« September 2007 | Main | March 2007 »
Thursday, April 12, 2007
This is what i release all my code under.
This is the copyright and lic file include with all my code, if it a script this appears at the top, if it compiled, is is displayed in the help screen for the app, all binary code is distrubuted as such, unless otherwise noted, it will and does not include the source:
ll of the documentation and software included in the 4.4BSD and 4.4BSD-Lite
Releases is copyrighted by The Regents of the University of California.
Copyright 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software
must display the following acknowledgement:
This product includes software developed by the University of
California, Berkeley and its contributors.
4. Neither the name of the University nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
SNX Admin system
This is a tool that i have been working on to admin and control multiple snort sensors on a network or multiple networks. This one uses perl to read in file streams and look for potential app bugs. Here is a sample
---------------
my $fln;
foreach $fln (@toproc){
print "Processing ".$fln. "\n\n";
open ("FH", "zcat ".$fln."|") or die "cannot open!!!\n";
while (my $x=<FH>) {
if (($x =~ /xxx.xxxx.xxx.xxx/) || ($x =~ /<string>/) || ($x =~ /<string>/) || ($x =~ /<string>/)){print $x;}
}
close(FH)
}
print "\nDONE\n";
}
Hacking the Cisco NAC - NACATTACK
Hacking the Cisco NAC - NACATTACKAt Black Hat Europe we met Dror-John Roecher and Michael Thumann who were able to hack the Cisco NAC solution by exploiting a fundamental design flaw (PDF). In this video they illustrate how they work...
Agencies' cybersecurity grades rise slightly
Long way from what i remeber when i was with the GSA Agencies' cybersecurity grades rise slightly
The government’s overall information technology security grade rose only slightly according to the latest House Oversight and Government Reform Committee’s score card, released today. But score cards ignore the fact that the overall cyber posture of agencies is so much better than it was a year ago, let alone four years ago, when most departments received failing grades, said an administration official and a key member of Congress.
Rep. Tom Davis (R-Va.), ranking member of the committee, said agencies continue to make slow and steady progress across the board to reach a total score of C-, or 72.9 out of 100.
Eight agencies received grades of A and eight others received failing grades for their cybersecurity position in 2006, the committee said. Four agencies earned a B and two earned a C. The Veterans Affairs Department did not receive a grade because it did not submit a Federal Information Security Management Act report last year, the committee said.
“For those agencies that received an F, they are good, solid F’s,” said Karen Evans, the Office of Management and Budget’s administrator for e-government and information technology...
Sunday, April 08, 2007
Reprinting BSD History William and Lynne Jolitz i...
Another Good link from TaoSecurity
Reprinting BSD History William and Lynne Jolitz i...
Reprinting BSD History
William and Lynne Jolitz issued a press release announcing the reprinting of their 1991-1992 series of articles Porting UNIX to the 386. From the press release: "The series covered all aspects of the project, from its inception in mid-1989 as a personal project done under the auspices of the University of California at Berkeley to its first complete operational open source release on March 17th, 1992 of 386BSD Release 0.0 -- 386BSD releases are officially 14 years old today [17 March]."
>
>Anyone interested in Unix and BSD history will like these articles. Thus far two are online, with more to come.
Flaw Fixed in Unix-like Systems (From EWeek-Security)
Flaw Fixed in Unix-like SystemsA file integer underflow vulnerability could be exploited to trigger buffer overflow in unpatched Unix-like systems.
