An anonymous reader writes "Last week Russian developer Alexey Borodin hacked Apple's In-App Purchase program for all devices running iOS 3.0 or later, allowing iPhone, iPad, and iPod touch users to circumvent the payment process and essentially steal in-app content. Apple [Friday] announced a temporary fix and that it would patch the holes with the release of iOS 6. While Cupertino was distracted, Borodin came in and pulled off the same scheme on the Mac."

dell623 writes "Google has begun updating the Google Nexus S, which was released in December 2010 to Android 4.1 Jelly Bean. The update comes with all the new features of JB, including Google Now. The update makes the almost two year old phone smooth and in many ways superior to newer, more expensive Android devices that are unlikely to even be updated to Android 4.0. The update is impressive, but also exposes the problems of Android fragmentation and the failure of other Android device manufacturers to develop better software than Google, or issue timely updates."

MojoKid writes "When USB debuted in 1999, it offered maximum throughput of 12Mb/s. Today, USB 3.0 offers 4.8Gb/s. Interestingly, modern USB 3 controllers use the same Bulk-Only Transport (BOT) protocol that first debuted in 1999. Before the advent of USB 3, relying on BOT made sense. Since hard drives were significantly faster than the USB 2 bus itself, the HDD was always going to be waiting on the host controller. USB 3 changed that. With 4.8Gbits/s of throughput (600MB/s), only the highest-end hardware is capable of saturating the bus. That's exposed some of BOT's weaknesses. UASP, or the USB Attached SCSI Protocol, is designed to fix these limitations, and bring USB 3 fully into the 21st century. It does this by implementing queue functions, reducing command latency, and allowing the device to transfer commands and data independently from each other. Asus is the first manufacturer to have implemented UASP in current generation motherboards and the benchmarks show transfer speeds can be improved significantly."

schliz writes "A group of Australian network engineers is planning to launch a not-for-profit internet service provider that will provide access to the nation's high-speed NBN fibre network for like-minded people. The cooperative, dubbed 'No ISP,' has no staff or add-on services to keep costs down. Members will be able to 'trade' excess download quota for a market-based price, depending on supply and demand."

Nerval's Lobster writes with news that U.S. federal agencies are falling behind in their efforts to consolidate government data centers. Current plans call for a savings of $2.4 billion and the closing of over a thousand data centers, but 17 of 24 agencies still haven't provided details on their IT infrastructure and usage. A new report from the Government Accountability Office highlights the problems with this consolidation effort. "Data centers represent a significant cost to the federal government. Electricity to operate federal servers and data centers costs around $450 million a year, according to an EPA estimate cited in the report. Moreover, federal agencies reported limited reuse of data centers, along with server utilization rates dipping as low as 5 percent. The GAO report features agencies claiming several challenges on the way to data-center consolidation. These included accepting cultural change as part of the consolidation; funding the consolidation and identifying the resulting cost savings; operational challenges including procurement and resource constraints; and difficulties in planning a migration strategy."

pigrabbitbear writes "It's hard to imagine what cyberwarfare actually looks like. Is it like regular warfare, where two sides armed with arsenals of deadly weapons open fire on each other and hope for total destruction? What do they fire instead of bullets? Packets of information? Do people die? Or is it not violent at all — just a bunch of geeks in uniforms playing tricks on each other with sneaky code? Barack Obama would like to clear up this question, thank you very much. In an op-ed published in the Wall Street Journal the president voiced his support for the Cybersecurity Act of 2012 now being considered by the Senate with the help of a truly frightening hypothetical: 'Across the country trains had derailed, including one carrying industrial chemicals that exploded into a toxic cloud,' Obama wrote, describing a nightmare scenario of a cyber attack. 'Water treatment plants in several states had shut down, contaminating drinking water and causing Americans to fall ill.' All because of hackers!"

An anonymous reader writes "Elections Ontario, an agency tasked with the organization and conduct of general elections and by-elections in Canada's Ontario region, is warning voters about the loss and potential theft of two USB sticks containing private information of 2.4 million voters from approximately 20–25 electoral districts. The information at issue is limited to full name, gender, birth date, address, whether or not an elector voted in the last provincial election and any other personal information updates provided by voters to Elections Ontario during that time, as well as administrative codes used solely for election purposes. The information does not include how an individual voted."

sunbird writes "The Electronic Frontier Foundation filed a lawsuit in the United States District Court in San Francisco on behalf of an anonymous petitioner seeking to challenge a National Security Letter (NSL) the petitioner had received. NSLs are issued by law enforcement with neither judicial oversight nor probable cause, and have been discussed on Slashdot before. In response to the lawsuit, the U.S. Department of Justice filed a separate lawsuit against the individual who had received the NSL, requesting that the court order the recipient to comply with the NSL and asking the court to find that the 'failure to comply with a lawfully issued National Security Letter interferes with the United States' vindication of its sovereign interests in law enforcement, counterintelligence, and protecting national security.' Both cases are filed under seal, but heavily-redacted filings are available. The cases remain pending."

MrSeb writes "A cross-disciplinary team of US neuroscientists and cryptographers have developed a password/passkey system that removes the weakest link in any security system: the human user. It's ingenious: The system still requires that you enter a password, but at no point do you actually remember the password, meaning it can't be written down and it can't be obtained via coercion or torture — i.e. rubber-hose cryptanalysis. The system, devised by Hristo Bojinov of Stanford University and friends from Northwestern and SRI, relies on implicit learning, a process by which you absorb new information — but you're completely unaware that you've actually learned anything; a bit like learning to ride a bike. The process of learning the password (or cryptographic key) involves the use of a specially crafted computer game that, funnily enough, resembles Guitar Hero. Their experimental results suggest that, after a 45 minute learning session, the 30-letter password is firmly implanted in your subconscious brain. Authentication requires that you play a round of the game — but this time, your 30-letter sequence is interspersed with other random 30-letter sequences. To pass authentication, you must reliably perform better on your sequence. Even after two weeks, it seems you are still able to recall this sequence."

AbrasiveCat writes "In an update to an earlier Slashdot story, the Portland Oregon man who was arrested after stripping naked at a TSA checkpoint at Portland Airport was acquitted of indecent exposure charges. He successfully argued that he was protesting TSA actions, and his actions were protected speech under the Oregon Constitution."

judgecorp writes "The Grum botnet has been finally put out of action by a co-ordinated international effort. After Dutch servers were taken out, the remaining C&C servers in Russia and Panama were removed, with help from ISPs and their upstream providers."

hypnosec writes "The newly unveiled productivity suite from Microsoft, Office 2013, won't be running on older operating systems like Windows XP and Vista it has been revealed. Office 2013 is said to be only compatible with PCs, laptops or tablets that are running on the latest version of Windows i.e. either Windows 7 or not yet released Windows 8. According to a systems requirements page for Microsoft for Office 2013 customer preview, the Office 2010 successor is only compatible with Windows 7, Windows 8, Windows Server 2008 R2 or Windows Server 2012. This was confirmed by a Microsoft spokesperson. Further the minimum requirements states that systems need to be equipped with at least a 1 GHz processor and should have 1 GB of RAM for 32-bit systems or 2 GB for 64-bit hardware. The minimum storage space that should be available is 3 GB along with a DirectX 10-compatible graphics card for users wanting hardware acceleration."

hal9000(jr) writes "While IPv6 day was a successful marketing campaign, is anyone really moving to IPv6? On World Launch Day, Arbor Networks noted a peak of only .2% of IPv6 network traffic. It appears that IPv4 addresses are still valuable and are driving hosting acquisitions. Windows 8 will actually prefer IPv6 over IPv4. If you want IPv6, here's what to do about it."

ananyo writes "The Norfolk Constabulary has closed its investigation into the November 2009 release of private emails between researchers at the Climatic Research Centre at the University of East Anglia in Norwich after failing to identify those responsible. Despite not being able to prosecute any offenders, the police have confirmed that the data breach 'was the result of a sophisticated and carefully orchestrated attack on the CRU's data files, carried out remotely via the internet.' The investigation has also cleared anyone working at or associated with UEA from involvement in the crime. The hacking resulted in the release of more than 1,000 emails and shook the public's trust in climate science, though independent investigations after the breach cleared the scientists of wrongdoing."

An anonymous reader writes "In a bizarre turn of events, the Senate would prefer that the DoD use software not written by the government for the government. Quoting: 'Like Google, the agency needed a way of storing and retrieving massive amounts of data across an army of servers, but it also needed extra tools for protecting all that data from prying eyes. They added 'cell level' software controls that could separate various classifications of data, ensuring that each user could only access the information they were authorized to access. It was a key part of the NSA’s effort to improve the security of its own networks. But the NSA also saw the database as something that could improve security across the federal government — and beyond. Last September, the agency open sourced its Google mimic, releasing the code as the Accumulo project. It's a common open source story — except that the Senate Armed Services Committee wants to put the brakes on the project. In a bill recently introduced on Capitol Hill, the committee questions whether Accumulo runs afoul of a government policy that prevents federal agencies from building their own software when they have access to commercial alternatives. The bill could ban the Department of Defense from using the NSA's database — and it could force the NSA to meld the project's security tools with other open source projects that mimic Google's BigTable.'"