A critical MacOS login vulnerability is revealed; here’s how to fix it

Anyone using MacOS High Sierra should be on high alert. A Twitter user revealed a massive security vulnerability which allows anyone to log into your system as an administrator without valid login credentials. All a malicious user has to do is attempt to log in as “root” from the login screen, leave the password field blank, and press enter over and over until the system allows access.

Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?

— Lemi Orhan Ergin (@lemiorhan) November 28, 2017

That means anyone can approach your iMac, MacBook, or Mac Pro and access your computer without anything more than a couple keystrokes and zero technical know-how. Thankfully, there is a quick and easy fix. If you’ve already changed your system’s Root password, you’re safe. If not, however, changing that password should keep you safe until Apple issues an official patch.

If you’re running MacOS High Sierra, take a few minutes out of your day and apply this quick fix. First, we’re going to open up System Preferences, select Login Options, then click Join right beside Network Account Server. This will open up a small dialog box, there you will want to click Open Directory Utility.

From here, mouse up to your Finder bar, and click Edit. From this drop-down menu click Change Root Password. This is the most important part: Pick a strong, unique password that you won’t forget.

That’s it, problem solved — for now. Apple has yet to issue an official patch or set of instructions on how to protect yourself, but the above fix should do it. Just make sure you keep an eye on your Mac until this all gets sorted out.

The whole issue came to light after an industrious Twitter user pinged Apple Support’s official Twitter account for help regarding the vulnerability and from there it caught fire and spread. Twitter users from all over the world were confirming that they could replicate the vulnerability, and access their own computers without using anything more than a four-letter word.

This isn’t just a minor vulnerability either, this isn’t a loophole in some bit of code somewhere that only a security expert could exploit. This is a dead-simple way to break into someone else’s computer, and hopefully, there will be an official fix before long.

Editors’ Recommendations

• MacOS High Sierra is available today, here’s how to download it
• A High Sierra bug in the MacOS update could make it easy to steal passwords
• MacOS High Sierra Review
• MacOS High Sierra 10.13.1 adds 70 new emojis for more expressive conversations
• MacOS High Sierra nears September 25 release — here’s what you need to know

Take the latest SlashData developer survey and you could win a Pixel 2!

Are you ready for the most global developer survey, designed BY developers FOR developers?

The Developer Economics Q4 2017 survey is here and for its 14th edition, and it’s aiming at shedding light on the future of the software industry! Every year, more than 40,000 developers around the world participate in this survey, so this is a chance to be part of something big, voice your thoughts, and make your own contribution to the developer community. And you can even win an awesome prize for participating!

The survey is for all developers engaging in the following software development areas: Mobile, Desktop, IoT, AR/VR, Machine Learning & Data Science, Web, Backend and Gaming. As always the survey is looking to shed lights on questions about the current status and the future of the software industry. Remember that your opinion matters, so answers to these questions can be entirely shaped by you and your fellow developers!

Take the survey

There are some perks to go with your participation. Have a look at what you can get your hands on:

• Amazing prizes up for grabs like a Google Pixel 2, an iPhone X, a Windows Acer MR headset, a Nintendo Switch, Raspberry Pi 3s and more!
• A Developer Scorecard showing how other developers responded to the survey questions
• A free State of the Developer Nation Q1, 2018 report with the key findings (February 2018).
• A referral program you can join, promote the survey and win up to $700 in cash!

If Cyberpunk is your thing, you will love this survey! Always designed with an extra fun factor, the Developer Economics Survey shares a CyberPunk theme for its 14th edition. Taking the survey means that you will get to find out if you are a Cyber-Cultist, a Scale-O-Fixer or a Console Boy or something else! Sounds exciting right? Take the survey right away and have fun!

Take the survey and win great prizes!

Android 8.0 Oreo beta now rolling out to LG V30 in South Korea

Oreo’s launch on the V30 in other markets has yet to be announced, but this is a step in the right direction.

Like most flagship phones this year, the V30 shipped with Android Nougat. There’s absolutely nothing wrong with this, but Oreo’s rather hefty feature list is one that you likely don’t want to miss out on for longer than you need to. Although LG still hasn’t announced exact plans for a worldwide rollout of Oreo for the V30, the company has started pushing the update out to units in South Korea as part of a beta program.

Registration for the beta opened up earlier in November, and while LG probably isn’t accepting that many new applications (if any at all), you can still sign up by heading to the Quick Help app on your phone.

The Oreo update for the V30 and V30+ weighs in at around 1.2GB, and it comes with all of the features you’d expect, including picture-in-picture, notification dots, the Autofill API, and a ton more.

It’s unclear if LG will open up the beta to other countries, but seeing as how it’s already being pushed out to users in South Korea, we likely aren’t too far off from a full public release.

LG V30

• LG V30 review: The no-BS flagship
• Top LG V30 camera features
• Full LG V30 specs
• LG V30 vs. G6 vs. GS8
• The V30 is the first phone to support 600MHz spectrum
• Join our LG V30 forums

Hulu’s updated interface and live TV service available on Samsung Smart TVs

A welcome addition, but we’re still waiting on an update for Android TV 😞

Hulu launched its live TV service and updated UI earlier this year, and they’re two additions that make using the app much more enjoyable. Hulu’s new look has steadily been rolling out to more and more platforms, and the latest to receive the update is Samsung’s Smart TVs.

Hulu made the announcement via a blog post on its official website, and it notes that any Smart TV from Samsung released in 2017 will now have access to the more modern interface and live TV option.

The new UI for Hulu offers much more personalization for each of the six profiles that you can create, and the Hulu With Live TV plan costs $39.99/month after a one-week free trial.

Samsung’s Smart TVs are the latest devices to support Hulu’s new look, with other supported hardware including Roku and Amazon Fire TV options, 4th-generation Apple TV, Xbox One lineup, Android and iOS, and even the Nintendo Switch. Unfortunately, there’s still no word as to when Android TV will get to share in on the fun.

Hulu’s Android TV app is looking mighty dated these days.

Hulu occasionally updates its app on Android TV, but it’s still rocking the now-outdated interface with no option for live TV support. That’s a potential deal-breaker for some Hulu subscribers eager to try out Google’s take on Android for the living room, so we hope this is something that gets fixed sooner rather than later.

Hulu for Android TV now supports Google Assistant voice commands

Instagram adds option for “remixing” photos that friends send to you

Remixing photos and customizing how often friends can view direct messages are both part of the Instagram v24 update.

Instagram recently released version 24 of its Android app, and included with this are two new features specifically for Instagram Direct.

The first, and biggest, of these two features is referred to as “remix.” After a friend sends you a photo as a direct message, you can grab that photo as a sticker and use it in your reply to “remix” its look. You can draw on the photo, add text, stickers, etc. I’m not sure how useful it actually is, but it looks like a fun party trick nonetheless.

Also new is the ability to control how often a friend can view a photo that you send them. After you take a picture and get ready to send it to someone, you now have the option of sending it with One View or the Allow Replay options. One View will only allow the recipient of your message to see it once, whereas Allow Replay enables them to view it as much as they’d like.

Instagram 24 is rolling out to the Play Store now, and you can download it by clicking on the button above.

Instagram now lets you livestream with a friend

Yandex wants to ensure its self-driving cars can survive the winter

Many self-driving car tests are conveniently run in warm, sunny climates where the road conditions are rarely less than ideal. But what about that significant chunk of the planet that gets snowfall? Yandex is finding out. The Russian internet giant has started testing its autonomous Prius cars in winter conditions around Moscow’s suburbs to see how they fare when snow obscures the roads and ice makes traction difficult. The video you see here is highly edited, but it suggests that the driverless machines are up to the job — they can stay in their lanes, come to smooth stops and brake for pedestrians.

These aren’t the worst conditions a self-driving car could face. What about snowstorms and highway driving? Nonetheless, these experiments are important. If autonomous driving is going to enter the mainstream, it can’t just work in balmy places like California or Singapore — it has to function year-round in areas where snow may stick around for months. The whole point of a driverless car is to take the burden off of humans while improving safety, and that could be crucial in snowy countries where merely setting out on the road can be a risky endeavor.

Source: Yandex.Taxi (YouTube)

Hyundai adds on-demand car washes to its Blue Link service

In a world where you can have your McDonald’s delivered and the UPS driver has access to your Amazon-enabled foyer, keeping the family car clean remains a decidedly low tech affair. You’ve got the choice between pulling out the mop and bucket yourself or driving down to the gas station to have a room-sized robotic arm do it instead.

But at the 2017 Los Angeles Auto Show on Tuesday, Hyundai delivered a third option: The company announced that it’s teaming up with Washos to provide on-demand car cleaning through its Blue Link connected car package. Subscribers will be able to schedule a washing through the Hyundai companion app, whereupon a Washos mobile car wash crew will show up and clean your ride. Not only can you have the exterior scrubbed clean, the service attendant will be able granted temporary authority to remotely unlock the vehicle’s doors so that they can detail the interior as well.

Car washes are only the start, mind you. Hyundai is partnering with Mountain View-based startup, Smartcar, to expand the Blue Link service into Blue Link All-Access. Hyundai owners will be able to remotely order groceries and gas using a mobile app, then have them delivered directly to their vehicle. Users will even be potentially able to rent out their vehicle for car sharing programs.

“This proof of concept will allow us to understand the benefits, requirements and challenges of linking to third party providers,” Manish Mehrotra, director of digital business planning and connected operations for Hyundai Motor America, said in a statement. “Developing an open Blue Link ecosystem creates a myriad of possible business models for the future.”

Hyundai’s Blue Link package costs $100 a year for current owners. These additional services will be free for the first three years for all 2018 Hyundai models and will launch in Los Angeles before expanding to the Bay Area.

The FCC is peddling its net neutrality spin as facts

Last week, the FCC released the final draft of its proposal to rollback net neutrality protections, a plan that the agency will vote on next month. Removing these protections has been a targeted goal of FCC Chairman Ajit Pai since he took the position, and even in the face of immense pushback from both the public and hundreds of companies and organizations, the FCC has moved forward with the plan and are fully expected to approve it in just a couple of weeks. Since its release, the draft proposal has continued to draw intense opposition and now the FCC has released a list of myths vs. facts in regards to the plan. But this list, which poses as an explanatory breakdown of the FCC proposal and is most definitely the agency’s attempt at damage control, is nearly as ill-conceived as the plan itself.

Let’s take the first bullet point. “Myth: This is the end of the internet as we know it. Fact: The internet was free and open before the Obama Administration’s 2015 heavy-handed Title II regulations, and it will be free and open after they are repealed.” Well, Mr. Pai, that last bit isn’t actually a fact. It is at best a hope. The FCC could have ensured that a free and open internet would indeed be a fact for the citizens of the United States, but it has instead chosen to remove the regulations that would do just that. What internet service providers (ISPs) will choose to do with their soon-to-be newfound deregulation is not in any way guaranteed and even if some have said they will honor net neutrality and promote an open internet, it doesn’t mean they actually will.

Here’s another one. “Myth: This will result in ‘fast lanes’ and ‘slow lanes’ on the internet that will worsen consumers’ online experience. Fact: Restoring Internet freedom will lead to better, faster and cheaper broadband for consumers and give startups that need priority access (such as telehealth applications) the chance to offer new services to consumers.” The FCC is really playing fast and loose with the word “fact” because, again, this is not a fact.

A fact, since we clearly need to review its definition, is, according to the trusty ol’ Merriam-Webster dictionary, “something that has actual existence, an actual occurrence or a piece of information presented as having objective reality.” The FCC doesn’t have any way to prove that its proposal will lead to a better internet experience for consumers. It can hope that’s the case. It can, I guess, continue to preach that such an unfounded claim could happen, but stating that as fact is wildly inappropriate, egregiously misleading and a straight-up abuse of power.

The majority of the FCC’s myth vs. fact list does this repeatedly — stating something as fact when it is at most a possibility. Whether they are possibilities that the members of the FCC actually believe could happen or just what they want all of us to think will happen is unclear.

If we are to believe this list, the FCC proposal WILL “promote consumers’ online privacy,” ISPs WON’T block websites or charge more for certain content and the reduced regulations WILL “lead to greater investment in building and expanding broadband networks in rural and low-income areas.” But all of those claims are ridiculous because none of them are guaranteed.

What the FCC is doing with this proposal is putting all of its faith and the fate of consumers’ internet in the hands of US ISPs. Sure, some of these practices didn’t happen prior to the 2015 regulations put in place during the Obama administration, but the FCC wants everyone to buy into the belief that they never will. Essentially, it wants you to trust ISPs to do the right thing.

But why should we? ISPs aren’t governed by the public good. They aren’t driven by morality. Their business decisions aren’t made based on what is best for the consumer. They are all there to make money. And if throttling service or offering paid prioritization is the next way for them to make more money, then why wouldn’t they do it? Further, if the FCC members truly believe ISPs won’t or that they shouldn’t (though I highly doubt they believe that), then why on earth would they remove the only regulations keeping them from actually doing that?

The FCC also says that if ISPs engage in practices like blocking and throttling, they would face heavy consumer backlash and the insinuation is that consumer backlash is enough to deter such practices. It has also continuously stated that removing these regulations would promote competition and protect the consumer. If you look at the US as a whole, there are quite a few ISPs around — BroadbandNow says there are currently 2,665 ISPs in the US — but that number keeps dropping as more and more companies merge.

Some of the mergers are between smaller telecom companies that you likely haven’t even heard of, but others, like Charter’s acquisition of Time Warner Cable, are massive and have a huge impact on the market. Nationwide, the telecom market is being consolidated, and a few significant mergers — Charter and Time Warner Cable as well as Verizon and AOL — have happened since the Obama-era Title II regulations were put in place, meaning there’s less competition to, in theory, keep ISPs in check than there was prior to those regulations being put in place.

But even outside of reduced competition, when it comes down to the individual internet user, nationwide competition actually has very little meaning. Many people have just one or, at best, two ISPs to choose from. So, even if consumers wanted to fight back against shady ISP practices by switching to another provider, most can’t. And so this idea that consumers themselves can keep ISPs in line and encourage them to promote an open internet is completely bogus. Consumers can’t do that, which is why so many want the FCC to.

Plus, a number of companies have actually engaged in practices that go against the spirit of net neutrality. Comcast has repeatedly prioritized its own streaming services over others by excluding its own from data caps. It also, along with Time Warner and Verizon, has been accused of throttling Netflix streaming. Verizon, T-Mobile and AT&T have also all come under for their zero-rating schemes, which were initially denounced by the FCC until Ajit Pai took over. And some of those practices took place while Title II regulations and bright-line rules were in place. Why should we expect ISPs to not engage in those practices without regulations?

So while reading the FCC’s list of myths vs. facts, keep in mind that most of those “facts” are opinions, hopes or possibilities. And you have to ask yourself if you trust unregulated ISPs to choose the possibility that’s best for you and best for the internet. If you don’t, speak up for net neutrality, because it’s running out of time.

Third-party Alexa skills can now use notifications

Your phone gets notifications, so why can’t your smart speaker? Amazon is doing something about it.. and thankfully, it’s not as bothersome as it could be. The company is trotting out a developer preview of notifications in Alexa skills. If you opt in, third-party skills can push notifications to your Alexa-equipped devices (such as an Echo speaker or your phone) that will trigger both a sound and an on-device alert (whether an LED light or on-screen display. This doesn’t mean you’re going to be peppered with unwanted speech, though: your notifications accumulate, and you’ll only hear what they are when you ask Alexa to read them.

Amazon stresses that it won’t allow notifications with advertising, and it wants developers to use notifications “sparingly.” You shouldn’t get an Instagram-like deluge if skill creators respect the guidelines. And there are already examples of notifications at work. AccuWeather, Domino’s Pizza, family finder Life360 and Amazon’s own Washington Post all have early notification support for features like news, weather and location updates.

At the same time, Amazon is taking advantage of Alexa’s newfound ability to recognize individual voices. As of early 2018, third-party developers will have the option of personalizing experiences based on who’s speaking. You may get different music playlists, for instance, or a game that tracks progress for specific people.

It’ll be a while before these features see widespread adoption, but they both illustrate how important Alexa is to Amazon — it’s an entire platform, not just a companion service. If Amazon is going to stay ahead of Google and Apple in the smart speaker arena, it needs a voice assistant with at least some features its rivals can’t yet match.

Via: TechCrunch

Source: Amazon Alexa

YouTube’s Community social feature set to expand to more creators

Last year, YouTube launched its Community tab — a social feature that lets creators engage with their followers through text, video, photos and more. At launch, YouTube had extended the feature to just a few creators, and the rollout has been slow ever since. But the response has been pretty positive and YouTube said it planned to add more channels following the launch. Well, today, Golden State Warrior and big Community tab fan Kevin Durant tweeted that he had heard the feature would open up to more creators quite soon. And YouTube Chief Product Officer Neal Mohan all but confirmed that is indeed the case.

Got word that the @YouTube Community tab I’ve been talking to you guys on is opening up to more creators this week. @nealmohan true?

— Kevin Durant (@KDTrey5) November 28, 2017

@KDTrey5 @RudyMancuso Well, I can’t say anything official…but 🙌

— Neal Mohan (@nealmohan) November 28, 2017

It’s unclear as of now how big the rollout will be, but it seems like we can expect an official announcement from YouTube sometime soon. Naturally, Durant posted the news on his YouTube Community page, which you can check out here.

Via: Kevin Durant