| : blog | news | wiki |
July 4th, 2008
Time to get your download on! Backtrack3 is out, and ready for downloads. In addition to all of the normal goodies, it also comes with a trial version of SAINT (wow I haven’t seen that in a while), and the community edition of Maltego. Of course, you can also find wicrawl on there as well, 
.
I found openpacket.org while doing a bit of RSS trolling this morning. I think it’s a pretty interesting idea, and I hope it catches on. The basic idea is to create an open online repository of packet captures for researchers to check out. You can even vote for your favorite packet captures (kind of a “hot or not” for packets, ). It looks like it was masterminded by Richard Bejtlich, who does other sorts of packety IDS goodness as well.
The official announcement, and CFP for the Toorcon Seattle conference went out recently. By all reports, the Toorcon Seattle beta conference went really well last year, and every San Diego Toorcon that I’ve been to has been phenomenal. I’m sure this new version of the conference will be just as hacktacular. The tickets are currently discounted, so go check it out.
Video and Audio material from Defcon 15 is now officially available on Defcon Media Archives page. A video of Wicrawl presentation by our very own Aaron can be obtained here.
Great news come from Security-Database.com, a popular security web portal. SEAT (Search Engine Assessment Tool) is listed as a recommended Information Gathering tool in annual listing of Best IT Security and Auditing Softwares 2007. To celebrate this event, we are releasing an updated version of SEAT to include updated signature database and a few bug fixes. Now go download SEAT 0.2 and start scanning.
Wow. The video says it all. It gets, uh, something around 30 seconds in.
Via Security4All
After a long wait, the backtrack3 beta is finally out. w00t. I saw the development version of it, and it looks pretty good (but haven’t played with the beta yet). It contains a few new tools, and lots of updates. Good work and congrats to Max, Muts and the offensive security team.
The latest release version of wicrawl is on there as well, but I do have a few subsequent fixes for it. I’ll try to get those in before the final release.
Update: It looks like the official announcement hasn’t gone out yet, but since this has already been posted elsewhere, I’m pretty sure I can link it here too:
An interesting advisory comes from guys at remote-exploit and dreamlab technologies dealing with (in)security of common non-bluetooth wireless keyboards sold by Microsoft (Wireless Optical Desktop 1000 and 2000). According to the white paper released on the subject (available here) only the actual key pressed is transmitted in encrypted form, all other communication such as keyboard identification, metakeys (Shift, Alt, etc.), and other data are all transmitted in clear text. Furthermore, the encryption scheme used for keystroke data consists of “a simple XOR mechanism with a single byte of random data generated during the association procedure”. What this means is that not only can you quickly brute force entire key space (256 combinations), but you can actually obtain the encryption key by intercepting the initial association of keyboard and receiver (as was demonstrated in this video ). Authors did not release the PoC tool to the public citing an ongoing research (meaning more goodies coming soon ;). As such we can only applaud at this effort and look forward to seeing this tool in the upcoming Backtrack 3.
Here are a couple interesting things that I ran across today. The first is a release from Security compass that allows you to do some XSS/SQL injection testing from a set of firefox plugins called Exploit-Me. Judging by the information I see on the website (including screenshots, etc. (Who doesn’t love screenshots)), it looks like it’s a pretty promising tool.
The second thing I thought I’d note is that the Open Source Vulnerability Database (OSVDB) seems to be doing pretty well. They seem to be keeping up with a lot of the current vulnerabilities, and the database seems to be getting pretty large. One of the coolest features they have is that you can actually download the database directly so you can do raw queries for whatever information you’re looking for. Another thing I saw is that that they have a pretty useful custom google search for vulnerabilities or security information that covers many different vulnerability databases as well as mailing lists, etc.
I have to admit that I sometimes get annoyed with how fractured and incomplete the different vulnerability “databases” are. Between CVE, BID, NVD, Secunia, OSVDB and a bunch of other commercial/government repositories, it can be annoying to do research on this information because of the number of holes in the data. A lot of the data is cross-referenced anyway, so it would be nice to have a comprehensive meta-site (though I’m guessing by the amount of cross-referencing, that’s probably what they’re all trying to do).
<rant>Another annoying related problem I’ve had to deal with lately is with vendor forking/patching of open-source projects. Sometimes it’s difficult without reading specific patches to determine whether a vendor really has patched their branch of a given project. Changelog’s often don’t reference any of the Vuln DB’s (despite having a well-known and categorized vulnerability that the upstream provider has referenced and fixed long ago), and the version numbers are often off as well (Red Hat is especially bad about this). OSX is even more difficult to try to verify patches are applied downstream since their release/patching process is more opaque (even though they say they’ll reference CVE’s where possible). They’ve had some problems in the past with the network drivers not getting downstream patches many months after it’s been available. I guess this is all the price you pay for OS distribution sponsored QA of open source software.</rant>.
Now that *con season is over, the next season looms quickly ahead. The Shmoocon tickets just went on sale about 40min ago, and the cheap tickets (75$) for this round are already gone, but there are a few left at 150$. If you’re interested in getting tickets, I’d check it out now.
There will be two more rounds of sales, but they always go fast, and there is a reduced number of tickets available in the subsequent rounds.
0
0
0