Happy Presidents Day! I am one of the lucky few that has the day off....on to the tools.
1) On Feb 19th, Snort 2.6.1.3 was released. A remotely exploitable vulnerability exists in the DCE/RPC preprocessor of Snort 2.6.1, 2.6.1.1, 2.6.1.2, and 2.7 beta 1. Users are advised to immediately upgrade to 2.6.1.3 or take mitigating steps.
2) Also on Feb 19th, Grisoft released AVG 7.5.441. This update fixes a problem with scanning encrypted files on NTFS volumes. AVG Anti-Virus has earned Checkmark certification from West Coast Labs on Windows Vista Business Edition. AVG is the first anti-virus program to successfully pass the certification requirements for anti-virus level 1 (detection), anti-virus level 2 (cleaning) and Trojan protection for the business edition of Windows Vista operating system.
3) On Feb 15th, Shreeraj Shah released AJAXFinger v1.0. It is a small Ruby script that scans a targeted website for AJAX XSS Entry points. Check out his PDF on the subject as well. Pretty cool.
4) On Feb 14th, ClamAV 0.90 was released. Clam AntiVirus is a GPL anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. The 0.9x series introduces lots of improvements in terms of detection rate and performance, like support for many new packers and decryptors, RAR3 and SIS archives, and a new phishing signatures format that proves to be very effective.
5) Also on Feb 14th, SPI released WebInspect 7.0. WebInspect 7 is the first and only web application security assessment tool to be re-architected to thoroughly analyze today's complex web applications built on emerging Web 2.0 technologies. This is a commerical product and while it isn't "cheap" it is on the cutting edge of web vulnerability assessment programs IMHO.
6) Also on Feb 14th, PHP 5.2.1 and PHP 4.4.5 were released. These releases are major stability and security enhancements of the 5.x and 4.4.x branches, and all users are strongly encouraged to upgrade to it as soon as possible. For more PHP Security information, check out the Harden PHP Project.
7) On Feb 13th, Nikto 1.36 was released. This version adds a new option for setting a 404 string from the command line, a new plugin to test PUT/DELETE methods, new header checks and obligatory bug fixes.
8) On Feb 11th, VMWare released Workstation 6 Beta 3. This beta includes the experimental features: Record/Replay for Virtual Machine Activity, which was first demonstrated at VMworld; CrossTalk Communication Infrastructure, which enables faster host-guest communication; and integration with Eclipse to debug code within a virtual machine.
9) LCP 5.04 is the free Russian clone of the famous LC5. Main purpose of the LCP program is user account passwords auditing and recovery in Windows NT/2000/XP/2003. This isn't really a new program, I just wasn't sure I have ever talked about it.
No comments:
Post a Comment