PetaLogix today announced the immediate availability of PetaLinux SDK1.3, now including PowerPC440 support, and support for the MicroBlaze AXI-4 architecture
Since its release in 2009, PetaLinux SDK has quickly established itself as the industry-standard development environment for Embedded Linux on Xilinx FPGAs.
With users across the aerospace, biomedical, consumer and industrial electronics sectors, PetaLinux SDK allows developers to leverage the flexibility and performance of a Xilinx FPGA processor platform, with the broad and deep software platform support of Embedded Linux.
With the availability of version 1.3, PetaLinux SDK now supports an even broader range of systems. Major features of this release include
* PowerPC440 support in Xilinx Virtex-5 FXT FPGA families.
* MicroBlaze AXI-4 beta support, for users transitioning to new MicroBlaze/AXI and Xilinx Extensible Processing Platform (EPP) architectures
* New tools and runtime support for firmware upgrade - don't spend time developing this capability, just use it out of the box instead.
* Xilinx 12.3 tool support
Availability
PetaLinux SDK v1.3 is available immediately.
Existing users will automatically receive an update notification.
Contact PetaLogix today to kick-start your next FPGA-based Embedded Processor project.
# petalogix.com
Sunday, December 19, 2010
Saturday, December 18, 2010
[08/10] Linux Security Summit 2010 slides published
I've updated the papers section of the site to include my slides from the Linux Security Summit 2010. The title of the presentation was "Linux Security in 10 Years". In the presentation, I demonstrated the threat of kernel exploitation, how kernel exploitation subverts access control/container-based security, the need to have a broader view of system protection, in particular the need for kernel self-protection.
# grsecurity
# grsecurity
Thursday, December 9, 2010
Havij v1.13 Advanced SQL Injection
Description:
Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.
The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.
The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.
What's New?
* Oracle error based database added with ability to execute query.
* Getting tables and column when database name is unknown added (mysql)
* Another method added for finding columns count and string column in PostgreSQL
* Automatic keyword finder optimized and some bugs fixed.
* A bug in finding valid string column in mysql fixed.
* 'Key is not unique' bug fixed
* Getting data starts from row 2 when All in One fails - bug fixed
* Run time error when finding keyword fixed.
* False table finding in access fixed.
* keyword correction method made better
* A bug in getting current data base in mssql fixed.
* A secondary method added when input value doesn't return a normal page (usually 404 not found)
* Data extraction bug in html-encoded pages fixed.
* String or integer type detection made better.
* A bug in https injection fixed.
How to use
This tool is for exploiting SQL Injection bugs in web application.
For using this tool you should know a little about SQL Injections.
Enter target url and select http method then click Analyze.
Note: Try to url be valid input that returns a normal page not a 404 or error page.
Licence
The free version of Havij is free software. We hope it be useful for you.
This software is provided "as is" without warranties.
Feel free to share and distribute it anywhere but please keep the files original!
There is a commerical version of Havij that is not free.
To purchase Pro version of Havij please visit Here
Disclaimer
We are NOT responsible for any damage or illegal actions caused by the use of this program. Use on your own risk!
Follow the link below to download Havij 1.13 free version:
Havij v1.13 Free (MD5 checksum: 276a84bda58a9def55eef35bf2838a77)
#indonesiancoder.com
Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.
The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.
The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.
What's New?
* Oracle error based database added with ability to execute query.
* Getting tables and column when database name is unknown added (mysql)
* Another method added for finding columns count and string column in PostgreSQL
* Automatic keyword finder optimized and some bugs fixed.
* A bug in finding valid string column in mysql fixed.
* 'Key is not unique' bug fixed
* Getting data starts from row 2 when All in One fails - bug fixed
* Run time error when finding keyword fixed.
* False table finding in access fixed.
* keyword correction method made better
* A bug in getting current data base in mssql fixed.
* A secondary method added when input value doesn't return a normal page (usually 404 not found)
* Data extraction bug in html-encoded pages fixed.
* String or integer type detection made better.
* A bug in https injection fixed.
How to use
This tool is for exploiting SQL Injection bugs in web application.
For using this tool you should know a little about SQL Injections.
Enter target url and select http method then click Analyze.
Note: Try to url be valid input that returns a normal page not a 404 or error page.
Licence
The free version of Havij is free software. We hope it be useful for you.
This software is provided "as is" without warranties.
Feel free to share and distribute it anywhere but please keep the files original!
There is a commerical version of Havij that is not free.
To purchase Pro version of Havij please visit Here
Disclaimer
We are NOT responsible for any damage or illegal actions caused by the use of this program. Use on your own risk!
Follow the link below to download Havij 1.13 free version:
Havij v1.13 Free (MD5 checksum: 276a84bda58a9def55eef35bf2838a77)
#indonesiancoder.com
Wednesday, December 8, 2010
GnackTrack RC2 Has Just Been Released
After a mad rush over the last few days we have managed to get GnackTrackR2 ready as a direct replacement for GnackTrackFinal. We have updated many of the tools within the feed and have also installed the 2.6.35 kernel with patched wireless drivers.
This version, and version here after, will unfortunately not include Nessus but you can still download your copy from the NessusTenable website. Lets hope in the future Tenable will give us permission to re-integrate it.
Click here to download the live CD GnackTrackR2.iso
Or here to download the VMWare image GnackTrackR2.7z
This version, and version here after, will unfortunately not include Nessus but you can still download your copy from the NessusTenable website. Lets hope in the future Tenable will give us permission to re-integrate it.
Click here to download the live CD GnackTrackR2.iso
e3d144f39b3f912a508c6654656d8b88 GnackTrackR2.iso
Or here to download the VMWare image GnackTrackR2.7z
93566c5bcd8260f7dc8c2cc1e4bee6b6 GnackTrackR2.7z
PayPal banned WikiLeaks after US gov intervention
A PayPal executive said his company's decision to suspend payments to Wikileaks came after the US State Department said the whistle-blower site was engaged in illegal activity. The comment came shortly before PayPal agreed to release the remaining funds in the WikiLeaks fund-raising account.
Press accounts from The Guardian and TechCrunch differ, but both claim that PayPal's move was influenced by statements from the State Department.
“State Dept told us these were illegal activities,” PayPal VP of platform Osama Bedier told the LeWeb conference in Paris, according to this report from The Guardian. “It was straightforward. We ... comply with regulations around the world, making sure that we protect our brand.”
TechCrunch reported much the same thing but later updated its post to say: “After talking to Bedier backstage, he clarified that the State Department did not directly talk to PayPal.” He went on to say that the online payment service was influenced by a November 27 letter State Department officials sent Wikileaks founder Julian Assange and his attorney.
“As you know, if any of the materials you intend to publish were provided by any government officials, or any intermediary without proper authorization, they were provided in violation of US law and without regard for the the grave consequences of this action,” the letter, signed by State Department legal adviser Hongju Koh, stated. “As long as WikiLeaks holds such material, the violation of the law is ongoing.”
The letter didn't cite any specific US statutes WikiLeaks was violating.
WikiLeaks went on to release a trove of State Department memos that aired confidential diplomatic communications.
PayPal representatives didn't respond to emails seeking clarification about the influence of the State Department.
But late on Wednesday, PayPal General Counsel John Muller said: “While the account will remain restricted, PayPal will release all remaining funds in the account to the foundation that was raising funds for WikiLeaks. According to The Washington Post, there was about $80,000 in the account.
Muller went on to defend the permanent closure of the account by saying the online payment site is “required to comply with laws around the world.”
“Ultimately, our difficult decision was based on a belief that the WikiLeaks website was encouraging sources to release classified material, which is likely a violation of law by the source,” he continued.
Muller's argument made no mention of organizations such as the International Tibet Network, which continues to solicit donations through PayPal even though some of their activities almost surely violate Chinese laws.
Over the past few days, other financial services, including Visa, MasterCard, and the Swiss bank Post Finance, have also suspended services to Wikileaks and Assange. The move has prompted criticism on Twitter and elsewhere by users who point out that Visa and MasterCard still permit payments to Ku Klux Klan groups but not to a group that so far has been charged with no crime.
Distributed denial of service attacks by people sympathetic to Wikileaks soon took out MasterCard and were also reported against EveryDNS.net, which suspended one of WikiLeaks domain names. US Senator Joe Lieberman and Sarah Palin – both outspoken WikiLeaks critics – and Swedish prosecutors, who are investigating Assange for alleged sexual offenses, have also been targeted, according to reports. A PayPal blog was also disrupted by attacks.
Press accounts from The Guardian and TechCrunch differ, but both claim that PayPal's move was influenced by statements from the State Department.
“State Dept told us these were illegal activities,” PayPal VP of platform Osama Bedier told the LeWeb conference in Paris, according to this report from The Guardian. “It was straightforward. We ... comply with regulations around the world, making sure that we protect our brand.”
TechCrunch reported much the same thing but later updated its post to say: “After talking to Bedier backstage, he clarified that the State Department did not directly talk to PayPal.” He went on to say that the online payment service was influenced by a November 27 letter State Department officials sent Wikileaks founder Julian Assange and his attorney.
“As you know, if any of the materials you intend to publish were provided by any government officials, or any intermediary without proper authorization, they were provided in violation of US law and without regard for the the grave consequences of this action,” the letter, signed by State Department legal adviser Hongju Koh, stated. “As long as WikiLeaks holds such material, the violation of the law is ongoing.”
The letter didn't cite any specific US statutes WikiLeaks was violating.
WikiLeaks went on to release a trove of State Department memos that aired confidential diplomatic communications.
PayPal representatives didn't respond to emails seeking clarification about the influence of the State Department.
But late on Wednesday, PayPal General Counsel John Muller said: “While the account will remain restricted, PayPal will release all remaining funds in the account to the foundation that was raising funds for WikiLeaks. According to The Washington Post, there was about $80,000 in the account.
Muller went on to defend the permanent closure of the account by saying the online payment site is “required to comply with laws around the world.”
“Ultimately, our difficult decision was based on a belief that the WikiLeaks website was encouraging sources to release classified material, which is likely a violation of law by the source,” he continued.
Muller's argument made no mention of organizations such as the International Tibet Network, which continues to solicit donations through PayPal even though some of their activities almost surely violate Chinese laws.
Over the past few days, other financial services, including Visa, MasterCard, and the Swiss bank Post Finance, have also suspended services to Wikileaks and Assange. The move has prompted criticism on Twitter and elsewhere by users who point out that Visa and MasterCard still permit payments to Ku Klux Klan groups but not to a group that so far has been charged with no crime.
Distributed denial of service attacks by people sympathetic to Wikileaks soon took out MasterCard and were also reported against EveryDNS.net, which suspended one of WikiLeaks domain names. US Senator Joe Lieberman and Sarah Palin – both outspoken WikiLeaks critics – and Swedish prosecutors, who are investigating Assange for alleged sexual offenses, have also been targeted, according to reports. A PayPal blog was also disrupted by attacks.
Subscribe to:
Posts (Atom)