Category Archives: Security

How to Keep Your Teenager Safe Online

Posted on by Posted in Security, Technology Leave a comment
Share

Teenagers today live technology-centric lives. Few things happen that do not involve Facebook, Twitter, or texts in some capacity. Some of this communication takes place with people that parents know, but probably not all of it. What about cyber-bullying, sexual predators, and other online hazards? Parents should consider the following steps to help keep their children safe online:

  1. Have the technology “talk” :: Develop an “acceptable use” policy for your home, perhaps with input from your children. Make sure that your kids clearly understand your rules and expectations for their technology use, and that if they don’t abide by your rules, they lose the ability to use it. Be mindful that tech-savvy teens may find ways around your built-in controls and that no app or setting can keep them safe online. You should check their phones and computers on a regular basis, both in front of them and behind their backs, to ensure that they are following your rules.
  2. Use parental settings wisely :: Macs have Parental Controls preferences that enable you to control your kids’ access to the computer and the Internet and even to specify times that they can and can’t use the computer. While iPads and iPhones have fewer parental controls, you can still control your teen’s ability to install apps, make in-app purchases, and prevent access to age inappropriate movies and music, as explained here.
  3. Friend your children on social networks :: The best way to keep an eye on your children’s activity on social networks is to “friend” and monitor them. They should understand that anything they do or say online is highly visible, lives forever, and can never ever be erased. Take steps to ensure that only their friends can see what they’ve posted on Facebook, and explain that tweets live on in cyberspace forever. Give your kids examples of real people whose reputations have been damaged by something posted online. Basically, if they wouldn’t say it at the dinner table in front of you, they shouldn’t say it online.
  4. Be the holder of the passwords :: When your children understand that they have waived any expectation of privacy, they will more easily accept that you will know all of the passwords for their email, Facebook, and other social media accounts at all times. Being friends with them isn’t enough, as they may attempt to block you from seeing certain posts. You can decide how often to log in and read everything, but they need to know that you can at any time. One idea that’s become popular is to change the wi-fi password in your home every day and only give it to the children when they’ve done their chores, complied with your rules, etc. Another option is to configure your router to set restrictions on a per-device basis, as explained here for an AirPort wireless network.
  5. Don’t let your teens sleep with their phones or computers :: A lot of trouble starts after the sun goes down, so don’t let your children be a part of it. Set up one central location where phones and laptops are charged overnight, and impose punishment for their failure to comply. Also, consider whether it is a good idea to allow your kids to have desktop computers in their bedrooms. If they must, then you should configure access privileges to control nighttime use, or even take the power cord away at night. You will obviously want to make a point of checking their computer regularly so that you know what your child is doing.
  6. Be a good role model :: If you have a rule that prohibits cell phones during certain “family time”, then that rule should apply to parents as well as the children. The central charging station idea referenced above can apply to parents too. Perhaps even consider establishing a daily “device-free time” of just 10 or 15 minutes at the breakfast or dinner table to see if it has a positive impact on your family.
Source: “Six Ways to Keep Teenagers Safe Online” by Abbi Perets, published at Macworld.com.

10 Security Tips to Protect Your Mac

Posted on by Posted in Security Leave a comment
Share

Although Macs are already very secure, there are steps that you can take to lock down your system. The ten following tips will help ensure that your system is as safe and secure as possible:

  1. Enable Firewall :: Although there may be better firewalls out there, the one built into your Mac is sufficient for most peoples needs. To enable it, open System Preferences, select the Security & Privacy pane, select the firewall tab, and make select the ‘Turn On’ button. (Note: If this is greyed out select the lock at bottom to enable the settings.)
  2. Encrypt With FileVault :: FileVault is a built in app with the roots of you operating system. It encrypts your data on the fly, this means that any data you store is inaccessible if the drive is removed and read from another computer. This is very useful if your Mac is stolen and the hard drive removed in order to retrieve the data. To turn it on, open System Preferences > Security & Privacy tab and select the  ‘Turn On’ button on the FileVault tab.  Be aware of two potential issues: (a) it slows your Mac down when read and writing to your disk and (b) you can’t decrypt your data if you forget your password.
  3. Keep Software Up To Date :: One of the simplest things you can do to keep your Mac secure is to keep its software up to data, especially with security updates and Java updates. The app store will automatically tell you when updates are available. Each software updates fixes bugs and holes in your system, so it needs to have the latest software patches to provide maximum security.
  4. Allow Apps From Trusted Sources :: Apple’s OS X now includes a system application called GateKeeper, which ensures applications come from trusted sources. All applications from the app store are signed to ensure they are safe. Most 3rd party apps which are not sold on the app store are signed by trusted developers. Therefore, you should consider enabling at least the second option to protect yourself from untrusted apps.
  5. Disable Java :: Java is full of security holes, and it is generally a pain to ensure that it doesn’t compromise your system. If you don’t use Java, turn it off.  To turn it off, open up the web browser preferences you use. In Safari go to Preferences > Security, and uncheck the ‘Enable Java’ tab.
  6. Use A Non Admin Account :: One of the less obvious tricks to ensure you have the best security for your Mac is to use a non-admin account. If you create a normal user account for yourself, you will still be able to do all the things you need to, but there is an added layer of security to stop any rouge or damaging applications from running. To generate a new account, open System Preferences, select the Users & Groups pane, select the little plus button at the bottom of the list, add a new ‘Standard’ account. While it might be a pain to swap over all of your files from an admin account to a normal user account, the security benefits are usually worth it.
  7. Disable Automatic Login :: If you travel with your MacBook Pro, you might consider disabling automatic login. This will stop anyone from starting your Mac and easily getting access to your files. Within login options of the Users & Groups preference pane, ensure the automatic login drop down box is set to ‘Off’. This ensures you have to type a password to gain access to your user account.
  8. Require A Password On Wake/Screen Saver :: You ought to also consider setting a password to unlock your computer when it wakes up. This means that no one can access your sleeping Mac without a password. This security setting is enabled from the Security & Privacy pane from within System Preferences. Enable the check box to require a password after sleep or disabling the screen saver. You can also have your Mac log you out automatically if you leave it Mac unattended for too long.
  9. Disable Location Services :: This security tip also falls under the privacy umbrella. Location services tells certain applications where you are based on the GPS chip within your Mac. This means that your Mac can be pin pointed from anywhere on the globe. If you don’t want people knowing where you are you can disable this feature. Open Security & Privacy from System Preferences. Select the Privacy tab. The top option from the sidebar should be an option labelled ‘Location Services’. Uncheck the box that says ‘Enabled Location Services’. If you don’t have a device that has location service enabled, such as an iPhone or iPad, you should be ok. I don’t like it enabled as it can tell too many people where I am.
  10. Secure Empty Trash :: The last security tip is regarding emptying the Trash. When you delete any file only the pointer to the file is remove. This means the bits and bytes that make up the file are still present on your hard disk. If some clever apps you can actually read this data and rebuild the file. For the added security when deleting files use the Finder > Secure Empty Trash, menu bar option. This will overwrite the files with blank data so the original files cannot be recovered.

Source: “12 Security Tips For Your Mac” published at Mac Tricks & Tips.

10 Security Tips to Protect Your Mac

Posted on by Posted in Security Leave a comment
Share

Although Macs are already very secure, there are steps that you can take to lock down your system. The ten following tips will help ensure that your system is as safe and secure as possible:

  1. Enable Firewall :: Although there may be better firewalls out there, the one built into your Mac is sufficient for most peoples needs. To enable it, open System Preferences, select the Security & Privacy pane, select the firewall tab, and make select the ‘Turn On’ button. (Note: If this is greyed out select the lock at bottom to enable the settings.)
  2. Encrypt With FileVault :: FileVault is a built in app with the roots of you operating system. It encrypts your data on the fly, this means that any data you store is inaccessible if the drive is removed and read from another computer. This is very useful if your Mac is stolen and the hard drive removed in order to retrieve the data. To turn it on, open System Preferences > Security & Privacy tab and select the  ‘Turn On’ button on the FileVault tab.  Be aware of two potential issues: (a) it slows your Mac down when read and writing to your disk and (b) you can’t decrypt your data if you forget your password.
  3. Keep Software Up To Date :: One of the simplest things you can do to keep your Mac secure is to keep its software up to data, especially with security updates and Java updates. The app store will automatically tell you when updates are available. Each software updates fixes bugs and holes in your system, so it needs to have the latest software patches to provide maximum security.
  4. Allow Apps From Trusted Sources :: Apple’s OS X now includes a system application called GateKeeper, which ensures applications come from trusted sources. All applications from the app store are signed to ensure they are safe. Most 3rd party apps which are not sold on the app store are signed by trusted developers. Therefore, you should consider enabling at least the second option to protect yourself from untrusted apps.
  5. Disable Java :: Java is full of security holes, and it is generally a pain to ensure that it doesn’t compromise your system. If you don’t use Java, turn it off.  To turn it off, open up the web browser preferences you use. In Safari go to Preferences > Security, and uncheck the ‘Enable Java’ tab.
  6. Use A Non Admin Account :: One of the less obvious tricks to ensure you have the best security for your Mac is to use a non-admin account. If you create a normal user account for yourself, you will still be able to do all the things you need to, but there is an added layer of security to stop any rouge or damaging applications from running. To generate a new account, open System Preferences, select the Users & Groups pane, select the little plus button at the bottom of the list, add a new ‘Standard’ account. While it might be a pain to swap over all of your files from an admin account to a normal user account, the security benefits are usually worth it.
  7. Disable Automatic Login :: If you travel with your MacBook Pro, you might consider disabling automatic login. This will stop anyone from starting your Mac and easily getting access to your files. Within login options of the Users & Groups preference pane, ensure the automatic login drop down box is set to ‘Off’. This ensures you have to type a password to gain access to your user account.
  8. Require A Password On Wake/Screen Saver :: You ought to also consider setting a password to unlock your computer when it wakes up. This means that no one can access your sleeping Mac without a password. This security setting is enabled from the Security & Privacy pane from within System Preferences. Enable the check box to require a password after sleep or disabling the screen saver. You can also have your Mac log you out automatically if you leave it Mac unattended for too long.
  9. Disable Location Services :: This security tip also falls under the privacy umbrella. Location services tells certain applications where you are based on the GPS chip within your Mac. This means that your Mac can be pin pointed from anywhere on the globe. If you don’t want people knowing where you are you can disable this feature. Open Security & Privacy from System Preferences. Select the Privacy tab. The top option from the sidebar should be an option labelled ‘Location Services’. Uncheck the box that says ‘Enabled Location Services’. If you don’t have a device that has location service enabled, such as an iPhone or iPad, you should be ok. I don’t like it enabled as it can tell too many people where I am.
  10. Secure Empty Trash :: The last security tip is regarding emptying the Trash. When you delete any file only the pointer to the file is remove. This means the bits and bytes that make up the file are still present on your hard disk. If some clever apps you can actually read this data and rebuild the file. For the added security when deleting files use the Finder > Secure Empty Trash, menu bar option. This will overwrite the files with blank data so the original files cannot be recovered.

Source: “12 Security Tips For Your Mac” published at Mac Tricks & Tips.

Guest Post :: Whole Disk Encryption & OS X Lion

Posted on by Posted in Guest Posts, How Do I ...?, Mac OS X, Security 5 Comments
Share

With all the discussion about encryption and security, I asked Mac consultant (and MILO member), Matthew Bookspan, to write the following Guest Post, which I hope my readers enjoy and find helpful:

Whole Disk Encryption & OS X Lion

First, this is an exciting feature of OS X Lion for business users. I have opined about this feature before in a previous post. However, let’s state the facts: whole disk encryption ensures business users that their data is more secure than in previous releases of the operating system.

Second, let’s get an understanding of what whole disk encryption means for everyone. Security always sounds great, although it has lots of uncertainty. We’ll use the definition from Wikipedia:

Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. Disk encryption prevents unauthorized access to data storage. The term “full disk encryption” (or whole disk encryption) is often used to signify that everything on a disk is encrypted, including the programs that can encrypt bootable operating system partitions.

Setting up whole disk encryption (FileVault 2) in OS X Lion

Originally, we had planned to write a “how-to.” However, Apple has done a better job in articulating the setup steps in this knowledge base article. Further, in the Ars Technica review of OS X Lion, there is another great example of how to enable this feature.

Instead, we are going to focus on how you will use whole disk encryption in your daily tasks.

Before we articulate the usage, there is a key missing item from Apple’s article: time to setup. Yes, it takes time (a lot of it) to enable this feature within OS X Lion.

Let’s articulate the time in detail:

  • Initial setup (not migrating from FileVault v1): about 10-15mins
  • Encryption time: on a brand-new install of OS X Lion, with no additional applications installed, it took just over two hours to enable whole disk encryption on a three year old iMac. This time could decrease or increase based upon your system.

Using FileVault 2: Performance impacts

Once you have Filevault 2 enabled, you will not notice any performance changes. Whether it is real or a matter of perception, your files feel like they open just as fast. Your apps launch without any additional delay. Your backups via Time Machine work the same, etc.

Upon system boot, you will be prompted to login, as you must authenticate with your username and password, even if you previously did not enable this authentication.

Using FileVault 2: Security Benefits

By enabling whole disk encryption, you are adding a new level of security to your Mac. All of your data is now secured using XTS-AES 128 encryption. To translate from technical gobbledygook – this is pretty darn secure.

Utilizing whole disk encryption via FileVault 2 will ensure that if your computer is lost or stolen, your data will not be retrievable. For those with sensitive client data (or business data), utilizing this feature is fundamental to your business security.

Summary

We didn’t spend any time talking about migrating from FileVault v1 to v2 because that is handled in Apple’s Support article mentioned above. Nevertheless, the significant security and performance improvements provided with this whole disk encryption feature is essentially a complete win-win for business users.

If there are any gotchas – there are two:

  1. DO NOT LOSE YOUR SECURITY KEY.
  2. DO NOT FORGET YOUR PASSWORD.

Sorry for the yelling, although we wanted to make sure that you received the message loud and clear. 🙂

Of course, if you want to learn more about FileVault 2/whole disk encryption and security, please don’t hesitate to reach out to us here at Blacktip.

About the Author:  Matthew Bookspan is the Chief Shark at Blacktip IT Services, an Apple Consulting firm based in Orlando, FL. He’s written this post to to help us learn more about OS X Lion Security and has not recieved compensation for it.

(Note:  This article was updated on July 27, 2011, after it’s original publication on July 25, 2011.)

Guest Post :: How to Run Firefox From a USB Drive

Posted on by Posted in Guest Posts, How Do I ...?, Security, Software Leave a comment
Share

Firefox has quickly and rightfully become one of the most used and most loved Internet browsers in existence. Its fast speed, great customizable interface, and strong security measures make it the best option for most computer users when it comes to web browsing. 

From an attorney’s perspective (or anyone within an information-sensitive industry), the benefits of having a USB preloaded with Firefox is clear because the very nature of their business means the information they are browsing is sensitive. When using a public or shared computer such as a library or an internet cafe, one can ensure information is saved and served from their USB and not from the computer ís hard disc, and let us not forget that all of your favorite websites and credentials can be saved within your new portable version of Firefox.

Here is a simple tutorial on how to take Firefox with you anywhere, ready to use on computers that do not have it installed already:

  1. Insert a USB thumb drive into your computer :: The USB thumb drive is the key to this whole process. Without it, there would be no reason for this little tutorial. So before doing anything, take your favorite USB drive, plug it into your computer, and make sure it is properly mounted and ready to have files installed on it.
  2. Download Firefox Portable :: Firefox Portable is a USB Drive app specifically made in order to allow users to run Firefox from any USB Drive. PortableApps.com has taken all of the complexity and frustration of making Firefox mobile, and compiled the process needed into a simple installer program. The proper program can easily be found by typing in "Firefox Portable" into you favorite search engine. Download Firefox portable and you will be ready for the next step.
  3. Install Firefox Portable :: Once Firefox Portable has been downloaded, an installer file should appear where you specified. Run this program to begin installing Firefox portable. During the install, the program will ask you where you want to install the program. Choose the device name or destination code of the USB Drive you want to run Firefox on, then click OK. The program will then take the time to make the necessary changes in your USB drive in order to allow Firefox to run from it.
  4. Using Your USB Drive to Run Firefox :: Once the install is finished, you should be able to run Firefox from any computer that can detect you USB drive properly. To do this, first safely eject the USB drive from the current computer. Next, find a computer you would like to run Firefox on, and plug the USB drive into it, making sure it is mounted properly. Once connected, find your USB Drive’s root directory folder, which should show up in the My Computer area of the device it is connected to. Inside your USB drive, you should see FirefoxPortable. Just run this program and Firefox should start up as normal on any device using your USB Drive.

There you have it. If you followed these easy steps, you should now have the ability to carry Firefox around in your pocket, ready to be called to action anywhere and at any time.

About the Author:  Forte Promo specializes in promotional products for all of your business needs, look to Forte Promo for any new custom flash drives.

Guest Post :: Protect Your Data with Proper Backups

Posted on by Posted in Guest Posts, Office Management, Security 3 Comments
Share

We live in the age of computers and information technology. Almost everything these days is done with the help of a computer: writing letters, sharing pictures and documents, doing homework, filing taxes, and so much more. While using computers can certainly speed up our work, it also makes us more prone to data loss and a host of other new problems.

When all your important information is stored in only one virtual location, a computer crash can be enough to cause serious damage to your work, your finances, maybe even your entire life. Admittedly, the computers today are considerably more reliable than they were a couple of decades ago but the risk of data loss remains. This is precisely the reason you should make a habit out of backing up your computer data, especially the important ones. The good news is that there are several tools you can use to create proper backups: flash disks, DVDs, external hard drives, online storage, and so on. There really is no excuse for not having a backup of your computer data.

Do a Backup of Your Data Regularly

Most people already know that backing up data is extremely important but few realize that it has to be done not only once or twice, but frequently. This is particularly true if you use the computer a lot for work or personal reasons. Ideally, you should do a backup your most important files at the end of each day. This way, you won’t have to worry about losing your photos, articles, music, and other files in case something happens to your computer or your hard drive.

Use Online Backup Services

Consider using online backup services such as iDrive, MozyHome, Carbonite, and CrashPlan. iDrive and MozyHome have a free plan and you can store up to 5GB and 2GB of data, respectively. Carbonite and CrashPlan both offer free trials. For about $55 a year, Carbonite provides unlimited online data storage. For less than $25 a year, CrashPlan provides up to 10GB of online data storage.

Perform a Complete Hard Drive Backup

This is your best protection in case of a computer crash or disk failure. It’s not a good feeling to see all your hard work gone in just a flash. Even if you have to spend money on an extra hard drive and backup software like Acronis, make the purchase because they are worthy investments. They will make your life so much easier. The recommended frequency of doing a complete hard drive backup is once a week. However, if you are very busy (it can take hours to back up an entire hard drive), you can do it monthly. 

Frequently Save Your Work

Save your work as you go along. Have you ever experienced a power failure right in the middle of typing your term paper or an important report for work? This can be very frustrating, especially when you are almost finished when the power goes out, leaving you no choice but to start all over again. Save yourself the trouble and stress by making it a habit to click on the save button or pressing CTRL-S every now and then, perhaps at the end of each paragraph, or whenever you finish a page. Before long, clicking on the save button or pressing CTRL-S will become second nature to you and you won’t even notice that you are doing it. You can also configure your word processor to auto-save your work every minute or two.

About the Author: Rob Boirun maintains the website www.burnworld.com which is a tech site around DVD, Blu-Ray Burning and Video Converting.

Guest Post :: Apple’s “Walled Garden” – Unsustainable Model or Certificate of Quality?

Posted on by Posted in Guest Posts, Mac vs. PC, Security, Technology 4 Comments
Share

I am proud to exclusively present the following Guest Post from Mariana Ashley:

Apple is one of the most recognized brands around the world, and, at least according to a recent Barron’s survey, one of the most respected. Still, not everyone is Apple crazy, as an earlier post about why people love to hate Apple indicated. Apple is always in the news, so I knew something was up when I saw the phrase "Mac-lash" being bandied about on the Internet over the past few days.

Several news outlets used the term "Mac-lash", so let’s look at one such article, published in the UK newspaper The Independent. The thrust of this and other related articles is that the Apple business model may be unsustainable in the long-term. Experts cite a growing discontent from not just developers and publishers, but customers, too. Quoting UK journalism professor Paul Bradshaw, The Independent article notes:

"I’ve been a consumer of Apple products for a while and I’ve very definitely decided not to get an iPad. Apple is increasingly closed and controlling and I think with the iPad they’ve crossed a line to a place where the usability that Apple is so famous for is being undermined by the lack of adaptability. There are so many things that you can’t do with content on an iPad that it makes for quite a poor user experience if you are anything other than a basic user."

Basically, the argument goes that Apple products differentiate themselves by (1) portraying itself as something of luxury item, (2) portraying itself as an "alternative" or "rebellious" product, (3) justifying higher prices by delivering a generally higher quality product , (4) being a closed system in which everything is designed to get you to buy more Apple products.

With the iPad, Number (1) became less relevant, as prices of many of their products fell such that way more people can afford them, in the process losing some of the snob appeal. Same goes with Number (2); now that too many people own Apple gizmos and gadgets, their iconic 1984 commercial seems laughably ironic. Number (3) still holds, and Number (4) is what is angering a growing number of people.

Those who argue that the closed, rigid, some would say almost "old school" business tactics, in which collaboration is insular and products don’t adapt across different platforms, puts Apple at a disadvantage with its competitors like Google. And Number (3), the idea that Apple products are still superior, easy to use, secure, and are generally of a higher quality is what Steve Jobs says makes Apple better.

Jobs noted in a statement last October that open systems aren’t always better, and he attributes his products’ superiority precisely to the way he runs his business, despite it being somewhat reactionary in a climate in which "open" is the hottest buzzword. Detractors say that Apple’s success in terms of delivering hot, in-demand products, is largely attributed to Jobs’ creative genius itself, and that once he goes, Apple will go down with it.

What do you think? Is Apple’s future secured, or will it have to change in some ways to keep up with the competition?

Source:  Mariana Ashley is a freelance writer who particularly enjoys writing about online colleges. She loves receiving reader feedback, which can be directed to mariana.ashley031@gmail.com.

Guest Post :: Is it Time for You to Revisit Your Backup System?

Posted on by Posted in Guest Posts, Office Management, Security, Software 1 Comment
Share

The following Guest Post from Brooks Duncan contains great advice and helpful reminders to everyone about their backup plan(s):

You may have heard the old IT cliche "there are two types of hard drives: those that have failed, and those that will".  

Fortunately, you, being the responsible Mac lawyer that you are, have protected yourself and are doing regular backups. At the very least you have Time Machine running and are backing things up to an external hard drive.

When’s the last time that you took a look at your backup process and made sure that it is still meeting your needs? In the Mac world we love things that "just work", but when it comes to backups, it pays to make sure things "still work".

Is It Tested?

Have you actually gone into your Time Machine backup and made sure that what you think is being backed up actually is? Take a look and see. Do a test restore of some key files to make sure that you can get what you need when you need it.

Go into the Time Machine preferences and make sure you didn’t accidentally exclude something that should be backed up.

If you’re using something else other than Time Machine, it’s the same deal. Test test test to make sure that you can restore. I like what the CEO of Carbonite, an online backup provider, has to say on the subject: "I like to say that Carbonite is not in the backup business ‚ we are in the restore business".

Is It Redundant?

The hard drive that you are copying your files to can fail just as easily as the one you are backing up. Consider having your files backed up to a storage device such as a Drobo or a Netgear ReadyNAS that contains multiple redundant hard drives. Throw in four 1 or 2 Terabyte drives, and if one of them fails, you just take it out and replace it. Your data is still safe.

Is It Offsite?

For your really important files, having them backed up in your office isn’t good enough. All the hard drive crash protection in the world won’t help you if you have a fire, flood, or theft. You need to back them up offsite.

One option is to save them to a hard drive or DVD(s) and take them to another location. This will work, but I am suspect of any backup process that involves doing something manually. It leaves too much open to human error.

A possibly better option is to use online backup. Your critical files will be backed up transparently to a secure online location and won’t take any manual intervention. There are many vendors, but Mozy and Crashplan are two to check out.

Is It The Right Online Plan?

You may already be using online backup, but make sure that your backup provider also supports backing up network storage. You want to be able to back up all your critical files, not just the ones on a local computer.

Is It Tested?

Didn’t I already cover this? Yes, yes I did. However, testing your backups needs to be a regular occurrence, not something that you do just once.

Conclusion

Congratulations on having a backup routine set up. You’re already ahead of 90% of computer users. If you test your backups regularly and take some time to revisit your backup strategy at least once a year, your files will be rock solid.

Source:  Brooks Duncan runs DocumentSnap, a website devoted to going paperless. He helps people unclutter and de-stress by turning their piles of paper into an organized electronic system. He would be pretty happy to be able to write about Mac stuff every day.

Guest Post :: AT&T Leak Shows Concern for Their Internal Security Processes

Posted on by Posted in Guest Posts, Security 2 Comments
Share

The following Guest Post is from Daniel Cawrey:

In the past, users connected to the Internet through a broadband connection. But with the advent of personal, mobile devices such as smartphones and tablets like the iPhone and iPad, we have new security concerns—especially with the wireless operators who serve these devices.

Take the recent reports about AT&T’s leak of over 100,000 personal email addresses from iPad owners using the wireless operator’s network. This was done by running a script on a public AT&T website by an underground security group named Goatse Security. Worse, they released these email addresses to the public.

AT&T has had security problems with Apple’s products before, most notably when the first iPhone was released. Shockingly, those using AT&T’s network were receiving bills that could amount to hundreds of pages long, detailing all of their data or web activity; highlighting that the operator was paying close attention to users’ 3G activities.

This new development brings a great question to the forefront – who is responsible for leaks of personal data in this example? Apple or AT&T? While Apple has a duty to keep user information private, the reality is that if you don’t have an iPad connected to AT&T’s 3G service, you simply won’t have this problem. It’s likely that while both companies will receive backlash because of this story, it’s really AT&T’s problem.

Apple needs to exert its influence on AT&T, however. It’s widely believed that Cupertino has spurred other wireless networks in favor of its exclusive deal with AT&T, to the tune of five years. With that being said, there are clear security issues with AT&T and its servers. In this instance it doesn’t appear to be the wireless network itself, but a flaw in the way that AT&T stores user information.

The fact that AT&T kept user information that is not encrypted is a concern. This data is not for public consumption and should be stored with respect to privacy. In the coming days, it’s likely that AT&T will announce they will better obscure user data, and rightly so. Even if their servers are vulnerable, and at this point we know to some degree that they are, encrypting the database that stores user information would be a good step in making sure that outsiders don’t have the ability to swipe data that has any value.

The bottom line is that AT&T may not necessarily have problems with its wireless network, but its internal company servers clearly are not protecting data in case of any sort of loss. Here’s hoping that AT&T learns something from this latest security breach, before it happens again.

Source:  Daniel Cawrey is a technology blogger who writes on a variety of IT topics including Google Chrome and network management software.

The TRUTH About iPhone Security

Posted on by Posted in iPhone, Security 12 Comments
Share

Is the iPhone secure? That question has been hotly debated in legal circles since its release. To date, the loudest replies have been by those shouting “No” (see here, here, and here) but does that make that answer true? Ben Stevens of The Mac Lawyer and Finis Price of TechnoEsq now enter the fray to try to set the record straight.

The anti-iPhone crowd makes the following three types of claims to support their position that the iPhone is the “the most insecure phone we’ve ever seen” and that “the words iPhone and security do not belong in the same sentence”: (1) it’s too easy to jailbreak; (2) there are encryption weaknesses; and (3) it stores screenshots.

Finis is both a practicing lawyer and computer forensics expert, and he recently participated in the Droid v. iPhone debate in the ABA Journal.  With these impressive credentials, he responds to each of those allegations as follows:

  1. The fact is that many so called “smart”phones can be cracked and the data stolen. Of course, the same can be said of laptops, and how many lawyers have theirs encrypted? One key difference with the iPhone is that it allows you to remotely wipe the email in the event that is ever lost. Starting back with the iPhone 2.1, it is possible to have the iPhone wipe its data after ten invalid tries, with each attempt being longer and longer. How many attorneys can do that with their laptops? Further, if your corporate email is set up correctly, your mail disappears if your password expires. While this can be annoying, it is more secure than the BlackBerry, which stores the email on the device itself. Also, the iPhone holds only 150 emails at most, which while annoying is more secure than the BlackBerry, which stores much more. Therefore, even if you use POP email, you are only risking 150 emails. 
  2. The allegation that the iPhone has encryption weaknesses rings hollow. There are about 100 security apps in the App Store which allow you to encrypt the iPhone to protect it in case it is lost or stolen. You will soon be able to add biometric security to the iPhone through apps if you so desire (learn more here). The fact is that since the 3G-S version was introduced two years ago, the iPhone has been as secure, if not more secure, than any laptop – period.
  3. I believe that the argument about storing screenshots is outright silly. Yes, the iPhone gives you the ability to store screenshots in your photo album, but you have to work a little by pressing a couple of buttons every time to make one. Despite the clamoring made by some, this is not done automatically. Moreover, the only way you would not know about this happening was if you never looked at your photos. I will acknowledge that I have accidentally done this on my home page, but I have never done in by accident within an app.

Is anything 100% secure? Of course not. Law offices are subject to being broken into and/or having wandering eyes (such as cleaning crews) access client information. Legal pads and paper files get lost or misplaced, and how secure is a briefcase to someone who wants to get inside of it? One could argue that even the information stored inside the lawyers’ brains is not secure. Give Jack Bauer ten minutes and I guarantee that he would get information out of the most ethical, security conscious attorney in the world.

All of this might make one wonder why iPhones are being targeted and unfairly branded as being “unsafe.” A skilled forensic expert gets physical access to a laptop computer, he can extract all sorts of information, even that which was thought to have been deleted. Yet we find it odd that we don’t hear anyone claiming that it is unethical for an attorney to use a laptop, as some have stated about the iPhone.   One cannot help but wonder whether those are merely the ramblings of fear-mongering PC-centric dinosaurs or those interested in selling us something?

Addendum from Finis:

One of the comments below references a forensics white paper about the screenshot issue.  In that paper, he actually had to use a method called "carving" to get those images. This entails using a program to search for the hexadecimal values for image files in the temporary memory of the device. This results in over 2,000 images – most of which are not screens, being reported. These are then widdled down to whichever screenshot haven’t been overwritten. This is not the same kind of screenshot we take with the iPhone, but rather a function of the transition effect the iPhone uses. However, it should be noted these files aren’t even stored in an image format, they are simply bits and pieces of temporary memory which can be retrieved using a forensics tool and a LOT of forensics training.  Using a carving tool, a forensics examiner could retrieve ANY image displayed on ANY computer device which outputs to a display. So the terminology used of the iPhone just taking and saving screenshots is misleading. These are not screenshots in the ordinary sense users of the iPhone use or can access.

We invite your input using the Comments section below.