TidBITS#727/26-Apr-04
=====================
We're back with news from NAB and the troubles of TCP. Jeff
Carlson looks at Apple's new Motion application for creating
motion graphics - is it an After Effects killer? - and covers
Apple's other video announcements. In other news, Glenn Fleishman
explores the discovery of a critical fault in TCP networking.
And we note releases of new PowerBooks, iBooks, and eMacs,
Apple's profitable quarter, and updates to AirPort. Also, TidBITS
turned 14 last week! Celebrate with us by saving 50 percent on
any Take Control ebook order this week!
Topics:
MailBITS/26-Apr-04
New AirPort Base Station and Wireless Software Updates
Apple NABs Pro Video Attention
Serious TCP Weakness Identified
Hot Topics in TidBITS Talk/26-Apr-04
<http://www.tidbits.com/tb-issues/TidBITS-727.html>
<ftp://ftp.tidbits.com/issues/2004/TidBITS#727_26-Apr-04.etx>
Copyright 2004 TidBITS: Reuse governed by Creative Commons license
<http://www.tidbits.com/terms/> Contact: <[EMAIL PROTECTED]>
---------------------------------------------------------------
This issue of TidBITS sponsored in part by:
* Make friends and influence people by sponsoring TidBITS!
Put your company and products in front of tens of thousands of
savvy, committed Macintosh users who actually buy stuff.
For more information and rates, email <[EMAIL PROTECTED]>.
* READERS LIKE YOU! Help keep TidBITS great via our voluntary <------ NEW!
contribution program. Special thanks this week to Charles Bush,
Leonard Schloff, and Paul Schinder for their generous support!
<http://www.tidbits.com/about/support/contributors.html>
* SMALL DOG ELECTRONICS: PowerBooks On Sale!
PB 15" G4/1 GHz 512 MB RAM, SuperDrive Only $1839! 15" G4/1 GHz
with Combo drive $1669! PowerBook 12" G4/867 SuperDrive $1329!
Visit: <http://www.smalldog.com/tb/> 802-496-7171
* FETCH SOFTWORKS: The original FTP client for the Macintosh <------- NEW!
is better than ever before. Use it to upload, download, mirror,
and manage your web site, eBay images, and data sets.
Download your free trial version! <http://fetchsoftworks.com/>
* Dr. Bott, LLC: We got into this business because we love
computer stuff. We now have the chance - the DUTY - to sit and
geek out with technology every day under the guise of "work."
And if it's cool enough, we sell it. <http://www.drbott.com/>
* Web Crossing: Free _Web Crossing Express_ now adds discussions &
plug-ins (low-volume) to the unlimited Web/FTP/email server.
Plug-ins add blogs, wikis, RSS, & more. Perfect for small biz,
families or clubs. Try it! <http://www.webcrossing.com/tb-304>
* iPod Armor takes the abuse, so your iPod doesn't have to! <-------- NEW!
Rugged aluminum construction keeps your iPod safe from
scratches and other random daily hazards.
Your iPod is always safe in iPod Armor. <http://ipodarmor.com/>
* Bare Bones Software TextWrangler 1.5 -- General-purpose tool for <- NEW!
composing, modifying, and transforming text. Now with full
AppleScript support! US$49. For more info, to download a demo,
or to purchase a copy, visit <http://www.barebones.com/>.
---------------------------------------------------------------
MailBITS/26-Apr-04
------------------
**Take Control 50% Off Sale for TidBITS 14th Anniversary** --
While we were in Hawaii last week for my sister's wedding, TidBITS
celebrated 14 years of continuous publication. Who knew a teenage
electronic publication could throw such a big party while its
parents were away? Anyway, we're marking the occasion officially
this week with a half-off sale on our Take Control ebooks about
Mac OS X 10.3 Panther. If you've been hesitant to upgrade from
Jaguar, if you'd like to customize Panther to make it work exactly
the way you want, if users and accounts in Mac OS X befuddle
you, or if you want to make sure you're using the best and most
secure methods of sharing files, our ebooks not only contain the
information you need now, but also include free minor updates.
Through Friday, 30-Apr-04, use coupon code CPN40426TB14 to take
50 percent off your entire order, whether you order a single ebook
or all four. [ACE]
<http://www.tidbits.com/takecontrol/>
**Apple Releases Faster iBooks and PowerBooks** -- Apple refreshed
its entire laptop line last week with the release of improved
iBooks and PowerBooks. The entry-level 12-inch iBook, at $1,100,
contains a 1 GHz PowerPC G4 processor, 512K of L2 cache running at
1 GHz, 256 MB of RAM, and a 30 GB hard drive. A 14-inch model, at
$1,300, shares the same specs as the 12-inch, with the exception
of a 40 GB hard drive (and the larger screen, of course!). The
high-end 14-inch iBook, at $1,500, features a 1.2 GHz PowerPC
G4 processor, a 60 GB hard drive, and AirPort Extreme built in
(AirPort Extreme is available as an option on the other two
iBooks). All iBooks include an ATI Mobility Radeon 9200 graphics
processor with 32 MB of video memory, along with a Combo drive
(DVD-ROM/CD-RW); the two 14-inch models offer a build-to-order
option for a SuperDrive (DVD-R/CD-RW), which runs at 4x speed
(compared to previous 2x SuperDrives for laptops). The iBooks
can now also support up to 1.2 GB of RAM, versus the 768 MB
limit of the previous generation.
<http://www.apple.com/ibook/>
The PowerBook line leapfrogs the previous generation's speeds
with 1.33 GHz PowerPC G4 processors on the two 12-inch models
and one 15-inch model, and 1.5 GHz processors for a second 15-inch
configuration and the still-enormous 17-inch model. Starting at
$1,600, the 12-inch PowerBook includes 256 MB of RAM, a 60 GB
hard drive, and a Combo drive; for $200 more, the other 12-inch
configuration adds the 4x SuperDrive. They also include Nvidia
GeForce FX Go5200 graphics processors with 64 MB of video memory,
and a FireWire 400 port. The 15-inch Combo drive model, at $2,000,
adds a FireWire 800 port, the ATI Mobility Radeon 9700 graphics
processor with 64 MB of video memory, and a 4x SuperDrive. Moving
up to the top of the 15-inch pile, the $2,500 configuration
features 512 MB of RAM, an 80 GB hard drive, and the now-famous
backlit keyboard. For $300 more, the 17-inch model offers
the same specifications as the top 15-inch model, but with
a who-cares-about-plasma-displays beautiful 17-inch screen.
All PowerBooks feature built-in AirPort Extreme and Bluetooth,
512K of L2 cache, and now use 333 MHz PC2700 memory across the
board. [JLC]
<http://www.apple.com/powerbook/index12.html>
<http://www.apple.com/powerbook/index15.html>
<http://www.apple.com/powerbook/index17.html>
**eMacs Get Speed Bump, Price Drop** -- Last week, Apple Computer
also revised the eMac, its most affordable Macintosh computer.
The eMac still sports a white, all-in-one design with a 17-inch
CRT-based display capable of resolutions up to 1280 by 960 pixels
(leaving it the only picture tube in Apple's otherwise all flat-
screen lineup). But Apple's revved up the internals: the eMac now
sports a 1.25 GHz G4 processor, 333 MHz PC2700 RAM, an ATI Radeon
9200 graphics controller with 32 MB of video memory, three USB 2.0
ports, and either a 40 GB hard drive and a 32x Combo drive (DVD-
ROM/CD-RW) or an 80 GB hard drive and an 8x SuperDrive (DVD-R/
CD-RW). The revised eMacs are available immediately starting
at $800 for the Combo drive model, and $999 for the SuperDrive-
equipped model; eMacs are also available at reduced prices to
education customers in the U.S. and Canada through Apple's Store
for Education, along with a bare-bones model with no optical
drive. Build-to-order options include AirPort Extreme wireless
networking, an internal Bluetooth module, up to 1 GB of RAM, and
larger hard drive capacities; eMacs ship with Apple's iLife '04
collection of digital media applications, AppleWorks, Quicken
2004, WorldBook Encyclopedia, and Tony Hawk's Pro Skater 4. [GD]
<http://www.apple.com/emac/>
<http://www.apple.com/education/store>
<http://www.apple.com/ilife/>
**Apple Posts $46 million Q2 Profit** -- Apple Computer announced
a $46 million profit for its second operating quarter of 2004,
based on revenue of $1.9 billion and sales of nearly 750,000
Macs and over 800,000 iPods. International sales accounted for
43 percent of the quarter's revenue, and gross margins were a
still-substantial 27.8 percent. The quarterly profit takes into
account a $7 million restructuring charge; Apple will likely
incur restructuring charges next quarter as well, as the company
announced plans to further streamline processes by shutting down
its Sacramento, California, manufacturing facility and moving
those operations to a supplier in southern California.
Nonetheless, Apple remains in good financial shape, having
completed its third quarter of double-digit revenue expansion,
keeping $4.6 billion in cash on hand, and having no corporate
debt. [GD]
<http://www.apple.com/pr/library/2004/apr/14results.html>
<http://db.tidbits.com/getbits.acgi?tbart=07553>
New AirPort Base Station and Wireless Software Updates
------------------------------------------------------
by Glenn Fleishman <[EMAIL PROTECTED]>
Last week's release of new iBook, PowerBook, and eMac models
(see the coverage earlier in this issue) garnered most of the
Apple-related attention, but a few significant updates to the
company's wireless networking efforts - both software and
hardware - are worth mentioning.
**Power over Ethernet Base Station** -- Apple has quietly released
a third model of its AirPort Extreme Base Station designed for the
education and corporate markets (model M9397LL/A). The new model
supports Power over Ethernet (PoE), a way of providing electrical
power to the base station without a separate AC power cable.
PoE was "exactly what our education customers were asking us for,"
said an Apple spokesperson. "They unwire the campuses and they
want to put the base stations up in the ceiling area." The unit
also has a Plenum rating, which conforms to a building code
standard that reduces dangerous offgassing during fires.
<http://www.apple.com/airport/specs.html>
With Power over Ethernet, also known as IEEE 802.3af, you can
power a base station entirely through an Ethernet cable. The DC
power is fed over wires in the cable that aren't used for data.
Increasingly, Ethernet switches come equipped with Power over
Ethernet as an option: you plug in the Ethernet cable, and it
automatically powers the unit. With more sophisticated switches,
you can power-cycle a device through the switch's interface
instead of having to find it and manually unplug its power
adapter.
The new model costs $250, and includes an external antenna jack
but no modem. The other $250 model lacks the Plenum rating and PoE
support, but includes both modem and external jack. The cheapest
model, at $200, lacks modem, PoE, Plenum, and jack. (Once again,
I long for coherent model numbers.) The AirPort Extreme Base
Station with PoE is also available in packages of five for $1,000
to the education market only, a savings of $51 per gateway, or
substantially more than the existing educational discount for
single-unit purchases. Currently, however, the new base station
is not available for sale at Apple's online store.
**AirPort 3.4 and AirPort Management Tools 1.0** -- Apple also
released AirPort Software 3.4 for Mac OS X 10.3, which includes
new AirPort Extreme Firmware 5.4 for the base station. This
release adds some monitoring and logging options to the base
station and apparently improves some Wi-Fi Protected Access (WPA)
issues, as well as offering options to control the signal gain
of external antennas. Unfortunately, we can't recommend AirPort
3.4, as we've seen reduced performance and reception (even with
a PowerBook located six feet from an upgraded base station).
As we were putting this issue to bed, Apple released AirPort
3.4.1, which - on a very quick look - seems to resolve the
performance and reception problems introduced by 3.4.
<http://www.apple.com/support/downloads/airportupdate.html>
<http://www.apple.com/support/downloads/airportextremefwupdate.html>
Apple also briefly released AirPort Management Tools 1.0, a pair
of utilities that let you monitor and configure the settings of
many base stations simultaneously and monitor live performance
feedback. However, the tools were removed from Apple's site later
the same day.
**Bluetooth Firmware Updater 1.1** -- Lastly, Apple updated its
implementation of the other prominent wireless networking
technology by releasing Bluetooth Firmware Updater 1.1. The update
improves Bluetooth keyboard and mouse support by initializing the
Bluetooth driver earlier in the startup process so that you can
press keys that control how startup completes from the Apple
wireless keyboard. It's also supposed to improve Bluetooth
connectivity; although the release notes aren't specific,
I'm guessing that could mean improvements in how the adapter
supports Bluetooth 1.2, which mitigates interference between
AirPort Extreme and Bluetooth which work over the same frequency
range. Apple says that applying the update to a D-Link USB adapter
will "make it incompatible with non-Macintosh systems."
<http://www.apple.com/support/downloads/bluetoothfirmwareupdater.html>
Apple NABs Pro Video Attention
------------------------------
by Jeff Carlson <[EMAIL PROTECTED]>
At this year's NAB (National Association of Broadcasters) show
in Las Vegas, Apple expanded its professional line of video
applications to embrace the next significant evolution in desktop
video editing: HD, or high-definition video. Final Cut Pro,
DVD Studio Pro, and Shake all received upgrades, but a new
application, Motion, gained the most attention from showgoers
and digital video professionals.
<http://www.nab.org/>
<http://www.nabshow.com/>
**Motion** -- Motion is Apple's new motion graphics application.
Think of it as Adobe Photoshop for moving images, a tool that
creates special effects and snazzy titles on top of video. Motion
can animate objects on the screen, apply effects, generate
particles (such as fire, smoke, or even just types of lights),
and composite layers so they appear to be in the same scene.
Basically, if you need some sort of visual effect that isn't
present in your original footage or offered by Final Cut Pro,
Motion is your solution.
<http://www.apple.com/motion/>
Or, rather, Motion is your _Apple-branded_ solution. Adobe
After Effects all but pioneered these capabilities and remains
the dominant motion graphics application on the Mac or Windows.
Shortly after premiering Motion at NAB, attendees began voicing
the obvious question: is this Apple's After Effects killer? Final
Cut Pro ran Adobe Premiere off the Mac platform altogether - is
Motion a new prong in the same offensive? For now, Apple is
playing nice. Apple representatives are positioning Motion as
just another tool in the motion graphics toolbox, since video
artists tend to use several programs in conjunction with
After Effects.
<http://www.adobe.com/products/aftereffects/>
<http://www.digitalpostproduction.com/articles/viewarticle.jsp?id=25159-0>
Motion's signature difference from After Effects is its real-time
design engine, which plays back in real time without the need to
render the footage first. In many cases, Motion is capable of
incorporating changes and added elements during playback, much the
way you can add loops to a GarageBand song without stopping the
music that's already playing.
Motion also introduces behaviors, preconfigured types of motion
that let you animate objects or text by dragging & dropping them,
without keyframing each individual movement. You can then go in
and modify the behavior settings to customize the motion (again,
seeing the alterations in real time). Motion includes over 40
behaviors, including simulations that react with surrounding
objects such as gravity, vortex, attract, and repel.
In the spirit of speeding things up, Apple also incorporated 40
gestures to be used with a digital tablet and stylus that act as
shortcut keys. For example, draw a circle and bisect it from top
to bottom to choose the Zoom tool.
As you might expect, all of this real-time functionality requires
a lot of computational power. Apple's system requirements call for
at least an 867 MHz PowerPC G4 or G5 processor and 512 MB of RAM.
However, the recommended system is a dual 2 GHz Power Mac G5 with
4 GB of RAM or more. Your Mac's video card is also extremely
important, with Motion calling for an Nvidia GeForce FX 5200
Ultra, ATI Mobility Radeon 9600, or ATI Radeon 9600, 9700, or 9800
Pro - the latter being the recommended configuration. No doubt
some designers looking to get in Motion will also need to factor
the costs of upgrading their hardware, too.
<http://www.apple.com/motion/specs.html>
However, Apple is making the program compelling by pricing it at
$300, which is $400 cheaper than After Effects 6.5 Standard and
$700 cheaper than After Effects Professional 6.5. Apple says
Motion will be available this summer, which we take to mean
sometime before September.
**Final Cut Pro HD** -- Also announced, and now shipping, was
Final Cut Pro HD, a free update for current Final Cut Pro 4 owners
that brings improved HD support to the nonlinear video editor.
Although Final Cut Pro has previously supported HD editing, the
new version offers real-time editing of up to four streams of HD
video, and RT Extreme for HD for real-time playback of effects,
transitions, and composited video. Using the DVCPRO HD codec,
the footage captured from the camera isn't recompressed when
it is imported into Final Cut, edited, and exported back out
via FireWire. Final Cut Pro HD also supports the use of an Apple
Cinema Display for previewing in HD format, saving editors the
need to buy a more expensive high-definition television or monitor
for viewing the playback.
<http://www.apple.com/finalcutpro/>
Final Cut Pro HD costs $1,000 for the full version, or $400 for an
upgrade from Final Cut Pro versions 1 through 3. Final Cut Pro 4
owners can download a free updater by providing their name, email
address, and serial number.
<http://www.apple.com/finalcutpro/download/>
**Shake 3.5** -- If your big-budget Hollywood film is entering
post-production, you may be happy to learn that Shake 3.5 is also
now available. The improvements to Apple's compositing software
(which, as Apple is quick to point out, has been used on the last
seven movies to win the Oscar for best visual effects, including
Lord of the Rings) include shape-based morphing and warping
features. The full version of Shake 3.5 costs $3,000, but owners
of version 3 can upgrade for only $800. Linux and IRIX users can
also purchase a compatible version of Shake 3.5 for $5,000, with
an annual maintenance fee of $1,500.
<http://www.apple.com/shake/>
**DVD Studio Pro 3** -- When DVD Studio Pro 2 was announced at NAB
last year, it marked a dramatic departure for the DVD creation
application, as version 2 was almost a complete rewrite from
version 1.5. This year's update isn't quite as dramatic, but
certainly welcome for DVD professionals. DVD Studio Pro 3 adds
a new graphical view for seeing a project's structure; and alpha
transitions, an improved method of moving between menu screens,
which can be custom-built in Motion or After Effects. Support for
DTS 5.1 audio is also included. The full version of the program
costs $500; upgrades from version 1.x or 2.0 cost $200. DVD Studio
Pro 3 is expected to begin shipping in mid-May.
<http://db.tidbits.com/getbits.acgi?tbart=07142>
<http://www.apple.com/dvdstudiopro/>
**Xsan** -- The last big NAB announcement from Apple was Xsan, a
storage area network (SAN) that lets multiple computers access
massive amounts of data. If you thought a single Xserve RAID was
impressive - with its puny 3.5 terabytes of storage - consider
multiple Xserve RAIDs linked together via Fibre Channel to store
huge quantities of video data (for example) and to transfer
that data fast enough so that multiple people can access it
simultaneously. Xsan will ship sometime in the next six months
("later this fall," according to Apple) for $1,000.
<http://www.apple.com/xsan/>
<http://www.apple.com/xserve/raid/>
**Integration and Expectation** -- Motion isn't an After Effects
killer, at least not in its current incarnation, but Motion
is certainly aimed at catching up to the competition. In fact,
Apple is following in Adobe's footsteps somewhat. Adobe realized
a few years ago that one of its key strengths was the way its
applications worked together: someone who uses Photoshop is more
likely to use GoLive or Illustrator if they can make a change
in one program and see it reflected in the others.
With Final Cut Pro HD, Motion, and DVD Studio Pro 3, Apple is
implementing the same type of round-trip integration between
its professional video applications that Adobe has (and which
Apple has taken advantage of to a certain degree in its iLife
suite). Motion may end up not needing to compete directly with
After Effects on a feature-by-feature basis as long as it competes
well enough for the editors and designers who only need most of
After Effects's capabilities.
What remains clear in the thick of these releases is that Apple
is continuing its aggressive push into the professional video
market. Motion earned a Best of Show award at NAB, a conference
where Apple traditionally hasn't been the dominant vendor in
the room. From here on out, obviously, Apple aims to be in
that position.
Serious TCP Weakness Identified
-------------------------------
by Glenn Fleishman <[EMAIL PROTECTED]>
We've become accustomed to being in a constant state of emergency
on the Internet. Stories appear about the potential for massive
disruption of the Internet and we file them away as more hype that
never materializes, like the Y2K threat. Unfortunately, the latest
very technical - but very real - short-term threat to the Internet
shouldn't be dismissed so easily.
Paul Watson, an information security specialist in Milwaukee,
Wisconsin, has discovered and demonstrated that a previously known
weakness in the integrity of how data flows between two connected
systems over TCP, the lingua franca of the Internet, can be
exploited up to a billion times more easily than suspected as
recently as three years ago.
<http://www.uniras.gov.uk/vuls/2004/236929/>
<http://www.us-cert.gov/cas/techalerts/TA04-111A.html>
While this flaw might not ever touch your personal computer -
and Microsoft has already said they don't plan to patch Windows
XP - it has a small potential to hurt less-sophisticated segments
of the Internet, and a medium-to-high potential of disrupting
corporate and academic networks and internal ISP networks.
**A Lurking Weakness** -- TCP and its cousin UDP are
specifications for bundling data (protocols) that sit in the
transport layer of the abstract model of networking: they deal
with delivering data of varying kinds. When you transmit a length
of data, like a file, it has to be broken into smaller pieces or
packets, labeled with a destination address, and then handed off
over a physical medium like Ethernet, Wi-Fi, or a DSL line for
transportation.
Application protocols, such as HTTP (for Web pages) and FTP
(for file transfer), work above TCP and UDP. HTTP requests, for
instance, are broken down into TCP packets. IP (Internet Protocol)
sits below TCP and allows TCP packets to be addressed to
particular recipients.
To create a connection between two points on the Internet to carry
out any task, the sender initiates a TCP connection over IP to the
other point. If the receiver is listening at a particular
location, a numbered local address known as a TCP port (kind of
like an apartment in an apartment building), and it likes what
it hears from the sending point, a connection is opened in both
directions.
Because the Internet always has many paths by which packets may be
sent from one point to another, TCP packets can be received and
reassembled in any order with some constraints. A sending and a
receiving machine negotiate how many packets they send in a given
chunk or window. When two machines agree that four packets will be
sent, packets 1 through 4 could arrive as 3, 1, 2, 4 or 4, 3, 2,
1, or even 1, 2, 3, 4 and be reassembled into the original order.
If the receiver misses a packet, it can ask for a retransmission
depending on the packet's particular data type and protocol.
(Some data types, like streaming media, tolerate omissions;
others handle retransmission at a layer above TCP.)
The initial number in a sequence isn't 1, however; instead, it
is derived from an extremely large potential set (2 raised to the
32nd power) and created in a more or less random fashion. Any
attempt to tamper with a given stream of data from one point to
another must be able to generate an appropriate sequence number
that's not a duplicate, as duplicates are typically ignored, and
that falls within the range of the chunk size or "window" that
the sender and receiver negotiated.
Here's the weakness: the faster the connection between the two
machines, the bigger the window, the longer the sequence, and the
fewer tries it can take to generate a packet that has a sequence
number that's unique and that the receiving device will accept.
The trick is that any sequence number that's legitimate for the
entire length of the window can be generated and accepted.
Before 2001, researchers thought this didn't pose a problem. They
viewed it as a guess-what-number-I'm-thinking game, where the
number guessed turned out to always be wrong.
In 2001, researchers discovered new information about the problem
that made them change the game. It became, "I'm thinking of a
number between one and four billion." It would take four days
to four years to win that game randomly, they said.
Now, however, the latest weakness could be stated as, "I'm
thinking of a billion numbers between one and four billion.
Guess any one of those." Computationally, it's a much easier
problem to solve, with probabilities as high as 1 in 4.
If an attacker gains the ability to insert arbitrary packets in
the data stream, he can send a packet set with a connection reset
or synchronize flag. In the former case, this disrupts the
connection entirely; in the latter, it can cause backing-off
behavior that makes it less and less likely that any packets
would be accepted from the legitimate sender over longer periods
of time, even hours with some routers.
This exploit requires that the source and destination IP addresses
are spoofed, which is a technique that dates back to 23-Jan-95.
Spoofing lets you create packets containing arbitrary addresses.
Smart ISPs and companies and router firms have patched or modified
their configurations long ago (or changed the default out of
the box configuration) to avoid this. But spoofing is still
a widespread problem because of the computational load it adds
to routers.
<http://www.cert.org/advisories/CA-1995-01.html>
<http://www.cert.org/advisories/CA-1996-21.html>
With this capability in hand, crackers could use distributed
denial of service attacks using machines all over the world that
have been hijacked through worms and viruses and turned into
zombies for running these sorts of attacks. The machines would
need to be on networks on which IP spoofing hasn't been protected
against. But given a large enough pool of machines, there are
likely to be millions that meet those characteristics, and a tiny
number is ultimately all that's needed to perform massive top-
level disruption.
Paul Watson, in his research, showed that it could require as
little as 15 seconds to exploit this weakness on a router or
other system connected via a T1 line.
**What Can Be Done about It?** Fortunately, when this latest
exploit was discovered, secret meetings took place among
government and industry officials in several countries to
try to patch the problem before it could be exploited at
the highest levels of the Internet.
While the explanations quickly become ridiculously complicated
for those of us who don't specialize in Internet protocols,
several solutions are available.
* Disable spoofing. There are still routers that allow packets to
arrive from the Internet with addresses that indicate they should
only have arrived from the local network, and to pass packets
from the local network with addresses that can only be located
elsewhere. These routers must be upgraded; if they can't be, they
have to be replaced.
* Obscurity. It's been recommended that information about top-
level routers be made harder to obtain. If you don't know the
appropriate IP number, you can't attack the device. However,
techniques as simple as using the traceroute program (built into
almost all Unix, Linux, and BSD distributions, among other
operating systems) can show the sequence of certain routers
between any two points.
* Reduce the sequence window length. With shorter sequences, you
lose efficiency on very fast connections, but you dramatically
increase the amount of time (from seconds to years) necessary
to inject reset and synchronize packets of the right type.
* Secure connections. The IPSec encryption standard can be used
to secure connections between two devices, whether routers or
computers, and ensure that any packets received are
cryptographically verified before they're acted on.
* Sign packets with a digital signature. It's already possible
to attach a signed checksum to each packet as it leaves a router
on its way to a destination, which can allow the receiving device
to confirm the integrity of that packet.
**So, Will the Internet Collapse?** It's highly likely that
network attackers armed with this information are building
tools right now, and that attacks will be launched. It's also
highly likely that these attacks will be successful on machines
belonging to people who are napping. The most vulnerable parts
of the Internet - unpatched, insecure, spoofable segments - will
drop off until the operators of those segments figure out the
difference between their heads and a packet in the ground.
Individual machines, while they could be affected, are unlikely
targets, but they are likely to be turned into weapons by crackers
from previous virus or worm infections. But the solutions that fix
this problem at higher Internet levels will protect against most
of the methods by which this attack can be carried out.
In university networks, which have lots of trust and many
different kinds of users, there's a high likelihood that without
proper internal controls, malevolent souls will be able to disrupt
operations, even if the university has the right fixes on their
Internet routers.
Likewise, within companies that allow any outside access and on
Internet service provider networks in which local checks might
be less sophisticated or severe than checks outside the local
network, disruption is a possibility and might be hard to track
down.
Long term, as always, the Internet will route around problems.
Areas that can't be reached may go dark, but it's a short-term
problem that requires upgrades and intelligence, not a reworking
of the Internet.
PayBITS: Was Glenn's explanation of the TCP weakness helpful?
Consider thanking him with a few bucks via PayPal!
<https://www.paypal.com/xclick/business=glenn%40glennf.com>
Read more about PayBITS: <http://www.tidbits.com/paybits/>
Hot Topics in TidBITS Talk/26-Apr-04
------------------------------------
by TidBITS Staff <[EMAIL PROTECTED]>
As before, the second URL below each thread description points
to the discussion on our Web Crossing server, which will be much
faster, though it doesn't yet use our preferred design.
<http://emperor.tidbits.com/TidBITS/Talk/>
**Intego Trojan Warning** -- Readers discuss Intego's press
release about the MP3Concept Trojan horse. (26 messages)
<http://db.tidbits.com/getbits.acgi?tlkthrd=2215>
<http://emperor.tidbits.com/TidBITS/Talk/77>
**.Mac: under-used or under-documented features?** What would
.Mac need to do to be more worth its $100 yearly price tag?
(4 messages)
<http://db.tidbits.com/getbits.acgi?tlkthrd=2179>
<http://emperor.tidbits.com/TidBITS/Talk/40>
**Eudora 6.1 comments** -- Eudora 6.1 was released recently,
but how much of an update is it? (4 messages)
<http://db.tidbits.com/getbits.acgi?tlkthrd=2219>
<http://emperor.tidbits.com/TidBITS/Talk/84>
**Mac Anti-Virus Programs** -- With the appearance of a
theoretical Trojan horse appearing on the Macintosh earlier
this month, readers wonder which utilities are up to the task
of defending our Macs from malicious software. (13 messages)
<http://db.tidbits.com/getbits.acgi?tlkthrd=2220>
<http://emperor.tidbits.com/TidBITS/Talk/85>
**Squeezebox** -- Right after our review, Slim Devices dropped the
price to $200 for the wired Squeezebox and $280 for the wireless
unit. Prices in the UK have dropped as well. (2 messages)
<http://db.tidbits.com/getbits.acgi?tlkthrd=2221>
<http://emperor.tidbits.com/TidBITS/Talk/86>
$$
Non-profit, non-commercial publications may reprint articles if
full credit is given. Others please contact us. We don't guarantee
accuracy of articles. Caveat lector. Publication, product, and
company names may be registered trademarks of their companies.
For information: how to subscribe, where to find back issues,
and more, see <http://www.tidbits.com/>. TidBITS ISSN 1090-7017.
Send comments and editorial submissions to: <[EMAIL PROTECTED]>
Back issues available at: <http://www.tidbits.com/tb-issues/>
And: <ftp://ftp.tidbits.com/issues/>
Full text searching available at: <http://www.tidbits.com/search/>
-------------------------------------------------------------------
