Trailrunner7 writes in with a story about a iOS security guide released by Apple. "Apple has released a detailed security guide for its iOS operating system, an unprecedented move for a company known for not discussing the technical details of its products, let alone the security architecture. The document lays out the system architecture, data protection capabilities and network security features in iOS, most of which had been known before but hadn't been publicly discussed by Apple. The iOS Security guide (PDF), released within the last week, represents Apple's first real public documentation of the security architecture and feature set in iOS, the operating system that runs on iPhones, iPads and iPod Touch devices. Security researchers have been doing their best to reverse engineer the operating system for several years and much of what's in the new Apple guide has been discussed in presentations and talks by researchers. 'Apple doesn't really talk about their security mechanisms in detail. When they introduced ASLR, they didn't tell anybody. They didn't ever explain how codesigning worked,' security researcher Charlie Miller said."
Slashdot is powered by your submissions, so send in your scoop
An anonymous reader writes "With IT and Data Center consolidation seemingly happening everywhere our small shop is about to receive a corporate mandate to follow suit and preferably accomplish this via virtualization. I've had success with virtualizing low load web servers and other assets but the larger project does intimidate me a little. So I'm wondering: Are there server types, applications and/or assets that I should be hesitant virtualizing today? Are there drawbacks that get glossed over in the rush to consolidate all assets?"
Asmodae writes "Judge Alsup in the Oracle vs Google case has finally issued his ruling on the issue of whether or not APIs can be copyrighted. That ruling is resounding no. In some fairly clear language the judge says: 'So long as the specific code used to implement a method is different, anyone is free under the Copyright Act to write his or her own code to carry out exactly the same function or specification of any methods used in the Java API.'"
itwbennett writes "In a blog post, Steve Hanov explains how 20 lines of code can outperform A/B testing. Using an example from one of his own sites, Hanov reports a green button outperformed orange and white buttons. Why don't people use this method? Because most don't understand or trust machine learning algorithms, mainstream tools don't support it, and maybe because bad design will sometimes win."
An anonymous reader writes with this story at Ars Technica: "Three self-taught hackers from the DC949 hacker collective managed to use a combination of techniques to beat ReCaptcha with 99.1% accuracy (better than most humans!)" In short, the hackers skipped the visual part of the Recaptcha system entirely, focusing on the audio alternative, which gave them a few convenient angles of attack. Google responded with changes to the system, but that doesn't minimize their accomplishment.
MrSeb writes "Microsoft has announced the immediate availability of Windows 8 Release Preview. Unfortunately there isn't a Consumer Preview > Release Preview upgrade path — you'll have to format and perform a clean installation. After downloading the ISO, simply burn Windows 8 RP onto a USB stick or DVD, reboot, and follow the (exceedingly quick and easy) installer. Alternatively, if you don't want to format a partition, ExtremeTech has a guide on virtualizing Windows 8 with VirtualBox. After a lot of fluster on the Building Windows 8 blog, the Release Preview is actually surprisingly similar to the Consumer Preview. Despite being promised a new, flat, Desktop/Explorer UI, Aero is still the default theme in Windows 8 RP. The tutorial that will introduce new users to the brave new Start buttonless Windows 8 world is also missing. Major features that did make the cut are improved multi-monitor support — it's now easier to hit the hot corners on a multi-monitor setup, and Metro apps can be moved between displays — and the Metro version of IE10 now has a built-in Flash plug-in. There will be no further pre-releases of Windows 8: the next build will be the RTM."
MojoKid writes "Renowned Overclocker HiCookie used a Gigabyte Z77X-UD3H motherboard to achieve a fully validated 7.03GHz clock speed on an Intel Core i7 3770K Ivy Bridge processor. As it stands, that's the highest clockspeed for an Ivy Bridge CPU, and it required a steady dose of liquid nitrogen to get there. HiCookie also broke a record for the highest memory speed on an Ivy Bridge platform, pushing his G.Skill Trident X DDR3-2800 memory kit populated in four DIMM slots to 3,280MHz. Not for the faint of heart, the record breaking CPU overclock required that HiCookie pump 1.956V to the processor, according to his CPU-Z screenshot. The CPU multiplier was set at x63."
benfrog writes "New York City comptroller John Liu has accused HP of overcharging New York City $163 million on upgrades to its 911 system. According to a statement put out by Liu, an audit of the project revealed that HP did not perform up to spec on the contract between April 2005 and April 2008 and did not bill the city correctly for time and materials on its portion of the contract to upgrade the 911 system. According to Liu's reading, the contract was supposed to cost no more than $378 million over five years, but in January the city projected it would have already spent $307m by mid-April and had to award Northrop-Grumman an additional $286m to do a second part of the original contract, ballooning the cost to $632m, and Liu's office is now estimating that cost overruns beyond this could be as high as an additional $362m. NYC's deputy mayor for operations was quoted defending the contract."
VVrath writes "Following Tuesday's story about MuseScore releasing its open source recording of the Goldberg Variations, the Musopen project has released ProTools files from its open source recording project. The final edited recordings are still being worked on but it seems we're living in very interesting times regarding open source classical music."
ToriaUru writes "Fedora is going to pay Microsoft to let them distribute a PC operating system. Microsoft is about to move from effectively owning the PC hardware platform to literally owning it. Once Windows 8 is released, hardware manufacturers will be forced to ship machines that refuse to run any software that is not explicitly approved by Microsoft — and that includes competing operating systems like Linux. Technically Fedora didn't have to go down this path. But, as this article explains, they are between a rock and a hard place: if they didn't pay Microsoft to let them onto the PC platform, they would have to explain to their potential users how to mess with firmware settings just to install the OS. How long before circumventing the secure boot mechanism is considered a DMCA violation and a felony?" Note that the author says this is likely, but that the entire plan is not yet "set in stone."
An anonymous reader writes "I'm in charge of getting some phones for my company to give to our mobile reps. Security is a major consideration for us, so I'm looking for the most secure off-the-shelf solution for this. I'd like to encrypt all data on the phone and use encryption for texting and phone calls. There are a number of apps in the android market that claim to do this, but how can I trust them? For example, I tested one, but it requires a lot of permissions such as internet access; how do I know it is not actually some kind of backdoor? I know that Boeing is producing a secure phone, which is no doubt good — but probably too expensive for us. I was thinking of maybe installing Cyanogenmod onto something, using a permissions management app to try and lock down some backdoors and searching out a trustworthy text and phone encryption app. Any good ideas out there?"
ideonexus writes "Republicans in North Carolina are floating a bill that would force planners to only consider historical data in predicting the sea-level rise (SLR) for the state as opposed to considering projections that take Global Warming into account. NC-20, the pro-development lobbying group representing twenty counties along the NC coast, is behind the effort and asserts that the one-meter prediction would prohibit development on too much land as opposed to SLR predictions of 3.9 to 15.6 inches." Scientific American has an acerbic take on the bill.
First time accepted submitter dintech writes "The Wall Street Journal reports that while Sony considered online-only content distribution for its next-generation Playstation, the manufacturer has decided that the new console will include an optical drive after all. Microsoft is also planning to include an optical disk drive in the successor to its Xbox 360 console as the software company had concerns about access to Internet bandwidth."
Gunkerty Jeb writes "Two financial industry groups, the American Bankers Association (ABA) and the Financial Services Roundtable, announced on Thursday that they have applied to the Internet Corporation for Assigned Names and Numbers (ICANN) to operate two top level Internet domains, .bank and .insurance, on behalf of the financial services industry. In a published statement, the groups said that they had applied for .bank and .insurance to 'provide the highest security for the millions of customers conducting banking and insurance activities online.' The move comes as the U.S. Congress is set to begin hearings on e-banking fraud on Friday."
wiredmikey writes "Simurgh, a privacy tool used in Iran and Syria to bypass Internet censorship and governmental monitoring, is being circulated with a backdoor. The compromised version has been offered on P2P networks and via web searches. Research conducted by CitizenLab.org has shown that the malicious version isn't available from the original software source, only through third-party access, so it appears that Simurgh has been repackaged. The troubling aspect of the malicious version is that while it does install the proxy as expected, it then adds a keylogging component, and ships the recorded information off to a server hosted in the U.S. and registered to a person in Saudi Arabia. In response to this attack, the team that develops Simurgh has instituted a check that will warn the user if they are running a compromised version of the software. At present, it is unknown who developed the hijacked version of Simurgh, or why they did so."