Firefox 3 Coming June 17th

June 11, 2008 – 8:49 PM

Whenever we’re asked “when is Firefox going to be released” we endeavor to answer to the best of our abilities, but the truth of the matter is that we’ll only ever ship “when it’s ready”. We have a lot of indicators that help us understand when the product is ready for release: feedback from our pre-release milestones, excitement in the community and the press, availability of compatible Add-Ons, and a large active beta community helping us ensure that the release is compatible with all the various sites on the Internet.

After more than 34 months of active development, and with the contributions of thousands, we’re proud to announce that we’re ready. It is our expectation to ship Firefox 3 this upcoming Tuesday, June 17th. Put on your party hats and get ready to download Firefox 3 — the best web browser, period.

Source: Mozilla

Posted in Internet, Software | No Comments

SIPVicious v0.2.3 – VoIP/SIP Auditing Toolkit

June 11, 2008 – 6:10 AM

SIPVicious suite is a set of tools that can be used to audit SIP based VoIP systems. It currently consists of four tools:

  • svmap – this is a sip scanner. Lists SIP devices found on an IP range
  • svwar – identifies active extensions on a PBX
  • svcrack – an online password cracker for SIP PBX
  • svreport – manages sessions and exports reports to various formats

svmap

This is a sip scanner. When launched against ranges of ip address space, it will identify any SIP servers which it finds on the way. Also has the option to scan hosts on ranges of ports. For usage instructions check out SvmapUsage.

svwar

Traditionally a war dialer used to call up numbers on the phone network to identify ones that are interesting from ones that are not. With SIP, you can do something similar to identify active users.

svcrack

This is a password cracker making use of digest authentication. It is able to crack passwords on both registrar servers and proxy servers. It can make use of ranges of numbers or a dictionary file full of possible passwords.

svreport

Able to manage sessions created by the rest of the tools and export to pdf, xml, csv and plain text.

You can download SIPVicious v0.2.3 here:

sipvicious-0.2.3.tar.gz

Or read more here.

Source: Darknet

Posted in Coding, Internet, Privacy, Security, Software | No Comments

Safari ‘carpet Bomb’ Attack Code Released

June 11, 2008 – 6:03 AM

A hacker has posted attack code that exploits critical flaws in the Safari and Internet Explorer Web browsers.

The source code, along with a demo of the attack, was posted Sunday on a computer security blog. It can be used to run unauthorized software on a victim’s machine, and could be used by criminals in Web-based computer attacks, security experts say.

Now that there is a public example of the attack code, Safari users running the Windows operating system should be concerned, said Eric Schultze, chief technical officer at Shavlik Technologies. “This is a bad thing. If you’ve got Safari, you’re in trouble,” he said.

The Safari bug, originally disclosed on May 15 by security researcher Nitesh Dhanjani, allows attackers to litter a victim’s desktop with executable files, an attack known as “carpet bombing.”

Two weeks later, security researcher Aviv Raff said that if this flaw is exploited in combination with bugs in Windows and Internet Explorer, attackers can run unauthorized software on a victim’s computer.

Apple has reportedly said that it has no plans to patch the Safari flaw, but Microsoft released a security advisory on the problem on May 30, a sign that it may be working on a patch.

Microsoft’s advisory says that the vulnerability has to do with the way Windows handles desktop executables and recommends that Windows users “restrict use of Safari as a Web browser until an appropriate update is available from Microsoft and/or Apple.”

The attack affects all versions of Windows XP and Vista, Microsoft said in its advisory.

Apple could not be reached for comment on this story. Microsoft Security Response Team members were in meetings and unable to comment on this issue, a spokesman with the company’s public relations agency said.

Source: PC World

Posted in Coding, Internet, Privacy, Security, Windows | No Comments

Nessus 3 Tutorial

June 10, 2008 – 9:35 AM

If you’re looking for a vulnerability scanner, chances are you’ve come across a number of expensive commercial products and tools with long lists of features and benefits. Unfortunately, if you’re in the same situation as most of us, you simply don’t have the budget to implement fancy high-priced systems. You might have considered compromising by turning to free tools like nmap. However, you probably saw these tools as a compromise, as their feature sets didn’t quite match the commercial offerings.It’s time that you learn how to use Nessus! This free tool offers a surprisingly robust feature-set and is widely supported by the information security community. It doesn’t take long between the discovery of a new vulnerability and the posting of an updated script for Nessus to detect it. In fact, Nessus takes advantage of the Common Vulnerabilities and Exposures (CVE) architecture that facilitates easy cross-linking between compliant security tools.

The Nessus tool works a little differently than other scanners. Rather than purporting to offer a single, all-encompassing vulnerability database that gets updated regularly, Nessus supports the Nessus Attack Scripting Language (NASL), which allows security professionals to use a simple language to describe individual attacks. Nessus administrators then simply include the NASL descriptions of all desired vulnerabilities to develop their own customized scans.

With the release of Nessus 3 in December 2005, Tenable Network Security Inc., the company behind Nessus, introduced a complete overhaul of the product. The most current version at the time of this writing, Nessus 3.2, was released in March 2008. Nessus is now available for a wide variety of platforms, including Windows, various flavors of Linux, FreeBSD, Solaris and Mac OS X.

Read the rest of the story…

Posted in Coding, Internet, Linux, Networking, Privacy, Security, Software, Windows | No Comments

Verisign, McAfee and Symantec sites can be used for phishing due to XSS

June 9, 2008 – 9:38 AM

Should they all be trusted at first sight by unsuspecting online users? Yes, unfortunately this is the case with the websites of renowned and respected IT security companies. However, now that are all vulnerable to cross-site scripting, the possibilities to get phished and infected with malware and crimeware are dramatically increased.

Read the rest of the story…

Posted in Coding, General BS, Internet, Privacy, Security | No Comments

Copyright 2008-2024 PC Sympathy - Entries (RSS) - Sitemap