Burp suite is an integrated platform for attacking web applications. It contains all of the burp tools (proxy, spider, intruder and repeater) with numerous interfaces between them designed to facilitate and speed up the process of attacking a web application. All plugins share the same robust framework for handling HTTP requests, authentication, downstream proxies, logging, alerting and extensibility.

Burp suite allows an attacker to combine manual and automated techniques to enumerate, analyse, attack and exploit web applications. The various burp tools work together effectively to share information and allow findings identified within one tool to form the basis of an attack using another.

After four years at the helm of Microsoft’s security group, Mike Nash is taking a break. This June he will go on sabbatical after handing over responsibilities to his replacement, Ben Fathi.

Nash led Microsoft’s Security Technology Unit during a period in which the security of Microsoft’s products was increasingly scrutinized following a number of worldwide worm attacks, including Slammer and MyDoom.

The 15-year Microsoft veteran was responsible for directing Microsoft’s response to these threats as well as for setting its overall security strategy as the software vendor struggled against a public perception that its products were insecure.

A US agency is calling for an official probe into Chinese computer firm Lenovo's contract to supply 15,000 computers to the US State Department.

The US-China Economic and Security Review Commission (USCC) said it feared the PCs could be fitted with bugging devices to spy on the US government.

Lenovo, which last year bought IBM's PC arm, said it had nothing to hide and would welcome the investigation.

Microsoft makes a big deal about security, but sometimes a few of the company's security resources slip under the radar. There aren't many, but there are a few obscure Microsoft security utilities that deserve a little more publicity. In this article, I will briefly describe several utilities that you may not have heard of.

• Microsoft Office Visio 2003 Connector for the Microsoft Baseline Security Analyzer
• Security Risk Assessment for Midsize Organizations
• Cipher Security tool
• Port Reporter
• PortQry
• Malicious Software Removal Tool

A takeover bid by an Israeli firewall firm has become the latest victim of US security protectionism. Check Point Software has dropped its bid for US rival Sourcefire after objections from the FBI and Pentagon were heard by the Treasury's Committee on Foreign Investments.

The Committee has also overseen the recent rumpus surrounding the Dubai carve-up of P&O, which would put Arab business in control of US ports.

Federal agency objections to the security software tie-up centre on the implementation of Sourcefire's anti-intrusion software 'Snort' by the Bureau and Department of Defense, AP reports. In private meetings between the panel and Check Point, FBI and Pentagon officials took exception to letting foreigners acquire the sensitive technology.

If the $225m deal had gone ahead as announced back in October, Check Point would have got the rights to all patents and source code. Check Point says the two companies will find ways round the roadblock. CEO Gil Shwed said: "We've decided to pursue alternative ways for Check Point and Sourcefire to partner in order to bring to market the most comprehensive security solutions."

rumint (room-int) is an open source network and security visualization tool

• Load pcap datasets and capture live traffic.
• VCR/PVR interface to play back the traffic
• Visualize packets in seven carefully designed windows
• Extremely flexible with a total of ~20 different views.
• Currently handles up to 30,000 packets in a high speed RAM buffer.

This version adds filtering and scaling based on TCP and UDP ports (see the toolbars>filters menu) as well as filtering based on packet length. Also, I converted all the appropriate interface elements to eliminate the need for the fm20.dll which should make installation cleaner. I'm hoping this will allow rumint to also work on Japanese versions of Windows, if someone could let me know, I'd appreciate it. I'd also like to thank the good people at astalavista for placing rumint on their top 10 tools list. Finally, rumint should not time out based on the packetX library I'm using, this version should fix any problems along this line.