#148: Security Audit
July 29th, 2013 · 79 minutes
David and Katie review best security practices and discuss email encryption, VPN, password practices, data encryption, two factor authentication and more.
Thanks to MPU listener Jigar Talati for assistance with the shownotes this week.
This episode of Mac Power Users is sponsored by:
Our exclusive sponsor for this episode, 1Password.
Download: MP3 (36.81 MB)
Links and Show Notes
Links for this episode:
- PRISM (surveillance program) - Wikipedia, the free encyclopedia
- Tips | Agile Blog
- How Apple and Amazon Security Flaws Led to My Epic Hacking | Gadget Lab | Wired.com
In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.
- Multi-factor authentication - Wikipedia, the free encyclopedia
Multi-factor authentication (also MFA, Two-factor authentication, TFA, T-FA or 2FA) is an approach to authentication which requires the presentation of two or more of the three authentication factors: a knowledge factor ("something the user knows"), a possession factor ("something the user has"), and an inherence factor ("something the user is").
- Apple ID: Frequently asked questions about two-step verification for Apple ID
- Install Google Authenticator
If you set up 2-step verification using SMS text message or Voice call and also want to be able to generate codes using the Android, iPhone or a Blackberry, you can use the Google Authenticator app to receive codes even if you don’t have an Internet connection or mobile service.
- ID Protection Mobile Center - VIP Access for Mobile
Get VIP Access to help protect your online accounts. VIP Access provides a unique security code that you can use in addition to your user name and password for safe and secure account access.
- How do I enable two-step verification on my account? - Dropbox
Two-step verification is an optional but highly recommended security feature that adds an extra layer of protection to your Dropbox account. Once enabled, Dropbox will require a six-digit security code in addition to your password whenever you sign in to Dropbox or link a new computer, phone, or tablet.
- Sign in using application-specific passwords - Accounts Help
Using application-specific passwords
- Hover and Google Apps
- Secret decoder ring - Wikipedia, the free encyclopedia
- Transport Layer Security - Wikipedia, the free encyclopedia
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over the Internet.
- Pretty Good Privacy - Wikipedia, the free encyclopedia
Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, e-mails, files, directories and whole disk partitions to increase the security of e-mail communications
- The GNU Privacy Guard - GnuPG.org
GnuPG is the GNU project's complete and free implementation of the OpenPGP standard as defined by RFC4880 . GnuPG allows to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries are available.
- Official Homepage | GPGTools (OpenPGP Tools for Apple OS X)
GPGTools is a software collection that brings encryption/decryption and signing of e-mails and files, to you on your mac (for Windows use Gpg4win). The main goal is to bring OpenPGP - in the form of an easy installer package based on MacGPG - to Mac OS X.
- OS X: About FileVault 2
FileVault 2 uses full disk, XTS-AES 128 encryption to help keep your data secure. With FileVault 2 you can encrypt the contents of your entire drive.
- Mac OS X: About file system journaling
"Journaling" is a feature that helps protect the file system against power outages or hardware component failures, reducing the need for repairs.
- Password Protect an External Drive in Mac OS X with Encrypted Partitions
- Learning To Love Evernote — Chambers Daily
Have you always wanted to love Evernote, but never really got it? I completely understand! I was in your same place for 4 years, but just recently saw the light. I want to share with you how I learned to love Evernote!
- Knox | Simply secure file encryption
- Virtual private network - Wikipedia, the free encyclopedia
A virtual private network (VPN) extends a private network across a public network, such as the Internet.
- Apple OS X Server
- ScreenCastsOnline - SCOM0375 Using Mountain Lion Server
- How To Set Up a VPN Server Using a Mac « Nosillacast
- Cloak VPN - Cloak - GetCloak.com
- iOS: Understanding passcodes
- Domain Name System - Wikipedia, the free encyclopedia
The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most prominently, it translates easily memorized domain names to the numerical IP addresses needed for the purpose of locating computer services and devices worldwide
- 5by5 | Mac Power Users #17: DNS and Macworld 2010
It’s a jam packed show this week. We discuss alternative DNS services including OpenDNS and Google’s DNS service with special guest George Starcher. We talk about the advantages and disadvantages of using an alternative DNS service and compare the new Google DNS service with OpenDNS.
- MPU Screencast: Configuring OpenDNS