Fortnite developer and Google have an Epic spat over vulnerability​​​​​​​

Fortnite developer Epic is not too pleased with the way in which Google publicly disclosed a security vulnerability with the game’s Android installer.

Rather than pay the 30 percent cut which Google takes from distributing games through its Play Store, Epic decided to bypass the official app store in favour of its own installer.

Sideloading games poses an increased risk to consumers as it bypasses many of...

By Ryan Daws, 28 August 2018, 0 comments. Categories: Android, Gaming, Hacking, Industry, Platforms, Security.

Google's new API improves biometric authentication in Android P

Google has announced a biometric authentication API which enables developers to improve the security of their apps.

Biometrics has become a favoured and quick security method for users. While there are certainly more secure methods of authentication, few are so fast and unintrusive.

Vishwath Mohan, Security Engineer at Google, wrote in a blog post:

“Biometric authentication mechanisms are becoming increasingly popular, and it's...

By Ryan Daws, 22 June 2018, 0 comments. Categories: Android, API, Hacking, Platforms, Security.

Microsoft and Google say they have found a fourth Meltdown-Spectre variant

Bad news, everyone. If you thought we were out of the woods when it comes to the Meltdown / Spectre CPU security flaws, then think again. Researchers from Microsoft and Google have identified a previously unknown fourth variant of the processor design issues that made front page news when they were discovered last year.

Like its predecessors, variant 4 (or CVE-2018-3639, to give its full name) describes a processor design issue that could allow malicious software to discover hidden information, such as a...

By William Judd, 22 May 2018, 0 comments. Categories: Hacking, Security.

'Efail' exploit circumvents PGP and S/MIME email encryption

If you rely on encrypted email via PGP or S/MIME, you may want to temporarily switch to a new form of communication, as serious issues have been found with how these standards are implemented in many popular email programs on Windows, Linux, macOS and Android.

Following an initial advisory on Monday, European researchers published an exploit called Efail in a paper called Breaking S/Mime and OpenPGP Email Encryption Using Exfiltration Channels.

The paper outlines...

By William Judd, 15 May 2018, 0 comments. Categories: Ethics, Hacking, Industry.

Apple removes location leaking apps ahead of GDPR deadline

This week Apple has started outright removing iOS apps that don't comply with their location privacy standards. After tacitly permitting these apps for months, Apple has begun delisting leaky iOS apps and sending emails to app developers who have fallen afoul of the rules.

The move comes just two weeks before the EU-wide General Data Protection Regulation (GDPR) comes into force, although it's not clear whether Apple is moving in response to the new rules or merely tackling a new category of...

By William Judd, 11 May 2018, 0 comments. Categories: Android, Apple, App Stores, Hacking, Mobile.

GitHub was hit with the world’s largest DDoS attack

It went down for five minutes.

Yes, unlike the last record-breaking DDoS attacks, which caused disruption to major services for days — GitHub was able to quickly mitigate the attack so that few users would have even been aware of the downtime.

The attack was launched on Wednesday last week and GitHub was unavailable from 17:21 to 17:26 UTC. In

By Ryan Daws, 02 March 2018, 0 comments. Categories: Development Tools, Git, Hacking, Industry, Platforms, Security.

Apple suffers unprecedented leak as crucial iOS source code hits GitHub

Apple’s tight grip on its code has suffered a devastating blow as confidential iOS source code gets posted on GitHub.

The leaked iOS code is that of ‘iBoot’ which ensures a secure boot and is one of the most sensitive parts of the system. Its purpose is to load the kernel and verify everything is signed by Apple before it’s executed.

In fact, bugs in the boot process are such a concern that Apple values them at ~$200,000 as part of

By Ryan Daws, 08 February 2018, 0 comments. Categories: Apple, Git, Hacking, iOS, Platforms.

Amazon launches Dash-based programmable IoT button – sells out within a day

(Image Credit: Amazon)

AWS (Amazon Web Services) is popular, the IoT is hot, and when you combine the two in a product for developers it sells out within a day. 

Based on the single button 'Dash' hardware by Amazon – which has been used in the past to order items with a button press – the AWS IoT version is a "Limited Release Programmable Dash Button" for developers to get started with AWS IoT, AWS Lambda, Amazon...

By Ryan Daws, 17 May 2016, 0 comments. Categories: Amazon, Cloud, Devices, Hacking, IoT.