In an earlier post I spoke of different pieces of software I had been using to rip my DVDs to media files, never content to just leave things as they are I took to piecing bits and chunks of various episode clips together. I tried a few different Linux video editors including Kino (a KDE staple), PiTiVi (to be included by default in Ubuntu 10.04), and Cinelerra.

As of this afternoon, the msfencode command has the ability to emit ASP scripts that execute Metasploit payloads. This can be used to exploit the currently-unpatched file name parsing bug feature in Microsoft IIS. This flaw allows a user who can upload a "safe" file extension (jpg, png, etc) to upload an ASP script and force it to execute on the web server.

Update: This module, just like the original exploit, only works on IE6 at this time. IE7 requires a slightly different method to reuse the object pointer and IE8 enables DEP by default.

Many database servers helpfully provide version number, platform, and other salient details to just about anyone who asks, authenticated or not, which makes fingerprinting these applications a snap. However, Postgres is a little more coquettish about revealing such personal information about itself to just anyone. The best way to determine Postgres' version is to log in and just ask with a "select version()" query, but what if you don't (yet) have credentials?

Lucky for unauthenticated types, it turns out that Postgres is pretty forthcoming in its authentication failure messages.

For those of you who don't know me, I have been a developer and computer security enthusiast for many years. I have been involved in computer security, specifically, for the last ten years. The first six years were as an independent research and hobbyist. I have spent the last four years working professionally as a software vulnerability researcher.

Tomorrow I will become the latest addition to the Metasploit and Rapid7 team, filling the Exploit Developer position. I am truly honored to have the chance to be part of such a talented team.

This morning we released version 3.3.3 of the Metasploit Framework - this release focuses on exploit rankings, session automation, and bug fixes. The exploit rank indicates how reliable the exploit is and how likely it is for the exploit to have a negative impact on the target system. This ranking can be used to prevent exploits below a certain rank from being used and limit the impact to a particular target.

On December 1st, Rapid7 announced the Community Edition of the NeXpose vulnerability management product. At the same time, we released version 3.3.1 of the Metasploit Framework, which contains the first step towards full integration between NeXpose and Metasploit.

A few weeks back the girl I have been dating for awhile now had idly made a complaint about her laptop being poky at certain tasks. I'd used the thing once or twice to check my email and recalled it was running Vista - no surprise there. I like this girl a lot and figured it was time to take that next step in our relationship:I offered to put Linux on her laptop.

story describes installation and configuration of Nagios for remote monitoring using nrpe

How do I monitor a remote linux system using Nagios
Solution / Answer:

Use th NRPE daemon to execute Nagios plugins on the remote server and report back to the monitoring host server.
NRPE Remote Server Installation and Setup

One of the nicest things about Bluefish is that it uses 30 to 45 percent less memory than other editors. This makes quick edits less of a hassle. Sometimes, other editors can be too clunky, and I found myself reverting to a console-based text editor to make a minor change, but Bluefish should stop this from happening. It has built-in project support, so you can easily open multiple files and keep them organized in the right path. It has all the standard stuff, like line-numbers, search and replace, and code highlighting for languages like HTML, Ruby (go Rails!), Python, and PHP.