lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 27 Aug 2010 10:33:52 -0400
From: Andrew Gavin <andrew.opendlp@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: OpenDLP 0.2.2 VirtualBox VM released

I have released an Ubuntu 10.04-based VirtualBox VM with OpenDLP 0.2.2
(http://opendlp.googlecode.com) preconfigured and nearly ready to use.
The only thing required is to copy an "sc.exe" binary from a Microsoft
Windows system and place it into a specific directory inside the VM.
Please consult the README file here (this supercedes the README inside
the 7z archive):

http://opendlp.googlecode.com/files/README-VM.txt


Overview
OpenDLP is a free and open source, agent-based, centrally-managed,
massively distributable data loss prevention tool released under the
GPL. Given appropriate Windows domain credentials, OpenDLP can
simultaneously identify sensitive data at rest on hundreds or
thousands of Microsoft Windows systems from a centralized web
application. OpenDLP has two components: a web application and an
agent.

Web Application
* Automatically deploy and start agents over Netbios/SMB
* When done, automatically stop, uninstall, and delete agents over Netbios/SMB
* Pause, resume, and forcefully uninstall agents in an entire scan or
on individual systems
* Concurrently and securely receive results from hundreds or thousands
of deployed agents over two-way-trusted SSL connection
* Create Perl-compatible regular expressions (PCREs) for finding
sensitive data at rest
* Create reusable profiles for scans that include whitelisting or
blacklisting directories and file extensions
* Review findings and identify false positives
* Export results as XML
* Written in Perl with MySQL backend

Agent
* Runs on Windows 2000 and later systems
* Written in C with no .NET Framework requirements
* Runs as a Windows Service at low priority so users do not see or feel it
* Resumes automatically upon system reboot with no user interaction
* Securely transmit results to web application at user-defined
intervals over two-way-trusted SSL connection
* Uses PCREs to identify sensitive data inside files
* Performs additional checks on potential credit card numbers to
reduce false positives
* Can read inside ZIP files, including Office 2007 and OpenOffice files

Intended Audience
* Penetration testing consultants
* System, network, or security administrators
* Compliance consultants

Twitter
Release announcements: http://twitter.com/OpenDLP

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ