Security: Submitted by John on 20-Apr-07 at 10:40pm
A new version of John The Ripper MPI (mpi4) is now available in the tools section...
This version includes:
Support for MacOSX/Intel, this support requires SSE2, as does MacOS itself.
Support for runtime status updates (send a SIGHUP to the running john processes).
Several minor bugfixes
Inter-protocol Exploitation and Communication papers
Security: Submitted by Wade on 19-Apr-07 at 02:04pm
Two papers are now available that demonstrate inter-protocol security issues - Inter-protocol Communication and Inter-protocol Exploitation. Among other things they show the practicality of encapsulating exploit code in one protocol to compromise a program which uses a different protocol.
An example is provided that shows how a web browser can launch a MetaSploit type exploit to own an Asterisk server. Of course, this raises concerns over the (in)effectiveness of firewalls against this attack.