Page 2 of 4 FirstFirst 1234 LastLast
Results 16 to 30 of 47

Thread: How secure?

  1. #16


    Member Since
    Oct 16, 2010
    Location
    Brentwood Bay, BC, Canada
    Posts
    7,476
    @allen-uk
    I thought I was doing reasonably okay, but your answer has given me the wobblies.
    I'd suggest that you do some reading about Apple's OS X FileVault at some non-apple sites.
    Lots of good valuable information out there. Maybe try some like:
    https://www.tekrevue.com/tip/enable-...ncryption-mac/

    The info may help calm your wobblies.




    - Patrick
    ======

  2. #17


    Member Since
    Jan 01, 2014
    Posts
    219
    Specs:
    MacBookPro 13 v11.1, i5 2.4 GHz, 256 GBs SSD, 8 GBs DDRs
    Quote Originally Posted by allen-uk View Post
    I thought I was doing reasonably okay, but your answer has given me the wobblies.

    Allen.
    From the physical security perspective, you are doing a OK. With Filevault2 enabled, most people will not be able to access your files, no matter where they plug in your SSD/HDD. Most people, since there are ways periodically that circumvent the encryption or rather accesses the password. Like this one from a little over a year ego:

    https://thehackernews.com/2016/12/ha...-password.html

    The chances are that Apple already patched this vulnerability, but new one comes to light on occasions. That's just the nature of software security...

    I was referring to the over the network access to your mini mac, when you are logged in and connected to the network. You could get some malware from the internet and it could upload the files in plain text to the command and control server. And as the link showed in my previous posting, the malware could actually activate the camera and record whoever is front of it.

    Yes, encrypting the drive is a good idea, if you need protection for the data at rest. On the other hand, Filevault does nothing for data in motion or remote access.
    Last edited by Cr00zng; 01-11-2018 at 04:18 PM. Reason: Clarifications...

  3. #18


    Member Since
    Oct 06, 2016
    Posts
    16
    Thanks Patrick, interesting article.

    Point taken, crooz. Our desktop is a fixed item, doesn’t travel, and we aren’t on any networks, but I’ll bear your points in mind.

    Allen

  4. #19

    MacInWin's Avatar
    Member Since
    Jan 01, 2009
    Location
    Winchester, VA
    Posts
    3,404
    Specs:
    MBP 15" Mid 2015, iPhone 8, an iMac, plus ATVs, AWatch, MacMini
    From the article Cr00zing linked:
    There's no indication it exploited vulnerabilities, which means it probably relied on tricking targets into clicking on malicious Web links or attachments in e-mails.
    Clicking on links you don't know about is the weakness here. Just don't do that. If you get a link in email, don't click. Similarly, clicking from one URL to another is a sure way to end up in dangerous territory. Take the time to check where the link is taking you before you go there.

    Allen, an encrypted drive is encrypted. Putting it in another machine won't change that encryption. Ditto with the .dmg. Stop wobbling.
    Jake
    The owners have announced that they are going to close this site. Read this and this for details and how to stay in touch.

  5. #20


    Member Since
    Jan 01, 2014
    Posts
    219
    Specs:
    MacBookPro 13 v11.1, i5 2.4 GHz, 256 GBs SSD, 8 GBs DDRs
    Quote Originally Posted by MacInWin View Post
    From the article Cr00zing linked: Clicking on links you don't know about is the weakness here. Just don't do that. If you get a link in email, don't click. Similarly, clicking from one URL to another is a sure way to end up in dangerous territory. Take the time to check where the link is taking you before you go there.
    That advise is not as useful as it used to be in yesteryears. That's mainly due to malwertisement, where the actual ad at a legit site redirects the visitor, behind the dancing/climbing/driving or whatever ad, to the site where the malware stored. Most website, like this forum, connects to 15-20 other websites that are not known for most visitors.

    Then there's the issue of short URLs, like this one:

    https://tinyurl.com/y7tgkdvj

    Go ahead, the link is for this site, including 10-15 other sites that analyze/tracks the visitor's activity...

  6. #21

    MacInWin's Avatar
    Member Since
    Jan 01, 2009
    Location
    Winchester, VA
    Posts
    3,404
    Specs:
    MBP 15" Mid 2015, iPhone 8, an iMac, plus ATVs, AWatch, MacMini
    Nope, I don't click on tiny urls, ever. And I use Ghostery to block the trackers and ads, so I don't see them. And any malicious links from the ads to redirect me gets blocked by either Ghostery or AdBLock, which I also use. And I don't run Flash as a general rule (Blocked by Ghostery again) although I will unblock Flash if I trust the website I am visiting. And for reference, this very page has 11 things blocked by Ghostery. (That is not a high number, I've seen it in the 30's for some sites.)
    Jake
    The owners have announced that they are going to close this site. Read this and this for details and how to stay in touch.

  7. #22

    macgig's Avatar
    Member Since
    Mar 15, 2006
    Posts
    762
    Specs:
    iMac "Core i5" 3.1 21.5-Inch | 8 GB ram | 10.12.3
    my understanding is file vault is very difficult to crack. the US government is not happy that apple is offering file vault so it must be some pretty good stuff.

    https://www.theguardian.com/technolo...yption-mac-osx

  8. #23


    Member Since
    Jan 01, 2014
    Posts
    219
    Specs:
    MacBookPro 13 v11.1, i5 2.4 GHz, 256 GBs SSD, 8 GBs DDRs
    Quote Originally Posted by MacInWin View Post
    Nope, I don't click on tiny urls, ever. And I use Ghostery to block the trackers and ads, so I don't see them. And any malicious links from the ads to redirect me gets blocked by either Ghostery or AdBLock, which I also use. And I don't run Flash as a general rule (Blocked by Ghostery again) although I will unblock Flash if I trust the website I am visiting. And for reference, this very page has 11 things blocked by Ghostery. (That is not a high number, I've seen it in the 30's for some sites.)
    You, and I, do it. On the other hand, how many other people do it? For that matter, how many other people use NoScript and disable Flash? I'd venture to say, that the number is on the low side, mainly the techie type...

    I actually use uBlock Origin, in tandem with Ghostery and NoScript; it can be a pain for accessing some site's content.

    Does it really matter, when the server can track visitors by fingerprinting the browser? From the tracking perspective, probably it does not matter; the IP address and the browser fingerprint is accessible for the web server. On the other hand, it matters for protecting against malware...

  9. #24


    Member Since
    Oct 06, 2016
    Posts
    16
    Thanks all.

    Macgig: interesting point, and reassuring.

    As far as clicking on URLs, well, we all do it. Wouldn't the internet grind to a halt if we didn't? And while I know they are/can be a source of malware, just getting through life means you have to have a degree of trust. For instance, I come to this website (MacForums), and a 'solid' member offers up a URL. My 'trust' is that the site is good enough to protect its members (i.e. me), and to keep an eye on its existing members, as far as it can. There's always a chance that MacForums (or whoever) isn't doing a good job, or that the 'solid' member is a bad 'un, but really, unless I'm going to restrict my web browsing to Amazon (etc), what do I do?

    It's a bit like driving. By all means drive defensively, and assume that every other road user is going to do something stupid, but you still have to drive! Unless staying at home with the door locked is really an option.

    On a broader point, could browser suppliers (Firefox, Safari, Chrome, etc.) build in protection from rogue sites (and not just through the discredited certification system)?

    Allen.

  10. #25

    harryb2448's Avatar
    Member Since
    Nov 28, 2007
    Location
    Nambucca Heads Australia
    Posts
    24,571
    Specs:
    iMac, i7 4GHz, 32GB memory, 1TB Flash Storage, OS X.12.6.
    This just must be a gathering of former KGB Assassins!
    Hang on to those original install discs like grim death! Using OS X.7 or later make a bootable USB thumb drive before running Installer!

  11. #26

    MacInWin's Avatar
    Member Since
    Jan 01, 2009
    Location
    Winchester, VA
    Posts
    3,404
    Specs:
    MBP 15" Mid 2015, iPhone 8, an iMac, plus ATVs, AWatch, MacMini
    Allen, when you see a link in the website, or most of them, if you hover over the link in Safari at the bottom of the screen will appear the real URL that the link is pointing to and to which you will go if you click. So if you, for example look at this link, you will see that it points to this post. So before you click on a link at ANY website, including this one, take a look first to see where it is going to take you. It's much like using a SatNav system in your car, you should check that the route is what you want BEFORE you set off driving.
    Jake
    The owners have announced that they are going to close this site. Read this and this for details and how to stay in touch.

  12. #27


    Member Since
    Oct 16, 2010
    Location
    Brentwood Bay, BC, Canada
    Posts
    7,476
    Quote Originally Posted by harryb2448 View Post
    This just must be a gathering of former KGB Assassins!

    +1 and others maybe???

    I was also wondering if some had strayed or got lost from their normal forensic and maybe some from their normal paranoid anonymous forums.




    - Patrick
    ======

  13. #28


    Member Since
    Oct 06, 2016
    Posts
    16
    Thanks MacInWin, useful tip.

    Allen (anonymous, eh?)

  14. #29

    IWT's Avatar
    Member Since
    Jan 23, 2009
    Location
    Born in Scotland, Worked in Scotland then England, Now live in Wales
    Posts
    3,681
    Specs:
    Late 2015 5K 27-inch Retina iMac, 4GHz i7, 32GB RAM, 1TB Flash Drive, macOS Sierra 10.12.6
    Quote Originally Posted by MacInWin View Post
    Allen, when you see a link in the website, or most of them, if you hover over the link in Safari at the bottom of the screen will appear the real URL that the link is pointing to and to which you will go if you click. So if you, for example look at this link, you will see that it points to this post. So before you click on a link at ANY website, including this one, take a look first to see where it is going to take you. It's much like using a SatNav system in your car, you should check that the route is what you want BEFORE you set off driving.
    You know, it really is true that you learn something new every day.

    Shame on me, perhaps, but I was quite unaware of the "hover over "link" in Safari - it reveals the real URL at the bottom of the screen/window" - tiny text, bottom left in my case.

    I think that everything else herein posted, I was familiar with

    Thanks Jake.

    Ian
    Ian

  15. #30

    toMACsh's Avatar
    Member Since
    Jul 30, 2009
    Location
    Wisconsin
    Posts
    6,474
    Specs:
    Mac Mini (Late 2014) 2.6GHz Intel Core i5 Memory: 8GB 1600MHz DDR3
    Quote Originally Posted by IWT View Post
    You know, it really is true that you learn something new every day.

    Shame on me, perhaps, but I was quite unaware of the "hover over "link" in Safari - it reveals the real URL at the bottom of the screen/window" - tiny text, bottom left in my case.
    It's quicker than my "trigger finger". It pops up before I can click it. It's just a matter of training my eyes to go down to the bottom before my brain engages my index finger.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Am I secure
    By Sesame in forum Internet, Networking, and Wireless
    Replies: 23
    Last Post: 05-15-2016, 10:30 PM
  2. A new secure box??
    By Jonzjob in forum Schweb's Lounge
    Replies: 5
    Last Post: 04-15-2016, 02:19 AM
  3. Secure delete
    By curly0107 in forum macOS - Operating System
    Replies: 2
    Last Post: 12-30-2012, 07:12 AM
  4. Secure Widgets?
    By robotboy175 in forum Switcher Hangout
    Replies: 0
    Last Post: 01-23-2010, 05:41 AM
  5. More Secure Macbook
    By le.chat.tueur in forum macOS - Operating System
    Replies: 1
    Last Post: 07-29-2009, 02:14 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •