Tools of the Trade - SELinux Edition

The National Security Agency has released a new version of Security Enhanced Linux (SElinux), NSA program manager Stephen Smalley announced on the software's mailing list last week. This new version, build R080305, is the first update of the software since last September. New features in the update include improved error reporting, reduced memory usage, some new policy capabilities and additions to the library.

-------------------------

On the tools...

On March 15th, Nmap 4.60 was released. This version includes many fixes and some new service detection modules. Check the changelog for all the details.

On March 14th, Filezilla 3.0.8 was released. This version includes the folllowing improvements:

• *nix: No longer follows symbolic links if deleting local directories
• Fix crash if dropping a file on a fill item in directory comparison mode
• Handle DEL key in queue and local directory tree
• Handle F2 key in local directory tree

On March 13th, CDBurnerXP Pro 4.0.024 was released. CDBurnerXP is a free application to burn CDs and DVDs, including Blu-Ray and HD-DVDs. This version includes the following improvements:

• Roaming user.config
• Usability improvements for a couple of dialogs
• New setup icon
• Fixed trial version dialogs of the file- and folder-browser controls
• Date/Time column is now being sorted correctly
• Fixed an issue with burning DVD-RWs
• Prevent trailing or beginning whitespace for files and directories
• Fixed an arithmetic overflow exception
• Fixed a couple of drag and drop problems

On March 12, Nessus 3.2.0 was released. This new major releases contains several improvements, including:

• IPv6 support
• Improved control of network bandwidth usage during scanning
• Granular access to control rules to limit users to specific ports and audits
• Improved WMI support
• Full support for the new .nessus file format

Other notable improvements cover every area, ranging from reduced memory usage, new tools, improved port scanner, new NASL functions, and more. This new release is available for Microsoft Windows, Linux, Solaris, Mac OS X and FreeBSD.

On March 11th, TrueCrypt 5.1 was released. TrueCrypt is a free open-source disk encryption software for Windows Vista/XP, Mac OS X, and Linux. Check out the version history for all the details.

On March 7th, Wine 0.9.57 was released. This version includes the following changes:

• Support for multiple OpenGL pixel formats.
• Improved support for color profiles.
• Many window management fixes.
• Better fullscreen support.
• Lots of bug fixes.

On March 7th, MITRE released Honeyclient v1.0.2. A honeyclient is a dedicated host that drives specially instrumented applications to access remote servers to see if those servers are behaving in a malicious manner. Specifically, honeyclients can proactively detect exploits against client applications without known signatures. Check the changelog for the details.

On March 5th, Java Runtime Environment 1.6.0.5 was released. This release includes fixes for several very serious security vulnerabilities.

On Feb 29th, Core Security released Pass-The-Hash Toolkit v1.3. The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!). This new version is mostly just a bugfix release.