Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling Take Control ebooks.

 

 

Pick an apple! 
 
Avoid Simple Typos

If, like me, you find yourself typing 2911 in place of 2011 entirely too often, you can have Mac OS X (either Lion or Snow Leopard) fix such typos for you automatically. Just open the Language & Text pane of System Preferences, click the Text button at the top, and then add a text substitution by clicking the + button underneath the list. It won't work everywhere (for that you'll want a utility like Smile's TextExpander), but it should work in applications like Pages and TextEdit, and in Save dialog boxes.

Submitted by
John W Baxter

 
 

Tumblr iOS App Allows Passwords to Be Sniffed

Send Article to a Friend

If you use the iOS app for the popular microblogging and photo-sharing service Tumblr, make sure to download version 3.4.1 (or later) right away to avoid a security vulnerability that could allow an attacker to sniff your Tumblr password in transit. And, of course, change your password on Tumblr and any other sites that might share the same password!

The implication from Tumblr’s brief blog post apologizing for the lapse is that certain versions of the app were transmitting your password in the clear, such that anyone listening in on Wi-Fi traffic on a public hotspot, for instance, could see your password. Lest you feel secure in the fact that no one in the coffee shop where you’re working looks sketchy, remember that the Wi-Fi network is undoubtedly accessible from various nearby locations. Even more concerning is the fact that Wi-Fi sniffing software could be an automated process installed by Windows malware and running unnoticed on a compromised PC in the office next door.

I don’t suggest such a scenario to induce paranoia, but to illustrate why the detailed advice that Joe Kissell gives in “Take Control of Your Passwords” is so important. In this case, you have some control over whether your Tumblr password is exposed — only those using a previous version of the Tumblr app on a Wi-Fi network that was being sniffed need worry. But you have no control over whether a company’s account system is hacked, so all that protects you when that happens are strong passwords that are never reused across multiple sites.

Stay safe out there.

Check out the Take Control ebooks that expand on the topic in this article:

Password overload has driven many of us to take dangerous shortcuts. If you think ZombieCat12 is a secure password, that you can safely reuse a password, or that no one would try to steal your password…think again! Overcome password frustration with expert advice from Joe Kissell, and don't miss our Joe of Tech comic or Joe’s intro video!

 

Make friends and influence people by sponsoring TidBITS!
Put your company and products in front of tens of thousands of
savvy, committed Apple users who actually buy stuff.
More information: <http://tidbits.com/advertising.html>