Nmap Security Scanner version 5 has been released. Significant performance improvements were made, and many scripts have been added. Nmap can now log into Windows a system and perform local checks such as Conficker detection.

Announcement
Changes
Download

Researchers have built a tool that automatically finds and exploits SQL injection and cross-site scripting vulnerabilities in Web applications.

The so-called Ardilla tool uses a technique developed by the researchers — MIT’s Adam Kiezun, the University of Washington’s Michael Ernst, Stanford’s Philip Guo, and Syracuse University’s Karthick Jayaraman — that creates inputs that pinpoint bugs in Web applications and then generates SQL injection and XSS attacks. Ardilla is for PHP-based Web apps.

There is also a table of results from analysis done against several PHP web applications

Via: darkREADING

Vancouver city council has endorsed the principles of making its data open and accessible to everyone where possible, adopting open standards for that data and considering open source software when replacing existing applications.

More details on the announcement available at the Straight

OpenBSD 4.5 has been released today. This release includes OpenSSH 5.2 as well as various tweaks, bugfixes, and enhancements. New and extended platforms include sparc64, and added device drivers. See the announcement page for a full list

A piece of malicious software unwittingly shared over a peer-to-peer network in January was the key tool in what security researchers are saying was the first known attempt to create a botnet of Mac computers.

Researchers at Symantec say the Trojan, called OSX.Iservice, hid itself in pirated versions of the Apple application iWork ’09 and the Mac version of Adobe Photoshop CS4 that were shared on a popular peer-to-peer bittorrent network.

SecureMac has released a tool to remove the Trojan, and can be downloaded from here.

Via: cbc.ca

“The people who bring you the DroneBL DNS Blacklist services, while investigating an ongoing DDoS incident, have discovered a botnet composed of exploited DSL modems and routers. OpenWRT/DD-WRT devices all appear to be vulnerable. What makes this worm impressive is the sophisticated nature of the bot, and the potential damage it can do not only to an unknowing end user, but to small businesses using non-commercial Internet connections, and to the unknowing public taking advantage of free Wi-Fi services. The botnet is believed to have infected 100,000 hosts.”

Poorly configured devices that allow remote administration access from the WAN side, combined with weak passwords for root, appears to be the reason for the successful proliferation of the worm.

Via Slashdot

Techworld reports the following:

The world’s six largest computer drive makers have published the final specifications for a single, full-disk encryption standard that can be used across all hard disk drives, solid state drives (SSD) and encryption key management applications.

Read the full article at Techworld.

Technical problems with the license management servers at SonicWall Inc. created havoc last week for users of the company’s firewall and e-mail security products, leaving many companies temporarily unprotected against spam, phishing and malware threats.

The problems resulted in affected enterprise users of the SonicWALL UTM Firewall, Email Security, Content Security appliances temporarily having their content filter, intrusion prevention and antivirus protection disabled due to the reset of license keys that were treated as invalid.

More details on the matter can be read at the Register

Triggerfish, also known as cell-site simulators or digital analyzers, are nothing new: the technology was used in the 1990s to hunt down renowned hacker Kevin Mitnick. By posing as a cell tower, triggerfish trick nearby cell phones into transmitting their serial numbers, phone numbers, and other data to law enforcement. Most previous descriptions of the technology, however, suggested that because of range limitations, triggerfish were only useful for zeroing in on a phone’s precise location once cooperative cell providers had given a general location.

This summer, however, the American Civil Liberties Union and Electronic Frontier Foundation sued the Justice Department, seeking documents related to the FBI’s cell-phone tracking practices. Since August, they’ve received a stream of documents—the most recent batch on November 6—that were posted on the Internet last week. In a post on the progressive blog Daily Kos, ACLU spokesperson Rachel Myers drew attention to language in several of those documents implying that triggerfish have broader application than previously believed.

More details on Ars Technica

Microsoft today released a new Games for Windows Live update, which improves the interface. A separate update will arrive in two to three weeks, adding support for video, demos, and DLC downloads through a Marketplace application.

Microsoft has definite plans to distribute full PC titles through its Marketplace application in the future.

Via: CrunchGear