Micah Macdonald

Vulnerable: Linux kernel 4.2.3
Linux kernel 4.1.4
Linux kernel 4.1.1
Linux kernel 4.0.6
Linux kernel 3.19.3
Linux kernel 3.18.22
Linux kernel 3.18.17
Linux kernel 3.18.11
Linux kernel 3.18.8
Linux kernel 3.18.7
Linux kernel 3.18.3
Linux kernel 3.18.2
Linux kernel 3.18.1
Linux kernel 3.17.4
Linux kernel 3.17.2
Linux kernel 3.16.7
Linux kernel 3.16.2
Linux kernel 3.16.1
Linux kernel 3.15.10
Linux kernel 3.15.5
Linux kernel 3.15.2
Linux kernel 3.14.54
Linux kernel 3.14.45
Linux kernel 3.14.37
Linux kernel 3.14.4
Linux kernel 3.14.3
Linux kernel 3.14.2
Linux kernel 3.13.11
Linux kernel 3.13.9
Linux kernel 3.13.3
Linux kernel 3.13.1
Linux kernel 3.12.49
Linux kernel 3.12.48
Linux kernel 3.12.44
Linux kernel 3.12.40
Linux kernel 3.12.21
Linux kernel 3.12.18
Linux kernel 3.12.17
Linux kernel 3.12.16
Linux kernel 3.12.11
Linux kernel 3.12.7
Linux kernel 3.12.4
Linux kernel 3.12.3
Linux kernel 3.12.2
Linux kernel 3.11.3
Linux kernel 3.10.90
Linux kernel 3.10.81
Linux kernel 3.10.73
Linux kernel 3.10.45
Linux kernel 3.10.41
Linux kernel 3.10.38
Linux kernel 3.10.37
Linux kernel 3.10.36
Linux kernel 3.10.30
Linux kernel 3.10.27
Linux kernel 3.10.26
Linux kernel 3.10.23
Linux kernel 3.10.22
Linux kernel 3.10.21
Linux kernel 3.10.14
Linux kernel 3.10.10
Linux kernel 3.10.9
Linux kernel 3.10.7
Linux kernel 3.8.9
Linux kernel 3.8.6
Linux kernel 3.8.5
Linux kernel 3.8.4
Linux kernel 3.8.2
Linux kernel 3.8.1
Linux kernel 3.7.10
Linux kernel 3.7.9
Linux kernel 3.7.8
Linux kernel 3.7.7
Linux kernel 3.7.5
Linux kernel 3.7.4
Linux kernel 3.7.3
Linux kernel 3.7.2
Linux kernel 3.7.1
Linux kernel 3.6.11
Linux kernel 3.6.10
Linux kernel 3.6.9
Linux kernel 3.6.8
Linux kernel 3.6.7
Linux kernel 3.6.6
Linux kernel 3.6.5
Linux kernel 3.6.4
Linux kernel 3.6.3
Linux kernel 3.6.2
Linux kernel 3.6.1
Linux kernel 3.5.7
Linux kernel 3.5.6
Linux kernel 3.5.5
Linux kernel 3.5.4
Linux kernel 3.5.3
Linux kernel 3.5.2
Linux kernel 3.5.1
Linux kernel 3.4.88
Linux kernel 3.4.87
Linux kernel 3.4.86
Linux kernel 3.4.80
Linux kernel 3.4.76
Linux kernel 3.4.73
Linux kernel 3.4.72
Linux kernel 3.4.71
Linux kernel 3.4.64
Linux kernel 3.4.58
Linux kernel 3.4.42
Linux kernel 3.4.36
Linux kernel 3.4.32
Linux kernel 3.4.31
Linux kernel 3.4.27
Linux kernel 3.4.26
Linux kernel 3.4.25
Linux kernel 3.4.21
Linux kernel 3.4.20
Linux kernel 3.4.19
Linux kernel 3.4.18
Linux kernel 3.4.17
Linux kernel 3.4.16
Linux kernel 3.4.15
Linux kernel 3.4.14
Linux kernel 3.4.13
Linux kernel 3.4.12
Linux kernel 3.4.11
Linux kernel 3.4.10
Linux kernel 3.4.9
Linux kernel 3.4.8
Linux kernel 3.4.7
Linux kernel 3.4.6
Linux kernel 3.4.5
Linux kernel 3.4.4
Linux kernel 3.4.3
Linux kernel 3.4.2
Linux kernel 3.4.1
Linux kernel 3.3.5
Linux kernel 3.3.4
Linux kernel 3.3.2
Linux kernel 3.2.82
Linux kernel 3.2.72
Linux kernel 3.2.62
Linux kernel 3.2.57
Linux kernel 3.2.56
Linux kernel 3.2.51
Linux kernel 3.2.24
Linux kernel 3.2.23
Linux kernel 3.2.13
Linux kernel 3.2.12
Linux kernel 3.2.9
Linux kernel 3.2.1
Linux kernel 3.1.8
Linux kernel 3.0.98
Linux kernel 3.0.75
Linux kernel 3.0.72
Linux kernel 3.0.69
Linux kernel 3.0.65
Linux kernel 3.0.60
Linux kernel 3.0.59
Linux kernel 3.0.58
Linux kernel 3.0.37
Linux kernel 3.0.34
Linux kernel 3.0.5
Linux kernel 3.0.4
Linux kernel 3.0.2
Linux kernel 3.0.1
Linux kernel 2.6.39
Linux kernel 2.6.38
Linux kernel 2.6.37
Linux kernel 2.6.36
Linux kernel 2.6.35
Linux kernel 2.6.34
Linux kernel 2.6.33 .1
Linux kernel 2.6.33
Linux kernel 2.6.32 .9
Linux kernel 2.6.32
Linux kernel 2.6.31 5
Linux kernel 2.6.31 13
Linux kernel 2.6.31 .2
Linux kernel 2.6.31 .11
Linux kernel 2.6.31
Linux kernel 2.6.30 .10
Linux kernel 2.6.30 .1
Linux kernel 2.6.30
Linux kernel 2.6.29 .4
Linux kernel 2.6.29 .1
Linux kernel 2.6.29
Linux kernel 2.6.28 .9
Linux kernel 2.6.28 .8
Linux kernel 2.6.28 .6
Linux kernel 2.6.28 .5
Linux kernel 2.6.28 .3
Linux kernel 2.6.28 .2
Linux kernel 2.6.28 .1
Linux kernel 2.6.28
Linux kernel 2.6.27 6
Linux kernel 2.6.27 3
Linux kernel 2.6.27 12
Linux kernel 2.6.27 .8
Linux kernel 2.6.27 .5
Linux kernel 2.6.27 .46
Linux kernel 2.6.27 .24
Linux kernel 2.6.27 .14
Linux kernel 2.6.27 .13
Linux kernel 2.6.27 .12
Linux kernel 2.6.27
Linux kernel 2.6.26 7
Linux kernel 2.6.26 .6
Linux kernel 2.6.26 .4
Linux kernel 2.6.26 .3
Linux kernel 2.6.26
Linux kernel 2.6.25 19
Linux kernel 2.6.25 .9
Linux kernel 2.6.25 .8
Linux kernel 2.6.25 .7
Linux kernel 2.6.25 .6
Linux kernel 2.6.25 .5
Linux kernel 2.6.25 .15
Linux kernel 2.6.25 .13
Linux kernel 2.6.25 .12
Linux kernel 2.6.25 .11
Linux kernel 2.6.25 .10
Linux kernel 2.6.25
Linux kernel 2.6.24 .2
Linux kernel 2.6.24 .1
Linux kernel 2.6.24
Linux kernel 2.6.23 .7
Linux kernel 2.6.23 .6
Linux kernel 2.6.23 .5
Linux kernel 2.6.23 .4
Linux kernel 2.6.23 .3
Linux kernel 2.6.23 .2
Linux kernel 2.6.23
Linux kernel 2.6.22 .8
Linux kernel 2.6.22 .7
Linux kernel 2.6.22 .6
Linux kernel 2.6.22 .5
Linux kernel 2.6.22 .4
Linux kernel 2.6.22 .3
Linux kernel 2.6.22 .2
Linux kernel 2.6.22 .17
Linux kernel 2.6.22 .16
Linux kernel 2.6.22 .15
Linux kernel 2.6.22 .14
Linux kernel 2.6.22 .13
Linux kernel 2.6.22 .12
Linux kernel 2.6.22 .11
Linux kernel 2.6.22 .1
Linux kernel 2.6.22
Linux kernel 2.6.21 4
Linux kernel 2.6.21 .7
Linux kernel 2.6.21 .6
Linux kernel 2.6.21 .3
Linux kernel 2.6.21 .2
Linux kernel 2.6.21 .1
Linux kernel 2.6.21
Linux kernel 2.6.20 .9
Linux kernel 2.6.20 .8
Linux kernel 2.6.20 .7
Linux kernel 2.6.20 .6
Linux kernel 2.6.20 .5
Linux kernel 2.6.20 .4
Linux kernel 2.6.20 .15
Linux kernel 2.6.20 .14
Linux kernel 2.6.20 .12
Linux kernel 2.6.20 .10
Linux kernel 2.6.20 .1
Linux kernel 2.6.20
Linux kernel 2.6.19 .4
Linux kernel 2.6.19 .3
Linux kernel 2.6.19 .2
Linux kernel 2.6.19 .1
Linux kernel 2.6.19
Linux kernel 2.6.18 .8
Linux kernel 2.6.18 .7
Linux kernel 2.6.18 .6
Linux kernel 2.6.18 .5
Linux kernel 2.6.18 .4
Linux kernel 2.6.18 .3
Linux kernel 2.6.18 .2
Linux kernel 2.6.18 .1
Linux kernel 2.6.17 .9
Linux kernel 2.6.17 .8
Linux kernel 2.6.17 .7
Linux kernel 2.6.17 .6
Linux kernel 2.6.17 .5
Linux kernel 2.6.17 .4
Linux kernel 2.6.17 .3
Linux kernel 2.6.17 .2
Linux kernel 2.6.17 .14
Linux kernel 2.6.17 .13
Linux kernel 2.6.17 .12
Linux kernel 2.6.17 .11
Linux kernel 2.6.17 .10
Linux kernel 2.6.17 .1
Linux kernel 2.6.17
Linux kernel 2.6.16 27
Linux kernel 2.6.16 13
Linux kernel 2.6.16 .9
Linux kernel 2.6.16 .8
Linux kernel 2.6.16 .7
Linux kernel 2.6.16 .6
Linux kernel 2.6.16 .53
Linux kernel 2.6.16 .52
Linux kernel 2.6.16 .51
Linux kernel 2.6.16 .50
Linux kernel 2.6.16 .5
Linux kernel 2.6.16 .49
Linux kernel 2.6.16 .48
Linux kernel 2.6.16 .47
Linux kernel 2.6.16 .46
Linux kernel 2.6.16 .45
Linux kernel 2.6.16 .44
Linux kernel 2.6.16 .43
Linux kernel 2.6.16 .41
Linux kernel 2.6.16 .40
Linux kernel 2.6.16 .4
Linux kernel 2.6.16 .39
Linux kernel 2.6.16 .38
Linux kernel 2.6.16 .37
Linux kernel 2.6.16 .36
Linux kernel 2.6.16 .35
Linux kernel 2.6.16 .34
Linux kernel 2.6.16 .33
Linux kernel 2.6.16 .32
Linux kernel 2.6.16 .31
Linux kernel 2.6.16 .30
Linux kernel 2.6.16 .3
Linux kernel 2.6.16 .29
Linux kernel 2.6.16 .28
Linux kernel 2.6.16 .27
Linux kernel 2.6.16 .26
Linux kernel 2.6.16 .25
Linux kernel 2.6.16 .24
Linux kernel 2.6.16 .23
Linux kernel 2.6.16 .22
Linux kernel 2.6.16 .21
Linux kernel 2.6.16 .20
Linux kernel 2.6.16 .2
Linux kernel 2.6.16 .19
Linux kernel 2.6.16 .18
Linux kernel 2.6.16 .17
Linux kernel 2.6.16 .16
Linux kernel 2.6.16 .15
Linux kernel 2.6.16 .14
Linux kernel 2.6.16 .12
Linux kernel 2.6.16 .11
Linux kernel 2.6.16 .10
Linux kernel 2.6.16 .1
Linux kernel 2.6.16
Linux kernel 2.6.15 .7
Linux kernel 2.6.15 .6
Linux kernel 2.6.15 .4
Linux kernel 2.6.15 .3
Linux kernel 2.6.15 .2
Linux kernel 2.6.15 .1
Linux kernel 2.6.15
Linux kernel 2.6.14 .7
Linux kernel 2.6.14 .6
Linux kernel 2.6.14 .5
Linux kernel 2.6.14 .4
Linux kernel 2.6.14 .3
Linux kernel 2.6.14 .2
Linux kernel 2.6.14 .1
Linux kernel 2.6.14
Linux kernel 2.6.13 .5
Linux kernel 2.6.13 .4
Linux kernel 2.6.13 .3
Linux kernel 2.6.13 .2
Linux kernel 2.6.13 .1
Linux kernel 2.6.13
Linux kernel 2.6.12 .6
Linux kernel 2.6.12 .5
Linux kernel 2.6.12 .4
Linux kernel 2.6.12 .3
Linux kernel 2.6.12 .22
Linux kernel 2.6.12 .2
Linux kernel 2.6.12 .12
Linux kernel 2.6.12 .1
Linux kernel 2.6.12
Linux kernel 2.6.11 .9
Linux kernel 2.6.11 .8
Linux kernel 2.6.11 .7
Linux kernel 2.6.11 .6
Linux kernel 2.6.11 .5
Linux kernel 2.6.11 .4
Linux kernel 2.6.11 .3
Linux kernel 2.6.11 .2
Linux kernel 2.6.11 .12
Linux kernel 2.6.11 .11
Linux kernel 2.6.11 .10
Linux kernel 2.6.11 .1
Linux kernel 2.6.11
Linux kernel 2.6.10
Linux kernel 2.6.9
Linux kernel 2.6.8
Linux kernel 2.6.7
Linux kernel 2.6.6
Linux kernel 2.6.5
Linux kernel 2.6.4
Linux kernel 2.6.3
Linux kernel 2.6.2
Linux kernel 2.6.1
Linux kernel 2.6 .10
Linux kernel 2.6
Linux kernel 4.4
Linux kernel 4.3.3
Linux kernel 4.3-rc1
Linux kernel 4.2.8
Linux kernel 4.2
Linux kernel 4.1.15
Linux kernel 4.1-rc7
Linux kernel 4.1-rc6
Linux kernel 4.1-rc3
Linux kernel 4.1-rc1
Linux kernel 4.1
Linux kernel 4.0.5
Linux kernel 4.0
Linux kernel 3.9.8
Linux kernel 3.9.4
Linux kernel 3.9
Linux kernel 3.8
Linux kernel 3.7.6
Linux kernel 3.7
Linux kernel 3.6
Linux kernel 3.5
Linux kernel 3.4.93
Linux kernel 3.4.81
Linux kernel 3.4.70
Linux kernel 3.4.67
Linux kernel 3.4.29
Linux kernel 3.4
Linux kernel 3.3
Linux kernel 3.2.81
Linux kernel 3.2.78
Linux kernel 3.2.65
Linux kernel 3.2.64
Linux kernel 3.2.63-2
Linux kernel 3.2.63
Linux kernel 3.2.60
Linux kernel 3.2.55
Linux kernel 3.2.54
Linux kernel 3.2.53
Linux kernel 3.2.52
Linux kernel 3.2.50
Linux kernel 3.2.44
Linux kernel 3.2.42
Linux kernel 3.2.38
Linux kernel 3.2.2
Linux kernel 3.2
Linux kernel 3.19
Linux kernel 3.18.9
Linux kernel 3.18
Linux kernel 3.17.6
Linux kernel 3.17
Linux kernel 3.16.6
Linux kernel 3.16.36
Linux kernel 3.16
Linux kernel 3.15
Linux kernel 3.14.73
Linux kernel 3.14.7
Linux kernel 3.14.5
Linux kernel 3.14-4
Linux kernel 3.14-1
Linux kernel 3.14
Linux kernel 3.13.7
Linux kernel 3.13.6
Linux kernel 3.13.5
Linux kernel 3.13.4
Linux kernel 3.13
Linux kernel 3.12.22
Linux kernel 3.12.15
Linux kernel 3.12.14
Linux kernel 3.12.12
Linux kernel 3.12.1
Linux kernel 3.12
Linux kernel 3.11.9
Linux kernel 3.11.6
Linux kernel 3.11
Linux kernel 3.10.5
Linux kernel 3.10.43
Linux kernel 3.10.31
Linux kernel 3.10.20
Linux kernel 3.10.17
Linux kernel 3.10
Linux kernel 3.1
Linux kernel 3.0.66
Linux kernel 3.0.62
Linux kernel 3.0.18
Linux kernel 3.0
Linux kernel 2.6.8.1
Linux kernel 2.6.38.6
Linux kernel 2.6.38.4
Linux kernel 2.6.38.3
Linux kernel 2.6.38.2
Linux kernel 2.6.37.2
Linux kernel 2.6.35.5
Linux kernel 2.6.35.4
Linux kernel 2.6.35.13
Linux kernel 2.6.35.1
Linux kernel 2.6.34.3
Linux kernel 2.6.34.2
Linux kernel 2.6.34.14
Linux kernel 2.6.34.13
Linux kernel 2.6.34.1
Linux kernel 2.6.33.7
Linux kernel 2.6.32.8
Linux kernel 2.6.32.7
Linux kernel 2.6.32.62
Linux kernel 2.6.32.61
Linux kernel 2.6.32.60
Linux kernel 2.6.32.6
Linux kernel 2.6.32.5
Linux kernel 2.6.32.4
Linux kernel 2.6.32.3
Linux kernel 2.6.32.28
Linux kernel 2.6.32.22
Linux kernel 2.6.32.2
Linux kernel 2.6.32.18
Linux kernel 2.6.32.17
Linux kernel 2.6.32.16
Linux kernel 2.6.32.15
Linux kernel 2.6.32.14
Linux kernel 2.6.32.13
Linux kernel 2.6.32.12
Linux kernel 2.6.32.11
Linux kernel 2.6.32.10
Linux kernel 2.6.32.1
Linux kernel 2.6.31.6
Linux kernel 2.6.31.4
Linux kernel 2.6.31.1
Linux kernel 2.6.30.5
Linux kernel 2.6.30.4
Linux kernel 2.6.30.3
Linux kernel 2.6.28.4
Linux kernel 2.6.28.10
Linux kernel 2.6.27.54
Linux kernel 2.6.27.51
Linux kernel 2.6.27.49
Linux kernel 2.6.27.26
Linux kernel 2.6.26.1
Linux kernel 2.6.25.4
Linux kernel 2.6.25.3
Linux kernel 2.6.25.2
Linux kernel 2.6.25.1
Linux kernel 2.6.24.6
Linux kernel 2.6.24.4
Linux kernel 2.6.24.3
Linux kernel 2.6.23.14
Linux kernel 2.6.23.10
Linux kernel 2.6.23.1
Linux kernel 2.6.23.09
Linux kernel 2.6.20.3
Linux kernel 2.6.20.2
Linux kernel 2.6.20.13
Linux kernel 2.6.20.11
Linux kernel 2.6.20-2
Linux kernel 2.6.18.1
Linux kernel 2.6.18-53
Linux kernel 2.6.18
Linux kernel 2.6.16.9
Linux kernel 2.6.16.7
Linux kernel 2.6.16.19
Linux kernel 2.6.16.13
Linux kernel 2.6.16.12
Linux kernel 2.6.16.11
Linux kernel 2.6.15.5
Linux kernel 2.6.15.4
Linux kernel 2.6.15.11
Linux kernel 2.6.14.3
Linux kernel 2.6.14.2
Linux kernel 2.6.14.1
Linux kernel 2.6.13.4
Linux kernel 2.6.13.3
Linux kernel 2.6.13.2
Linux kernel 2.6.13.1
Linux kernel 2.6.12.6
Linux kernel 2.6.12.5
Linux kernel 2.6.12.4
Linux kernel 2.6.12.3
Linux kernel 2.6.12.2
Linux kernel 2.6.12.1
Linux kernel 2.6.11.8
Linux kernel 2.6.11.7
Linux kernel 2.6.11.6
Linux kernel 2.6.11.5
Linux kernel 2.6.11.4
Linux kernel 2.6.11.12
Linux kernel 2.6.11.11


SecurityFocus Vulnerabilities

security collaborationThe escalation of high-profile hacking and data dumps recently has underscored the increasing boldness of digital threat actors, culminating in July’s Democratic National Committee email leak and its ripple effect through American politics. The group behind the hack and its attack patterns were known, and yet the attack was not thwarted, leaving many questions as to the overall state of the Internet’s security.

The dangers in cyberspace in 2017 will only increase – most likely with even more sophisticated attacks such as advanced IoT DDoS invasions and ransomware campaigns, not to mention sensitive data hacks with a variety of end goals – from stealing our most critical corporate and personal data to stealing elections.

Standard security solutions don’t seem to be working. What, if anything, can be done?

State sponsored actors as well as criminal bodies seem to have unlimited resources and extremely high levels of coordination at their disposal to carry out their pernicious attacks. But defense against cyberattacks has been characterized by a lack of collaboration within the cybersecurity community.

Moving forward, this will have to change. Cyber defenders should take a page out of the enemy’s playbook. Crowd intelligence will need to be organized and harnessed as a major tactic to improve security strategies against growing threats. Just as cyber attackers collaborate and share their attack techniques and latest methods with each other, cyber defenders should do the same with best defense practices. Cyber criminals are actually generous with each other – they welcome collaboration within their community, symbiotically enhancing each other’s methods and techniques. Shouldn’t we ‘good guys’ be doing the same?

Sure, some info-sharing databases for cybersecurity experts do exist, such as open virus databases allowing for searching and sharing of malware samples to facilitate the detection of viruses, and updated reputation sources which share information about sites associated with malware infection, phishing campaigns, and the like. But almost all of these collaborative projects focus on sharing attack-side information like specific vulnerabilities, attack techniques, or specific intrusion patterns. Sharing this kind of information is basically useless, as it takes too long for security experts to analyze the threat information, plan a defense strategy, and then deploy it.

What could be quite effective in meeting these kill chains head-on are detection solutions in the form of security orchestration models – but currently, there is no forum within the security community for creating and sharing these models. The lack of preventative collaboration is a gaping hole in the security industry which must be rectified. State actors and organized crime are just that – organized. We, the protectors, are not.

Multiple security technologies are involved in protecting against advanced attack campaigns – network security, endpoint security, threat intelligence, etc. All of these must work in synch and must be activated in the correct sequence to provide maximum protection against increasingly sophisticated threats. We need our own “generals” coordinating our security arsenal, orchestrating our battles and rallying the cyber troops.

The industry must learn to pool its resources better and develop the ability to share preemptive avenues of detection, investigation, and mitigation of advanced attack campaigns. No existing forum allows security experts to write orchestration models (which define the defense strategies) and share them with each other for collaboration and communal enhancement.

What’s needed is a platform through which the cybersecurity community can create and share vendor-neutral security orchestration models (defense strategies) which can then be internally rated by community members and updated as needed, rendering them ready for adaptation by organizations – no matter which security products they use.

If an organization is lacking a security function that the model requires, the organization can be alerted and the gap filled. Orchestration models can also be created for specific verticals and tailored to the needs of specific organization types such as banks, retail, healthcare, or critical infrastructure, for example, or developed to specifically combat known hacker groups and their attack patterns, or both.

Hacking organizations have been alarmingly successful in the scope of their attacks over the last couple of years, and they are becoming bolder, more technically proficient, and better organized, creating an air of cyber unease which has left much of the Western world unsettled. But we are far from raising the white flag to the black hats. Taking the right steps to form expert communities and impart our accumulated knowledge and innovations to preemptively combat the cyber scourge could eventually put them out of business – we just need to learn to share more effectively than they do.


Help Net Security

IBM launched its IBM Security App Exchange at the tail end of 2015, so it has been live for almost a year now. We always thought the App Exchange had significant potential, but we’ve been blown away by its success with our customers and other security vendors. We now have security information and event management (SIEM) customers imploring other vendors to provide a QRadar app as a prerequisite to joining their security operations. It has also helped IBM demonstrate its security immune system in a tangible way.

App Exchange Offers Market Insights

The program has been so successful that we passed our 12-month target for third-party vendors and apps on the Exchange after only seven months. We are currently seeing approximate monthly totals of:

  • 3,500 downloads;
  • 35,000 visits; and
  • 11,000 unique visitors.

These numbers illustrate the App Exchange’s value to IBM customers, partners and the overall market. We’ve also trained over 90 security vendors in app development and have a vibrant backlog of third-party and IBM apps that we are planning to launch over the next few months.

One thing that was clear from the outset was the wide variety of security operations that the apps are addressing. This offers some interesting insights into what products are hot in the security market. While the IBM Security App Exchange is product-agnostic, it is currently dominated by apps for the QRadar Security Intelligence Platform, followed by IBM BigFix and IBM X-Force. Because QRadar sits right in the center of organizations’ threat detection and response processes, most systems involved in security operations should interface with it in some way.

Since the App Exchange launched, we’ve added over 70 apps that fall into the following broad categories:

  • Visualizations;
  • Threat Intelligence;
  • User Behavior Analytics (UBA);
  • Incident Response;
  • Endpoint Detection and Response;
  • Hunting;
  • Compliance Use Cases; and
  • Other Threat Detection Use Cases.

High Demand for Use Cases

The first set of stats shows the relative number of apps on the App Exchange in each category. Apps that fall into the categories of Threat Detection Use Cases and Compliance Use Cases account for more than half the offerings. Demand is high because these are the first use cases that most organizations address when implementing security operations.

The third most common set of apps fall into the category of User Behavior Analytics. The market is piping hot for these apps due to the fact that more than 50 percent of threats fall into this category. Demand for apps that fall into the Threat Intelligence category is similarly high.

App use representation on IBM Security App Exchange

Download Ratios

The second set of stats show the relative ratio of app downloads in each category. Again, the top category is Threat Detection Use Cases. This is very closely followed by User Behavior Analytics, with both Visualizations and Threat Intelligence hot on its heels. It’s interesting that Visualizations ranks so high in downloads while the category includes a relatively small set of apps. This may represent an unmet need.

Of course, download statistics are skewed by the length of time some apps have been available on the App Exchange. QRadar UBA, for example, has only been available for four months, but is already the third most downloaded app. Some newer apps in the areas of Endpoint Detection and Response, Incident Response and Hunting, while low in volume and relative downloads, are growing quickly. It’ll be interesting to review this trend in another six months to a year.

Proportion of app downloads on IBM Security App Exchange

Key Takeaways

In summary, the key insights we can take away from this data are:

  • Threat Detection Use Cases, Threat Intelligence and User Behavior Analytics are at the forefront of most security programs.
  • Organizations place great value in threat, risk and incident visualizations, and there may be unmet demand in this area.
  • Compliance use cases are still an important foundation.
  • We’re starting to see a real pickup in areas of Endpoint Detection and Response, Hunting and Incident Response.

That’s just a sampling of the insights we can draw from the App Exchange statistics. We’ll continue to track the App Exchange’s development and shine a light on what apps are gaining traction in the market. Stay tuned!

Visit the IBM Security App Exchange


Security Intelligence

Original release date: November 21, 2016

The Network Time Foundation's NTP Project has released version ntp-4.2.8p9 to address multiple vulnerabilities in ntpd. Exploitation of some of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.

US-CERT encourages users and administrators to review Vulnerability Note VU#633847 and the NTP Security Notice Page for vulnerability and mitigation details.

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No


US-CERT Current Activity

USN-3132-1: tar vulnerability | Ubuntu

Jump to site nav

  • Jump to content
  • Cloud
    • Overview
    • Ubuntu OpenStack
    • Public cloud
    • Cloud tools
    • Cloud management
    • Ecosystem
    • Cloud labs
  • Server
    • Overview
    • Server management
    • Hyperscale
  • Desktop
    • Overview
    • Features
    • For business
    • For developers
    • Take the tour
    • Desktop management
    • Ubuntu Kylin
  • Phone
    • Overview
    • Features
    • Scopes
    • App ecosystem
    • Operators and OEMs
    • Carrier Advisory Group
    • Ubuntu for Android
  • Tablet
    • Design
    • Operators and OEMs
    • App ecosystem
  • TV
    • Overview
    • Experience
    • Industry
    • Contributors
    • Features and specs
    • Commercial info
  • Management
    • Overview
    • Landscape features
    • Working with Landscape
    • Return on investment
    • Compliance
    • Ubuntu Advantage
  • Download
    • Overview
    • Cloud
    • Server
    • Desktop
    • Ubuntu Kylin
    • Alternative downloads


Ubuntu Security Notices

Last Friday’s massive DDoS attack against Dyn.com and its DNS services slowed down or knocked out internet connectivity for millions of users for much of the day. Unfortunately, these sorts of attacks cannot be easily mitigated. We have to live with them for now.

Huge DDoS attacks that take down entire sites can be accomplished for a pittance. In the age of the insecure internet of things, hackers have plenty of free firepower. Say the wrong thing against the wrong person and you can be removed from the web, as Brian Krebs recently discovered.

[ Make threat intelligence meaningful: A 4-point plan. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]

Krebs' warning is not hyperbole. For my entire career I’ve had to be careful about saying the wrong thing about the wrong person for fear that I or my employers would be taken down or doxxed. Krebs became a victim even with the assistance of some of the world’s best anti-DDoS services.

Imagine if our police communications were routinely taken down simply because they sent out APBs on criminal suspects or arrested them. Online hackers have certainly tried. Plenty of them have successfully hacked the online assets of police departments and doxxed their employees.

Flailing at DDoS attacks

Readers, reporters, and friends have asked me what we can do to stop DDoS attacks, which break previous malicious traffic records every year. We're now seeing DDoS attacks that reach traffic rates exceeding 1Tb per second. That’s insane! I remember being awed when attacks hit 100Mb per second.

You can’t stop DDoS attacks because they can be accomplished anywhere along the OSI model -- and at each level dozens of different attacks can be performed. Even if you could secure an intended victim's site perfectly, the hacker could attack upstream until the pain reached a point where the victim would be dropped to save everyone else.

Because DDoS attackers use other people's computers or devices, it’s tough to shut down the attacks without taking out command-and-control centers. Krebs and others have helped nab a few of the worst DDoS attackers, but as with any criminal endeavor, new villains emerge to replace those arrested.

The threats to the internet go beyond DDoS attacks, of course. The internet is rife with spam, malware, and malicious criminals who steal tens of millions of dollars every day from unsuspecting victims. All of this activity is focused on a global network that is more and more mission-critical every day. Even activities never intended to be online -- banking, health care, control of the electrical grid -- now rely on the stability of the internet.

That stability does not exist. The internet can be taken down by disgruntled teenagers.

What would it take?

Fixing that sad state of affairs would take a complete rebuild of the internet -- version 2.0. Version 1.0 of the internet is like a hobbyist's network that never went pro. The majority of it runs on lowest-cost identity and zero trust assurance.

For example, anyone can send an email (legitimate or otherwise) to almost any other email server in the world, and that email server will process the message to some extent. If you repeat that process 10 million times, the same result will occur.

The email server doesn’t care if the email claims to be from Donald Trump and originates from China or Russia’s IP address space. It doesn’t know if Trump’s identity was verified by using a simple password, two-factor authentication, or a biometric marker. There’s no way for the server to know whether that email came from the same place as all previous Trump emails or whether it was sent during Trump’s normal work hours. The email server simply eats and eats emails, with no way to know whether a particular connection is more or less trustworthy than normal.

Internet 2.0

I believe the world would be willing to pay for a new internet, one in which the minimum identity verification is two-factor or biometric. I also think that, in exchange for much greater security, people would be willing to accept a slightly higher price for connected devices -- all of which would have embedded crypto chips to assure that a device or person’s digital certificate hadn’t been stolen or compromised.

This professional-grade internet would have several centralized services, much like DNS today, that would be dedicated to detecting and communicating about badness to all participants. If someone’s computer or account was taken over by hackers or malware, that event could quickly be communicated to everyone who uses the same connection. Moreover, when that person’s computer was cleaned up, centralized services would communicate that status to others. Each network connection would be measured for trustworthiness, and each partner would decide how to treat each incoming connection based on the connection’s rating.

This would effectively mean the end of anonymity on the internet. For those who prefer today's (relative) anonymity, the current internet would be maintained.

But people like me and the companies I've worked for that want more safety would be able to get it. After all, many services already offer safe and less safe versions of their products. For example, I’ve been using Instant Relay Chat (IRC) for decades. Most IRC channels are unauthenticated and subject to frequent hacker attacks, but you can opt for a more reliable and secure IRC. I want the same for every protocol and service on the internet.

I’ve been writing about the need for a more trustworthy internet for a decade-plus. The only detail that has changed is that the internet has become increasingly mission-critical -- and the hacks have grown much worse. At some point, we won’t be able to tolerate teenagers taking us offline whenever they like.

Is that day here yet?

To comment on this article and other InfoWorld content, visit InfoWorld's LinkedIn page, Facebook page and Twitter stream.


InfoWorld Security Adviser

Apple may have refused to help the FBI unlock an iPhone used by the San Bernardino shooter, but the tech industry is still better off working with the U.S. government on encryption issues than turning away, according to a former official with the Obama administration.

“The government can get very creative,” said Daniel Rosenthal, who served as the counterterrorism director in the White House until January this year. He fears that the U.S. government will choose to “go it alone” and take extreme approaches to circumventing encryption, especially if another terrorist attack occurs.

[ Safeguard your data! The tools you need to encrypt your communications and web data. • Maximum-security essential tools for everyday encryption. • InfoWorld's encryption Deep Dive how-to report. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]

“The solutions they come up with are going to be less privacy protective,” he said during a talk at the Versus 16 cybersecurity conference. “People will think they are horrifying, and I don’t want us to see us get to that place.”

Rosenthal made his comments as President-elect Donald Trump—who previously called for a boycott of Apple during its dispute with the FBI—prepares to take office in January.

A Trump administration has a “greater likelihood” than the Obama administration of supporting legislation that will force tech companies to break into their customers’ encrypted data when ordered by a judge, Rosenthal said.

“You have a commander-in-chief, who said at least on the campaign trail he’s more favorable towards a backdoor regime,” Rosenthal said.

Earlier this year, one such bill was proposed that met with staunch opposition from privacy advocates. However, in the aftermath of another terrorist attack, Congress might choose to push aside those concerns and pass legislation drafted without the advice of Silicon Valley, he said.  

Rosenthal went on to say that U.S. law enforcement needs surveillance tools to learn about terrorist plots, and that’s where the tech industry can help. During his time in the White House, he noticed a “dramatic increase” in bad actors using encryption to thwart government efforts to spy on them.

“There are people trying to come up with a reasonable solution,” he said of efforts to find a middle ground on the encryption debate. “To immediately say there is no solution is counter historical.”

dsc05324Michael Kan

Cindy Cohn (right), executive director of EFF, and Daniel Rosenthal, former director of counterterrorism for the White House.

However, Rosenthal’s comments were met with resistance from Cindy Cohn, executive director for Electronic Frontier Foundation, a privacy advocate. She also spoke at the talk and opposed government efforts to weaken encryption, saying it “dumbs down” security.

“This idea of a middle ground that you can come up with an encryption strategy that only lets good guy into your data, and never lets a bad guy into your data, misunderstands how the math works,” she said.

Law enforcement already possess a wide variety of surveillance tools to track terrorists, she said. In addition, tech companies continue to help U.S. authorities on criminal cases and national security issues, despite past disputes over privacy and encryption.

But law enforcement has done little to recognize the risks of building backdoors into products, Cohn said. Not only would this weaken security for users, but also damage U.S. business interests.

“If American companies can’t offer strong encryption, foreign companies are going to walk right into that market opportunity,” she said.

Cohn also said any effort to force U.S. companies to weaken encryption wouldn’t necessarily help catch terrorists. That’s because other strong encryption products from foreign vendors are also circulating across the world.

“The idea that the Americans can make sure that ISIS never gets access to strong encryption is a pipe dream,” she said. “That’s why I think this is bad idea. Because I don’t think it’s going to work.”

The Versus 16 conference was sponsored by cybersecurity firm Vera. 

To comment on this article and other InfoWorld content, visit InfoWorld's LinkedIn page, Facebook page and Twitter stream.


InfoWorld Security

j003-content-microsoft-patch-tuesday-2016_sqAlong with 14 patches, Microsoft introduced a new Security Update Guide web site, as the new location for information on security vulnerabilities.

This month’s Patch Tuesday was also election day in the U.S. and I imagine for once, IT pros are actually happy to see a big load of security updates released – it’s something to take our mind off the culmination of this contentious campaign season.

Along with the fourteen patches released today, the Microsoft Security Response Center (MSRC) team  published a blog post that introduces the new Security Update Guide web site, which the company sees as the “new single destination for security vulnerability information.”

It’s in preview now, and the Microsoft Security Bulletin site is still operational, so if you’re one of many who don’t like change, you can still access the information in the traditional way – at least for a few months. After January 2017, the information about the security fixes will no longer be published to the Bulletins site; you’ll have to transition to the Update Guide.

The good news is that the new portal does give you far more flexibility. You can filter by release date, KB number, CVE identifier, or product. This is great for those who don’t want to waste time scrolling through information about software and services that they don’t have deployed or don’t use.

This month’s updates include six that are rated critical and eight classified as important. There are updates for both Microsoft web browsers, Adobe Flash, and various components of Windows, as well as one for SQL Server and one for Microsoft Office.

Let’s take a look at each of these updates in a little more detail.

MS16-129 (KB 3199057) This is the usual cumulative update for the Edge browser and applies to Edge on all iterations of Windows 10. It is rated critical for all.

The update addresses seventeen vulnerabilities, including multiple memory corruption issues, information disclosure, and a spoofing vulnerability. Twelve of these could be exploited to accomplish remote code execution.

The update fixes the problems by changing how Microsoft browsers handles objects in memory, changing how the XSS filter in Microsoft browsers handle RegEx, modifying how the Chakra JavaScript scripting engine handles objects in memory, and correcting how the Microsoft Edge parses HTTP responses.

MS16-130 (KB 3199172) This is an update for all currently supported versions of the Windows client and server operating systems, including the server core installation. It is rated critical for all.

This update addresses three vulnerabilities: two elevation of privilege issues and one remote code execution vulnerability. The update fixes the problems by correcting how the Windows Input Method Editor (IME) loads DLLs and requiring hardened UNC paths be used in scheduled tasks.

MS16-131 (KB 3199151) This is an update for the Microsoft Video Control component in Windows Vista, 7, 8.1, RT 8.1 and 10. It is rated critical for all. It also affects Windows Server 2016 Preview 5.

The update addresses a single vulnerability based on the way the Video Control component handles objects in memory, which can be exploited to accomplish remote code execution. The update fixes the problems by correcting how Microsoft Video Control handles objects in memory.

MS16-132 (KB 3199120) This is an update for the Graphic component in all currently supported versions of Windows client and server operating systems, including the server core installation. It is rated critical for all.

The update addresses four vulnerabilities: an open type font information disclosure issue (for which a workaround is provided in the security bulletin), two memory corruption vulnerabilities – one in Windows Animation Manager and one in Media Foundation – and an open type font remote code execution vulnerability, which also has a workaround. You can find instructions for the workarounds at https://technet.microsoft.com/en-us/library/security/ms16-132.aspx

The update fixes the problems by correcting how the ATMFD component, the Windows Animation Manager, and the Windows Media Foundation handle objects in memory.

MS16-141 (KB3202790) This is an update for Adobe Flash Player running on Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016. It does not include the server core installation, which doesn’t have a web browser installed by default. It is rated critical for all affected systems.

The update addresses nine vulnerabilities in the Flash Player software, which include type confusion vulnerabilities and use-after-free vulnerabilities, both of which can be exploited to accomplish code execution. The update fixes the problems by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge.

MS16-142 (KB3198467) This is the usual cumulative update for the Internet Explorer web browser. It is rated Critical for IE 9 and IE 11 on affected Windows clients, and rated Moderate for IE 9, IE 10 and IE 11 on affected Windows server operating systems.

The update addresses seven vulnerabilities, which include four memory corruption issues and three information disclosure vulnerabilities. The most severe of these could be exploited to accomplish remote code execution. The update fixes the problems by correcting how Internet Explorer modifies objects in memory and the way it uses the XSS filter to handle RegEx.

MS16-133 (KB 3199168) This is an update for Microsoft Office that applies to Office 2007, 2010, 2013, 2013 RT, and 2016, as well as Office for Mac 2011 and 2016, the Office Compatibility Pack, and the Excel and PowerPoint Viewers. Also affected are Excel Services and Word Automation Services on SharePoint 2010, Word Automation Services on SharePoint 2013, and Office Web Apps 2010 and 2013. It is rated important for all.

The update addresses twelve vulnerabilities, ten of which are memory corruption issues. The other two are information disclosure and denial of service vulnerabilities. The update fixes the problems by correcting how Microsoft Office initializes variables and how affected versions of Office and Office components handle objects in memory.

MS16-134 (KB3193706) This is an update for the Common Log File System Driver in all currently supported releases of Windows client and server operating system, including the Server Core installation. It is rated important for all.

This update addresses ten vulnerabilities, all of which are elevation of privilege issues. The update fixes the problem by correcting how CLFS handles objects in memory.

MS16-135 (KB3199135) This is an update for the Windows Kernel-mode Drivers in all currently supported releases of Windows client and server operating system, including the Server Core installation. It is rated important for all.

This update addresses five vulnerabilities, which includes two information disclosure issues and three elevation of privilege vulnerabilities. The update fixes the problem by correcting how the Windows kernel-mode driver handles objects in memory.

MS16-136 (KB3199641) This is an update for all currently supported editions of Microsoft SQL Server 2012, 2014 and 2016. It is rated important for all.

The update addresses six vulnerabilities, which includes three SQL RDBMS Engine Elevation of Privilege vulnerabilities, one MDS API XSS vulnerability, and one SQL Analysis Services information disclosure vulnerability, along with one SQL Server agent elevation of privilege vulnerability. The most severe of these vulnerabilities could allow an attacker could to gain elevated privileges that could be used to view, change, or delete data; or create new accounts. The update fixes these most severe vulnerabilities by correcting how SQL Server handles pointer casting.

MS16-137 (KB3199173) This is an update for Windows Authentication Methods in all currently supported releases of Windows client and server operating system, including the server core installation. It is rated important for all.

The update addresses three vulnerabilities, which include a Virtual Secure Mode Information Disclosure vulnerability, a Local Security Authority Subsystem Service Denial of Service vulnerability and a Windows NTLM Elevation of Privilege vulnerability.

The update fixes the problems by updating Windows NTLM to harden the password change cache, changing the way that LSASS handles specially crafted requests and correcting how Windows Virtual Secure Mode handles objects in memory.

MS16-138 (KB3199647) This is an update for the Microsoft Virtual Hard Disk Driver in Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016, including the server core installation. It is rated important for all.

The update addresses four vulnerabilities, all of which are elevation of privilege issues that an attacker could exploit to manipulate files in locations not intended to be available to the user. The update fixes the problem by correcting how the kernel API restricts access to these files.

MS16-139 (KB3199720) This is an update for the Windows kernel in Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2, including the server core installation. It is rated important for all.

The update addresses a single vulnerability in the way the kernel API enforces permissions, which an attacker could exploit to gain access to information that is not intended for the user, but the attacker would have to be able to locally authenticate. The update fixes the problem by helping to ensure the kernel API correctly enforces access controls.

MS16-140 (KB3193479) This is an update for the Boot Manager in Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016, including the server core installation. It is rated important for all.

The update addresses a single vulnerability when Windows Secure Boot improperly loads a boot policy that is affected by the vulnerability. An attacker who successfully exploited this vulnerability could disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device. The update fixes the problem by revoking affected boot policies in the firmware.

You can find the full summary of all these updates, with links to each security bulletin, at https://technet.microsoft.com/en-us/library/security/ms16-nov.aspx

If you don’t want to miss out on future information about important Microsoft vulnerabilities and patches, subscribe to our blog and receive regular news updates in your inbox.

You may also like:

  • IT automation comes to the rescue for sysadmins
  • Microsoft Patch Tuesday – October 2016
  • Microsoft Patch Tuesday has changed and now all patches are…


GFI Blog

We now have new torrent links in and eMule collections for most of the past DEF CON Media. For torrents, there are many clients including BitTorrent (most platforms), uTorrent (most platforms), and Transmission (OS X, Unix, Linux, and some embedded systems).

BitTorrent Logo uTorrent Logo Transmission Logo

For eMule collections, eMule (Windows) and aMule (all platforms), are good choices.

eMule Logo aMule Logo

For the individual files in these collections and so much more, Check out the DEF CON Media Server!

DEF CON Media Server

If you could do us a favor as these files build p2p momentum, leave your client running for a bit after you download to share these files and help spread the media love!


DEF CON: The Documentary

DEF CON the Documentary in 720p: Torrent Icon Torrent

DEF CON the Documentary in 1080p: Torrent Icon Torrent

DEF CON the Documentary - all files including music, extra clips, and interview: Torrent Icon Torrent

DEF CON Documentary soundtrack: Check out the music from the artists (Zoe Blade, Broke For Free, Chris Zabriskie, Revolution Void, The Insiders, and others) that made the DEF CON Documentary soundtrack possible! Torrent Icon Torrent

DEF CON Documentary extra bonus clips: 21 Extra clips that didn't make the documentary. Interviews, background stories, and past trivia. If you finished watching the DEF CON Documentary wanting more, here it is! Torrent Icon Torrent

Multi-year collections:

All Conference CDs and DVDs with Presentation PDF files (updated 2015): Torrent Icon Torrent | emule Icon Emule collection
All Conference Programs: Torrent Icon Torrent | emule Icon Emule collection
DEF CON Filler from DCTV: Torrent Icon Torrent

HACKER RELATED DOCUMENTARIES:

Collection of Hacker Documentaries hosted on defcon.org (Updated to include DEF CON: The Documentary and Sneak Peek): Torrent Icon Torrent

DEF CON 1

Speeches:
Collection of all Audio from DEF CON 1: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed

DEF CON 2

Speeches:
Collection of all Audio from DEF CON 2: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed

DEF CON 3

Speeches:
Collection of all Audio from DEF CON 3: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed

DEF CON 4

Speeches:
Collection of all Audio from DEF CON 4: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed

DEF CON 5

Speeches:
Collection of all Audio from DEF CON 5: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed

DEF CON 6

Speeches:
Collection of all Audio from DEF CON 6: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed

DEF CON 7

Speeches:
Collection of all Video from DEF CON 7: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed
Collection of all Audio from DEF CON 7: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed

DEF CON 8

Speeches:
Collection of all Video from DEF CON 8: Torrent Icon Torrent | rss Icon RSS Feed
Collection of all Audio from DEF CON 8: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed

DEF CON 9

Speeches:
Collection of all Video from DEF CON 9: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed
Collection of all Audio from DEF CON 9: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed

Music:
Collection of all Music from DEF CON 9: Torrent Icon Torrent | rss Icon RSS Feed

DEF CON 10

Speeches:
Collection of all Video from DEF CON 10: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed
Collection of all Audio from DEF CON 10: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed

Music:
Collection of all Music from DEF CON 10: Torrent Icon Torrent | rss Icon RSS Feed

DEF CON 11

Speeches:
Collection of all Video from DEF CON 11: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed
Collection of all Audio from DEF CON 11: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed

Music:
Collection of all Music from DEF CON 11: Torrent Icon Torrent | rss Icon RSS Feed

DEF CON 12

Speeches:
Collection of all Video from DEF CON 12: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed
Collection of all Audio from DEF CON 12: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed

Music:
Collection of all Music from DEF CON 12: Torrent Icon Torrent | rss Icon RSS Feed

DEF CON 13

Speeches:
Collection of all Video from DEF CON 13: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed
Collection of all Audio from DEF CON 13: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed

Music:
Collection of all Music from DEF CON 13: Torrent Icon Torrent | rss Icon RSS Feed
Collection of all Music Videos from DEF CON 13: rss Icon RSS Feed

DEF CON 14

Speeches:
Collection of all Video from DEF CON 14: Torrent Icon Torrent | rss Icon RSS Feed
Collection of all Audio from DEF CON 14: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed

Music:
Collection of all Music from DEF CON 14: Torrent Icon Torrent | rss Icon RSS Feed

DEF CON 15

Speeches:
Collection of all Video from DEF CON 15: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed
Collection of all Audio from DEF CON 15: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed

Badge Files:
Collection of files relating to the electronic badge from DEF CON 15: Torrent Icon Torrent

Other Fun Stuff:
Collection of other items of interest from DEF CON 15: Torrent Icon Torrent

DEF CON 16

Speeches:
Collection of all Speaker & Slides Video from DEF CON 16: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed
Collection of all Slides Video from DEF CON 16: Torrent Icon Torrent | rss Icon RSS Feed
Collection of all Audio from DEF CON 16: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed

Badge Files:
Collection of files relating to the electronic badge from DEF CON 16: Torrent Icon Torrent

Tools:
Collection of tools released at DEF CON 16: Torrent Icon Torrent

DEF CON 17

Speeches:
Collection of all Speaker & Slides Video from DEF CON 17: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed
Collection of all Slides Video from DEF CON 17: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed
Collection of all Audio from DEF CON 17: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed

Music:
Collection of all Music from DEF CON 17: Torrent Icon Torrent

Badge Files:
Collection of files relating to the electronic badge from DEF CON 17: Torrent Icon Torrent

CTF Files:
Collection of files related to the Capture the Flag contest at DEF CON 17: Torrent Icon Torrent

Tools:
Collection of tools released at DEF CON 17: Torrent Icon Torrent

Other Fun Stuff:
Collection of other items of interest from DEF CON 17: Torrent Icon Torrent

DEF CON 18

Speeches:
Collection of all Speaker & Slides Video from DEF CON 18: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed
Collection of all Slides Video from DEF CON 18: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed
Collection of all Audio from DEF CON 18: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed

Music:
Collection of all Music from DEF CON 18: Torrent Icon Torrent | rss Icon RSS Feed

Other Video:
Hacker Jeopardy: Torrent Icon Torrent | emule Icon Emule collection

CTF Files:
Collection of files related to the Capture the Flag contest at DEF CON 18: Torrent Icon Torrent

Tools:
Collection of tools released at DEF CON 18: Torrent Icon Torrent

DEF CON 19

Speeches:
Speaker materials: rss Icon RSS Feed
Collection of all Speaker & Slides Video from DEF CON 19: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed
Collection of all Slides Video from DEF CON 19: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed
Collection of all Audio from DEF CON 19: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed

Short Story Contest:
Collection of short stories from the contest at DEF CON 19: Torrent Icon Torrent

Other Video:
10,000¢ Hacker Pyramid and Hacker Jeopardy: Torrent Icon Torrent | emule Icon Emule collection

CTF Files:
Collection of files related to the Capture the Flag contest at DEF CON 19: Torrent Icon Torrent

Other Fun Stuff:
Collection of other items of interest from DEF CON 19: Torrent Icon Torrent

DEF CON 20

Speeches:
Speaker materials: rss Icon RSS Feed
Collection of all Speaker & Slides Video from DEF CON 20: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed
Collection of all Slides Video from DEF CON 20: Torrent Icon Torrent | rss Icon RSS Feed
Collection of all Audio from DEF CON 20: Torrent Icon Torrent | emule Icon Emule collection | rss Icon RSS Feed

CTF:
Collection of files related to the Capture the Flag contest at DEF CON 20: Torrent Icon Torrent

Music:
Collection of all Music from DEF CON 20: Torrent Icon Torrent

Other Video:
Hacker Jeopardy: Torrent Icon Torrent | emule Icon Emule collection
Hacker Pyramid: Torrent Icon Torrent

Short Story Contest:
Collection of short stories from the contest at DEF CON 20: Torrent Icon Torrent

Artwork:
Collection of Conference Artwork from DEF CON 20: Torrent Icon Torrent
Collection of Art from the DEF CON 20 Artwork Contest: Torrent Icon Torrent

Pictures: Collection of photos from various photographers at DEF CON 20: Torrent Icon Torrent

DEF CON 21

Conference CD:
Updated Conference CD: Torrent Icon Torrent

Speaker Materials:
Updated Speaker Materials: Torrent Icon Torrent | rss Icon RSS Feed

Speeches:
Collection of all Speaker & Slides Video from DEF CON 21: Torrent | rss Icon RSS Feed
Collection of all Slides Video from DEF CON 21: Torrent | rss Icon RSS Feed
Collection of all Audio from DEF CON 21: Torrent | emule Icon Emule collection | rss Icon RSS Feed

Music:
Collection of music from the performances at DEF CON 21: Torrent Icon Torrent

Photos:
DEF CON 21 Pictures 1 torrent: Torrent
DEF CON 21 Pictures 2 torrent: Torrent

CTF:
Complete packet captures from the Capture the Flag contest at DEF CON 21 - Friday: Torrent
Complete packet captures from the Capture the Flag contest at DEF CON 21 - Saturday: Torrent
Complete packet captures from the Capture the Flag contest at DEF CON 21 - Sunday: Torrent
Binaries and Tools from the Capture the Flag contest at DEF CON 21: Torrent

DEF CON 22

Badge:
Collection of files related to hacking the DEF CON 22 Badge: Torrent Icon Torrent

Speaker Materials:
Updated Speaker Materials: Torrent Icon Torrent | rss Icon RSS Feed

Speeches:
Collection of all Speaker & Slides Video from DEF CON 22: Torrent | emule Icon Emule collection | rss Icon RSS Feed
Collection of all Slides Video from DEF CON 22: Torrent | emule Icon Emule collection | rss Icon RSS Feed
Collection of all Speaker Video from DEF CON 22: Torrent | emule Icon Emule collection | rss Icon RSS Feed
Collection of all Audio from DEF CON 22: Torrent | emule Icon Emule collection | rss Icon RSS Feed

Villages:
Collection of talks from the Wifi Village at DEF CON 22: Torrent Icon Torrent | emule Icon Emule collection

Contests:
Collection of Entries from the X-hour film contest at DEF CON 22: Torrent Icon Torrent | emule Icon Emule collection
Collection of entries from the Short Story Contest at DEF CON 22: Torrent

CTF:
Complete packet captures from the Capture the Flag contest at DEF CON 22: Torrent

Music:
Music CD: Torrent Icon Torrent
Collection of music from the performances at DEF CON 22: Torrent Icon Torrent

Photos
Collection of Photos from DEF CON 22: Torrent Icon Torrent

DEF CON 23

Speaker Materials:
Updated Speaker Materials: Torrent Icon Torrent

Speeches:
Collection of all Speaker & Slides Video from DEF CON 23: Torrent | rss Icon RSS Feed
Collection of all Video from DEF CON 23: Torrent | rss Icon RSS Feed
Collection of all Slides Video from DEF CON 23: Torrent | rss Icon RSS Feed
Collection of all Villages Speaker & Slides Video from DEF CON 23: Torrent | rss Icon RSS Feed
Collection of all Villages Speaker Video from DEF CON 23: Torrent
Collection of all Villages Slides Video from DEF CON 23: Torrent
Collection of all Audio from DEF CON 23: Torrent | rss Icon RSS Feed

CTF:
Complete packet captures from the Capture the Flag contest at DEF CON 23: Torrent

Music:
Music CD: Torrent Icon Torrent

Photos
Collection of Photos from DEF CON 23: Torrent Icon Torrent

DEF CON 24

Speaker Materials:
Updated Speaker Materials: Torrent Icon Torrent

Speeches:
Collection of all Speaker & Slides Video from DEF CON 24: Torrent | rss Icon RSS Feed
Collection of all Audio from DEF CON 24: Torrent rss Icon RSS Feed
Collection of all Villages from DEF CON 24: Torrent

Cyber Grand Challenge:
CGC Files from DEF CON 24: Torrent Icon Torrent

Conference CD:
CD: Torrent Icon Torrent

Music:
Music CD: Torrent Icon Torrent

CTF:
Files relted to the Capture the Flag contest at DEF CON 24: Torrent

Photos
Collection of Photos from DEF CON 24: Torrent Icon Torrent

DEF CON RSS Feed DEF CON Twitter DEF CON Facebook Page DEF CON on Google Plus DEF CON YouTube Page Instagram Logo Reddit logo Canary logo

DEF CON Sites

Link to DEF CON Forums Forums
Link to DEF CON Media Server Media Server

The Goods

DEF CON on eBay Logo Official Swag
Bugtraq ID: 93150 Class: Failure to Handle Exceptional Conditions CVE: CVE-2016-6304 Remote: Yes Local: No Published: Sep 23 2016 12:00AM Updated: Nov 15 2016 12:05AM Credit: Shi Lei (Gear Team, Qihoo 360 Inc.) Vulnerable: Pexip Pexip Infinity 9.1
Pexip Pexip Infinity 9
Pexip Pexip Infinity 8.1
Pexip Pexip Infinity 8
Pexip Pexip Infinity 7
Pexip Pexip Infinity 6
Pexip Pexip Infinity 5
Pexip Pexip Infinity 4
Pexip Pexip Infinity 12.2
Pexip Pexip Infinity 12.1
Pexip Pexip Infinity 12
Pexip Pexip Infinity 11.1
Pexip Pexip Infinity 11
Pexip Pexip Infinity 10.2
Pexip Pexip Infinity 10.1
Pexip Pexip Infinity 10
Oracle VM VirtualBox 5.0.26
Oracle VM VirtualBox 5.0.22
Oracle VM VirtualBox 5.0.16
Oracle VM VirtualBox 5.0.14
Oracle VM VirtualBox 5.0.13
Oracle VM VirtualBox 5.0.12
Oracle VM VirtualBox 5.0.11
Oracle VM VirtualBox 5.0.10
Oracle VM VirtualBox 5.0.9
Oracle VM VirtualBox 5.0.8
Oracle VM VirtualBox 4.3.36
Oracle VM VirtualBox 4.3.35
Oracle VM VirtualBox 4.3.34
Oracle VM VirtualBox 4.3.33
Oracle VM VirtualBox 4.3.32
Oracle VM VirtualBox 4.3.26
Oracle VM VirtualBox 4.3.19
Oracle VM VirtualBox 4.3.18
Oracle VM VirtualBox 4.3.17
Oracle VM VirtualBox 4.3.16
Oracle VM VirtualBox 4.3.15
Oracle VM VirtualBox 4.3.14
Oracle VM VirtualBox 4.3.12
Oracle VM VirtualBox 4.3.10
Oracle VM VirtualBox 4.3.9
Oracle VM VirtualBox 4.3.8
Oracle VM VirtualBox 4.3.7
Oracle VM VirtualBox 4.3.5
Oracle VM VirtualBox 4.2.36
Oracle VM VirtualBox 4.2.35
Oracle VM VirtualBox 4.2.34
Oracle VM VirtualBox 4.2.30
Oracle VM VirtualBox 4.2.27
Oracle VM VirtualBox 4.2.26
Oracle VM VirtualBox 4.2.24
Oracle VM VirtualBox 4.2.23
Oracle VM VirtualBox 4.2.19
Oracle VM VirtualBox 4.2.18
Oracle VM VirtualBox 4.2.14
Oracle VM VirtualBox 4.2.12
Oracle VM VirtualBox 4.2
Oracle VM VirtualBox 4.1.44
Oracle VM VirtualBox 4.1.43
Oracle VM VirtualBox 4.1.42
Oracle VM VirtualBox 4.1.38
Oracle VM VirtualBox 4.1.35
Oracle VM VirtualBox 4.1.34
Oracle VM VirtualBox 4.1.32
Oracle VM VirtualBox 4.1.31
Oracle VM VirtualBox 4.1.29
Oracle VM VirtualBox 4.1.28
Oracle VM VirtualBox 4.1.24
Oracle VM VirtualBox 4.1.22
Oracle VM VirtualBox 4.1.20
Oracle VM VirtualBox 4.1.18
Oracle VM VirtualBox 4.1.16
Oracle VM VirtualBox 4.1.14
Oracle VM VirtualBox 4.1.10
Oracle VM VirtualBox 4.1.8
Oracle VM VirtualBox 4.0.36
Oracle VM VirtualBox 4.0.35
Oracle VM VirtualBox 4.0.34
Oracle VM VirtualBox 4.0.30
Oracle VM VirtualBox 4.0.27
Oracle VM VirtualBox 4.0.26
Oracle VM VirtualBox 4.0.24
Oracle VM VirtualBox 4.0.23
Oracle VM VirtualBox 4.0.21
Oracle VM VirtualBox 4.0.20
Oracle VM VirtualBox 4.0.18
Oracle VM VirtualBox 3.2.25
Oracle VM VirtualBox 3.2.24
Oracle VM VirtualBox 3.2.22
Oracle VM VirtualBox 3.2.21
Oracle VM VirtualBox 3.2.19
Oracle VM VirtualBox 3.2.18
Oracle VM VirtualBox 3.2.14
Oracle VM VirtualBox 3.0.1
Oracle VM VirtualBox 1.6.6
Oracle VM VirtualBox 5.0.18
Oracle VM VirtualBox 5.0
Oracle VM VirtualBox 4.3.6
Oracle VM VirtualBox 4.3.4
Oracle VM VirtualBox 4.3.2
Oracle VM VirtualBox 4.3.0
Oracle VM VirtualBox 4.2.8
Oracle VM VirtualBox 4.2.6
Oracle VM VirtualBox 4.2.4
Oracle VM VirtualBox 4.2.22
Oracle VM VirtualBox 4.2.20
Oracle VM VirtualBox 4.2.2
Oracle VM VirtualBox 4.2.16
Oracle VM VirtualBox 4.2.10
Oracle VM VirtualBox 4.2
Oracle VM VirtualBox 4.1.6
Oracle VM VirtualBox 4.1.4
Oracle VM VirtualBox 4.1.30
Oracle VM VirtualBox 4.1.26
Oracle VM VirtualBox 4.1.2
Oracle VM VirtualBox 4.1.0
Oracle VM VirtualBox 4.1
Oracle VM VirtualBox 4.0.8
Oracle VM VirtualBox 4.0.6
Oracle VM VirtualBox 4.0.4
Oracle VM VirtualBox 4.0.22
Oracle VM VirtualBox 4.0.2
Oracle VM VirtualBox 4.0.16
Oracle VM VirtualBox 4.0.14
Oracle VM VirtualBox 4.0.12
Oracle VM VirtualBox 4.0.10
Oracle VM VirtualBox 4.0.0
Oracle VM VirtualBox 4.0
Oracle VM VirtualBox 3.3
Oracle VM VirtualBox 3.2.8
Oracle VM VirtualBox 3.2.6
Oracle VM VirtualBox 3.2.4
Oracle VM VirtualBox 3.2.20
Oracle VM VirtualBox 3.2.2
Oracle VM VirtualBox 3.2.16
Oracle VM VirtualBox 3.2.12
Oracle VM VirtualBox 3.2.10
Oracle VM VirtualBox 3.2.0
Oracle VM VirtualBox 3.2
Oracle VM VirtualBox 3.1.8
Oracle VM VirtualBox 3.1.6
Oracle VM VirtualBox 3.1.4
Oracle VM VirtualBox 3.1.2
Oracle VM VirtualBox 3.1.0
Oracle VM VirtualBox 3.1
Oracle VM VirtualBox 3.0.8
Oracle VM VirtualBox 3.0.6
Oracle VM VirtualBox 3.0.4
Oracle VM VirtualBox 3.0.2
Oracle VM VirtualBox 3.0.14
Oracle VM VirtualBox 3.0.12
Oracle VM VirtualBox 3.0.10
Oracle VM VirtualBox 3.0.0
Oracle VM VirtualBox 2.2.4
Oracle VM VirtualBox 2.2.2
Oracle VM VirtualBox 2.2.0
Oracle VM VirtualBox 2.2
Oracle VM VirtualBox 2.1.4
Oracle VM VirtualBox 2.1.2
Oracle VM VirtualBox 2.1.0
Oracle VM VirtualBox 2.0.8
Oracle VM VirtualBox 2.0.6
Oracle VM VirtualBox 2.0.4
Oracle VM VirtualBox 2.0.2
Oracle VM VirtualBox 2.0.12
Oracle VM VirtualBox 2.0.10
Oracle VM VirtualBox 2.0.0
Oracle VM VirtualBox 1.6.4
Oracle VM VirtualBox 1.6.2
Oracle VM VirtualBox 1.6.0
Oracle VM VirtualBox 1.6
OpenSSL Project OpenSSL 1.1
OpenSSL Project OpenSSL 1.0.11
OpenSSL Project OpenSSL 1.0.2
OpenSSL Project OpenSSL 1.0.2h
OpenSSL Project OpenSSL 1.0.2g
OpenSSL Project OpenSSL 1.0.2f
OpenSSL Project OpenSSL 1.0.2e
OpenSSL Project OpenSSL 1.0.2d
OpenSSL Project OpenSSL 1.0.2c
OpenSSL Project OpenSSL 1.0.2b
OpenSSL Project OpenSSL 1.0.2a
OpenSSL Project OpenSSL 1.0.1t
OpenSSL Project OpenSSL 1.0.1s
OpenSSL Project OpenSSL 1.0.1r
OpenSSL Project OpenSSL 1.0.1q
OpenSSL Project OpenSSL 1.0.1p
OpenSSL Project OpenSSL 1.0.1o
OpenSSL Project OpenSSL 1.0.1n
OpenSSL Project OpenSSL 1.0.1m
OpenSSL Project OpenSSL 1.0.1l
OpenSSL Project OpenSSL 1.0.1k
OpenSSL Project OpenSSL 1.0.1j
OpenSSL Project OpenSSL 1.0.1i
OpenSSL Project OpenSSL 1.0.1h
OpenSSL Project OpenSSL 1.0.1g
OpenSSL Project OpenSSL 1.0.1f
OpenSSL Project OpenSSL 1.0.1e
OpenSSL Project OpenSSL 1.0.1d
OpenSSL Project OpenSSL 1.0.1c
OpenSSL Project OpenSSL 1.0.1b
OpenSSL Project OpenSSL 1.0.1a
OpenSSL Project OpenSSL 1.0.1
IBM Sterling Connect:Express for UNIX 1.5.0.9
IBM Sterling Connect:Express for UNIX 1.5.0.13
IBM Sterling Connect:Express for UNIX 1.5.0.12
IBM Sterling Connect:Express for UNIX 1.5.0.11
IBM Sterling Connect:Express for UNIX 1.5.0
IBM Sterling Connect:Express for UNIX 1.4.6
IBM Sterling Connect:Express for UNIX 1.4
IBM SDK for Node.js 6.6.0.0
IBM SDK for Node.js 6.2.0.0
IBM SDK for Node.js 6.1.0.0
IBM SDK for Node.js 6.0.0.0
IBM SDK for Node.js 4.5.0.0
IBM SDK for Node.js 4.4.6.0
IBM SDK for Node.js 4.4.5.0
IBM SDK for Node.js 4.4.4.0
IBM SDK for Node.js 4.4.3.0
IBM SDK for Node.js 4.4.2.0
IBM SDK for Node.js 4.4.1.0
IBM SDK for Node.js 4.4.0.0
IBM SDK for Node.js 4.3.2.0
IBM SDK for Node.js 4.3.1.0
IBM SDK for Node.js 1.2.0.9
IBM SDK for Node.js 1.2.0.8
IBM SDK for Node.js 1.2.0.4
IBM SDK for Node.js 1.2.0.3
IBM SDK for Node.js 1.2.0.2
IBM SDK for Node.js 1.2.0.14
IBM SDK for Node.js 1.2.0.13
IBM SDK for Node.js 1.2.0.12
IBM SDK for Node.js 1.2.0.11
IBM SDK for Node.js 1.2.0.10
IBM SDK for Node.js 1.2.0.1
IBM SDK for Node.js 1.1.1.3
IBM SDK for Node.js 1.1.1.2
IBM SDK for Node.js 1.1.1.1
IBM SDK for Node.js 1.1.1.0
IBM SDK for Node.js 1.1.0.9
IBM SDK for Node.js 1.1.0.7
IBM SDK for Node.js 1.1.0.6
IBM SDK for Node.js 1.1.0.5
IBM SDK for Node.js 1.1.0.3
IBM SDK for Node.js 1.1.0.21
IBM SDK for Node.js 1.1.0.20
IBM SDK for Node.js 1.1.0.2
IBM SDK for Node.js 1.1.0.19
IBM SDK for Node.js 1.1.0.18
IBM SDK for Node.js 1.1.0.15
IBM SDK for Node.js 1.1.0.14
IBM SDK for Node.js 1.1.0.13
IBM SDK for Node.js 1.1.0.12
IBM SDK for Node.js 1.1
IBM Rational Application Developer for WebSphere Software 9.5
IBM Rational Application Developer for WebSphere Software 9.1
IBM i 7.3
IBM i 7.2
IBM i 7.1
IBM BigFix Remote Control 9.1.2
Cisco Wide Area Application Services (WAAS) 0
Cisco WebEx Node for MCS 0
Cisco WebEx Meetings Server - Multimedia Platform (MMP) 0
Cisco WebEx Meetings Server 2.0
Cisco WebEx Meetings Server 1.0
Cisco WebEx Meetings for Windows Phone 8 0
Cisco WebEx Meetings for BlackBerry 0
Cisco WebEx Meetings for Android 0
Cisco WebEx Meetings Client - On-Premises 0
Cisco WebEx Meetings Client - Hosted 0
Cisco WebEx Meeting Center 0
Cisco WebEx Business Suite 0
Cisco Web Security Appliance (WSA) 0
Cisco Visual Quality Experience Tools Server 0
Cisco Visual Quality Experience Server 0
Cisco Virtualization Experience Media Edition 0
Cisco Virtual Security Gateway 0
Cisco Videoscape Control Suite 0
Cisco Videoscape AnyRes Live 0
Cisco Video Surveillance PTZ IP Cameras 0
Cisco Video Surveillance Media Server 0
Cisco Video Surveillance 7000 Series IP Cameras 0
Cisco Video Surveillance 6000 Series IP Cameras 0
Cisco Video Surveillance 4300E and 4500E High-Definition IP Cameras 0
Cisco Video Surveillance 4000 Series High-Definition IP Cameras 0
Cisco Video Surveillance 3000 Series IP Cameras 0
Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS) 0
Cisco Universal Small Cell Iuh 0
Cisco Universal Small Cell CloudBase Factory Recovery Root Filesystem 2.99.4
Cisco Universal Small Cell CloudBase Factory Recovery Root Filesystem 0
Cisco Universal Small Cell 7000 Series 3.4.2.0
Cisco Universal Small Cell 5000 Series 3.4.2.0
Cisco Universal Small Cell 5000 Series 0
Cisco Unity Express 0
Cisco Unity Connection 0
Cisco Unified Workforce Optimization - Quality Management Solution 0
Cisco Unified Workforce Optimization 0
Cisco Unified SIP Proxy Software 0
Cisco Unified MeetingPlace 0
Cisco Unified IP 9971 Phone 0
Cisco Unified IP 9951 Phone 0
Cisco Unified IP 8961 Phone 0
Cisco Unified IP 8945 Phone 0
Cisco Unified IP 8831 Conference Phone for Third-Party Call Control 0
Cisco Unified IP 8831 Conference Phone 0
Cisco Unified IP 7900 Series Phones 0
Cisco Unified IP 6945 Phone 0
Cisco Unified IP 6901 Phone 0
Cisco Unified Intelligent Contact Management Enterprise 0
Cisco Unified Intelligence Center 0
Cisco Unified Contact Center Express 0
Cisco Unified Contact Center Enterprise 0
Cisco Unified Communications Manager Session Management Edition 0
Cisco Unified Communications Manager IM & Presence Service (formerly C 0
Cisco Unified Communications Manager (CUCM) 0
Cisco Unified Communications Domain Manager 0
Cisco Unified Attendant Console Premium Edition 0
Cisco Unified Attendant Console Enterprise Edition 0
Cisco Unified Attendant Console Department Edition 0
Cisco Unified Attendant Console Business Edition 0
Cisco Unified Attendant Console Advanced 0
Cisco UCS Standalone C-Series Rack Server - Integrated Management Cont 0
Cisco UCS Manager 0
Cisco UCS Director 0
Cisco UCS Central Software 0
Cisco UCS B-Series Blade Servers 0
Cisco UCS 6200 Series and 6300 Series Fabric Interconnects 0
Cisco UC Integration for Microsoft Lync 0
Cisco TelePresence Video Communication Server (VCS) 0
Cisco TelePresence TX9000 Series 0
Cisco TelePresence System TX1310 0
Cisco TelePresence System EX Series 0
Cisco TelePresence System 500-37 0
Cisco TelePresence System 500-32 0
Cisco TelePresence System 3000 Series 0
Cisco TelePresence System 1300 0
Cisco TelePresence System 1100 0
Cisco TelePresence System 1000 0
Cisco TelePresence SX Series 0
Cisco TelePresence Supervisor MSE 8050 0
Cisco TelePresence Server on Virtual Machine 0
Cisco TelePresence Server on Multiparty Media 820 0
Cisco TelePresence Server on Multiparty Media 310 and 320 0
Cisco TelePresence Server 7010 and MSE 8710 0
Cisco TelePresence Serial Gateway Series 0
Cisco TelePresence Profile Series 0
Cisco TelePresence MX Series 0
Cisco TelePresence MCU 0
Cisco TelePresence ISDN Link 0
Cisco TelePresence ISDN Gateway MSE 8321 0
Cisco TelePresence ISDN Gateway 3241 0
Cisco TelePresence Integrator C Series 0
Cisco TelePresence Content Server 0
Cisco TelePresence Conductor 0
Cisco TAPI Service Provider (TSP) 0
Cisco Tandberg Codian MSE 8320 0
Cisco Tandberg Codian ISDN Gateway 0
Cisco StealthWatch UDP Director 0
Cisco StealthWatch Management Console (SMC) 0
Cisco StealthWatch IDentity 0
Cisco StealthWatch FlowCollector sFlow 0
Cisco StealthWatch FlowCollector NetFlow 0
Cisco SPA525G 5-Line IP Phone 0
Cisco SPA232D Multi-Line DECT Analog Telephone Adapter (ATA) 0
Cisco SPA122 Analog Telephone Adapter (ATA) with Router 0
Cisco SPA112 2-Port Phone Adapter 0
Cisco SocialMiner 0
Cisco Smart Net Total Care - Local Collector appliance 0
Cisco Smart Care 0
Cisco Small Business 300 Series (Sx300) Managed Switches 0
Cisco Show and Share 0
Cisco Services Provisioning Platform 0
Cisco Security Manager 0
Cisco Secure Access Control System (ACS) 0
Cisco Registered Envelope Service 0
Cisco Proactive Network Operations Center 0
Cisco Prime Performance Manager 0
Cisco Prime Optical for Service Providers 0
Cisco Prime Network Services Controller 0
Cisco Prime Network 0
Cisco Prime License Manager 0
Cisco Prime IP Express 0
Cisco Prime Infrastructure Plug and Play Standalone Gateway 0
Cisco Prime Data Center Network Manager -
Cisco Prime Collaboration Provisioning 0
Cisco Prime Collaboration Deployment 0
Cisco Prime Collaboration Assurance 0
Cisco Prime Access Registrar 0
Cisco Partner Support Service 1.0
Cisco Paging Server (Informacast) 0
Cisco Paging Server 0
Cisco Packaged Contact Center Enterprise 0
Cisco ONS 15454 Series Multiservice Provisioning Platforms 0
Cisco onePK All-in-One Virtual Machine 0
Cisco Nexus 9000 Series Switches - Standalone NX-OS mode 0
Cisco Nexus 9000 Series Fabric Switches - ACI mode 0
Cisco Nexus 7000 Series Switches 0
Cisco Nexus 6000 Series Switches 0
Cisco Nexus 5000 Series Switches 0
Cisco Nexus 4000 Series Blade Switches 0
Cisco Nexus 1000V Series Switches 0
Cisco Network Performance Analysis 0
Cisco Network Analysis Module 0
Cisco NetFlow Generation Appliance 0
Cisco NAC Guest Server 0
Cisco NAC Appliance - Clean Access Server 0
Cisco NAC Appliance - Clean Access Manager 0
Cisco MXE 3500 Series Media Experience Engines 0
Cisco Multicast Manager 0
Cisco MediaSense 0
Cisco Media Services Interface 0
Cisco MDS 9000 Series Multilayer Switches 0
Cisco Management Appliance 0
Cisco Jabber Software Development Kit 0
Cisco Jabber Guest 0
Cisco Jabber for Windows 0
Cisco Jabber for Mac 0
Cisco Jabber for iPhone and iPad 0
Cisco Jabber for Android 0
Cisco Jabber Client Framework (JCF) Components 0
Cisco IP Interoperability and Collaboration System (IPICS) 0
Cisco IP 8800 Series Phones - VPN feature 0
Cisco IP 7800 Series Phones 0
Cisco Intrusion Prevention System (IPS) Solutions 0
Cisco InTracer 0
Cisco Hosted Collaboration Mediation Fulfillment 0
Cisco FireSIGHT System Software 0
Cisco Expressway series 0
Cisco Enterprise Content Delivery System (ECDS) 0
Cisco Emergency Responder 0
Cisco Email Security Appliance (ESA) 0
Cisco Edge 340 Digital Media Player 0
Cisco Edge 300 Digital Media Player 0
Cisco DX Series IP Phones 0
Cisco Content Security Management Appliance (SMA) 0
Cisco Content Security Appliance Update Servers 0
Cisco Connected Grid Routers 0
Cisco Computer Telephony Integration Object Server (CTIOS) 0
Cisco Common Services Platform Collector 0
Cisco Cloupia Unified Infrastructure Controller 0
Cisco Cloud Web Security 0
Cisco Cloud Object Storage 0
Cisco Clean Access Manager 0
Cisco ATA 190 Series Analog Terminal Adaptors 0
Cisco ATA 187 Analog Telephone Adaptor 0
Cisco ASR 5000 Series 0
Cisco ASA Next-Generation Firewall Services 0
Cisco Application Policy Infrastructure Controller (APIC) 0
Cisco Application and Content Networking System (ACNS) 0
Cisco AnyConnect Secure Mobility Client for Windows 0
Cisco AnyConnect Secure Mobility Client for Mac OS X 0
Cisco AnyConnect Secure Mobility Client for Linux 0
Cisco AnyConnect Secure Mobility Client for iOS 0
Cisco AnyConnect Secure Mobility Client for desktop platforms 0
Cisco AnyConnect Secure Mobility Client for Android 0
Cisco Aironet 2700 Series Access Points 0
Cisco Agent for OpenFlow 0
Cisco Agent Desktop for Cisco Unified Contact Center Express 0
Cisco Adaptive Security Appliance (ASA) 0
Cisco ACE30 Application Control Engine Module 0
Cisco ACE 4710 Application Control Engine 0
Cisco 910 Industrial Router 0
Cisco 500 Series Stackable (Sx500) Managed Switches 0
Cisco 4400 Series Digital Media Players 0
Cisco 4300 Series Digital Media Players 0
Cisco 220 Series Smart Plus (Sx220) Switches 0
CentOS CentOS 7 Not Vulnerable: Pexip Pexip Infinity 13
Oracle VM VirtualBox 5.1.8
Oracle VM VirtualBox 5.0.28
OpenSSL Project OpenSSL 1.1.0a
OpenSSL Project OpenSSL 1.0.2i
OpenSSL Project OpenSSL 1.0.1u
IBM Sterling Connect:Express for UNIX 1.5.0.13 iFix 150-13
IBM SDK for Node.js 6.7.0.0
IBM SDK for Node.js 4.6.0.0
IBM SDK for Node.js 1.2.0.15
IBM SDK for Node.js 1.1.1.4
IBM BigFix Remote Control 9.1.3
Cisco Wireless Lan Controller 8.4
Cisco WebEx Meetings Server 2.6.1.30
Cisco WebEx Meetings for Windows Phone 8 2.8
Cisco WebEx Meetings Client - On-Premises T32
Cisco WebEx Meetings Client - Hosted T32
Cisco WebEx Centers T32
Cisco Virtualization Experience Media Edition 11.8
Cisco Virtual Security Gateway 2.1.6
Cisco Videoscape AnyRes Live 9.7.2
Cisco Video Surveillance PTZ IP Cameras 2.9
Cisco Video Surveillance 7000 Series IP Cameras 2.9
Cisco Video Surveillance 6000 Series IP Cameras 2.9
Cisco Video Surveillance 4300E and 4500E High-Definition IP Cameras 2.9
Cisco Video Surveillance 4000 Series High-Definition IP Cameras 2.9
Cisco Video Surveillance 3000 Series IP Cameras 2.9
Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS) 4.003(002)
Cisco Universal Small Cell Iuh 3.17.3
Cisco Universal Small Cell CloudBase Factory Recovery Root Filesystem 3.17.3
Cisco Universal Small Cell 7000 Series 3.5.12.23
Cisco Universal Small Cell 5000 Series 3.5.12.23
Cisco Unity Express 10
Cisco Unified Workforce Optimization - Quality Management Solution 11.5(1)SU1
Cisco Unified SIP Proxy Software 10
Cisco Unified MeetingPlace 8.6MR1
Cisco Unified IP 8831 Conference Phone for Third-Party Call Control 9.3(4)SR3
Cisco Unified IP 8831 Conference Phone 10.3.1SR4
Cisco Unified IP 6901 Phone 9.3(1)SR3
Cisco Unified Intelligent Contact Management Enterprise 11.6.1
Cisco Unified Intelligence Center 11.6(1)
Cisco Unified Contact Center Express 11.6
Cisco Unified Contact Center Enterprise 11.6.1
Cisco UCS Standalone C-Series Rack Server - Integrated Management Cont 3.0
Cisco UCS B-Series Blade Servers 3.1.3
Cisco UC Integration for Microsoft Lync 11.6.3
Cisco TelePresence Video Communication Server (VCS) X8.8.3
Cisco TelePresence TX9000 Series 6.1
Cisco TelePresence System TX1310 6.1
Cisco TelePresence System EX Series TC7.3.7
Cisco TelePresence System EX Series CE8.2.2
Cisco Telepresence System 500-37 6.1
Cisco Telepresence System 500-32 6.1
Cisco TelePresence System 3000 Series 6.1
Cisco Telepresence System 1300 6.1
Cisco Telepresence System 1100 6.1
Cisco Telepresence System 1000 6.1
Cisco TelePresence SX Series TC7.3.7
Cisco TelePresence SX Series CE8.2.2
Cisco TelePresence Server on Multiparty Media 820 4.4
Cisco TelePresence Server on Multiparty Media 310 and 320 4.4
Cisco TelePresence Server 7010 and MSE 8710 4.4
Cisco TelePresence Profile Series TC7.3.7
Cisco TelePresence Profile Series CE8.2.2
Cisco TelePresence MX Series TC7.3.7
Cisco TelePresence MX Series CE8.2.2
Cisco TelePresence MCU 4.5(1.89)
Cisco TelePresence Integrator C Series TC7.3.7
Cisco TelePresence Integrator C Series CE8.2.2
Cisco SPA232D Multi-Line DECT Analog Telephone Adapter (ATA) 1.4.2
Cisco SPA122 Analog Telephone Adapter (ATA) with Router 1.4.2
Cisco SPA112 2-Port Phone Adapter 1.4.2
Cisco Services Provisioning Platform SFP1.1
Cisco Security Manager 4.13
Cisco Secure Access Control System (ACS) 5.8.0.32.8
Cisco Secure Access Control System (ACS) 5.8.0.32.7
Cisco Prime Performance Manager 1.7 SP1611
Cisco Prime Network Services Controller 1.01u
Cisco Prime Network Registrar 8.3.5
Cisco Prime Network Registrar 9.0
Cisco Prime Network 431
Cisco Prime Infrastructure 3.2
Cisco Prime Collaboration Provisioning 11.6
Cisco Prime Collaboration Assurance 11.6
Cisco ONS 15454 Series Multiservice Provisioning Platforms 10.7
Cisco Nexus 9000 Series Switches - Standalone NX-OS mode 7.0(3)I5(1)
Cisco Nexus 9000 Series Fabric Switches - ACI mode 0
Cisco Nexus 7000 Series Switches 6.2.19
Cisco Nexus 7000 Series Switches 5.2.8(i)
Cisco Nexus 6000 Series Switches 6.2.19
Cisco Nexus 6000 Series Switches 5.2.8(i)
Cisco Nexus 5000 Series Switches 6.2.19
Cisco Nexus 5000 Series Switches 5.2.8(i)
Cisco Nexus 4000 Series Blade Switches 4.1(2)E1(1r)
Cisco Nexus 1000V Series Switches 5.2(1)SV3(2.5)
Cisco Network Analysis Module 6.2(2)
Cisco Network Analysis Module 6.2(1-b)
Cisco NetFlow Generation Appliance 1.1(1)
Cisco MDS 9000 Series Multilayer Switches 6.2.19
Cisco MDS 9000 Series Multilayer Switches 5.2.8(i)
Cisco Jabber Software Development Kit 11.8
Cisco Jabber Guest 11
Cisco Jabber for Windows 11.8
Cisco Jabber for Mac 11.8
Cisco Jabber for iPhone and iPad 11.8
Cisco Jabber for Android 11.8
Cisco Jabber Client Framework (JCF) Components 11.8
Cisco IP Interoperability and Collaboration System (IPICS) 5.0(1)
Cisco IOS and Cisco IOS XE Software 16.4
Cisco IOS and Cisco IOS XE Software 16.3
Cisco IOS and Cisco IOS XE Software 16.2
Cisco IOS and Cisco IOS XE Software 16.1
Cisco IOS and Cisco IOS XE Software 15.5(3)
Cisco FireSIGHT System Software 6.1.0.1
Cisco FireSIGHT System Software 6.0.1.3
Cisco FireSIGHT System Software 5.4.1.9
Cisco FireSIGHT System Software 5.4.0.10
Cisco Expressway series X8.8.3
Cisco Enterprise Content Delivery System (ECDS) 2.6.9
Cisco Email Security Appliance (ESA) 10.0.1
Cisco Edge 340 Digital Media Player 1.2RB1.0.3
Cisco Edge 300 Digital Media Player 1.6RB5
Cisco Digital Media Manager 5.4.1_RB4
Cisco Digital Media Manager 5.3.6_RB3
Cisco DCM Series D9900 Digital Content Manager 0
Cisco Content Security Management Appliance (SMA) 6.1.140
Cisco Connected Grid Routers 15.8.9
Cisco Connected Grid Routers 7.3
Cisco Computer Telephony Integration Object Server (CTIOS) 11.6.1
Cisco Common Services Platform Collector 1.11
Cisco ATA 190 Series Analog Terminal Adaptors 1.3
Cisco ASR 5000 Series 21.2
Cisco ASA Next-Generation Firewall Services 2.1.2
Cisco Application Policy Infrastructure Controller (APIC) 2.2(1)
Cisco AnyConnect Secure Mobility Client for Windows 4.0.7
Cisco AnyConnect Secure Mobility Client for Mac OS X 4.0.7
Cisco AnyConnect Secure Mobility Client for Linux 4.0.7
Cisco AnyConnect Secure Mobility Client for iOS 4.0.7
Cisco AnyConnect Secure Mobility Client for desktop platforms 4.3.4
Cisco AnyConnect Secure Mobility Client for desktop platforms 4.4
Cisco AnyConnect Secure Mobility Client for Android 4.0.7
Cisco Aironet 2700 Series Access Points 16.4
Cisco Aironet 2700 Series Access Points 16.3
Cisco Aironet 2700 Series Access Points 16.2
Cisco Aironet 2700 Series Access Points 16.1
Cisco Aironet 2700 Series Access Points 15.5(3)
Cisco 910 Industrial Router 1.2.1RB4
Cisco 4400 Series Digital Media Players 5.4.1_RB4
Cisco 4400 Series Digital Media Players 5.3.6_RB3
Cisco 4300 Series Digital Media Players 5.4.1_RB4
Cisco 4300 Series Digital Media Players 5.3.6_RB3


SecurityFocus Vulnerabilities