Hackin9
Could anonymous chat be the next big thing? At this year's South by Southwest Interactive, the place that helped put Twitter and FourSquare on the map, a fledgling app for anonymous chatting is gaining some traction.
 
Recon 2013 Call For Papers - June 21-23, 2013 - Montreal, Quebec
 
Image from video demonstrating a password attack that was possible because Apple didn't fully encrypt traffic traveling between its App Store and end users.

For the past nine months—and possibly for years—Apple has unnecessarily left many of its iOS customers open to attack because engineers failed to implement standard technology that encrypts all traffic traveling between handsets and the company's App Store.

While HTTPS-encrypted communications have been used for years to prevent attackers from intercepting and manipulating sensitive traffic sent by online banks and merchants, the native iOS app that connects to Apple's App Store fully deployed the protection only recently. Elie Bursztein, a Google researcher who said he discovered the security hole in his spare time, said in a blog post published on Friday that he reported various iOS flaws to Apple's security team in July. His post gave no indication that the iOS app had ever fully used HTTPS, raising the possibility that this significant omission has been present for years. (Apple doesn't comment on security matters, so it's impossible for Ars to confirm the precise timeline or level of protection.)

As most Ars readers know, HTTPS is a basic security measure that's almost as old as the Web itself. It ensures that traffic traveling between an end user and a webserver is encrypted. That prevents anyone who may have a connection between the two endpoints from listening in. HTTPS also provides cryptographic assurance that the server answering calls to itunes.apple.com truly belongs to Apple and not an impostor. Over the past five years, a growing roster of companies including Google, Facebook, and Twitter have begun offering end-to-end HTTPS, making it harder for attackers to use age-old exploits that bypass the measure. It's unclear why it has taken Apple so long to catch up.

Read 5 remaining paragraphs | Comments

 
[SECURITY] [DSA 2641-1] perl security update
 
[SECURITY] [DSA 2642-1] sudo security update
 
[slackware-security] mozilla-thunderbird (SSA:2013-068-02)
 
[slackware-security] mozilla-firefox (SSA:2013-068-01)
 
Stored XSS in Terillion Reviews Wordpress Plugin
 
In the week ending 9 March – Canonical's Mir divides the Ubuntu community, the Dell Sputnik arrives in Europe, more Java flaws, LibreOffice 4.0.1, Puppy Linux releases, Zopfli, and OpenOffice reaches 40 million downloads.


 
Over the next few years, almost every app we use and every web site we visit may function less like a machine and more like a person helping us to do our work and live our lives.
 
Sony Chairman and former CEO Howard Stringer, who has been at the company since 1997, will be leaving the company in June.
 
Internet Storm Center Infocon Status