this ambiguity is having N ways to make money: through.

Dave Aitel (Dec 01) Recently at RPISEC and on Twitter people have asked me what the design differences are between INNUENDO and something like Meterpreter. I think these are quite large really, and worth trying to explain. Really it boils down to a fundamentally different algorithmic approach to distributed computation. So the following chart talks about various types of algorithms and how they might apply to our world. An Emergent algorithm is one where lots of. Dave Aitel (Dec 01) So let's say you are attacking a large network, and you have a number of implants on that network.

At some point, some of those implants get coopted by the defenders (or by another attacker). You want to change the behavior of your implants if enough of them are compromised or killed. There are biological problems very similar to this: in particular, biofilms. A key question of the. Andrew Case (Nov 28) We are excited to announce that the results of the 2017 Volatility Plugin Contest are in: We had many novel submissions this year across a wide variety of operating systems, malware detection strategies, and userland application artifacts.

Andrew Case (Nov 06) We just published a blog post detailing the infrastructure, initial infection strategies, and payloads of the resurgent OceanLotus threat group: A follow up post detailing the phishing activity and malware infrastructure is coming soon. Comments welcome! Dave Aitel (Nov 06) Direct Prezi Link: The whole point of a CTO in any of the security companies we all live in is that you have a phased array radar constantly pointing at the future. For what it's worth, the screenshot below is from the T2 Keynote a couple weeks ago, pointing pretty clearly at Twitter as a strategic target (in several ways). The video of the talk is not out yet, but if you annoy the T2 staff they'll.

Thomas (Nov 06) hi readers of DD SyScan360 in Singapore 2018 will be held March 17 - 23, 2018. It will be a single track, 2-day conference with WhiskeyCon on the last day of the conference. Training classes (3-day, 4-day and 5-day) will be held before the conference.

The Call for Training (CFT) and Call for Papers (CFP) is opened. The closing date for CFT is 15th November 2017. The closing date for CFP is 31st November 2017. Please visit.

Charisse Castagnoli (Nov 03) The IoT protection part of this bill is not interesting, but the amendments to the Computer Fraud and Abuse Act and the DMCA are useful for researchers of IoT vulnerabilities Feel free to write or call in support. Relevant sections: (2) COMPUTER FRAUD AND ABUSE ACT.—Section 1030 of title 18, United.

Moses Hernandez (Oct 30) I have always wondered at what point does the CEO stop thinking strategy and start thinking culture. Does it happen all at once, throughout the day, or does it come in shifts? Unless you believe CEO is all about strategy and not culture. Does the culture in the company become a strategic and immutable (no pun intended) asset?

I’ve been torn on this concept in leadership, maybe because strategy and culture are actually two sides of the same. Dave aitel (Oct 16) So I'm about to do V6 of my T2 keynote - usually it takes about 10 full runs until a keynote is good. This is why we are very very careful about asking people to do keynotes. They typical first run of a keynote gets feedback like 'This is terrible. Just terrible. (Except Halvar's). In any case, I've sent out versions of it to lots of different people for feedback and I've noticed a few things.

Probably the. Ryan Duff (Oct 10) Yeah he was. The tragedy is how few will know everything he's done for his country. But that's how it is. He'll definitely be remembered by anyone who had the pleasure of working with him.

— General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast. • • • • • Security Weekly (Dec 22) Happy Holidays from Security Weekly!

Happy Holidays Security Weekly Tribe! A number of you have told us that sometimes you sign up for our webcasts only to have your schedule go sideways and you miss it. While we love the ability to have real discussions and share insights during the live webcasts, I have a special gift for you (below). In the coming year, we’re working on an on-demand format. Our team is working to identify crucial. — Discussions about tracking attackers by setting up decoy honeypots or entire networks.

• • • • Matteo Cantoni (Feb 14) Hello everyone, I would like share with you for educational purposes and without any commercial purpose, data collected by the my homemade honeypot. Nothing new, nothing shocking, nothing sensational.

But I think can be of interest to newcomers to the world of analysis of malware, botnets, etc. Maybe for a thesis. The files collected are divided into zip archives, in alphabetical order, with password (which must be request via email). — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading 'mitigating factors' section. • • • • • Microsoft (Dec 12) ******************************************************************** Title: Microsoft Security Advisory Notification Issued: December 12, 2017 ******************************************************************** Security Advisories Released or Updated Today ============================================== Please note that the URL for Microsoft security documents has changed. * Microsoft Security Advisory 4056318 - Title: Guidance for securing. Microsoft (Dec 12) ******************************************************************** Microsoft Security Update Summary for December 2017 Issued: December 12, 2017 ******************************************************************** This summary lists security updates released for December 2017.

Complete information for the December 2017 security update release can Be found. Microsoft (Dec 07) ******************************************************************** Microsoft Security Update Summary for December 7, 2017 Issued: December 7, 2017 ******************************************************************** This summary lists security updates released for December 7, 2017. Complete information for the December 2017 security update release can Be found. Microsoft (Dec 06) ******************************************************************** Microsoft Security Update Summary for December 6, 2017 Issued: December 6, 2017 ******************************************************************** This summary lists security updates released for December 6, 2017. Complete information for the December 2017 security update release can Be found. Microsoft (Dec 01) ******************************************************************** Title: Microsoft Security Advisory Notification Issued: December 1, 2017 ******************************************************************** Security Advisories Released or Updated Today ============================================== Please note that the URL for Microsoft security documents has changed.

* Microsoft Security Advisory 4053440 - Title: Securely opening. Microsoft (Dec 01) ******************************************************************** Title: Microsoft Security Update Minor Revisions Issued: November 29, 2017 ******************************************************************** Summary ======= The following CVEs have been revised in the October 2017 or the November 2017 Security Updates. * CVE-2017-8718 * CVE-2017-11870 * CVE-2017-11873 * CVE-2017-11882 Revision Information: =====================.

Microsoft (Nov 28) ******************************************************************** Title: Microsoft Security Update Releases Issued: November 28, 2017 ******************************************************************** Summary ======= The following CVE and security advisory have been revised in the November 2017 Security Updates. * CVE-2017-11882 * ADV170020 Revision Information: ===================== CVE-2017-11882 - Title: CVE-2017-11882 . Microsoft (Nov 28) ******************************************************************** Title: Microsoft Security Update Minor Revisions Issued: November 28, 2017 ******************************************************************** Summary ======= The following CVEs has been revised in the November 2017 Security Updates.

* CVE-2017-11770 Revision Information: ===================== CVE-2017-11770 - Title: CVE-2017-11770 .NET CORE Denial Of Service. Microsoft (Nov 22) ******************************************************************** Title: Microsoft Security Update Minor Revisions Issued: November 21, 2017 ******************************************************************** Summary ======= The following CVE has been revised in the November 2017 Security Updates. * CVE-2017-11882 Revision Information: ===================== CVE-2017-11882 Title: CVE-2017-11882 Microsoft Office Memory Corruption. Microsoft (Nov 16) ******************************************************************** Title: Microsoft Security Update Releases Issued: November 16, 2017 ******************************************************************** Summary ======= The following security advisory has been revised in the October 2017 Security Updates.

* ADV170012 Revision Information: ===================== ADV170012 - Title: ADV170012 Vulnerability in TPM could allow Security. Microsoft (Nov 16) ******************************************************************** Title: Microsoft Security Update Minor Revisions Issued: November 16, 2017 ******************************************************************** Summary ======= The following CVEs and Security Advisory have been revised in the November 2017 Security Updates. * CVE-2017-8700 * CVE-2017-11883 * ADV170020 Revision Information: ===================== CVE-2017-8700 - Title. Microsoft (Nov 14) ******************************************************************** Microsoft Security Update Summary for November 2017 Issued: November 14, 2017 ******************************************************************** This summary lists security updates released for November 2017. Complete information for the November 2017 security update release can Be found. Microsoft (Nov 09) ******************************************************************** Title: Microsoft Security Update Releases Issued: November 9, 2017 ******************************************************************** Summary ======= The following CVE has been revised in the July 2017 Security Updates. * CVE-2017-8585 Revision Information: ===================== CVE-2017-8585 - Title: CVE-2017-8585 .NET Denial of Service Vulnerability.

Microsoft (Nov 08) ******************************************************************** Title: Microsoft Security Advisory Notification Issued: November 8, 2017 ******************************************************************** Security Advisories Released or Updated Today ============================================== * Microsoft Security Advisory 4053440 - Title: Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields. Microsoft (Nov 01) ******************************************************************** Title: Microsoft Security Update Minor Revisions Issued: November 1, 2017 ******************************************************************** Summary ======= The following CVE has been revised in the October 2017 Security Updates. * CVE-2017-11826 Revision Information: ===================== CVE-2017-11826 - Title: CVE-2017-11826 Microsoft Office Memory Corruption. — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community • • • • Jeffrey Walton (Mar 26) A business to business telecommunication giant, Verizon Enterprise Solutions, a Basking Ridge, New Jersey-based company, has been the latest victim of a cyber crime that stole 1.5 million contact records of the customers of Verizon. I don't quite understand this double talk. Could someone explain to me: A spokesperson from Verizon said that.

Jeffrey Walton (Mar 16) (From John Young on another list): As many of you already know, the government cited the Lavabit case in a footnote. The problem is their description insinuates a precedent that was never created. Obviously I was somewhat disturbed by their misrepresentation. So I decided to draft a statement. And keep in mind, these are the same people who say 'trust us.'

Click continue to read. Jeffrey Walton (Feb 29) Deng Xiaoping, in 1979 - his second year as supreme leader of China - perceived a fundamental truth that has yet to be fully grasped by most Western leaders: Software, if properly weaponized, could be far more destructive than any nuclear arsenal. Under Deng’s leadership, China began one of the most ambitious and sophisticated meta- software. Jeffrey Walton (Feb 27) Here's an interesting exchange between Cryptome and Michael Froomkin, Law Professor at University of Miami, on the All Writs Act (): ----- A. Michael Froomkin: The factual posture in the key Supreme Court precedent, New York Telephone, involved a situation where only the subject of the order was capable of providing the assistance at issue.

This is the basis for Apple's. Jeffrey Walton (Feb 23) I'm an ex-sheriff, and I've been in and out of security jobs for much of my life, so I've got some familiarity with the issues underlying the drama between the FBI and Apple. FBI officials -- and likely those in every other three-letter agency and their counterparts all over the world -- would like an easier way to do their jobs. Wouldn't we all?

If they could put cameras in. Jeffrey Walton (Jan 01) (): In 1999, Lance Hoffman, David Balenson, and others published a survey of non-US cryptographic products. The point of the survey was to illustrate that there was a robust international market in these products, and that US-only export restrictions on strong encryption did nothing to prevent its adoption and everything to disadvantage US corporations. This was an important contribution. — The has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

• • • • • US-CERT (Dec 21) U.S. Department of Homeland Security US-CERT National Cyber Awareness System: North Korean Malicious Cyber Activity [ ] 10:45 AM EST Original release date: December 21, 2017 The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified Trojan malware variantsreferred to as BANKSHOTused by the. US-CERT (Dec 14) U.S. Department of Homeland Security US-CERT National Cyber Awareness System: Google Releases Security Update for Chrome [ ] 09:09 PM EST Original release date: December 14, 2017 Google has released Chrome version 63.0.3239.108 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take.

US-CERT (Dec 13) U.S. Department of Homeland Security US-CERT National Cyber Awareness System: Apple Releases Security Updates for iOS and tvOS [ ] 05:51 PM EST Original release date: December 13, 2017 Apple has released security updates to address a HomeKit vulnerability in iOS and tvOS. A remote attacker could exploit this vulnerability to. US-CERT (Dec 13) U.S. Department of Homeland Security US-CERT National Cyber Awareness System: Transport Layer Security (TLS) Vulnerability [ ] 10:46 AM EST Original release date: December 13, 2017 CERT Coordination Center (CERT/CC) has released information on a Transport Layer Security (TLS) vulnerability. Exploitation of this vulnerability could.

US-CERT (Dec 12) U.S. Department of Homeland Security US-CERT National Cyber Awareness System: Apple Releases Security Updates [ ] 07:38 PM EST Original release date: December 12, 2017 Apple has released security updates to address vulnerabilities in AirPort Base Station. An attacker could exploit some of these vulnerabilities to take control of an affected. US-CERT (Dec 12) U.S. Department of Homeland Security US-CERT National Cyber Awareness System: Microsoft Releases December 2017 Security Updates [ ] 03:29 PM EST Original release date: December 12, 2017 Microsoft has released updates to address vulnerabilities in Microsoft software.

A remote attacker could exploit some of these. US-CERT (Dec 07) U.S.

Department of Homeland Security US-CERT National Cyber Awareness System: Mozilla Releases Security Updates [ ] 06:50 PM EST Original release date: December 07, 2017 Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit these vulnerabilities to take control of an. US-CERT (Dec 07) U.S. Department of Homeland Security US-CERT National Cyber Awareness System: Microsoft Releases Security Updates for its Malware Protection Engine [ ] 05:52 PM EST Original release date: December 07, 2017 Microsoft has released updates to address a vulnerability in Microsoft Malware Protection Engine.

US-CERT (Dec 06) U.S. Department of Homeland Security US-CERT National Cyber Awareness System: Google Releases Security Update for Chrome [ ] 05:08 PM EST Original release date: December 06, 2017 Google has released Chrome version 63.0.3239.84 for Windows, Mac, and Linux.

This version addresses vulnerabilities that an attacker could exploit to take. US-CERT (Dec 06) U.S. Department of Homeland Security US-CERT National Cyber Awareness System: Apple Releases Security Updates [ ] 05:15 PM EST Original release date: December 06, 2017 Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an. US-CERT (Dec 05) U.S.

Department of Homeland Security US-CERT National Cyber Awareness System: Securing Mobile Devices During Holiday Travel [ ] 04:12 PM EST Original release date: December 05, 2017 As the holiday season begins, many people will travel with their mobile devices. Although these devicessuch as smart phones, tablets, and. US-CERT (Dec 04) U.S. Department of Homeland Security US-CERT National Cyber Awareness System: TA14-017A: UDP-Based Amplification Attacks [ ] Original release date: January 17, 2014 Updated on: December 4, 2017 Systems Affected Certain application-layer protocols that rely on the User Datagram Protocol (UDP) have been identified as potential attack vectors. These include * Domain Name System (DNS), *. US-CERT (Dec 04) U.S.

Department of Homeland Security US-CERT National Cyber Awareness System: Mozilla Releases Security Update for Firefox [ ] 07:32 PM EST Original release date: December 04, 2017 Mozilla has released a security update to address multiple vulnerabilities in Firefox 57. A remote attacker could exploit these vulnerabilities to take. US-CERT (Dec 04) U.S. Department of Homeland Security US-CERT National Cyber Awareness System: Apache Software Foundation Releases Security Updates [ ] 06:18 PM EST Original release date: December 04, 2017 The Apache Software Foundation has released security updates to address vulnerabilities in Apache Struts versions 2.5 to 2.5.14. US-CERT (Nov 21) U.S.

Department of Homeland Security US-CERT National Cyber Awareness System: Intel Firmware Vulnerability [ ] 11:02 AM EST Original release date: November 21, 2017 Intel has released recommendations to address vulnerabilities in the firmware of the following Intel products: Management Engine, Server Platform Services, and Trusted Execution.