Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×
Google

Meet YouTube Gaming, Twitch's Archenemy 94

An anonymous reader writes: As expected Google has launched its answer to Twitch, YouTube Gaming available on the web, Android and iOS. Techcrunch reports: "We played with the Android app before the launch, and here's how it works. When you open the app, you are presented with a search bar at the top, a few featured channels at the top and then a feed of the most popular channels. The current featured channels don't focus on esports like most Twitch channels. Right now, you can find a 12-hour stream of NBA 2K15, and official stream of Metal Gear Solid V, a speed run of Until Dawn and an Eve Online live show."
IOS

MDM Vulnerability In Apple iOS Sandbox Facilitates 'Rogue Apps' 13

An anonymous reader writes: A vulnerability in Apple's iOS sandbox, which could affect personal information as well as configuration settings, has been discovered by Appthority's Enterprise Mobility Threat Team. It affects all mobile device management (MDM) clients, and any mobile applications distributed by an MDM that use the "Managed App Configuration" setting for private data. An attacker could potentially create a rogue app, perhaps masquerading as a productivity tool to increase the chances of it getting installed, and then distribute the attack by means of the iTunes store or "spear fishing" email attacks.
Networking

Bruce Schneier On Cisco ROMMON Firmware Exploit: "This Is Serious" 57

When Bruce Schneier says of a security problem "This is serious," it makes sense to pay attention to it. And that's how he refers to a recently disclosed Cisco vulnerability alert about "an evolution in attacks against Cisco IOS Classic platforms. Cisco has observed a limited number of cases where attackers, after gaining administrative or physical access to a Cisco IOS device, replaced the Cisco IOS ROMMON (IOS bootstrap) with a malicious ROMMON image." Schneier links to Ars Technica's short description of the attack, which notes The significance of the advisory isn't that the initial firmware can be replaced. As indicated, that's a standard feature not only with Cisco gear but just about any computing device. What's important is that attackers are somehow managing to obtain the administrative credentials required to make unauthorized changes that take control of the networking gear.
Encryption

Prosecutors Op-Ed: Phone Encryption Blocks Justice 392

New submitter DaDaDaaaaa writes: The New York Times features a joint op-ed piece by prosecutors from Manhattan, Paris, London and Spain, in which they decry the default use by Apple and Google of full disk encryption in their latest smartphone OSes (iOS 8 and Android Lollipop, respectively). They talk about the murder scene of a father of six, where an iPhone 6 and a Samsung Galaxy S6 Edge were found.

"An Illinois state judge issued a warrant ordering Apple and Google to unlock the phones and share with authorities any data therein that could potentially solve the murder. Apple and Google replied, in essence, that they could not — because they did not know the user's passcode. The homicide remains unsolved. The killer remains at large."

They make a case for lawmakers to force Apple and Google to include backdoors into their smartphone operating systems. One has to wonder about the legitimate uses of full disk encryption, which can protect good people from harm, and them from having their privacy needlessly intruded upon.
IOS

Microsoft Open-Sources Windows Bridge For iOS 48

An anonymous reader writes: Previously known as Project Islandwood, Microsoft today released an early version of Windows Bridge for iOS, a set of tools that will allow developers to port iOS apps to Windows. The announcement reads in part: "We're releasing the iOS bridge as an open-source project under the MIT license. Given the ambition of the project, making it easy for iOS developers to build and run apps on Windows, it is important to note that today's release is clearly a work-in-progress — some of the features demonstrated at Build are not yet ready or still in an early state. Regardless, we'd love for the interested and curious to look at the bridge, and compare what we're building with your app's requirements. And, for the really ambitious, we invite you to help us by contributing to the project, as community contributors — with source code, tests, bug reports, or comments. We welcome any and all participation in building this bridge." The source code is available now on Github.
Android

GasBuddy Has a New Privacy Policy (Spoiler: Not As Customer Friendly) 113

An anonymous reader writes: GasBuddy has been a popular iOS and Android app for the last 5 years used to find the cheapest place to get gas. According to the Google Play store, there are over 10 million installs (in additions to the installs from Apple and Amazon's appstores). Now that they have a large enough number of users, GasBuddy has updated their privacy policy to allow them to collect more information. Some highlights of the privacy policy changes include: only 10 days for new terms to take effect (previously users were given 30 days to review the changes); collection of "signal strength related to Wifi or Bluetooth functionality, temperature, battery level, and similar technical data"; and [a warning that the company] will not honor a web browser's "do not track" setting.
Youtube

YouTube Is Adding VR Video Support To Streaming Videos 23

An anonymous reader writes: While YouTube's streaming platform currently supports 3D videos OR 360 degree videos, the combination of the two is essential for properly immersive virtual reality video. Fortunately, the company has announced that they'll soon enable support for 3D + 360 degree videos, bringing more immersive VR video capability to the platform. Currently, 360 degree YouTube videos can be viewed through desktop web browsers and on the YouTube Android and iOS apps, with the Android app being the only one of the bunch currently providing a side-by-side view for VR viewers like Google's Cardboard.
OS X

A Tweet-Sized Exploit Can Get Root On OS X 10.10 130

vivaoporto writes: The Register reports a root-level privilege-escalation exploit that allows one to gain administrator-level privileges on an OS X Yosemite Mac using code so small that fits in a tweet. The security bug, documented by iOS and OS X guru Stefan Esserwhich, can be exploited by malware and attackers to gain total control of the computer. This flaw is present in the latest version of Yosemite, OS X 10.10.4, and the beta, version 10.10.5 but is already fixed in the preview beta of El Capitan (OS X 10.11) Speaking of exploits: Reader trailrunner 7 notes that "HP’s Zero Day Initiative has released four new zero days in Internet Explorer that can lead to remote code execution."
Cellphones

A Month With a Ubuntu Phone 118

When the first Ubuntu phone came out, reviews were quick to criticize it for its lackluster hardware and unusual take on common mobile software interactions. It's been out for a while, now, and Alastair Stevenson has written about his experiences using it for an entire month. While he doesn't recommend it for phone users who aren't tech savvy, he does say that he began to like it better than Android after adjusting to how Ubuntu does things. From the article: [T]he Ubuntu OS has a completely reworked user interface that replaces the traditional home screen with a new system of "scopes." The scope system does away with the traditional mobile interface where applications are stored and accessed from a central series of homescreens. ... Adding to Ubuntu’s otherworldly, unique feel, the OS is also significantly more touch- and gesture-focused than iOS and Android. We found nearly all the key features and menus on the Meizu MX4 are accessed using gesture controls, not with screen shortcuts. ... Finally, there's my biggest criticism – Ubuntu phone is not smart enough yet. While the app selection is impressive for a prototype, in its infancy Ubuntu phone doesn't have enough data feeding into it, as key services are missing."
Google

Google+ Photos To Shut Down August 1 153

An anonymous reader writes: Now that Google Photos exists separately from Google+, the company is shutting down the Google+ version of Photos starting on August 1. The Android version will be the first to go, followed shortly thereafter by the iOS and web versions. Fortune calls the old Photos app "a relic of the times when the search giant thought its social network Google Plus could become a huge hit."
Twitter

Hacker Group That Hit Twitter, Facebook, Apple and Microsoft Intensifies Attacks 40

itwbennett writes: The hacker group, which security researchers from Kaspersky Lab and Symantec call Wild Neutron or Morpho, has broken into the networks of over 45 large companies since 2012. After the 2013 attacks against Twitter, Facebook, Apple and Microsoft were highly publicized, the group went underground and temporarily halted its activity. However, its attacks resumed in 2014 and have since intensified, according to separate reports released Wednesday by Kaspersky Lab and Symantec.
IOS

Apple Drops Recovery Key From Two-Factor Authentication In New OS Versions 64

eggboard writes: If you've ever turned on what's now called "two-step verification" for an Apple ID, you had to create a Recovery Key. Lose this 14-digit code and have your password reset (because of hacking attempts against you), and you might lose access forever to purchases and data, as Owen Williams almost did. Apple confirmed today that starting with its public betas of OS X 10.11 and iOS 9, two-factor authentication won't have a Recovery Key. Instead, if you have to reset a password or lose access to devices, you'll have to go through an account verification process with human beings.
Security

UK Researchers Find IPv6-Related Data Leaks In 11 of 14 VPN Providers 65

jan_jes writes: According to researchers at Queen Mary University of London, services used by hundreds of thousands of people in the UK to protect their identity on the web are vulnerable to leaks. The study of 14 popular VPN providers found that 11 of them leaked information about the user because of a vulnerability known as 'IPv6 leakage'. The leakage occurs because network operators are increasingly deploying a new version of the protocol used to run the Internet called IPv6. The study also examined the security of various mobile platforms when using VPNs and found that they were much more secure when using Apple's iOS, but were still vulnerable to leakage when using Google's Android. Similarly Russian researchers have exposed the breakthrough U.S. spying program few months back. The VPNs they tested certainly aren't confined to the UK; thanks to an anonymous submitter, here's the list of services tested: Hide My Ass, IPVanish, Astrill, ExpressVPN, StrongVPN, PureVPN, TorGuard, AirVPN, PrivateInternetAccess, VyprVPN, Tunnelbear, proXPN, Mullvad, and Hotspot Shield Elite.
Open Source

Ask Slashdot: Choosing the Right Open Source License 171

NicknamesAreStupid writes: I need to choose an open source license. I am developing an open source iOS application that use a significant number of other open source projects which, in turn, use a number of different open source licenses such as MPL/GPL, MIT, and BSD. I am also using sample code from Apple's developer site, which has their own terms of use. The code dependencies are such that my code would not be of much use without theirs. If this project is used, then it would be nice to pick a license that best fits in with this mashup. I am interested in maintaining the freedom of my code but do not want to create a catch-22 or make life hard for people who need to use this project for personal use or profit. My inclination is to use MIT's, as I have done so before. I asked an IP lawyer about this matter, and she replied (pro bono), "it probably doesn't matter." Of course, that advice was worth every penny. Moving away from legal issues and looking at this from a social perspective, which license would appeal most and offend least? I thought about no license but was warned (pro bono), "If you do not, then someone else may." Any suggestions?
Microsoft

Is Microsoft's .NET Ecosystem On the Decline? 250

Nerval's Lobster writes: In a posting that recently attracted some buzz online, .NET developer Justin Angel (a former program manager for Silverlight) argued that the .NET ecosystem is headed for collapse—and that could take interest in C# along with it. "Sure, you'll always be able to find a job working in C# (like you would with COBOL), but you'll miss out on customer reach and risk falling behind the technology curve," he wrote. But is C# really on the decline? According to Dice's data, the popularity of C# has risen over the past several years; it ranks No. 26 on Dice's ranking of most-searched terms. But Angel claims he pulled data from Indeed.com that shows job trends for C# on the decline. Data from the TIOBE developer interest index mirrors that trend, he said, with "C# developer interest down approximately 60% down back to 2006-2008 levels." Is the .NET ecosystem really headed for long-term implosion, thanks in large part to developers devoting their energies to other platforms such as iOS and Android?
Open Source

Reasons To Use Mono For Linux Development 355

Nerval's Lobster writes: In the eleven years since Mono first appeared, the Linux community has regarded it with suspicion. Because Mono is basically a free, open-source implementation of Microsoft's .NET framework, some developers feared that Microsoft would eventually launch a patent war that could harm many in the open-source community. But there are some good reasons for using Mono, developer David Bolton argues in a new blog posting. Chief among them is MonoDevelop, which he claims is an excellent IDE; it's cross-platform abilities; and its utility as a game-development platform. That might not ease everybody's concerns (and some people really don't like how Xamarin has basically commercialized Mono as an iOS/Android development platform), but it's maybe enough for some people to take another look at the platform.
United States

Is Surespot the Latest Crypto War Victim? 26

George Maschke writes: Patrick G. Eddington writes in a Christian Science Monitor op-ed about indications that the government may be snooping on users of Surespot, a free and open source encrypted messaging app for Android and iOS. Such users include, but are hardly limited to, Islamic State militants. He writes in the piece: "Has encrypted chat service Surespot been compromised by the US government? Surespot user and former Army intelligence officer George Maschke recently published a provocative theory suggesting the answer is yes. Mr. Maschke’s key pieces of evidence are intriguing. In May 2014, he e-mailed 2Fours LLC, which is Surespot’s parent company, asking whether the company had ever received a National Security Letter (NSL), a court order to provide information, or other government request to cooperate in an investigation. He was assured in writing that 2Fours had received no such requests. That changed in November 2014, when Surespot’s founder, Adam Patacchiola, told Maschke via e-mail that 'we have received an e-mail asking us how to submit a subpoena to us which we haven’t received yet.'"
Security

Researchers Find Major Keychain Vulnerability in iOS and OS X 78

An anonymous reader notes a report from El Reg on a major cross-app resource vulnerability in iOS and Mac OS X. Researchers say it's possible to break app sandboxes, bypass App Store security checks, and crack the Apple keychain. The researchers wrote, "specifically, we found that the inter-app interaction services, including the keychain and WebSocket on OS X and URL Scheme on OS X and iOS, can all be exploited by [malware] to steal such confidential information as the passwords for iCloud, email and bank, and the secret token of Evernote. Further, the design of the App sandbox on OS X was found to be vulnerable, exposing an app’s private directory to the sandboxed malware that hijacks its Apple Bundle ID. As a result, sensitive user data, like the notes and user contacts under Evernote and photos under WeChat, have all been disclosed. Fundamentally, these problems are caused by the lack of app-to-app and app-to-OS authentications." Their full academic paper (PDF) is available online, as are a series of video demos. They withheld publication for six months at Apple's request, but haven't heard anything further about a fix.