Archive for August, 2005

Pakistan HP awarded National Free and Open Source Software award

Tuesday, August 23rd, 2005

Pakistan Honeynet Project has been awarded the 1st ever National Free and Open Source Software Award 2005 on the occasion of the 1st National Free and Open Source Software Awareness Campaign FOSSAC’2005.

Philippine Honeynet Project joins Research Alliance

Friday, August 19th, 2005

Philippine Honeynet Project joins Research Alliance: The Philippine Honeynet Project, based at Ateneo de Manila University, has joined the Honeynet Project’s Research Alliance. More details about the group can be found here http://www.philippinehoneynet.org/

“Honeypots for Windows” published

Thursday, August 18th, 2005

“Honeypots for Windows” book published: “Honeypots for Windows” by Roger A. Grimes has been published: http://www.amazon.com/exec/obidos/ASIN/1590593359/robsladesinterne

Amazon UK link

VMWare Stealth Patch released

Wednesday, August 17th, 2005

VMWare Stealth Patch released by French Honeynet Project. Kostya Kortchinsky of the French Honeynet Project has release a new version of his patch for VMware that allow operators to further obfuscate VMware used as a honeypot. http://www.securityfocus.com/archive/119/349385
http://honeynet.rstack.org/tools/vmpatch.c New features include the ability to create a virtual host without the VMWare backdoor, modify the graphics card and set a non VMWare MAC address.

French HP catch zero-day exploit

Wednesday, August 17th, 2005

French Honeynet Project catch zero-day exploit: A honeypot run by the French Honeynet Project has caught a zero-day windows exploit (http://www.frenchhoneynetproject.org)

Interesting stats: malware collection on increase

Wednesday, August 17th, 2005

Malware collection on the increase. Some interesting stats from MWCollect and Nepenthes show malware collection is on the increase:

The results from a /17 network block in Germany are particularly interesting.

Activeworx release updated Honeynet Security Console

Tuesday, August 16th, 2005

Activeworx update Honeynet Security Console. Activeworx have released an updated version of their free HSC tool: http://www.activeworx.org “Activeworx is pleased to announce the release of Honeynet Security Console(HSC) version 2.5 For Windows 2000/XP. HSC is a free analysis tool to view events on your personal network or honeynet. It gives you the power to view events from Snort, TCPDump, Firewall, Syslog and Sebek logs. This tool is not only for honeynets, it is also a great interface to view snort events. With both HSC and IDS Policy Manager (also at activeworx.org) you have a free complete solution to manage your snort rules and view the events. The release of HSC v2.5 adds many new features. These including new graphs, printing, copying events and overall look and feel. Here are some additional
changes: Added – Print events from event grids
Added – Refresh Unique Events
Added – Event Overview now shows 24 hour, 7 day, 30 day and 90 day graphs Added – Search output to Time of Day Graphs Added – Ctrl-C now copies highlighted events to the clipboard Added – Priority Graphs have been cleaned up Added – Task Filter options with finite values now have a drop down values Added – Viewing IDS events are more descriptive Added – Support for email authentication Added – Visual changes throughout the app make it more pleasant to the eye and easier to use.”

Microsoft’s ‘monkeys’ find first zero-day exploit

Tuesday, August 9th, 2005

Microsoft’s “monkeys” find first zero-day exploit: Microsoft’s well publicised Honeymonkey project has found its first zero day exploit: http://online.securityfocus.com/news/11273