Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling Take Control ebooks.

 

 

Pick an apple! 
 
Open Links from Mail in the Background

Tired of switching back and forth between Mail and your Web browser every time you click a link in a TidBITS issue or other email message? Here's an easy workaround. Hold down the Command key when you click links in Mail to open them in your browser without switching away from Mail. That way you can keep reading in Mail and then read all the Web pages you've opened.

 

 

Related Articles

 

 

Apple Fixes Two Security Holes

Send Article to a Friend

Apple fixed two security gaps in the recent Mac OS X 10.3.4 release, and although they aren't at the level of the URL scheme failure documented in our last issue and now addressed by Security Update 2004-06-07 (covered earlier in this issue), it's worth mentioning a few details.

The first problem involved encrypted connections for AppleShare servers using the SSH (Secure Shell) protocol. These connections didn't work in Mac OS X 10.3 through 10.3.2, and were implemented in 10.3.3 in a manner that could allow a man-in-the-middle attack to compromise a network and extract passwords (see "AppleShare Encryption Security Flaw Discovered" in TidBITS-719).

<http://db.tidbits.com/article/07563>

The fix warns users when they have set their AppleShare options to use SSH when an SSH connection is unavailable. While users still can't manage SSH fingerprints and other methods of handling these kinds of secure connections, the small percentage of people relying on AppleShare over SSH are now in a better position to be alert to possible compromises.

In testing, I was unable to create an AppleShare-over-SSH session between two Mac OS X 10.3.4 systems over the Internet or on the same local network with SSH correctly enabled and with no firewalls in place. However, I could mount an AppleShare volume from a Mac OS X Server running 10.3.4 using SSH with no problem.

The other, unrelated, problem is a potential threat that could disrupt the Internet's various backbone and high-level routers (see "Serious TCP Weakness Identified" in TidBITS-727). While it looks like that threat has not materialized yet due to diligence by the operators of that equipment, the same flaw is present in personal computers where it has much less risk of being exploited.

<http://db.tidbits.com/article/07648>

Apple notes in the security improvements description attached to 10.3.4 that the release "provides better handling of out-of-sequence TCP packets." This may or may not signify that they've mitigated this problem in Apple products - it's unclear at this point.

<http://docs.info.apple.com/article.html? artnum=61798>

 

PDFpen for iPad & iPhone, version 2 — it’s your mobile office.
Experience pro-level features like iCloud Drive, palm protection,
a new easy-to-use iOS 8 interface and more! Get full-featured PDF
editing power in a mobile app today! <http://smle.us/pdfpen2-ios-tb>