Cain & Abel v4.9.31 Released

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol’s standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some “non standard” utilities for Microsoft Windows users.

Changes:

• SIPS Man-in-the-Middle Sniffer (TCP port 5061; successfully tested with Microsoft Office Communicator with chained certificates).
• Added support for RTP G726-64WB codec (Wengo speex replacement ) in VoIP sniffer.
• X509 certificate’s extensions are now preserved in chained fake certificates generated by Certificate Collector.
• Extended ASCII characters support for SSID in Passive Wireless Scanner.
• Some bugs in Cain’s Traceroute fixed.

Download:
http://www.oxid.it/cain.html

Posted in Internet, Privacy, Security, Windows | No Comments

KeePass 1.16 Released

Today you need to remember many passwords. You need a password for the Windows network logon, your e-mail account, your homepage’s FTP password, online passwords (like website member account), etc. etc. etc. The list is endless. Also, you should use different passwords for each account. Because if you use only one password everywhere and someone gets this password you have a problem… A serious problem. The thief would have access to your e-mail account, homepage, etc. Unimaginable.

KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).

Homepage:
http://keepass.info/

Download:
http://keepass.info/download.html

Posted in Hardware, Internet, Privacy, Security, Software | No Comments

Hacking Tool Lets A VM Break Out And Attack Its Host

Researchers for some time have demonstrated the possibility of one of virtualization’s worst nightmares — a guest virtual machine (VM) infiltrating and hacking its host system. Now another commercial tool is offering an exploit that does exactly that.

The newest version of Immunity’s Canvas commercial penetration testing tool, v6.47, includes the so-called Cloudburst attack module, which was developed by Immunity researcher Kostya Kortchinsky to exploit a VMWare vulnerability (CVE-2009-1244) in the VMware Workstation that lets a user or attacker in a “guest” VM break into the actual host operating environment. VMware issued a patch for the bug in April.

“Companies and administrators tend to trust that breaking out of a VM is not possible,” says Nick Selby, director of the enterprise security practice at The 451 Group. “A lot of people consider this to be just another proof-of-concept. They don’t understand that is a commercially available exploit.”

Even though VMware has issued a patch, many enterprises may not necessarily have implemented it, Selby says. “We know that people don’t patch,” he adds.

Immunity’s VM “breakout” exploit follows that of Core Security Technologies’ VMware Shared Folders exploit in its Impact penetration testing tool announced last year. The module “weaponized” a vulnerability discovered by Core that lets an attacker create or alter executable files on the Windows host OS. For the attack to work, VMware’s Shared Folders feature must be enabled and at least one folder on the underlying host system must be configured to share files with the VM.

Source:
http://www.darkreading.com/securityservices/security/app-security/showArticle.jhtml?articleID=217701908

Posted in Internet, Networking, Privacy, Security | No Comments

Microsoft Outlook users targeted in phishing attempt

Trend Micro is warning about a phishing attempt that targets users of Microsoft Outlook.

The phishing e-mail arrives in Outlook e-mail inboxes and looks like it comes from Microsoft. It prompts recipients to reconfigure their Outlook by clicking on a link that leads to a Web site that asks for account name and password, as well as mail server information, according to the TrendLabs Malware Blog.

By getting the mail server information, the phishers would get total access to the Outlook user’s account and be able to read emails and use it to spam others, TrendLabs said.

Source:
http://news.cnet.com/8301-1009_3-10256261-83.html?part=rss&subj=news&tag=2547-1_3-0-5

Posted in Internet, Privacy, Security, Windows | No Comments

‘Google-like’ Tool Aids Network Security

Network administrators and security specialists have long had tools and software for analyzing the streams of traffic that course through company systems, but now a Marlborough, Massachusetts, startup wants to make the process a lot easier.

Dejavu Technologies recently released TrafficScape, an appliance that grabs network packets and converts them into XML documents, which are then pulled into a database that is searchable through a simple, Google-like toolbar.

The company is aiming the software at average investigators who may have the instincts needed to make smart searches through reams of data, but who lack specialized technical training, according to CEO John Ricketson.

“When it gets to dealing with networks, there are a lot of low-level engineering skills required. We’re trying to get tools that domain experts can use,” he said. Such individuals need to “have the tool get out of [their] way.”

TrafficScape can capture a wide range of protocols and document types, including email, VoIP calls, instant messages, PDFs, Internet searches, and various other forms of data, according to the company. Searches can be done in “near real time” or against a stored data set.

Source:
http://www.pcworld.com/article/166015/googlelike_tool_aids_network_security.html?tk=rss_news

Demo:
http://www.dejavunet.net/search/ts_demo.htm

Posted in Internet, Networking, Privacy, Security, Software | No Comments