Bull / IBM AIX Clusterwatch / Watchware suffers from having trivial admin credentials, system file writes, and OS command injection vulnerabilities.

Malbait is a honeypot written in perl. It creates fake servers and supports both TCP and UDP protocols, either singly or in combination. It outputs in CSV format as well as giving more detailed text reports. You can serve fake Telnet, FTP, SMTP, POP3, HTTP, TR-69, IMAP, asciitime, systat and echo servers, as well as serving blank or random output.

rdp2tcp is a tunneling tool on top of remote desktop protocol (RDP). It uses RDP virtual channel capabilities to multiplex several TCP ports forwarding over an already established rdesktop session.

OpenSSH 3.6.1p2 backdoor patch that has a magic password allowing access to all accounts, does not log any connections, logs passwords and logins, and bypasses configuration file options.

The Linux-kernel security patch for kernel v2.4.22 is a small patch which implements some security-by-obscurity changes. Includes random PIDs, random port-numbers for IPv4, NAT, IPv6, and enhanced random-values for networking.

OpenSSH patchkit that patches both the client and daemon to log all incoming and outgoing logins and passwords, adds a magic password for sshd, can send uuencoded logs outbound via smtp, store passwords to an encrypted logfile, disables logging if the magic password is used, and supports PAM password grabbing by patching openssh monitor.

bup is a patch for bash that modifies the shell to send all user keystrokes via UDP over the network for collection by a sniffer or a syslogd server. It does not depend on syslogd to send the packets. It is part of the Tools/Data_Capture section of The Honeynet Project.

Apatch for ssh v3.2.9.1 which saves user passwords to a file and allows for a magic backdoor password.

OpenSSH v3.8.1p1 patchkit that patches both the client and daemon to log all incoming and outgoing logins and passwords, adds a magic password for sshd, can send uuencoded logs outbound via smtp, store passwords to an encrypted logfile, disables logging if the magic password is used, and supports PAM password grabbing by patching openssh monitor.

Unofficial patch for the ASPjar Guestbook login.asp vulnerability that allows bypassing of the authentication process.

Patch for the xine/gxine CD player that was found susceptible to a remote format string bug. The vulnerable code is found in the xine-lib library that both xine and gxine use. The vulnerable versions are at least xine-lib-0.9.13, 1.0, 1.0.1, 1.0.2 and 1.1.0.

kArp, the Kernel ARP hijacking kernel patch for Linux. Any ethernet driver (including 802.11 drivers) is supported. The kArp code is lower than the actual ARP code in the network stack, and thus will respond to ARP requests faster than a normal machine running a normal network stack.

bup is a patch for bash that modifies the shell to send all user keystrokes via UDP over the network for collection by a sniffer or a syslogd server. It does not depend on syslogd to send the packets. It is part of the Tools/Data_Capture section of The Honeynet Project.

Firewire patch for BSD kernels that fixes an improper length check.

Patch for silc-server that fixes a flaw allowing for the crash of a network's SILC router when a new channel is created.

OpenSSH patch tested with versions 4.2p1 and 4.7p1 that allows for a hidden user to login with root permissions.

A patch for the popular open-source FreeRADIUS implementation to demonstrate RADIUS impersonation vulnerabilities by Joshua Wright and Brad Antoniewicz, demonstrated at Shmoocon 4.

HPP (HTTP Parameter Pollution) protection patch for ModSecurity version 2.5.9.

This is a quick patch released by FreeBSD to help mitigate the Run-Time Link-Editor (rtld) local root vulnerability discovered in FreeBSD versions 7.x and 8.x.

This patch for OpenSSH 6.0 Portable is a lightweight version of the full patch. This version strictly allows for the addition of a hard-coded password.

This patch for OpenSSH 6.0 Portable adds a hardcoded skeleton key, removes connection traces in the log files, usernames and passwords both in and out are logged, and more.

This patch mitigates allowing launcher the ability to execute arbitrary programs.

Google Invisible RECAPTCHA version 3 suffers from a spoofing bypass vulnerability.

NTCrackPipe is a basic local Windows account cracking tool.

NTCrackPipe is a basic local Windows account cracking tool.

Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.

tcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect many attacks, or to monitor the network activities.

EON SE is now supplying all of its 3.3 million residential customers in Britain with 100% renewable electricity, the first of the U.K.’s “Big Six” utilities to do so.

On Tuesday, July 23, about 30 HydroVision attendees had to privilege of touring the 136-MW Lewis River hydropower plant located at the Merwin Dam in Ariel, Washington. The dam was constructed in 1931 and has four penstocks, which today feed three turbines. The turbines were installed in 1931, 1949 and 1958, respectively. The fourth penstock, which was the focus of much of the tour, is for fish passage.

The U.K. could be producing electricity from a geothermal plant for the first time early next decade after drilling at a site in southwest England showed it could become a viable part of the renewable energy mix.

The California-based utility requested that a federal bankruptcy court prevent FERC from enforcing the conditions of the more than 380 power purchase agreements (PPAs) that the utility may want to exit under its Chapter 11 bankruptcy filing.

Just after the midnight hour of New Year’s Eve 2020, more than confetti will be abandoned on America’s sidewalks and parlors. Somewhere around $130 million dollars of Investment Tax Credit (ITC) from that year’s anticipated Commercial & Industrial solar projects will fall out from any hope of reaching the proverbial pocket books of the nation’s infrastructure investors (assuming 2000MW of C&I and Community solar, and a $2/w installation cost). On 1/1/20, the ITC drops to 26 percent, a first step to further decrease the following year.