Final Summer of Code Selection and Projects

[Fyodor <fyodor () insecure org>]

Nmap-hackers,

As previously announced, Google generously offered to sponsor summer
students developers to assist with the Nmap project (among others).
The response was overwhelming, with 233 applications for Nmap alone!
Of those, Google agreed to sponsor the 10 most exceptional candidates
and project ideas.  You'll see why I'm so excited about this when you
read about their projects and credentials below.  They plan to finish
all of this by September 1.  That will be quite a challenge, so you
are welcome and encouraged to submit ideas, testing results, or
patches for any of these projects that catch your interest.  The
development is taking place in the open, on Sourceforge projects and
the nmap-dev list.  Subscription information is available at
http://cgi.insecure.org/mailman/listinfo/nmap-dev .

Please join me in congratulating the Summer of Code winners:

Chris Gibson is bringing us a new and exciting reinterpretation of
Netcat and a packet crafter similar to but better for Nmap users than
hping, nemesis, or scapy.  Planned features for Ncat include:
  o Security: SSL, password-protected encrypted
    channels, incoming IP address restrictions
  o IPv6
  o Connection forwarding/redirection
  o Http and SOCKS proxy (chained) client support
  o Connection brokering to allow proxied communication between hosts
    that are each behind a NAT and thus can't connect directly.
Chris is a 2nd year computer science student at the University of
Manchester in the UK.

Ole Mortem Grodaas is designing and implementing a whole new Nmap GUI
and results viewer in C++/Qt and SQLite.  Read his ideas and sketches
at http://home.no.net/grodaas/nmap/details.html .  Note that this GUI
is meant to help advanced users manage large data sets.  It isn't a
simple wrapper program for novices who are intimidated by the
command-line.  Ole is a 2nd year technology student at the Norwegian
Military Academy.

Doug Hoyte is dramatically improving the version detection database
and adding cool new features.  He has already added hundreds of
signatures to the DB, written a port exclusion feature, and expanded
the DB format to include hostname and underlying OS information.  Doug
is preparing for his 3rd year in computer science at the University of
British Columbia Okanagan.

Bo Jiang is a Windows Czar, helping bring parity in features and
performance to that platform.  Bo is a 2nd year graduate
student in Computer System Engineering at Brandeis University.

Zhao Lei has demonstrated many great ideas for improving OS detection.
He is working to improve the database by integrating submissions and
will also help in adding new tests to provide more granular results.
We will soon be soliciting ideas for new tests on the nmap-dev list.
Zhao has completed two years of graduate study toward an Masters in
Software Engineering at Tsinghua University in Beijing.

Adriano Monteiro Marques (like Ole) is creating a new Nmap GUI and
results viewer.  His in-progress GUI, named UMIT, utilizes Python and
PyGTK.  One of the great values of open source software is choice.
Nmap users should be pleased to have two (more) excellent GUIs to
choose from.  Note that both new GUIs will be multi-platform.  Adriano
a 3rd year Information Systems student at Universidade Estadual de
Goias in Brazil.

Ronak Sutaria is another Windows Czar, focused on bringing feature
parity to windows.  He may also be creating a new installer with NSIS.
Considering that only 419 out of 8700 applications were accepted for
the whole SoC program, winners had to be extremely talented and lucky
to win just once.  He was one of a handful whose proposals were
accepted for two projects.  Of those two, we are lucky that he chose
Nmap.  Ronak has completed one year of graduate study towards a
Master's in Computer Science at New Jersey Institute of Technology.

Alok Tangoankar is using his strong background in language design and
implementation to add scripting language support to Nmap.  With this,
we plan to put Nessus out of business.  Just kidding, Renaud :).  Nmap
will probably focus more in information gathering scripts, though some
vulnerability and worm detections scripts may be useful as well.  Alok
recently received his masters in Computer Science at Stony Brok
University in New York, and is now pursuing a Ph.D. there.

Paul Tarjan is the Nmap performance Czar.  He has already produced
patches for storing port lists more efficiently (using STL maps rather
than huge arrays) and (you guys will like this) providing real time
performance stats and completion time estimates when you press enter
during Nmap execution.  Paul recently graduated with 2 honors degrees
(pure math and computer science) from the University of Calgary.  Next
year he will begin Master's studies in CS at Stanford University.

Bharath Venkatramani is the final (alphabetical by last name) Windows
Czar.  He is working to improve stability and performance on that
platform.  He may also create automated build system which does
everything from checking out the source code from Subversion to
compiling and processing it all into various shiny little packages
(installer, zip file, etc).  Bharath is a 4th year Computer Science
student at Virginia Tech.

Congratulations once again to these 10 winners!  I hope to do a
general Nmap release in a few weeks with some of their code as well as
features that I have cooked up.  So you may wish to cancel any August
vacations and just relax at home with a newly souped-up port 
scanner :).

I would also like to specially thank Google for coming up with this
innovative program and spending more than $2 million to fund it.  In
related news, it looks like they are also hiring Nmap users:

  "Google is looking for aspiring Systems Security Engineers to secure
  our growing infrastructure. If you dream about hardening Linux
  boxes, port scanning with nmap, and fixing security holes, we'd love
  to see your resume."
     -- http://tinyurl.com/dt4m8

Happy Coding,
Fyodor




_______________________________________________
Sent through the nmap-hackers mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-hackers