How Leopard Will Improve Your Security

I can attest that Input Managers are no longer available in Leopard.

On 2007-10-24, at 01:47, Alan Oppenheimer wrote:

>> I've heard rumors that Apple's default firewall rules are no longer
>> user accessible, which would be a major step backwards
>
> It's even worse than that. We're not sure what's still under non-
> disclosure, so I don't want to say more until Leopard's out, but it
> doesn't look good. Our blog (http://www.isyfm.com) will have details

If anybody else is keeping an eye on this (according to Rob
macosxhints the Leopard embargo's already been lifted), the link
above should read:

<http://www.isfym.com/>

Hi!

You write in your article that the firewall "has been improved and now
includes the capability to block network access to individual
applications". Can it now block outgoing traffic on an application
level or do i still need to buy Little Snitch or GlowWorm FW to be
able to do that? There's plenty of freeware windows-firewalls that can
block outgoing application traffic, but this has not been the case
with OS X.

Thanks in advance,
Mikael

Dear Rich and tidbits staff,

  I think that time machine is a great menace for privacy. I'd like to
complete wipe my old, deleted
files . If my macbook is stolen every "not specially skilled" hacker
will be able to use this terrible tool
to know all my "deleted" secrets (my credit card number saved in a
little file for temporary use,
 deleted but retrieved by TM, the photos of my secret lover, an erotic
chat and similar things ... etc).

 My privacy is more important than the safeguard of old forgotten files.
If I have to save some file in a safe
 mode i can simply use an external disk or a dvd, simple, cheap and
privacy proof. Maybe a simple remainder
 for saving important files every day will be the simple and the best
solution ...
 I prefer the freedom to the control !

  sincerely,
  Michelangelo

 MacOSX and Linux enthusiast

> I think that time machine is a great menace for privacy. I'd like to
> complete wipe my old, deleted
> files . If my macbook is stolen every "not specially skilled" hacker
> will be able to use this terrible tool
> to know all my "deleted" secrets (my credit card number saved in a
> little file for temporary use,
> deleted but retrieved by TM, the photos of my secret lover, an erotic
> chat and similar things ... etc).

Don't forget that the TimeMachine files are on an disk that is
EXTERNAL to your laptop. So if your house is burglarized, yes you
are correct they can steal that drive too. But if your MacBook is
stolen as you travel, no, it won't happen.

Regards,

Howard

> I think that time machine is a great menace for privacy. I'd like to
> complete wipe my old, deleted
> files . If my macbook is stolen every "not specially skilled" hacker
> will be able to use this terrible tool
> to know all my "deleted" secrets (my credit card number saved in a
> little file for temporary use,
> deleted but retrieved by TM, the photos of my secret lover, an erotic
> chat and similar things ... etc).

First of all, nobody is forcing you to use it. Time Machine is
optional. When you connect a drive, you have the option of whether or
not you want time machine enabled.

Second, the backups are stored on an external drive, NOT the internal
drive, so you can simply remove it and not have access to the deleted
files.

On 10/27/2007 10:13 AM, "michelangelo" <migheletiscali.it> wrote:

> I think that time machine is a great menace for privacy. I'd like to
> complete wipe my old, deleted
> files . If my macbook is stolen every "not specially skilled" hacker
> will be able to use this terrible tool
> to know all my "deleted" secrets (my credit card number saved in a
> little file for temporary use,
> deleted but retrieved by TM, the photos of my secret lover, an erotic
> chat and similar things ... etc).

Huh? First, you have to back up to a separate physical hard drive. So
stealing your macbook will have nothing to do with your time machine backup.

Secondly, if they steal your macbook and you use Time Machine, you'll
have....BACKUPS.

Exactly how do you think Time Machine works?

--
John C. Welch Writer/Analyst
Bynkii.com Mac and other opinions
jwelchbynkii.com

--On 10/27/2007 8:13 AM -0700 michelangelo wrote:

> I think that time machine is a great menace for privacy. I'd like to
> complete wipe my old, deleted
> files . If my macbook is stolen every "not specially skilled" hacker
> will be able to use this terrible tool

Ummm... No. Not unless you have some alternate version of the MacBook that
holds multiple internal hard drives.

Time Machine only backs up to a separate hard drive. On a MacBook that
means an external drive (as it does on every other current Mac save for the
Mac Pro).

Dave

On Oct 27, 2007, at 8:13 AM, michelangelo wrote:

> I think that time machine is a great menace for privacy. I'd like to
> complete wipe my old, deleted
> files . If my macbook is stolen every "not specially skilled" hacker
> will be able to use this terrible tool
> to know all my "deleted" secrets (my credit card number saved in a
> little file for temporary use,
> deleted but retrieved by TM, the photos of my secret lover, an erotic
> chat and similar things ... etc).


You are not required to use Time Machine; there is an On-Off switch
in preferences. Time Machine files are stored on a secondary drive
(or at least a separate partition) from your main drive For
portables, this would mean an external drive. You can also exclude
folders from Time Machine.

Alan Forkosh Oakland, CA
aforkoshmac.com

--On October 27, 2007 8:13:21 AM -0700 michelangelo <migheletiscali.it>
wrote:

> If I have to save some file in a safe
> mode i can simply use an external disk or a dvd, simple, cheap and
> privacy proof. Maybe a simple remainder
> for saving important files every day will be the simple and the best
> solution ...
> I prefer the freedom to the control !

Not sure how DVD's are privacy proof since anyone walking off with your
DVDs will have all your files, but:

a) Time Machine is not automatically on, and you can turn it off at any
time. So you have complete control over its use.
b) You control where the backups are stored. Backup to an external drive
that you leave your backup DVDs and the files are as secure as your DVDs.

for b) Time Machine on my computer will only allow backups to an external
drive (network drives not allowed, unfortunately!) I'm not sure if it will
allow you to backup to a 2nd parititon on the internal drive.

Not sure what lack of freedom you see here. The network drive option is
the only issue I have.

> I think that time machine is a great menace for privacy. I'd like
> to complete wipe my old, deleted files. If my macbook is stolen
> every "not specially skilled" hacker will be able to use this
> terrible tool to know all my "deleted" secrets
>

Well, what they would need is the Time Machine backup disk. If "all"
they get is your MacBook, and you have properly deleted those files
(by using Secure Empty Trash in the Finder, or via Disk Utility's
"Erase Free Space" feature), they're gone from your Mac for good and
cannot even be un-deleted by tools like TechTool Pro anymore. [1]

However, the privacy issue for the backup medium apples to _any_ type
of backup that is not encrypted: as soon as someone has physical
access to your unencrypted backup media, be it on tape, disk, CD-R,
etc., there goes your privacy. Even "cracking" proprietary backup
formats like Retrospect's is as straight-forward as opening your
media in that app, _unless_ you have enabled that app's built-in
encryption.


> My privacy is more important than the safeguard of old forgotten
> files.

... until the day that your Mac will refuse to start up even in
target disk mode, in which instant your view on this will change
dramatically!



If you're worried about this, probably the easiest option would be to
create an encrypted disk image (just click New Image in Disk
Utility's toolbar and be sure to set the encryption to AES) and store
anything that you would like to keep private -- including temporary
stuff -- on that volume. With a strong password in place, even if
someone would be able to access this disk image file, they wouldn't
be able to read what is, or was, on it.


Regards,

Jochen.


[1] - This assumes that you use an external disk for Time Machine
backups, not a partition on the internal disk (I'm not sure if Time
Machine will even allow this), which wouldn't be such a grand idea to
begin with for reasons other than privacy. ;)


--
Jochen Wolters
jochenpolytropia.com | http://polytropia.com | jochenwolters (Skype)

On 27-Oct-2007, at 09:13, michelangelo wrote:
> If my macbook is stolen

With the external drive you used for Time Machine?

You can exclude any directory or drive from Time machine (mine
excludes, for example, my Desktop), so it is trivial to create your
little temp files in a location that doesn't get Time Machine's
attention.

Le 28 oct. 07 à 12:01, Kevin van Haaren a écrit :

> The network drive option is
> the only issue I have.

And given Macs have Gigabit Ethernet for some time, and NAS drives
are widely available, it's feeling weird…


Denis H]
Je hais le ouifi

 
On Sunday, October 28, 2007, at 04:36AM, "Jochen Wolters" <jochenpolytropia.com> wrote:

>
>... until the day that your Mac will refuse to start up even in
>target disk mode, in which instant your view on this will change
>dramatically!


As they do, and the original drive in my Macbook did. The drive became a paperweight*--the machine denied any knowledge of having a drive. (That differs from denouncing the drive as bad.)

* These new drives are too small to be trivets.

  --John

On 10/28/2007 4:01 AM, "Dave Scocca" wrote:
>> I think that time machine is a great menace for privacy. I'd like to
>> complete wipe my old, deleted files . If my macbook is stolen every "not
>> specially skilled" hacker will be able to use this terrible tool
>
> Ummm... No. Not unless you have some alternate version of the MacBook that
> holds multiple internal hard drives.

If you've got MCE's OptiBay, that's exactly what you have ;-)

<http://www.mcetech.com/optibay/>

It replaces your optical drive with a second hard drive (you use an external
optical drive when needed). It makes for a great Time Machine setup,
especially if you partition the second drive into ~8GB for the Leopard
Install DVD and the rest for Time Machine -- you have instant access to Time
Machine backups as well as the ability to completely restore your system.

As for privacy, if you've got a laptop, the only way you have any privacy,
Time Machine or not, is with encryption. I personally use Knox to create and
manage encrypted disk images for personal and sensitive data.

<http://www.knoxformac.com/>

> As they do, and the original drive in my Macbook did. The drive
> became a paperweight*--the machine denied any knowledge of having a
> drive. (That differs from denouncing the drive as bad.)
>

Happened to a friend of mine, and guess what fixed the problem in his
case: removing the drive from the MacBook and re-placing it in the
machine, making extra sure that it was firmly seated. [1] Yikes, who
would'a thunk!


Regards,

Jochen.


[1] - Here's a more verbose account of that story:

<http://www.oreillynet.com/mac/blog/2007/08/
an_improbable_yet_successful_m.html>


--
Jochen Wolters
jochenpolytropia.com | http://polytropia.com | jochenwolters (Skype)