buanzo writes: "After nearly two years of work since the 4.00 release, Insecure.Org is pleased to announce the immediate, free availability of the Nmap Security Scanner version 4.50 from http://insecure.org/nmap/ . Nmap was first released in 1997, so this release celebrates our 10th anniversary!
Major new features since 4.00 include the Zenmap cross-platform GUI, 2nd Generation OS Detection, the Nmap Scripting Engine, a rewritten host discovery system, performance optimization, advanced traceroute functionality, TCP and IP options support, and nearly 1,500 new version detection signatures. Dozens of other important changes — and future plans for Nmap — are listed in the release announcement. We recommend that all current Nmap users upgrade."
JTD121 writes: This is the 10th anniversary of Nmaps' release, and the release of 4.50 after quite some development.
"This is the first stable release since 4.20 (more than a year ago), and the first major release since 4.00 almost two years ago. Dozens of development releases led up to this. Major new features since 4.00 include the Zenmap cross-platform GUI, 2nd Generation OS Detection, the Nmap Scripting Engine, a rewritten host discovery system, performance optimization, advanced traceroute functionality, TCP and IP options support, and and nearly 1,500 new version detection signatures. More than 300 other improvements were made as well."
Devil's BSD writes: "Some of you probably remember a few years ago when Nmap was used in Matrix Revolutions to take down a power grid. Now, Nmap has hit the big screen again, this time in the Bourne Ultimatum. Although it probably flashed by too fast for most of us in the theater, it's clearly visible in the DVD releases. Video stills at http://insecure.org! Also, bash is clearly visible as the shell of choice here. Were they trying to make a subtle connection to the Bourne-Again Shell?"
Gerald writes: "According to a post on the nmap-hackers mailing list early this morning, Myspace had GoDaddy shut down the entire SecLists.org domain. SecLists.org is run by Fyodor of Nmap fame and hosts many important security-related mailing list archives. This is an important service for the security community.
It looks like someone posted a list of Myspace usernames and passwords to one of the lists archived at SecLists.org. Instead of contacting Fyodor directly about the problem, they contacted his DNS provider (GoDaddy) and had them shut down the entire domain."
Smithd132 writes: 7th December 2006 — James Bannan of apc magazine — Vista
Pirates have released another ingenious workaround to Vista's copy protection: a hacked copy of Microsoft's yet-to-be-released volume licencing activation server, running in VMware.
Volume Activation 2.0 is one of the more controversial features of Vista: it means that every copy of Vista has to be activated, even the Business/Enterprise volume licenced editions.
However, to make life easier for administrators, Microsoft worked in a more convenient system of in-house for en masse activation of PCs called KMS — Key Management Service.
The idea behind KMS is that you have a single PC running KMS which can then handle activation for all your Vista clients, so that they don't have to connect back to Microsoft every single time.
The downside of KMS is that the activation is only good for 180 days, to discourage people bringing in their home systems, activating them and wandering off again.
Bearing in mind that KMS wasn't scheduled to be released until next year, pirates have managed to get hold of KMS and produce a standalone, fully-activated KMS server called "Windows Vista Local Activation Server — MelindaGates". Tongue-in-cheek of course...the first "cracked" version of Vista was called Vista BillGates.
The download is a VMWare image, and the idea behind it is that you download and install VMWare Player (a legal free download), boot the image and use some VBS script (supplied with the activation server download) to have the client Vista machine get its activation from the local server. And that's it — no communication back to Microsoft.
Of course, in line with the Volume Activation 2.0 model, this only works with Vista Business and Enterprise editions, as they are the only ones which will accept KMS keys.
Home and Ultimate editions still use normal single-use activation that calls back to Microsoft for validation of the product ID.
On one hand, this is strikes a serious blow to Vista's activation model. Simply possessing the Vista DVD (which was released on the boards about two weeks ago) wasn't enough to get you past the robust activation requirements. But if you can load up a local activation server and activate Vista that way, it sort of makes the whole thing redundant.
There are two caveats though. Vista still has to be installed with a KMS product key, so if that activated system ever goes through the WGA system with a known pirated key, Microsoft will be able to track it down and eventually close the loop.
The second is that this is a true KMS server, so the activation is only good for 180 days, then the client needs re-activation.
It's also still not a crack. In this instance, as with the Vista BillGates release, it's an activation workaround. Admittedly a very clever one, and one that Microsoft will have a lot more trouble stamping out, but the fact that it's taken the acquisition of a KMS server shows that Vista activation is still holding strong in its own right.
But is that of any comfort to Microsoft right now, while its yet-to-be-widely-released OS is being pirated like crazy?