Meta tags:
description= Security mailing list archive for the Nmap lists, Bugtraq, Full Disclosure, Security Basics, Pen-test, and dozens more. Search capabilities and RSS feeds with smart excerpts are available;
keywords= Security,Mailing Lists,nmap-dev,nmap-hackers,Bugtraq,Full Disclosure,Security Basics,Penetration Testing,Info Security News,Firewall Wizards,IDS Focus,Web App Security,Daily Dave,Honepots,MS Sec Notification,Funsec,CERT Advisories,Open Source Security,NANOG,Interesting People,RISKS,Metasploit,Wireshark,Snort;
Headings (most frequently used words):
security, lists, org, seclists, tool, tools, capture, packet, npcap, scanner, nmap, resources, related, more, development, open, source, infrastructure, and, issues, internet, excellent, other, insecure, archive, list, mailing, about,
Text of the page (most frequently used words):
the (320), and (246), #risks (124), for (120), #security (92), 2024 (83), #this (79), #list (78), mar (72), #that (71), https (61), about (54), #nmap (53), #issue (52), #snort (51), via (50), #with (44), com (43), archived (42), apple (41), org (41), are (39), rules (39), you (38), www (38), http (37), posts (37), can (35), has (35), forum (34), cve (34), also (33), digest (32), information (31), from (30), last (29), not (28), see (27), current (27), rss (27), feed (27), version (26), cisa (26), all (25), have (25), systems (24), file (23), mixer (23), which (22), lists (22), women (22), secure (22), may (22), etc (22), advisories (22), related (21), when (21), these (21), vulnerability (21), would (20), one (20), linux (19), but (19), source (19), found (19), available (19), still (18), sunday (18), util (18), public (18), advisory (18), default (18), wall (18), cyber (17), been (17), news (17), computers (17), use (17), founder (17), support (17), other (17), volume (17), dailydave (16), neumann (16), site (16), peter (16), some (16), dev (16), most (16), code (15), updates (15), new (15), there (15), zenmap (15), matthew (15), wheeler (15), escape (15), hackers (15), caveats (15), latest (15), catless (15), ncl (15), open (15), owner (15), html (15), disclaimers (15), further (15), item (15), moderator (15), comp (15), acm (15), cybersecurity (15), more (14), was (14), packages (14), 2023 (14), research (14), ransomware (14), discussion (13), line (13), curl (13), recent (13), vulnerabilities (13), page (13), injection (13), software (13), sigs (13), call (12), release (12), infrastructure (12), its (12), will (12), talos (12), files (12), subscriber (12), update (12), community (12), command (12), their (12), data (12), 28085 (11), what (11), web (11), sequence (11), dave (11), nanog (11), n91 (11), fulldisclosure (11), windows (11), releases (11), 2022 (11), local (11), any (11), make (11), they (11), python3 (11), modified (10), now (10), oct (10), agency (10), using (10), server (10), many (10), while (10), lib (10), zenmapgui (10), like (10), issues (10), such (10), read (10), jan (10), macos (10), threat (9), dec (9), npcap (9), network (9), only (9), well (9), over (9), how (9), conference (9), than (9), today (9), here (9), lot (9), 2020 (9), things (9), attacks (9), into (9), vulnerable (9), people (9), through (9), used (9), multiple (8), based (8), remote (8), netflow (8), don (8), following (8), control (8), organizations (8), two (8), saturday (8), march (8), malvuln (8), details (8), true (8), git (8), who (8), malware (8), products (8), traceback (7), then (7), our (7), she (7), added (7), check (7), access (7), time (7), dom (7), provide (7), development (7), product (7), between (7), push (7), request (7), archive (7), user (7), docs (7), fbi (7), out (7), known (7), years (7), impact (7), project (7), emacs (7), jun (7), does (7), error (7), microsoft (7), message (7), aitel (7), way (7), commit (7), report (7), airflow (7), year (7), stop (7), execution (7), events (7), industrial (6), world (6), just (6), app (6), nov (6), think (6), before (6), affected (6), original (6), hard (6), state (6), hacker (6), thehackernews (6), libcurl (6), usage (6), utf (6), first (6), february (6), thought (6), ukraine (6), had (6), exploit (6), certificate (6), quarter (6), mailing (6), mark (6), traffic (6), xss (6), being (6), system (6), design (6), users (6), high (6), say (6), often (6), since (6), crash (6), alerts (6), your (6), github (6), ios (6), ipados (6), detection (6), maintains (6), stderr (6), content (6), privilege (6), addresses (6), ht201222 (6), x86 (6), sets (6), escalation (6), program (6), lead (6), hello (6), please (6), complete (6), synopsis (6), ventura (5), operations (5), offensive (5), number (5), non (5), oig (5), iphone (5), session (5), tech (5), team (5), daniel (5), find (5), target (5), know (5), class (5), bug (5), released (5), technologies (5), huge (5), threats (5), function (5), emerging (5), coverage (5), rule (5), gov (5), apache (5), set (5), updated (5), free (5), categories (5), sec (5), several (5), modifies (5), adds (5), search (5), next (5), subscribed (5), coremedia (5), against (5), login (5), get (5), configuration (5), scriptinterface (5), profile (5), different (5), pull (5), buffer (5), even (5), monitoring (5), fyodor (5), technical (5), another (5), image (5), self (5), talk (5), old (5), name (5), full (5), dear (5), those (5), important (5), because (5), december (5), script (5), disclosure (5), safe (4), businesses (4), adding (4), attack (4), them (4), pattern (4), hit (4), packet (4), healthcare (4), according (4), event (4), were (4), processing (4), guide (4), arbitrary (4), 2021 (4), january (4), announce (4), currently (4), great (4), lines (4), archives (4), recently (4), tomorrow (4), defend (4), cybercriminals (4), during (4), big (4), anything (4), download (4), pcap_getevent (4), seclists (4), allows (4), tinka (4), note (4), callback (4), webkitgtk (4), permalink (4), wednesday (4), activity (4), run (4), write (4), coding (4), type (4), versions (4), 0002 (4), wsa (4), says (4), below (4), gnu (4), mode (4), gordon (4), lyon (4), thing (4), record (4), head (4), general (4), never (4), day (4), family (4), able (4), match (4), sonoma (4), really (4), change (4), peer (4), every (4), running (4), intended (4), nsa (4), ipad (4), application (4), take (4), ferrante (4), population (4), skyler (4), week (4), analysis (4), department (4), headers (4), announced (4), bypass (4), stenberg (4), protocol (4), very (4), allow (4), 255 (4), got (4), wireshark (4), stack (4), overflow (4), doing (4), 0xc15a (4), false (4), questions (4), bugtraq (4), win32 (4), snort3 (4), help (4), device (4), built (4), put (4), regular (4), cross (4), pick (4), lightspd (4), real (4), regarding (4), policy (4), papers (4), object (4), address (4), speakers (4), sys (4), protocols (3), prioritization (3), without (3), log (3), told (3), including (3), generation (3), sep (3), results (3), shows (3), networks (3), online (3), connection (3), identify (3), 26th (3), birthday (3), chinese (3), attribute (3), telsh (3), zero (3), 13th (3), quic (3), filter (3), ipv4 (3), exploiting (3), military (3), month (3), better (3), group (3), description (3), url (3), webkit (3), same (3), hope (3), wpe (3), projects (3), capturing (3), value (3), advanced (3), cgit (3), apt (3), sidewinder (3), 1000 (3), behind (3), happy (3), 000 (3), bad (3), savannah (3), aware (3), practices (3), want (3), applications (3), large (3), could (3), credentials (3), much (3), 379 (3), memory (3), looking (3), seh (3), understanding (3), given (3), beecher (3), tom (3), quite (3), topic (3), paying (3), 2720 (3), guidance (3), emegrab (3), management (3), 261 (3), script_list_timer_callback (3), always (3), checkmk (3), insecure (3), internet (3), contact (3), feb (3), exploitation (3), scanner (3), vuln (3), argv (3), tools (3), breachexchange (3), devices (3), mean (3), sure (3), doj (3), ndiff_process (3), domains (3), discovery (3), due (3), service (3), sending (3), agent (3), giving (3), allowed (3), check_ndiff_process (3), lunch (3), enough (3), karakurt (3), ipfix (3), pdf (3), problem (3), morris (3), workshop (3), job (3), show (3), add (3), opportunity (3), sites (3), wit (3), said (3), container (3), anne (3), wrote (3), attributeerror (3), consult (3), docker (3), wolfssl (3), ids (3), scammers (3), something (3), lab (3), money (3), ares (3), gathering (3), solution (3), devel (3), doesn (3), jakub (3), pro (3), upstream (3), seems (3), should (3), sense (3), far (3), seem (3), iwcc (3), introduced (3), effect (3), engine (3), summary (3), later (3), back (3), safari (3), yet (3), locales (3), rule_tree_queue (3), each (3), bugs (3), thank (3), authentication (3), survey (3), sophos (3), response (3), developers (3), previous (3), visionos (3), six (3), both (3), eight (3), combines (3), training (3), circontrol (3), designer (3), charged (3), need (3), sharing (3), fifth (3), warned (3), international (3), multi (3), framework (3), fixation (3), monday (3), interpol (3), malicious (3), mbedtls (3), north (3), off (3), tls (3), three (3), john (3), process (3), didn (2), 2004 (2), 8006 (2), pre (2), 0b1 (2), tuominen (2), homepage (2), actually (2), enduring (2), identity (2), obviously (2), social (2), pullrequest (2), welcome (2), 0670 (2), finland (2), tomi (2), tina (2), draft (2), hackathon (2), cfp (2), sometimes (2), wasn (2), registration (2), early (2), occur (2), karel (2), extensive (2), mitchell (2), austria (2), title (2), domxss (2), features (2), writable (2), either (2), haven (2), feel (2), legal (2), email (2), chair (2), travel (2), having (2), info (2), industry (2), leak (2), changing (2), christian (2), advantage (2), her (2), female (2), june (2), charger (2), repository (2), txt (2), happened (2), reading (2), vendor (2), powergadget (2), funsec (2), hyp3rlinx (2), aka (2), intel (2), notification (2), honeypots (2), pauldotcom (2), heinrich (2), 2379 (2), icmp (2), certain (2), requests (2), author (2), cap (2), probably (2), exploited (2), msi (2), smokeloader (2), skips (2), interesting (2), finds (2), mitm (2), hev (2), 3b9e9e130d52fe95c8be82aa4b8feb74 (2), credits (2), jail (2), malvuln13 (2), edt (2), twitter (2), pe32 (2), recall (2), helsinki (2), dist (2), cert (2), after (2), platforms (2), work (2), scan (2), idea (2), backdoor (2), editor (2), media (2), going (2), decades (2), 270 (2), compare (2), diffcompare (2), metafox (2), gmail (2), nonetype (2), gonçalo (2), shell (2), tips (2), computer (2), upload (2), 2334 (2), attacker (2), suggestions (2), thanks (2), surely (2), anyone (2), hours (2), massive (2), student (2), seconds (2), flow (2), around (2), anniversary (2), ytti (2), defs (2), saku (2), donor (2), leverage (2), asr9k (2), putting (2), python (2), configured (2), availability (2), nice (2), numbers (2), pass (2), become (2), subscribe (2), new_window (2), daily (2), anywhere (2), twenty (2), effective (2), practical (2), continue (2), nightmare (2), performance (2), assets (2), leaked (2), example (2), key (2), fix (2), agility (2), kernel (2), 2466 (2), moderated (2), sequences (2), improvements (2), changed (2), conversation (2), business (2), hostname (2), fundamental (2), arguments (2), specified (2), crime (2), done (2), cdd3cc7fa4 (2), 2013 (2), click (2), exploits (2), rit (2), port (2), strategies (2), whom (2), yeah27 (2), comment (2), brian (2), disabled (2), rest (2), oss (2), scripting (2), professional (2), occurs (2), major (2), sflow (2), implementations (2), firewall (2), techniques (2), jan24 (2), 19a14d0414aec62ef38378de2e8b259d (2), amazing (2), second (2), july (2), interest (2), pts (2), share (2), recommend (2), gui (2), august (2), root (2), 20240307 (2), md5 (2), vienna (2), collector (2), summarize (2), dhs (2), verification (2), miss (2), cutting (2), wilk (2), permissions (2), little (2), task (2), edge (2), useful (2), gossip (2), named (2), format (2), characters (2), provides (2), mvid (2), handler (2), commitments (2), folders (2), ascii (2), enforcing (2), attending (2), showing (2), fixed (2), matters (2), above (2), 2398 (2), half (2), 2025 (2), amount (2), case (2), part (2), worked (2), meeting (2), lawyers (2), hiscox (2), persistent (2), plugin (2), actor (2), targeting (2), april (2), linked (2), university (2), selling (2), gid (2), sold (2), implementation (2), mpse (2), side (2), nigerian (2), nabs (2), called (2), java (2), others (2), cnc (2), webapp (2), men (2), enabled (2), facilitate (2), tree (2), unit (2), test (2), korean (2), warns (2), joint (2), enable (2), posing (2), dprk (2), detect (2), launched (2), let (2), sell (2), light (2), came (2), tds (2), parrot (2), theregister (2), raw (2), packets (2), folks (2), ransoms (2), extortion (2), search_engine (2), detect_raw_tcp (2), log_references (2), give (2), seizes (2), sky (2), conducting (2), rucombs (2), combs (2), russ (2), states (2), foreign (2), 0x2 (2), office (2), word (2), begin (2), stolen (2), personal (2), ddos (2), includes (2), highly (2), article (2), incidents (2), sniffer (2), seeing (2), asking (2), encrypted (2), average (2), percent (2), annual (2), handle (2), metasploit (2), tool (2), premier (2), announcement (2), close (2), comes (2), once (2), favorite (2), growth (2), question (2), makes (2), blog (2), post (2), kind (2), moderates (2), aggressive (2), luck (2), additional (2), disable (2), broadcast (2), items (2), sent (2), jonathan (2), 3483 (2), impacts (2), environment (2), cycle (2), where (2), step (2), best (2), regards (2), mohamed (2), sayed (2), ics (2), services (2), attackers (2), browser (2), chrome (2), snapshot (2), pulledpork (2), polled (2), federal (2), serious (2), zagala (2), france (2), venezuela (2), sale (2), profit (2), arrangements (2), small (2), days (2), nearly (2), basic (2), compromise (2), dheeraj (2), official (2), whatever (2), earlier (2), vlad (2), uncover (2), api (2), war (2), controlling (2), november (2), advertising (2), oem (2), install (2), scenes (2), rages (2), russia (2), scanners (2), researchers (2), audit (2), private (2), almost (2), conflict (2), include (2), 2019 (2), tracking (2), topics (2), pay (2), under (2), digital (2), resources (2), music, replies, penetration, nping, testing, misses, auditing, permits, watch, ask, fine, indicator, 0p23, 0p40, wierd, override, runs, works, excellent, stupid, frequently, basics, classy, newbies, however, n00bs, derided, disclose, generally, frequenly, impression, methods, notoriously, challenges, unique, insights, form, roughly, tons, immunitysec, 192, promotional, fault, immunity, pseudo, sql, password, participants, wizards, professionals, relate, sources, mainstream, robson, carries, administrators, jeopardize, streaming, tricks, focus, intrusion, forgery, browsing, attached, gupta, generated, points, subscription, dibella, kindly, aslr, 0675, vol, downloaded, pcap, cfg, 220, weird, echo, lack, engineer, reply, invictux, dep, ulmeanu, worthy, 19th, variables, patterndescriptor, supposed, lowmem, ignores, reliability, conjunction, apologies, held, blob, bd6cbf1bbd3dcad9cd09261786b664d819357d94, anthony, src, l65, posting, inquiry, generating, sixty, google, joker, snapshots, communities, variety, niche, dork, longer, 8import, simply, clear, rename, env, bin, usr, polling, sporadic, jsonimport, alert, endpoint, ruleset, alarm, tempr, j0ck1ng, phpfox, disable_warnings, requestsimport, urllib3, perl, exit, patched, accelerated, len, sysif, advertise, covers, participate, context, deliverable, responded, directly, soft, clique, gets, implement, proposed, shellcoders, taossa, changes, body, primary, langsec, agreed, recommendations, forget, debating, sast, easier, manage, meant, unmoderated, corpus, october, rich, partial, 2003, ideas, september, patches, basises, license, codeql, individual, sentence, everybody, hey, turn, searching, iot, browse, box, scope, lee, conclusion, reached, looks, unfortunately, particular, few, multicast, pamullen, maybe, puts, opened, essay, tell, package, patrick, speed, questionable, timeframe, efforts, publishing, feeds, mullen, positive, extracts, fanboy, fiscal, semgrep, input, luminaries, vomitous, expect, triggers, responds, leadership, udp, truisms, mouths, enjoyed, koans, regurgitating, associates, query, natural, website, cookies, achievement, showcasing, wait, experience, started, 168, wireless, dance, timers, repeat, gratitude, open_device, block, privacy, minded, bonded, keynotes, provoking, seen, 170, accept, liabilities, existing, foundation, opinion, first_index, enter, loop, calls, klints, konrads, pcap_next, single, until, empty, danielsson, bases, everything, similar, misconception, prototyping, chromium, someone, fare, aren, zalewski, michal, applicable, seldom, codebases, exotic, ethics, waitformultipleobjects, icky, kinds, wouldn, contrast, whole, style, codebase, dates, janicki, submission, dgmlen, space, 10th, celebrates, hundreds, component, indispensable, winpcap, mailman, discontinued, patch, modernization, beginnings, humble, turned, driver, announcements, iplen, celebrated, module, tcp, window, 281, por, ttl, tos, string, stay, goncalor, tutanota, 0x0, noticed, startup, informed, ref, milestone, aliyev, mainwindow, msmq, ndiff, seq, improvement, biggest, hadn, probe, reminded, ack, obsolete, win, queuing, 25th, detects, p51, simple, upgrades, 249, hasan, romain, balboa, carey, zhukov, pavel, ganesh, varunram, leonard, schwartz, language, listinfo, eli, james, sam, quigley, kulík, miller, 124, ribeiro, blossom, threw, shadow, manages, down, lock, scans, away, declan, destroy, mccullagh, schmitt, florian, correct, politech, accepts, svn, overwrite, instance, maintain, tried, tcpdump, vectors, prevent, securitydigest, sudo, zardoz, digests, wood, affect, robin, load, libpcap, vague, limited, skills, though, debian, invalid, import, pop, comparing, skylar, none, mail, vgp, output, priority, guanbo, school, 780413, zenmapgundiffcompare, 10001, suggest, jack, scanwindow, introduce, offers, leads, awan, 94svn, concerning, inactive, noted, assistance, addition, notified, forwarding, config, ahmad, haroon, anchor, applets, javascript, forms, detecting, fairly, helped, deadline, snake, 5th, 22h2, plus, overridden, break, yuna, ht214093, ktrieprefixmatch, calling, fp_partial, yes, fp_full, vision, ht214098, matches, documentation, webrtc, overview, fusionpbx, opening, 63170, adjustment, ht214094, monterey, edit, inch, ht214096, mpsematch, ht214095, provided, selected, ht214097, 2nd, scant, capture, sids, follow, anesthesia, cvss, auth, hitting, horrible, passes, relationship, raption, divorce, literal, multi_match, aug, artur, flags, proceedings, home, wife, brought, broken, laws, roads, 0676, answer, build_tree, passed, drugs, associated, 8007, dariusz, decode, base64, tag, parses, gain, 63169, fixes, spanning, deficiency, sage, affecting, corporation, 21433, quietly, library, starting, dll, progress, exists, print, lately, quiet, spooler, queue, overhaul, sped, fresh, phrack, contributors, wonderful, anticipate, century, scanning, 0x8000, art, ago, routines, five, compatibility, stability, improve, tcplen, xref, existence, moderation, importantly, identifier, unexpected, repair, трунова, installer, identified, triggered, hijacking, exe, conhost, trying, bhandage, yogesh, granting, force, typically, occurred, manipulating, алёна, included, relief, horoszkiewicz, comic, quirky, atmosphere, relaxed, detailed, neutral, julian, tested, 7387, might, signed, 7388, a3834b2559c18e6797ba945d685bf174, powergadget_3, settings, happen, usg, immediately, ta413, clarifies, spotted, genders, equal, obvious, wild, collect, follina, especially, outcome, urls, less, deliver, good, whether, achieve, export, upset, configuring, 79x, aligned, asr9000, routers, flaw, interests, cisco, collected, else, observed, weaponizing, bgp, ensure, left, hosted, long, comments, ipstress, ovh, booter, weekend, former, hacked, offered, ilissa, ren, feds, differ, beg, hilliard, nick, means, lesser, straightforward, weleakinfo, provo, lunches, seizure, fuzzy, zip, contain, difficulty, voice, documents, technique, justice, prefer, easily, trade, distributed, denial, parsonage, eric, equally, thus, hire, winded, frames, authors, 30204, 30205, characteristics, assigned, cves, stand, principles, among, main, developing, sheer, frequency, educause, academic, securing, operators, 30203, demonstrate, containing, date, severity, castro, perez, adrian, actors, reported, orchestrate, 6f9ea396f49cbe38c2173e0a72ba6af3e03b271c, accounts, owned, students, bonaccorso, salvatore, 2bc865ace050ff118db43f01457f95f95112b877, 4255d5dcc0657915f90e4fba7e0a5514cced514d, american, allocation, saying, cache, explained, therefore, twice, hunt, forward, exporting, delay, allowing, caching, create, ever, united, anymore, omit, increasingly, subset, perfect, cost, nakasone, persistence, intentional, routing, collection, obfuscated, discusses, past, networking, inclusion, drive, conducted, getting, exclusive, stage, interview, dei, aspects, widened, needs, paul, gang, demands, fear, hold, participating, schedule, compressed, already, attractive, sensitive, prepare, 5pm, unfair, illissa, saw, double, consensus, remotely, outfit, certainly, slotted, critical, npr_story_post, wanted, kansas, senior, intelligence, british, attendees, welcomes, city, outlet, wskg, place, series, options, arrive, secretary, plan, defense, president, expansion, orgs, estonia, minds, predecessor, suggestion, endeavour, unproductive, offended, loss, thursday, fascinating, risk, 0xy, governance, tuesday, involving, farber, david, discussed, metrics, keen, likely, dataloss, rarely, opposed, strongly, members, returned, feedback, face, rising, focuses, hear, attendance, decent, pretty, breach, charlotte, actual, breaches, insurance, pronouns, incredible, reliably, demo, featured, along, actions, bundled, modern, database, fbi_cisa_warn_karakurt_extortion, fantastic, nature, contained, caught, akvorado, drawn, stats, mentioned, direction, operates, enrich, suggested, notorious, hardware, mechanism, sampling, stateless, namely, million, overall, bother, dependent, outlined, aggregates, rather, aggregate, conti, crew, knight, treasury, argus, respondent, sidelines, infections, ndsx, furthermore, conferences, top, organizing, summits, deliverability, detected, pointing, microcomputer, asilomar, accounting, sponsorships, thousands, relationships, seattle, career, ndsw, fingers, messages, constraints, took, majority, planning, guaranteed, participation, 100, notwithstanding, scheduling, typical, griping, larger
Text of the page (random words):
nformation to the man pages karel i m currently not aware of a safe way to allow re re cve 2024 28085 escape sequence injection in util linux wall jakub wilk mar 28 nightmare yeah27 aceecat org 2024 03 27 13 57 this file is used by sysvinit when mounting dev pts systemd doesn t use it it mounts dev pts with mode 620 by default as far as i can see ttyperm from login defs is used only by login 1 and sometimes¹ by su 1 if you log in through ssh or run xterm 1 or screen 1 or it won t have any effect it s all awful and undocumented ¹ re cve 2024 28085 escape sequence injection in util linux wall alexander e patrakov mar 28 no as utf 8 validation does not make sense in non utf 8 locales enforcing ascii for non utf 8 locales and utf 8 for utf 8 locales would help re cve 2024 28085 escape sequence injection in util linux wall solar designer mar 27 hi cc s added for upstream and reporter of the original issue neither of whom appears subscribed not a complete solution i m currently not aware of a safe way to allow multi byte characters coming from concurrent writers see https www openwall com lists oss security 2015 09 20 1 and the next message in that thread in fact even plain ascii isn t entirely safe if it just happens to be injected into the middle of a re cve 2024 28085 escape sequence injection in util linux wall demi marie obenour mar 27 would enforcing utf 8 validity regardless of user locale be a solution re cve 2024 28085 escape sequence injection in util linux wall jakub wilk mar 27 while looking through upstream git for a fix for this¹ i stumbled upon another write 1 wall 1 control character injection vulnerability introduced last year in util linux v2 39 the offending commits are https github com util linux util linux commit 8a7b8456d1dc0e7c write correctly handle wide characters https github com util linux util linux commit aa13246a1bf1be9e wall use fputs_careful re cve 2024 28085 escape sequence injection in util linux wall nightmare yeah27 mar 27 i wonder how this comes about i have looked around for a bit but the places that seemed relevant mostly etc default devpts and etc login defs seem to show it should be 0600 by default something somewhere overrides these but i can t find that something anywhere cve 2024 28085 escape sequence injection in util linux wall skyler ferrante rit student mar 27 wall escape cve 2024 28085 skyler ferrante escape sequence injection in util linux wall summary the util linux wall command does not filter escape sequences from command line arguments the vulnerable code was introduced in commit cdd3cc7fa4 2013 every version since has been vulnerable this allows security advisory curl cve 2024 2466 tls certificate check bypass with mbedtls daniel stenberg mar 27 tls certificate check bypass with mbedtls project curl security advisory march 27th 2024 permalink https curl se docs cve 2024 2466 html vulnerability libcurl did not check the server certificate of tls connections done to a host specified as an ip address when built to use mbedtls libcurl would wrongly avoid using the set hostname function when the specified hostname was given security advisory curl cve 2024 2398 http 2 push headers memory leak daniel stenberg mar 27 http 2 push headers memory leak project curl security advisory march 27 2024 permalink https curl se docs cve 2024 2398 html vulnerability when an application tells libcurl it wants to allow http 2 server push and the amount of received headers for the push surpasses the maximum allowed limit 1000 libcurl aborts the server push when aborting libcurl inadvertently does not free all the security advisory curl cve 2024 2379 quic certificate check bypass with wolfssl daniel stenberg mar 27 quic certificate check bypass with wolfssl project curl security advisory march 27 2024 permalink https curl se docs cve 2024 2379 html vulnerability libcurl skips the certificate verification for a quic connection under certain conditions when built to use wolfssl if told to use an unknown bad cipher or curve the error path accidentally skips the verification and returns ok security advisory curl cve 2024 2004 usage of disabled protocol daniel stenberg mar 26 usage of disabled protocol project curl security advisory march 27 2024 permalink https curl se docs cve 2024 2004 html vulnerability when a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols the below command would perform a request to curl se with a cve 2024 29735 apache airflow potentially harmful permission changing by log task handler jarek potiuk mar 26 severity important affected versions apache airflow 2 8 2 through 2 8 3 description improper preservation of permissions vulnerability in apache airflow this issue affects apache airflow from 2 8 2 through 2 8 3 airflow s local file task handler in airflow incorrectly set permissions for all parent folders of log folder in default configuration adding write access to unix group of the folders in the case airflow is run with webkitgtk and wpe webkit security advisory wsa 2024 0002 adrian perez de castro mar 25 webkitgtk and wpe webkit security advisory wsa 2024 0002 date reported march 26 2024 advisory id wsa 2024 0002 webkitgtk advisory url https webkitgtk org security wsa 2024 0002 html wpe webkit advisory url re gnu emacs 29 3 released to fix security issues salvatore bonaccorso mar 25 cves are now assigned for the emacs and org mode issues cve 2024 30205 https git savannah gnu org cgit emacs git commit h emacs 29 id 2bc865ace050ff118db43f01457f95f95112b877 https git savannah gnu org cgit emacs org mode git commit id 4255d5dcc0657915f90e4fba7e0a5514cced514d cve 2024 30204 https git savannah gnu org cgit emacs git commit h emacs 29 id 6f9ea396f49cbe38c2173e0a72ba6af3e03b271c cve 2024 30203 secure coding the secure coding list sc l is an open forum for the discussion on developing secure applications it is moderated by the authors of secure coding principles and practices archived posts rss feed about list educause security discussion securing networks and computers in an academic environment archived posts rss feed about list internet issues and infrastructure nanog the north american network operators group discusses fundamental internet infrastructure issues such as routing ip address allocation and containing malicious activity current month archived posts rss feed about list nanog latest posts re n91 women mixer on sunday morris tina via nanog mar 29 we still have a lunch it is welcome to all as it always has been it has been widened to talk about many aspects of dei the nanog pc is charged with putting a talk up on the stage just before then we continue the conversation during lunch the mixer is an additional thing we are doing that is very intentional to drive connection inclusion and networking for those that identify as female given we are only 10 12 of the population at re open source netflow analysis for monitoring as to as traffic saku ytti mar 28 this seems like a long winded way of saying sflow is a perfect subset of ipfix we will increasingly see ipfix implementations omit state because states don t do anything anymore in high volume networks you will only ever create flow in cache then delay exporting the information for some seconds but the flow is never hit twice therefore paying massive cost for caching without getting anything out of it anyone who actually needs re open source netflow analysis for monitoring as to as traffic saku ytti mar 28 hope this clarifies https www cisco com c en us td docs routers asr9000 software asr9k r7 9 configuration guide b netflow cg asr9k 79x configuring netflow html use the record ipv4 peer as command to record peer as here you collect and export the peer as numbers note ensure that the bgp attribute download command is configured else no as is collected when the record ipv4 or record ipv4 peer as command is configured re n91 women mixer on sunday mark tinka mar 28 my memory is a little fuzzy but i think i recall one of the early wit lunches hosted at nanog that was women only where some men were upset for being left out whether that was good or bad is less important than understanding what the outcome of a women only activity is for women especially for those for whom it may not be immediately obvious while equal access to opportunity between the genders is the most effective policy re n91 women mixer on sunday mark tinka mar 28 it would be interesting to survey the of attending women who would be able to make the mixer would not be able to make the mixer due to family commitments would not be able to make the mixer due to non family commitments would prefer a different women s meeting format and or activity i think this data would be useful because while some women may voice difficulty with attending the mixer or re n91 women mixer on sunday eric parsonage mar 28 it s easily fixed by having a mixer at the same time for the other half of the gathering population thus showing all the population gathering matters equally re n91 women mixer on sunday ren provo mar 28 i beg to differ here and second ilissa s comments i miss wit lunch during the meeting worked giving up more of the weekend to travel does not show half the population gathering matters re open source netflow analysis for monitoring as to as traffic nick hilliard mar 28 tom beecher wrote on 28 03 2024 18 35 can aggregate rather than aggregates this is implementation dependent and most implementations don t bother with it overall sflow has one major advantage over netflow ipfix namely that it s a stateless sampling mechanism once you have hardware that can reliably pick out one in n frames the rest of the protocol is straightforward enough which means that re open source netflow analysis for monitoring as to as traffic brian knight via nanog mar 28 thanks to all who took the time to comment and make suggestions to summarize the private messages one respondent suggested argus as a collector another mentioned that they are still using as stats i m drawn to akvorado i like the self contained nature of the application nf collector database and modern web gui are all bundled in one docker container the full featured demo 5 is fantastic that the app can enrich the netflow re n91 women mixer on sunday mark tinka mar 28 on 3 28 24 21 08 tom beecher wrote typical constraints such as scheduling and resources notwithstanding 100 participation is not often guaranteed in most things it s about planning for as many as can make it with some luck it would be the majority mark re n91 women mixer on sunday anne p mitchell esq mar 28 having been the chair of the asilomar microcomputer workshop and the founder and chair of the original email deliverability summits as well as organizing many legal conferences i have to say this 1000 furthermore and you haven t here either pointing fingers and griping about things is not constructive if you really care about this issue then get involved and help change it anne anne p mitchell wit mixer to occur before n91 conference sponsorships talk of the week more nanog news mar 28 women in tech mixer to occur before conference plan your travel to arrive early to nanog 91 the nanog 91 women in tech mixer will take place sunday 09 june in kansas city mo the women in tech mixer welcomes all attendees that identify as female with she her pronouns take advantage of this incredible opportunity to make career changing relationships with other women in the industry more info re n91 women mixer on sunday morris tina via nanog mar 28 illissa the mixer is at 5pm sunday this allows people to network and prepare for the week sunday also has a hackathon registration and often a welcome social nanog has a very compressed schedule and another time would actually mean that the women participating would have to pick between this event and another event or talk that may be critical to their job function which is also unfair we are advertising this mixer to make sure all re n91 women mixer on sunday tom beecher mar 28 there was a women in tech mixer on sunday in charlotte as well as i recall there was a pretty decent attendance during my time on the pc we always got a lot of feedback about sunday when the topic came up some members were strongly opposed to anything on sunday and didn t even like the hackathon there others wanted expansion and more things slotted in there certainly wasn t anything remotely close to a consensus sometimes re n91 women mixer on sunday mark tinka mar 28 minds are hard to read so asking the question before being offended is not an unproductive endeavour that said we are here now if you have a better suggestion on what would work best i d be keen to hear it mark interesting people david farber moderates this list for discussion involving internet governance infrastructure and any other topics he finds fascinating archived posts rss feed about list the risks forum peter g neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems security risks are often discussed current quarter archived posts rss feed about list risks latest posts risks digest 34 11 risks list owner mar 24 risks list risks forum digest sunday 24 march 2024 volume 34 issue 11 acm forum on risks to the public in computers and related systems comp risks peter g neumann founder and still moderator see last item for further information disclaimers caveats etc this issue is archived at http www risks org as http catless ncl ac uk risks 34 11 the current issue can also be found at risks digest 34 10 risks list owner mar 16 risks list risks forum digest saturday 16 march 2024 volume 34 issue 10 acm forum on risks to the public in computers and related systems comp risks peter g neumann founder and still moderator see last item for further information disclaimers caveats etc this issue is archived at http www risks org as http catless ncl ac uk risks 34 10 the current issue can also be found at risks digest 34 09 risks list owner mar 06 risks list risks forum digest wednesday 6 march 2024 volume 34 issue 09 acm forum on risks to the public in computers and related systems comp risks peter g neumann founder and still moderator see last item for further information disclaimers caveats etc this issue is archived at http www risks org as http catless ncl ac uk risks 34 09 the current issue can also be found at risks digest 34 08 risks list owner feb 20 risks list risks forum digest tuesday 20 february 2024 volume 34 issue 08 acm forum on risks to the public in computers and related systems comp risks peter g neumann founder and still moderator see last item for further information disclaimers caveats etc this issue is archived at http www risks org as http catless ncl ac uk risks 34 08 the current issue can also be found at risks digest 34 07 risks list owner feb 15 ri...
|