<div id="popup_box_thanks" style="display:none" onClick="close_popup_thanks('popup_box_thanks', 'ts')"><br>Thanks for submitting your tip! All submissions are moderated by an editor before appearing online. We've reset the form so you can enter another tip. Or you can close the tip submission box. <div class="x_close" id="thanks_upper_right"><a href="javascript:void(0)" onmousedown="close_popup_thanks('popup_box_thanks', 'ts'); return true;">Close</a></div></div>
<div class="tbf_row"><div class="tbf_wide_extra_top not_bold">Please submit only technical tips that will help other TidBITS readers better use their Macs, iPhones, and related software and hardware. All product announcements should be sent to <a href="mailto:releases@tidbits.com">releases@tidbits.com</a>.</div></div>
<div class="tbf_left">URL</div><div class="tbf_right"><input type="text" value="" name="tip_link_url" tabindex="3"><span class="tip_description"><br>Enter the URL to a Web page that supports your tip.</span></div>
</div>
<div class="spacer"></div>
<div class="tbf_row">
<div class="tbf_left">Linked text</div><div class="tbf_right"><input type="text" value="" name="tip_link_label" tabindex="4"><span class="tip_description"><br>Enter the name of the page linked above.</span></div>
<div class="tbf_wide"><input type="submit" value="Preview Your Tip" name="preview_tip" onClick="fill_preview('tipbits_enclosure_preview', 'ts', this.form); return false;" tabindex="7"> <input type="submit" value="Send Us Your Tip!" name="submit_this_tip" onClick="handle_tip_submission('ts', '', this.form, 'tip'); return false;" tabindex="8"></div>
</div>
<div class="spacer"></div>
<div class="tbf_row">
<div class="tbf_wide"><span class="fine_print">When you submit a tip, you give us permission to use it. Read <a href="javascript:void(0)" onClick="generic_show_hide('tip_terms')">our terms</a> for more details. All submissions are reviewed before publication.</span></div>
<div class="tbf_wide"><span class="fine_print">Our terms: By submitting a tip, you agree to assign TidBITS Publishing Inc., a non-exclusive, worldwide, perpetual license to reproduce, publish, and distribute your tip in connection with the TidBITS Web site and associated products in any media. You agree that you created the content you submitted, and that you have the right to assign us this license. You give us permission to use your name, but your email address won't be publicly displayed or shared. We review all submissions before publication, and reserve the right to select which submissions we feel are appropriate for our readers and to edit those we publish.</span></div>
<div id="comment_thanks" style="display:none" onClick="close_popup_thanks('comment_thanks', 'comm')"><br>Thanks for submitting a comment! Please check your email for a link that, when clicked, will verify that you're a real person and cause your comment to appear immediately. <div class="x_close" id="comment_upper_right"><a href="javascript:void(0)" onmousedown="close_popup_thanks('comment_thanks', 'comm'); return true;">Close</a></div></div>
<div class="tbf_wide"><span class="fine_print">Our terms: We reserve the right to edit or delete any comment, so please post thoughtfully. We use your email address <i>only</i> to send you a one-time verification message confirming that you posted this comment. We also store your address to allow you to verify using other Web browsers in the future. For more info, see our <a href="http://db.tidbits.com/privacy.html">privacy policy</a>.</span></div>
<li><a href="/feeds/tidbits.rss" title="Subscribe via RSS" class="gettb">RSS <img src="/images/feed-icon-12x12.gif" width="12" height="12" border="0" class="nav_img" alt="Subscribe via RSS"></a></li>
<li><a href="http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=276986548" title="Subscribe to the podcast" class="gettb">Podcast <img src="/images/feed-icon-12x12_podcast.gif" width="12" height="12" border="0" class="nav_img" alt="Subscribe to the postcast"></a></li>
<li><a href="http://www.twitter.com/TidBITS" title="Get Article Updates via Twitter" class="gettb">Twitter <img src="/images/feed_icon_12x12_twitter.png" width="12" height="12" border="0" class="nav_img" alt="Get Article Updates via Twitter"></a></li>
<li><a href="http://www.facebook.com/pages/TidBITS/195314925519" title="Go to the TidBITS Page at Facebook" class="gettb">Facebook <img src="/images/feed_icon_12x12_facebook.gif" width="12" height="12" border="0" class="nav_img" alt="Go to the TidBITS Page at Facebook"></a></li>
<li><a href="javascript:void(0)" title="Sections" class="tabhead" onClick="return showhide('articleslist')">Sections <span id="articleslist_triangle"><img src="/images/nav_triangle_open.gif" width="9" height="9" border="0" class="navtriangle" id="articleslist_tri_image" alt="Click to show or hide the contents of this section."></span></a></li>
<li><a href="javascript:void(0)" onClick="return showhide('stafflist')" title="Staff" class="tabhead">Staff <span id="stafflist_triangle"><img src="/images/nav_triangle_closed.gif" width="9" height="9" border="0" class="navtriangle" id="stafflist_tri_image" alt="Click to show or hide the contents of this section."></span></a></li>
<li><a href="javascript:void(0)" title="Issues" class="tabhead" onClick="return showhide('issuelist')">Weekly Issues <span id="issuelist_triangle"><img src="/images/nav_triangle_closed.gif" width="9" height="9" border="0" class="navtriangle" id="issuelist_tri_image" alt="Click to show or hide the contents of this section."></span></a></li>
<li><a href="javascript:void(0)" onClick="return showhide('abouttidbits')" title="About TidBITS" class="tabhead">About TidBITS <span id="abouttidbits_triangle"><img src="/images/nav_triangle_closed.gif" width="9" height="9" border="0" class="navtriangle" id="abouttidbits_tri_image" alt="Click to show or hide the contents of this section."></span></a></li>
<div class="center_top">Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling <a href="http://www.takecontrolbooks.com/?pt=TB-TAGLINE" style="color:yellow">Take Control</a> ebooks.</div>
<!-- begin centercolumn -->
<div id="centercolumn">
<!-- begin rightcolumn_container -->
<div id="rightcolumn_container">
<!-- begin rightcolumn -->
<!-- rightcolumn is embedded within centercolumn so featured text wraps around it -->
<p><p>If you ever find yourself zoning out during a meeting or class, only later to realize that you forgot to take notes for 20 minutes, Pear Note makes it easy to fill in those gaps. To do so:</p><ol>
<li>Open your Pear Note document.</li>
<li>Hit play.</li>
<li>Click on the last text you did type to jump to that point in the recording.</li>
<li>Click the lock to unlock the text of the note.</li>
<li>Take notes on the part you missed.</li>
</ol><p>Your new notes will be synced to the recording just as if you'd taken them live with the rest of your notes.</p></p>
<p>Visit <a href="http://www.usefulfruit.com/tb">Useful Fruit Software</a></p>
</div>
<div class="tearoffbox_wide_bottom_tips">
<div style="padding-bottom:35px"><div class="tip_display" style="float:left"><p><br><a href="/tipbits/239">Link to this tip</a></p></div><div class="tip_display" style="float:right; width:150px">
<p class="credit">Written by<br><a href="/author/Adam%20C.%20Engst">Adam C. Engst</a></p></div></div>
<div class="tbf_wide_80" id="hc_rc_4226">To help us avoid automated posts and misuse of our site, please enter the words below.</div><div class="x_close_row" id="hc_upper_right2_4226"><a href="javascript:void(0)" onmousedown="HidePopupContent('hc_4226', 'hc', '4226'); return true;">Close</a></div>
<div id="article_box_4226"><P>It's about time someone realized what we in the Mac Internet community have been saying for years. Even better, that someone is the U.S. Army. Here's the story. It seems that on 28-Jun-99, an intruder gained illegal access to the home page of the U.S. Army and modified its contents. Organizations like the Army hate that, and on 30-Aug-99, FBI agents arrested a 19-year-old Wisconsin man for "malicious altering to a U.S. Army Web page" in connection with the incident.</P><P><<A HREF="http://www.army.mil/">http://www.army.mil/</A>><BR><<A HREF="http://www.dtic.mil/armylink/news/Sep1999/a19990901hacker.html">http://www.dtic.mil/armylink/news/Sep1999/ a19990901hacker.html</A>></P><P>The compelling aspect of this story is that as a result of the break-in, the U.S. Army has switched the machines that serve the Army's home page from Windows NT-based PCs to Power Macintosh G3s running WebSTAR from StarNine Technologies. Christopher Unger, Web site administrator for the Army Home Page, didn't reveal the specifics of what was done to the page, how it was done, or what the Army planned to do to prevent further intrusions, but he did say that the Army had "moved its Web sites to a more secure platform," basing the choice of the Mac OS over Windows NT on information from the W3C (World Wide Web Consortium). Using Netcraft's "What's that site running?" utility, I was able to verify that the Army's main Web server is now running WebSTAR 4.0 on the Mac OS. However, other less-obvious Army Web servers linked from the main Army home page generally run either Netscape Enterprise on Solaris or Microsoft IIS on Windows NT.</P><P><<A HREF="http://www.starnine.com/webstar/">http://www.starnine.com/webstar/</A>><BR><<A HREF="http://www.netcraft.com/whats/?host=www.army.mil">http://www.netcraft.com/whats/? host=www.army.mil</A>></P><P>There's no telling if the Army will move its secondary servers to the Mac OS to prevent them from being cracked as well, but the W3C does compliment the security of the Mac OS in its WWW Security FAQ, saying "The safest Web site is a bare-bones Macintosh running a bare-bones Web server." In information specific to WebSTAR, the W3C notes:</P><BLOCKQUOTE>"As far as the security of the WebSTAR server itself goes, there is reason to think that WebSTAR is more secure than its Unix and Windows counterparts. Because the Macintosh does not have a command shell, and because it does not allow remote logins, it is reasonable to expect that the Mac is inherently more secure than the other platforms. In fact this expectation has been borne out so far: no specific security problems are known in either WebSTAR or its shareware ancestor MacHTTP."</BLOCKQUOTE><P><<A HREF="http://www.w3.org/Security/faq/wwwsf1.html#Q3">http://www.w3.org/Security/faq/wwwsf1.html#Q3</A>><BR><<A HREF="http://www.w3.org/Security/faq/wwwsf8.html#Q84">http://www.w3.org/Security/faq/wwwsf8.html#Q84</A>></P><P>This logic also applies to other Web servers for the Mac OS, such as Quid Pro Quo, AppleShare IP's built-in Web server, NetPresenz, and even Personal Web Sharing.</P><P><<A HREF="http://www.socialeng.com/">http://www.socialeng.com/</A>><BR><<A HREF="http://www.apple.com/appleshareip/">http://www.apple.com/appleshareip/</A>><BR><<A HREF="http://www.stairways.com/netpresenz/">http://www.stairways.com/netpresenz/</A>></P><P><STRONG>Old News</STRONG> -- Of course, this information isn't news to the Macintosh Internet community, where the security of the Mac OS and Macintosh Web servers has long been known. In "Macintosh Web Security Challenge Results" in <A HREF="http://www.tidbits.com/tb-issues/TidBITS-317.html">TidBITS-317</A>, Chris Kilbourn outlined the approaches used by would-be-crackers looking to take home a $10,000 prize. Then, in "The Crack A Mac Story" in <A HREF="http://www.tidbits.com/tb-issues/TidBITS-378.html">TidBITS-378</A>, Joakim Jardenberg and Christine Pamp talked about the success of the first Crack A Mac challenge. Geoff Duncan look at the motivations behind a glut of subsequent Mac OS security challenges in "The Mac Security Challenge Fad" in <A HREF="http://www.tidbits.com/tb-issues/TidBITS-385.html">TidBITS-385</A>. And finally, we reported briefly on the successful cracking of the second Crack A Mac challenge, a far more complex setup that was compromised via a long-since patched security hole (See "Cracked!" in <A HREF="http://www.tidbits.com/tb-issues/TidBITS-393.html">TidBITS-393</A>).</P><P><<A HREF="http://db.tidbits.com/article/01107">http://db.tidbits.com/article/01107</A>><BR><<A HREF="http://db.tidbits.com/article/02166">http://db.tidbits.com/article/02166</A>><BR><<A HREF="http://db.tidbits.com/article/02204">http://db.tidbits.com/article/02204</A>><BR><<A HREF="http://db.tidbits.com/article/04093">http://db.tidbits.com/article/04093</A>></P><P>What's also old news is Apple's lack of support for the Mac OS as an operating system suitable for use with Internet servers. Since the Apple Internet Server Solution bundles disappeared years ago, Apple has barely acknowledged the reality of running Internet servers on the Mac OS, despite the many happy Mac users relying on Mac OS-based Internet servers. Even now, servers from Apple run Mac OS X Server, which is essentially Unix. There's nothing wrong with Unix-based Internet servers, and for very high-volume sites, they're essential. Even the performance arguments brought up against Macintosh Web servers are essentially moot now, with WebSTAR and Tenon Intersystems' WebTen providing far more performance than most Web sites require. For the vast majority of Web sites, email servers, and FTP servers, the Mac OS and commonly available Mac OS software provide a familiar, easy-to-use solution without the fuss or security issues of Unix or Windows NT.</P><P><<A HREF="http://www.tenon.com/products/webten/">http://www.tenon.com/products/webten/</A>></P><P>Looking forward, it's almost inconceivable that Apple would once again put forth the Mac OS as a serious Internet server platform. Companies seldom recant a technical stance, and more important, with Mac OS X in the works, Apple doesn't want to do anything that will reduce Mac OS X's impact. But it remains to be seen how secure Mac OS X will be when exposed to the Internet's crackers. With the power and flexibility of Unix at its base, Mac OS X will certainly be attractive to many classes of users - let's hope that crackers aren't among them.</P><!-- U.S. Army Moves to Mac OS-based WebSTAR Adam C. Engst --></div>
<!-- end article text -->
<!-- PayBITS -->
<p> </p><div class="sponsorbox">
<div class="sponsortext"><A HREF="http://www.smithmicro.com/tidbits"><IMG SRC="http://db.tidbits.com/images/badges/StuffItDeluxe2010.gif" ALT="" HEIGHT="50" WIDTH="50" BORDER="0" ALIGN="left"></A>StuffIt Deluxe 2011 has everything you need to backup, encrypt,<br />share, and compress all of your photos, audio and documents.<br />Compress it. Secure it. Send it. Try StuffIt Deluxe 2011 today!<br />Click here for a free 30-day trial: <<a href="http://stuffIt.com/tidbits/">http://stuffIt.com/tidbits/</a>></div>
