WPA Weakness Discovered, but Easily Solved -- Following last week's article about the implementation of WPA (Wi-Fi Protected Access) in AirPort Extreme cards and base stations (see "AirPort 3.2 Update Adds New Security Options" in TidBITS-704), a security expert alerted me to a weakness in choosing keys for the WPA system. The weakness applies to the AirPort 3.2 update as well as to all other consumer WPA-enabled Wi-Fi systems. Basically, choosing a key comprised entirely of real words that are 20 characters or fewer leaves you open to that key being broken rather easily. The solution? Choose a longer key or invent 20 characters of gibberish. If you're particularly security-conscious, use the option Apple provides to enter 256 bits of encryption, which is 32 hexadecimal bytes or 64 hexadecimal digits! That's overkill, however. In last week's article, it wasn't clear why Apple even offers the hexadecimal option when other devices from Buffalo and Linksys don't; now it appears that Apple provides all of the options for entering WPA keys, where the other manufacturers don't. I've written more about this issue and posted my colleague's paper on the subject at Wi-Fi Networking News. [GF]
Type Faster by Competing in Races
A fun way to improve your typing speed and accuracy is to join an online typing competition at typrX. This typing competition keeps track of your typing speed, while allowing you to compete against other people, either around the world in public races or with friends in private races. To set up a private race with your friends, follow these simple steps.
- Once you have a typrX account, click the Create Private Race button on the front page and you’ll be taken to the private race page.
- From there, copy the track code URL and send it to the friends you want to join the race.
- You can click the Delay Countdown button to add 10 seconds to the clock if you are waiting on your friend to join the race.
Other articles in the series Panther Answers
- Security Update 2004-09-16 Fixes iChat Vulnerability (20 Sep 04)
- Security Update 2004-09-07 1.1 Fixes FTP & Safari (20 Sep 04)
- Security Update 2004-09-07 Potentially Problematic (13 Sep 04)
- Quicken 2005 Released (09 Aug 04)
- Revisiting Panther's FireWire Data Loss Problem (15 Mar 04)
- Apple Releases Mac OS X 10.3.4 Update (07 Jun 04)
- Apple Releases Mac OS X 10.3.3 (15 Mar 04)
- How FileVault Should Work (01 Mar 04)
- A Slew of Apple Software Updates (05 Jan 04)
- New Panther Language Features (17 Nov 03)
- Panther Application Improvements (10 Nov 03)
- Fixes Available for Some Panther FireWire Troubles (03 Nov 03)
- Security Update 2003-10-28 Released (03 Nov 03)
- Interesting Bits of Panther (27 Oct 03)
- Mac OS X 10.3 Panther Unleashed (27 Oct 03)
- Default Folder X & QuicKeys X: Upgrade Before Panther! (27 Oct 03)
- Mac OS X 10.3 Panther Springs at WWDC (23 Jun 03)