The Glider

A new freeware version of Netwitness' core product, NetWitness Investigator, was made available today. I was able to get access to it several days ago for a test run. It looks and feels much like Wireshark, but with a lot more capability. The only two issues I found with the tool is that the registration process (required) is a bit quirky but eventually works, and you'll see a noticible drop in computer performance while its running. But considering that this is a sniffer on steroids I suspect that a performance drop is to be expected. Here are notes from the NetWitness web site: Product Features: Captures raw packets live from most wired or wireless interfaces Imports packets from any open-source, home-grown and commercial packet capture system (e.g. .pcap file import) License supports 25 simultaneous 1GB captures - far exceeding data manipulation capabilities of packet tools like Wireshark Real-time, patented layer 7 analytics Effectively analyze data starting from application layer entities like users, email, address, files , and actions. Infinite, free-form analysis paths Content starting points Patented port agnostic service identification Extensive network and application layer filtering (e.g. MAC, IP, User, Keywords, Etc.) IPv6 support Full content search, with Regex support Exports data in .pcap format Bookmarking history tracking Integrated GeoIP for resolving IP addresses to city/county, supporting Google Earth visualization NEW! SSL Decryption (with server certificate) NEW! Interactive time charts, and summary view NEW! Interactive packet view and decode NEW! Hash PCAP on Export NEW! Enhanced content views Minimum system requirements: NetWitness recommends the following minimum hardware requirements for NetWitness Investigator: Windows XP, 2003 Server, or Vista 32-bit Single 2Ghz Intel-based processor(Dual-core recommended) 1GB RAM(2GB Recommended) 1 Ethernet Port Internet Explorer v7+ (IE v6.x may limit some functionality) Ample data storage for collected data Note: Linux infrastructure available in commercial versions The fully functional and licensed free version of NetWitness Investigator is at: http://download.netwitness.com. We are interested in your comments if you've downloaded and tried this software. Please let us know via our contact form. Marcus H. Sachs Director, SANS Internet Storm Center

At its annual MAX user conference, Adobe puts on the dog and serves up new tooling and other support for Flash. Adobe introduces Flex Builder “Gumbo,” Flash Catalyst – formerly known as “Thermo,” the availability of Adobe AIR 1.5 and a pre-release of the 64-bit Linux version of Adobe Flash Player 10. Adobe also opens up its cloud initiative, known as “Cocomo,” as a public beta.
- SAN FRANCISCO -- At its annual user conference, Adobe unveiled several advancements to its Flash platform, including new Flash offerings, new Flex tooling and the availability of a new version of Adobe AIR. quot;Our goal with Flash is to enable users to create rich, immersive applications, quo...

A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.

http://secunia.com/Advisories/32719/

NOTE: This RSS feed does not include information about updated Secunia advisories. You should note that Secunia on average issues more than 20 updated advisories per day, containing information about exploit and patch availability, new and in depth research, and all other details that are relevant. Learn more about receiving complete and customised Secunia advisory information:
http://secunia.com/advisories/business_solutions/

Digital Armaments October-November Hacking Challenge: Linux Local Kernel Exploit (5,000$)

Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

http://secunia.com/Advisories/32655/

NOTE: This RSS feed does not include information about updated Secunia advisories. You should note that Secunia on average issues more than 20 updated advisories per day, containing information about exploit and patch availability, new and in depth research, and all other details that are relevant. Learn more about receiving complete and customised Secunia advisory information:
http://secunia.com/advisories/business_solutions/

“With the news that Google’s Android shipped with an embarrassing security hole being followed by a simple two-step method to ‘jailbreak’ the OS, you’d think that the company had ironed out most of the remaining bugs – but you’d be wrong. According to ZDnet’s Ed Burnette, the open-source Linux-based smartphone platform…

CVEs: CVE: Not Available

Platform: Linux

“A remote buffer overflow vulnerability in the Linux Kernel could be exploited by attackers to execute code or cripple affected systems, according to a Gentoo bug report that just became public. The flaw could allow malicious hackers to launch arbitrary code with kernel-level privileges. This could lead to complete system compromise…

Wireshark® is the world's most popular network protocol analyzer. It has a rich and powerful feature set and runs on most computing platforms including Windows, OS X, Linux, and UNIX. Network professionals, security experts, developers, and educators around the world use it regularly. It is freely available as open source, and is released under the GNU General Public License version 2
See here full 1.0.4 release (...) - Security Tools / Data Sniffer, WireShark - Ethereal

denial of service/privilege escalation