Ostensibly dropped by the Metasploit Project to disambiguate supported product responsibility, both are still availble and under active development for inclusion in customized environments for your penetration testing efforts. Notwitstanding the lack of a default install [through the Kali Linux install routines] the Kali Linux team has included an Armitage package [apt-get install armitage] in the repository.
News, via the inimitable Brian Krebs, detailing the astonishing malfeasance displayed by Google Inc. (NasdaqGS: GOOG) in policing the Google Play storefornt. Essentially, Krebs On Security reports discovering a thriving marketplace in the buying and selling of verified developer accounts by Android malware authors. Thinking about moving to the Android platform? Think again. Read it and weep.
'The investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts, and encrypted passwords.' - Evernote' Operations & Security Team
"explore some specifics of the digital information revolution, notably theory and practice in securing, authenticating and maintaining the integrity of information (Cerf); and roots of modern cryptography and current topics in this area (Rivest and Shamir)..." - ACM
Meanwhile, in flawed intelligence analysis news (now promoted by elected officials) the latest 'Iranian State Sponsored Financial Institution Attacks' attribution statements lack both clarity and firm evidential artifacts. Kudos to InformationWeek's' Mathew J. Schwartz for making the appalling flaws clear.
Notwithstanding the reported lack of evidence, the reality of the overt linkage between and betwixt the Iranian national defense infrastructure (e.g., the IRIA, Gendarmerie, IRGC, Oghab 2, Quds Force, and the Army of the Guardians of the Islamic Revolution, etc.) and external-to-the-government hacker collectives is is just that - overt, rather than covert.
The smoking gun, as it were, will likely target those Iranian nationals [rather than the theocratic State]; but again, predicated on conjecture, rather than evidentiary proof.
Whilst a multitude of electronic acts of warfare can be sourced to the Islamic Republic of Iran or the nations-states' thralls, the current activities cannot yet be attributed with finality of judgment. The key concept here is evidence leading to a reasoned and prudent understanding of attribution within the scope of information security and electronic warfare realms, specifically focused on the attacks under scrutiny.
Those pesky developers...
Insightful article, via The Atlanic's Dr. Patrick Lin [The Good Doctor is the director of the Ethics + Emerging Sciences Group, at California Polytechnic State University, San Luis Obispo] , targeting the Cyber Intelligence Sharing and Protection Act (CISPA). Dr. Lin's screed is far more erudite than any comment I could make, as such, I highly recommend detailed scrutiny of his post. Today's MustRead.
via Ivan Ristić, author of ModSecurity, and Apache Security, and one of the great minds in information security today, comes news of The Trustworty Internet Movement SSL Pulse. SSL Pulse, is essentially, a information dashboard provisioning significant data relevant to the current state of the SSL ecosystem, if you will. Absolutely Outstanding.