I'm currently downloading the "Backtrack 4 Pre-Release" Live Linux Security Distribution - and with high expectations!

One of my favourite features of backtrack is the way which it categorises and organises tools in the applications menu of the window manager. This may seem a weird feature, but it makes sense. All the tools in BT are structured as to their use. For example; information gathering tools are grouped together whilst vulnerability scanners are in another group. As simple and obvious as this is, it does make finding and using new tools a lot easier!

Talking of tools, it has a huge variety - a list being available here. Which should allow even the most thorough penetration tester enough too be sure of the security of his target.

Furthermore it is "aligned to penetration testing methodologies and assesment frameworks" - listing both ISSAF and OSSTMM, both of which are stupid accronyms in opinion. Which leads me to an issue I have with the OSSTMM (Open Source Security Testing Methodologies Manual - See what I mean about the acronym now?) - does it not seem a little hypocritical for a company to base themselves around the "principles" of open source; but make you pay to download the latest (and UNCOMPLETED) draft version of the document? See for yourself here. To make matters worse, its not as if you just put money in and get the draft, you can pay to be a "silver team" member - and get access to a draft, but if you want the latest one? You guessed it - you have to pay to be a "gold team" member.. Oh, What would Richard Stallman say?

Back on topic - you can find Backtrack HERE and the wiki HERE.

Microsoft's "Computer Online Forensic Evidence Extractor" tool, or COFEE, has been leaked on to several well known bittorrent site it appears.

The register reports today that the tool was seen on a private tracker, before being seen much more readily available on ThePirateBay. A quick search of the TPB did demonstrate just how easily available it is.

The tool itself appears to be nothing very sophisticated - merely a way of logging all active network connections, active processes and a few other obvious tasks from a USB stick. Obviously this tool relies on the police finding the system alive and switched on at the time.

More interestingly however, is the way which the tool is laid out, it specifically states that it is only supported for Windows XP. However, there are clearly directories for "win2k", "win2k3" and "winvista" - which probably offers a modicum of support for Win7.

Overall, this appears to be much ado about nothing! For the full story, click here.

This was an awesome exploration - done with Clips, and 2 friends of his. Big thanks to these guys, it was a good night.

We started at Middlesex Street, ended up at Millenium Mills at Silvertown before moving on to home town for a relaxed walk around the abandoned Klinger factory on foots cray.

Really miffed that I didn't take any photos at this roof top as it was far too windy, and I was far too busy just admiring the view! I got a few crappy mobile phone pictures though - which are in the gallery linked below.

Here's a picture of the explorer himself though!



Here's the crappy mobile phone picture gallery.

Just stumbled across this rather neat project - Cryptool. (Wikipedia Link)

Its an open source project aimed at helping explain the fundamental principles behind encryption routines and cryptography in general. Its already in use in schools and universities - and seems to be getting rather a lot of praise!

Whilst it hasn't got a Linux version yet, there is a Qt4 port being worked on - and the current version seems to work fine under CrossOver Office on my xubuntu-x64 machine!

It offers several different encryption routines, allows you to view the output as well as giving you a description on the routine itself and the technical details.

Well worth a download if you're interested in Cryptography!

Following on from the theme of the last blog post - I've been hitting the books quite a bit recently.

Having recently purchased 2 audiobooks - Red Dwarf (Infinity Welcomes Careful Drivers) and 8 Simple Rules to Dating my Teenage Daughter - both excellent comedies on TV! Having already listened to Red Dwarf I am definitely going to buy the book as well, looks like it would be a good read!

I'm also reading 1984 - by George Orwell. Although I've tried to get through it before, and had an audiobook, I must say - this time I've tried reading it is has made me quite aware of todays world. I've always disliked the needless paranoia around privacy and the government - but actually some of it I was able to liken to things like the Data Protection Act and the Information Commissioner. But lets not get the tin foil hats ready!

Textbook wise I've been hitting the usual suspects - computer security and programming books and some psychology books. Although these have mainly been in ebook format due to the sheer amount of them and the prices! Try-before-you-buy if you like! Currently open are...

- Barry Farber - How to learn any language (I have my arabic books ready! :P)
- Richard N Kocsis (PhD) - Criminal Profiling, Principles and Practice (Interesting to flick through!)
- O'reilly - Hacking: The next generation (Predictions regarding the future of computer security)

Looks like I'm good for reading material for a while.. !