This week's hack of over 1 billion online account credentials is the worst thing ever or else nothing to worry about, but either way you should change your passwords (again). Yahoo and Google are teaming up for encrypted email in 2015. And as always we have the latest product releases and rumors from Apple, Microsoft, and others. Read on for our recap, and to get the latest reviews and features from our editors in your inbox, subscribe to our weekly newsletters.
It's Black Hat and DefCon week in Las Vegas, which means that we're awash in hacking news. This week's main bout between security Chicken Littles ("The sky is falling!") and the "keep calm and compute on" crowd was spurred by a New York Times report on Russian hackers stealing 1.2 billion passwords. While a breach of that size is alarming, there's no evidence yet that financial data was compromised, or that anything has been done with the account info. CNET's Seth Rosenblatt says that experts at Black Hat advise "Don't panic," because the problem's not new, and there's not much you can do. We should also note that the company publicizing the problem is selling its service as a solution while withholding details of the breach, so that seems hinky.
Your best bet: Change your passwords just in case, and consider a password manager (Windows, Mac, iOS, Android) to create unique, hard-to-crack passwords that you don't have to remember. For more info, see CNET's guide to password security and Wired's. Longer term, Tim Stevens recommends killing the user name and password.
What should feel insecure?
- Planes, which could theoretically get hijacked via in-flight Wi-Fi.
- Cars, which rely ever more on Bluetooth, Wi-Fi, keyless systems, and so on. Wired has a handy chart of how hackable your car may be.
- Cell phones, especially Android and BlackBerry, which have a device-management tool back door that can be exploited (but hasn't been yet).
- USB thumb drives, which can carry malware.
- Fitness trackers, because as Symantec points out, they have a lot of our personal information, track locations, and have lousy password protection.
- The whole Internet of things, because networked devices are vulnerable -- Black Hat revealed 13 previously unknown issues. One developer has built Ghosty to hack Sonos Sound System and make his house sound haunted.
- Cat neighbors, because a DefCon presenter has created the WarKitteh collar that finds unprotected Wi-Fi networks as kitty wanders the 'hood.
- PayPal, because although it has two-factor authentication -- a good thing -- its 2FA has a vulnerability, first reported in June and apparently not yet fixed.
- Tor, the software of choice for whistleblowers, which had an attack that probably tried to de-anonymize users. The Tor Project says its services were affected but is not entirely sure what "affected" entails. Moreover, the FBI has been targeting users in Operation Torpedo (geddit?) to track child porn, bomb threats, and other illegal activity.
- Remote-access software, which the Department of Homeland Security says can be exploited -- several retailers have been hit by malware called Backoff that steals payment data.
- The Department of Homeland Security, because its contractor, USIS, which processes background checks for the government, was breached, and employees' personal information was stolen.
In better news:
- Yahoo and Google are teaming up to offer end-to-end encryption in webmail by 2015.
- CERN is developing ProtonMail, which promises to be consumer-friendly email with end-to-end encryption. The project has met its crowdfunding goal and is in beta but does not yet have a release date.
- Subgraph is coming by end of summer, a purportedly zero-day-resistant OS that wants to replace Tor's Tails.
Microsoft will release an update to Windows 8.1 on Tuesday, but it's been so pared down that it's not even being called "Update 2." You'll get it as part of your regular software updates.
Tuesday's patch will also block old ActiveX controls, including certain versions of Java, to reduce vulnerabilities.
Threshold, the next version of Windows, is expected next spring and may have a public preview this fall. Mary Jo Foley reports that it will include significant interface changes that may include a Start menu, elimination of the charms bar, and support for virtual desktops.
Microsoft has issued very early warning that it will drop support for older versions of Internet Explorer (including IE 8) on January 12, 2016, to push users to IE 11.
In CNET's ongoing series on Mac OS X Yosemite features, Jason Parker looks at the Notification Center, which will now include widgets.
For older Mac apps, developers will need to update their apps' signatures or risk getting flagged by Gatekeeper in the upcoming OS X.
Wired has a tour of the new version of Safari for Yosemite.
An Apple patent seems to indicate that Siri may come to the Mac OS. Presumably for those who are having trouble finding tomato soup, chilling gazpacho, and managing other tomato-based comestibles.
- Unsubscribe from newsletter mailing lists in Gmail
- Find the biggest power vampire in OS X
- Discover when apps go on sale
- Use Google as your universal translator
- Skirt Twitter's restriction on links in DMs
There's an app for that? Srsly?
Once upon a time, a bored young man posted his phone number on Facebook, hoping for amusement. Instead his cousin bombed him with prank text messages about felines. Now you, too, can annoy your friends with the Cat Facts Android app.
Is dialing too much work? That's OK, you can now order a pizza with a couple keystrokes, thanks to Push for Pizza for iOS.
Has the conversation fallen, and you can't get up? This Is Your Out -- an app with a physical button, presumably like a Life Alert -- will call you to give you an excuse to escape your bad date or the yappy coworker who's cornered you. The app hasn't raised its funding yet, though, so you may have to rely on good, old-fashioned rudeness.