Nmap 5 released

Yes - a little late, I know. Nmap 5 was released on July 16th. Some of the new cool features include Ncat and Ndiff.

Ncat is like Netcat but supposedly better. I have not tried this so I don't want to comment on it.

Ndiff sounds really cool. You can run nmap scans on 2 different occasions and use ndiff to see the difference. One immediate application I can think of would be tracking changes to a network over time. Perhaps run it daily and when a new service appears on a given host, use swatch or some script to alert you. Really cool new tool if you ask me. I can't wait to check this one out!

OWC ActiveX exploits starting to increase

A few days ago Microsoft released a security advisory (973472) for a vulnerability in Microsoft Office Web Components (OWC). This is being actively exploited. Proof of concept code is here and there is at least one Metasploit module for this. We'll only be seeing an increase in exploit attempts so until a patch is released, you should start implementing workarounds.

Some things you can do to protect yourself:

• Set killbits {0002E541-0000-0000-C000-000000000046} and {0002E559-0000-0000-C000-000000000046} per the Microsoft advisory. Thankfully, Microsoft has a slick fix it package here from KB973472.
• Block known bad domains such as f1y.in (see SANS ISC post)
• Keep your Antivirus updated!!
• Use the Noscript plugin for Firefox
• Don't use Internet Explorer until a patch is released

Microsoft SRD blog has more info.

Oracle's quarterly Critical Patch Update posted today

Oracle released their quarterly patches today. If I have time, I'll post something more detailed. But for now I'll post a highlight. There are 30 patches in total (thanks to molecular updates, they can be applied individually), 15 of them are remotely exploitable without authentication. Only three of those are applicable to the venerable Database product.

Link to the Oracle page.

Johhny Long stranded while helping the needy...

Johnny Long (of google hacking database fame) and his family are stranded in the middle of Africa while doing charity work because Paypal has 'frozen' his assets. Can you imagine going to a third world country to help out needy people only to end up being stranded there with hardly any money? Worse yet is you HAVE money but the people holding it won't give it to you. This is a good example of false positives and how they are working against Paypal's fraud detection service.

On a positive note, it looks like the community is starting to band together to help Johhny and his family. If you or anyone you know has any influence over Paypal...

Hackers for charity blog post

Martin Roesch is going to be in Chicago?!?!

I know it's short notice, but Martin Roesch (of Snort fame) will be in town tomorrow and Thursday - http://www.sourcefire.com/news/webinars/#sem1q09

Killbits just arent enough in this case :-(

Check this out: http://addxorrol.blogspot.com/2009/07/poking-around-msvidctldll.html

Apparently it's a little more complicated than Microsoft would have us believe. If the vulnerabilities lie in shared libraries, we're in a world of pain until the libraries are fixed and software compiled using old libraries are recompiled with patched libraries. At least that's my take...