Hackin9
Microsoft has cut the price of Windows 8.1 by nearly three-fourths to device makers who produce lower-cost laptops and tablets.
 
Ashkan Soltani

A critical iOS vulnerability that Apple patched on Friday gives attackers an easy way to surreptitiously circumvent the most widely used technology for preventing eavesdropping on the Internet. That made the security bug about as dire as one can be. Now, there's strong evidence that the same flaw also exposes sensitive e-mail and Web communications on fully patched versions of OS X, with no indication that there is a patch currently available for the millions of people who use the Mac operating system.

At this early stage, the vulnerability has been confirmed in iOS versions 6.1.5, 7.0.4, and 7.0.5, and OS X 10.9.0 and 10.9.1, meaning it has silently exposed the sensitive communications of millions of people for weeks or months. Security researchers haven't ruled out the possibility that earlier versions are also affected. Readers should immediately update their iPhones and iPads to versions 7.0.6 or 6.1.6, preferably using a non-public network. For the time being, people using Macs should avoid using public networks, a step that can thwart many criminal eavesdroppers but will do little to prevent surveillance by the National Security Agency and other state-sponsored spies. Because the Google Chrome and Mozilla Firefox browsers appear to be unaffected by the flaw, people should also consider using those browsers when possible, although they shouldn't be considered a panacea.

The flaw, according to researchers, causes most iOS and Mac applications to skip a crucial verification check that's supposed to happen when many transport layer security (TLS) and secure sockets layer (SSL) connections are being negotiated. Specifically, affected apps fail to check that the ephemeral public key presented by servers offering Diffie Hellman-supported encryption is actually signed by the site's private key. Attackers with the ability to monitor the connection between the end-user and the server can exploit this failure to completely decrypt and manipulate the traffic by presenting the app with a counterfeit key.

Read 9 remaining paragraphs | Comments


    






 
What will happen to your Facebook account when you die? Facebook has been giving it some thought, and it's come up with what it hopes is a better way to deal with a sensitive issue.
 
The top executives of Apple and Samsung have failed to reach an agreement that would end an ongoing fight over smartphone and tablet patents, lawyers for the two companies said late Friday.
 
Many companies are dangerously exposed to threats because they don't properly manage the Secure Shell cryptographic keys used to authenticate access to critical internal systems and services.
 
Google has unveiled what is almost certainly the most interesting phone of the year. It's part of Project Tango
 
Internet Storm Center Infocon Status