I’m not normally a fan of retelling quotes (well, unless I’m quoting myself), but my thanks to our brilliant Andi West for bringing this one to my attention. It is all the more relevant to our security and privacy today than ever.
Practical Paranoia macOS 10.13 1-Day Workshop with Marc Mintz
Secure your Mac OS 10.13 computer from malware, criminals, snoops, and the whackadoodle ex. Concerned about being hacked? Your identity stolen? Your precious data stolen or encrypted? You should be. Hacking is a billion-dollar enterprise and everyone is a potential target. At risk are your personal and business messages, emails, photos, music, passwords, phone calls, internet travels, credit cards and financial data.
But in just a few hours you can easily and simply secure your Mac OS 10.13 computer to the highest government standards. Hands-on exercises ensure you leave with a secure device. Apply local and iCloud backup, strong passwords, system and app updates, permissions, whitelisting, hardware encryption, malware defense, and firewalls. Find a lost or stolen device, determine your network security level, securely browse the web, encrypt email, perform end-to-end encrypted messaging, phone, and video calls, and secure your Internet activity with VPN. PREREQUISITES: None. REQUIRED EQUIPMENT: Bring your Mac computer and backup drive.
Your instructor is the author of the best-selling, easiest, and most comprehensive macOS security guide, Practical Paranoia macOS 10.13 Security Essentials.
Each student will receive a copy of the digital online version of Practical Paranoia macOS 10.13 Security Essentials.
For more information and to register for the course, visit http://dcereg.com/index.cfm?method=ClassInfo.ClassInformation&int_class_id=83593&int_category_id=0&int_sub_category_id=0&int_catalog_id=0
Course ID: 82399
Date: January 31, 2018
Location: UNM Continuing Education South Building, room 207
1634 University Blvd NE
Albuquerque, NM 87131
in macOS, a guest account allows a user to login with the username of guest, without a password. When logging out, anything created by the guest is deleted and the computer returned to its pre-guest status.
The “guest” user in current generations of macOS is built into the OS and cannot be removed.
However, that doesn’t mean you need to have it active. You can disable the guest user account so that it can’t log into the computer nor file share with it.
Most IT security pros would say to keep the guest user login on. Should the computer get stolen (or lost), this allows someone to log in to the computer, and trigger Find My Mac. Now you can see where it is at. With guest off, nobody can login, and you can’t find your Mac.
What a great question!
The bad news is that for the technician to do their job, they normally need your PIN. Once they have your PIN, you have completely lost the security battle.
- Backup your device (to the cloud or computer).
- Reset/erase your device.
- Hand it over to the tech for service.
Note: assuming you don’t have a hardware problem, steps 1 & 2 get you halfway to fixing most problems yourself. To go the rest of the way:
3. Reinstall current OS.
4. Install your apps from fresh downloads.
5. Migrate your data to your device.
I’m most cases, you are now fixed.
Whether or not you pay for something such as Facebook is not relevant to whether or not you are a product.
What makes you the product is if Facebook is making money from you other than any payments you may give. And they are. They make money with the information about your likes, your dislikes, the ads you hover over, the ads you click on, your friends, your games… the list goes on and on. In many ways, facebook, google, and their ilk literally know more about you than your mother. Such as your sexual preferences, your diseases, etc.
All of this information has become a multi-billion dollar industry (Facebook made $18B in 2016, google somewhere around $60B from ad revenue alone).
If these companies had zero information about you to sell to advertisers, your value would be significantly diminished. Perhaps to zero.
Buy another phone and get on with my life.
Oh. Wait. I have an iPhone.
It has hardware encryption, so neither the thief nor the buyer can access my information.
It is automatically backed up, so all my apps and data will repopulate a new iPhone.
If this were the worst thing to happen to me today, I would be living a blessed life.
How do you know?
Poorly-designed malware introduces problems on a system. Well-designed malware often goes for years (potentially forever) without detection.
If you have macOS or Linux computer, the potential for malware is low. If you have windows, the potential is very high.
Viruses are just computer programs, or sometimes Scripts. All computer programs and scripts are written to work with specific hardware configurations. And just like you can’t put Microsoft word for windows on a Mac and have it run, you can’t put windows viruses on a Mac and have it run. By the way, the same is true in reverse. Viruses that are written for macOS will not run on windows.
That said, there are ways to write computer code so that the application is cross platform. There are only a few of these type of malware found out in the wild.
If I may, a better phrased question is “what are the symptoms of a poorly designed virus“. The reason for the change is that a well crafted virus will not have any symptoms showing on your computer. There have been many examples of malware that have been in place and operating for years with nobody discovering them. This is because there are no symptoms to place anyone on alert.
Poorly designed malware will create almost any sort of symptom. This includes slowing performance, unusual behavior, and has been recently demonstrated causing hardware damage.
This of course does not include malware with the intention of causing problems. These include things like cryptolocker. However, the overwhelming majority of malware is not designed to cause problems but actually to harvest information.
I am not an attorney, and am not providing legal advice – just the advice of someone working in cyber security.
To my understanding, you can be compelled to provide your password. The issue of fingerprint is being argued – but it is terribly simple to obtain your fingerprint from any surface you have touched and use it to unlock your device. Although the issue of facial recognition hasn’t yet hit the courts, it most surely will. But as with fingerprints, is simply too easy to bypass.
I recommend not using prints or face to unlock your device. Instead, use a strong password (minimum 15 characters). For mobile devices, you can use as few as 6 characters if it is configured to erase after 10 failed password attempts.
It could well be. In the US, doing something that interferes with someone accessing their data can be charged as a felony, with jurisdiction under the Department of Homeland Security.
If you change a public Wi-Fi name (SSID), you may well be interfering with someone accessing their data in the cloud, or on one of their servers. This could be viewed as terrorist activity.
Just speaking personally, I’d rather face a few hungry lions than the DHS.
Every call you make on any cell phone to any other cell phone is already encrypted. Problem is, it is very easy to break that encryption (criminals, police, and governments do it continuously).
I’m guessing your actual question is “how do you securely, end-to-end encrypt calls from one cell phone to another”.
For this, you will need to use an app on both phones, instead of using the built-in voice service.
The two leaders in this market are Signal and Wire. My personal preference is for Wire, due to cost (free for personal use), and multi-platform support. Signal is an excellent product as well.
It should be noted here that the situation is even worse with Voice Over IP (VOIP) phones, and simply dismal for landline calls. NEVER use either of these to discuss anything sensitive.
Depending on the Wi-Fi basestation or router in use, yes.
If the Wi-Fi is not encrypted, they all of your traffic is easily seen.
Even if the Wi-Fi is encrypted, if this is a higher-end router, it will be logging your traffic. This allows the administrator to view your browsing.
However, if it is a low-end unit, without logging, and is encrypted, it would be exceptionally difficult for someone to know your browsing history.
I recommend that we use Virtual Private Network (VPN) at all times. This helps to prevent evesdropping, and keeps our security and privacy intact. There are thousands of VPN providers – and the one you choose makes a huge difference in security level. But that is a discussion for another day (or buy one of my books – where I give my choice, and show how to make a wise decision for yourself!)
There are perhaps a dozen well known such units on the market. Personally, I use the Nestcam (from Google) units in my 2 homes and have been very happy with them, with no complaints.
If I were to start fresh, now, I might go with the Canaryunits.
I’ve had this happen. Here are my recommendations:
- Call my attorney.
- Call the police.
- Depending on circumstances (jurisdiction), call the FBI.
- Examine my choice of associates.
None. There is no evidence that any US mobile carrier places more value in protecting the security and privacy of your data than their profits. They will not sign HIPAA BAA agreements, they do not follow US-CERT or NIST security protocols, and have repeatedly been found to market your information.
Allow NOTHING of value to be seen by them. Use VPN to transmit data. Use encrypted communications for your voice and text messages.
Be responsible for your information, because they won’t be.
I would argue your foundation is incorrect – that there aren’t “so many” using Blackberry. But let’s just say that is true…
There isn’t much within the US (or any) government acquisition rules that have to do with being of the best quality or security. It is almost always about the ability to meet minimum standards at the lowest cost (Challenger is just the most notable example). When it comes to technology, you have the added burden of inertia (Blackberry was among the first smartphones with a moderate level of security – not that they are even in the running in today’s world), and that many of the government people making decisions either don’t have a clue what they are doing, or were trained a decade or more back, and haven’t upgraded their skillsets since.
No. If that were the case, you and I would be bombarded with notifications all day long – and there is no need for someone to know your public or private IP address. What would they do with this information? It is used for automatic routing of data packets, not for human use.
Your IP address changes if you move your computer to a different network (such as from home to office). It will also change randomly during the day or week, depending on how your router is configured. As to your public IP address, that may also change daily depending on how your internet provider has configured their routers.
So let me answer this way…
Please let me have your email and bank account usernames and passwords. Social security number would be nice. And how about if I record ALL of your phone calls, texts, and face to face conversations.
And for good measure, I get to video your bedroom, bathroom, and everywhere else you go.
Starting to get an idea as to the issue with privacy?
Q: DOES IT MATTER WHAT VPN I USE?
A: It is a critical decision which you use.
The reason one uses a VPN is the privacy of one’s internet communications and activities. Choosing the wrong one could expose all of this to the VPN provider, and then to others who will pay for the info.
In addition, some are much faster than others.
Choose wisely grasshopper.
Currently, my personal preference is perfect-privacy.com. Located in Switzerland (government-supported extreme security), they don’t keep logs, allows all of your devices to be on VPN, and they use the latest VPN protocol IKEv2.