A patch to iOS (7.06 and 6.1.6) yesterday revealed a deep-seated security flaw within both iOS and Mavericks (OS X 10.9 and 10.9.1). You can read about the flaw here and here, but what it comes down to is a typo by one of the Apple engineers.

Whoops.

What it means for you is that all secure communications, like when you sign onto your banking site through Safari, or check your mail using Mail.app, could have been compromised by an attacker.

Note that I said “could” and not “was”. I haven’t heard reports that this flaw has been exploited in the real world, but now that the cat’s out of the bag, someone may try.

From what I can see, this flaw won’t directly lead to an attacker gaining access to your password, but rather fool your browser into thinking it has reached a legitimate site instead of a close copy set up by the miscreant. Of course, once you think you’ve reached your bank, for example, you will probably enter your password and any other information it requests.

Bottom line: Update your iOS device to the latest version as soon as you can. Update your desktop as soon as there is something available, or use FireFox or Chrome (both unaffected) when signing on to a secure site, especially on a public network.

You can confirm the flaw by using this link. If you can see that page, your browser is not performing the correct security check and is affected by the flaw.

Apple released version 10.9 of their OS (“Mavericks”) on Tuesday. I’m sure it’s the greatest, biggest, and best-est release of an operating system in the history of man (just like every version that preceded it), and it’s nice that it’s now free, but I still recommend that you wait to install it until there is a version 10.9.1 or even 10.9.2. Although Apple has made some changes to the interface, included apps, and under the hood, there is nothing particularly pressing about this release, and I’ve encountered a few incompatibilities that need to be resolved.

Read the rest of this entry »

Intuit has released an Intel-based version of Quicken 2007 that will work in Lion. On the surface, it works the same as the previous Quicken 2007, looks about the same, but is significantly faster. It opened my existing file without fanfare, but did crash once when I was downloading security prices, so I expect there will be an update at some point.

You can buy the “new” version for $14.99 from here.

Intuit has sent an e-mail to some users announcing that Quicken 2007 will be updated to be compatible with the Lion OS. The note says it will happen in “early spring,” so hopefully that means before the deadline to switch from MobileMe to iCloud. It doesn’t mention a cost, and other sources have reported that the Quicken file has to be converted to the new version under Snow Leopard first.

The letter reads:

Dear Quicken Mac Customer:

As a fellow Mac fan and customer, I wanted to personally introduce myself, and share some highlights of our Apple-related efforts with you.

I recently became General Manager of the Personal Finance Group at Intuit, responsible for Quicken and Mint.com. Intuit’s 25 years of leadership in personal financial management software makes me excited to lead this team and I am committed to creating products to help you reach your financial goals.

I recognize, however, that we have not always delivered on this promise to Quicken Mac customers.

As you may know, Quicken for Mac 2007 does not currently work on Apple’s latest operating system, Mac OS X 10.7 (Lion). I understand the frustration this may have caused you and have put a team in place to address this issue. I am happy to announce that we will have a solution that makes Quicken 2007 for Mac “Lion-compatible” by early spring. There are still details to be worked out, so I ask your continued patience as we work through these. In the meantime, you can find more information on our Mac FAQ page.

Working toward a Quicken for Mac 2007 solution is just a first step in winning back your confidence.

We are expanding our development team to continue our renewed focus on personal finance solutions that suit the needs of our Mac customers. As we develop solutions, we’ll be looking to you and the rest of our Mac customers for ideas and feedback.

I understand we have a way to go, but I wanted to start by communicating our commitment to Mac and look forward to sharing the details with you as they emerge.

Thank you for your continued loyalty to Quicken.

Sincerely,

Aaron Forth
General Manager, Intuit Personal Finance Group

Ever use autofill in Safari only to have it fill in the wrong information? For example, you might want to use your work e-mail address, but it always chooses your home e-mail address, or you want it to fill in your cell phone number, but it always chooses your work number. Unfortunately, there is no way to tell the System which bit of information is “primary”.

Until now.

I just released a free app on my website called Safari Autofill Prefs that will let you choose the data Safari should use when doing an autofill.

FYI, Safari uses data from the Address Book, specifically your “Me” card. You can check this data by opening Address Book, then going to the Card menu and choosing Go To My Card. If it brings you to the wrong card (or no card at all), find your name, then go to the Card menu and choose Make This My Card.

Once you’ve located your “Me” card, make sure all of your various addresses, phone numbers, and e-mail addresses are entered, then try Safari Autofill Prefs to pick the items that Safari should use.

I’ve had a number of calls over the past few days from clients with MobileMe accounts who are having trouble sending otherwise innocuous mail. No settings have changed, the address is correct, there are no attachments (or they are small), and the e-mail should just go out. But it doesn’t. Instead, Mail spins for a few minutes, then displays an error window.

If this describes your experience over the past week, rest assured, it’s not you, it’s them.

Read the rest of this entry »

Apple released their new version of the OS today. Lion (v.10.7) is available as a download-only upgrade to Snow Leopard (v.10.6) through the Mac App Store, but you should not even consider upgrading, now or in the near future. Aside from the assortment of problems that are inevitable in any new software release, Lion will not support older, PowerPC-based applications. This means things like Quicken 2007 and older version of FileMaker Pro, 4D, and Microsoft Office (to name a few) will not work and would need to be upgraded or replaced.

There will come a point when you will be ready for Lion, but you should use this time to figure out what will and won’t work and make the necessary changes to ensure the transition will be as smooth as possible. In the meantime, let others work out the kinks.

You can read a review of the new features here.

I’ve been getting a lot of questions of late about Apple’s transition from MobileMe to iCloud. Unfortunately, I don’t have a lot of answers because Apple has not yet posted a lot of details, but they did post this page with more information.

The short version is, you don’t have to worry too much about it until June 2012, after which you will have to make the switch. Presumably, by then, they will have worked out both the details and the kinks.

By now you’ve probably heard that a company called Epsilon got hacked last week, and you’ve likely been told by roughly 10,236 organizations that you deal with regularly, so what does it really mean for you?

Read the rest of this entry »

Ars Technica published this story about the hacking of a firm whose business is to secure networks and protect others against the kind of hacking it suffered. It’s an interesting and instructive tale about how hackers operate and why it’s important to use secure, unique passwords for the different sites and services in your life.

Spoiler: It’s not so hard to “hack” when basic precautions are not taken.

Once this article rightly scares you, think about your passwords and whether you use the same ones everywhere. If you do, it’s time to change them. To help keep track, I recommend PasswordWallet, a Mac or Windows app with a related app for the iOS devices. PasswordWallet will let you track your various passwords and even offers tools to take you to sites and enter the passwords for you. It has facilities to synchronize the passwords among your various devices and keeps all of your information in an encrypted file protected by a single password.