Friday, 29 April 2011

Google's Chrome 11 fixes $16,500 worth of bugs !!

Google's Chrome web browser is now at version 11, and its release is marked by a record payout for security fixes as well as a speech translation feature.

A total of 27 security vulnerabilities are fixed in the latest stable release for Windows, Mac, Linux and Chrome Frame. Individual rewards were from $500 up to $3,000 for a particularly nasty looking bug that allowed a possible URL bar spoof leading to navigation errors and interrupted page loads.
Among the researchers Google gave thanks to was Braden Thomas of Apple Product Security. This is most likely because Chrome's underlying open source browser engine Webkit is the same one that runs Safari.
Chrome users will now also be able to play around with speech translation, thanks to a new speech input through HTML feature. Using the Google Translate application, you can speak after clicking a microphone at the bottom right of the input box. You'll be able to read and listen to the translated result.

This isn't new, as you can already do the same with apps on the Iphone and Android smartphones, but the technology isn't good enough to get anywhere close to the universal translator you imagine you would need for a Star Trek future. But it's still an interesting result of the research Google is doing to separate Chrome from its rivals.

Ncrack 0.4 Alpha - New Version download


Ncrack 0.4 Alpha - New Version download !
Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts.

Ncrack’s features include a very flexible interface granting the user full control of network operations, allowing for very sophisticated bruteforcing attacks, timing templates for ease of use, runtime interaction similar to Nmap’s and many more.



This is the change log for the current release:
Added the VNC module to Ncrack’s arsenal. Thanks to rhh of rycon.hu for implementing the module and discussing about it for further improvement.

Wrote the Ncrack Developer’s Guide, which is meant to give an overall insight into Ncrack’s architecture and help programmers develop their own modules (http://nmap.org/ncrack/devguide.html)
Fixed critical bug in RDP module, which caused Ncrack to fail cracking some Windows 2003 server versions.

Added a mechanism (MODULE_ERR), which modules can use to report to the Ncrack engine that the authentication wasn’t completed due to an application error. For instance, the VNC server often notifies the client that there are “too many authentication failures” and Ncrack can then close the running connections and wait some time until the above wears off.

Ncrack can now print the nsock EID (unique connection ID) in debugging messages. This will greatly help us track problems, since error messages will be matched to certain connections.
So now you can crack VNC passwords in addition to cracking RDP’s with Ncrack!