fv - Slashdot User

Submission + - Nmap 6.0 Released (nmap.org)

Submitted by Gerald on Monday May 21, 2012 @05:13PM

Gerald writes: After 3 years of work Fyodor and company have released version 6.00 of the Nmap Security Scanner! The new release includes a more powerful Nmap Scripting Engine, 289 new scripts, better web scanning, full IPv6 support, the Nping packet prober, faster scans, and much more! We recommend that all current users upgrade. More info in the release notes.

Comment Re:Perfect american corporate business practice (Score 4, Insightful) 231

by fv on Thursday December 08, 2011 @10:22PM (#38311026) Attached to: Cnet Apologizes For Nmap Adware Mess

But they didn't do anything illegal. They're basically just using their own download application that comes with extra stuff.

Yes, but Download.com still assures users that they will never bundle that "extra stuff". Their Adware & Spyware Notice says:

In your letters, user reviews, and polls, you told us bundled adware was unacceptable--no matter how harmless it might be. We want you to know what you're getting when you download from CNET Download.com, and no other download site can promise that.

Also, they make it look like a download link for the real installer (which it used to be), and then the user gets this CNET crap. But they still used our name liberally in the trojan installer as if we were somehow responsible for or involved in this abomination. I've got screen shots on my Download.com fiasco page.

Also, this "apology" rings hollow because they aren't fixing the problem along with it. In particular:

1) He claims that bundling malware with Nmap was a “mistake on our part” and “we reviewed all open source files in our catalog to ensure none are being bundled.” Either that is a lie, or they are totally incompetent, because tons of open source software is still being bundled. You can read the comments below his post for many examples.

2) Even if they had removed the malware bundling from open source software, what about all of the other free (but not open source) Windows software out there? They shouldn't infect any 3rd party software with sketchy toolbars, search engine redirectors, etc.

3) At the same time that Sean sent the “apology” to users, he sent this very different note to developers. He says they are working on a new expanded version of the rogue installer and “initial feedback from developers on our new model has been very positive and we are excited to bring this to the broader community as soon as possible”. He tries to mollify developers by promising to give them a cut (“revenue share”) of the proceeds from infecting their users.

4) You no longer need to register and log in to get the small (non-trojan) “direct download” link, but the giant green download button still exposes users to malware.

5) The Download.Com Adware & Spyware Notice still says “every time you download software from Download.com, you can trust that we've tested it and found it to be adware-free.” How can they say that while they are still adding their own adware? At least they removed the statement from their trojan installer that it is “SAFE, TRUSTED, AND SPYWARE FREE”.

Submission + - Why Double-Spacing After Periods Isn't Wrong (heracliteanriver.com)

Submitted by Anonymous Coward on Monday December 05, 2011 @10:18PM

An anonymous reader writes: Over at Slate, Farhad Manjoo struck a nerve earlier this year with a vitriolic article attacking anyone who would dare to put two spaces after a period, a post with thousands of comments (and counting) and dozens of online responses. (http://www.slate.com/articles/technology/technology/2011/01/space_invaders.html) He blames the two-space rule on the history of typewriters and ignorance of a consensus among typographers that supposedly goes far back in history. But the recent linked blog post cites numerous sources showing that Manjoo and typographers don't know their own history. It turns out that single-spacing is the aberrant practice, only introduced because technology made people lazier, publishers wanted to save money, and typesetters became dumber. The creators of many historical typefaces still in use today are apparently rolling over in their graves over the current standard. (Note: Slashdot ran an Ask Slashdot story on the topic of spacing last year: http://ask.slashdot.org/story/10/08/04/161232/sentence-spacing-1-space-or-2)

Submission + - CNet / download.com trojaning OSS tools (seclists.org)

Submitted by Zocalo on Monday December 05, 2011 @07:02PM

Zocalo writes: In a post to the Nmap Hackers list Nmap author, Fyodor, accuses C|Net / download.com of wrapping a trojan installer (as detected by various AV applications when submitted to VirusTotal) around software including Nmap and VLC Media Player. The C|Net installer bundles a toolbar, changes browser settings and, potentially, performs other shenanigans — all under the logo of the application the user thought they might have been downloading. Apparently, this isn't the first time they have done this, either.

Fyodor's on the lookout for a good copyright lawyer, if anyone has one to spare.

Nmap Developers Release a Picture of the Web 125

Posted by Soulskill on Monday August 23, 2010 @03:40PM from the pretty-pictures dept.

iago-vL writes "The Nmap Project recently posted an awesome visualization of the top million site icons (favicons) on the Web, sized by relative popularity of sites. This project used the Nmap Scripting Engine, which is capable of performing discovery, vulnerability detection, and anything else you can imagine with lightning speed. We saw last month how an Nmap developer downloaded 170 million Facebook names, and this month it's a million favicons; I wonder what they'll do next?"

Comment New Nmap 5.30BETA1 Release (Score 5, Informative) 55

by fv on Monday March 29, 2010 @06:18PM (#31663170) Attached to: Taking Apart the Energizer Trojan

We just today released Nmap 5.30BETA1, which contains the version detection signature described in this post for detecting the Energizer trojan. It also includes a detection and exploitation script for a major Mac OS X vulnerability which Nmap developer Patrik Karlsson found last month and Apple finally patched this morning. There are about 100 other changes as well, including 37 new NSE scripts. You can download it free here.

Pardon the Nmap promotion, but it seemed on-topic for the story.

Submission + - Detecting critical Apple vulnerability with Nmap (cqure.net) 1

Submitted by iago-vL on Monday March 29, 2010 @02:37PM

iago-vL writes: Patrik Karlsson, an Nmap developer, released a script today to detect a vulnerability in the Apple Filing Protocol (afp), CVS-2010-0533. This vulnerability is trivial to exploit and allows users to view files outside of public shares. He describes this vulnerability, which he discovered inadvertently while working on the Nmap Scripting Engine (NSE), as "strikingly similar to the famous Windows SMB filesharing vulnerability from 1995." Instructions on how to detect vulnerable systems using Nmap can be found in the post linked above.

Submission + - Nmap 5.00 Released! (nmap.org)

Submitted by

iago-vL

on Thursday July 16, 2009 @12:12PM

iago-vL writes: "The long-awaited Nmap Security Scanner version 5.00 was just released (download)! This marks the most important release since 1997, and is a huge step in Nmap's evolution from a simple port scanner to an all-around security and networking tool suite. Significant performance improvements were made, and dozens of scripts were added. For example, Nmap can now log into Windows and perform local checks (PDF), including Conficker detection. New tools included in 5.00 are Ncat, a modern reimplementation of Netcat (with IPv6, SSL, NAT traversal, port redirection, and more!), and Ndiff, for quickly comparing scan results. Other tools are in the works for future releases, but we're still waiting for them to add email and ftp clients so we can finally get off Emacs!"

Comment Open Source Competitors (Score 5, Informative) 120

by fv on Saturday May 30, 2009 @02:04PM (#28150767) Attached to: L0phtCrack (v6) Rises Again

When the submitter referenced "open source alternatives that go by similar names", he was referring to ophcrack. Similar features are also available from Cain and Abel, and John the Ripper.

I maintain a list of top password crackers and sniffers as part of my SecTools.Org site.

While the submitter is correct that they have much more competition now, I still wish to congratulate the former L0pht guys on the new release!

Comment Nmap 4.85BETA5 just released (Score 4, Informative) 288

by fv on Monday March 30, 2009 @06:12PM (#27394543) Attached to: Taming Conficker, the Easy Way

I'm happy to report that we've just released Nmap 4.85BETA5 with Conficker detection so you can do that scan! The actual recommended command is:

nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 [targetnetworks]

For more details, see the announcement at http://insecure.org.
-Fyodor

Submission + - Nmap 4.50 Released in its 10th Birthday (insecure.org)

Submitted by

buanzo

on Thursday December 13, 2007 @05:01PM

buanzo writes: "After nearly two years of work since the 4.00 release, Insecure.Org is pleased to announce the immediate, free availability of the Nmap Security Scanner version 4.50 from http://insecure.org/nmap/ . Nmap was first released in 1997, so this release celebrates our 10th anniversary! Major new features since 4.00 include the Zenmap cross-platform GUI, 2nd Generation OS Detection, the Nmap Scripting Engine, a rewritten host discovery system, performance optimization, advanced traceroute functionality, TCP and IP options support, and nearly 1,500 new version detection signatures. Dozens of other important changes — and future plans for Nmap — are listed in the release announcement. We recommend that all current Nmap users upgrade."

Submission + - mapping the net, one host at a time for 10 years

Submitted by

gnuWIAN

on Thursday December 13, 2007 @04:23PM

gnuWIAN writes: "NMAP 4.5 is out. Fyodor sez: http://insecure.org/stf/Nmap-4.50-Release.html"

Submission + - NMap 10th anniversary and 4.50 release!

Submitted by JTD121 on Thursday December 13, 2007 @04:07PM

JTD121 writes: This is the 10th anniversary of Nmaps' release, and the release of 4.50 after quite some development.

"This is the first stable release since 4.20 (more than a year ago), and the first major release since 4.00 almost two years ago. Dozens of development releases led up to this. Major new features since 4.00 include the Zenmap cross-platform GUI, 2nd Generation OS Detection, the Nmap Scripting Engine, a rewritten host discovery system, performance optimization, advanced traceroute functionality, TCP and IP options support, and and nearly 1,500 new version detection signatures. More than 300 other improvements were made as well."

Submission + - Nmap hits the Silver Screen (Again)

Submitted by

Devil's BSD

on Wednesday December 12, 2007 @05:39AM

Devil's BSD writes: "Some of you probably remember a few years ago when Nmap was used in Matrix Revolutions to take down a power grid. Now, Nmap has hit the big screen again, this time in the Bourne Ultimatum. Although it probably flashed by too fast for most of us in the theater, it's clearly visible in the DVD releases. Video stills at http://insecure.org! Also, bash is clearly visible as the shell of choice here. Were they trying to make a subtle connection to the Bourne-Again Shell?"

Submission + - Sourcefire acquires ClamAV

Submitted by Fancy Boy on Friday August 17, 2007 @05:48PM

Fancy Boy writes: Sourcefire, sellers of the commercialized version of Snort IDS, have acquired ClamAV, everyone's favorite open source anti-virus product. Here is the press release from Sourcefire and here is a SecurityFocus writeup of it. I bet ClamAV creator Tomasz Kojm is now a rich dude. That's nice...

Slashdot Top Deals