Blog

10/31/10 Firefox Plugin Highlights Public WiFi Security Issues

A recently released plugin for the popular Firefox web browser has highlighted a major security issue known to exist on public wifi hotspots. The plugin, known as Firesheep, makes it remarkably easy to conduct what is known as a sidejacking attack.

What Is Sidejacking?

When a user logs into a website such as Gmail, Facebook or Twitter, the website sends a cookie to the user's web browser which contains a token that identifies the user. This allows the user to remain logged into to the website for a specified amount of time without having to resubmit their login credentials. The benefit of this is that we don't have to type in our email addresses and passwords every one of the hundreds of times we check our Facebook pages each day. The down-side of this convenience is that it allows others impersonate us by stealing the authentication cookies.

This is the basic idea behind a sidejacking attack. When a victim logs into a website such as Facebook, the attacker captures the authentication cookie, places it in his own web browser, and is then able to visit the website as if he were logged in as the victim. The website treats the cookie the same way on the attacker's computer as the victim's.

This vulnerability is of particular concern on public wifi hotspots, due to the way computers communicate with the hotspot itself. When a user visits a website like Facebook at a public wifi hotspot, the authentication cookie on the user's computer is broadcast unencrypted over the air. Once this occurs, it's a fairly trivial process for an attacker to intercept the transmission and steal the cookie.

Think of it this way: Computers communicating over unencrypted wifi are like people shouting at each other across a room. Anyone else within earshot is able to hear both sides of the conversation.

This vulnerability has been known for some time and there have been tools available to exploit it, but they were generally far too complex in their installation and usage for the average non-technical user to make use of. (See WifiZoo for an example.) With the advent of the Firesheep plugin for Firefox, the process is now essentially point-and-click.

Firesheep Screenshot From The Developer's Website:

So how can we protect ourselves? Barring complex solutions such as setting up a personal VPN, the only option at this point in time is to avoid visiting websites like these at public wifi hotspots. Until the websites themselves change their infrastructure so that all identification cookies must be passed over an encrypted connection such as https, this vulnerability will continue to exist. Be aware and watch your browsing habits at public hotspots!

 

 

10/13/10 Credit Card Processing With Square

Mac Magicians has recently partnered with the revolutionary credit card processing company Square in order to provide our clients with a quick and easy way to pay for services via a credit or debit card. Square's innovative technology allows individuals and small businesses to take credit and debit card payments from their customers on the spot using nothing other than the Square card reader and their iPhone, iPad or Android device. Watch this YouTube video from Square if you'd like to know more about this amazing technology!

 

 

08/15/10 The Importance Of Backing Up

Backing up personal data is a bit like flossing. We all know that we should do it, we just don't end up doing it very often. A number of people out there have never experienced a drive failure, but we can assure you it's just a matter of time before it happens. According to this article published in PC World Magazine, between 2 and 4 percent of all hard drives fail within one year of purchase. Before you put off purchasing a backup system for another day, take a minute to examine the cost of a drive failure.

In the event of a hard drive failure, the first cost is going to be the amount of time it takes to restore your system. Assuming you have no critical files on your drive that need to be backed up (highly unlikely), there is still the time it takes to reinstall the OS and applications once the drive failure has been addressed. This time expenditure can be minimized by creating a custom restore image that can be cloned onto the repaired system. Restore images are an excellent way to back up an operating system and applications, including software that requires serial numbers or licenses. This backup strategy is ideal for kiosk computers or workstations where data is stored on a file server instead of locally.

When a hard drive fails and user data is lost, the dollars spent to recover the information can really start to add up. Mac Magicians offers excellent prices for data recovery services, but data recovery in general is not inexpensive. In the event of a total mechanical failure, clean room recovery from a company such as DriveSavers can be the only option. Due to the need for specialized facilities and equipment, clean room recoveries can cost thousands of dollars! Choosing between spending thousands and losing your entire iPhoto Library is not easy. When the information lost is business-related, there often isn't a choice but to spend the money. Don't let yourself end up in a situation like this, let us put together a backup system that works for you!

The cost of storage media has dropped considerably over the last several years and continues to do so. In most cases, the cost of the hardware necessary to back up your Mac will be less than $150. When the price of external hard drives is so low, there's no reason not to set up a backup system as soon as possible. If you need help setting up your external hard drive, or want purchase recommendations give us a call, we're happy to help!

 

 

3/18/10 The MacUpdate Bundle Is A Really Good Deal

The MacUpdate website is currently offering quite an exceptional sale on 10 quality Mac applications. The idea of selling a number of applications together at a discount isn't anything new, several Mac related sites have been doing this for a while. However, in our experience most of the apps have either been of dubious utility or targeted to a niche market that most have no use for.

This edition of MacUpdate's promo bundle brings something new to the table in that it offers one piece of outstanding software at a considerable discount while still throwing in 9 other apps. That software is Parallels 5 For Mac. While we here at Mac Magicians tend to prefer the competing VMWare Fusion 3 due to it's more robust Linux support, Parallels 5 is nonetheless and outstanding product for those who need to run a Windows virtual machine in addition to OS X.

If you need a Windows virtualization solution for your Mac and additional OS support doesn't concern you, Parallels 5 is worth the normal purchase price of $79 as it stands. MacUpdate is offering Parallels 5 and 9 other applications for $49.95. All apps are full versions and all are Snow Leopard compatible. The sale lasts for another 13 days and is definitely worth taking advantage of.

Link to the MacUpdate Promo: http://www.mupromo.com

 

 

02/22/10 Google's Nexus One Coming to AT&T?

Here at Mac Magicians, we love new technology. Although we're thoroughly enamored with the iPhone, we must admit that that we were very interested in the Android platform when it hit the market. We've been following Android's development and are enthusiastic about the product, but there was one major drawback to the platform. There hasn't been a capable Android phone compatible with AT&T's 3G network.

That may change very soon.

Google raised the bar with Android devices when it released the Nexus One. The Nexus One phone is completely unlocked, runs the latest version of Android and is powered by a Qualcomm Snapdragon processor running at 1Ghz, making it one of the fastest smartphones on the market. According to Engadget.com, a phone with FCC ID almost identical to the Nexus One has surfaced. The only apparent difference? Support for AT&T's 3G network bands. This also means that this device will be compatible with a much larger number of carriers in Canada and Europe.

We're not planing on giving up our iPhones any time soon, but having a 3G Android device would be a very nice option for a variety of reasons. Ease of tethering and native Google Voice support come readily to mind.

When will we see this device crop up for sale? Google's ETA is unknown, but we'd like to see this device on the market soon.

 

 

2/16/10 Information Security: How To Protect Your Data From Theft And Misuse

For anyone who carries a laptop for business or personal use, security is always a concern. By nature, a laptop is far more likely to be either lost or stolen than a desktop computer that never leaves the home or office. As expensive as laptops can be, the value of the information on the laptop greatly exceeds the value of the machine itself in most cases. In the case of business machines there may be millions of dollars worth of documents, patent info, social security numbers and trade secrets stored on a single computer. How much personal information is on the average consumer's laptop? Enough that identity theft would be fairly simple for anyone who might find or steal it. So the question is, how can we protect the data on our portable computers from misuse?

Preliminary Steps

When discussing computer security of any sort, the first issue that must be addressed is Physical Security. Under most circumstances, if the user loses physical control of the computer, the game is over. Most basic password protections found on consumer laptops are trivial to defeat, especially if the attacker has taken possession of the machine and has all the time in the world.

So what does this mean? In a nutshell, keep an eye on your laptop. When you're in a public place such as a cafe or library, don't get up and walk away from your computer. When flying on an airline, never check your laptop in your baggage. Keep it with you as a carry-on item. Keep your bags close to you on public transit and if possible, keep backpacks in front of you. It's easy to lift something out of a backpack without the owner being aware of it.

If you follow this advise you'll very likely be OK in most circumstances. However, not every eventuality can be planned for. Cars, offices, residences and hotel rooms can be broken into despite our best efforts to avoid such things. Bags get left in taxis and restaurants. So, what can be done to make sure that personal data is protected in the event of a loss or theft?

The Pros And Cons Of File Vault

Apple has put some thought into this issue, and has created File Vault as a possible solution. File Vault works by turning the user's home folder into an encrypted disk image. When the user logs into the computer the disk image is mounted using the user's login password and appears as any other home folder would, with the exception of a different icon for the folder itself. When the user logs out, the disk image is unmounted and becomes inaccessible without the user's login password.

There are a number of benefits to using File Vault. For starters, the technology is built into OS X. There is nothing to install, and turning on File Vault is a fairly straightforward process. File Vault is also fairly transparent to the user. Once activated, there is little else the user has to do to maintain protection and there should be no further interaction necessary with the File Vault preference pane.

So what are the downsides to using File Vault?

File Vault can take a while to enable. And by a while we mean several hours. This is to be expected when encrypting or decrypting a large amount of data, but with File Vault, the computer is unusable until this process is finished. The same goes for turning off File Vault.

File Vault only encrypts the home folder. This means that if there is any sensitive information stored outside the home folder it will not be protected. This includes other user accounts that do not have File Vault enabled, the contents of the "Shared" folder, etc. This can be of special concern to system administrators who wish to maintain data security on company laptops, as users frequently mis-file content outside of their home folders.

Your home folder cannot be larger than the total amount of free space on your hard drive if you wish to enable or disable File Vault. For instance, if your hard drive has 15 gigabytes of free space and your home folder is 22 gigabytes in size, you cannot enable File Vault. This is because File Vault must create a disk image large enough to copy your home folder into it, then delete the unencrypted home folder after the data has been moved into the disk image. This becomes especially problematic when a user wishes to disable File Vault and there isn't enough free space to revert the process.

File Vault is incompatible with Time Machine. If Time Machine is your preferred method of backup, you will have to log out of your File Vault encrypted user and log into another standard user account to make Time Machine backups. This defeats the purpose of automated backups via Time Machine, as the backups are no longer automatic. In addition, the user's home folder will have to be backed up in it's entirety every time a Time Machine backup is made from the second user account. This is because the user's encrypted home folder appears as an individual file that changes between each backup. This means copying a huge amount of extraneous data with every backup.

Finally, File Vault is of no help if you are running Boot Camp to boot into a secondary operating system like Windows or Linux. Your secondary OS will be entirely unprotected.

PGP Whole Disk Encryption Is The Ideal Solution

PGP Corporation offers what we consider to be an ideal solution to the problems presented above in a user-friendly package that's easy to install and quite powerful for advanced users called PGP Whole Disk Encryption. Whole disk encryption means that the computer's entire hard drive is encrypted, including swap files and free space. The advantage of this is that even if the hard drive is removed from the computer, the information on the drive is inaccessible without the user's passphrase. All data on the drive is protected all the time.

PGP provides the security of pre-boot authentication, meaning that when the computer is turned on, it asks for the user's passphrase before it does anything else at all. PGP can be enabled and disabled in the background, is transparent to the user, and is completely compatible with Time Machine. PGP can also be installed on Macs running multiple operating systems through Boot Camp, and is currently the only pre-boot, whole disk encryption solution compatible with OS X 10.6 Snow Leopard. We use it on our machines here at Mac Magicians and recommend it highly. Plus, disk encryption is only one feature of the PGP product suite. PGP can create encrypted virtual disks, secure your email and instant message communications and more.

PGP For Mac can be purchased at the PGP online store here for $149: http://na.store.pgp.com/whole_disk_encryption.html

As always, be sure to back up your data before encrypting your drive, and frequently thereafter.

 

 

2/12/10 Want To Really Uninstall Something? Meet AppTrap

Uninstalling software on a Mac is easy. Just drag the undesired application into the trash and empty it, no more app. Right? Sort of.

Many applications create or install a number of support files onto your hard drive in various locations when they are run for the first time. The most common of these files is the ubiquitous Property List file, or plist. These plists are most commonly stored in the "Preferences" folder inside your home folder's "Library" folder. These files store information the application uses each time it launches, such as how big the app window was the last time it ran, or which window of the application should be opened first.

More complex applications store things in other areas. Web browsers make heavy use of the ~/Library/Application Support/ folder to store saved data, plugins and other things. Apps like the Adobe Creative Suite squirrel files away all over your drive. These files aren't all that big in most cases, but after a while they can start to add up, and they don't go away on their own when you delete their associated applications. So, what's the solution to keep these stray application support files from gumming up your drive?

AppTrap to the rescue.

AppTrap is a free application that works as a system preference on your Mac. It runs in the background, patiently waiting for you to delete an application you no longer use. When you do, a popup window will notify you that you have apparently moved an application to the trash, and it asks if you would like to move all the associated support files for that application to the trash as well. Be careful though, you can't undo the move once it's happened. If you plan on re-installing the application, you have the option to leave the files as they are.

 

Visit the AppTrap website here to download the latest version for your operating system:

http://onnati.net/apptrap/

 

 

2/8/10 Watching Out For Drive Failure With Drive Monitor

Failing hard drives are an unpleasant fact of life when dealing with computers. It's not a question of if a drive will fail, it's when. Today we're going to talk a little bit about drive failure, and how we can recognize a drive that's starting to go bad before it fails completely with the help of a utility called Drive Monitor from Mac Magicians.

Why Do Drives Fail?

Hard drives are mechanical devices. They're metallic discs that spin at thousands of revolutions per minute while a read/write head attempts to read and write millions of magnetically encoded zeroes and ones onto the platter surface as it whizzes by at blinding speed. Due to the incredible complexity inherent in these systems it's understandable that they fail from time to time, and frankly it's a wonder that they don't fail more often. However, instant, catastrophic failure of a drive is somewhat uncommon, and we can spot the signs of a failing hard drive and replace it before it fails completely.

What are the signs?

So, what do we need to look for to spot that ailing hard drive? One of the first signs of a failing hard drive is a slow start-up. If the computer is having a hard time accessing the data on the drive, your Mac's boot-up time will be noticeably longer than usual. Another telltale sign of drive trouble is the dreaded color wheel, or spinning beach-ball of death. Now, just because your Mac beachballs occasionally doesn't mean something is wrong. This is the cursor icon the operating system uses to tell you that it's busy accessing or processing information. If it appears more often, or stays much longer than usual it could be a cause for concern.

So what's happening when we see these issues crop up? If hard drive failure is the cause, the computer is trying to access data on the hard drive and it's unable to do so due to failure of some part in the drive. When this happens, your Mac is smart enough to recognize this and it tells you about it. The way it does this is by writing an error message to your Mac's system log.

What is the System Log?

The system log is a text file on your Mac that just keeps notes of various things that happen on your computer. When errors occur they are often logged here, and we can view the system log as well as numerous other logs using the Console application found in the Utilities folder of your Mac. However, this can be time consuming as well as confusing if you're not sure what to look for. To that end, we've created an AppleScript application called Drive Monitor that will periodically check your system log for hard drive related errors and notify you with a popup window if any are found. Drive Monitor runs in the background and uses almost zero system resources.

Click Here To Download Drive Monitor

Source Code

Installation Instructions:

Download the application using the link above and copy it to your "Utilities" folder. Double-click to start the application. In "System Preferences", select the "Accounts" pane and click on "Login Items". Click the "+" button and select DriveMonitor in the "Utilities" folder. Click Add. Drive Monitor will now run in the background whenever you log into your user account.

If Drive Monitor notifies you of an error with a popup message, write it down and give us a ring, or ask at your local Genius Bar to make sure your drive is OK. And as always, BACK UP THAT DATA!

 

 

1/11/10 Welcome to Mac Magicians

Welcome to the newly redesigned Mac Magicians website! Here you'll find Mac-related news, tips, tricks and information updated on a (hopefully) regular basis. Check back for more soon!