Skip to content
Thoughtful, detailed coverage of everything Apple for 28 years
and the TidBITS Content Network for Apple professionals
Show full articles

TidBITS#1166/25-Mar-2013

“You’re not paranoid, they really are out to get you.” That’s the lesson of this week’s issue, which — we swear we didn’t plan this — focuses largely on security issues. First, Glenn Fleishman explains how a vulnerability in Apple’s iForgot password-reset page made it possible to reset someone’s password knowing only their date of birth. Apple fixed it immediately, but who knows how long it has been available? Apple also released iOS 6.1.3 to fix a month-old bug that allowed someone who gained access to your iPhone to bypass the passcode and get into the Phone app. Going proactive, Apple last week implemented two-factor authentication for Apple IDs to prevent unauthorized password changes, purchases, and support requests — Glenn Fleishman has all the details and necessary instructions. And with the last word on security for the issue, Joe Kissell contributes a FlippedBITS column that thoroughly debunks four common password myths. Beyond security, Glenn also passes on news about RSS reader NetNewsWire’s future, and Adam Engst shares the results of his testing of PDFpen 6.0’s new export-to-Word feature. Notable software releases this week include Skype 6.3 and PopChar X 6.2.

Adam Engst 3 comments

iOS 6.1.3 Blocks Passcode Bypass Bug

A small update to iOS 6 blocks a bug that could enable someone with access to your iPhone to bypass the passcode and use the Phone app. Plus, Maps in Japan has improved, and other security vulnerabilities have been closed.

Joe Kissell 23 comments

FlippedBITS: Four Password Myths

Are your passwords strong enough to resist an automated attack? If you believe any of several common password myths, they may not be. In this installment of FlippedBITS, Joe Kissell examines a few of the most dangerous myths about password security and explains smarter and safer practices.