Private Cassandra client software for security alerts

[Gene Spafford <spaf () CERIAS PURDUE EDU>]

This should be of interest to many of you.


>     I am pleased to announce the availability of an open source,
> command-line version of the Cassandra system.  For 5 years the
> Cassandra
> system (https://cassandra.cerias.purdue.edu) has been delivering free
> vulnerability notifications based on NIST's ICAT database of CVE
> entries,
> and later, Secunia advisories were added.  These notifications were
> based on
> a profile of interest you entered, saving you time in doing
> searches for you
> every day and remembering which entries you had already seen
> (Meunier and
> Spafford, FIRST 2002).
>
>     However, using Cassandra meant that I (and CERIAS) had a list of
> possible vulnerabilities in your organization's systems, and this
> list was
> sent to you in plain text emails.  Even though Cassandra was never
> compromised, it (and the emails) made a tempting target;  risk-
> averse people
> and organizations were therefore unable to benefit from the
> service.  The
> new command-line tool, my_cassandra.php, solves these issues and
> can be
> downloaded from my home page:
>
> http://homes.cerias.purdue.edu/~pmeunier/
>
>     Because you get the source code and the custody of your
> profiles, this
> version of Cassandra should not generate the privacy concerns that the
> online version did.  As it is under your control you can also run
> it at the
> intervals you choose.  It is made available under an open source
> license so
> you can modify it.  It runs under PHP so it should run on almost any
> platform (tested on Windows XP SP2 and PHP 5.1.1, and MacOS 10.4.3
> and PHP
> 4.3.11 -- Windows users need to download also "cassandra.bat").
>
>     It works by downloading an XML export of recent entries in NIST's
> National Vulnerability Database, and comparing them to vendors,
> products and
> keywords specified in the file "profile.txt".  The tool will then
> open a
> browser window for each new and relevant entry, and save the list
> of seen
> entries in a file named "seen_CVE.txt" on your workstation.
>
> WARNING: The first time you run it, it will open a large number of
> windows.
> It is then up to you to run it when you have time to read the new
> entries.
>
> Regards,
> Pascal Meunier
> Purdue University CERIAS
>
> P.S.:  Thanks to the NVD team at NIST, and the people at MITRE
> doing the
> tedious and cautious work without which Cassandra would have no
> data, and
> special thanks for doing it swiftly.