<div id="popup_box_thanks" style="display:none" onClick="close_popup_thanks('popup_box_thanks', 'ts')"><br>Thanks for submitting your tip! All submissions are moderated by an editor before appearing online. We've reset the form so you can enter another tip. Or you can close the tip submission box. <div class="x_close" id="thanks_upper_right"><a href="javascript:void(0)" onmousedown="close_popup_thanks('popup_box_thanks', 'ts'); return true;">Close</a></div></div>
<div class="tbf_row"><div class="tbf_wide_extra_top not_bold">Please submit only technical tips that will help other TidBITS readers better use their Macs, iPhones, and related software and hardware. All product announcements should be sent to <a href="mailto:releases@tidbits.com">releases@tidbits.com</a>.</div></div>
<div class="tbf_left">URL</div><div class="tbf_right"><input type="text" value="" name="tip_link_url" tabindex="3"><span class="tip_description"><br>Enter the URL to a Web page that supports your tip.</span></div>
</div>
<div class="spacer"></div>
<div class="tbf_row">
<div class="tbf_left">Linked text</div><div class="tbf_right"><input type="text" value="" name="tip_link_label" tabindex="4"><span class="tip_description"><br>Enter the name of the page linked above.</span></div>
<div class="tbf_wide"><input type="submit" value="Preview Your Tip" name="preview_tip" onClick="fill_preview('tipbits_enclosure_preview', 'ts', this.form); return false;" tabindex="7"> <input type="submit" value="Send Us Your Tip!" name="submit_this_tip" onClick="handle_tip_submission('ts', '', this.form, 'tip'); return false;" tabindex="8"></div>
</div>
<div class="spacer"></div>
<div class="tbf_row">
<div class="tbf_wide"><span class="fine_print">When you submit a tip, you give us permission to use it. Read <a href="javascript:void(0)" onClick="generic_show_hide('tip_terms')">our terms</a> for more details. All submissions are reviewed before publication.</span></div>
<div class="tbf_wide"><span class="fine_print">Our terms: By submitting a tip, you agree to assign TidBITS Publishing Inc., a non-exclusive, worldwide, perpetual license to reproduce, publish, and distribute your tip in connection with the TidBITS Web site and associated products in any media. You agree that you created the content you submitted, and that you have the right to assign us this license. You give us permission to use your name, but your email address won't be publicly displayed or shared. We review all submissions before publication, and reserve the right to select which submissions we feel are appropriate for our readers and to edit those we publish.</span></div>
<div id="comment_thanks" style="display:none" onClick="close_popup_thanks('comment_thanks', 'comm')"><br>Thanks for submitting a comment! Please check your email for a link that, when clicked, will verify that you're a real person and cause your comment to appear immediately. <div class="x_close" id="comment_upper_right"><a href="javascript:void(0)" onmousedown="close_popup_thanks('comment_thanks', 'comm'); return true;">Close</a></div></div>
<div class="tbf_wide"><span class="fine_print">Our terms: We reserve the right to edit or delete any comment, so please post thoughtfully. We use your email address <i>only</i> to send you a one-time verification message confirming that you posted this comment. We also store your address to allow you to verify using other Web browsers in the future. For more info, see our <a href="http://db.tidbits.com/privacy.html">privacy policy</a>.</span></div>
<li><a href="/feeds/tidbits.rss" title="Subscribe via RSS" class="gettb">RSS <img src="/images/feed-icon-12x12.gif" width="12" height="12" border="0" class="nav_img" alt="Subscribe via RSS"></a></li>
<li><a href="http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=276986548" title="Subscribe to the podcast" class="gettb">Podcast <img src="/images/feed-icon-12x12_podcast.gif" width="12" height="12" border="0" class="nav_img" alt="Subscribe to the postcast"></a></li>
<li><a href="http://www.twitter.com/TidBITS" title="Get Article Updates via Twitter" class="gettb">Twitter <img src="/images/feed_icon_12x12_twitter.png" width="12" height="12" border="0" class="nav_img" alt="Get Article Updates via Twitter"></a></li>
<li><a href="http://www.facebook.com/pages/TidBITS/195314925519" title="Go to the TidBITS Page at Facebook" class="gettb">Facebook <img src="/images/feed_icon_12x12_facebook.gif" width="12" height="12" border="0" class="nav_img" alt="Go to the TidBITS Page at Facebook"></a></li>
<li><a href="javascript:void(0)" title="Sections" class="tabhead" onClick="return showhide('articleslist')">Sections <span id="articleslist_triangle"><img src="/images/nav_triangle_open.gif" width="9" height="9" border="0" class="navtriangle" id="articleslist_tri_image" alt="Click to show or hide the contents of this section."></span></a></li>
<li><a href="javascript:void(0)" onClick="return showhide('stafflist')" title="Staff" class="tabhead">Staff <span id="stafflist_triangle"><img src="/images/nav_triangle_closed.gif" width="9" height="9" border="0" class="navtriangle" id="stafflist_tri_image" alt="Click to show or hide the contents of this section."></span></a></li>
<li><a href="javascript:void(0)" title="Issues" class="tabhead" onClick="return showhide('issuelist')">Weekly Issues <span id="issuelist_triangle"><img src="/images/nav_triangle_closed.gif" width="9" height="9" border="0" class="navtriangle" id="issuelist_tri_image" alt="Click to show or hide the contents of this section."></span></a></li>
<li><a href="javascript:void(0)" onClick="return showhide('abouttidbits')" title="About TidBITS" class="tabhead">About TidBITS <span id="abouttidbits_triangle"><img src="/images/nav_triangle_closed.gif" width="9" height="9" border="0" class="navtriangle" id="abouttidbits_tri_image" alt="Click to show or hide the contents of this section."></span></a></li>
<div class="center_top">Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling <a href="http://www.takecontrolbooks.com/?pt=TB-TAGLINE" style="color:yellow">Take Control</a> ebooks.</div>
<!-- begin centercolumn -->
<div id="centercolumn">
<!-- begin rightcolumn_container -->
<div id="rightcolumn_container">
<!-- begin rightcolumn -->
<!-- rightcolumn is embedded within centercolumn so featured text wraps around it -->
</div><!-- end tearoffbox_wide_container for watchlist items -->
<!-- begin tearoff box wide -->
<div class="tearoffbox_wide_container">
<div class="tearoffbox_wide_tips">
<div class="tip_display">
<div class="tips_sponsor_logo">
</div>
<h6>Spacebar Magnifies Photos in iPhoto '08</h6>
<p><p>In iPhoto '08, you can choose whether double-clicking on a photo will edit it or magnify it. I prefer my double-clicks to edit photos, but every now and then it's nice to magnify a photo. To do that, even when double-click is set to edit, just select the photo and press the Spacebar.</p></p>
<div class="tbf_wide_80" id="hc_rc_6033">To help us avoid automated posts and misuse of our site, please enter the words below.</div><div class="x_close_row" id="hc_upper_right2_6033"><a href="javascript:void(0)" onmousedown="HidePopupContent('hc_6033', 'hc', '6033'); return true;">Close</a></div>
<div class="featured_meta"><div class="meta_article">03 Nov 2003 | <a href="/article/7421?print_version=1">Print <span class="shift_up"><img src="/images/printer_icon.gif" alt="Printer-Friendly Version of This Article" border="0" width="9" height="10"></span></a></div></div>
<H2>AirPort 3.2 Update Adds New Security Options</H2>
<div id="article_box_6033"><P>Following on the heels of the release of Mac OS X 10.3 Panther, Apple last week pushed out the AirPort 3.2 Update, which features the expected addition of Wi-Fi Protected Access (WPA) encryption, a new security method for providing robust encryption over wireless connections between an AirPort Extreme Card and an AirPort Extreme Base Station. The AirPort 3.2 software includes the AirPort Extreme Firmware 5.2 update for the AirPort Extreme Base Station; a separate installer for the firmware update is also available as a 1.1 MB download from Apple's Web site.</P><P><<A HREF="http://docs.info.apple.com/article.html?artnum=120267">http://docs.info.apple.com/article.html? artnum=120267</A>><BR><<A HREF="http://docs.info.apple.com/article.html?artnum=120268">http://docs.info.apple.com/article.html? artnum=120268</A>></P><P>The addition of WPA encryption support is big news for users and administrators of wireless networks. WPA is the fixed version of the original Wired Equivalent Privacy (WEP) encryption found in 802.11 wireless standards. WEP was proven to have so many flaws and weaknesses that a cracker using freely available software could easily obtain a WEP key by passively sniffing wireless traffic for a period of time ranging from 15 minutes to several days, depending on the volume of traffic over the base station (see "Wireless Fishbowls" in <A HREF="http://www.tidbits.com/tb-issues/TidBITS-592.html">TidBITS-592</A>).</P><P><<A HREF="http://db.tidbits.com/article/06520">http://db.tidbits.com/article/06520</A>></P><P>WPA uses a simple passphrase - a set of letters, numbers, and punctuation - to derive an encryption key, which is exactly how Apple has always hidden the complexity of WEP's approach. Behind the scenes, however, WPA fixes the several ways in which WEP failed, making it a reliable way to protect wireless traffic. (To protect a network comprised of both wired and wireless traffic, you might need a virtual private network connection; Apple offers two kinds of VPN clients and servers in Panther and Panther Server.) With WPA installed, the only way to break into a wireless network is through social engineering: convincing someone to give you the password.</P><P><STRONG>Early WPA Hurdles</STRONG> -- Unfortunately, this first implementation of WPA is disappointing for three reasons. The interface for entering a "WPA Personal" key (Apple's term for what is more commonly known as a "pre-shared key") doesn't resemble the interfaces for Linksys and Buffalo wireless devices we've seen. You can choose to enter a password of 8 to 63 text characters or a Pre-Shared Key, which is 64 hexadecimal characters. Good gravy, that's a lot of characters to enter, and it's unclear if the hex version can be used on other devices; I recommend you stick with a text-based passphrase. (Apple also supports what they call WPA Enterprise, which lets an AirPort Extreme card user have their user name and password confirmed by a RADIUS server, which also provides a unique encryption key to that user.) In the interfaces for Buffalo and Linksys gear, you enter a passphrase that can be 8 to 32 text characters. Neither seems to offer the hexadecimal version of the pre-shared key.</P><P>The second disappointment is that even though WPA allows for older machines that understand only WEP to join networks running WPA (by allowing WEP and WPA keys to both work, even though that reduces security), Apple currently allows only all-WEP or all-WPA networks.</P><P>The final crushing bit is that, at least for now, users of 802.11b AirPort cards and AirPort Base Stations, along with Mac OS 8.6/9.x users, do not have access to this advanced and secure method of protection - in short, everyone using older hardware is currently out of luck with regard to WPA. It doesn't have to be that way: WPA was specifically designed to be a firmware upgrade option for all existing 802.11b devices. For all we know, Apple and Agere - the makers of Apple's 802.11b equipment - may be furiously working on this problem, and Proxim, the current owner of the consumer-level hardware that's equivalent to the AirPort cards has posted a white paper that claims WPA support fairly soon. However, that doesn't mean that all existing 802.11b devices were built with such upgrades in mind: our current impression is that Apple's AirPort Base Station will not be upgradable to WPA. Since there's no revenue involved, it's hard to know what Apple's priority might be, except to avoid millions of irritated customers.</P><P><<A HREF="http://www.proxim.com/learn/library/whitepapers/WPA_White_Paper.pdf">http://www.proxim.com/learn/library/whitepapers /WPA_White_Paper.pdf</A>></P><P>These disappointments aside, if you're on an all-AirPort Extreme network, we recommend installing and using this update immediately, since it provides fundamentally good security for any installation, no matter how small or large.</P><P>The AirPort 3.2 upgrade, a 7 MB download, works only with Mac OS X 10.3 or later, and Apple recommends it for both AirPort and AirPort Extreme cards and base stations. However, it appears that the update for the non-Extreme AirPort devices seems entirely oriented for providing error messages about WPA being unavailable.</P><P>Adam Engst and I have just finished a massive revision to our book, The Wireless Networking Starter Kit, which has an extensive explanation of how to use WPA and the security underpinnings of it, among dozens of new topics. The second edition will be available later this month.</P><P><<A HREF="http://glennf.com/wnsk/">http://glennf.com/wnsk/</A>></P><P class="paybits">PayBITS: Did Glenn's explanation clarify the boundaries of<BR> the AirPort update? Consider sending him a few bucks via PayBITS!<BR> <<A HREF="http://www.paypal.com/xclick/business=glenn%40glennf.com">http://www.paypal.com/xclick/ business=glenn%40glennf.com</A>><BR> Read more about PayBITS: <<A HREF="http://www.tidbits.com/paybits/">http://www.tidbits.com/paybits/</A>></P><!-- AirPort 3.2 Update Adds New Security Options Glenn Fleishman --></div>
<!-- end article text -->
<!-- PayBITS -->
<p> </p><div class="sponsorbox">
<div class="sponsortext"><A HREF="http://markspace.com/bits?source=tidbits"><IMG SRC="http://db.tidbits.com/images/badges/mark-space.gif" ALT="" HEIGHT="50" WIDTH="50" BORDER="0" ALIGN="left"></A>SYNC YOUR PHONE with The Missing Sync: Sync your calendar,<br />address book, music, photos and much more between your phone<br />and Mac. Supports ANDROID, BLACKBERRY, PALM PRE and many<br />other phones. <<a href="http://markspace.com/bits?source=tidbits">http://www.markspace.com/bits</a>></div>
