Recent
Skipfish – Automated web security scanner
A couple of days ago (March 19th) Michal Zalewski famous for tools such as p0f and his excellent book ‘Silence on the wire’ announced the release of an open source automated web security scanner called Skipfish from the Google Online Security Blog.
Key features:
High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving 2000 requests per second with responsive targets.
Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.
SecurityPodcasts Boxee App
What is Boxee?
Boxee is the best way to enjoy entertainment from the Internet and computer on your TV
Boxee allows you to develop ‘Apps’ which are basically XML files which grab RSS feeds. These Apps can be installed through remote repositorys. To truncate and combine all the security podcasts I used Yahoo! Pipes.
Dionaea – Low interaction honeypot
After running Glastopf (Glastopf – Web Application Honeypot) for a few days and not getting any hits, I was a bit disappointed. I speculate that maybe you need to give web application honeypots more time to propagate across the Internet and get picked up by search engines to receive any significant hits, or even give the honeypot its own domain name. From my earlier post you will notice that I had tried to get Dionaea to run first.
Markus the lead developer of Dionaea got in contact after he read my post and saw that I was having trouble getting it running. It turned out to be a complete fail on my part, after following the instructions on the Dionaea homepage, Dionaea installed perfectly fine, it was just a case of me not knowing how to run it properly.
What is Dionaea?
Dionaea is meant to be a nepenthes successor, embedding python as scripting language, using libemu to detect shellcodes, supporting ipv6 and tls
Dionaea intention is to trap malware exploiting vulnerabilities exposed by services offerd to a network, the ultimate goal is gaining a copy of the malware.
Glastopf – Web Application Honeypot
I bought an old battered PC over the weekend with the goal of installing a honeypot. I had never installed a honeypot before so wasn’t quite sure what to expect. At first I decided on Dionaea the succsesor to Nepenthes, I had heard great things about Nepenthes from a friend of mine (Infosanity). After going through the installation process, I couldn’t get Dionaea to ‘make’ with the right Python version detected (> 3.0), after about an hour of playing around I decided to give Glastopf a try.
Free software in a Windowed world
I recently upgraded to Windows 7 from Vista. I had planned to migrate fully to Ubuntu 9.10 Karmic however after nearly £100 investment in wireless equipment and none of the hardware working under Ubuntu I bit the bullet. I will now be running Ubuntu and other Linux distributions as Virtual Machines.
Here is a list (in no particular order) of essential (to me) Open Source and Free (as in beer) software (non-security) I installed on my shinny new Windows 7:
FileZilla FTP client – http://filezilla-project.org/ (Open Souce)
Mozilla Thunderbird – http://www.mozillamessaging.com (Open Source)
Inkscape – http://www.inkscape.org/ (Open Source)
BitTorrent – http://www.bittorrent.com/ (Open Source)
Wireshark – http://www.wireshark.org/ (Open Source)
7-Zip – http://www.7-zip.org/ (Open Source)
Notepad++ – http://notepad-plus.sourceforge.net/ (Open Source)
Mozilla Firefox – http://www.mozilla.com/firefox/ (Open Source)
OpenOffice – http://www.openoffice.org/ (Open Source)
Sun VirtualBox – http://www.virtualbox.org/ (Open Source)
Tortoise SVN – http://tortoisesvn.tigris.org/ (Open Source)
VLC – http://www.videolan.org/vlc/ (Open Source)
TrueCrypt – http://www.truecrypt.org/ (Open Source)
XAMPP – http://www.apachefriends.org/en/xampp.html (Open Source)
Zattoo – http://zattoo.com/ (Free)
Spotify – http://www.spotify.com/ (Free)
Skype – http://www.skype.com/ (Free)
It should now be easier than ever to pwn my box now that you all know what software and OS I’m running. ;) What Open Source/Free software can you not live without?
P.S. HAPPY NEW YEEAARRR!!!
