Archives For security

My latest column for The Seattle Times looks at what’s just around the corner: a few notable features in the macOS Sierra and iOS 10 betas. I’ve been running both (as well as watchOS 3), and am impressed so far. The features I mention in the column are just a sampling, and I focused on how the Mac and iPhone/iPad work together.

I didn’t have space to mention things like the Maps app automatically noting where you parked your car, how convenient the raise-to-wake feature on the iPhone is, or the convenience of replying to texts without leaving the current app (something possible under iOS 9, but expanded in iOS 10).

Read it here: Beta testing: In next macOS, everyday features work more closely across devices.

Also worth noting: Make sure you update to iOS 9.3.5, a quick-fix security update that Apple issued late last week to patch a hole that could enable an attacker to remotely control your device. TidBITS has more info here: iOS 9.3.5 Blocks Remote Jailbreak.

If you like the work I do, please consider signing up for my low-volume newsletter that I use to announce new projects, items, and giveaways that I think my readers would be interested in.

In this week’s Practical Mac column for the Seattle Times, I cover the Apple/FBI situation and make the case that the implications for forcing Apple to comply with the FBI’s demand is a dire security situation for everyone. I also include some practical advice for securing data on iOS devices. Apple-FBI fight has big implications for your security, privacy 

Tc 1password 2ed

One of my favorite and most-used Mac utilities received a major update this week. I rely on 1Password practically every day on my Mac, iPhone, and iPad to securely store all of my passwords, credit card details, and other essential information. Even better, 1Password 6 for Mac is a free update for owners of versions 4 and 5.

The best part, though, is that Joe Kissell has updated his ebook, Take Control of 1Password, Second Edition. Want to know how to make the most of the new 1Password for Teams feature, understand how to use vaults, or just learn how to create, store, and sync strong passwords? Joe’s book delivers. Buy it today for $15. If you already own the previous edition, click the Check for Updates link for details on upgrading.

Letter to Family about iOS 8

September 17, 2014 — 2 Comments

Whenever a significant new Apple update appears for the computers or devices that my family members own, I send out a quick note giving advice on whether they should upgrade or not, and when. With the release of iOS 8 today, I thought I’d share my letter; feel free to copy it and send it to your friends and family.

    Hello family!

    Apple released iOS 8 today for iPhone, iPad, and iPod touch. I’m sure you’ll receive an email or a notice on your device within the next day or so about it.

    My advice about upgrading is twofold:

    1. I’ve been running iOS 8 for a few weeks on my main devices (and a couple months on test devices), and it’s in pretty good shape. If you prefer to be cautious, I’d say wait a short while until Apple releases an expected 8.0.1 fix to tackle things that couldn’t be fixed before release. (There are always things like that; Apple needed to finalize the software a couple of weeks ago to put it onto the iPhone 6 units that are currently being shipped.)

    If you do upgrade, MAKE SURE YOU HAVE A BACKUP FIRST. If you sync to iTunes on your computer, connect the device and look for the Back Up Now button on the Summary screen. If you back up to iCloud, go to Settings, tap iCloud, tap Storage & Backup, and then tap Back Up Now.

    Also make sure you have enough free space on your device; at least 6 GB. You may need to offload photos to iPhoto or your computer’s hard disk.

    And keep in mind that upgrading could take some time, possibly a couple of hours depending on how many apps you have and how much storage is already occupied.

    2. My second piece of advice is important right now. If you’re asked to turn on iCLOUD DRIVE, do NOT. Apple is still working out bugs and, more important, you need to be running OS X Yosemite on a Mac to take advantage of many of its features. Yosemite hasn’t been released yet. So, for example, if you use Pages to write documents on an iPad and on the Mac, enabling iCloud Drive breaks the connection on the Mac, preventing documents from syncing. This will all get sorted out eventually, but that’s the situation as of today. Here’s an article at TidBITS that goes into more detail:

    One more piece of advice, especially if you own an iPhone 5s with a Touch ID sensor (or if you’re planning on buying an iPhone 6 or iPhone 6 Plus): go get 1Password 5.0, which is now free. It’s essential for storing and generating secure passwords, and thanks to the Extensions feature of iOS 8, makes it possible to sign into Web sites and do other things by resting your finger on the Touch ID sensor (so you don’t have to look up or remember the password!).

    I hope this helps. I love you all,


Rich Mogull on Apple Pay

September 12, 2014 — Leave a comment

Writing for Macworld, my friend Rich Mogull explains Apple’s new Apple Pay system for making secure digital-wallet transactions. Some choice quotes, but you really need to read the whole thing:

Using per-device tokens means that only the bank that issued the card (or its payment network) ever has your card: You don’t have to trust Apple with it. This is different from the Google Wallet system, in which Google holds your cards on their servers. (For the record, Google is exceptionally good at maintaining that kind of security).

Apple Watch will have its own secure element and Device Account Number. We don’t yet know the process for registering your card on the watch, but it is expected you’ll be able to use the watch without an iPhone to make payments. Go for a run wearing your Apple Watch, and you’ll be able to buy water at a gas station without pulling out a wad of sweaty cash from the tiny pocket in your running shorts.

But aside from the technical differences, Apple is in a unique position due to its business model. It doesn’t want or need to track transactions. It doesn’t want or need to be the payment processor. It isn’t restricted by carrier agreements, since it fully controls the hardware. Google, although first to the market by a matter of years, is still hamstrung by device manufacturers and carriers. Softcard is hamstrung by the usual greed and idiocy of mobile phone providers. PayPal has no footprint on devices.

My latest Practical Mac column for the Seattle Times looks at what you can do following the Heartbleed vulnerability, with a focus on features in the new version of 1Password: Heartbleed fallout: It’s time to change most passwords.

In it I mention Watchtower, a Web site that the developer, AgileBits, created to check if sites are patched to fix the problem or not.

Just a few days after the article appeared, AgileBits has updated 1Password for Mac to incorporate Watchtower into the app itself. After you enable the feature in the application’s settings, a Watchtower item appears under the Security Audit category.

It doesn’t help to change all your passwords for sites that haven’t implemented the fix, so having some pointers like this definitely helps.

1p watchtower

In my latest column in The Seattle Times, I talk about last week’s crucial security updates for OS X and iOS. I also look at Screens, my favorite iOS and OS X app for connecting to another Mac and controlling it.

Read it here: You’ll sleep better after this update.