Heartbleed: Cryptobug in OpenSSL
A bug within OpenSSL has opened ⅔ of the Web to security issues. Attackers can obtain security keys that will allow them to decrypt sensitive information. The bug has been present in OpenSSL for two years. OpenSSL is the default encryption library for Apache and nginx applications, which run 66% of all websites on the Internet. It ships with many other open source operating systems, such as Ubuntu, Fedora, and CENTOS. There is a patch available, but researchers at Google say that even after installation, many websites could still be vulnerable. Researchers attacked themselves and were able to get passwords, usernames, and other sensitive information without leaving a trace.
Governments Pay for Continued Windows XP Support
Microsoft XP support is supposed to end next week, but under the terms of the Microsoft Custom Support program, it won’t be ending for the UK or Dutch governments. The UK government reached a deal for $9.1 million to keep support for Windows XP, Office 2003, and Exchange 2003 for all British public sector customers. The Dutch government agreed to pay an undisclosed “millions of Euros” to maintain support in their country. The US may need to pay something comparable to ensure support, rather upgrade the hundreds of thousands of systems still running on XP. We’ve had years of leadway about the end of support, yet a surprising number of systems still run the OS.
What Developers Need to Know About Android Wear
Because the goal is simplicity, when developing for Android Wear, developers need to keep the user interface clean. The information must be made available at a glance, or it won’t work well. At this point, you’ll have to sign up to be a developer for Android Wear, and use the zip file Google sends you in order to start developing. You won’t be building full-fledged apps–you’ll be building notifications, to make the information available when the user needs it to be. There will be far less interaction with the wearable tech than with phones and tablets. You will be dealing with entirely different design guidelines, so make sure you know and understand them before development begins.
All You Need to Know About iOS 8 and OS X 10.10
Apple recently announced plans for their next operating system overhauls. iOS 8 is the next version of the OS for iPhone, iPod Touch, and iPad. It is a major redesign that will include additional applications, such as Healthbook, for health and fitness. Healthbook will also include an Emergency Contact Card that will allow users to store important information. It will focus on performance, and will bring the mapping app up to par with offerings from Google and Microsoft. OS X 10.10 will succeed 10.9 Mavericks, as the operating system for Mac computers and desktops. The new design will not be as drastic as the change from iOS 7 to 8, but new features will be added. Right now, details are tightly held under wraps.
Yahoo Breaks Mailing Lists with Anti-Spoofing Policy
As Yahoo implemented stricter measures to block spoofing, it is causing legitimate mailing lists to break. According to the president of the Coalition Against Unsolicited Commercial Email (CAUCE), John Levine, he says the problem is a new domain based message authentication (DMARC) policy that’s been advertised to third party email servers. The “p-reject” addition on Yahoo’s DMARC told all servers to reject all yahoo.com emails that didn’t originate on those servers. While this does prevent spoofing, it means all legitimate mailing lists will be rejected, too. Gmail, on the other hand, uses the “p-none” option, which doesn’t tell other servers what to do when a DMARC check is failed.