Earlier this evening, we brought you word that a Turkish security researcher claimed credit for hacking into Apple’s Developer portal, a story that we covered yesterday, where it proved to be a far more serious event compared to other hacking […]
Like It , +1 , Tweet It , Pin It Original content from Ubergizmo. 
     |
When Apple’s developer portal went down Thursday, there were a lot of questions left unanswered. One of the more notable was, just who was responsible for this attack on the premiere destinations for iOS and OS X developers? Turkish security researcher Ibrahim Balic is claiming he was behind the hack, but it wasn’t his intention to cause any harm. Balic says that he reported the vulnerability to the proper Cupertino authorities but, for whatever reason, his efforts didn’t end there. He actually exploited the security flaw he had discovered, which gave him access to the names, email and mailing addresses associated with developer accounts. In total he discovered 13 bugs, at least one of which he demonstrated in a YouTube video, that appeared to show him accessing a list of developer names and user IDs. That clip has since been pulled, as Balic was concerned about some of the information displayed on the screen. However, in a tweet he asserted that sharing the confidential data was essential to prove his point about the severity of the vulnerability.
The researcher does insist that his actions were legal and ethical. He told the Guardian that he only accessed developer account data in an effort to discover just how deep the rabbit hole went as part of a penetration test and will delete all of the data he collected. He claims that immediately after reporting his findings to Cupertino the dev center was shutdown, but that he never received a follow up from someone at the company. Instead there was simply an announcement of an attack, without any correspondance between Balic and Apple. So far Apple has not responded to our request for comment, and has neither confirmed nor denied Balic’s account of events.
Source: The Guardian, NTV/MSNBC, Ibrahim Balic (Twitter), Firstpost
Every GSM phone needs a SIM card, and you’d think such a ubiquitous standard would be immune to any hijack attempts. Evidently not, as Karsten Nohl of Security Research Labs — who found a hole in GSM call encryption several years ago — has uncovered a flaw that allows some SIM cards to be hacked with only a couple of text messages. By cloaking an SMS so it appears to have come from a carrier, Nohl said that in around a quarter of cases, he receives an error message back containing the necessary info to work out the SIM’s digital key. With that knowledge, another text can be sent that opens it up so one can listen in on calls, send messages, make mobile purchases and steal all manner of data.
Apparently, this can all be done “in about two minutes, using a simple personal computer,” but only affects SIMs running the older data encryption standard (DES). Cards with the newer Triple DES aren’t affected; also, the other three quarters of SIMs with DES Nohl probed recognized his initial message as a fraud. There’s no firm figure on how many SIMs are at risk, but Nohl estimates the number at up to 750 million. The GSM Association has been given some details of the exploit, which have been forwarded to carriers and SIM manufacturers that use DES. Nohl plans to spill the beans at the upcoming Black Hat meeting. If you’re listening, fine folks at the NSA, tickets are still available.
Filed under: Cellphones, Mobile
Source: New York Times
It seems that Apple’s developer website was hacked, resulting in some significant downtime along the way throughout the past week. I am quite sure that there was some suspicion of that among those who used the website, but nothing official […]
Like It , +1 , Tweet It , Pin It Original content from Ubergizmo. 
| |
Been paying attention to Twitter recently? You might have noticed Apple developers complaining about the company’s developer portal, which has been out of service for a number of days. Today, Apple acknowledged the outage, explaining that the site was taken down to combat a security breach. “Sensitive personal information was encrypted and cannot be accessed,” Cupertino told developers in an email. “However, we have not been able to rule out the possibility that some developers’ names, mailing address and/or email addresses may have been accessed.”
Naturally, the company is taking the breach very seriously, and has said that it’ll be rebuilding its entire developer system database and updating servers to prevent future incursions. Apple also assured developers whose developer accounts were up for renewal during the outage would not have their software pulled from the App Store. Furthermore, the company told MacWorld that customer information and app code was not compromised during the attack.
Via: MacWorld
Source: Apple
Nokia isn’t leaving adoption of the Lumia 1020‘s 41-megapixel PureView camera up to chance, pairing its new Imaging SDK with a hackathon to encourage innovative uses of the oversampling and lossless zoom system. The new Windows Phone, revealed yesterday after a cavalcade of leaks, will support more advanced photography than most any smartphone on the market today out of the box, but now Nokia is calling for suggestions as to how to make it even more flexible, as part of its Nokia Future Capture program.
“We want you to push the limits of imaging too, think outside the box, and create apps worthy of the phone’s unique capabilities” Nokia says of the scheme. Developers can submit up to three ideas each – either for hacks or imaging-based apps for the Lumia 1020 – and company will take the creators of the ten best ideas to Sweden in August, to work on actually producing their software.
The top two app developers will get a Lumia 1020 to keep, while the best app will get a “VIP treatment” trip to an upcoming event, and see their app promoted through Nokia’s store.
Nokia Lumia 1020 hands-on:
Ideas submitted can optionally make use of peripherals – such as Nokia’s own Camera Grip, though there doesn’t seem to be any restriction on developing your own accessory – and they’ll be judged by Nokia’s local and global developer teams, along with members of the company’s imaging division. Criteria for picking the best apps includes creativity, user experience, and quality, and Nokia says that “creations should be as polished and as close to final as possible at the end of the weekend.”
As that implies, you’ll need to be a developer with some actual skills in coding to take part. Nokia will be asking for “development credentials” such as existing apps in the Windows Phone Store – or in other app stores – along with files, designs, or other evidence that you know your way around an SDK.
Ideas need to be submitted before the end of July, and there’s more information on the SDK itself at Nokia’s Developer site. The toolkit includes access to the partial JPEG decoding, which Nokia uses to quickly apply effects and tweaks, over 50 filters and enhancements, the ability to perform basic edits, and more.
There’s more on the Nokia Lumia 1020 PureView in our full hands-on.
Nokia Imaging SDK overview:
Nokia Lumia 1020 “Future Capture” puts out call for PureView hacks is written by Chris Davies & originally posted on SlashGear.
© 2005 – 2013, SlashGear. All right reserved.
Organizers of DEF CON 2013, the annual hacking convention, have told the US federal government not to attend, after revelations about the NSA PRISM program and other surveillance activities have left the security community wary of the feds. In a post on the conference’s homepage, DEF CON founder Jeff Moss (aka “The Dark Tangent”) said that, while traditionally DEF CON has been open to a low-key federal presence, this year the various agencies should sit the show out.
“This will give everybody time to think about how we got here, and what comes next” Moss suggests.
The decision to uninvite – even if the invitation was only ever implied – the US government is a marked turnaround from previous years at DEF CON. In 2012, in fact, the keynote speech – which you can watch below – was given by NSA director Keith Alexander, on the topic of “Shared Values, Shared Responsibilities”.
Now, with details of the far-reaching grasp of PRISM and the extent of FISA requests to companies like Google, Microsoft, and others becoming public knowledge, the extent to which those values are actually shared is coming into question. “When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship” Moss writes.
“Therefore,” the organizer says, “I think it would be best for everyone involved if the feds call a “time-out” and not attend DEF CON this year.”
It’s entirely possible that representation from the federal government and its security services may still attend DEF CON, albeit in an even more clandestine way than usual. Attendees have traditionally played “Spot the Fed”, security specialist VIA Brian Krebs points out, and the stakes will be even higher this year.
Nonetheless, the fall-out from PRISM and other schemes continues, with greater international attention being paid to exactly what the US is monitoring, and how it treats whistleblowers like Edward Snowden. The former NSA contractor is expected to find asylum in Venezuela, though no official statement on the matter has been made.
IMAGE: Wired
DEF CON uninvites Feds after NSA PRISM backlash is written by Chris Davies & originally posted on SlashGear.
© 2005 – 2013, SlashGear. All right reserved.
This is site is run by Sascha Endlicher, M.A., during ungodly late night hours. Wanna know more about him? Connect via Social Media by jumping to about.me/sascha.endlicher.
