Forgot your password?
typodupeerror

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

Privacy

Researcher Finds Hidden Data-Dumping Services In iOS 93

Posted by samzenpus
from the don't-take-my-data-bro dept.
Trailrunner7 writes There are a number of undocumented and hidden features and services in Apple iOS that can be used to bypass the backup encryption on iOS devices and remove large amounts of users' personal data. Several of these features began as benign services but have evolved in recent years to become powerful tools for acquiring user data.

Jonathan Zdziarski, a forensic scientist and researcher who has worked extensively with law enforcement and intelligence agencies, has spent quite a bit of time looking at the capabilities and services available in iOS for data acquisition and found that some of the services have no real reason to be on these devices and that several have the ability to bypass the iOS backup encryption. One of the services in iOS, called mobile file_relay, can be accessed remotely or through a USB connection can be used to bypass the backup encryption. If the device has not been rebooted since the last time the user entered the PIN, all of the data encrypted via data protection can be accessed, whether by an attacker or law enforcement, Zdziarski said.
Update: 07/21 22:15 GMT by U L : Slides.
Businesses

Nearly 25 Years Ago, IBM Helped Save Macintosh 235

Posted by samzenpus
from the back-in-the-day dept.
dcblogs (1096431) writes "Apple and IBM, which just announced partnership to bring iOS and cloud services to enterprises, have helped each other before. IBM played a key role in turning the Macintosh into a successful hardware platform at a point when it — and the company itself — were struggling. Nearly 25 years ago, IBM was a part of an alliance that gave Apple access to PowerPC chips for Macintosh systems that were competitive, if not better performing in some benchmarks, than the processors Intel was producing at the time for Windows PCs. In 1991, Apple was looking for a RISC-based processor to replace the Motorola 68K it had been using in its Macintosh line. "The PCs of the era were definitely outperforming the Macintoshes that were based on the 68K," he said. "Apple was definitely behind the power, performance curve," said Nathan Brookwood, principal analyst at Insight 64. The PowerPC processor that emerged from that earlier pairing changed that. PowerPC processors were used in Macintoshes for more than a decade, until 2006, when Apple switched to Intel chips.
IBM

Apple and IBM Announce Partnership To Bring iOS + Cloud Services To Enterprises 126

Posted by Soulskill
from the international-onebutton-machines dept.
jmcbain writes: According to an article on Recode, Apple and IBM have announced a major partnership to bring mobile services to enterprise customers. "The deal calls for IBM and Apple to develop more than 100 industry-specific applications that will run on the iPhone and iPad. Apple will add a new class of service to its AppleCare program and support aimed at enterprise customers. IBM will also begin to sell iPhones and iPads to its corporate customers and will devote more than 100,000 people, including consultants and software developers, to the effort. Enterprise applications will in many cases run on IBM's cloud infrastructure or on private clouds that it has built for its customers. Data for those applications will co-exist with personal data like photos and personal email that will run on Apple's iCloud and other cloud services."
Programming

Famo.us: Do We Really Need Another JavaScript Framework? 104

Posted by Soulskill
from the let's-create-a-javascript-framework-to-find-out dept.
An anonymous reader writes Front-end developer Jaroen Janssen has a post about Famo.us, "a custom built JavaScript 3D rendering and physics engine meant as a replacement for the standard layout engine of the browser." The engine effectively replaces a big chunk of HTML5 in order to render more efficiently by using technology based on WebGL. Janssen questions whether the world really needs another JavaScript framework: "Is it a bad thing that Famo.us replaces major parts of HTML5? To be honest, I'm not sure. As a Front-end developer I have to admit it makes me slightly uneasy to have to use a custom API instead of 'standard' HTML5. On the other hand, like almost everyone that makes web apps for a living, I have been terribly frustrated by some of HTML5 limitations, like slowness and browser incompatibilities. Either way, it might be a good thing to try a fundamentally different approach so I'm keeping an open mind for now.

Famo.us chases another holy grail, namely the 'write once, run anywhere' dream. Instead of having to write different code for different platforms, like iOS and Android, developers can write one application that works and looks as good on all platforms, in theory anyway. This of course saves a huge amount of time and resources. Unfortunately, this idea is not without its problems and has never really worked very well with earlier attempts like Java-applets, Flash and Silverlight. In the end native applications have so far always been faster and slicker and I'm pretty skeptical Famo.us will be able to change this."
Books

Update Your Shelf: BitLit Offers Access To Ebook Versions of Books You Own 82

Posted by timothy
from the ink-is-kind-of-a-committment dept.
First time accepted submitter Peter Hudson (3717535) writes Cory Doctorow writes on boingboing.net "BitLit works with publishers to get you free or discounted access to digital copies of books you own in print: you use the free app for Android and iOS to take a picture of the book's copyright page with your name printed in ink, and the publisher unlocks a free or discounted ebook version. None of the Big Five publishers participate as yet, but indies like O'Reilly, Berrett-Koehler, Red Wheel Weiser, Other Press, Greystone, Coach House, Triumph, Angry Robot, Chicago Review, Dundurn, and PM Press (publishers of my book The Great Big Beautiful Tomorrow) are all in."
Government

Saudi Government Targeting Dissidents With Mobile Malware 41

Posted by timothy
from the they-don't-go-in-for-a-slap-on-the-wrist dept.
wiredmikey (1824622) writes Human Rights Watch on Friday demanded a clarification from Saudi Arabia over allegations from security researchers that the kingdom is infecting and monitoring dissidents' mobile phones with surveillance malware. The New York-based rights watchdog said surveillance software allegedly made by Italian firm Hacking Team mostly targeted individuals in Qatif district in Eastern Province, which has been the site of sporadic Shiite-led protests since February 2011. "We have documented how Saudi authorities routinely crack down on online activists who have embraced social media to call out human rights abuses," said Cynthia Wong, HRW's senior Internet researcher. "It seems that authorities may now be hacking into mobile phones, turning digital tools into just another way for the government to intimidate and silence independent voices." The accusations against the Saudi Government come days after researchers from Kaspersky Lab and Citizen Lab uncovered new details on advanced surveillance tools offered by HackingTeam [Note: mentioned in this earlier Slashdot story], including never before seen implants for smartphones running on iOS and Android.
Security

Trivial Bypass of PayPal Two-Factor Authentication On Mobile Devices 47

Posted by Unknown Lamer
from the just-turn-it-off dept.
chicksdaddy (814965) writes "According to DUO, PayPal's mobile app doesn't yet support Security Key and displays an error message to users with the feature enabled when they try to log in to their PayPal account from a mobile device, terminating their session automatically. However, researchers at DUO noticed that the PayPal iOS application would briefly display a user's account information and transaction history prior to displaying that error message and logging them out. ... The DUO researchers investigated: intercepting and analyzing the Web transaction between the PayPal mobile application and PayPal's back end servers and scrutinizing how sessions for two-factor-enabled accounts versus non-two-factor-enabled accounts were handled. They discovered that the API uses the OAuth technology for user authentication and authorization, but that PayPal only enforces the two-factor requirement on the client — not on the server." The attack worked simply by intercepting a server response and toggling a flag (2fa_enabled) from true to false. After being alerted, PayPal added a workaround to limit the scope of the hole. Update: 06/26 00:42 GMT by T : (Get the story straight from the source: Here's the original report from DUO.)
Android

Google I/O 2014 Begins [updated] 49

Posted by samzenpus
from the hot-off-the-presses dept.
Google I/O, the company's annual developer tracking^wdevelopers conference, has opened today in San Francisco. This year the company has reduced the number of conference sessions to 80, but also promised a broader approach than in previous years -- in other words, there may be a shift in focus a bit from Google's best known platforms (Chrome/Chrome OS and Android). Given its wide-ranging acquisitions and projects (like the recent purchase of Nest, which itself promptly bought Dropcam, the ever smarter fleet of self-driving cars, the growing number of Glass devices in the wild, and the announcement of a 3D scanning high end tablet quite unlike the Nexus line of tablets and phones), there's no shortage of edges to focus on. Judging from the booths set up in advance of the opening (like one with a sign announcing "The Physical Web," expect some of the stuff that gets lumped into "the Internet of Things." Watch this space -- updates will appear below -- for notes from the opening keynote, or follow along yourself with the live stream, and add your own commentary in the comments. In the days to come, watch for some video highlights of projects on display at I/O, too. Update: 06/25 17:41 GMT by T : Updates rolling in below on Android, wearables, Android in cars, Chromecast, smart watches, etc.Keep checking back! (Every few minutes, I get another chunk in there.)
Government

They're Spying On You: Hacking Team Mobile Malware, Infrastructure Uncovered 48

Posted by timothy
from the leviathan-has-a-posse dept.
msm1267 (2804139) writes Controversial spyware commercially developed by Italy's Hacking Team and sold to governments and law enforcement for the purpose of surveillance has a global command and control infrastructure. For the first time, security experts have insight into how its mobile malware components work. Collaborating teams of researchers from Kaspersky Lab and Citizen Lab at the Monk School of Global Affairs at the University of Toronto today reported on their findings during an event in London. The breadth of the command infrastructure supporting Hacking Team's Remote Control System (RCS) is extensive, with 326 servers outed in more than 40 countries; the report also provides the first details on the inner workings of the RCS mobile components for Apple iOS and Android devices. Adds reader Trailrunner7: [T]he report also provides the first details on the inner workings of the RCS mobile components for Apple iOS and Android devices. The new modules enable governments and law enforcement officers with extensive monitoring capabilities over victims, including the ability to report on their location, steal data from their device, use the device's microphone in real time, intercept voice and SMS messages sent via applications such as Skype, WhatsApp, Viber, and much more.
Cellphones

Google and Microsoft Plan Kill Switches On Smartphones 137

Posted by timothy
from the ok-but-do-you-want-this-in-syria-or-china dept.
itwbennett (1594911) writes "Responding to more than a year of pressure, Google and Microsoft will follow Apple in adding an anti-theft "kill switch" to their smartphone operating systems. In New York, iPhone theft was down 19 percent in the first five months of this year. Over the same period, thefts of Samsung devices — which did not include a kill switch until one was introduced on Verizon-only models in April — rose by over 40 percent. In San Francisco, robberies of iPhones were 38 percent lower in the six months after the iOS 7 introduction versus the six months before, while in London thefts over the same period were down by 24 percent. In both cities, robberies of Samsung devices increased. 'These statistics validate what we always knew to be true, that a technological solution has the potential to end the victimization of wireless consumers everywhere,' said San Francisco District Attorney George Gascon."
Android

Android Needs a Simulator, Not an Emulator 167

Posted by Soulskill
from the simulated-grass-is-greener dept.
An anonymous reader writes Jake Wharton, Android Engineer at Square, has written an article about one of the big problems with building apps for Android: developers need a simulator for testing their software, rather than an emulator. He provides an interesting, technical explanation of the difference between them, and why the status quo is not working. Here are the basics of his article: "A simulator is a shim that sits between the Android operating system runtime and the computer's running operating system. It bridges the two into a single unit which behaves closely to how a real device or full emulator would at a fraction of the overhead. The most well known simulator to any Android developer is probably (and ironically) the one that iOS developers use from Apple. The iPhone and iPad simulators allow quick, easy, and lightweight execution of in-development apps. ... There always will be a need for a proper emulator for acceptance testing your application in an environment that behaves exactly like a device. For day-to-day development this is simply not needed. Developer productivity will rise dramatically and the simplicity through which testing can now be done will encourage their use and with any luck improve overall app quality. Android actually already has two simulators which are each powerful in different ways, but nowhere near powerful enough."
Books

Book Review: Security Without Obscurity 51

Posted by samzenpus
from the read-all-about-it dept.
benrothke (2577567) writes Having worked at the same consulting firm and also on a project with author J.J. Stapleton (full disclosure); I knew he was a really smart guy. In Security without Obscurity: A Guide to Confidentiality, Authentication and Integrity, Stapleton shows how broad his security knowledge is to the world. When it comes to the world of encryption and cryptography, Stapleton has had his hand in a lot of different cryptographic pies. He has been part of cryptographic accreditation committees for many different standard bodies across the globe. Keep reading for the rest of Ben's review.
Stats

Google Fit To Curate Steps, Calories, Heart Rate, Other Biometric Data 53

Posted by timothy
from the makes-me-go-all-pitter-patter dept.
mpicpp (3454017) writes "Google is planning to release a new product called Google Fit that will aggregate health data from various devices and apps, according to a report Thursday from Forbes. Fit will use available APIs to pull biometric information together into one place, but it's unclear whether it will be a standalone app or part of the Android OS. Reports of Fit come on the heels of Apple's announcement of HealthKit in iOS 8, a system that also interacts with apps and APIs to curate and present health data like steps walked, calories consumed, and heart rates logged. Fit also follows the announcement of Sami, Samsung's health platform for culling health-related info."
Advertising

Facebook Lets Users Opt Out of Targeted Ads 97

Posted by timothy
from the all-twinkies-and-trucks-for-me dept.
mpicpp (3454017) writes Facebook users who are annoyed by the targeted ads that pop up in their News Feed will soon have more control over what they see. Like Google, Facebook collects all kinds of information on its users and uses that information to serve up targeted ads. For some people, especially privacy advocates, it seemed a little creepy to have a social network tracking a user's activity and then using that data to sell them stuff. On Thursday, Facebook announced that users will soon be able to opt out of that targeted ad system through controls in their Web browser and iOS and Android phones. Facebook will also show users what information they have collected about them and let them edit the kinds of ads they want to see. If someone is confused about why they are seeing an ad for P.F. Chang's, for example, they can simply click on "Why am I seeing this ad?"
IOS

iOS 8 Strikes an Unexpected Blow Against Location Tracking 323

Posted by Unknown Lamer
from the waiting-for-obvious-patents dept.
schwit1 (797399) writes 'It wasn't touted onstage, but a new iOS 8 feature is set to cause havoc for location trackers, and score a major win for privacy.As spotted by Frederic Jacobs, the changes have to do with the MAC address used to identify devices within networks. When iOS 8 devices look for a connection, they randomize the MAC address, effectively disguising any trace of the real device until it decides to connect to a network.'
Cellphones

Ask Slashdot: A 'Mavis Beacon' For Teaching Smartphone and Tablet Typing? 55

Posted by Soulskill
from the start-texting-conversations-with-a-teenager dept.
theodp writes: "Where have you gone, Mavis Beacon? A nation of smartphone and tablet typists could use your help. You've seen people type fast-and-furiously on smartphones and tablets, so you know it can be done, but how exactly do these one- and two-fingered wonders (YouTube video) manage to do so? Is it their reaction time? Technique? Both? Back in the day, touch-typing teachers showed kids the secrets to higher word-per-minute scores on their Smith Coronas. Later, typing tutor software got kids up-to-speed on PCs. So, with over 1 billion smartphones and 200 million or so tablets shipped in 2013, what are the best software and tutorials that teach mobile typing techniques? And what platform specific features — iOS, Android, WP8/Win8, BB — do you find make your mobile typing life a whole lot easier?"
Businesses

Apple Acquires Social Search Engine Spotsetter 21

Posted by timothy
from the what-you-did-last-summer dept.
redletterdave (2493036) writes 'Apple has purchased Spotsetter, a social search engine that uses big data to offer personalized recommendations for places to go. Spotsetter was designed to combine recommendations from friends with trusted reviews and other data to create more social maps. It would show you which friends were 'experts' in a given area, and you could tag your friends as experts (like LinkedIn) to boost the influence of their recommendations. You could also discover new places by browsing Spotsetter's maps to see where your friends have been and what they've recommended. Spotsetter's app, which was available on iOS and Android, officially closed down just six days ago.'
Android

Apple Says Many Users 'Bought an Android Phone By Mistake' 711

Posted by timothy
from the thought-it-was-a-protocol-droid dept.
mrspoonsi (2955715) writes "Apple CEO Tim Cook during his keynote said that around 130 million customers have purchased their first Apple device in the last twelve months. He states, 'Many of these customers were switchers from Android,' he said. 'They had bought an Android phone by mistake, and then had sought a better experience and a better life.' He added that almost half of those who have purchased an iPhone in China since December have switched from Android. However, it is worth noting that iPhones were not actually available in China until December, when pre-orders began, so it is unclear how much of the device's popularity there is simply down to the novelty factor, rather than a burning desire to flee from Android."
Programming

Apple Announces New Programming Language Called Swift 636

Posted by Unknown Lamer
from the everyone's-got-one dept.
jmcbain (1233044) writes "At WWDC 2014 today, Apple announced Swift, a new programming language. According to a report by Ars Technica: 'Swift seems to get rid of Objective C's reliance on defined pointers; instead, the compiler infers the variable type, just as many scripting languages do. ... The new language will rely on the automatic reference counting that Apple introduced to replace its garbage-collected version of Objective C. It will also be able to leverage the compiler technologies developed in LLVM for current development, such as autovectorization. ... Apple showed off a couple of cases where implementing the same algorithm in Swift provided a speedup of about 1.3X compared to the same code implemented in Objective C.'" Language basics, and a few worthwhile comments on LtU.
Apple

Apple WWDC 2014: Tim Cook Unveils Yosemite 411

Posted by samzenpus
from the latest-and-greatest dept.
An anonymous reader writes "Apple's Worldwide Developers Conference (WWDC) has started, and OS X 10.10, officially named Yosemite, and iOS 8 have been officially unveiled. Craig Federighi, senior vice president of software engineering, also highlighted iCloud Drive. Although a little late to the party, Apple hopes to compete with the likes of Dropbox and Google Drive."

ASCII a stupid question, you get an EBCDIC answer.

Working...