http://www.zdnet.com/article/if-apple-can-help-china-it-can-help-us-us-doj/

The Department of Justice is saying that Apple has already complied with similar orders in the past, saying Apple dedicated staff and infrastructure to comply. The DOJ also combated the Apple argument that this would cause pressure from other countries by saying that the pressure is brought on by their decision to do business in those countries.

The reading this week went through a number of additional modules and uses of metasploit. I thought it was fun to read some of the more random ones like the OSX camera exploit that takes a picture from the camera and the ability to see the mines in mine sweeper using mimkatz. The part about creating your own module was a lot for me to take in, slightly beyond my skill set at this time. The GUI section was a walkthrough of both the community version and the version found in Kali, Armitage.

http://www.zdnet.com/article/google-chrome-gets-ready-to-mark-all-http-sites-as-bad/

Google is preparing to show an icon on all non HTTPS websites in an effort to promote more webmasters to upgrade their websites to a more secure status. The big draw of an HTTPS website is that the connection is encrypted, making any data on the website more secure. I think this is a good initiative. It’s not harming a user’s ability to visit and use an HTTP website but it is responsibly communicating important information to website viewers so that they can make an informed decision about their browsing.

The reading for this week was a pretty comprehensive tutorial/manual for metasploit. I thought it was very good and organized rather well. I thought it was nice and simple, didn’t get too into the weeds. It was very good for people at our level of experience with the software. I’ve been pleasantly surprised so far by how straight forward metasploit is. A tool like this can seem intimidating but when it comes time to use it, it seems rather simple.

My question for the class: since some of us tried metasploit last semester for fun, were there any resources that you found beneficial?

Article: http://www.zdnet.com/article/teslacrypt-vulnerability-exposes-ransomed-files-to-free-cracking/

I thought this article was funny because it shows that sometimes the bad guys don’t execute very well and it leaves an embarrassing failure like this one behind. This ransomware can be decrypted without anyone needing to “pay up” for the stolen data.