The Wrong Way to Talk About a Shooter’s Manifesto

Less than 20 minutes before a mass shooting in El Paso that left 20 people dead and dozens more wounded, the alleged gunman appears to have published a manifesto on 8chan, the notorious internet forum. If verified, it will be the third such document to accompany a mass shooting since March. Previously, manifestos were published by the alleged Christchurch shooter, who killed 51 people at two mosques in New Zealand in March, and the gunman who opened fire and killed one person at a synagogue in Poway, California, in April. They, too, used 8chan to deliver their epistles of hate. Both times, and now again with El Paso, extremism researchers have pleaded the same case: Don’t amplify the message. It’s …

Security News This Week: Cryptocurrency Company Hacks Itself Before Hackers Can Hack It

Apple's Worldwide Developers Conference kicked off the week, bringing with it some interesting security enhancements for iOS and macOS users. The company will start offering its own single sign-on option, competing with Google and Facebook but with enhancements those two currently don't offer. And it rejiggered its Find My feature using some very clever cryptography. On the other hand, the company only just now got around to patching a 20-year-old modem bug, and noted macOS hacker Patrick Wardle dropped yet another zero day vulnerability. There's more than just Apple news of course, even though it sometimes doesn't feel like it. The 2020 election feels far away, but there's still not enough time to make sure the vote is secure. Russia …

Google Has Stored Some Passwords in Plaintext Since 2005

It happened again: Google announced today that it's the latest tech giant to have accidentally stored user passwords unprotected in plaintext. G Suite users, pay attention. Google says that the bug affected "a small percentage of G Suite users," meaning it does not impact individual consumer accounts, but does affect some business and corporate accounts, which have their own risks and sensitivities. The company typically stores passwords on its servers in a cryptographically scrambled state known as a hash. But a bug in G Suite's password recovery feature for administrators caused unprotected passwords to be stored in the infrastructure of a control panel, called the admin console. Google has disabled the features that contained the bug. Before it did so, …