Last night a period of down-time was experienced by developers attempting to access Apple’s Developer Portal. As it turns out, they appear to have been patching a relatively major security hole which left access to developer personal information to malicious hackers.
It would appear that Kim Dotcom does not trust United States-made electronics. He suggests this week that the world should "never trust US tech", using #NSA to point out a Cisco listing of lawful intercept architecture. He calls these systems "interception backdoors", suggesting that Cisco is amongst the companies that willingly allow the NSA to take hold of their data at any given time - but that's just not true.
Earlier today the folks at SRLabs showed a demonstration of how using a bit of wood glue and some interesting printing techniques, they were able to trick the Samsung Galaxy S5’s fingerprint scanner. This trick took the same method used for their test of the iPhone 5s’ Touch ID, much in the same way CCC (Germany’s Chaos Computing Club) tricked iPhone 5s’ scanner this past September.
The second wave of Facebook’s sharing of Government Request data comes this week in short form. Facebook is one of a collection of groups to have begun showing off what they’re able in government data requests since the age of the NSA spill came to fruition last year.
This week the folks at Apple have added to the stacks of sites making clear that they were either unaffected by the Heartbleed bug or have been patched successfully. Apple has released a statement that suggests they "take security very seriously" and that iOS and OS X "never incorporated the vulnerable software" in the first place. They also made clear that "key web-based services were not affected" either.
This week there’s little question that the internet security world has been tossed down a flight of stairs. With Heartbleed, a relatively major bit of a mistake was made in OpenSSL, a form of security that most of the internet uses, resulting in a major open door for hackers and spies of all kinds. With this bug having only been discovered this week and implemented a whopping two years ago, IT professionals are notably miffed.