Would you like to secure your Internet connection when you’re using a public wireless network at a hotel, coffee shop or airport? If so, you should consider using a personal VPN service like Cloak or TunnelBear.

In a previous tech tip, I talked about reasons why you might want to sign-up for a personal VPN service such as securing all of the data that goes to or from your laptop while you’re using a public wireless network.

In this article we’ll briefly compare two personal VPN services including Cloak and TunnelBear. I’ve used both of these services over the past few months. Both are affordable, easy to setup and capable, but I prefer Cloak for its unobtrusiveness and helpfulness.

You can try both services for free. Tunnelbear offers a service plan which lets you send up to 500 MB of data over your Tunnelbear VPN connection for free. If 500 MB isn’t adequate then they offer two paid plans that permit you to send unlimited data. You can either pay $5/month or $50/year. Cloak offers a 30-day free trial. After that, you have to choose from one of 3 monthly data plans: 5 GB for $2/month, 25 GB for $8/month or 60 GB for $15/month. In my experience, a 5 GB monthly cap is sufficient, so I would pay $24/year for a year’s worth of service from Cloak.

Both applications have very simple interfaces. Tunnelbear is an application. When you open it you see two buttons. One is the on/off button used to start or stop your VPN connection. The other button lets you indicate if you’re in the US or the UK. Additionally, the application displays the amount of data remaining if you’re using the free account. Cloak installs a menu bar icon whose menu provides a Connect/Disconnect command, a status indicator, preferences and a way to quit Cloak. I prefer Cloak’s interface since its menu bar icon is out of the way while Tunnelbear’s application seems much larger than it needs to be. Additionally, Cloak displays information notifications when it has connected or disconnected as well as when the public wireless network requires you to sign-in using your web browser.

Both applications reportedly work in many countries, but Cloak’s coverage might be more wide-spread. Cloak claims to work in most countries since they piggyback on data centers around the globe. While I don’t travel internationally much, I know many of my clients do, so this is an important feature. It’s unclear how wide-spread Tunnelbear’s coverage is. I assume they only have servers in the US and the UK and thus, I presume it’ll work in North American and European countries and maybe others. Both applications indicate that they don’t work in China.

Both services support Mac OS X and Windows-based computers as well as iOS devices like iPhones and iPads and Android-based phones and tablets.

It’s important to be aware that using a VPN connection will slow down the speed of your Internet connection. VPN connections encrypt all network traffic that is transmitted across them. This encrypting and decrypting of data takes time and thus slows down your connection. Cloak estimates that you’ll see a loss of about 20% of your network throughput.

I hope you find this comparison helpful. Security is increasingly important. Both Tunnelbear and Cloak offer affordable, user-friendly ways to secure your network traffic when you’re on public networks, so try these services and start to use one.

Click to Print or Email

Do you have children? Would you like to configure your home network to easily block adult content? Here’s an easy and affordable way to setup adult content filtering for all Macs, PCs, iPhones and iPads on your network. Sign-up for OpenDNS’ free FamilyShield service.

In recent years, when I’ve been asked to setup adult content filtering, I’ve recommended applications like Intego’s ContentBarrier which now appears to be part of Intego’s Family Protector product. This application gets installed on each computer on which protection is needed. This solution is no longer affective if you have iPhones, iPads or iPod Touches on your home network since ContentBarrier or comparable applications do not exist for the iPhones and other iOS devices. This is where FamilyShield comes in handy.

FamilyShield works by modifying the configuration of your wireless router. All network traffic in and out of your home network travels through your wireless router. Thus, by reconfiguring your wireless router, you affect all devices on your network, including computers, mobile devices and gaming consoles like XBoxes.

I should mention the protection offered by FamilyShield can be pretty easily defeated by somebody who understands how networks work. So it’s not a perfect solution if you have a savvy teenager who wants to get around it. However, FamilyShield could be an appropriate solution for younger children. OpenDNS also offers a paid service named OpenDNS Home VIP which might be more difficult to defeat, but because OpenDNS’ site doesn’t do a good job of highlighting the additional features included with this paid service, the degree of increased protection is unclear. It’s also possible that over time FamilyShield might become more robust.

I’m also watching a couple of other products that provide content filtering for your entire network. They included two wireless routers, the iBoss Home Parental Control Router/Firewall and Pandora’s Hope. iBoss has a range of other network products for home and business users so they appear to be a well-established company, but reviews of the iBoss are mixed, like this one and this other one. I couldn’t learn much about the Pandora’s Hope router or the company that makes it. This PR article indicates that the company started selling products in 2009 and that the current model was released in 2011. I couldn’t find any reviews by computer industry reviewers. The iBoss and Pandora’s Hope cost $40 and $160 respectively and then have recurring annual costs of $60 and $20 respectively. I’m not convinced that this money is well spent in comparison to the free FamilyShield service.

None of the solutions that I could find are perfect, but, for the time being, if you want to prevent children using computers, mobile devices and gaming consoles in your home from accidentally or intentionally finding adult content, I would check out OpenDNS’ free FamilyShield service. If I find a more robust solution, I’ll update this article.

Click to Print or Email

Over the past couple of days there have been news stories about a vulnerability in Java which is apparently being exploited in an effort to steal identities. The situation isn’t entirely clear to me and details change rapidly, but currently the Department of Homeland Security recommends that people disable the Java web browser plug-in, for each of their web browsers.

According to this article from ZDNet, Apple has already sent out an automatic update which effectively disables the Java web browser plug-in for Macs running OS X Lion (10.7) and OS X Mountain Lion (10.8). That said, it can’t hurt to follow the instructions below to double-check your Mac’s configuration.

Important Note – Please don’t confuse Java and Javascript. These are two entirely different technologies despite the very similar names. This current security vulnerability only affects Java, not Javascript. More specifically, this vulnerability targets Java web browser plug-ins. In other words, you don’t need to fully remove or disable Java or Java-based applications, like OpenOffice or CrashPlan. Reportedly, Java applications have a very low chance be being exploited by this bug.

This OS X Daily article from August 2012 provides instructions on how to disable the Java plug-in in Safari, Chrome and Firefox. Please follow these instructions to ensure that Java is disabled in your web browser.

Click to Print or Email

The start of a new year is the season of resolutions. I propose that you make a resolution to organize your passwords. Build a list of your accounts and their passwords. Also, make sure those passwords are strong. In a previous tech tip I talked about how to test your passwords’ strength and how to select strong passwords. I’ll reiterate some of that tech tip’s suggestions and add some recommendations on creating and maintaining your password list.

You often hear the recommendation that you should use a long, complex and unique password for each system and change each of these passwords every month. From a security viewpoint, I agree with this recommendation completely, but I don’t think it is at all practical or realistic for most people. Instead, I think it’s more reasonable to make this recommendation: Use very long passwords and maintain a written list.

Some day in the future we might login to our accounts using a thumb print or an iris scan. When this day comes then security will be easy. We simply press our thumb on a device or look into a camera and wait for a few seconds. Gone will be the days of remembering a myriad of passwords, typing in passwords and resetting forgotten passwords! However, our current reality is that we all have many, many password-protected accounts. So what’s the best way to handle this?

In this current paradigm, security and convenience are inversely related. The more secure things are, the less convenient they are. Or, stating the converse, the more convenient things are the less secure they are. Let me illustrate this. It’s very convenient for you to use one password on many or all of your accounts, but this is very insecure. If one account is compromised then they are all effectively compromised. If one account is compromised you obviously have to select a new password for that account and really, you should change the password for all of the accounts for which you use that same password. What a headache. How inconvenient!

Thus, I recommend a more balanced approach. Use at least a handful of passwords, select long passwords and maintain a password list. One of the easiest ways to make a password secure is to make it long. If your password is currently cactus. Simply change your password to cactuscactuscactus. (It would be better if you made it complex like this: c@ctuSc@ctuSc@ctuS, but I won’t push my luck.) However, even if you do your best to pledge to use a really long or complex password, your efforts could be thwarted by systems that put a cap on the maximum length of a password or don’t allow the use of punctuation marks in a password. Thus, you’ll end up with a greater variety of versions of your passwords than you’d like. Thus, it’s important to maintain a password list.

Let’s focus on this list. It could be handwritten on paper, but clearly this isn’t very secure. If you do put it on paper then securely store it in a locked drawer or a safe. However, locking up your list makes it less convenient to grab and to update. So if you’re going to maintain your list on paper I recommend that don’t write the password itself. Instead, write a hint. For example, if your password is your childhood street address then you could simply write old address as the hint. This way you could keep the password list close to your computer and even if a burglar found it he wouldn’t immediately have all of your passwords.

An even more secure way to store your password list on a computer is in an encrypted disk image. I think this solution offers a great combination of security and convenience. A previous tech tip describes how to setup an encrypted disk image. Since the disk image is on your computer, you’ll always have this information conveniently at your fingertips, but it’ll be stored in a secure, encrypted manner. Of course, you’ll have to remember your password for your disk image. If you forget it then you’ve lost access to your entire list!

Another option that some of my colleagues use and recommend is a password manager like 1Password or mSecure. This blog article covers 8 password managers for the Mac and iOS devices. 1Password and mSecure are the two that I’ve personally worked with.

Whichever method you choose, I hope you compile a list of your current accounts and passwords and hopefully take some time to select longer, more secure passwords for these accounts.

Click to Print or Email

Do you use your laptop on public wireless (wi-fi) networks? Do you own a business and want to give remote staff a way to securely connect to your office network? If so, then you should know about VPNs.

VPN stands for Virtual Private Network, but this isn’t particularly helpful in understanding what it is or what it does. A VPN is an additional, virtual network that can be setup to exist over an existing physical network. In even simpler teams, a VPN is way to secure (encrypt) the data that leaves your computer as it travels across the Internet.

VPNs can be useful in a few situations, but my clients tend to use them in the following two situations. First, some clients want to provide part of their staff with secure remote access to the office network. This way, a staff person could work at home or travel to another city yet still have access to the business’ systems, like a file server or a database of client information. The staff person manually initiates a VPN connection to a VPN server in the business’ office. Once the connection is established, the person would be able to connect to the database or file server as though his or her computer was in the office. It’s important to note that the performance or speed of such VPN connections will be much slower than if the computer was actually in the office. This loss of performance is seen as a worthwhile trade-off since security is maintained and slow access is considered better than no access.

The second situation would be a person, like me, who travels regularly for business and often uses shared public networks like those found in coffee shops, airports or hotels. Many of these networks require no password to join and are thus far from secure. So, to prevent others on the network from determining what web pages I’m visiting or what emails I’m sending, I could use a VPN to encrypt all data as it moves from my laptop across the wireless network. Additionally, I find that some hotel networks or other public networks are configured to not allow users to send emails. While I understand that these networks are doing to for security purposes, it can be an inconvenience. Establishing a VPN connection would permit me to bypass this network limitation and send emails. There are other possible reasons why one might want a VPN service as described by Witopia, a provider of VPN services. To secure the data that I send and receive on my laptop, I could initiate a VPN connection to a VPN server. In this situation there is also a performance hit but the trade-off is increased security so it’s considered worthwhile.

Hopefully, these two examples illustrate how a VPN could be useful and what a VPN is.  A future article will compare a few personal VPN services.

Click to Print or Email

While viruses are not  a major risk for Mac users, it’s still prudent to have an anti-virus application installed on your Mac. Sophos offers a free Macintosh anti-virus application for use on home computers. Give it a try.

Why would you need an anti-virus application on your Mac? I can think of a couple of reasons.

1. While there aren’t many Mac viruses, there are some Mac OS X Trojan Horse viruses. I still occasionally come across some Word Macro viruses also, which were common on Macs in the late 1990s.

2. You might receive an email attachment which contains a PC virus. While this virus can’t do any harm to your Mac, would you want to pass this virus on to a friend or family member who has a PC? Sure, that person should have their own anti-virus protection, but it still doesn’t look good that you’re passing on viruses.

If you have business computers you can also use Sophos, but you’d have to buy an initial license. Sophos requires the purchase of a minimum of 3 licenses for about $34 per license. Volume discounts kick in at 10 licenses.

Check out Sophos Anti-Virus. It’s free for home users. It can detect if your Mac already has any infected files and can prevent you from getting infected in the future.

Click to Print or Email

The purpose of this article is to help you assess the strength and security of your password and to encourage you to start using more secure passwords. As a consequence of the fact that we all need to keep track of many passwords, many people use just one or two passwords over and over again. If this is true for you then please make sure that those few passwords are very difficult to guess. Go to How Secure Is My Password and type in your commonly used passwords to see an estimate of how long it would take a computer to determine your password using a brute-force attack. A brute-force attack is one in which a person tries repeatedly to guess your password. Such attacks often start by using some of the most commonly used passwords like 123456, password, cactus, andrew and turtle.

Okay, now that you realize how weak your password is, here are some tips on picking stronger passwords. Most likely, you’ve heard the advice of making your password longer, adding numbers and punctuation marks as well as a mix of uppercase and lowercase letters. All of this is good advice, but many people seem reluctant to incorporate this advice. Use the How Secure Is My Password to see how much longer it would take to guess a strong password by typing in a few variants of your password. You’ll soon see that password length make a huge difference. The longer your password is, the more secure it is.

For example, if your password is cactus, you’ll see that this word is one of the 2000 most commonly used passwords so it can be guessed very easily– within seconds or minutes. However, if you were to change your password to cactuscactus then you’d see that the web site estimates that it would take about 12 years for a computer to guess or figure out that password. If your changed your password to cActuscActus then the estimate increases to 49,000 years. If you changed it to cActuscActus2012 then the estimate rises to 6 trillion years. Wow!

As you select more secure passwords, please make sure that they are still easy to remember. For example, if you currently use your child’s name or birthday as your password you could change your password to Andrew’sBirthdayIs12/15/80. That’s still easy to remember, but it’s so much more secure since it’s long, has a mix of uppercase and lowercase letters, numbers and punctuation marks.

Below are some other suggestions of strong passwords to help you get your creative ideas flowing. Create phrases or sentences which naturally incorporate punctuation marks and captalize each word in the phrase.

2%MilkHasLessFat

$100HaircutsAreExpensive

5¢CokesAreAThingOfThePast

Now that you’ve picked one or two strong, secure passwords, please start to update all of your accounts. As you go through your day in the coming weeks, take a minute or two to update your accounts when you login to them. You might also want to maintain a list of your accounts and their passwords. You can store this information on your Mac by using a secure disk image. Read this previous Tech Tip about how to create a secure disk image.

Click to Print or Email

You can use these instructions to retrieve any saved password from your keychain, such as the password to your wireless network. The keychain is a secure place to store passwords. When you initially connected to your password-protected wireless network, your password would have been stored in your keychain if you checked “Remember this network.”

• Go to /Applications/Utilities and open Keychain Access. This application lets you view the passwords (keys) stored on your keychain. You’ll notice that the application’s icon is a ring with keys on it.
• Use the Search field in the upper right corner. Type in the name of your wireless network.
• Click on the name of your wireless network from the list of found items. Here are some clues on how to find the right one if there are multiple items with the same name. It’s Kind will be Airport Network Password. It’ll be on the “login” keychain.
• Go to the File menu and select Get Info.
• In the lower left corner of the Get Info window check the box named “Show Password.”
• You’ll be prompted to enter your administrator account’s password. (This is your main computer password. This is the password you use when installing software updates.)
• Click the “Allow Once” button.
• The password is displayed.

Click to Print or Email

This post builds upon the information that I presented in my last blog entry about how to securely store personal information on your Mac. A disk image is a special kind of file. When a disk image file is opened, it makes the computer think that an actual disk, like a CD, has been physically inserted into the computer. Thus, a disk image file, or more simply a disk image, can be thought of as a virtual disk.

Here’s how to create and use a password-protected (encrypted) disk image in Mac OS X 10.4, 10.5 or 10.6:

1. Go to your Applications folder and open the Utilities folder.

2. Open the Disk Utility application.

3. Click the “New Image” button, or choose New > Blank Disk Image from the Disk Utility File menu.

• Enter a name for your disk image file in the “Save As” field

• Change the save destination to either your Documents folder or your Desktop, whichever you prefer.

• Set Volume Name set to “Virtual Disk” (In 10.6 the field is called “Name”, not “Volume Name”)

• Select a Volume Size for the image file. If you’re just going to store a few Word or Excel files in the disk image, then 10 or 20 MB should be large enough. (In OS X 10.6 40 MB is the smallest you can select.) You can choose any size you’d like by selecting “Custom” at the bottom. If you ever fill your disk image you can always create a larger one and move the files from the smaller disk image to the larger one.

• Leave the volume format set to “Mac OS X Extended (Journaled)” (In 10.6 the field is called “Format”, not “Volume Format”)

• Leave “Partitions” set to “No partition map”

• Leave the Image Format set to “read/write disk image”

• Set Encryption to “128-bit AES” if your Mac uses Mac OS X 10.4. Choose “256-bit AES” if your Mac uses Mac OS X 10.5 or 10.6

Warning: If you forget the password to your encrypted disk image, your data will be irretrievably lost so please write down your password on a piece of paper. This is just a precautionary measure.

• Click the Create button.

• Important: In this next step you’ll need to first uncheck “Remember password (add to keychain)” then enter the same strong password twice. This password is used to secure your disk image.  [By "strong password," I mean one this is long and contains a mix of letter, numbers, odd capitalization and punctuation marks or at least most of these features. For example, 1%milKisgooDforyoU is a strong password.]

• Click OK

4. The disk image file will be created and then it’ll be opened automatically.

5. Look at your Desktop you should see an icon named Virtual Disk. This is what appears whenever your disk image is opened. Copy a file into this Virtual Disk. Notice that the file will automatically be copied when you put it in the Virtual Disk. The original file will remain where it is so you’ll probably want to put it into the Trash in a couple of days after you’re sure you understand how your new disk image works.

6. Close Virtual Disk by dragging its icon to the Trash, which will eject this virtual or fake disk.

7. Now, locate your disk image file. (It’s in the location that you selected in step 3, second bullet). Double-click your disk image file. Enter your password when prompted and then click the “OK” button. You should now see the icon for Virtual Disk again. Open it and you’ll see the file that you copied into it.

8. Now that you know how to use your disk image, you can copy more files into it and then delete the originals. For example, if you keep a list of passwords or other sensitive information in a Word or Excel file, copy this file into the secure disk image. Once you’ve confirmed that this file is inside your disk image then throw away the original file so it’s no longer sitting unprotected on your Mac’s hard drive.

9. Don’t leave your Virtual Disk on the Desktop all day long. This defeats the added security. Only open it when you need it and then close it when you’re done by dragging its icon to the Trash icon on your Dock.

Click to Print or Email

Do you have personal or sensitive information about yourself or your clients on your Mac? Things such as credit card numbers or passwords? If so, I recommend storing this information in a special kind of file known as an encrypted disk image. I store a list of my own passwords and other sensitive information in such a file on my Mac laptop. This file is always readily available while still being inaccessible by others, even if my laptop were stolen.

Without getting very technical, disk images were invented as a way to make a backup copy of a disk such as a floppy or CD, but other uses have emerged over time. Mac OS X lets you create a blank disk image that can be thought of as an empty folder. Additionally, this file can be encrypted which requires a password when you open it. Thus, in an over-simplified way, you can think of an encrypted disk image as a password-protected folder.

Read my next blog post for step-by-step instructions on how to create and use an encrypted disk image on your Mac. After creating your own secure disk image, copy the files that you want to protect into this disk image. For example, if you keep a list of passwords or other sensitive information in a Word or Excel file, copy this file into the secure disk image. Once you’ve confirmed that this file is inside your disk image, then throw away the original file so it’s no longer sitting unprotected on your Mac’s hard drive.

Click to Print or Email