A new security update released by Apple closes a hole in its Keynote presentation application that would have allowed hackers to access files on a Mac.
2 days ago Apple put out their 3rd security update for the year. As always you should keep your OS up to date and apply security patches (this goes for you Windows users too). What I'm excited about with this release from Apple, is they are addressing the IDN phishing problem in the Safari web browser.
IDN stands for International Domain Names. The standard was created awhile back to allow other languages to use their native characters in their domain name (web address), as opposed to traditional Latin characters. The problem comes about with some "look alike" characters in other languages like Cherokee, Cyrillic, and Greek.
"For example, the Cyrillic letter "a" could be used in place of the Latin letter "a," making it difficult for a user to tell if they are at "www.apple.com" or a malicious imposter website that's designed to look like the real one." - taken from Apple's document on IDN.
So who else does this affect? Not Internet Explorer. Ironically, since Microsoft hasn't made any significant updates to IE, supporting IDN never came about. IDN seems to affect most younger browser, like FireFox and Safari as these types of browsers tend to follow and adopt standards. Mozilla released FireFox 1.0.1 on February 24th to address the IDN problem.
Do you have a Firewall? If so use it, if not, you better get one! A firewall is one of the best pieces of protection your can have. A firewall is typically referred to as a system or software that stands between you (computer or home network), and the open Internet.
Which type do I need, hardware or software?
If you have a single computer that connects to the Internet directly with a dial-up modem, DSL modem, or Cable modem, then you need to use a software (aka personal) firewall on each computer. If you have more than one computer on a home network, and you use a router to connect to your DSL or Cable modem, then you can get by with just the traditional hardware firewall that should be included on your router.
Where do I get it?
Software Firewalls are part of Windows XP and Mac OS X. Microsoft gives an overview of their included firewall, also note that if you are running SP2 (service pack 2) for XP, then your firewall should be on by default. If you don't have Windows XP (or want more features), then you can turn to other providers like Norton Personal Firewall, or Zone Labs. For the Mac users, Apple also has an overview of their included firewall.
Hardware Firewalls are typically built-in to your router like Linksys and NETGEAR. You can manage your firewall from the router's maintenance screens. Each manufacturer is different, but you typically use a web browser and go to the built-in IP address, check you manual for more information.
How do I use my firewall?
Actually turning on the firewall isn't the hard part. Most conflicts arise when you start to use certain applications and services that require specific ports your firewall is blocking. You then need to open up these ports to allow each application or service to work.
example: Kazaa Media Desktop requires port 1214
example: Apple iChat AV needs ports 5060, 5190, 5298, 5353, 5678, 16384-16403.
The best thing to do is to consult each application or service that isn't working with your firewall to see what ports you will need to open. Sometimes software firewalls can conflict with hardware firewalls, if you have a hardware firewall it is safe to disable your software firewall. Just remember if you take your laptop and connect to another network to re-enable your software firewall.
A number of Mac users have emailed us pointing out the lack of a Spyware Blocker application for the Mac. We aren't neglecting you, I promise! There just isn't a spyware problem for Macs right now.
Check out this article by Walt Mossberg in the Wall Street Journal. Walt says:
"The single most effective way to avoid viruses and spyware is to simply chuck Windows altogether and buy an Apple Macintosh."
Well with the Mac Mini starting at $499 that's not a bad option considering many people are willing to spend $159 or more from companies like Geek Squad, to fix their PC computers. If you are interested see Apple's Switch site.
As Apple gains in popularity and picks up market share, the Mac OS may become an attractive target for spyware distributors. We'll keep a very close eye on the Macintosh ecosystem, and if a spyware problem does emerge for Macs we will be certain to note it.
Just because there's currently not a spyware problem on the Mac, please don't take that to mean Mac users don't have to worry about protection at all. There are Mac viruses, security patches, firewalls, pop-ups, spam and other protection related topics we'll be sure to cover in future posts.
As a follow up to the prior news about AIM's Term of Service, CNET reports that AOL will update their TOS to clear up any confusion. You can read the revised AIM TOS here.
Ben Stanfield at his blog Thrashing Through Cyberspace has an interesting post regarding AOL's newly posted TOS (terms of service) for their popular AIM service. Ben highlights among other things, their new TOS says:
You waive any right to privacy - regarding the content of your instant messages.
eWeek's Ryan Naraine also wrote a similar article.
MacSlash mentions that this could have implications to iChat AV users too.
UPDATE: Some folks have pointed out (contrary to the above reports) that the TOS is over a year old and wasn't just recently updated. A search at the Internet Archive shows it was last updated on February 6, 2004. Also, some interpret the section in question as not to apply to the actual instant messages but to other content.
Best thing you can do is review the TOS and Privacy Policy of any company you are doing business with. Especially if you are concerned with your privacy. You decide what is best for you.
