I can’t believe I didn’t even notice this when it first came out. Credit goes over to SecurityFocus for being the first to alert us on the major upgrade to Nmap.

Security researcher Gordon “Fyodor” Lyon announced the release of the latest version of the popular network-exploration and security-auditing tool, Nmap, on Thursday, improving performance and adding several new features.

Nmap 5.0 adds two new tools, Ncat and Ndiff, allowing network administrators and security practitioners the ability to transfer and redirect traffic as well as compare differences between periodic Nmap scans. Fyodor and the project’s developers have also boosted performance of the program by scanning a large part of the internet and available networks to determine the most common ports that should be scanned.

“Some worry that Nmap is getting too bloated, but I only agree to add things that I’m confident we can maintain well and keep secure,” Fyodor said. “Also, the extra tools Ncat, Ndiff, and Zenmap are optional, and you can even choose to compile Nmap without major features such as the Nmap Scripting Engine if you don’t need them.”

Nmap allows security professionals to scan networks for open ports, which typically indicate that a running application is awaiting data from the network. Unsecured ports are frequently probed by hackers looking to attack the system.

Nmap has become an essential part of security practitioners’ toolboxes since it was released in 1997.

I couldn’t agree more with that last sentence. Nmap has really added simplicity to the quick batch scans of some complex networks.

(Via SecurityFocus)

CNET has an article over what appears to be a power struggle on the role of cybersecurity efforts for the US. First created in 2002, and incorporated into the Department of Homeland Security, government auditors have decided that the DHS is not living up to its “responsibilities.”

The announcement of the review led to speculation that the White House’s National Security Council or the National Security Agency would be handed more cybersecurity responsibilities, along with a larger budget to carry them out. Although the 2002 law creating DHS centralized cybersecurity responsibilities, it has been repeatedly criticized by government auditors who concluded that DHS failed to live up to its responsibilities and may be “unprepared” for emergencies.

On Tuesday, NSA Director Keith Alexander downplayed reports of a power grab by his agency, saying, “We do not want to run cybersecurity for the U.S. government.” The NSA has cybersecurity responsibilities for the U.S. military.

Alexander’s remarks appeared to be a response to Rod Beckstrom, former director of Homeland Security’s National Cybersecurity Center, whose resignation letter last month blasted what he described as an NSA power grab that could threaten “our democratic processes.” That led some members of Congress–including the Democratic chairman of the House Homeland Security Committee–to object to NSA control, which Clinton-era FBI director Louis Freeh echoed a day later.

Power struggle? Lets look at a couple of recent articles:

Computer Spies Breach Fighter-Jet Project (WSJ)

Blueprints of Obama’s Marine One helicopter leaked on P2P (SC Magazine)

Hackers Target U.S. Power Grid (Washington Post)

Now if you were the head of any US department, would you want the mess of trying to clean up the cyber threats for the entire country? We all know hacks are going to happen, and pretty much the only secure computer sits in a room, locked up, and unplugged. Being over the “cybersecurity” role of the US right now is just asking to be blamed for everything. NSA is having a congressional panel peeking over their should while they are trying to pee right now, I believe the last thing they want to deal with is the questions of “how did you allow the hackers to do that?!?”

And so it begins. We all know this would happen as Apple started getting a little bit more market share. ZDNet has an article going back to the malware found in iWork ’09. Showing the first DDOS attack tracing back to it.

iBotnet – Researchers Find Signs Of Zombie Macs : via Packet Storm