Cracked! To the surprise of the Macintosh Internet community, the second-generation Crack-A-Mac Web server security challenge noted in TidBITS-387 was successfully defeated last week. Unlike the first Crack-A-Mac challenge (which featured an out-of-the-box Mac Web server; see TidBITS-378), the second contest was built around a sophisticated server setup featuring third-party software for remote administration, database access, and other functions. Apparently, the successful break-in exploited a security hole in Lasso, a CGI from Blue World Communications that ties together WebSTAR and FileMaker Pro. Blue World has issued a security patch for Lasso; in addition, Pacific Coast has updated its SiteEdit products to address similar potential problems. The Crack-A-Mac challenge is up and running again, and still offering 100,000 Swedish crowns (about $12,500 U.S.) to anyone else who can break in by 15-Oct-97. [GD]
Smarter Parental Controls
If you've been using the parental controls options in Mac OS X to lock your child out of using a particular computer late at night, but would like to employ a more clever technique to limit Internet access, turn to MAC address filtering on an Apple base station.
To do this, launch AirPort Utility, select your base station, and click Manual Setup. In the Access Control view, choose Time Access to turn on MAC filtering. You'll need to enter the MAC address of the particular computer, which (in 10.5 Leopard and 10.6 Snow Leopard) you can find in the Network System Preferences pane: click AirPort in the adapter list, and click Advanced. The AirPort ID is the MAC address.