Brief: Moore releases flaw-finding tool

By Dennis Fisher, News Director 02 Aug 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

The new ActiveX tool, called AxMan, is a fuzzing engine designed to find flaws in COM objects in IE 6.0. AxMan is Web-based and works by listing all of the COM objects and the TypeLib data associated with them. The tool then uses that information to test each of the objects' properties and methods, Moore said in the release notes for AxMan.

The beta of Metasploit 3.0 has a slew of new features and modifications, including support for multiple shells for each exploit and new denial-of-service modules.

Moore has been in the spotlight for several weeks. Last month he declared July as the "Month of Browser Bugs" in which he posted details of a new browser flaw each day. Among the flaws he identified were a serious flaw in Internet Explorer involving an integer overflow error in the Common Controls library 'comctl32.dll', and multiple flaws in Firefox, which were addressed last week by the Mozilla Foundation.

Moore is scheduled to talk about the new version of the framework Wednesday at Black Hat.

News Editor Eric B. Parizo contributed to this article.

Tags: Open Source Security Tools and Applications,  Vulnerability Risk Assessment,  Security Testing and Ethical Hacking,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Open Source Security Tools and Applications Screencast: How to launch an OpenVAS scan Could Metasploit popularity erode? Metasploit Project acquired by vulnerability management firm Rapid7 SSH key compromise shuts down Apache website Screencast: Smoothwall offers firewall defense in lean times Screencast: Samurai offers pen-testing nirvana Rootkit Hunter demo: Detect and remove Linux rootkits When to use open source security tools over commercial products Screencasts: On-screen demonstrations of security tools Maltego demo: Identifying a website's trust relationships Vulnerability Risk Assessment Screencast: How to launch an OpenVAS scan Trusteer CEO criticizes Adobe, touts better patch deployments Patch management study shows IT taking significant risks Vulnerability mitigation study shows need for faster patching Microsoft to issue security report card, new tool at Black Hat Newest malware threats Are Web application penetration tests still important? PCI compliance requirement 6: Systems and applications Cybercrime and threat management McAfee to acquire Solidcore Systems for whitelisting Vulnerability Risk Assessment Research Security Testing and Ethical Hacking Could Metasploit popularity erode? Metasploit Project acquired by vulnerability management firm Rapid7 Should management processes change based on a patch release schedule? Does an EULA make it truly illegal to decompile software? Screencast: BackTrack 4 offers an arsenal of penetration testing tools Security testing firm uncovers XML vulnerabilities Screencast: Samurai offers pen-testing nirvana The requirements needed to make an external penetration test legal McAfee to acquire Solidcore Systems for whitelisting The Pipe Dream of No More Free Bugs

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Blowfish  (SearchSecurity.com) Kermit  (SearchSecurity.com) Open Source Hardening Project  (SearchSecurity.com) SnortSnarf  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary