Stay up to date with all of the latest security news by subscribing to our RSS Feed. Alternatively, you can have updates sent directly to your email address.
Published: August 19th, 2008 | Category: Security Conferences, Security Tools | (0) Comments
Rob Fuller yesterday did an excellent guest post on the Zero Day ZDNet blog on the tools released at DEFCON 16. Here is the list of DEFCON 16 tools:
Beholder: An open source wireless IDS program by Nelson Murilo and Luis Eduardo
The Middler: The end-all be-all of MITM tools by Jay Beale
ClientIPS: An open source inline [...]
Published: July 24th, 2008 | Category: Security Tools | (0) Comments
Now that public exploits are available for the DNS cache poisoning attack, now is good time to patch your DNS servers if you haven’t already.
Some new tools also came out to test if your DNS server is vulnerable to DNS cache poisoning. The web-based DNS randomness test by DNS-OARC is very good, and it [...]
Published: July 19th, 2008 | Category: Security Conferences, Security Tools | (0) Comments
The Princeton/Wind River/EFF team just released their memory research tools at The Last HOPE conference.
The bios_memimage tool is written in C and uses PXE to boot the machine and copy the memory. The package also has a disk boot dumper with instructions for how to run it on an iPod. There’s also efi_memimage which [...]
Published: July 13th, 2008 | Category: Security Tools | (0) Comments
By now, I think everyone has heard about the cache poisoning vulnerability in many DNS servers. Many are using Dan Kaminsky’s online testing tool at doxpara.com to test their own servers, but Dan’s server leaves the results exposed to the public.
For those that want to test their DNS servers and not have the results [...]
Published: July 8th, 2008 | Category: Security Tools | (0) Comments
Everyone’s favorite free open-source encryption software TrueCrypt just released a new version over the weekend. TrueCrypt 6.0’s biggest new feature is the ability to create and run an encrypted hidden operating system whose existence is impossible to prove! Some of the other enhancements include support for multi-core processors and multi-processor systems, and the ability to [...]
Published: July 3rd, 2008 | Category: Security Tools | (0) Comments
Yesterday, Google released their open-source passive web application security assessment tool called ratproxy.
This utility, developed by our information security engineering team, is designed to transparently analyze legitimate, browser-driven interactions with a tested web property and automatically pinpoint, annotate, and prioritize potential flaws or areas of concern.
The proxy analyzes problems such as cross-site script inclusion [...]
Published: June 8th, 2008 | Category: Security Tools | (0) Comments
Here is a list of new security tools that were released in the past week.
SQL Ninja 0.2.3 - SQL server injection and takeover tool
fgdump 2.1.0 - Tool for mass password auditing of windows systems
AxBan 1.0.0.4 - ActiveX killbit program
Nmap 4.65 - Network port scanner
Nessus 3.2.1 - Vulnerability assessment tool
Immunity Debugger 1.6 - Debugger
Kismet-2008-05-R1 - 802.11 [...]
Published: May 22nd, 2008 | Category: Security Tools | (0) Comments
Niels Provos mentioned it at today’s Web 2.0 Security and Privacy workshop, and somehow everyone I knew missed Google’s official announcement last week of the safe browsing diagnostic page.
So what type of information is given back to the user?
What is the current listing status for [the site in question]? [...]
Published: May 4th, 2008 | Category: Security Tools | (0) Comments
Over the last week, here are some of the new security tools released.
Microsoft Debugger 6.9.3.113 - 32bit and 64bit
Microsoft Fiddler 2.1.6.1 - Web proxy tool for IE
Hexer 1.2.0 - Hex Editor with python scripting ability
Nmap 4.62
While there are other sites that track tools on a daily basis, these are tools that I actually use. Is [...]
