The Preferred Toronto Apple Reseller of MacMedics:
The Preferred iPod and iPhone repair shop in Toronto of MacMedics:
A Safe Way To Dispose Of Your eWaste – And Get A Tax Receipt Too!
My Preferred Canadian-Based ISP
-
Feb
26
I found this being presented as a ‘watch out, Big Brother’ type of example. It involves a program by Apple called One-to-One/Student-to-laptop where they provide laptops for educational use in certain schools. The case surrounded a situation where administrators could visually remotely monitor what was going on kid’s laptops as a way to ensure they remained focused on school work. They typically used Apple Remote Desktop to do this – a program I use to more easily administrate multiple machines, run bulk updates, installs and which I also use for remote support.
This is not totally Orwellian, but it’s getting close. However, it does get worse. Unbeknownst to the kids and without their permission, these same administrators installed covert webcam activation software which could also monitor their machines when they took them home too! Administrators claimed it was done in case there was a theft of a laptop. Parents claim:
(the School) spied on students and families by “indiscriminate use of and ability to remotely activate the Webcams incorporated into each laptop issued to students by the School District.
A student was actually confronted by a school official concerning ‘improper behaviour in his home’ culled from the spy software – yikes!
The school is being sued by the Parents of the students and the school has rejigged their security policies in response:
As a result of our preliminary review of security procedures today, I directed the following actions:
· Immediate disabling of the security-tracking program.
· A thorough review of the existing policies for student laptop use.
· A review of security procedures to help safeguard the protection of privacy; including a review of the instances in which the security software was activated. We want to ensure that any affected students and families are made aware of the outcome of laptop recovery investigations.
· A review of any other technology areas in which the intersection of privacy and security may come into play.
It’s all a bit creepy, but the program’s root aspirations and results in general are inspiring – a few stray administrators can really ruin a good thing.
More info on the story can be found here as well as here. What do you think? Please comment!
Nov
13
A Security Story
Filed Under Security, Views, iPhone | Leave a Comment
So, I’m getting ready to leave to see a client. It’s a glorious mid-Fall day – the sun is warm, the air crisp. I get on my little red Vespa and as I slowly make my way past our car parked on the alleyway parking pad I notice…broken glass scattered on the ground. Hmm. I look to my right and realize the front passenger window has been smashed in! Crap! Now, why would someone do this? I don’t leave anything in my car of value .I go back into the house and tell my wife. It turns out her beautiful new white iPhone had been left in the vehicle – too tempting to resist!
My first thought is – privacy! Someone has her phone with access to her contacts, calendar information, notes, email etc…She’s not too worried – she doesn’t keep anything sensitive on it. I’m thinking we need to change all of her passwords immediately. Before I do that I remember that we have a family MobileMe account. With this I can see if I can locate the phone and at the very least initiate a remote wipe of the device when the thief tries to go online with it. I can’t locate the phone, but I send an instruction to wipe it when it next hits a network. I also call our cell company to deactivate the SIM card.
Thirty minutes later the MobileMe service sends a message her account reporting that the wipe has been started and cannot be stopped. Whew! No breach, and no working iPhone for the thief.
This story illustrates the importance of securing your mobile devices – your laptops, iPhones etc..For me, the new security features of MobileMe is worth every penny we pay for it. The ability to locate or erase a phone to lock out a thief or to secure it in general if I’ve left it somewhere is a great comfort. I urge anyone with an iPhone and a MobileMe account to turn on the Find My Phone feature within the MobileMe mail profile on your device. It’s important to password-protect your phone as well. You can also secure your laptop with a password and a deeper firmware password. There are also software solutions like Undercover which can track and find or erase your lost or stolen laptop (it can also track your iPhone as well).
Take Control eBooks has just released a new guide on using the iPhone and the new 3.1 software. It covers all aspects of the device as well as security. I urge people to have a look for more guidance and insight into the iPhone.
Apr
13
I’m asked all the time: “Should I install anti-virus or anti-spyware software on my Mac?”. I’ve also noticed that when anything out of the ordinary goes wrong I’m told, not asked – “I must have a virus” to wit I smugly answer – ‘you don’t have a virus, Macs are more secure than Windows’ yadda yadda yadda. Well, I need to wipe that smirk off my face as an article in the NY Times on Mac Security has pointed out:
The security researcher Dino A. Dai Zovi knows this better than most. The attack that won him the Pwn2Own hacking contest in 2007 required that his victims do nothing more than visit a malicious Web site. “All they saw was their Web browser crash,” he says.
“I have found that Macs are less secure than their current Windows and Linux counterparts,” says Mr. Dai Zovi, who is co-author of The Mac Hacker’s Handbook. “At least for the last several years, Apple has lagged behind in security, largely because the threat hasn’t been there.”
Basically, the Mac is safe because it’s market share (10%) is still too small to attract hackers to migrate their tools over to a new platform. The article asks what level of market share warrants attacks. It seems to be from 17% on. We’ll see. In the meantime, Apple releases security updates (what are they doing?) to plug holes as they arise and Snow Leopard should hopefully be more secure than Leopard. In the meantime, read this article and like me, wipe that smug off your face : )
Mac Security Part II – NY Times – Riva Richmond
Feb
9
Peace Of Mind
Filed Under 1. HOW TO..., Advice, Rants, Security, Tips, Views | Leave a Comment
As many of you who read this blog know I am constantly reminding people to back up their data – I never seem to get tired of pointing this out. Just as importantly is securing the data you already have. Security can mean different things depending on your concerns and approach. For some it’s ensuring that you have that basic backup of your important information – that’s one kind of security – against data loss.
So, you’ve got your backup. Check. However, what happens if you lose or have your computer stolen? All that important information like your passwords, credit card information, writing, pictures, contacts, calendar – personal and professional information – all of it is at risk. It’s a very violating feeling to have your computer stolen. I’ve had this happen to me and it’s awful. Even if you have a backup the knowledge that someone may have access to your information is unnerving. You may have to cancel your credit cards, change all of your passwords, call colleagues or friends to be on the look out for any breached information you may have stored.
What can you do to make sure this doesn’t happen to you? These are my suggestions – each has advantages and disadvantages:
1. Give your computer a password! Many of my clients feel they don’t need a password because they’re the only ones using their machine. Please don’t get lulled into this trap. Give your machine a basic password – preferably something beyond 1234, your name or ‘password’.
2. Check out the Security System Preference Pane. There are some very basic things you can choose to do that can help dissuade a casual breach of access to your Mac – in an office or at home. Within this Preference Pane you’ll find the ability to require a password to wake your machine from sleep or a screen saver – someone passing by your machine will probably keep on going. You can also require a secure password to unlock other important Preference Panes – see screen shot.
3. Even with all of these built-in features if someone has physical access to your computer they can by-pass all of these measures by booting up your machine with a startup DVD or external hard drive. To prevent this you can utilize another free utility that comes with every Mac – a Firmware password. Each Startup Disk has on it a utility called Firmware Password Utility. With this you can implement a password at a deep level of the operating system. This will prevent someone from booting up your machine from another media, mounting the drive using Target Disk mode as well as other modes of starting up. This can also prevent diagnostic trouble-shooting modes so be aware of this.
4. Yet another security feature is Apple’s File Vault feature. This protects your Home directory with very sophisticated encryption standards. To you your data appears normal. However, if someone were to steal your machine your data would be secure, even if they booted up your machine from another source – unless they knew or figured out your password (hence no 1234 here)! An issue with Filevault arises with the use of Time Machine. Because File Vault encrypts your directory as a single secure image it will continually back up the entire image and not just the smaller changed files. This can fill up your backup destination much faster.
5. There are 3rd Party solutions as well some of which can help locate your stolen Mac, disable it remotely, take pictures of the thief, where they surf etc…Orbicule is one, MacPhoneHome another as well as Lojack.
6. One solution I’ve used in the past is Securikey – a USB security key approach. With this implemented, your laptop or desktop is only usable with the insertion of the specially formatted USB key – even if your password is breached. It encrypts your Home Directory like Filevault and the data is useless to a thief. If you lose your key the company keeps a backup set which you can get access to by identifying yourself properly with a prearranged authentication.
7. Backup is, as I’ve mentioned, security. An important step is to make sure that you don’t keep your backup and your primary source (computer) in the same location, especially when you travel. Thus, a diverse and secure approach to backup might include an offsite copy of important information using a service like MobileMe, SugarSync, iDrive etc…That way, in the case of loss or theft you will have recourse to those important files. All of these services encrypt their data on remote servers.
Dec
1
Bright Spots and Flash Backs
Filed Under Advice, Apple News, Security, Views | 2 Comments
On the heels of the report that Microsoft is losing further ground in both web browser share and market share – it has dipped below 90% for the first time in quite a long while - and Apple’s share rising to 9.25% (10 times less, but come on…) I wanted to share this great piece of near nostalgia. This is pre-iPod, pre-Intel, pre-everything really great and cool. Apple also posted better than average sales on Black Friday at it’s stores and was a bright spot on an otherwise lackluster holiday season kickoff in the US. Click on the link if you don’t see the embedded video. Now if only Air Canada’s aeroplan site would only work with Safari!
The Original Apple Store - presented by Steven P. Jobs
Find more videos like this on MyAppleSpace
In other news….
In a curious twist, Apple released a knowledge base article ’encouraging’ Mac users to begin to use Anti-Virus programs
so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult.
Appleinsider suggests that this points to a softening of Apple’s opinion on this matter. My experience has been that Macs are fairly immune to most of the threats out there and that, although there are proof of concept viruses that can affect the platform there is nothing widespread out there. That being said, many of my clients communicate with Windows-based users and their machines can become carriers of a virus. If you are in this position it might be a good idea to heed Apple’s advice.
UPDATE – 12-3-2008
Apple just pulled their knowledge base note concerning the need for anti-virus software stating that the Mac OS is built to withstand such kinds of attacks. Read more here.
Sep
8
Phishing for MobileMe
Filed Under Alerts!, MobileMe, Security, Tips | Leave a Comment
A phishing scam seems to be making the rounds masquerading as coming from Apple. It claims that Apple cannot renew the customer’s MobileMe subscription for September (which is ridiculous as Apple doesn’t bill for this on a monthly basis). There is more detail with screenshots on Apple Insider’s site here. I highly suggest you check it out. The link directs a user to a bogus link and then asks you to enter your login information. The domain/DNS information was registered 3 weeks ago and points to a source in Pakistan.
Sep
2
Secure Your Google
Filed Under Advice, Alerts!, Security | Leave a Comment
I came across a security suggestion for those using GMAIL (Google Mail):
Ashik Ratnani writes with this snippet from Hungry Hackers:“A tool that automatically steals IDs of non-encrypted sessions and breaks into Google Mail accounts has been presented at the Defcon hackers’ conference in Las Vegas. Last week, Google introduced a new feature in Gmail that allows users to permanently switch on SSL and use it for every action involving Gmail, not just authentication. Users who did not turn it on now have a serious reason to do so, as Mike Perry, the reverse engineer from San Francisco who developed the tool, is planning to release it in two weeks.”
To enable this feature in Gmail:
- Sign in to Gmail.
- Click Settings at the top of any Gmail page.
- Set ‘Browser Connection’ to ‘Always use https.’
- Click Save Changes.
- Reload Gmail.
Aug
28
iPhone Security Alert & Workaround
Filed Under Advice, Security, Tech News, iPhone | Leave a Comment
There is a report of a serious iPhone security flaw which could allow someone to bypass the password protection of the phone (if you’ve set this up) and gain access to your important information. It’s also been reported that Apple is aware of this and it will be addressed in the next software update for the iPhone. In the meantime, if you use this protection feature, an easy workaround is set the “Home Button” double-click preference to “Home” or “iPod” rather than the default “iPhone Favorites”.
Aug
20
Macs and the Mafia
Filed Under Advice, Malware, Recommendations, Security | 3 Comments
It seems the Russian Mafia is targeting the Mac with a piece of Malware. See this post from Macintouch.com and this one from Intego for details. If you’re concerned about this sort of thing the best piece of advice is to only download software from trusted sources. Also, the browser Firefox will not automatically mount these kind of Disk Images. Safari, by default, does. To protect yourself from this in Safari, turn off (uncheck) the “Open safe files after downloading” function within it’s General preferences. There are anti-virus and anti-spyware packages out there for the Mac. Intego has a couple of offerings as well as Norton Anti-Virus from Symantec.