1Password Integrates With 'Pwned Passwords' to Check if Your Passwords Have Been Leaked Online

Password management app 1Password this week got a new feature on the web, and developer AgileBits described it as a way for users to check and make sure that their passwords aren't "pwned passwords," or passwords that have been leaked online. While the launch is web-only right now, AgileBits said it will be coming to 1Password apps in the future.

1Password's new feature integrates with a newly updated service by Troy Hunt -- who previously created a breach notification service called Have I Been Pwned -- and securely and privately checks your passwords against more than 500 million passwords collected from various breaches.

This way, users can further ensure that their passwords saved within 1Password are as secure as possible, and if Hunt's new service surfaces a warning about compromised data, they can change to a new one without leaving 1Password.


Pwned Passwords originally launched as a feature within Have I Been Pwned last August, but Hunt has now updated it to version two and greatly expanded the amount of passwords indexed, originally starting with 320 million. For 1Password's integration, which is still just a proof of concept as of now, AgileBits said the feature is available today to everyone with a 1Password membership, and shared the following steps:
- Sign in to your account on 1Password.com.

- Click Open Vault to view the items in a vault, then click an item to see its details.

- Enter the magic keyboard sequence Shift-Control-Option-C (or Shift+Ctrl+Alt+C on Windows) to unlock the proof of concept.

- Click the Check Password button that appears next to your password.
Once you click "Check Password," 1Password will communicate with Hunt's service of indexed passwords, letting you know if yours exists in his database. As AgileBits pointed out, "If your password is found, it doesn't necessarily mean that your account was breached. Someone else could have been using the same password." Still, the company encouraged immediate action for any user who sees a confirmation of a password matching to Hunt's service.


In the announcement, AgileBits ensured that this communication with Pwned Passwords keeps user passwords "private and secure" because they are "never sent to us or his service." Hunt's service never receives the full password, and only requires the first five characters of each password hash. The developer stated, "we would never add it to 1Password unless it was private and secure."
First, 1Password hashes your password using SHA-1. But sending that full SHA-1 hash to the server would provide too much information and could allow someone to reconstruct your original password. Instead, Troy’s new service only requires the first five characters of the 40-character hash.

To complete the process, the server sends back a list of leaked password hashes that start with those same five characters. 1Password then compares this list locally to see if it contains the full hash of your password. If there is a match then we know this password is known and should be changed.
Hunt goes into more detail about Pwned Passwords in his own announcement post about the update to the service. AgileBits confirmed that it will be adding Pwned Passwords to its own security breach warning feature, called Watchtower, within 1Password apps "in future releases."

Intel Didn't Tell U.S. Government About Meltdown and Spectre Until Vulnerabilities Went Public

Intel failed to inform U.S. cyber security officials about the Meltdown and Spectre chip flaws ahead of when they leaked to the public even though Intel had advanced knowledge of the vulnerabilities, several tech companies said in letters sent out to lawmakers on Thursday.

According to Reuters, Apple and Google parent company Alphabet sent letters to Representative Greg Walden, who chairs the House Energy and Commerce Committee. Walden had previously questioned the tech companies about when the chip flaws were disclosed to Intel.


Alphabet said its Google Project Zero team informed Intel, AMD, and ARM about the chip vulnerabilities in in June and provided the three companies with 90 days to fix the problems before disclosing them.

Intel did not tell the U.S. Computer Emergency Readiness Team, aka US-CERT about the Meltdown and Spectre flaws until January 3, however, well after media reports went live. According to Intel, it did not disclose the vulnerabilities ahead of time because hackers had not exploited them.
Intel said it did not inform government officials because there was "no indication that any of these vulnerabilities had been exploited by malicious actors," according to its letter.
At the time the flaws were discovered, Intel also did not do an analysis on whether the flaws could impact critical infrastructure because it did not believe industrial control systems could be impacted, but it did inform the technology companies that use its products.

News of Meltdown and Spectre, two chip flaws that impact all modern processors, first began circulating in early January. Meltdown and Spectre take advantage of the speculative execution mechanism of a CPU, and because they are hardware-based flaws, operating system manufacturers have been forced to implement software workarounds.

Apple first addressed Meltdown and Spectre in iOS 11.2, macOS 10.13.2, and tvOS 11.2 and has since mitigated both vulnerabilities with little to no impact on device performance.

In addition to questioning by the U.S. government over its failure to share information on the security flaws, Intel is also facing at least 32 Meltdown and Spectre lawsuits

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Net Neutrality Repeal Made Official With Entry Into Federal Register

It's been two months since the Federal Communications Commission voted 3-2 in favor of repealing Net Neutrality rules that were put in place by the United States government in 2015. That decision has been made official today by being entered into the Federal Register, and will become law starting April 23, 2018.

Following the vote, lawsuits began to appear in efforts to block the rollback of Net Neutrality, with one multi-state lawsuit being led by New York Attorney General Eric Schneiderman and 22 other Attorneys General. As pointed out by TechCrunch, now that the Restoring Internet Freedom order "legally exists," every opponent in the U.S., "from citizens to attorney generals to governors and senators," will be able to begin their own lawsuits over the decision.


Prior to today, many actions contemplated and indeed announced by opponents of the rule were technically not possible, since the rule was technically not yet in force. A state can’t, for example, argue that its own laws are infringed upon by a rule until that rule legally exists.

Today is the moment that the net neutrality repeal legally exists, and you’re going to see a lot — a lot — of actions taken against it, all over the country.
The decision was heavily debated leading up to the vote in December, with proponents arguing the internet will now go back to a "light-touch regulatory scheme" it faced prior to 2015 and the advent of Net Neutrality. Opponents of the repeal vocalized fear that internet service providers will now be able to slow down internet speeds -- or block access completely -- to certain websites they see as competitors, among other concerns.

Specifically, the FCC's vote reclassifies ISPs as "information service" providers -- as they were between February 1996 and February 2015 -- instead of classifying them as "common carriers" under Title II of the Communications Act of 1934. According to the Federal Register document published today, the decision to do this was made to restore broadband internet services as a "lightly-regulated" market. This means that one of the only major stipulations placed on ISPs like AT&T and Comcast is that if they do throttle a user's internet for any reason, they must disclose it. For its part, AT&T has said it is "committed to an open internet."

A report by Recode in January examined how major technology companies responded to the Net Neutrality debate, with Apple, Amazon, Facebook, and Google spending about $50 million in 2017 lobbying the government on the issue. Apple alone was said to have spent $7 million on lobbying last year with a focus on encryption and immigration as well as Net Neutrality, growing from $4.5 million in 2016.

Apple's push against the repeal of Net Neutrality included a letter from August 2017 urging the FCC not to roll back the rules. Apple's letter discussed internet "fast lanes" and "slow lanes," where paid fast lanes could result in an "internet with distorted competition." Apple ultimately said this ruling could "fundamentally alter the internet as we know it," and if it passed it would be put in place to the detriment of consumers, competition, and innovation.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Apple Shares New Photos of First Store in Austria, Opening February 24

Apple's first store in Austria is set to open on Saturday, February 24, and ahead of the store's official launch date, Apple has shared some photos that showcase the new location.

Apple Kärntner Straße is located on Vienna's Golden Quarter, in the famous pedestrian shopping street between St Stephens Cathedral and the Vienna State Opera. The two-level store features a corner entrance and reinstated exposed columns with large window openings that seamlessly connect it to the public gathering space outside. 

"We can't wait to join the bustling city of Vienna, a European crossroads so rich in history and culture," said Angela Ahrendts, Apple's senior vice president of Retail. "Apple Kärntner Straße brings the best of Apple together with our products, services and educational programs. Everyone is welcome to connect, be inspired to learn, and unlock their creativity."
Like all Apple stores, Apple Kärntner Straße will offer customers free "Today at Apple" sessions – daily workshops focusing on photography, coding and app development, music, art and design, and more. Each session is hosted in an area of the store called The Forum that boasts a dynamic 6K video wall, recreating the same layout found in many of the company's retail stores around the world.

Apple says the store will include its entire line of products, while new owners can get help customizing their iPhone, iPad, Apple Watch or Mac from the store team of 150 employees, which together speak 44 languages.


So long as no additional stores open between now and Saturday, Apple Kärntner Straße is likely to be Apple's 501st retail store. Apple currently has 500 retail stores around the world, not counting Apple Watch boutiques and factoring in the two store closures in Simi Valley, California and Sapporo, Japan.

Apple began posting job listings for Austria's first Apple store in February of 2017 and announced its opening plans late last month. Apple Kärntner Straße will open up at 9:30 a.m. local time, and Apple is already accepting Genius Bar appointments and Today at Apple signups.

How to Merge and Remove Duplicate Contacts in macOS and iCloud

If you've been maintaining and migrating the same Contacts list across Macs over the years then you've probably come across your fair share of duplicate contact cards. They can also appear seemingly out of nowhere after setting up iCloud Contacts on your Mac for the first time.

Unless you intentionally keep certain information for the same contact separated out for whatever reason, duplicate cards will add nothing but irritation to your day, so here we're going to show you how to merge and/or remove them, whether you're sat at your Mac or not.

➜ Click here to read more...

Related Roundup: macOS High Sierra

Apple Releases Safari Technology Preview 50 With Bug Fixes and Feature Improvements

safaripreviewiconApple today released a new update for Safari Technology Preview, the experimental browser Apple first introduced nearly two years ago in March of 2016. Apple designed the Safari Technology Preview to test features that may be introduced in future release versions of Safari.

Safari Technology Preview release 50 includes bug fixes and feature improvements for Service Workers, Web App Manifest, Payment Request, Web API, Rendering, Web Inspector, Web Driver, Accessibility, and Javascript.

The Safari Technology Preview update is available through the Software Update mechanism in the Mac App Store to anyone who has previously downloaded the browser. Full release notes for the update are available on the Safari Technology Preview website.

Apple's aim with Safari Technology Preview is to gather feedback from developers and users on its browser development process. Safari Technology Preview can run side-by-side with the existing Safari browser and while designed for developers, it does not require a developer account to download.

Apple Releases Third Beta of macOS High Sierra 10.13.4 to Public Beta Testers

Apple today released the third beta of an upcoming macOS High Sierra 10.13.4 update to public beta testers, one day after seeding the third beta to developers and two weeks after releasing the second 10.13.4 public beta.

Beta testers who have signed up for Apple's beta testing program will be able to download the new macOS High Sierra beta through the Software Update mechanism in the Mac App Store.


Those who want to be a part of Apple's beta testing program can sign up to participate through the beta testing website, which gives users access to iOS, macOS, and tvOS betas.

macOS High Sierra 10.13.4 introduces support for some features that are also available in iOS 11.3, like Messages on iCloud, which uploads all of your iMessages to the cloud. It will also support Business Chat, a feature coming when iOS 11.3 and macOS 10.13.4 are released to the public.

The new macOS update also includes the smoke cloud wallpaper that was previously only available on the iMac Pro, it changes the name of the "iBooks" app to just "Books," and it introduces a warning when opening up a 32-bit app as part of an effort to phase them out.

In the future, Apple plans to phase out 32-bit Mac apps, just like it did with 32-bit iOS apps. Apple says macOS High Sierra is the last version of macOS that will support 32-bit apps without compromises.

Related Roundup: macOS High Sierra

Parallels Toolbox 2.5 for Mac Gains Web Page Screenshot Feature, Batch Image Conversion, and More

Parallels has released Parallels Toolbox 2.5 for Mac, bringing a handful of new features to the standalone application which aren't necessarily tied to virtualization. Essentially, the Toolbox places a drop-down menu in the Mac's menu bar, allowing users to do certain tasks more quickly. Tasks include the ability to record the screen, take screenshots, record audio, archive files, convert and download video, lock the screen, and more.

New one-click tools in this version include: a Screenshot Page function, which lets you capture and print lengthy web pages that don't fit on a single screen; a Free Memory tool for checking available RAM and quickly reclaiming memory; and a batch image resizing utility to convert multiple images to your desired file size and format.


Elsewhere, Toolbox 2.5 includes enhancements to existing functions, such as Clean Drive live disk monitoring, extended Download Video and Record Video options, and new delay settings for Screen Capture. In addition to the above, Parallels has streamlined the video/photo capture and conversion process, and enhanced the presentation and screen sharing modes to make additional options available to the host user. This version also has Archive and Unarchive utilities bundled to improve workflows involving file compression.

Lastly, Parallels has announced Toolbox Business Edition, offering IT admins focused time-saving tools that aim to solve help tickets more efficiently, such as license and subscription management features, mass Toolbox deployment, and customizable Tool libraries for individual users.

Parallels Toolbox 2.5 for Mac is available at the Parallels website as a standalone product for $19.99 per year. Each annual license includes free updates of new and enhanced tools as they become available.

10 Essential Tips for Using the macOS Finder More Efficiently

The Finder is a classic Mac system component that's ever-present on your desktop, ready to help you find and organize your documents, media, folders, and other files. It's the smiling icon known as the Happy Mac logo on your Dock, and includes the Finder menu bar at the top of the screen.

A lot of hidden power resides in every Finder window. In this article, we've highlighted some of our favorite Finder tips and tricks to help you work more efficiently with files and folders on your Mac.

➜ Click here to read more...

Related Roundup: macOS High Sierra

Apple Seeds Third Beta of macOS High Sierra 10.13.4 to Developers

Apple today seeded the third beta of an upcoming macOS High Sierra 10.13.4 update to developers, two weeks after seeding the second beta and a month after releasing macOS High Sierra 10.13.3. The update also comes one day after the release of a 10.13.3 Supplemental Update to address a bug that could cause apps to crash when receiving a character from the Indian language Telugu.

The new macOS High Sierra 10.13.4 beta can be downloaded from the Apple Developer Center or through the Software Update mechanism in the Mac App Store with the proper profile installed.


macOS High Sierra 10.13.4 includes bug fixes and performance improvements for issues that weren't addressed in macOS High Sierra 10.13.3.

The update also offers support for some features that are available in iOS 11.3, like Messages on iCloud, which uploads all of your iMessages to the cloud. It will also support Business Chat, a feature coming when iOS 11.3 and macOS 10.13.4 are released to the public, and it includes improved support for eGPUs.

The macOS 10.13.4 brings the smoke cloud wallpaper that was previously only available on the iMac Pro, it replaces the "iBooks" app with the new renamed "Books" app, and it introduces a warning when opening up a 32-bit app as part of an effort to phase them out.

In the future, Apple plans to phase out 32-bit Mac apps, just like it did with 32-bit iOS apps. Apple says macOS High Sierra is the last version of macOS that will support 32-bit apps without compromises.

Related Roundup: macOS High Sierra

Apple Files New Trademark Application for Classic 'Rainbow' Logo

Apple has applied for a new U.S. trademark for its famous multicolor logo for use on apparel, reports The Blast. The Apple filing was processed in December by the U.S. Patent and Trademark Office's Trademark Reporting and Monitoring System (TRAM), and is now being considered for approval.

The description of the mark in the filing is of "an apple with a bite removed, with a detached leaf in green, and the apple divided into horizontal colored segments of the following colors (from top to bottom): green, yellow, orange, red, violet and blue".

According to the application, the logo will be used for headgear, namely, hats and caps. Apple already sells t-shirts with the same logo emblazoned on the front at its Apple Park Visitor Center, so the filing likely relates to a possible extension of the existing clothing line, although there's no saying whether Apple will actually use the trademark or just wants to protect it against unofficial use.

The classic multi-colored Apple logo was conceived by graphic designer Rob Janoff in 1977, but Steve Jobs axed the design when he returned to Apple in 1997 in favor of the monochromatic logo that continues to be used today.

Janoff's "rainbow Apple" was actually created as a more modern, albeit playful replacement for Apple's first logo, which was designed in 1976 by Apple co-founder Ron Wayne. Sometimes referred to as Apple's "fifth Beatle", Wayne famously sold his stake in the company two weeks after it was founded.

Wayne was a fan of the ornate line-drawing style of Victorian illustrated fiction, and used Sir Isaac Newton as the company’s symbolic bellwether, an apple hanging precariously above his head. A quote from Wordsworth embellishes the baroque frame: "A mind forever voyaging through strange seas of thought, alone."

Apple Releases macOS 10.13.3 Supplemental Update With Telugu Crash Fix

Apple today released a new version of macOS High Sierra 10.13.3, which comes approximately one month after the first version of macOS High Sierra 10.13.3, an update that offered fixes for the Meltdown and Spectre vulnerabilities discovered in early January.

The new macOS High Sierra update can be downloaded directly from the Mac App Store or through the Software Update function in the Mac App Store on all compatible Macs that are already running macOS High Sierra.


Today's update addresses a bug that causes apps like Messages to crash due to an inability to render a character in the Indian language Telugu. When sent or received, the character in question can cause an app like Messages or Safari to freeze up and become unresponsive.

There's also a separate macOS High Sierra 10.13.13 Supplemental Update for iMac Pros, which is designed to fix the Telugu bug on those machines.

Prior to today's update, the only fix in an app like Messages was to delete the entire conversation containing the buggy character. The update also impacted iOS 11.2.5, and Apple also released a new iOS 11.2.6 update to fix it.

Apple previously addressed the Telugu character bug in iOS 11.3 and macOS 10.13.4, but those updates are still in beta testing and won't be released until the spring. Apple last week promised a minor update to fix the bugs in the meantime.

Related Roundup: macOS High Sierra