judgecorp writes "Security researchers say that iPhone and other Apple devices are vulnerable to an old attack, using a fake Wi-Fi access point. Attackers can use an SSID which matches one that is stored on the iPhone (say "BTWiF"), which the iPhone will connect to automatically. Other devices are protected thanks to the use of HTTPS, which enforces HTTPS, but iPhones are susceptible to this man in the middle attack, researchers say."
Want business-intelligence news delivered to your inbox? Signup for SlashBI Update now.
itwbennett writes "You can make a decent living as a software developer, and if you were lucky enough to get hired at a pre-IPO tech phenom, you can even get rich at it. But set your sights above the average and below Scrooge McDuck and you won't find many developers in that salary range. In fact, the number of developers earning $200,000 and above is under 10%, writes blogger Phil Johnson who looked at salary data from Glassdoor, Salary.com and the Bureau of Labor Statistics. How does your salary rate? What's your advice for earning the big bucks?"
An anonymous reader writes "After 25 years of doing IT (started as a PC technician and stayed on technical of IT work through out my career) I've been moved to a position of doing only on call work (but paid as if it is a normal 9-5 job). This leaves me with a lot of free time... As someone who's used to working 12+ hours a day + the odd night/weekend on call, I'm scared I'll lose my mind with all the new free time I'll have. Any suggestions (beyond develop hobbies, spend time with family) on how to deal with all the new free time?"
Trailrunner7 writes "A group of eight senators from both parties have introduced a new bill that would require the attorney general to declassify as many of the rulings of the secret Foreign Intelligence Surveillance Court as possible as a way of bringing into the sunlight much of the law and opinion that guides the government's surveillance efforts. Under the terms of the proposed law, the Justice Department would be required to declassify major FISC opinions as a way to give Americans a view into how the federal government is using the Foreign Intelligence Surveillance Act and Patriot Act. If the attorney general determines that a specific ruling can't be declassified without endangering national security, he can declassify a summary of it. If even that isn't possible, then the AG would need to explain specifically why the opinion needs to be kept secret."
Nerval's Lobster writes "Flash storage is more common on mobile devices than data-center hardware, but that could soon change. The industry has seen increasing sales of solid-state drives (SSDs) as a replacement for traditional hard drives, according to IHS iSuppli Research. Nearly all of these have been sold for ultrabooks, laptops and other mobile devices that can benefit from a combination of low energy use and high-powered performance. Despite that, businesses have lagged the consumer market in adoption of SSDs, largely due to the format's comparatively small size, high cost and the concerns of datacenter managers about long-term stability and comparatively high failure rates. But that's changing quickly, according to market researchers IDC and Gartner: Datacenter- and enterprise-storage managers are buying SSDs in greater numbers for both server-attached storage and mainstream storage infrastructure, according to studies both research firms published in April. That doesn't mean SSDs will oust hard drives and replace them directly in existing systems, but it does raise a question: are SSDs mature enough (and cheap enough) to support business-sized workloads? Or are they still best suited for laptops and mobile devices?"
dinscott writes "If you think of cyberspace as a resource for you and your organization, it makes sense to protect your part of it as best you can. You build your defenses and train employees to recognize attacks, and you accept the fact that your government is the one that will pursue and prosecute those who try to hack you. But the challenge arises when you (possibly rightfully so) perceive that your government is not able do so, and you demand to be allowed to 'hack back.'"
Nerval's Lobster writes "If those newspaper reports are accurate, the NSA's surveillance programs are enormous and sophisticated, and rely on the latest in analytics software. In the face of that, is there any way to keep your communications truly private? Or should you resign yourself to saying or typing, 'Hi, NSA!' every time you make a phone call or send an email? Fortunately there are ways to gain a measure of security: HTTPS, Tor, SCP, SFTP, and the vendors who build software on top of those protocols. But those host-proof solutions offer security in exchange for some measure of inconvenience. If you lose your access credentials, you're likely toast: few highly secure services include a 'Forgot Your Password?' link, which can be easily engineered to reset a password and username without the account owner's knowledge. And while 'big' providers like Google provide some degree of encryption, they may give up user data in response to a court order. Also, all the privacy software in the world also can't prevent the NSA (or other entities) from capturing metadata and other information. What do you think is the best way to keep your data locked down? Or do you think it's all a lost cause?"
An anonymous reader writes "Apple has always been extremely anti jailbreaking, but it might now have a good reason to plug up the exploits. As Hardware 2.0 argues, Apple's new iOS 7 Activation Lock anti-theft mechanism which renders stolen handsets useless (even after wiping) unless the owner's Apple ID is entered relies on having a secure, locked-down OS. Are the days of jailbreaking iOS coming to a close?" I can see a whole new variety of phone-based ransom-ware based on this capability, too.
MojoKid writes with more detailed information on the new hardware Apple announced earlier today at WWDC "On the hardware side, Apple is updating its two MacBook Air devices; both the 11-inch and 13-inch versions will enjoy better battery life (up to 9 hours and 12 hours, respectively), thanks in no small part to having Intel's new Haswell processors inside. They'll also have 802.11ac WiFi on board. Both models have 1.3GHz Intel Core i5 or i7 (Haswell) processors, Intel HD Graphics 5000, 4GB of RAM, and has 128GB or 256GB of flash storage. Arguably the scene stealer on the desktop side of things is a completely redesigned Mac Pro. The 9.9-inch tall cylindrical computer boasts a new 'unified thermal core' which is designed to conduct heat away from the CPU and GPU while distributing it uniformly and using a single bottom-mounted intake fan. It rocks a 12-core Intel Xeon processor, dual AMD FirePro GPUs (standard), 1866MHz DDR3 ECC memory (60GBps), and PCIe flash storage with up to 1.25GBps read speeds. The system promises 7 teraflops of graphics performance, supports 4k displays, and has a host of ports including four USB 3.0, two gigabit Ethernet ports, HDMI 1.4, six Thunderbolt 2 ports that offer super-fast (20Gbps) external connectivity."
chicksdaddy writes "When reports surfaced about 'BadNews,' a new family of mobile malware that affected Google Android devices the news sounded — well — bad. BadNews was described by Lookout Mobile Security as a new kind of mobile malware for the Android platform-one that harness mobile ad networks to push out malicious links, harvest information on compromised devices and more. Now, six weeks later, a senior member of Google's Android security team claims that BadNews wasn't really all that bad, after all. Speaking at an event in Washington D.C. sponsored by the Federal Trade Commission, Google employee and Android team member Adrian Ludwig threw cold water on reports linking BadNews to sites that installed malicious programs. The search giant, he said, had not found any evidence linking BadNews to so-called SMS 'toll fraud' malware."
mvar writes "According to Kotaku, a hacker named SuperDaeE who breached multiple gaming companies (Valve, Sony, MS to name a few) has released a 1.7TB treasure trove file for download. The file which contains source code for older titles plus development kits for the PS4 and Xbox One consoles, is encrypted and SuperDaeE claims that it is his insurance in case he gets arrested."
sweetpea86 writes "Cisco has teamed up with robotics firm iRobot to create their own enterprise version of the 'Sheldonbot' from US comedy series The Big Bang Theory. The robot, known as Ava 500, brings together iRobot's autonomous navigation with Cisco's TelePresence system to enable a remote worker sitting in front of a video collaboration system to meet with colleagues in an office setting or take part in a facility tour."
Taco Cowboy writes "Edward Snowden, the leaker who gave us the evidence of US government spying on its people is under threat of being extradited back to the U.S. to face prosecution. Some people in Congress, including Republican Peter King (R-NY), are calling for his extradition from Hong Kong to face trial. From the article: 'A spokesman for the director of national intelligence, James Clapper, said Snowden's case had been referred to the justice department and US intelligence was assessing the damage caused by the disclosures. "Any person who has a security clearance knows that he or she has an obligation to protect classified information and abide by the law," the spokesman, Shawn Turner, said.'"
An anonymous reader writes "I have been asked by a medium-sized business to help them come to grips with why their IT group is ineffective, loathed by all other departments, and runs at roughly twice the budget of what the CFO has deemed appropriate for the company's size and industry. After just a little scratching, it has become quite clear that the 'head of IT' has no modern technological skills, and has been parroting what his subordinates have told him without question. (This has led to countless projects that are overly complex, don't function as needed, and are incredibly expensive.) How can one objectively illustrate that a person doesn't have the knowledge sufficient to run a department? The head of IT doesn't necessarily need to know how to write code, so a coding test serves no purpose, but should be able to run a project. Are there objective methods for assessing this ability?"
Bruce66423 writes "The government minister in charge of GCHQ, the UK's equivalent of the NSA, has used those immortal words, 'Only terrorists, criminals and spies should fear secret activities of the British and US intelligence agencies.' From the article: '...In an interview on the BBC’s Andrew Marr Show on Sunday, Mr Hague refused to say whether the British government knew of the existence of Prism before it emerged last week. “I can’t confirm or deny in public what Britain knows about and what Britain doesn’t, for obvious reasons,” he said. However, he implied that the revelations had not taken him by surprise.'" While many are concerned about the reach of PRISM overseas, the Finnish Foreign Minister says he plans to continue using Outlook for email.
An anonymous reader writes "The individual responsible for one of the most significant leaks in US political history is Edward Snowden, a 29-year-old former technical assistant for the CIA and current employee of the defense contractor Booz Allen Hamilton. Snowden has been working at the National Security Agency for the last four years as an employee of various outside contractors, including Booz Allen and Dell. The Guardian, after several days of interviews, is revealing his identity at his request. From the moment he decided to disclose numerous top-secret documents to the public, he was determined not to opt for the protection of anonymity. 'I have no intention of hiding who I am because I know I have done nothing wrong,' he said."
An anonymous reader writes "The Register carries the funniest, most topical IT story of the year: 'Facebook's first data center ran into problems of a distinctly ironic nature when a literal cloud formed in the IT room and started to rain on servers. Though Facebook has previously hinted at this via references to a 'humidity event' within its first data center in Prineville, Oregon, the social network's infrastructure king Jay Parikh told The Reg on Thursday that, for a few minutes in Summer, 2011, Facebook's data center contained two clouds: one powered the social network, the other poured water on it.'"
Five years ago today, reader J.J. Ramsey asked what's keeping you off Windows (itself a followup to this question about the opposite situation). With five years of development time gone by for Windows as well as all the alternative OSes, where does Windows stand for you today? (Is it the year of Linux on the Desktop yet?)
An anonymous reader writes "We operate a wide area network that has a large amount of fiber optics, and provides service to our various departments in locations across the state. The network is reasonably complex, with splices, patches, and the general type of ad-hoc build that makes knowing where things go difficult. I'd like to implement some type of software to record where the fiber cables run, what pit number they are jointed in, which fiber is spliced to which, and what internal customer is using which fiber path through the system. Knowing what fibers are free for use is also a requirement, and I'd love to record details of what equipment was put in where, for asset and warranty tracking. Extra points if I can give Engineering access to help them design things better!"
New submitter Noel Trout writes "For a long time in the Java world, there has been a free tool called the 'tzupdater' or Time Zone Updater released as a free download first by Sun and then Oracle. This tool can be used to apply a patch to the Java runtime so that time zone information is correct. This is necessary since some time zones in the world are not static and change more frequently than one might think; in general time zone updates can be released maybe 4-6 times a year. The source information backing the Java timezone API comes from the open source Olson timezone database that is also used by many operating systems. For certain types of applications, you can understand that these updates are mission critical. For example, my company operates in the private aviation sector so we need to be able to display the correct local time at airports around the world. So, the interesting part is that Oracle has now decided to only release these updates if you have a Java SE support contract. Being Oracle, such licenses are far from cheap. In my opinion, this is a pretty serious change in stance for Oracle and amounts to killing free Java for certain types of applications, at least if you care about accuracy. We are talking about the core API class java.util.TimeZone. This begs the question, can you call an API free if you have to pay for it to return accurate information? What is the point of such an API? Should the community not expect that core Java classes are fully functional and accurate? I believe it is also a pretty bad move for Java adoption for these types of applications. If my company as a startup 10 years ago would have been presented with such a license fee, we almost certainly could not have chosen Java as our platform as we could not afford it."