Microsoft and Google say they have found a fourth Meltdown-Spectre variant

Bad news, everyone. If you thought we were out of the woods when it comes to the Meltdown / Spectre CPU security flaws, then think again. Researchers from Microsoft and Google have identified a previously unknown fourth variant of the processor design issues that made front page news when they were discovered last year.

Like its predecessors, variant 4 (or CVE-2018-3639, to give its full name) describes a processor design issue that could allow malicious software to discover hidden information, such as a...

By William Judd, 22 May 2018, 0 comments. Categories: Hacking, Security.

'Efail' exploit circumvents PGP and S/MIME email encryption

If you rely on encrypted email via PGP or S/MIME, you may want to temporarily switch to a new form of communication, as serious issues have been found with how these standards are implemented in many popular email programs on Windows, Linux, macOS and Android.

Following an initial advisory on Monday, European researchers published an exploit called Efail in a paper called Breaking S/Mime and OpenPGP Email Encryption Using Exfiltration Channels.

The paper outlines...

By William Judd, 15 May 2018, 0 comments. Categories: Ethics, Hacking, Industry.

Apple removes location leaking apps ahead of GDPR deadline

This week Apple has started outright removing iOS apps that don't comply with their location privacy standards. After tacitly permitting these apps for months, Apple has begun delisting leaky iOS apps and sending emails to app developers who have fallen afoul of the rules.

The move comes just two weeks before the EU-wide General Data Protection Regulation (GDPR) comes into force, although it's not clear whether Apple is moving in response to the new rules or merely tackling a new category of...

By William Judd, 11 May 2018, 0 comments. Categories: Android, Apple, App Stores, Hacking, Mobile.

GitHub was hit with the world’s largest DDoS attack

It went down for five minutes.

Yes, unlike the last record-breaking DDoS attacks, which caused disruption to major services for days — GitHub was able to quickly mitigate the attack so that few users would have even been aware of the downtime.

The attack was launched on Wednesday last week and GitHub was unavailable from 17:21 to 17:26 UTC. In

By Ryan Daws, 02 March 2018, 0 comments. Categories: Development Tools, Git, Hacking, Industry, Platforms, Security.

Apple suffers unprecedented leak as crucial iOS source code hits GitHub

Apple’s tight grip on its code has suffered a devastating blow as confidential iOS source code gets posted on GitHub.

The leaked iOS code is that of ‘iBoot’ which ensures a secure boot and is one of the most sensitive parts of the system. Its purpose is to load the kernel and verify everything is signed by Apple before it’s executed.

In fact, bugs in the boot process are such a concern that Apple values them at ~$200,000 as part of

By Ryan Daws, 08 February 2018, 0 comments. Categories: Apple, Git, Hacking, iOS, Platforms.

Amazon launches Dash-based programmable IoT button – sells out within a day

(Image Credit: Amazon)

AWS (Amazon Web Services) is popular, the IoT is hot, and when you combine the two in a product for developers it sells out within a day. 

Based on the single button 'Dash' hardware by Amazon – which has been used in the past to order items with a button press – the AWS IoT version is a "Limited Release Programmable Dash Button" for developers to get started with AWS IoT, AWS Lambda, Amazon...

By Ryan Daws, 17 May 2016, 0 comments. Categories: Amazon, Cloud, Devices, Hacking, IoT.

Game Development: Managing the rules of the game

(Image Credit: iStockPhoto/Gladkikh)

The rules of the gaming industry are changing. In a highly-competitive market, game makers need to ensure they’re not only developing products which meets the needs of an increasingly demanding market, but that also stand up to the rigours of security. Be it online gaming or gambling, users are sharing sensitive data such as personal information or credit card details which means they...

By Gábor Marosvári, 21 April 2016, 0 comments. Categories: Gaming, Hacking, Security.

Software modification will soon be legalised

(Image Credit: Sam Howzit)

New rules have been issued by the Librarian of Congress to provide exemptions to the Digital Millennium Copyright Act (DMCA) which allows the use of modified software. This will legalise the popular act of "jailbreaking" on Apple devices, and the use of custom firmware on devices such as smartphones, tablets, and smart TVs. 

There...

By Ryan Daws, 28 October 2015, 0 comments. Categories: Hacking, Industry, Testing.

Risk-based security: Applying more sophisticated risk assessment and mitigation tools

(c)iStock.com/wolv

Not all data is created equal. Right there is why organisations are newly focused on risk based security where the crown jewels get more rigorous protection than, say, humdrum, ordinary files.

This is crucial because – as headlines about breaches of important data files at large insurers such as Anthem, large retailers such as Target, and even federal government agencies demonstrate – hackers have gotten very good at their jobs. Understand, for them this is a job. It’s no...

By Ciklum, 30 July 2015, 0 comments. Categories: Hacking, Security.

iOS 9 developers should "exclusively" use HTTPS

(Image Credit: iStockPhoto/Geebshot)

Apple has a lot of industry weight and can make or break technologies simply through putting their support behind them or ignoring altogether. As an example, their refusal to adopt Flash has quickened its inevitable demise, whilst their support of HTML5 has caused an uptick in usage across the web. 

During the Cupertino-based giant's developer conference last...

By Ryan Daws, 11 June 2015, 3 comments. Categories: Apple, Hacking, iOS.

Opinion: In the interest of public security…

(Image Credit: iStockPhoto/Bliznetsov)

It seems that in the aftermath of almost every major catastrophe comes a reaction from government to increase measures to enhance public security. The atrocities of 9/11 resulted in security measures ranging from increased airport checking procedures, to face recognition devices, from random searches of internet content by intelligence officers, to the use of wiretaps and the ability to intercept and read...

By Andrew Hull, 24 March 2015, 0 comments. Categories: Hacking, Industry, Security.

MoonPig's API breach could cost its business

(Image Credit: ©iStock.com/Tsekhmister)

Security breaches are frequent news, but fixes are often implemented with due haste to prevent data loss and protect customers. Paul Price, a security researcher, alerted MoonPig to a flaw in its API which allowed hackers to see payment information and view addresses. This fault was left unfixed for 17 months, and could be...

By Ryan Daws, 08 January 2015, 0 comments. Categories: API, Hacking, Security, Testing.

What issues does a Trusted Execution Environment address?

The richness of today’s connected devices such as smartphones, tablets, set-top boxes and televisions is bringing new challenges to service providers wanting to protect their offering against hackers and malware attacks. At the same time, an increasing number of applications are hosting sensitive, personal and confidential information that could have significant consequences if compromised. Such applications require more protection than can be offered by software solutions alone. This is where the...

By Global Platform, 10 December 2014, 0 comments. Categories: Hacking, Mobile, Monetisation, Security.

Bitcasa to be hacked at Apps World North America

Bitcasa is challenging developers to come up with new and innovative ways to leverage its cloud storage platform at the upcoming Apps Hackfest in San Francisco.

The cloud storage platform is inviting Hackfest participants to use the Bitcasa API to create a useful and easy way to drop and drag anything into a Bitcasa Drive. For example, a Go Pro plugin; an IFTTT-like automation; or a mobile app that collects and shares your favourite digital stuff.

The Bitcasa REST API provides a plug-and-play file system for...

By Jon Chang, 04 February 2014, 0 comments. Categories: Development Tools, Hacking.

How SASS can rescue front-end developers

In a nutshell: What is SASS? SASS is a CSS pre-processor which helps developers simplify complex stylesheet requirements. It's designed to cut out repetitive tasks, speed up your workflow and help organise your styles – read on for three quick tips explaining the do's and don'ts of using it in your projects... 1) Nest is best Problem You find yourself endlessly repeating parent selectors to target child elements. You're going against the DRY (do not repeat yourself) methodology. Solution Nesting is one of the most immediately obvious benefits of SASS. It enables you to organise your styles hierarchically and cut down on repetitive coding, using a familiar nesting pattern to group your selectors together. Beware It's easy to get carried away with nesting but as a general rule of thumb keep it within three levels. If...

By Kat Barstow, 19 December 2013, 0 comments. Categories: Development Tools, Hacking, Languages.

The world of Android fragmentation in pictures

Time for your regular reminder that the Android world is giant and extremely fragmented! Open Signal put out a great visual looking at Android fragmentation in July, and compared it to last year’s landscape. Here are a few stats to warm you up:

  • 11,868 distinct Android devices seen in 2013
  • 3,997 distinct Android devices seen in 2012
  • 8 Android OS versions currently in use
  • 47.5% of devices are Samsungs
  • 37.9% of users are running Jelly Bean

Now, here’s the actual visual Open Signal produced to represent the Android device...

By Mike Brown, 13 August 2013, 0 comments. Categories: Android, Devices, Hacking, Security.

Microsoft settles 3,265 piracy cases, yet allows 100 fake Windows 8 apps

In two ‘yin and yang’ stories breaking this week, Microsoft has settled 3,265 software piracy cases across 43 different countries, yet Redmond allows “over 100” fake apps into the Windows Store which shipped alongside the latest iteration of its OS.

Let’s start with the good news; a software company as big as Microsoft is bound to get tied up in all kinds of lawsuit battles, and the last fiscal year was a hefty one.

Although keeping busy settling the 3,265 cases, the most...

By Ryan Daws, 10 July 2013, 1 comment. Categories: Development Tools, Hacking, Industry, Platforms, Security, Windows.