“You’re not paranoid, they really are out to get you.” That’s the lesson of this week’s issue, which — we swear we didn’t plan this — focuses largely on security issues. First, Glenn Fleishman explains how a vulnerability in Apple’s iForgot password-reset page made it possible to reset someone’s password knowing only their date of birth. Apple fixed it immediately, but who knows how long it has been available? Apple also released iOS 6.1.3 to fix a month-old bug that allowed someone who gained access to your iPhone to bypass the passcode and get into the Phone app. Going proactive, Apple last week implemented two-factor authentication for Apple IDs to prevent unauthorized password changes, purchases, and support requests — Glenn Fleishman has all the details and necessary instructions. And with the last word on security for the issue, Joe Kissell contributes a FlippedBITS column that thoroughly debunks four common password myths. Beyond security, Glenn also passes on news about RSS reader NetNewsWire’s future, and Adam Engst shares the results of his testing of PDFpen 6.0’s new export-to-Word feature. Notable software releases this week include Skype 6.3 and PopChar X 6.2.
A small update to iOS 6 blocks a bug that could enable someone with access to your iPhone to bypass the passcode and use the Phone app. Plus, Maps in Japan has improved, and other security vulnerabilities have been closed.
The current owners of the RSS newsreader NetNewsWire have plans for a new release and a replacement for Google Reader’s synchronization feature.
The Verge broke the news that an easy method using a modified URL and an account holder’s date of birth enabled a malicious party to reset an Apple ID password. Apple quickly shut down its password-reset page, iForgot, and revised the process.
Are your passwords strong enough to resist an automated attack? If you believe any of several common password myths, they may not be. In this installment of FlippedBITS, Joe Kissell examines a few of the most dangerous myths about password security and explains smarter and safer practices.
With the addition of optional two-factor authentication, Apple makes it much harder for Apple ID accounts to be hijacked through social engineering and security flaws. Mat Honan can sleep easier now.
Notable software releases this week include Skype 6.3 and PopChar X 6.2.
One quick recommendation for something else to read this week — a warning about Mac-focused Trojans that install ad-embedding extensions in Safari, Chrome, and Firefox.