Password management company LastPass has announced that it suffered a security breach in which attackers stole both encrypted customer account data (which is bad) and customer vaults containing encrypted usernames and passwords (which is much, much worse). On the positive side, the data of users who abided by LastPass’s defaults and created master passwords of at least 12 characters in length will likely resist cracking attempts.
Read More
In early December, Apple made a surprise announcement: Advanced Data Protection for iCloud. It’s not as though iCloud’s standard data protection is problematic, but it hinges on one architectural decision that makes some iCloud data theoretically vulnerable: Apple holds the encryption keys necessary to decrypt iCloud data.
Read More
Every year at its Worldwide Developer Conference in June, Apple previews planned features in the upcoming versions of macOS, iOS, iPadOS, watchOS, and tvOS. However, not all of those features are necessarily ready for the initial releases of those operating systems. In part, that’s because iOS must ship in sync with the latest iPhone models that Apple releases in September, whereas iPadOS and macOS often come out later. Even then, some of Apple’s promised features may not be ready for public consumption until the .1 or .2 updates.
Read More