Breaking News

Amazon. com New Releases The best-selling new & future releases in Computer Scanners

Press release



SEATTLE--Aug. 29, 2001--Amazon. com (Nasdaq:AMZN) today announced the launch of its Computer store (http://www. amazon. com/computers), where customers can find great deals and authoritative sales help on a wide selection of new and refurbished computers.



With the latest desktops and notebooks from leading brands like Apple, Compaq, Hewlett-Packard, IBM and Toshiba, the new store offers computer solutions for everyone from small-business owners, families and college students to gamers, road warriors, graphics enthusiasts, technophiles and others. Additionally, the store will offer quality, refurbished computers, making it a great resource for bargain hunters.



"Whether you're heading back to school, looking for a second computer or setting up a home office, Amazon. com's new Computer store offers some terrific values," said Jeff Bezos, Amazon. com founder and CEO. "In addition to great deals on new computers, you can find refurbished computers for little more than your $300 tax rebate check."



Shoppers upgrading and expanding their computer systems will also find thousands of computer components and peripherals, including memory and CPU upgrades, digital audio receivers, game hardware, graphics cards, modems, monitors, networking tools, printers, scanners, sounds cards and thousands of business, office and home-related software titles.



To help both novice and sophisticated computer users find the right computer and peripherals based on their needs and budget, the store provides customers with the following tools:



Online and phone help: Get detailed and authoritative product information online and sales help on the phone at 888/533-5659.



Buying advisor tool: Receive recommendations on the best models based on budget constraints and anticipated uses.



Advanced search: Select a computer based on its specific components and features.



Side-by-side comparisons: Compare price, speed, memory size and other features of multiple computer models side by side on a single screen. Customers can also compare the best-selling, top-of-the-line, entry-level or popular models with a click of a button.



Accessory finder: Search for compatible peripherals and software for an existing computer based on its operating system and available interfaces.



Links to rebates: Eligible rebates are linked directly to products so customers can easily access and print rebate forms for added value.



Order fulfillment for new computers sold through the Amazon Computer store will be handled by Ingram Micro, Inc., the leading global wholesale provider of technology products and services.



"Amazon. com's new Computer store is a great technology resource for consumers," said Kevin Murai, president of Ingram Micro U. S. "We're pleased to contribute our world-class technology fulfillment expertise to the excellent customer service Amazon. com already provides to its customers."



Refurbished computers in the store will be sold by established third-party sellers like Essex Technology Group, Overstock. com and TechSmart, Inc.



In celebration of the launch, the Amazon Computer store is offering free standard shipping on all new notebook computer orders through Labor Day this year.



Amazon. com New Releases: The best-selling new & future releases in Computer Scanners



Topics include subverting firewalls and intrusion detection systems, optimizing Nmap performance, and automating common networking tasks with the Nmap Scripting Engine. Hints and instructions are provided for common uses such as taking network inventory, penetration testing, detecting rogue wireless access points, and quashing network worm outbreaks. Nmap runs on Windows, Linux, and Mac OS X.



Nmap's original author, Gordon “Fyodor” Lyon, wrote this book to share everything he has learned about network scanning during more than a decade of Nmap development. It was briefly the #1 selling computer book on Amazon (screenshot). The book is in English, though several translations are in the works.



Key facts: The ISBN is 978-0-9799587-1-7 (ISBN-10 is 0-9799587-1-7) and suggested retail prices are $49.95 in the U. S., £34.95 in the U. K., and €39.95 in Europe. Like most books, it costs less online (as little as $32.97 - see purchasing options). It is 468 pages long. The official release date was January 1, 2009, though Amazon managed to beat that by a couple weeks.



About half of the content is available in the free online edition. Chapters exclusive to the print edition include “Detecting and Subverting Firewalls and Intrusion Detection Systems”, “Optimizing Nmap Performance”, “Port Scanning Techniques and Algorithms”, “Host Discovery (Ping Scanning)”, and more. The solution selections which provide detailed instructions on the best way to solve common networking tasks are also exclusive to the printed book. The final table of contents and cover art are available.



Reviews are posted here as they come in. Please let me know if you post a review to your blog or anywhere else.




    If you are looking for the book on Nmap, the search is over: NNS is a winner”—Richard Bejtlich's detailed review. NNS also made Bejtlich's Top Books of 2008 list.




This is the ultimate Nmap reference guide” on “Nmap, the legendary network scanner”—Ben Rothke's Slashdot review.



Released for sale on Amazon on December 6th and already number 1 best seller in the Computer books category, this is the MUST-HAVE book on network scanning.”—David Heath's review for ITWire.



This is the most revealing technical book I've ever read about a security tool. Fyodor turns Nmap inside out to explain what it does, how it does it and why it was written that way. If you are looking for a definitive book on Nmap, this is it.”—Ethan Ten's 5-star Amazon UK review.



Nmap Network Scanning “Is required reading for anyone securing a network” and “Should be front and center on your desk for months and years to come”—Wireshark University founder Laura Chappell's glowing review.



NNS is “A must-have book to get the most out of NMAP”, filled with examples and analysis that are “Like looking over an expert's shoulder”—Mike Fratto's glowing and informative Information Week review.



I am amazed that after all these years I still learn stuff about nmap. The book is good and you should buy it!”—David Maynor



NNS will “Quickly become required reading for network engineers, system administrators, and anyone working in the computer security arena. I have been using nmap for nearly a decade and there were still some great tips and tricks that I found for the first time in these pages.”—Eddie Block's 5-star Amazon review.



Nmap is simply a required tool in the IT toolbox. Similarly, this book is required reading for anyone in IT to get the most out of that tool.”—About. com network security expert Tony Bradley's detailed 5-star review.



The book goes into the detail you would expect with the sort of information that true afficianadoes lust after” while being “Easy and fun to read with great examples along the way”—David Pybus's 5-star Amazon UK review.



I would recommend this as a must-have book for any network or security professional, as well as anyone wanting to learn more about TCP/IP”—JP Bourget's very detailed Ethical Hacker Network review.



Fyodor does an outstanding job covering everything from the most basic use of nmap, through advanced topics, such as evading detection”—Jon R. Kibler's enthusiastic review on the pen-test list.



Fyodor's absolute, incredibly definitive guide on Nmap will imbue you with rock-solid scanning stratagems”—Josef Chamberlin's 5-star Amazon review.



NNS is “The wealth of information contained in this book will have even hardcore nmap experts learning a thing or two about the preeminent network scanner.”—Brad Berkemier's review, which also calls NNS “Engaging and informative” and “The ultimate nmap guide”.



Nmap Network Scanning is a masterpiece that teaches the reader the Art of Network Mapping and Scanning. one of the best books I've read in years.”—Raul Siles' review.



Purchase options



This page lists online and physical bookstores for purchasing Nmap Network Scanning. If the prices change, you find another good option, or you encounter bad service from any of these providers, please let me know.

    Amazon. Com sells the book for $32.97, which includes domestic shipping. It is also available from International Amazon sites such as Amazon. Co. UK, Amazon. CA, and Amazon. DE. Barnes & Noble stocks NNS at many of their U. S. stores. From their Nmap Network Scanning page, enter your zip code in the "pick me up" box on the right hand side for a list of nearby stores which carry it. You can also order it online from that page, though it is cheaper at Amazon. KIMBooks lists NNS for $29.97. Domestic (U. S.) shipping is $3.15, for a total price of $33.12. A1Books. Com lists the book for $30.32. Shipping is $3.95 to the US (total price: $34.27) or $8.99 international (total: $39.31). Save an additional 5% if you sign up with a. edu email address. Tower Books sells NNS for $35.99 with free domestic shipping. Germans can purchase the book online from Lehmanns or at their physical bookstores in Berlin and Hamburg (call first to ensure stocking).



Several people asked whether Nmap Network Scanning is still up to date, particularly after the release of Nmap 5.00. The good news is that virtually all of the content remains accurate. But we have added some new features and NSE scripts which aren't yet documented in NNS.



For a comprehensive and completely current view of Nmap, I recommend reading Nmap Network Scanning first, then read all the changelog entries we've produced since the book was finished. The book is completely up-to-date with Nmap 4.76. So after (or before) you're done reading Nmap Network Scanning, visit the Nmap changelog and search in the file for “Nmap 4.76”. Read each item upward from there (scrolling backward) until you get to the top.



Translations



We would love to make the Nmap book more accessible by working with foreign publishers who will translate and distribute it in their markets. If you are such a publisher or know a good one to suggest, please let me know. Here are the current or in-progress translations:



Nmap - Netzwerke scannen, analysieren und absichern is the German translation by Open Source Press, released in June 2009 at a list price of €39.90. Translation was performed expertly by Dinu Gherman. They have contributed back their Nmap Reference Guide German translation.


Exame de Redes con NMAP is the Brazilian Portuguese translation by Editora Ciência Moderna. Translation was done by Angico and release was August 26, 2009. You can buy it directly from the publisher for R$95.20.


The official Korean translation, entitled 엔맵 네트워크 스캐닝, has been created by Acorn Publishing Co. The release date was November 16, 2009 at a list price of KRW 35,000.



Current status



August 26: Many Barnes & Noble stores now stock NNS, as described in the purchasing section.



August 26: Editora Ciência Moderna released the Brazilian Portuguese translation. See translations.



July 31: Held a book signing at Defcon. All copies sold out in 3 hours.



July 17: Added Updates section.



June 11: The German translation from Open Source Press is now available. They also contributed back a German translation of the Nmap Reference Guide.



January 30: Today the Amazon price is back to $32.97 after several days at $37.96. I hope they keep it at this price!



January 23: Amazon has raised their prices, so I've added more purchase options, though the cheapest is still only about $4.50 less than Amazon when domestic shipping is taken into account.



January 21: NNS receives a glowing review from About. Com.



January 19: Translation contracts have been signed for Korean and Brazilian Portuguese editions of Nmap Network Scanning! See the new Translations section for details.



January 5: Acorn Publishing Co. will be publishing the official Korean translation of Nmap Network Scanning! Release is expected in August.



January 4: NNS is finally in stock at Amazon U. K. and Amazon Germany. Amazon Canada currently still has a 1-3 week backlog.



December 31, 2008: NNS makes Richard Bejtlich's TaoSecurity Top Books of 2008 list.



December 29, 2008: A new Information Week review is one of the best so far!



December 19, 2008: The book is back in stock on Amazon after a 10 day dry spell!



December 10, 2008: Amazon has now indexed this book as part of their “Search Inside” program. While Amazon intends this as a marketing tool for prospective buyers, it can be even more useful for folks who already own the book. While we're proud of our index, Search Inside can help find more obscure terms or combinations of them. You can try this out by visiting the Amazon NNS page, scrolling down to the Search Inside box, and typing in a term such as Trinity or Microsoft.



December 9, 2008: Sales were so high that Amazon ran out of stock in the US, UK, and Germany. They say it may take a week or more to ship. Amazon still offers a great price, but for those who can't wait, I've added a purchasing options section. It includes vendor such as A1Books and Barnes & Noble with NNS in stock now.



December 9, 2008: Nmap Network Scanning sales surge further to become #1 on Amazon's computer book best seller list! Since we can't keep that rank forever, I took a screenshot (larger version).



December 6, 2008: Amazon has fixed the price so it is now $33.71 rather than $49.95. NNS is In stock and shipping!



December 2, 2008: The book has an initial page on Amazon. You can pre-order it now, but Amazon is showing a pre-order price of $49.95. I expect the price to be about $33 when Amazon starts shipping it within a week or two. Amazon will probably refund the difference per their "Pre-order price guarantee", but it might be safer to wait. Book seller BOOKSPLUSMORESTUFF claims to have the book "in stock" on Amazon for $53.94 including shipping. That may or may not be true.



November 14, 2008: The book is finished and submitted to the printer! The official release date is January 1, 2009, though our goal is to make it available on Amazon and other retailers by mid-December. To be notified upon publication, join the low-traffic nmap-hackers announcement mailing list.



September 15, 2008: The Black Hat/Defcon pre-release was a huge success! All of the Defcon copies were snapped up as soon as the vendor room opened, and the Black Hat copies also sold out in the first morning of the conference. Thanks to Bill Pollock of No Starch Press and Dave Hemsath of BreakPoint Books for handling sales. My conference presentation video and audio have been posted online just in time for the Nmap 4.75 release which includes the new features discussed in that presentation.



July 25, 2008: Defcon Pre-Release announced! We have decided to launch the book with a limited pre-release version at Defcon 16.



July 1, 2008: After years of work, Nmap Network Scanning is nearing completion. You can browse the current table of contents to see what is coming. We recently conducted a test-printing of some prepublication copies:



For the latest news about the Nmap book, join the low-traffic nmap-hackers announcement mailing list



Featured News



Nmap 7.00 Released



The Nmap Project is pleased to announce the immediate, free availability of the Nmap Security Scanner version 7.00 from https://nmap. org/. It is the product of three and a half years of work, nearly 3200 code commits, and more than a dozen point releases since the big Nmap 6 release in May 2012. Nmap turned 18 years old in September this year and celebrates its birthday with 167 new NSE scripts, expanded IPv6 support, world-class SSL/TLS analysis, and more user-requested features than ever. We recommend that all current users upgrade. The top 6 improvements in Nmap 6 are:

    Major Nmap Scripting Engine expansion, including 167 new NSE scripts Mature IPv6 support Infrastructure upgrades, including a bug tracker Faster scans Enhancements to SSL/TLS scanning Extreme portability



For full details, see the release notes or skip straight to the download page.



Rebooting the Full Disclosure Mailing List



Much of the security community has missed the Full Disclosure Mailing List since it abruptly shut down on March 19, so we've decided to reboot it for a fresh start! You can subscribe to the new list here.



Icons of the Web



The Nmap Project is pleased to release our new and improved Icons of the Web project! We scanned the Internet's top million web sites and created an interactive 5-gigapixel collage of the results. You can explore it with our online viewer including pan/zoom and search capabilities to find your favorite sites.



Nmap 6.40 Released



Nmap 6.25 Released



Nmap 6.00 Released



The Nmap Project is pleased to announce the immediate, free availability of the Nmap Security Scanner version 6.00 from https://nmap. org/. It is the product of almost three years of work, 3,924 code commits, and more than a dozen point releases since the big Nmap 5 release in July 2009. We recommend that all current users upgrade. The top 6 improvements in Nmap 6 are:

    Major Nmap Scripting Engine enhancements, including 289 new NSE scripts New web scanning capabilities Full IPv6 support, A new tool named Nping for packet generation and response analysis More capable Zenmap GUI and results viewer Faster scans



For full details, see the release notes or skip straight to the download page.



SecTools. Org Relaunched



3,000 people participated in the latest top security tools survey and we have relaunched SecTools. Org with the new data! We have also dramatically improved the site—it now allows user ratings and reviews, tracks release dates, offers searching and sorting, and allows you to suggest your own favorite tools. Are you familiar with all of the 49 new tools in this edition?



Nmap 5.30BETA1 Released With 37 New Scripts, Nping, and New Apple Vulnerability



We're proud to release Nmap 5.30BETA1 with about 100 significant improvements, including:

    37 new NSE Scripts, covering SNMP, SSL, Postgress, MySQL, HTTP, LDAP, NFS, DB2, AFS, and much more. Nmap developer Patrik Karlsson found a major remote vulnerability in Mac OS X, which allows access to files in the parent directory of an AFS share. He wrote a detection/exploitation NSE script, which you'll find in this release. An alpha test version of our Nping packet generation utility.



Nmap 5.20 Released



We're happy to release Nmap 5.20, offering 150+ significant improvements over 5.00, including:

    31 new NSE Scripts enhanced performance and reduced memory consumption protocol-specific payloads for more effective UDP scanning a completely rewritten traceroute engine massive OS and version detection DB updates (10,000+ signatures) Zenmap host filter mode shows just the hosts you're interested in.



For a more detailed list of changes, see the release notes. Source packages as well as binary installers for Linux, Windows, and Mac OS X are all available from the Nmap download page.



Nmap 5.00 Released!



After more than 18 months of work since the 4.50 release, Insecure. Org is pleased to announce the immediate, free availability of the Nmap Security Scanner version 5.00 from https://nmap. org. With nearly 600 significant changes, we consider this the most important Nmap release since 1997 and we recommend that all current users upgrade!



Source packages as well as binary installers for Linux, Windows, and Mac OS X are all available from the Nmap download page.



Nmap Network Scanning





From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, this book by Nmap's original author suits all levels of security and networking professionals. The reference guide documents every Nmap feature and option, while the remainder demonstrates how to apply them to quickly solve real-world tasks. Examples and diagrams show actual communication on the wire. Topics include subverting firewalls and intrusion detection systems, optimizing Nmap performance, and automating common networking tasks with the Nmap Scripting Engine.



Nmap 4.85BETA7 Released to Scan for Conficker Worm



The Conficker worm is receiving a lot of attention because of its vast scale (millions of machines infected) and advanced update mechanisms. Conficker isn't the end of the Internet (despite some of that hype), but it Is a huge nuisance we can all help to clean up.



Thanks to excellent research by Tillmann Werner and Felix Leder of The Honeynet Project and implementation work by Ron Bowes, David Fifield, Brandon Enright, and Fyodor, we've rolled out a new Nmap release which can remotely scan for and detect infected machines. Nmap 4.85BETA7 is now available from the download page, including official binaries for Windows and Mac OS X. To scan for Conficker, use a command such as:

Nmap - PN - T4 - p139,445 - n - v --script smb-check-vulns, smb-os-discovery --script-args safe=1 [targetnetworks]



You will only see Conficker-related output if either port 139 or 445 are open on a host. A clean machine reports at the bottom: “Conficker: Likely CLEAN”, while likely infected machines say: “Conficker: Likely INFECTED”. For more advice, see this nmap-dev post by Brandon Enright.



While Conficker gets all the attention, 4.85BETA7 also has many other great improvements.



Update: Changed version from 4.85BETA5 (first to detect Conficker) to 4.85BETA7, which includes further Conficker detection improvements, among other changes.



Nmap 4.75 Released



We are pleased to release Nmap 4.75, with almost 100 significant improvements since version 4.68. Key Nmap 4.75 changes include:

    Fyodor spent much of this summer scanning tens of millions of IPs on the Internet (plus collecting data contributed by some enterprises) to determine the most commonly open ports. Nmap now uses that empirical data to scan more effectively. Zenmap Topology and Aggregation features were added, as discussed in the next news item. Hundreds of OS detection signatures were added, bringing the total to 1,503. Seven new Nmap Scripting Engine (NSE) scripts were added. These automate routing AS number lookups, “Kaminsky” DNS bug vulnerability checking, brute force POP3 authentication cracking, SNMP querying and brute forcing, and whois lookups against target IP space. Many valuable libraries were added as well. Many performance improvements and bug fixes were implemented. In particular, Nmap now works again on Windows 2000.



Many of these changes were discussed in Fyodor's Black Hat and Defcon presentations. The audio and video has now been posted on the presentations page.



Download the source tarball or binaries for Linux, Windows, or Mac OS X from the Nmap download page. If you find any bugs, please report them.



Zenmap Gains Topology Maps and Aggregation Features





While Nmap stands for “Network Mapper”, it hasn't been able to actually draw you a map of the network—until now! The new Zenmap Network Topology feature provides an interactive, animated visualization of the hosts on a network and connections between them. The scan source is (initially) in the center, with other hosts on a series of concentric circles which represent the number of hops away they are from the souce. Nodes are connected by lines representing discovered paths between them. Read the full details (and oogle the pretty pictures) in our article on Surfing the Network Topology. Special thanks go to João Medeiros, David Fifield, and Vladimir Mitrovic for their tireless work in developing and integrating this new feature.



Another exciting new Zenmap feature is scan aggregation, which allows you to combine the results of many Nmap scans into one view. When one scan is finished, you may start another in the same window. Results of the new scan are seamlessly merged into one view.



You can try these and many other great features with the latest version of Zenmap, available from the Nmap download page.



Nmap Summer News Roundup



    Fyodor spoke in Las Vegas at the Black Hat Briefings and Defcon to discuss the results of large-scale Internet scans he has been conducting, and demonstrate how you can use the empirical data to make your scans (over the Internet or even internal) more efficient. He also showed off some new Nmap features which can help you bypass firewall restrictions, reduce scan times, and gather more information about remote hosts. The presentation video is now available on the presentations page. RSS feeds for mailing lists archived by SecLists. Org now sport message excerpts to make it easier to identify interesting messages. We now have a working search engine which covers all of our sites (Insecure. Org, Nmap. Org, SecLists. Org, and SecTools. Org. You can find the search bar on the left sidebar or bottom of our normal pages, or visit our search page directly. And for a bit of fun news, Nmap's movie stardom has grown with an appearance in its seventh movie!


Nmap Celebrates 10th Anniversary With Major Version 4.50 Release



After nearly two years of work since the 4.00 release, Insecure. Org is pleased to announce the immediate, free availability of the Nmap Security Scanner version 4.50 from https://nmap. org. Nmap was first released in 1997, so this release celebrates our 10th anniversary!



Major new features since 4.00 include the Zenmap cross-platform GUI, 2nd Generation OS Detection, the Nmap Scripting Engine, a rewritten host discovery system, performance optimization, advanced traceroute functionality, TCP and IP options support, and nearly 1,500 new version detection signatures. Dozens of other important changes—and future plans for Nmap—are listed in the release announcement. We recommend that all current Nmap users upgrade.



Update: Joe Barr at Linux. Com has written a great review of Nmap 4.50. In addition to testing the new features, he offers substantial background information on port scanning.



Nmap Featured in The Bourne Ultimatum



In The Bourne Ultimatum (IMDB), the CIA needs to hack the mail server of a newspaper (The Guardian UK) to read the email of a reporter they assassinated. So they turn to Nmap and its new official GUI Zenmap to hack the mail server! Nmap reports that the mail server is running SSH 3.9p1, Posfix smtpd, and a name server (presumably bind). They also make substantial use of Bash, the Bourne-again shell. Congratulations to Roger Chui for being the first to spot this. He also sent a scene transcript and the following HD screen shots (click for full resolution):



Other movies which have used Nmap include: Matrix Reloaded, Bourne Ultimatum, 13: Game of Death, Battle Royale, The Listening, and, uhh, HaXXXor: No Longer Floppy. Screens shots of Nmap in all of these movies are available on our new Nmap movies page. Nmap has become quite the movie star!



Introducing Zenmap, the Official Nmap GUI





After more than two years of development (starting with a 2005 Google Summer of Code project), we have replaced the venerable but dated NmapFE with a new cross-platform GUI named Zenmap. It is cross platform (tested on Linux, Windows, Mac OS X) and supports all Nmap options. Its results viewer allows easier browsing, searching, sorting, and saving of Nmap results.



Zenmap will appear in the upcoming 4.50 release and is already available in the release candidate packages on the Nmap download page. Zenmap screenshots and documentation are available at https://nmap. org/zenmap.



Zenmap is still under active development, but was integrated early because it is already much more powerful than NmapFE. Development is coordinated on the nmap-dev mailing list.



Nmap Featured in Die Hard 4



Yippee Ki-Yay! In Die Hard 4: Live Free or Die Hard (Wikipedia, IMDB), Detective John McClane (Bruce Willis) is dispatched to retrieve hacker Matthew Farrell (Justin Long) because the FBI suspects him of breaching their computer systems. Later, Justin is enlisted to help thwart terrorist mastermind Thomas Gabrial's attempts at total World destruction. In this Scene, Farrell demonstrates his Nmap skills:



Thanks to Andrew Hake for catching the cameo and sending these HD screen shots.



See our Nmap movies page for many more movies featuring Nmap.



Top 100 Security Tools List Released



After the tremendously successful 2000 and 2003 top security tools surveys, we are pleased to release our 2006 results at a brand new site: SecTools. Org. A record 3,243 Nmap users responded this year. Notable trends since 2003 include the rise in exploitation frameworks such as Metasploit, Impact, and Canvas; the increased popularity of wireless tools such as Kismet and Aircrack. 44 tools are new to the list. Security practitioners are encouraged to read the list and investigate tools they aren't familiar with. You may find the little gem that you never knew you needed.



SecLists. Org Back Up and Running



Our popular SecLists. Org public mailing list archive is back up and running after it was inexcusably shut down with no notice by our soon-to-be-former domain registrar GoDaddy at the behest of MySpace. Com. We believe web site content is the responsibility of the site owner (registrant) and (if that fails) hosting or bandwidth provider. If the whois contact data is valid, registrars shouldn't be involved without a court order.



Update: We have launched NoDaddy. Com to document GoDaddy's abuses of their registrar status.



Nmap 4.00 Released



After two years of work since the 3.50 release, Insecure. Org is pleased to announce the immediate, free availability of the Nmap Security Scanner version 4.00 from https://nmap. org.



Changes since version 3.50 include a rewritten (for speed and memory efficiency) port scanning engine, ARP scanning, a brand new man page and install guide, 'l33t ASCII art, runtime interaction, massive version detection improvements, MAC address spoofing, increased Windows performance, 500 new OS detection fingerprints, and completion time estimates. Dozens of other important changes -- and future plans for Nmap -- are listed in the release announcement.



Security List Archive Updated



RSS feeds have been added to all security mailing lists archived at SecLists. Org, making it even easier to keep up with the latest news from Nmap-Hackers, Nmap-Dev, Bugtraq, and all of the others. We have also added Dailydave, a highly technical discussion list covers vulnerability research, exploit development, and security events/gossip (with many smart people participating).



NSA Loads Nmap Release Status for President Bush Visit



Loading an external web site on their giant screen was risky. Imagine if this happened (thanks php0t)!

Meanwhile, Nmap makes an appearance at Walmart with the Nmap hacking chair



New Nmap Man Page



We are proud to announce that the Nmap man page has been completely rewritten. It is more comprehensive (double the length) and much better organized than the previous one. It is meant to serve as a quick-reference to virtually all Nmap command-line arguments, but you can learn even more about Nmap by reading it straight through. The 18 sections include Brief Options Summary, Firewall/IDS Evasion and Spoofing, Timing and Performance, Port Scanning Techniques, Usage Examples, and much more. It even documents some cool features that are slated for release in the next Nmap version (runtime interaction and parallel DNS resolution).



The new man page is best read in HTML format, though you can alternatively download the Nroff nmap.1 to install on your system.



We have issued a call for translations of the reference gu >

Fyodor has co-authored a novel on hacking, along with FX, Joe Grand, Kevin Mitnick, Ryan Russell, Jay Beale, and several others. Their individual stories combine to describe a massive electronic financial heist. While the work is fiction, hacks are described in depth using real technology such as Nmap, Hping2, OpenSSL, etc. Stealing the Network: How to Own a Continent can be purchased at Amazon (save $17), and your can read Fyodor's chapter online for free. STC was a best-seller, ranking for a while as the second-highest selling computer book on Amazon.

Update: Syngress has released a sequel: Stealing the Network: How to Own an Identity. They have generously allowed Fyodor to post his favorite chapter for free. So enjoy Bl@ckTo\/\/3r, by Nmap contributor Brian Hatch. It is full of wry humor and creative security conundrums to keep the experts entertained, while it also offers security lessons on the finer points of SSH, SSL, and X Windows authentication and encryption.



Nmap Gains Advanced Version Detection



After several months of intense private development, we are pleased to release Nmap 3.45, including an advanced version detection system. Now instead of using a simple nmap-services table lookup to determine a port's likely purpose, Nmap will (if asked) interrogate that TCP or UDP port to determine what service is really listening. In many cases it can determine the application name and version number as well. Obstacles like SSL encryption and Sun RPC are no threat, as Nmap can connect using OpenSSL (if available) as well as utilizing Nmap's RPC bruteforcer. IPv6 is also supported. You can read our new version detection paper for the details and examples, or just download the latest version and try it out here. Simply add "-sV" to your normal scan command-line options.



Nmap Featured in The Matrix Reloaded



We have all seen many movies like Hackers which pass off ridiculous 3D animated eye-candy scenes as hacking. So I was shocked to find that Trinity does it properly in The Matrix Reloaded [Under $6 at Amazon]. She whips out Nmap version 2.54BETA25, uses it to find a vulnerable SSH server, and then proceeds to exploit it using the SSH1 CRC32 exploit from 2001. Shame on them for being vulnerable (timing notes). Congratulations to everyone who has helped make Nmap successful! Click on these thumbnails for higher resolution or view more pictures here.



Updates:

    News articles about the Nmap cameo: BBC, Slashdot, SecurityFocus, Silicon. Com, CNET JWZ has added this cracking scene as an XScreenSaver 4.10 Easter Egg - run 'xmatrix - small - crack'. Dave from Lab6 notifies me that Nmap source code is displayed in Battle Royale: [Screen1] [Screen2] [Trivia] Several people have submitted matrix-themed banners to the propaganda gallery. Feel free to use any of these to link to Insecure. org - we appreciate it! The UK's Scotland Yard Computer Crime Unit and the British Computer Society have put out a joint warning that "Viewers of the new box office blockbuster 'Matrix Reloaded' should not be tempted to emulate the realistic depiction of computer hacking." Kids - don't try this at home!



I'm not happy with Windows 10 (details ins >



I'm not seeing any justification for me to upgrade to Windows 10 from Windows 8.1 (with a Start menu replacement). This is my personal opinion (yours might be different) and I realize that the product isn't GA yet - I just wanted to provide some feedback and air my thoughts to see if others agree.



Windows 10 continues the trend of stripping out desktop functionality to cater to tablet/phone users while placing an emphasis on sub-par services that provide MS long-term revenue streams (Xbox, Groove Music, Microsoft Store, Movies and TV). Let me qualify the following bullet points by stating that I've always been an early adopter that maintained an open mind for change - I didn't mind Vista and got used to Windows 8/8.1 rather quickly.



Modern Applications - The Windows store is a commercial failure and the majority of its offerings are terrible substitutes for classic third-party applications (ex. VLC Player, Chrome) or SaaS offerings (ex. Google Music or Netflix). Microsoft - accept the fact that you missed the boat on an app store, providing subscription services and building a viable mobile operating system. I STILL can't uninstall the majority of this bloatware - why Microsoft, why?



Edge - Improperly renders a good portion of my go-to websites and doesn't support extensions. back to Chrome.



Start Menu - I still don't see how this is an improvement over Windows 7 or Start8 for desktop users (without a touch screen). The tiles are still ugly, the 'Modern Apps' are still worthless compared to third party tools, the 'All Apps' sorting isn't customizable, the icons look poorly scaled. I could go on. How is this innovative?



Dual Monitor Support - I don't see any enhancements from 8.1 for dual monitor users - I do see one major drawback though: independent wallpapers. 8.1 allowed me to assign wallpapers independently to multiple monitors. I run one vertical monitor (for Google Music and reddit) so the wallpaper looks ridiculous when stretched to fit the 1080x1920 screen.



Cortana - The speech recognition is poor (with a Yeti Black microphone) and the majority of questions just pull up Bing searches in Edge. More importantly, we lack the ability to customize the search engine or browser that displays results! How is this - in ANY way - an improvement over Siri or Google Search? Voice commands aren't a net new feature - this SHOULD be better.



Automatic Driver Updates - Does ANYONE think this is a good idea? I'm all about keeping drivers up to date, but the potentially disastrous negatives vastly outweigh the positives. I've already been burned - my 2nd monitor is freaking out due to a current driver issue, when I revert to a previous versions it gets automatically updated.



Multiple Desktops - This is so far behind other solutions that it isn't even funny - why release this until you can compare to multiple desktop techniques from 10+ years ago. I will say that the new Task View is much better than previous iterations.



GUI Uniformity - Right click on an icon in the task bar - now right click on a file/folder in Explorer. Some windows look like Windows 7, some look like Windows 10. Title bars are straight up white with oversized minimize/maximize/close buttons that look stretched. Why can't Microsoft build a unified UI framework to save their lives? Boy this is ugly. I love minimalistic and simple UIs, but MS can't seem to scale its own icons/text properly without making it a blurry, headache inducing mess.



Am I missing something? All this praise for Windows 10 is confusing - is MS backing most of the media coverage?



(For reference, I'm using a desktop with an i7/16GB RAM/SSD/GTX 970/23" 1080P monitor.)



Discussion Info





Replies (12) 



* Please try a lower page number.



* Please enter only numbers.



* Please try a lower page number.



* Please enter only numbers.





I agree with all your very well stated points, not to mention that everything "app" related, constantly breaks itself, which is a real problem now because "settings" and "start menu" is an "app" now too



The company is faltering, they are just NOT producing the quality of software they used to produce, they are ages behind playing the catch up game, nobody wants to use their services so now they are just trying to force them on people against their will



Windows 10 has less features, options, user control and compatibility then windows 7, the UI is a total disaster mess, they cant even make the icons match eachother, its half "modern" and half "windows 7" and even part windows 95, its atrocious how many totally different styles of windows and settings they have going on all at once, and on top of it they took away the options to make it look somewhat better



But they don't care, its being released this way, they figure we are too dumb to notice how bad it is



You're not 'missing something' if you don't like Windows 10. Just because it's new doesn't mean it's better, despite what the Microsoft marketing machine wants you to believe. It's your choice to make.



I think you're going about it the right way: you're deciding what works or doesn't work for you. That's the only thing that matters.



You are wise to ignore all the hoopla, whether it comes from Microsoft or its fanatic fans or its fanatic haters.



Thanks James, very well said. I have all the same complaints.



My question to Microsoft: is it really that difficult to offer a UI for desktops and one for tablets/phones? Or at least offer greater customization? It is not rocket science. Windows 7 GUI was Awesome! Your Metro UI is horrible for desktop users. The GUI is eye candy. Not to mention its productivity and speed. Its like you gave us caviar with 7 now your giving us sauerkraut with the continued Metro UI. The only positive thing to say is the semi transparency in the start menu. Transparency was my favorite thing about 7 which you have bastardized Windows 7 with 8.



If your going to have a desktop OS. then have the GUI be desktop friendly.



It seems your goals are to make things more difficult and time consuming for desktop users. especially for power users; where things were a few clicks away, they are now 4 or 5 steps away.



Are you really trying to drive people to the Linux OS or perhaps Apple? Keep up the good work because your doing a bang up job of it.



Yea it seems like they are not focusing on a robust and efficient OS but instead on a bunch of fluf.



The UI is indeed a disaster. I counted at least 5 different context menu types with different sizes, different fonts, and different colors.



There is absolutely no consistency in the settings (control panel). We have a bypolar systems with some features only found in the old control panel type settings while others only in the new settings interfaces while yet others that existed but now are no where to be found. They are actually removing features and devolving into a piece of low end consumer type OS. There seems to be no design spec they are following.



Touch areas and buttons are all different sizes, and visual queues of what is a clickable is non existent or at least non uniform. The settings layouts of the OS and/or some of the apps (i. e. Edge) have no sectional groupings so they blend together in a confusing way with huge comical fonts as if they where designed by a pre-schooler.



Transparencies are mostly gone. So we are back to the 90s. At least then we couldn't do it because of performance. Now it is an ugly artificial choice for the sake of change.



No proper dual or multiple monitor support especially for differnt orientations and sizes. No multiple back grounds. No multiple task bars per monitor.



No proper comprehensive file search options. And its still way too slow. Google can search the entire Internet in less than a second, with windows it takes hours if you want to search within contents of all files on a large drive.



The Edge browser is full of bugs. No extensions. It can't event open popups properly and most of the settings options are gone.



Windows 10 is way better than 8 but its got a long way to go to dethrone Windows 7.



My two cents is that Windows is just a conduit to run a browser, software and peripherals. My issue has always been with a new version that it might break something. That is the experience for me with Windows 10. My Brother mobile scanner is NOT supported, upon upgrade the Synaptics Clickpad does not work correctly if at all on my Stream 11 from HP and neither HP or Microsoft seem to have a credible fix. HP provides only a chip driver and a couple value added software upgrades. But refer drivers to Windows update to handle that?? Passing the buck are they? Anyway, the real question for anyone is why upgrade something that works for something that does not work for you. Even if its "free"? I asked myself this question finally after struggling hours on two PC's trying to get everything working. I finally decided Windows 10 is not worth "free". Not at this point anyway, maybe months from now things will improve and I may try upgrading. But not before being convinced it will go better. My other frustration is with these notebook's like the Stream 11 that has only a small 32 GB storage drive. I managed to upgrade the Stream 11 but it took adding a Flash drive of at least 8GB to correctly install the Windows 10 upgrade.



Of course probably not everyone who bought a Stream 11 has that sitting around. Of course plenty of upgraders probably had little problem upgrading to Windows 10 and are enjoying the free Windows upgrade.



My only advice is first decide if you really need or want Windows 10, second determine if after the upgrade everything will work like before or better. Third, don't just upgrade now because your afraid you won't get Windows 10 free. You have a year to get it, and only 30 days to downgrade back to Windows? if you do not like Windows 10.



I personally went back to Windows 8.1 on my Stream 11, and HP laptop and Windows 7 on my desktop PC. Not because Windows 10 is hideous or poorly designed. Its because it stop me from doing what I need to do with a PC.

Комментариев нет