It seems that Tennable are going to start charging to use Nessus commercially.  The Carnal0wnage blog does a good job of highlighting the pros and cons to this, so I won't repeat those views here.

Maybe now would be a good time for the pentest community to get behind OpenVAS - an open source fork of Nessus.  It's a very promising looking project, but still needs support to come up to the current Nessus standard.

If anyone knows of another good free VA tool, drop me a mail to pentestmonkey at pentestmonkey dot net and I'll post and update here. 

The metasploit guys have released a database of all 1024-bit DSA and 2048-bit RSA SSH public/private keypairs that could have been generated by x86 Debian/Ubuntu hosts vulnerable to the OpenSSL Predictable Random Number Generator flaw.

This opens up the possibility of two practical attacks against weak SSH keys during pentests:

1. If you can read a user's home directory and obtain their ~/.ssh/authorized_keys file, you can look up their corresponding private key in the metaspoloit key database and log into their account over SSH.  Nice.
2. If you find an SSH server that uses a weak key for it's host key (check if it's weak using dowkd.pl), you can look up the corresponding private SSH host key in the metasploit database, then perform a Man-in-the-Middle attack: when legitimate users attempt to log into the server, you ARP spoof them (or similar) so they're actually talking to your SSH server.  Your SSH server authenticates itself to the user with the legit server's private SSH key.  The user believes you're the legit server and sends their username and password to you over the encrypted channel*.

Well done to the metasploit guys for the quick turn-around.  And also well done the Debian guys for the open and efficient way they've dealt with this vulnerability.

* Probably only works if tunneled clear-text password are used.  I haven't completely through this through, but I'm sure you can do something pretty bad.