Categories
iCloud iOS devices macOS Security

Messages in iCloud considerations

  In the latest versions of iOS 11 and macOS High Sierra, you now have the option of storing your iMessages in iCloud. There are two benefits. First, your messages are synced across your devices. When you delete a conversation on one device, the conversation is deleted on all your devices. Second, your older messages…

Categories
Security

Don’t store passwords in the Contacts app

In light of the recent Facebook data harvesting incident, I took a closer look at developer access to the Contacts app in macOS and iOS. The first time you open a third-party application that wants access access to your contact info, you’ll get a prompt asking for your permission. It’s bad enough that the app…

Categories
Security

Should I know my employees’ passwords?

If you’re a business owner or manager, you might feel that it’s your duty to maintain a list of your employees’ passwords. After all, you might need access to their documents or email when they are out of the office. Even worse, an employee could resign without notice. So knowing their passwords seems the logical…

Categories
Security

Meltdown and Spectre vulnerabilities

  It’s now more important than ever to keep your Macs and iOS devices fully updated. Apple has addressed the Meltdown vulnerability in High Sierra 10.13.2. A supplemental update to 10.13.2 addressed the Spectre vulnerability in Safari and Webkit. Apple has also released Safari 11.0.2 for Sierra and El Capitan. Note that Apple has not…

Categories
Security

Two-factor authentication

If you’ve been putting off enabling two-factor authentication (2FA) on your internet accounts, you shouldn’t. 2FA is one of the simplest and quickest ways to protect your online presence. You need 2FA because it’s just too easy for a hacker or other bad actor to obtain your username and password. The most common method to…

Categories
Security

Security Through Obscurity

  Tomorrow Apple is holding its big media event to debut the new iPhone, Apple TV, and Apple Watch. Unfortunately, the details of these products were leaked. According to John Gruber, a disgruntled Apple employee obtained the URLs to the device “golden master” firmware and sent the URL list to 9to5Mac and MacRumors. This leak…

Categories
Security

Backup strategy for Mac ransomware

  Macs are not immune to ransomware. The first functional Mac ransomware was found in the wild last year. A good backup strategy is critical if you’re hit with this type of malware. Mac ransomware will grow more sophisticated over time. With this in mind, here are a few tips: Assume that any connected backup drive…

Categories
macOS Server Security

Alternatives to Profile Manager for Macs

  Apple’s Profile Manager is an example of a Mobile Device Management (MDM) system. Despite the “mobile” designation, many MDM systems can manage desktop computers. The Profile Manager is no exception. It can be used to centrally configure and lock down Macs, iPhones, iPads, and Apple TVs. While there are a huge number of MDM vendors for iOS devices,…

Categories
macOS Security

NIST SP 800-179: Securing Apple OS X 10.10

  I noticed that NIST recently published the Draft Special Publication 800-179: Guide to Securing Apple OS X 10.10 Systems for IT Professionals. I’m looking forward to reading it. The public comment period is June 23 through August 15th, 2016. The authors are careful to note that the recommendations only apply to 10.10, Yosemite. (System Integrity Protection,…

Categories
macOS Security

Ditching Adobe Flash on the Mac

  While I’ve kept Flash updated religiously over the years, last month I finally reached the point where the plugin was adversely impacting my Mac Pro’s performance. So I uninstalled Flash. This rectified the stutters and I eliminated one of the Mac’s most vulnerability-plagued pieces of software. Here’s a list of vulnerabilities that have been discovered in Flash…