Archive for June, 2006

2006 Top 100 Security Tools

Friday, June 23rd, 2006

This week Insecure.org released the 2006 results of the top 100 security tools survey. The survey was performed by polling 3,243 active NMAP users (one of the most popular network security programs) on their preferred security tools. Most of the tools are free and open source and many were designed for the Unix/Linux platform.

It is a curiosity that the list of top 100 security programs could easily be called the top 100 hacking programs?both security practitioners and hackers use nearly the same toolset. For this reason it is useful to peruse this list and become familiar with the more popular tools in order to understand available capabilities for ensuring/defeating system security.

Posted in security | No Comments »

Goodbye Ethereal—Hello WireShark

Friday, June 9th, 2006
WireShark

This week Ethereal, one of the most popular security and network tools, has had its name changed to WireShark. As this article explains, Gerald Combs, the creator of Ethereal, has moved to a new company and the former employer holds the copyright for the name Ethereal. Because the two parties couldn’t come to an agreement, Combs changed the name to WireShark.

WireShark is a packet sniffing tool that allows people on a local area network (LAN) to “eavesdrop” on other users’ Internet activity. WireShark is a real eye-opener for those unfamiliar with the inherent insecurity of Ethernet-based LAN’s (by far the most dominant LAN technology). For example, a person using WireShark (or a score of similar tools) could easily “listen” to the network traffic in a hotel or wireless hotspot and capture people’s emails, passwords, or other sensitive information.

WireShark and others like it take advantage of the openness of the Ethernet protocol, which was designed for a friendlier computing era, as were so many other network technologies. Fortunately, packet sniffing can be protected against by using a VPN.

Posted in open source, security | No Comments »