Secure Tomorrow » website security

PHP forum systems inherit phpBB vulnerability

Kevin Blanchard — Mon, 05 Feb 2007 04:14:00 +0000

For any of you running a phpBB based setup, if there was one idea I could get across to you, underlined, bolded and with 17 exclamation marks is make sure you set register_globals to off.

Now that I have gotten that out of the way, Heise Security has a short article up discussing the matter in a bit more detail.

Nmap 4.00 is here

Kevin Blanchard — Sat, 04 Feb 2006 01:19:00 +0000

Not much more to say about it. If you use it, you are probably as excited as I am. If you don’t… then go download it. It’s a valuable tool that should be in any security engineers arsenal.

Related links:
Documentation: http://www.insecure.org/nmap/docs.html
Download: http://www.insecure.org/nmap/download.html
Release Announcement: http://www.insecure.org/stf/Nmap-4.00-Release.html

Nmap + Perl > case of the Mondays

Kevin Blanchard — Sat, 10 Dec 2005 08:56:00 +0000

SANS diary had a neat little trick posted a couple weeks back. For those of you who use Nmap quite a bit or as part of their day to day at work, here’s a tip that might help make your work week a bit more bearable. You are aware of the XML output from Nmap but what the heck do you do with it? Perl has a module that just might help you out called NMAP::Parser. This might make your job analyzing or reacting to your findings a bit easier. If you still aren’t 100% clear on how you might use it, here is more information along with an example.