Ashkan Soltani Overlooked in last week’s revelation that the National Security Agency is harvesting hundreds of millions of e-mail address books around the world was this surprising factoid: Apple makes this mass collection easier because the Address Book app that by default manages Mac contacts doesn’t use HTTPS encryption when syncing with Gmail accounts. As a result, addresses that automatically travel between Macs and Google servers are sent as plain text , independent privacy researcher Ashkan Soltani wrote in The Washington Post last Monday. He provided the above screenshot demonstrating that Address Book contents appear in the clear to anyone who has the ability to monitor traffic over a Wi-Fi network or other connection. His observation came 15 months after another Mac user also warned that the Mac app offered no way to enable HTTPS when syncing e-mail address lists with Gmail . “It appears that it’s an Apple issue,” Soltani told Ars, referring to the inability to enable HTTPS when Apple’s Address Book is updated to a user’s Gmail account. “Their other products support Gmail over via HTTPS, so I suspect it would be a three-line fix in the contacts to alleviate this problem.” Read 7 remaining paragraphs | Comments
View article:
How Apple’s Address Book app could allow the NSA to harvest your contacts
After the customary six months of incubation, Ubuntu 13.10—codenamed Saucy Salamander—has hatched. The new version of the popular Linux distribution brings updated applications and several new features, including augmented search capabilities in the Unity desktop shell. Although Saucy Salamander offers some useful improvements, it’s a relatively thin update. XMir, the most noteworthy item on the 13.10 roadmap, was ultimately deferred for inclusion in a future release. Canonical’s efforts during the Saucy development cycle were largely focused on the company’s new display server and upcoming Unity overhaul, but neither is yet ready for the desktop. Due to the unusual nature of this Ubuntu update, this review is going to diverge a bit from the usual formula. The first half will include a hands-on look at the new Unity features. The second half will take a close look at the Ubuntu roadmap and some of the major changes that we can expect to see over the course of the next several releases. Read 46 remaining paragraphs | Comments 
For nearly a decade now, TrueCrypt has been one of the trusty tools in a security-minded user’s toolkit. There’s just one problem, though. No one knows who created the software, and worse still, no one has ever conducted a full security audit on it—until now. Since last month, a handful of cryptographers have newly discussed problems and alternatives to the popular application, which lead on Monday to a public call to perform a full security audit on TrueCrypt. As of Tuesday afternoon, that fundraiser reached over $16,000, making a proper check more likely. Much of those funds came from a single $10,000 donation from an Atlanta-based security firm. “We’re now in a place where we have nearly—but not quite enough—to get a serious audit done,” wrote Matthew Green , a well-known cryptography professor at Johns Hopkins University, on Twitter. Read 3 remaining paragraphs | Comments 
