2009
12.02

A bit of information


An interesting article on VPN attacks that bypass browser security. My colleague sent this link, pretty good read.
US-CERT Wars Of VPN Attack

Interesting site lets you search specific countries and open ports. Try it out for yourself, it’s not perfect but pretty cool. (ie.: port:22 country:ca)
SHODAN

——

A SANS article:
–Microsoft Looking Into Black Screen Problem
(November 30, 2009)
Microsoft is investigating reports that security updates it released in
November are causing black screens on some users’ computers. The
updates allegedly change Access Control List (SCL) entries in the
registry. The problem appears to affect computers running Windows 7,
Vista and XP.

Related articles:
TechWorld
CNet

——

Backtrack 4 is up to kernel 2.6.30.7
If you have a problem with “PostgresSQL 8.3″ on boot up after a dist-upgrade. Here’s a fix that worked me. Just edit the postgresql.conf file found
/etc/postgresql/8.3/main and set “ssl” to false.
If you do need ssl if you here’s a link to fix that as well: link

Also if you update/upgrade everything, you may end up with one package that won’t upgrade for some reason. This has been mentioned in the Remote-Exploit forum, but has yet to be addressed as far as I can tell.

Package: Backtrack-sniffers

# apt-get upgrade Reading package lists...
Done
Building dependency tree
Reading state information... Done
The following packages have been kept back:
backtrack-sniffers
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.

——

I guess by now, everyone knows that Metasploit now has colour. Have to admit, it does look good. Also the colour seems to help me out.
There’s also an interesting article recently written about Rapid7’s NeXpose Community Edition. A free version of their commercial software with Metasploit integrated into it.
Penetration Testing in the Marketplace 2010
and
Rapid7 Releases Free version of Nexpose

——

Well don’t have much time to try out anything really security related these days. So I’ll try and pass on information I fall on for the next few weeks. Remember to visit us on our website Kioptrix.com. The site ain’t finished but should be up and running by the end of December. So in the mean time, download the VMs tells us what you think. If you have built a few vulnerable VMs images yourself, place comment here and we’ll do our best to host them.

Have a good one.