Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling Take Control ebooks.

 

 

Pick an apple! 
 
Type Faster by Competing in Races

A fun way to improve your typing speed and accuracy is to join an online typing competition at typrX. This typing competition keeps track of your typing speed, while allowing you to compete against other people, either around the world in public races or with friends in private races. To set up a private race with your friends, follow these simple steps.

  • Once you have a typrX account, click the Create Private Race button on the front page and you’ll be taken to the private race page.
  • From there, copy the track code URL and send it to the friends you want to join the race.
  • You can click the Delay Countdown button to add 10 seconds to the clock if you are waiting on your friend to join the race.

Visit typrX

 

 

Related Articles

 

 

Wireless Driver Hack Could Target Macs and Windows

Send Article to a Friend

A potentially serious exploit of Mac OS X's wireless networking hardware drivers has had a very limited demonstration. The exploit, which apparently relies on a flaw at the lowest level of the drivers' interaction with Mac OS X's kernel, has not yet been independently confirmed, nor has Apple released a statement on the matter. The flaw, if proven, could allow an attacker to gain root access privileges via Wi-Fi.

Researchers Jon Ellch and David Maynor found the flaw in Apple's Intel-based Macs running Mac OS X and in PCs running Windows XP using certain Wi-Fi adapters, and presented their findings at the Black Hat USA 2006 Briefings last week. They declined to show the exploit live to avoid giving out details that could be turned into a security threat in the wild.

The researchers maintain that the flaw can affect any Wi-Fi equipped computer as noted above, regardless of whether the computer is actively connected or connecting to a network, and the exploit does not involve a rogue access point - one that attempts to fake an identity to get a connection from a client.

The videotape that the researchers showed didn't demonstrate that. The researchers connected what appears to be a covered-up USB device to a MacBook, which is then connected to a network running on a Linux computer. They then show files being manipulated on the desktop but no other attack being carried out.

There is lively discussion at the Washington Post's Security Fix blog about whether this is just a rigged demo or a real event, although beware the personal abuse directed at the blog's writer, Brian Krebs. (Many are taking this attack against a MacBook personally. Surprise, surprise.)

According to two experts TidBITS has heard from, the videotape is inconclusive and could be either a staged stunt or a real exploit. Jim Thompson, a veteran Wi-Fi engineer and security expert, is dubious, and he explains why in great technical detail. Security expert Rich Mogull, research vice president at Gartner, said that the exploit is credible and that it's possible that similar exploits on multiple platforms developed independently are already in the wild. Mogull has seen reports that a similar exploit may have been used at a recent conference that he declined to identify for security reasons. The researchers who presented at Black Hat are taking significant precautions to prevent their particular research from getting out of their grasp, he said.

Lending credence to this potential flaw was the release by Intel in July of driver updates for three of their Centrino wireless products. Notes for the release label the patch for their oldest adapter (an 802.11b-only model) as having an exploit that could allow a "malformed frame," a packet-like chunk, to allow a hacker to gain control of a machine. Two newer adapters seem to have a severe, but less frightening flaw. Mogull said that these Intel patches show that this kind of exploit is not an unknown issue.

As noted, there is no confirmation of this exploit from anyone who has seen the actual attack carried out in person, no separate validation of the attack from third parties using different equipment and the same approach, and no public response from Apple, Intel, or Microsoft, despite the firmware patches from Intel. There is also no identified attack of this sort in the wild.

At the moment, our suggestion is not to worry. The likelihood of this flaw being exposed, becoming widespread, and threatening your particular machine over the period of time it might take Apple to issue a patch is extremely remote. The exploit also appears to be limited to Intel-based computers at the moment, making it even less of a concern for many Mac users.

We'll update this story as details become available, but if Apple releases a security update that describes a fix for a malformed frame and you travel around with your MacBook or MacBook Pro, you should consider installing it as soon as is practical.

 

Automatic turns almost any car into a connected car. By pairing
Automatic’s connected car adapter with iPhone apps on
Automatic’s platform, drivers are able to drive safer and smarter.
TidBITS readers get 20% off all orders at <http://automatic.com/tb>