Learn How to Keep Your iOS 9 Devices Safe and Secure in This New Book

Ios9 securityThis book by Glenn Fleishman teaches you how to use an iPhone or iPad with iOS 9 on Wi-Fi and cellular/mobile networks securely, making connections with ease while protecting your data and controlling access to your private information. It also covers Bluetooth networking, tracking an iOS device, content-blocking Safari extensions, privacy settings, using AirDrop and AirPlay, and solving connection problems.

The book covers a huge range of common network setup and routine usage issues, with illustrated step-by-step instructions. It explains how your private details–who you are, sites you visit, and where you physically go–are shared with Apple and others, and how to restrict or block that sharing. On the security side, it walks you through scenarios from securing your data in transit to connecting to a secure Wi-Fi network to recovering or erasing a lost iPhone.

You’ll learn how to:

  • Troubleshoot problematic Wi-Fi connections.
  • Use Safari content-blocking extensions.
  • Master all the options for a Personal Hotspot.
  • Stream music and video to other devices.
  • Transfer files between iOS and OS X with AirDrop.
  • Block creeps from iMessage, FaceTime, and phone calls.
  • Secure your data in transit with a Virtual Private Network (VPN) connection.
  • Protect your device against access and deal with it going missing.
  • Plan and manage your cellular data usage.
  • The book covers WPA2 security, AirDrop, AirPlay, Bluetooth networking, content-blocking Safari extensions, Wi-Fi Calling, Wi-Fi Assist, Airplane Mode, privacy settings, Personal Hotspot (including Instant Hotspot), VPNs, two-factor authentication, Touch ID and passcodes, and Find My iPhone.

This book has been thoroughly updated for iOS 9, and includes details about new features, like Wi-Fi Assist, two-factor authentication, and Wi-Fi Calling. It also has a new section on privacy that explains what kinds of data about yourself you expose, how to control Apple’s settings, and using content-blocking Safari extensions.

Get A Practical Guide to Networking, Privacy & Security in iOS 9.

Apple Tells How to Validate Your Version of Xcode

Apple’s App Store has seen a number of compromised apps being introduced, infected with the XcodeGhost malware. This was caused by developers, mostly in China, installing tweaked versions of Xcode, the app used to develop apps for iOS and OS X.

Apple has published instructions explaining how to validate your version of Xcode. As Apple says,

When you download Xcode from the Mac App Store, OS X automatically checks the code signature for Xcode and validates that it is code signed by Apple. When you download Xcode from the Apple Developer website, the code signature is also automatically checked and validated by default as long as you have not disabled Gatekeeper.

Whether you downloaded Xcode from Apple or received Xcode from another source, such as a USB or Thunderbolt disk, or over a local network, you can easily verify the integrity of your copy of Xcode.

If you’ve gotten Xcode from channels other than the Mac App Store or Apple’s Developer website, make sure to check your copy.

I followed Apple’s instructions, and I get this:

/Applications/Xcode.app: invalid resource directory (directory or signature have been modified)

I’m a bit curious about this. I downloaded my copy from the Mac App Store, and I don’t see how anything can be wrong with it…

iOS 9 Security and Privacy Features Explained

It’s that time again: Time to update your iOS devices to the latest version of Apple’s mobile operating system. iOS 9 brings numerous new features to your iPhone and iPad, and is compatible with all iOS devices that can run iOS 8.

If you’re getting ready to update, or even if you already updated, it’s a good idea to take a few minutes and have a look at the many security and privacy features iOS 9 offers. Some have been around for a while, and some are brand new.

Read the rest of the article on the Mac Security Blog.

How to Back Up Your Mac to Multiple Time Machine Disks

Time Machine is a useful feature in OS X that lets you back up your Mac to an external hard drive, or to a network drive. It works automatically, every hour, backing up your Mac so you don’t have to think about it.

But sometimes Time Machine can go wrong, and your backups can get corrupted. To guard against this, it’s a good idea to back up to two different disks. These disks can both be connected to your Mac, or can both be network volumes, or you can use one of each, as I do.

To add another disk to Time Machine, open the Time Machine pane of System Preferences. Click Select Disk, and choose the second disk you want to use. When you do this, you’ll see a dialog asking if you want to replace the existing disk or use both. Click Use Both to tell Time Machine that you want to use the second disk along with the first.

When you do this, Time Machine alternates which disk it uses each time it runs a backup. In the Time Machine preference pane, you’ll see something like this:

Time machine two disks

The top disk, with the green icon, is a local hard drive; the bottom disk is a network drive. In the above screenshot, I’ve just started a new backup to a network drive, and, as you can imagine, it’s going to take quite a long time to send all that data over the network.

Since you really do want hourly backups – at least if you’re working on important files – you might want to stop the backup every now and then. Click the x to do this. When you stop the backup to the network drive, Time Machine will pick up in an hour, sending the backup to the other drive (in this case, the local hard drive). An hour later, it will continue the backup to the network drive. You can also click the Time Machine icon in the menu bar, if it’s visible, and choose Backup Now to restart the network backup.

6 Digits Are Better Than 4! iOS 9 to Boost Passcode Security | The Mac Security Blog

And although there were plenty of new features announced for the upcoming upgrade to OS X — dubbed El Capitan — perhaps the security news which will impact the most iPhone and iPad users is that Apple will be beefing up security on iDevices running iOS 9, by requiring users to upgrade from a 4-digit passcode to one containing 6 digits.

Two extra digits. Can that really add a whole lot more security?

Well, actually yes.

You see, a six digit passcode has one million possible combinations instead of 10,000.

Graham Cluley, writing on the Mac Security Blog, explains why a six-digit passcode is good, but an alphanumeric passcode is even better.

This is only available on a device with a Touch ID. Presumably, not having a Touch ID means you’ll be typing your PIN a lot more often, so they didn’t include the feature for older devices.

Source: 6 Digits Are Better Than 4! iOS 9 to Boost Passcode Security | The Mac Security Blog

Apple Explains How to Remove Adware From Your Mac

For a long time, Apple shied away from discussing any types of malware: viruses, trojan horses, even adware. This latter form of malware is also called ad-injection software, and, as Apple says, “come from third-party download sites.” This can result in annoying ads popping up on your Mac, or being inserted into web pages. Again, quoting Apple:

“If your Mac has ad-injection software installed, you might see pop-up windows, ads, and graphics while surfing the web, even if “Block pop-up windows” is selected in Safari preferences. Ad-injection software might also change your homepage and preferred search engine.”

Apple has created a technical document, Remove unwanted adware that displays pop-up ads and graphics on your Mac, explaining how to get rid of these annoyances. But it’s not that simple. You need to check a lot of system folders for obscure files, such as com.genieo.completer.update.plist, com.VSearch.bulk.installer, or com.genieoinnovation.macextension.client.plist. And some of the file names may vary, so Apple explains how to look for files that may contain any of a number of different words.

This is all quite disturbing, and highlights the risks of installing software from many third-party websites. But it’s not just these sites that install crap like this; Oracle recently added adware to its OS X Java installer.

So what should you do? Most commercial antivirus software will remove adware, but it’s best to have a look in the folders that Apple mentions in its document. I actually check those folders from time to time, because software that I’ve tried out can leave files behind which may launch processes that I don’t need to have running. It’ll take a few minutes, but if you are seeing unwanted ads on your Mac, you should definitely do it.

OS X’s Keychain Password Request Dialog Does Not Inspire Trust

I use the OS X Keychain, but I have the password for my keychain set to a different one than my login password. As such, when I start up one of my Macs, I see a dialog asking me to enter the password to unlock my keychain.

But I’ve often felt that this dialog is not very clear, and does not inspire trust. It mentions one of a number of different system services, none of which the average user has ever heard of. Here’s the dialog I saw after I booted my MacBook Pro today:

Keychain password request

What is CallHistoryPluginHelper? Even I don’t know. Sometimes I see different services requesting the password, such as accountsd, or some other “d” (for daemon, or background process). I don’t know why today I saw a different process ask for the password.

The problem with this is that the dialog does not inspire trust. How do I know that it is really the system level keychain that is asking for this password? Couldn’t a third-party app toss up a similar dialog, and get me to enter my keychain password?

When it’s the Keychain Access app itself asking for the password, this dialog is different, but not by much:

Keychain app password request

Or if a different app requests access to the keychain, that app’s icon displays in the dialog:

Mail keychain request

But just after I saw the above dialog (I locked my keychain to get Mail to ask for it) I also saw this:

Keychain request

I don’t think that com.apple.internetaccounts.xpc is a very user-friendly name.

Apple should think about changing this dialog to make it more understandable. It’s quite an important dialog: if you do give away you keychain password to some random app, you can give away the keys to all your online accounts.

Beware Dropbox Shared File Phishing Emails

Every now and then, I get a phishing email that’s well enough crafted that it’s worth highlighting. Yesterday, I got one purporting to be from Dropbox, alerting me to a file shared by “David.” Well, I know a few Davids, so I wondered who it could be from. But then I used the standard method of checking these emails: I hovered my cursor over the button in the email to see what the link was behind it.

Dropbox phishing

As you can see above, the link went to a server in Denmark (I’ve blurred the name of the server), but the link also has www.dropbox.com in it, trying to trip up users who look at links.

So heed the warning: be very careful about clicking links in emails. This one probably led to a bogus Dropbox login page (the page had been removed when I clicked the link to check it), which would give up your Dropbox credentials, and potentially provide access to a lot of personal files.

How To: Save Multiple iOS Device Backups in iTunes

You probably know that iTunes can back up your iOS device when you sync it. You can choose to have your device backed up to iCloud or to your computer.

Itunes backups

You can also manually back up your device; just click Back Up Now.

iTunes’ preferences shows you the backups available for your devices:

Itunes backups prefs

As you can see above, I’ve got two backups for my iPhone, Sugaree: one from this morning, at 8:55 am, and another from yesterday afternoon. iTunes saves one backup from each device – as you can see for the other devices listed in the window – but you can force it to “archive” a backup; when you do this, you’ll see the device name and the date and time of the archive, as in the last backup you see in the above screenshot.

To do this, right-click on a backup and choose Archive. iTunes quickly renames the backup, and saves it. You can do this as often as you wish, with the understand that these backups do take up a bit of space on your computer, depending on the type of content on your device. (My backups take up from 500 MB to about 1 GB, currently.)

If you have too many backups, you can delete some of them. Just right-click on a backup and choose Delete.

iTunes used to make these archived backups whenever you clicked Back Up Now; whenever you made a manual backup. Now you must choose to archive a backup yourself in the Devices preferences.

If you ever have serious problems on your iOS device, you can restore a backup, by connecting the device, and then clicking the Restore Backup button.

Phishing Dangers in Business and How to Avoid Getting Hooked

Gone are the days when malware simply rendered a computer useless or deleted files. Instead of creating malware to show off, hackers are now in it for the money. Because of this, most malware these days are designed to collect personal information, such as user names and passwords. Cyber-criminals leverage this information to hack accounts, such as email, Twitter and Facebook accounts, to spam your friends.

But the real jackpot is when hackers can trick you into giving up your banking information or credit card numbers. When that happens, they can drain your money, at least until you block the accounts.

The main way online thieves get these credentials is through “phishing,” or sending out emails that look exactly like official emails from your bank, credit card company, PayPal, Amazon or other online companies or services.

Falling for these scams can be detrimental to individuals, but they are even more harmful to businesses. If one of your employees gets fooled by phishing and inadvertently gives up the credentials for your company’s accounts, the results could be disastrous. Here’s how to detect phishing emails and make sure that you don’t get hooked.

Read the rest of the article at The Mac Security Blog.