Security Acts is a free magazine for professionals in IT Security.

Download the latest magazine
Subscribe to be notified when new issues are released.

GreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks. GreenSQL works as a proxy and has built in support for MySQL. The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands (DROP, CREATE, etc).

http://www.greensql.net/

Zenoss Core is an open-source network monitoring and server monitoring product.  Zenoss features include

• Network, Server, and Application monitoring with a single product
• Ability to monitor any SNMP enabled device
• Real-time alerting when outages or slowdowns occur
• Single Event Console containing Zenoss alerts, SNMP traps, and log events

http://www.zenoss.com/product/network-monitoring

PacketFence is a free and open source network access control (NAC) system.  The standard feature list illustrated on the official website:

• Registration
  PacketFence supports an optional registration mechanism similar to “captive portal” solutions. An Acceptable Use Policy can be specified such that users cannot enable network access without first accepting it. The duration of a node registration can be a relative value (eg. “four weeks from first network access”) or an absolute date (eg. “Thu Jan 20 20:00:00 EST 2009″).
• Detection of abnormal network activities
  Abnormal network activities (computer virus, worms, spyware, etc.) can be detected using local and remote Snort  sensors. Beyond simple detection, PacketFence layers its own alerting and suppression mechanism on each alert type. A set of configurable actions for each violation is available to administrators.
• Proactive vulnerability scans
  Nessus vulnerability scans can be performed on a scheduled or ad-hoc basis. PacketFence correlates the Nessus vulnerability ID’s of each scan to the violation configuration, returning content specific web pages about which vulnerability the host may have.
• Isolation of problematic devices
  PacketFence supports several isolation techniques, including VLAN isolation with VoIP support (even in heterogeneous environments) for multiple switch vendors.
• Remediation through a captive portal
  Once trapped, all HTTP, IMAP and POP sessions are terminated by the PacketFence system. Based on the nodes current status (unregistered, open violation, etc), the user is redirected to the appropriate URL. In the case of a violation, the user will be presented with removal instructions for the particular infection he/she has.
• 802.1X
  802.1X is supported through a FreeRADIUS module.
• Wireless integration
  PacketFence intregrates perfectly with wireless networks through a FreeRADIUS module. This allows you to secure your wired and wireless networks the same way.
• DHCP fingerprinting
  DHCP fingerprinting can be used to automatically register specific device types (eg. VoIP phones) and to disallow network access to other device types (eg. game consoles).

http://www.packetfence.org

FreeNAS is an embedded open source NAS (Network-Attached Storage) distribution based on FreeBSD, supporting the following protocols: CIFS (samba), FTP, NFS, TFTP, AFP, RSYNC, Unison, iSCSI (initiator and target) and UPnP.  FreeNAS supports additional services such as a Bittorent client, UPnP server, iTunes/DAAP server, and network bandwitdh measurement.  Take a look at the complete featurelist on the official website.

http://www.freenas.org/

Covered topics:

* Writing a secure SOAP client with PHP: Field report from a real-world project
* How virtualized browsing shields against web-based attacks
* Review: 1Password 3
* Preparing a strategy for application vulnerability detection
* Threats 2.0: A glimpse into the near future
* Preventing malicious documents from compromising Windows machines
* Balancing productivity and security in a mixed environment
* AES and 3DES comparison analysis
* OSSEC: An introduction to open source log and event management
* Secure and differentiated access in enterprise wireless networks

Free Windows utility that automatically disaplyes your wireless network interface when your computer is connected via a cable network connection:

http://www.wlanbook.com/disable-wireless-connected-lan-xp-vista/

Message from hackinthebox.org:

Welcome to 2010! We are proud to announce the immediate availability of our newly ‘reborn’ HITB ezine! You can grab your digital copies here:

Zarul Shahrin – zarulshahrin@hackinthebox.org
Editor, HITB Ezine

http://www.hitb.org

The final version of BackTrack 4 was released yesterday. It is available for download here from torrent or direct download links.

The Ernst & Young global information security survey takes a closer look at how organisations are specifically addressing the changing environment, including the risks, challenges, increasing regulatory requirements and new technologies. The survey identifies and examines potential opportunities for improvement and important short-term and long-term trends that will shape information security in the coming years.

Ernst & Young’s 2009 Global Information Security Survey Download

Official Press Release: Brand protection a major force driving Information Security

OpenNebula is an open and flexible tool that fits into existing data center environments to build any type of Cloud deployment. OpenNebula can be primarily used as a virtualization tool to manage your virtual infrastructure in the data-center or cluster, which is usually referred as Private Cloud. OpenNebula supports Hybrid Cloud to combine local infrastructure with public cloud-based infrastructure, enabling highly scalable hosting environments. OpenNebula also supports Public Clouds by providing Cloud interfaces to expose its functionality for virtual machine, storage and network management.

http://www.opennebula.org/

The Open Web Application Security Project (OWASP) released a new top 10 list at its conference in Washington, D.C.

A1 –Injection

A2 –Cross Site Scripting (XSS)

A3 –Broken Authentication and Session Management

A4 –Insecure Direct Object References

A5 –Cross Site Request Forgery (CSRF)

A6 –Security Misconfiguration(NEW)

A7 –Failure to Restrict URL Access

A8 –UnvalidatedRedirects and Forwards (NEW)

A9 –Insecure Cryptographic Storage

A10 -Insufficient Transport Layer Protection

Two new items appeared in the list, that were not in the Top 10 2007 list: Security Misconfiguration, and UnvalidatedRedirects and Forwards.  The two items that dropped out of the list are Malicious File Execution and Information Leakage and Improper Error Handling.

The list, currently in Release Candidate stage can be downloaded from the OWASP website here.

It seems like the warez scene for iphone apps is finally kicking off (or I must have missed it completely when it happened in the past).  PPCWarez, previously known for distributing cracked applications & games for the Windows Mobile platform, have opened a section for iPhone applications.  It seems to be pretty straightforward too to install these applications on a jailbroken iphone:

• Open Cydia, and add the source http://cydia.hackulo.us
• Also via Cydia, Install the AppSync application and reboot your iphone
• Drag your downloaded iphone application into your iTunes Library
• Sync your iphone via iTunes

Topics covered in this issue:

- Using real-time events to drive your network scans
- Review: Data Locker
- The Nmap project: Open source with style
- Enterprise effectiveness of digital certificates: Are they ready for prime-time?
- A look at geolocation, URL shortening and top Twitter threats
- How “fake stuff” can make you more secure
- Making clouds secure
- Q&A: Dr. Herbert Thompson on security ROI and RSA Conference
- Book review – Cyber Crime Fighters: Tales from the Trenches
- Top 5 myths about wireless protection
- Securing the foundation of IT systems
- A layered approach to making your Web application a safer environment
- In mashups we trust?
- Adopting the security best practice of least privilege
- Is your data recovery provider a data security problem?
- New strategies for establishing a comprehensive lifetime data protection program
- Security for multi-enterprise applications
- EU data breach notification proposals: How will your business be affected?
- Book review – 97 Things Every Software Architect Should Know
- Safety in the cloud: How CIOs can ensure the safety of their data as they migrate to cloud applications
- Vulnerability management

http://www.net-security.org/insecuremag.php

A method to bypass the Windows 7 online activation scheme has been found, approximately 3 months before the official Windows 7 release took place. My Digital Life published an article how the Windows 7 activation scheme was bypassed.   With this method Windows 7 can be permanently activated online and will pass Windows Genuine Advantage (WGA) validation.

SLP (System-Locked Pre-installation) and SLIC (Software Licensing Internal Code) are the mechanisms used by OEM computer manufacturers to factory activate pre-installed Windows operating system on computers so that activation process of Windows is done automatically once a user boots his new computer for the first time. From a leaked Windows 7 .ISO the boot.wim file was extracted to retreive the OEM SLP key, plus the OEM activation certificate. Using a loader, a SLIC that results in a valid validation can be emulated before Windows boots.

At this time different Windows 7 activators are already spreading the Internet for Windows 7 Ultimate, the only Windows 7 version that was leaked until current.

Windows 7 was released to manufacturing on 22nd of July 2009.  The official Windows 7 release date for the retail market is the 22nd of October 2009.