Security News This Week: Cryptocurrency Company Hacks Itself Before Hackers Can Hack It

Apple's Worldwide Developers Conference kicked off the week, bringing with it some interesting security enhancements for iOS and macOS users. The company will start offering its own single sign-on option, competing with Google and Facebook but with enhancements those two currently don't offer. And it rejiggered its Find My feature using some very clever cryptography. On the other hand, the company only just now got around to patching a 20-year-old modem bug, and noted macOS hacker Patrick Wardle dropped yet another zero day vulnerability. There's more than just Apple news of course, even though it sometimes doesn't feel like it. The 2020 election feels far away, but there's still not enough time to make sure the vote is secure. Russia …

Google Has Stored Some Passwords in Plaintext Since 2005

It happened again: Google announced today that it's the latest tech giant to have accidentally stored user passwords unprotected in plaintext. G Suite users, pay attention. Google says that the bug affected "a small percentage of G Suite users," meaning it does not impact individual consumer accounts, but does affect some business and corporate accounts, which have their own risks and sensitivities. The company typically stores passwords on its servers in a cryptographically scrambled state known as a hash. But a bug in G Suite's password recovery feature for administrators caused unprotected passwords to be stored in the infrastructure of a control panel, called the admin console. Google has disabled the features that contained the bug. Before it did so, …