Latest
TV reporter's sick-call email sparks glorious reply-all chaos
If you've ever been caught up in an accidental reply-all email thread, you know how much of a disaster it can be between the lame jokesters, the "remove me from this list" complaints (which only make it worse) and the productivity black hole it creates. For Kansas City's Nick Vasos, however, his reply-all mistake led to something... more. When the Fox 4 TV reporter inadvertently sent a sick-call email to all of Nexstar Media Group, he not only triggered an epic reply-all email chain, he sparked a social media sensation. Staff built mock shrines to wish him well, he was highlighted on the Today Show, and the #PrayersforNick hashtag ended up trending nationwide -- normally the sort of thing reserved for actual disasters, hot movies and other high-profile stories.
Microsoft tests Gmail integration in web-based Outlook
Microsoft seems to be testing a new feature that lets users add Google services to their Outlook accounts, as revealed by Twitter user Florian B and reported by The Verge. If available on your account, you should see a pop-up that says, "Add your Google Mail and Calendar to Outlook and easily manage everything in one place." Doing so allows you to switch between your Outlook and Gmail inboxes (though this causes the entire browser tab to refresh) and browse your Drive files. It's not clear how Google Calendar is integrated into Outlook.
Apple will fix macOS flaw exposing portions of encrypted emails
Apple is touting its claimed privacy advantage more than ever, but that's not entirely true for Mac users at the moment. The company tells Engadget it will fix a macOS flaw that leaves portions of encrypted Mail messages unprotected. Bob Gentler has discovered that a database file used by Siri (snippets.db) was storing text from emails that were otherwise supposed to be protected -- even if you remove the private key that prevents you from reading the app in Mail. While it's not the full message, it could still pose problems if a hacker has access to your system and is trawling for sensitive info.
App maker claims 'Sign in with Apple' copies anonymous email feature
Sign in with Apple's ability to shield your real email address may sound clever, but one app developer claims it's just riffing on their technology. Blue Mail creator Blix has sued Apple for allegedly violating a 2017 patent on the "Share Email" feature in its app. The company claims that Apple's generation of a unique email address for sign-ins copies Blue Mail's ability to share a public email address for messaging while hiding your actual address.
Former Yahoo engineer hacked 6,000 accounts in search of sexual content
A former Yahoo engineer pleaded guilty to hacking into roughly 6,000 accounts in search of sexual photos and videos. According to court documents, Reyes Daniel Ruiz, 34, used his employee access to Yahoo's internal network to crack users' passwords. He then downloaded explicit photos and videos to a personal hard drive, which he stored at home.
State Department revives investigation of Clinton's private emails
Hillary Clinton's private email server may once again be a hot-button issue three years after the FBI said it wouldn't press charges. Washington Post sources claimed State Department investigators have contacted "as many as" 130 officials to let them know that emails sent to Clinton's private inbox have been retroactively classified, making them possible security violations when they weren't at the time they were sent. The Department had started reaching out roughly a year and a half ago, according to the report, but fell quiet before resuming in August.
DoorDash security breach affects nearly 5 million users
DoorDash announced today that it suffered a security breach that affected 4.9 million users. According to the company, on May 4th, 2019, an unauthorized third-party gained access to information belonging to DoorDash users including consumers, delivery drivers and merchants who joined the platfrom on or before April 5th, 2018. The information accessed included names, email addresses, physical addresses used for deliveries, order histories, phone numbers and passwords, which were encrypted using hashing and salting techniques. The company is advising users to reset their passwords, though it is not believed that any passwords have been compromised.
Vulnerability lets text messages steal emails from Android phones
Bogus text messages aren't just being used to send you to malicious websites or crash your phone -- in some cases, they can hijack your emails. Check Point Research has discovered a vulnerability in phones from Huawei, LG, Samsung and Sony that lets attackers use custom SMS to intercept all email traffic on target devices. The attack uses the common Open Mobile Alliance version of over-the-air provisioning, a carrier technique for deploying settings to new phones, to access emails. The attacks require different methods depending on the phone and available info (such as IMSI numbers and requesting PIN codes), but the result is the same: intruders trick users into compromising their phones through messages that pose as network settings changes.
Gmail AI will automatically correct your spelling slip-ups
Google Docs' AI corrections are spreading to Gmail. Google is rolling out a feature in G Suite that will autocorrect "common" spelling errors while you write Gmail messages. It won't catch every mistake, but it should save you the embarrassment of leaving a glaring typo in a company-wide email. You'll also see grammar suggestions, too, helping you avoid common mistakes like confusing "affect" with "effect."
Political committee left 6.2 million email addresses exposed for 9 years
It's all too common for organizations to leave sensitive data exposed on their servers, but the latest incident might leave some scratching their heads. UpGuard discovered that the Democratic Senatorial Campaign Committee left about 6.2 million email addresses exposed in a badly configured Amazon S3 cloud storage bucket since 2010 -- yes, nine years ago. The data file was apparently meant to exclude people from the DSCC's marketing emails during Hillary Clinton's Senate tenure. Most of them were clearly personal addresses, although there were thousands of .gov and .mil addresses as well.
TrickBot malware may have hacked 250 million email accounts
TrickBot malware may have stolen as many as 250 million email accounts, including some belonging to governments in the US, UK and Canada. The malware isn't new. In fact, it's been circulating since 2016. But according to cybersecurity firm Deep Instinct, it has started harvesting email credentials and contacts. The researchers are calling this new approach TrickBooster, and they say it first hijacks accounts to send malicious spam emails and then deletes the sent messages from both the outbox and trash folders.
Superhuman email client turns off location tracking after 'spying' controversy
The email app Superhuman was profiled by the New York Times just a week ago as a buzzworthy startup with big names from Silicon Valley lining up to pay $30 per month for its service. Since then, a blog post by Mike Davidson dived into what that money gets users has caused a war of words among many in the tech industry over privacy and communications. Other than just providing a 'premium' email client that comes with tons of keyboard shortcuts and AI assistant to make reaching Inbox Zero easier, it turned on by default a feature that puts a tracking pixel in each outgoing email. If you opened an email sent by a Superhuman user and viewed the images, then they got a report of when you opened it, how many times you opened it, and even where you were when you read the email. This revelation has creeped some people out for very good reasons explained by Davidson, so now Superhuman founder and CEO Rahul Vohra explains in a blog post that it's changing the policy. Rahul Vohra, Superhuman: We have stopped logging location information for new email, effective immediately. We are releasing new app versions today that no longer show location information. We are deleting all historical location data from our apps. We are keeping the read status feature, but turning it off by default. Users who want it will have to explicitly turn it on. We are prioritizing building an option to disable remote image loading. According to Vohra, "I am so very sorry for how our read status feature made folks feel. We did not imagine the potential for misuse. Now we are learning and changing." Many supporters of the app/feature pointed out tracking pixels online and in email aren't new, and that many businesses -- like our own The Morning After newsletter -- collect information on their readers. Still, the original configuration of Superhuman seems quite a bit different in the granularity of the information collected, and how unexpected the behavior is. Read receipts are usually visible to the receiver, and don't include location flags without some sort of opt-in. The new Superhuman setup seems to respect this, but we'll see how it's received by the public.
US Cyber Command warns of nation-state hackers exploiting Outlook
The recent surge in state-backed hacking campaigns isn't dying down any time soon. US Cyber Command has reported that unnamed state actors are making "active malicious use" of a 2017-era Outlook vulnerability (long since patched) to escape the email client's sandbox and run malware on a target system. While officials didn't say who was involved, some clues have hinted at a possible connection to Iran.
Tim Cook: WSJ report on Jony Ive is 'absurd'
A lengthy Wall Street Journal article described design chief Jony Ive leaving Apple as a process that started long before it was announced last week, and specifically linked it to issues with CEO Tim Cook. The article claimed Ive was "dispirited" by Cook's lack of interest in design -- particularly in comparison to Steve Jobs -- and now Cook has responded in an email to NBC News reporter Dylan Byers.
Google will work with LGBTQ+ groups on harassment policies
In the wake of YouTube's controversial decision not to pull videos containing homophobic and racist attacks, Google CEO Sundar Pichai wrote an internal email acknowledging that "the LGBTQ+ community has felt a lot of pain and frustration over recent events." While a few Google execs have already apologized for YouTube's decision, Pichai's email carries more weight given his position. The email, obtained by The Verge, also suggests that Google plans to conduct more internal discussions aimed at addressing its harassment policies.
Tell Alexa to set a routine for sunrise instead of a specific time
Amazon is rolling out a number of new options for Alexa routines. Starting today, you can set up a routine to trigger actions when your alarm stops. You might prompt Alexa to read your flash briefing a few minutes after your alarm goes off, or perhaps to turn on the coffee machine once you've finally stopped hitting the snooze button.
Former Gmail designer builds Chrome extension to declutter your inbox
Despite Google's attempts to improve Gmail, the web version remains hectic and cluttered. While that might be frustrating to users, it's especially irritating for Michael Leggett, one of Gmail's former lead designers. Finally fed up, Leggett launched Simplify, a free Chrome extension meant to streamline your inbox.
New York AG is investigating Facebook over email contact scraping
The New York attorney general's office will investigate Facebook's "unauthorized collection of 1.5M of their users' email contact databases." Earlier this month, it emerged the company had been scraping the contact lists of some users who joined the service after 2016.
Slack is adding email conversations and calendar integrations
In case you don't already count on Slack for just about every part of your work day, the business communications service is adding a whole bunch of new features that will keep you chatting with your co-workers without having to open new tabs and applications. The company is introducing shared channels, email and calendar integrations and an improved search feature that makes it easier to find just about anything.
Facebook 'unintentionally' saved contacts of 1.5 million new users
Remember the weird revelation that Facebook was asking some new users for the password to their email account? Tonight Business Insider reports that since May 2016, if users entered their email password then Facebook used it to access their contact list and upload the contents to its servers without asking for permission. In a statement, a Facebook spokesperson said: "...we found that in some cases people's email contacts were also unintentionally uploaded to Facebook when they created their account. We estimate that up to 1.5 million people's email contacts may have been uploaded. These contacts were not shared with anyone and we're deleting them." It is contacting people who had their contacts uploaded, but it's yet another privacy issue for a company that has had long string of them over the last couple of years. It still doesn't explain why the "email password verification" for non OAuth-linked providers was ever implemented before it stopped using the method last month, and provides even more justification for those skeptical of the company's practices and promises.
