Logsurfer is capable of grouping related log entries together - for instance, when a system boots it usually creates a high number of log messages. In this case, logsurfer can be setup to group boot-time messages together and forward them in a single Email message to the system administrator under the subject line "Host xxx has just booted". Swatch just couldn't do this properly.

This VoIP Security Tool List provides categories, descriptions and links to current free and commercial VoIP security tools. Each commercial tool is indicated by the following icon next to it:

The key objectives of this list are as follows:

1. Provide links to tools that help test the efficacy of implemented best practices outlined by VOIPSA's Best Practices Project.
2. Facilitate the open discussion of VoIP security tool information to help users better audit and defend their VoIP devices and deployments.
3. Provide vendors the information needed to proactively test their VoIP devices' ability to function and withstand real-world attacks.

Two new tools, BTCrack and Hidattack (link to TAR file download), were released today (Friday) at the 23rd Chaos Communication Congress in Berlin. They demonstrate serious security vulnerabilities in Bluetooth at the protocol level. BTCrack permits hacking the pairing of two Bluetooth devices. Hidattack permits remote, external control of a wireless Bluetooth keyboard, so that it is possible to make keyboard entries on the connected computer.

BTCrack builds on a Bluetooth vulnerability described by Israeli researchers Avishai Wool and Yaniv Shaked in 2005. This vulnerability means that it is possible to listen in on the connection between devices connected by short range radio directly, during pairing and thus crack the encryption system. The connected devices are tricked into thinking that their counterpart has forgotten the so-called link key, which is not required for PIN entry. This kicks off a new pairing process. This offers an attacker the opportunity to record the required data using a Bluetooth sniffer.

Hidattack exploits the HD server (human interface device) installed with many Bluetooth keyboards. The program, penned by Colin Mulliner, by bypassing the PIN request in a similar manner connects to this little server and can then pretend to be the keyboard. Zoller elucidated one application possibility for Hidattack - if the keyboard were in a nearby bank and were connected to a terminal that was visible using a telescope, it might be possible, for example, to carry out transactions. In this scenario it would be possible to operate the terminal almost as if you were sitting right in front of it. The only thing missing would be the mouse.

Nepenthes is a low interaction honeypot like honeyd or mwcollect. Low Interaction Honeypots emulate _known_ vulnerabilities to collect information about potential attacks. Nepenthes is designed to emulate vulnerabilties worms use to spread, and to capture these worms. As there are many possible ways for worms to spread, Nepenthes is modular. There are module interface to

• resolve dns asynchronous
• emulate vulnerabilities
• download files
• submit the downloaded files
• trigger events (sounds abstract and it is abstract but is still quite useful)
• shellcode handler

1. BackTrack 1.0
2. Operator v3.3.20
3. PHLAK v0.3
4. Auditor v200605-02 (no-ipw2100)
5. L.A.S. Linux - Local Area Security v0.5
6. Knoppix-STD v0.1
7. Helix v1.7
8. F.I.R.E. v0.3.5
9. nUbuntu vFlight 6
10. INSERT Rescue Security Toolkit v1.3.6

After the tremendously successful 2000 and 2003 security tools surveys, Insecure.Org is delighted to release this 2006 survey. I (Fyodor) asked users from the nmap-hackers mailing list to share their favorite tools, and 3,243 people responded. This allowed me to expand the list to 100 tools, and even subdivide them into categories. Anyone in the security field would be well advised to go over the list and investigate tools they are unfamiliar with. I discovered several powerful new tools this way. I also will be pointing newbies to this site whenever they write me saying “I don't know where to start”.

Respondents were allowed to list open source or commercial tools on any platform. Commercial tools are noted as such in the list below. No votes for the Nmap Security Scanner were counted because the survey was taken on a Nmap mailing list. This audience also means that the list is slightly biased toward “attack” tools rather than defensive ones.

Tenable Network Security, Inc. is proud to announce the immediate availability of Nessus 3.0.3 (build 180).

Nessus 3.0.3 fixes several bugs and adds some enhancements over Nessus 3.0.2 and adds support for the Microsoft Windows and Sun Solaris operating systems.

This release contains the following fixes and improvements :

- nessusd would stop in a middle of a scan if the log file is bigger than 2 gigabytes
- nessusd would stop in a middle of a scan due to a hard to trigger one-byte memory overwrite issue
- ping/packet forgery would fail when scanning a network over a NIC which was not enabled when nessusd initially started up
- performance problems would arise when reading/writing KB files when scanning big networks
- nasl -T - script.nasl now makes script debugging easier
- Slightly faster initial plugins processing
- More robust plugins database backend
- On Mac OS X, users can be managed graphically thru the Nessus Server Manager program
- Updated the plugins distributed with the archive

Nessus 3.0.3 is available immediately for Linux, FreeBSD, Mac OS X, Solaris and as a public beta for Microsoft Windows.   More Information