CDVT - Computer Defense Version Tracker

[HTRegz]

Hey Hey,

So a colleague and I were discussing jumping around from site to site to find the latest versions of software, even PacketStorm and Freshmeat require you search if you don't get there on the right day, or if you arrive during a busy time... As a result we decided on what I've named CDVT, based on my website..

Essentially we're going to contact software vendors and request their participation to create a centralized tracking program for their tools... Similar to what's on the Talisker website but more comprehensive, and more instantaneous. The vendors themselves will announce the latest version, our program will just pick it up and store it... generating a webpage, a rss feed and a csv (for people to pull into their own databases).

Basically I'm looking for anyone who has suggestions for vendors/authors/maintainers/projects they'd like to see included. You can post them here, PM me or leave comments on the posting I've created, related to it @ http://www.computerdefense.org/?p=17 or email me of course.

You can also keep an eye on who's been contacted, and who's responded and if it's a yes or a no answer...

We're hoping this will lighten the load on security individuals everywhere.... Feel free to leave any feedback.

Current Contact List is

nmap (verified participation)
nessus
snort
hping
dsniff
amap
hydra
BackTrack
WinPcap (verified participation)
ettercap
Ethereal
Cain & Abel
John the Ripper (verified participation)
Kismet (verified participation)
Metasploit
HiJackThis
StartupList

Peace,
HT

[Eyecre8]

I bet this list could grow out of control.
Regardless, wouldn't mind seeing the following added:

*Knoppix & Whoppix (WHAX) for live CD's.
*Black Widow for web crawler/Site rippers
*Retina for vuln assessments
How about any utulities from Foundstone or Sysinternals?

[HTRegz]

Originally posted here by Eyecre8
I bet this list could grow out of control.
Regardless, wouldn't mind seeing the following added:

*Knoppix & Whoppix (WHAX) for live CD's.
*Black Widow for web crawler/Site rippers
*Retina for vuln assessments
How about any utulities from Foundstone or Sysinternals?

Knoppix quite possibly.

Whoppix became WHAX became BackTrack which is on the list

Black Widow... can't say I know that but I'll check it out..

Retina ... Paid software therefore it's not going on the list... People who buy it get emails from them...

Foundstone / SysInternals freestuff may be worthwhile... I'll take alook for some of their tools..

Peace,
HT

[HTRegz]

Hey Hey,

So I just recieved a response from H D Moore, the Metasploit Project has signed on, and I'm in communication with Gerald from Ethereal.com, and it sounds positive.

(for anyone who cares or has read this)

Peace,
HT

[Locked]

Great idea man. How is this program being implemented? Is there a searh tool incorporated? Man I have a lot of questions. Btw, I've noticed your participation in the security focus mailing lists.

[HTRegz]

Originally posted here by Locked
Great idea man. How is this program being implemented? Is there a searh tool incorporated? Man I have a lot of questions. Btw, I've noticed your participation in the security focus mailing lists.

Hey Hey,

Yeah from time to time I'll help someone out on the security focus mailing lists if the topic hasn't already been played out to death. It's kinda sad... I'm subscribed to way to many mailing lists... some days I'll average 1000+ emails... without my personal emails included..

as for a search tool, I suppose that wouldn't be too difficult to add... let me know all your questions and I'll try my best to answer the..

I've also been in communication with Renaud now from nessus.. While neither nessus nor ethereal have confirmed yet, they've both shown definate interest... I'm hoping to have an alpha for demo by tomorrow night, with a beta by the end of the weekend... Then it may stay in beta stages until after my move.. we'll see..

As for the implementation... fairly simple..

they give me the url to the text file (csv format) which will have predefined fields.. To give them flexibility in the number of packages they release, it looks like we'll be including name, then current release, release date, download link, description, operating system.

My database will have homepage (of the author/projects), contact info, and the url to the text file..The server will pull down the files at regular intervals (time frame undecided.. we were thinking somewhere between 4 and 6 hours.. since it's a small txt it shouldn't be much of a bandwidth drain for them) and then dump their info into the database. The front-end will be a small web page or portion of code.. an rss field will also be written out, as will a compiled csv that people can pull down to run it themselves.

Peace,
HT

[Locked]

Nice. Mostly that answered all of my questions. Will there be links to the product provided in the txt files?Because if so, ironically, You could become the victim of a MITM attack whereby the desired txt file is relaced with a different one. Sorry, paranoia is the way of life of the security professional.

[ric-o]

This is a GREAT IDEA!

Only concern is only focusing on non-paid software. It would be nice to have paid stuff there too because not all vendors notify you. Many have autoupdate checkers but not all.

Some non-paid sw to add...
* All SysInternals software on their security, process & threads, and networking pages:
http://www.sysinternals.com/SecurityUtilities.html
http://www.sysinternals.com/NetworkingUtilities.html
http://www.sysinternals.com/Processe...Utilities.html
* Blacklight by F-Secure (http://www.f-secure.com/blacklight/)
* Spybot S&D

[HTRegz]

Hey Hey,

Locked, it is possible.. There is reliance on the individual webmasters to have properly secured servers. This is no different than an update being replaced... really.. So it's the same as trusting Windows Update, MSN downloading it's updates, Firefox grabbing it's updates.. Unfortunately at the base of the internet... there has to be a level of trust..

ric-o: It would be very nice to have paid stuff.... However for now, as selfish as it is, I'm writing this to benefit me... when it takes off (if it takes off) that could change... In the mean time.. if it's software I don't have or can't have... then I can't verify it's value... and leaves me with no real reason for including it SysInternals has a lot of tools... I'll contact them this afternoon and see if they express an interest... same with F-Secure... as for SpyBot... one concern with had with those types of places is a software release vs a version release, however I think we have a solution for that now... so yes I will be contacting the makers of SpyBot S&D as well as Lavasoft to see about AdAware...

Now if any big players in the security world are reading this and would like to be included... If you provide me with a copy of your software, so I can verify it's worth... I'll be more than happy to include it in the list... However, I'm guessing in the future you'll be included anyways..

As a side note... the blog is driven by wordpress... it failed me miserably today... I spent 45 minutes typing out a daily link list... like I do everything.. it had a few editorials.. some hardware stuff.. some security stuff and so on... I went to publish it... i was greeted by a blank page.. needless to say no link list today... unless I happen to have some free time later.

Peace,
HT