Apple joins forces w/ Google, Microsoft & Mozilla to deprecate 20-year-old web security protocol

Apple is coming together with Google, Microsoft, and Mozilla to deprecate the use of TLS 1.0 and 1.1 by early 2020. TLS stands for Transport Layer Security and is used to protect web traffic. ArsTechnica was first to report on the agreement, while Apple’s WebKit blog has also detailed the change.

more…

The post Apple joins forces w/ Google, Microsoft & Mozilla to deprecate 20-year-old web security protocol appeared first on 9to5Mac.

Adobe previews automatic image parallax, simple font customization, more in development for Creative Cloud apps

At MAX 2018, Adobe today held its annual Sneaks event, where early and upcoming macOS and iOS software features are previewed for the first time. While these technologies don’t always end up in shipping software, they often inform future product development at the very least. This year, 10 sneak previews were shown off in various stages of development.

more…

The post Adobe previews automatic image parallax, simple font customization, more in development for Creative Cloud apps appeared first on 9to5Mac.

Bug in libssh could make it amazingly easy for hackers to gain root access

Bug in libssh could make it amazingly easy for hackers to gain root access

Enlarge (credit: starwars.com)

There’s a four-year-old bug in the Secure Shell implementation known as libssh that makes it trivial for just about anyone to gain unfettered administrative control of a vulnerable server. While the authentication-bypass flaw represents a major security hole that should be patched immediately, it wasn’t immediately clear what sites or devices were vulnerable since neither the widely used OpenSSH nor Github’s implementation of libssh was affected.

The vulnerability, which was introduced in libssh version 0.6 released in 2014 makes it possible to log in by presenting a server with a SSH2_MSG_USERAUTH_SUCCESS message rather than the SSH2_MSG_USERAUTH_REQUEST message the server was expecting, according to an advisory published Tuesday. Exploits are the hacking equivalent of a Jedi mind trick, in which an adversary uses the Force to influence or confuse weaker-minded opponents. The last time the world saw an authentication-bypass bug with such serious consequences and

Continue reading “Bug in libssh could make it amazingly easy for hackers to gain root access”

Apple teases new Japanese retail store for 2019, promotes Shibuya reopening with custom wallpapers

Apple’s enthusiasm for its retail expansion in Japan hasn’t been tempered. First in Shinjuku and later Kyoto, the company celebrated each of this year’s store openings with custom graphics and promotional videos. 2018’s new stores were even teased ahead of an official announcement to build excitement. Apple’s visual spectacle continues for its October 26th store reopening in Shibuya, which was announced yesterday evening. For the first time, a new store for 2019 has also been teased.

more…

The post Apple teases new Japanese retail store for 2019, promotes Shibuya reopening with custom wallpapers appeared first on 9to5Mac.

Browser vendors unite to end support for 20-year-old TLS 1.0

A green exterior door is sealed with a padlock.

Enlarge (credit: Indigo girl / Flickr)

Apple, Google, Microsoft, and Mozilla have announced a unified plan to deprecate the use of TLS 1.0 and 1.1 early in 2020.

TLS (Transport Layer Security) is used to secure connections on the Web. TLS is essential to the Web, providing the ability to form connections that are confidential, authenticated, and tamper-proof. This has made it a big focus of security research, and over the years, a number of bugs that had significant security implications have been found in the protocol. Revisions have been published to address these flaws.

The original TLS 1.0, heavily based on Netscape’s SSL 3.0, was first published in January 1999. TLS 1.1 arrived in 2006, while TLS 1.2, in 2008, added new capabilities and fixed these security flaws. Irreparable security flaws in SSL 3.0 saw support for that

Continue reading “Browser vendors unite to end support for 20-year-old TLS 1.0”

Trump’s coal rescue is getting more complicated

Uncovered coal trains

Enlarge / An eastbound Norfolk Southern Corp. unit coal train passes through Waddy, Kentucky. (credit: Luke Sharrett/Bloomberg via Getty Images)

According to four people who spoke to Politico on conditions of anonymity, the Trump administration’s plan to bail out coal and nuclear plants has hit a speed bump within the White House itself.

The most recent plan from the Department of Energy (DOE) involved invoking the Defense Production Act of 1950, a wartime rule that allows the president to incentivize and prioritize purchases from American industries that are considered vital to national security.

Another potential plan involved invoking Section 202(c) of the Federal Power Act to mandate that struggling coal and nuclear plants stay open either through compulsory purchases by grid managers or through subsidies. FirstEnergy, a power corporation whose coal and nuclear units are under Chapter 11 bankruptcy, petitioned the DOE to use this power in April.

Continue reading “Trump’s coal rescue is getting more complicated”

After backlash, Verizon giving 3 months free service to Florida counties hit hardest by Hurricane Michael

Since the landfall of Hurricane Michael last week, Verizon has been under scrutiny for its seemingly poor efforts to restore service in the Florida Panhandle. FCC Chairman Ajit Api and Florida Governor Rick Scott have both slammed Verizon’s response to the disaster, while Scott has praised AT&T’s efforts.

Now, Verizon is responding to those concerns.

more…

The post After backlash, Verizon giving 3 months free service to Florida counties hit hardest by Hurricane Michael appeared first on 9to5Mac.

Adobe offers tips on switching from Keynote to XD for app prototyping

Since 2014’s “Prototyping: Fake It Till You Make It” WWDC session, Apple’s Keynote app has become a popular tool for designers and developers looking to make quick and easy app prototypes and concepts. Alongside the rise of Keynote, several other dedicated prototyping tools have grown in popularity as user experience design gains traction as an essential part of the app development and design process. One of those tools is Adobe XD, formally launched as part of Creative Cloud during 2017’s Adobe MAX conference and updated yesterday with voice prototyping.

Now that the application has had a year to mature and grow a more robust feature set, I asked Adobe how Keynote users looking to explore in-depth prototyping can easily make the jump to a more powerful tool.

more…

The post Adobe offers tips on switching from Keynote to XD for app prototyping appeared first on 9to5Mac.

Ajit Pai slams carriers for slow restoration of cell service after hurricane

A Verizon logo at the 2012 Consumer Electronics Show in Las Vegas.

Enlarge / A Verizon logo at the 2012 Consumer Electronics Show in Las Vegas. (credit: Getty Images | Bloomberg)

Wireless carriers’ failure to fully restore cellular service in Florida after Hurricane Michael “is completely unacceptable,” Federal Communications Commission Chairman Ajit Pai said today in a rare rebuke of the industry that he regulates.

Verizon in particular has been under fire from Florida Governor Rick Scott, who says Verizon hasn’t done enough to restore service. By contrast, Scott has praised AT&T for its disaster response.

The FCC will open an investigation into the post-hurricane restoration efforts, Pai said. Pai and Scott urged wireless carriers to immediately disclose plans for restoring service, waive the October bills of affected customers, and let customers switch providers without penalty.

Read 17 remaining paragraphs | Comments

Apple Debuts Limited Edition Mickey Mouse Beats Solo 3 Wireless Headphones Created in Collaboration With Disney

To celebrate the 90th anniversary of Mickey Mouse, Apple has introduced special edition Mickey-themed Beats Solo 3 Wireless Headphones.



Priced at $329.95, the headphones are a gray color with a classic Mickey design. The headphones come with a matching gray felt carrying case, a collectible pin, and a decal sticker.

Celebrate “The True Original” with Mickey’s 90th Anniversary Edition Beats Solo3 Wireless headphones. Keep the magic going with award-winning sound and up to 40 hours of battery life. The cool-gray headphone features Mickey Mouse in the iconic pose seen on classic t-shirts that we all know and love. It also comes with a custom felt case inspired by the materials from Mickey Mouse ear hats, along with a collectible pin and decal sticker to honor the collaboration.

Mickey Mouse made his first appearance on November 18, 1928 to replace Oswald the Lucky Rabbit, one of Disney’s original characters. He

Continue reading “Apple Debuts Limited Edition Mickey Mouse Beats Solo 3 Wireless Headphones Created in Collaboration With Disney”

App Bundles Are Coming to the Mac App Store

In a brief post on Apple’s Developer news site, the company announced that it is adding support for app bundles to the Mac App Store. According to the post:

…now, you can create app bundles for Mac apps or free apps that offer an auto-renewable subscription to access all apps in the bundle.

The post points to developer documentation on creating app bundles that that has been revised to mention Mac apps. The process for setting up a bundle, which will allow developers to offer up to 10 Mac apps as a single purchase, appears to be the same as it is for iOS developers. Unfortunately for those developers with iOS and macOS apps, it does not appear possible to create a mixed bundle of iOS and Mac apps.

→ Source: developer.apple.com

App Store Bundles Gain Support for Mac Apps and Free Apps With Subscriptions

Apple today announced expanded features for App Store bundles, introducing support for both Mac apps and free apps with subscriptions for the first time.

Mac app developers are now able to create bundles of up to 10 apps, allowing customers to purchase multiple Mac apps at once at a discounted price.

Bundles like these have long been available through the iOS app store for purchasing multiple games or apps at one time, but until today, Mac App Store developers were not able to create similar bundles.

Apple is also now allowing app developers to set up bundles that include free apps with auto-renewable subscriptions, letting users purchase an app bundle and access multiple apps at one subscription price.

For free apps with subscriptions, each app in the bundle must have an approved auto-renewable subscription. If a user subscribes in one app, they must be able to access all other apps

Continue reading “App Store Bundles Gain Support for Mac Apps and Free Apps With Subscriptions”

Macworld Podcast: Join us on Wednesday, Oct. 17, at 10 a.m. Pacific