Forgot your password?
typodupeerror

Slashdot is powered by your submissions, so send in your scoop

Bug

Apple Fixes Shellshock In OS X 154

Posted by timothy
from the that's-mac-os-x-to-you-buddy dept.
jones_supa (887896) writes Apple has released the OS X Bash Update 1.0 for OS X Mavericks, Mountain Lion, and Lion, a patch that fixes the "Shellshock" bug in the Bash shell. Bash, which is the default shell for many Linux-based operating systems, has been updated two times to fix the bug, and many Linux distributions have already issued updates to their users. When installed on an OS X Mavericks system, the patch upgrades the Bash shell from version 3.2.51 to version 3.2.53. The update requires the OS X 10.9.5, 10.8.5, or 10.7.5 updates to be installed on the system first. An Apple representative told Ars Technica that OS X Yosemite, the upcoming version of OS X, will receive the patch later.
Programming

Building Apps In Swift With Storyboards 69

Posted by samzenpus
from the build-it-better dept.
Nerval's Lobster writes Apple touts the Swift programming language as easy to use, thanks in large part to features such as Interface Builder, a visual designer provided in Xcode that allows a developer to visually design storyboards. In theory, this simplifies the process of designing both screens and the connections between screens, as it needs no code and offers an easy-to-read visual map of an app's navigation. But is Swift really so easy (or at least as easy as anything else in a developer's workflow)? This new walkthrough of Interface Builder (via Dice) shows that it's indeed simple to build an app with these custom tools... so long as the app itself is simple. Development novices who were hoping that Apple had created a way to build complex apps with a limited amount of actual coding might have to spend a bit more time learning the basics before embarking on the big project of their dreams.
Businesses

Apple Faces Large Penalties In EU Tax Probe 120

Posted by samzenpus
from the was-that-wrong? dept.
First time accepted submitter chasm22 writes EU Regulators are apparently set to accuse Apple and the Irish government of entering into several sweetheart deals that left Apple with lower taxes than what it legally owed. If the ruling is upheld, Apple could owe billions in back taxes. Interestingly, it seems that the Irish government would actually get the extra money and suffer little for its part in the scheme.
Iphone

Consumer Reports: New iPhones Not As Bendy As Believed 301

Posted by Soulskill
from the but-mah-hashtags dept.
An anonymous reader writes: Over the past several days, we've been hearing reports about some amount of users noticing that their brand new iPhone 6 Plus is bending in their pockets. The pictures and videos shown so far have kicked off an investigation, and Consumer Reports has done one of the more scientific tests so far. They found that the iPhone 6 Plus takes 90 pounds of pressure before it permanently deforms. The normal iPhone 6 took even less: 70 lbs. They tested other phones as well: HTC One (M8): 70 lbs, LG G3: 130 lbs, iPhone 5: 130 lbs, Samsung Galaxy Note 3: 150 lbs. The Verge also did a report on how Apple torture-tests its devices before shipping them. Apple's standard is about 55 lbs of pressure, though it does so thousands of times before looking for bends. One analysis suggests that Apple's testing procedure only puts pressure on the middle of the phone, which doesn't sufficiently evaluate the weakened area where holes have been created for volume buttons. Consumer Reports' test presses on the middle of the device as well.
Bug

Apple Yet To Push Patch For "Shellshock" Bug 208

Posted by timothy
from the everyone-has-their-reasons dept.
An anonymous reader writes "Open source operating systems vulnerable to the Shellshock bug have already pushed two patches to fix the vulnerability, but Apple has yet to issue one for Mac OS X. Ars Technica speculates that licensing issues may be giving Apple pause: "[T]he current [bash] version is released under the GNU Public License version 3 (GPLv3). Apple has avoided bundling GPLv3-licensed software because of its stricter license terms....Apple executives may feel they have to have their own developers make modifications to the bash code."" It's also worth noting that there are still flaws with the patches issued so far. Meanwhile, Fedora Magazine has published an easy-to-follow description of how Shellshock actually works. The Free Software Foundation has also issued a statement about Shellshock.
Security

Security Collapse In the HTTPS Market 185

Posted by Soulskill
from the many-points-of-failure dept.
CowboyRobot writes: HTTPS has evolved into the de facto standard for secure Web browsing. Through the certificate-based authentication protocol, Web services and Internet users first authenticate one another ("shake hands") using a TLS/SSL certificate, encrypt Web communications end-to-end, and show a padlock in the browser to signal that a communication is secure. In recent years, HTTPS has become an essential technology to protect social, political, and economic activities online. At the same time, widely reported security incidents (such as DigiNotar's breach, Apple's #gotofail, and OpenSSL's Heartbleed) have exposed systemic security vulnerabilities of HTTPS to a global audience. The Edward Snowden revelations (notably around operation BULLRUN, MUSCULAR, and the lesser-known FLYING PIG program to query certificate metadata on a dragnet scale) have driven the point home that HTTPS is both a major target of government hacking and eavesdropping, as well as an effective measure against dragnet content surveillance when Internet traffic traverses global networks. HTTPS, in short, is an absolutely critical but fundamentally flawed cybersecurity technology.
Encryption

FBI Chief: Apple, Google Phone Encryption Perilous 353

Posted by samzenpus
from the lock-it-down dept.
An anonymous reader writes The FBI is concerned about moves by Apple and Google to include encryption on smartphones. "I like and believe very much that we should have to obtain a warrant from an independent judge to be able to take the contents," FBI Director James Comey told reporters. "What concerns me about this is companies marketing something expressly to allow people to place themselves beyond the law." From the article: "Comey cited child-kidnapping and terrorism cases as two examples of situations where quick access by authorities to information on cellphones can save lives. Comey did not cite specific past cases that would have been more difficult for the FBI to investigate under the new policies, which only involve physical access to a suspect's or victim's phone when the owner is unable or unwilling to unlock it for authorities."
OS X

Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild 316

Posted by timothy
from the oy-oy-oy dept.
The recently disclosed bug in bash was bad enough as a theoretical exploit; now, reports Ars Technica, it could already be being used to launch real attacks. In a blog post yesterday, Robert Graham of Errata Security noted that someone is already using a massive Internet scan to locate vulnerable servers for attack. In a brief scan, he found over 3,000 servers that were vulnerable "just on port 80"—the Internet Protocol port used for normal Web Hypertext Transfer Protocol (HTTP) requests. And his scan broke after a short period, meaning that there could be vast numbers of other servers vulnerable. A Google search by Ars using advanced search parameters yielded over two billion web pages that at least partially fit the profile for the Shellshock exploit. More bad news: "[T]he initial fix for the issue still left Bash vulnerable to attack, according to a new US CERT National Vulnerability Database entry." And CNET is not the only one to say that Shellshock, which can affect Macs running OS X as well as Linux and Unix systems, could be worse than Heartbleed.
Cloud

Apple Allegedly Knew of iCloud Brute-Force Vulnerability Since March 93

Posted by samzenpus
from the heads-up dept.
blottsie writes Apple knew as early as March 2014 of a security hole that left the personal data of iCloud users vulnerable, according to leaked emails between the company and a noted security researcher. In a March 26 email, security researcher Ibrahim Balic tells an Apple official that he's successfully bypassed a security feature designed to prevent "brute-force" attacks. Balic goes on to explain to Apple that he was able to try over 20,000 passwords combinations on any account.
Bug

Apple Yanks iOS 8 Update 203

Posted by samzenpus
from the our-bad dept.
alphadogg writes Within hours of releasing an iOS 8 update to address assorted bugs in the new iPhone and iPad operating system Apple has been forced to pull the patch, which itself was causing iPhone 6 and 6 Plus users grief. Reports filled Apple support forums that the iOS 8 update was cutting off users' cell service and making Touch ID inoperable. The Wall Street Journal received this statement from Apple: "We have received reports of an issue with the iOS 8.0.1 update. We are actively investigating these reports and will provide information as quickly as we can. In the meantime we have pulled back the iOS 8.0.1 update."
Iphone

Users Report Warping of Apple's iPhone 6 Plus 421

Posted by Soulskill
from the apple-releases-first-warp-capable-phones dept.
MojoKid writes: Apple's iPhone 6 Plus weighs six ounces, and it's a scant 7.1mm thick. As an added bonus, according to a number of users, it has a hidden feature — it bends! And no, we don't mean it bends in a "Hey, what an awesome feature!" sort of way. More like a "Hey, the entire phone is near to snapping" kind of way. What's even more troubling is that many of the users who are reporting bent devices also claim that they were carrying it in front pockets or in a normal fashion as opposed to sitting on it directly. Either some of the iPhone 6 Plus hardware is defective (the vastly preferable option) or it's because the tests run by other venues are putting different kinds of stress on the chassis. It's not clear what the story is. Hopefully Apple will clarify it soon.
Iphone

Apple's TouchID Fingerprint Scanner: Still Hackable 70

Posted by Soulskill
from the upgrade-your-thumb dept.
electronic convict writes: A year ago, security researcher Marc Rogers demonstrated how to spoof the TouchID sensor in the iPhone 5S using some Elmer's glue and glycerol — oh, and a high resolution camera and a laser printer. Has TouchID security improved at all on the iPhone 6? Not really, Rogers reports in his latest post, in which he again hacks the iPhone 6's TouchID sensors using the same method as before. "Fake fingerprints created using my previous technique were able to readily fool both devices [the 6 and the 5S]," he reports. Rogers, however, says there's no reason to panic, as the attack requires substantial skill, patience and a good clear fingerprint. As he writes: "We use locks on our doors to keep criminals out not because they are perfect, but because they are both convenient and effective enough to meet most traditional threats."
Cellphones

Do Specs Matter Anymore For the Average Smartphone User? 252

Posted by Soulskill
from the battery-is-next dept.
ourlovecanlastforeve writes: While reviewing a recent comparison of the Nexus 5 and the iPhone 6, OSNews staffer Thom Holwerda raises some relevant points regarding the importance of specs on newer smartphones. He observes that the iPhone 6, which is brand new, and the Nexus 5 launch apps at about the same speed. Yes, they're completely different platforms and yes, it's true it's probably not even a legitimate comparison, but it does raise a point: Most people who use smartphones on a daily basis use them for pretty basic things such as checking email, casual web browsing, navigation and reminders. Those who use their phones to their maximum capacity for things like gaming are a staunch minority. Do smartphone specs even matter for the average smartphone user anymore? After everyone releases the biggest phone people can reasonably hold in their hand with a processor and GPU that can move images on the display as optimally as possible, how many other moons are there to shoot for?
Iphone

Apple Sells More Than 10 Million New iPhones In First 3 Days 206

Posted by samzenpus
from the get-it-now dept.
An anonymous reader writes Apple has announced that it sold over 10 million new iPhone 6 and iPhone 6 Plus models, just three days after the launch on September 19. From the article: "Chief Executive Tim Cook said the company could have sold even more iPhone 6 and iPhone 6 Plus models if supplies had been available. Analysts had estimated first-weekend sales of up to 10 million iPhones, after Apple booked record pre-orders of 4 million on Sept. 12, the day pre-orders opened."
Iphone

Friendly Reminder: Do Not Place Your iPhone In a Microwave 240

Posted by samzenpus
from the bad-ideas dept.
Nerval's Lobster writes Placing your iPhone in the microwave will destroy the phone, and possibly the microwave. While that might seem obvious to some people, others have fallen for the "Wave" hoax making its way around online. The fake advertisement insists that the new iOS 8 allows users to charge their iPhones by placing them in a "household microwave for a minute and a half." Microwave energy will not charge your smartphone. To the contrary, it will scorch the device and render it inoperable. If you nuke your smartphone and subsequently complain about it online, people will probably make fun of you. (If you want a full list of things not to place in a microwave, no matter how pretty the flames, check this out.)

The clearest way into the Universe is through a forest wilderness. -- John Muir

Working...