Lets look at some recent updates to the tools of the hacking trade..
1) Yesterday (9/6/2006) Michal Zalewski released p0f v.2.0.8
P0f is a very slick passive operating system fingerprinting tool. It provides features that you won't find in the great active scanner - masquerade detection, thru-firewall fingerprinting, profiling network topology distance and netlink information, etc.
2) Earlier this week, a security advisory was released for OpenSSL.
It appears that with the right conditions it is possible for an attacker to forge a PKCS #1 v1.5 signature that was signed using a RSA key with exponent 3.
Upgrade to 0.9.7k or 0.9.8c
3) On Aug 30th, Tenable Network Security released Nessus 3.0.3 Beta 14 for Windows.
If you are using Tenable Security Center to manage your Nessus installs, make sure you read the release notes for Beta 14.
4) On Aug 28th, my friend HD Moore released Metasploit Framework (MSF) 3.0 Beta 2.
Beta 2 is fully compatible with Linux, BSD, Mac OS X, and Windows using their custom Cygwin installer. MSF 2.6 and MSF 3.0 can be installed on the same computer; just don't run them at the same time. Please be aware that the web console is awaiting a serious re-write and therefore does not work very well in MSF 3.0. ;)
5) On Aug 28th, Snort was updated to 2.6.0.1
Martin Roesch noted on Packetstorm that new changes were added to allow configurable dropping of decoder alerts in inline mode. Updates were also added to the Oracle database plugin to handle large data blobs and graceful disconnection.
6) On Aug 23rd, Wireshark 0.99.3 was released.
It fixed several security issues, added support for several new protocols. See the release notes for the full details.
7) On Aug 1st, GnuPG 1.4.5 was released.
It included a moderately critical security fix and several tweaks.
No comments:
Post a Comment