If you follow this blog, you know that I did an article on the first stable release of Namp http://www.pccybertek.com/2010/01/nmap-5-20-released yesterday. Now that it has been out for a week, Fydor has already released another update, Namp 5.21 which is also a stable
release and not a beta. It’s mainly just a bug fix release. So I have updated the download section here with a link to the 5.21 release, which is on the right column about 3/4 of the way down the page. My download link is directly to the file on the insecure.org website or you can go to the Nmap download page yourself.

But I don’t want to just tell you about the update, I’d like to offer you some more since you took the time to stop by here. So here is a link to Iron Geek’s Baisc Nmap Tutorial video. And if already know the basics and would like to move on to some more advanced lesson, here is Iron Geek’s Nmap Video Tutorial 2: Port Scan Boogaloo Happy port knocking.

Some how this one slipped by me because it was published by Adobe on the 19th.

Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.2.602 and earlier versions, on the Windows and Macintosh operating systems. The vulnerabilities could allow an attacker, who successfully exploits the vulnerabilities, to run malicious code on the affected system. Adobe has provided a solution for the reported vulnerabilities. It is recommended that users update their installations to the latest version using the instructions provided above.

This update resolves a buffer overflow vulnerability that could potentially lead to code execution (CVE-2009-4002).

This update resolves multiple integer overflow vulnerabilities that could potentially lead to code execution (CVE-2009-4003).

Download Adobe Shockwave Player version 11.5.6.606  here

You can find out which version you have by going here Test Adobe Shockwave Player

So much for the internal workings, now lets move on to some of the cool upgrades.  There are 31 new Nmap Scripting Engine (NSE) scripts which brings the total up to 80. These NSE scripts are one of my favorite features of Nmap. These scripts allow me to run Nmap in ways I never even thought about. I’m one of those people who learns better by example so the included scripts helps me to have a better understanding of how to write my own NSE scripts. Check out the complete list of NSE scripts.

There has also been an increase in the OS fingerprints, thanks to user submitted fingerprints and many corrections. Some of the more interesting new fingerprints include Google’s Android Linux (for smart phones), Mac OS X 10.6 (Snow Leopard), The Chumby (an internet radio player), a bunch of printers and routers for a total of 1349 fingerprints. This is including the 40 new vendors, 342 new fingerprints and 81 corrections.

Speaking of databases, the OS detection has seen some real growth. Thanks to user submissions, 2,576 of them since Feb. 2009, more than a thousand signatures have been added. That many users submissions shows the kind of community support Nmap has earned.

Nmap started out as a command line tool. But don’t let that scare you away from trying it out if you never have before. There is also a GUI (graphical user interface) called Zenmap that comes packaged with it. Zenmap has also seen improvements. You can now filter the results in Zenmap. So say you have performed a scan and have a lot of results but you just need to see the computers running Linux or a particular service like IIS. You can now apply a filter to your scan results and just have a list of  those machines which are running it.

These are just a few of the improvements made to Nmap since version 5.00 and you can get a complete list of the changes since 5.00 from the release notes. Or just download it and give it a try. There is a release for just about any OS you have. If you work with networks at all, you owe it to yourself to give Nmap a try.

@ramereth word to the wise: DO NOT trust any firefox extension. assume they can grab and do anything including executing other code #defcon

Just one of many tweets talking about how scary the talk was. So until I can get more information on this, I’m disabling most of my Firefox extensions. Could this be Firefox’s vulnerability equivalent to Internet Explorer’s active-x? Ironically, I’ve been using Google’s Chrome browser lately. I’m liking it more and more. I was just switching back to Firefox because it has a couple extensions I use a lot. But now that they might not be safe, it looks like Chrome is going to be set as my default browser. At least until I find out more about these Firefox extension exploits.

Seeing how this talk was given today, I suspect there will soon be a rash of these exploits and figured I should pass on the info I have even though it’ sketchy at best at this point. To disable your extensions in Firefox, just go to Tools, then addons, then extensions, and uninstall or disable them.

Yes, that’s right. The essential network scanner, nmap, has made it to version 5. If you are unfamiliar with nmap, it’s a must have tool for anyone who does anything with networks. It’s the greatest port scanner around. And you can get it for just about any OS. But nmap is much more than just a port scanner. It can be used for more than just seeing what ports are open. You can also use it for its OS detection, among other things, and you can even use it to find the conficker virus on remote computers. It’s available as a command line tool and for those who prefer a gui, it also comes with zenmap which is a graphical front end for it.

My thanks to Fydor and the nmap development team for constantly updating this awesome tool and never being satisfied with the status quo. Now let me quote insecure.org

July 16, 2009 — Insecure.Org is pleased to announce the immediate, free availability of the Nmap Security Scanner version 5.00 from http://nmap.org/. This is the first stable release since 4.76 (last September), and the first major release since the 4.50 release in 2007. Dozens of development releases led up to this.

Considering all the changes, we consider this the most important Nmap release since 1997, and we recommend that all current users upgrade.

You can find a list of the changes here and be sure to download it.

Our friends over at the Internet Storm Center are keeping an active eye on this new vulnerability. You can read all about it and follow their updates here. So do your Microsoft Updates, several just came out, and if you really want to be safe, stop using Internet Explorer or use it as little as possible and switch to Firefox, Chrome or even Opera. Stay Safe.

Turns out many people are still falling for this scam. I had to clean my parents computer up, from one of these. Try doing it over VNC, and you may have your patience tested like I did. Anyways, the old folks aren’t the only ones falling for this, and now their is a new variation. Spware Protect 2009, is the new breed of scareware. Not only does it con you by getting you to install it, it actually does damage to get you to “purchase” it for $49.99 and install a trojan downloader. Meanwhile it increases the pop ups telling you how infected your computer is. So you order the program with your credit card and guess what, you just gave them your credit card number, no hacking needed. A local electronics store, with the initials RS, got hit by it and from what I could get out of them, sounds like the whole corp has been infected through their network.

Since I first found out about this last week, I’ve found out that it’s now also being installed by the conficker virus. At first I was thinking, wouldn’t people be suspicious if there was a new piece of software, on their computer? I sure as hell would. Then I started thinking about it, in a corporate situation. Some poor schmuck, in accounting or where ever, could think it was installed by their IT Dept. So the keylogger installed would run until the computer crashed. The one good thing is, the domain that was selling Spyware Protect 2009 is gone. Keep an eye out for variations with new names and the same or slightly modified interface.

-Your friendly neighborhood PC Cybertek

There’s no need to try and figure out what’s safe or real and what has more sinister plans in mind. The good folks at dshield.org have been keeping an updated list of third party information on conficker. Here you can find plenty of free conficker detection and removal tools, general information and the microsoft patch. That should help keep you updated, safe and informed.

I’ve also found out about one other real neat way of detecting it, but it’s for more advanced users, so I’m going to make a seperate post about it.