- MacSpeech
- Web Crossing
- Circus Ponies
- Microsoft
- VMware
- CS Odessa
- Bare Bones Software
- Readers Like You!
- Mark/Space, Inc.
- Fetch Softworks
We're at Macworld Expo 2009 in San Francisco with the latest news about the show. Check back often this week for updates!
- Phil Schiller Delivers Lackluster Keynote
- iPhoto '09 Adds Faces and Places
- iMovie '09 Seems to Fix Everything from iMovie '08
- GarageBand '09 Adds Music Lessons
- iWork Turns '09
- Apple Moves to Unprotected Music, Tiered Prices
- Apple Pioneers New Battery Tech with 17-inch MacBook Pro
- Jobs Clears the Air on Health Issue
- Welcome to Macintosh Movie to Screen at Macworld Expo
- MacHEADS Movie to Premiere at Macworld Expo
- TidBITS Events at Macworld SF 2009
Mac OS X Zip Expanding Utility
Firefox (and possibly other applications) may ask you what you want to do with .zip archives that you download from the Internet. If you want to expand them with Mac OS X (rather than StuffIt Expander), you may be unsure of which application actually does the job. You're looking for Archive Utility (in Leopard) or BOMArchiveHelper (in Tiger). In either case, the application is stored in Hard Drive/System/Library/Core Services/. Don't move it from there, though, or you'll confuse matters.
Written by Adam C. Engst
Recent TidBITS Talk Discussions
- iWork.com and MobileMe? (1 message)
- Safari Stalling on Opening PDF files (6 messages)
- A contrarian view of Macworld Expo's utility (3 messages)
- Secure Certificate Hack Doesn't Imperil Users (15 messages)
Related Articles
- AirPort 4.1 Fixes Encryption Irritation, Enables Remote Control (22 Nov 04)
- Apple Slips WPA Security into Original AirPort Cards (02 Feb 04)
- The Wireless Networking Starter Kit, 2nd Edition Released (08 Dec 03)
- WPA Weakness Discovered, but Easily Solved (10 Nov 03)
- Wireless Fishbowls (13 Aug 01)
Published in TidBITS 704. Subscribe today to receive TidBITS in email every Monday.
- Security Update 2003-10-28 Released
- Eudora 6.01 Released
- Fixes Available for Some Panther FireWire Troubles
- Classic Mac OS Servers Exploited by Spammers
- Hot Topics in TidBITS Talk/03-Nov-03
| AirPort 3.2 Update Adds New Security Options
Following on the heels of the release of Mac OS X 10.3 Panther, Apple last week pushed out the AirPort 3.2 Update, which features the expected addition of Wi-Fi Protected Access (WPA) encryption, a new security method for providing robust encryption over wireless connections between an AirPort Extreme Card and an AirPort Extreme Base Station. The AirPort 3.2 software includes the AirPort Extreme Firmware 5.2 update for the AirPort Extreme Base Station; a separate installer for the firmware update is also available as a 1.1 MB download from Apple's Web site.
<http://docs.info.apple.com/article.html? artnum=120267>
<http://docs.info.apple.com/article.html? artnum=120268>
The addition of WPA encryption support is big news for users and administrators of wireless networks. WPA is the fixed version of the original Wired Equivalent Privacy (WEP) encryption found in 802.11 wireless standards. WEP was proven to have so many flaws and weaknesses that a cracker using freely available software could easily obtain a WEP key by passively sniffing wireless traffic for a period of time ranging from 15 minutes to several days, depending on the volume of traffic over the base station (see "Wireless Fishbowls" in TidBITS-592).
<http://db.tidbits.com/article/06520>
WPA uses a simple passphrase - a set of letters, numbers, and punctuation - to derive an encryption key, which is exactly how Apple has always hidden the complexity of WEP's approach. Behind the scenes, however, WPA fixes the several ways in which WEP failed, making it a reliable way to protect wireless traffic. (To protect a network comprised of both wired and wireless traffic, you might need a virtual private network connection; Apple offers two kinds of VPN clients and servers in Panther and Panther Server.) With WPA installed, the only way to break into a wireless network is through social engineering: convincing someone to give you the password.
Early WPA Hurdles -- Unfortunately, this first implementation of WPA is disappointing for three reasons. The interface for entering a "WPA Personal" key (Apple's term for what is more commonly known as a "pre-shared key") doesn't resemble the interfaces for Linksys and Buffalo wireless devices we've seen. You can choose to enter a password of 8 to 63 text characters or a Pre-Shared Key, which is 64 hexadecimal characters. Good gravy, that's a lot of characters to enter, and it's unclear if the hex version can be used on other devices; I recommend you stick with a text-based passphrase. (Apple also supports what they call WPA Enterprise, which lets an AirPort Extreme card user have their user name and password confirmed by a RADIUS server, which also provides a unique encryption key to that user.) In the interfaces for Buffalo and Linksys gear, you enter a passphrase that can be 8 to 32 text characters. Neither seems to offer the hexadecimal version of the pre-shared key.
The second disappointment is that even though WPA allows for older machines that understand only WEP to join networks running WPA (by allowing WEP and WPA keys to both work, even though that reduces security), Apple currently allows only all-WEP or all-WPA networks.
The final crushing bit is that, at least for now, users of 802.11b AirPort cards and AirPort Base Stations, along with Mac OS 8.6/9.x users, do not have access to this advanced and secure method of protection - in short, everyone using older hardware is currently out of luck with regard to WPA. It doesn't have to be that way: WPA was specifically designed to be a firmware upgrade option for all existing 802.11b devices. For all we know, Apple and Agere - the makers of Apple's 802.11b equipment - may be furiously working on this problem, and Proxim, the current owner of the consumer-level hardware that's equivalent to the AirPort cards has posted a white paper that claims WPA support fairly soon. However, that doesn't mean that all existing 802.11b devices were built with such upgrades in mind: our current impression is that Apple's AirPort Base Station will not be upgradable to WPA. Since there's no revenue involved, it's hard to know what Apple's priority might be, except to avoid millions of irritated customers.
<http://www.proxim.com/learn/library/whitepapers /WPA_White_Paper.pdf>
These disappointments aside, if you're on an all-AirPort Extreme network, we recommend installing and using this update immediately, since it provides fundamentally good security for any installation, no matter how small or large.
The AirPort 3.2 upgrade, a 7 MB download, works only with Mac OS X 10.3 or later, and Apple recommends it for both AirPort and AirPort Extreme cards and base stations. However, it appears that the update for the non-Extreme AirPort devices seems entirely oriented for providing error messages about WPA being unavailable.
Adam Engst and I have just finished a massive revision to our book, The Wireless Networking Starter Kit, which has an extensive explanation of how to use WPA and the security underpinnings of it, among dozens of new topics. The second edition will be available later this month.
<http://wireless-starter-kit.com/>
PayBITS: Did Glenn's explanation clarify the boundaries of
the AirPort update? Consider sending him a few bucks via PayBITS!
<http://www.paypal.com/xclick/ business=glenn%40glennf.com>
Read more about PayBITS: <http://www.tidbits.com/paybits/>
It's time to speak up with MacSpeech Dictate! Get the all-newMacSpeech Dictate with spelling and phrase training. Speech
Recognition so good, about the only thing it can't do is
speak for you. Find out more at <http://www.macspeech.com/>