Although the Mac.com site does use SSL to encrypt your password when sending it to that site, your password is sent in clear text if you use an e-mail application to read your Mac.com email through the Mac.com server. The Mac.com server does not seem to support APOP, so it is recommended that you use the Mac.com site to have your Mac.com e-mail forwarded to another mail server that does (or, alternately, use one iTools account for your email and a different one, with a different password, for your iDisk).

-----------------

Chapter: 10, Securing Third-Party Internet Services
Section: Your data could be backed up by an intruder
Page: 141

It is possible for an intruder to use Retrospect to attempt to back up your machine over the Internet. Retrospect has a dialog that allows users to specify a machine to be backed up over TCP/IP by simply typing an IP address. This feature makes the use of a firewall even more important. If you wish to allow backup of your machine over TCP/IP, a firewall can deny access to Retrospect except from the IP address of the desired backup machine. If you do not wish to allow backup of your machine over TCP/IP, a firewall can deny access to Retrospect from all IP addresses.

-----------------

Chapter: 13, Analyzing and Responding to Security Threats
Section: Creating the e-mail
Page: 233

An IP address you investigate may or may not be the ultimate origin of a given attack. A common ploy used by hackers is to use others' machines from which to launch their attacks. Hackers who have obtained unauthorized access to a machine can upload a piece of software to that machine (Figure 1), and then communicate with that software over the Internet (Figure 2), telling the software to perform various kinds of mischief to another user's machine (Figure 3).

Since this is done without user A's knowledge, user A may rightly claim to have no knowledge of an attack on user B, even though the attack came from user A's machine. If a user you investigate claims no knowledge of an attack you're inquiring about, you may wish to suggest to the user that their machine may be infected with a virus or otherwise have been taken over by a third party.

-----------------

Chapter: 16, Wireless Networking
Section: Too much freedom
Page: 282

Recent analysis has revealed that the algorithm used by WEP (wired-equivalent privacy) to encrypt communication on 802.11b networks is flawed. It is possible for someone to figure out the password used on WEP-based networks simply by listening on those networks for a long enough time. For home networks, which are lightly used compared to business networks, that time may be on the order of days, but the flaw means that use of WEP on Airport networks should be re-examined. If someone does obtain your WEP password, he will be able to act as a full participant on your wired network, and also to listen in on all your network communications unless those communications are specifically encrypted. For these reasons, you should:

1. Not use your WEP password for any other service, and especially not for your Airport base station.
2. Implement multiple levels of defense, as mentioned in this chapter and throughout the book.
3. If you need to communicate with complete security, use an encrypted protocol like SSL (see chapter 5), or use a wired network.
4. Continue to use WEP, since it does making spying and other hacking on Airport networks harder.

The 802.11b committee is looking at more secure alternatives, so expect more changes in this area in the near future.

-----------------

Section: How AirPort is used
Page: 280

The AirPort Base Station 2.0 has two Ethernet ports. You connect the "WAN" Ethernet port of the Base Station to your cable or DSL modem, and the "LAN" Ethernet port to any wired machine or network you may have.

-----------------