rss2email.ru | На что подписаться? | Управление подпиской |
The Apple Blog The Apple Blog, published by and for the day-to-day Apple user, is a prominent source for news, reviews, walkthroughs, and real life application of all Apple products. http://theappleblog.com другие подписчики этой ленты также читают >> |
- TrueCrypt 5.0 Brings Plausible Deniability To OS X Users
While I’m not trying to only focus on security topics, they just seem to pop up more often than not, including today’s serendipitous discovery that TrueCrypt is available for OS X. Security isn’t just about maintaining system integrity (loosely defined as keeping malicious code from getting onto/running on your system). A critical component is ensuring that your valuable data is protected according to your risk appetite (loosely defined as confidentiality). Macs already have FileVault and secure disk images to handle basic encryption needs, so you may be asking why we need yet another utility for protecting information our systems (a fair question).
If you need/desire cross-platform compatibility, then TrueCrypt is a perfect choice. You can encrypt a virtual disk image onto a USB drive and take it from Windows to Linux to OS X and gain access to your all your secret data, something that is not possible with OS X secure disk images.
The other big “selling point” (difficult to use that term with a free & open source product) is the concept of plausible deniability. Until you go through the process of decrypting/mounting a volume, TrueCrypt file or disk volumes appear to consist of nothing more than random data (i.e. there is no “signature”). It is impossible to prove that a file, a partition or a device is a TrueCrypt volume or that it has been encrypted. This is an important point since we’re going down a very slippery slope (at least in the United States) where folks are now being forced to give up their secrets with full legal backing. You can rename a TrueCrypt file to “Family Vacation.mov” and be able to claim that it’s just a corrupted transfer from your video camera with no way for the authorities to prove otherwise. Similarly, non-boot volumes (which is not an option for OS X yet) have no identifiable tags, making it look like an unformatted partition with random data.
Sadly, one of the coolest features – creating a hidden volume within an encrypted volume – is also not available on OS X yet. This option would allow you to give up your keys/passphrase to an outer-encrypted volume, but have another hidden, encrypted volume within it that uses a separate set of keys/passphrase. This lets you give up some of your secrets but not all of them.
My attempts at downloading and installing TrueCrypt were woefully unsuccessful with Safari under Leopard (the download file was corrupted). It worked fine in Firefox and is available for 10.4 and 10.5, Intel or PPC. I’ll be putting the software through some tests over the next few days, so drop a note in the comments or forums if you have any questions or want to share your experiences with the product.
Tags: Commentary, encryption, security, Software, Software, TrueCrypt
Related posts
Комментарии к сообщению:
http://theappleblog.com/2008/02/06/truecrypt-50-brings-plausible-deniability-to-os-x-users/#comments - Fix for Office 2008 Security Issue
For those that have installed Office 2008, you may have seen some news floating on the internets about improper permissions — that were created by the installer — potentially allowing another local user to access your documents. It’s not a remote exploit issue and most folks are probably not vulnerable (you only need to be concerned if you’ve created another user on the system).
Erik Schwiebert posted instructions for a temporary fix over at Mac Mojo and Microsoft will be issuing an official patch/update to address the issue as well. Erik’s instuctions require some Terminal-fu, so I wrapped them into an executable – Fix Office 2008 Permissions.
Just download/extract the archive and run the executable. You will be prompted for your password since the fix requires elevated privileges.
If you have any issues with the executable or following Erik’s instructions, post them in the comments and I’ll see if your particular install requires any tweaking.
Tags: Commentary, office 2008, os-x, security, Tips
Related posts
Комментарии к сообщению:
http://theappleblog.com/2008/01/26/fix-for-office-2008-security-issue/#comments - A Look at Native KDE 4.0 for OS X
This week Slashdot (and many, many others) reported that KDE 4.0 has been released for Windows and OS X. KDE (K Desktop Environment) has been a popular GUI for *nix systems and there have been ways of getting it to run (mostly) on OS X prior to this native port if you were willing to use X11 on OS X). RangerRick (of OpenNMS “fame” did much of the heavy lifting for the Mac side of this project, including the package distributions.
To start, you’ll need to grab the torrent download – I picked the one labeled “everything,” weighing in at over 2GB. Once the download eventually finishes (it was slow for me, but I may have been a bit impatient and started mine before all the primaries were seeded), mount the KDE dmg file and double-click on the
Tags: Commentary, kde, open source, os-x, Software Reviewskde.pkg
installer. It will do most of the heavy lifting and put the base packages and applications on your system. One bit of annoyance is that installer stores everything in/opt
, so you’ll have to ⌘-Shift-G (goto folder) in the Finder and enter/opt/kde4/bin
to get to the apps (alias this into the/Applications
folder for faster access).
(more…)
Related posts
Комментарии к сообщению:
http://theappleblog.com/2008/01/25/a-look-at-native-kde-40-for-os-x/#comments - Why Mac Security Matters: OS X Rootkit Hunter
After blogging about the need to use and maintain an anti-virus solution for your OS X systems, an anonymous reply questioning the need to use security tools at all on OS X systems gave me pause. You do not need me to link to the numerous articles flying around the internets that report on how one reason switchers are flocking to OS X is because of the lack of prevalence of malware. Folks are tired of viruses, worms, trojans, etc. hammering their systems. They are even more harrowed by having to maintain vigilance over their anti-virus programs, hoping they are not too far out of sync with the current “DAT”. However, switching to run OS X to avoid running anti-virus programs may not be the wisest choice.
To answer the “do we really need security tools for OS X?” question in a slightly different way than you’ve seen from many technology pundits, I’d like to turn your attention to utility called rkhunter or “rootkit hunter”. As most TAB readers should know by now, OS X has it’s origins in Unix (the “darwin” base comes from FreeBSD), and most folks believe *nix variants (linux, FreeBSD, Solaris, etc) to be extremely secure, free of the problems that plague those sad, sad Windows users. If you fall into that camp, please take a moment and browse the Secunia FreeBSD 5.x artchives. Secunia reports show over 91 vulnerabilities, with critical ones impacting core services such as file sharing and remote access. This should not be surprising since Unix systems have been favorite targets for hackers as they provide such a powerful base to launch further exploits. One of the more gnarly hacks is the installation of a rootkit - a program that can take surreptitious control of your system. And, guess what: your Mac OS X workstation/server is susceptible to rootkits just like any other Unix system, even with Leopeard’s enhanced security features. How can you fight something you can’t even see? You need a tool to help. Modern anti-virus products can and usually do cover rootkits, but the rkhunter tool may cover additional rootkits and may update rootkit signatures more frequently than a traditional vendor.
I wouldn’t recommend trying to get rkhunter installed on your Mac since it will require some enhanced Terminal-fu. Thankfully, Christian Hornung understood the need for such a tool and built a wrapper for it called (surprisingly enough), OS X Rootkit Hunter [dmg], complete with installer. After installing the package, navigate to
Applications->OSXrkhnter
and run the “Rootkit Hunter” app.It’s good practice to update the rootkit database (similar to a virus engine DAT update) before each scan since there may be new rootkit signatures from new or altered exploits. When you start the scan, you will see a password dialog - just as you would with any operation that requires additional privileges to run - since OS X Rootkit Hunter needs to look in places your normal account user account cannot. You will also see Terminal windows displaying a running report of what rkhunter has or has not found (since this front-end does not free you from all the gory details of what lies beneath Aqua).
While you can download and run OS X Rootkit Hunter, I would strongly suggest that less technical users obtain one of the commercially available malware scanners since the output from OS X Rootkit Hunter can be a bit daunting. The presence and history of this tool should be enough justification for the need to run security software on your systems.
Tags: Commentary, darwin, malware, os-x, rootkit, security, Software
Related posts
Комментарии к сообщению:
http://theappleblog.com/2008/01/23/why-mac-security-matters-os-x-rootkit-hunter/#comments - Reflections on another Tuesday at Macworld
This is the fifth year I’ve attended Macworld Expo on the day of the keynote, and it definitely wasn’t as exciting as 2007. But after last year’s introduction of the long-rumored iPhone, how could it be?
Of course, another big difference is that I didn’t get into the keynote this year. There’s always a disconnect between those who attend the keynote and those who don’t. (more…)
Tags: apple-tv, Commentary, macbook air, macworld, media, moscone
Related posts
Комментарии к сообщению:
http://theappleblog.com/2008/01/17/reflections-on-another-tuesday-at-macworld/#comments
rss2email.ru | отписаться: http://www.rss2email.ru/unsubscribe.asp?c=6893&u=24004&r=311667163 управлять всей подпиской: http://www.rss2email.ru/manage.asp |