Apple’s Touch ID vulnerable to attack
Lookout security researcher Marc Rogers warned that the fingerprint reader on the iPhone 6 is vulnerable to attack, just as the iPhone 5s was.
“When the iPhone 6 came out, the first thing I wanted to find out was whether or not there had been any changes to the TouchID sensor,” he wrote on Lookout’s blog. “I had little expectation that the TouchID sensor would be completely secure, but I hoped at least that there would have been some improvements.”
According to Rogers, the iPhone 6’s TouchID showed no signs of additional settings to help users strengthen security; instead, the fingerprint reader was enhanced to be more sensitive. He concluded that the TouchID remains vulnerable, but that an attack would require skill, patience and a good copy of the user’s fingerprint.
“I can’t help but be a little disappointed that Apple didn’t take this chance to really tighten up the security of TouchID,” he wrote.
Microsoft launches Online Services Bug Bounty Program
Microsoft will reward and recognize security researchers who find qualifying security vulnerabilities and report them. The company is launching the Microsoft Online Services Bug Bounty Program, starting with Office 365.
“Our goal with bounty programs is ultimately unchanged, and that is to uncover issues and protect customers as quickly as possible, and, as always, partnering with the security research community offers us the broadest way to do that,” wrote Akila Srinivasan, security program manager at Microsoft, on the company’s blog.
Qualified vulnerabilities are eligible for a payment of at least US$500, with more offered depending on the vulnerability’s impact.
Elixir functional programming language reaches v1.0
Elixir, a dynamic, functional programming language designed for building scalable and maintainable applications, has released version 1.0.
Elixir runs on the Erlang VM, and according to the language’s website. It can be used to code Web and embedded software, and run low-latency, distributed and fault-tolerant systems. Elixir 1.0 will follow semantic versioning, meaning code will continue to compile and run for all versions under the v1 branch.
The release includes six parts: the Elixir compiler, runtime and standard library; Elixir’s EEx templating library; ExUnit unit test library; IEx interactive shell; the Logger tool; and the Mix build tool.
More information is available on Elixir’s blog.
WillowTree announces ‘Monkeypod’ rapid API design and virtualization tool
WillowTree, a mobile design and development service provider, has announced the beta of a new tool codenamed “Monkeypod” for cloud-based API design and virtualization.
Based on HTTP and JSON standards, Monkeypod allows client-focused API design through an online interface, creating a Swagger specification for developers from that design to be used with code generation and sandbox documentation tools. The tool is designed to give immediate exposure to virtual APIs, and to easily transition to live APIs for connection to mobile apps.
WillowTree’s goal with Monkeypod is to create a single platform from which to manage the client-server application development process. More information can be found in WillowTree’s Monkeypod announcement.
Debian switches back to GNOME as default desktop
The Debian Linux distribution team has announced it will switch back to the GNOME desktop environment software in the upcoming Debian 8.0 release, codenamed “Jessie.”
The open-source operating system switched from GNOME to Xfce back in 2012, but Debian developer Joey Hess announced on the Debian mailing list plans to revert to GNOME, based primarily on the need for better accessibility and systemd integration, along with other desktop comparison issues, such as tasksel task quality, portability, packaging and consistency.
Debian 8.0 is due for release in 2015.
