Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2005-10-17 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

GPL Nessus Forks

Published: 2005-10-18
Last Updated: 2005-10-18 00:09:45 UTC
by Scott Fendley (Version: 2)
1 comment(s)

In case you have missed the announcement, Tenable security has made the decision of commercializing the popular Nessus security scanner within the next month. 


As a result, a project group has been formed to release a GPL fork of the Nessus security scanner in the future.  This product will probably undergo a name change to prevent problems with support between the commercial scanner and the new GPL fork.  In the meantime, it is located at http://www.gnessus.org/doku.php .

Additionally, Handler Kevin Liston noted that another GPL nessus project is located at http://porz-wahn.berlios.de/homepage/about.php


Two more GPL projects to mention:

Segusius  (located at http://sourceforge.net/projects/segusius )
GPL Nesus Checks  (located at http://sourceforge.net/projects/gplnessuschecks )

(Thanks Schneelocke for reporting these)


--
Scott Fendley
Handler on Duty

Keywords:
1 comment(s)

Pedro's Malware Analysis Quiz

Published: 2005-10-17
Last Updated: 2005-10-17 22:55:33 UTC
by Scott Fendley (Version: 1)
0 comment(s)
For everyone that is following along with Pedro Bueno's malware analysis quiz, here is a quick announcement.  Pedro has updated Quiz II with the answers, and has placed Quiz III up on his website for your perusal.  For those that would like to know more about what I am talking about, please check out http://handlers.dshield.org/pbueno/ for information.

--
Scott Fendley
Handler on Duty
Keywords:
0 comment(s)

Entertaining Bug in Microsoft Word

Published: 2005-10-17
Last Updated: 2005-10-17 22:54:17 UTC
by Scott Fendley (Version: 1)
0 comment(s)
Earlier this afternoon, Marc Sachs found an interesting (and entertaining to me) bug in Microsoft Word.  It would seem that the synonym lookup feature does not handle certain words properly.  To try this for yourself, open your version of Microsoft Word and type the word information.  Then right click on the word, and then select the "Synonyms" menu item (see below).  You will note that the entertaining bug has given you words based on the words "in   formation" not the single word of "information".  For those wondering, this screen shot came from Microsoft Word 2003 with SP2 (11.6568.6568).  Other versions of words may or may not experience this glitch as we have not tested them.



For those thinking "Where is the security implication of this?", take this as an editorial on software complexity and its connection to security flaws.   As software has become more complex, we have seen more and more security flaws found.  Simple enough, right? To restate it a little differently, software complexity and flaws detected are directly related. This may not always stay the case, but that is common wisdom in today's world.  (Side note:  This is not a gripe against Microsoft and should not be read in that light.  This is just as relevant to any software vender.) 

In this increasingly complex software, how many flaws are there which have remained undetected for years? How many very simple oversights, like the one above, exist in more sensitive modules with security ramifications?  How long can a minor flaw stay undetected in popular software packages? 

To me, this is a very sobering thought, especially considering the number of ecommerce or medical sites on the Internet today.  Somehow, I will not let it make me loose sleep over the (in)security of my private information on the Internet.

For those that have a large amount of copious spare time, feel free to send in other single-word examples of the above to our attention. Hyphenated words are troublesome to native speakers much less computers.  If you find any words, please also submit what version of Word exhibited this issue.  We will try to find an appropriate contact within Microsoft to send the examples.

Keywords:
0 comment(s)
Diary Archives