Take Control 50% Off Sale for TidBITS 14th Anniversary — While we were in Hawaii last week for my sister’s wedding, TidBITS celebrated 14 years of continuous publication. Who knew a teenage electronic publication could throw such a big party while its parents were away? Anyway, we’re marking the occasion officially this week with a half-off sale on our Take Control ebooks about Mac OS X 10.3 Panther. If you’ve been hesitant to upgrade from Jaguar, if you’d like to customize Panther to make it work exactly the way you want, if users and accounts in Mac OS X befuddle you, or if you want to make sure you’re using the best and most secure methods of sharing files, our ebooks not only contain the information you need now, but also include free minor updates. Through Friday, 30-Apr-04, use coupon code CPN40426TB14 to take 50 percent off your entire order, whether you order a single ebook or all four. [ACE]

<http://www.tidbits.com/takecontrol/>

Apple Releases Faster iBooks and PowerBooks — Apple refreshed its entire laptop line last week with the release of improved iBooks and PowerBooks. The entry-level 12-inch iBook, at $1,100, contains a 1 GHz PowerPC G4 processor, 512K of L2 cache running at 1 GHz, 256 MB of RAM, and a 30 GB hard drive. A 14-inch model, at $1,300, shares the same specs as the 12-inch, with the exception of a 40 GB hard drive (and the larger screen, of course!). The high-end 14-inch iBook, at $1,500, features a 1.2 GHz PowerPC G4 processor, a 60 GB hard drive, and AirPort Extreme built in (AirPort Extreme is available as an option on the other two iBooks). All iBooks include an ATI Mobility Radeon 9200 graphics processor with 32 MB of video memory, along with a Combo drive (DVD-ROM/CD-RW); the two 14-inch models offer a build-to-order option for a SuperDrive (DVD-R/CD-RW), which runs at 4x speed (compared to previous 2x SuperDrives for laptops). The iBooks can now also support up to 1.2 GB of RAM, versus the 768 MB limit of the previous generation.

<http://www.apple.com/ibook/>

The PowerBook line leapfrogs the previous generation’s speeds with 1.33 GHz PowerPC G4 processors on the two 12-inch models and one 15-inch model, and 1.5 GHz processors for a second 15-inch configuration and the still-enormous 17-inch model. Starting at $1,600, the 12-inch PowerBook includes 256 MB of RAM, a 60 GB hard drive, and a Combo drive; for $200 more, the other 12-inch configuration adds the 4x SuperDrive. They also include Nvidia GeForce FX Go5200 graphics processors with 64 MB of video memory, and a FireWire 400 port. The 15-inch Combo drive model, at $2,000, adds a FireWire 800 port, the ATI Mobility Radeon 9700 graphics processor with 64 MB of video memory, and a 4x SuperDrive. Moving up to the top of the 15-inch pile, the $2,500 configuration features 512 MB of RAM, an 80 GB hard drive, and the now-famous backlit keyboard. For $300 more, the 17-inch model offers the same specifications as the top 15-inch model, but with a who-cares-about-plasma-displays beautiful 17-inch screen. All PowerBooks feature built-in AirPort Extreme and Bluetooth, 512K of L2 cache, and now use 333 MHz PC2700 memory across the board. [JLC]

<http://www.apple.com/powerbook/index12.html>

<http://www.apple.com/powerbook/index15.html>

<http://www.apple.com/powerbook/index17.html>

eMacs Get Speed Bump, Price Drop — Last week, Apple Computer also revised the eMac, its most affordable Macintosh computer. The eMac still sports a white, all-in-one design with a 17-inch CRT-based display capable of resolutions up to 1280 by 960 pixels (leaving it the only picture tube in Apple’s otherwise all flat-screen lineup). But Apple’s revved up the internals: the eMac now sports a 1.25 GHz G4 processor, 333 MHz PC2700 RAM, an ATI Radeon 9200 graphics controller with 32 MB of video memory, three USB 2.0 ports, and either a 40 GB hard drive and a 32x Combo drive (DVD-ROM/CD-RW) or an 80 GB hard drive and an 8x SuperDrive (DVD-R/CD-RW). The revised eMacs are available immediately starting at $800 for the Combo drive model, and $999 for the SuperDrive-equipped model; eMacs are also available at reduced prices to education customers in the U.S. and Canada through Apple’s Store for Education, along with a bare-bones model with no optical drive. Build-to-order options include AirPort Extreme wireless networking, an internal Bluetooth module, up to 1 GB of RAM, and larger hard drive capacities; eMacs ship with Apple’s iLife ’04 collection of digital media applications, AppleWorks, Quicken 2004, WorldBook Encyclopedia, and Tony Hawk’s Pro Skater 4. [GD]

<http://www.apple.com/emac/>

<http://www.apple.com/education/store>

<http://www.apple.com/ilife/>

Apple Posts $46 million Q2 Profit — Apple Computer announced a $46 million profit for its second operating quarter of 2004, based on revenue of $1.9 billion and sales of nearly 750,000 Macs and over 800,000 iPods. International sales accounted for 43 percent of the quarter’s revenue, and gross margins were a still-substantial 27.8 percent. The quarterly profit takes into account a $7 million restructuring charge; Apple will likely incur restructuring charges next quarter as well, as the company announced plans to further streamline processes by shutting down its Sacramento, California, manufacturing facility and moving those operations to a supplier in southern California. Nonetheless, Apple remains in good financial shape, having completed its third quarter of double-digit revenue expansion, keeping $4.6 billion in cash on hand, and having no corporate debt. [GD]

<http://www.apple.com/pr/library/2004/apr/ 14results.html>

<https://tidbits.com/getbits.acgi?tbart=07553>

Last week’s release of new iBook, PowerBook, and eMac models (see the coverage earlier in this issue) garnered most of the Apple-related attention, but a few significant updates to the company’s wireless networking efforts – both software and hardware – are worth mentioning.

Power over Ethernet Base Station — Apple has quietly released a third model of its AirPort Extreme Base Station designed for the education and corporate markets (model M9397LL/A). The new model supports Power over Ethernet (PoE), a way of providing electrical power to the base station without a separate AC power cable. PoE was "exactly what our education customers were asking us for," said an Apple spokesperson. "They unwire the campuses and they want to put the base stations up in the ceiling area." The unit also has a Plenum rating, which conforms to a building code standard that reduces dangerous offgassing during fires.

<http://www.apple.com/airport/specs.html>

With Power over Ethernet, also known as IEEE 802.3af, you can power a base station entirely through an Ethernet cable. The DC power is fed over wires in the cable that aren’t used for data. Increasingly, Ethernet switches come equipped with Power over Ethernet as an option: you plug in the Ethernet cable, and it automatically powers the unit. With more sophisticated switches, you can power-cycle a device through the switch’s interface instead of having to find it and manually unplug its power adapter.

The new model costs $250, and includes an external antenna jack but no modem. The other $250 model lacks the Plenum rating and PoE support, but includes both modem and external jack. The cheapest model, at $200, lacks modem, PoE, Plenum, and jack. (Once again, I long for coherent model numbers.) The AirPort Extreme Base Station with PoE is also available in packages of five for $1,000 to the education market only, a savings of $51 per gateway, or substantially more than the existing educational discount for single-unit purchases. Currently, however, the new base station is not available for sale at Apple’s online store.

AirPort 3.4 and AirPort Management Tools 1.0 — Apple also released AirPort Software 3.4 for Mac OS X 10.3, which includes new AirPort Extreme Firmware 5.4 for the base station. This release adds some monitoring and logging options to the base station and apparently improves some Wi-Fi Protected Access (WPA) issues, as well as offering options to control the signal gain of external antennas. Unfortunately, we can’t recommend AirPort 3.4, as we’ve seen reduced performance and reception (even with a PowerBook located six feet from an upgraded base station). As we were putting this issue to bed, Apple released AirPort 3.4.1, which – on a very quick look – seems to resolve the performance and reception problems introduced by 3.4.

<http://www.apple.com/support/downloads/ airportupdate.html>

<http://www.apple.com/support/downloads/ airportextremefwupdate.html>

Apple also briefly released AirPort Management Tools 1.0, a pair of utilities that let you monitor and configure the settings of many base stations simultaneously and monitor live performance feedback. However, the tools were removed from Apple’s site later the same day.

Bluetooth Firmware Updater 1.1 — Lastly, Apple updated its implementation of the other prominent wireless networking technology by releasing Bluetooth Firmware Updater 1.1. The update improves Bluetooth keyboard and mouse support by initializing the Bluetooth driver earlier in the startup process so that you can press keys that control how startup completes from the Apple wireless keyboard. It’s also supposed to improve Bluetooth connectivity; although the release notes aren’t specific, I’m guessing that could mean improvements in how the adapter supports Bluetooth 1.2, which mitigates interference between AirPort Extreme and Bluetooth which work over the same frequency range. Apple says that applying the update to a D-Link USB adapter will "make it incompatible with non-Macintosh systems."

<http://www.apple.com/support/downloads/ bluetoothfirmwareupdater.html>

At this year’s NAB (National Association of Broadcasters) show in Las Vegas, Apple expanded its professional line of video applications to embrace the next significant evolution in desktop video editing: HD, or high-definition video. Final Cut Pro, DVD Studio Pro, and Shake all received upgrades, but a new application, Motion, gained the most attention from showgoers and digital video professionals.

<http://www.nab.org/>

<http://www.nabshow.com/>

Motion — Motion is Apple’s new motion graphics application. Think of it as Adobe Photoshop for moving images, a tool that creates special effects and snazzy titles on top of video. Motion can animate objects on the screen, apply effects, generate particles (such as fire, smoke, or even just types of lights), and composite layers so they appear to be in the same scene. Basically, if you need some sort of visual effect that isn’t present in your original footage or offered by Final Cut Pro, Motion is your solution.

<http://www.apple.com/motion/>

Or, rather, Motion is your Apple-branded solution. Adobe After Effects all but pioneered these capabilities and remains the dominant motion graphics application on the Mac or Windows. Shortly after premiering Motion at NAB, attendees began voicing the obvious question: is this Apple’s After Effects killer? Final Cut Pro ran Adobe Premiere off the Mac platform altogether – is Motion a new prong in the same offensive? For now, Apple is playing nice. Apple representatives are positioning Motion as just another tool in the motion graphics toolbox, since video artists tend to use several programs in conjunction with After Effects.

<http://www.adobe.com/products/aftereffects/>

<http://www.digitalpostproduction.com/articles/ viewarticle.jsp?id=25159-0>

Motion’s signature difference from After Effects is its real-time design engine, which plays back in real time without the need to render the footage first. In many cases, Motion is capable of incorporating changes and added elements during playback, much the way you can add loops to a GarageBand song without stopping the music that’s already playing.

Motion also introduces behaviors, preconfigured types of motion that let you animate objects or text by dragging & dropping them, without keyframing each individual movement. You can then go in and modify the behavior settings to customize the motion (again, seeing the alterations in real time). Motion includes over 40 behaviors, including simulations that react with surrounding objects such as gravity, vortex, attract, and repel.

In the spirit of speeding things up, Apple also incorporated 40 gestures to be used with a digital tablet and stylus that act as shortcut keys. For example, draw a circle and bisect it from top to bottom to choose the Zoom tool.

As you might expect, all of this real-time functionality requires a lot of computational power. Apple’s system requirements call for at least an 867 MHz PowerPC G4 or G5 processor and 512 MB of RAM. However, the recommended system is a dual 2 GHz Power Mac G5 with 4 GB of RAM or more. Your Mac’s video card is also extremely important, with Motion calling for an Nvidia GeForce FX 5200 Ultra, ATI Mobility Radeon 9600, or ATI Radeon 9600, 9700, or 9800 Pro – the latter being the recommended configuration. No doubt some designers looking to get in Motion will also need to factor the costs of upgrading their hardware, too.

<http://www.apple.com/motion/specs.html>

However, Apple is making the program compelling by pricing it at $300, which is $400 cheaper than After Effects 6.5 Standard and $700 cheaper than After Effects Professional 6.5. Apple says Motion will be available this summer, which we take to mean sometime before September.

Final Cut Pro HD — Also announced, and now shipping, was Final Cut Pro HD, a free update for current Final Cut Pro 4 owners that brings improved HD support to the nonlinear video editor. Although Final Cut Pro has previously supported HD editing, the new version offers real-time editing of up to four streams of HD video, and RT Extreme for HD for real-time playback of effects, transitions, and composited video. Using the DVCPRO HD codec, the footage captured from the camera isn’t recompressed when it is imported into Final Cut, edited, and exported back out via FireWire. Final Cut Pro HD also supports the use of an Apple Cinema Display for previewing in HD format, saving editors the need to buy a more expensive high-definition television or monitor for viewing the playback.

<http://www.apple.com/finalcutpro/>

Final Cut Pro HD costs $1,000 for the full version, or $400 for an upgrade from Final Cut Pro versions 1 through 3. Final Cut Pro 4 owners can download a free updater by providing their name, email address, and serial number.

<http://www.apple.com/finalcutpro/download/>

Shake 3.5 — If your big-budget Hollywood film is entering post-production, you may be happy to learn that Shake 3.5 is also now available. The improvements to Apple’s compositing software (which, as Apple is quick to point out, has been used on the last seven movies to win the Oscar for best visual effects, including Lord of the Rings) include shape-based morphing and warping features. The full version of Shake 3.5 costs $3,000, but owners of version 3 can upgrade for only $800. Linux and IRIX users can also purchase a compatible version of Shake 3.5 for $5,000, with an annual maintenance fee of $1,500.

<http://www.apple.com/shake/>

DVD Studio Pro 3 — When DVD Studio Pro 2 was announced at NAB last year, it marked a dramatic departure for the DVD creation application, as version 2 was almost a complete rewrite from version 1.5. This year’s update isn’t quite as dramatic, but certainly welcome for DVD professionals. DVD Studio Pro 3 adds a new graphical view for seeing a project’s structure; and alpha transitions, an improved method of moving between menu screens, which can be custom-built in Motion or After Effects. Support for DTS 5.1 audio is also included. The full version of the program costs $500; upgrades from version 1.x or 2.0 cost $200. DVD Studio Pro 3 is expected to begin shipping in mid-May.

<https://tidbits.com/getbits.acgi?tbart=07142>

<http://www.apple.com/dvdstudiopro/>

Xsan — The last big NAB announcement from Apple was Xsan, a storage area network (SAN) that lets multiple computers access massive amounts of data. If you thought a single Xserve RAID was impressive – with its puny 3.5 terabytes of storage – consider multiple Xserve RAIDs linked together via Fibre Channel to store huge quantities of video data (for example) and to transfer that data fast enough so that multiple people can access it simultaneously. Xsan will ship sometime in the next six months ("later this fall," according to Apple) for $1,000.

<http://www.apple.com/xsan/>

<http://www.apple.com/xserve/raid/>

Integration and Expectation — Motion isn’t an After Effects killer, at least not in its current incarnation, but Motion is certainly aimed at catching up to the competition. In fact, Apple is following in Adobe’s footsteps somewhat. Adobe realized a few years ago that one of its key strengths was the way its applications worked together: someone who uses Photoshop is more likely to use GoLive or Illustrator if they can make a change in one program and see it reflected in the others.

With Final Cut Pro HD, Motion, and DVD Studio Pro 3, Apple is implementing the same type of round-trip integration between its professional video applications that Adobe has (and which Apple has taken advantage of to a certain degree in its iLife suite). Motion may end up not needing to compete directly with After Effects on a feature-by-feature basis as long as it competes well enough for the editors and designers who only need most of After Effects’s capabilities.

What remains clear in the thick of these releases is that Apple is continuing its aggressive push into the professional video market. Motion earned a Best of Show award at NAB, a conference where Apple traditionally hasn’t been the dominant vendor in the room. From here on out, obviously, Apple aims to be in that position.

We’ve become accustomed to being in a constant state of emergency on the Internet. Stories appear about the potential for massive disruption of the Internet and we file them away as more hype that never materializes, like the Y2K threat. Unfortunately, the latest very technical – but very real – short-term threat to the Internet shouldn’t be dismissed so easily.

Paul Watson, an information security specialist in Milwaukee, Wisconsin, has discovered and demonstrated that a previously known weakness in the integrity of how data flows between two connected systems over TCP, the lingua franca of the Internet, can be exploited up to a billion times more easily than suspected as recently as three years ago.

<http://www.uniras.gov.uk/vuls/2004/236929/>

<http://www.us-cert.gov/cas/techalerts/TA04- 111A.html>

While this flaw might not ever touch your personal computer – and Microsoft has already said they don’t plan to patch Windows XP – it has a small potential to hurt less-sophisticated segments of the Internet, and a medium-to-high potential of disrupting corporate and academic networks and internal ISP networks.

A Lurking Weakness — TCP and its cousin UDP are specifications for bundling data (protocols) that sit in the transport layer of the abstract model of networking: they deal with delivering data of varying kinds. When you transmit a length of data, like a file, it has to be broken into smaller pieces or packets, labeled with a destination address, and then handed off over a physical medium like Ethernet, Wi-Fi, or a DSL line for transportation.

Application protocols, such as HTTP (for Web pages) and FTP (for file transfer), work above TCP and UDP. HTTP requests, for instance, are broken down into TCP packets. IP (Internet Protocol) sits below TCP and allows TCP packets to be addressed to particular recipients.

To create a connection between two points on the Internet to carry out any task, the sender initiates a TCP connection over IP to the other point. If the receiver is listening at a particular location, a numbered local address known as a TCP port (kind of like an apartment in an apartment building), and it likes what it hears from the sending point, a connection is opened in both directions.

Because the Internet always has many paths by which packets may be sent from one point to another, TCP packets can be received and reassembled in any order with some constraints. A sending and a receiving machine negotiate how many packets they send in a given chunk or window. When two machines agree that four packets will be sent, packets 1 through 4 could arrive as 3, 1, 2, 4 or 4, 3, 2, 1, or even 1, 2, 3, 4 and be reassembled into the original order.

If the receiver misses a packet, it can ask for a retransmission depending on the packet’s particular data type and protocol. (Some data types, like streaming media, tolerate omissions; others handle retransmission at a layer above TCP.)

The initial number in a sequence isn’t 1, however; instead, it is derived from an extremely large potential set (2 raised to the 32nd power) and created in a more or less random fashion. Any attempt to tamper with a given stream of data from one point to another must be able to generate an appropriate sequence number that’s not a duplicate, as duplicates are typically ignored, and that falls within the range of the chunk size or "window" that the sender and receiver negotiated.

Here’s the weakness: the faster the connection between the two machines, the bigger the window, the longer the sequence, and the fewer tries it can take to generate a packet that has a sequence number that’s unique and that the receiving device will accept. The trick is that any sequence number that’s legitimate for the entire length of the window can be generated and accepted.

Before 2001, researchers thought this didn’t pose a problem. They viewed it as a guess-what-number-I’m-thinking game, where the number guessed turned out to always be wrong.

In 2001, researchers discovered new information about the problem that made them change the game. It became, "I’m thinking of a number between one and four billion." It would take four days to four years to win that game randomly, they said.

Now, however, the latest weakness could be stated as, "I’m thinking of a billion numbers between one and four billion. Guess any one of those." Computationally, it’s a much easier problem to solve, with probabilities as high as 1 in 4.

If an attacker gains the ability to insert arbitrary packets in the data stream, he can send a packet set with a connection reset or synchronize flag. In the former case, this disrupts the connection entirely; in the latter, it can cause backing-off behavior that makes it less and less likely that any packets would be accepted from the legitimate sender over longer periods of time, even hours with some routers.

This exploit requires that the source and destination IP addresses are spoofed, which is a technique that dates back to 23-Jan-95. Spoofing lets you create packets containing arbitrary addresses. Smart ISPs and companies and router firms have patched or modified their configurations long ago (or changed the default out of the box configuration) to avoid this. But spoofing is still a widespread problem because of the computational load it adds to routers.

<http://www.cert.org/advisories/CA-1995-01.html>

<http://www.cert.org/advisories/CA-1996-21.html>

With this capability in hand, crackers could use distributed denial of service attacks using machines all over the world that have been hijacked through worms and viruses and turned into zombies for running these sorts of attacks. The machines would need to be on networks on which IP spoofing hasn’t been protected against. But given a large enough pool of machines, there are likely to be millions that meet those characteristics, and a tiny number is ultimately all that’s needed to perform massive top-level disruption.

Paul Watson, in his research, showed that it could require as little as 15 seconds to exploit this weakness on a router or other system connected via a T1 line.

What Can Be Done about It? Fortunately, when this latest exploit was discovered, secret meetings took place among government and industry officials in several countries to try to patch the problem before it could be exploited at the highest levels of the Internet.

While the explanations quickly become ridiculously complicated for those of us who don’t specialize in Internet protocols, several solutions are available.

• Disable spoofing. There are still routers that allow packets to arrive from the Internet with addresses that indicate they should only have arrived from the local network, and to pass packets from the local network with addresses that can only be located elsewhere. These routers must be upgraded; if they can’t be, they have to be replaced.

• Obscurity. It’s been recommended that information about top-level routers be made harder to obtain. If you don’t know the appropriate IP number, you can’t attack the device. However, techniques as simple as using the traceroute program (built into almost all Unix, Linux, and BSD distributions, among other operating systems) can show the sequence of certain routers between any two points.

• Reduce the sequence window length. With shorter sequences, you lose efficiency on very fast connections, but you dramatically increase the amount of time (from seconds to years) necessary to inject reset and synchronize packets of the right type.

• Secure connections. The IPSec encryption standard can be used to secure connections between two devices, whether routers or computers, and ensure that any packets received are cryptographically verified before they’re acted on.

• Sign packets with a digital signature. It’s already possible to attach a signed checksum to each packet as it leaves a router on its way to a destination, which can allow the receiving device to confirm the integrity of that packet.

  
  

So, Will the Internet Collapse? It’s highly likely that network attackers armed with this information are building tools right now, and that attacks will be launched. It’s also highly likely that these attacks will be successful on machines belonging to people who are napping. The most vulnerable parts of the Internet – unpatched, insecure, spoofable segments – will drop off until the operators of those segments figure out the difference between their heads and a packet in the ground.

Individual machines, while they could be affected, are unlikely targets, but they are likely to be turned into weapons by crackers from previous virus or worm infections. But the solutions that fix this problem at higher Internet levels will protect against most of the methods by which this attack can be carried out.

In university networks, which have lots of trust and many different kinds of users, there’s a high likelihood that without proper internal controls, malevolent souls will be able to disrupt operations, even if the university has the right fixes on their Internet routers.

Likewise, within companies that allow any outside access and on Internet service provider networks in which local checks might be less sophisticated or severe than checks outside the local network, disruption is a possibility and might be hard to track down.

Long term, as always, the Internet will route around problems. Areas that can’t be reached may go dark, but it’s a short-term problem that requires upgrades and intelligence, not a reworking of the Internet.

PayBITS: Was Glenn’s explanation of the TCP weakness helpful?

Consider thanking him with a few bucks via PayPal!

<https://www.paypal.com/xclick/ business=glenn%40glennf.com>

Read more about PayBITS: <http://www.tidbits.com/paybits/>

As before, the second URL below each thread description points to the discussion on our Web Crossing server, which will be much faster, though it doesn’t yet use our preferred design.

<http://emperor.tidbits.com/TidBITS/Talk/>

Intego Trojan Warning — Readers discuss Intego’s press release about the MP3Concept Trojan horse. (26 messages)

<https://tidbits.com/getbits.acgi?tlkthrd=2215>

<http://emperor.tidbits.com/TidBITS/Talk/77>

.Mac: under-used or under-documented features? What would .Mac need to do to be more worth its $100 yearly price tag? (4 messages)

<https://tidbits.com/getbits.acgi?tlkthrd=2179>

<http://emperor.tidbits.com/TidBITS/Talk/40>

Eudora 6.1 comments — Eudora 6.1 was released recently, but how much of an update is it? (4 messages)

<https://tidbits.com/getbits.acgi?tlkthrd=2219>

<http://emperor.tidbits.com/TidBITS/Talk/84>

Mac Anti-Virus Programs — With the appearance of a theoretical Trojan horse appearing on the Macintosh earlier this month, readers wonder which utilities are up to the task of defending our Macs from malicious software. (13 messages)

<https://tidbits.com/getbits.acgi?tlkthrd=2220>

<http://emperor.tidbits.com/TidBITS/Talk/85>

Squeezebox — Right after our review, Slim Devices dropped the price to $200 for the wired Squeezebox and $280 for the wireless unit. Prices in the UK have dropped as well. (2 messages)

<https://tidbits.com/getbits.acgi?tlkthrd=2221>

<http://emperor.tidbits.com/TidBITS/Talk/86>