security

Knocking and Unlocking

In a recent episode of the Mac Power Users I made an offhand remark how I thought it would be clever to use the Apple Watch to unlock my Mac. I received multiple emails from listeners telling me that this functionality effectively exists already with the application called Knock. I’ve been using Knock (iTunes) (website) now for a few weeks and am happy to report that those listeners were correct.

Knock is an iPhone application. It costs four dollars and once you install it, your iPhone becomes aware of when it gets near your Mac, even when it is locked. (You also need to download and install a utility app on your Mac found on their website.) Once you’ve got the system in place, when you get near your Mac, you will see a message on the lock screen that invites you to unlock by knocking twice on your phone. You can do this right in your pocket. For added fun, do this while pointing a toy sonic screwdriver at your Mac. The developer has a clever video that shows off this feature on their website.

After two weeks I’m convinced that this is more than a cute demo. I love unlocking my Mac simply by walking up to it and knocking on my pocket. I still think the Apple Watch could make this even easier but for now, you should check out Knock.

Weekend Project: Heartbleed Recovery Kit

There has been plenty of news about the Heartbleed bug this week. TidBITS did a great job summing it up. It appears something we all took for granted as really secure (Open SSL) really wasn't. As users that means we've potentially been compromised at a lot of websites. I say "potentially" because there is really no way to log incursions due to the nature of this bug. That's a little terrifying. So what should you be doing this weekend?

First take a look at this handy list from Mashable. If any of your vendors and online accounts show up as compromised AND fixed (that second part is important), log in and reset your password. If the site is compromised but not fixed yet, don't log in. In that case, don't touch it until it is fixed.

You all know how I'll be updating my passwords, with 1Password, which was not compromised. As an aside, someone at Macworld/iWorld asked me why I always change my major passwords (banking, iTunes, Amazon, Dropbox, Paypal) twice a year. Things like this are why (although in fairness this bug is so bad that wouldn't have saved me either).

Secure a Network for Some Turkey

If you are going to be on the road this Thanksgiving visiting your muggle relatives, that would be an excellent time to do them a favor and enable OpenDNS. It is ridiculously easy and I’d bet your hosts will be really thankful if you can ban porn from their homes, especially if there are kids. We talked about OpenDNS on the Mac Power Users ages ago but it is all still relevant. Also, my pal Katie Floyd made this handy screencast. 

Hacking The Onion

I found this article about the Syrian Electronic Army hacking The Onion fascinating. They pulled it off with phishing. In particular, they embedded malicious links in friendly sounding email. Once they got a few people to bite, they used those compromised email accounts to double down and phish more employees using their friends' emails. This really makes me question the use of embedded links in email. They are so convenient but also so easy to abuse.

There are some tools in Apple mail to expose a link before opening it. Regardless, be careful out there. (Link found via John Gruber).

Screen Shot 2013-05-14 at 11.47.45 AM.png

Going on Offense with OpenDNS

My 8-year-old niece slept over our house over the weekend. As I was watching her sit behind the family iMac, I saw her search for "My Little Pony". Her first hit was an OpenDNS blocked porn site. You see, searching "My Little Pony" does not always return the results you would expect. However, instead of being exposed to something that 8 year olds should never see, she got the OpenDNS block screen and moved on. I have to admit I was shocked (though I probably shouldn't have been). My niece didn't even realize what had happened. In a few minutes, she had found the site she was looking for and was very pleased with Pinky Pie. My takeaway is that now, more than ever, perfectly innocent kids can find all sorts of things they shouldn't see without trying. In short, I believe in OpenDNS now more than ever.

If you're not familiar with it, OpenDNS is a free service that offers to replace your local Internet service provider's domain name server (DNS). (DNS is, essentially, the address book of the Internet connecting words like "macsparky.com" with the ones and zeroes behind the Internet.) A lot of ISP's have pretty crummy DNS services and OpenDNS is usually faster at getting you between where you are and where you want to go.

OpenDNS does more than just DNS service though. It also does tracking and, if you please, filtering. I've got the "moderate" filter turned on preventing any computer, iPad, iPhone or other iThingy in my house from connecting to porn sites or other red-flagged security threats. It is really easy to set this up. My pal Katie Floyd even made a video showing you how (below). They also have video tutorials and walkthoughs for every major brand of router. This isn't rocket science.

The only downside that I've ever heard is that some people report streaming content through iTunes (like movies) is sometimes slower when using OpenDNS than when using your local ISP. One clever friend explained this is because Apple will pick the streaming server based on your location and OpenDNS doesn't give them that. I've not noticed a difference between OpenDNS and my local cable company for streaming iTunes so it is not an issue for me.

Not only do I think anyone that has kids on their network should enable OpenDNS, I also think us alpha nerds should be pushing this out to our family, friends, and loved ones. I've decided I'm going on offense with this and am going to start setting it up for friends and family on their home routers. Kids should be able to search "My Little Pony" without finding something that would give me nightmares.

Secure Data in Your Pocket?

The not-so-surprising news this week is that if someone gets physical possession of your stuff, there is a really good chance they’ll get the electronic bits too. Remember to get a separate secured database on those mobile devices (like 1Password secure notes) so there is a second layer. Keyboard lock the phone (not every thief is a hacker) and back up your phone often so you have no hesitation to pull the trigger on a remote wipe if it does go missing. That is all, for now.

MacSparky.com is sponsored by Bee Docs Timeline 3D. Make a timeline presentation with your Mac.

PGP for Snow Leopard Shipping

 

PGP 10.0 is now out of beta and shipping for Snow Leopard. The new version includes several nice upgrades including support for Boot Camp, Windows 7 (32 & 64 bit), and Linux support. I've been running the beta a few months and had no troubles. Encryption and decryption are faster and PGP reports there are additional safeguards against boot disk corruption. If you have sensitive data on your Mac, I've found no better solution than PGP.