Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security

Submission + - Nmap 5.00 Released! (nmap.org)

Submitted by
iago-vL
iago-vL writes: "The long-awaited Nmap Security Scanner version 5.00 was just released (download)! This marks the most important release since 1997, and is a huge step in Nmap's evolution from a simple port scanner to an all-around security and networking tool suite. Significant performance improvements were made, and dozens of scripts were added. For example, Nmap can now log into Windows and perform local checks (PDF), including Conficker detection. New tools included in 5.00 are Ncat, a modern reimplementation of Netcat (with IPv6, SSL, NAT traversal, port redirection, and more!), and Ndiff, for quickly comparing scan results. Other tools are in the works for future releases, but we're still waiting for them to add email and ftp clients so we can finally get off Emacs!"
Security

Submission + - Using Conficker's tricks to root out infections (seclists.org)

Submitted by
iago-vL
iago-vL writes: "The folks at Nmap have done it again: despite having their domain blacklisted by Conficker, they released Nmap 4.85BETA8, which promises better detection of the Conficker worm. How? By talking to it on its own peer to peer network! By sending encrypted messages to a suspect host, Conficker.C and higher will reveal itself. This curious case of using Conficker's own tricks to find it is similar to the last trick that Slashdot reported. More info from the author can be found here, and you can download Nmap here (or, if you're a Conficker refugee, try this link instead)."

Comment Re:So... (Score 2, Informative) 288

by iago-vL (#27391785) Attached to: Taming Conficker, the Easy Way

That's correct. I added a 'safe' parameter last night, since the Connficker check is safe, and have been advocating its use in all my posts (you'll see "script-args=safe=1" in everything). Watch out for that.

And for what it's worth, even if 'safe' is missing, it's only going to crash stuff that isn't patched for MS08-067.

Comment Re:So... (Score 0, Troll) 288

by iago-vL (#27391431) Attached to: Taming Conficker, the Easy Way

Glad to hear it! When I wrote the ms08-067 script, I was surprised to see it posted around the Internet -- I wrote it as a demo of what Nmap can do, not as a production-grade scanner, and I guess it ended up being more useful than the other scripts that I've put *far* more work into :)

Comment Re:From the article (Score 1, Troll) 182

by iago-vL (#26203837) Attached to: Security Flaws In Aussie Net Filter Exposed

Don't forget that every security patch that Microsoft releases is a hole that blackhats could already have been exploiting. Patches created now could (and often do) fix vulnerabilities dating back to the release of Windows 2000 or Windows NT. There's no way to guarantee that the holes aren't known and exploited by others.

That being said, any system with proper firewalling mitigates much of the issue. If the only port open to the public network is the one running the proxy software (or whatever it is), then there is very little attack surface.
Biotech

Baby To Be Born Without the Gene For Breast Cancer 259

Posted by ScuttleMonkey from the what-could-possibly-go-wrong dept.
manoftin writes to tell us that next week a baby will be born without the gene for breast cancer, according to the BBC. "But he said that, in this case, not carrying the BRCA1 gene would not guarantee any daughter born to the couple would be unaffected by breast cancer because there are other genetic and environmental causes. Dr Alan Thornhill, scientific director of the London Bridge Fertility, Gynaecology and Genetics Centre, said: 'While the technology and approach used in this case is fairly routine, it is the first time in the UK that a family has successfully eliminated a mutant breast cancer gene for their child. It is a victory for both the parents and the HFEA that licensed this treatment.'"
Programming

Model-View-Controller — Misunderstood and Misused 221

Posted by kdawson from the more-mvc-than-thou dept.
paradox1x writes "Malcolm Tredinnick shares a terrific rant against the misunderstanding and misuse of the Model-View-Controller design pattern. In particular he takes issue with the notion that Django should be considered an MVC framework. He says that 'It's as valid as saying it's a "circus support mechanism," since the statement is both true, in some contexts, and false in others (you can definitely use Django-based code to help run your circus; stop looking so skeptical).' I'm not sure I agree with the entire piece, but it is a very good read." We recently discussed another look at the bending and stretching of MVC patterns in the world of Web development.
Earth

Birth of a New African Ocean 261

Posted by kdawson from the interesting-times-interesting-places dept.
Khemisty writes "Formation of an ocean is a rare event, one no scientist has ever witnessed. Yet this geophysical nativity is unfolding today in one of the hottest and most inhospitable corners of the globe. Africa is splitting apart at the seams. From the southern tip of the Red Sea southward through Eritrea, Ethiopia, Kenya, Tanzania, and Mozambique, the continent is coming unstitched along a zone called the East African Rift." This stretching of the earth's crust has been going on for 20 million years, and within another 10 million the Red Sea will have broken through to create a new sea.

Slashdot Top Deals

According to the latest official figures, 43% of all statistics are totally worthless.

Close