TidBITS#719/01-Mar-04
=====================
Security issues reign supreme this week, with Glenn Fleishman
outlining security flaws in AppleShare and Adam looking at how
Panther's FileVault feature works - and how it should work. Glenn
also passes on news of an offline Wi-Fi hotspot locator, and Jeff
Carlson reveals more iChat AV tips. In the news, Eminem sues
Apple, we give away copies of Interarchy in DealBITS, and Salling
Clicker 2.1 and Now Up-to-Date & Contact 4.5.2 are released.
Topics:
MailBITS/01-Mar-04
DealBITS Drawing: Interarchy 7.0
AppleShare Encryption Security Flaw Discovered
Find Wi-Fi Hotspots without a Net Connection
More iChat AV 2 Tips
How FileVault Should Work
Hot Topics in TidBITS Talk/01-Mar-04
<http://www.tidbits.com/tb-issues/TidBITS-719.html>
<ftp://ftp.tidbits.com/issues/2004/TidBITS#719_01-Mar-04.etx>
Copyright 2004 TidBITS: Reuse governed by Creative Commons license
<http://www.tidbits.com/terms/> Contact: <[EMAIL PROTECTED]>
---------------------------------------------------------------
This issue of TidBITS sponsored in part by:
* Make friends and influence people by sponsoring TidBITS!
Put your company and products in front of tens of thousands of
savvy, committed Macintosh users who actually buy stuff.
For more information and rates, email <[EMAIL PROTECTED]>.
* READERS LIKE YOU! Help keep TidBITS great via our voluntary <------ NEW!
contribution program. Special thanks this week to Jerry Keller,
Michael Muller-Hillebrand, and Mark Miller for their support!
<http://www.tidbits.com/about/support/contributors.html>
* SMALL DOG ELECTRONICS: Xserve Sale! <------------------------------ NEW!
G4 Xserve 1.33 GHz DP Only $2785! G4 Xserve 1.33 GHz Only $1995
Xserve RAID 128 MB +128 MB Cache 720 GB/4x 180 GB Only $4299!
Visit: <http://www.smalldog.com/tb/> 802-496-7171
* FETCH SOFTWORKS: Is maintaining your Web site tedious? Use <------- NEW!
Fetch, the original Macintosh FTP client, and you can record
AppleScripts that automate repetitive uploads and downloads.
Get Fetch now at <http://fetchsoftworks.com/>!
* Discover, Master, and Unleash the Music in You!
The Big Mix from Aladdin Systems delivers nine awesome titles
in one complete audio package. Get the Big Mix for only $69.99.
<http://www.aladdinsys.com/store/tidbits/bigmix.html>
* Dr. Bott, LLC: We got into this business because we love
computer stuff. We now have the chance - the DUTY - to sit and
geek out with technology every day under the guise of "work."
And if it's cool enough, we sell it. <http://www.drbott.com/>
* Web Crossing: new Team Crossing 3.0 takes advantage of plug-in <--- NEW!
architecture and easy customization. Web Crossing-based Team
work-areas can add plug-ins for blogs, wikis, & more. Fast and
powerful. Try our demo! <http://www.webcrossing.com/tb-204>
* Bare Bones Software TextWrangler 1.5 -- General-purpose tool for <- NEW!
composing, modifying, and transforming text. Now with full
AppleScript support! US$49. For more info, to download a demo,
or to purchase a copy, visit <http://www.barebones.com/>.
---------------------------------------------------------------
MailBITS/01-Mar-04
------------------
**Eminem Rips, Mixes, and Burns Apple** -- Rap superstar Eminem
has filed a copyright infringement lawsuit in U.S. District Court
in Detroit against Apple Computer, also naming Viacom subsidiary
MTV and advertising agency TBWA/Chiat/Day as plaintiffs. The suit
alleges Apple used Eminem's Oscar-winning hit "Lose Yourself" in
an iPod advertisement without permission; the spot was shown on
MTV networks in 2003 and was available via Apple's Web site.
Eminem has scrupulously avoided national endorsement deals, and
claims that a fee possibly in excess of $10 million would be
required if he were to pursue such an arrangement. Although the
lawsuit does not specify damage claims, it notes that Eminem
(whose real name is Marshall Bruce Mathers III and who is suing
via his publishing company Eight Mile Style) would be entitled
to "exemplary damages" because of the high status the song has
achieved in popular culture. [GD]
<http://www.eminem.com/>
<http://www.mtv.com/>
<http://www.chiatday.com/>
**Salling Clicker 2.1 Adds Symbian Support** -- Salling Software
has released Salling Clicker 2.1, adding support for Bluetooth-
enabled smart phones that run the Symbian operating system (see
"Salling Clicker in Action" in TidBITS-694_). Salling Clicker 2.1
is now compatible with the Sony Ericsson P800 and P900, Nokia
3650, 6600, and N-Gage, and the Siemens SX1. On some models, the
new version of the remote-control software displays iTunes album
artwork on the phone's screen for the current playing song; pen-
based phones can control the cursor on your Mac. With version 2.1,
Salling has also rolled-in support for Bluetooth-enabled Palm OS
devices (which were previously run by a separate version of
Salling Clicker). The update is a 4.2 MB download, requires
Mac OS X 10.2.8 or later, and is free for existing customers;
a new license costs $20. [JLC]
<http://www.salling.com/>
<http://db.tidbits.com/getbits.acgi?tbart=07320>
**Rendezvous with Now Up-to-Date & Contact 4.5.2** -- Many fans of
Now Software's Now Up-to-Date & Contact stick with it because of
its capability to host calendars and contact information on shared
network servers. This feature gets a boost in version 4.5.2 with
its support of Rendezvous (also known as Zero Configuration
Networking) for more easily connecting devices on a network. The
update also adds support for Apple's new Xserve G5, and includes
stability enhancements. Now Up-to-Date & Contact 4.5.2 requires
Mac OS X 10.2 or later, and is a 17.6 MB download. [JLC]
<http://www.nowsoftware.com/>
<http://www.zeroconf.org/>
<http://www.apple.com/xserve/>
DealBITS Drawing: Interarchy 7.0
--------------------------------
by Adam C. Engst <[EMAIL PROTECTED]>
FTP, or File Transfer Protocol, is an easy-to-understand Internet
service, but providing a good interface and helpful add-ons has
meant that a good FTP program is disproportionately more powerful
than you'd expect. That's certainly true of Interarchy, one of the
longest-standing Internet programs still around (only Fetch, the
granddaddy of Macintosh FTP clients, has been around longer).
Interarchy does basic FTP, several forms of secure FTP, and HTTP,
and for all of them it offers a variety of scheduling, repeating,
and mirroring options. But Interarchy goes well beyond file
transfer with its network monitoring capabilities, which turn
it into an invaluable part of any network administrator's toolkit.
User reviews of Interarchy 7.0 have been stellar, with a number
of people on TidBITS Talk raving about the upgrade. Be sure to
check it out for yourself.
<http://www.interarchy.com/>
<http://db.tidbits.com/getbits.acgi?tlkthrd=2175>
In this week's DealBITS drawing, we're giving away five copies
of Interarchy 7.0, valued at $39 each. Those who aren't among our
lucky winners will receive a discount price. Enter at the DealBITS
page linked below, and be sure to read and agree to the drawing
rules on that page. As always, all information gathered is covered
by our comprehensive privacy policy. Lastly, check your spam
filters, since you must be able to receive email from my address
to learn if you've won.
<http://www.tidbits.com/dealbits/interarchy.html>
<http://www.tidbits.com/about/privacy.html>
AppleShare Encryption Security Flaw Discovered
----------------------------------------------
by Glenn Fleishman <[EMAIL PROTECTED]>
Computer safety firm SecurityFocus has discovered a highly
specific but important flaw in Apple's use of encrypted
connections for AppleShare, as well as flaws in the way passwords
are managed and encryption keys are confirmed. For certain users,
these flaws may require that they bypass some of Apple's built-in
security and encryption options in favor of more robust or less
convenient methods. Apple has not yet responded to the report.
<http://www.securityfocus.com/archive/1/355548/2004-02-25/2004-03-02/0>
**AppleShare via SSH** -- When you connect to an AppleShare server
(running Personal File Sharing or a Mac OS X Server) you can
choose to connect via SSH (Secure Shell), which encrypts the
password, all file transfers, and other data between your machine
and the AppleShare server. This connection requires that Remote
Login has been enabled on the AppleShare server.
The SSH option, first supported correctly in Mac OS X 10.3.2,
creates an encrypted link between a Mac initiating an AppleShare
file server connection and a Mac server running Mac OS X 10.3 or
Mac OS X Server 10.3. The AppleShare client on the initiating Mac
connects via the Remote Login service, which is Apple's name for
SSH. To enable or disable Remote Login, open the Sharing
preference pane and click the Services tab.
The SSH option for AppleShare is only available when connecting
to an AppleShare volume. Using Connect to Server in the Finder,
select a volume or enter a host name or other address. When you
click Connect, the login window offers an Options button. Click
Options and check the Allow Secure Connections using SSH option.
You can set this option as a default. (To learn more about
AppleShare file sharing under Panther, you can consult my book,
"Take Control of Sharing Files in Panther.")
<http://www.tidbits.com/takecontrol/panther/sharing.html>
**Four Thousand Holes in Blackburn AppleShare** -- The primary
flaw in AppleShare's use of SSH is simple: if a secure connection
via SSH cannot be made to the AppleShare server, the connection
is still made without the encrypted tunnel - and without warning.
This means that if you were expecting to send your password and
file transfers through an encrypted connection, you would be
sending this information in the clear without knowing it.
The SecurityFocus item was written by Chris Adams, a developer
at the Salk Institute who also noted a number of serious problems
with Apple's approach to encrypting passwords in AppleShare as
well. Some of these flaws require a cryptographer's understanding,
but that shouldn't understate the concerns of academic
institutions and others who rely on AppleShare for encrypted
passwords or encrypted connections.
In most SSH systems, an SSH client is prompted on its first
connection to an SSH server to confirm the server's identity.
This is performed through fingerprinting: the client software
shows a short sequence of numbers that uniquely prove the server's
identity. An astute user checks that fingerprint against one
provided for them by a server's operator or server software "out
of band": by phone, graphically on the server's screen, by fax,
or some other method that's not over the same connection. At the
very least, if the fingerprint ever changes, the user is alerted
that the server might have had its identity spoofed.
Adams points out that Apple uses a lax method of SSH key exchanges
for AppleShare sessions that avoids this complexity, but also
makes it possible for a man-in-the-middle attack, so called
because a network attacker could install server software on the
network that would masquerade as the AppleShare server a user
wanted to connect to. Because the user doesn't confirm the
identity of the server at the fingerprint level - and Apple
doesn't provide a facility for this in AppleShare - the man in the
middle can act like the server to the client and the client to the
server, effectively harvesting user names, passwords in the clear,
and other data, while transparently relaying information between
AppleShare clients and the real server to hide its own existence.
Adams suggests that Apple provide warnings when an SSH connection
is not available to allow a user to opt out of accidentally
creating an insecure connection. He also suggests that Apple
provide a graphical interface for SSH messages that would allow a
user to accept and associate encryption keys with known AppleShare
servers. This would prevent a man in the middle from successfully
fooling an AppleShare client into thinking that it was the server
itself.
Apple could follow PGP Corporation's lead in allowing server
encryption key fingerprinting while avoiding the complexity of
working with hexadecimal digits (the way such keys appear).
PGP's software for encrypting messages and virtual disks lets
you confirm another user's PGP key by assigning unique words to
each hexadecimal number from 0 to 255. My fingerprint for my PGP
key, for instance, starts "soybean drunken stormy uncut Oakland,"
very much like Beat poetry.
<http://www.pgp.com/>
Until Apple chooses a new approach for making its SSH connections
actually secure, those of you who use it need to consider three
options: make strong efforts to ensure your network's integrity,
switch to virtual private network (VPN) software (well handled in
Mac OS X 10.3 and Server 10.3), or create individual SSH tunnels.
None of these solutions is ideal, since they take more effort than
just checking a box in the current system.
Find Wi-Fi Hotspots without a Net Connection
--------------------------------------------
by Glenn Fleishman <[EMAIL PROTECTED]>
Need to find a place to connect to the Internet wirelessly,
but you're not currently online? Now you don't need to let this
Catch-22 leave your laptop digitally dry-docked: JiWire, a site
devoted to Wi-Fi hotspot listings and how-to articles, has just
released a free offline locator of public hotspot locations.
The JiWire Hotspot Locator works under Mac OS X 10.3, Linux (Red
Hat 9), and Windows XP, Me, and 2000. (Full disclosure: I'm a
senior editor at JiWire. I also link to them and they to me at
my independent Wi-Fi Networking News site.)
<http://www.jiwire.com/>
<http://wifinetnews.com/>
The locator lets you search all 28,000 worldwide locations in
JiWire's directory by city, state, country, connection type,
provider, or Zip code (or any combination of those factors). You
can also check a box to restrict the search to only free hotspots,
an increasingly popular phenomenon across the United States. The
locator includes a step-by-step guide to connecting to a Wi-Fi
network for each platform, helpful for users of nascent public
hotspot.
If you're using the locator while connected to the Internet, you
can click a link on each search result to see JiWire's contextual
maps, which also display other nearby hotspots. An update feature
checks for new hotspots and software updates each time you run
the locator.
Use of the JiWire directory is free, but it may display
advertising alongside listings in the future, as well as coupons
for special offers. The software does require registering for
a free My JiWire account on the company's site.
This is one of the first times I can recall that a Wi-Fi-related
product was available for Mac and Windows (not to mention Linux)
simultaneously. Boingo Wireless's Windows-only software for
finding and connecting to free and commercial locations is still
expected to appear on the Mac, but no date has been set.
<http://www.boingo.com/>
More iChat AV 2 Tips
--------------------
by Jeff Carlson <[EMAIL PROTECTED]>
A couple of weeks ago, I shared some tips from my new book, iChat
AV 2 for Mac OS X: Visual QuickStart Guide. You'd think that a
small, simple application such as iChat would be pretty flat, but
in fact Apple's engineers have tucked in a number of details that
are hard to find, or just plain clever. They also made it easy for
third-party developers to create add-on utilities that make iChat
more useful and fun. Here are some more tips from the book, and a
spotlight on a few utilities I use.
<http://db.tidbits.com/getbits.acgi?tbart=07544>
<http://www.amazon.com/exec/obidos/ASIN/0321237730/tidbitselectro00/nosim>
**Two Audio/Video Tips** -- Once you've established an audio chat,
you can minimize the chat window into the Dock to get the window
out of the way; click the yellow Minimize button, or press
Command-M. This works for video chats too, which is especially
good when you've initiated a one-way video chat because you only
see the video image of yourself (and talking to an image of
yourself is just weird).
Also, does the audio coming out of the built-in speakers of your
PowerBook G4 or iBook sound tinny or flat? This is by design: to
reduce audio feedback from the internal microphone, the sound from
audio and video chats comes out of the left speaker only, and in
mono. Connect a set of speakers or headphones to improve the
quality (though it's still mono).
<http://docs.info.apple.com/article.html?artnum=93214>
**Camcorder as Webcam** -- Although Apple would prefer that you
bought an iSight video camera, you can use a FireWire-connected
camcorder as your video and audio source - iChat should recognize
it automatically. If your camcorder keeps shutting itself off
after a few minutes (due to built-in power conservation features),
simply remove the tape.
<http://www.apple.com/isight/>
**Find Transferred Files on Your Mac** -- I mentioned last time
how you can use iChat AV to send files between people, but I
didn't point out that after a file arrives, the program helpfully
displays the file in the Finder. However, iChat offers a similar
courtesy for files that you sent off. After you've sent a file to
someone, if you need to locate it again (perhaps you closed the
Finder window it was in), click the link in iChat that was created
when you sent the file. A new Finder window appears with the file
highlighted.
**iChatStatus** -- You can choose a status message that appears
beneath your name in other people's Buddy Lists, such as
"Available" or "Away". You can also create your own messages
("Here, but busy" or "Caffeinated!"). But iChatStatus takes the
concept one musical step further. With the iChatStatus preference
pane installed, the status message displays whichever song and
artist is currently playing in iTunes. You can share your musical
tastes with everyone who includes you in their Buddy List. (Not
two minutes after I installed iChatStatus on my Mac, an editor
friend of mine sent an instant message saying, "Crowded House is
my favorite band!")
<http://ittpoi.com/>
The iTunes connection is the default action, but it's not the only
possibility. Using AppleScript scripts that come with the utility,
you can choose to display a range of information such as the local
temperature, your current front-most application, your Mac's free
memory, the current Web page in your favorite browser, the number
of unread email messages in Apple's Mail application, and more.
There are even controls for what data appears before or after the
automatic message text (such as a musical note, or anything you
choose; to display the local temperature, I created a Prefix of
"Seattle:" so that my message reads, "Seattle: 47 deg F").
iChatStatus is free (though donations are accepted by the author),
requires iChat and Mac OS X 10.2 or later, and is a 228K download.
**iChatter** -- Looking to relive the scenes in the movie Wargames
when the computer program spoke to Matthew Broderick? Install
iChatter to have your outgoing and incoming text read aloud using
Mac OS X's text-to-speech voices. If your buddy also has iChatter
installed, it honors the voices you've both chosen. The developers
have also cleverly substituted phrases for smileys, such as "hee
hee" for the basic smile, and "winkie winkie" for the winking
smile. Sending a URL to someone isn't as clean, because iChatter
spells out the entire thing ("h-t-t-p-colon-slash-slash...").
If you want to put a voice to your text, this is the way to go.
iChatter requires the freeware Application Enhancer to run, costs
$8 shareware, and is a 1.1 MB download.
<http://www.imdb.com/title/tt0086567/>
<http://www.ecamm.com/mac/ichatter/>
<http://www.unsanity.com/haxies/ape/>
**Logorrhea** -- iChat can automatically save transcripts of your
text chats - choose this option in the Messages pane of iChat's
preferences to enable the feature. However, what you get is a
folder full of .chat files, one for every chat and named according
to the participant, date, and time ("Adam C. Engst on 2004-02-16
at 13.56.chat" for example). Double-clicking a file opens it in
iChat with iChat's balloons, icons, and formatting, but what if
you're looking for something specific?
Download and install Logorrhea (a term that means "pathologically
excessive talking"), a fantastic stand-alone application for
viewing and, more important, searching within those .chat files.
I've used Logorrhea numerous times when I needed to find a phone
number or other information that someone gave me via iChat instead
of email. It's freeware (but donations are accepted), and a 130K
download.
<http://www.spiny.com/logorrhea/>
How FileVault Should Work
-------------------------
by Adam C. Engst <[EMAIL PROTECTED]>
We've been uniformly negative about FileVault, the new security
feature that Apple added to Mac OS X 10.3 Panther, but that
doesn't mean we dislike the idea of protecting sensitive data.
The problem is that Apple chose an overly simplistic approach
that may be easy to use and understand but ends up making users
more vulnerable to other problems.
<http://www.apple.com/macosx/features/filevault/>
**FileVault Basics** -- Conceptually, FileVault is easy to
understand, since it makes use of a variety of existing Mac OS X
technologies. When you turn on FileVault, Mac OS X creates a
special type of disk image and stores your entire Home folder
inside. The disk image is unusual in two ways: it's encrypted with
AES 128-bit encryption and it's a "sparse image," which means that
it takes up only as much as space on disk as the data it contains.
During setup, copying all your data to the encrypted disk image
can take some time: with the 6.6 GB Home folder on my 12-inch
PowerBook G4, it took 73 minutes to set up.
By the way, pay attention to FileVault's dire warnings about
remembering your password. Apart from the master password you
can set up when turning on FileVault, there are no back doors
into FileVault, so you're out of luck if you don't have a backup.
(This is of course a good thing: a security feature with a back
door is worthless.)
Once FileVault is set up and working, you should notice it in only
two ways. First, if you like to login automatically, FileVault
turns that setting off (which makes sense from a security point
of view), although you can turn automatic login back on. Second,
for some applications, particularly on slower Macs, disk-related
activities may be slower.
Should your Mac be stolen, the miscreant won't be able to access
anything in your FileVault-protected Home folder, assuming, of
course, that your account wasn't logged in when the computer
is stolen and that your password was sufficiently secret and
difficult to guess. It's worth noting that when you're logged in
and can access your data, it's also accessible to anyone who could
learn your username and password and break into your computer
remotely, or to hypothetical malicious or just poorly written
programs.
There is one caveat to FileVault's security: it doesn't securely
erase the original files that it adds to its encrypted disk image,
so take this into account if you're worried about a thief using
a disk editor to recover deleted data from a stolen Mac.
<http://www.securemac.com/macosx-filevault-advisory.php>
**FileVault Problems** -- Although FileVault sounds good in
theory, it suffers from some serious design flaws. The most
serious is that it's an all-or-nothing protection of your Home
folder, and only your Home folder. Of course, your Home folder
is where all your data is (at least for most people), but just
because data is in your Home folder doesn't mean you need to
protect it from prying eyes. And more to the point, there's
usually no need to waste disk space, CPU power, and time (entering
passwords) protecting the very largest pieces of data: movies,
music, and photos.
For instance, my Home folder is nearly 40 GB in size. Of that, my
Movies folder contains about 2.4 GB, my Pictures folder holds 13.4
GB, and another folder stores 7.7 GB of Web logs. My Music folder
has only 1.3 GB of files in it, but if I stored my iTunes Music
folder on my Mac rather than on a server, that would be another
17.7 GB of data. So right off the bat, 24.8 GB of the 40 GB of
data in my Home folder needs no protection at all. But there's
no way to tell FileVault to ignore all those folders.
Putting unnecessary data into FileVault has three negative
implications. First, there's added overhead in dealing with files
that don't need to be encrypted. Maybe the performance hit is
noticeable in a given situation, maybe not, but there's no reason
to waste CPU cycles encrypting and decrypting files that aren't
sensitive. Second, and this is the real reason I don't use
FileVault, a disk image is a single file, and if your hard drive
suffers physical or logical damage to the sectors that contain
the FileVault disk image, you could lose the entire thing. No one
should be surprised by that fact - it's no different than losing
any other file when a disk becomes corrupt. But there is a huge
difference between losing a single file and losing every piece of
your user data. Third, let's say that you try FileVault and decide
you don't want to continue using it, so you turn it off. FileVault
must then copy all your data out of the disk image and back to
your Home folder, deleting the disk image file when it's done.
If your Home folder is too large, you must delete some files to
free up enough disk space for both copies.
Put bluntly, you know those warnings about putting all your eggs
in one basket? FileVault is that basket.
Along with the flaw of being too broad in the scope of what it
protects, FileVault also increases your risk of data loss from
unrelated events. Because FileVault stores your data in a disk
image, it needs to write data to the image gracefully on logout.
In the event that you should experience a kernel panic, system
freeze, filesystem-corrupting bug, or even a power outage, the
chance of losing data increases with FileVault. That's because
the encryption layer adds complexity to recovering from improperly
closed files, as does the fact that the FileVault disk image is
itself a file that could be corrupted. Although Mac OS X is
usually quite stable, in the real world, it can still crash
in ugly ways at times.
In fact, while I was testing FileVault on my PowerBook for this
article, I installed some updates via Software Update and when
prompted, rebooted. FileVault told me my Home folder was using
more space than necessary and said it could recover the extra
space. But before I could click a button, the Mac kernel panicked.
I restarted, and it came back up fine, but it continued to kernel
panic on every reboot. Needless to say, I turned off FileVault,
which took another 28 minutes.
Even when Mac OS X remains stable, power outages can cause data
loss. Not everyone has a laptop (which would switch to battery
instantly in the event of a power failure) or an uninterruptible
power supply (UPS), though I personally consider a UPS essential
equipment. Over the years I've amassed a UPS collection that lets
me protect every desktop Mac we own, along with our TiVo.
Lastly, as much as I hope it's clear that using FileVault
increases the need for a solid backup strategy, FileVault itself
makes backing up a little more difficult. Backup applications must
have access to the encrypted files, which means you must be logged
in during the backup. For personal backup applications, that's
probably a good assumption, but it's less true when backing up
networked Macs via Retrospect Client, which can happen when no
user is logged in. In situations like that, Retrospect can't
access the files and won't back them up; at least Retrospect 6.0
knows to ignore the FileVault sparse image files by default, since
backing them up would be a huge waste of backup media. Having
multiple users with FileVault turned on also complicates matters,
since only logged-in users can have their files backed up.
**For Serious Security** -- Although I don't doubt the security of
the encrypted disk image that FileVault uses, I don't think that
people with truly sensitive data should rely on FileVault, for the
simple reason that it lacks the paranoid mindset that's necessary
for the highest levels of security. That's why the PGPdisk feature
in PGP 8.0, which also offers encrypted disk images for storing
sensitive data, is a better solution in such cases. Some of the
added security features in PGPdisk include:
* The option to re-encrypt all the data on a PGP disk, enabling
you to change your underlying encryption key (if you believe it
has been compromised) or to switch to a different encryption
algorithm.
* An inactivity timer that can automatically dismount PGPdisks
after your Mac has been idle for some amount of time. The
inactivity timer lessens the likelihood that someone could steal
a computer and be able to access a mounted PGPdisk.
* Support for multiple users, such that multiple people can have
their own passphrases for the same PGPdisk. Although using
additional passphrases conceivably increases the vulnerability of
the PGPdisk, it's probably better than having a single passphrase
traded around.
* The capability to change the passphrases easily.
* Protection of the passphrase in RAM by erasing it immediately
after use (the passphrase is actually turned into a key),
preventing passphrases from being written to disk due to virtual
memory swapping, and protection against the derived key staying
in RAM long enough to build up a static charge that can apparently
be read by equipment owned by major governments.
In short, if you need the utmost in security, you should use PGP
over FileVault.
<http://www.pgp.com/>
**Rethinking FileVault** -- Despite this condemnation of how Apple
chose to implement FileVault and the concern that it's not spook-
level security, I think the idea of FileVault is an excellent one,
so I offer this simple suggestion of how it could be improved.
Instead of making FileVault an all-or-nothing deal that takes over
the user's Home folder, let it apply to any given folder. You
could Control- or right-click the folder to choose Protect with
FileVault for a selected folder. Not knowing exactly what happens
behind the scenes, I don't know if it would make more sense to
have a single FileVault sparse image file to which each protected
folder would be added or if creating a new sparse image file for
each protected folder would be easier. The latter approach might
allow different passwords, which could be useful in certain
situations where you protect some folders with a simple password
that you don't mind if your colleagues or family members know (but
which a thief wouldn't) and other folders with a totally private
password that only you know and could enter when you accessed the
associated folder.
Allowing users to specify exactly which folders should be
protected by FileVault not only eliminates or reduces the severity
of most the problems outlined previously, it gives users necessary
flexibility. For instance, as much as the Pictures and Movies
folders probably don't contain anything particularly sensitive
for most people, I'm sure there are plenty of people with photo
or movie collections that they'd prefer stayed private. Others
may wish to protect only a Quicken data folder, or data related
to sensitive work projects.
The real question I have is just how hard making this change
actually is. Could a savvy independent developer use FileVault's
underlying technologies and provide the top-level interface via
a simple contextual menu plug-in? After all, you can use Disk
Utility to create encrypted sparse image files, and it's trivial
to add disk images to the Startup Items list so they are mounted
automatically at login, after which an alias or symbolic link to
the encrypted version could replace the original folder. It sounds
good in theory, and since you can perform all the necessary
actions manually today, it would seem a relatively easy task to
wrap into a contextual menu command. If anyone implements my idea,
be sure to let me know, and in the meantime, I'd encourage anyone
who has been frustrated by FileVault to create and use encrypted
sparse images for your sensitive data.
Hot Topics in TidBITS Talk/01-Mar-04
------------------------------------
by TidBITS Staff <[EMAIL PROTECTED]>
**FTP in the Finder** -- Apple's built-in FTP client still doesn't
seem to be fully implemented, leading to a discussion of other
FTP software. (27 messages)
<http://db.tidbits.com/getbits.acgi?tlkthrd=2175>
**Synchronization Software?** What's the best way to synchronize
your data among multiple Macs? (9 messages)
<http://db.tidbits.com/getbits.acgi?tlkthrd=2181>
**Thoth Software Closes Down** -- The maker of a popular Usenet
newsreader is shuttered, but the act sparks a discussion of other
newsreader software. (17 messages)
<http://db.tidbits.com/getbits.acgi?tlkthrd=2182>
**System level databases** -- Many Apple programs, such as Address
Book, hint at the value of working with system-level databases
that are shared by many applications. Readers debate how a more
comprehensive relational database, versus the existing filesystem,
would work. (6 messages)
<http://db.tidbits.com/getbits.acgi?tlkthrd=2184>
$$
Non-profit, non-commercial publications may reprint articles if
full credit is given. Others please contact us. We don't guarantee
accuracy of articles. Caveat lector. Publication, product, and
company names may be registered trademarks of their companies.
This file is formatted as setext. For more information send email
to <[EMAIL PROTECTED]>. A file will be returned shortly.
For information: how to subscribe, where to find back issues,
and more, email <[EMAIL PROTECTED]>. TidBITS ISSN 1090-7017.
Send comments and editorial submissions to: <[EMAIL PROTECTED]>
Back issues available at: <http://www.tidbits.com/tb-issues/>
And: <ftp://ftp.tidbits.com/issues/>
Full text searching available at: <http://www.tidbits.com/search/>
-------------------------------------------------------------------
