|
 |
dimarts, 7 / novembre / 2006 |
|
|
 Publicada la versió 4.5 de l'OpenSSH. Es tracta d'una versió de manteniment que, bàsicament, elimina una vulnerabilitat de seguretat i inclou millores menors relatives a la portabilitat del codi.
Security bugs resolved in this release:
- Fix a bug in the sshd privilege separation monitor that weakened its verification of successful authentication. This bug is not known to be exploitable in the absence of additional vulnerabilities.
|
21:37 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
 BackTrack és una distribució de Linux, directament executable des del CD-ROM, especialitzada en l'execució de proves de penetració fruit de la unió de dues distribucions prèvies, Whax i Auditor.
Backtrack security collection is a Live-System based on Slax. With no installation whatsoever, the analysis platform is started directly from the CD-Rom or RAM and is fully accessible within minutes. Independent of the hardware in use, the Backtrack security collection offers a standardised working environment, so that the build-up of know-how and remote support is made easier.
Even during the planning and development stages, our target was to achieve an excellent user-friendliness combined with an optimal toolset. Professional open-source programs offer you a complete toolset to analyse your safety, byte for byte. In order to become quickly proficient within the Backtrack security collection, the menu structure is supported by recognised phases of a security check. (Foot-printing, analysis, scanning, wireless, brute-forcing, cracking). By this means, you intuitivly find the right tool for the appropriate task. In addition to the approx. 300 tools, the Backtrack security collection contains further background information regarding the standard configuration and passwords, as well as word lists from many different areas and languages with approx. 64 million entries. Current productivity tools such as web browser, editors and graphic tools allow you to create or edit texts and pictures for reports, directly within the Backtrack security platform. Many tools were adapted, newly developed or converted from other system platforms, in order to make as many current auditing tools available as possible on one CD-ROM. Tools like Wellenreiter and Kismet were equipped with an automatic hardware identification, thus avoiding irritating and annoying configuration of the wireless cards.
Per cert, hi ha un parell de cursos online sobre les funcionalitats d'aquesta eina. Els cursos, això sí, són de pagament.
|
09:47 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
Wicrawl és una eina per a la realització d'auditories dels punts d'accés a les xarxes sense fils, per tal de recollir tota la informació que ells mateixos donen. Disponible per a Linux.
The goal is to automate the tedious task of scanning wi-fi access points for interesting information. This can be a useful tool for penetration testers looking to “crawl” through massive numbers of APs looking for interesting data. Plugins will be everything from DHCP and nmap to aircrack or hooks to move a motorized directional antenna around.
Major features:
- Passive detection of Access Points (This means that if there are clients, we can find out the SSIDs from APs that have broadcast turned off).
- Support for multiple cards. Discovery can be run from one card, while the plugins can be run from the rest.
- Simple plugin interface with multiple Plugins (Basic association, DHCP, internet check, network mapping, WEP/WPA-PSK cracking, etc)
- Profiles to manage card scheduling and wicrawl usage (for example a profile for mobile users, and one for penetration testing).
- Support for multiple interfaces (GTK and status bar (with themes) now, text UI to come)
- Reporting and summary output in HTML, XML or Text
- Traffic packet logging in pcap format
|
09:29 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
[Kernel Fun] Microsoft Windows kernel GDI local privilege escalation
vulnerability in the handling of GDI kernel structures of Microsoft Windows leads to an exploitable memory corruption condition, causing a denial of service (so-called BSoD) or arbitrary code execution on successful exploitation. This would allow a local user to escalate privileges, gaining full control of the system.
Efectivament, executar components de la GUI a l'anell 0 del processador és genial en termes de rendiment, però terrible en termes de seguretat.
|
09:26 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
© Copyright 2000-2006 Xavier Caballe.  . Si no s'indica expressament el contrari, el material publicat en aquest weblog es distribueix d'acord amb la llicència Creative Commons. El contingut és responsabilitat única i exclusivament del seu autor i no té cap relació amb les seves activitats professionals.
|
|
