nmap XML to HTML parser

Posted on in internet, security
   8 Replies

I was recently in need for a parser that would convert Nmap XML output to a HTML file. As far as I could see there was no tool available so I wrote my own. Feel free to use or adjust it.

Snort 3.0 Beta 3 Released

Posted on in internet, open source, security
   Leave a reply

An interesting post by Martin Roesch on the new architecture in the beta release of Snort.

APEG: automatic patch-based exploit generation

Posted on in internet, security
   Leave a reply

‘n Nieuwe trend, maak je exploits op basis van de beschikbare patches. Nog betere trend. Doe het volautomatisch en binnen de minuut.

Enkele onderzoekers van Berkeley, Pittsburg en Carnegie Mellon beschrijven hun onderzoek.

Secure web browsing with the OP web browser

Posted on in internet, open source, security
   1 Reply

Het “Opus Palladianum” project heeft als bedoeling een nieuwe veilige browser te ontwerpen.

In plaats van één monolitische geheel zal de browser uit kleine zelfstandige subsystemenen bestaan die met elkaar communiceren.

Hebben we dat al niet eens gehoord voor operating-systemen? Dat monolitische systemen niet werken?

Authentication bypass in embedded devices

Posted on in security
   Leave a reply

There is a very interesting post by Adrian Pastor about authentication bypass.

He talks about the well known vulnerability in the Linksys WRT54G router where the page that contains the different settings is password protected but the page that does the actual processing of the data (for the Linksys, a CGI script) was not protected at all.

Security Twits

Posted on in internet, security
   Leave a reply

An interesting post by Jennifer Leggio on Security Twits (Security folks using Twitter).

Spam Honeypots

Posted on in internet, security
   1 Reply

The Project Honeypot allows for everyone who is hosting a website to create a mini honeypot to trap spammers. I’ve configured mine to run at this site at “coast.php”.

It is a “poor-man” honeypot but can still offer useful results. Watch for my future writeups on how to create honeypots with Bind, Apache and Postfix.

Differences of tcpdump linux / openbsd

Posted on in linux, open source, security
   1 Reply

One of the nicer options of tcpdump under Linux is the -C (that is a capital C). This allows you to write the captured traffic to a file and have the file rotated at a given size. According to the man-pages :

-C Before writing a raw packet to a savefile, check whether the file is currently larger than file_size and, if so, close the current savefile and open a new one. Savefiles after theRead more.

CAPTCHA security Hotmail.com / Live.com bypassed

Posted on in security
   1 Reply

An article from Websense shows how new bots are able to bypass the CAPTCHA security that prevents spammers from creating large number of accounts.

According to Websense the three main advantages for spammers to target this CAPTCHA are:

the Microsoft domain is unlikely to be blacklisted they are free to sign up it may be hard to keep track of them as there are millions of users worldwide using the service.

.

The sameRead more.

FOSDEM 2008

Posted on in conferences, internet, linux, open source, php, security
   Leave a reply

FOSDEM, the free and open source developers’european meeting is taking place in Brussels on 23/24 February.

Their schedule is online and shows that there are going to be some interesting talks :

The virtualization track with talks on Xen. Application virtualization with next-generation Klik Unicoding With PHP 6 OWASP WebScarab-NG