Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling Take Control ebooks.

 

 

Pick an apple! 
 
Equalize Your Mac's Sound

Want to boost the bass in music played from your Mac, or tweak the sound so podcasts are more intelligible? Boom offers a 10-channel equalizer that enables you to increase or decrease the sound levels throughout the spectrum. Boom includes a number of common presets, and you can create your own as well.

Visit Global Delight

 

 

Related Articles

 

 

Apple Fixes Two Security Holes

Send Article to a Friend

Apple fixed two security gaps in the recent Mac OS X 10.3.4 release, and although they aren't at the level of the URL scheme failure documented in our last issue and now addressed by Security Update 2004-06-07 (covered earlier in this issue), it's worth mentioning a few details.

The first problem involved encrypted connections for AppleShare servers using the SSH (Secure Shell) protocol. These connections didn't work in Mac OS X 10.3 through 10.3.2, and were implemented in 10.3.3 in a manner that could allow a man-in-the-middle attack to compromise a network and extract passwords (see "AppleShare Encryption Security Flaw Discovered" in TidBITS-719).

<http://db.tidbits.com/article/07563>

The fix warns users when they have set their AppleShare options to use SSH when an SSH connection is unavailable. While users still can't manage SSH fingerprints and other methods of handling these kinds of secure connections, the small percentage of people relying on AppleShare over SSH are now in a better position to be alert to possible compromises.

In testing, I was unable to create an AppleShare-over-SSH session between two Mac OS X 10.3.4 systems over the Internet or on the same local network with SSH correctly enabled and with no firewalls in place. However, I could mount an AppleShare volume from a Mac OS X Server running 10.3.4 using SSH with no problem.

The other, unrelated, problem is a potential threat that could disrupt the Internet's various backbone and high-level routers (see "Serious TCP Weakness Identified" in TidBITS-727). While it looks like that threat has not materialized yet due to diligence by the operators of that equipment, the same flaw is present in personal computers where it has much less risk of being exploited.

<http://db.tidbits.com/article/07648>

Apple notes in the security improvements description attached to 10.3.4 that the release "provides better handling of out-of-sequence TCP packets." This may or may not signify that they've mitigated this problem in Apple products - it's unclear at this point.

<http://docs.info.apple.com/article.html? artnum=61798>

 

PDFpen for iPad & iPhone, version 2 — it’s your mobile office.
Experience pro-level features like iCloud Drive, palm protection,
a new easy-to-use iOS 8 interface and more! Get full-featured PDF
editing power in a mobile app today! <http://smle.us/pdfpen2-ios-tb>