All posts in Hole

FaceTime for Mac Has Huge Security Hole

Okay, okay, it’s a beta and we all know betas tend to have glitches big and small. Users poke, prod, and discover issues and the results of our testing trickles back to the software developers who squash bugs for a living. That’s the drill, but this seems a biggie to let slip out the door.

We clearly anticipate this one getting fixed really, really quickly. Via Mac Rumors we find that FaceTime for Mac displays your account information once you’re logged in. What kind of account information? you ask. How about your date of birth as well as your security question and its answer? How about that on display?

face time for mac kid

Now, granted, someone has to have physical access to your computer to see this information, but looking over your shoulder in a coffee shop isn’t that hard to pull off. And with this information, they can change your password and lock you out of your own account while they run rampant. Apparently, you can even reset your password in FaceTime without being first prompted to enter the original password.

What’s that? You say you’ll just log out of FaceTime when you’re done? Not so fast there, kids. FaceTime for Mac Beta is just so darned helpful that it remembers the last accessed account and autopopulates the information when you (or someone else) signs on. So you don’t even need to have FaceTime open to let anyone who gets their hands on your machine have full rein of anything you use your Apple ID for, like iTunes and the App Store.

Ain’t it grand being an early adopter?


Twitter Fixes Security Hole, Adds Two New Features

Twitter is recovering after an attack on the social networking site earlier today. According to TechCrunch, the site suffered an attack whereby users could tweet some JavaScript code that could in turn cause pop-ups anytime someone moused over a maliciously crafted tweet.

Fortunately, Twitter was able to get the attack stopped before more users became victim to this exploit. This attack only affected the web-based version of Twitter, as users accessing Twitter through a client like the official Twitter client were not susceptible.

TechCrunch is also reporting that Twitter rolled out two new features today to their new Twitter interface (for those lucky enough to have access at this time). The first new feature gives you the ability to reply to all users contained in a tweet when replying to a tweet. The second addition is an auto-complete feature when typing a username into a tweet. Simply type the @ symbol followed by the first few letters of a username and Twitter will suggest users to you in a pop-up list, allowing you to select one.

Unfortunately, the new Twitter interface isn’t being rolled out to everyone at once, but if you are one of the lucky few that uses the web interface, these changes will be welcomed.


Follow this article’s author, Cory Bohon on Twitter.