Hasta La Gadget!

Apple took its developer portal down over a week ago after a security expert discovered vulnerabilities in the system that allowed it to be breached in various ways. Despite Apple stating that personal information was encrypted, preventing it from being stolen, the system was still taken down and given a complete overhaul, which is nearing completion.

A couple days ago, Apple issued a status update in the form of a lengthy statement, detailing its plan of action and what members could expect. Along with the statement was the addition of a status page, which shows the current state of its system overhaul. At the time, only three of the 3 of the 15 tasks were complete, a number that is now resting at 7.

Apple’s plans included first getting Certificates, Identifiers & Profiles, Apple Developer Forums, Bug Reporter, pre-release develop libraries, and videos up. According to the status update pages, the developer forums, pre-release documentation, and videos are still pending, but the dev centers are back up with a green light.

The remaining services still awaiting the green light include the Xcode Automatic Configuration, Member Center, App Store Resource Center, Program Enrollment and Renewals, and Technical Support, in addition to the videos, documentation, and forums mentioned above. Visually, nothing much looks different, but the behinds-the-scenes elements are promised to have been given an overhaul.

Said Apple in a new statement: “We appreciate your patience as we work to bring our developer services back online. Certificates, Identifiers & Profiles, software downloads, and other developer services are now available. If you would like to know the availability of a particular system, visit our status page … Thank you for bearing with us while we bring these important systems back online. We will continue to update you on our progress.”

SOURCE: 9to5Mac

Apple Developer Center back up as system overhaul nears completion is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2013, SlashGear. All right reserved.

The Syrian Electronic Army has claimed ownership of a hack against Tango, saying they swiped 1.5 terabytes worth of user data. Tango has since confirmed that a breach of its system did take place, saying that the hackers accessed “some data.” They did not, however, confirm whether it was the SEA, nor did they provide details on the extent of the security breach.

TangoMe Inc., the company behind Tango, confirmed the breach on its Twitter account, saying that it “experienced a cyber intrusion that resulted in unauthorized access to some data.” The company went on to state that it is in the process of improving its security system. This came after the Syrian Electronic Army posted screenshots as proof of their hacking endeavors.

According to the hacker collective, the information they stole amounted to 1.5 terabytes, and included things like the phone numbers of users, contact information, and emails. It then went on to say that the information it gathered will be given to the Syrian government – “much of ” it, anyway. According to the BBC, some experts have stated that outdated software on Tango’s part may have been the reason it was targeted.

Following the Tango breach, the Syrian Electronic Army then turned its attention to The Daily Dot, which hosted a story on the hack alongside a cartoon of the Syrian president. The hacking group fired off a tweet, demanding the image be removed. When The Daily Dot failed to do this, the SEA then breached its admin panel and deleted the article from its system.

The is the latest of a long list of breaches the SEA has pulled off, many of which involves low-level hacking to gain access to Twitter accounts, where mostly nonsense tweets are posted. The Guardian, The Onion, Financial Times, E! Online, CBS, and more have all been targeted by the group, which you can find out more about in our timeline below.

SOURCE: BBC News

Syrian Electronic Army hacked Tango, swiped user data is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2013, SlashGear. All right reserved.

Late last year, allegations had surfaced regarding Chinese handset makers ZTE and Huawei, with claims being tossed around that they were spying on behalf of the Chinese government. Both makers rejected the claims, and Huawei went on to offer unrestricted access to its software code in an effort to prove its innocence. Nearly a year later, and now former CIA boss Michael Hayden has spoken out, stating that Huawei did provide information to the Chinese government.

On October 17, a source had cropped up over at Reuters claiming that a White House review in the matter found no evidence indicating that Huawei was spying for China. The probe, according to the sources, had found risky vulnerabilities with the maker’s products, but no evidence that espionage was taking place. It was never specified whether those vulnerabilities were believed to be intentional.

All was quiet on the matter for awhile, but now former CIA boss Michael Hayden has spoken up about the issue in a lengthy interview with the Australian Financial Review. When asked specifically about whether he’d ever had any “direct exposure” with Huawei, Hayden responded:

Two or three years ago Huawei was trying to establish a pretty significant footprint here in the United States. And they were trying to get people like me – as the former head of NSA and the CIA – to endorse their presence in the US. To serve on their local board, or to have some other kind of commercial relationship with them.

I reviewed Huawei’s briefing paper, which said all the right things. One could almost honestly judge that were actually trying to genuinely put my mind at ease.

But God did not make enough briefing slides on Huawei to convince me that having them involved in our critical communications infrastructure was going to be okay. This is not blind prejudice on my part. This was my considered view based on a four-decade career as an intelligence officer.

My conclusion was that, “No, it is simply not acceptable for Huawei to be creating the backbone of the domestic telecommunications network in the United States, period.” And frankly this is where I think the state has a role to play – to ensure we don’t make decisions that compromise the foundations of our national security.

Following a brief discussion about the telecommunications industry, Hayden was asked outright whether he felt Huawei was a threat to the security of the United States and Australia, he said that he does. He also states that he believes there is “hard evidence” showing that the maker has engaged in espionage for China. He says it is his belief that, at a minimum, Huawei provided China with “intimate and extensive knowledge” on the telecommunications systems it works with.

When asked if he knew of any instances of backdoors and other specific things, he repeatedly claimed being unable to provide answers and direct knowledge. What he does reveal, however, is very interesting, not only the topic of Huawei, but also of other recent happenings, including the PRISM leak and how it is viewed from someone who was so deeply entrenched within the system. You can read the entire interview yourself, which is fairly long, over at the AFR.

VIA: Financial Times

SOURCE: Australian Financial Review

Huawei accused of spying for China by former CIA boss is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2013, SlashGear. All right reserved.

The recent fiasco with the NSA and the US government over their involvement with tech companies has got many people up in arms. It was revealed several weeks ago that the US government has been secretly asking companies for customer information in an effort to cut down on terrorist activities, but many tech companies have been speaking out since the whistleblow occurred, including Microsoft.

In a blog post, Executive Vice President of Legal & Corporate Affairs at Microsoft Brad Smith spoke rather candidly about how the company is dealing with the US government on customer information requests and whether or not Microsoft can get permission to post numbers and figures about government requests in the company’s transparency report. Turns out that Microsoft is getting their requests denied.

However, they’ve taken things to the next level and have contacted the Attorney General of the United States in order to get permission to publicly post government request information. In the past, Microsoft has contacted “government lawyers” about permission to post request information online, and have either been ignored or denied so far.

“The world needs a more open and public discussion of these practices. While the debate should focus on the practices of all governments, it should start with practices in the United States. In part, this is an obvious reflection of the most recent stories in the news. It’s also a reflection of something more timeless. The United States has been a role model by guaranteeing a Constitutional right to free speech. We want to exercise that right. With U.S. Government lawyers stopping us from sharing more information with the public, we need the Attorney General to uphold the Constitution.”

In any case, though, Microsoft is at least moving forward and posting the information they do have permission for on how the government is involved in the company’s various services. Microsoft says that the government does not have “direct access” to Outlook mail, and they only provide officials with information from specific accounts for specific purposes.

Microsoft also confirms that despite allegations that the company was freely providing direct access to the government, Microsoft denies this by saying that they never “provide or agree to provide any government with direct access to user content or the ability to break our encryption.” Microsoft also mentions Skype and SkyDrive as services that also don’t allow direct access to government officials.

Indeed, the recent whistleblowing has us worried about what information that companies are simply just handing over to the government, but it’s also providing companies the opportunity to step up and be transparent about their privacy practices and dealings with the government. Many big companies have already stepped up to request permission to disclose information to the public, including Google.

Microsoft requesting permission to post NSA involvement: Request denied is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2013, SlashGear. All right reserved.

A doozy of an Android bug has been discovered by Bluebox Security’s Bluebox Labs, one that affects all Android releases since 1.6 Donut. With the vulnerability, malicious coders can create a trojan application to serve whatever purpose they’d like, whether to steal a user’s information or take over control of the device. More information will be given at Black Hat USA 2013 in a keynote speech.

According to Bluebox Labs, because of how many versions of Android are affected, a potential 900 million devices could suffer from the vulnerability, which involves a means for modifying APK code without harm to the app’s cryptographic signature. As such, a perfectly legit app can be converted into a trojan that slips under the radar.

The company goes on to specify that apps developed by the handset’s makers pose a greater risk due to their elevated privileges. Because of this, one of these apps that are exploited and turned into a trojan can give the hacker complete access to the mobile OS’s apps and system, as well as all their related data. The ramifications of this are two-fold:

Depending on the intent of the hacker, personal data like text messages, emails, any documents on the device, account passwords that are saved, pictures, and other related items can be swiped, potentially giving access to things like bank accounts and revealing contacts’ information. In addition, this can be taken a step further so that the hacker has the ability to use the device to send text messages, snap pictures, record videos, make phone calls, etc.

In an extreme case, the vulnerability could be used to create a botnet.

According to Bluebox, it informed Google of this Android vulnerability in February of this year. To take care of the issue, every device manufacturer will need to create a patch and roll it out to its users, who will then need to install it. The security firm says it will release “tools/material” and more info about this vulnerability during Blackhat USA 2013, which takes place later this month.

SOURCE: BlueBox

Android vulnerability discovered affecting devices running version 1.6 and later is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2013, SlashGear. All right reserved.