Re: CVE-2012-5076 and CVE-2012-1723 Rules

[Joel Esler <jesler () sourcefire com>]

Thanks Will.  That's probably why we don't catch it.  :)

I'll look into Sweet Orange.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

On Nov 26, 2012, at 12:19 PM, Will Metcalf <william.metcalf () gmail com> wrote:

> Just to make something clear this is not BHEK. This is what Chirs
> Wakelin labeled Pamdql what we later found out was Sweet Orange EK.
> Not that anybody probably cares all that much :)...
>
> Regards,
>
> Will
>
> On Mon, Nov 26, 2012 at 9:28 AM, Joel Esler <jesler () sourcefire com> wrote:
> > On Nov 26, 2012, at 10:21 AM, "lists () packetmail net" <lists () packetmail net>
> > wrote:
> >
> > On 11/26/2012 09:14 AM, Joel Esler wrote:
> >
> > As far as the community ruleset, the tl;dr is yes.
> >
> >
> > Excellent, thanks Joel, and thanks too for taking my E-Mail in the context
> > it
> > was intended -- Friendly open discussion around differences in both rule
> > sets.
> >
> > I am very much looking forward to this getting completed and working with
> > you
> > again.  Cooperation in the info sec community ensures the greater good will
> > benefit.  Having a well structured and working feedback loop from community
> > input (rules, URL structures, PCAPs, etc) will certainly strengthen the
> > ruleset
> > in the same way it has on the ET side.
> >
> >
> > So what we've been doing in the meantime is accepting any submissions that
> > come in (some attributed via the blog, some don't want to be attributed
> > which is fine) and putting them in after testing via our normal methods.
> >
> > When the community ruleset is rolled out, a metadata tag will be added to
> > those rules that have been submitted by the community, and all those will be
> > placed into their own ruleset for free-to-everyone download.  Subscribers
> > will not have to do anything.
> >
> > --
> > Joel Esler
> > Senior Research Engineer, VRT
> > OpenSource Community Manager
> > Sourcefire
> >
> > ------------------------------------------------------------------------------
> > Monitor your physical, virtual and cloud infrastructure from a single
> > web console. Get in-depth insight into apps, servers, databases, vmware,
> > SAP, cloud infrastructure, etc. Download 30-day Free Trial.
> > Pricing starts from $795 for 25 servers or applications!
> > http://p.sf.net/sfu/zoho_dev2dev_nov
> > _______________________________________________
> > Snort-sigs mailing list
> > Snort-sigs () lists sourceforge net
> > https://lists.sourceforge.net/lists/listinfo/snort-sigs
> > http://www.snort.org
> >
> >
> > Please visit http://blog.snort.org for the latest news about Snort!

------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!