posted about 3 hours ago on ars technica
Tim Cook unveils iOS 8 at WWDC 2014. Megan Geuss Apple has updated its privacy policy as part of the rollout of iOS 8, announcing that devices with the latest version of the operating system installed can no longer be accessed by the company itself. Previously, as we reported in May 2014, if law enforcement came to Apple with a seized device and a valid warrant, it was able to access a substantial portion of the data already on an iPad or iPhone. But under the latest version of iOS, even that will be impossible. "On devices running iOS 8, your personal data such as photos, messages (including attachments), email, contacts, call history, iTunes content, notes, and reminders is placed under the protection of your passcode," the company wrote on its website Wednesday evening. "Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data. So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8." Read 20 remaining paragraphs | Comments

Read More...
posted about 5 hours ago on ars technica
Andrew Cunningham The old Apple TV setup screen. Note the glassy button and its blue glow. 27 more images in gallery .related-stories { display: none !important; } CN.dart.call("xrailTop", {sz:"300x250", kws:["top"], collapse: true});The Apple TV's interface is only vaguely similar to the one on your iPhone or iPad, but inside the set-top box is the same hardware and software that runs the rest of the iDevices. Alongside iOS 8, Apple today introduced "Apple TV Software version 7.0," a fancy name for "the Apple TV's version of iOS 8." The Apple TV's software was never as skeuomorphic and texture-soaked as iOS 6 was on the iPhone and iPad, but the old interface still used thicker fonts and glassy buttons. The new update tweaks the design to bring it in line with iOS 7, iOS 8, and the upcoming OS X Yosemite. Helvetica Neue Light is everywhere, and glassy buttons and faint blue glows are replaced by flat black-and-white buttons. The new design is what you'll notice first, but the Apple TV picks up a few other iOS 8-related features too. The box supports Family Sharing, the feature that lets family members with different Apple IDs share purchases with one another. There's a new Beats Music channel, which ties into the streaming service Apple picked up when it bought Beats earlier this year. And AirPlay now works with other iDevices even if they're not on the same Wi-Fi network—now, devices can form an ad-hoc wireless network and stream that way. We recommend using the Apple TV's built-in security features to keep strange iPhones from finding and streaming to your Apple TV without your consent. Read 1 remaining paragraphs | Comments

Read More...
posted about 6 hours ago on ars technica
Microsoft has unveiled a revamp of its developer program today, ending the annual fees to have apps published in the Windows and Windows Phone stores, in favor of a single up-front payment. Individuals can pay about $19 and companies about $99 to gain perpetual access to both storefronts. The company is also promoting a new reward scheme for developers. Registered devs are divided into three categories, Explorer, Export, and Master. The Explorer category, open to all, offers design and architecture guidance for developers. Developers can upgrade to the other categories by having successful apps; the more downloads and revenue apps receive, the better the status that's earned. Expert level gives improved ad terms, and Master level adds marketing support and early access to future SDKs. The new scheme is clearly a nice gesture towards one developer demographic: the hobbyist. While $19 a year was never going to break the bank, scrapping the annual fee partially addresses one of the more paradoxical aspects of the platform: if Microsoft is so desperate for apps, why does it charge people to publish them? From a pure cost of entry perspective, this change clearly makes Windows and Windows Phone somewhat more attractive than they were before, and substantially more attractive than iOS. Read 11 remaining paragraphs | Comments

Read More...
posted about 7 hours ago on ars technica
A Fire Keyboard + Fire HDX 8.9 + origami case. Casey Johnston Amazon announced a slate of new Kindle products late Wednesday, including two new e-readers, a handful of a new tablets, and a new version of its Android-based Fire operating system. Among the products are the new, ultra-thin Kindle Voyage e-reader and a new version of the 8.9-inch Fire HDX tablet, which now has an optional keyboard reminiscent of the Microsoft Surface. A couple of new e-readers... The Kindle Voyage is designed to be Amazon's new high-end Kindle model at 7.6 millimeters thick with a magnesium metal back. The Voyage has a 300ppi Paperwhite display that is 39 percent brighter than the previous model. The screen is front-lit and adaptive, so not only can it adjust to the ambient light in the room, Amazon says it will also perform a gradual adjustment over the course of 30 minutes to compensate for the adjustment of readers' eyes to the display in that environment. The Voyage also slightly revamps the controls: instead of the page-turning buttons used in older Kindles, the Voyage has pressure-sensitive pads with haptic feedback on either side of the screen that are meant to be quieter. The screen in the Voyage is a single piece of glass flush with the bezel that is micro-etched to minimize reflections and mimic the feeling of paper, according to Amazon. Read 9 remaining paragraphs | Comments

Read More...
posted about 8 hours ago on ars technica
Goodwill Industries was one of three companies affected by an attack on a retail managed service provider that went undetected for over 18 months. Dwight Burdette In July, it was revealed that Goodwill Industries had suffered from a credit card data breach that affected the charitable retailer’s stores in at least 21 states. The Goodwill breach seemed by many to be just the latest case of criminals taking advantage of the weak underbelly of retailers—their point-of-sale systems. But now, as it turns out, the Goodwill breach was just part of a much larger attack on an outside managed service provider that affected at least two other companies. And many more may have been affected without their knowledge. Security reporter Brian Krebs first broke the news on the Goodwill breach in July, and traced the breach back to C&K Systems, a reseller of retail software systems from NCR, Retail Pro, and other retail software and systems providers. Goodwill had outsourced much of the operation of its retail systems, including its point-of-sale (POS) systems, to C&K through a managed service contract. In a statement published on Monday, C&K Systems admitted that they had suffered a breach of point-of-sale systems tied to their “Hosted Managed Services Environment.” The company determined with the assistance of outside forensic investigators that the breach began sometime in early 2013. “The unauthorized access affected our Hosted Management Services Platform intermittently between February 10, 2013 and August 14, 2014.” Read 11 remaining paragraphs | Comments

Read More...
posted about 9 hours ago on ars technica
Suspects in the brutal beating of two gay men were caught on CCTV, and social media stepped in to connect the dots. Last Thursday night, a gay couple was brutally beaten by a group of two men and six women who were “visibly intoxicated.” NBC Philadelphia reports, “Witnesses say someone in the group asked, 'Is this your f****** boyfriend?' When one of the victims told them yes, the group allegedly attacked them, punching and kicking them in the face, head and chest.” One of the attackers grabbed a victim's bag and fled. At least one of the victims was taken to the hospital for fractures to his face and had to have his jaw wired shut. Generally after an attack of this kind, the investigation can draw out indefinitely. The Philadelphia Police Department said it was looking for as many as 12 people in relation to the attack. But today Philadelphia's ABC News syndicate reported that some of the suspects are expected to surrender to police in the near future. Read 8 remaining paragraphs | Comments

Read More...
posted about 10 hours ago on ars technica
Free Press Contrary to what AT&T and Verizon would have you believe, FCC Chairman Tom Wheeler today said 4Mbps is too slow to be considered broadband and that Internet service providers who accept government subsidies should offer at least 10Mbps. Last week, we reported on AT&T and Verizon urging the FCC to abandon a proposal that would redefine broadband download speeds from 4Mbps to 10Mbps. If the standard is raised, ISPs that accept government subsidies to build networks in hard-to-reach rural areas would have to provide the higher speed. AT&T and Verizon argued that 4Mbps is good enough, but Wheeler said otherwise today at a hearing in front of the US House Committee on Small Business. US Rep. Blaine Luetkemeyer (R-MO) pointed to communities with little or no access to high-speed broadband, saying if the minimum speed isn’t high enough, “rural constituents in my district will be left on the wrong side of the digital divide.” Read 11 remaining paragraphs | Comments

Read More...
posted about 11 hours ago on ars technica
HealthKit may record a lot of data, but until third party apps can access it, it will sit lazily on a figurative couch. Andrew Cunningham On Wednesday morning, apps designed to connect to the new iOS HealthKit framework were set to launch alongside the brand new iOS 8, but those apps, hungry for your data about calories and fitness progress, apparently hadn't laced their jogging shoes. Shortly after the new version of iOS launched, developers learned that their HealthKit-ready apps and updates had been pulled from the App Store. A few developers, including the creator of Carrot Fit, soon reported receiving calls and e-mails from Apple confirming that "HealthKit... isn't ready to launch," and later in the day, Apple publicly confirmed that HealthKit support would have to wait until a bug was fixed. "We discovered a bug that prevents us from making HealthKit apps available on iOS 8 today," an Apple spokesperson told Ars in a statement. "We're working quickly to have the bug fixed in a software update and have HealthKit apps available by the end of the month." Read 1 remaining paragraphs | Comments

Read More...
posted about 12 hours ago on ars technica
While opinions have been mixed on Destiny, Bungie's first post-Halo video game, most impressions and reviews of the game thus far—including our own—have at least praised its online stability. That's no small feat for an always-online game, especially in its first week, but error reports are beginning to accumulate from Destiny players across all four of the game's consoles. There's a reason for that: Bungie launched its "shared world shooter" without much of a customer support structure in place. Eight days after launch, users who haven't been able to connect—including one of Ars Technica's own contributors, who still can't get online with an Xbox 360 copy of the game—have exhausted all of the suggestions listed at help.bungie.net. At that point, those users are directed to visit Bungie's forums, "staffed by community mentors who are here to help you." The end result is a funneling of complaints to a forum whose topics are broken down not by official categories but by hashtags. With nothing in the way of a trackable "ticket" system or a customer service hotline, users are stuck with a "#help" page that is currently dominated by topic titles like "I've Given Up on Destiny and Got My Refund; Here's Why Maybe You Should Too" and "Bungie Please Give Us Info." Read 6 remaining paragraphs | Comments

Read More...
posted about 13 hours ago on ars technica
Flickr user Bukowsky18 People who are watching their weight will often opt for a diet soda, reasoning that the fewer calories, the better. But the availability of drinks and foods made with artificial sweeteners like saccharin, sucralose, and aspartame hasn't seemed to help much with our booming obesity levels. Now, some researchers might have identified a reason for this: the sweeteners leave their users with elevated blood glucose levels. But they don't seem to act directly on human metabolism. Instead, the effects come through alterations in the bacterial populations that live inside us. The paper that describes this work, which was performed by a large collaboration of researchers from Israel, is being released by Nature today. The researchers note that epidemiological studies about the effects of artificial sweeteners have produced mixed results; some show a benefit, while others indicate that they're associated with weight gain and diabetes risk. Given that human populations haven't given us a clear answer, the researchers turned to mice, where they could do a carefully controlled study. They started taking a group of genetically matched mice and spiking their drinking water with either sucrose or a commercial prep of an artificial sweetener (either saccharin, sucralose, or aspartame). After five weeks, they checked the blood glucose levels of these animals. Eleven weeks later, the groups that were given the artificial sweeteners all had elevated blood glucose levels compared to those that received sucrose. This is typically a sign of metabolic problems, most often caused by insulin losing its effectiveness. It can be a precursor to type 2 diabetes. Read 10 remaining paragraphs | Comments

Read More...
posted about 13 hours ago on ars technica
A senior IT employee with the law firm Wilson Sonsini Goodrich & Rosati has been arrested for grabbing the firm's confidential client information and using it to trade stocks. FBI agents arrested 41-year-old Dimitry Braverman at his San Mateo, California home on Tuesday morning, according to a report in the New York Law Journal. He was released on a $500,000 bond secured by $100,000 cash. That same day, the SEC filed a civil suit against Braverman. He's accused of loading up on stock and stock options over a three-year period for companies involved in eight pending transactions. After the transactions, he sold the stock or used his options, reaping about $297,000 in profits. Read 7 remaining paragraphs | Comments

Read More...
posted about 13 hours ago on ars technica
The Tower Records store in Shibuya, Japan. Wikipedia After the United States, Japan is the second largest music market in the world. And while the country is usually seen as an early adopter of new technology, digital music sales haven't taken off. In total, 85 percent of music in Japan is purchased on a flat, plastic circle called a "compact disk" or "CD." The New York Times takes a look at Japan's music situation, which surprisingly trails the rest of the world in the move to online distribution. Japan's online music sales are actually going down—online sales have gone from almost $1 billion in 2009 to just $400 million last year. Japan has proven a tough nut to crack for the music industry's move to online, with the chairman of the Universal Music Group saying “Japan is utterly totally unique." Part of the reason CD sales are still going strong is Japanese culture's love of collecting things. There's also a general "protectionist business climate" within the Japanese music industry, which is suspicious of digital sales. (Where have we heard that before?) Read 3 remaining paragraphs | Comments

Read More...
posted about 14 hours ago on ars technica
Sony's Xperia Z. Andrew Cunningham This fiscal year, Sony announced that it lost over $1.2 billion. According to revised forecasting, the company is on pace to lose nearly double that figure by the end of the following fiscal year, largely due to lackluster sales of its mobile phones. According to a new document released by the Japanese corporate giant on Wednesday, the company will lose $2.1 billion during the fiscal year ending March 31, 2015. During the 2013 fiscal year, Sony managed to profit $435 million, its first profit in years. Overall, the company has missed profits in six of the last seven years. If the upcoming $2.1 billion in net losses prediction proves to be correct, Sony will have sustained over $12 billion in losses in eight years. Read 3 remaining paragraphs | Comments

Read More...
posted about 14 hours ago on ars technica
iOS 8 has been released to the public. Andrew Cunningham As promised at the iPhone 6 unveiling last week, Apple has just released iOS 8 to current iDevice users with compatible hardware. The software arrives two days ahead of the new iPhone 6 and 6 Plus, and it's available either as an over-the-air update or through iTunes. The update should be available for the iPhone 4S, 5, 5C, and 5S; all iPads except the first-generation model; the fifth-generation iPod Touch; and both revisions of the third-generation Apple TV. You can read pretty much everything there is to know about iOS 8 in our main review, but suffice it to say this is a big update. The headlining features include the new extensions, Continuity features that make your iDevices work more seamlessly with one another, improvements to many core applications, Family Sharing accounts that allow you to share purchases between different Apple IDs at no extra cost, and more. Our tests indicate that the update didn't have adverse effects on battery life, and, for almost all current iOS users, it's a no-brainer. However, if you're using older devices with an Apple A5 chip—the iPhone 4S, iPad 2, non-Retina iPad Mini, and the iPod Touch—you may want to read our posts about those specific devices to decide whether the added features outweigh performance problems we ran into. You'll still probably want to update, but we wouldn't blame you if you wanted to wait for some performance-enhancing updates from Apple. Read on Ars Technica | Comments

Read More...
posted about 14 hours ago on ars technica
Graphene, a sheet of carbon one atom thick, has properties that are distinct from other forms of carbon—even graphite, which is just a bulk collection of graphene sheets. That's prompted researchers to look into other forms of what are called two-dimensional materials (at an atom thick, the third dimension isn't counted). And now, they've started experimenting with one-dimensional materials, which are essentially a line of single atoms. Unfortunately, single atoms aren't especially cooperative about getting in line. Even stable crystals, like those formed by a salt, stay together in part because there are multiple interaction partners for each atom that stabilize the structure. Putting atoms in a line gets rid of most of these interactions, leaving the remaining ones unstable. But researchers have figured out a way around this problem: they've managed to pack a line of atoms inside a carbon nanotube. Having chosen cesium iodide for their work, they simply had to pick a diameter that was larger than the atoms (over 3.4 Angstroms) but smaller than you'd need to put two atoms side-by-side (less than 8 Angstroms). They chose double-walled carbon nanotubes and loaded them with CsI simply by vaporizing the chemical under pressure. Read 3 remaining paragraphs | Comments

Read More...
posted about 14 hours ago on ars technica
FamZoo Staff Senators who have vocalized their opposition to net neutrality are taking in, on average, 40 percent more campaign cash from the broadband-delivery industry than those who support it, according to an analysis of campaign data. The data (XLSX)—a Maplight analysis of campaign contributions prepared for Ars Technica—highlights the disparity between what the monied Washington interests want compared to the public's desires. Most of the 800,000 initial public comments to the Federal Communications Commission backed the FCC adopting net neutrality rules. The commission is weighing whether to enact regulations that, among other things, could prevent broadband providers from charging for Internet fast lanes. The public commenting period ended Monday. What the commission will do is anybody's guess, but the political money so far is lining up against net neutrality. No vote date has been set. Read 13 remaining paragraphs | Comments

Read More...
posted about 15 hours ago on ars technica
Google's reportedly real Android Silver program is now reportedly dead. According to The Information, Google is shelving the project. Android Silver was supposed to get high-end stock Android phones into the hands of users, sort of like the Nexus program, but in a way that was more mainstream and inclusive of the rest of the industry. Silver would have given big ad dollars to OEMs and carriers in exchange for sticking to Google's guidelines. Just like Nexus phones, Google would handle the software and updates, and it would be up to OEMs to create "premium" hardware. The program was expected to launch in the US, Germany, and Japan as early as next year, but now it seems like that isn't happening. The Information pegs the July departure of Google Chief Business Officer Nikesh Arora as the reason for the program's cancellation. Arora was the program's primary champion inside of Google, and with the 10 year Google veteran leaving for Softbank, the program's momentum fizzled. Read 2 remaining paragraphs | Comments

Read More...
posted about 15 hours ago on ars technica
The 15 states in which the ACLU knows that police use cell phone tracking devices. ACLU A newly published e-mail from 2010 shows that Harris Corporation, one of the best-known makers of cellular surveillance systems, told the Federal Communications Commission (FCC) that its purpose "is only to provide state/local law enforcement officials with authority to utilize this equipment in emergency situations." That e-mail was among 27 pages of e-mails that were part of the company’s application to get FCC authorization to sell the device in the United States. Neither the FCC nor Harris Corporation immediately responded to Ars’ request for comment, and Harris traditionally stays mum on its operations. "We do not comment on solutions we may or may not provide to classified Department of Defense or law enforcement agencies," Jim Burke, a spokesman for Harris, told Ars last month. Read 6 remaining paragraphs | Comments

Read More...
posted about 15 hours ago on ars technica
Technology from the Extreme Access System for Entry, a tethered drone developed by CyPhy Works and tested by the Army, is being applied to an even smaller drone for the Air Force. CyPhy Works The US Air Force has awarded a contract to CyPhy Works, a Danvers, Massachusetts-based startup led by CEO (and iRobot co-founder) Helen Greiner. CyPhy will design and deliver a pocket-sized drone for use in search and rescue operations in collapsed buildings, tunnels, and other confined spaces and steep grades that may be difficult for crawling robots to negotiate. The drone, called the Extreme Access Pocket Flyer, will also provide a way to search for improvised explosive devices and conduct surveillance of tunnels and other spaces without the use of radio frequency controls. An illustration of the Extreme Access Pocket Flyer released by CyPhy Works. CyPhy Works The Pocket Flyer will carry a panoramic camera that provides both a 360-degree view from the drone. The tiny hexacopter, which measures about seven inches across when fully configured, is based on technology already demonstrated in CyPhy Works' Extreme Access System for Entry (EASE) and Persistent Aerial Reconnaissance and Communications (PARC) flying robot (a tethered, self-flying quadrocopter that provides both remote-controlled high-resolution video and a wireless communications relay capability). The EASE drone in action at Ft. Benning, Georgia. Like CyPhy's other flyers, the Pocket Flyer is connected to a microfilament tether that provides power and Ethernet networking to the aircraft. This lets the drone control high-resolution video feeds from its onboard camera. In the case of the Pocket Flyer, the tether limits its range to 400 feet from the operator. But the tether also gives the aircraft virtually unlimited flight time—the portable base station for the Pocket Flyer has hot-swappable batteries that last for two hours each, or it can be plugged into another power source and flown indefinitely. Read 1 remaining paragraphs | Comments

Read More...
posted about 15 hours ago on ars technica
Courtesy of IBM Trusteer The Citadel trojan, a popular program used by cybercriminals to gather banking credentials and steal money from accounts, has become the latest financial malware to be repurposed as a tool to steal industrial secrets—this time from petrochemical companies in the Middle East. During mid-summer, unknown attackers used the program to gather data, including e-mail messages and credentials, from the firms, IBM Trusteer stated in an analysis published on Monday. The company's researchers identified Citadel as the malware used to infect and steal data from the companies, which included "one of the largest sellers of petrochemical products in the Middle East and a regional supplier of raw petrochemical materials," the analysis stated. The attack shows that either cybercriminals are branching out into stealing valuable industrial secrets or that industrial and nation-state spies are using off-the-shelf malware and opportunistic infections to gather sensitive information, says Dana Tamir, director of enterprise security for IBM Trusteer. Read 7 remaining paragraphs | Comments

Read More...
posted about 16 hours ago on ars technica
The Senate Commerce Committee is scheduled to vote today on a satellite bill without a controversial provision that would have let cable and satellite customers choose which broadcast TV channels they pay for instead of having to buy them all in a bundle. The “Local Choice” proposal by US Sen. Jay Rockefeller (D-WV) and Sen. John Thune (R-SD) had been attached to the Satellite Television Access and Viewer Rights Act (STAVRA), a reauthorization of the Satellite Television Extension and Localism Act which lets satellite companies retransmit out-of-market broadcast TV channels to rural customers. Rockefeller and Thune argued that the proposal would prevent blackouts caused by failed negotiations between TV broadcasters and pay-TV companies, such as one that led Time Warner Cable to temporarily black out CBS last year in protest of CBS price hikes. Pay-TV companies would have to offer broadcast channels to subscribers at prices set by the broadcasters and pass the fees they collect back to the TV stations. Read 4 remaining paragraphs | Comments

Read More...
posted about 18 hours ago on ars technica
iOS 8 doesn't make a huge difference, visually, save a few small points. CN.dart.call("xrailTop", {sz:"300x250", kws:["top"], collapse: true});In case you've been so content with your iPad 2 over the last few years that you've drifted away from paying attention to the Apple product cycle, here is some six-month-old news: Apple finally stopped selling the iPad 2 model back in March. After it hung on at the bottom of the tablet product line for a couple of years to be a rock for the education and corporate markets, Apple kicked the iPad 2 out and resurrected the iPad 4 as the new full-size budget model. But for now, Apple is continuing to update the iPad 2, in part because it has so much in common with the non-retina iPad mini, including the Apple A5 processor and 1024x768 display. But the iPad 2 hung around so long because it's also a legacy device. There are students depending on updates, as well as companies who used the iPad as a default device, like Square. iOS 7 didn't do a whole lot of damage to the iPad 2, and even improved it in some aspects, like how fast the browser could load webpages. But this time around, the new version of iOS 8 appears to make the start of a much bigger decline, not only in performance, but in appearance. Read 13 remaining paragraphs | Comments

Read More...
posted about 18 hours ago on ars technica
The iPhone 4S. I remember when this was the one that made my old phone feel slow. Andrew Cunningham CN.dart.call("xrailTop", {sz:"300x250", kws:["top"], collapse: true});iPhones have about a year to be top-of-the-line. Then they have a year to be the modest-but-capable midrange model. After that, they become the free-with-contract choice. And then, in their last year, they enter that no-man's-land where they're still getting software updates but are no longer being sold. 2014 is the year the iPhone 4S was told to pack up its things and move to the retirement home. As a going away present, Apple gave it iOS 8, which in all likelihood will be the last major version upgrade it gets. For the last two years, we've taken the oldest phone supported by each new iOS update and looked at what you stand to gain (and lose) by installing the update. We were impressed by iOS 6 on the iPhone 3GS, but iOS 7 on the iPhone 4 came with some serious compromises. The 4S has stayed pretty speedy over the years, but how does iOS 8 treat it? Read 13 remaining paragraphs | Comments

Read More...
posted about 18 hours ago on ars technica
iOS 8 is here, and it's a big deal. Andrew Cunningham "Huge for developers. Massive for everyone else." That was Apple's tagline for iOS 8 when the software was announced at the company's Worldwide Developers Conference back in June. Overuse of superlatives is a pet peeve of mine, but after using iOS 8 for a couple of months, I have to say that they're warranted in this case. iOS 7 was a comprehensive makeover for an operating system that needed to reclaim visual focus and consistency. iOS 7.1 improved stability and speed while addressing the new design's worst shortcomings and most egregious excesses. And iOS 8 is the update that turns its attention from the way everything looks to the way it works. CN.dart.call("xrailTop", {sz:"300x250", kws:["top"], collapse: true});Just as iOS 6's look had begun to grow stale by the time 2013 rolled around (six years is a pretty good run, though), iOS' restrictions on third-party applications and UI customization now feel outdated. Sure, back in 2007, slow processors and small RAM banks required a strict, Spartan approach to what apps could do and the ways they could interact. But now, our smartphones and tablets have become powerful mini-computers in their own right. Competing platforms like Android, Windows, and Windows Phone have all demonstrated that it's possible to make these little gadgets more computer-y without tanking performance or battery life. Read 180 remaining paragraphs | Comments

Read More...
posted 1 day ago on ars technica
Thanks to a bug in the Android Browser, your cookies aren't safe. Surian Soosay A bug quietly reported on September 1 appears to have grave implications for Android users. Android Browser, the open source, WebKit-based browser that used to be part of the Android Open Source Platform (AOSP), has a flaw that enables malicious sites to inject JavaScript into other sites. Those malicious JavaScripts can in turn read cookies and password fields, submit forms, grab keyboard input, or do practically anything else. Browsers are generally designed to prevent a script from one site from being able to access content from another site. They do this by enforcing what is called the Same Origin Policy (SOP): scripts can only read or modify resources (such as the elements of a webpage) that come from the same origin as the script, where the origin is determined by the combination of scheme (which is to say, protocol, typically HTTP or HTTPS), domain, and port number. The SOP should then prevent a script loaded from http://malware.bad/ from being able to access content at https://paypal.com/. Read 9 remaining paragraphs | Comments

Read More...