Brief: Moore releases flaw-finding tool

By Dennis Fisher, News Director 02 Aug 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

The new ActiveX tool, called AxMan, is a fuzzing engine designed to find flaws in COM objects in IE 6.0. AxMan is Web-based and works by listing all of the COM objects and the TypeLib data associated with them. The tool then uses that information to test each of the objects' properties and methods, Moore said in the release notes for AxMan.

The beta of Metasploit 3.0 has a slew of new features and modifications, including support for multiple shells for each exploit and new denial-of-service modules.

Moore has been in the spotlight for several weeks. Last month he declared July as the "Month of Browser Bugs" in which he posted details of a new browser flaw each day. Among the flaws he identified were a serious flaw in Internet Explorer involving an integer overflow error in the Common Controls library 'comctl32.dll', and multiple flaws in Firefox, which were addressed last week by the Mozilla Foundation.

Moore is scheduled to talk about the new version of the framework Wednesday at Black Hat.

News Editor Eric B. Parizo contributed to this article.

Tags: Open Source Security Tools and Applications,  Vulnerability Risk Assessment,  Security Testing and Ethical Hacking,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Open Source Security Tools and Applications Screencast: Samurai offers pen-testing nirvana Rootkit Hunter demo: Detect and remove Linux rootkits When to use open source security tools over commercial products Screencasts: On-screen demonstrations of today's IT tools Maltego demo: Identifying a website's trust relationships Free HP SWFScan tool detects Adobe Flash flaws L0phtCrack returns How to use (almost) free tools to find sensitive data Should open source disk-encryption software be used? Open source security concerns can trump cost savings Vulnerability Risk Assessment Are Web application penetration tests still important? McAfee to acquire Solidcore Systems for whitelisting The Pipe Dream of No More Free Bugs Vulnerability test methods for application security assessments Free HP SWFScan tool detects Adobe Flash flaws PCI QSA assurance program penalizes assessors Information security book excerpts and reviews New York drafts language demanding secure code Security experts identify 25 dangerous coding errors Microsoft Windows XML flaw exploits test desktop antimalware Vulnerability Risk Assessment Research Security Testing and Ethical Hacking Screencast: Samurai offers pen-testing nirvana McAfee to acquire Solidcore Systems for whitelisting The Pipe Dream of No More Free Bugs How to perform Microsoft Baseline Security Analyzer (MBSA) scans Free HP SWFScan tool detects Adobe Flash flaws Flaw disclosure debate polarizes SOURCE Boston panel L0phtCrack returns Information security book excerpts and reviews Should static analysis be a part of the software development process? Cracks in WPA? How to continue protecting Wi-Fi networks

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Blowfish  (SearchSecurity.com) Kermit  (SearchSecurity.com) Open Source Hardening Project  (SearchSecurity.com) SnortSnarf  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary