How to Know Your iPod Model
If you have an old iPod but aren't sure exactly which model it is, check the info at the Web page linked below. You'll find lots of photos and information that will help you determine exactly which model you have.
Visit Identifying iPod Models
Written by
Tonya Engst
Recent TidBITS Talk Discussions
- Alternatives to MobileMe for syncing calendars between iPad/Mac (1 message)
- Free anti-virus for the Mac (20 messages)
- iTunes 10 syncing iPod Touch 4.1 (2 messages)
- Thoughts about Ping (16 messages)
Related Articles
- Google's Gmail Defaults to Encrypted Sessions (13 Jan 10)
- Google Gmail Adds Secure Session Option (28 Jul 08)
- Sidejack Attack Jimmies Open Gmail, Other Services (27 Aug 07)
Published in TidBITS 983.
Subscribe to our weekly email edition.
- iPhone 3GS and iPhone OS 3.0 Now Available
- AT&T Improves and Clarifies iPhone Upgrade Eligibility
- iPhone 3GS Sells One Million Units in Its First Weekend
- "Take Control of Safari 4" Guides Readers Beyond Basic Browsing
- DealBITS Drawing: Win a Copy of DiscLabel 6
- Ding, Dong, the iPhone 3GS Space Is Dead
- Find Your Lost iPhone or iPod touch with iPhone OS 3.0
- My Three Screens, via ViBook
- TidBITS Watchlist: Notable Software Updates for 22-Jun-09
- ExtraBITS for 22-Jun-09
- Hot Topics in TidBITS Talk for 22-Jun-09
Security Experts Urge Google to Secure All Sessions
Google has been name-checked on security. A letter sent on 16-Jun-09 to Google CEO Eric Schmidt strongly urges the company to make a secure connection the default method for Web applications. Among the 38 signatories to the letter are a host of well-known security experts, researchers, and advocates, including Ronald Rivest (the R of RSA), Bruce Schneier, Jon Callas, Eugene Spafford, Peter G. Neumann, William Cheswick, and Steven Bellovin.
Two years ago, Google's use of unsecured connections came to the fore with the discovery of sidejacking, a technique for grabbing the authentication cookies that Google uses to identify users during an unsecured session and inserting them into a browser under the sidejacker's control. Sidejacking can be performed anywhere there's an open Wi-Fi hotspot or an untrusted Ethernet network in which traffic is mingled and sniffable. (See "Sidejack Attack Jimmies Open Gmail, Other Services," 2007-08-27.)
Google has taken some steps to derail sidejacking, including marking the Gmail authentication cookie with a secure flag that should keep it from being sent without encryption even if https isn't used. Google also added an option to require https (SSL/TLS secured) connections for Gmail. (See "Google Gmail Adds Secure Session Option," 2008-07-28.) The researchers noted that other services, like Google Docs and Google Calendar, support https as well, although there's no way to set that level of security as a default.
The letter sent to Google claims that acquiring a Google authentication cookie from Docs or Calendar would allow access to Gmail, but one of Google's security team members, Alma Whitten, said in a blog entry that it wouldn't be possible for such a cookie to be intercepted.
The security experts urge that https sessions become the default for all Web-based services. The letter acknowledges that this lack is a widespread problem, and is even worse at Microsoft Hotmail, Yahoo Mail, Facebook, and MySpace because those services don't offer a secure option. We expect that the security experts are starting with Google because of Google's existing optional support for secure connections, and if they can convince Google to make the switch, they'll move on to these other companies.
They note that because Google apps are designed to work asynchronously, queuing and performing tasks at the server and then updating the browser without a page reload, any latency introduced by the additional user or server computational load for encryption won't make the experience of using these applications worse.
Google's response, in Whitten's blog entry, is that Google remains concerned that there's not enough known about whether specific computer configurations, networks, or parts of the world would suffer far worse performance in an all-https world. Whitten also said that Google is planning a trial that moves small sets of Gmail customers who haven't explicitly requested https-only sessions to that option.
![](/file/11593/db.tidbits.com.tar/db.tidbits.com/images/badges/data-rescue-center.png)
hard drive recovery, data migration, and photo archiving options,
all at affordable and fair prices for individuals and businesses.
Get a FREE estimate today at <http://www.thedatarescuecenter.com/>