sábado, 21 de março de 2009

New CS Anti-Virus based on ClamAV/ClamWin engine

Interessante, novo projeto baseado no ClamAV, agora para Windows.
Aguns detalhes (em inglês):

Include a Window service (CSAntivirus.exe) that perform all scans through the libclamav.dll, the control executable for
desktop interaction (CSAVTray.exe) and a small tool for generate new virus signatures (CSigTool.exe).
The project is developed in Visual Basic 6.0 and Visual C++ 6.0 (The C++ ATL CSAVCoreEngine.dll is a proxy for libclamav.dll). The project is "not yet stable".
This build is only 0.1.2 and is Beta. Anyhow the system is already usable on all NT based Windows Server and Client O.S. (from Windows 2000 to Windows 7) Tested on 2000/XP/Vista.

Follow a list of features:

Freeware, usable on server and client O.S., desktop interaction on system login (application on try bar), use of ClamAV engine and ClamAV virus database (main.cvd and daily.cvd), resident shield (File Guard) at the  moment only for one HD (or one root path), memory/process scan (on idle), File/Path scan, daily and weekly schedule scans, daily update, manual update, events log, event notify, virus log, quarantine (not yet complete), user-define signature creation tool, GUI for engine control, service control, program settings, notify, etc...

There are still many bugs (obviously), but the entire system is already usable.

On the follow link there are others information and the setup file:


sexta-feira, 20 de março de 2009

NIST Announces the Release of Draft Special Publication 800-16 Revision 1

> NIST announces the release of the Initial Public Draft (IPD) of
> Special Publication 800-16, Revision 1, Information Security
> Training Requirements: A Role- and Performance-Based Model. This
> publication is now available for public comment.
> The comprehensive training methodology provided in this publication
> is intended to be used by federal information security professionals
> and instructional design specialists to design (1) role-based
> training courses or modules for personnel who have been identified
> as having significant responsibilities for information security, and
> (2) a basics and literacy course for all users of information systems.
> We encourage readers to pay special attention to the Notes to
> Reviewers section, as we are looking for feedback on the many
> changes we have made to this document.
> Comments will be accepted until June 26, 2009. Comments should be
> forwarded via email to 800-16comments@nist.gov.
> URL to Draft SP 800-16 Rev. 1:
> http://csrc.nist.gov/publications/PubsDrafts.html#800-16-rev1
> Quick update - in the email sent to list on March 3, the NIST IR
> 7536 2008 Computer Security Division Annual Report was released. We
> have updated the PDF file for this document. We now have a final
> layout version available which includes charts, graphics, etc. The
> text inside this report did not change. For those interested in
> viewing the final printed version can find the updated PDF file here:
> It is a PDF file and depending on your Internet speed, it may take a
> couple extra seconds to load - PDF file is about 3.9 MB.
> http://csrc.nist.gov/publications/nistir/ir7536/NISTIR-7536_2008-CSD-Annual-Report.pdf

quarta-feira, 18 de março de 2009

Researcher cracks Mac in 10 seconds at PWN2OWN, wins $5K

Researcher cracks Mac in 10 seconds at PWN2OWN, wins $5K

Charlie Miller defends his title; IE8 also falls on Day 1 of hacking contest
Gregg Keizer

March 18, 2009 (Computerworld) Charlie Miller, the security researcher who hacked a Mac in two minutes last year at CanSecWest's PWN2OWN contest, improved his time today by breaking into another Mac in under 10 seconds.

Miller, a principal analyst at Independent Security Evaluators LLC, walked off with a $5,000 cash prize and the MacBook he hacked.

"I can't talk about the details of the vulnerability, but it was a Mac, fully patched, with Safari, fully patched," said Miller Wednesday not long after he had won the prize. "It probably took 5 or 10 seconds." He confirmed that he had researched and written the exploit before he arrived at the challenge.

The PWN2OWN rules stated that the researcher could provide a URL that hosted his or her exploit, replicating the common hacker tactic of enticing users to malicious sites where they are infected with malware. "I gave them the link, they clicked on it, and that was it," said Miller. "I did a few things to show that I had full control of the Mac."

Two weeks ago, Miller predicted that Safari running on the Mac would be the first to fall.

PWN2OWN's sponsor, 3Com Inc.'s TippingPoint unit, paid Miller the $5,000 for the rights to the vulnerability he exploited and the exploit code he used. As it has at past challenges, it reported the vulnerability to on-site Apple representatives. "Apple has it, and they're working on it," added Miller.

According to Terri Forslof, the manager of security response at TippingPoint, another researcher later broke into a Sony laptop that was running Windows 7 by exploiting a vulnerability in Internet Explorer 8. "Safari and IE both went down," she said in an e-mail.

TippingPoint's Twitter feed added a bit more detail to Forslof's quick message: "nils just won the sony viao with a brilliant IE8 bug!"

Forslof was not immediately available to answer questions about the IE8 exploit.

TippingPoint will continue the PWN2OWN contest through Friday, and will pay $5,000 for each additional bug successfully exploited in Apple Inc.'s Safari, Microsoft Corp.'s Internet Explorer 8, Mozilla Corp.'s Firefox or Google Inc.'s Chrome. During the contest, IE8, Firefox and Chrome will be available on the Sony, while Safari and Firefox will be running on the MacBook. The researcher who exploited IE8 will, like Miller, be awarded not only the cash, but also the laptop.

"It was great," said Miller when asked how it felt to successfully defend his title. "But I was really nervous for some reason this time. Maybe it was because there were more people around. Lucky [the exploit] was idiot-proof, because if I had had to think about it, I don't know if I'd had anything."

This year's PWN2OWN also features a mobile operating system contest that will award a $10,000 cash prize for every vulnerability successfully exploited in five smartphone operating systems: Windows Mobile, Google's Android, Symbian, and the operating systems used by the iPhone and BlackBerry.

Miller said he won't enter the mobile contest. "I can't break them," said Miller, who was one of the first researchers to demonstrate an attack on the iPhone in 2007, and last year was the first to reveal a flaw in Android. "I don't have anything for the iPhone, and I don't know enough about Google."

CanSecWest, which opened Monday, runs through Friday in Vancouver, British Columbia.