Chosen Solution

For years I’ve felt fairly secure with the security Apple built in requiring a password to access my data. Very few of the general public had any idea how to get past that. Now my backdoor is wide open with no lock. My corporate secrets and eleven herbs and spices that I cook with are open to anyone with a bit of knowledge. My bank codes and passwords can be accessed. My tax information, personal letters, my will are open for public display. My sexual proclivities are exposed, not that I really care about that. I’d like to hear suggestions on how to close that back door or at least protect my user data.

This isn’t specific to Macs, but one effective and simple approach to keeping your data secure is to disable the broadcast of your SSID (wireless network name). Basically, the idea is, if your wireless network pops up automatically, it’s going to get attention. But if your SSID isn’t listed (and must be entered manually on a new computer), your network name will not show up in the list at all. There are ways to find networks which don’t broadcast their name and hack them just like any other network, but there are so many wireless networks in any given area that realistically, if it’s not in the list, very few will go to the effort of seeking it out. Obviously wireless encryption should be used as well, and if you’re feeling inspired, you can even turn on MAC address security, so that your network won’t let computers on that don’t have MAC addresses which have been pre-registered with the router. Sorry for the somewhat unrelated post…I just thought it may be relevant, since we’re all on wireless networks these days, and if the intruder can’t get on the network at all, he certainly won’t be getting into the Macs that are on that network.

Well, there are tons, and i mean TONS of ways to get around mac security, passwords can be changed with 2 commands, firmware passwords can be erased with a PRAM/PMU reset, and filevault is a joke. I haven’t come up with any way to protect my mac, and keep all of my most important files on my PC, and my MyBook. Anyone who can get their hands on a mac, can bypass it’s security, either via network, or physiclly by using the computer.

According to my ISP, WPA2 encryption is the safest right now. From what I was told the WEP encryption is a joke and has been hacked. I became suspicious of being hacked when my modem/router’s configurations constantly changed on their own and admin password kept being rejected over and over again as though someone was changing it. When I called my ISP I was told to immediately change my encryption to WPA2, no problems since. I also disabled publishing of my SSID.

here some suggestions to protect your private data

  1. use Disk Utility to create an encrypted disk image volume that you can mount after you’ve logged in - in Disk Utility, click on “New Image” then set up, say, a few hundred MB image, with Encryption turned on (either 128bit or 256bit AES encryption), and set image format to “sparse image”. sparse image means that even if you configure a 500MB image, it will only actually consume as much actual disk space as it actually contains, up to a max of 500MB, or whatever then store any of your sensitive personal data on this image, and be sure to unmount this disk image when you’re not at your computer. these disk images will of course automatically unmount whenever you log off. this disk image can be easily moved/copied to another drive or machine, but contents remain encrypted unless you supply the password when you mount it. I have several such encrypted disk images on my machines each containing various things (e.g. personal files, work files, email database, etc) whenever you double click the encrypted volume, a dialog box will pop up asking you for the password. Make sure you DON’T check the box that says “remember password in my keychain” - this way if someone guesses/breaks your login password, they can’t open your encrypted disk image. of course this means you need to use a different password!
  2. turn on File Vault encryption, if you wish (I don’t use this, myself)
  3. turn on a screensaver, and in System Preferences/Security/General check the box that says to require a password when the screensaver begins. Set your screensaver to turn on after only a short time, to prevent someone from casually accessing your machine when you step away from your desk for a minute. Of course this is not particularly high security but it will help prevent accidental snooping of your disk.
  4. in System Preferences/Security/General, check the box to turn on “secure virtual memory” - this encrypts your virtual memory swap files that are written to disk, to prevent someone from recovering data from those off your drive
  5. use 1Password - highly , highly recommended way to easily store all your web passwords, online banking passwords, serial numbers, notes, credit card numbers, 11 herbs and spices recipes :) etc etc. This way you don’t need to use an easy to guess, simple password that is the same for all your many accounts (like the name of your cat). 1Password can help you generate strong and unique passwords, and then use them with the click of a mouse. The database is encrypted and protected by a master password. Assign a strong password for the master password. There’s also a companion iPhone app so you can always have your passwords handy, wherever you go. Did I mention that I highly recommend using 1Password? I can’t live without it after using for more than a year now. Seriously - go to the webpage I linked and watch the screencast video to see how to use it. You might not think it’s that useful just from first description but try it an you will see (free trial available)
  6. even though there are published ways around them, I still turn on firmware password. I also make sure that I turn OFF automatic login (System Preferences/Accounts/Login Items) - even if I am the only user configured on the Mac

One thing basically: encryption. First off, PDF files are incredibly easy to encrypt, other files can be encrypted as well, but PDFs are especially easy. But more important is filevault, the built in encryption for Mac OS X, turn it on, and it will be incredibly difficult for someone to access your files without the password.

  1. Get a PC laptop. Most pc laptops can be secured all the way to the hard drive firmware.
  2. If you are running an Intel Mac, install Windows. Install a decent antivirus/antispyware, turn your firewall on then use Windows Bit locker. That should keep your files safe from most hackers.

Am I the only person who uses http://www.truecrypt.org/? free open source drive encryption , works on virtualy any OS.

here is one horrible thing about 1password i can confirm: if you export any data it does warn you that that data is insecure (you have to secure-delete it!!!). HOWEVER, it does not warn you that ALL THOSE EXPORTED passwords & logins & items are also COMPLETELY EXPOSED IN YOUR CONSOLE LOG FILES!!!! That is truly unacceptable - it’s bad enough that it’s captured as text in the exported files and in the console log files, but IT’S UNCONSCIONABLE THAT 1PASSWORD DOES NOT WARN YOU THAT YOUR DATA IS EASILY EXPOSED in that and several other scenarios – it doesn’t encrypt the URLS and other data, just passwords apparently so alot of your info is exposed even when you think you’re safe. I still like the convenience of 1Password, but the backdoors & security loopholes are crazy ridiculous, especially the lack of warnings and they should include step by step instructions on what to do to cover up their failures. meanwhile: does anyone know of a mac friendly GUI for using truecrypt to encrypt entire drives because i have not been able to figure out how to use truecrypt on mac os x 10.4.11 – all my attempts have failed. it’s not user friendly at all.