The GNU Privacy Guard 1.4.12 released

GnuPG (the GNU Privacy Guard or GPG) is GNU’s tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

What’s New
===========

* GPG now accepts a space separated fingerprint as a user ID.
This allows to copy and paste the fingerprint from the key
listing.

* Removed support for the original HKP keyserver which is not
anymore used by any site.

* Rebuild the trustdb after changing the option –min-cert-level.

* Improved JPEG detection.

* Included more VMS patches

* Made it easier to create an installer for Windows.

* Supports the 32 bit variant of the mingw-w64 toolchain.

* Made file locking more portable.

* Minor bug fixes.

* Ukrainian translation.

Download or read more in here http://www.gnupg.org/

Advertisements

The Malware Analysis Process

To provide a brief description of what me mean by “Malware Analysis” this project addresses how  organizations confirm, analyze, and then address malware infections. This is important because today’s antimalware defenses basically don’t work (hard to argue) — so as a result way too much malware makes it through defenses. When you get infected you start a process to figure out what happened. First you need to figure out what the attack is, how it works, how to stop or work around it, and how far it has spread within your organization. That’s all before you can even think about fixing anything. So let’s jump in with both feet

Read More in Here : https://securosis.com

Zorp V-3.9.3 release

Zorp is a proxy firewall suite with its core architecture is built around today’s security demands: it uses application level proxies, is modular and component based, uses a script language to describe policy decisions, makes it possible to monitor encrypted traffic, lets you override client actions, and lets you protect your servers with its built in IDS capabilities.

 This release fixes passphrase handling of trusted CA private keys and removes support for obsolete Linux versions and Solaris.

Download tarball Version : zorp_3.9.3.tar.gz

Or read More in Herehttp://www.balabit.com

Facebook takes legal action against “clickjacking” before

With the support of Washington state’s first legal action against Facebook, the so-called “clickjacking” before. Targeting the enterprise is adscendens Media , an advertising network that is suspected of transporting illegal advertising methods via an affiliate program in social networks.
Facebook and the Washington Attorney General Rob McKenna have separately charges levied against the company. The plaintiffs rely on violations of U.S. anti-spam law ” CAN-SPAM Act “and the” Commercial Electronic Mail Act “of Washington state.

According to the reasoning adscendens and partners have sent messages to Facebook users, who pretended to be friends. The messages should have included links, for example, with the lyrics “Can not Believe a 2 year old is doing this,” or “{Video} OMG! See what happened to his Girlfriend!” were provided.

The aim was to entice recipients to click on the links. Advertised on the website is then not see the promised content was so, but should have been attempted using tricks to get users to purchase products, or to undetected click on a Like button that was hidden behind other content. According to the indictment behind it a viral system. Assumptions of Facebook According adscendens earn annually with this method, more than 20 million U.S. dollars. In a first opinion, the advertising agency of all allegations themselves. source

Hiawatha 8.0 release

Hiawatha is a secure and advanced Web server for Unix. It has been written with security as its main goal. It features a rootjail, the ability to run CGIs under any UID/GID you want, prevention of SQL injection and cross-site scripting, banning of clients who try such exploits, and many other features. These features make Hiawatha an interesting Web server for those who need more security than what the other available Web servers are offering. Hiawatha is also fast and easy to configure.

Features :

Extra

  • Access/connection control
  • Banning
  • CGI support (including PHP)
  • CGI wrapper (run CGI under a diffrerent uid/gid in a secure way)
  • Chunked Transfer-encoding
  • CommandChannel (control Hiawatha by telnetting to a special port)
  • Cookie support
  • Cross-site Scripting (XSS) prevention
  • Cross-site Request Forgery (CSRF/XSRF) prevention
  • Customizable ServerString
  • Directory listing with customizable stylesheet
  • DoS/flooding protection
  • FastCGI support (load-balanced)
  • GZip Content-Encoding support (in a unique way, read the manual for more information.)
  • HTTP authentication (basic and digest)
  • If-(Un)Modified-Since header field
  • Interface binding control
  • Internal file caching
  • IPv6 support
  • Keep-alive connections
  • Large file support
  • Logging
  • Range header field (single range support)
  • Referer control for images (prevent external image linking)
  • Remote monitoring
  • Request pipelining
  • Rootjail
  • SSL support
  • SQL injection prevention
  • Traffic throttling/shaping (control uploadspeed)
  • URL rewriting via regular expressions
  • Userdirectory support
  • Virtual host support
  • Volatile object support (for frequently changing objects, like webcam pictures)
  • XSLT support

Download Source :

Tarbal                       :  hiawatha-8.0.tar.gz

MacOSX Package : hiawatha-8.0.dmg

Windows Package : hiawatha-8.0.zip

Or read More in Here http://www.hiawatha-webserver.org

Update – nmapsi4 0.3.1

NmapSi4 is a complete Qt4-based Gui with the design goals to provide a complete nmap interface for Users, in order to menage all option of this power security net scanner and search services vulnerability.

  • Traceroute support with nmap.
  • Lookup support with internal tool or dig.
  • Vulnerabilities search support.
  • nmap nse support.
  • discover network ip active from a class and local interface up.
  • multiple profile support, static and dynamic.
  • full scan with nmap.
 Bugs were fixed and several translations were updated :

Download :  http://code.google.com/ |  http://sourceforge.net/

Or read More In Herehttp://www.nmapsi4.org/

Update Mobius Forensic Toolkit – 0.5.11

Mobius Forensic Toolkit is an open-source forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files, for easy integration with other tools.

This release features 14 new registry reports : autorun, services, IE download folder, IE typed URLs, MRU files opened/saved, MRU files executed, search assistant, printer ports, processors, all devices, enumerated devices, HID devices, network devices, and stream devices.

Download : 

linuxmobiusft-0.5.11.tar.gz  Windows : mobiusft-0.5.11.zip

Or Read More in Here : http://savannah.nongnu.org/projects/mobiusft