USB-C devices will have to ask for permission to send data in macOS Ventura

MacOS Ventura could prove reassuring if you’re worried about compromised peripherals ruining your computer. As The Vergenotes, Apple has revealed that Ventura will require user permission before USB-C and Thunderbolt accessories can transfer data on M1- and M2-based Macs. You won’t have to fear that someone could deliver malware simply by plugging in a thumb drive, or that a poorly-designed product might wreck your machine by sending bad info.

The policy is enabled by default, but won’t affect accessories plugged into your Mac during the OS upgrade process. It also won’t block external monitors, power adapters or products attached to already-approved hubs. Devices will also continue to charge even if they’re blocked, so you can still use your computer to top up a friend’s phone.

This won’t thwart devices that could fry ports through electrical surges. However, this could add a meaningful layer of security on top of USB-C’s requirement for encrypted authentication certificates. You’ll have the final say on data access, and might just stop a malicious device before it has a chance to do any damage.

Follow all of the news from WWDC right here! 

Winkelvoss twins’ crypto exchange faces lawsuit over $36 million theft (updated)

The Winklevoss twins might soon head to court. The Vergenotes retirement savings firm IRA Financial Trust has sued the twins’ crypto exchange Gemini over allegations the business didn’t adequately protect customers against a February 8th breach where intruders stole $36 million in Bitcoin and Ethereum assets. The company didn’t have “proper safeguards” to prevent the theft, according to IRA, and didn’t freeze accounts quickly enough to block the thieves from transferring money.

The trust firm specifically rejected claims that Gemini’s protections prevented a “single point of failure.” Gemini made IRA the parent account for its customers (who use sub-accounts), and gave it a “master key” that was reportedly exchanged in numerous insecure emails. Combine that with security flaws in Gemini’s system and you probably know what happened next — hackers got control of IRA’s key, moved the crypto into a single user’s retirement account, and withdrew the digital cash. The perpetrators also appear to have swatted Gemini during the February incident, making a fake kidnapping call to police. 

Gemini’s other security measures didn’t hold up, the IRA added. It supposedly shouldn’t have been possible to transfer money between accounts if the exchange had either properly implemented two-factor authentication or prohibited transfers between retirement funds. The trust noted that it didn’t have the power to freeze accounts itself, and that it took six emails to lock down all affected users. We’ve asked Gemini for comment.

This adds to mounting problems for the Winkelvoss’ outfit. It recently laid off 10 percent of staff to deal with a plunge in the cryptocurrency market, and the Commodity Futures Trading Commission sued Gemini for purportedly misleading customers in parts of its exchange and futures contract. While none of these problems may necessarily be fatal, they suggest the Winklevii could face financial trouble for a while to come.

Update 6/8 9:08AM ET: Gemini told Engadget in a statement that it “reject[s]” the allegations, and that the attackers targeted IRA rather than the exchange. It claimed that no Gemini systems were compromised, and that it “acted quickly” to help IRA following the breach.

E3 is really, truly coming back in 2023, says ESA

Although there are some major gamingshowcasestaking place this week, there are a few big names missing. One of those is E3, which was for a long time the most important gaming trade show on the calendar. Between the COVID-19 pandemic and some other factors, E3 has had a rocky few years and it isn’t going ahead in 2022. However, the group behind the expo, the Entertainment Software Association, plans to bring E3 back in 2023 with both in-person and digital components.

“As much as we love these digital events, and as much as they reach people and we want that global reach, we also know that there’s a really strong desire for people to convene — to be able to connect in person and see each other and talk about what makes games great,” Stan Pierre-Louis, CEO and president of the ESA, told The Washington Post.

The ESA has not announced the dates for next year’s planned show. However, the event usually takes place in early June. The 2020 edition was scheduled for just a few months after the onset of the pandemic but it and this year’s show werecanceled. (E3 did convene in 2021, albeit as an online-only event.)

Even before all of that, there were signs that E3 might be on the outs. For instance, Sony decided not to take part in the 2019 edition. The company instead adopted the Nintendo approach of holding digital showcases under its State of Play banner. Other publishers have shied away from E3 as well. That gives them the chance to take up a bigger share of the gaming news cycle whenever they host their own events.

Microsoft, on the other hand, seems to still be on board the E3 hype train. It was part of last year’s virtual E3 and is hosting a showcase around the time this year’s edition would have taken place.

Other issues have impacted E3 over the last few years. In 2019, personal details for thousands of journalists, analysts and content creators were leaked in a data breach. A media portal used for last year’s all-digital affair reportedly made some folks’ personal details visible to anyone who registered.

There’s perhaps still a place for E3 though, if it can bring together enough of the gaming industry in 2023. It still has value as a destination for studios, publishers, press and fans to get together, show off or play brand new games and take part in conferences. For indie developers, trade shows are a great opportunity for them to secure publishing deals that can perhaps turn their promising game into a success on the level of Stardew Valley or Undertale.