11.07.06
I know… I’m a little slow
So... it's been a bit since I posted... The one post a day thing I planned so far back doesn't seem like it's going to become a reality... However, hopefully, in the near future... we'll be adding someone with a love of hardware to the "ComputerDefense team" since it's not a topic I'm overly fond of...
However, today I do want to share a few links I've come across... They are interesting, "neat" and cool... To quote the Tim Hortons commercial... these links are "steeped"
JBroFuzz - Version 0.2 of this "stateless network protocol" fuzzer has been released. A short description is available on Security-Protocols.com.
Space Shuttle Computers can't handle year rollover - That's right.... if the Shuttle launches and Dec. 31st is day 365, then to the shuttle Jan 1st is day 366 of the ear 2006... not day 1 of 2007... You have to question how, with all the advanced technology in the space program, a simple glitch like this exists... and not only exists but knowingly exists.
Invention of the Year (2006) - YouTube - That's right.... Time Magazine has declared YouTube... everyones's favourite video sharing site... to be the Invention of the year... I'm still not sure what to think of this one... All the possible beneficial things that could have come out of 2006 and YouTube is number one... perhaps someone over at Time doesn't quite have their priorities straight.
Today's MOKB Entry - Entitled "Microsoft Windows kernel GDI local privilege escalation", the description says that this vuln could lead to code execution... I found the date reported to Microsoft to be rather interesting ( 22-10-2004 ) and can't wait to see Microsoft's reasoning for not patching this yet.
SinFP - A new version of SinFP (a perl based OS fingerprinting tool) has been released... I haven't looked at this tool lately... I looked at it when it was first announced on the nmap-dev mailing list. The author of SinFP was called on falsehoods and admitted that it was just marketing wording to attract attention. This just doesn't sit right with me in this industry... so I haven't really given it another chance... although I may have to do so in the near future... With the 1.0 release I also wasn't impressed with the detection... It couldn't detect my Windows XP SP 2 Machine.. perhaps detection has gotten better these days.
XMLHTTP 4.0 ActiveX Control Vulnerability - This has gotten a lot of news over the weekend. jgraver over at nCircle has a great blog post with links to some useful information.
One thing to note is that I've been receiving more and more email viruses to in my inbox... This is due, in part, to the fact that my primary machine died and I'm using web mail with no AV scanning to wipe them... I submitted one to Sunbelt's CWSandbox, which I reviewed previously, with the hopes that I'd be able to share the details with you. Unfortunately, as the service becomes more popular the processing time seems to be increasing... it's no longer the "couple of minutes" that it was when I first reviewed it... Should I get some interesting results back, I'll be sure to share them.
Peace,
HT
GomoR said,
November 14, 2006 at 4:35 am
Well, I reply to SinFP subject. It is strange SinFP has not been capable of detecting your XP SP2. Try with version 2.xx, which comes with a far better matching algorithm.
Also, do not forget to try with -H parameter, which can be compared with agressive OS guess from nmap.
Please, let me know about your results to provided e-mail address.
Best regards, GomoR
.:Computer Defense:. » SinFP vs Nmap said,
December 4, 2006 at 8:34 pm
[...] About a month ago I posted a Daily Link List… In this list I mentioned that a new version of SinFP was avialble and that I had not been overly impressed with previous versions of the product. Shortly after, a comment was posted by Gomor (The author of SinFP) asking me to perform further testing with the new version and give it a try. I decided it was about time to give it a go. So last weekend, I downloaded the package on my Mac (PPC architecture) and started the install… About halfway through I received an error message that Big Endian systems were not supported and the install died. I decided to try again with a PC (Ubuntu 6.10). The install sailed through and I decided to give it a try. [...]