close this bookTidBITS#530   20000508
View the documentMailBITS/08-May-00
View the documentMigrating to New Climes with PowerMail
View the documentIt's a Keeper (Idea Keeper, That Is)
View the documentFoot Notes

MailBITS/08-May-00

AppleShare IP 6.3.2 Shuts Security Hole -- Apple Computer has released AppleShare IP 6.3.2, a small but important update designed to fix a potential security problem in the Web server module of AppleShare IP 6.1 and later. The security problem works as follows: HTTP clients such as Web browsers can ask for either an entire page at a time or a range of data. If a client asks for an invalid range of data from a Web page, AppleShare IP's Web server may return up to 32K of the contents of RAM (which could, of course, contain anything that's being worked on at the time). The free update requires AppleShare IP 6.3.1 and Mac OS 9.0.4 (so make sure you upgrade to those versions before trying to install), and is a 1.1 MB download. [ACE]

<http://www.apple.com/appleshareip/>
<http://asu.info.apple.com/swupdates.nsf/artnum/n11670>

AppleWorks 6.0.3 Update Released -- Apple has released AppleWorks 6.0.3, a free maintenance update to the English versions of AppleWorks 6. The update improves stability to the latest version of Apple's integrated suite of tools, updating the AppleWorks application, the Envelope Assistant, and the CarbonLib system extension. Apple has not revealed specific fixes in AppleWorks 6.0.3, but user reports indicate better USB compatibility plus faster file opening and saving. The update also adds RTF translation and several pages of help files. AppleWorks 6.0.3 is a 3.3 MB download. [JLC]

<http://www.apple.com/appleworks/>
<http://asu.info.apple.com/swupdates.nsf/artnum/n11671>

Communicator 4.73 Allegedly Fills Security Holes -- Netscape has released Netscape Communicator 4.73, which, according to Netscape engineer Steve Dagley, addresses two security problems: the JavaScript Cookie Exploit and the Acros-Suencksen SSL Vulnerability briefly documented on the Netscape Security Notes page. There are no other changes from the 4.72 release. Unfortunately, Netscape's information about the update is spotty; although the ReadMe file in the installer helpfully points to Netscape's Security Notes page, that page has not yet been updated. Further, using Communicator's SmartUpdate feature reported incorrectly that my 4.72 version was the latest one available, and an update wasn't needed. If you want to upgrade, you can download a 13 MB installer for Netscape 4.73, which also includes AOL Instant Messenger 3.0N (an outdated version), StuffIt Expander 4.5 (really outdated), and RealPlayer 5.0.2 (yes, outdated). Kudos to Netscape for addressing these security concerns; now if only they could put some effort into keeping their Web site and installers up to date. [JLC]

<http://home.netscape.com/security/notes/>
<http://www.netscape.com/computing/download/>

Quiz Preview: Port Authority -- Over the years, the Macintosh has sported a wide variety of ports for connecting peripherals and extending the computer's capabilities. But just because a port is present doesn't mean you can plug or unplug a device from it without taking certain precautions. For this week's quiz then, see if you can pick the correct answer to the question: "Into which of the following ports should never plug a device while the Macintosh is turned on?" Test your Macintosh knowledge on our home page today, and perhaps our explanation of the answers will save you a costly repair tomorrow! [ACE]

<http://www.tidbits.com/>

Poll Results: Collateral Spammage -- About 1,200 people voted in last week's poll that asked how many unsolicited commercial email messages you received per week on average. Although several people felt that we should have had options that offered higher ranges - up into the 150 to 200 spam messages per week - the distribution of votes was relatively even with the ranges we chose. The most common answers fell between receiving 1 and 30 spam messages per week, with a significant minority receiving 31 or more. Only eight percent of respondents said they didn't receive any spam at all, although some of them admitted that this was because they had just switched ISPs to escape a heavily targeted email account. [ACE]

<http://db.tidbits.com/getbits.acgi?tbpoll=39>
<http://db.tidbits.com/getbits.acgi?tlkthrd=1018>