Apple’s Touch ID vulnerable to attack
Lookout security researcher Marc Rogers warned that the fingerprint reader on the iPhone 6 is vulnerable to attack, just as the iPhone 5s was.
“When the iPhone 6 came out, the first thing I wanted to find out was whether or not there had been any changes to the TouchID sensor,” he wrote on Lookout’s blog. “I had little expectation that the TouchID sensor would be completely secure, but I hoped at least that there would have been some improvements.”
According to Rogers, the iPhone 6’s TouchID showed no signs of additional settings to help users strengthen security; instead, the fingerprint reader was enhanced to be more sensitive. He concluded that the TouchID remains vulnerable, but that an attack would require skill, patience and a good copy of the user’s fingerprint.
“I can’t help but be a little disappointed that Apple didn’t take this chance to really tighten up the security of TouchID,” he wrote.
Microsoft launches Online Services Bug Bounty Program
Microsoft will reward and recognize security researchers who find qualifying security vulnerabilities and report them. The company is launching the Microsoft Online Services Bug Bounty Program, starting with Office 365.
“Our goal with bounty programs is ultimately unchanged, and that is to uncover issues and protect customers as quickly as possible, and, as always, partnering with the security research community offers us the broadest way to do that,” wrote Akila Srinivasan, security program manager at Microsoft, on the company’s blog.
Qualified vulnerabilities are eligible for a payment of at least US$500, with more offered depending on the vulnerability’s impact.
Elixir functional programming language reaches v1.0
Elixir, a dynamic, functional programming language designed for building scalable and maintainable applications, has released version 1.0.