Security Files

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.

Whitepaper titled Binary JSON: Insecurity In Implementing Serialization.

This paper discusses potential security weaknesses that may be present in messaging systems either as a result of software flaws, application design or the misconfigurations of services. It focuses on TIBCO Rendezvous, as an example of a commonly used enterprise messaging system. Recommendations are then presented which mitigate these security issues.

SIPVicious tools address the need for traditional security tools to be ported to SIP. This package consists of a SIP scanner, a SIP wardialer, and a SIP PBX cracker. Written in Python.

PHP Source Auditor III (or PSA3) was created in order to quickly find vulnerabilities in PHP source code. Written in Perl.

Motion uses a video4linux device for detecting movement. It makes snapshots of the movement which later will be converted to MPEG movies, making it useful as an observation or security system. It can send out email and SMS messages when detecting motion and includes a web interface.

Kiwicon '07 Call For Papers - Kiwicon '07 will be a largely informal conference, organized by the security community for the security community. It will be held in Wellington, New Zealand, on the weekend of the 17th and 18th of November, 2007.

A simple command-line converter written in C language that converts input as string or integer. ASCII to Binary/Decimal/Octal/Hexadecimal, Binary to Decimal/Octal/Hexadecimal, Decimal to Binary/Octal/Hexadecimal. ROT13 feature. Compiled .exe binary and .c source code included.

Fast HTTP Auth Scanner is a new web security scanner for Windows that allows brute-force attacks against web based devices that require HTTP authentication. Source and binary included.

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Rule Set Based Access Control (RSBAC) is an open source security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) and provides a flexible system of access control implemented with the help of a kernel patch. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions.

Stega version 2.01 for DOS can hide another file inside Bmp/Gif/Lst/Pcx/Raw/Tga/Txt/Voc/Wav file with 128-bit IDEA key. This is a freeware utility and the binary release of this program. stega.gif has full zipped (15k) FASM source inside.

STEGA is a tiny 4058 byte steganography program that will hide files inside of BMP/GIF/PCX/TGA pictures, VOC/WAV sound files, RAW 8-bit data file, or LST/TXT text files.

OpenSC consists of a SmartCard library that uses any common transport API (e.g. PC/SC, CT-API, OpenCT) as its backend and applications that use the library. It has been tested extensively on Finnish Electronic Identity (FINEID) cards, but a number of other PKCS #15 and ISO 7816 compatible cards work too. Also implemented are a PKCS #11 module (e.g. for Mozilla Web/email usage), a PAM module, somewhat working OpenSSH support, an OpenSSL engine, a few basic tools, and a PKCS #15 structure generation tool for supported cards.

OpenCT is a library for accessing smart card terminals. It provides a rich set of functions for driver writers, protocol drivers for T=0 and T=1, serial and USB functionality, including USB hotplugging. The main user of OpenCT is the OpenSC smart card framework, but OpenCT can of course be used by other applications as well. OpenCT provides a native OpenCT, CT-API and PC/SC Lite IFD interface with an OpenCT ifdhandler resource manager.

Pam_p11 is a pluggable authentication module (PAM) package for using cryptographic tokens such as smart cards and USB crypto tokens for authentication. Pam_p11 is very simple, as it has no config file, no options other than the PKCS#11 module file, and does not know about certificate chains, certificate authorities, revocation lists, or OCSP. There is one module that uses the $HOME/.eid/authorized_certificates file (like the old pam_opensc did) and one module that uses the $HOME/.ssh/authorized_keys file (like ssh does).

Libp11 is a library that implements a small layer on top of the PKCS#11 API to make using PKCS#11 implementations easier.

Engine_pkcs11 is an implementation of an engine for OpenSSL. It can be loaded using code, config file, or command line and will pass any function call by openssl to a PKCS#11 module. Engine_pkcs11 is meant to be used with smart cards and software for using smart cards in PKCS#11 format, such as OpenSC. Originally this engine was a part of OpenSC, until OpenSC was split into several small projects for improved flexibility.

SQL Power Injector is a graphical application created in C# .Net 1.1 that helps the penetration tester to inject SQL commands on a web page. Its main strength is its capacity to automate tedious blind SQL injection with several threads. Released under the Clarified Artistic License.