Security-Protocols

Woke up this morning to see an update for iTunes which stated the following in the description field:

With iTunes 7.2, preview and purchase iTunes Plus music–new higher-quality, DRM-free music downloads from participating music lables.

The iTunes Plus music service will be offering songs for $1.29 which will include EMI’s digital music catalog that includes albums from Coldplay, Norah Jones, The Rolling Stones, Frank Sinatra, Joss Stone, Pink Floyd, John Coltrane and Paul McCartney.

Apple shares traded at 115.69 this morning, up 1.17% from Tuesday’s closing price of $114.35.

GFI has released the LANguard N.S.S. 8 security network scanner, and I decided to review it on Windows Vista. I have been using LANguard for many years now when I need to do a quick scan of a network to see what type of systems, open services and vulnerabilities.

GFI LANguard N.S.S. 8 currently scans for over 15,000 vulnerabilities. After the discovery phase of a scan, it will then give you a remediation to fix the flaws which are found on your network. LANguard N.S.S also gives you the capability to perform multi-platform scans including Windows, Mac OSX and Linux across all types of environments to analyze your network’s security from a single scan. This really helps to ensure that you are able to identify and remediate any potential threats before someone malicious does.

GFI LANguard Network Security Scanner (N.S.S.) is an award-winning solution that addresses the three pillars of vulnerability management: security scanning, patch management and network auditing through a single, integrated console. By scanning the entire network, it identifies all possible security issues and using its extensive reporting functionality provides you with the tools you need to detect, assess, report and remediate any threats.

One of the new features of LANguard N.S.S. 8 has the ability to create your own vulnerability checks quickly and very easily. I was able to create a new vulnerability check for a new Apache web server vuln within a few minutes. Some other great features of LANguard include patch management, network and software auditing, the ability to receive alerts of new vulnerabilities found, OS identification and very powerful reporting.

What I really like about LANguard is that the vulnerability checks are always up to date, the OS ident results are very accurate and the scans are very fast. So if you are in the market for an overall network security scanner, I suggest you check out GFI’s LANguard network security scanner 8.

My overall rating for LANguard N.S.S. 8 would be a 4 out of 5. Reason being is that the reporting was a bit hard to figure out at first, but once you got it its very easy to mashup any type of report.

You can download a free 30-day demo version for free by clicking the image below:

Google has bought US based internet security start-up firm GreenBorder, which specializes in using virtualization to create safe zones online. GreenBorder which is based in Mountain View, California where Google has its headquarters has posted the official message on its website that it has been acquired. GreenBorder has stated on their website that they are no longer taking new customers, but they will continue to support its existing customers.

GreenBorder basically creates virtual sandbox machines to do things like read email, browse websites and other various tasks can be done without exposing the actual system to viruses and malware. The virtual sandboxes are then deleted at the end of each session taking any potential spyware and or trojans with them.

In a white paper entitled The Ghost in the Browser, Google’s anti-malware security researchers looked at several billion websites. They researched around 12 million websites, within which they found 1 million of them engaging in drive-by downloads of malicious code.

So could this mean more security acquisitions in the future? I hope so, id like to see eEye Digital Security get bought for a decent price so my shares will actually be worth something.

Jeremy Hollander has released the first LLDP (Link Layer Discovery Protocol) fuzzer which includes ten test cases, a presentation and a paper describing the LLDP fuzzer. In addition, the fuzzing architecture makes it easy to extend the tool with your own test cases as new LLDP-compliant devices arise.

The Link Layer Discovery Protocol (LLDP) is a layer two protocol used by network devices to share information, such as their identity and capabilities, on a LAN.

Download the LLDP fuzzer [LLDPfuzzer.tar]
1. Edit lldpfuzzer.py, modify self_iface and self_mac
2. Edit the last line of lldpfuzzer.py to select which test case you wish to execute
3. chmod lldpfuzzer.py +x and run it
Download the paper [LLDPpaper.pdf]
Download the presentation [LLDPpresentation.ppt]

I am hoping the Google online security team takes a very close look at Blogspot.com were heaps of spammy keyword stuffed doorway pages, affiliate spam and malware pages live.

Online security is an important topic for Google, our users, and anyone who uses the Internet. The related issues are complex and dynamic and we’ve been looking for a way to foster discussion on the topic and keep users informed. Thus, we’ve started this blog where we hope to periodically provide updates on recent trends, interesting findings, and efforts related to online security. Among the issues we’ll tackle is malware, which is the subject of our inaugural post.

http://googleonlinesecurity.blogspot.com/