SecurityDistro - BackTrack 3 Beta Released

Quoted from http://www.securitydistro.com/index.php?option=com_content&task=view&id=305:

SecurityDistro - BackTrack 3 Beta Released

BackTrack 3 Beta ISO version (Stripped Down - 700 mb) http://www.offensive-security.com/bt3b141207.iso.torrent BackTrack 3 Beta USB version (946 mb) http://www.offensive-security.com/bt3b141207.rar.torrent

Slashdot | Most In US Have False Sense of Online Security

Quoted from http://it.slashdot.org/article.pl?sid=07/12/06/1537256:

Slashdot | Most In US Have False Sense of Online Security

"More than half of computer users who think they are protected against online threats like spyware, viruses, and hackers actually have inadequate or no online protection, according to an independent research study conducted for Verizon... While 92 percent of participants thought they were safe, the scans revealed that 59 percent were actually vulnerable to a variety of online dangers. Ninety-four percent of those surveyed said they would find it helpful to be able to diagnose or check their online security status on a regular basis to make sure their PCs were safe."

Slashdot | Security in Ten Years

Quoted from http://it.slashdot.org/article.pl?sid=07/12/03/1840243&from=rss:

Slashdot | Security in Ten Years

Schneier has posted a conversation between himself and Marcus Ranum, Chief Security Officer for Tenable Network Security, Inc. looking at where security is headed.

SecurityDistro - OWASP LabRat 2.1 Released

Quoted from http://www.securitydistro.com/index.php?option=com_content&task=view&id=303:

SecurityDistro - OWASP LabRat 2.1 Released

This LabRat release is part of the 2007 OWASP Spring of Code project.

You can download it here. 

Please let us know your thoughts on the new release by going to the LabRat 2.1 forum section.

Slashdot | A Look at Microsoft's Security War Room

Quoted from http://it.slashdot.org/article.pl?sid=07/12/03/1451252&from=rss:

C|Net has an interesting piece about Microsoft's Security War Room, or rather, shall I say rooms. This room came about when Microsoft's security chief, Mike Nash, had issues finding open conference rooms. The response; a dedicated room only for him and his staff to handle emergencies.

BackTrack 3 In Testing
BackTrack 3 is currently in testing. No word yet on a release time.

Here is a little teaser.

Microsoft gives in to denied IE vulnerability
"Microsoft has finally accepted responsibility for its role in a security weakness that allows malicious websites to run harmful code on an end user's machine. The acknowledgment of the vulnerability in Internet Explorer comes after three months of saying the burden lay with third-party software makers whose programs actually accepted the nasty payloads."

There goes Microsoft's credibility...again.

Full Article: http://www.theregister.co.uk/2007/10/12/microsoft_uri_reversal/

A Monster of a Trojan
"A Trojan horse mines Monster.com for personal details that could make fraudulent e-mail schemes more convincing, while evidence mounts that other job sites are also being attacked."

Full Article: http://www.securityfocus.com/news/11484

Businesses spend only 20% on security
"Security accounted for 20 percent of technology spending last year and it's expected to rise, according to a report released Tuesday."

Full Article: http://www.itnews.com.au/News/62760,businesses-spend-20-of-it-budgets-on-security-survey-shows.aspx

Office workers still the biggest threat to IT security
According to a new online survey from Sophos, regular employees pose the biggest threat to IT security.
Wow, who would have thought... /sarcasm

Full Article: http://www.sophos.com/pressoffice/news/articles/2007/10/network-threat.html

Linux Kernel v2.6.23 Released
"2.6.23 includes the new, better, fairer CFS process scheduler, a simpler read-ahead mechanism, the lguest 'Linux-on-Linux' paravirtualization hypervisor, XEN guest support, KVM smp guest support, variable process argument length, make SLUB the default slab allocator, SELinux protection for exploiting null dereferences using mmap, XFS and ext4 improvements, PPP over L2TP support, the 'lumpy' reclaim algorithm, a userspace driver framework, the O_CLOEXEC file descriptor flag, splice improvements, new fallocate() syscall, lock statistics, support for multiqueue network devices, various new drivers and many other minor features and fixes."

Release Notes: http://kernelnewbies.org/Linux_2_6_23

Content Aware Image Resizing
Could this technology have any practical applications in steganography? Think about it.

http://www.dailymotion.com/video/x2swhh_redimensionnement-intelligent-dimag_news

Ophcrack Live 1.2.1 Released
"Ophcrack is a Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a GTK+ Graphical User Interface and runs on Windows, Mac OS X (Intel CPU) as well as on Linux."

Official website

Undocumented Bypass in PGP Whole Disk Encryption
"PGP Corporation's widely adopted Whole Disk Encryption product apparently has an encryption bypass feature that allows an encrypted drive to be accessed without the boot-up passphrase challenge dialog, leaving data in a vulnerable state if the drive is stolen when the bypass feature is enabled. The feature is also apparently not in the documentation that ships with the PGP product, nor the publicly available documentation on their website, but only mentioned briefly in the customer knowledge base. Jon Callas, CTO and CSO of PGP Corp., responded that this feature was required by unnamed customers and that competing products have similar functionality."

http://it.slashdot.org/it/07/10/04/1639224.shtml

A picture is worth 1,000 words...

Peace, Love, Linux
Originally uploaded by Amayita.

I took the Linux Distribution Chooser test, and got this:

	Debian
	Homepage: http://www.debian.org/ Screenshots: Click to view screenshots of this distribution Debian is a free operating system (OS) for your computer. An operating system is the set of basic programs and utilities that make your computer run. Debian GNU/Linux provides more than a pure OS: it comes with over 15490 packages, precompiled software bundled up in a nice format for easy installation on your machine.

This thing is pretty accurate.