From the nmap-dev mailing
list:
From: Fyodor
<fyodor_at_insecure.org>
Date: Thu, 7 Dec 2006 20:19:00 -0800 Hi Everyone, I just posted the
binaries for 4.20! Woohoo! This is the first "stable" release in
almost 6 months, and contains tons of important changes over 4.11.
But I think you guys are well familiar with those.
Please give it a try in the next few hours if you can. Unless I hear
about important problems, I'll release it to the nmap-hackers later
tonight or tomorrow morning. That posting will include a summary of
changes, stupid pot smoking jokes, etc.
You can find the goods at:
http://download.insecure.org/nmap/dist/nmap-4.20.tar.bz2
http://download.insecure.org/nmap/dist/nmap-4.20-setup.exe
http://download.insecure.org/nmap/dist/nmap-4.20-win32.zip
http://download.insecure.org/nmap/dist/nmap-4.20-1.src.rpm
http://download.insecure.org/nmap/dist/nmap-4.20-1.i386.rpm
http://download.insecure.org/nmap/dist/nmap-frontend-4.20-1.i386.rpm
http://download.insecure.org/nmap/dist/nmap-4.20-1.x86_64.rpm
http://download.insecure.org/nmap/dist/nmap-frontend-4.20-1.x86_64.rpm
http://download.insecure.org/nmap/dist/nmap-4.20.tgz
And here are the changes since RC2:
o Integrated the latest OS fingerprint submissions. The 2nd
generation DB size has grown to 231 fingerprints. Please keep them
coming! New fingerprints include Mac OS X Server 10.5 pre-release,
NetBSD 4.99.4, Windows NT, and much more.
o Fixed a segmentation fault in the new OS detection system which
was reported by Craig Humphrey and Sebastian Garcia.
o Fixed a TCP sequence prediction difficulty indicator bug. The
index is supposed to go from 0 ("trivial joke") to about 260
(OpenBSD). But some systems generated ISNs so insecurely that Nmap
went berserk and reported a negative difficulty index. This
generally only affects some printers, crappy cable modems, and
Microsoft Windows (old versions). Thanks to Sebastian Garcia for
helping me track down the problem.
Enjoy! Fyodor
Posted by Marcin on Friday, December 8, 2006 in
Links and
Security.
Get right down to it! F-Secure has posted this
letter
asking domain registrars to double-check the names people register for
domains to help combat phishing. The example they give is just one of
many that go wild:
Like, say, somebody trying to register a .com domain with the words
"ebay" and "sign in" in it? Isn't it pretty obvious that something
might be going on here?
You see, yesterday somebody did just that.
Mr. "Craig Smith" from Kilwinning in the UK registered a domain name
called "signin-ebay-c.com" with directNIC. Right now, he's running a
phishing site on it...
...you can contact Mr. Smith at the phone number he left in his
registration data: 1231432311. That sounds pretty real. I'm sure his
credit card is his own, too.
Hopefully we get a response soon, and see what the registrars have to
say. It'd be nice to not have to deal with the many phishing sites there
are today by simply not allowing registration of domain names. Not only
that, but the fact that the domain name infringes on Ebay's trademark.
Posted by Marcin on Tuesday, December 5, 2006 in
Links and
Security.
A couple students at my school hacked our Christmas tree. You can
control it. You'll have to
open up two browser windows to view the cameras and control it
simultaneously(to prevent abuse). It's been featured on
Make
and some more pictures
here. The web
server is hosting the the web page on a PINK Ethernet module. You can
turn the lights on/off and scroll them as well. Have fun with it, but
please don't abuse it.
Posted by Marcin on Monday, December 4, 2006 in
Links and
Tech.
I've been seeing
stories
about the Nike+Ipod sport kit and how researchers have come up with a
way to track people wearing them. This is nothing new, people have been
able to do this for quite some time, called SIGINT (signals
intelligence). You've been carrying around a personal tracking device
since (at least) the early 90's, called a cell phone.
Posted by Marcin on Saturday, December 2, 2006 in
Security.
Alan Shimel of
StillSecure
created the Security Bloggers
Network, a
network of feeds with content relating to security. Check it out, it's a
great way to see what other security pros, analysts, vendors, and anyone
else in the industry is blogging about.
Posted by Marcin on Thursday, November 30, 2006 in
Links and
Security.
