OS X’s Keychain Password Request Dialog Does Not Inspire Trust

I use the OS X Keychain, but I have the password for my keychain set to a different one than my login password. As such, when I start up one of my Macs, I see a dialog asking me to enter the password to unlock my keychain.

But I’ve often felt that this dialog is not very clear, and does not inspire trust. It mentions one of a number of different system services, none of which the average user has ever heard of. Here’s the dialog I saw after I booted my MacBook Pro today:

Keychain password request

What is CallHistoryPluginHelper? Even I don’t know. Sometimes I see different services requesting the password, such as accountsd, or some other “d” (for daemon, or background process). I don’t know why today I saw a different process ask for the password.

The problem with this is that the dialog does not inspire trust. How do I know that it is really the system level keychain that is asking for this password? Couldn’t a third-party app toss up a similar dialog, and get me to enter my keychain password?

When it’s the Keychain Access app itself asking for the password, this dialog is different, but not by much:

Keychain app password request

Or if a different app requests access to the keychain, that app’s icon displays in the dialog:

Mail keychain request

But just after I saw the above dialog (I locked my keychain to get Mail to ask for it) I also saw this:

Keychain request

I don’t think that com.apple.internetaccounts.xpc is a very user-friendly name.

Apple should think about changing this dialog to make it more understandable. It’s quite an important dialog: if you do give away you keychain password to some random app, you can give away the keys to all your online accounts.

Beware Dropbox Shared File Phishing Emails

Every now and then, I get a phishing email that’s well enough crafted that it’s worth highlighting. Yesterday, I got one purporting to be from Dropbox, alerting me to a file shared by “David.” Well, I know a few Davids, so I wondered who it could be from. But then I used the standard method of checking these emails: I hovered my cursor over the button in the email to see what the link was behind it.

Dropbox phishing

As you can see above, the link went to a server in Denmark (I’ve blurred the name of the server), but the link also has http://www.dropbox.com in it, trying to trip up users who look at links.

So heed the warning: be very careful about clicking links in emails. This one probably led to a bogus Dropbox login page (the page had been removed when I clicked the link to check it), which would give up your Dropbox credentials, and potentially provide access to a lot of personal files.

How To: Save Multiple iOS Device Backups in iTunes

You probably know that iTunes can back up your iOS device when you sync it. You can choose to have your device backed up to iCloud or to your computer.

Itunes backups

You can also manually back up your device; just click Back Up Now.

iTunes’ preferences shows you the backups available for your devices:

Itunes backups prefs

As you can see above, I’ve got two backups for my iPhone, Sugaree: one from this morning, at 8:55 am, and another from yesterday afternoon. iTunes saves one backup from each device – as you can see for the other devices listed in the window – but you can force it to “archive” a backup; when you do this, you’ll see the device name and the date and time of the archive, as in the last backup you see in the above screenshot.

To do this, right-click on a backup and choose Archive. iTunes quickly renames the backup, and saves it. You can do this as often as you wish, with the understand that these backups do take up a bit of space on your computer, depending on the type of content on your device. (My backups take up from 500 MB to about 1 GB, currently.)

If you have too many backups, you can delete some of them. Just right-click on a backup and choose Delete.

iTunes used to make these archived backups whenever you clicked Back Up Now; whenever you made a manual backup. Now you must choose to archive a backup yourself in the Devices preferences.

If you ever have serious problems on your iOS device, you can restore a backup, by connecting the device, and then clicking the Restore Backup button.

Phishing Dangers in Business and How to Avoid Getting Hooked

Gone are the days when malware simply rendered a computer useless or deleted files. Instead of creating malware to show off, hackers are now in it for the money. Because of this, most malware these days are designed to collect personal information, such as user names and passwords. Cyber-criminals leverage this information to hack accounts, such as email, Twitter and Facebook accounts, to spam your friends.

But the real jackpot is when hackers can trick you into giving up your banking information or credit card numbers. When that happens, they can drain your money, at least until you block the accounts.

The main way online thieves get these credentials is through “phishing,” or sending out emails that look exactly like official emails from your bank, credit card company, PayPal, Amazon or other online companies or services.

Falling for these scams can be detrimental to individuals, but they are even more harmful to businesses. If one of your employees gets fooled by phishing and inadvertently gives up the credentials for your company’s accounts, the results could be disastrous. Here’s how to detect phishing emails and make sure that you don’t get hooked.

Read the rest of the article at The Mac Security Blog.

Control What Information Apps Can Access on Your Children’s iPhone or iPad

I recently explained how to enable and set up Restrictions on an iOS device, to ensure that your children don’t have free reign on their iPhone or iPad. If you don’t turn on Restrictions, however, you might still want to help your children ensure that their privacy is respected. You can control what information and features certain apps can access on an iPhone, iPad or iPod touch. You might want to do it for your kids’ devices, and you also might want to do it for your own.

When you launch a new app that wants to access any personal information or hardware features (such as location services, the camera, and the microphone), you’ll see a dialog asking you to allow the app to access these. You can refuse or grant access, and you can always change these settings later. Here’s how to check and adjust these settings.

Read the rest of the article on The Mac Security Blog.

DiskWarrior 5 Review: The Essential Tool for Maintaining and Repairing Disk Problems

I’ve said it countless times: it’s not a question of if you will lose data, but when. Media, such as hard drives, eventually fails. Or you can make the kind of mistake that results in deleted folders or erased disks. And files can simply get corrupted. There are two things you need to do to ensure you don’t lose data: back up your files regularly, and use software to diagnose and correct problems before they become serious.

Since 1998, Alsoft’s DiskWarrior has been the go-to tool for fixing disk corruption on Macs. It’s been eight years since the last update to DiskWarrior. At the time, I reviewed DiskWarrior 4 and gave it the highest rating, five mice. It has saved my data, and fixed hard drive issues, many times over the years.

DiskWarrior does one thing, and does it well: it optimizes and repairs disk directories, which contain the information that tells your Mac where files are stored on the disks attached to it. If directories become corrupted, you can lose files. While your data may still be on a disk, the Mac is no longer capable of finding it. DiskWarrior works both as preventive medicine–to fix errors before they become serious–and to correct more serious errors and help recover files when things get really bad.

Read the rest of my review on Macworld.

iWant: Time Machine for iOS

I wrote yesterday how I lost data stored in iCloud, and had to get geeky to retrieve it. This shouldn’t happen. Ever. With Dropbox, for example, if you have two files with the same name, Dropbox saves both of them, showing, in the file names, that there is a conflict. And back in the days of pre-iCloud syncing, Apple showed you when there were conflicts and let you resolve them. But now, iCloud, in an attempt to be as transparent as possible, has eliminated such features.

Data is important; data integrity is essential. There is simply no situation where losing data is acceptable. Yet, for many people who use iCloud, this is the case.

The data loss I described is not uncommon. I’ve heard from lots of people who’ve had similar problems with Apple’s app and with third-party apps. The best Apple can do is tell you how to find missing information in iCloud after restoring an iOS device; they talk about apps, media, messages, but not data that has been lost. About two years ago, a number of app developers spoke out about this, and some app developers have given up on iCloud because of its lack of reliability.

iOS can back up to iCloud automatically. But this isn’t a real backup; it only stores some settings, but not most data. It stores pointers to apps and purchased content, but not content that you’ve synced to the device that Apple doesn’t sell. It’s not a backup, it’s not even a clone; it’s a selective backup of what Apple is concerned about. Apple’s logic is probably that iCloud will still have your app data: your contacts, calendars, notes and more. But as I, and many others have seen, iCloud can lose data. Also, you may have apps that store data locally; that don’t sync to the cloud, that don’t store files on Dropbox. In that case, it’s very hard to recover lost data.

Apple created Time Machine for the Mac so users would be protected. It’s still users’ responsibility to turn it on, and to purchase an external hard drive for the backups, but it’s not Apple’s fault any more if users don’t back up their data.

Apple needs to create Time Machine for iOS. This would back up what is backed up now, but also all the data that Apple’s apps and third-party apps store. You should be able to go back and see previous versions of this data and restore it, as you can with Time Machine.

There is no excuse for iCloud losing data. Apple needs to create a safety net so this never happens.

How to encrypt your Mac with FileVault 2, and why you absolutely should | Macworld

FileVault 2 can make nations quake, apparently, but it’s just a bit of good information hygiene, letting you make choices about the degree of vulnerability you want to tolerate for your locally stored data and any software or stored passwords for services in your accounts. With it off, you’re not risking everything, but with it on, you have a high degree of assurance about who can access what.

My son’s MacBook Air got stolen last year when his apartment was burglarized. We spent a lot of time together changing passwords. With File Vault, we wouldn’t have had to do that. I strongly recommend using File Vault.

How to encrypt your Mac with FileVault 2, and why you absolutely should | Macworld.

Keep Flash Out of Your Face, and Protect Your Computer from Malware, with ClickToPlugin

I’ve long used the ClickToPlugin extension in Safari to prevent plug-ins from loading on web pages. This blocks Flash and other media plug-ins from running, and shows you a placeholder when you load a page with an element that is blocked.

It’s especially useful to block those annoying, moving Flash ads that serve no purpose other than to distract you from reading a web page.

Clicktoflash placeholder

If you do want to load the Flash animation, just click it. (Well, don’t click the one above; it’s just a screenshot.)

As Graham Cluley points out in his security blog, this plug-in can also protect you from Flash zero-day vulnerabilities that can infect your computer; since Flash can’t run, the vulnerability can’t be exploited. Sometimes, the Flash animations that serve malware are tiny, and you don’t even see them.

There are two versions of the plug-in: ClickToFlash, that only blocks Flash, and ClickToPlugin, that blocks other media player plug-ins, and that also tries to force the plug-in to switch to Safari’s built-in HTML5 media player.

This saves time, battery power and bandwidth, and keeps your annoyance level low. And it protects you from annoying Flash animations.

You may simply want to uninstall Flash; you can do that, but you may find that you actually need it from time to time. I find this to be the best solution: I can load the Flash animations if I want to, but, if not, I’m not bothered.

If you use a browser other than Safari, see Graham Cluley’s article for links to plug-ins that work in other browsers.

iOS 8 Restrictions: Parental Controls Overview for Parents

You know that the internet is a source of knowledge and information, and, if you have children, you are probably torn between allowing them the freedom to explore and the desire to protect them from inappropriate content. On OS X, you can set Parental Controls, and you can adjust settings so your children can’t download just anything from the iTunes Store or App Store. You can apply settings to social media accounts to protect your kids’ privacy. And, on iOS, you can adjust a full range of settings to control what your children see on the internet, and which apps they can use.

In this article, I’m going to look at Restrictions, the iOS version of parental controls. Apple’s iOS 8 Restrictions let you lock down your kids’ iPhone, iPad or iPod touch.

There are a lot of settings, so be prepared to take a few minutes to go through them and adjust them so they are appropriate for your child’s age. Be aware that if you simply enable restrictions, without tweaking individual settings, most of them are set, by default, to be appropriate for the youngest of children. But you should still go through all the settings when you have time to make sure you agree with all of them.

Read the rest of the article on The Mac Security Blog.