Trailrunner7 writes in with a story about a iOS security guide released by Apple. "Apple has released a detailed security guide for its iOS operating system, an unprecedented move for a company known for not discussing the technical details of its products, let alone the security architecture. The document lays out the system architecture, data protection capabilities and network security features in iOS, most of which had been known before but hadn't been publicly discussed by Apple. The iOS Security guide (PDF), released within the last week, represents Apple's first real public documentation of the security architecture and feature set in iOS, the operating system that runs on iPhones, iPads and iPod Touch devices. Security researchers have been doing their best to reverse engineer the operating system for several years and much of what's in the new Apple guide has been discussed in presentations and talks by researchers. 'Apple doesn't really talk about their security mechanisms in detail. When they introduced ASLR, they didn't tell anybody. They didn't ever explain how codesigning worked,' security researcher Charlie Miller said."

An anonymous reader writes with this story at Ars Technica: "Three self-taught hackers from the DC949 hacker collective managed to use a combination of techniques to beat ReCaptcha with 99.1% accuracy (better than most humans!)" In short, the hackers skipped the visual part of the Recaptcha system entirely, focusing on the audio alternative, which gave them a few convenient angles of attack. Google responded with changes to the system, but that doesn't minimize their accomplishment.

An anonymous reader writes "I'm in charge of getting some phones for my company to give to our mobile reps. Security is a major consideration for us, so I'm looking for the most secure off-the-shelf solution for this. I'd like to encrypt all data on the phone and use encryption for texting and phone calls. There are a number of apps in the android market that claim to do this, but how can I trust them? For example, I tested one, but it requires a lot of permissions such as internet access; how do I know it is not actually some kind of backdoor? I know that Boeing is producing a secure phone, which is no doubt good — but probably too expensive for us. I was thinking of maybe installing Cyanogenmod onto something, using a permissions management app to try and lock down some backdoors and searching out a trustworthy text and phone encryption app. Any good ideas out there?"

First time accepted submitter dintech writes "The Wall Street Journal reports that while Sony considered online-only content distribution for its next-generation Playstation, the manufacturer has decided that the new console will include an optical drive after all. Microsoft is also planning to include an optical disk drive in the successor to its Xbox 360 console as the software company had concerns about access to Internet bandwidth."

Gunkerty Jeb writes "Two financial industry groups, the American Bankers Association (ABA) and the Financial Services Roundtable, announced on Thursday that they have applied to the Internet Corporation for Assigned Names and Numbers (ICANN) to operate two top level Internet domains, .bank and .insurance, on behalf of the financial services industry. In a published statement, the groups said that they had applied for .bank and .insurance to 'provide the highest security for the millions of customers conducting banking and insurance activities online.' The move comes as the U.S. Congress is set to begin hearings on e-banking fraud on Friday."

wiredmikey writes "Simurgh, a privacy tool used in Iran and Syria to bypass Internet censorship and governmental monitoring, is being circulated with a backdoor. The compromised version has been offered on P2P networks and via web searches. Research conducted by CitizenLab.org has shown that the malicious version isn't available from the original software source, only through third-party access, so it appears that Simurgh has been repackaged. The troubling aspect of the malicious version is that while it does install the proxy as expected, it then adds a keylogging component, and ships the recorded information off to a server hosted in the U.S. and registered to a person in Saudi Arabia. In response to this attack, the team that develops Simurgh has instituted a check that will warn the user if they are running a compromised version of the software. At present, it is unknown who developed the hijacked version of Simurgh, or why they did so."

judgecorp writes "The up-market London borough of Kensington and Chelsea has lost its chance for BT fast fibre. After residents objected to the ugly fibre cabinets, and the council repeatedly refused permission to install them in historic sites, BT has said the borough will not get its fast BT Infinity product at all. The borough says it doesn't need BT, as Richard Branson's Virgin Media has got it more or less covered."

An anonymous reader writes with this excerpt from NetSecurity.org: "A Chinese computer programmer that was charged with stealing the source code of software developed by the U.S. Treasury Department pleaded guilty to the charge on Tuesday. The 33-year-old Bo Zhang, legally employed by a U.S. consulting firm contracted by the Federal Reserve Bank of New York, admitted that he took advantage of the access he had to the Government-wide Accounting and Reporting Program (GWA) in order to copy the code onto an external hard disk and take it home." Just such things make me think that the default setting for software created with public money should be released with source code anyhow, barring context-specific reasons that it shouldn't be.

Mark.JUK writes "It's enough to make grown IT workers cry. German cable operator Kabel Deutschland claims to have become the first provider to successfully achieve a real-world internet connection speed of 4700Mbps (Megabits per second) after they hooked up to a local school's test account in the city of Schwerin. The ISP, which usually delivers more modest speeds of up to 100Mbps to home subscribers, used its upgraded 862MHz network, channel bonding, and the EuroDocsis 3.0 standard to achieve the stated performance. But don't expect to get this kind of speed tomorrow; right now there's no demand for it among home users, and you probably couldn't afford the bandwidth anyway." ("No demand at its current price," at least.)

An anonymous reader writes "Tech industry experts are saying that desktop support jobs will be declining sharply thanks to cloud computing. Why is this happening? A large majority of companies and government agencies will rely on the cloud for more than half of their IT services by 2020, according to Gartner's 2011 CIO Agenda Survey."

benfrog writes "ISPs and financial-services companies would share data about computers made into botnets under a pilot program announced today by the Obama administration. From the article: 'The voluntary principles announced today include coordinating across sectors and confronting the problem globally. They were developed by the Industry Botnet Group, comprising trade groups including the Business Software Alliance and TechAmerica.' The White House is also backing a bill proposed by Joe Lieberman that would put the Department of Homeland Security in charge of cybersecurity of vital systems such as power grids and transportation networks."

coondoggie writes "Forty-nine percent of U.S. companies are having a hard time filling what workforce management firm ManpowerGroup calls mission-critical positions within their organizations. IT staff, engineers and 'skilled trades' are among the toughest spots to fill. The group surveyed some 1,300 employers and noted that U.S. companies are struggling to find talent, despite continued high unemployment, over their global counterparts, where 34% of employers worldwide are having difficulty filling positions."

ekimd writes "Fedora 17 aka "Beefy Miracle" is released. Some of the major features include: ext4 with >16TB filesystems, dynamic firewall configuration, automatic multi-seat, and more. Major software updates include Gnome 3.4, GIMP 2.8, and GCC 4.7. The full feature list can be found here. Personally, I still find Gnome 3 to be an 'unholy mess' so I'm loving XFCE with Openbox."

An anonymous reader writes "Wired is reporting on a massive, highly sophisticated piece of malware has been newly found infecting systems in Iran and elsewhere and is believed to be part of a well-coordinated, ongoing, state-run cyberespionage operation. Kaspersky Lab, the company that discovered the malware, has a FAQ with more details."

Hugh Pickens writes "Information Age reports that the Cambridge University researchers have discovered that a microprocessor used by the US military but made in China contains secret remote access capability, a secret 'backdoor' that means it can be shut off or reprogrammed without the user knowing. The 'bug' is in the actual chip itself, rather than the firmware installed on the devices that use it. This means there is no way to fix it than to replace the chip altogether. 'The discovery of a backdoor in a military grade chip raises some serious questions about hardware assurance in the semiconductor industry,' writes Cambridge University researcher Sergei Skorobogatov. 'It also raises some searching questions about the integrity of manufacturers making claims about [the] security of their products without independent testing.' The unnamed chip, which the researchers claim is widely used in military and industrial applications, is 'wide open to intellectual property theft, fraud and reverse engineering of the design to allow the introduction of a backdoor or Trojan', Does this mean that the Chinese have control of our military information infrastructure asks Rupert Goodwins? 'No: it means that one particular chip has an undocumented feature. An unfortunate feature, to be sure, to find in a secure system — but secret ways in have been built into security systems for as long as such systems have existed.'" Even though this story has been blowing-up on Twitter, there are a few caveats. The backdoor doesn't seem to have been confirmed by anyone else, Skorobogatov is a little short on details, and he is trying to sell the scanning technology used to uncover the vulnerability.

CIStud writes "The IT industry is hurting for women. Currently only 11% of IT companies are owned by women. The Women-Owned Small Business (WOSB) Federal Contract program requires 5% of all IT jobs to go to female-owned integration companies, but there must be at least 2 female bidders. There are so few female bidders that women-owned IT firms are ineligible for the contracts. From the article: 'Wendy Frank, founder of Accell Security Inc. in Birdsboro, Pa., wishes she had more competitors. It's not often you hear any integrator say that, but in Frank's case, she has good reason. The current Women-Owned Small Business (WOSB) Federal Contract program authorizes five percent of Federal prime and subcontracts to be set aside for WOSBs. While that might sound fair on the surface, in order to invoke the money set aside for this program, the contracting officer at an agency has to have a reasonable expectation that two or more WOSBs will submit offers for the job. “We could not participate in the government’s Women-Owned Small Business program unless there was another female competitor,” says Frank. “Procurement officers required that at least two women-owned small businesses compete for the contracts, even in the IT field, where women-owned businesses are underrepresented.”'"

mikejuk writes "Following the successful defense of the Internet against SOPA, website owners are being invited to sign up to a project that will enable them to participate in future protest campaign, the Internet Defense League. The banner logo for the 'bat-signal' site is a cat, a reference to Ethan Zuckerman's cute cat theory of digital activism. The idea is that sites would respond to the call to "defend the Internet" by joining a group blackout or getting users to sign petitions. From the article: 'Website owners can sign up on the IDL website to add a bit of code to their sites (or receive code by email at the time of a campaign) that can be triggered in the case of a crisis like SOPA. This would add an "activist call-to-action" to all participating sites - such as a banner asking users to sign petitions, or in extreme cases blackout the site, as proved effective in the SOPA/PIPA protest of January 2012.'"

An anonymous reader writes "A fortnight ago the Bitcoin financial website Bitcoinica was hacked and the hacker stole $87,000 worth of Bitcoins. At the time the owner promised that all users would have their Bitcoins and US dollars returned in full, but one of the site developers has just confirmed that they have no database backups and are having difficulty figuring out what everyone's account balance should actually be. A failure of epic proportions for a site holding such large amounts of money."

scibri writes "The iris scanners that are used to police immigration in some countries, like the UK, are based on the premise that your irises don't change over your lifetime. But it seems that assumption is wrong. Researchers from the University of Notre Dame have found that irises do indeed change over time, enough so that the failure rate jumps by 153% over three years. While that means a rise from just 1 in 2 million to 2.5 in two million, imagine how that will affect a system like India's — which already has 200 million people enrolled — over 10 years."

New submitter wirelessduck writes "After some recent complaints from a Labor MP about price markups on software and technology devices in Australia, Federal Government agencies decided to look in to the matter and an official parliamentary inquiry into the issue was started. 'The Federal Parliament's inquiry into local price markups on technology goods and services has gotten under way, with the committee overseeing the initiative issuing its terms of reference and calling for submissions from the general public on the issue.'"