Thursday, July 16, 2009

Nmap 5.00 is Out

New features:

Ncat tool aims to be your Swiss Army Knife for data transfer, redirection, and debugging. We released a whole users' guide detailing security testing and network administration tasks made easy with Ncat.

The addition of the Ndiff scan comparison tool completes Nmap's growth into a whole suite of applications which work together to serve network administrators and security practitioners.

Nmap Network Scanning, the official Nmap guide to network discovery and security scanning. From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, this book suits all levels of security and networking professionals. A 42-page reference guide documents every Nmap feature and option, while the rest of the book demonstrates how to apply those features to quickly solve real-world tasks. More than half the book is available in the free online edition.

The Nmap Scripting Engine (NSE) is one of Nmap's most powerful and flexible features.

Visit and download the new version @ http://nmap.org/5/#changes-nse

Monday, July 13, 2009

Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution

Microsoft is investigating a privately reported vulnerability in Microsoft Video ActiveX Control. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.

We are aware of attacks attempting to exploit the vulnerability.

Our investigation has shown that there are no by-design uses for this ActiveX Control in Internet Explorer which includes all of the Class Identifiers within the msvidctl.dll that hosts this ActiveX Control. For Windows XP and Windows Server 2003 customers, Microsoft is recommending removing support for this ActiveX Control within Internet Explorer using all the Class Identifiers listed in the Workaround section. Though unaffected by this vulnerability, Microsoft is recommending that Windows Vista and Windows Server 2008 customers remove support for this ActiveX Control within Internet Explorer using the same Class Identifiers as a defense-in-depth measure.

Read more...

Monday, July 6, 2009

Microsoft warns of hole in Video ActiveX control

"Microsoft on Monday warned of a vulnerability in its Video ActiveX Control that could allow an attacker to take control of a PC if the user visits a malicious Web site.

There have been limited attacks exploiting the hole, which affects Windows XP and Windows Server 2003, Microsoft said on its Security Response Center blog.

This is the second DirectShow security hole Microsoft has announced in the past few months. The company has yet to provide a security update for a vulnerability announced in May that involves the way DirectX handles QuickTime files."

Thursday, July 2, 2009

US job losses worse than expected

Totally not IT or security related but everyone is pretty much affected one way or another....

The number of jobs lost in the US last month came in at 467,000, which was much more than had been expected.The jobless rate rose to 9.5% in June, from 9.4% in May, as the US economy continued to struggle.

Since the start of the recession in December 2007, the number of jobless people has risen by 7.2 million, the Department of Labor said.

The unemployment rate was slightly lower than had been expected, but was still the highest since August 1983.

In its separate weekly jobs report, the Department of Labor said that the number of newly laid-off workers applying for employment benefits last week fell to 614,000, while the number of people continuing to claim benefits unexpectedly fell to 6.7 million.

Read more...

Wednesday, July 1, 2009

Kon-Boot

"Kon-Boot is an prototype piece of software which allows to change contents of a linux kernel (and now Windows kernel also!!!) on the fly (while booting). In the current compilation state it allows to log into a linux system as 'root' user without typing the correct password or to elevate privileges from current user to root. For Windows systems it allows to enter any password protected profile without any knowledge of the password. It was acctually started as silly project of mine, which was born from my never-ending memory problems :) Secondly it was mainly created for Ubuntu, later i have made few add-ons to cover some other linux distributions. Finally, please consider this is my first linux project so far :) Entire Kon-Boot was written in pure x86 assembly, using old grandpa-geezer TASM 4.0."

Read more...

Hack the Box Blue

https://arcy24.medium.com/hack-the-box-blue-f5ae5b602a5c