VMWare Security Advisory for ESXi and ESX in openwsman

VMware has released a Security Advisory (VMSA-0008-0015) indicating it has updated the ESXi and ESX 3.5 packages to address a vulnerability in “openwsman”. This vulnerability is due to several buffer overflow conditions in the handling of HTTP basic authentication headers. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on the host running ESXi or ESX.

US-CERT encourages users and administrators to review VMware Security Advisory VMSA-0008-0015 and apply any necessary updates to help mitigate the risks.

http://www.us-cert.gov/current/index.html#vmware_releases_security_advisory_vmsa

Turn any USB Flash drive into a USB Login Key for your Mac

Secure your mac using the new Rohos Logon Key.  This new software locks down your mac by enabling a flash drive to act as a security device.  It waits at your logon screen requiring you to insert the specified USB drive before allowing login.  Check it out at Here.

Malware Removal Tool – SmitFraudFix Updated

The malware removal Tool “smitfraudfix” has been updated to v2.334 – This tool to be used with Windows XP and Windows 2000 has saved more than a few computers for clients, friends, and relatives recently.  Grab the Updated Download Here

Nmap for Beginners – Network & Port Scanning made easy

I recently came across an excellent Nmap howto courtesy of the folks over at http://blog.fourthirty.org – Take a read.

Nmap is a very powerful tool with LOTS of options
and features to visualize your network. Check which services are
running on various hosts and find suspicious malicious programs running
in your network. Even though Nmap is the swiss-army knife for network
scanning, most of its benefits can be gained by the average Network
Administrator without diving deep in to its complications. Chances are,
most of the time you will find yourself using common switches even if
you know all of them.

The basic syntax for Nmap is ; nmap <IP ADD> , for eg:

nmap 202.21.192.1

the above command scans the given host with defaults
– standard TCP connect method (-sT option) and known ports (those
specified in the /etc/services file. You may need to scan a whole
subnet, in which case you can use:

nmap 202.21.192.1/24
nmap 202.21.192.*

both the command would do the same here.

One of the simplest scan methods that I come up with almost every day is the Ping Scan:

nmap -sP 202.21.192.1
Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2008-01-04 18:13 MVT
Host 192.168.0.3 appears to be up.
MAC Address: 00:B0:D0:D1:DD:97 (Dell Computer)

the -sP option simply pings the host and reports
back whether the host is up or down. Run in the local network, it gives
you some additional detail such as MAC Address and the Company for
which the NIC card is registered. It is also possible to ping sweep
your entire network by specifying a network address and the bitmask.

Stealth Scanning might come in handy too (-sS):

nmap -sS 202.21.192.1

Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2008-01-04 18:19 MVT
Interesting ports on linuxbox (202.21.192.1):
(The 1671 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
111/tcp open rpcbind


Nmap finished: 1 IP address (1 host up) scanned in 0.156 seconds

The -sT method (default) makes a full connection to
that port to see whether the port is open. But in a stealth scan a SYN
packet is sent to the host and waits until a SYN from the target host
is received to see whether the port is open or closed. In other words
does not make a full connection, which reduces the chance of being seen
on a target log file.

Scan specific ports and port ranges (-p) :

nmap -sS 202.21.192.1 -p 22,80,50-500

the above command scans the target host for ports 25, 80 and the range between 50 and 500.

OS detection (-O):

nmap -sS 202.21.192.1 -O

the -O option displays the Operating System and its
version running on target system. This may not be accurate and may
sometimes fail to identify the target OS. But most of the time you’ll
end up being lucky…trust me…!

Detect the version of running services (-sV):

nmap -sV 202.21.192.1 -p 25

Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2008-01-04 18:56 MVT
Interesting ports on linuxbox (202.21.192.1):
PORT STATE SERVICE VERSION
25/tcp open smtp Sendmail 8.13.7/8.13.7
Service Info: Host: linuxbox; OS: Unix

Nmap finished: 1 IP address (1 host up) scanned in 0.070 seconds

It is clear from above that the target system is
running sendmail 8.13.7 for its SMTP engine and that the target system
is a UNIX based system.

You may also use the -A switch to request Nmap to
check for OS version as well as Services version which is easier. There
are many other options such as -D (decoy), -sU (UDP scan), etc; not
specified in this tutorial that might be useful to you. Please check
the nmap documentation and evolve you knowledge on Nmap.