MOR11 : Most Advanced VoIP Software For Telecoms By Kolmisoft

Kolmisoft has released the most advanced VoIP software. The latest version of its advanced VoIP Softswitch with Billing and Routing functionality. MOR11 enables alternative telecoms to significantly improve their voice services. MOR11 enables alternative telecoms to significantly improve their voice services, effectively manage service offerings and grow their voice businesses due to the systems stability and high traffic scalability. 

Designed for small and mid-sized telecommunication companies specialised in delivering various VoIP services, MOR 11 now supports expanded API, improved active calls monitoring, improved online cash flow monitoring and an absolutely new functionality that allows telecoms to build their own clouds and launch a virtual multiline business telephone system, or PBX.

“With hundreds of new features, this new version of MOR is the easiest and fastest way for voice service providers to increase profits from their daily operations,” said Mindaugas Kezys, CEO of Kolmisoft. “MOR 11 gives every telecom the tool they need to control the quality of calls, improve their service level and protect voice services from hacking and money loss.”

The new API (application programming interface) in MOR allows telecoms to integrate their billing and routing data with any ERP, CRM or accounting software. Such integration accelerates customer service processes including helpdesk, reporting and invoicing. In addition, it allows voice service providers to increase sales due to more flexible pricing, customised offers and service assurance and fulfilment.

For More Information & To Download Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">MOR11 : Most Advanced VoIP Software For Telecoms By Kolmisoft"https://www.voiceofgreyhat.com/2011/12/mor11-most-advanced-voip-software-for.html</a>

Microsoft, Skype Deal Could Exploit Synergies with Nokia, Enterprise

Microsoft CEO Steve Ballmer is known for his public exuberance, punctuating keynote addresses with the sort of high-decibel verbal fireworks commonly associated with high-school coaches trying to goad a touchdown.
“Developers! Developers! Developers!” is one of his more famous refrains.
As Microsoft headed into the final stages of its acquisition negotiations with VOIP (voice over IP) and video-conferencing provider Skype, Ballmer’s shout to any Microsoft executives reluctant to embrace the deal might have been: “Synergy! Synergy! Synergy!”
Microsoft is paying a lot for Skype: $8.5 billion. In return for that hefty chunk of change, it will become a business division within Microsoft, headed by Skype’s current CEO Tony Bates. Skype in its new form will support Microsoft products, such as Windows Phone and Xbox Kinect, and integrate across the breadth of Microsoft’s already-extensive portfolio—including the Lync unified-communications platform. 
But that’s not necessarily enough to justify the biggest-ever payout in Microsoft’s history. According to some analysts, the secret sauce of the Skype deal—so to speak—is its potential to bolster Microsoft’s recent partnerships with other companies, as well as its relationship to the enterprise.
“Of [Skype’s] 633 million users, fewer than 8 million are paying users. No matter. What is important is that many of these users would love to make free calls on a mobile phone,” Mike Gualtieri, an analyst with Forrester, wrote in a May 11 corporate blog posting. “Microsoft’s plan to acquire Skype fits in perfectly with its recent partnership with Nokia because both offer incredible reach.”
In other words, Skype could allow Microsoft to boost its competitiveness in the mobile realm against both Apple’s iPhone and the growing family of Google Android devices. “There is no stopping Apple when it comes to mobile and cultural dominance,” he wrote. “But Microsoft could displace Google as the alternative based on the great UX provided by Windows Phone 7, the Nokia partnership and the Skype deal.” 
Whether or not that takes place—despite some analyst assertions that Windows Phone will increasingly dominate the market, Microsoft’s share of smartphones reportedly remains low—the Skype deal could allow Microsoft to maintain its grip on a segment very near and dear to its heart, or at least its bottom line: the enterprise.
That is, if Microsoft manages to swallow Skype without too much indigestion, according to a May 11 blog post by Yankee Group analyst Emily Green: “Two of the many reasons these things fail after the photo-op: a) they buy something sizzling hot, hoping to reinvigorate their own less dynamic offerings and culture—but end up suffocating the entrepreneurial spirit in the acquired firm that made it sexy in the first place. Or, b) they buy something that’s only available because it’s on the ropes.”
That being said, Green views the Skype-Microsoft deal as capable of sidestepping those pitfalls, if only because supple, lightweight VOIP and video-conferencing assets can serve Microsoft’s designs on the enterprise.
Specifically, as those enterprises shed physical infrastructure, “their leaders have to ask some very tough questions about investing in conventional hard-wired telecommunications infrastructure.” That, in combination with employees’ seemingly unstoppable desire to bring consumer software into the enterprise, could create an opportunity for Microsoft to “tightly weave Skype’s functionality into its corporate offerings” in ways that meet the approval of executives and IT administrators. In turn, that could give Redmond the opening it needs to “maintain relevance with the new breed of enterprises being born in this century.”
However, Green concedes that earning back the enormous costs associated with the acquisition “is another story.”
Skype found itself an acquisition target in 2005, when eBay agreed to pay $2.6 billion in cash and stock for the then two-year-old company. Four years later, a team of private investors—including Silver Lake Partners and Andreessen Horowitz—took it off the auction Website’s hands for $1.9 billion in cash. Skype had reportedly been raising money for an IPO, but that offering was delayed after the company appointed Bates to the CEO role in October.
For that substantial bump-up in cash, Microsoft is purchasing one of the Web’s most recognizable consumer brands—albeit one that’s faced increased competition from Google and others in recent quarters.
But one of Skype’s private investors took to the blogosphere to discount that competition as a threat. In a May 10 posting on his personal blog, Andreessen Horowitz co-founder and partner Ben Horowitz suggested that Google’s attempt to market a similar VOIP offering had failed to stop Skype’s momentum: “What was the result of this effort? … Skype new users and usage growth has accelerated since Google’s launch.”
Apple’s Facetime, he added, also failed to blunt Skype’s momentum: “How did that impact Skype’s use on the iPhone? 50 million users have downloaded Skype’s iPhone product since the release of Apple’s FaceTime.”
If you believe Horowitz’s assertions, then Microsoft managed to sidestep the potential acquisition dangers outlined by Green. But how well the company will integrate its newest property—and create synergy with its partners—remains the question of the hour. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft, Skype Deal Could Exploit Synergies with Nokia, Enterprise"https://www.voiceofgreyhat.com/2011/05/microsoft-skype-deal-could-exploit.html</a>

TeamSpeak Official Forum Hacked! Redirecting Users Into Malicious DotCache Exploit Kit

TeamSpeak Official Forum Hacked! Infecting Users By Malicious DotCache Exploit Kit

A serious security breach has compromised official forum of TeamSpeak, according to sources hackers have gained access inside the server and injected malicious script into the landing page of TeamSpeak official forum. Expert malware analyzer have figured out that the attack was thoroughly planned in order to infect millions of users while redirecting them to a DotCache exploit kit landing page as illustrated below 

TeamSpeak is a very famous Brazilian company who offers (VoIP) software that allows computer users to speak on a chat channel with fellow computer users, much like a telephone conference call. Users use the TeamSpeak client software to connect to a TeamSpeak server of their choice, from there they can join chat channels and enjoy the excellent VoIP service. Mostly it is used by millions of gamers across the globe. 

Basically we can consider TeamSpeak is a high value target, so did the hacker. Researchers said that the exploit kit landing page is hosted on atvisti.ro, a forum for ATV enthusiasts that's also been compromised. In a statement well known malware analyst & security researcher Jerome Segura said- if the Java exploit succeeds the final payload is loaded. In this particular example, the payload was the Zero Access Trojan which an Anti-Malware from Malwarebytes detects as Rootkit.0Access. The matter of a bit relief is that the malware has not yet been spotted in the wild. According to a statistic by Virus Total, only 7 of 46 leading antivirus can detect this type of malware. Exactly like TeamSpeak, a few days earlier Kahu Security researchers uncovered a similar compromise on the forum for the Nissan Pathfinder Off Road Association (NPORA) in both cases, JJEncode was used to obfuscate the malicious script. To avoid further infection, TeamSpeak forum has already been informed, an as expected they have over come this issue. For detail analysis of the above said malware you can visit official blog post of Malwarebytes. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">TeamSpeak Official Forum Hacked! Redirecting Users Into Malicious DotCache Exploit Kit"https://www.voiceofgreyhat.com/2013/12/TeamSpeak-forum-hacked.html</a>

Skype Fixes Android App Vulnerability

Skype has fixed the privacy vulnerability its Android application that allowed malicious apps to harvest user data.

The vulnerability has been addressed in the latest Skype for Android, Version 1.0.0.983, and the user data has been properly secured on the mobile device, Adrian Asher, chief information security officer at Skype, wrote on the Skype blog on April 20. The problem did not exist for Verizon customers.

Skype for Android was storing names, dates of birth, location information, account balances, phone numbers, email addresses and other biographic details in a nonencrypted and easily accessible file on the mobile device, Justin Case, an amateur Android developer, wrote on the Android Police blog on April 15. Any rogue app could have harvested the personal data as well as old instant messages from insecure database files, according to Case.

Android by default sandboxes applications so that data from one app can’t be accessed by another. In this case, Skype overwrote the default by assigning incorrect file-level permissions, Case said. The data-collecting app Case developed to demonstrate the vulnerability did not require any unusual permissions and worked on non-jailbroken Android devices.

“We have had no reported examples of any third-party malicious application misusing information from the Skype directory on Android devices,” Asher said.

Case confirmed that the updated version closed the security hole and that his sample rogue app no longer can access the information stored in the database, David Ruddock posted on the Android Police blog. Skype changed the permissions of the databases where the data was stored so that only the Skype app can access the information, Ruddock said.

Case noted that the database files were unencrypted in his original analysis. Skype did not respond to eWEEK’s requests for whether the data is encrypted in the new version.

Case originally discovered the issue in the beta version of Skype Video that had been released last week. The fix will be addressed when Skype launches the official version.

In addition to the security fix, Skype added the ability to make VOIP (voice over IP) calls over 3G data connections to the app, even for calls in the United States. The 3G calling feature in the app will not be supported for Android phones over the Verizon Wireless network because Verizon already allows 3G Skype calls, thanks to an exclusive partner agreement signed in 2010.

The Android app previously allowed users to only send instant messages or place calls using the phone’s existing service or over WiFi. With this new version, users can call anyone without using up any minutes on their calling plan because the calls are carried over the mobile data plan. Bypassing the mobile carrier is not entirely free, as users are still subject to Skype fees.

Major carriers have opposed the practice in the past, and only Verizon customers had Skype’s VOIP capability up until now. Even if users aren’t interested in 3G calls, they should upgrade just for the security fix.

Asher reminded users to download the app only from Skype or the official Android Market links to avoid malicious apps.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Skype Fixes Android App Vulnerability"https://www.voiceofgreyhat.com/2011/04/skype-fixes-android-app-vulnerability.html</a>

Cain & Abel Is Now In Ver 4.9.41

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of  passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

This is the official change log:

• Added support for MSCACHEv2 Hashes (used by Vista/Seven/2008) in Dictionary and Brute-Force Attacks.
• Added MSCACHEv2 Hashes Cryptanalysis via Sorted Rainbow Tables.
• Added MSCACHEv2 Rainbow Tables to WinRTGen v2.6.3.
• MS-CACHE Hashes Dumper now supports MSCACHEv2 hashes extraction from Windows Vista/Seven/2008 machines and offline registry files.

Download Cain & Abel v4.9.41Clcik here.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Cain & Abel Is Now In Ver 4.9.41"https://www.voiceofgreyhat.com/2011/08/cain-abel-is-now-in-ver-4941.html</a>

Yahoo! Voice Compromised, 450K Login Credentials Stolen & Posted In Plain Text

Yahoo! Voice Compromised, 450K Login Credentials Stolen & Posted In Plain Text

After LinkedIn, eHarmony and Formspring here comes another big fish, guess who ?? Its one of the widely used web search engine - Yahoo! A list of over 453,491 email addresses and plain-text passwords, in a document named "Owned and Exposed" apparently from users of a Yahoo! service, is in circulation on the internet. According to security expert and former hacker and well known security expert Kevin Mitnick, the passwords belong to the little-known VoIP service, Yahoo! Voice. The information is contained in a 17MB text file and has been released by a group of hackers calling themselves the D33DS Company. Access to the original information is said to have been achieved through use of an SQL injection vulnerability, where databases are accessed through inadequately filtered parameters passing through the web front end. Whether the passwords were originally stored as plain text in the database or if the hackers had already cracked hashed passwords to produce the file is unclear. 

The original D33ds site that posted the login credentials (d33ds.co) was down as of early Thursday morning; however, the text file is available through torrents and sites such as Media Fire.

“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” the D33ds group said in the text file containing the leaked credentials. The group said it did not reveal which Yahoo service the hacked credentials came from “to avoid further damage.”

Yahoo confirmed it was hacked and provided the following statement:-

“An older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 450,000 Yahoo! and other company users names and passwords was compromised yesterday, Of these, less than 5% of the Yahoo! accounts had valid passwords. We are taking immediate action by fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to all affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com."

While looking at the current scenario we strongly advise you to change your Yahoo! passowrds immediately & also set a strong password in an alpha-numeric combination. Enjoy reading Voice of Greyhat & stay safe and happy on the Internet. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Yahoo! Voice Compromised, 450K Login Credentials Stolen & Posted In Plain Text"https://www.voiceofgreyhat.com/2012/07/yahoo-voice-compromised-450k-login.html</a>

WatchGuard new next-generation firewall UTM Box

WatchGuard unveiled its most powerful security appliance, the XTM 2050. This next-generation firewall (NGFW) providessecurity for large organizations and data centres that require a high-performance firewall, application control and IPS to protect against data theft, malware and security breaches.

Whats new with the new Box
For customers with mission-critical requirements, WatchGuard is also introducing a 24×7, premium Advanced Hardware Replacement program to replace WatchGuard XTM and XCS appliances on-site within 4-hours
The WatchGuard XTM 2050 provides line-speed security inspection on all traffic, supports multi-gigabit packet filtering throughput and provides application control.



Features and specifications:

• 20 Gbps firewall, and up to 10Gbps full content inspection
• High port density with 16 1GB copper ports and 2 10GB SFP+ Fibre ports
• Port Independence: any port can be External, Trusted, or DMZ
• Redundant hot-swap power supplies, fans, storage, and NICs
• High Availability (active/passive and active/active)
• WAN and VPN failover
• Application Control for over 1,800 applications
• Integration with Active Directory, LDAP, RADIUS, others for user-based firewalling
• WatchGuard System Manager full management, reporting, monitoring, logging package included
• IPSec site to site and remote user VPN
• SSL remote user VPN
• Advanced VOIP and HTTPS security
• Extensive traffic shaping, QoS and bandwidth control.

Click here to Download 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">WatchGuard new next-generation firewall UTM Box"https://www.voiceofgreyhat.com/2011/05/watchguard-new-next-generation-firewall.html</a>

Security flaw in Skype for Mac fixed

A security flaw in Skype for Mac that could enable a user to gain remote control of a Mac computer running the software has been fixed, says Skype, but users should make sure they have the latest version to ensure total protection.

Attention all Mac owners who use Skype. A flaw has been identified in Skype 5 that enables an attacker to gain remote control of a Mac computer running the software.

Gordon Maddern, a member of a group of ethical hackers based in Australia that goes by the name of Pure Hacking, wrote in a blog post on Friday that he had identified the security flaw last month. “The long and the short of it is that an attacker needs only to send a victim a message and they can gain remote control of the victim’s Mac,” Maddern said.

Describing the flaw as “extremely wormable and dangerous,” Maddern contacted Skype to inform them of the issue and heard nothing back – until today. A short time after his post appeared on Pure Hacking’s blog, Skype posted a response on its own website in order to reassure users.

Adrian Asher, Skype‘s chief information security officer, confirmed that the company was indeed contacted by Maddern last month. Asher explained in the post that the issue was “related to a situation when a malicious contact would send a specifically crafted message that could cause Skype for Mac to crash. Note, this message would have to come from someone already in your Skype Contact List, as Skype’s default privacy settings will not let you receive messages from people that you have not already authorized.”

In the post, Asher claims that they were already working on a fix when they heard from Pure Hacking, and as a result the Luxembourg-based company issued a hotfix (Skype for Mac version 5.1.0.922) on April 14. This update, however, was not pushed to Skype users “as there were no reports of this vulnerability being exploited in the wild.”

Asher goes on to announce that a new update, which will include the hotfix along with a number of other bug fixes, will be sent out next week. This update, however, will prompt users to install it. Asher’s post ends by recommending that users make sure they are running the latest version of Skype (with the April 14 fix). Mac users can check now by clicking here. Skype users with Windows and Linux are not susceptible to the vulnerability.

Founded in 2003, the company’s hugely popular VoIP application can have around 23 million users logged in and chatting at any one time. Recent reports have suggested that the company is in talks with both Google and Facebook regarding a possible joint venture or acquisition.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Security flaw in Skype for Mac fixed"https://www.voiceofgreyhat.com/2011/05/security-flaw-in-skype-for-mac-fixed.html</a>

Skype Vulnerability Reveals User IP Addresses

Skype Vulnerability Reveals User IP Addresses

If you are a Skype user then both your IP address and location can be determined or in other word can easily be revealed. According to a blog post, a modified version of the Skype VoIP software can be used to easily find out the IP address of any valid Skype user. No contact has to be made with the user in order to get the information. This IP could then be used to find out other personal details about the user, such as their location or even their employer. The process only works if the other user is online. The only method of protecting against this is to log off of Skype when you're not using it, or ot use a virtual private network to hide the IP address. The IP address doesn't give up a person's name or other specific information, but it does provide information on the country, and in some cases city, of origin. Last week, someone posted a an exploit of that vulnerability within the Skype network on Pastebin, providing details of how to download a modified or patched version of Skype 5.5 that would allow the exploit to be run.  "Claudius," a community manager on the Skype forums, said that Microsoft was aware of the issue. "Hello, yes, our security experts are aware of it and looking into it already," he posted Monday morning.

Microsoft said - "We are investigating reports of a new tool that allegedly captures a Skype user's last known IP address, a Skype representative said in an emailed statement. "This is an ongoing, industry-wide issue faced by all peer-to-peer software companies. We are committed to the safety and security of our customers and we are takings measures to help protect them." 

 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Skype Vulnerability Reveals User IP Addresses"https://www.voiceofgreyhat.com/2012/05/skype-vulnerability-reveals-user-ip.html</a>

Researcher are saying: Skype for Mac has 'dangerous' vulnerability

Skype's Mac client has a serious zero-day vulnerability that the company is yet to fix, a security researcher has said.
Writing on the blog of security firm Pure Hacking, researcher Gordon Maddern said on Friday that the vulnerability means "an attacker needs only to send a victim a message [through Skype] and they can gain remote control of the victim's Mac". He added that the exploit was "extremely wormable and dangerous".
According to Maddern, he notified the VoIP company about the vulnerability more than a month ago, only to get a standard response reading: "Thank you for showing an interest in Skype security. We are aware of this issue and will be addressing it in the next hotfix". A fix has still not been released in the intervening period, he said.
"Pure Hacking won't give specifics on how to perform this attack until a patch from Skype is released," Maddern wrote. "However, we will give a full disclosure after Skype takes action or a reasonable responsible disclosure time."
According to Maddern, Skype's Windows and Linux clients are not vulnerable to the attack.
UPDATE (5:13pm): Skype has just sent ZDNet UK a statement promising a fix next week. The statement reads: "We are aware of this and will release a fix early next week to resolve the issue. We take our users privacy very seriously and are working quickly to protect Skype users from this vulnerability."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Researcher are saying: Skype for Mac has 'dangerous' vulnerability"https://www.voiceofgreyhat.com/2011/05/researcher-are-saying-skype-for-mac-has.html</a>

#CFP - Call For Papers Nullcon Delhi 2012 (International Security Conference)

#CFP - Call For Papers Nullcon Delhi 2012 (International Security Conference)

After the success of Goa, now its the preparation time for nullcon Delhi to showcase cutting edge security technologies and discuss new attack vectors and security threats among the Corporate world and the Government sector. The event brings together thought leaders, Corporates, Government and security professionals all under one roof. Being the official media partner, Team Voiceofgreyhat wishes all the very best for Nullcon Delhi 2012.

Categories:-

The talk time duration includes time for questions and answers (5-10 minutes).

1. Research Category (40 mins - 1 hr) - is a deep knowledge technical track that includes new research, tools, vulnerabilities, zero days or exploits.
   
2. Technical Category (30 mins - 1 hr) - comprises of known security issues, case studies, twist to an existing research, tool, vulnerability, exploit or research-in-progress. Although this track is fairly technical, it covers known techniques and analysis and is specially created for security professionals who are not too much into new research, are auditors, management professionals and newbies.
   
3. Desi Jugaad (1 hr) - is our signature research category talk and includes any local Indian/Asian hacks.

Submission Topics:-

1. One of the topics of interest to us is Desi Jugaad(Local Indian/Asian Hack) and has a separate track of its own. Submissions can be any kind of local hacks that you have worked on (hints: electronic/mechanical meters, automobile hacking, Hardware, mobile phones, lock-picking, bypassing procedures and processes, etc. Be creative!)
   
2. The topics pertaining to security and hacking in the following domains(but not limited to):
• Hardware Hacking(ex: RFID, Magnetic Strips, Card Readers, Mobile Devices, Electronic Devices)
• Tools/exploits/Zero-days (noncommercial)
• Programming/Software Development security and weaknesses
• Network vulnerabilities.
• Information Warfare, cyber espionage, cyber crime, cyber laws
• Malware, Botnets
• Web attacks and application hacking
• New attack vectors
• Mobile malware, vulnerabilities, exploits, VOIP and Telecom
• Virtualization security, hacking VMs, breaking out of VMS etc
• Cloud security, threats and exploitation
• Critical Infrastructure
• Satellite hacking
• Forensics

Submission Format:-

Email the paper to : cfp@nullcon.net
The subject should be : CFP Delhi 2012 <Paper Title>
Email Body :

1. Name
2. Handle
3. Track (& Time required in case of General/Business track)
4. Paper Title
5. Country(and City) of residence
6. Organization and Designation
7. Contact Number
8. Have you presented or submitted this paper at any other conference(s) or magazine(s)?
   Yes, No. If yes, where? and how this submission is different from the previous ones. Note that new research talks already given elsewhere or are due to be given elsewhere prior to nullcon will be considered as Technical category talks unless they consist of cutting edge and ground breaking technology, which is at the judgment of the review committee.
9. Are you releasing an open source tool?
   Yes/No. (If yes, please include the source code for review)
10. Are you releasing an exploit?
    Yes/No. (If yes, please include the source and vulnerability details for review)
11. Are you releasing a new vulnerability/Zero-day?
    Yes/No. (If yes, please send us the details, including reproduction procedure, for review)
12. Why do you think your paper is different/innovative (for all tracks) and how does it qualify as new work/research(for Research track only)?
13. Are there any live demonstrations (These earn you good points during review)?
    Yes/No. (If Yes, how many? Also please explain each demo)
14. Brief Profile ( less than 500 Words)
15. Paper Abstract - Please provide detailed working or your research/work. The more details you provide the better it is for the reviewers. Please keep the abstract to the point. Please do not try to hide the technical details or say “I can't disclose it till bla bla” as it does not help the reviewers in any way and may give your paper a low score because of insufficient information available in the abstract.
16. Your high resolution photo (attached)

Important Dates:-

CFP Opens: 25^th April 2012
1st round of Speaker list Online: 10^th June 2012
CFP Closing Date: 30^th June 2012
Final speakers List online: 10^th July 2012
Conference Dates: 26^th-29^th September 2012 

For Detailed Information Click Here 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">#CFP - Call For Papers Nullcon Delhi 2012 (International Security Conference)"https://www.voiceofgreyhat.com/2012/06/cfp-call-for-papers-nullcon-delhi-2012.html</a>

Cain & Abel v4.9.43! (Network Sniffer & Password Recovery Tool)

Earlier we have talked about Cain & Abel. Now, oxid.it has released an updated Cain & Abel version 4.9.43. 

What is Cain & Abel?

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of  passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

Official Change Log:-

• Added SAP R/3 sniffer filter for SAP GUI authentications and SAP DIAG protocol decompression.
• Added support for Licensing Mode Terminal Server connections to Windows 2008 R2 servers in APR-RDP sniffer filter.
• Added support for MSCACHEv2 Hashes (used by Vista/Seven/2008) in Dictionary and Brute-Force Attacks.
• Added MSCACHEv2 Hashes Cryptanalysis via Sorted Rainbow Tables.
• Added MSCACHEv2 RainbowTables to WinRTGen v2.6.3.
• MS-CACHE Hashes Dumper now supports MSCACHEv2 hashes extraction from Windows Vista/Seven/2008 machines and offline registry files.
• Fixed a bug (crash) in Certificate Collector with Proxy settings enabled.

To Download Cain & Abel v4.9.43 Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Cain & Abel v4.9.43! (Network Sniffer & Password Recovery Tool)"https://www.voiceofgreyhat.com/2011/12/cain-abel-v4943-network-sniffer.html</a>

Think Android: National Security Agency Disclosed Smartphone Strategy

Think Android: National Security Agency (NSA) Disclosed Smartphone Strategy

The National Security Agency has come up with a security design that currently depends on Google Android smartphones, though the NSA contends it doesn't want to be wedded to any particular smartphone operating system. But its current "Fishbowl" phones, as they are called, are beefed-up highly secured Motorola Android smartphones that use double-encryption for voice traffic and a unique routing scheme for 3G network traffic back to the NSA first for security purposes. This design makes them suitable for classified information sharing with other like smartphones, according to Margaret Salter, technical director at NSA's information assurance directorate, who spoke about the so-called "Fishbowl" project, which today focuses on voice use of smart phones.

"We wanted to use the commercial standards that are out there," said Margaret Salter, technical director in NSA's information assurance directorate. "We wanted plug and play — but that was hard." The NSA also wants interoperability in order not to be trapped in vendor ok-in, but this is turning out to be hard to achieve. Earlier in January 2012 NSA has released the first public release of the Security Enhanced (SE) Android Project, a program designed to find and plug security holes and risks in the Android flavor of Linux. SE Android is based on the NSA’s SELinux, first released in 2000.
The NSA looked at SSL VPN as a standard and left no stone unturned in exploring commercial SSL VPN for mobile, but found utter lack of interoperability across vendor products. Salter said NSA also was frustrated with the lack of interoperability in Unified Communications Systems (UCS) products, noting that buying one piece often meant buying several others, there being little evidence of multi-vendor interoperability. So with some frustration, NSA changed to go with an open-source Session Initiation Protocol (SIP) server for the present. NSA also switched its mobile security strategy toward IPSec VPN, where things looked better in terms of interoperability than SSL VPN, and selected the Secure Real-Time Transport Protocol for Voice App and Transport Layer Security (TLS) with keys. This all means "the voice call is doubly encrypted," Salter said. "There's VoIP encryption and IPsec encryption."

-Source (IT World)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Think Android: National Security Agency Disclosed Smartphone Strategy"https://www.voiceofgreyhat.com/2012/03/think-android-national-security-agency.html</a>

Skype 5.3 Client Released for Apple Mac OS X Lion

(VoIP) outfit Skype has updated its client software for Apple Mac users to version 5.3, which brings support for Mac OS X 10.7 Lion. The latest version of the internet chat software provides a number of fixes and improvements to the interface according to Skype. It also includes support for high definition (HD) video calls, provided you have an HD webcam.

On its blog Skype said 

"On the heels of our recent update to Skype 5.2 for Mac OS X, we are pleased to announce that we are making even more improvements to our Mac client with the release of Skype 5.3 for Mac OS X."

It's been just over a month since Skype launched version 5.2. If you haven't got Mac OS X Lion, the latest version of Apple's operating system, then Skype 5.3 is compatible with older versions going back to Leopard.

Other features of the software include group video calling and group screen sharing, for an extra cost. Skype recently made a deal with Microsoft and Facebook has integrated Skype into its social networking web site for video chat. Meanwhile, Windows users are up to Skype client version 5.5, which includes instant messaging to Facebook friends.

To see the Skype blog statement click here
To download Skype for MAC click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Skype 5.3 Client Released for Apple Mac OS X Lion"https://www.voiceofgreyhat.com/2011/08/skype-53-client-released-for-apple-mac.html</a>

Skype Security Flaws Caller Location Can Easily Be Exposed

Recently Researchers at the Polytechnic Institute of New York University found a serious security hole in Skype which may expose a user’s location by revealing their Internet Protocol address. Researchers initiated video calls to 10,000 randomly selected Skype users and discovered that even when a recipient does not accept the incoming call, the user’s Internet Protocol, or IP, address can still be vulnerable to theft.

Armed with an IP address, hackers can uncover specific information about victims, including who they chat with, what they download while online, and in many cases, their zip-code specific location. 

For example, the researchers were able to track one Skype user through three different cities during the experiment. The ability to keep tabs on a user may be an immediate nuisance, but the larger implications are alarming. Criminals, terrorists, and hackers may use the security flaw to glean locations of government officials, corporate leaders, politicians, and celebrities.

Computer science professor and study researcher Keith Ross told that, “Any sophisticated high school or college hacker could easily do this,” and emphasized that “the findings have real security implications for the hundreds of millions of people around the world who use VoIP or P2P file-sharing services.”

Skype, recently owned by Microsoft, boasts 171 million registered users around the world, who may wonder how such a major security flaw escaped notice. Previously lost of vulnerability has been found on Skype related with android, Facebook and also there was XSS flaws many more

Skype Tuesday said it will address the issue. “We value the privacy of our users and are committed to making our products as secure as possible,” said Adrian Asher, chief information security officer for Skype. “Just as with typical Internet communications software, Skype users who are connected may be able to determine each other’s IP address. Through research and development, we will continue to make advances in this area and improvements to our software.”

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Skype Security Flaws Caller Location Can Easily Be Exposed"https://www.voiceofgreyhat.com/2011/12/skype-security-flaws-caller-location.html</a>

Kororaa Linux 15 Released (Based on Fedora 15, Lovelock)

Dubbed Squirt, the new Kororaa 15 OS is now based on the Fedora 15 release, it features both KDE SC 4.6 and GNOME 3 desktop environments, and it is available for download (see download links at the end of the article) for both 32-bit and 64-bit architectures. Kororaa 15 includes lots of new and interesting features, such as Ubuntu’s Jockey Device Driver Manager tool as a replacement for the old Add/Remove Extras script, easier installation of the Adobe Flash Player plugin, and lots more.
"Users still on Kororaa 14 may wish to upgrade to 15 and should do so via a new install (backup your data if necessary). Users who wish to stay with GNOME 2.x should not upgrade to 15, as it comes with GNOME 3."
"However, Kororaa 15 does include a desktop switcher for GNOME 3, so that users can switch between the new Shell interface and the 2.x style Fallback mode." - said Chris Smart in the official announcement.

Highlights of Kororaa 15:-

· Linux kernel 2.6.40.4;
· Customized GNOME 3 desktop environment;
· Customized KDE SC 4.6 desktop environment;
· Mozilla Firefox 6 as default web browser;
· VLC as default video player;
· Pidgin as the default IM client;
· Extra repositories for installing Adobe Flash Player, Google Chrome,                     RPMFusion and VirtualBox;
· Gwibber and Choqok microblogging clients;
· Out-of-the-box multimedia support;
· Adobe Flash Player installer;
· Jockey Device Driver Manager to easily install Nvidia and ATI video drivers;
· Shell and Fallback desktops switcher for GNOME 3;
· OpenShot and Kdenlive video editors;
· SELinux enabled;
· Australian and British English support and dictionaries;
· DownThemAll add-on for Firefox;
· Linphone VoIP client (for the KDE edition);
· Removed KSplice;
· Removed Add/Remove Extras script;
· Lots of other improvements and bugfixes.

To download Kororaa Linux click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Kororaa Linux 15 Released (Based on Fedora 15, Lovelock)"https://www.voiceofgreyhat.com/2011/09/kororaa-linux-15-released-based-on.html</a>

BackBox Linux 2 (Penetration Testing Distribution) Released

BackBox Linux 2 (Penetration Testing Distribution) released.
About BackBox :-
BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable version of the most used and best known ethical hacking tools.

What's New:-

• System upgrade
• Performance boost
• New look and feel
• Improved start menu
• Bug fixing
• Hacking tools new or updated
• Three new section: Vulnerabilty Assessment, Forensic Analysis and VoIP Analysis
• Much, much more!

System Requirements:-

• 32-bit or 64-bit processor
• 256 MB of system memory (RAM)
• 2 GB of disk space for installation
• Graphics card capable of 800×600 resolution
• DVD-ROM drive or USB port

To download Back Box Click Here

-News Source (backbox)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">BackBox Linux 2 (Penetration Testing Distribution) Released"https://www.voiceofgreyhat.com/2011/09/backbox-linux-2-penetration-testing.html</a>

Skype bug gives attackers root access to Mac OS X

Mac users running Skype are vulnerable to self-propagating exploits that allow an attacker to gain unfettered system access by sending a specially manipulated attachment in an instant message, a hacker said.

“The long and the short of it is that an attacker needs only to send a victim a message and they can gain remote control of the victim's Mac,” Gordon Maddern of Australian security consultancy Pure Hacking blogged on Friday. “It is extremely wormable and dangerous.”

The vulnerability, which Maddern said isn't present in the Windows or Linux versions of the popular VoIP program, was confirmed by Skype spokeswoman Brianna Reynaud, who said a fix will be rolled out next week. Its disclosure comes the same week that researchers discovered a new crimekit that streamlines the production of Mac-based malware. It also comes as new malware surfaced for Apple's OS X that masquerades as a legitimate antivirus program.

Reynaud said there are no reports that the Skype vulnerability is being actively exploited.

Maddern said he stumbled on the critical flaw by accident.

“About a month ago I was chatting on skype to a colleague about a payload for one of our clients,” he wrote. “Completely by accident, my payload executed in my colleagues skype client. So I decided to test another mac and sent the payload to my girlfriend. She wasn't too happy with me as it also left the her skype unusable for several days.”

He then set out to write proof-of-concept attack code that used payloads borrowed from the Metasploit exploit framework. The result: a Skype exploit that allows him to remotely gain shell access on a targeted Mac. Because it's sent by instant messages, it might be possible to force each infected machines to send the malicious payload to a whole new set of Macs, causing the attack to grow exponentially.

Maddern didn't say what interaction is required on the part of the victim, and he didn't immediately respond to an email seeking clarification. His blog post says he notified Skype of the vulnerability more than a month ago, and that he will withhold specific details until a patch is released to prevent malicious attacks.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Skype bug gives attackers root access to Mac OS X"https://www.voiceofgreyhat.com/2011/05/skype-bug-gives-attackers-root-access.html</a>

Wireshark World’s Most Popular Network Protocol Analyzer is Now on Ver. 1.4.9 & 1.6.2

Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education.

This is the official change log for Wireshark:-

• wnpa-sec-2011-12A large loop in the OpenSafety dissector could cause a crash. (Bug 6138)
• Versions affected: 1.6.0 to 1.6.1.
• wnpa-sec-2011-13A malformed IKE packet could consume excessive resources.
• Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1.
• CVE-2011-3266
• wnpa-sec-2011-14A malformed capture file could result in an invalid root tvbuff and cause a crash. (Bug 6135)
• Versions affected: 1.6.0 to 1.6.1.
• wnpa-sec-2011-15Wireshark could run arbitrary Lua scripts. (Bug 6136)
• Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1.
• wnpa-sec-2011-16The CSN.1 dissector could crash. (Bug 6139)
• Versions affected: 1.6.0 to 1.6.1.

The following bugs have been fixed:-

• configure ignores (partially) LDFLAGS. (Bug 5607)
• Build fails when it tries to #include <getopt.h>, not present in Solaris 9. (Bug 5608)
• Unable to configure zero length SNMP Engine ID. (Bug 5731)
• BACnet who-is request device range values are not decoded correctly in the packet details window. (Bug 5769)
• H.323 RAS packets missing from packet counts in “Telephony->VoIP Calls” and the “Flow Graph” for the call. (Bug 5848)
• Wireshark crashes if sercosiii module isn’t installed. (Bug 6006)
• Editcap could create invalid pcap files when converting from JPEG. (Bug 6010)
• Timestamp is incorrectly decoded for ICMP Timestamp Response packets from MS Windows. (Bug 6114)
• Malformed Packet in decode for BGP-AD update. (Bug 6122)
• Wrong display of CSN_BIT in CSN.1. (Bug 6151)
• Fix CSN_RECURSIVE_TARRAY last bit error in packet-csn1.c. (Bug 6166)
• Wireshark cannot display Reachable time & Retrans timer in IPv6 RA messages. (Bug 6168)
• ReadPropertyMultiple-ACK not correctly dissected. (Bug 6178)
• GTPv2 dissectors should treat gtpv2_ccrsi as optional. (Bug 6183)
• BGP : AS_PATH attribute was decode wrong. (Bug 6188)
• Fixes for SCPS TCP option. (Bug 6194)
• Offset calculated incorrectly for sFlow extended data. (Bug 6219)
• [Enter] key behavior varies when manually typing display filters. (Bug 6228)
• Contents of pcapng EnhancedPacketBlocks with comments aren’t displayed. (Bug 6229)
• Misdecoding 3G Neighbour Cell Information Element in SI2quater message due to a coding typo. (Bug 6237)
• Mis-spelled word “unknown” in assorted files. (Bug 6244)
• tshark run with -Tpdml makes a seg fault. (Bug 6245)
• btl2cap extended window shows wrong bit. (Bug 6257)
• NDMP dissector incorrectly represents “ndmp.bytes_left_to_read” as signed. (Bug 6262)
• TShark/dumpcap skips capture duration flag occasionally. (Bug 6280)
• File types with no snaplen written out with a zero snaplen in pcap-ng files. (Bug 6289)
• Wireshark improperly parsing 802.11 Beacon Country Information tag. (Bug 6264)
• ERF records with extension headers not written out correctly to pcap or pcap-ng files. (Bug 6265)
• RTPS2: MAX_BITMAP_SIZE is defined incorrectly. (Bug 6276)
• Copying from RTP stream analysis copies 1st line many times. (Bug 6279)
• Wrong display of CSN_BIT under CSN_UNION. (Bug 6287)
• MEGACO context tracking fix – context id reuse. (Bug 6311)

Updated Protocol Support:-
BACapp, Bluetooth L2CAP, CSN.1, DCERPC, GSM A RR, GTPv2, ICMP, ICMPv6, IKE, MEGACO, MSISDN, NDMP, OpenSafety, RTPS2, sFlow, SNMP, TCP

New and Updated Capture File Support:-
CommView, pcap-ng, JPEG.


TO download Wireshark click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Wireshark World’s Most Popular Network Protocol Analyzer is Now on Ver. 1.4.9 & 1.6.2"https://www.voiceofgreyhat.com/2011/09/wireshark-worlds-most-popular-network.html</a>

Nmap 5.59 BETA1 (With 40 new NSE scripts)

Nmap 5.59 BETA1 released. This version includes 40 new NSE scripts (plus improvements to many others), even more IPv6 goodness than the informal World IPv6 Day release, 7 new NSE protocol libraries and hundreds of bug fixes! This release also expands and improves IPv6 support!

o [NSE] Added 40 scripts, bringing the total to 217!  You can learn
 more about any of them at http://nmap.org/nsedoc/. Here are the new
 ones (authors listed in brackets):

 + afp-ls: Lists files and their attributes from Apple Filing
   Protocol (AFP) volumes. [Patrik Karlsson]

 + backorifice-brute: Performs brute force password auditing against
   the BackOrifice remote administration (trojan) service. [Gorjan
   Petrovski]

 + backorifice-info: Connects to a BackOrifice service and gathers
   information about the host and the BackOrifice service
   itself. [Gorjan Petrovski]

 + broadcast-avahi-dos: Attempts to discover hosts in the local
   network using the DNS Service Discovery protocol, then tests
   whether each host is vulnerable to the Avahi NULL UDP packet
   denial of service bug (CVE-2011-1002). [Djalal Harouni]

 + broadcast-netbios-master-browser: Attempts to discover master
   browsers and the Windows domains they manage. [Patrik Karlsson]

 + broadcast-novell-locate: Attempts to use the Service Location
   Protocol to discover Novell NetWare Core Protocol (NCP)
   servers. [Patrik Karlsson]

 + creds-summary: Lists all discovered credentials (e.g. from brute
   force and default password checking scripts) at end of scan.
   [Patrik Karlsson]

 + dns-brute: Attempts to enumerate DNS hostnames by brute force
   guessing of common subdomains. [Cirrus]

 + dns-nsec-enum: Attempts to discover target hosts' services using
   the DNS Service Discovery protocol. [Patrik Karlsson]

 + dpap-brute: Performs brute force password auditing against an
   iPhoto Library. [Patrik Karlsson]

 + epmd-info: Connects to Erlang Port Mapper Daemon (epmd) and
   retrieves a list of nodes with their respective port
   numbers. [Toni Ruottu]

 + http-affiliate-id: Grabs affiliate network IDs (e.g. Google
   AdSense or Analytics, Amazon Associates, etc.) from a web
   page. These can be used to identify pages with the same
   owner. [Hani Benhabiles, Daniel Miller]

 + http-barracuda-dir-traversal: Attempts to retrieve the
   configuration settings from a Barracuda Networks Spam & Virus
   Firewall device using the directory traversal vulnerability
   described at
   http://seclists.org/fulldisclosure/2010/Oct/119. [Brendan Coles]

 + http-cakephp-version: Obtains the CakePHP version of a web
   application built with the CakePHP framework by fingerprinting
   default files shipped with the CakePHP framework. [Paulino
   Calderon]

 + http-majordomo2-dir-traversal: Exploits a directory traversal
   vulnerability existing in the Majordomo2 mailing list manager to
   retrieve remote files. (CVE-2011-0049). [Paulino Calderon]

 + http-wp-plugins: Tries to obtain a list of installed WordPress
   plugins by brute force testing for known plugins. [Ange Gutek]

 + ip-geolocation-geobytes: Tries to identify the physical location
   of an IP address using the Geobytes geolocation web service
   (http://www.geobytes.com/iplocator.htm). [Gorjan Petrovski]

 + ip-geolocation-geoplugin: Tries to identify the physical location
   of an IP address using the Geoplugin geolocation web service
   (http://www.geoplugin.com/). [Gorjan Petrovski]

 + ip-geolocation-ipinfodb: Tries to identify the physical location
   of an IP address using the IPInfoDB geolocation web service
   (http://ipinfodb.com/ip_location_api.php). [Gorjan Petrovski]

 + ip-geolocation-maxmind: Tries to identify the physical location of
   an IP address using a Geolocation Maxmind database file (available
   from http://www.maxmind.com/app/ip-location). [Gorjan Petrovski]

 + ldap-novell-getpass: Attempts to retrieve the Novell Universal
   Password for a user. You must already have (and include in script
   arguments) the username and password for an eDirectory server
   administrative account. [Patrik Karlsson]

 + mac-geolocation: Looks up geolocation information for BSSID (MAC)
   addresses of WiFi access points in the Google geolocation
   database. [Gorjan Petrovski]

 + mysql-audit: Audit MySQL database server security configuration
   against parts of the CIS MySQL v1.0.2 benchmark (the engine can
   also be used for other MySQL audits by creating appropriate audit
   files).  [Patrik Karlsson]

 + ncp-enum-users: Retrieves a list of all eDirectory users from the
   Novell NetWare Core Protocol (NCP) service. [Patrik Karlsson]

 + ncp-serverinfo: Retrieves eDirectory server information (OS
   version, server name, mounts, etc.) from the Novell NetWare Core
   Protocol (NCP) service. [Patrik Karlsson]

 + nping-brute: Performs brute force password auditing against an
   Nping Echo service. [Toni Ruottu]

 + omp2-brute: Performs brute force password auditing against the
   OpenVAS manager using OMPv2. [Henri Doreau]

 + omp2-enum-targets: Attempts to retrieve the list of target systems
   and networks from an OpenVAS Manager server. [Henri Doreau]

 + ovs-agent-version: Detects the version of an Oracle OVSAgentServer
   by fingerprinting responses to an HTTP GET request and an XML-RPC
   method call. [David Fifield]

 + quake3-master-getservers: Queries Quake3-style master servers for
   game servers (many games other than Quake 3 use this same
   protocol). [Toni Ruottu]

 + servicetags: Attempts to extract system information (OS, hardware,
   etc.) from the Sun Service Tags service agent (UDP port
   6481). [Matthew Flanagan]

 + sip-brute: Performs brute force password auditing against Session
   Initiation Protocol (SIP -

http://en.wikipedia.org/wiki/Session_Initiation_Protocol)

   accounts.  This protocol is most commonly associated with VoIP
   sessions. [Patrik Karlsson]

 + sip-enum-users: Attempts to enumerate valid SIP user accounts.
   Currently only the SIP server Asterisk is supported. [Patrik
   Karlsson]

 + smb-mbenum: Queries information managed by the Windows Master
   Browser. [Patrik Karlsson]

 + smtp-vuln-cve2010-4344: Checks for and/or exploits a heap overflow
   within versions of Exim prior to version 4.69 (CVE-2010-4344) and
   a privilege escalation vulnerability in Exim 4.72 and prior
   (CVE-2010-4345). [Djalal Harouni]

 + smtp-vuln-cve2011-1720: Checks for a memory corruption in the
   Postfix SMTP server when it uses Cyrus SASL library authentication
   mechanisms (CVE-2011-1720).  This vulnerability can allow denial
   of service and possibly remote code execution. [Djalal Harouni]

 + snmp-ios-config: Attempts to downloads Cisco router IOS
   configuration files using SNMP RW (v1) and display or save
   them. [Vikas Singhal, Patrik Karlsson]

 + ssl-known-key: Checks whether the SSL certificate used by a host
   has a fingerprint that matches an included database of problematic
   keys. [Mak Kolybabi]

 + targets-sniffer: Sniffs the local network for a configurable
   amount of time (10 seconds by default) and prints discovered
   addresses. If the newtargets script argument is set, discovered
   addresses are added to the scan queue. [Nick Nikolaou]

 + xmpp: Connects to an XMPP server (port 5222) and collects server
   information such as supported auth mechanisms, compression methods
   and whether TLS is supported and mandatory. [Vasiliy Kulikov]

o Nmap has long supported IPv6 for basic (connect) port scans, basic
 host discovery, version detection, Nmap Scripting Engine.  This
 release dramatically expands and improves IPv6 support:
 + IPv6 raw packet scans (including SYN scan, UDP scan, ACK scan,
   etc.) are now supported. [David, Weilin]
 + IPv6 raw packet host discovery (IPv6 echo requests, TCP/UDP
   discovery packets, etc.) is now supported. [David, Weilin]
 + IPv6 traceroute is now supported [David]
 + IPv6 protocol scan (-sO) is now supported, including creating
   realistic headers for many protocols. [David]
 + IPv6 support to the wsdd, dnssd and upnp NSE libraries. [Daniel
   Miller, Patrik]
 + The --exclude and --excludefile now support IPV6 addresses with
   netmasks.  [Colin]

o Scanme.Nmap.Org (the system anyone is allowed to scan for testing
 purposes) is now dual-stacked (has an IPv6 address as well as IPv4)
 so you can scan it during IPv6 testing.  We also added a DNS record
 for ScanmeV6.nmap.org which is IPv6-only. See
 http://seclists.org/nmap-dev/2011/q2/428. [Fyodor]

o The Nmap.Org website as well as sister sites Insecure.Org,
 SecLists.Org, and SecTools.Org all have working IPv6 addresses now
 (dual stacked). [Fyodor]

o Nmap now determines the filesystem location it is being run from and
 that path is now included early in the search path for data files
 (such as nmap-services).  This reduces the likelihood of needing to
 specify --datadir or getting data files from a different version of
 Nmap installed on the system.  For full details, see
 http://nmap.org/book/data-files-replacing-data-files.html.  Thanks
 to Solar Designer for implementation advice. [David]

o Created a page on our SecWiki for collecting Nmap script ideas! If
 you have a good idea, post it to the incoming section of the page.
 Or if you're in a script writing mood but don't know what to write,
 come here for inspiration: https://secwiki.org/w/Nmap_Script_Ideas.

o The development pace has greatly increased because Google (again)
 sponsored a 7 full-time college and graduate student programmer
 interns this summer as part of their Summer of Code program!
 Thanks, Google Open Source Department!  We're delighted to introduce
 the team: http://seclists.org/nmap-dev/2011/q2/312

o [NSE] Added 7 new protocol libraries, bringing the total to 66.  You
 can read about them all at http://nmap.org/nsedoc/. Here are the new
 ones (authors listed in brackets):

 + creds: Handles storage and retrieval of discovered credentials
   (such as passwords discovered by brute force scripts). [Patrik
   Karlsson]

 + ncp: A tiny implementation of Novell Netware Core Protocol
   (NCP). [Patrik Karlsson]

 + omp2: OpenVAS Management Protocol (OMP) version 2 support. [Henri
   Doreau]

 + sip: Supports a limited subset of SIP commands and
   methods. [Patrik Karlsson]

 + smtp: Simple Mail Transfer Protocol (SMTP) operations. [Djalal
   Harouni]

 + srvloc: A relatively small implementation of the Service Location
   Protocol. [Patrik Karlsson]

 + tftp: Implements a minimal TFTP server. It is used in
   snmp-ios-config to obtain router config files.[Patrik Karlsson]

o Improved Nmap's service/version detection database by adding:
 + Apple iPhoto (DPAP) protocol probe [Patrik]
 + Zend Java Bridge probe [Michael Schierl]
 + BackOrifice probe [Gorjan Petrovski]
 + GKrellM probe [Toni Ruotto]
 + Signature improvements for a wide variety of services (we now have
   7,375 signatures)

o [NSE] ssh-hostkey now additionally has a postrule that prints hosts
 found during the scan which share the same hostkey. [Henri Doreau]

o [NSE] Added 300+ new signatures to http-enum which look for admin
 directories, JBoss, Tomcat, TikiWiki, Majordomo2, MS SQL, WordPress,
 and more. [Paulino]

o Made the final IP address space assignment update as all available
 IPv4 address blocks have now been allocated to the regional
 registries.  Our random IP generation (-iR) logic now only excludes
 the various reserved blocks.  Thanks to Kris for years of regular
 updates to this function!

o [NSE] Replaced http-trace with a new more effective version. [Paulino]

o Performed some output cleanup work to remove unimportant status
 lines so that it is easier to find the good stuff! [David]

o [Zenmap] now properly kills Nmap scan subprocess when you cancel a
 scan or quit Zenmap on Windows. [Shinnok]

o [NSE] Banned scripts from being in both the "default" and
 "intrusive" categories.  We did this by removing dhcp-discover and
 dns-zone-transfer from the set of scripts run by default (leaving
 them "intrusive"), and reclassifying dns-recursion, ftp-bounce,
 http-open-proxy, and socks-open-proxy as "safe" rather than
 "intrusive" (keeping them in the "default" set).

o [NSE] Added a credential storage library (creds.lua) and modified
 the brute library and scripts to make use of it. [Patrik]

o [Ncat] Created a portable version of ncat.exe that you can just drop
 onto Microsoft Windows systems without having to run any installer
 or copy over extra library files. See the Ncat page
 (http://nmap.org/ncat/) for binary downloads and a link to build
 instructions. [Shinnok]

o Fix a segmentation fault which could occur when running Nmap on
 various Android-based phones.  The problem related to NULL being
 passed to freeaddrinfo(). [David, Vlatko Kosturjak]

o [NSE] The host.bin_ip and host.bin_ip_src entries now also work with
 16-byte IPv6 addresses. [David]

o [Ncat] Updated the ca-bundle.crt list of trusted certificate
 authority certificates. [David]

o [NSE] Fixed a bug in the SMB Authentication library which could
 prevent concurrently running scripts with valid credentials from
 logging in. [Chris Woodbury]

o [NSE] Re-worked http-form-brute.nse to better autodetect form
 fields, allow brute force attempts where only the password (no
 username) is needed, follow HTTP redirects, and better detect
 incorrect login attempts. [Patrik, Daniel Miller]

o [Zenmap] Changed the "slow comprehensive scan" profile's NSE script
 selection from "all" to "default or (discovery and safe)"
 categories.  Except for testing and debugging, "--script all" is
 rarely desirable.

o [NSE] Added the stdnse.silent_require method which is used for
 library requires that you know might fail (e.g. "openssl" fails if
 Nmap was compiled without that library).  If these libraries are
 called with silent_require and fail to load, the script will cease
 running but the user won't be presented with ugly failure messages
 as would happen with a normal require. [Patrick Donnelly]

o [Ncat] ncat now listens on both localhost and ::1 when you run ncat
 -l. It works as before if you specify -4 or -6 or a specific
 address. [Colin Rice]

o [Zenmap] Fixed a bug in topology mapper which caused endpoints
 behind firewalls to sometimes show up in the wrong place (see
 http://seclists.org/nmap-dev/2011/q2/733).  [Colin Rice]

o [Zenmap] If you scan a system twice, any open ports from the first
 scan which are closed in the 2nd will be properly marked as
 closed. [Colin Rice].

o [Zenmap] Fixed an error that could cause a crash ("TypeError: an
 integer is required") if a sort column in the ports table was unset.
 [David]

o [Ndiff] Added nmaprun element information (Nmap version, scan date,
 etc.) to the diff.  Also, the Nmap banner with version number and
 data is now only printed if there were other differences in the
 scan. [Daniel Miller, David, Dr. Jesus]

o [NSE] Added nmap.get_interface and nmap.get_interface_info functions
 so scripts can access characteristics of the scanning interface.
 Removed nmap.get_interface_link. [Djalal]

o Fixed an overflow in scan elapsed time display that caused negative
 times to be printed after about 25 days. [Daniel Miller]

o Updated nmap-rpc from the master list, now maintained by IANA.
 [Daniel Miller, David]

o [Zenmap] Fixed a bug in the option parser: -sN (null scan) was
 interpreted as -sn (no port scan). This was reported by
 Shitaneddine. [David]

o [Ndiff] Fixed the Mac OS X packages to use the correct path for
 Python: /usr/bin/python instead of /opt/local/bin/python. The bug
 was reported by Wellington Castello. [David]

o Removed the -sR (RPC scan) option--it is now an alias for -sV
 (version scan), which always does RPC scan when an rpcinfo service
 is detected.

o [NSE] Improved the ms-sql scripts and library in several ways:
 - Improved version detection and server discovery
 - Added support for named pipes, integrated authentication, and
   connecting to instances by name or port
 - Improved script and library stability and documentation.
 [Patrik Karlsson, Chris Woodbury]

o [NSE] Fixed http.validate_options when handling a cookie table.
 [Sebastian Prengel]

o Added a Service Tags UDP probe for port 6481/udp. [David]

o [NSE] Enabled firewalk.nse to automatically find the gateways at
 which probes are dropped and fixed various bugs. [Henri Doreau]

o [Zenmap] Worked around a pycairo bug that prevented saving the
 topology graphic as PNG on Windows: "Error Saving Snapshot:
 Surface.write_to_png takes one argument which must be a filename
 (str), file object, or a file-like object which has a 'write' method
 (like StringIO)". The problem was reported by Alex Kah. [David]

o The -V and --version options now show the platform Nmap was compiled
 on, which features are compiled in, the version numbers of libraries
 it is linked against, and whether the libraries are the ones that
 come with Nmap or the operating system.  [Ambarisha B., David]

o Fixed some inconsistencies in nmap-os-db reported by Xavier Sudre
 from netVigilance.

o The Nmap Win32 uninstaller now properly deletes nping.exe. [Fyodor]

o [NSE] Added a shortport.ssl function which can be used as a script
 portrule to match SSL services.  It is similar in concept to our
 existing shortport.http. [David]

o Set up the RPM build to use the compat-glibc and compat-gcc-34-c++
 packages (on CentOS 5.3) to resolve a report of Nmap failing to run
 on old versions of Glibc. [David]

o We no longer support Nmap on versions of Windows earlier than XP
 SP2.  Even Microsoft no longer supports Windows versions that old.
 But if you must use Nmap on such systems anyway, please see

https://secwiki.org/w/Nmap_On_Old_Windows_Releases.

o There were hundreds of other little bug fixes and improvements
 (especially to NSE scripts).  See the SVN logs for revisions 22,274
 through 24,460 for details.

To Download Nmap 5.59 BETA 1 Click HERE

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Nmap 5.59 BETA1 (With 40 new NSE scripts)"https://www.voiceofgreyhat.com/2011/07/nmap-559-beta1-with-40-new-nse-scripts.html</a>