Stuart Breckenridge

App Transport Security Requirements Delayed

Apple:

App Transport Security (ATS), introduced in iOS 9 and OS X v10.11, improves user security and privacy by requiring apps to use secure network connections over HTTPS. At WWDC 2016 we announced that apps submitted to the App Store will be required to support ATS at the end of the year. To give you additional time to prepare, this deadline has been extended and we will provide another update when a new deadline is confirmed.

It’s a strange delay. The only time I required a workaround was to support Cloudfront almost a year and a half ago.


— Supported by —


RealDonaldContext

Fantastic plugin for Chrome from the Fix team at The Washington Post:

Donald Trump’s primary means of communicating with the public is his Twitter account. Unfortunately, his tweets aren’t always entirely accurate, by mistake or by design.

The Washington Post’s Fix team has decided to help ensure that the public receives the most accurate possible information by creating this extension, which will add more context or corrections to things that Trump tweets.

RealDonaldContext in Action

Super Mario Run Out Now

Super Mario Run is out now. I’ve played it for a few hours, it’s incredibly fun and, importantly, looks and feels like a Nintendo game. I’ve also spent £7.99 to unlock the full game.

Buy it now.


Yahoo Confirms Security Breach of 1 Billion Accounts

Yahoo’s Chief Information Security Officer, Bob Lord, has announced in a Tumblr post that the data of over 1 billion Yahoo customers has been hacked:

As we previously disclosed in November, law enforcement provided us with data files that a third party claimed was Yahoo user data. We analyzed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data. Based on further analysis of this data by the forensic experts, we believe an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts.[…]

For potentially affected accounts, the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers. The investigation indicates that the stolen information did not include passwords in clear text, payment card data, or bank account information. Payment card data and bank account information are not stored in the system the company believes was affected.

Worryingly:

We believe this incident is likely distinct from the incident we disclosed on September 22, 2016.

In that particular incident the security breach affected 500 million accounts.

While Yahoo are taking steps to invalidate forged cookies, invalidate unencrypted security questions, and forcing users to change their passwords, I am of the opinion that having an account with them is somewhat of a liability. As such, I’ve taken the decision to terminate my account and have it deleted. If you wish to do the same, simply log in to Yahoo and then visit edit.yahoo.com/config/delete_user and follow the instructions.


AirPods Now Available to Order

AirPods are finally available to order with a pre-Christmas delivery.

Frankly, I can’t wait to be able to play music and charge my iPhone at the same time.

Update (2016-12-14): Shipping times have slipped to four weeks.

Update (2016-12-15): Shipping times have slipped to six weeks.