Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Iphone

Apple Denies Helping NSA Subvert iPhone 284

Posted by Soulskill
from the at-least-we-have-a-falsifiable-hypothesis dept.
New submitter aissixtir sends word that Apple has responded to allegations that the NSA has backdoor access to iPhones. Apple said, "Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products. ... Whenever we hear about attempts to undermine Apple’s industry-leading security, we thoroughly investigate and take appropriate steps to protect our customers. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them."
Bug

The Year's Dumbest Moments in Tech 96

Posted by timothy
from the you-mean-outside-my-house-right? dept.
harrymcc writes "Over at TIME.com, I rounded up the year's dumbest moments in technology. Yes, the launch of Healthcare.gov is included, as are Edward Snowden's revelations. But so are a bunch of people embarrassing themselves on Twitter, both BlackBerry and Lenovo hiring celebrities to (supposedly) design products, the release of glitchy products ranging from OS X 10.9 Mavericks to the new Yahoo Mail, and much more." I can't think of anything dumber than the NSA's claims that metadata isn't data.
Security

X11/X.Org Security In Bad Shape 179

Posted by Soulskill
from the i-blame-the-schools dept.
An anonymous reader writes "A presentation at the Chaos Communication Congress explains how X11 Server security with being 'worse than it looks.' The presenter found more than 120 bugs in a few months of security research and is not close to being done in his work. Upstream X.Org developers have begun to call most of his claims valid. The presentation by Ilja van Sprunde is available for streaming."
Government

No Question: Snowden Was 2013's Most Influential Tech Figure 108

Posted by timothy
from the you-said-it dept.
Nerval's Lobster writes "Lots of CEOs, entrepreneurs, and developers made headlines in 2013—but in hindsight, Edward Snowden will likely stand as this year's most influential figure in technology. In June, Snowden began feeding top-secret documents detailing the National Security Agency's surveillance programs to The Guardian and other newspapers. Much of that information, downloaded by Snowden while he served as a system administrator at an NSA outpost in Hawaii, suggested that the U.S. government swept up massive amounts of information on ordinary Americans as part of its broader operations. Whatever one's feelings on the debate over privacy and security, it's undeniable that Snowden's documents have increased general awareness of online vulnerability; but whether that's sparked an increased use of countermeasures—including encryption tools—is another matter entirely. On the developer side of things, when you consider the sheer amount of money, time, and code that'll be invested over the next few years in encryption and encryption-breaking, it's clear that Snowden's influence will be felt for quite some time to come—even if the man himself is trapped in Russian exile."
Security

4 Tips For Your New Laptop 310

Posted by timothy
from the do-not-use-it-to-carve-meat dept.
Bennett Haselton writes with four big tips for anyone blessed by the holiday buying frenzy with a new laptop; in particular, these are tips to pass on to non-techie relatives and others who are unlikely to put (say) "Install a Free operating system" at the very top of the list: Here's Bennett's advice, in short: (1) If you don't want to pay for an anti-virus program, at least install a free one. (2) Save files to a folder that is automatically mirrored to the cloud, for effortless backups. (3) Create a non-administrator guest account, in case a friend needs to borrow the computer. (4) Be aware of your computer's System Restore option as a way of fixing mysterious problems that arose recently." Read on for the expanded version; worth keeping in mind before your next friends-and-family tech support call.
Security

Linux Distributions Storing Wi-Fi Passwords In Plain Text 341

Posted by timothy
from the right-under-the-doormat dept.
Bill Dimm writes "An article on Softpedia claims that Linux distributions using NetworkManager are storing Wi-Fi passwords in plain text in /etc by default. The article recommends encrypting the full disk or removing NetworkManager and using a different tool like netctl. Some of the article comments claim the article is FUD. Is this a real problem?"
Software

The Biggest Tech Mishap of 2013? 162

Posted by Unknown Lamer
from the anything-involving-a-marketing-department dept.
Nerval's Lobster writes "Some high-profile tech initiatives really crashed-and-burned this year. Did BlackBerry executives really think that BlackBerry 10 would spark a miraculous turnaround, or were they simply going through the motions of promoting it? That's the key question as BlackBerry 10 devices fail to sell. Then there's Facebook's misbegotten attempt at 'skinning' the Android OS with its Home app. Or maybe Healthcare.gov counts as 2013's biggest debacle, with its repeated crashes and glitches and inability to carry out core functions. What do you think was the biggest software or hardware (or both) mishap of the past twelve months?"
United States

US Requirement For Software Dev Certification Raises Questions 228

Posted by samzenpus
from the outsatnding-achievment-in-the-field-of-excellence dept.
dcblogs writes "U.S. government contracts often require bidders to have achieved some level of Capability Maturity Model Integration (CMMI). CMMI arose some 25 years ago via the backing of the Department of Defense and the Software Engineering Institute at Carnegie Mellon University. It operated as a federally funded research and development center until a year ago, when CMMI's product responsibility was shifted to a private, profit-making LLC, the CMMI Institute. The Institute is now owned by Carnegie Mellon. Given that the CMMI Institute is now a self-supporting firm, any requirement that companies be certified by it — and spend the money needed to do so — raises a natural question. 'Why is the government mandating that you support a for-profit company?' said Henry Friedman, the CEO of IR Technologies, a company that develops logistics defense related software and uses CMMI. The value of a certification is subject to debate. To what extent does a CMMI certification determine a successful project outcome? CGI Federal, the lead contractor at Healthcare.gov, is a veritable black belt in software development. In 2012, it achieved the highest possible Capability Maturity Model Integration (CMMI) level for development certification, only the 10th company in the U.S. to do so."
Security

The Startling Array of Hacking Tools In NSA's Armory 215

Posted by samzenpus
from the pick-your-poison dept.
littlekorea writes "A series of servers produced by Dell, air-gapped Windows XP PCs and switches and routers produced by Cisco, Huawei and Juniper count among the huge list of computing devices compromised by the NSA, according to crypto-expert and digital freedom fighter Jacob Applebaum. Revealing a trove of new NSA documents at his 30c3 address (video), Applebaum spoke about why the NSA's program might lead to broader adoption of open source tools and gave a hot tip on how to know if your machines have been owned."
Privacy

Former CIA/NSA Head: NSA Is "Infinitely" Weaker As a Result of Snowden's Leaks 572

Posted by samzenpus
from the spying-used-to-be-easy dept.
An anonymous reader writes "The Huffington Post reports, 'Michael Hayden, former director of the National Security Agency, said Sunday that he used to describe leaker Edward Snowden as a "defector," ... "I think there's an English word that describes selling American secrets to another government, and I do think it's treason," Hayden said ... Some members of Congress have also ... accused him of an act of treason. Hayden said his view of Snowden has grown harsher in recent weeks after reports that Snowden is seeking asylum in Germany and Brazil in exchange for assisting their investigations into NSA programs. Hayden said the NSA is "infinitely" weaker as a result of Snowden's leaks. "This is the most serious hemorrhaging of American secrets in the history of American espionage," he said. "What Snowden is revealing ... is the plumbing," he added later. "He's revealing how we acquire this information. It will take years, if not decades, for us to return to the position that we had prior to his disclosures."' — More in the Face the Nation video and transcript, including discussion of the recent legal decisions, and segments with whistleblower Thomas Drake, Snowden legal adviser Jesselyn Radack, and Washington Post reporter Barton Gellman who recently interviewed Snowden."
Crime

Hacker Took Over BBC Server, Tried To Sell Access On Christmas Day 41

Posted by samzenpus
from the you're-a-mean-one dept.
An anonymous reader writes in with this story about a hacker that took over a BBC server during the Christmas holiday. "A hacker secretly took over a computer server at the BBC, Britain's public broadcaster, and then launched a Christmas Day campaign to convince other cyber criminals to pay him for access to the system. While it is not known if the hacker found any buyers, the BBC's security team responded to the issue on Saturday and believes it has secured the site, according to a person familiar with the cleanup effort. A BBC spokesman declined to discuss the incident. 'We do not comment on security issues,' he said."
Education

Is a Super-Sized iPad the Future of Education? 234

Posted by timothy
from the insert-semester-to-continue dept.
theodp writes "Perhaps people are reading too much into Apple CEO Tim Cook's 'Big Plans' for 2014, but hopes are high that the New Year will bring a biggie-sized iPad. Over at Forbes, Anthony Wing Kosner asks, Will The Large Screen iPad Pro Be Apple's First In A Line Of Desktop Touch Devices?. 'Rumors of a large [12.9"] iPad are many and constant,' notes ComputerWorld's Mike Elgan, 'but they make sense only if the tablet is a desktop for schools.' Elgan adds, 'Lots of schools are buying iPads for kids to use. But iPads don't make a lot of sense for education. For starters, their screens are too small for the kinds of interactive textbooks and apps that Apple wants the education market to create. They're also too small for collaborative work. iPads run mobile browsers, rather than full browsers, so kids can't use the full range of HTML5 sites.' Saying that 'Microsoft has fumbled the [post-PC] transition badly,' Elgan argues that 'the battle for the future of education is likely to be between whatever Google turns the Chromebook into against whatever Apple turns the iPad into.'"
Programming

Not All Bugs Are Random 165

Posted by timothy
from the especially-not-bees dept.
CowboyRobot writes "Andrew Koenig at Dr. Dobb's argues that by looking at a program's structure — as opposed to only looking at output — we can sometimes predict circumstances in which it is particularly likely to fail. 'For example, any time a program decides to use one or two (or more) algorithms depending on an aspect of its input such as size, we should verify that it works properly as close as possible to the decision boundary on both sides. I've seen quite a few programs that impose arbitrary length limits on, say, the size of an input line or the length of a name. I've also seen far too many such programs that fail when they are presented with input that fits the limit exactly, or is one greater (or less) than the limit. If you know by inspecting the code what those limits are, it is much easier to test for cases near the limits.'"
Crime

Cracking Atlanta Subway's Poorly-Encrypted RFID Smart Cards Is a Breeze 139

Posted by timothy
from the but-you're-still-in-atlanta dept.
McGruber writes "Seven metro Atlanta residents are facing theft, fraud, and racketeering charges for allegedly selling counterfeit MARTA Breeze cards. Breeze cards are stored-value smart cards that passengers use as part of an automated fare collection system which the Metropolitan Atlanta Rapid Transit Authority introduced to the general public in October 2006. Breeze cards are supplied by Cubic Transportation Systems, an American company that provides automated fare collection equipment and services to the mass transit industry. At the time of this slashdot submission, the Wikipedia page for the Breeze Card (last modified on 2 August 2013 at 14:52) says: 'The Breeze Card uses the MIFARE smart-card system from Dutch company NXP Semiconductors, a spin-off from Philips. The disposable, single-use, cards are using on the MIFARE Ultralight while the multiple-use plastic cards are the MIFARE Classic cards. There have been many concerns about the security of the system, mainly caused by the poor encryption method used for the cards.'"
Privacy

Snapchat Users' Phone Numbers Exposed To Hackers 69

Posted by timothy
from the take-a-memo-it'll-last-longer dept.
beaverdownunder writes with an extract from The Guardian, based on a security diclosure from Gibson Security: "Snapchat users' phone numbers may be exposed to hackers due to an unresolved security vulnerability, according to a new report released by a group of Australian hackers. Snapchat is a social media program that allows users to send pictures to each other that disappear within 10 seconds. Users can create profiles with detailed personal information and add friends that can view the photos a user shares. But Gibson Security, a group of anonymous hackers from Australia, has published a new report with detailed coding that they say shows how a vulnerability can be exploited to reveal phone numbers of users, as well as their privacy settings." Snapchat downplays the significance of the hole.

I am not now, nor have I ever been, a member of the demigodic party. -- Dennis Ritchie

Working...