Wireshark World’s Most Popular Network Protocol Analyzer is Now on Ver. 1.4.9 & 1.6.2

Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education.

This is the official change log for Wireshark:-

• wnpa-sec-2011-12A large loop in the OpenSafety dissector could cause a crash. (Bug 6138)
• Versions affected: 1.6.0 to 1.6.1.
• wnpa-sec-2011-13A malformed IKE packet could consume excessive resources.
• Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1.
• CVE-2011-3266
• wnpa-sec-2011-14A malformed capture file could result in an invalid root tvbuff and cause a crash. (Bug 6135)
• Versions affected: 1.6.0 to 1.6.1.
• wnpa-sec-2011-15Wireshark could run arbitrary Lua scripts. (Bug 6136)
• Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1.
• wnpa-sec-2011-16The CSN.1 dissector could crash. (Bug 6139)
• Versions affected: 1.6.0 to 1.6.1.

The following bugs have been fixed:-

• configure ignores (partially) LDFLAGS. (Bug 5607)
• Build fails when it tries to #include <getopt.h>, not present in Solaris 9. (Bug 5608)
• Unable to configure zero length SNMP Engine ID. (Bug 5731)
• BACnet who-is request device range values are not decoded correctly in the packet details window. (Bug 5769)
• H.323 RAS packets missing from packet counts in “Telephony->VoIP Calls” and the “Flow Graph” for the call. (Bug 5848)
• Wireshark crashes if sercosiii module isn’t installed. (Bug 6006)
• Editcap could create invalid pcap files when converting from JPEG. (Bug 6010)
• Timestamp is incorrectly decoded for ICMP Timestamp Response packets from MS Windows. (Bug 6114)
• Malformed Packet in decode for BGP-AD update. (Bug 6122)
• Wrong display of CSN_BIT in CSN.1. (Bug 6151)
• Fix CSN_RECURSIVE_TARRAY last bit error in packet-csn1.c. (Bug 6166)
• Wireshark cannot display Reachable time & Retrans timer in IPv6 RA messages. (Bug 6168)
• ReadPropertyMultiple-ACK not correctly dissected. (Bug 6178)
• GTPv2 dissectors should treat gtpv2_ccrsi as optional. (Bug 6183)
• BGP : AS_PATH attribute was decode wrong. (Bug 6188)
• Fixes for SCPS TCP option. (Bug 6194)
• Offset calculated incorrectly for sFlow extended data. (Bug 6219)
• [Enter] key behavior varies when manually typing display filters. (Bug 6228)
• Contents of pcapng EnhancedPacketBlocks with comments aren’t displayed. (Bug 6229)
• Misdecoding 3G Neighbour Cell Information Element in SI2quater message due to a coding typo. (Bug 6237)
• Mis-spelled word “unknown” in assorted files. (Bug 6244)
• tshark run with -Tpdml makes a seg fault. (Bug 6245)
• btl2cap extended window shows wrong bit. (Bug 6257)
• NDMP dissector incorrectly represents “ndmp.bytes_left_to_read” as signed. (Bug 6262)
• TShark/dumpcap skips capture duration flag occasionally. (Bug 6280)
• File types with no snaplen written out with a zero snaplen in pcap-ng files. (Bug 6289)
• Wireshark improperly parsing 802.11 Beacon Country Information tag. (Bug 6264)
• ERF records with extension headers not written out correctly to pcap or pcap-ng files. (Bug 6265)
• RTPS2: MAX_BITMAP_SIZE is defined incorrectly. (Bug 6276)
• Copying from RTP stream analysis copies 1st line many times. (Bug 6279)
• Wrong display of CSN_BIT under CSN_UNION. (Bug 6287)
• MEGACO context tracking fix – context id reuse. (Bug 6311)

Updated Protocol Support:-
BACapp, Bluetooth L2CAP, CSN.1, DCERPC, GSM A RR, GTPv2, ICMP, ICMPv6, IKE, MEGACO, MSISDN, NDMP, OpenSafety, RTPS2, sFlow, SNMP, TCP

New and Updated Capture File Support:-
CommView, pcap-ng, JPEG.


TO download Wireshark click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Wireshark World’s Most Popular Network Protocol Analyzer is Now on Ver. 1.4.9 & 1.6.2"https://www.voiceofgreyhat.com/2011/09/wireshark-worlds-most-popular-network.html</a>

Wireshark (Network Protocol Analyzer) 1.6.6 Released

Wireshark (Network Protocol Analyzer) 1.6.6 Released 

Again we have 2 updated version of Wireshark (Wireshark 1.4.12 & 1.6.6) - It is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education. Wireshark is widely used by system admins and also cyber criminals as because Wireshark has the capability to sniffing packets. Earlier we have discussed several times about Wireshark. The current stable release of Wireshark is 1.6.6. It supersedes all previous releases, including all releases of Ethereal. For a complete list of system requirements and supported platforms, please consult the User's Guide. Information about each release can be found in the release notes.

Official change log for Wireshark 1.6.6:-
Bug Fixes:-
The following vulnerabilities have been fixed:-

• wnpa-sec-2012-04: The ANSI A dissector could dereference a NULL pointer and crash. (Bug 6823)

• Versions affected: 1.4.0 to 1.4.11, 1.6.0 to 1.6.5.

• wnpa-sec-2012-05: The IEEE 802.11 dissector could go into an infinite loop. (Bug 6809)

• Versions affected: 1.6.0 to 1.6.5.

• wnpa-sec-2012-06: The pcap and pcap-ng file parsers could crash trying to read ERF data. (Bug 6804)

• Versions affected: 1.4.0 to 1.4.11, 1.6.0 to 1.6.5.

• wnpa-sec-2012-07: The MP2T dissector could try to allocate too much memory and crash. (Bug 6804)

• Versions affected: 1.4.0 to 1.4.11, 1.6.0 to 1.6.5.

• The Windows installers now include GnuTLS 1.12.18, which fixes several vulnerabilities.

The following bugs have been fixed:-

• ISO SSAP: ActivityStart: Invalid decoding the activity parameter as a BER Integer. (Bug 2873)

• Forward slashes in URI need to be converted to backslashes if WIN32. (Bug 5237)

• Character echo pauses in Capture Filter field in Capture Options. (Bug 5356)

• Some PGM options are not parsed correctly. (Bug 5687)

• dumpcap crashes when capturing from pipe to a pcap-ng file (e.g., when passing data from CACE Pilot to Wireshark). (Bug 5939)

• Unable to rearrange columns in preferences on Windows. (Bug 6077) (Note: this bug still affects the 64-bit package)

• No error for UDP/IPv6 packet with zero checksum. (Bug 6232)

• Wireshark installer doesn’t add access_bpf in 10.5.8. (Bug 6526)

• Corrupted Diameter dictionary file that crashes Wireshark. (Bug 6664)

• packetBB dissector bug: More than 1000000 items in the tree — possible infinite loop. (Bug 6687)

• ZEP dissector: Timestamp not always displayed correctly. Fractional seconds never displayed. (Bug 6703)

• GOOSE Messages don’t use the length field to perform the dissection. (Bug 6734)

• Ethernet traces in K12 text format sometimes give bogus “malformed frame” errors and other problems. (Bug 6735)

• max_ul_ext isn’t printed/decoded to the packet details log in GTP protocol packet. (Bug 6761)

• non-IPP packets to or from port 631 are dissected as IPP. (Bug 6765)

• lua proto registration fails for uppercase proto / g_ascii_strdown problem. (Bug 6766)

• no menu item Fle->Export->SSL Session Keys in GTK. (Bug 6813)

• IAX2 dissector reads past end of packet for unknown IEs. (Bug 6815)

• TShark 1.6.5 immediately crashes on SSL decryption (every time). (Bug 6817)

• USB: unknown GET DESCRIPTOR response triggers assert failure. (Bug 6826)

• IEEE1588 PTPv2 over IPv6. (Bug 6836)

• Patch to fix DTLS decryption. (Bug 6847)

• Expression… dialog crash. (Bug 6891)

• display filter “gtp.msisdn” not working. (Bug 6947)

• Multiprotocol Label Switching Echo – Return Code: Reserved (5). (Bug 6951)

• ISAKMP : VendorID CheckPoint : Malformed Packet. (Bug 6972)

• Adding a Custom HTTP Header Field with a trailing colon causes wireshark to immediately crash (and crash upon restart). (Bug 6982)

• Radiotap dissector lists a bogus “DBM TX Attenuation” bit. (Bug 7000)

• MySQL dissector assertion. (Ask 8649)

• Radiotap header format data rate alignment issues. (Ask 8649)

Updated Protocol Support:-
ANSI A, BSSGP, DIAMETER, DTLS, GOOSE, GSM Management, GTP, HTTP, IAX2, IEEE 802.11, IPP, ISAKMP, ISO SSAP, MP2T, MPLS, MySQL, NTP, PacketBB, PGM, Radiotap, SSL, TCP, UDP, USB, WSP

New and Updated Capture File Support:-
Endace ERF, Pcap-NG, Tektronix K12

To Download Wireshark Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Wireshark (Network Protocol Analyzer) 1.6.6 Released"https://www.voiceofgreyhat.com/2012/03/wireshark-network-protocol-analyzer-166.html</a>

Wireshark 1.4.10 & Wireshark 1.6.3 Released

Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education.

Updated Protocol Support:-
AJP13, ASN.1 PER, BACnet, CSN.1, DTN, Ethernet, ICMPv6, IEEE 802.11, IEEE 802.1q, Infiniband, IPsec, MySQL, PCEP, PN-RT, RTP, S1AP, SSL

New Capture File Support Included:-
Endace ERF. 

Bug Fixed:-

• Assertion failed when doing File->Quit->Save during live capture. (Bug 1710)

• Wrong PCEP XRO sub-object decoding. (Bug 3778)

• Wireshark window takes very long time to show up if invalid network file path is at recent file list (Bug 3810)

• Decoding [Status Records] Timestamp Sequence Field in Bundle Protocol fails if over 32 bits. (Bug 4109)

• ISUP party number dissection. (Bug 5221)

• wireshark-1.4.2 crashes when testing the example python dissector because of a dissector count assertion. (Bug 5431)

• Ethernet packets with both VLAN tag and LLC header no longer displayed correctly. (Bug 5645)

• SLL encapsuled 802.1Q VLAN is not dissected. (Bug 5680)

• Wireshark crashes when attempting to open a file via drag & drop when there’s already a file open. (Bug 5987)

• Adding and removing custom HTTP headers requires a restart. (Bug 6241)

• Can’t read full 64-bit SNMP values. (Bug 6295)

• Dissection fails for frames with Gigamon Header and VLAN. (Bug 6305)

• RTP Stream Analysis does not work for TURN-encapsulated RTP. (Bug 6322)

• packet-csn1.c doesn’t process CSN_CHOICE entries properly. (Bug 6328)

• BACnet property time-synchronization-interval (204) name shown incorrectly as time-synchronization-recipients. (Bug 6336)

• GUI crash on invalid IEEE 802.11 GAS frame. (Bug 6345)

• [ASN.1 PER] Incorrect decoding of BIT STRING type. (Bug 6347)

• ICMPv6 router advertisement Prefix Information Flag R “Router Address” missing. (Bug 6350)

• Export -> Object -> HTTP -> save all: Error on saving files. (Bug 6362)

• Inner tag of 802.1ad frames not parsed properly. (Bug 6366)

• Added cursor type decoding to MySQL dissector. (Bug 6396)

• Incorrect identification of UDP-encapsulated NAT-keepalive packets. (Bug 6414)

• WPA IE pairwise cipher suite dissector uses incorrect value_string list. (Bug 6420)

• S1AP protocol can’t decode IPv6 transportLayerAddress. (Bug 6435)

• RTPS2 dissector doesn’t handle 0 in the octestToNextHeader field. (Bug 6449)

• packet-ajp13 fix, cleanup, and enhancement. (Bug 6452)

• Network Instruments Observer file format bugs. (Bug 6453)

• Wireshark crashes when using “Open Recent” 2 times in a row. (Bug 6457)

• Wireshark packet_gsm-sms, display bug: Filler bits in TP-User Data Header. (Bug 6469)

• wireshark unable to decode NetFlow options which have system scope size != 4 bytes. (Bug 6471)

• Display filter Expression Dialog Box Error. (Bug 6472)

• text_import_scanner.l missing. (Bug 6531)

To Download Wireshark click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Wireshark 1.4.10 & Wireshark 1.6.3 Released"https://www.voiceofgreyhat.com/2011/11/wireshark-1410-wireshark-163-released.html</a>

Wireshark Ver 1.4.11 & 1.6.5 Released (Fixed Many Security Holes)

Earlier we have several times talked about Wireshark. It is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education. Wireshark is widely used by system admins and also cyber criminals as because Wireshark has the capability to sniffing packets.

Official Change Log:-

Bug Fixes:-

• wnpa-sec-2012-01: Laurent Butti discovered that Wireshark failed to properly check record sizes for many packet capture file formats. (Bug 6663, bug 6666, bug 6667, bug 6668, bug 6669, bug 6670)
• wnpa-sec-2012-02: Wireshark could dereference a NULL pointer and crash. (Bug 6634)
• wnpa-sec-2012-03: The RLC dissector could overflow a buffer. (Bug 6391)
• “Closing File!” Dialog Hangs. (Bug 3046)
• Sub-fields of data field should appear in exported PDML as children of the data field instead of as siblings to it. (Bug 3809)
• Incorrect time differences displayed with time reference set. (Bug 5580)
• Wrong packet type association of SNMP trap after TFTP transfer. (Bug 5727)
• SSL/TLS decryption needs wireshark to be rebooted. (Bug 6032)
• Export HTTP Objects -> save all crashes Wireshark. (Bug 6250)
• Wireshark Netflow dissector complains there is no template found though the template is exported. (Bug 6325)
• DCERPC EPM tower UUID must be interpreted always as little endian. (Bug 6368)
• Crash if no recent files. (Bug 6549)
• IPv6 frame containing routing header with 0 segments left calculates wrong UDP checksum. (Bug 6560)
• IPv4 UDP/TCP Checksum incorrect if routing header present. (Bug 6561)
• Incorrect Parsing of SCPS Capabilities Option introduced in response to bug 6194. (Bug 6562)
• Various crashes after loading NetMon2.x capture file. (Bug 6578)
• Fixed compilation of dumpcap on some systems (when MUST_DO_SELECT is defined). (Bug 6614)
• SIGSEGV in SVN 40046. (Bug 6634)
• Wireshark dissects TCP option 25 as an “April 1″ option. (Bug 6643)
• ZigBee ZCL Dissector reports invalid status. (Bug 6649)
• ICMPv6 DNSSL option malformed on padding. (Bug 6660)
• Wrong tvb_get_bits function call in packet-csn1.c. (Bug 6708)
• [UDP] – Length Field of Pseudo Header while computing CheckSum is not correct. (Bug 6711)
• pcapio.c: bug in libpcap_write_interface_description_block. (Bug 6719)
• Memory leaks in various dissectors.
• Bytes highlighted in wrong Byte pane when field selected in Details pane.

Updated Protocol Support:-
BGP, BMC CSN1, DCERPC EPM, DCP(ETSI) DMP DTLS GSM Management, H245 HPTEAM, ICMPv6, IEEE 802.15.4 IPSEC IPv4, IPv6, ISAKMP KERBEROS LDSS NFS RLC, RPC-NETLOGON RRC RTMPT SIGCOMP SSL SYSLOG TCP, UDP, XML ZigBee ZCL

New and Updated Capture File Support:-
Accellent 5Views, AIX iptrace, HP-UX nettl, I4B, Microsoft Network Monitor, Novell LANalyzer, PacketLogger, Pcap-ng, Sniffer, Tektronix K12, WildPackets {Airo,Ether}Peek.

To Download Wireshark Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Wireshark Ver 1.4.11 & 1.6.5 Released (Fixed Many Security Holes)"https://www.voiceofgreyhat.com/2012/01/wireshark-ver-1411-165-released-fixed.html</a>

Reaver 1.4- Wifi Protected Setup (WPS) Brute Forcer Released

Reaver 1.4- Wifi Protected Setup (WPS) Brute Forcer Released  

Earlier we have discussed about a tool named Reaver. An Austrian information security student and researcher Stefan Viehböck released details of a vulnerability in the WiFi Protected Setup (WPS) standard that enables attackers to recover the router PIN, a security firm has published an open-source tool capable of exploiting the vulnerability. The tool, known as Reaver, has the ability to find the WPS PIN on a given router and then recover the WPA passphrase for the router, as well. Now we have the next version Reaver 1.4. 

List Of Changes In Reaver 1.4:-

1. Updated reaver and wash usage, reverted last wash update (unecessary).
2. Wash now processes data even if received on the wrong channel.
3. Added BSSID to session restore prompt.
4. Fixed wash pcap parsing bug.
5. Updated exchange.c to timeout properly if –no-nacks is specified.
6. Added –no-nacks option for APs that repeatedly send multiple WPS response packets.
7. Added –exec option to run a specified command upon successful completion.
8. Fixed –session bug.
9. Added RSSI output to wash.
10. Fixed makefile bug.
11. Fixed bug in pins.c introduced in r95. Pins no longer randomized.
12. Added sanity checks for out of order packets to message processing in exchange.c
13. Fixed null pointer reference bug.
14. Reverted association supported and extended rates to original values.
15. Re-work of the message processing functions, primarily in exchange.c
16. Added -p option to mkdir in makefile.
17. Added sanity checks to ensure that WPS messages are sent in the proper order.
18. Fixed arg parsing bug.
19. Updated Makefile, changed ‘walsh’ to ‘wash’. Added wash documentation.
20. Fixed bug in auto-detection of WSC_NACK support.
21. Fixed channel hopping bug. Now WSC_NACKs are always sent to ensure WPS session termination.
22. Supported rates in association packets now reflect the supported rates in the AP’s beacon packets. AP beacons are now always parsed prior to reassociation to ensure we are still on the right channel.
23. Fixed database permissions bug in Reaver Makefile
24. Fixed walsh channel bug. Added sanity checks in exchange.c before setting progress status to KEY2_DONE.
25. Fixed overflow in parse_beacon_tags.
26. Fixed logic bug where SEND_M2D status was interpreted as a RECV_DONE status.
27. Fixed memory leaks.
28. Fixed bug in generating proper WPS messages (resulted in false negatives). Added verbose message status output.
29. wpsmon char c => int c.
30. Documentation updates.
31. Fixed Makefile bug.
32. Fixed session saved output bug.
33. Updated session.c to always print restore session prompt to stderr.
34. Updated Makefile, configure script and #defines to ensure that –prefix is honored.
35. Fixed makefile not properly installing to specified prefix.
36. Removed dev debug flag
37. Enabled debug output for troubleshooting issues; don’t use unless you want lots of debug output (this will be made a command line option in the near future…)
38. Updated walsh WPS lock status display. Fixed file permission bug in Makefile. Removed old code in libwps/.
39. Updated walsh to display more useful info. Removed adaptive delay feature.
40. Added adaptive lockout sleep times, added -ldl to LDFLAGS

For Additional Information & To Download Reaver Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Reaver 1.4- Wifi Protected Setup (WPS) Brute Forcer Released"https://www.voiceofgreyhat.com/2012/01/reaver-14-wifi-protected-setup-wps.html</a>

PayPal Announced Paid “Bug Bounty” Program for Security Researchers

PayPal Announced  Paid “Bug Bounty” Program for Security Researchers

Giant in payment services provider PayPal recently announced the launch of a new paid bug bounty program where PayPal will reward security researchers who will discover vulnerabilities in its website with handsome amount of money. In the official blog PayPal's Chief Information Security Officer Michael Barrett said- "The security of our customers’ data is our number one priority" Its very obvious and clear that while enhancing more security PayPal took this step because we all know that PayPal is listed among those sites where cyber-criminals always kept their eyes. 

If you are a security researcher, and you've discovered a site or product vulnerability, please forward your details to sitesecurity@paypal.com. We also like to give you reminder that before PayPal- Facebook, Google & many other has already started this paid bug bounty program.

-:PayPal Bug Bounty Program In Details:-

• PayPal security team will determine the bounty amount and all decisions are final. 

• Bounty is awarded to the first person that discovers the previously unknown bug.

• The bug bounty program is subject to change or to cancellation at any point without notice.

• Bug bounty is valid for the following site: www.paypal.com.

• Payment is paid out through a verified PayPal account, once the bug is fixed.

• For all submissions, do not send personal information in your report and please use PayPal's PGP key to encrypt your email.

• Individuals from sanctioned countries are not allowed to participate in this program.

• eBay Inc. employees, contractors and their immediate relatives are not allowed to participate in the program.

Vulnerabilities That Are in Scope:

• XSS
• CSRF/XSRF
• SQLi
• Authentication bypass

Note: While "Logout CSRF" is a well-acknowledged issue, there are other techniques  like "cookie forcing" and "cookie bombardment" that can make it futile to defend against this attack. Also, PayPal's web sessions are relatively short lived and hence the Bug Bounty panel will not consider reports of the ability to log out users from PayPal as qualifying for the reward.

In Your Bug Submission Email, Please Include The Following:

• Your email address
• Your PayPal account (in order to receive the bounty)
• Vulnerability type (i.e., XSS, CSRF, SQLi, etc.)
• Vulnerability Scope: Domain(s), URL(s) and Parameter(s) impacted
• Steps to reproduce bug

Guidelines for Responsible Disclosure

• Share the security issue with us before making it public on message boards, mailing lists, and other forums.
• Allow us reasonable time to respond to the issue before disclosing it publicly.
• Provide full details of the security issue.

Terms for Participation :- As between eBay Inc. and the Submitter, as a condition of participation in the PayPal Bug Bounty program, the Submitter grants eBay Inc., its affiliates and customers a perpetual, irrevocable, worldwide, royalty-free and non-exclusive license to use, reproduce, adapt, modify, publish, distribute, publicly perform, create derivative work from, make, use, sell, offer for sale and import the Submission for any purpose. Submitter represents and warrants that the Submission is original to the Submitter and Submitter owns all rights, title and interest in and to the Submission. Submitter waives all other claims of any nature, including express contract, implied-in-fact contract, or quasi-contract, arising out of any disclosure of the Submission to eBay. In no event shall eBay be precluded from discussing, reviewing, developing for itself, having developed, or developing for third parties, materials which are competitive with those set forth in the Submission irrespective of their similarity to the information in the Proposal, so long as eBay complies with the terms of participation stated herein. 

For additional information click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">PayPal Announced Paid “Bug Bounty” Program for Security Researchers"https://www.voiceofgreyhat.com/2012/06/paypal-announced-paid-bug-bounty.html</a>

Sabayon Linux 7 Released

Sabayon Linux 7 arrives with experimental Fusion kernel. In Sabayon 7 you will have shining at full bright, for your home computer, your laptop and your home servers.
Linux 3.0, GNOME 3.2, KDE 4.7, Xfce 4.8, LibreOffice 3.4 are just some of the things you will find inside the box. During this cycle, the development team spent a lot of time on integrating GNOME 3.2 the way users might actually start to love it. At the same time, Sabayon Xfce has been promoted to non-experimental release, for those missing GNOME2.

Features:-

• Ultra-optimized Linux Kernel 3.0 (Experimental Fusion Kernel available after install)

• Providing extra Server-optimized, OpenVZ-enabled, Vserver-enabled kernels in repositories

• Natively supporting the btrfs filesystem (besides ext4, aufs, and others)

• Transform Sabayon into an full-featured HTPC Operating System (Media Center) using XBMC 10.0

• GNOME 3.2.0 Visual Environment

• KDE 4.7 Desktop Environment

• Improved Xfce 4.8 out-of-the-box experience (for those missing GNOME2)

• Improved LibreOffice integration, updated to 3.4.3.2

• Entropy Framework (Package Manager, Web Services) updated to 1.0_rc59, containing tons of improvements

• Improved support for IME and non-roman fonts

• Improved support for non-latin languages

• Semi-automated package updates, for more extreme rolling

• 4000 application updates since Sabayon 6 (yay for rolling release model)

Important Fixes:-

• Make possible to boot Sabayon off USB via dd (bug 2685)

• Disable GNOME Shell when fglrx is in use due to broken drivers (patch)

• Clickpad Touchpad fixes (bug 2517)

• Failsafe mode not showing login prompt (bug 2539)

• Fbsplash framebuffer 1280x800 size fixes (bug 2542)

• Properly set CONSOLEFONT variable (bug 2582)

• Switch to man-db (bug 2583)

• KDE: replace Clementine with Amarok (bug 2662)

• KDE: Improve/fix file associations (bug 2464)

• KDE: provide proxy settings menu (bug 2538)

• Installer: make possible to enable/disable firewall

• Installer: write proper keyboard layout for Russian (bug 2580)

• Installer: set proper console font for Russian (bug 2582)

• Installer: move language packs options to Language wizard page (bug 2518)

To download Sabayon Linux 7 Click Here

-News Source (Sabayon Linux)

 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Sabayon Linux 7 Released"https://www.voiceofgreyhat.com/2011/10/sabayon-linux-7-released.html</a>

Oracle Released Java 7 update 10 With Security Enhancements & Bug Fixes

Oracle Released Java 7 update 10 With Security Enhancements & Bug Fixes 

This is the third time in a year when Oracle has updated the standard edition of Java platform. This release includes new security controls in addition to a bug fix and updated timezone data. This latest update also contains a number of security enhancements and is now certified for Mac OS X 10.8 and Windows 8. The security enhancements include the ability to disable any Java application from running in the browser and the ability to set a desired level of security for unsigned applets, Java Web Start applications, and embedded JavaFX applications. While keeping in mind the last security issues with Java, in the press release of this Java update Oracle said "if the JRE is deemed expired or insecure, additional security warnings are displayed. In most of these dialogs, the user has the option to block running the app, to continue running the app, or to go to java.com to download the latest release."

Security Feature Enhancements

The JDK 7u10 release includes the following enhancements:

• The ability to disable any Java application from running in the browser. This mode can be set in the Java Control Panel or (on Microsoft Windows platform only) using a command-line install argument.
• The ability to select the desired level of security for unsigned applets, Java Web Start applications, and embedded JavaFX applications that run in a browser. Four levels of security are supported. This feature can be set in the Java Control Panel or (on Microsoft Windows platform only) using a command-line install argument.
• New dialogs to warn you when the JRE is insecure (either expired or below the security baseline) and needs to be updated.

For more information, see Setting the Level of Security for the Java Client and Java Control Panel.

Bug Fixes

Notable Bug Fixes in JDK 7u10

The following are some of the notable bug fixes included in JDK 7u10.

Area: java command

Description: Wildcard expansion for single entry classpath does not work on Windows platforms.

The Java command and Setting the classpath documents describe how the wildcard character (*) can be used in a classpath element to expand into a list of the .jar files in the associated directory, separated by the classpath separator (;).

This wildcard expansion does not work in a Windows command shell for a single element classpath due to the Microsoft bug described in Wildcard Handling is Broken.

See 7146424.

For a list of other bug fixes included in this release, see JDK 7u10 Bug Fixes page. 

The updated Java Development Kit and Java Runtime Environment are available to download from the Oracle site. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Oracle Released Java 7 update 10 With Security Enhancements & Bug Fixes"https://www.voiceofgreyhat.com/2012/12/Oracle-Released-Java7-update-10.html</a>

Facebook Launches Security Bug Bounty

Facebook is set to announce today a bug bounty program in which researchers will be paid for reporting security holes on the popular social-networking Web site.

Compensation, which starts at $500 and has no maximum set, will be paid only to researchers who follow Facebook's Responsible Disclosure Policy and agree not to go public with the vulnerability information until Facebook has fixed the problem.

Facebook Chief Security Officer Joe Sullivan told that "Typically, it's no longer than a day" to fix a bug,

Facebook's Whitehat page for security researchers says: 

"If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you."

The compensation program is a good way to provide an incentive and show appreciation to the research community for helping keep Facebook safe for users, according to the company's security team. Up until now, researchers received recognition on the Facebook Whitehat page, maybe some "swag," and--if they were lucky--a job.

"Some of our best engineers have come to work here after pointing out security bugs on our site," like Ryan McGeehan, manager of Facebook's security response team, said Alex Rice, product security lead at Facebook. (Facebook also recently hired famed iPhone jailbreaker and Sony PlayStation 3 hacker George Hotz, who works on security issues.)

Meanwhile, Facebook is allowing security researchers a way to create test accounts on Facebook to ensure they don't violate terms of use or impact other Facebook users, Rice and McGeehan said.

Facebook is following in the steps of Mozilla, which launched its bug bounty program in 2004, and Google, which offers a bug bounty program with payments ranging from $500 to more than $3,000 for finding Web security holes, as well as a program specifically for Chrome bugs.

Microsoft has offered bounties of $250,000 for information leading to the arrest of virus writers, but does not pay researchers who find bugs in its software. However, other companies do, like TippingPoint's Zero Day Initiative.

Researchers typically are paid more for finding bugs in desktop software, which can take much longer to fix and to update software on computers than bugs in Web-based software, which can be fixed much more quickly.

According To FACEBOOK:- 

Eligibility

To qualify for a bounty, you must:

• Adhere to our Responsible Disclosure Policy:
  

  ... give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research ...
• Be the first person to responsibly disclose the bug
• Report a bug that could compromise the integrity or privacy of Facebook user data, such as:
  

  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF/XSRF)
  • Remote Code Injection
• Reside in a country not under any current U.S. Sanctions (e.g., North Korea, Libya, Cuba, etc.)

Our security team will assess each bug to determine if qualifies.

Rewards

• A typical bounty is $500 USD
• We may increase the reward for specific bugs
• Only 1 bounty per security bug will be awarded

Exclusions

The following bugs aren't eligible for a bounty (and we don't recommend testing for these):

• Security bugs in third-party applications (e.g., http://apps.facebook.com/[app_name])
• Security bugs in third-party websites that integrate with Facebook
• Security bugs in Facebook's corporate infrastructure
• Denial of Service Vulnerabilities
• Spam or Social Engineering techniques

                                                                                                                                                                     -News Sourec (FACEBOOK & Cnet)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Facebook Launches Security Bug Bounty"https://www.voiceofgreyhat.com/2011/07/facebook-launches-security-bug-bounty.html</a>

Metasploit declared $5,000.00, in 5 weeks for exploits Bug Bounty program

If you've got a way to crack Google Chrome, the Metasploit team wants to pay you for it. Today Rapid 7 announced that it has a total of $5000 in cash to reward to contributors who send in exploits for its Top 5 or Top 25 vulnerability lists. The exploits have to be submitted, and accepted, as modules under its standard Metasploit Framework license. 

Cash for bugs is a controversial but common way for security firms to encourage hackers to send exploits to the white hats. As far as Bug Bounty programs go, Metasploit's program is meager. But for an open source program that relies on contributions sent in for free, it's an interesting experiment. The program will end quickly, lasting only five weeks (July 20). One fun thing that the team is doing is letting people stake a claim to their exploit of choice from their Top 5 (prize is $500) or Top 25 (prize is $100) lists. After claiming an exploit, hackers get a week to submit their Metasploit module for their chosen bug. The prize money will "only be paid out to the first module contributor for a given vulnerability," the Metasploit team says.

And guess what? Denial of Service exploits won't qualify. Metasploit wants your bug to be able to do more than that. It should also bypass ASLR/DEP when applicable and be geared toward English-based targets. Metasploit wants hackers to follow its hacking guidelines and they cannot be residents of a US embargoed country.

All accepted submissions will not only win a bit of cash but their submissions will be made available to other Metasploit users, again under the Metasploit Framework license (3-clause BSD).

As I look at the list of 30 possible exploits while writing this blog post, I see that only two have been claimed so far. CVE/ZDI 2011-1218, Lotus Notes - Autonomy Keyview(.zip attachment), and an exploit not listed in the CVE database, known as " DATAC RealWin On_FC_CONNECT_FCS_LOGIN packet containing a long username." So plenty of room for participants remains.

The cash-for-bugs program is interesting, but the list of vulnerabilities for which Metasploit is seeking help is even more so.

The Top 5 are for specific holes in ...

1. Google Chrome (before 11.0.696.71)
2. Lotus Note
3. IBM Tivoli Directory Server
4. DNS
5. GDI

In the Top 25, the entries on the list that caught my eye include holes in JScript, VBScript Scripting Engines, JBOS, Oracle VM and Citrix, among others. (Yes, browsers are in there, too, including Firefox, Chrome and Opera).

Of course, if you do have a killer bug, particularly for some of the browsers like Firefox or Chrome you can perhaps earn more than $100 for it. Mozilla's Bug Bounty program pays up to $3000 cash reward and you get a Mozilla T-shirt. For web applications or services related security bugs, Mozilla pays from $500 to $3,000. In January, Google plunked out what was then a record reward, $3,133, to a hacker for reporting a flaw Chrome. (Google raised its bug bounty fee about a year ago, from $1,337 after Mozilla bumped up its reward rate to $3,000).

TippingPoint, known as one of the founders of the bug bounty concept, not only pays cash (as much as $5,000 for your zero-day), but it also awards bonus points in a scheme more complicated than an airline mileage rewards program. Participants earn points for referring others into the program, for each zero-day they submit and so on. These points gain you bonuses for your hacks, and other goodies like all-expense-paid trips to hacker conferences like Black Hat.

Who knew hacking could be so rewarding?

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Metasploit declared $5,000.00, in 5 weeks for exploits Bug Bounty program"https://www.voiceofgreyhat.com/2011/06/metasploit-declared-500000-in-5-weeks.html</a>

Social-Engineer Toolkit (SET) Version 4.0 Codenamed “Balls of Steel” Released

Social-Engineer Toolkit (SET) Version 4.0 Codenamed “Balls of Steel” Released

Social Engineer Toolkit also known as SET gets another update. Now we have Social Engineer Toolkit version 4.0 codename “Balls of Steel” is officially available for public consumption. In his official blog; Trusted Sec, the developper of SET has claimed that this version of SET is the most advanced toolkit till today. This version is the collection of several months of development and over 50 new features and a number of enhancements, improvements, rewrites, and bug fixes. 

Lets talk about some highlights and the new major features of SET 4.0- the Java Applet attack has been completely rewritten and obfuscated with added evasion techniques. All of the payloads have been heavily encrypted with a number of heavy anti-debugging tools put in place. PyInjector is now available on the Java Applet attack natively and deploys shellcode automatically through a byte compiled executable. The powershell attack vectors now support customized payload selection through the config/set_config. A new attack vector has been added called the Dell DRAC Attack Vector (default credential finder). A new teensy payload has been added from the Offensive-Security crew – the auto-correcting attack vector with DIP switch and SDcard “Peensy”. The web cloner has been completely rewritten in native python removing the dependency for wget. The new IE zero day has been included in the Metasploit Web Attack Vector. The Java Repeater and Java Redirection has been rewritten to be more reliable. Obfuscation added to randomized droppers including OSX and Linux payloads.

Full Changelog of The Social-Engineer Toolkit (SET) 4.0:- 

•  Added a new attack vector to SET called the Dell Drac attack vector under the Fast-Track menu.
•  Optimized the new attack vector into SET with standard core libraries
•  Added the source code for pyinjector to the set payloads
•  Added an optimized and obfuscated binary for pyinjector to the set payloads
•  Restructured menu systems to support new pyinjector payload for Java Applet Attack
•  Added new option to SET Java Applet – PyInjector – injects shellcode straight into memory through a byte compiled python executable. Does not require python to be installed on victim
•  Added base64 encoded to the parameters passed in shellcodexec and pyInjector
•  Added base64 decode routine in Java Applet using sun.misc.BASE64Decoder – native base64 decoding in Java is the suck
•  Java Applet redirect has been fixed – was a bug in how dynamic config files were changed
•  Fixed the UNC embed to work when the flag is set properly in the config file
•  Fixed the Java Repeater which would not work even if toggled on within the config file
•  Fixed an operand error when selecting high payloads, it would cause a non harmful error and an additional delay when selecting certain payloads in Java Applet
•  Added anti-debugging protection to pyinjector
•  Added anti-debugging protection to SET interactive shell
•  Added anti-debugging protection to Shellcodeexec
•  Added virtual entry points and virtualized PE files to pyinjector
•  Added virtual entry points and virtualized PE files to SET interactive shell
•  Added virtual entry points and virtualized PE files to Shellcodeexec
•  Added better obfsucation per generation on SET interactive shell and pyinjector
•  Redesigned Java Applet which adds heavily obfsucated methods for deploying
•  Removed Java Applet source code from being public – since redesign of applet, there are techniques used to obfuscate each time that are dynamic, better shelf life for applet
•  Added a new config option to allow you to select the payloads for the powershell injection attack. By specifying the config options allows you to customize what payload gets delivered via the powershell shellcode injection attack
•  Added double base64 encoding to make it more fun and better obfuscation per generation
•  Added update_config() each time SET is loaded, will ensure that all of the updates are always present and in place when launching the toolkit
•  Rewrote large portions of the Java Applet to be dynamic in nature and place a number of non descriptive things into place
•  Added better stability to the Java Applet attack, note that the delay between execution is a couple seconds based on the obfuscation techniques in place
•  Completely obfsucated the MAC and Linux binaries and generate a random name each time for deployment
•  Fixed a bug that would cause custom imported executables to not always import correctly
•  Fixed a bug that would cause a number above 16 to throw an invalid options error
•  Added better cleanup routines for when SET starts to remove old cached information and files
•  Fixed a bug that caused issues when deploy binaries was turned to off, would cause iterative loop for powershell and crash IE
•  Centralized more routines into set.options – this will be where all configuration options reside eventually
•  Added better stability when the Java Applet Repeater is loaded, the page will load properly then execute the applet.
•  The site cloner has been completely redesigned to use urllib2 instead of wget, long time coming
•  The cloner file has been cleaned up from a code perspective and efficiency
•  Added better request handling with the new urllib2 modules for the website cloning
•  Added user agent string configuration within the SET config and the new urllib2 fetching method
•  Added a pause when generating Teensy payloads
•  Added the Offensive-Security “Peensy” multi-attack vector for the Teensy attacks
•  Added the Microsoft Internet Explorer execCommand Use-After-Free Vulnerability from Metasploit into the Metasploit Browser Exploits Attack vectors
•  Fixed a bug in cleanup_routine that would cause the metasploit browser exploits to not function properly
•  Fixed a bug that caused the X10 sniffer and jammer to throw an exceptions if the folder already existed

To Download The Social-Engineer Toolkit (SET) 4.0 Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Social-Engineer Toolkit (SET) Version 4.0 Codenamed “Balls of Steel” Released"https://www.voiceofgreyhat.com/2012/09/Social-Engineer-Toolkit-4.0-Released.html</a>

Microsoft Plugs Internet Explorer Security Hole (Which was Exposed in A Contest)

Microsoft last week patched the last vulnerability in Internet Explorer (IE) used by a researcher in March to win $15,000 at the
The company had patched IE twice before to quash bugs exploited by Stephen Fewer of Harmony Security to bring down IE8 on Windows 7 at Pwn2Own. For his efforts, Fewer was awarded a cash prize of $15,000 and a Sony notebook.

Microsoft internet explorer Fewer chained three exploits , each for a different vulnerability, to bypass IE's sandbox, called "Protected Mode," and compromise IE8. Pwn2Own sponsor HP Tipping Point called the feat "impressive" at the time.
Microsoft patched the third IE bug in a multiple-flaw update to its browser, part of a 13-bulletin collection .
Although Microsoft credited Fewer in the MS11-057 bulletin for reporting the third vulnerability, it said the bug wasn't a security flaw. "Yes, this update addresses a Protected Mode bypass issue, publicly referenced as CVE-2011-1347," Microsoft said in response to an FAQ query, "Does this update contain any non-security related changes to functionality?"
At Pwn2Own, Fewer used the bypass bug to escape Protected Mode so he could circumvent the browser's sandbox, which allowed him to add a file to the machine, a task that mimicked a hacker's insertion of malware.

Fewer confirmed that last week's IE update fixed the final flaw he used at Pwn2Own.
"Yes MS11-057 patches the final bug, the protected mode bypass, that I used in my Pwn2Own exploit, the other two being a use-after-free which was patched in MS11-018 and an information leak patched in MS11-050," Fewer said today in an email reply to questions.

Earlier Flaws Addressed

MS11-018 and MS11-050 were the designations of the April and June bulletins, respectively, that patched the two other vulnerabilities he reported to Microsoft via Tipping Point's bug bounty program.
According to Aaron Portnoy, manager of TippingPoint security research team and the company's Pwn2Own organizer, Tuesday's IE update wraps up patching for the 2011 contest.
During Pwn2Own, Microsoft said that IE9, the browser that launched shortly after Fewer's hack, did not contain the bugs he exploited.
Including Tuesday's update, IE9 has been patched twice since its March launch. Of the August bugs Microsoft acknowledged as security issues, one was reported by Fewer.
"Yes, I have been doing some research into IE9 and actually my first IE9 vulnerability was also patched this Tuesday as part of MS11-057," Fewer said, referring to a separate bug he was credited with this week.
That flaw, dubbed "CVE-2011-1964," was reported via TippingPoint to Microsoft in May, and was ranked critical for IE9 when run on Vista or Windows 7.
Fewer wouldn't commit to taking on IE9 at next year's Pwn2Own, but he left the door open to a repeat performance. "I don't have any plans as of yet for next year's competition, but if I have a few new bugs handy closer to the time, who knows?"
August's security updates, including MS11-057 for IE, can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services.

-News Source (PC-World)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft Plugs Internet Explorer Security Hole (Which was Exposed in A Contest)"https://www.voiceofgreyhat.com/2011/08/microsoft-plugs-internet-explorer.html</a>

TOR Client Leaking Sensitive Information From Cache Memory, Later The Bug Has Been Fixed

TOR Client Leaking Sensitive Information From Cache Memory, Later The Bug Has Been Fixed  

Major security issue has been found in the world's most famous and widely used software for online anonymity, Tor (The Onion Router). A software developer named Andrey Karpov found that the anonymisation software uses a function called memset() to delete cache data, which is not supported by all compilers. In some cases, that can cause the TOR client to leave confidential data like passwords in the system memory when it is closed. The memset() function is problematic because it is automatically deleted when TOR is optimized for speed with a compiler like the one in Microsoft Visual Studio 2010. Once that happens, the data remains in system memory, where it can be read by malicious programs.

As soon as this security issue get spot light The Tor Project has immediately issues a fix to close the security vulnerability which leads to leak information from memory on some machines running Tor that could give an attacker access to sensitive information stored in the cache. The developers at the Tor Project were alerted to the problem recently and began looking into the issue. What they found is that in some cases, when the Tor client uses a function called memset to erase some cache data on a machine, some of that information will still remain when Tor exits. The data that remains could give an attacker access to sensitive information in the cache. The strring explaining the bug fix in Tor says that different compilers handle the situation differently. In their bug fix Tor Project says that "Tor tries to wipe potentially sensitive data after using it, so that if some subsequent security failure exposes Tor's memory, the damage will be limited. But we had a bug where the compiler was eliminating these wipe operations when it decided that the memory was no longer visible to a (correctly running) program, hence defeating our attempt at defense in depth. We fix that by using OpenSSL's OPENSSL_cleanse() operation, which a compiler is unlikely to optimize away. Future versions of Tor may use a less ridiculously heavy approach for this. Fixes bug 7352."

-Source (Tor Project, The-H & threatpost)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">TOR Client Leaking Sensitive Information From Cache Memory, Later The Bug Has Been Fixed"https://www.voiceofgreyhat.com/2012/11/TOR-Client-Leaking-Information-From-Cache-Memory.html</a>

Facebook Said - Please Hack Us & Get Bounty of $500

Facebook Said - Please Hack Us & Get Bounty of $500

Earlier through Hackers Cup, Facebook has already shown honour to hackers now social networking giant Facebook is directly encouraging hackers to try hacking its security systems to find weaknesses. Those who succeed will receive a reward of US$500 or more and have their name added to a list of helpful hackers.

The hackers have taken part in Facebook's White Hat program. Anyone who finds a way of breaching the site's networks, and owns up, can earn rewards worth thousands of dollars. As well as money, Facebook promises not to land them in trouble with the police & legal harassment if they have complied with the program's golden rules. Already one British hacker has earned more than $2400 from Facebook, and the most prolific White Hat contributors are now given their own Facebook "bug bounty" credit cards. Facebook's chief security officer, Joe Sullivan, says he would much rather the hackers worked with the company, rather than against it. In time, he hopes the hackers will be able to find legitimate ways of expressing themselves within schools and universities. "There is a real lack of practical academic programs for cyber-security not only in the US but also internationally," he said. "Cyber-security is a skill best learned by doing, and unfortunately many of the current academic programs place little emphasis on real-world practical experience such as that gained in competition or via bug-bounty programs.

According to Facebook - "If you're a security researcher, please review our responsible disclosure policy before reporting any vulnerabilities. If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you."

Eligibility:-
To qualify for a bounty, you must:

• Adhere to our Responsible Disclosure Policy:

• Be the first person to responsibly disclose the bug

• Report a bug that could compromise the integrity of Facebook user data, or circumvent the privacy protections of Facebook user data, such as:

• Cross-Site Scripting (XSS)

• Cross-Site Request Forgery (CSRF/XSRF)

• Remote Code Injection

• Broken Authentication (including Facebook OAuth bugs)

• Circumvention of our Platform permission model

• A bug that allows the viewing of private user data

• Reside in a country not under any current U.S. Sanctions (e.g., North Korea, Libya, Cuba, etc.)

Rewards:-

• A typical bounty is $500 USD

• We may increase the reward for specific bugs

• Only 1 bounty per security bug will be awarded

Exclusions:-
The following bugs aren't eligible for a bounty (and we don't recommend testing for these):

• Security bugs in third-party applications (e.g., http://apps.facebook.com/[app_name])

• Security bugs in third-party websites that integrate with Facebook

• Security bugs in Facebook's corporate infrastructure

• Denial of Service Vulnerabilities

• Spam or Social Engineering technique

                      For detailed information click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Facebook Said - Please Hack Us & Get Bounty of $500"https://www.voiceofgreyhat.com/2012/05/facebook-said-please-hack-us-get-bounty.html</a>