Facebook Releases 'OSquery' Security Tool for Windows

OSquery, an open-source framework created by Facebook that allows organizations to look for potential malware or malicious activity on their networks, was available for Mac OS X and Linux environments until today.

But now the social network has announced that the company has developed a Windows version of its osquery tool, too.

When Facebook engineers want to monitor thousands of Apple Mac laptops across their organization, they use their own untraditional security tool called OSquery.

OSquery is a smart piece of cross-platform software that scans every single computer on an infrastructure and catalogs every aspect of it.

Then SQL-based queries allow developers and security teams to monitor low-level functions in real-time and quickly search for malicious behavior and vulnerable applications on their infrastructure.

In simple words, OSquery allows an organization to treat its infrastructure as a database, turning OS information into a format that can be queried using SQL-like statements.

This functionality is critical for administrators to perform incident response, diagnose systems and network level problems, help to troubleshoot performance issues, and more.

This open source endpoint security tool has become one of the most popular security projects on GitHub since its release in mid-2014 and was available for Linux distribution such as Ubuntu or CentOS, and Mac OS X machines.

So, if your organization was running a Windows environment, you were out of luck.

But, not today, as with the help of Trail of Bits, Facebook has finally launched the OSquery developer kit for Windows, allowing security teams to build customized solutions for their Windows networks.

"As adoption for osquery grew, a strong and active community emerged in support of a more open approach to security," reads the earlier version of Facebook's blog post provided to The Hacker News.

"We saw the long-held misconception of 'security by obscurity' fall away as people started sharing tooling and experiences with other members of the community. Our initial release of osquery was supported for Linux and OS X, but the community was also excited for a Windows version — so we set out to build it."

To get started with the OSquery developer kit for Windows, check this official documentation, the development environment, and a single script. The build is easy to install, and you can start coding right away.

You can read the full documentation of the development process of the OSquery developer kit for Windows on the blog post by Trail of Bits.

Kali Linux 2016.2 - Ready for Pentesters & Hackers

As promised at the Black Hat and Def Con security and hacking conferences, Offensive Security – the creators of Swiss army knife for researchers, penetration testers, and hackers – has finally released the much awaited Kali Linux 2016.2.

Kali Linux is an open-source Debian-based Linux distribution designed to help ethical hackers and security professionals with a wide range of tools for penetration testing, forensics, hacking and reverse engineering together into a single package.

Earlier the Kali Linux distribution was known as BackTrack.

Kali Linux 2016.2 is an updated Live ISO image of the popular GNU/Linux distribution that includes the latest software versions and enhancements for those who want to deploy the operating system on new systems.

What's new?

Besides bringing the updated Live ISOs of Kali Linux, the Kali Linux team brings multiple variants of the GNU/Linux distribution with various Desktop Environments, specifically KDE, Xfce, MATE, LXDE, and Enlightenment – all available only for 64-bit platforms.

What's even more exciting is that, from Kali Linux 2016.2 onwards, the team promises to release updated Live ISO images of Kali with new software versions and the latest security patches every week.

Since Kali Linux has been the most advanced and widely used distro for penetration testing and forensics, this weekly update has come up as exciting news for those involved in various hacking and security-related projects.

It's been several months since the last update to the official Kali Linux Live ISOs, and there are a few hundred new or updated packages pushed to the Kali repositories.

This means that the packages incorporated in the previous Kali Linux ISOs need bug fixes and OS improvements, which are implemented in the most recent versions of the Linux distro.

"Since our last release several months ago, there's a few hundred new or updated packages which have been pushed to the Kali reports," the Kali Linux team's announcement reads. "This means that anyone downloading an ISO even 3 months old has somewhat of a long 'apt-get dist-upgrade' ahead of them."

You can download the latest Kali Linux 2016.2 ISOs from its official website now. The Kali Linux team has also promised to bring a lot of exciting announcements in the next few weeks, so keep an eye on its announcements for the latest updates

A Software Bug, that Early Released 3200 Prisoners

Washington State Department of Corrections (DoC) is facing an investigation after it early released around 3,200 prisoners over the course of 13 years, since 2002, when a bug was introduced in the software used to calculate time credits for inmates' good behavior.

The software glitch led to a miscalculation of sentence reductions that US prisoners were receiving for their good behaviour.

Over the next 13 years, the median number of days of those released early from prison was 49 days before their correct release date.

"This problem was allowed to continue for 13 years is deeply disappointing to me, totally unacceptable and, frankly, maddening," Washington State Governor Jay Inslee said in a statement. "I've [many] questions about how and why this happened, and I understand that members of the public will have those same queries."

What's the Bug and How did it Remain Undetected for 13 Years?

The issue lies in DoC software that is used for calculating the release date for prisoners who showed good behavior while imprisoned.

The software bug was introduced in 2002, when the state's supreme court implemented a change to the "good time" credit system, allowing prisoners to claim credits for good behaviour while they are in:

• State Prisons 
• County jails

These credits are then used to shorten the length of prisoner’s sentence. To apply these changes, DoCs around the United States released the new versions of software but unfortunately, the code that calculated prison sentences was faulty.

DoC First Informed of the Issue 3 Years Ago

What's even more disappointing is that the authorities first learned of the bug in December 2012, when the family of an assault victim alerted DoC that the attacker was going to be set free too soon.

At that time, DoC filed a request, labelling the error as "time sensitive" and to be implemented as quickly as possible.

However, the Washington DoC hired a new IT manager in November, who alerted the authorities of how serious the bug had become. Inslee assures that a full fix for the bug is expected to be rolled out by 7th January.

Until then the DoC has been ordered not to release any prisoner without manually checking their actual release date