Nmap 5.50 Released

Published: 2011-01-28
Last Updated: 2011-01-28 21:50:09 UTC
by Guy Bruneau (Version: 1)
1 comment(s)

A new update of one of the handlers' favourite tool was released today. "A primary focus of this release is the Nmap Scripting Engine, which has allowed Nmap to expand up the protocol stack and take network discovery to the next level. Nmap can now query all sorts of application protocols, including web servers, databases, DNS servers, FTP, and now even Gopher servers!"

Check out the change log here for the list of all changes and new features. The new update is available as binary packages for Linux, Mac and Windows as well as the source code can be downloaded here.

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

Keywords: Nmap
1 comment(s)

OpenOffice Security Fixes

Published: 2011-01-28
Last Updated: 2011-01-28 13:04:20 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

OpenOffice.org has released several security bulletins affecting various components of OpenOffice. Some of these security issues may allow remote unprivileged user to execute arbitrary code.

The following CVEs have been assigned to the list of issues affecting OpenOffice:

CVE-2010-2935 CVE-2010-2936 CVE-2010-3450 CVE-2010-3451 CVE-2010-3452 CVE-2010-3453 CVE-2010-3454 CVE-2010-3689 CVE-2010-3702 CVE-2010-3704 CVE-2010-4008 CVE-2010-4253 CVE-2010-4494  CVE-2010-4643

The following versions are affected by these bulletins:

- All versions of OpenOffice.org 3 prior to version 3.3
- All versions of OpenOffice.org 2
- OpenOffice.org stated that earlier versions of OpenOffice.org are no longer supported and will not be evaluated regarding this issue.

All the bulletins are posted here.
 

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

Keywords: OpenOffice
0 comment(s)

Egypt offline

Published: 2011-01-28
Last Updated: 2011-01-28 09:08:50 UTC
by Mark Hofman (Version: 1)
7 comment(s)

 Most of you will be aware that the domestic situation in Egypt is a tad volatile.  We certainly do not get into the politics of things, however one event earlier today bears commenting on and that is the complete and utter shutdown of all internet connectivity in Egypt.  

Try and resolve any .eg site and you will receive .... nothing. 

To my knowledge this is unprecedented.  The main stream press is reporting that this is mainly because the unrest is being organised using twitter, SMS and other online services.  Similar to the events in Iran during the elections last year.  

From an IT security perspective how do you shut down a country? From what I can see for us external to the country access to the DNS servers is removed

dnstracer www.eeaa.gov.eg  

Tracing to www.eeaa.gov.eg[a] 

|___ FRCU.EUN.eg [gov.eg] (193.227.1.1) * * * 
|___ RIP.PSG.COM [gov.eg] (147.28.0.39) 
|     |___ NS2.TEDATA.NET [eeaa.gov.eg] (No IP address)
|      ___ NS1.TEDATA.NET [eeaa.gov.eg] (No IP address) 

So how is access denied to a whole country?  BGPMON (http://bgpmon.net/blog/?p=450) reports that close to 3000 routes to Egyptian networks were removed, effectively cutting them off the Internet.  Other articles are reporting that the major service providers went dark, easy enough to do I guess if you are the government. 

Feel free to comment, but please keep comments apolitical. 

Cheers

Mark 

Keywords:
7 comment(s)

Comments

What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
https://defineprogramming.com/
https://defineprogramming.com/
Enter comment here... a fake TeamViewer page, and that page led to a different type of malware. This week's infection involved a downloaded JavaScript (.js) file that led to Microsoft Installer packages (.msi files) containing other script that used free or open source programs.
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
Enter corthrthmment here...

Diary Archives