Category: Product

This article provides an insight into the basics of exploit development frameworks, with a special focus on the Metasploit Framework and how it can be exploited to save time and resources. It describes its usage with graphical illustrations, detail the various commands available, describe features, give practical examples, and most importantly, use these skills to develop new exploits and test out new techniques.

The article concludes with elucidating why MSF will influence the future of exploitation in a momentous and positive way.

http://www.securityfocus.com/infocus/1789

The company also intends to announce software for printing from wireless devices; data back-up and recovery software; and workstations, which are powerful desktop machines for uses such as creating digital content.

The new set of products is targeted at corporate customers and is part of HP’s “Adaptive Enterprise” strategy. That effort–which has been criticized as vague–aims to help companies better align their information technology with business goals so that they can be more nimble.

HP has focused much of its Adaptive Enterprise push on data centers, and the announcements are aimed at rounding out that vision, a company representative said.

HP is not alone in pitching its products and services as key to improving business performance and flexibility. Rival IBM talks up its “on-demand computing” push, and Sun Microsystems is working on a similar initiative.

Earlier, HP introduced a new type of desktop computer–a “blade” PC system that provides monitors and keyboards to workers but centralizes the actual computing gear, with the aim of improving its management.

The company plans to unveil the HP Compaq Business Desktop dc7100, which also aims to provide easy management. The machine comes in three designs, all of which allow IT supervisors to open up the chassis and access all internal components without tools. Users can remove the parts in as little as one minute, HP said. The dc7100 PC comes equipped with protective technology, dubbed the HP ProtectTools Embedded Security Manager. It combines hardware and software, accessed via a single interface, to handle security operations such as authentication, data encryption and secured communications, HP said.

Also bundled with the desktop PC is back-up and recovery software from Altiris that helps protect data in a hidden, secure area on the local hard drive. The software aims to enable people to recover their own data and system settings, which would help reduce the risk of data loss and the number of calls to the help desk, according to HP.

The dc7100 is slated to be available in July, with prices in the United States starting at an estimated $749.

The Embedded Security Manager is available today on certain HP business desktop and notebook PCs, HP said.

The back-up software from Altiris–dubbed HP Local Recovery–comes preloaded on a number of HP business desktops, notebooks and workstations.

HP’s new Mobile Print Driver for Windows is designed to help workers with a notebook or tablet PC connect to local and networked printers through an 802.11 or Bluetooth connection.

http://news.com.com/HP+gets+behind+the+desktop/2100-1003_3-5248595.html?part=rss&tag=5248595&subj=news.1003.5

The company has produced panels designed to prevent outsiders from listening in on companies’ Wi-Fi traffic but let other traffic through, including radio and mobile phone signals.

The FSS (Frequency Selective Surface) panels are made in the same way as printed circuit boards, with layers of copper on Kapton polymer. These materials are also used in stealth bombers and fighter jets. The panels come in two varieties: passive, which is permanently turned on, and active, where various areas can be switched on and off to enlarge or limit the area of the network. The panels are 50 to 100 microns thick and can be applied to most surfaces, including glass.

A company representative said that they also helped reduce “noise” in buildings where a number of companies operate their own separate LANs (local area networks).

BAE Systems developed the new material with $265,000 (145,000 pounds) from the Radiocommunications Agency, which is now part of Ofcom.

The company will be developing it commercially through its corporate venture subsidiary.

More info: http://news.com.com/Wallpaper+designed+to+protect+Wi-Fi+networks/2100-7347_3-5241808.html?part=rss&tag=5241808&subj=news.7347.5

Blue Coat’s ProxyAV, released Monday, is designed to deliver up to 249mbps throughput for “real-time” virus scanning, helping enterprises prevent Web-based viruses from entering their networks, without creating a bottleneck, Blue Coat said.

The new gear is designed to work with the company’s ProxySG system, which reviews Web objects and sends some to the ProxyAV for scanning.

ProxyAV scans the objects and sends them back to ProxySG for caching, so they can be reviewed more quickly the next time around, and repeated scanning can be avoided.

“The Proxy appliance is the key to implementing high-performance Web antivirus at the Internet gateway,” Steve Mullaney, vice president of marketing for Blue Coat, said in a statement.

Web-filtering tools can help companies check virus intrusion at the gateway between a company’s internal network and the wilds of the Internet.

Another company, ServGate, recently began selling software designed to help customers block pop-up ads, dangerous Web sites and viruses borne by Web browsers.

Customers can use Blue Coat’s Proxy setup with any antivirus software, such as products from McAfee and Panda Software, and can deploy a layered antivirus system across their companies.

http://zdnet.com.com/2100-1105_2-5242128.html

“The combined IPS solution has protected against every recent outbreak, even zero-day attacks,” claimed Vimal Solanki, the director of marketing for McAfee’s IPS line.

IntruShield is moving to version 2.1, adding a first in the intrusion-detection system (IDS) and IPS market: the ability to protect encrypted attacks on SLL data transmissions by decrypting and inspecting the traffic. The integrity of the encrypted data and encryption keys are retained, said Solanki, and analysis of the data for signature, anomaly, and DoS attacks occurs in real time without degrading transaction speeds. Other changes to IntruShield include an internal, integrated firewall that protects the systems inside the network from attack, just as existing firewalls guard the perimeter.

IntruShield’s firewall can be sliced and diced in a virtualization mode to set policies for individual machines, groups of desktops or servers, or the entire network. Version 5.0 defends desktops and servers against traditional as well as zero-day attacks-so-called because they exploit vulnerabilities not yet patched–by using signatures and profiles of known and anticipated threats. Like its IntruShield cousin, Entercept 5.0 adds integrated firewall capabilities to provide more protection between individual systems and the rest of the network, or the Internet in general.

More info: http://www.securitypipeline.com/news/21700492;jsessionid=HPOWFZ5SDH2U4QSNDBNCKHY

The company plans to announce new capabilities in its routers to help protect corporate networks from viruses and worms, two sources close to the company.

The release is the first phase Network Admission Control (NAC), a collaboration program between Cisco and antivirus companies. Through this program, Cisco has developed technology with three antivirus specialists–Network Associates, Symantec and Trend Micro–that will let Cisco’s networking products communicate with antivirus products. Devices running NAC technology will allow network access only to compliant and trusted endpoint devices, like PCs and PDAs (personal digital assistants).

In the second phase of the program, the company plans to extend this offering to its Catalyst 2900 to Catalyst 6500 switches. These switches are often used to connect users within the same building. The technology will also enable the capability on the VPN 3000 remote access product, which provides remote connectivity to the corporate network.

Extending security to these network elements helps Cisco fulfill its vision of protecting the entire network. For Cisco to achieve its networking vision, it has to expand this security technology throughout its product line, Yankee Group analyst Zeus Kerravala said.

“In order for the self-defending network concept to work, Cisco needs to have this technology on devices throughout the network,” Kerravala said.

Initially, Cisco plans to combine Trend Micro’s network worm and virus signatures with the its Intrusion Detection System (IDS) software implemented in its routers, switches and network security appliances. The NAC program and Cisco’s relationship with Trend Micro fall in line with Cisco’s strategy on security, which is to embed as much security technology as it can throughout the network, so that the network itself can detect and defend against malicious attacks.

Like Cisco, Enterasys has embedded intrusion detection and prevention and antivirus functionality into its networking gear.

More info: http://zdnet.com.com/2100-1105_2-5239359.html