Facebook Releases 'OSquery' Security Tool for Windows

OSquery, an open-source framework created by Facebook that allows organizations to look for potential malware or malicious activity on their networks, was available for Mac OS X and Linux environments until today.

But now the social network has announced that the company has developed a Windows version of its osquery tool, too.

When Facebook engineers want to monitor thousands of Apple Mac laptops across their organization, they use their own untraditional security tool called OSquery.

OSquery is a smart piece of cross-platform software that scans every single computer on an infrastructure and catalogs every aspect of it.

Then SQL-based queries allow developers and security teams to monitor low-level functions in real-time and quickly search for malicious behavior and vulnerable applications on their infrastructure.

In simple words, OSquery allows an organization to treat its infrastructure as a database, turning OS information into a format that can be queried using SQL-like statements.

This functionality is critical for administrators to perform incident response, diagnose systems and network level problems, help to troubleshoot performance issues, and more.

This open source endpoint security tool has become one of the most popular security projects on GitHub since its release in mid-2014 and was available for Linux distribution such as Ubuntu or CentOS, and Mac OS X machines.

So, if your organization was running a Windows environment, you were out of luck.

But, not today, as with the help of Trail of Bits, Facebook has finally launched the OSquery developer kit for Windows, allowing security teams to build customized solutions for their Windows networks.

"As adoption for osquery grew, a strong and active community emerged in support of a more open approach to security," reads the earlier version of Facebook's blog post provided to The Hacker News.

"We saw the long-held misconception of 'security by obscurity' fall away as people started sharing tooling and experiences with other members of the community. Our initial release of osquery was supported for Linux and OS X, but the community was also excited for a Windows version — so we set out to build it."

To get started with the OSquery developer kit for Windows, check this official documentation, the development environment, and a single script. The build is easy to install, and you can start coding right away.

You can read the full documentation of the development process of the OSquery developer kit for Windows on the blog post by Trail of Bits.

Apple Tracks Chatting using iMessage & Shares Data with Police

Doing conversations with your friend on iMessage and thinking that they are safe and out of reach from anyone else other than you and your friend? No, it's not.

End-to-end encryption doesn't mean that your iMessages are secure enough to hide your trace because Apple not only stores a lot of information about your iMessages that could reveal your contacts and location, but even share that information with law enforcement via court orders.

According to a new document obtained by The Intercept, Apple records a log of which phone numbers you typed into their iPhone for a message conversation, along with the date and time when you entered those numbers as well as your IP address, which could be used to identify your location.

Actually, every time a user type a phone number into their iPhone for a message conversation, iMessage contacts Apple servers to find out whether to route a given message over the iMessage system.

"Apple records each query in which your phone calls home to see who's in the iMessage system and who's not," The Intercept reports.

Moreover, the company is compelled to turn over this information to law enforcement with a valid court order — generally "pen registers" or "tap and trace devices" warrants that are very easy to obtain.

Pen register warrants are routinely being used to compel telephone companies to provide metadata about customers' phone calls to law enforcement.

Apple Logs Your IP Address (Location)

But it’s surprising that Apple, which has positioned itself as a staunch defender of its user privacy by refusing the federal officials to provide encryption backdoors into its products, hands over its users' information on iMessage contacts under such warrants.

The report also points out that keeping logs of users IP address that could be used to reveal one’s actual location is contrary to Apple's 2013 claim that the company "do not store data related to customers' location."

The Intercept obtained the document, titled 'iMessage FAQ for Law Enforcement,' about Apple's iMessage logs as part of a much larger cache originating from within a state police agency, "The Florida Department of Law Enforcement's Electronic Surveillance Support Team."

The team facilitates mass data collection for law enforcement using controversial tools such as Stingrays, along with the help of conventional techniques like pen registers and tap and trace devices warrants.

Although your iMessages are end-to-end encrypted, it doesn’t mean that all Apple users are enjoying the company's so-called privacy benefit.

If you have enabled iCloud Backup on your Apple devices to keep a backup of your data, the copies of all your messages, photographs and every important data stored on your device, are encrypted on iCloud using a key controlled by Apple, and not you.

So, Apple can still read your end-to-end encrypted iMessages, if it wants.

Even if you trust the company that it won't provide your decrypted data to law enforcement (just don't forget San Bernardino case in which Apple helped the FBI with the iCloud backup of the Shooter's iPhone), anyone who breaks into your iCloud account could see your personal and confidential data.

Apple deliberately Weakens Backup Encryption

Fortunately, it is possible to store your backups locally through iTunes, though it is not such an obvious choice for an average user.

What's even worse is that a recent issue in the local password-protected iTunes backups affects the encryption strength for backups of devices on iOS 10, allowing attackers to brute-force the password for a user's local backup 2,500 faster than was possible on iOS 9.

Apple has already confirmed that the issue exists and that a fix would be included in an upcoming update.

However, in response to the latest report about iMessage logs, Apple provided the following statement:

"When law enforcement presents us with a valid subpoena or court order, we provide the requested information if it is in our possession. Because iMessage is encrypted end-to-end, we do not have access to the contents of those communications. In some cases, we are able to provide data from server logs that are generated from customers accessing certain apps on their devices. We work closely with law enforcement to help them understand what we can provide and make clear these query logs don’t contain the contents of conversations or prove that any communication actually took place."

The Florida Department of Law Enforcement still has to comment on the matter.

HP Launches ALL-IN-ONE Multi-Funtional Smallest Inkjet Printer

On Monday HP revealed their latest printer series, called DeskJet Ink Advantage 3700 All-in-One Series. Available in the market from September 26th with a price of Rs 7,176, the new DeskJet is said to be world’s smallest all-in-one printer.

The HP DeskJet Ink Advantage 3700 series offers easy printing on smartphones and tablets for social media accounts like Instagram and Facebook by combining robust print, scan and copy capabilities.

“Today’s launch has unfurled a new chapter about amazing engineering experiences that weoffer to our customers. HP’s new DeskJet Ink Advantage printers is yet another innovation which is an answer to the evolving customer needs,” Rajiv Srivastava, HP Managing Director in India, said.

The company claims that the device is “half the size of other inkjet all-in-one printers”, fundamental reason for its inclusion in TIME Magazine’s 50 Most Influential Gadgets of All Time. The Hp All-in-One printer measures only 15.86 inches wide by 17.75 inches deep by 10.39 inches tall. For a multi-function printer, that’s very small.

Is the Claim Correct?

Well what’s strange is that HP’s claim that this is the smallest all-in-one printer doesn’t quite check out. It seems a company named Primera has an all-in-one printer which is far smaller than this one. Even HP itself has launched an all-in-one printer smaller than this, dubbed HP Officejet 150.

So how can HP claim that this is the world’s smallest printer in the world? It seems HP’s claim comes with an asterisk (*). The claim is limited for any all-in-one printer which costs less than $250 while the two all-in-ones we just mentioned cost even more than that amount.

Considering the price of the HP 3755 all-in-one, it definitely makes more sense to buy a small multi-function printer than to spend upwards of 25K for one. So HP has definitely done well with this one, keeping the price and size to a minimum, albeit their claim is a little misleading.

Standout Feature

Apart from being compact, the 3700 All-in-One Series provides facility for HP All-in-One Remote mobile application to be synched with the device.

Features such as print, scan and copy can all be carried out wirelessly using the free application. The app is available across all three major mobile platforms; iOS, Android and Windows devices.

The mobile devices can not only access their printer without a network but also print directly using Wi-Fi Direct.

Internet of Things (IoT)

Parikshet Singh Tomar, Director, Printing Systems claimed that HP will introduce IoT if the demand increases.

He said, “The company has a different thought process today. We are working towards satisfying the needs of the Next-Gen consumer. If IoT printer is required, I’m sure HP will build one.”

A bottle of monochrome ink is capable of printing 480 pages and the device is available in cardinal red, sea grass and electric blue colors. However, do keep in mind that HP has recently disabled third-party (cheap) cartridge support for their old and new printers. So, you’ll have to pay a handsome amount when changing printer cartridges from now on.

LinkedIn Launches its Online Learning Portal With Over 9,000 Courses

LinkedIn, the business-focused social network which Microsoft recently bought for an astounding $26 Billion, is now trying to turn over a new leaf. They have now introduced a new online-learning section with over 9,000 courses covering everything from coding and programming to writing and accounting.

Called “LinkedIn Learning”, it is built on content taken from the popular e-learning portal, Lynda. LinkedIn acquired the portal back in 2015 for $1.5 billion and is now finally making full use of their plethora of courses.

What is LinkedIn Learning?

LinkedIn Learning is an ambitious e-learning portal tailored to individuals. The subjects available include business, technology, and creative topics. The social network has also added some extra features to make the online learning system work better with their business-minded goal. Consequently, businesses looking to keep training their employees and even educational institutions exploring e-learning courses can make use of the portal.

Currently, individuals looking to start learning through LinkedIn will have to sign-up for LinkedIn’s Premium service. Once signed up, LinkedIn Premium users will get 25 new courses every week. You can also try out LinkedIn Learning for free for a whole month.

LinkedIn Learning for Business

Employers and HR managers can recommend courses for their employees and then track their performance through LinkedIn’s analytics products. The analytics tools can not only monitor employees’ progress but also look at the wider range of what is being studied as a point of reference.

The company has also said that they will soon be releasing an enterprise tier so that large companies can take subscriptions for their entire employee base.

Apart from its e-learning initiative, LinkedIn has introduced a handful of other changes. They announced an updated design for their desktop website which will come with a revamped newsfeed as well as new messaging features.

Google makes it easier to search your Files in Google Drive

Google’s cloud storage service, Google Drive, just got a big search update. The update will enable Drive to respond to search queries just like Google’s very own search engine sifts through the internet, billions of pages at a time.

Google’s search engine is a marvel of software engineering and the search giant wants its other products to perform in the same way. It has now brought over Natural Language Processing (NLP) over to Google Drive, allowing it to understand your search queries much better and present better results.

For example, you can now say things like “find my budget spreadsheet from last December” or “show me presentations from Alissa” and Drive will quickly pull them up. Previously, you were restricted to using a specific syntax or keywords in order to find your required document(s).

Moreover, Drive can also auto-correct terms in your search queries, just like Google. It’s a really small addition but an incredibly useful one and can be a big time-saver. There are also a couple of other small changes like the ability to split your document into multiple columns and auto-saving of a copy of non-Google files when editing them in Docs, Sheets, and Slides.

Google says that the features are going to be available globally and the rollout has already started