Polls: What are your first impressions of iOS 8 and Yosemite?

poll

Now you’ve had a chance to catch up on our coverage of the main new features of iOS 8 and OS X Yosemite, and seen our hands-on videos (iOS 8 overview, OS X Yosemite overviewiOS 8 Spotlight and iOS 8 interactive notifications), we’d like to hear your first impressions of each.

Whether you’re blown away by all the new features, disappointed by things you wanted but didn’t get, or just a bit underwhelmed, here’s your chance to let us know.

We’ve summarized the features Apple has chosen to highlight, and there are separate polls for each platform …  Read more

Apple says Heartbleed security flaw did not affect its software or services

heartbleed

With an estimated half a million sites vulnerable to the “Heartbleed” vulnerability revealed earlier this week, which allows an attacker to access user details of websites previously believed to be secured by industry-standard SSL/TLS, your favorite social networks, stores, and other services around the web could potentially be handing out your password or other personal information to anyone who exploits the issue.

The bug exists in a library called OpenSSL, which is an open-source SSL implementation that many—but not all—web services use to secure sensitive traffic. If a website you use is affected by the bug, your personal data could be given to just about anyone. Unfortunately, changing your password on an unsecure site won’t even help unless the site’s owners have installed a fix (because the attackers can simply exploit the bug again to get your new password).

This serious issue affects a number of high-profile sites, but it seems your Apple ID is safe. Today, Apple gave the following statement to Re/code:

Read more

Apple releases Safari 7.0.3 with push notification changes, security improvements, and more

 

Screen Shot 2014-04-01 at 5.58.17 PM

After updating iWork for iCloud and its Mac and iOS counterparts, Apple has pushed out a new Safari update as well. The new version is 7.0.3 and contains mostly bug and security fixes. Apple has been beta testing this update with developers for the past few weeks. The two biggest parts of this update are changes to push notifications and the way URLs are handled.

For users who don’t want to be asked about push notifications from any site, there’s now a checkbox in the notification preferences that disables them entirely. Unchecking the box for “Allow websites to ask for permission to send push notifications” (seen above) will block all notification prompts in the future.

The second big change enables Safari to recognize new generic top-level domains (the .com bit at the end of the URL). The organization responsible for managing these has recently created several new ones for generic terms (like “.pizza”). Safari will now recognize these and go to the correct URL rather than trying to search for the term. Read more

Contestants at Pwn2Own take down Safari, but said OS X security is better than other systems

As usual, the annual Pwn2Own contest featured many hackers targeting the latest operating systems and browsers from the major vendors, including Apple. Threatpost reports that the “Keen Team” focused Safari on Thursday and exploited it with relative ease.

The team took home a $40,000 bounty for their efforts on Safari, as well as a share in a $75,000 prize for co-engineering a zero-day Flash exploit. They say they will donate some of their winnings towards charities representing missing Malaysian Airplane passengers.

The group say that for Safari, they used two different exploit vectors. One vulnerability was a heap overflow in WebKit that enabled arbitrary code execution. The team then used this opening to use another exploit to bypass the application sandbox and run code as if it was user privileged.

Read more

Nuance announces Dragon Dictate 4, with pre-recorded transcription features and Gmail integration

Nuance has just announced the next major version of its Mac dictation software, Dragon Dictate 4. The new version improves recognition accuracy as well as several new features, including the ability to machine transcribe from a pre-recorded audio file. You no longer have to be recording a voice live to get transcription.

Screenshot 2014-03-04 08.07.43We’ve had a quick play with the software and the accuracy is almost scary good compared to older versions of the software. Speaking in a normal voice gives you almost 100% accuracy and even mumbling seems to work. While Mavericks uses the same Nuance speech engine, Dictate 4 has a better interface for transcription and tons of extra features as outlined in the videos above and below.

Dragon Dictate software has also been updated for modern system architectures — it is a 64-bit app now.  This results in better performance and better memory management over its predecessors. The company says it has drastically reduced latency when interpreting speech.

Read more

Apple patched a major SSL bug in iOS yesterday, but OS X is still at risk

SSL-Bug-OSX

Update: Apple says an OS X fix is coming soon.

Yesterday Apple released iOS update 7.0.6 alongside new builds for iOS 6 and Apple TV  that it said provided “a fix for SSL connection verification.” While Apple didn’t provide much specific information on the bug, it wasn’t long before the answer was at the top of Hacker News. It turns out that minor security fix was actually a major flaw that could in theory allow attackers to intercept communications between affected browsers and just about any SSL-protected site. Not only that, but the bug is also present in current builds of OS X that Apple has yet to release a security patch for.

Researchers from CrowdStrike described the bug in a report:

“To pull off the attack an adversary has to be able to Man-in-The-Middle (MitM) network connections, which can be done if they are present on the same wired or wireless network as the victim. Due to a flaw in authentication logic on iOS and OS X platforms, an attacker can bypass SSL/TLS verification routines upon the initial connection handshake. This enables an adversary to masquerade as coming from a trusted remote endpoint, such as your favorite webmail provider and perform full interception of encrypted traffic between you and the destination server, as well as give them a capability to modify the data in flight (such as deliver exploits to take control of your system),”

Adam Langley, a senior software engineer at Google, also wrote about the flaw on his blog ImperialViolet and created a test site to check if you have the bug (pictured above): Read more

Apple releases Mavericks OS X 10.9.1 with improved Gmail support, Shared Link improvements, more

Apple has released OS X 10.9.1 for Mac via the Mac App Store today. The update includes a number of Mail related fixes including improved support for Gmail as well as numerous bug fixes. The update also fixes a VoiceOver issue that prevented sentences with emoji characters from being read…

Read more

Apple readies iBooks, Safari, Remote Desktop, and Mail bug fix updates for Mavericks

Screen Shot 2013-11-04 at 11.30.57 AM

In addition to the incoming OS X Mavericks Mail Update that we reported on previously, sources say that Apple is readying a slew of performance and bug fix updates for several other OS X Mavericks applications. According to the updates seeded today to Apple employees, Apple is preparing updates for iBooks, Safari, and the Remote Desktop Client apps:

Read more

Websites begin exposing Safari push notification support as Mavericks nears public release

Screen+Shot+2013-10-22+at+8.28.03+AM

With the launch of Mavericks imminent, a handful of major websites have begun supporting the Safari Push Notification feature. These sites include The New York Times, NBA.com and social network Pinterest. HTML 5 web notifications have been supported by all major browsers, including Safari, for a while. However, the HTML 5 native feature requires the page to be open for notifications to be sent, as noted by MacRumors.

Meanwhile, Safari Push Notifications mirror the user experience associated with native app push notifications. With user consent, a supporting website can send notifications to your Mac without the page (or even, Safari) being open. This is because this system uses Apple’s Push Notification Service servers — rather than the local client — to function. Because of this server-side integration, the utility of website notifications increases dramatically.

With major support already implemented by such big sites, it seems like this will be a big deal for end-users. More sites will undoubtedly roll out support in the coming days. For instance, CNN was used to demo the feature at WWDC but is yet to go live publicly. Mavericks is expected to launch by the end of the week. It is very likely Apple will confirm the OS’ launch date at its special media event later today. Read more

How to: Use a password manager to have strong, unique passwords for each website

Image: redorbit.com

Image: redorbit.com

Evernote, Adobe, even Apple … just a few of the companies who have found their user data compromised by hackers in recent times. The possibility of a hacker being able to access one of your web accounts is worrying enough – but if you use the same email address and password for almost all the websites you use, the risk becomes huge.

The first thing a hacker does when they get hold of a list of usernames and passwords is to use automated software to fire them at a whole bunch of popular websites. That means your online security is only as good as the most vulnerable of the websites you visit. Not good.

The answer, of course, is to use a unique – and strong – password for each website you access. But that creates its own hassles. Strong passwords aren’t easily memorised. Sure, we can ask our browsers to store logins for us, but when you might use several different computers, an iPhone and an iPad, you’d have to login once from each device as soon as you chose the password so it gets stored before you forget it. Not very convenient.

Which is where password managers come in. When you see the instructions, it’ll look like a long process, but it in fact takes only 10-20 mins if you have two or three devices …  Read more

New OS X 10.8.5, iTunes, & Safari builds seeded internally as releases near

NewSeeds

Today, Apple has begun seeding new versions of OS X Mountain Lion, iTunes, Safari and Java to Apple employees. The new OS X build is version 10.8.5, and it is a supplemental update to the version that was publicly released last month. Last week, we noted that Apple was preparing this new version with bug fixes for MacBook Airs, USB, and HDMI, and today’s new seed is a higher build number (12F45 versus 12F42). This indicates that Apple is making progress on the release and that the launch is nearing for customers…

Read more