Today we can easily access lots of free services “in the cloud” for documents sharing, photo publishing and filessynchronization. Most user will be happy to have same pics or documents available on different devices (think about a “classic” scenario with a single user accessing data from Home Desktop, company laptop and personal iPAD) forfree but we must think securely when we move or copy personal information across the internet.Dropboxcompromission is a clear example about “cloud security”. In this post I will try to explain how the data can be lost and how we can improve data protection using Free Software over different platforms.
Dropbox, one of the most used cloud file synchronization service, admits it suffered serious password failure allowing an unknown number of users to log in into any account using any password. If the files synchronized on Dropbox was encrypted this problem is not an issue…..otherwise……someone could access your files.
Christopher Soghoian post the issue on the Pastebin Forum.
In the next few days I will post a complete Guide on “How To Synchronize Securely Your Files over Dropbox or any other cloud synchronization service”.
Backtrack 5 has been release today with codename “revolution” !
BT5 is based on Ubuntu Lucid LTS. Kernel 2.6.38, patched with all relevant wireless injection patches. Fully open source and GPL compliant.
Read the original post on BackTrack5 official web site : http://www.backtrack-linux.org
Click here to read release post.
This data has been released by SecViz
Finally a new release of Nessus, the most famous Vulnerability Scanner, has been released. The new release has improvements and fixes as:
– It is now possible to define a global maximum number of packets per second sent by the SYN scanner, no matter how many scans are running, by setting the option nessus_syn_scanner.global_throughput.max in nessusd.conf (for instance, setting nessus_syn_scanner.global_throughput.max = 10000 guarantees that nessusd will not send more than 10,000 packets per second during the port scan phase). Use this feature if you’re scanning through fragile firewalls or if you want to reduce the impact of the port scan on the network ;
– Backend database can automatically switch from the “high” memory usage (which uses more memory but is faster during the scan) to “low” (which uses less memory but slows scans down a little) when nessusd can’t allocate enough memory. In 4.4.0, Nessus would abort if it could not load the database in memory ;
– Along the same lines, new installs on 32 bits machines are now defaulting to the “low” memory usage. Change this to qdb_mem_usage = high in nessusd.conf if you have plenty of memory and want to conduct faster scans ;
– Packet forgery scales much better. As a result, network discovery is faster now ;
– Custom plugins now handle the import() call (4.4.0 regression) ;
– The scans would sometime “hang” on Solaris 10 ;
– nessusd is better at returning memory to the kernel when a scan is finished (Linux, Windows) ;
– We added packages for SuSE 11 (32 and 64 bits)
– The Linux “generic” builds are now a fully static binary
– The Ubuntu 10.10 builds now contain their own version of OpenSSL, as Ubuntu silently dropped support for SSLv2.
You can download Nessus from the Official Download Page and read more about new version on the blog.