Source: Openwall-announce -- Alexander Peslyak - Posted by Eric Lubow
John the Ripper 1.7.2 (a "development" version) adds bitslice DES assembly code for x86-64 making use of the 64-bit mode extended SSE2 with 16 XMM registers. You can download it at the usual location: http://www.openwall.com/john/.
Source: Securiteam.com - Posted by Benjamin D. Thomas
his new paper which is about to appear later this month (May, 2006) on the IEEE security and privacy conference describes holes in Linux's random number generator, as well as a clear description of the Linux /dev/random. The Linux random number generator is part of the kernel of all Linux distributions and is based on generating randomness from entropy of operating system events. The output of this generator is used for almost every security protocol, including TLS/SSL key generation, choosing TCP sequence numbers, and file system and email encryption.
Although the generator is part of an open source project, its source code (about $2500$ lines of code) is poorly documented, and patched with hundreds of code patches.
PHP HoP is an open source project for:
* Application-based low-level interaction honeypot
* Dealing with web threats
PHP HoP has already been used to :
* Fool different kind of web attackers (audit tools, manual hax0rs...)
* Create real statistics about the first top10 commands used by an intruder .
* Steal malware (PHP, C, Perl) that attackers wanted to upload
* Identify evil behaviours and learn about current web threats
Source: TheRegister.co.uk - Posted by Benjamin D. Thomas
Pete Herzog, founder of ISECOM and creator of the Open Source Security Testing Methodology Manual (OSSTMM) talks with Federico Biancuzzi about the upcoming revision 3.0 of the OSSTMM. I'm Pete Herzog, managing director of ISECOM. I live in a small town in Catalonia just outside of Barcelona. It's also where I work part of the year. The other part of the year I work in the US. ISECOM is a non-profit, registered both here and in New York State, USA, with the aggressive mission to "make security make sense".
OSSEC HIDS is an open source host-based intrusion
detection system. It performs log analysis, integrity
checking, rootkit detection, time-based alerting and
active response.
This is one of the most improved versions so far. It
now includes support for squid, pure-ftpd, postfix and
AIX ipsec logs (in addition to a lot of improvements
to the previous rules).
There is a critical need in the law enforcement community to ensure the reliability of computer forensic tools. A capability is required to ensure that forensic software tools consistently produce accurate and objective test results. The goal of the Computer Forensic Tool Testing (CFTT) project at the National Institute of Standards and Technology (NIST) is to establish a methodology for testing computer forensic software tools by development of general tool specifications, test procedures, test criteria, test sets, and test hardware.
Nicholas Albright's first foray into some of the darkest alleys of the Internet came in November 2004, shortly after his father committed suicide. About a month following his father's death, Albright discovered that online criminals had broken into his dad's personal computer and programmed it to serve as part of a worldwide, distributed network for storing pirated software and movies.
It's like an "American Idol" for security geeks. Students at the Georgia Institute of Technology prep, sweat and show their stuff while a panel of critics decides their fates. But unlike the popular "reality" TV show, judges aren't determining who can best carry a tune. Instead they weigh students' ideas for making information security more user-friendly, with $50,000 -- enough cash to fund a project for 12 months -- hanging in the balance.
There are many uses for RFID such as supply chain management, but access control is one of the most relevant applications for personal use. Many people use RFID access cards to get into buildings, use elevators, or even open the doors to those special penthouse type hotel suites. Setting up your own front door (or any door for that matter) with an RFID enabled access mechanism is pretty easy.
Researchers have demonstrated a new forensics technology designed to help catch cyber thieves and digital pirates. The digital fingerprinting technology, which was developed by academics at the University of Maryland's A. James Clark School of Engineering, is designed to help protect digital assets and identify national security leak sources.
<>
