 |
|
|
|||||
In a new security advisory, Okta has revealed that its system had a vulnerability that allowed people to log into an account without having to provide the correct password. Okta bypassed password authentication if the account had a username that had 52 or more characters. Further, its system had to detect a "stored cache key" of a previous successful authentication, which means the account's owner had to have previous history of logging in using that browser. It also didn't affect organizations that require multi-factor authentication, according to the notice the company sent to its users. Still, a 52-character username is easier to guess than a random password it could be as simple as a person's email address that has their full name along with their organization's website domain. The company has admitted that the vulnerability was introduced as part of a standard update that went out on July 23, 2024 and that it only discovered (and fixed) the issue on October 30. It's now advising customers who meet all of the vulnerability's conditions to check their access log over the past few months. Okta provides software that makes it easy for companies to add authentication services to their application. For organizations with multiple apps, it gives users access to a single, unified log-in so they don't have to verify their identities for each application. The company didn't say whether it's aware of anybody who's been affected by this specific issue, but it promised to "communicate more rapidly with customers" in the past after the threat group Lapsus$ accessed a couple of users' accounts. This article originally appeared on Engadget at https://www.engadget.com/apps/okta-vulnerability-allowed-accounts-with-long-usernames-to-log-in-without-a-password-150041758.html?src=rss
Category:
Marketing and Advertising
I think my colleague Cherlynn Low jinxed us in the last installment with her mention of a slower than usual October. The last week of the month was jam-packed with news, especially from Apple, so we're in for a busy few weeks of reviews to finish out the year. This week, we tested Amazon's long-awaited color E Ink ereader, a DJI action cam that's finally a worthy GoPro rival and Google's latest tv-streaming device. Here's a quick round-up of the week's in-depth reviews, and a quick preview of what's to come in the post-Halloween deluge. Kindle Colorsoft review by Valentina Palladino After years of users clamoring for a color E Ink option, Amazon finally obliged with the Kindle Colorsoft. This model fills a key gap in the company's ereader lineup, with swift performance and a host of conveniences. The key problem is that it's expensive at $280, plus there's a blue tint to the display when warm light it off. What's more, text isn't as sharp when reading in black and white. Still, this new model will be great for things like graphic novels and other material where you really need to see things in full color. "While its very late to the color E Ink party, the Kindle Colorsoft is a solid premium ereader that provides an excellent experience both in color and black and white," Valentina notes. DJI Osmo Action 5 Pro review by Steve Dent Our camera expert Steve Dent put DJI's new action cam through its paces to see if the company did enough to catch up to the likes of GoPro. The short answer is yes, as the Osmo Action 5 Pro has the best battery life of any model in the category on top of good low-light performance, useful subject tracking and built-in memory. Color quality and video sharpness could be better, but DJI has finally given the competition something to worry about with this model. "Its one of the best action cameras Ive used, with battery life well above rivals, a solid waterproof construction and full support for DJIs Mic 2," Steve writes. "If low-light performance is key, head straight for DJIs Action 5 Pro." Google TV Streamer review by Amy Skorheim Another streaming device from Google? Yep! The Google TV Streamer isn't a perfect option for your living room, but according to buying advice reporter Amy Skorheim, there's a lot to like about this tiny gadget. Google doubled the price compared to the previous option, which isn't great, and the company didn't include an HDMI cable or support for Wi-Fi 6 or 6E. Once you dive in though, the mix of great UI, attractive design, speedy performance and smart home compatibility make the TV Streamer a handy device. "Yes, the extra RAM and storage is great, but there are a few features like Wi-Fi 6E support, true assistant capabilities, screaming processor speeds that Google could have packed in to make the $100 price tag unassailable," Amy explains. "The Google TV Streamer is responsive and quick, packing the best streaming interface out there with smart home features that are useful and properly integrated." Upcoming reviews: All the Macs, Sonos Arc Ultra and PS5 Pro Over the course of three days this week, Apple announced a new iMac, Mac mini and MacBook Pro, all of which are powered by the company's M4 chips. The biggest design overhaul came in the Mac mini, which truly lives up to its name now that it's a five-inch by five-inch box that's two inches tall, which isn't much bigger than an Apple TV 4K. Of course, the changes to iMac and MacBook Pro warrant a new slate of reviews, so we'll be putting all three machines to the test in the weeks to come. Sonos' follow-up to the Arc soundbar started shipping this week, and I've received our review unit for testing. Dubbed the Arc Ultra, this model should offer better bass performance from the soundbar itself, before you connect a separate wireless subwoofer. It's the debut for the company's Sound Motion tech, which increases that low-end tone without the need for larger components inside the living room speaker. Look for my review on this unit as early as next week. Gamers have likely been anticipating a barrage of PS5 Pro reviews, and ours is coming soon as launch day is November 7. As our gaming guru Jessica Conditt shared in her preview last month, it's not a console you need, but rather one that you'll definitely want. Stay tuned for our in-depth thoughts on how the combination of increased power and added tricks factor into that $700 price tag. This article originally appeared on Engadget at https://www.engadget.com/engadget-review-recap-amazons-colorful-kindle-djis-latest-action-cam-and-more-140046906.html?src=rss
Category:
Marketing and Advertising
Apple has determined that "a very small percentage" of iPhone 14 Plus models are having rear camera issues, and it has launched a service program to repair them for free. If your phone isn't showing a preview when you use its rear camera, then you may be eligible to get your phone fixed at no cost you can also contact Apple to get a refund if you'd already paid for a repair. The affected devices were manufactured between April 10, 2023 and April 28, 2024, around half a year after the model started shipping in 2022. You can check your device's serial number on the official repair program page to know if your device is included. To get it fixed, you can bring your phone to an Apple Authorized Service Provider or to an Apple retail store after making an appointment. You can also contact Apple Support if you want to mail your device to a repair center. The program covers repairs for all eligible phones for three years after the original date of purchase, so you may want to keep it in mind in case your unit starts exhibiting the issue in the future. Apple says it may "restrict or limit repair" to the unit's original region of purchase, though, so you'll have to check with the company if you bought your iPhone while traveling outside your country. This article originally appeared on Engadget at https://www.engadget.com/mobile/smartphones/new-apple-repair-program-will-fix-iphone-14-plus-rear-camera-issue-for-free-110051988.html?src=rss
Category:
Marketing and Advertising
All news |
||||||||||||||||||
|
||||||||||||||||||