Thursday, 3 May 2018

Kali Linux 2018.2 Release – The Best Penetration Testing Distribution

Kali 2018.1 Release
This Kali release is the first to include the Linux 4.15 kernel, which includes the x86 and x64 fixes for the much-hyped Spectre and Meltdown vulnerabilities. It also includes much better support for AMD GPUs and support for AMD Secure Encrypted Virtualization, which allows for encrypting virtual machine memory such that even the hypervisor can’t access it. Easier Metasploit Script Access
If you spend any significant amount of time writing exploits, you are undoubtedly familiar with the various Metasploit scripts that are available, such as pattern_createpattern_offsetnasm_shell, etc. You are likely also aware that all of these helpful scripts are tucked away under /usr/share/metasploit-framework/tools/exploit/, which makes them more than a little difficult to make use of. Fortunately, as of metasploit-framework_4.16.34-0kali2, you can now make use of all these scripts directly as have been included links to all of them in the PATH, each of them prepended with msf-.
root@kali:~# msf-
msf-egghunter          msf-java_deserializer  msf-nasm_shell
msf-exe2vba            msf-jsobfu             msf-pattern_create
msf-exe2vbs            msf-makeiplist         msf-pattern_offset
msf-find_badchars      msf-md5_lookup         msf-pdf2xdp
msf-halflm_second      msf-metasm_shell       msf-virustotal
msf-hmac_sha1_crack    msf-msf_irb_shell
root@kali:~# root@kali:~# msf-pattern_create -l 50 -s ABC,123 A1A2A3B1B2B3C1C2C3A1A2A3B1B2B3C1C2C3A1A2A3B1B2B3C1 root@kali:~#
Upgrade to Kali Linux 2018.2
If you already have a Kali installation you’re happy with, you can easily upgrade in place as follows.
root@kali:~# apt update && apt full-upgrade
More info.

Facebook Introduces ‘Clear History’ Option Amid Data Scandal

Facebook unveiled new updates to its social-media platform this week aimed at securing private data – including a new privacy control called “Clear History.” CEO Mark Zuckerberg outlined the new data privacy measure in a post. Clear History essentially brings the capabilities that users are familiar with in their web browsers – the ability to scrub their history and cookies – to Facebook.

With the new feature, users can flush their history so that it is cleared and no longer stored with their account. Facebook said it would take a few months to build the feature.
“As chief privacy officer for the past six years, it’s been rewarding to see the progress we’ve made. But now it’s time to supercharge this work,” said Facebook’s Erin Egan, in a post. “Clear History is one of our first steps. I look forward to working with privacy advocates, academics, policymakers and regulators to get their input on our approach.”
Facebook will still provide apps with aggregated analytics, without storing the information in a way that’s associated with user’s accounts. However, Zuckerberg warned that using Clear History means that users’ Facebook accounts will need to re-learn their preferences: “When you clear your cookies in your browser, it can make parts of your experience worse. You may have to sign back in to every website, and you may have to reconfigure things. The same will be true here.” Zuckerberg said that he took a step back to look at the platform’s data policies on the heels of the Cambridge Analytica scandal and his subsequent testimony in front of Congress.

“One thing I learned from my experience testifying in Congress is that I didn’t have clear enough answers to some of the questions about data,” he said. “We’re working to make sure these controls are clear, and we will have more to come soon.”
Facebook in March acknowledged that Cambridge Analytica – a consulting group that has worked on several high-profile political campaigns, including that of President Donald Trump’s – used the social media company’s platform to harvest the data of 50 million users. That debacle led to widespread criticism of the social media platform’s policies and security measures.
These worries have been expounded upon in the past week: A recent report found that at least 25,936 malicious apps are currently using one of Facebook’s APIs to access a range of information from Facebook profiles, like name, location and email address.
And this week, the CEO of Facebook-owned WhatsApp said that he would step down, reportedly after clashing with Facebook over personal data security.
“Facebook’s Cambridge Analytica scandal was about not only Facebook’s data practices, but also the surveillance-based business model that powers much of the popular web,”  Gennie Gebhart, researcher at the Electronic Frontier Foundation, told Threatpost. “We need to ask bigger questions about who is allowed to interact with user data and how. Do companies indeed need to lock down their APIs to cut off bad actors? On the other hand, how do we ensure that users are still able to access and interact with their own data with the help of third parties they trust? Whatever the right balance is, we have not found it yet.”
Facebook also announced that it would launch an optional, opt-in dating feature to its app. The dating platform will have a feature called “unlocking” to enable Facebook users make their profile visible to other users in events or groups. The rollout for that platform will be announced later in the year.