How to Manage Gmail and Google Security and Privacy Settings

Lots of people use Gmail for their email, either using Google’s website in a web browser, or through an email client. You may use a @gmail address, or you may have a domain hosted on Google Apps for Work. When you use Google for your email–as well as for search, maps, and more–you have a number of security and privacy options you can set.

Google has a good set of tools for checking and tweaking your security settings, for both Gmail and for the rest of its services. In this article, you will discover how to run a Google Security Checkup, a Privacy Checkup, and how to tweak Google’s settings, so your account is secure. And I’ll walk you through Google’s Gmail Security Checklist.

Read the rest of the article on The Mac Security Blog.

Learn How to Keep Everything Safe with Take Control of 1Password, Second Edition

Tc1passwordLike many people, I use 1Password to store my passwords and keep all my data safe. It’s a great app, but getting the most out of it can take a bit of work. Fortunately, Joe Kissell has written a great book about it. There’s a new edition out, and, if you use 1Password, you should get this book to learn the best practices for passwords, and for using this app.

In this book, Joe Kissell brings years of real-world 1Password experience into play to explain not only how to create, edit, and enter Web login data easily, but also how to autofill contact and credit card info when shopping online, audit your passwords and generate better ones, and sync and share your passwords using a variety of techniques–including 1Password for Teams. Joe focuses on 1Password 6 for the Mac, but he also provides details and directions for the iOS, Windows, and Android versions of 1Password.

Get Take Control of 1Password, Second Edition.

Protect Your Amazon Account with Two-Step Verification

Amazon has recently added two-step verification to its website. This means that you can protect your account with an additional layer of security.

If you use two-step verification when you sign into your Amazon account, you’ll enter your email address and your password, and then you’ll be required to enter a six-digit code that will be sent to you by SMS. (For a brief overview how two-step verification works, read this article about setting up two-step verification for iCloud.)

You don’t have to use this method of securing your account, but it’s a good idea if you do. Two-step verification prevents others from accessing your account on other devices.

The following describes how to activate Amazon’s two-step verification.

Read the rest of the article on the Mac Security Blog.

Serious Security Problem with Amazon; How Is This Even Possible?

This morning, I went to my Amazon account to turn on two-step verification. This system offers an additional layer of protection, and requires that, when you sign into your account, you enter a six-digit code that is sent to you via text message. You can trust devices, so you don’t need to enter the code each time, but at least no one can log into your account from a new, untrusted device without a code.

I have three Amazon accounts. I have been shopping with in the US since it was launched. I lived in France for a long time, so I have an account there. And I now live in the UK, and have an account with Amazon UK. I use the same password for each of the accounts, and Amazon stores my addresses and payment methods for all of them; if I change any of these on one country account, the changes are made on the others. As such, turning on two-step verification on also turned it on for Amazon UK and Amazon FR.

So I went to check my Amazon accounts in the three countries, and in different browsers. (A trusted device is not just a computer, but a specific browser on a computer, so if you use more than one browser, then you need to enter a code for each one, or trust each one after entering a code the first time.)

When I went to Amazon FR in Firefox, I saw something very surprising. I was not logged into my account, but into someone else’s.

Amazon fr p

It turns out that the someone else is my son, but this is very worrisome. My son lives in Paris, and while he has visited me in the UK several times since I moved to the country, he confirmed that he has never used my computer to log into Amazon; when he visits, he brings his laptop. In addition, I don’t know his password, and, when I checked Firefox’s saved passwords, no passwords of his show up for any site. While I don’t use Firefox often, I’m sure I’ve logged into Amazon FR in Firefox at least once since I’ve been in the UK.

Note that I can view my son’s shopping cart, but I can’t access any of his account info, or place an order. When you do that, you need to sign in. Amazon displays this screen when I try to access any further information about the account:

P amazon login

There is a link between us: we each have the other’s address in our address books. But there is no other link. We did share an Amazon Prime account several years ago, but, while he still uses Amazon Prime, my Prime account ran out a few months before I left France, or about three years ago.

I tried calling Amazon FR to find out what happened. The first time, the call got cut off while I was waiting for my case to be escalated. The second time, a person told me to just sign out, as if it wasn’t a big deal. I explained that it was a big deal, that I shouldn’t be able to see someone’s account in any way, not even their shopping cart. After several minutes, I was put on hold for a long time, then the call got cut off.

I’m quite worried about this. I now have two-step verification set up, but I don’t understand how I could be logged into someone else’s account. At least it’s my son’s account, and not some stranger’s, but this simply shouldn’t happen.

How to Encrypt Disk Images with Disk Utility to Protect Sensitive Files

If you want to protect files on your Mac, on an external drive, or even in the cloud, it’s a good idea to encrypt them. You don’t need any special software to do this; your Mac already contains the app you need. Apple’s Disk Utility lets you create an encrypted disk image that you can use to store sensitive files that no one, not even the NSA, can get at.

We recently discussed how to use Disk Utility to manage disks and volumes. One of this app’s powerful features is the ability to make disk images, with or without encryption. To do this, start by opening Disk Utility — you’ll find this app in the Utilities folder in your Applications folder (go to Finder > Applications > Utilities).

You have two options for creating encrypted disk images: you can either create a new, empty disk image, or you can have Disk Utility make a disk image of a folder, such as one containing files that you want to archive. In this article, you will learn both ways how to encrypt disk images to protect files with Disk Utility.

Read the rest of the article on The Mac Security Blog.

How to Securely Empty Trash in OS X El Capitan

Previous versions of OS X used to have a Secure Empty Trash feature, which would securely delete the contents of the Trash. What this did was overwrite the files with zeroes, making it much harder — nearly impossible, in fact — to recover the files.

Unfortunately, when OS X El Capitan was released, Apple removed the Secure Empty Trash feature. There are still a couple of ways you can securely delete files in El Capitan.

Read the rest of the article on The Mac Security Blog.

How to Manage Disks and Volumes with OS X’s Disk Utility

If you need to format, partition, or otherwise work with hard drives on a Mac, Apple’s Disk Utility is the tool you use. Found in the Utilities folder, inside your Applications folder, Disk Utility is a powerful tool that offers a full range of features to manage disks and volumes, encrypt and decrypt them, work with disk images, and much more.

The following is an overview of how to manage disks and volumes with OS X’s Disk Utility. In this article, you will learn how to get information about your drives, format a new disk, partition a drive, and turn on encryption.

Read the rest of the article on The Mac Security Blog.

Learn How to Keep Your iOS 9 Devices Safe and Secure in This New Book

Ios9 securityThis book by Glenn Fleishman teaches you how to use an iPhone or iPad with iOS 9 on Wi-Fi and cellular/mobile networks securely, making connections with ease while protecting your data and controlling access to your private information. It also covers Bluetooth networking, tracking an iOS device, content-blocking Safari extensions, privacy settings, using AirDrop and AirPlay, and solving connection problems.

The book covers a huge range of common network setup and routine usage issues, with illustrated step-by-step instructions. It explains how your private details–who you are, sites you visit, and where you physically go–are shared with Apple and others, and how to restrict or block that sharing. On the security side, it walks you through scenarios from securing your data in transit to connecting to a secure Wi-Fi network to recovering or erasing a lost iPhone.

You’ll learn how to:

  • Troubleshoot problematic Wi-Fi connections.
  • Use Safari content-blocking extensions.
  • Master all the options for a Personal Hotspot.
  • Stream music and video to other devices.
  • Transfer files between iOS and OS X with AirDrop.
  • Block creeps from iMessage, FaceTime, and phone calls.
  • Secure your data in transit with a Virtual Private Network (VPN) connection.
  • Protect your device against access and deal with it going missing.
  • Plan and manage your cellular data usage.
  • The book covers WPA2 security, AirDrop, AirPlay, Bluetooth networking, content-blocking Safari extensions, Wi-Fi Calling, Wi-Fi Assist, Airplane Mode, privacy settings, Personal Hotspot (including Instant Hotspot), VPNs, two-factor authentication, Touch ID and passcodes, and Find My iPhone.

This book has been thoroughly updated for iOS 9, and includes details about new features, like Wi-Fi Assist, two-factor authentication, and Wi-Fi Calling. It also has a new section on privacy that explains what kinds of data about yourself you expose, how to control Apple’s settings, and using content-blocking Safari extensions.

Get A Practical Guide to Networking, Privacy & Security in iOS 9.

Apple Tells How to Validate Your Version of Xcode

Apple’s App Store has seen a number of compromised apps being introduced, infected with the XcodeGhost malware. This was caused by developers, mostly in China, installing tweaked versions of Xcode, the app used to develop apps for iOS and OS X.

Apple has published instructions explaining how to validate your version of Xcode. As Apple says,

When you download Xcode from the Mac App Store, OS X automatically checks the code signature for Xcode and validates that it is code signed by Apple. When you download Xcode from the Apple Developer website, the code signature is also automatically checked and validated by default as long as you have not disabled Gatekeeper.

Whether you downloaded Xcode from Apple or received Xcode from another source, such as a USB or Thunderbolt disk, or over a local network, you can easily verify the integrity of your copy of Xcode.

If you’ve gotten Xcode from channels other than the Mac App Store or Apple’s Developer website, make sure to check your copy.

I followed Apple’s instructions, and I get this:

/Applications/ invalid resource directory (directory or signature have been modified)

I’m a bit curious about this. I downloaded my copy from the Mac App Store, and I don’t see how anything can be wrong with it…

iOS 9 Security and Privacy Features Explained

It’s that time again: Time to update your iOS devices to the latest version of Apple’s mobile operating system. iOS 9 brings numerous new features to your iPhone and iPad, and is compatible with all iOS devices that can run iOS 8.

If you’re getting ready to update, or even if you already updated, it’s a good idea to take a few minutes and have a look at the many security and privacy features iOS 9 offers. Some have been around for a while, and some are brand new.

Read the rest of the article on the Mac Security Blog.