Deekin_Scalesinger writes "More than eighteen months after being first brought to Cupertino's attention, Apple gets around to addressing insecure logins to the App Store. In theory, this could be used to view lists of installed apps and make unauthorized purchases." Yep, they were sending login information over plain http.
Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!
theodp writes "When it comes to tales of fake girlfriends, Manti Te'o can't hold a candle to theoretical particle physicist Paul Frampton. In November 2011, writes the NY Times' Maxine Swann in 'The Professor, the Bikini Model and the Suitcase Full of Trouble,' Frampton met who he says he thought was Czech bikini model Denise Milani on Mate1.com. A Yahoo Messenger romance bloomed, at least in the 68-year-old Frampton's mind (Frampton's ex-wife was a self-described 'physics groupie'). But before starting their perfect life together, fake Denise asked Frampton for one little favor — would he be so kind as to bring her a bag that she had left in La Paz, Bolivia? Yep, bad idea. The UNC Louis D. Rubin, Jr. Distinguished Professor of Physics and Astronomy soon found himself in a Buenos Aries prison, charged with transporting two kilos of cocaine into Argentina. Currently serving a four years and eight months sentence under house arrest, Frampton reportedly continues to supervise his two current PhD students by phone, and still finds time to post to the Physics archive."
An anonymous reader points out a story at The Register about a Microsoft-backed bill proposed by Massachusetts state representative Carlo Basil which seems aimed directly at Google's cloud apps. The bill, if it should be enacted, would require that "[a]ny person who provides a cloud computing service to an educational institution operating within the State shall process data of a student enrolled in kindergarten through twelfth grade for the sole purpose of providing the cloud computing service to the educational institution and shall not process such data for any commercial purpose, including but not limited to advertising purposes that benefit the cloud computing service provider."
First time accepted submitter FearTheFez writes "Social Engineering and poor DNS Security lead to a Bitcoin heist worth about $12000. Bitcoin broker Bitinstant was robbed after thieves managed to take over ownership of their domains. While Bitinstant claims that no customers lost any money, without 2 factor authentication all it took was a place of birth and a mothers maiden name to gain access. This looks like poor security from everyone involved."