Granted, i don't consider myself to be in a proper position to write a review of them. However, a few points:
* Most of these are completely outdated, and easily miss newer security holes. (maybe apart from CORE, which is a commercial and expensive scanner). * They are loud and noisy, and due to using well-known shellcode and attack patterns extremely prone to setting off IDS systems. * They are, in comparison to Nmap + version scan + personal archive of public exploits, very slow.
Simply spidering public exploits off archive sites (milw0rm, packetstorm, etc...) and using custom shellcode (even without using tricks like polymorphism) would in my opinion result in much, much higher efficiency compared to using any of these programs.
link to home page: http://www.lumusvision.com/
They have a technology section displaying an overview of the refraction elements used to display the image. They also seem to have developed (and brought to market) an earlier model of these glasses. I admit they do look shiny, but if i bought VR goggles i'd primarily use them at home. It's a cool toy, but would lug around something like that for everyday use?
And it's called forking. If an open-source organization makes bad (to the public) decisions regarding the developement of it's software, and said software is open source (but not nessecarily free as in beer), someone will (if the product is important enough) fork it and develop a free version, which (if the free version is superior) will outcompete the commercial product, or simply develop a superior product from scratch.
Simple. (As long as you don't take into account the fact that some people might want to make a living off the developement effort, of course.)
And no Linux-failing-to-outcompete-MS flames. MS is an aggressive hoarding monopolistic organization that shouldn't exist in it's current form in the marketplace, in my opinion. And the EUs, apparently.
It's actually quite useful, and not only from a security/intrusion standpoint; it reads the system logs and reports on errors. And the best thing about it is, it's self-learning! It will count the number of times a certain (low-level, as in "cannot find file" type) system error is encountered, and then, if it appears often enough on a regular basis it learns to ignore it. Very neat.
Microsoft hardening Windows? Hardly. This latest wave of office exploits is rather a result of the excel exploits found some weeks ago. If one application in a suite is found to contain exploitable bugs then the other ones are likely to exhibit the same behaviour. It's all about return on investment.
I believe that the human race will be able to, through increased technological developement, adapt to any hardships barring complete disasters. Remember: just because the situation looks grim now, doesn't mean it's at all impossible to ride through. A few decades ago, no one could have predicted the technological (and not the least, technological _infrastructural_) achievements we now have.
For those who are not intimately familiar with contemporary password technology, this is how it works. When you specify a password, the string gets hashed and stored in a file, usually accessible only by the superuser (eg. root.) When the user then tries to login, the supplied password is hashed and checked against the hash stored on the system.
"Salting" the password means to append a random value to the password, before it is hashed. Naturally, this value has to be stored unhashed with the hashed and salted password to enable a hashing>comparision to take place during the authentication process.
This defeats (or, in theory, makes harder) a precomputation attack where you precompute hash values for all strings (eg. rainbow tables).
It does not, however, defeat _dictionary attacks_, where you have a wordlist with probable passwords and try every password against the password hash list you have managed to aquire using the same procedure as during authentication.
(For those who now think "well, duh", just move along, nothing to see here...)
Slashdot Mirror
Granted, i don't consider myself to be in a proper position to write a review of them. However, a few points:
* Most of these are completely outdated, and easily miss newer security holes. (maybe apart from CORE, which is a commercial and expensive scanner).
* They are loud and noisy, and due to using well-known shellcode and attack patterns extremely prone to setting off IDS systems.
* They are, in comparison to Nmap + version scan + personal archive of public exploits, very slow.
Simply spidering public exploits off archive sites (milw0rm, packetstorm, etc...) and using custom shellcode (even without using tricks like polymorphism) would in my opinion result in much, much higher efficiency compared to using any of these programs.
link to home page: http://www.lumusvision.com/ They have a technology section displaying an overview of the refraction elements used to display the image. They also seem to have developed (and brought to market) an earlier model of these glasses. I admit they do look shiny, but if i bought VR goggles i'd primarily use them at home. It's a cool toy, but would lug around something like that for everyday use?
And it's called forking. If an open-source organization makes bad (to the public) decisions regarding the developement of it's software, and said software is open source (but not nessecarily free as in beer), someone will (if the product is important enough) fork it and develop a free version, which (if the free version is superior) will outcompete the commercial product, or simply develop a superior product from scratch. Simple. (As long as you don't take into account the fact that some people might want to make a living off the developement effort, of course.) And no Linux-failing-to-outcompete-MS flames. MS is an aggressive hoarding monopolistic organization that shouldn't exist in it's current form in the marketplace, in my opinion. And the EUs, apparently.
It's actually quite useful, and not only from a security/intrusion standpoint; it reads the system logs and reports on errors. And the best thing about it is, it's self-learning! It will count the number of times a certain (low-level, as in "cannot find file" type) system error is encountered, and then, if it appears often enough on a regular basis it learns to ignore it. Very neat.
Microsoft hardening Windows? Hardly. This latest wave of office exploits is rather a result of the excel exploits found some weeks ago. If one application in a suite is found to contain exploitable bugs then the other ones are likely to exhibit the same behaviour. It's all about return on investment.
I believe that the human race will be able to, through increased technological developement, adapt to any hardships barring complete disasters. Remember: just because the situation looks grim now, doesn't mean it's at all impossible to ride through. A few decades ago, no one could have predicted the technological (and not the least, technological _infrastructural_) achievements we now have.
For those who are not intimately familiar with contemporary password technology, this is how it works. When you specify a password, the string gets hashed and stored in a file, usually accessible only by the superuser (eg. root.) When the user then tries to login, the supplied password is hashed and checked against the hash stored on the system. "Salting" the password means to append a random value to the password, before it is hashed. Naturally, this value has to be stored unhashed with the hashed and salted password to enable a hashing>comparision to take place during the authentication process. This defeats (or, in theory, makes harder) a precomputation attack where you precompute hash values for all strings (eg. rainbow tables). It does not, however, defeat _dictionary attacks_, where you have a wordlist with probable passwords and try every password against the password hash list you have managed to aquire using the same procedure as during authentication. (For those who now think "well, duh", just move along, nothing to see here...)
No, a dictionary attack works on salted passwords per definition. Salting only defeats precomputation attacks (eg. rainbow tables).