Cracked! To the surprise of the Macintosh Internet community, the second-generation Crack-A-Mac Web server security challenge noted in TidBITS-387 was successfully defeated last week. Unlike the first Crack-A-Mac challenge (which featured an out-of-the-box Mac Web server; see TidBITS-378), the second contest was built around a sophisticated server setup featuring third-party software for remote administration, database access, and other functions. Apparently, the successful break-in exploited a security hole in Lasso, a CGI from Blue World Communications that ties together WebSTAR and FileMaker Pro. Blue World has issued a security patch for Lasso; in addition, Pacific Coast has updated its SiteEdit products to address similar potential problems. The Crack-A-Mac challenge is up and running again, and still offering 100,000 Swedish crowns (about $12,500 U.S.) to anyone else who can break in by 15-Oct-97. [GD]
Disable Caps Lock
If you find yourself pressing the Caps Lock key accidentally as much as I do, note that you can disable it entirely in Mac OS X. Open the Keyboard & Mouse preference pane, click the Modifier Keys button, and in the dialog that appears, select No Action from the Caps Lock pop-up menu. You could remap it to another modifier instead, but that might make using differently configured Macs more difficult.