Hello everyone! While I haven't posted here in almost two
months,
Nmap development continues full speed ahead! In fact, there
is so
much news that I am sending this mail in digest format
rather than
flood your emailboxes with separate messages.
CONTENTS:
o GoDaddy Redux
o New Nmap release: 4.21ALPHA4
o Nmap participating in Google Summer of Code '07:
Application
deadline is March 26
o Fyodor and James "Professor" Messer giving Nmap
training classes at
CanSecWest on April 17.
o James "Professor" Messer offering another free
webinar, and has
also released video Nmap training course.
o Michael Crook apologizes on video for trying to shut us
down
=================
==GoDaddy Redux==
=================
You guys must recall my last email about GoDaddy shutting
down
SecLists.Org at the behest of MySpace. After hours on the
phone
trying (and failing) to get them to provide a reason for the
shutdown
or to restore the site, I threatened to tell all my friends
how they
had treated me. They just laughed me off, but perhaps they
didn't
realize that I have more than 50,000 friends on nmap-hackers
 .
They
weren't laughing the next day when the story was on
News.Com, Wired,
Slashdot, Digg, SecurityFocus, Info World, and hundreds of
other
articles and blogs. Thanks for spreading the word!
In the News.Com article, Godaddy was asked to explain
themselves.
This is where they could have apologized and promised to be
more
careful in the future. Instead, GoDaddy general counsel
Christine
Jones “pointed out that GoDaddy's terms of service say the
company
'reserves the right to terminate your access to the services
at any
time, without notice, for any reason whatsoever.'” In that
same
article, Jones refuses to rule out suspending a site such as
News.Com
if a reader posts illegal information in a discussion forum.
After I started hearing of many similar GoDaddy horror
stories, I
decided to put up a site warning others not to use GoDaddy.
The
domain of my dreams for this was taken, but on a whim I
wrote the
owner with a cash offer. As luck would have it, the owner
had been
mistreated by GD in the past, so he refused payment and
transferred to
domain to me for free! The site is live at:
http://NoDaddy.Com
And volunteer Rohan Sheth has set up forums (more than 120
posts
already) at:
http://forums.nodaddy.com/
I am also happy to report that my most important domains
(insecure.org, seclists.org, etc.) have been transferred to
better
registrars.
================================
==New Nmap release: 4.21ALPHA4==
================================
While there hasn't been a "stable" Nmap release
since 4.20 in
December, we have been active in the Alpha series on
nmap-dev. I just
released 4.21ALPHA4 yesterday, and it is the first one I am
comfortable placing on the Nmap download page. Thanks to
all of your
submissions, its 2nd generation OS detection database has
grown 81%,
and the version detection DB has grown substantially as
well. It also
includes many bug fixes and experimental support for the
Nmap
Scripting Engine and advanced tracerouting. Give it a try!
Copies
are available at http://insecur
e.org/nmap/download.html .
==Nmap participating in Google Summer of Code '07==
After the program was a huge success for Nmap in 2005 and
2006, I'm
delighted to report that Nmap has been accepted again into
Google's
Summer of Code program! So Google will be paying students
(high
school, university, and grad school) to spend their summer
hacking
Nmap with myself and some other Nmap developers as mentors!
Many of
Nmap's coolest features were implemented as part of this
program.
Examples are the 2nd generation OS detection system, the
Nmap
Scripting Engine, and the runtime interaction feature which
(among
other things) gives you time estimates when you press enter.
One of the biggest successes of the program was Adriano
Monteiro's
UMIT graphical interface and results viewer for Nmap. After
developing the program under Nmap SoC in '05 and '06, he has
been
accepted to run it as his own independent program for SoC
'07.
Congratulations, Adriano!
So if you are a student, do consider applying. I have
posted much
more information and project ideas here:
http://ins
ecure.org/nmap/GoogleGrants.html
Keep in mind that the deadline for applications is Monday,
March 26 at
5:00PM Google (Pacific) time! If you think you might apply,
consider
joining in the discussion on the Nmap SoC mailing list:
http://c
gi.insecure.org/mailman/listinfo/soc
============================================================
======
==Fyodor and James "Professor" Messer giving Nmap
training class==
============================================================
======
In 2005 and 2006 I gave Nmap training courses at the
"Security
Masters' Dojo" which precedes CanSecWest in Vancouver
B.C. I'm
pleased to report that I'll be doing it again this year, and
even more
pleased to report that Jamess "Professor" Messer
has agreed to
co-instruct it with me. These are hands-on all day courses,
so you
need to bring a laptop with Nmap 4.21ALPHA installed.
To keep things focused and interactive, the two classes are
limited to
10 people each. The April 16 class somehow sold out before
I even had
a chance to send this announcement. There are still some
seats
remaining for the April 17 class, so get them while they're
hot:
http://cansecwes
t.com/dojorecon.html
Right after the dojos is the CanSecWest conference proper,
which is
always a good one. The speaker list was recently posted at:
http://cansecwest
.com/speakers.html
============================================================
==========
==James "Professor" Messer offering Nmap webinar
and training course==
============================================================
==========
James tells me that his last webinar (posted to this list)
had more
than a thousand registrants! So he is doing another free
webinar,
with this one being an "Introduction to Nmap" on
April 5. Sign up at:
http://ww
w.ProfessorMesser.com/nmapwebinar/
He has also launched a video Nmap training course ($197)
called Nmap
Secrets, which is great if you don't have time or funds to
fly up to
Vancouver and see us in person:
http://w
ww.professormesser.com/nmap-secrets/
=======================================================
==Michael Crook apologizes for trying to shut us down==
=======================================================
You may recall that wacko who mailed my hosting provider
claiming
(without any evidence) that a picture on seclists.org was
child porn
and threatened to contact the FBI. Then when that didn't
work, he
sent a bogus DMCA complaint claiming under penalty of
perjury that he
owned the copyright in the picture! More details are at
http:/
/seclists.org/nmap-dev/2007/q1/0067.html .
This guy had been sending many other bogus DMCA complaints
to other
parties, and he finally got smacked down by the EFF! As a
settlement
of their lawsuit against him, Crook agreed to withdraw the
bogus
complaints, take a copyright law course, and post a video
apology.
That apology is here:
http://10zm.blip.tv/
file/169553/
I think it is time that GoDaddy CEO Bob Parsons and General
Counsel
Christina Jones post a similar video apology for wrongfully
taking
down so many sites (not just mine), but I'm not holding my
breath.
Cheers,
Fyodor
_______________________________________________
Sent through the nmap-hackers mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-hackers
Archived at http://seclists.org |
