Smart home tech is the hot new thing, but it can be pretty overwhelming if you’re just getting your feet wet. For newbies, it makes sense to start with something simple, and it doesn’t get any simpler than the humble smart plug. These cheap, compact devices plug into traditional wall sockets, upgrading them with remote control, scheduling, and power usage monitoring via smartphone apps. And if you’re already on the smart home bandwagon, you can even integrate them into your Apple HomeKit, Amazon Alexa, or Nest–driven ecosystem.

best overall

iDevices Switch: $28.97 - Amazon

If you’re looking for a smart plug that hits all the right notes and never puts a foot wrong, the iDevices Switch is the way to go. On top of Android and iOS compatibility, the Switch also offers in-depth energy monitoring and seamless integration with the two most popular smart home ecosystems: Amazon Alexa and Apple HomeKit.

Looks aren’t everything, but the iDevices Switch is also easily the most attractive smart plug we tested. Along with its sleek, minimalist casing, it offers a unique “night light” LED strip that can be set to any color in the rainbow. Mercifully, the Switch only occupies a single outlet on your wall panel, and its own outlet is positioned on the right-hand side—a real advantage if you want to position it snugly behind a couch or bookcase. It could also be a disadvantage if you want to plug something in on the left side, but for most users it shouldn’t be an issue.

The slickly designed iDevices app is more attractive than most, and very easy to use. We never lost connection to the plug during our testing period, and even when we unplugged it and moved it to another room, the Switch was always quick to regain a WiFi connection. When we were out of the house, the remote control function made it easy to adjust schedules or turn the switch on and off. Energy monitoring functionality is robustly detailed, with daily, weekly, monthly, and yearly cost and usage estimates in addition to live power draw info.

best value

TP-Link Smart Wi-Fi Plug with Energy Monitoring: $34.99 - Amazon

The TP-Link Smart Wi-Fi Plug with Energy Monitoring is a lot more elegant than its cumbersome name suggests. Though it’s not the smallest plug we tested, or the most feature-packed, it offers a stellar combination of features and low, low price. Its MSRP of $39.99 is the second-lowest among all the plugs we tested, but its energy monitoring functionality, responsiveness, reliability, Alexa integration, and well-designed app made it one of our favorites overall. We’re not the only ones who like it, either—it’s Amazon’s #1 best-selling smart plug.

Installation was blissfully easy on our Android and iOS devices via the intuitive Kasa app, which holds your hand through the entire process. During our long-term testing, the TP-Link Smart Plug never lost its connection to our WiFi network, and the handy Remote Control feature lets you easily control your plug even when you’re away from home. There’s even a clever “Away” mode that turns your lights on and off at random to make potential burglars think you’re home when you’re not.

Still, the TP-Link Smart Plug isn’t without its quirks. Most notably, it will block the top socket if you plug it into the bottom one, and even when plugged into the top socket it might get in the way of larger plugs you try to cram in below. Your typical two-pronger will probably fit fine, but forget about trying to squeeze a power brick in alongside this thing.

TP-Link Smart Wi-Fi Plug Mini: $34.98 - Amazon

Like its bigger brother, the Smart Plug Mini enjoys easy setup on iOS and Android, a great mobile app, convenient remote control, integration with Amazon Alexa, and neat extra features like the aforementioned Away Mode. Unlike its sibling, however, it only covers a single outlet regardless of where you position it. It’s one of the smallest plugs we tested, making it a great choice for buyers who don’t have a lot of space.

Unfortunately, it also costs more than the Smart Plug with Energy Monitoring and, well, doesn’t offer energy monitoring. In other words, you need to be really concerned about space to choose it over the slightly larger alternatives from TP-Link and iDevices.

Price and features aside, this plug is every bit as solid a performer as its stablemate: we had no issues with connectivity during the testing period, and it was very responsive to commands on both iOS and Android devices. If you find it on deep discount and don’t need energy monitoring functionality, it’s a very good choice.

Like its bigger brother, the Smart Plug Mini enjoys easy setup on iOS and Android, a great mobile app, convenient remote control, integration with Amazon Alexa, and neat extra features like the aforementioned Away Mode. Unlike its sibling, however, it only covers a single outlet regardless of where you position it. It’s one of the smallest plugs we tested, making it a great choice for buyers who don’t have a lot of space.

Unfortunately, it also costs more than the Smart Plug with Energy Monitoring and, well, doesn’t offer energy monitoring. In other words, you need to be really concerned about space to choose it over the slightly larger alternatives from TP-Link and iDevices.

Price and features aside, this plug is every bit as solid a performer as its stablemate: we had no issues with connectivity during the testing period, and it was very responsive to commands on both iOS and Android devices. If you find it on deep discount and don’t need energy monitoring functionality, it’s a very good choice.

ConnectSense Smart Outlet: $59.95 - Amazon

The ConnectSense Smart Outlet sticks out for a couple obvious reasons. First, it’s huge—no matter where you plug it in, this power brick–sized behemoth will cover both outlets on a wall panel. But that’s okay because it’s also the only product we tested that offers two independent smart outlets. That’s really handy and pretty cost-effective since the Smart Outlet costs around $60, or $30 per outlet—cheaper than any other option in our test group.

It works well, too. The outlets are responsive to app commands, connectivity was solid, and HomeKit integration was easy to set up. There’s even a bonus USB port on the left-hand side for charging extra devices. (You don’t get power monitoring on that one, though.) Speaking of power monitoring, we found that this plug’s reporting differed quite a lot from others we tested. For instance, it showed a draw of 36W from a small fan on low, while other plugs reported usage in the 25-27W range.

The ConnectSense Smart Outlet also has some serious drawbacks. For one thing, it’s iOS-exclusive. For another, its app is among the clunkiest we tested. It works, but it’s not much fun to use. And in addition to its potential unreliability, the energy monitoring functionality isn’t as feature-rich as you’d get from competitors like iDevices, TP-Link, and Elgato.

Belkin Wemo Insight: $34.99 - Amazon

On paper, the Belkin Wemo Insight ought to be a strong contender for the best smart plug on the market. Not only does it offer power monitoring and a huge array of smart home integrations (including Alexa, Nest, Google Home, SmartThings, and IFTTT), but it has a sleek design and endorsements from respectable publications.

Unfortunately, setup was a notable pain point on Android, and the Wemo app was a tedious chore to use—especially compared to the slickly designed apps from some rivals. Like the Elgato Eve Energy and D-Link plugs below, the Wemo Insight also has a rounded design that blocks both wall outlets if you don’t plug it into the right one. Functionality was just fine in general, and we couldn’t fault the plug’s reliability, but the Wemo app needs work.

Elgato Eve Energy: $49.93 - Amazon

The Elgato Eve Energy is a cute little plug, with gently rounded corners and a glowing LED button on the front. Unlike the bar-style smart plugs we tested, it blocks your second wall outlet if you position it incorrectly—make sure to plug it into the bottom socket to avoid a conflict.

Like all of the other HomeKit plugs we tested (iDevices Switch aside), it’s iOS-exclusive, so Android users need not apply. The Elgato app is well-designed (with unusually in-depth power monitoring stats), but not as user-friendly as iDevices’. The plug itself is responsive and reliable, but it just doesn’t have enough to stand out in a very competitive market.

Belkin Wemo Mini: $33.99 - Amazon

The WeMo Mini is exactly what you’d expect from the name: a smaller version of the WeMo Insight, without the Insight’s power monitoring functionality. On the plus side, it’s a well-made device, and very skinny so that you shouldn’t have any issues with it blocking a second plug. It also has the lowest MSRP of all the plugs we tested. But on the downside, it has all of the same disadvantages as the Insight and fewer features. We’d pass, unless the WeMo app somehow tickles your fancy.

Using your social media account to log into an app or website can be easier than creating a new user name and password. But, after a while, you can collect more apps and become registered on more websites than you really use. This can leave you open to cyberattacks, phishing, and scams. When you use social media accounts to sign up for apps or websites, you may give the app or website permission to do things on your behalf, like post to your social media page. You’re also possibly saying it’s OK to access information like your name, birthdate, location, contacts, and even your messages. Over time, you may even forget which apps or sites have these permissions.

Here are three ways to help ensure you’re not granting permissions to sites and apps you no longer want to have this access:

1. Ask yourself: “Why do they need this info?” When signing up for an app or website, pay attention to what permissions it’s asking for. If you’re not comfortable allowing access, select “deny “or “disagree” when you see the message asking for permissions. This typically stops the registration process.
2. Purge your permissions list. Go to the settings on your social media site and follow the instructions that lead you to the list of sites and apps to which you’re granting access. Follow the instructions that tell you how to remove those apps or sites, click on one at a time and select the option that allows you to remove it.
3. Make it a habit. Set a reminder on your calendar for at least every few months to check your permissions.

The FTC has more information for you about online security and privacy.

Researchers found that due to the wrong implementation of the authentication process the apps were vulnerable to MITM attacks. The lack of hostname verification left many banking applications open to attacks because they were not able to check if they connected to a trusted source.

The apps fail to check that they connect to a URL having the hostname that matches the hostname in the digital certificate that the server exposes.

“Automated tools do exist to test a variety of TLS flaws. Lack of certificate signature verification can be tested for by serving the client a self-signed certificate, lack of hostname verification by serving a valid certificate for a different hostname, and lack of certificate pinning can be checked for by adding a custom CA to the device’s trust store. ” continues the paper.

“These tests have been shown to be effective at finding vulnerabilities in apps [10] and poor TLS certificate validation [5]. However, none of these tools can detect the possibility that an app will pin to the root or intermediate certificate used but fail to validate the hostname”

The experts created a new automated tool, dubbed Spinner, to test hundreds of banking apps quickly and without requiring purchasing certificates.

The tool leverages Censys IoT search engine for finding certificate chains for alternate hosts that only differ in the leaf certificate.

“Given the certificate for a target domain, the tool queries for certificate chains for alternate hosts that only differ in the leaf certificate. The tool then redirects the traffic from the app under test to a website which has a certificate signed by the same CA certificate, but of course a different hostname (Common Name),” continues the paper.

“If the connection fails during the establishment phase then we know the app detected the wrong hostname. Whereas, if the connection is established and encrypted application data is transferred by the client before the connection fails then we know the app has accepted the hostname and is vulnerable.”

The security experts with the help of the National Cyber Security Centre (NCSC) notified all affected banks that addressed the issues before they publicly disclosed their findings.

TeamViewer, the remote control/web conference program used to share files and desktops,  is suffering from a case of “patch it now.” Issued yesterday, the fix addresses an issue where one user can gain control of another’s PC without permission. Windows, Mac, and LinuxOS are all apparently affected by this bug, which was first revealed over on Reddit. According to TeamViewer, the Windows patch is already out, with Mac and Linux to follow on soon. It’s definitely worth updating, as there are shenanigans to be had whether acting as client or server:

As the Server: Enables extra menu item options on the right side pop-up menu. Most useful so far to enable the “switch sides” feature, which is normally only active after you have already authenticated control with the client, and initiated a change of control/sides.

As the Client: Allows for control of mouse with disregard to server’s current control settings and permissions.

This is all done via an injectible C++ DLL. The file, injected into TeamViewer.exe, then allows the presenter or the viewer to take full control.

It’s worth noting that even if you have automatic updates set, it might take between three to seven days for the patch to be applied.

Many tech support scammers make use of programs such as TeamViewer, but with this new technique they wouldn’t have to first trick the victim into handing over control. While in theory a victim should know immediately if a scammer has gained unauthorised control over their system and kill off the session straight away, in practice it doesn’t always pan out like that.

TeamViewer has had other problems in the past, including being used as a way to distribute ransomware, denying being hacked after bank accounts were drained, and even being temporarily blocked by a UK ISP. Controversies aside, you should perhaps consider uninstalling the program until the relevant patch for your operating system is ready to install. This could prove to be a major headache for the unwary until the problem is fully solved.

Nearly $64m in bitcoin has been stolen by hackers who broke into Slovenian-based bitcoin mining marketplace NiceHash. The marketplace suspended operations on Thursday while it investigated the breach, saying it was working with law enforcement as “a matter of urgency” while urging users to change their passwords.

The hack was “a highly professional attack with sophisticated social engineering” that resulted in approximately 4,700 bitcoin being stolen, worth about $63.92m at current prices, said NiceHash head of marketing Andrej P Škraba.

NiceHash is a digital currency marketplace that matches people looking to sell processing time on their computers for so called miners to verify bitcoin users’ transactions in exchange for the bitcoin.

Troubles with the website over the past day or so drew alarm and complaints, with many bitcoin owners posting panicked comments on NiceHash’s social media accounts.

NiceHash said in a statement: “We understand that you will have a lot of questions, and we ask for patience and understanding while we investigate the causes and find the appropriate solutions for the future of the service.”

The price of bitcoin has surged to more than $14,668, gaining around $2,000 (£1,494) of value in a day according to bitcoin monitor CoinDesk. That compares with a value below $1,000 at the beginning of the year.

Online security is a vital concern for cryptocurrency marketplaces and exchanges, with bitcoins contained within digital wallets that have increasingly become a target for hackers as the number of bitcoins stored and their value has skyrocketed over the last year.

In Japan, following the failure of bitcoin exchange Mt Gox, new laws were enacted to regulate bitcoins and other cryptocurrencies. Mt. Gox shut down in February 2014 having lost approximately 850,000 bitcoins, potentially to hackers. Mark Karpelès, head of Mt Gox, went on trial in Japan in July, facing up to five years in jail under charges of embezzlement and the loss of $28m of user funds.