Monday, October 16, 2017

Bro 2.5.2 & 2.4.2 release (security update)

We announce the release of Bro v2.5.2. The new version is now available for download at https://bro.org/download/index.html or directly at https://www.bro.org/downloads/bro-2.5.2.tar.gz.

Binary packages for the new version are currently building and will be available in the next hours at https://bro.org/download/packages.html

This is a security release that fixes an out-of-bound write in the ContentLine analyzer. This issue can be used by remote attackers to crash Bro (i.e. a DoS attack). There also is a possibility this can be exploited in other ways.

This bug was found by Frank Meier. A CVE has been requested for this bug.

Bro 2.5.2 does not contain any other changes. We urge everyone to update their installation as quickly as possible.

Due to the potential severity of this bug we also provide a patched version of Bro v2.4.2. The only difference to version v2.4.1 is this bugfix. Please note that we encourage users to use version 2.5.2 instead; we do generally not provide security updates for old releases; version 2.4.2 is missing a number of other bugfixes that were applied to v2.5.2.

Version 2.4.2 is available for download at https://www.bro.org/downloads/bro-2.4.2.tar.gz.

Feel free to use our mailing list or the bug tracker to provide feedback or report problems.

Wednesday, October 11, 2017

A new name for the Bro project

At this year’s BroCon (Sept. 12–14), we announced that the project is going to be renamed, and that we are seeking community input for ideas. After the issue was raised at the previous year’s BroCon panel, the leadership team felt that we needed to take the idea of changing the name seriously and come back with a decision and explanation either way. 

After many discussions, the leadership team decided it was time to change the name of the project. This was not forced from the outside. There are people with views in the community both ways, some very strong. However, we decided it was time to rename the project for several reasons.

The most obvious reason is that the name has taken on a new meaning, representative of “bro culture”, which in an industry dominated by men and struggling with issues relating to sexism, it would be tone deaf at the very least not to acknowledge this. The term “brogrammer" no longer means the same thing to us nor the outside world.

Further, the original connotation of Bro as short for Big Brother is not what people think of, and so that original name with the Orwellian reference is lost on people. In fact, many people introducing Bro or asking their managers to go to BroCon, spend an unnecessary amount of time explaining the name. It simply gets in the way, and in the end they explain that it isn’t a reference to this one negative thing, but another. This pragmatism also played a role in the decision to change the name.

Finally, software projects rename themselves all the time. For example, another common tool for network analysis, Wireshark, was once called Ethereal. And after a while no one really thought much about the old name as it is the software’s quality and utility that matter most for longevity, and it will be the same with the Bro project’s software.

As announced at the most recent BroCon, we are looking for community input for a new name for the project. This does not mean we will change every piece of software’s name, but the project page, social media accounts, and conference name will most certainly reflect the change, and we would like help.


We are accepting name suggestions through December 4th, 2017, from which the leadership team will narrow to a list of 5. Then we will have one more survey, asking for input for those names.  We will choose a new name based on many factors, including community input, domain availability, and trademarks. The change will then rollout as quickly as possible for social media and the web site, though any changes to files names in our packages will not happen before the next major release, version 2.6. 

Thursday, June 29, 2017

Bro Package Manager: list of packages

While we’re in the process of developing a web site for the Bro Package Manager project, we’d like to share the packages we have collected so far. The package names and a short description are listed below. 

Source: https://github.com/bro/packages
To learn how to use the Package Manager, see our documentation. 


Contributor
Package Name
Description
jsiwek
An example Bro package for testing purposes
0xxon
PostgreSQL reader and writer for Bro
0xxon
Two-dimensional buckets for sumstats (count occurences per $str)
Corelight
Find and log long-lived connections into a "conn_long" log
dopheide
Adds support for multi-notice correlation
dopheide
The Linux VENOM rootkit
Hhzzk
Detect DNS Tunnels attack
initconf
Detection for Apache Struts recon and compromise
initconf
Phish email analysis
initconf
Scan-detection policies for Bro
j-gras
Additional JSON-logging for Bro
j-gras
This plugin provides native AF_Packet support for Bro
j-gras
Extensions for Bro's intelligence framework
joesecurity
Extracts files from your internet connection and analyzes them automatically on Joe Sandbox
jonzeolla
Modified version of scan.bro to add destination IP sampling
jswaro/tcprs - TCP
TCP Retransmission and State Analyzer plugin for Bro
Ncsa
A broctl plugin that helps you setup capture interfaces
pgaulon
Bro Notices through Slack webhook
Scebro
LDAP write operations analyzer for Bro
sethhall
Packet source plugin that provides native Myricom SNF v3+v4 support
sethhall
Detect credit card numbers in HTTP and SMTP with Bro
sethhall
Bro script library for getting the effective TLD of a domain
sethhall
Detect US Social Security numbers in HTTP and SMTP with Bro
srozb
Find and notice DNS zone transfer attempts
theflakes
Raise notices on outgoing files over X bytes in size

Tuesday, June 27, 2017

Bro 2.5.1 released

We are very happy to announce the release of Bro v2.5.1. The new version is now available for download! This release contains a number of bug fixes. Fixes include:
  •  Better file analysis memory management
  •  Less cluster node communication
  •  Correct expiration of intelligence items after reinsertion
  • A bug in the OCSP validation code
This point-release also includes a number of new features, including new file handling BIFS, support for ERSPAN, and new BroControl options.

For more information see the NEWS and CHANGES files:
  https://www.bro.org/download/NEWS.bro.html
  https://www.bro.org/download/CHANGES.bro.txt

Feel free to use our mailing list or the bug tracker to provide feedback or report problems.

Wednesday, June 7, 2017

Bro 2.5.1 Beta

The beta version for Bro 2.5.1 is now available for testing and can be
downloaded at https://bro.org/download/index.html. Binary packages also are available at https://bro.org/download/beta-packages.html.

This release contains a number of bug fixes. Fixes include:
  •  Better file analysis memory management
  •  Less cluster node communication
  •  Correct expiration of intelligence items after reinsertion
  • A bug in the OCSP validation code

This point-release also includes a number of new features, including new file handling BIFS, support for ERSPAN, and new BroControl options.

For more information see the NEWS and CHANGES files:
  https://www.bro.org/documentation/beta/NEWS.bro.html
  https://www.bro.org/documentation/beta/CHANGES.bro.txt

Feel free to use our mailing list or the bug tracker to provide feedback or report problems.

Tuesday, May 30, 2017

Bro Package Questionnaire

The Bro team would like to encourage the development of Bro scripts and plugins by creating a website front-end for the Bro Package Manager, with additional functionality to be determined. We are seeking input from the Bro user community as to what features would be desirable.

Please let us know what features you would like to see by filling out our questionnaire.

Wednesday, May 3, 2017

The Bro Project is looking for developers

The Bro Project is looking for an exceptional engineer to join our core team of Bro developers. If you are interested in helping us advance Bro, please consider applying!

We are looking for candidates who have demonstrated experience leading projects, excellent programming skills in C/C++ and Python, are comfortable at the Unix command line, and have solid knowledge of network technology.  It is a plus if you have implemented network protocols before, been involved with large open-source projects, developed for distributed systems, or have a background in security operations.

This is a full-time position with NCSA’s CyberSecurity and Networking Directorate in Urbana, IL.

If you are interested, please send your application to info@bro.org (TXT or PDF format only please). Make sure to mention any relevant projects that you have worked on in the past, including your particular role.

Thursday, March 2, 2017

BroCon ’17: September 12th - 14th in Urbana, IL

BroCon ’17 will occur on Tuesday, September 12th - Thursday, September 14th at the National Center for Supercomputing Applications in Urbana, IL.

See our event page:
https://www.bro.org/community/brocon2017.html

Early bird registration is open! CFP is open! Don't forget to book your hotel.

Interested in sponsoring BroCon? Contact us at info@bro.org for more information.

Thank you for your continued support, and see you in September!

Regards,
The Bro Project

Thursday, February 9, 2017

Software Freedom Conservancy fund drive

In October of 2015 we announced that the Bro Project joined Software Freedom Conservancy. Conservancy is a not-for-profit organization that helps promote, improve, develop, and defend Free, Libre, and Open Source Software (FLOSS) projects. You are likely familiar with many of its member projects; including Git, BusyBox, Samba, and PyPy.
 
We chose to join Conservancy for several reasons: it builds community transparency and trust, provides legal protection for contributors, clarifies intellectual property, and signifies longevity for the project. They leave the technical and artistic control of the project to the contributors and community.

With the guidance of Conservancy we have formed a leadership team, applied for a trademark, and created a donation and sponsorship framework for community members to give back to the project. This may seem like stuffy paperwork but it is the real work necessary for maintaining a sustainable open-source project.

Now it is our turn to bring the Bro Community to the aid of Conservancy. Conservancy funds its organization by taking a 10% share of donations to member projects, however that is nowhere near enough to fully fund its staff and services. They also rely on donations from people and organizations that are passionate about supporting FLOSS projects.

An anonymous donor has challenged Software Freedom Conservancy with the task of signing up 150 supporters in one week, the deadline is this Monday (February 13th). 



If you support the Bro Project, thank you. Please consider including Conservancy in the support network necessary for keeping the Bro Project running.