New submitter aissixtir sends word that Apple has responded to allegations that the NSA has backdoor access to iPhones. Apple said, "Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products. ... Whenever we hear about attempts to undermine Apple’s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them."
harrymcc writes "Over at TIME.com, I rounded up the year's dumbest moments in technology. Yes, the launch of Healthcare.gov is included, as are Edward Snowden's revelations. But so are a bunch of people embarrassing themselves on Twitter, both BlackBerry and Lenovo hiring celebrities to (supposedly) design products, the release of glitchy products ranging from OS X 10.9 Mavericks to the new Yahoo Mail, and much more." I can't think of anything dumber than the NSA's claims that metadata isn't data.
An anonymous reader writes "A presentation at the Chaos Communication Congress explains how X11 Server security with being 'worse than it looks.' The presenter found more than 120 bugs in a few months of security research and is not close to being done in his work. Upstream X.Org developers have begun to call most of his claims valid. The presentation by Ilja van Sprunde is available for streaming."
Nerval's Lobster writes "Lots of CEOs, entrepreneurs, and developers made headlines in 2013—but in hindsight, Edward Snowden will likely stand as this year's most influential figure in technology. In June, Snowden began feeding top-secret documents detailing the National Security Agency's surveillance programs to The Guardian and other newspapers. Much of that information, downloaded by Snowden while he served as a system administrator at an NSA outpost in Hawaii, suggested that the U.S. government swept up massive amounts of information on ordinary Americans as part of its broader operations. Whatever one's feelings on the debate over privacy and security, it's undeniable that Snowden's documents have increased general awareness of online vulnerability; but whether that's sparked an increased use of countermeasures—including encryption tools—is another matter entirely. On the developer side of things, when you consider the sheer amount of money, time, and code that'll be invested over the next few years in encryption and encryption-breaking, it's clear that Snowden's influence will be felt for quite some time to come—even if the man himself is trapped in Russian exile."
Bennett Haselton writes with four big tips for anyone blessed by the holiday buying frenzy with a new laptop; in particular, these are tips to pass on to non-techie relatives and others who are unlikely to put (say) "Install a Free operating system" at the very top of the list: Here's Bennett's advice, in short: (1) If you don't want to pay for an anti-virus program, at least install a free one. (2) Save files to a folder that is automatically mirrored to the cloud, for effortless backups. (3) Create a non-administrator guest account, in case a friend needs to borrow the computer. (4) Be aware of your computer's System Restore option as a way of fixing mysterious problems that arose recently." Read on for the expanded version; worth keeping in mind before your next friends-and-family tech support call.
Bill Dimm writes "An article on Softpedia claims that Linux distributions using NetworkManager are storing Wi-Fi passwords in plain text in /etc by default. The article recommends encrypting the full disk or removing NetworkManager and using a different tool like netctl. Some of the article comments claim the article is FUD. Is this a real problem?"
Nerval's Lobster writes "Some high-profile tech initiatives really crashed-and-burned this year. Did BlackBerry executives really think that BlackBerry 10 would spark a miraculous turnaround, or were they simply going through the motions of promoting it? That's the key question as BlackBerry 10 devices fail to sell. Then there's Facebook's misbegotten attempt at 'skinning' the Android OS with its Home app. Or maybe Healthcare.gov counts as 2013's biggest debacle, with its repeated crashes and glitches and inability to carry out core functions. What do you think was the biggest software or hardware (or both) mishap of the past twelve months?"
dcblogs writes "U.S. government contracts often require bidders to have achieved some level of Capability Maturity Model Integration (CMMI). CMMI arose some 25 years ago via the backing of the Department of Defense and the Software Engineering Institute at Carnegie Mellon University. It operated as a federally funded research and development center until a year ago, when CMMI's product responsibility was shifted to a private, profit-making LLC, the CMMI Institute. The Institute is now owned by Carnegie Mellon. Given that the CMMI Institute is now a self-supporting firm, any requirement that companies be certified by it — and spend the money needed to do so — raises a natural question. 'Why is the government mandating that you support a for-profit company?' said Henry Friedman, the CEO of IR Technologies, a company that develops logistics defense related software and uses CMMI. The value of a certification is subject to debate. To what extent does a CMMI certification determine a successful project outcome? CGI Federal, the lead contractor at Healthcare.gov, is a veritable black belt in software development. In 2012, it achieved the highest possible Capability Maturity Model Integration (CMMI) level for development certification, only the 10th company in the U.S. to do so."
littlekorea writes "A series of servers produced by Dell, air-gapped Windows XP PCs and switches and routers produced by Cisco, Huawei and Juniper count among the huge list of computing devices compromised by the NSA, according to crypto-expert and digital freedom fighter Jacob Applebaum. Revealing a trove of new NSA documents at his 30c3 address (video), Applebaum spoke about why the NSA's program might lead to broader adoption of open source tools and gave a hot tip on how to know if your machines have been owned."
An anonymous reader writes "The Huffington Post reports, 'Michael Hayden, former director of the National Security Agency, said Sunday that he used to describe leaker Edward Snowden as a "defector," ... "I think there's an English word that describes selling American secrets to another government, and I do think it's treason," Hayden said ... Some members of Congress have also ... accused him of an act of treason. Hayden said his view of Snowden has grown harsher in recent weeks after reports that Snowden is seeking asylum in Germany and Brazil in exchange for assisting their investigations into NSA programs. Hayden said the NSA is "infinitely" weaker as a result of Snowden's leaks. "This is the most serious hemorrhaging of American secrets in the history of American espionage," he said. "What Snowden is revealing ... is the plumbing," he added later. "He's revealing how we acquire this information. It will take years, if not decades, for us to return to the position that we had prior to his disclosures."' — More in the Face the Nation video and transcript, including discussion of the recent legal decisions, and segments with whistleblower Thomas Drake, Snowden legal adviser Jesselyn Radack, and Washington Post reporter Barton Gellman who recently interviewed Snowden."
An anonymous reader writes in with this story about a hacker that took over a BBC server during the Christmas holiday. "A hacker secretly took over a computer server at the BBC, Britain's public broadcaster, and then launched a Christmas Day campaign to convince other cyber criminals to pay him for access to the system. While it is not known if the hacker found any buyers, the BBC's security team responded to the issue on Saturday and believes it has secured the site, according to a person familiar with the cleanup effort. A BBC spokesman declined to discuss the incident. 'We do not comment on security issues,' he said."
theodp writes "Perhaps people are reading too much into Apple CEO Tim Cook's 'Big Plans' for 2014, but hopes are high that the New Year will bring a biggie-sized iPad. Over at Forbes, Anthony Wing Kosner asks, Will The Large Screen iPad Pro Be Apple's First In A Line Of Desktop Touch Devices?. 'Rumors of a large [12.9"] iPad are many and constant,' notes ComputerWorld's Mike Elgan, 'but they make sense only if the tablet is a desktop for schools.' Elgan adds, 'Lots of schools are buying iPads for kids to use. But iPads don't make a lot of sense for education. For starters, their screens are too small for the kinds of interactive textbooks and apps that Apple wants the education market to create. They're also too small for collaborative work. iPads run mobile browsers, rather than full browsers, so kids can't use the full range of HTML5 sites.' Saying that 'Microsoft has fumbled the [post-PC] transition badly,' Elgan argues that 'the battle for the future of education is likely to be between whatever Google turns the Chromebook into against whatever Apple turns the iPad into.'"
CowboyRobot writes "Andrew Koenig at Dr. Dobb's argues that by looking at a program's structure — as opposed to only looking at output — we can sometimes predict circumstances in which it is particularly likely to fail. 'For example, any time a program decides to use one or two (or more) algorithms depending on an aspect of its input such as size, we should verify that it works properly as close as possible to the decision boundary on both sides. I've seen quite a few programs that impose arbitrary length limits on, say, the size of an input line or the length of a name. I've also seen far too many such programs that fail when they are presented with input that fits the limit exactly, or is one greater (or less) than the limit. If you know by inspecting the code what those limits are, it is much easier to test for cases near the limits.'"
McGruber writes "Seven metro Atlanta residents are facing theft, fraud, and racketeering charges for allegedly selling counterfeit MARTA Breeze cards. Breeze cards are stored-value smart cards that passengers use as part of an automated fare collection system which the Metropolitan Atlanta Rapid Transit Authority introduced to the general public in October 2006. Breeze cards are supplied by Cubic Transportation Systems, an American company that provides automated fare collection equipment and services to the mass transit industry. At the time of this slashdot submission, the Wikipedia page for the Breeze Card (last modified on 2 August 2013 at 14:52) says: 'The Breeze Card uses the MIFARE smart-card system from Dutch company NXP Semiconductors, a spin-off from Philips. The disposable, single-use, cards are using on the MIFARE Ultralight while the multiple-use plastic cards are the MIFARE Classic cards. There have been many concerns about the security of the system, mainly caused by the poor encryption method used for the cards.'"
beaverdownunder writes with an extract from The Guardian, based on a security diclosure from Gibson Security: "Snapchat users' phone numbers may be exposed to hackers due to an unresolved security vulnerability, according to a new report released by a group of Australian hackers. Snapchat is a social media program that allows users to send pictures to each other that disappear within 10 seconds. Users can create profiles with detailed personal information and add friends that can view the photos a user shares. But Gibson Security, a group of anonymous hackers from Australia, has published a new report with detailed coding that they say shows how a vulnerability can be exploited to reveal phone numbers of users, as well as their privacy settings." Snapchat downplays the significance of the hole.