The Moral Character of Cryptographic Work (Reddit) SANS ISC SecNewsFeed(cached at December 14, 2015, 11:58 pm)

ClamXav 2.8.8 TidBITS(cached at December 14, 2015, 11:32 pm)

Updates the scanning engine and fixes several bugs. ($29.95 new, free update, 23.4 MB)

 

Read the full article at TidBITS, the oldest continuously published technology publication on the Internet. To get a full-text RSS feed, help support our work and become a TidBITS member! Members also enjoy an ad-free version of our Web site, email delivery of individual articles, the ability to make long comments with live links, and discounts on Take Control orders and other Apple-related products.

Bangladesh Extends Social Media Ban, Blocking Twitter and Skype Slashdotby samzenpus on twitter at January 1, 1970, 1:00 am (cached at December 14, 2015, 11:31 pm)

An anonymous reader writes: A month after temporarily blocking social media sites including Facebook and WhatsApp, the Bangladeshi government has now taken steps to take down online chat software Skype and social networking service Twitter. The decision came after a supreme court ruling which sentenced two opposition leaders to death, having found them guilty of crimes committed in the 1971 war of independence from Pakistan. The ruling rejected petitions to review the war criminals' death sentences. It divided the country, with many strongly protesting the decision. The social media ban is seen as a way to control any attempt at mass mobilization among dissidents.

Read more of this story at Slashdot.

'Million mile camera' views eclipse BBC News | Science/Nature | UK Edition(cached at December 14, 2015, 11:28 pm)

The American DSCOVR satellite stationed a million miles from Earth obtains a unique view of September's lunar eclipse.
Ex-US soldier court-martialled for desertion AL JAZEERA ENGLISH (AJE)(cached at December 14, 2015, 11:28 pm)

Sgt Bowe Bergdahl, who was released after five years in Taliban captivity, faces life in prison if found guilty.
Why Check Fraud Remains So Hot - and What to Do About it (InfoRiskToday) SANS ISC SecNewsFeed(cached at December 14, 2015, 11:28 pm)

Developer Claims 'PS4 Officially Jailbroken' Slashdotby samzenpus on playstation at January 1, 1970, 1:00 am (cached at December 14, 2015, 11:01 pm)

colinneagle sends word that a developer has claimed to have achieved a jailbreak of the PlayStation 4. Networkworld reports: "If you have a PS4 and want to run homebrew content, then you might be happy to know developer CTurt claimed, "PS4 is now officially jailbroken." Over the weekend, CTurt took to Twitter to make the announcement. He did not use a jail vulnerability, he explained in a tweet. Instead, he used a FreeBSD kernel exploit. Besides posting "an open source PlayStation 4 SDK" on GitHub, CTurt analyzed PS4's security twice and explained PS4 hacking. CTurt updated the open source PS4 SDK yesterday; he previously explained that Sony's proprietary Orbis OS is based on FREEBSD. In the past he released the PS4-playground, which included PS4 tools and experiments using the Webkit exploit for PS4 firmware version 1.76. To put that in context, Sony released version 3.0 in September. However, CTurt claimed the hack could be made to work on newer firmware versions. Other PS4 hackers are reportedly also working on a kernel exploit, yet as Wololo pointed out, it is unlikely there might be more than proof-of-concept videos as the developers continue to tweak the exploit. Otherwise, Sony will do as it has in the past and release a new firmware version. In October 2014, developers nas and Proxima studied the PSVita Webkit exploit, applied it to the PS4, and then released the PS4 proof-of-concept. Shortly thereafter. Sony pushed out new firmware as a patch."

Read more of this story at Slashdot.

Suspended Ledes Suck inessential.comat January 1, 1970, 9:00 am (cached at December 14, 2015, 10:59 pm)

Suspended ledes serve no purpose but to demonstrate the writer’s cleverness, and I get angry at the writer every time I read one.

(A suspended lede is where the thing-being-talked-about is withheld right at first. Some one or a few provocative sentences, designed to grab the reader’s attention, appear first — and then there’s the big reveal of the actual subject.)

* * *

This post, rewritten with a suspended lede, might have looked like this:

I hate it with the heat of a thousand white-hot stars on a summer afternoon, that overplayed gimmick, that tired writing tic that does nothing but draw attention to the writer’s cleverness.

Wow! What’s he talking about?! This is so danged interesting that I must keep reading! What a great writer!

The suspended lede.

Oh! Of course! That totally fits! What a great writer!

Puke. It’s so pukey.

* * *

Respect your readers: tell them the subject right up front. Write well enough to keep their attention. Don’t draw attention to your own cleverness.

VIDEO: Tim Peake rocket 'blessed' ahead of launch BBC News | Science/Nature | UK Edition(cached at December 14, 2015, 10:58 pm)

Sarah Rainsford reports as British astronaut Tim Peake prepares to blast off to the International Space Station.
Court pulls Nurofen products from Australian market AL JAZEERA ENGLISH (AJE)(cached at December 14, 2015, 10:58 pm)

Federal Court rules company behind popular painkillers made misleading claims about four-pain specific brands.
Twitter warns users of state-sponsored hacking (The Register) SANS ISC SecNewsFeed(cached at December 14, 2015, 10:58 pm)

What the government shouldve learned about backdoors from the Clipper Chip (ArsTechn SANS ISC SecNewsFeed(cached at December 14, 2015, 10:58 pm)

Cleaning Up After a Breach Post-Breach Impact: A Cost Compendium (SANS Reading Room) SANS ISC SecNewsFeed(cached at December 14, 2015, 10:58 pm)

AD Security's Unofficial Guide to Mimikatz & Command Reference, (Mon, Dec 14th SANS Internet Storm Center, InfoCON: green(cached at December 14, 2015, 10:57 pm)

Our own Mark Baggett (@markbaggett) recently reTweeted Sean Metcalfs (@PyroTek3) Tweet about his Active Directory Security post, an Unofficial Guide to Mimikatz Command Reference.
This is a freaking gold mine, well done Sean!
Using Mimikatz as part of red/blue exercises and scenarios is near and dear to my heart, its the attacker basis, along with PowerShell and Metasploit,of my May 2015 toolsmith, Attack Detection: Hunting in-memory adversaries with Rekall and WinPmem.Sean describes Mimikatz and its use with such robust detail, even the uninitiated should be able to grasp the raw power of the tool (both dangerous and useful).
First and foremost, Ill quote one of Seans most important points:
This information is provided to help organizations better understand Mimikatz capability and is not to be used for unlawful activity. Do NOT use Mimikatz on computers you dont own or have been allowed/approved to. In other words, dont pen-test/red-team systems with Mimikatz without a get out of jail free card.
Further, Sean developed this reference after speaking with both hired defenders and attackers, and learned that outside of a couple of the top three mostused Mimikatz commands, not many knew about the full capability of Mimikatz.
This page details as best as possible what each command is, how it works, the rights required to run it, the parameters (required optional), as well as screenshots and additional context (where possible). Sean indicates there are several that he hasnt dug intofully yet, but expects to in the near future.">Unofficial Guide toMimikatz Command Reference on your immediate must read and bookmark list and find safe ways to explore its capabilities.
Again, if your one of those folks who spend time in both red and blue team actvities, it">|">@holisticinfosec

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Apache HTTP Server 2.4.18 Released - http://httpd.apache.org/download.cgi, (Mon, Dec SANS Internet Storm Center, InfoCON: green(cached at December 14, 2015, 10:57 pm)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.