Nmap News: GoDaddy, 4.21ALPHA4, Google SoC, Training, and More

[Fyodor <fyodor () insecure org>]

Hello everyone!  While I haven't posted here in almost two months,
Nmap development continues full speed ahead!  In fact, there is so
much news that I am sending this mail in digest format rather than
flood your emailboxes with separate messages.

CONTENTS:
 o GoDaddy Redux

 o New Nmap release: 4.21ALPHA4

 o Nmap participating in Google Summer of Code '07: Application
   deadline is March 26

 o Fyodor and James "Professor" Messer giving Nmap training classes at
   CanSecWest on April 17.

 o James "Professor" Messer offering another free webinar, and has
   also released video Nmap training course.

 o Michael Crook apologizes on video for trying to shut us down


=================
==GoDaddy Redux==
=================

You guys must recall my last email about GoDaddy shutting down
SecLists.Org at the behest of MySpace.  After hours on the phone
trying (and failing) to get them to provide a reason for the shutdown
or to restore the site, I threatened to tell all my friends how they
had treated me.  They just laughed me off, but perhaps they didn't
realize that I have more than 50,000 friends on nmap-hackers :).  They
weren't laughing the next day when the story was on News.Com, Wired,
Slashdot, Digg, SecurityFocus, Info World, and hundreds of other
articles and blogs.  Thanks for spreading the word!

In the News.Com article, Godaddy was asked to explain themselves.
This is where they could have apologized and promised to be more
careful in the future.  Instead, GoDaddy general counsel Christine
Jones “pointed out that GoDaddy's terms of service say the company
'reserves the right to terminate your access to the services at any
time, without notice, for any reason whatsoever.'” In that same
article, Jones refuses to rule out suspending a site such as News.Com
if a reader posts illegal information in a discussion forum.

After I started hearing of many similar GoDaddy horror stories, I
decided to put up a site warning others not to use GoDaddy.  The
domain of my dreams for this was taken, but on a whim I wrote the
owner with a cash offer.  As luck would have it, the owner had been
mistreated by GD in the past, so he refused payment and transferred to
domain to me for free!  The site is live at:

http://NoDaddy.Com

And volunteer Rohan Sheth has set up forums (more than 120 posts
already) at:

http://forums.nodaddy.com/

I am also happy to report that my most important domains
(insecure.org, seclists.org, etc.) have been transferred to better
registrars.


================================
==New Nmap release: 4.21ALPHA4==
================================

While there hasn't been a "stable" Nmap release since 4.20 in
December, we have been active in the Alpha series on nmap-dev.  I just
released 4.21ALPHA4 yesterday, and it is the first one I am
comfortable placing on the Nmap download page.  Thanks to all of your
submissions, its 2nd generation OS detection database has grown 81%,
and the version detection DB has grown substantially as well.  It also
includes many bug fixes and experimental support for the Nmap
Scripting Engine and advanced tracerouting.  Give it a try!  Copies
are available at http://insecure.org/nmap/download.html .

==Nmap participating in Google Summer of Code '07==

After the program was a huge success for Nmap in 2005 and 2006, I'm
delighted to report that Nmap has been accepted again into Google's
Summer of Code program!  So Google will be paying students (high
school, university, and grad school) to spend their summer hacking
Nmap with myself and some other Nmap developers as mentors!  Many of
Nmap's coolest features were implemented as part of this program.
Examples are the 2nd generation OS detection system, the Nmap
Scripting Engine, and the runtime interaction feature which (among
other things) gives you time estimates when you press enter.

One of the biggest successes of the program was Adriano Monteiro's
UMIT graphical interface and results viewer for Nmap.  After
developing the program under Nmap SoC in '05 and '06, he has been
accepted to run it as his own independent program for SoC '07.
Congratulations, Adriano!

So if you are a student, do consider applying.  I have posted much
more information and project ideas here:

http://insecure.org/nmap/GoogleGrants.html

Keep in mind that the deadline for applications is Monday, March 26 at
5:00PM Google (Pacific) time!  If you think you might apply, consider
joining in the discussion on the Nmap SoC mailing list:
http://cgi.insecure.org/mailman/listinfo/soc


==================================================================
==Fyodor and James "Professor" Messer giving Nmap training class==
==================================================================

In 2005 and 2006 I gave Nmap training courses at the "Security
Masters' Dojo" which precedes CanSecWest in Vancouver B.C.  I'm
pleased to report that I'll be doing it again this year, and even more
pleased to report that Jamess "Professor" Messer has agreed to
co-instruct it with me.  These are hands-on all day courses, so you
need to bring a laptop with Nmap 4.21ALPHA installed.

To keep things focused and interactive, the two classes are limited to
10 people each.  The April 16 class somehow sold out before I even had
a chance to send this announcement.  There are still some seats
remaining for the April 17 class, so get them while they're hot:

http://cansecwest.com/dojorecon.html

Right after the dojos is the CanSecWest conference proper, which is
always a good one.  The speaker list was recently posted at:
http://cansecwest.com/speakers.html


======================================================================
==James "Professor" Messer offering Nmap webinar and training course==
======================================================================

James tells me that his last webinar (posted to this list) had more
than a thousand registrants!  So he is doing another free webinar,
with this one being an "Introduction to Nmap" on April 5.  Sign up at:
http://www.ProfessorMesser.com/nmapwebinar/

He has also launched a video Nmap training course ($197) called Nmap
Secrets, which is great if you don't have time or funds to fly up to
Vancouver and see us in person:
http://www.professormesser.com/nmap-secrets/


=======================================================
==Michael Crook apologizes for trying to shut us down==
=======================================================

You may recall that wacko who mailed my hosting provider claiming
(without any evidence) that a picture on seclists.org was child porn
and threatened to contact the FBI.  Then when that didn't work, he
sent a bogus DMCA complaint claiming under penalty of perjury that he
owned the copyright in the picture!  More details are at
http://seclists.org/nmap-dev/2007/q1/0067.html .

This guy had been sending many other bogus DMCA complaints to other
parties, and he finally got smacked down by the EFF!  As a settlement
of their lawsuit against him, Crook agreed to withdraw the bogus
complaints, take a copyright law course, and post a video apology.
That apology is here:

http://10zm.blip.tv/file/169553/

I think it is time that GoDaddy CEO Bob Parsons and General Counsel
Christina Jones post a similar video apology for wrongfully taking
down so many sites (not just mine), but I'm not holding my breath.


Cheers,
Fyodor

_______________________________________________
Sent through the nmap-hackers mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-hackers
Archived at http://seclists.org