Wireshark (Network Protocol Analyzer) 1.6.6 Released

Wireshark (Network Protocol Analyzer) 1.6.6 Released 

Again we have 2 updated version of Wireshark (Wireshark 1.4.12 & 1.6.6) - It is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education. Wireshark is widely used by system admins and also cyber criminals as because Wireshark has the capability to sniffing packets. Earlier we have discussed several times about Wireshark. The current stable release of Wireshark is 1.6.6. It supersedes all previous releases, including all releases of Ethereal. For a complete list of system requirements and supported platforms, please consult the User's Guide. Information about each release can be found in the release notes.

Official change log for Wireshark 1.6.6:-
Bug Fixes:-
The following vulnerabilities have been fixed:-

• wnpa-sec-2012-04: The ANSI A dissector could dereference a NULL pointer and crash. (Bug 6823)

• Versions affected: 1.4.0 to 1.4.11, 1.6.0 to 1.6.5.

• wnpa-sec-2012-05: The IEEE 802.11 dissector could go into an infinite loop. (Bug 6809)

• Versions affected: 1.6.0 to 1.6.5.

• wnpa-sec-2012-06: The pcap and pcap-ng file parsers could crash trying to read ERF data. (Bug 6804)

• Versions affected: 1.4.0 to 1.4.11, 1.6.0 to 1.6.5.

• wnpa-sec-2012-07: The MP2T dissector could try to allocate too much memory and crash. (Bug 6804)

• Versions affected: 1.4.0 to 1.4.11, 1.6.0 to 1.6.5.

• The Windows installers now include GnuTLS 1.12.18, which fixes several vulnerabilities.

The following bugs have been fixed:-

• ISO SSAP: ActivityStart: Invalid decoding the activity parameter as a BER Integer. (Bug 2873)

• Forward slashes in URI need to be converted to backslashes if WIN32. (Bug 5237)

• Character echo pauses in Capture Filter field in Capture Options. (Bug 5356)

• Some PGM options are not parsed correctly. (Bug 5687)

• dumpcap crashes when capturing from pipe to a pcap-ng file (e.g., when passing data from CACE Pilot to Wireshark). (Bug 5939)

• Unable to rearrange columns in preferences on Windows. (Bug 6077) (Note: this bug still affects the 64-bit package)

• No error for UDP/IPv6 packet with zero checksum. (Bug 6232)

• Wireshark installer doesn’t add access_bpf in 10.5.8. (Bug 6526)

• Corrupted Diameter dictionary file that crashes Wireshark. (Bug 6664)

• packetBB dissector bug: More than 1000000 items in the tree — possible infinite loop. (Bug 6687)

• ZEP dissector: Timestamp not always displayed correctly. Fractional seconds never displayed. (Bug 6703)

• GOOSE Messages don’t use the length field to perform the dissection. (Bug 6734)

• Ethernet traces in K12 text format sometimes give bogus “malformed frame” errors and other problems. (Bug 6735)

• max_ul_ext isn’t printed/decoded to the packet details log in GTP protocol packet. (Bug 6761)

• non-IPP packets to or from port 631 are dissected as IPP. (Bug 6765)

• lua proto registration fails for uppercase proto / g_ascii_strdown problem. (Bug 6766)

• no menu item Fle->Export->SSL Session Keys in GTK. (Bug 6813)

• IAX2 dissector reads past end of packet for unknown IEs. (Bug 6815)

• TShark 1.6.5 immediately crashes on SSL decryption (every time). (Bug 6817)

• USB: unknown GET DESCRIPTOR response triggers assert failure. (Bug 6826)

• IEEE1588 PTPv2 over IPv6. (Bug 6836)

• Patch to fix DTLS decryption. (Bug 6847)

• Expression… dialog crash. (Bug 6891)

• display filter “gtp.msisdn” not working. (Bug 6947)

• Multiprotocol Label Switching Echo – Return Code: Reserved (5). (Bug 6951)

• ISAKMP : VendorID CheckPoint : Malformed Packet. (Bug 6972)

• Adding a Custom HTTP Header Field with a trailing colon causes wireshark to immediately crash (and crash upon restart). (Bug 6982)

• Radiotap dissector lists a bogus “DBM TX Attenuation” bit. (Bug 7000)

• MySQL dissector assertion. (Ask 8649)

• Radiotap header format data rate alignment issues. (Ask 8649)

Updated Protocol Support:-
ANSI A, BSSGP, DIAMETER, DTLS, GOOSE, GSM Management, GTP, HTTP, IAX2, IEEE 802.11, IPP, ISAKMP, ISO SSAP, MP2T, MPLS, MySQL, NTP, PacketBB, PGM, Radiotap, SSL, TCP, UDP, USB, WSP

New and Updated Capture File Support:-
Endace ERF, Pcap-NG, Tektronix K12

To Download Wireshark Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Wireshark (Network Protocol Analyzer) 1.6.6 Released"https://www.voiceofgreyhat.com/2012/03/wireshark-network-protocol-analyzer-166.html</a>

Anonymous-OS Alpha -First Operating System Released By #Anonymous

Anonymous-OS Alpha - First Operating System Released By #Anonymous

Earlier hacktivist Anonymous has released several DoS tool like LOIC, #refref, HOIC and so on but now we have all in one. Anonymous has officially released their first Operating system named Anonymous-OS. Basically its a live ubuntu-based distribution and created for educational purposes, to checking the security of web pages. In short Anonymous-OS can be regarded as a penetration testing distribution like BackBox, BackTrack and so on.

Preinstalled Apps on Anonymous-OS:-
- ParolaPass Password Generator
- Find Host IP
- Anonymous HOIC
- Ddosim
- Pyloris
- Slowloris
- TorsHammer
- Sqlmap
- Havij
- Sql Poison
- Admin Finder
- John the Ripper
- Hash Identifier
- Tor
- XChat IRC
- Pidgin
- Vidalia
- Polipo
- JonDo
- i2p
- Wireshark
- Zenmap

As expected in a sourceforge project page the OS is made available for download. For Additional information & to Download Anonymous-OS click Here. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Anonymous-OS Alpha -First Operating System Released By #Anonymous"https://www.voiceofgreyhat.com/2012/03/anonymous-os-alpha-first-operating.html</a>

Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage

Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage

Earlier we haev discussed many times about one of the most famous and widely used exploitation framework named Metasploit. Yet again the Rapid 7 released another updated version of Metasploit. This update brings Metasploit to version 4.2.0, adding IPv6 support and virtualization target coverage. You'll also notice a new Product News section and update notification for our weekly updates. Since the last major release (4.1.0), added 54 new exploits, 66 new auxiliary modules, 43 new post-exploitation modules, and 18 new payloads. 

Brief About Metasploit:- 

The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.

Module Changes:-

•     Novell eDirectory eMBox Unauthenticated File Access

•     JBoss Seam 2 Remote Command Execution

•     NAT-PMP Port Mapper

•     TFTP File Transfer Utility

•     VMWare Power Off Virtual Machine

•     VMWare Power On Virtual Machine

•     VMWare Tag Virtual Machine

•     VMWare Terminate ESX Login Sessions

•     John the Ripper AIX Password Cracker

•     7-Technologies IGSS 9 IGSSdataServer.exe DoS

•     Microsoft IIS FTP Server <= 7.0 LIST Stack Exhaustion

•     DNS and DNSSEC fuzzer

•     CheckPoint Firewall-1 SecuRemote Topology Service Hostname Disclosure

•     CorpWatch Company ID Information Search

•     CorpWatch Company Name Information Search

•     General Electric D20 Password Recovery

•     NAT-PMP External Address Scanner

•     Shodan Search

•     H.323 Version Scanner

•     Drupal Views Module Users Enumeration

•     Ektron CMS400.NET Default Password Scanner

•     Generic HTTP Directory Traversal Utility

•     Microsoft IIS HTTP Internal IP Disclosure

•     Outlook Web App (OWA) Brute Force Utility

•     Squiz Matrix User Enumeration Scanner

•     Sybase Easerver 6.3 Directory Traversal

•     Yaws Web Server Directory Traversal

•     OKI Printer Default Login Credential Scanner

•     MSSQL Schema Dump

•     MYSQL Schema Dump

•     NAT-PMP External Port Scanner

•     pcAnywhere TCP Service Discovery

•     pcAnywhere UDP Service Discovery

•     Postgres Schema Dump

•     SSH Public Key Acceptance Scanner

•     Telnet Service Encyption Key ID Overflow Detection

•     IpSwitch WhatsUp Gold TFTP Directory Traversal

•     VMWare ESX/ESXi Fingerprint Scanner

•     VMWare Authentication Daemon Login Scanner

•     VMWare Authentication Daemon Version Scanner

•     VMWare Enumerate Permissions

•     VMWare Enumerate Active Sessions

•     VMWare Enumerate User Accounts

•     VMWare Enumerate Virtual Machines

•     VMWare Enumerate Host Details

•     VMWare Web Login Scanner

•     VMWare Screenshot Stealer

•     Capture: HTTP JavaScript Keylogger

•     Oracle DB SQL Injection via SYS.DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION

•     Asterisk Manager Login Utility

•     FreeBSD Telnet Service Encryption Key ID Buffer Overflow

•     Linux BSD-derived Telnet Service Encryption Key ID Buffer Overflow

•     Java Applet Rhino Script Engine Remote Code Execution

•     Family Connections less.php Remote Command Execution

•     Gitorious Arbitrary Command Execution

•     Horde 3.3.12 Backdoor Arbitrary PHP Code Execution

•     OP5 license.php Remote Command Execution

•     OP5 welcome Remote Command Execution

•     Plone and Zope XMLTools Remote Command Execution

•     PmWiki <= 2.2.34 pagelist.php Remote PHP Code Injection Exploit

•     Support Incident Tracker <= 3.65 Remote Command Execution

•     Splunk Search Remote Code Execution

•     Traq admincp/common.php Remote Code Execution

•     vBSEO <= 3.6.0 proc_deutf() Remote PHP Code Injection

•     Mozilla Firefox 3.6.16 mChannel Use-After-Free

•     CTEK SkyRouter 4200 and 4300 Command Execution

•     Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow

•     Icona SpA C6 Messenger DownloaderActiveX Control Arbitrary File Download and Execute

•     HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution

•     Viscom Image Viewer CP Pro 8.0/Gold 6.0 ActiveX Control

•     Java MixerSequencer Object GM_Song Structure Handling Vulnerability

•     MS05-054 Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution

•     MS12-004 midiOutPlayNextPolyEvent Heap Overflow

•     Viscom Software Movie Player Pro SDK ActiveX 6.8

•     Adobe Reader U3D Memory Corruption Vulnerability

•     Aviosoft Digital TV Player Professional 1.0 Stack Buffer Overflow

•     BS.Player 2.57 Buffer Overflow

•     CCMPlayer 1.5 m3u Playlist Stack Based Buffer Overflow

•     Free MP3 CD Ripper 1.1 WAV File Stack Buffer Overflow

•     McAfee SaaS MyCioScan ShowReport Remote Command Execution

•     Mini-Stream RM-MP3 Converter v3.1.2.1 PLS File Stack Buffer Overflow

•     MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow

•     Ability Server 2.34 STOR Command Stack Buffer Overflow

•     AbsoluteFTP 1.9.6 - 2.2.10 LIST Command Remote Buffer Overflow

•     Serv-U FTP Server < 4.2 Buffer Overflow

•     HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow

•     XAMPP WebDAV PHP Upload

•     Avid Media Composer 5.5 - Avid Phonetic Indexer Buffer Overflow

•     Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020000 Buffer Overflow

•     HP Diagnostics Server magentservice.exe Overflow

•     StreamDown 6.8.0 Buffer Overflow

•     Wireshark console.lua Pre-Loading Script Execution

•     Oracle Job Scheduler Named Pipe Command Execution

•     SCADA 3S CoDeSys CmpWebServer <= v3.4 SP4 Patch 2 Stack Buffer Overflow

•     Sunway Forcecontrol SNMP NetDBServer.exe Opcode 0x57

•     OpenTFTP SP 1.4 Error Packet Overflow

•     AIX Gather Dump Password Hashes

•     Linux Gather Saved mount.cifs/mount.smbfs Credentials

•     Multi Gather VirtualBox VM Enumeration

•     UNIX Gather .fetchmailrc Credentials

•     Multi Gather VMWare VM Identification

•     UNIX Gather .netrc Credentials

•     Multi Gather Mozilla Thunderbird Signon Credential Collection

•     Multiple Linux / Unix Post Sudo Upgrade Shell

•     Windows Escalate SMB Icon LNK dropper

•     Windows Escalate Get System via Administrator

•     Windows Gather RazorSQL Credentials

•     Windows Gather File and Registry Artifacts Enumeration

•     Windows Gather Enumerate Computers

•     Post Windows Gather Forensics Duqu Registry Check

•     Windows Gather Privileges Enumeration

•     Windows Manage Download and/or Execute

•     Windows Manage Create Shadow Copy

•     Windows Manage List Shadow Copies

•     Windows Manage Mount Shadow Copy

•     Windows Manage Set Shadow Copy Storage Space

•     Windows Manage Get Shadow Copy Storage Info

•     Windows Recon Computer Browser Discovery

•     Windows Recon Resolve Hostname

•     Windows Gather Wireless BSS Info

•     Windows Gather Wireless Current Connection Info

•     Windows Disconnect Wireless Connection

•     Windows Gather Wireless Profile

For additional information click Here. To Download Metasploit version 4.2.0 for windows & Linux click Here.

 -Source (rapid7)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage"https://www.voiceofgreyhat.com/2012/02/metasploit-420-released-with-ipv6.html</a>

Wireshark Ver 1.4.11 & 1.6.5 Released (Fixed Many Security Holes)

Earlier we have several times talked about Wireshark. It is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education. Wireshark is widely used by system admins and also cyber criminals as because Wireshark has the capability to sniffing packets.

Official Change Log:-

Bug Fixes:-

• wnpa-sec-2012-01: Laurent Butti discovered that Wireshark failed to properly check record sizes for many packet capture file formats. (Bug 6663, bug 6666, bug 6667, bug 6668, bug 6669, bug 6670)
• wnpa-sec-2012-02: Wireshark could dereference a NULL pointer and crash. (Bug 6634)
• wnpa-sec-2012-03: The RLC dissector could overflow a buffer. (Bug 6391)
• “Closing File!” Dialog Hangs. (Bug 3046)
• Sub-fields of data field should appear in exported PDML as children of the data field instead of as siblings to it. (Bug 3809)
• Incorrect time differences displayed with time reference set. (Bug 5580)
• Wrong packet type association of SNMP trap after TFTP transfer. (Bug 5727)
• SSL/TLS decryption needs wireshark to be rebooted. (Bug 6032)
• Export HTTP Objects -> save all crashes Wireshark. (Bug 6250)
• Wireshark Netflow dissector complains there is no template found though the template is exported. (Bug 6325)
• DCERPC EPM tower UUID must be interpreted always as little endian. (Bug 6368)
• Crash if no recent files. (Bug 6549)
• IPv6 frame containing routing header with 0 segments left calculates wrong UDP checksum. (Bug 6560)
• IPv4 UDP/TCP Checksum incorrect if routing header present. (Bug 6561)
• Incorrect Parsing of SCPS Capabilities Option introduced in response to bug 6194. (Bug 6562)
• Various crashes after loading NetMon2.x capture file. (Bug 6578)
• Fixed compilation of dumpcap on some systems (when MUST_DO_SELECT is defined). (Bug 6614)
• SIGSEGV in SVN 40046. (Bug 6634)
• Wireshark dissects TCP option 25 as an “April 1″ option. (Bug 6643)
• ZigBee ZCL Dissector reports invalid status. (Bug 6649)
• ICMPv6 DNSSL option malformed on padding. (Bug 6660)
• Wrong tvb_get_bits function call in packet-csn1.c. (Bug 6708)
• [UDP] – Length Field of Pseudo Header while computing CheckSum is not correct. (Bug 6711)
• pcapio.c: bug in libpcap_write_interface_description_block. (Bug 6719)
• Memory leaks in various dissectors.
• Bytes highlighted in wrong Byte pane when field selected in Details pane.

Updated Protocol Support:-
BGP, BMC CSN1, DCERPC EPM, DCP(ETSI) DMP DTLS GSM Management, H245 HPTEAM, ICMPv6, IEEE 802.15.4 IPSEC IPv4, IPv6, ISAKMP KERBEROS LDSS NFS RLC, RPC-NETLOGON RRC RTMPT SIGCOMP SSL SYSLOG TCP, UDP, XML ZigBee ZCL

New and Updated Capture File Support:-
Accellent 5Views, AIX iptrace, HP-UX nettl, I4B, Microsoft Network Monitor, Novell LANalyzer, PacketLogger, Pcap-ng, Sniffer, Tektronix K12, WildPackets {Airo,Ether}Peek.

To Download Wireshark Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Wireshark Ver 1.4.11 & 1.6.5 Released (Fixed Many Security Holes)"https://www.voiceofgreyhat.com/2012/01/wireshark-ver-1411-165-released-fixed.html</a>

BackBox Linux 2.01 (Penetration Testing Distribution) Released

Earlier we have talked about BackBox Linux. Now a days it has became a very common penetration testing distribution. Now we have version 2.01 of BackBox Linux. 

Brief About BackBox :-

BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable version of the most used and best known ethical hacking tools. The new release include features such as Ubuntu 11.04, Linux Kernel 2.6.38 and Xfce 4.8.0.

What's New In This Release:-

• System upgrade
• Performance boost
• New look
• Improved start menu
• Bug corrections
• New sections such as Forensic Analysis, Documentation & Reporting and Reverse Engineering
• New Hacking tools and updated tools such as dradis 2.8, ettercap 0.7.4.2, john 1.7.8, metasploit 4.2, nmap 5.51, set 2.5.2, sleuthkit 3.2.1, w3af 1.0, weevely 0.5, wireshark 1.6.3, etc.

To Download BackBox Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">BackBox Linux 2.01 (Penetration Testing Distribution) Released"https://www.voiceofgreyhat.com/2012/01/backbox-linux-201-penetration-testing.html</a>

Ettercap 0.7.4 (Lazarus) Network Security Tool For man-in-the-middle Attacks Released

Ettercap is a multipurpose sniffer/interceptor/logger (like Wireshark) for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis. It is a suite for man-in-the-middle attacks on LAN. It featuressniffing of live connections, content filtering on the fly and many other interesting tricks.

Official Change Log:-

• Fixed resource depletion issue
• Buffer access out-of-bounds issues
• Multiple buffer overflows
• Multiple memory leaks
• Multiple files with obsolete code
• Fixed SEND L3 errors experienced by some users
• Fixed a compilation error under Mac OS X Lion
• Updated build system

Interface:  

All this feature are integrated with a easy-to-use and pleasureful ncurses/gtk interfaces. (see screenshots)

Platform Supported :-

Linux 2.0.x

Linux 2.2.x

Linux 2.4.x

Linux 2.6.x

FreeBSD <= 8.2

OpenBSD 2.[789] 3.x

NetBSD 1.5

Mac OS X (Snow Leopard & Lion)

Windows XP/2003/Win 7

Solaris 11

To Download Ettercap 0.7.4 Click Here 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Ettercap 0.7.4 (Lazarus) Network Security Tool For man-in-the-middle Attacks Released"https://www.voiceofgreyhat.com/2011/12/ettercap-074-lazarus-network-security.html</a>

Wireshark 1.4.10 & Wireshark 1.6.3 Released

Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education.

Updated Protocol Support:-
AJP13, ASN.1 PER, BACnet, CSN.1, DTN, Ethernet, ICMPv6, IEEE 802.11, IEEE 802.1q, Infiniband, IPsec, MySQL, PCEP, PN-RT, RTP, S1AP, SSL

New Capture File Support Included:-
Endace ERF. 

Bug Fixed:-

• Assertion failed when doing File->Quit->Save during live capture. (Bug 1710)

• Wrong PCEP XRO sub-object decoding. (Bug 3778)

• Wireshark window takes very long time to show up if invalid network file path is at recent file list (Bug 3810)

• Decoding [Status Records] Timestamp Sequence Field in Bundle Protocol fails if over 32 bits. (Bug 4109)

• ISUP party number dissection. (Bug 5221)

• wireshark-1.4.2 crashes when testing the example python dissector because of a dissector count assertion. (Bug 5431)

• Ethernet packets with both VLAN tag and LLC header no longer displayed correctly. (Bug 5645)

• SLL encapsuled 802.1Q VLAN is not dissected. (Bug 5680)

• Wireshark crashes when attempting to open a file via drag & drop when there’s already a file open. (Bug 5987)

• Adding and removing custom HTTP headers requires a restart. (Bug 6241)

• Can’t read full 64-bit SNMP values. (Bug 6295)

• Dissection fails for frames with Gigamon Header and VLAN. (Bug 6305)

• RTP Stream Analysis does not work for TURN-encapsulated RTP. (Bug 6322)

• packet-csn1.c doesn’t process CSN_CHOICE entries properly. (Bug 6328)

• BACnet property time-synchronization-interval (204) name shown incorrectly as time-synchronization-recipients. (Bug 6336)

• GUI crash on invalid IEEE 802.11 GAS frame. (Bug 6345)

• [ASN.1 PER] Incorrect decoding of BIT STRING type. (Bug 6347)

• ICMPv6 router advertisement Prefix Information Flag R “Router Address” missing. (Bug 6350)

• Export -> Object -> HTTP -> save all: Error on saving files. (Bug 6362)

• Inner tag of 802.1ad frames not parsed properly. (Bug 6366)

• Added cursor type decoding to MySQL dissector. (Bug 6396)

• Incorrect identification of UDP-encapsulated NAT-keepalive packets. (Bug 6414)

• WPA IE pairwise cipher suite dissector uses incorrect value_string list. (Bug 6420)

• S1AP protocol can’t decode IPv6 transportLayerAddress. (Bug 6435)

• RTPS2 dissector doesn’t handle 0 in the octestToNextHeader field. (Bug 6449)

• packet-ajp13 fix, cleanup, and enhancement. (Bug 6452)

• Network Instruments Observer file format bugs. (Bug 6453)

• Wireshark crashes when using “Open Recent” 2 times in a row. (Bug 6457)

• Wireshark packet_gsm-sms, display bug: Filler bits in TP-User Data Header. (Bug 6469)

• wireshark unable to decode NetFlow options which have system scope size != 4 bytes. (Bug 6471)

• Display filter Expression Dialog Box Error. (Bug 6472)

• text_import_scanner.l missing. (Bug 6531)

To Download Wireshark click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Wireshark 1.4.10 & Wireshark 1.6.3 Released"https://www.voiceofgreyhat.com/2011/11/wireshark-1410-wireshark-163-released.html</a>

Wireshark World’s Most Popular Network Protocol Analyzer is Now on Ver. 1.4.9 & 1.6.2

Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education.

This is the official change log for Wireshark:-

• wnpa-sec-2011-12A large loop in the OpenSafety dissector could cause a crash. (Bug 6138)
• Versions affected: 1.6.0 to 1.6.1.
• wnpa-sec-2011-13A malformed IKE packet could consume excessive resources.
• Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1.
• CVE-2011-3266
• wnpa-sec-2011-14A malformed capture file could result in an invalid root tvbuff and cause a crash. (Bug 6135)
• Versions affected: 1.6.0 to 1.6.1.
• wnpa-sec-2011-15Wireshark could run arbitrary Lua scripts. (Bug 6136)
• Versions affected: 1.4.0 to 1.4.8, 1.6.0 to 1.6.1.
• wnpa-sec-2011-16The CSN.1 dissector could crash. (Bug 6139)
• Versions affected: 1.6.0 to 1.6.1.

The following bugs have been fixed:-

• configure ignores (partially) LDFLAGS. (Bug 5607)
• Build fails when it tries to #include <getopt.h>, not present in Solaris 9. (Bug 5608)
• Unable to configure zero length SNMP Engine ID. (Bug 5731)
• BACnet who-is request device range values are not decoded correctly in the packet details window. (Bug 5769)
• H.323 RAS packets missing from packet counts in “Telephony->VoIP Calls” and the “Flow Graph” for the call. (Bug 5848)
• Wireshark crashes if sercosiii module isn’t installed. (Bug 6006)
• Editcap could create invalid pcap files when converting from JPEG. (Bug 6010)
• Timestamp is incorrectly decoded for ICMP Timestamp Response packets from MS Windows. (Bug 6114)
• Malformed Packet in decode for BGP-AD update. (Bug 6122)
• Wrong display of CSN_BIT in CSN.1. (Bug 6151)
• Fix CSN_RECURSIVE_TARRAY last bit error in packet-csn1.c. (Bug 6166)
• Wireshark cannot display Reachable time & Retrans timer in IPv6 RA messages. (Bug 6168)
• ReadPropertyMultiple-ACK not correctly dissected. (Bug 6178)
• GTPv2 dissectors should treat gtpv2_ccrsi as optional. (Bug 6183)
• BGP : AS_PATH attribute was decode wrong. (Bug 6188)
• Fixes for SCPS TCP option. (Bug 6194)
• Offset calculated incorrectly for sFlow extended data. (Bug 6219)
• [Enter] key behavior varies when manually typing display filters. (Bug 6228)
• Contents of pcapng EnhancedPacketBlocks with comments aren’t displayed. (Bug 6229)
• Misdecoding 3G Neighbour Cell Information Element in SI2quater message due to a coding typo. (Bug 6237)
• Mis-spelled word “unknown” in assorted files. (Bug 6244)
• tshark run with -Tpdml makes a seg fault. (Bug 6245)
• btl2cap extended window shows wrong bit. (Bug 6257)
• NDMP dissector incorrectly represents “ndmp.bytes_left_to_read” as signed. (Bug 6262)
• TShark/dumpcap skips capture duration flag occasionally. (Bug 6280)
• File types with no snaplen written out with a zero snaplen in pcap-ng files. (Bug 6289)
• Wireshark improperly parsing 802.11 Beacon Country Information tag. (Bug 6264)
• ERF records with extension headers not written out correctly to pcap or pcap-ng files. (Bug 6265)
• RTPS2: MAX_BITMAP_SIZE is defined incorrectly. (Bug 6276)
• Copying from RTP stream analysis copies 1st line many times. (Bug 6279)
• Wrong display of CSN_BIT under CSN_UNION. (Bug 6287)
• MEGACO context tracking fix – context id reuse. (Bug 6311)

Updated Protocol Support:-
BACapp, Bluetooth L2CAP, CSN.1, DCERPC, GSM A RR, GTPv2, ICMP, ICMPv6, IKE, MEGACO, MSISDN, NDMP, OpenSafety, RTPS2, sFlow, SNMP, TCP

New and Updated Capture File Support:-
CommView, pcap-ng, JPEG.


TO download Wireshark click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Wireshark World’s Most Popular Network Protocol Analyzer is Now on Ver. 1.4.9 & 1.6.2"https://www.voiceofgreyhat.com/2011/09/wireshark-worlds-most-popular-network.html</a>

Wireshark 1.4.8 & 1.6.1 Has Been Released

The world’s most popular network protocol analyzer Wireshark now has an update – Wireshark version 1.4.8 and Wireshark version 1.6.1
Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education. The Wireshark v1.4.8 update fixes a lot of bugs and known vulnerabilities such as CVE-2011-2597. Protocol support for the following protocols has been improved – ANSI MAP, GIOP, H.323, IEEE 802.11, MSRP, RPCAP, sFlow, TCP. Capture file support for Lucent/Ascend has been updated too!

To Download Wireshark Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Wireshark 1.4.8 & 1.6.1 Has Been Released"https://www.voiceofgreyhat.com/2011/07/wireshark-148-161-has-been-released.html</a>

Google Patches Sidejacking Vulnerability

Google has been rolling out a server-side patch for the ClientLogin authentication protocol vulnerability that affects 99.7% of Android smartphones.
"We recently started rolling out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts. This fix requires no action from users and will roll out globally over the next few days," said a Google spokesperson via email.

 Google's fix comes in response to a warning, published earlier this month by researchers at the University of Ulm in Germany, that Android devices could be exploited in a sidejacking-like attack. Just as website session cookies can be stolen (sidejacked), allowing attackers to impersonate a user, attackers could sniff data being sent to and from Android smartphones that are connected to unsecured Wi-Fi networks--by using a tool such as Wireshark--and capture tokens for any Google service that uses the ClientLogin authentication protocol. Applications that use this protocol include Google Calendar, Contacts, and Picasa, as well as third-party applications for Facebook and Twitter.
Android smartphone users running the latest OS, 2.3.4, were already protected against the vulnerability. But 99.7% of Android users are still on older operating systems.
Accordingly, Google's solution has been a server-side fix that forces Android devices to use HTTPS--to keep data encrypted--when syncing with the Google Contacts or Calendar, so that authentication credentials can't be intercepted. "The great news is that it doesn't require a software update on the Android devices themselves--meaning the fix is automatic and worldwide. Effectively this is a silent fix," said Graham Cluley, senior technology consultant at Sophos, in a blog post.
No attacks have been seen that exploit the vulnerability, and a fix is still in the works for Picasa. For now, Picasa users can mitigate the vulnerability by avoiding unsecured Wi-Fi networks, which would prevent their authentication credentials from being stolen.
Security-wise, Google's server-side patch is a crucial move because most cell phone carriers rarely push patches or OS updates to their customers. Because of that, some industry watchers had worried that Google would have difficulty securing older devices. For now, it's dodged that bullet, but in the future, major flaws could still pose a problem. "Concerns still remain as to how easy it would be to fix a serious security vulnerability on the Android devices themselves, given that Google is so reliant on manufacturers and carriers to push out OS updates," said Cluley.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Google Patches Sidejacking Vulnerability"https://www.voiceofgreyhat.com/2011/05/google-patches-sidejacking.html</a>

Google Deodorizes Sniffable Android Security Flaw

A new round of patching has begun for Android phones, the vast majority of which were found to be vulnerable to hackers if the owner was using it on an open WiFi network. The flaw affected 99.7 percent of all Android smartphones running Android 2.3.3 and earlier versions because they don't use a secure HTTPS connection, according to researchers.

Google (Nasdaq: GOOG) has begun rolling out a patch to fix a security flaw in versions 2.3.3 and earlier of its Android mobile operating system.

That flaw affects all Google services using the ClientLogin authentication protocol.
It lets hackers access any personal data available through Android's application programming interfaces (APIs).
"The flaw is now fixed for all versions of Android worldwide," Google spokesperson Randall Sarafa told LinuxInsider.
The patch is being rolled out in stages over several days, Sarafa said.

The Hole in Android

The flaw gained media attention after it was publicized by the University of Ulm.
Here's how it works: When an application wants to get access to Android's APIs, it requests an authentication token through ClientLogin by providing an account name and password.
The system then returns an authorization token, which is good for up to two weeks.
If the token is used in requests sent over unencrypted networks, such as WiFi networks, hackers can steal it. They can then use the token to access any personal data made available through the service API.
The hackers will gain full access to the victim's calendar, contacts information, or private Web-based photo albums. They'll be able to view, delete, or modify any calendar events, contacts, or private pictures, the Ulm University researchers said.
The flaw affected 99.7 percent of all Android smartphones running Android 2.3.3 and earlier versions because they don't use a secure HTTPS connection, the researchers said.
Google's patch forces an HTTPS connection for calendar and contacts sync on Android, Sarafa said.

More on the Flaw

Authentication tokens are widely used for online services such as eBay (Nasdaq: EBAY). They are also used by software and application vendors such as Microsoft (Nasdaq: MSFT) and Splunk, and in Apple's (Nasdaq: AAPL) iOS mobile operating system.
There was a problem with the authentication token on Android because Google's implementation was faulty, Paul Laudanski, director of ESET's cyber threat analysis center, told LinuxInsider.
"The entry point is having an unpatched or vulnerable Android system connecting to Google services using ClientAuth over an unencrypted public WiFi network," Laudanski explained. "The correct implementation is to transmit the authorization token in a secured manner."
Google services transmit the authorization token as an open text message, which can be easily stolen.
If the technology is implemented correctly and the authorization tokens are sent securely, then even if an unencrypted WiFi network is used, the user information would appear as garbage to snoopers, Laudanski pointed out.
Google's implementation of the technology may not have been faulty in and of itself, argues Mike Paquette, chief strategy officer at Top Layer Security.
"The problem appears to be the use of the ClientLogin protocol, allowing these sniffable authentication protocols, combined with a long expiry time," Paquette told LinuxInsider. "This makes exploits practical and even likely," he added.
Android smartphone owners should stay away from heavily used public WiFi hotspots, Paquette warned. "It's likely that attackers would target areas with large numbers of users of public WiFi in order to have the greatest return," he explained.

Old Problems Refreshed

The security flaw in Android was apparently first discovered by Dan Wallach of Princeton University, who blogged about it in February.
In an experiment during his undergraduate security class, he set up a sniffer with fellow students to listen in on his Android smartphone. They used Wireshark and Mallory.
Wireshark is a network protocol analyzer for Unix and Windows. Mallory is a transparent TCP and UDP proxy. It can be used to access network streams and assess mobile Web applications, among other things.
UDP, the User Datagram Protocol, is one of the core members of the Internet Protocol (IP) Suite. It lets applications directly send messages, or datagrams, to other hosts on an IP network.
The team found that Google doesn't encrypt traffic to Google Calendar, although it properly encrypts traffic to Gmail and Google Voice. Eavesdroppers could see victims' calendar transactions and likely impersonate them on Google Calendar, Wallach found.
The University of Ulm researchers built on Wallach's research.
Android smartphone users should apply the same security precautions to their devices as they would do with their laptops, Torsten George, vice president of marketing at Agiliance, told LinuxInsider.
"Smartphones are essentially taking on the role of a regular computer," George pointed out. "Thus, they are just as vulnerable to attack by cybercriminals as regular laptop or desktop computers."
Because they lack built-in security, smartphones "open up a bigger attack surface than traditional computer devices," George added

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Google Deodorizes Sniffable Android Security Flaw"https://www.voiceofgreyhat.com/2011/05/google-deodorizes-sniffable-android.html</a>

Wi-Fi Security Challenge 3 By Security Tube, Prize: $50 !

This challenge has 2 parts:
3a. Never Judge a Packet by its Type:
In this challenge the trace file contains a Shared Key Challenge Text and Encrypted Response. You will need to crack the WEP key with just this.

3b. Never Send a N00b to a do a Hacker's Job:
In this challenge, you send your N00b apprentice to collect a Wireshark trace. He mistakenly limits the size of the packets and all your get is a truncated encrypted data packet! :( Can you crack the WEP key with just this? Take a shot!

All tools / programming platforms required are present on BT4. We don't expect you to scour the web for this :)

Prizes: The first person to finish the challenges and send us an email will win $50 worth of goodies from Amazon. Your choice! choose what you want! 

You can download the trace files and updates from the Challenge Page: http://www.securitytube.net/video/1884

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Wi-Fi Security Challenge 3 By Security Tube, Prize: $50 !"https://www.voiceofgreyhat.com/2011/05/wi-fi-security-challenge-3-by-security.html</a>

Updated BackBox Linux 1.05 is now avilable

BackBox is a Linux distribution based on Ubuntu Lucid 10.04 LTS developed to perform penetration tests and security assessments. Designed to be fast, easy to use and to provide a minimal yet complete desktop environment thanks to its own software repositories always been updated to the last stable version of the most known and used ethical hacking tools.

This is the official change log:

• New ISO image (32bit & 64bit)
• System upgrade
• Performance boost
• New look and feel
• Improved start menu
• Bug fixing
• Hacking tools new or updated: Firefox 4, Hydra 6.2, Kismet 2011.03.2, Metasploit Framework 3.6.0, NMap 5.51, SET 1.3.5, SqlMap 0.9,  sslstrip 0.8, w3af 1.0-rc5, weevely 0.3, WhatWeb 1.4.7, Wireshark 1.4.5, Zaproxy 1.2, etc.

This BackBox Linux 1.05 features the following upstream components: Ubuntu 10.04, Linux 2.6.32 and Xfce 4.6.1. Slowly, yet surely, this distribution is going to be great!
Download BackBox Linux 1.05 (backbox-1.05-i386.iso) here.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Updated BackBox Linux 1.05 is now avilable"https://www.voiceofgreyhat.com/2011/05/updated-backbox-linux-105-is-now.html</a>

Infondlinux: Install Useful Security Tools and Firefox Addons!

infondlinux is a script that installs most of tools, that we use during penetration tests and capture the flag tournaments. It is a post configuration script for Ubuntu Linux. We can also install it on other *nix system but not all of the below mentioned tools may work depending on environment. It has been actively tested on Ubuntu 10.10.
It installs useful security tools and Firefox addons. Tools installed by script are listed at the beginning of source code, which we can edit as per our requirement.
List of security tools included:
Debian packages:

• imagemagick
• vim
• less
• gimp
• build-essential
• wipe
• xchat
• pidgin
• vlc
• nautilus-open-terminal
• nmap
• zenmap
• sun-java6-plugin et jre et jdk
• bluefish
• flash-plugin-nonfree
• aircrack-ng
• wireshark
• ruby
• ascii
• webhttrack
• socat
• nasm
• w3af
• subversion
• mercurial
• libopenssl-ruby
• ruby-gnome2
• traceroute
• filezilla
• gnupg
• rubygems
• php5
• libapache2-mod-php5
• mysql-server
• php5-mysql
• phpmyadmin
• extract
• p0f
• spikeproxy
• ettercap
• dsniff :
  • arpspoof Send out unrequested (and possibly forged) arp replies.
  • dnsspoof forge replies to arbitrary DNS address / pointer queries on the Local Area Network.
  • dsniff password sniffer for several protocols.
  • filesnarf saves selected files sniffed from NFS traffic.
  • macof flood the local network with random MAC addresses.
  • mailsnarf sniffs mail on the LAN and stores it in mbox format.
  • msgsnarf record selected messages from different Instant Messengers.
  • sshmitm SSH monkey-in-the-middle. proxies and sniffs SSH traffic.
  • sshow SSH traffic analyser.
  • tcpkill kills specified in-progress TCP connections.
  • tcpnice slow down specified TCP connections via “active” traffic shaping.
  • urlsnarf output selected URLs sniffed from HTTP traffic in CLF.
  • webmitm HTTP / HTTPS monkey-in-the-middle. transparently proxies.
  • webspy sends URLs sniffed from a client to your local browser
• unrar
• torsocks
• secure-delete
• nautilus-gksu
• sqlmap

Third party packages:

• tor
• tor-geoipdb
• virtualbox 4.0
• google-chrome-stable

Manually downloaded software’s and versions:

• DirBuster (1.0RC1)
• truecrypt (7.0a)
• metasploit framework (3.6)
• webscarab (latest)
• burp suite (1.3.03)
• parosproxy (3.2.13)
• jmeter (2.4)
• rips (0.35)
• origami-pdf (latest)
• pdfid.py (0.0.11)
• pdf-parser.pym (0.3.7)
• fierce (latest)
• wifite (latest)
• pyloris (3.2)
• skipfish (1.86 beta)
• hydra (6.2)
• Maltego (3.0)
• SET

Author made scripts:

• hextoasm
• md5crack.py (written by Corbiero)
• chartoascii.py
• asciitochar.py
• rsa.py

Firefox extensions:

• livehttpheaders
• firebug
• tamperdata
• noscript
• flashblock
• flashgot
• foxyproxy
• certificatepatrol
• chickenfoot 1.0.7

Pretty good list of applications we must say.
How to install?

1	sudo infondlinux.sh

or

1	sh infondlinux.sh

Download infondlinux v0.5 (infondlinux.sh) here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Infondlinux: Install Useful Security Tools and Firefox Addons!"https://www.voiceofgreyhat.com/2011/04/infondlinux-install-useful-security.html</a>