By Soulskill from Slashdot's can-you-hear-me-now department
An anonymous reader sends this excerpt from The Guardian:Businesses and governments around the world increasingly are turning to voice biometrics, or voiceprints, to pay pensions, collect taxes, track criminals and replace passwords. "We sometimes call it the invisible biometric," said Mike Goldgof, an executive at Madrid-based AGNITiO, one of about 10 leading companies in the field. Those companies have helped enter more than 65M voiceprints into corporate and government databases, according to Associated Press interviews with dozens of industry representatives and records requests in the United States, Europe and elsewhere. ... The single largest implementation identified by the AP is in Turkey, where the mobile phone company Turkcell has taken the voice biometric data of some 10 million customers using technology provided by market leader Nuance Communications Inc. But government agencies are catching up.Read Replies (0)
By Soulskill from Slashdot's another-day-another-vuln department
sends word that security researchers from Google have published details on a vulnerability in SSL 3.0
that can allow an attacker to calculate the plaintext of encrypted communications. Google's Bodo Moller writes,SSL 3.0 is nearly 15 years old, but support for it remains widespread. Most importantly, nearly all browsers support it and, in order to work around bugs in HTTPS servers, browsers will retry failed connections with older protocol versions, including SSL 3.0. Because a network attacker can cause connection failures, they can trigger the use of SSL 3.0 and then exploit this issue. Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today. Therefore our recommended response (PDF) is to support TLS_FALLBACK_SCSV. This is a mechanism that solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks.Read Replies (0)
By Soulskill from Slashdot's grass-is-greener department
An anonymous reader writes: Milen Dzhumerov, a software developer for OS X and iOS, has posted a concise breakdown of the problems with the Mac App Store. He says the lack of support for trial software and upgrades drives developers away by preventing them from making a living. Forced sandboxing kills many applications before they get started, and the review system isn't helpful to anyone. Dzhumerov says all of these factors, and Apple's unwillingness to address them, are leading to the slow but steady erosion of quality software in the Mac App Store.
"The relationship between consumers and developers is symbiotic, one cannot exist without the other. If the Mac App Store is a hostile environment for developers, we are going to end up in a situation where, either software will not be supported anymore or even worse, won't be made at all. And the result is the same the other way around – if there are no consumers, businesses would go bankrupt and no software will be made. The Mac App Store can be work in ways that's beneficial to both developers and consumers alike, it doesn't have to be one or the other. If the MAS is harmful to either developers or consumers, in the long term, it will be inevitably harmful to both."Read Replies (0)