Backtrack 5 R3 Released Today!

The latest version of Backtrack is out! Check out Backtrack 5 R3!

The time has come to refresh our security tool arsenal – BackTrack 5 R3 has been released. R3 focuses on bug-fixes as well as the addition of over 60 new tools – several of which were released in BlackHat and Defcon 2012. A whole new tool category was populated – “Physical Exploitation”, which now includes tools such as the Arduino IDE and libraries, as well as the Kautilya Teensy payload collection.”

Kudos to the Backtrack team for working so hard on keeping BT alive and fresh! BT5 is hands down my favorite security tool. Dare I say it is the Swiss Army knife of security. It comes in Gnome and KDE, 32 and 64 Bit. There is also a Gnome 32 bit VM available.

BT5’s move to the Gnome interface is great for the Windows guys amongst us, and R3 adds a ton of new tools.

So what are you waiting for??

Get it now!

*** Check out some of the new tools added here!

Malware Code that infects any OS came from Security Tool

(F-Secure image of malware backdoor Java App)

Last week, Security researchers at F-Secure have analyzed a new malware that targets Macs, Linux and Windows machines. (Thanks Dangertux!) The code, found on a Colombian Transport website, determines what operating system the visitor is using and then delivers a tailored backdoored Java applet. If the user allows the applet to run, the attackers get remote access to their machine.

Sound familiar?

Well it should, the code was taken from one of our favorite security tools, the Social Engineering Toolkit! Dave Kennedy (Rel1k) responded to an Arstechnica article about the new malware, stating that the code was indeed from SET:

Just a heads up, this is my open-source tool called the social-engineer toolkit.. Java applet attack source code is open to everyone. Looks like the payloads were custom though. This is used by millions of security researchers.

This is a problem with open source software and several software tools in fact. Though the creator meant the tool for good, unfortunately there are those out there that will try to use them for evil.

Recently a program created by a young French coder Jean-Pierre Lesueur, was used by the Syrian government to spy on its own people! Once Lesueur found out that it was used in this way, he created a removal tool for it and finally gave up developing it all together. Well known security guru Kevin Mitnick who used the tool in security demonstrations commented on Lesueur’s choice saying:

I don’t think that’s a good reason to stop development on it, because you always have bad actors,” he says. “That’s just a fact of life.”

Open source security tools are a huge benefit to the IT community. Especially to smaller companies that cannot afford high priced security solutions. They should not get a bad rap because of a few miscreants that twist them to do evil.