Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling Take Control ebooks.

 

 

Pick an apple! 
 
Edit Remote Files in Your Favorite Utility with Fetch

If you use the Fetch FTP client and want to, for instance, edit remote .html files with one application but .css files with another, you can set this up easily: In Fetch, select a .html file and click the Get Info button on the toolbar. In the Get Info window, in the Transfer Option section, choose your desired program from the "Edit files like this with" pop-up menu. Repeat the procedure for a .css file, and you're ready to go!

Visit Fetch Softworks

 

 

Related Articles

 

 

Wireless Driver Hack Could Target Macs and Windows

Send Article to a Friend

A potentially serious exploit of Mac OS X's wireless networking hardware drivers has had a very limited demonstration. The exploit, which apparently relies on a flaw at the lowest level of the drivers' interaction with Mac OS X's kernel, has not yet been independently confirmed, nor has Apple released a statement on the matter. The flaw, if proven, could allow an attacker to gain root access privileges via Wi-Fi.

Researchers Jon Ellch and David Maynor found the flaw in Apple's Intel-based Macs running Mac OS X and in PCs running Windows XP using certain Wi-Fi adapters, and presented their findings at the Black Hat USA 2006 Briefings last week. They declined to show the exploit live to avoid giving out details that could be turned into a security threat in the wild.

The researchers maintain that the flaw can affect any Wi-Fi equipped computer as noted above, regardless of whether the computer is actively connected or connecting to a network, and the exploit does not involve a rogue access point - one that attempts to fake an identity to get a connection from a client.

The videotape that the researchers showed didn't demonstrate that. The researchers connected what appears to be a covered-up USB device to a MacBook, which is then connected to a network running on a Linux computer. They then show files being manipulated on the desktop but no other attack being carried out.

There is lively discussion at the Washington Post's Security Fix blog about whether this is just a rigged demo or a real event, although beware the personal abuse directed at the blog's writer, Brian Krebs. (Many are taking this attack against a MacBook personally. Surprise, surprise.)

According to two experts TidBITS has heard from, the videotape is inconclusive and could be either a staged stunt or a real exploit. Jim Thompson, a veteran Wi-Fi engineer and security expert, is dubious, and he explains why in great technical detail. Security expert Rich Mogull, research vice president at Gartner, said that the exploit is credible and that it's possible that similar exploits on multiple platforms developed independently are already in the wild. Mogull has seen reports that a similar exploit may have been used at a recent conference that he declined to identify for security reasons. The researchers who presented at Black Hat are taking significant precautions to prevent their particular research from getting out of their grasp, he said.

Lending credence to this potential flaw was the release by Intel in July of driver updates for three of their Centrino wireless products. Notes for the release label the patch for their oldest adapter (an 802.11b-only model) as having an exploit that could allow a "malformed frame," a packet-like chunk, to allow a hacker to gain control of a machine. Two newer adapters seem to have a severe, but less frightening flaw. Mogull said that these Intel patches show that this kind of exploit is not an unknown issue.

As noted, there is no confirmation of this exploit from anyone who has seen the actual attack carried out in person, no separate validation of the attack from third parties using different equipment and the same approach, and no public response from Apple, Intel, or Microsoft, despite the firmware patches from Intel. There is also no identified attack of this sort in the wild.

At the moment, our suggestion is not to worry. The likelihood of this flaw being exposed, becoming widespread, and threatening your particular machine over the period of time it might take Apple to issue a patch is extremely remote. The exploit also appears to be limited to Intel-based computers at the moment, making it even less of a concern for many Mac users.

We'll update this story as details become available, but if Apple releases a security update that describes a fix for a malformed frame and you travel around with your MacBook or MacBook Pro, you should consider installing it as soon as is practical.

 

Make friends and influence people by sponsoring TidBITS!
Put your company and products in front of tens of thousands of
savvy, committed Apple users who actually buy stuff.
More information: <http://tidbits.com/advertising.html>