www.openwall.com
You are encouraged to use the mirrors, but be sure to verify the 40 signatures on software you download. We publish 41 security advisories, do 42 presentations, offer a number of 43 services, and accept 44 donations. We also maintain a 45 wordlists collection for use with password crackers such as 46 John the Ripper and with password recovery utilities, and a collection of pointers to 47 password recovery resources on the Net. The proper English explanations of requirements for strong passwords will now be generated for a wider variety of possible settings. October 10, 2003 An extensive 70 wordlists collection with wordlists for 20+ human languages and lists of common passwords is now available for download or 71 purchase on a CD (also 72 with UPS delivery options). September 15, 2003 There's a new development version of 73 John the Ripper featuring an event logging framework. John now logs how it proceeds through stages of each of its cracking modes. April 27, 2003 77 msulogin is now available separately from Owl. February 9, 2003 We're making public the 83 updated Openwall GNU/*/Linux presentation slides as used at FOSDEM, the third Free and Open source Software Developers' European Meeting, on February 8-9, in Brussels, Belgium. There's also the pre-FOSDEM 84 interview with Solar Designer available on 85 the conference web site. January 11, 2003 The 86 PAM modules and the 87 tcb suite that were originally developed for 88 Owl are now also conveniently linked from this web site. December 16, 2002 A popa3d Maildir support patch has been added to the contributed patches list on the 89 popa3d homepage. DAT) when running on any of the supported platforms, due to patches and VMS executables contributed by 92 Jean-loup Gailly. October 7, 2002 A 96 Russian translation of the Owl documentation and web pages is available. August 30, 2002 It is now possible to 100 order Owl on a CD. May 3, 2002 We're making public the 103 updated Openwall GNU/*/Linux presentation slides as used at CanSecWest/core02 information security conference on May 1-3, in Vancouver, Canada. April 18, 2002 New versions of 104 pam_passwdqc, the password strength checking PAM module, and 105 popa3d, the POP3 server, are available. February 27, 2002 We're making public our NordU2002 presentation slides on 107 Openwall GNU/*/Linux and on 108 SSH Traffic Analysis (which is just an updated version of the HAL2001 presentation). This version adds support for Solaris with native pam_unix. Please refer to the 113 Owl change log for information on the vulnerabilities and how they affect 114 Owl. It also adds certain bits of functionality that previously were missing or available as third-party patches only. Please test and report any problems you may have with this development version, especially on less common platforms, as popa3d is approaching a stable release. August 22, 2001 We're making available our HAL2001 presentation slides on SSH traffic analysis, conveniently linked from the 117 advisories page. August 6, 2001 We've updated our 118 security advisory on Passive Analysis of SSH (Secure Shell) Traffic with additional vendor fix information for TTSSH and for affected Cisco products. The updated advisory includes a bugfixed and improved version of SSHOW, the tiny SSH traffic analysis tool we use to demonstrate the attacks. Another recent addition is the OpenBSD-like change logs for both the 120 current and the 121 stable branch. The license for the entire package has been relaxed, and popa3d should be smaller and more portable now. May 12, 2001 After months of development we're making public a prerelease of 124 Owl, our security-enhanced server platform with 125 Linux and 126 GNU software as its core. It adds two functions and a manual page describing the programming interfaces, including on systems based on the GNU C Library with crypt_blowfish patched into libcrypt. The cracker is based on analysis by Thomas Roessler and Ian Goldberg. March 19, 2001 We've just published a 131 security advisory entitled Passive Analysis of SSH (Secure Shell) Traffic. This advisory demonstrates several weaknesses in implementations of SSH (Secure Shell) protocols. When exploited, they let the attacker obtain sensitive information by passively monitoring encrypted SSH sessions. Fix information, patches to reduce the impact of traffic analysis, and a tool to demonstrate the attacks are provided. February 9, 2001 Updated 132 Linux kernel patches have been released, which include fixes for the two recently announced Linux kernel vulnerabilities, both of which can result in a local root compromise.
|