Category: News

OSSEC version 0.9-3 (0.9 update 3) is available

OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, rootkit detection, time-based alerting and active response.

It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows.

New in this release:

  • Added support for Windows firewall logs
  • Improved pix rules
  • More named rules
  • Fixed description with typos
  • Fixed command line options for list_agent
  • Changed logcollector behavior for checking file rotation
  • Changed logcollector behavior for checking if the file has more data. We are now forcing an fgetc and looking for EOF (old method using stats was broken on some Windows versions)
  • Fixed problem with Endianess on some platforms (specially Linux sparc)
  • Fixed rotation issue for log files with a variable name
  • Windows agent should not exit if syscheck is disabled
  • Fixed alert level on e-mail messages
  • Added more modsecurity rules
  • Added support for HP-UX
  • Added support for Microsoft FTP logs
  • Added support for Microsoft Exchange logs (IIS SMTP)
  • More rules for sendmail (rejected due to pre-greeting)

To download the new version:
http://www.ossec.net/en/downloads.html

More information at:
http://www.ossec.net

Computer Security Podcasts That Don’t Suck

Special thanks to Chris Brunner for cataloguing all these security podcasts. From the blog posting:

Over the last several months, I’ve done my best to seek out every podcast related to computer security concepts. I started with a list of just under fifty podcasts and gradually eliminated the ones that consistently failed to offer interesting ideas or were simply too watered down. I’m left the following list of podcasts that I feel are worth listening to. Since each podcast certainly isn’t for everyone, I’ve included some details to make it easier to pick that ones that would most likely interest you the most. This list is in a blatantly-subjective order.

Name: PaulDotCom Security Weekly
Main Subject: anything related to computer security
Format: Casual
Approx. Updates Per Month: 4 to 5
Recent Subjects Covered: mobile malware, hacking ATM machines, tool that allows for hosts to communicate over wireless without being associated, Spamhaus in trouble, Filtering IM for kids, Hacking Web 2.0 Applications with Firefox
Justification: All kinds of good stuff week after week.  Highly recommended.
Rss Link: http://pauldotcom.com/podcast/psw.xml

Name: Security Now!
Main Subject: computer security and basic technology concepts
Format: Formal
Approx. Updates Per Month: 4 to 5
Recent Subjects Covered: Parallels, Virtual PC, Application Sandboxes, Blue Pill, Vista's Virgin Stack
Justification: Despite the fact that Steve Gibson is a total tool who proves repeatedly that he knows alot less than he thinks he does, the show still touches on a number of interesting subjects that are worth tuning in for.
Rss Link: http://leoville.tv/podcasts/sn.xml

Name: Binary Revolution Radio
Main Subject: hacking, phreaking, computer security
Format: Casual
Approx. Updates Per Month: 4 to 5
Recent Subjects Covered: Toorcon, IPv6, Covert Channels, Phishing, Tunneling
Justification: Less organized but offers fresh information and interesting discussion each week
Rss Link: http://www.binrev.com/radio/podcast/

Name: PLA Radio
Main Subject: Phreaking
Format: Very Casual
Approx. Updates Per Month: 1 to 2
Recent Subjects Covered: Free Phone Calls, Beige Boxing, Deaf Relay Operators (IP Relay), Social Engineering
Justification: Covers topics related to "phone hacking".  While the format is a bit strange, some of the older episodes had me laughing uncontrollably and are worth a listen.
Rss Link: http://www.phonelosers.org/rss.xml

Name: Off The Hook
Main Subject: General technology, phreaking, politics
Format: Semi-formal
Approx. Updates Per Month: 4 to 5
Justification: This show, hosted by Emmanuel Goldstein, has been running since the 80's and has become somewhat legendary in the Hacking and Phreaking communities as it's been there to document the evolution of technology.  Definitely worth a listen.
Rss Link: http://www.2600.com/rss.xml

Name: SploitCast
Main Subject: new vulnerabilities, exploit code, security and technology news
Format: Casual
Approx. Updates Per Month: 1 to 4
Recent Subjects Covered: Interview with Johnny Long, ping tunneling, sensitive data on stolen laptops, Zfone, high level ISP hacks, darknets
Justification: They haven't been releasing much lately, but their episodes are usually pretty interesting.  I can't find any other podcasts that discuss exploit code in great detail.
Rss Link: http://sploitcast.libsyn.com/rss

Name: Blue Box: The VoIP Security Podcast
Main Subject: VoIP Security, of course
Format: Semi-casual
Approx. Updates Per Month: 3 to 6
Recent Subjects Covered: Skype security news, interviews, VoIP fraud, recent vulnerabilities
Justification: Covers some great VoIP-related security-centered information.
Rss Link: http://feeds.feedburner.com/BlueBox

Name: TWAT Radio
Main Subject: All things technology with a slight security focus
Format: Casual
Approx. Updates Per Month: 10+
Recent Subjects Covered: Newsgroup readers, Wireless attacks for dummies, Eggdrop, Wake On Lan, Network Recon, VPNs, The GIMP, Cygwin
Justification: Covers a great deal of different technology subjects
Rss Link: http://www.twatech.org/wp-feed.php

Name: Basenet Radio
Format: Casual
Approx. Updates Per Month: 2 to 4
Justification: Underground feel, great information
Rss Link: http://www.basenetradio.net/rss2.xml

Name: LugRadio
Main Subject: Linux and Open Source
Format: Casual
Approx. Updates Per Month: 0 to 2
Recent Subjects Covered: the Portland Project, trusted computing, comparison of Linux distributions, Software Freedom Day
Justification: Possibly the most popular Linux-related podcast
Rss Link: http://www.lugradio.org/episodes.rss

Name: The Linux Link Tech Show
Main Subject: The cutting-edge in Linux-based technology
Format: Casual
Approx. Updates Per Month: 4
Recent Subjects Covered: Linux Home Automation, OpenWRT, Asterisk, Debian vs Mozilla, DRM
Justification: Lots of good Linux-related information
Rss Link: http://www.thelinuxlink.net/tllts/tllts.rss

Name: StillSecure, After all these years
Main Subject: All things related to information security with a focus on a business environment
Format: Formal
Approx. Updates Per Month: 2 to 5
Recent Subjects Covered: Interview with Steve Hanna of Juniper Networks, TCG/TNC, The IETF, 3rd party patching
Justification: This podcast includes some great interviews and information centered around enterprise security
Rss Link: http://clickcaster.com/clickcast/rss/1653

Name: Symantec Security Response Podcast
Main Subject: Security updates
Format: Formal
Approx. Updates Per Month: 2 to 4
Justification: A consistent source of security updates – great for people who are charged with defending a network for a living
Rss Link: http://www.symantec.com/content/en/us/about/rss/sr/sr.xml

Name: Network Security Blog
Main Subject: Network Security…
Format: Formal
Approx. Updates Per Month:
Rss Link: http://www.mckeay.net/secure/index.xml

Backtrack 2.0 Beta Released!

What’s New in v2.0 ?

New exciting features in BackTrack, to mention a few:

* Updated Kernel-Running 2.6.18-rc5, with several patches.
* Updated Tools-Old versions updated, new tools added.
* BackTrack Network Boot-Boot additional BackTrack images over PXE
* John MPI Cluster-Boot BackTrack cracking cluster clients over PXE
* Save2CD-Save changes to CD (assuming CD is multi-session, and a CDR).
* Japanese Input Support-Reading and writing in Hiragana / Katakana / Kanji.
* Unionfs replaced-by aufs with zlib compression.
* Kernel Sources-Included in base image.
* Updated Kernel-Running 2.6.18-rc5, with several patches.
* Updated Tools-Old versions updated, new tools added.
* BackTrack Network Boot-Boot additional BackTrack images over PXE
* cracking cluster clients over PXE
* Save2CD-Save changes to CD (assuming CD is multi-session, and a CDR).
* Japanese Input Support-Reading and writing in Hiragana / Katakana / Kanji.
* Unionfs replaced-by aufs with zlib compression.* Kernel Sources-Included in base image.

Special Features:

* Instant Snort Setup-Sets up snort, mysql, apache, base.
* Instant Ninja (db_autopwn) – Deploys Metasploit db_autopwn on the local subnet.
* Instant Unicornscan pgsqldb Setup-Sets up Apache, Pgsql for scan info.
* Kismet auto configuration-Sets up monitor mode and kismet.conf.
* ipw3945/2200/2100 support-no injection patches.
* Prism54 / MadWifi-ng / Wlan-ng / HostAP / rt2570-With injection patches.
* Quick Installation-Using GUI installer, 100% MySlax compatible.

BackTrack v2.0 Beta

Description: Beta version of BackTrack v2.0.
Hosting: mirror.switch.ch.
File: bt20061013.iso 67ce734304ef2f82c7fd7c1ba5e1caa1
File: bt20061013.iso 67ce734304ef2f82c7fd7c1ba5e1caa1
File: bt20061013.iso 67ce734304ef2f82c7fd7c1ba5e1caa1
File: bt20061013.iso 67ce734304ef2f82c7fd7c1ba5e1caa1

Scroll to top