Security Sunday: Three issues of the week!

Over the past few days Apple has had three software security issues. One each on iOS, macOS and HomeKit. While the actual details of the issues do not matter to my discussion they are all in the infrastructure of equipment that I use. While there is a lot of reaction and speculation about the problems that beset Apple I want to use this as a lesson in computing safety. Just in case,….

First and foremost you have to have a good backup strategy from which to recover possible lost data. It is good to extract data from the internal formats of a system. So using something like iMazing. Which can move data in and out of your i”devices” and much more. You can also extract data into standard formats!

You can backup your iCloud files to an external drive or other locations.

Creating a bootable image of your Mac using Carbon Copy Cloner or SuperDuper gives you that extra backup of your computer for emergencies. I do this weekly with the primary Macs in my control. This is in parallel to the Time Machine backup that runs all the time. Another use for the image backups is to backup to a second drive and take that drive offsite to say a bank safe deposit box or a family members home that is not too close!

Using a service like Backblaze to create a cloud backup of your computer is a valuable addition to your system security plan.

Automating your iOS device backups to Apple iCloud is the simplest way to ensure that data on your device is somewhere you will NOT forget to manage.

So in case of data loss, software issues, equipment theft, and more. Backup often and offsite!

RJF

macOS High Sierra ‘root’ security bug

11/29/17 Apple has released Security update 2017-01 to patch this defect; update your machines!

 

Updates with more info from 9 to 5 Mac.

 

https://9to5mac.com/2017/11/28/how-to-set-root-password/

 


Linking from iMORE.COM

https://www.imore.com/macos-has-root-bug

Quote from Apple:

“We are working on a software update to address this issue,” an Apple spokesperson told iMore. “In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”

 

-rjf

 

Security Sunday: The Big Freeze

As a bit of an aside I am starting a series of posts on Information Security. Our technology world is increasingly under pressure from folks trying to steal our money our information and more. So Sunday mornings will be the slot for these posts.

Today I want to talk about a specific form of identity theft called loan fraud. Many times when our identities are stolen it is to create a method of taking out a loan or a credit card to get money to purchase goods for resale. One of the best methods of preventing this kind of fraud is what is called a security freeze. This is where you tell the credit agencies to not allow anyone to access your credit records. This basically prevents you or anyone else from taking out a loan or a new credit card in your name.

While there are some downsides to this it is mostly for the good. The credit agencies are now talking about what they call a credit lock but that is a device of their own making and may not carry the weight of the law that a credit freeze has.

Here are a couple of reference articles to guide you through the process of checking your credit status and freezing your credit..

Get your credit report:

https://www.annualcreditreport.com/index.action

Freeze your credit records:

https://krebsonsecurity.com/2015/06/how-i-learned-to-stop-worrying-and-embrace-the-security-freeze/

-rjf