A list of unpatched IE vulnerabilities, currently at 31. yikes!
I upgraded my version of fluxbox, the window manager, today to the latest CVS version 0.9.6pre7. There’s some cool new features like menu transparency and some useful features such as embeddable tabs in window dressings. In my screenshot you can see that the bottom right terminal actually is 3 terminals embedded within the top dressing. I also ditched gkrellm in favor of dockapps that fit into fluxbox’s slit. You can see these docks along the righthand side in my screenshot. I start these applications up out of my .xinitrc file.
I was checking out what products Tenable Security, founded by Renaud Deraison and Ron Gula, were offering and ran into their passive vulnerability scanner called NeVO. For the month of September they are offering a free trial of this tool so I decided to give it a spin. NeVO should be deployed much like a NIDS in the fact that it needs to be on a SPAN/mirror port for the hosts that you want to scan and the hardware specs should scale with the size of the pipe. It is signature based, does passive OS detection (utilizing p0f), banner grabbing, and applies regex’es on payloads. NeVO has 656 plugins, or signatures, whereas it’s active vulnerability scanner brother Nessus has 1779 plugins. I started it up with
./nevo -c nevo.conf -r nevo.nsr &
and let it run for a day on my internal network. The next day I took a look at the nevo.nsr file, by default NeVO will write it’s Nessus format output file every 5 minutes, and found a few interesting tidbits of data such as remote banners and a vulnerable version of wget someone was running . Keep in mind I had it running inside my firewall so there wasn’t much traffic.
I think NeVO has it’s best use in:
- high traffic networks where reactive scans aren’t feasible because of disruption risks or volume
- detecting vulnerabilities on machines that aren’t directly owned or controlled by the organization
- networks where machines and open services are dynamic
- complementing a weekly/monthly active scan
I’ve recently subscribed to the tcpdump-workers mailing list and have learned that the CVS version of tcpdump has support for decrypting IPsec ESP packets. The tcpdump website has daily tarballs of CVS for download. The new option, -E, should be useful in debugging IPsec networking problems and I can’t wait to try it out.
The slashdot trolling phenomenon. I rarely read comments of /. stories, usually only security specific or OpenBSD related posts, but this article is dead on for the different trolls that always pop up.