Home page logo
/

pen-test logo Penetration Testing mailing list archives

Tools Update - first week of november 2009
From: "SD List" <list () security-database com>
Date: Sat, 7 Nov 2009 21:55:36 +0100 (CET)

Hello

Here is the site's newsletter "Security Database Tools Watch"
(http://www.security-database.com/toolswatch).
This letter summarizes the articles and news items published since 7 days.


         New articles
         --------------------------


** Security-Database new updates (Saint Exploit mapping feature) **
by  Tools Tracker Team
- 6 November 2009

Security-database team is very happy to announce news changes and one
great feature to its SD Vulnerability Cross Linker.

New Feature :

Vulnerability Dashboard is now linking to SAINT Corporation Exploits. When
available, the CVE comes now with CVSS, CPE, CWE, OVAL and Saint ID. Here
is an example for CVE-2009-3023. The mapping works also with vendors
entries (MS, Gentoo, Sun...).

Major changes :

As an effort to be compliant with the latest CWE (Common Weakness
Enumeration) (...)

->
http://www.security-database.com/toolswatch/Security-Database-new-updates.html


** RIP str0ke (milw0rm) ... appears to be a Hoax **
by  Tools Tracker Team
- 4 November 2009

Updated :

Followers has just received a tweet from str0ke’s twitter. @str0ke:
I’m not dead yet, just being trolled.

This means someone has hacked into Edward’s profile and spread a fake
and loosy hoax. After all, we are very happy to see him up and running.

News about his "fake" death:

Security-Database must notify a sad information.

Lamentably a great friend and companion have passed away, early this
morning.

str0ke (1974-04-29 - 2009-11-03) from Milw0rm, the bad news arrived and
surprises (...)

-> http://www.security-database.com/toolswatch/RIP-str0ke-milw0rm.html


** Graudit v1.3 released **
by  ToolsTracker
- 3 November 2009

Graudit is a simple script and signature sets that allows you to find
potential security flaws in source code using the GNU utility grep. It's
comparable to other static analysis applications like RATS, SWAAT and
flaw-finder while keeping the technical requirements to a minimum and being
very flexible.

Version 1.3

Some signatures addes to existing databases

Signature improvements to existing databases

Added JSP ruleset

Added ASP ruleset

Improved testing

USAGE Graudit supports several (...)

-> http://www.security-database.com/toolswatch/Graudit-v1-3-released.html


** UCSniff v3.0 Released **
by  ToolsTracker
- 3 November 2009

UCSniff is a VoIP & IP Video Security Assessment tool that integrates
existing open source software into several useful features, allowing VoIP
and IP Video owners and security professionals to rapidly test for the
threat of unauthorized VoIP and Video Eavesdropping. Written in C/C++, and
available on Linux and Windows, the software is free and available for
anyone to download, under the GPLv3 license.

Version 3.0

Real time VoIP and Video monitoring. [as presented at ToorCon 11, San
(...)

-> http://www.security-database.com/toolswatch/UCSniff-v3-Released.html



         New news items
         --------------------------


* Security-Database new updates (Saint Exploit mapping feature) *
- 6 November 2009

Security-database team is very happy to announce news changes and one
great feature to its SD Vulnerability Cross Linker.

New Feature :

Vulnerability Dashboard is now linking to SAINT Corporation Exploits. When
available, the CVE comes now with CVSS, CPE, CWE, OVAL and Saint ID. Here
is an (...)

->
http://www.security-database.com/toolswatch/+Security-Database-new-updates+.html


* RIP str0ke (milw0rm) ... appears to be a Hoax *
- 4 November 2009

Updated : Followers has just received a tweet from str0ke's twitter.
@str0ke: I'm not dead yet, just being trolled.

This means someone has hacked into Edward's profile and spread a fake and
loosy hoax. After all, we are very happy to see him up and running.

Hope to see you for years to come. (...)

-> http://www.security-database.com/toolswatch/+RIP-str0ke-milw0rm+.html

Kind Regards

Nabil OUCHN
CEO & Founder
www.security-database.com


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault