16:35 dinoex 

- disconnect openssl-beta

07:21 novel 

Re-add gnutls-devel port at version 2.7.4.

13:49 dinoex 

- disconnect openssl-stable

11:27 johans 

PyMe is a Python interface to GPGME library.

PyMe's development model is GPGME + Python + SWIG (just like m2crypto is
an OpenSSL + Python + SWIG) combination which means that most of the
functions and types are converted from C into Python automatically by SWIG.
In short, to be able to use PyMe you need to be familiar with GPGME.

WWW:    http://pyme.sourceforge.net/

09:05 ale 

Remove pecl-filter in favour of php5-filter.

Approved by:    maintainer

09:01 ale 

Add php5 filter extension.

08:58 ale 

Add php5 hash extension.

15:57 miwi 

- Connect security/opensaml2

00:20 amdmi3 

Lynis is an auditing tool for Unix (specialists). It scans the
system and available software, to detect security issues. Beside
security related information it will also scan for general system
information, installed packages and configuration mistakes.

This software aims in assisting automated auditing, software patch
management, vulnerability and malware scanning of Unix based systems.
It can be run without prior installation, so inclusion on read only
storage is no problem (USB stick, cd/dvd).

WWW: http://www.rootkit.nl/projects/lynis.html
Author: Michael Boelen

PR:             128909
Submitted by:   Cory McIntire <loon at noncensored dot com>

01:09 cy 

Retire fwbuilder and libfwbuilder version 2. They are no longer supported
by their developer.

16:08 araujo 

- libpwstor is a library implementing a password storage format
for C programmers.  This format provides a reasonable level of
security by utilizing SHA-256 in addition to a random salt to
mitigate dictionary and rainbow table attacks.

WWW: http://sourceforge.net/projects/kageki

PR:             ports/128328
Submitted by:   Matt D. Harris <mattdharris@users.sourceforge.net>
Reworked by:    myself

21:43 miwi 

Tuntun is an applet for Gnome panel that manage a list of vpn connections
through the OpenVPN Management Interface.

Main features

 * Simple & lightweight just a client GUI to start/stop your OpenVPN tunnels
   and nothing more
 * Integrated with the Gnome Desktop (support for the Keyring and notification
   daemon)
 * Support for Auth and Private-Key OpenVPN authentication methods

 WWW:   http://code.google.com/p/tuntun/

PR:             ports/128097
Submitted by:   Anderson S. Ferreira <anderson at cnpm.embrapa.br>

14:09 roam 

Initial import of paperkey-0.8, a simple tool for extracting the truly
secret parts of a PGP secret key for backup purposes.

Obtained from:  http://www.jabberwocky.com/software/paperkey/
Author:         David Shaw <dshaw@jabberwocky.com>

14:03 ehaupt 

Add op 1.32, controlled privilege escalation tool

08:09 miwi 

HTML_Crypt provides methods to encrypt text, which can be later be decrypted
using JavaScript on the client side.

This is very useful to prevent spam robots collecting email addresses from your
site, included is a method to add mailto links to the text being generated.

WWW:    http://pear.php.net/package/HTML_Crypt

08:08 miwi 

This package allows you to encrypt and decrypt strings or long integer arrays
with the XXTEA encryption algorithm, which is secure, fast and suitable for web
development.

WWW:    http://pear.php.net/package/Crypt_XXTEA

08:07 miwi 

Provides methods needed to generate and verify MicroIDs.

WWW:    http://pear.php.net/package/Crypt_MicroID/

14:23 miwi 

pycryptopp is a set of Python wrappers for a few of
the best crypto algorithms from the Crypto++ library.

WWW:   http://allmydata.org/trac/pycryptopp

PR:             ports/126977
Submitted by:   Wen Heping <wenheping at gmail.com>

23:03 jmelo 

- Add entry for security/snortsam.

21:32 cy 

Welcome fwbuilder and libfwbuilder 3.0.0, replacing 2.1.19. The old version
is deprecated and scheduled for deletion as it is no longer supported by its
author.

07:26 miwi 

This is a Camellia package for Ruby. Camellia engine is implemented in "C".
Supported key length : 128bit/192bit/256bit
Supported modes of operation : ECB/CFB/CBC

WWW:    http://info.isl.ntt.co.jp/crypt/eng/camellia/index.html

PR:             ports/126390
Submitted by:   Yoshisato YANAGISAWA <osho at pcc-software.org>

07:53 marcus 

Add pam_helper, a small utility which allows non-PAM or non-setuid
applications to make use of PAM's authentication services.

10:17 danfe 

Switzerland is a tool for testing networks, ISPs, and firewalls developed
by the Electronic Frontier Foundation (www.eff.org).

WWW: http://www.eff.org/testyourisp/switzerland

00:12 miwi 

Taking a hint from the similarly-named Java Cryptography Architecture,
QCA aims to provide a straightforward and cross-platform crypto
API, using Qt datatypes and conventions. QCA separates the API from
the implementation, using plugins known as Providers. The advantage
of this model is to allow applications to avoid linking to or
explicitly depending on any particular cryptographic library. This
allows one to easily change or upgrade crypto implementations
without even needing to recompile the application. QCA should work
everywhere Qt does, including Windows/Unix/MacOSX.

Capabilities:
TLS, CMS, X.509, RSA, DSA, Diffie-Hellman, PKCS#7, PKCS#12, SHA0,
SHA1, SHA224, SHA256, SHA384, SHA512, MD2, MD4, MD5, RIPEMD160,
Blowfish, DES, 3DES, AES128, AES192, AES256, CAST5, HMAC(SHA1, MD5,
RIPEMD160), PBKDF1(MD2, SHA1), PBKDF2(SHA1)

WWW: http://delta.affinix.com/qca/

13:54 lwhsu 

Add sshguard-ipfilter, protect hosts from brute force attacks against
ssh and other services using ipfilter.

PR:             ports/125975
Submitted by:   Mij <mij at bitchx.it>

03:19 beech 

ssl-admin was designed to create a user-friendly, menu-driven interface
to the OpenSSL programs.

ssl-admin will help you do the following tasks with SSL certificates:
  * Create your own CA certificate.
  * Create new Certificate Signing Requests
  * Sign existing Certificate Signing Requests
  * Manage Certificate Revokation Lists
  * Export configurations and certificates for OpenVPN.

PR:             ports/125875
Submitted by:   Eric Crist <ecrist at secure-computing.net>

13:20 wxs 

New port: FlowTag is a GUI interface for exploring the TCP flows in a
PCAP file.  It's strengths lie in:

   * rapid reconstruction of flows (via indexing),
   * visual selection of source IP and destination TCP ports;
   * filtering by time, packet count, and/or byte count
   * tagging flows with keywords

PR:             ports/125624
Submitted by:   Lee Hinman <lee@writequit.org>

04:27 beech 

- New port p5-Crypt-OpenSSL-AES-0.02

The Crypt::OpenSSL::AES module implements a wrapper around
OpenSSL's AES (Rijndael) library.

PR:             ports/125387
Submitted by:   John Ferrell <jdferrell3 at yahoo.com>

21:35 pav 

Ratproxy is a semi-automated, largely passive web application security audit
tool. It is meant to complement active crawlers and manual proxies more
commonly used for this task, and is optimized specifically for an accurate and
sensitive detection, and automatic annotation, of potential problems and
security-relevant design patterns based on the observation of existing,
user-initiated traffic in complex web 2.0 environments.

WWW: http://code.google.com/p/ratproxy/

PR:             ports/125249
Submitted by:   Steven Kreuzer <skreuzer@exit2shell.com>

23:06 araujo 

Net::SSH::Gateway is a library for programmatically tunneling connections to
servers via a single "gateway" host. It is useful for establishing Net::SSH
connections to servers behind firewalls, but can also be used to forward ports
and establish connections of other types, like HTTP, to servers with i
restricted access.

* Easily manage forwarded ports
* Establish Net::SSH connections through firewalls

WWW: http://net-ssh.rubyforge.org/gateway

PR:             ports/125053
Submitted by:   Philip M. Gollucci <pgollucci@p6m7g8.com>

23:03 araujo 

Net::SCP is a pure-Ruby implementation of the SCP protocol. This operates over
SSH (and requires the Net::SSH library), and allows files and directory trees
to copied to and from a remote server.

* Transfer files or entire directory trees to or from a remote host via SCP
* Can preserve file attributes across transfers
* Can download files in-memory, or direct-to-disk
* Support for SCP URI's, and OpenURI

WWW: http://net-ssh.rubyforge.org/scp

PR:             ports/125052
Submitted by:   Philip M. Gollucci <pgollucci@p6m7g8.com>

16:48 simon 

Retire the ca-roots ports, which expired long ago.

The port is deprecated since it is not supported by the FreeBSD
Security Officer anymore.  The reason for this is that the ca-roots
port makes promises with regard to CA verification which the current
Security Officer (and deputy) do not want to make.

For people who need a general root certificate list see the
security/ca_root_ns, but note that the difference in guarantees with
regard to which CAs are included in ca_root_ns vs. ca-roots.  The
ca_root_ns port basically makes no guarantees other than that the
certificates comes from the Mozilla project.

Note that the ca-roots MOVED file entry on purpose does not point at
ca_root_ns due to the change in CA guarantees.

With hat:       security-officer

06:31 linimon 

s/pear-Auth_OpenID2/php-Auth_OpenID2/ to go with what was actually
repocopied.

Reported by:    portsmon

13:04 edwin 

[repocopy] security/php-Auth_OpenID -> security/php-Auth_OpenID2

        Now supporting OpenID protocol version 2

PR:             ports/124737
Submitted by:   Edwin Groothuis <edwin@mavetju.org>

17:34 novel 

Remove security/gnutls-devel for a time while the experimental branch
is not active.

23:15 pav 

- Delete expired security/amavisd port: depends on misc/compat3x, which has
  security problems; old version

21:00 pav 

- Expired: No longer supported. Use p5-openxpki-client-html-mason instead

19:01 pav 

Delete security/cyrus-sasl, it has been expired for a year and a half.

03:43 edwin 

New port: security/fwknop fwknop,"FireWall KNock OPerator", implements
Single Packet Authorization (SPA).

        fwknop stands for the "FireWall KNock OPerator", and
        implements an authorization scheme called Single Packet
        Authorization (SPA). This method of authorization is based
        around a default-drop packet filter (fwknop supports both
        iptables on Linux systems and ipfw on FreeBSD and Mac OS X
        systems) and libpcap.

        SPA requires only a single encrypted packet in order to
        communicate various pieces of information including desired
        access through an iptables policy and/or complete commands
        to execute on the target system. By using iptables to
        maintain a "default drop" stance, the main application of
        this program is to protect services such as OpenSSH with
        an additional layer of security in order to make the
        exploitation of vulnerabilities (both 0-day and unpatched
        code) much more difficult. With fwknop deployed, anyone
        using nmap to look for sshd can't even tell that it is
        listening; it makes no difference if they have a 0-day
        exploit or not. The authorization server passively monitors
        authorization packets via libcap and hence there is no
        "server" to which to connect in the traditional sense.
        Access to a protected service is only granted after a valid
        encrypted and non-replayed packet is monitored from an
        fwknop client (see the following network diagram; the SSH
        session can only take place after the SPA packet is monitored):

PR:             ports/118229
Submitted by:   Sean Greven <sean.greven@gmail.com>

19:40 jadawin 

SpyBye is a tool to help web masters determine if their web pages
are hosting browser exploits that can infect visiting users with
malware. It functions as an HTTP proxy server and intercepts all
browser requests. SpyBye uses a few simple rules to determine if
embedded links on your web page are harmlesss, unknown or maybe
even dangerous.

SpyBye analyzes all downloads in the background and provides you
with a warning notification whenever it encounters content that
is potentially malicious. At that point, you can click on the link
in the notification and receive a more detailed analysis of the web page.

WWW: http://www.spybye.org/

PR:             ports/123945
Submitted by:   Paul Schmel <pauls utdallas.edu>
Approved by:    tabthorpe (mentor)

13:19 edwin 

[NEW PORT] security/openvas-server: A security scanner: a fork of Nessus

        OpenVAS stands for Open Vulnerability Assessment System and
        is a network security scanner with associated tools like a
        graphical user fontend. The core is a server component with
        a set of network vulnerability tests (NVTs) to detect
        security problems in remote systems and applications.

        WWW: http://www.openvas.org/

PR:             ports/123128
Submitted by:   Tomoyuki Sakurai <cherry@trombik.org>

13:17 edwin 

[NEW PORT] security/openvas-plugins: Plugins for OpenVAS

        OpenVAS stands for Open Vulnerability Assessment System and
        is a network security scanner with associated tools like a
        graphical user fontend. The core is a server component with
        a set of network vulnerability tests (NVTs) to detect
        security problems in remote systems and applications.

        WWW: http://www.openvas.org/

PR:             ports/123130
Submitted by:   Tomoyuki Sakurai <cherry@trombik.org>

13:15 edwin 

[NEW PORT] security/openvas-libraries: Libraries for OpenVAS

        OpenVAS stands for Open Vulnerability Assessment System and
        is a network security scanner with associated tools like a
        graphical user fontend. The core is a server component with
        a set of network vulnerability tests (NVTs) to detect
        security problems in remote systems and applications.

        WWW: http://www.openvas.org/

PR:             ports/123127
Submitted by:   Tomoyuki Sakurai <cherry@trombik.org>

13:14 edwin 

[NEW PORT] security/openvas-libnasl: NASL libraries for OpenVAS

        OpenVAS stands for Open Vulnerability Assessment System and
        is a network security scanner with associated tools like a
        graphical user fontend. The core is a server component with
        a set of network vulnerability tests (NVTs) to detect
        security problems in remote systems and applications.

        WWW: http://www.openvas.org/

PR:             ports/123129
Submitted by:   Tomoyuki Sakurai <cherry@trombik.org>

13:12 edwin 

[NEW PORT] security/openvas-client: A GUI client for OpenVAS

        OpenVAS stands for Open Vulnerability Assessment System and
        is a network security scanner with associated tools like a
        graphical user fontend. The core is a server component with
        a set of network vulnerability tests (NVTs) to detect
        security problems in remote systems and applications.

        WWW: http://www.openvas.org/

PR:             ports/123131
Submitted by:   Tomoyuki Sakurai <cherry@trombik.org>

02:49 lippe 

SquidClamAV is an interface to perform antivirus checks on data passing through
Squid Proxy.

WWW: http://www.samse.fr/GPL/squidclamav/

PR:             ports/119236
Submitted by:   Laurent LEVIER <llevier@argosnet.com>
Approved by:    araujo (mentor)

21:01 brix 

This is the base class for a system of objects that encapsulate
passphrases.  An object of this type is a passphrase recogniser: its
job is to recognise whether an offered passphrase is the right one.
For security, such passphrase recognisers usually do not themselves
know the passphrase they are looking for; they can merely recognise it
when they see it.  There are many schemes in use to achieve this
effect, and the intent of this class is to provide a consistent
interface to them all, hiding the details.

The CPAN package Authen::Passphrase contains implementations of
several specific passphrase schemes in addition to the base class.

WWW: http://search.cpan.org/dist/Authen-Passphrase/

Approved by:    erwin (mentor)

20:59 brix 

Perl XS interface for a portable traditional crypt function.

WWW: http://search.cpan.org/dist/Crypt/UnixCrypt_XS/

Approved by:    erwin (mentor)

20:58 brix 

Eksblowfish is a variant of the Blowfish cipher, modified to make the
key setup very expensive.  ("Eks" stands for "expensive key
schedule".)  This doesn't make it significantly cryptographically
stronger, but is intended to hinder brute-force attacks.  It also
makes it unsuitable for any application requiring key agility.  It was
designed by Niels Provos and David Mazieres for password hashing in
OpenBSD.

Eksblowfish is a parameterised (family-keyed) cipher.  It takes a cost
parameter that controls how expensive the key scheduling is.  It also
takes a family key, known as the "salt".  Cost and salt parameters
together define a cipher family.  Within each family, a key determines
an encryption function in the usual way.

This distribution also includes an implementation of "bcrypt", the
Unix crypt() password hashing algorithm based on Eksblowfish.

WWW: http://search.cpan.org/dist/Crypt-Eksblowfish/

Approved by:    erwin (mentor)

20:57 brix 

This perl module implements the LGI$HPWD password hashing function
from VMS, and some associated VMS username and password handling
functions.

WWW: http://search.cpan.org/dist/Authen-DecHpwd/

Approved by:    erwin (mentor)

19:15 miwi 

2008-05-15 net-p2p/dclibc: Abandoned, not used, website disappeared
2008-04-07 net-mgmt/ap-utils: Does not work with gcc4.2; appears to be abandoned
2008-03-31 multimedia/xfce4-xmms-controller-plugin: Project is dead
2008-05-15 www/pear-HTTP_Session: Use www/pear-HTTP_Session2 instead
2008-05-04 security/bioapitool: All functionallity of this tools has been merged
with pam_bsdbioapi

10:24 rafan 

sqlmap is an automatic SQL injection tool entirely developed in Python. It is
capable to perform an extensive database management system back-end
fingerprint, retrieve remote DBMS databases, usernames, tables, columns,
enumerate entire DBMS, read system files and much more taking advantage of web
application programming security flaws that lead to SQL injection
vulnerabilities.

WWW:    http://sqlmap.sourceforge.net/

PR:             ports/123851
Submitted by:   Tomoyuki Sakurai <cherry at trombik.org>

03:09 rafan 

Pwman3 is a console based password management application.
Pwman3 is written in python. It uses sql for storage
and all data is encrypted when it isn't being viewed on screen.

WWW: http://pwman.bleurgh.com

PR:             ports/123074
Submitted by:   Yarodin <yarodin at gmail.com>

13:19 araujo 

- Project was renamed security/barnyard-sguil6 to security/barnyard-sguil.

PR:             ports/122648, ports/122700
Submitted by:   Paul Schmehl <pauls@utdallas.edu> (maintainer)

18:54 brooks 

Admit I'm never going to actually fix security/drupal4-ldap_integration,
particularly since it's clear no one uses it and remove it from the tree.

23:21 pav 

- Remove, it's ancient and newer version is included in base of all supported
  releases

Suggested by:   sam

06:49 clsung 

EzCrypto is an easy to use wrapper around the poorly documented OpenSSL ruby
library.

Features
    * Defaults to AES 128 CBC
    * Will use the systems OpenSSL library for transparent hardware crypto
      support
    * Single class object oriented access to most commonly used features
    * Ruby like

WWW:  http://ezcrypto.rubyforge.org/

PR:             ports/122805
Submitted by:   Steven Kreuzer

21:15 barner 

Add fprint_demo 0.4, demo and test application for libfprint.

21:15 barner 

Add pam_fprint 0.2, PAM module offering finger print authentication
using libfprint.

21:14 barner 

Add libfprint 0.0.6, library for fingerprint reader devices.

15:50 pav 

- Remove entry for gnome-keyring-manager

Forgotten by:   marcus

07:37 pav 

A Perl module wrapping libzxid. Also zxid.pl, that implements SP in
mod_perl environment, is supplied.

WWW:    http://zxid.org/

PR:             ports/114800
Submitted by:   Gea-Suan Lin <gslin@gslin.org>

16:00 tabthorpe 

2008-02-29 security/acid: development has ceased, use security/base

21:39 miwi 

- Disconnect security/nmapfe (project was renamed to security/zenmap)

21:33 miwi 

- Connect security/zenmap to the build

15:47 danfe 

Add a port of ophcrack, a Windows password cracker based on rainbow tables,
with GTK+ GUI.

WWW: http://ophcrack.sourceforge.net/

04:25 tmclaugh 

- expire port: Long out of date with multiple security issues.
  (Don't worry, openssh-portable is still there.)

10:43 mm 

This is version 2 of PHP OpenID using the PEAR framework.

The PHP OpenID library lets you enable OpenID authentication on sites built
using PHP. It features the OpenID consumer, Store implementations, and an
OpenID server.

WWW:    http://openidenabled.com/php-openid/

09:11 vanilla 

Add yapet 0.1, a curses based password manager.

PR:             ports/121293
Submitted by:   Rafael Ostertag <rafi at guengel.ch>

01:07 miwi 

2007-11-22 x11-themes/indubstrial: yes
2008-01-14 x11-themes/gtk-smooth-engine: Redundant port (now included in
gtk-engines), no release since 2005
2007-09-21 security/amavis-perl: depends on misc/compat3x, which has security
problems
2007-12-31 sysutils/cdbakeoven: Abandonware
2008-01-04 net/gnu-finger: no active development and known security
vulnerabilities.
2007-11-16 misc/seizedesktop: development stalled for years, outdated,
unmaintained

05:58 rafan 

EasyPG is an all-in-one GnuPG interface for Emacs. It consists of two
parts: EasyPG Assistant and EasyPG Library.

EasyPG Assistant is a set of convenient tools to use GnuPG from
Emacs. EasyPG Library is a sort of an elisp port of GPGME, a wrapper
library which provides API to access some of the GnuPG functions.

WWW: http://sourceforge.jp/projects/epg/

PR:             ports/119008
Submitted by:   Shota Iwazaki <iwazaki8 at yahoo.co.jp>

23:24 miwi 

This Module decrypts all kind of Cisco encrypted hashes
also referred to as type 7 passwords. Further you can
encrypt any given string into a encrypted hash that will
be accepted by any Cisco device as an encrypted type 7 password.

WWW:    http://search.cpan.org/dist/Cisco-Hash/

PR:             ports/120498
Submitted by:   Tsung-Han Yeh <snowfly at yuntech.edu.tw>

22:43 miwi 

Implementation of the Diffie-Hellman Key Exchange cryptographic protocol
in PHP5. Enables two parties without any prior knowledge of each other
establish a secure shared secret key across an insecure channel
of communication.

WWW: http://pear.php.net/package/Crypt_DiffieHellman/

PR:             ports/120010
Submitted by:   Ditesh Shashikant Gathani <ditesh at gathani.org>

23:34 lme 

FCheck is an open source PERL script providing intrusion detection and policy
enforcement of Windows 95/98/NT/3.x and Unix server administration through the
use of comparative system snapshots. FCheck can provide notification of any
differences found through use of your event management system, printer, and/or
email when any monitored files or directories are altered, including any
additions and/or deletions.

WWW:    http://www.geocities.com/fcheck2000/

16:57 rafan 

Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on
a web application that uses Microsoft SQL Server as its back-end.

Its main goal is to provide a remote shell on the vulnerable DB server,
even in a very hostile environment. It should be used by penetration
testers to help and automate the process of taking over a DB Server when
a SQL Injection vulnerability has been discovered.

WWW: http://sqlninja.sourceforge.net/

PR:             ports/117276
Submitted by:   Valerio Daelli <valerio.daelli at gmail.com>

16:23 wxs 

New port: p5-Snort-Rule.

A module that facilitates the dynamic creation of rules for snort.

PR:             ports/120193
Submitted by:   Paul Schmehl <pauls@utdallas.edu>
Approved by:    garga (mentor)

11:56 miwi 

Network Security Monitoring Console is a framework for performing
analysis on packat capture files.

WWW:    http://thnetos.wordpress.com/nsm-console/

PR:             ports/119682
Submitted by:   Tomoyuki Sakurai <cherry at trombik.org>

06:38 beech 

- New Port maia-1.0.2a

- Maia Mailguard is a web-based interface and management system based on
  the popular amavisd-new e-mail scanner and SpamAssassin. Written in Perl
  and PHP, Maia Mailguard gives end-users control over how their mail is
  processed by virus scanners and spam filters, while giving mail administrators
  the power to configure site-wide defaults and limits.

        WWW: http://www.maiamailguard.com/

PR:             ports/119325
Submitted by:   Janky Jay <ek@purplehat.org> (maintainer)
Approved by:    linimon (mentor)

11:44 miwi 

This package provides an object oriented interface to GNU Privacy
Guard (GPG). It requires the GPG executable to be on the system.

Though GPG can support symmetric-key cryptography, this package is intended
only to facilitate public-key cryptography.

WWW: http://pear.php.net/package/Crypt_GPG/

05:24 lwhsu 

Add shimmer 0.1.0, perl implementation that hides a valuable port on
your server.

PR:             ports/119512
Submitted by:   Felippe de Meirelles Motta <lippemail at gmail.com>

11:15 beech 

- New port phpdeadlock-1.0.1
- Web-based user authentication/password protection system

PR:             ports/117122
Submitted by:   Greg Larkin <glarkin@sourcehosting.net> (maintainer)
Approved by:    linimon (mentor)

20:33 edwin 

XORSearch

XORSearch is a program to search for a given string in an XOR or
ROL encoded binary file. An XOR encoded binary file is a file where
some (or all) bytes have been XORed with a constant value (the key).
A ROL (or ROR) encoded file has it bytes rotated by a certain number
of bits (the key). XOR and ROL/ROR encoding is used by malware
programmers to obfuscate strings like URLs.

XORSearch will try all XOR keys (0 to 255) and ROL keys (1 to 7)
when searching. I programmed XORSearch to include key 0, because
this allows to search in an unencoded binary file (X XOR 0 equals
X).

If the search string is found, XORSearch will print it until the 0
(byte zero) is encountered or until 50 characters have been printed,
which ever comes first. 50 is the default value, it can be changed
with option -l. Unprintable characters are replaced by a dot.

WWW: http://blog.didierstevens.com/programs/xorsearch/
Author: Didier Stevens

22:57 miwi 

This program uses a brute force algorithm to guess your encrypted
compressed file's password. If you forget your encrypted file password,
this program is the solution. This program can crack zip,7z and rar file
passwords.

WWW: http://sourceforge.net/projects/rarcrack

PR:             ports/117630
Submitted by:   Philippe Audeoud <jadawin at tuxaco.net>

05:00 chinsan 

Add uberkey, a keylogger for x86 systems.

WWW: http://www.linuks.mine.nu/uberkey/

09:22 miwi 

pdfcrack is a command line, password recovery tool for PDF-files.

WWW: http://sourceforge.net/projects/pdfcrack

PR:             ports/117442
Submitted by:   Philippe Audeoud <jadawin at tuxaco.net>

02:51 alepulver 

This port contains the Shrew Soft ike daemon and client tools. The
software supports ike v1 communications between two gateways or a
a client and a gateway.

For more information please visit ...

WWW: http://www.shrew.net/

PR:             ports/116684
Submitted by:   mgrooms at shrew.net

16:52 novel 

OpenFWTK is an application proxy toolkit which inherits the ideology
of TIS fwtk and maintains API backwards compatibility. The design goal
is to make it simple yet powerful; no performance hacks allowed in the
code and library dependencies are reduced to minimum.

WWW: http://sourceforge.net/projects/openfwtk

PR:             ports/117194
Submitted by:   Anton Karpov <toxa at toxahost.ru>

03:35 tabthorpe 

2007-09-10 security/p5-Digest-SHA2: Has numerious known bugs, deprecated in
favor of Digest::SHA

23:33 sat 

- Sort category Makefiles

Inspired by:    Jason Harris <jharris@widomaker.com>
Howto:          http://twiki.cenkes.org/Cenkes/SortingCategoryMakefiles

13:21 rafan 

Wapiti allows you to audit the security of your web applications.
It performs "black-box" scans, i.e. it does not study the source code of
the application but will scans the webpages of the deployed webapp,
looking for scripts and forms where it can inject data.
Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to
see if a script is vulnerable.

WWW: http://wapiti.sourceforge.net/

PR:             ports/116873
Submitted by:   Philippe Audeoud <jadawin at tuxaco.net>

15:14 miwi 

2007-08-29 security/vncrypt: not supported on any current version of FreeBSD
2007-09-15 net-mgmt/ocs-unix-agent: Use net-mgmt/ocsinventory-agent instead

06:39 acm 

- New port: security/fpc-openssl

Free Pascal unit for OpenSSL

05:49 edwin 

new port: security/afterglow, a collection of graph-generating scripts

        AfterGlow is a collection of scripts which facilitate the
        process of generating event graphs and treemaps. AfterGlow
        1.x is written in Perl and generates output that can be
        read by GraphViz or LGL.  All the scripts and other files
        for afterglow are installed in ${DATADIR}

        WWW: http://sourceforge.net/projects/afterglow

PR:             ports/115186
Submitted by:   Paul Schmehl <pauls@utdallas.edu>

11:55 edwin 

new port security/ssss - Shamir's Secret Sharing Scheme

        ssss is an implementation of Shamir's secret sharing scheme
        for UNIX/linux machines. It is free software, the code is
        licensed under the GNU GPL. ssss does both: the generation
        of shares for a known secret and the reconstruction of a
        secret using user provided shares. The software was written
        in 2006 by B. Poettering, it links against the GNU libgmp
        multiprecision library (version 4.1.4 works well) and
        requires the /dev/random entropy source.

PR:             ports/115949
Submitted by:   Lukasz Komsta <luke@novum.am.lublin.pl>

08:15 edwin 

New port: security/seccure - SECCURE Elliptic Curve Crypto Utility for Reliable
Encryption

        The seccure toolset implements a selection of asymmetric
        algorithms based on elliptic curve cryptography (ECC). In
        particular it offers public key encryption / decryption,
        signature generation / verification and key establishment.

        ECC schemes offer a much better key size to security ratio
        than classical systems (RSA, DSA). Keys are short enough
        to make direct specification of keys on the command line
        possible (sometimes this is more convenient than the
        management of PGP-like key rings). seccure builds on this
        feature and therefore is the tool of choice whenever
        lightweight asymmetric cryptography -- independent of key
        servers, revocation certificates, the Web of Trust or even
        configuration files -- is required.

PR:             ports/115943
Submitted by:   Lukasz Komsta <luke@novum.am.lublin.pl>

07:47 edwin 

new port: security/hamachi (supersedes ports/110850)

        New port of Hamachi VPN, using Linux official binary and a
        patch on tuncfg.c based on the official OSX release.

        Hamachi is a software that eases the creation of secure
        VPNs even between nodes that would not be able to connect
        to each other (server-assisted connection can be established
        from two NATted client, if at least one of the two NAT
        associates the port to the client not checking remote host).

        UPX port is required in order to decompress the linux binary
        and avoid run-time dependency on /proc.

PR:             ports/112982
Submitted by:   Lapo Luchini <lapo@lapo.it>

03:46 marcus 

As promised, remove net-im/gaim, and all dependent ports.  Gaim has been
replaced by net-im/pidgin.

02:47 edwin 

New port: security/openvpn-auth-ldap - LDAP authentication plugin for OpenVPN

        The OpenVPN Auth-LDAP Plugin implements username/password
        authentication via LDAP for OpenVPN 2.x. It also includes
        some integration with the OpenBSD packet filter, supporting
        adding and removing VPN clients from PF tables.

        WWW: http://dpw.threerings.net/projects/openvpn-auth-ldap/

PR:             ports/113925
Submitted by:   Nick Barkas <snb@threerings.net>

18:44 se 

New port of w3af, the Web Application Audit and Attack Framework.
This is a Python based package of tools that can be used to assess
the security of a web server (including automated advanced tests,
e.g. for XSS or SQL injection vulnerabilities).

I did not get this port to work with the py-google port, there for
a local copy of pygoogle is included and packaged with this port.

17:55 itetcu 

Chaosreader is a perl script that parses snoop or tcpdump logs
and extracts sessions for a number of different appplications:
ssh, telnet, smtp, irc, ftp, etc.  The data are formatted into
an html file and can be used to replay some sessions.

Sshkeydata is a perl script that attempts to recreate ssh
sessions extracted by chaosreader by estimating what commands
may have been typed.

Both scripts are installed in ${PREFIX}/bin

WWW: http://sourceforge.net/projects/chaosreader

PR:             ports/115125
Submitted by:   pauls