Tag Archives: Wireshark

Google offers financial and technical support to open source projects

Early last week Google shared their results after beginning a project to fuzz (defined) test open source software (defined). Their project is currently processing 10 trillion test cases per day. Open source projects involved in this initiative include GNUTLS, BoringSSL, FFMpeg, JSON, Libpng, LibreOffice, LibSSH, OpenSSL and Wireshark (among many well-known others).

What is the purpose of their project?
The purpose of fuzzing is to repeatedly and thoroughly test how robust/secure the code of the enrolled open source projects is. More than 1000 bugs have found so far (approximately264 of which were potential security vulnerabilities).

As Google points out, this also helps to increase the reliability of the software being created since regressions (defined) are fixed within hours before they ever affect a user. Another aspect of this is other software bugs e.g. logic errors can be detected and corrected sooner.

In return for a project signing up to this initiative, Google have pledged to provide extra funding:

$1,000 USD for initial integration of the OSS-Fuzz tests into their development process

Up to $20,000 USD for ideal integration (an itemised list of how this figure is obtained is detailed here).

How this project become to be developed?
I have mentioned the Core Infrastructure Initiative (CII). on this blog before. This fuzzing project was created with assistance from the CII to benefit projects critical to the global IT infrastructure. This project is in progress alongside Project Wycheproof (with its objective to strengthen cryptographic implementations by having new implementations pass a series of tests to verify they are not affected by these particular implementation issues being checked for).

How does this project help the wider industry/community?
With projects such as those mentioned above used by large corporations, small business and consumers alike; the regular feature/security updates we all receive make these projects more stable and secure than they otherwise would be. The outcomes will be very similar to that of Pwn2Own.

With these benefits for the projects as well as all of their users, I hope projects such as this continue and expand in scope as time progresses.

Thank you.

April 2017 Security Updates Summary

As expected earlier today Microsoft and Adobe released their scheduled monthly security updates.

Microsoft’s set of updates are much lighter in volume this month addressing 45 vulnerabilities more formally known as CVEs (defined). These are detailed within Microsoft’s new Security Updates Guide.

This month sees four known issues listed for this months updates all relating to the AMD Carrizo processor experiencing an issue which prevents the installation of future Windows Updates. Microsoft states in all four knowledge base articles (listed below) they are aware of this issue and are working to resolve it in upcoming updates:

KB4015549
KB4015546
KB4015550
KB4015547

At the time of writing the IT Pro Patch Tuesday blog does not list any Known Issues (although it has not been updated since November 2016, I’m unsure why).

====================
Adobe issued five security bulletins today affecting the following products:

Adobe Campaign (1x priority 2 CVE)
Adobe Flash Player (7x priority 1 CVEs)
Adobe Acrobat and Reader (47x priority 2 CVEs)
Adobe Photoshop (2x priority 3 CVEs)
Adobe Creative Cloud Desktop (2x priority 3 CVEs)

The priority ratings are explained in this link. Depending on which version of Flash Player you have, please review the Adobe security bulletin or Microsoft bulletin as appropriate and apply the recommended updates. Google Chrome users will have the updated version installed automatically later this week.

If you use any of the above-mentioned Adobe products, please review the security bulletins linked to above and apply the necessary updates. The Flash update should be installed as soon as possible since exploit kits (defined) tend to take advantage of newly disclosed vulnerabilities very quickly.

You can monitor the availability of security updates for most your software from the following websites (among others) or use Secunia PSI:
—————
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):

https://www.us-cert.gov/

A further useful source of update related information is the Calendar of Updates. News/announcements of updates in the categories of General Software, Security Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).

If you like and use it, please also consider supporting that entirely volunteer run website by donating.

=======================
Update: 8th May 2017:
=======================
I wish to provide information on other notable updates from April 2017 which I would recommend you install if you use these software products:

=======================
Skype: While the Skype update to version 7.34.0.102 was released in March; details of the vulnerability it addressed were not made public until April.
=======================

=======================
Putty 0.69: while released in March; it contains important security changes. It is downloadable from here.
=======================

=======================
Wireshark 2.2.6 and 2.0.12
=======================
As per standard process Linux distributions can obtain this update using the operating systems standard package manager (if the latest version is not installed automatically using the package manager you can instead compile the source code (v2.2.6) or v2.0.12). This forum thread and this forum thread may also be helpful to you with installing Wireshark on your Linux based system.

For Mac OS X and Windows, the update is available within the downloads section of the Wireshark website. In addition, a detailed FAQ for Wireshark is available here.
=======================

=======================
Oracle:
=======================
There was a record 299 vulnerabilities addressed by Oracle’s updates in April. Further details and installation steps are available here. A useful summary post from Qualys is here. Of the 299 fixes, 8 vulnerabilities were addressed in the Java runtime.

If you use any of the Oracle products listed here, please install the appropriate security updates as soon as possible.
=======================

=======================
Mozilla Firefox:
=======================
Firefox 53.0 and Firefox 53.0.2

=======================
Mozilla Firefox ESR:
=======================
Firefox ESR 45.9 and Firefox ESR 52.1.

Details of how to install updates for Firefox are here. If Firefox is your web browser of choice, please update it as soon as possible to resolve these security issues.

=======================
Google Chrome:
=======================
Google Chrome: includes 29 security fixes:

Google Chrome updates automatically and will apply the update the next time Chrome is closed and then re-opened. Chrome can also be updated immediately by clicking the Options button (it looks like 3 stacked small horizontal lines, sometimes called a “hamburger” button) in the upper right corner of the window and choosing “About Google Chrome” from the menu. Follow the prompt to Re-launch Chrome for the update to take effect.
=======================

=======================
Adobe Coldfusion:
=======================
Adobe Coldfusion: 2x priority 2 vulnerabilities resolved.

—————
If you use any of the above software, please install the appropriate updates as soon as possible. Steps for installing updates for Windows are provided on the “Protecting Your PC” page.

=======================
For the Microsoft updates this month, I will prioritize the order of installation for you below:

====================
Critical severity:
Microsoft Office and Windows WordPad (due to a previously disclosed zero day vulnerability (defined))
Microsoft Edge
Internet Explorer
Microsoft .Net Framework
====================

Install the remaining updates at your earliest convenience.

As always you can find detailed information on the contents of each security bulletin within ComputerWorld’s Patch Tuesday Debugged column.

Another security pre-caution that you may wish to take if you have Microsoft EMET (please ensure your version of EMET is the most recent version 5.52) installed is to use it to protect you from Adobe Flash being used to exploit vulnerabilities when you open a Microsoft Office document or Adobe PDF file. I provide recommendations of how to do this at the end of the July 2015 Update Summary. Please note that Microsoft EMET will be out of support on the 31st of July 2018.

As is my standard practice, I would recommend backing up the data on any device for which you are installing updates to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.

Wireshark Releases Security Updates June 2016

In early June the Wireshark Foundation made available security updates for their popular open source network packet analyzer Wireshark (v2.0.4; the current branch and v1.12.12; an update to the previous branch).

Version 2.0.4 addresses 9x security issues within 9 security advisories (8x of which were assigned CVEs (defined) that it addresses. Meanwhile version 1.12.11 references 8x security advisories (addressing 8 issues assigned to 7x CVEs).

As per standard process Linux distributions can obtain this update using the operating systems standard package manager (if the latest version is not installed automatically using the package manager you can instead compile the source code). This forum thread and this forum thread may also be helpful to you with installing Wireshark on your Linux based system.

For Mac OS X and Windows, the update is available within the downloads section of the Wireshark website. In addition, a detailed FAQ for Wireshark is available here.

As always, if Wireshark is installed on a critical production system or systems that contain your critical data, please back up your data before installing this update in order to prevent data loss in the rare event that an update causes unexpected issues.

Thank you.

Wireshark Releases Security Updates April 2016

Last Friday the Wireshark Foundation made available security updates for their popular open source network packet analyzer Wireshark (v2.0.3; the current branch and v1.12.11; the previous branch).

Version 2.0.3 addresses 11x security issues within 9 security advisories (10x of which were assigned CVEs (defined) that it addresses while version 1.12.11 references 6x security advisories (addressing 6 issues assigned to 6x CVEs).

As per standard process Linux distributions can obtain this update using the operating systems standard package manager (if the latest version is not installed automatically using the package manager you can instead compile the source code). This forum thread and this forum thread may also be helpful to you with installing Wireshark on your Linux based system.

For Mac OS X and Windows, the update is available within the downloads section of the Wireshark website. In addition, a detailed FAQ for Wireshark is available here.

As always, if Wireshark is installed on a critical production system or systems that contain your critical data, please back up your data before installing this update in order to prevent data loss in the rare event that an update causes unexpected issues.

Thank you.

Wireshark Releases Security Updates February 2016

Last Friday the Wireshark Foundation made available security updates for their popular open source network packet analyzer Wireshark (v2.0.2; the current branch and v1.12.10; the previous branch).

Version 2.0.2 references 18x security advisories (11x of which were assigned CVEs (defined) that it addresses while version 1.12.10 references 7x security advisories (addressing 4x CVEs).

As per the normal process Linux distributions can obtain this update using the operating systems standard package manager (if the latest version is not installed automatically using the package manager you can instead compile the source code). This forum thread and this forum thread may also be helpful to you with installing Wireshark on your Linux based system.

For Mac OS X and Windows, the update is available within the downloads section of the Wireshark website. In addition, a detailed FAQ for Wireshark is available here.

As always, if Wireshark is installed on a critical production system or systems that contain your critical data, please back up your data before installing this update in order to prevent data loss in the rare event that an update causes unexpected issues.

Thank you.

Wireshark Releases Security Update December 2015

In late December, updated versions (v2.0.1; the current branch and v1.12.9; the previous branch) of the popular open source network packet analyzer Wireshark were made available by the Wireshark Foundation.

This updates release notes references 24 security advisories that are addressed within it. While the previous branch version 1.12.9 references 21 security advisories. Both versions also address a DLL hijacking flaw within older versions of the open source NSIS installer. This installer was updated to version 2.50 to resolve this issue. NSIS is also used by other popular applications (among others) such as VLC and VeraCrypt (one of the alternatives to the discontinued TrueCrypt).

As per the normal process Linux distributions can obtain this update using the operating systems standard package manager (if the latest version is not installed automatically using the package manager you can instead compile the source code). This forum thread and this forum thread may also be helpful to you with installing Wireshark on your Linux based system.

For Mac OS X and Windows, the update is available within the downloads section of the Wireshark website. In addition, a detailed FAQ for Wireshark is available here.

As always, if Wireshark is installed on a critical production system or systems that contain your critical data, please back up your data before installing this update in order to prevent data loss in the rare event that an update causes unexpected issues.

Thank you.

Wireshark Releases Major New Version

On Wednesday of last week, the Wireshark Foundation released a major new update for their very popular open source packet analyzer, Wireshark. This project has now reached version 2.0.0.

While this version does not include any security related fixes it does include a large amount of general bug fixes and introduces a new look to the program. A full list of changes is available here in the release notes. A summary of changes can be found in Gerald Combs’ blog post. A video introduction to this version is available here.

As mentioned in the release notes, the traditional look and feel (interface) of previous 1.12 (and earlier versions) will be removed in version 2.2. Since it is likely that future security fixes will only be made available for version 2.0.0 and newer, if you use Wireshark you should begin testing this new version before more widely using it for day to day activities.

For Linux distributions this update can be obtained using the operating systems standard package manager (if the latest version is not installed automatically you can instead compile the source code). This forum thread and this forum thread may also be helpful to you with installing Wireshark on your Linux based system.

For Mac OS X and Windows, the update is available within the downloads section of the Wireshark website. In addition, a detailed FAQ for Wireshark is available here.

As always, if Wireshark is installed on a critical production system or systems that contain your critical data, please back up your data before installing this update in order to prevent data loss in the rare event that an update causes unexpected issues.

Thank you.