Follow Slashdot stories on Twitter


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Submission + - Nmap team releases 5 gigapixel favicon map 1

iago-vL writes: From the creators of Nmap comes the largest survey of this its kind ever performed: the favicon.ico files of over a million Web sites were scanned, compiled, and sorted to create a 5 gigapixel image, blowing their 2010 survey out of the water! It's searchable, zoomable, and incredibly fun to play with! Can you find Slashdot without cheating? (Hint: it's near Facebook)

Submission + - A 512-byte "evil maid" bootloader steals user passwords (

iago-vL writes: Security researcher Alex Weber has implemented a so-called "evil maid" attack in a custom bootloader, weighing in at an impressive 512 bytes. This bootloader can be written to any USB device. When booted, it displays a face CHKDSK screen, which prompts for the user's password. It saves the password to the USB device, marks itself as unbootable and reboots. The machine will start up normally, and the user never knows they were compromised! Check out the termcap or video to see it in action!

Submission + - Openwall Linux 3.0: no SUIDs, anti log spoofing ( 2

solardiz writes: Openwall GNU/*/Linux (or Owl for short) version 3.0 is out, marking 10 years of the project. Owl is a small security-enhanced Linux distro for servers, appliances, and virtual appliances. Two curious properties of Owl 3.0: no SUID programs in default install (yet the system is usable, including password changing) and logging of who sends messages to syslog (thus, a user can't have a log message appear to come, say, from the kernel or sshd). No other distro has these. Other highlights of Owl 3.0: single live+install+source CD, i686 or x86_64, integrated OpenVZ (host and/or guest), "make iso" & "make vztemplate" in included build environment, ext4 by default, xz in tar/rpm/less, "anti-Debian" key blacklisting in OpenSSH. A full install is under 400 MB, and it can rebuild itself from source.

Comment Re:A new domain specific language is born (Score 2, Informative) 125

NSE isn't actually domain specific, it's the tried, tested, and fast Lua (with extensions to make it fit with the Nmap scanner). You get the speed of Nmap to find hosts/ports plus the NSE scripts backing it up to do deeper probes.

Wireshark, Snort, Nmap, and plenty of other tools use Lua for scripting, so it's a valuable language to learn. I recommend it!

Open Source

Submission + - Nmap Developers release a picture of the Web (

iago-vL writes: The Nmap Project recently posted an awesome visualization of the top million site icons (favicons) on the Web, sized by relative popularity of sites. Once again proving that they're the kings of scanning, this project used the Nmap Scripting Engine, which is capable of performing discovery, vulnerability detection, and anything else you can imagine with lightning speed. We saw last month how an Nmap developer downloaded 170 million Facebook names, and this month it's a million favicons. I wonder what they're going to do next?

Submission + - ATM Makers Release Fixes for 'Jackpotting' Flaw (

Trailrunner7 writes: Two ATM manufacturers have released software updates to address the remotely exploitable vulnerabilities in their machines' firmware that IOActive researcher Barnaby Jack demonstrated line on stage at the Black Hat conference last month. In response to the demonstration, in which Jack was able to bypass the authentication mechanism on the ATMs and then load a small rootkit that he wrote, ATM manufacturers Hantle and Triton have released new versions of their firmware that fix the vulnerability. Both manufacturers are recommending that ATM owners install the updates immediately.
Social Networks

Submission + - Identity Theft How-To ( 1

An anonymous reader writes: The crew at released a podcast today that is truly scary. They interviewed an identity thief and give a basic how-to into committing identity theft. The reasoning is that they want to protect the public by releasing dangerous information. They called it a 0Day for SE and I for one think that is accurate.

Submission + - Detecting critical Apple vulnerability with Nmap ( 1

iago-vL writes: Patrik Karlsson, an Nmap developer, released a script today to detect a vulnerability in the Apple Filing Protocol (afp), CVS-2010-0533. This vulnerability is trivial to exploit and allows users to view files outside of public shares. He describes this vulnerability, which he discovered inadvertently while working on the Nmap Scripting Engine (NSE), as "strikingly similar to the famous Windows SMB filesharing vulnerability from 1995." Instructions on how to detect vulnerable systems using Nmap can be found in the post linked above.

Submission + - Taking apart the Energizer Trojan (

iago-vL writes: Researchers at SkullSecurity have written a tutorial on how they reverse engineered the Energizer Trojan and generated an Nmap probe to remotely detect infections. The Energizer Trojan is a great educational tool because its inner workings are very simplistic and it makes minimal efforts to hide itself or conceal its purpose; it even lists what appears to be the author's name — "liuhong" — in the source! From infecting a test machine to debugging and disassembling the Trojan to writing the actual probe, this tutorial is a great introduction to malware analysis!

Comment Re:Detect it with Nmap (Score 2, Informative) 260

Yeah, the simple xor 'encryption' is pretty oldschool. I can't believe I didn't notice that right away myself. I didn't see it till I started looking at the send/recv functions.

As to the CLSID, good thought, but no -- the CLSID isn't a real CLSID, it's just a way of identifying its own commands. Basically, it's a list of if(!strcmpi(command, "clsid1")) { do_this() } elseif(!strcmpi(command, "clsid2")) { do_that() } etc.

It only has those 9 or so CLSID's included, and if it isn't on the list the command is simply discarded.

And for what it's worth, the initial "'\x00\x00\x00" that you're seeing is a length (0x27 = the length of the CLSID = ').


Submission + - Creating backdoors through DNS with dnscat (

iago-vL writes: SkullSecurity released a tool this week called dnscat (documentation). Designed to tunnel connections through DNS in the style of NSTX, this can bypass virtually any firewall, provided a local DNS server exists. It supports file transfers, tunneled sockets, command shells, and more! The documentation even has an example of how to tunnel an SSH session through DNS!

Slashdot Top Deals

Not only is UNIX dead, it's starting to smell really bad. -- Rob Pike