Forgot your password?
typodupeerror

Become a fan of Slashdot on Facebook

IOS

Georgia Tech Researchers Jailbreak iOS 7.1.2 75

Posted by timothy
from the have-you-tried-bribing-the-guards? dept.
mikejuk writes The constant war to jailbreak and patch iOS has taken another step in favor of the jailbreakers. Georgia Tech researchers have found a way to jailbreak the current version of iOS. What the Georgia Tech team has discovered is a way to break in by a multi-step attack. After analysing the patches put in place to stop previous attacks, the team worked out a sequence that would jailbreak any modern iPhone. The team stresses the importance of patching all of the threats, and not just closing one vulnerability and assuming that it renders others unusable as an attack method. It is claimed that the hack works with any iOS 7.1.2 using device including the iPhone 5s.
It is worth noting that the The Device Freedom Prize for an open source jailbreak of iOS7 is still unclaimed and stands at just over $30,000. The details are to be revealed at the forthcoming Black Hat USA (August 6 & 7 Las Vegas) in a session titled Exploiting Unpatched iOS Vulnerabilities for Fun and Profit:
Open Source

Fotopedia Is Shutting Down; Data Avallable Until August 10 42

Posted by timothy
from the grab-now-if-you-want-any dept.
New submitter Randall Booth writes Fotopedia has sent notice to its users that it is shutting down. 'We are sorry to announce that Fotopedia is shutting down. As of August 10, 2014, Fotopedia.com will close and our iOS applications will cease to function. Our community of passionate photographers, curators and storytellers has made this a wonderful journey, and we'd like to thank you for your hard work and your contributions. We truly believe in the concept of storytelling but don't think there is a suitable business in it yet. If you submitted photos and stories to Fotopedia, your data will be available to download until August 10, 2014. After this date, all photos and data will be permanently deleted from our servers."
Cellphones

Is the App Store Broken? 241

Posted by Soulskill
from the honeymoon-is-over dept.
A recent post by Instapaper's Marco Arment suggests that design flaws in Apple's App Store are harming the app ecosystem, and users are suffering because of it. "The dominance and prominence of 'top lists' stratifies the top 0.02% so far above everyone else that the entire ecosystem is encouraged to design for a theoretical top-list placement that, by definition, won’t happen to 99.98% of them." Arment notes that many good app developers are finding continued development to be unsustainable, while scammy apps are encouraged to flood the market.

"As the economics get tighter, it becomes much harder to support the lavish treatment that developers have given apps in the past, such as full-time staffs, offices, pixel-perfect custom designs of every screen, frequent free updates, and completely different iPhone and iPad interfaces. Many will give up and leave for stable, better-paying jobs. (Many already have.)" Brent Simmons points out the indie developers have largely given up the dream of being able to support themselves through iOS development. Yoni Heisler argues that their plight is simply a consequence of ever-increasing competition within the industry, though he acknowledges that more app curation would be a good thing. What strategies could Apple (and the operators of other mobile application stories) do to keep app quality high?
Programming

Programming Languages You'll Need Next Year (and Beyond) 311

Posted by Soulskill
from the sorry-folks-still-no-haskell dept.
Nerval's Lobster writes: Over at Dice, there's a breakdown of the programming languages that could prove most popular over the next year or two, including Apple's Swift, JavaScript, CSS3, and PHP. But perhaps the most interesting entry on the list is Erlang, an older language invented in 1986 by engineers at Ericsson. It was originally intended to be used specifically for telecommunications needs, but has since evolved into a general-purpose language, and found a home in cloud-based, high-performance computing when concurrency is needed. "There aren't a lot of Erlang jobs out there," writes developer Jeff Cogswell. "However, if you do master it (and I mean master it, not just learn a bit about it), then you'll probably land a really good job. That's the trade-off: You'll have to devote a lot of energy into it. But if you do, the payoffs could be high." And while the rest of the featured languages are no-brainers with regard to popularity, it's an open question how long it might take Swift to become popular, given how hard Apple will push it as the language for developing on iOS.
Cellphones

Samsung Delays Tizen Phone Launch 112

Posted by Unknown Lamer
from the enlightenment-deemed-too-cool-for-you dept.
New submitter tekxtc (136198) writes Slashdot has reported in the past that a Tizen phone is coming and that the design and photos leaked. But, it has just been announced that the launch of the first Tizen phone has been delayed because of Tizen's small ecosystem. Should it ever ship? Haven't Android and iOS completely cornered the market? Is there any hope for the likes of Tizen, Firefox OS, and Windows on phones and tablets?
Stats

Do Apple and Google Sabotage Older Phones? What the Graphs Don't Show 281

Posted by timothy
from the maybe-apple-fans-are-driven-by-pheremones dept.
Harvard economics professor Sendhil Mullainathan takes a look in the New York Times at interesting correlations between the release dates of new phones and OSes and search queries that indicate frustration with the speed of the phones that people already have. Mullainathan illustrates with graphs (and gives plausible explanations for the difference) just how different the curves are over time for the search terms "iPhone slow" and "Samsung Galaxy slow." It's easy to see with the iPhone graph especially how it could seem to users that Apple has intentionally slowed down older phones to nudge them toward upgrading. While he's careful not to rule out intentional slowing of older phone models (that's possible, after all), Mullainathan cites several factors that mean there's no need to believe in a phone-slowing conspiracy, and at least two big reasons (reputation, liability) for companies — Apple, Google, and cellphone manufacturers like Samsung — not to take part in one. He points out various wrinkles in what the data could really indicate, including genuine but innocent slowdowns caused by optimizing for newer hardware. It's an interesting look at the difference between having mere statistics, no matter how rigorously gathered, and knowing quite what they mean.
IOS

Private Data On iOS Devices Not So Private After All 101

Posted by timothy
from the it's-totally-intuitive dept.
theshowmecanuck (703852) writes with this excerpt from Reuters summarizing the upshot of a talk that Jonathan Zdziarski gave at last weekend's HOPE conference: Personal data including text messages, contact lists and photos can be extracted from iPhones through previously unpublicized techniques by Apple Inc employees, the company acknowledged this week. The same techniques to circumvent backup encryption could be used by law enforcement or others with access to the 'trusted' computers to which the devices have been connected, according to the security expert who prompted Apple's admission. Users are not notified that the services are running and cannot disable them, Zdziarski said. There is no way for iPhone users to know what computers have previously been granted trusted status via the backup process or block future connections. If you'd rather watch and listen, Zdziarski has posted a video showing how it's done.
GUI

Mac OS X Yosemite Beta Opens 165

Posted by Unknown Lamer
from the smells-like-system-7 dept.
New submitter David Hames (3763525) writes Would you like to test drive the newest release of the Macintosh operating system? Apple is opening up the beta for Mac OS X Yosemite starting Thursday to the first million people who sign up. Beta users won't be able to access such promised Yosemite features such as the ability to make or receive your iPhone calls or text messages on your Mac, turn on your iPhone hotspot feature from your Mac, or "Handoff" the last thing you were doing on your iOS 8 device to your Mac and vice versa. A new iCloud Drive feature is also off-limits, while any Spotlight search suggestions are U.S.-based only. Don't expect all your Mac apps to run either. Ars has a preview of Yosemite.
Privacy

Researcher Finds Hidden Data-Dumping Services In iOS 98

Posted by samzenpus
from the don't-take-my-data-bro dept.
Trailrunner7 writes There are a number of undocumented and hidden features and services in Apple iOS that can be used to bypass the backup encryption on iOS devices and remove large amounts of users' personal data. Several of these features began as benign services but have evolved in recent years to become powerful tools for acquiring user data.

Jonathan Zdziarski, a forensic scientist and researcher who has worked extensively with law enforcement and intelligence agencies, has spent quite a bit of time looking at the capabilities and services available in iOS for data acquisition and found that some of the services have no real reason to be on these devices and that several have the ability to bypass the iOS backup encryption. One of the services in iOS, called mobile file_relay, can be accessed remotely or through a USB connection can be used to bypass the backup encryption. If the device has not been rebooted since the last time the user entered the PIN, all of the data encrypted via data protection can be accessed, whether by an attacker or law enforcement, Zdziarski said.
Update: 07/21 22:15 GMT by U L : Slides.
Businesses

Nearly 25 Years Ago, IBM Helped Save Macintosh 236

Posted by samzenpus
from the back-in-the-day dept.
dcblogs (1096431) writes "Apple and IBM, which just announced partnership to bring iOS and cloud services to enterprises, have helped each other before. IBM played a key role in turning the Macintosh into a successful hardware platform at a point when it — and the company itself — were struggling. Nearly 25 years ago, IBM was a part of an alliance that gave Apple access to PowerPC chips for Macintosh systems that were competitive, if not better performing in some benchmarks, than the processors Intel was producing at the time for Windows PCs. In 1991, Apple was looking for a RISC-based processor to replace the Motorola 68K it had been using in its Macintosh line. "The PCs of the era were definitely outperforming the Macintoshes that were based on the 68K," he said. "Apple was definitely behind the power, performance curve," said Nathan Brookwood, principal analyst at Insight 64. The PowerPC processor that emerged from that earlier pairing changed that. PowerPC processors were used in Macintoshes for more than a decade, until 2006, when Apple switched to Intel chips.
IBM

Apple and IBM Announce Partnership To Bring iOS + Cloud Services To Enterprises 126

Posted by Soulskill
from the international-onebutton-machines dept.
jmcbain writes: According to an article on Recode, Apple and IBM have announced a major partnership to bring mobile services to enterprise customers. "The deal calls for IBM and Apple to develop more than 100 industry-specific applications that will run on the iPhone and iPad. Apple will add a new class of service to its AppleCare program and support aimed at enterprise customers. IBM will also begin to sell iPhones and iPads to its corporate customers and will devote more than 100,000 people, including consultants and software developers, to the effort. Enterprise applications will in many cases run on IBM's cloud infrastructure or on private clouds that it has built for its customers. Data for those applications will co-exist with personal data like photos and personal email that will run on Apple's iCloud and other cloud services."
Programming

Famo.us: Do We Really Need Another JavaScript Framework? 104

Posted by Soulskill
from the let's-create-a-javascript-framework-to-find-out dept.
An anonymous reader writes Front-end developer Jaroen Janssen has a post about Famo.us, "a custom built JavaScript 3D rendering and physics engine meant as a replacement for the standard layout engine of the browser." The engine effectively replaces a big chunk of HTML5 in order to render more efficiently by using technology based on WebGL. Janssen questions whether the world really needs another JavaScript framework: "Is it a bad thing that Famo.us replaces major parts of HTML5? To be honest, I'm not sure. As a Front-end developer I have to admit it makes me slightly uneasy to have to use a custom API instead of 'standard' HTML5. On the other hand, like almost everyone that makes web apps for a living, I have been terribly frustrated by some of HTML5 limitations, like slowness and browser incompatibilities. Either way, it might be a good thing to try a fundamentally different approach so I'm keeping an open mind for now.

Famo.us chases another holy grail, namely the 'write once, run anywhere' dream. Instead of having to write different code for different platforms, like iOS and Android, developers can write one application that works and looks as good on all platforms, in theory anyway. This of course saves a huge amount of time and resources. Unfortunately, this idea is not without its problems and has never really worked very well with earlier attempts like Java-applets, Flash and Silverlight. In the end native applications have so far always been faster and slicker and I'm pretty skeptical Famo.us will be able to change this."
Books

Update Your Shelf: BitLit Offers Access To Ebook Versions of Books You Own 82

Posted by timothy
from the ink-is-kind-of-a-committment dept.
First time accepted submitter Peter Hudson (3717535) writes Cory Doctorow writes on boingboing.net "BitLit works with publishers to get you free or discounted access to digital copies of books you own in print: you use the free app for Android and iOS to take a picture of the book's copyright page with your name printed in ink, and the publisher unlocks a free or discounted ebook version. None of the Big Five publishers participate as yet, but indies like O'Reilly, Berrett-Koehler, Red Wheel Weiser, Other Press, Greystone, Coach House, Triumph, Angry Robot, Chicago Review, Dundurn, and PM Press (publishers of my book The Great Big Beautiful Tomorrow) are all in."
Government

Saudi Government Targeting Dissidents With Mobile Malware 41

Posted by timothy
from the they-don't-go-in-for-a-slap-on-the-wrist dept.
wiredmikey (1824622) writes Human Rights Watch on Friday demanded a clarification from Saudi Arabia over allegations from security researchers that the kingdom is infecting and monitoring dissidents' mobile phones with surveillance malware. The New York-based rights watchdog said surveillance software allegedly made by Italian firm Hacking Team mostly targeted individuals in Qatif district in Eastern Province, which has been the site of sporadic Shiite-led protests since February 2011. "We have documented how Saudi authorities routinely crack down on online activists who have embraced social media to call out human rights abuses," said Cynthia Wong, HRW's senior Internet researcher. "It seems that authorities may now be hacking into mobile phones, turning digital tools into just another way for the government to intimidate and silence independent voices." The accusations against the Saudi Government come days after researchers from Kaspersky Lab and Citizen Lab uncovered new details on advanced surveillance tools offered by HackingTeam [Note: mentioned in this earlier Slashdot story], including never before seen implants for smartphones running on iOS and Android.
Security

Trivial Bypass of PayPal Two-Factor Authentication On Mobile Devices 47

Posted by Unknown Lamer
from the just-turn-it-off dept.
chicksdaddy (814965) writes "According to DUO, PayPal's mobile app doesn't yet support Security Key and displays an error message to users with the feature enabled when they try to log in to their PayPal account from a mobile device, terminating their session automatically. However, researchers at DUO noticed that the PayPal iOS application would briefly display a user's account information and transaction history prior to displaying that error message and logging them out. ... The DUO researchers investigated: intercepting and analyzing the Web transaction between the PayPal mobile application and PayPal's back end servers and scrutinizing how sessions for two-factor-enabled accounts versus non-two-factor-enabled accounts were handled. They discovered that the API uses the OAuth technology for user authentication and authorization, but that PayPal only enforces the two-factor requirement on the client — not on the server." The attack worked simply by intercepting a server response and toggling a flag (2fa_enabled) from true to false. After being alerted, PayPal added a workaround to limit the scope of the hole. Update: 06/26 00:42 GMT by T : (Get the story straight from the source: Here's the original report from DUO.)
Android

Google I/O 2014 Begins [updated] 49

Posted by samzenpus
from the hot-off-the-presses dept.
Google I/O, the company's annual developer tracking^wdevelopers conference, has opened today in San Francisco. This year the company has reduced the number of conference sessions to 80, but also promised a broader approach than in previous years -- in other words, there may be a shift in focus a bit from Google's best known platforms (Chrome/Chrome OS and Android). Given its wide-ranging acquisitions and projects (like the recent purchase of Nest, which itself promptly bought Dropcam, the ever smarter fleet of self-driving cars, the growing number of Glass devices in the wild, and the announcement of a 3D scanning high end tablet quite unlike the Nexus line of tablets and phones), there's no shortage of edges to focus on. Judging from the booths set up in advance of the opening (like one with a sign announcing "The Physical Web," expect some of the stuff that gets lumped into "the Internet of Things." Watch this space -- updates will appear below -- for notes from the opening keynote, or follow along yourself with the live stream, and add your own commentary in the comments. In the days to come, watch for some video highlights of projects on display at I/O, too. Update: 06/25 17:41 GMT by T : Updates rolling in below on Android, wearables, Android in cars, Chromecast, smart watches, etc.Keep checking back! (Every few minutes, I get another chunk in there.)
Government

They're Spying On You: Hacking Team Mobile Malware, Infrastructure Uncovered 48

Posted by timothy
from the leviathan-has-a-posse dept.
msm1267 (2804139) writes Controversial spyware commercially developed by Italy's Hacking Team and sold to governments and law enforcement for the purpose of surveillance has a global command and control infrastructure. For the first time, security experts have insight into how its mobile malware components work. Collaborating teams of researchers from Kaspersky Lab and Citizen Lab at the Monk School of Global Affairs at the University of Toronto today reported on their findings during an event in London. The breadth of the command infrastructure supporting Hacking Team's Remote Control System (RCS) is extensive, with 326 servers outed in more than 40 countries; the report also provides the first details on the inner workings of the RCS mobile components for Apple iOS and Android devices. Adds reader Trailrunner7: [T]he report also provides the first details on the inner workings of the RCS mobile components for Apple iOS and Android devices. The new modules enable governments and law enforcement officers with extensive monitoring capabilities over victims, including the ability to report on their location, steal data from their device, use the device's microphone in real time, intercept voice and SMS messages sent via applications such as Skype, WhatsApp, Viber, and much more.
Cellphones

Google and Microsoft Plan Kill Switches On Smartphones 137

Posted by timothy
from the ok-but-do-you-want-this-in-syria-or-china dept.
itwbennett (1594911) writes "Responding to more than a year of pressure, Google and Microsoft will follow Apple in adding an anti-theft "kill switch" to their smartphone operating systems. In New York, iPhone theft was down 19 percent in the first five months of this year. Over the same period, thefts of Samsung devices — which did not include a kill switch until one was introduced on Verizon-only models in April — rose by over 40 percent. In San Francisco, robberies of iPhones were 38 percent lower in the six months after the iOS 7 introduction versus the six months before, while in London thefts over the same period were down by 24 percent. In both cities, robberies of Samsung devices increased. 'These statistics validate what we always knew to be true, that a technological solution has the potential to end the victimization of wireless consumers everywhere,' said San Francisco District Attorney George Gascon."
Android

Android Needs a Simulator, Not an Emulator 167

Posted by Soulskill
from the simulated-grass-is-greener dept.
An anonymous reader writes Jake Wharton, Android Engineer at Square, has written an article about one of the big problems with building apps for Android: developers need a simulator for testing their software, rather than an emulator. He provides an interesting, technical explanation of the difference between them, and why the status quo is not working. Here are the basics of his article: "A simulator is a shim that sits between the Android operating system runtime and the computer's running operating system. It bridges the two into a single unit which behaves closely to how a real device or full emulator would at a fraction of the overhead. The most well known simulator to any Android developer is probably (and ironically) the one that iOS developers use from Apple. The iPhone and iPad simulators allow quick, easy, and lightweight execution of in-development apps. ... There always will be a need for a proper emulator for acceptance testing your application in an environment that behaves exactly like a device. For day-to-day development this is simply not needed. Developer productivity will rise dramatically and the simplicity through which testing can now be done will encourage their use and with any luck improve overall app quality. Android actually already has two simulators which are each powerful in different ways, but nowhere near powerful enough."
Books

Book Review: Security Without Obscurity 51

Posted by samzenpus
from the read-all-about-it dept.
benrothke (2577567) writes Having worked at the same consulting firm and also on a project with author J.J. Stapleton (full disclosure); I knew he was a really smart guy. In Security without Obscurity: A Guide to Confidentiality, Authentication and Integrity, Stapleton shows how broad his security knowledge is to the world. When it comes to the world of encryption and cryptography, Stapleton has had his hand in a lot of different cryptographic pies. He has been part of cryptographic accreditation committees for many different standard bodies across the globe. Keep reading for the rest of Ben's review.

10 to the 12th power microphones = 1 Megaphone

Working...