Neowin.net

Mac OSX has its 2nd major update since its release in March of this year, now at 10.1.2 (I like to call it 10.2) this update contains a number of fixes, some of which are listed below.

The 10.1.2 update delivers improvements and new functionality, including:

Updated and new USB and FireWire device support, including FireWire-based digital cameras

PC Card storage devices, including media readers

IrDA modem support for FireWire-based PowerBook models

Mail support for CRAM-MD5 authentication

Audio, display, speech, networking and printing improvements

AirPort v2.0

Apache web server v1.3.22

AppleScript v1.8 (required for AppleScript Studio)

View: How to Upgrade page
View: Upgrade to 10.1.2 (Applecare account required)
News source: Betastream

Secure packets

Of late, wireless, or Wifi, networks have become very popular because they are cheap and easy to set up, and remove the need for lots of unsightly, expensive cables.

However, the method Wifi networks use to scramble data, known as Wireless Equivalent Privacy (Wep), has been comprehensively defeated by both security professionals and hackers.

The vulnerabilities have led some hacker groups to engage in "war-driving" expeditions which map wireless networks and show which ones are open to attack.

To improve Wep, RSA has developed "Fast Packet Keying" which gives each packet of data its own encryption key. Anyone gathering data from such a network would have a much harder job breaking into the packets of information.

RSA pointed out that the fault with Wep did not lie with the RSA-authored RC4 algorithm it used to encrypt data.

Instead, it lay with the way that the computers were sharing a wireless network and the hub shuffling data around all of them.

Wep provided too little protection for the way that hubs and the connected computers decided on how to encrypt data packets travelling through the air.

Security experts found that by capturing packets they could gradually work out the encryption key being used to scramble the data passing across the network.

With enough information, a determined malicious hacker could find the key to descramble all the data passing across a network.

Protection problems

But some experts fear that the system developed by RSA will not do enough.

"The damage has already been done as far as Wep is concerned," said Bob Brace, from Nokia's internet communications division which develops security systems to protect voice and data networks. "Users see it as a weak security system."

Other security experts fear that a beefed up encryption system will do little to protect wireless network users.

Ian Peacock, a consultant at net security firm Defcom, said often many companies failed to even turn on the Wep encryption system when they installed a wireless network.

He said security audits by Defcom of wireless networks used by its clients showed that some failed to take even the most basic precautions.

"The number of networks around the City [of London] that do not have Wep enabled is scary," he said. "Those that set up and use the latest technology often do not appreciate that there are emergent security issues."

Mr Peacock said the ease with which wireless networks could be set up fooled many people into thinking their new network was secure.

However, he said, the start-up settings of many wireless networks meant they were vulnerable to attack.

Despite the shortcomings there is a lot that users can do to protect themselves.

"There's a shortlist of at least 20 things you can change to make wireless networks more secure," he said.

At the very least, anyone using a wireless network should change default IDs, turn on Wep, place the network behind its own firewall and use extra levels of encryption to secure traffic passing across it and into other corporate networks.