2010
23.07

Microsoft’s Coordinated Vulnerability Disclosure

In Advisory ,Security ,Windoz

Microsoft has release a new statement regarding the Coordinated Vulnerability Disclosure.

What’s missing is the fact how long we must wait until we know about the vulnerability’s. Normally we know it then when Microsoft got a patch to deliver to us via the Update Service….so sometimes we got to wait for weeks or even month for the information about a vulnerability. During this time, Hacker’s can use this vulnerability to install Viruses and security-software- company’s can not deliver new signatures to protect our systems.

Microsoft is not alone with this strategy, it is common to act like this in the software business. Open Source Software is an exception, normally we know it earlier if there is a vulnerability.

Well if some security-researcher’s need space to present the vulnerability to us, I will give you some space on my website…or maybe we still got to visit the hacker websites to keep us informed about the latest vulnerability’s ;-)

0 comments
2010
21.07

nmap Version 5.35DC1

In Hacker ,Networking ,Security

news from the nmap front, , , ,

It has been 3.5 months since the last Nmap release (5.30BETA1 on March 29), and anyone following the nmap-dev list knows that we’ve been very busy during that time.  So I’m pleased to release Nmap version 5.35DC1 containing the fruits of that labor.  The Defcon name is because that conference is awesome!  And also because David Fifield and I have an exciting Nmap talk planned there and at Black Hat in a couple weeks (see http://seclists.org/nmap-dev/2010/q3/108).

This release includes 131 NSE scripts (17 new), 6,622 version detection signatures, 2,608 OS fingerprints, and more.  I’m particularly excited about the new db2 and ms-sql scripts, and nfs-ls really makes NFS discovery easy!  We also added Eugene Alexeev’s clever new dns-cache-snoop script.  Nping and Ncat were significantly improved as well.

The Nmap 5.35DC1 source code and packages for Linux, Mac OS X, and Windows are available for download at the usual place:

http://nmap.org/download.html

This is a BETA release, but we hope it works well for you. If not (or if you have any suggestions for improvement), please let us know on nmap-dev as described at http://nmap.org/book/man-bugs.html.

Read the full letter from Fyodor -> HERE

0 comments