VA laptop recovered; FBI says data not accessed

The government has recovered a stolen
laptop computer and hard drive with sensitive data on up to 26.5
million veterans and military personnel.

The FBI said Thursday there is no evidence that anyone accessed Social Security numbers and other data on the equipment.

Affairs Secretary Jim Nicholson, in announcing the recovery of the
computer, said there have been no reports of identity theft stemming
from the May 3 burglary at a VA employee's Maryland home.

FBI, in a statement from its Baltimore field office, said a preliminary
review of the equipment by its computer forensic teams “has determined
that the data base remains intact and has not been accessed since it
was stolen.” More tests were planned, however.

Nicholson said the laptop and hard drive were turned in to the FBI. No suspects were in custody.

From CNN.  So some punk kid who broke into his house finally watched the news and figured he better turn it in.  Good move.  I know this will make many veterens very happy.


Fyodor updates Top 100 Security Tools

After the tremendously successful 2000 and 2003
security tools surveys, Insecure.Org is delighted to
release this 2006 survey. I (Fyodor) asked users
from the nmap-hackers
mailing list to share their favorite tools, and 3,243 people
responded. This allowed me to expand the list to 100 tools, and even
subdivide them into categories. Anyone in the security field
would be well advised to go over the list and investigate tools they
are unfamiliar with. I discovered several powerful new tools this
way. I also will be pointing newbies to this site whenever they write
me saying “I don't know where to start”.

Respondents were allowed to list open source or commercial tools on
any platform. Commercial tools are noted as such in the list below.
No votes for the Nmap Security
were counted because the survey was taken on a Nmap
mailing list. This audience also means that the list is slightly
biased toward “attack” tools rather than defensive ones.

Nessus, Wireshark, Snort, Netcat and Metasploit Framwork hit the top 5.  Google is #34.  Tor is #59.

See the Top 100 Security Tools.

Nessus for Windows Public Beta

Tenable Network Security, Inc. is proud to announce the immediate availability of Nessus 3.0.3 (build 180).

Nessus 3.0.3 fixes several bugs and adds some enhancements over Nessus
3.0.2 and adds support for the Microsoft Windows and Sun Solaris
operating systems.

This release contains the following fixes and improvements :

– nessusd would stop in a middle of a scan if the log file is bigger than 2 gigabytes
– nessusd would stop in a middle of a scan due to a hard to trigger one-byte memory overwrite issue
– ping/packet forgery would fail when scanning a network over a NIC which was not enabled when nessusd initially started up
– performance problems would arise when reading/writing KB files when scanning big networks
nasl -T – script.nasl now makes script debugging easier
– Slightly faster initial plugins processing
– More robust plugins database backend
– On Mac OS X, users can be managed graphically thru the Nessus Server Manager program
– Updated the plugins distributed with the archive

Nessus 3.0.3 is available immediately for Linux, FreeBSD, Mac OS X, Solaris and as a public beta for Microsoft Windows.   More Information

Sourcefire thinks that no one else uses whois

When security vendor Countersnipe launched its latest product, it
expected a few bogus enquiries from its rivals. But a request from an
outfit calling themselves Ychange seemed genuine enough.

'Jeff' from Ychange saw a demo and was so impressed he promised to show
the product to Superluminal, his financial services client, which was
just gagging to place a multi-million dollar order.

But a quick Whois check revealed that Superluminal’s web site was owned
by one of Countersnipe’s rivals, Sourcefire. Perhaps Sourcefire didn't
think anyone else would know about this new-fangled Internet thing.

“This has to be the least sophisticated attempt at spying I’ve ever
seen,” laughed Countersnipe’s Amar Rathore, “I wouldn’t mind, but
they’re a security firm, for God’s sake. You’d think they’d know some
cleverer tricks than that.”

TeeHeHe… From The Inquirer.

After lawsuit, Cisco embraces Black Hat

One year after
suing the hacker conference for allowing security researcher Michael
Lynn to disclose a security vulnerability, Cisco is returning to Black
Hat — this time as one of the show's top sponsors. Black Hat USA will
be July 29 to Aug. 3 in Las Vegas.

“Despite what happened last year we wanted to show our commitment and show our openness to working with the security research
community,” said John Noh, a Cisco spokesman.

has sponsored Black Hat in the past, but this is the first time it has
shelled out for the show's most expensive “platinum” sponsor status,
Noh said. This means that Cisco's name will be prominently displayed on
conference materials and that the company will be given sponsorship
credit for some of the show events such as coffee breaks.

Ha… looks like this is to cover their ass… er… I mean image.  Read the full article on InfoWorld.

Ethereal changes name to Wireshark

Gerald Combs, founder of the Ethereal
project — billed as the world's most popular network protocol analyzer
— caused a flurry of excitement among users and developers Wednesday
when he announced on the Ethereal developers mailing list that he was changing jobs, moving to a new location, and taking the project and its core developers with him as he leaves.

His initial announcement to the list provided some explanation:

I recently accepted a job
with CACE Technologies, best known for WinPcap. This means that I get
to work with Loris Degioanni and Gianluca Varenni, and that my wife and
I get to raise our daughter in Davis, CA.

The move also means a major change for the project. We're continuing development under the name “Wireshark”, at
The web site, mailing lists, bug tracker, SVN repository, buildbot, and
other resources are already in place. All recent source code
submissions have been checked into the new repository, and automated
builds are available at

The next version of Wireshark will be 0.99.1. A prerelease version, 0.99.1pre1, is available for download right now at

Read the full Article on NewsForge.  It goes into further explaination an what happened to the ethereal name.

Still Alive

Hey everyone out there.  Sorry about the silence on the blog, but the traveling has kept me busy.  I had alot of fun in Barcelona at the NetCool User's Conference.  The plan was to present the NOC-SOC integration story, but made a last minute change to present the information I wrote a white paper about, Building a Security Framework in the Next Generation Networks.  Click the link for the preso I presented.  I also had the chance to present the main demo to everyone.  Thanks to everyone who came by.

Look forward to the standard stream of posts to resume shortly.