Posts tagged Security
You’re lucky this post exists. Because of what I’m reviewing, I was able to actually log into WordPress to post.
It was déjà vu all over again when the blinky red indicator lit up my email inbox declaring that my password was about to expire.
(They leave out the part about how no matter what you do, you’re going to manage to lock yourself out of the system anyway. Also, you can’t repeat passwords. And the system knows!)
We’ve all heard the stories. A giant database gets hacked so your account (and thereby your identity) is at risk.
We’ve all heard the warnings. Don’t use 12345 or Password. And even if you have a super stealth security code comprising letters, numbers, symbols, wizarding runes and a strand of your DNA, for all that is holy don’t use it for multiple sites.
I’ll be honest with you. My brain is now full. I no longer remember my own phone number, much less continuous strings of essentially random typos. What’s that? You also want me to remember what account all those nonsensical numeric are associated with?
Not happening. Alas, there’s only so many times you can click the “Forgot my password” link on a site before it completely shuts down on you.
And then I was introduced to mSecure Password Manager.
I was initially skeptical. Write down all my passwords in one place? DANGER WILL ROBINSON!
But then I realized that I have over 101 accounts and web logins that I use regularly enough to need to actually know how to decode the html cipher and retrieve my info. Let’s face it – it’s far easier for a hacker to access thousands of accounts than for me to remember if I’m TechMom, Tech Mom or techmummy with a password of 1f-U#ack_M3,Ple@$e.S#are!nfo
mSecure is available across all my Apple devices. But to calm the paranoid conspiracy theorist within, your account can only be synched across devices when you are simultaneously logged in on a single Wi-Fi network and, more importantly, only when you explicitly tell it to do so.
With a single master password, you can store a plethora of tricky data – I use it mostly to record Web login information. It is also a great digital wallet that allows categorization for grouping personal, work and family account information. For example when one of our four medical record login credentials is inevitably forgotten by a family member (namely, me).
The layout is simple and easy to read. It’s not meant to be fancy, it’s meant to restore sanity when you really need to reschedule a doctor follow up visit but cannot for the life of you remember what your toddler’s login information is for Kaiser.
For each entry, input a description, username, password, URL and applicable notes. You are in complete control of the data though, so if you’re uncomfortable having the actual password stored, simply enter a reminder in the Password field – it’s a lot easier than trusting a site’s ability to remember you’re the school your mother’s maiden name went to with their favorite pet in the first car owned.
However if you’re fresh out of ideas, mSecure also enables you to auto-generate a secure password.
It’s not free. You can download it for your iPhone, iPad in the App Store for $9.99. It is $19.99 for the Mac version, also in the Mac App store. But it’s totally paid for itself in time saved and meltdowns avoided. BTW, synchronization happens between the platforms when the devices are on the same WiFi network.
Corporate writer by day, mommy blogger by night, Tricia is raising twin toddlers – Search and Destroy. Instead of having one baby after 9 months, she had two after 6; she’s efficient like that. Tricia is a hybrid – running on coffee and chocolate. Tricia also rambles on her personal blog: Stream Of The Conscious.
ProtectStar today is pleased to announce ProtectStar iShredder 2 Standard Edition 2.0.7 for iOS, an update to its best-selling utility designed to permanently wipe all traces of files that the user has deleted or put in the trash. Because deleted files remain intact on the iDevice until written over by new files, it is relatively simple to completely recover sensitive, personal data, photos, and videos. The app irretrievably erases files using 11 different, user-selectable algorithms, which have been certified by military/intelligence security experts. Ensuring that deleted files can never be recovered, ProtectStar iShredder 2 Standard Edition is ideal for maintaining privacy on the user’s iDevice, and it is perfect for wiping clean an iDevice before changing its ownership.
* Best-selling, security utility app
* Exceeds international security standards
* Modern and secure erasing methods for flash memory (SSD)
* Standard and advanced deletion algorithms pre-installed
* Advanced secure erasing methods, such as: DoD 5220.22-M E; US Army AR380-19 and HMG InfoSec Enhanced No.5
* Shredded files are completely beyond recovery, even for experts and government agencies
* Friendly technical support by email
Unknown to most iPhone & iPod touch users is the surprising fact that files deleted or trashed are not really deleted. Emails, photos, notes, documents, videos, browser histories, music, messaging logs and reminders all disappear after they are deleted. But they remain intact until new files overwrite them (if ever). Files disappear because the Hierarchical File System in iOS crosses off the file’s name in the Directory that lists every file. According to the HFS, the photo entitled “Me & Jen at the Beach” no longer exists. If necessary, the HFS can use the storage space occupied by the picture to hold some other file. However, until it is actually replaced in memory by new data, the photo can be easily recovered.
File recovery apps can help restore files accidentally deleted. File recovery apps and algorithms can also reinstate thousands of files, large and small, deleted over years of typical iPhone usage. Users expect deleted files to be deleted; ProtectStar iShredder 2 makes good on that expectation. The app offers 5 different, user-selectable choices for securely and permanently erasing deleted files. These algorithms work by repeatedly writing over the remains of deleted files with random characters. Commonly employed by such organizations as DoD 5220.22-M E from the Department of Defence and the U.S. Army AR-380-19, iShredder’s algorithms provide the user with absolute assurance that their deleted data can never be recovered by anyone, even government computer experts.
It takes just three simple steps to overwrite the necessary flash memory using patented security standards, making it impossible to rescue any deleted files:
* 1st, open ProtectStar 2 iShredder
* 2nd, select a secure deletion algorithm
* 3rd, start the deletion process
“An independent IT security provider, ProtectStar, Inc. supplies SMEs, government agencies, and large corporations with comprehensive consulting and individualized solutions in domains such as process management and process optimization,” stated company founder Christopher Bohn. “The ProtectStar Testing Center continuously carries out extensive testing of IT security products from prominent vendors. You can be certain that the ProtectStar app you purchase is backed by our years of experience in data security.”
iShredder 2 Standard is $2.99 in the App Store and available for iPhone. In-App Purchases to the Pro version are available which brings support to your iPad.
Apple has joined the long list of sites and services that are offering two-factor authentication after recent security challenges for the Cupertino company. Now you have the option to enable this added level of security to your Apple ID, making it more difficult for hackers to access your account and potentially run up a big bill of in-app purchases on iTunes.
The new authentication is available on all Apple ID holders and is outlined in this How To on the Apple support site. Essentially all you have to do is go to your Apple ID while you have your iPhone or iPad with you as will need a trusted device to send a verification code to in the process. Once the process in complete you will be given a recovery code which you will need should you lose or change your trusted devices (i.e. get a new iPhone). This prevents someone from gaining access to your Apple ID if they get their hands on your device.
The two-factor authentication is a good thing although it takes some time to set up. It gives you piece of mind, especially if you are out-and-about with your devices (which is really all of us). Apple joins companies such as Dropbox who have enabled this added level of security.
As a reminder, if you have multiple Apple ID you should set up this authentication on all of them to prevent any security holes to your personal data. As I posted a couple of weeks ago, you should also follow some best practices around passwords by making them complex.
To get started, go to http://appleid.apple.com to enable the two-factor authentication.
If you missed all the fun yesterday, Apple had several employees hacked yesterday. The exploit made its way into the Cupertino Macs via, wait for it, Java. Yes that programming language applet that we all hate but seemingly cannot divorce (as a colleague of mine said, “a bugger you can’t flick”) has become THE gateway for malware into Macs. It would seem that Apple themselves are not immune.
Not sitting back on this one, Apple has release a Java update today to fix this and other improvements. Here is the summary from the Apple Support Page
This release updates the Apple-provided system Java SE 6 to version 1.6.0_41 and is for OS X versions 10.7 or later.
This update uninstalls the Apple-provided Java applet plug-in from all web browsers. To use applets on a webpage, click on the region labeled “Missing plug-in” to go download the latest version of the Java applet plug-in from Oracle.
This update also removes the Java Preferences application, which is no longer required to configure applet settings.
Mac users are recommended to install this update immediately as it is available now in the Mac App Store under Updates. Even if you do not normally use Java you should install this update. This release supersedes any previous updates.
To get the update, open up the App Store on your Mac and go to the Updates tab.
If you have Java running on your Mac, you need to stop reading this post and immediately go disable it. I’ll wait. The latest update for Java 7 has a serious security flaw in it. In fact it is so serious, the US Department of Homeland Security has issued a bulletin recommending that it be completely disabled for Macs and PCs.
ZDNet posted a quote from CERT (Computer Emergency Readiness Team), which is part of the DHS, where they stated
“We are currently unaware of a practical solution to this problem,” said the DHS’ Computer Emergency Readiness Team (CERT) in a post on its Web site on Thursday evening. “This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. Exploit code for this vulnerability is also publicly available.”
The exploit is significant: It could potentially turn your Mac into a bot or could expose personal information to thieves for Identity Theft. At the very least users should disable the Java plug-in in Safari or, do what I’ve done, which is uninstall Java completely from your Mac.
To disable Java in Safari, open Safari then go to Preferences and tap the Security Tab. Remove the checkboxes in the Java
related items This will disable Java in Safari but will keep Java on your Mac should you need it for some other reason. Note that some sites are highly dependent on Java and they may not render correctly or at all.
If you want to uninstall Java completely from your Mac, open up Finder then search for JavaAppletPlugin.plugin. Once you find it, move it to
the Trash and that will uninstall it from your Mac.
To this point there is no known fix for this issue and literally hundreds of millions of Windows PCs, Macs and other devices are at risk.
It is not uncommon for a government agency to issue warnings about security issues with software but it is rare they recommend disabling software. Clearly the DHS feels this one is worthy of people paying attention to and eliminating from their computers.
There has been no word from Oracle, the makers of Java, on when a fix for this latest security issue will be issued. With as high profile as this particular flaw is in Java, hopefully they will make it sooner rather than later.
Time for another AlliOSNews How To! With many young people receiving iPhones and iPads this Christmas, the question of being able to protect your kids from not-so-great things comes into play. While we all want our children to use and enjoy technology, we also need to protect them from particular types of media content as well as help guide them on responsibilities with their new iPhone or iPad.
Apple has made this easy for parents with the Restrictions settings in iOS. With restrictions, parents can restrict the type of content their children can access or use as well as restrict their ability to purchase or delete apps, access to apps like Facebook or FaceTime and even restrict if changes can be made to Contacts. This How To is not to tell you how to parent: Rather it is designed to give you information so you can make the right decision for your family.
To start, go to Settings on your iPhone or iPad and then scroll down to find Restrictions settings. By default these are
disabled. Tap on the Enable Restrictions button and you are prompted to enter a 4-digit PIN. Think of this as the “Administrator PIN”. It is for you as a parent to know but not your children. By having the PIN, it prevents unwanted changes from happening on the iPhone but it also allows you to log in and tweak to make the content levels you want for your children grow with them. Once you have entered a PIN, all of the various restrictions you can put into effect are enabled.
Remember, this How To is to show you how, not tell you which restrictions to set into place. To disable the ability for your youngster to say delete an app, scroll down to the Deleting App and turn it off. Now when they tap-and-hold on an app to delete it, the iPhone will go into “wiggle” mode but the small X to delete an app will not appear.
There is also the ability to restrict the content that they can view for films, TV programmes, music and apps and these are based on your country’s ratings system. So for example you can restrict much that has been tagged as Explicit from being available to play or you can prevent any films for a rating of 18 from being played for your 12 year old.
You can also restrict what apps have access to what content on the iPhone or iPad. For example, if you have given the permission to install an app and that app wants access to your child’s Facebook account, you can restrict the iPhone to allow the app to install but not allow it to access their Facebook account. This could prevent them from installing a rogue app that they don’t know is going to search through their Facebook profile and potentially expose them to unwanted materials.
Finally, like enabling the Restrictions settings, to disable them you must have the PIN. This will assure that your teen doesn’t “accidentally” turn them off.
While every parent has to make the right decision for their child on what is appropriate for them. This How To is designed to help you make that right decision without having to dive into the guts of iOS to figure it out. Apple has made it easy.
Security should always be a priority when it comes to your Mac. In the past Mac owners have felt naturally safer because there wasn’t that many Macs out in the wild and quite frankly, thieves didn’t have much interest in them. Today is a different game with Macs becoming a mainstream part of the consumer and corporate landscape and thieves specifically targeting Macs, iPhones and iPads. In this How To I’m going to show you how to make your Mac more secure by requiring a password and displaying a Lock Screen message when your Mac is locked or booted up.
To start, go to System Preferences on your Mac and open up the Security & Privacy. Once it is open you will see several items which you can adjust to make your Mac more secure. First is the Require Password. You can set this up to require a password to access your Mac immediately, after a few seconds or up to 4 hours. I recommend setting this very low – 5 seconds to 1 minute – to lower the risk of a quick snatch of your Mac and someone gaining access to your data as they literally walk away with it. Whatever time you have this set up, it will go into effect when your display is turned off (part of the power settings), your screensaver starts, or you boot up/log into your account.
The next thing to do is setup a Lock Message. You’ll see below the Require Password setting a button Lock Message – click it to open up the Lock Message editor. What you put in here is entirely up to you. You can put something like your name, a contact phone number and if you will be rewarding anyone with the return of your Mac. I would discourage you from putting anything derogatory in the Lock Message on the outside chance that you may actually get it returned to you. Once you have composed the message that you like, it will immediately go into effect based on how long the Required Password timer is set.
Now that you have your Lock Message set and your Required Password timer, your Mac is that much more secure. While you are on the Security & Privacy settings, you can also Disable automatic logins by checking the box to do so which will require anyone who boots up your Mac to enter a password. Below that you can set up where apps can be downloaded from on your Mac – from the App Store only or anywhere. This is part of the Gatekeeper functionality built into Mountain Lion.
From this point forward, when you log in or when your screen is disabled as part of the Power settings you will see your Lock Message.
There is another great use for the Lock Message aside from the security implications I’ve outlined here. I work in a corporate environment where when I show up at a meeting in a large conference room, a full 75% of the room is usually full of MacBook Pros – the exact same 13″ model as mine. It is our corporate issued unit so naturally there are a lot of them around. How do you tell yours from others when you walk out of the room to get lunch for that working lunch meeting? With Lock Message you can make sure that when you return you actually return to your MacBook. Oh, and back to security – this also prevents co-workers with prying eyes from getting into your Mac.
Was this How To helpful? Let me know! Leave a comment below or send me a Tweet on Twitter.
For many of us who use Mac’s in the corporate world, we are often called away from our desks for this meeting or that meeting or simply a run to Starbucks for a little pick-me-up in the afternoon. One feature that Windows PC users have that Mac’s don’t is the ability to simply press Ctrl+Alt+Delete and Enter to lock their PCs. This gives the impression, especially to new Mac users, that it is less secure.
Fortunately this is not the case. Your Mac can be as secure as any PC when it comes to unauthorized logins to your Mac and, just like a Windows PC, you can immediately lock your Mac so others cannot login not by a key combination but a quick and simple swipe of your trackpad. It’s called Hot Corners and it has been in OS X for a long time but it is not something that is enabled by default. By setting up Hot Corners you can perform a wide range of tasks from pulling up Mission Control to starting your screensaver to locking your Mac all by swiping to a corner of your display. It’s quick and efficient and in this How To I’ll show you exactly where to go and what to do on your Mac to set Hot Corners up.
In light of a security breach a few weeks ago, Dropbox has responded with enabling two-step authentication for users. The new measures are designed to make sure that the cloud-based storage service does not have such a breach again.
The new two-step process is not enabled by default so users will need to go to the Dropbox website, go to Settings then the Security tab and at the very bottom of the page you will find the ability to enable this new authentication method.
Enabling this will require either a SMS be sent to your mobile device or authentication through an app (Google Authenticator for iPhone) on your device. There are several steps to go through in setting up the authentication and Dropbox has provided step-by-step instructions here.
Even with the steps involved, it only took me about 5 minutes to enable two-step authentication on my account this morning. Any security is good security so if you are a Dropbox user, I recommend taking the time today to get this setup on your account.
For those not familiar with Dropbox, it is a cloud-based storage solution that provides 5GB of storage for free with 100GB plans starting at $9.99 per month. There are also Team plans with up to 1TB of storage available for small businesses or corporate teams within an organization. More details can be found on the Dropbox website.
With the release of iOS 5, Twitter integration came to the Apple mobile OS in a big way. Now from apps such as Photos and Safari you can Tweet content to your Twitter account on-the-fly without having to open the actual Twitter app on your iPhone or iPad. The same is true for other apps such as Instagram, Klout and others who can gain access to the embedded Twitter functions in iOS 5 to allow you to Tweet information from within the app.
While this is clearly convenient, there may be times where you do not want an app to have access to your Twitter account information on your iPhone or iPad. Perhaps it is an app you do not use often or it is simply a matter of “you don’t need access to that!”. Either way or for whatever reason, Apple has made it easy to control which apps can and cannot access the Twitter information on your iPhone or iPad.
To see your Twitter account information and the apps that have access to it, on your iPhone or iPad go to Settings and then go to Twitter. Here you will see all of the Twitter accounts you have configured on your device. At the bottom of this
screen is a section “Allow” which is where all of the applications that can access your Twitter account are listed. If you want to prevent an app from being able to use your Twitter information, simply slide the On/Off slider to Off for that app and you are done. Now that application will not have access to your Twitter account. This means that if you wanted to Tweet from that app, you won’t be able to do so.
Keep in mind that these settings are device specific meaning that you will need to check both your iPhone and your iPad as you likely have different applications installed on both that have access to Twitter.
Why would you ever need to prevent an app from accessing your Twitter information? In reality, probably never. Apple’s tight control of what apps have access to on your device – a key benefit to having a single app store for developers – means that the chances of you downloading or purchasing an app that is malware are remote. Still, it is possible as nothing is 100%. The key is that you have the ability to control this aspect of iOS to your personal level of comfort. Also keep in mind that Apple now requires any application that wants access to your Twitter account information to notify you when you configure and/or install that application. There should be no surprises by what you find in this section of Settings for Twitter.