Security

Tor 0.2.8.6 released with major update

Tor 0.2.8.6 has been released and it comes with a large number of improvements, changes and fixes. Tor 0.2.8.6 is the first stable version of the Tor 0.2.8 series. The Tor 0.2.8 series improves client bootstrapping performance, completes the authority-side implementation of improved identity keys for relays, and includes numerous bugfixes and performance improvements throughout the program. This release continues to improve the coverage of Tor’s test suite. Tor 0.2.8.6 Changelog New system requirements: Tor no longer attempts to support platforms where the “time_t” type is unsigned.

How to install Wireshark 2.1.1 development release on Ubuntu 16.10

Wireshark 2.1.1 development release recently released, is a free, open source packet analyzer used for network troubleshooting, monitoring, analysis, software and communications protocol development. The latest release comes with a number of vulnerabilities & bug fixes. Wireshark Changelog You can now switch between between Capture and File Format dissection of the current capture file via the View menu in the Qt GUI. You can now show selected packet bytes as ASCII, HTML, Image, ISO 8859-1, Raw, UTF-8, a C array, or YAML.

KeePass 2.33 released with Improved private mode browser detection

KeePass 2.33 Password Manager recently released, is an application for people with extremely high demands on secure personal data management. It has a light interface, and is cross platform. KeePass 2.31 mainly features integration and user interface enhancements, and various other minor new features and improvements. KeePass 2.33 Changelog New Features: Added commands in the group context menu (under ‘Rearrange’): ‘Expand Recursively’ and ‘Collapse Recursively’. Added option ‘When selecting an entry, automatically select its parent group, too’ (turned on by default).

KeePass 2.31 Password Manager released

KeePassX 2.31 Password Manager recently released, is an application for people with extremely high demands on secure personal data management. It has a light interface, and is cross platform. KeePass 2.31 mainly features integration and user interface enhancements, and various other minor new features and improvements. KeePassX 2.0 Highlights: New Features: Added menu/toolbar styles, freely selectable in ‘Tools’ - ‘Options’ - tab ‘Interface’; available styles are ‘Windows 10’, ‘Windows 8.

KeePassX 2.0 Password Manager released

KeePassX 2.0 Password Manager recently released, is an application for people with extremely high demands on secure personal data management. It has a light interface, and is cross platform. This release is the first stable release of the KeePassX 2 series after several years of development. KeePassX 2.0 Highlights: KeePassX 2.0 is using the new .kdbx (same as KeePass 2) database format. You can import your .kdb database from 0.

Nmap 7.00 Network Mapper released

Nmap 7.00 Network Mapper recently released, is a free and open source utility for network discovery and security auditing. Its useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.

Wireshark 2.0 Open-Source Network Protocol Analyzer released

Wireshark 2.0 recently released, is a free, open source packet analyzer used for network troubleshooting, monitoring, analysis, software and communications protocol development. The latest release Wireshark 2.0 comes with a significant host of Qt Port bugfixes and new features. Wireshark 1.12.4 changelog An RTP player crash has been fixed Flow graph issues have been fixed A Follow Stream dialog crash has been fixed An extcap crash has been fixed A file merge crash has been fixed A handle leak crash has been fixed Several other crashes and usability issues have been fixed “File”→Merge no longer crashes on Windows Icons in the main toolbar obey magnification settings on Windows The Windows installer does a better job of detecting WinPcap The main window no longer appears off-screen on Windows The I/O Graph in the Gtk+ UI now supports an unlimited number of data points (up from 100k).

libxml2 vulnerabilities found in Ubuntu 15.10, Ubuntu 15.04, Ubuntu 14.04 LTS, Ubuntu 12.04 LTS

Details of a number of libxml2 vulnerabilities that have been found and fixed in Ubuntu 15.10, Ubuntu 15.04, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS have been published Ubuntu security notice blog. According to the summary – “Several security issues were fixed in libxml2.“ libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service.

Cumulative update for Windows 10 released

Microsoft had just release Cumulative update for Windows 10. This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are described in the following Microsoft security bulletins and advisory: 3105256 MS15-122: Security update for Kerberos to address security feature bypass: November 10, 2015 3104521 MS15-119: Security update in TDX.sys to address elevation of privilege: November 10, 2015 3104507 MS15-118: Security updates in the .

Microsoft to acquire Secure Islands – a leader in data protection technology

Microsoft is taking it’s investments in security technology to the next level. Microsoft today confirmed that they have acquired Secure Islands, a leader in data protection technology startup in Israel. This acquisition accelerates Microsoft’s ability to help customers secure their business data no matter where it is stored – across on-premises systems, Microsoft cloud services like Azure and Office 365, third-party services, and any Windows, iOS or Android device. Secure Islands’ technology enhances the data protection capabilities available today with Azure Rights Management Service, Microsoft’s cloud-based information protection solution.

Tor Browser 5.0.4 is released with important security updates

Tor Browser 5.0.4 recently released, is based on Firefox ESR 31.7.0 and features important security updates to Firefox. In addition to this, Yan Zhu’s fix was included for not leaking the Referer header when leaving a .onion domain and are shipping an updated NoScript version. Tor Browser 5.0.4 changelog All Platforms Update Firefox to 38.4.0esr Update NoScript to 2.6.9.39 Update Torbutton to 1.9.3.5 Bug 9623: Spoof Referer when leaving a .

KeeFarce fools KeyPass password manager into exporting its internal passwords database to CSV file

Denis Andzakovic, a security researcher for Security Assessment has released a tool that fools KeyPass password manager into exporting its internal passwords database to CSV file, using DLL injection. KeeFarce is also described as an in-memory looter for KeePass 2.x databases. See tool in GitHub. KeeFarce leverages DLL injection to export the information (including usernames and passwords) of a running and unlocked KeePass Database into a cleartext CSV file. Source code and prebuilt executables.

Opera 32 now with SurfEasy VPN feature

As security is now becoming increasingly important in our day to day internet surfing, the SurfEasy team has recently joined the Opera family, adding its VPN solution to its product lineup. What is a VPN? Well, imagine that basic internet communication is like sending a postcard. Almost everyone can read it, the post officer, post truck driver and even your neighbor. You trust they won’t use your private information, but you can never be sure.

Install Tor 0.2.7.2-alpha recently released

Tor 0.2.7.2-alpha is the second alpha release in the Tor 0.2.7 series, and comes with a number of new features, including a way to manually pick the number of introduction points for hidden services, and the much stronger Ed25519 signing key algorithm for regular Tor relays (including support for encrypted offline identity keys in the new algorithm). Support for Ed25519 on relays is currently limited to signing router descriptors; later alphas in this series will extend Ed25519 key support to more parts of the Tor protocol.

IPFire 2.15 Core Update 86 released

IPFire is a hardened Linux appliance distribution designed for use as a firewall. It offers corporate-level network protection for anyone who needs it, from home users all the way up to large corporations, school networks and authorities. IPFire focusses on security, stability and ease of use. A variety of add-ons can be installed with a single click, to add more features to the base system. This latest release IPFire 2.15 Core Update 86 brings various security fixes across several packages, hence its recommended that you install this update as soon as possible and to execute a reboot afterwards.

HTML5 Security Cheatsheet

See what your browser does when you look away… Here you will find quite useful information on the following: [box type=”info” style=”rounded” icon=”info”]A collection of HTML5 related XSS attack vectors A set of useful files for XSS testing A set of formerly hidden features useful for XSS testing[/box] Source: [button link=”https://html5sec.org/” color=”primary” class=”sys_btn”]HTML5 Security Cheatsheet[/button]

Disable IE Enhanced Security Configuration on Windows Server 2012

This post is a quick guide to disabling the Enhanced Security Configuration setting in Internet Explorer. Note: for security purposes, its not advisable to disable this on a production environment. Steps: – Log onto your Windows Server 2012, click on server manager, then click on Local Server and you will notice on the right side of the screen ‘IE Enhanced Security Configuration‘ is on – On the Internet Explorer Enhanced Security Configuration screen, you will notice that both Administrators and Users are set to ON by default.