For any of you running a phpBB based setup, if there was one idea I could get across to you, underlined, bolded and with 17 exclamation marks is make sure you set register_globals to off.
Now that I have gotten that out of the way, Heise Security has a short article up discussing the matter in a bit more detail.
Not much more to say about it. If you use it, you are probably as excited as I am. If you don’t… then go download it. It’s a valuable tool that should be in any security engineers arsenal.
Related links:
Documentation: http://www.insecure.org/nmap/docs.html
Download: http://www.insecure.org/nmap/download.html
Release Announcement: http://www.insecure.org/stf/Nmap-4.00-Release.html
SANS diary had a neat little trick posted a couple weeks back. For those of you who use Nmap quite a bit or as part of their day to day at work, here’s a tip that might help make your work week a bit more bearable. You are aware of the XML output from Nmap but what the heck do you do with it? Perl has a module that just might help you out called NMAP::Parser. This might make your job analyzing or reacting to your findings a bit easier. If you still aren’t 100% clear on how you might use it, here is more information along with an example.