Dropbox Passwords Rolls Out to All Users in April

Dropbox Passwords launched in 2020 for paid users to manage their passwords. Now the company has announced it will be available to free users in April. You can sign up here to be notified of its release.

Dropbox Basic users will be able to store up to 50 passwords in Dropbox Passwords and have them automatically sync with up to three devices. It will also be possible to share passwords securely with anyone eventually, but this is a feature Dropbox is still working on and isn’t available yet.

I think it’s interesting that Dropbox came out with a password manager, but you can find far better ones for free with less limitations, like Bitwarden.

Molson Coors Production Grinds to Halt From Cyberattack

Molson Coors has revealed in its regulatory filing it suffered a cyberattack, and production has come to a halt.

Molson Coors experienced a systems outage that was caused by a cybersecurity incident. We have engaged a leading forensic IT firm to assist our investigation into the incident and are working around the clock to get our systems back up as quickly as possible.

Not even our beer is safe. One likely candidate is some kind of ransomware.

HBO Max to Launch Ad-Supported Streaming Plan in June

HBO executives revealed a new HBO Max plan that will launch in June. It will be ad-supported and more affordable than its current plan.

The primary difference between the two will center on WarnerMedia’s 2021 films, which are releasing through a hybrid model on HBO Max the same day that they debut in theaters. After the ad-supported plan launches, the films will be limited to the more expensive of the two subscriptions.

Dashlane Reveals New Password Changer and Autofill Engine

Dashlane announced on Thursday a redesign of its Password Changer, as well as a new autofill engine powered by machine learning.

Password Changer seamlessly logs users into compatible websites, generates strong, unique passwords, then changes the passwords for those sites on the user’s behalf in one-click.

Interested persons can sign up to test the beta versions of Dashlane with these new features using this website.

Netflix Moves to Crack Down on Password Sharing

Jason Gurwin reports that some Netflix users recently began seeing warnings if the company detects you’re using someone else’s password.

We’ve heard the test right now is only on TV devices. A Netflix spokesperson told The Streamable, “This test is designed to help ensure that people using Netflix accounts are authorized to do so.” It isn’t clear if users in the test all need to be on the same IP address to be considered in the same household.

To quote Jahil Nelson: “The only thing worse than a bunch of people pirating your software is …nobody pirating your software.”

Verkada Security Breach Exposes 150,000 Surveillance Cameras

Hackers have breached the systems of Verkada, a startup that sells security cameras. The group says it was done to expose how widespread video surveillance is.

A person with knowledge of the matter said Verkada’s chief information security officer, an internal team and an external security firm are investigating the incident. The company is working to notify customers and set up a support line to address questions, said the person, who requested anonymity to discuss an ongoing investigation.

Comparing Privacy Policies: Clubhouse Versus Twitter

Clubhouse and Twitter Spaces are the newest entries to the audio space, but they both do different things with your data. Matt Binder examined their privacy policies.

The two platforms’ approaches to data storage really speak to a major difference in their intended uses. It seems Twitter users will be able to Spaces for more permanent content that they can repurpose for other platforms and mediums; whereas Clubhouse rooms will live strictly in the moment.

I don’t want to spoil the article but it sounds like Clubhouse audio recordings are more ephemeral.

iPhone ‘Call Recorder’ App Leaked User Conversations

An iPhone app called Call Recorder lets users record their phone call conversations. But a recently discovered bug leaked those calls.

But using a readily available proxy tool like Burp Suite, Prakash could view and modify the network traffic going in and out of the app. That meant he could replace his phone number registered with the app with the phone number of another app user, and access their recordings on his phone.

A new version of the app was submitted to Apple’s app store on Saturday. The release notes said the app update was to “patch a security report.”

Cryptee Adds DOCX Support for File Editing

Hot on the heels of its big 3.0 update, the next announcement for Cryptee is support for DOCX uploading and editing. You can also export documents as DOCX, making Cryptee a viable cloud-based private alternative to Microsoft Word and Google Docs. However, there is an extra security bonus to Cryptee:

A little known fact about docx files is that, due to the fact that they support macros, and other ways to execute code in them, they are commonly used by malicious third parties to distribute and spread malware viruses. Cryptee does not run / execute macros while opening docx files, allowing you to open / edit / save DOCX files safely, without having to worry about your computer getting infected.

Mac App Electrum Wallet With Backdoor Spotted in Wild

An Electrum wallet with a backdoor has been spotted in the wild by ConfiantIntel. They noticed that it’s another example of a piece of malware notarized by Apple. Link to tweet thread below.

These fake wallets were introduced during a Malvertising attack our security team discovered early this week, involving the hacking of a Major SSP. The hackers redirected the victims to https://electrum-4.github[.]io/ asking them to install an update of the electrum wallet.

In a separate tweet, it looks like one of Patrick Wardle’s tools can detect it.

Microsoft Adds M1 Support to Visual Studio Code

Microsoft announced on Friday support for M1 Macs for its Visual Studio Code software.

We are happy to announce our first release of stable Apple Silicon builds this iteration. Users on Macs with M1 chips can now use VS Code without emulation with Rosetta, and will notice better performance and longer battery life when running VS Code. Thanks to the community for self-hosting with the Insiders build and reporting issues early in the iteration.

47,000 iOS Apps Have Misconfigured Cloud Servers

Researchers at Zimperium analyzed 1.3 million Android and iOS apps to detect common cloud misconfigurations. They found that nearly 84,000 Android apps and 47,000 iOS apps have errors.

The researchers found almost 84,000 Android apps and nearly 47,000 iOS apps using public cloud services—like Amazon Web Services, Google Cloud, or Microsoft Azure—in their backend as opposed to running their own servers. Of those, the researchers found misconfigurations in 14 percent of those totals—11,877 Android apps and 6,608 iOS apps—exposing users’ personal information, passwords, and even medical information.

Google Reveals Plan to End Third-Party Cookies

Google wrote a post updating its plans for its Privacy Sandbox project. Its goal is to make third-party cookies obsolete.

we are confident that with continued iteration and feedback, privacy-preserving and open-standard mechanisms like the Privacy Sandbox can sustain a healthy, ad-supported web in a way that will render third-party cookies obsolete.

Once these approaches have addressed the needs of users, publishers, and advertisers, and we have developed the tools to mitigate workarounds, we plan to phase out support for third-party cookies in Chrome.

I don’t know what the new “open standards” will be, but I’m definitely skeptical given the nature of Google’s advertising business. Will there be a new first-party tracking technique? Update: Here’s why the EFF thinks it’s a terrible idea.

AWS Announces Ethereum on Amazon Managed Blockchain

Amazon Web Services announced on Wednesday the general availability of Ethereum on Amazon Managed Blockchain.

With Amazon Managed Blockchain, customers get secure networking, encryption at rest and transport, secure access to the network via standard open-source Ethereum APIs, fast and reliable syncs to the Ethereum blockchain, and durable elastic storage for ledger data. Amazon Managed Blockchain monitors node health, replaces unhealthy nodes, and automates Ethereum software upgrades, improving the availability of customers’ Ethereum infrastructure.

Brave Prepares to Launch the Brave Search Engine

Private browser Brave is getting ready to launch its own branded search engine with its acquisition of Cliqz.

The former Cliqz dev team, who had subsequently been working on Tailcat, are moving to Brave as part of the acquisition. The engineering team is led by Dr Josep M Pujol — who is quoted in Brave’s PR saying it’s “excited to be working on the only real private search/browser alternative to Big Tech”.

Interesting move, and I look forward to more private search engines.

Netflix Introduces New 'Fast Laughs' Feature for iOS

Netflix is introducing a new feature on its mobile apps called Fast Laughs. It’s a way for people to browse short, funny clips from its video content.

Fast Laughs offers a full-screen feed of funny clips from our big comedy catalog including films (Murder Mystery), series (Big Mouth), sitcoms (The Crew) and stand-up from comedians like Kevin Hart and Ali Wong.

You access the feed through your bottom navigation menu by clicking on the Fast Laughs tab. Clips will start playing – when one ends another begins, to keep the laughs coming.

M1 Support Coming to Open Source Email Client ‘Thunderbird’

In the latest beta version of Thunderbird the company added a welcome surprise in the notes: Future support for Apple’s M1 Macs. These notes apply to Thunderbird version 87 beta 1 released February 26, 2021. What’s New: Native support for macOS devices built with Apple Silicon CPUs; New user interface for adding attachments; Clicking on an already-selected pill in the recipient list will now allow editing the address; Copying a large message to an IMAP server would sometimes prematurely display a time-out error; OpenPGP: Messages with a high compression ratio (over 10x) could not be decrypted; and other fixes and improvements.

In-Game Video Returning to MLB Dugout iPads, but MLB.TV Off Apple TV Third Gen

In-game video is set to return to iPads used by MLB team dugouts when the season starts on April 1. However, AppleInsider noted this is happening at the same time the MLB.tv has been removed from third generation Apple TVs.

Major League Baseball will be allowing teams to watch video of the game in progress once again, following a period of absence. As part of its changes for the 2021 season, MLB is once again allowing video to be piped through to teams on iPads in each dugout. The league has extensively used iPads in the past, providing the tablets to staff and players for performance examination and analytics. Following a ban until 2015, the program started in 2016, and ran smoothly for a number of years, with the iPad Pro initially the tool of choice… While players will be able to watch the game from the dugout, owners of the third-generation Apple TV won’t be able to do the same on their devices. Support for the app was pulled late in February, preventing it from being used on the older video streaming device.

How Apple’s Walled Garden is a Double-Edged Security Sword

Patrick Howell O’Neill shared an interesting argument for MIT Technology Review: Apple’s locked-down ecosystem is both good and bad for security.

He argues that while the iPhone’s security is getting tighter as Apple invests millions to raise the wall, the best hackers have their own millions to buy or develop zero-click exploits that let them take over iPhones invisibly. These allow attackers to burrow into the restricted parts of the phone without ever giving the target any indication of having been compromised. And once they’re that deep inside, the security becomes a barrier that keeps investigators from spotting or understanding nefarious behavior.

Put another way: Apple’s locked down systems naturally select for the best hackers. And the best hackers have the skill to create the most devastating hacks. “This means that even to know you’re under attack, you may have to rely on luck or vague suspicion rather than clear evidence.”

Twitter Announces ‘Super Follows’ and Communities

Twitter announced a couple of features on Thursday that will arrive in the future and change the nature of its platform.

The payment feature, called Super Follows, will allow Twitter users to charge followers and give them access to extra content. That could be bonus tweets, access to a community group, subscription to a newsletter, or a badge indicating your support.

Twitter also announced a new feature called Communities, which appear to be its take on something like Facebook Groups. People can create and join groups around specific interests — like cats or plants, Twitter suggests — allowing them to see more tweets focused on those topics.

New Paramount+ Service Will be $5 a Month With Ads

Paramount+ is a rebranded and expanded version of CBS All Access. In a virtual investor event on Thursday executives revealed pricing. It launches March 4.

And they said that Paramount+ will cost $4.99 per month with ads in the U. S. (less than the $5.99 charged for CBS All Access), or $9.99 without ads and with additional sports, news and live TV content. There are also plans to bundle this with the company’s premium subscriptions, such as Showtime.

Apple Files Update to 'Final Cut Pro' Trademark Allowing For Cloud Subscription Option

Apple updated the Final Cut Pro trademark earlier this week. Spotted by Patently Apple, it indicated that Apple could introduce a subscription model for the video editing software.

On Monday Apple filed an update to their trademark ‘Final Cut Pro’ in Europe adding Nice Classification #42 that hints that Apple could decide to go the way of Microsoft’s subscription model for Final Cut Pro by adding in that class verbiage covering “rental of software.” When you go directly to the WIPO IP Portal under Class 42 one of the first things that you’ll see listed is a header titled “This Class includes, in particular.” Under its third point it states: Class 42 covers Software as a service (known as SaaS). So it’s not just a boiler plate entry from Apple, it’s a core value.

Firefox 86 Introduces ‘Total Cookie Protection’ Privacy Feature

Firefox 86, introduced recently by Mozilla, adds a new privacy feature called Total Cookie Protection.

Total Cookie Protection works by maintaining a separate “cookie jar” for each website you visit. Any time a website, or third-party content embedded in a website, deposits a cookie in your browser, that cookie is confined to the cookie jar assigned to that website, such that it is not allowed to be shared with any other website.

WIN an iPhone 16 Pro Max!