Contact Info

sean [at] coreitpro [dot] com gpg key

Mastodon

sc68cal on Libera

Mac Security Articles

What is surprising to me is that there is a new trend in the OS X publication community. I’m seeing quite a few articles as well as dedicated series of articles focusing on the issue of computer and information security. This is good. It’s better than it was a year ago when the fanboys were jumping up and down over the Month Of Apple Bugs and Maynor’s Wifi exploit, denying that they were real and using underhanded character assassinations to undermine the findings of researchers.

TUAW has a special series on securing your computer. MacWorld is doing the same.

What was disappointing to me was the fact that many of the articles are not factually correct! Honestly some of these tips are just flat out ridiculous and the only people that they would fool would be under the age of five.

From TUAW:

Create a hidden folder Mac OS X automatically hides a folder that begins with a period. We can use this to our advantage and create a secret folder. However, it's not as easy as creating a folder in the Finder and naming it ".MyPrivateStuff." But it's not difficult, either.

Give me a break. Just because it has a period in front of it doesn’t mean you actually are going to be hiding anything from anyone. In fact, you can scan for files and folders that have the period in front of them. It’s very easy. Especially with the ACP from Rixstep

But if you’re going to hide things with the Finder, the “Ultimate” way to hide them is by using “Finder Flags” which only the Finder cares about. Another useful ACP utility can enable these flags and disable them. But regardless, they’ll still show up in a quick scan by a superior program like Xfile, or even the UNIX commands. ls -A

You’re not getting very much protection out of renaming files to have a period in front of them.

Users (and journalists) are missing the point. You cannot hide things on a filesystem. The entire point of a filesystem is to keep track of things. You can’t avoid it. You can however, limit access. UNIX was built upon everything being a file with specific permissions. Users can be denied access to files and directories. The TUAW tip is like taking your treasures and putting it into a shoebox and burying it in the rose garden. All you need is a metal detector and a shovel to get at it.

UNIX would be the safe that you have in your basement. You put your treasure in it, spin the combo lock and you’re done. You can’t hide the fact that you have a safe, but you can limit who can actually get to it, as well as limit who has the key to actually open the safe.

Let’s move past the hocus pocus “Hide your dirty secrets in my special hidden folder(hint: it’s name is Untitled)” and move on to the “my account is protected with a strong password and permissions settings and the only way to get at it is to have the password” model.