Apple Releases Mac OS X 10.7.4 To Fix Security Bugs

Mac OS X 10.7.4 Update Image From Vinh Nguyen's MacBook Pro

Mac OS X 10.7.4 Update Image From Vinh Nguyen’s MacBook Pro

Last couple days, people have been reported that there has been a bug in Mac OS X 10.7.3’s system-wide debug log file, consequently allowing anyone or any malicious program that knows where to look and have access to a Mac OS X 10.7.3 machine to steal users’ passwords.  It appears that the passwords are saved in plain text in Mac OS X 10.7.3 as the bug prevents the system from encrypting the passwords.  As people are panicking and wondering when will this bug be patched by Apple, Apple has quickly released Mac OS X 10.7.4 to address this password security bug.

Furthermore, this new update to Mac OS X 10.7.4 will also address other security bugs within Safari web browser.  Of course there are few other enhancements to other features too by updating to Mac OS X 10.7.4, but you can easily whisk over to Cnet’s Apple releases Safari 5.1.7, Snow Leopard updates, and more article for an in-depth look into Mac OS X 10.7.4 update.  So, don’t you hesitate to update your Mac to OS X 10.7.4, because your Mac will be more secure than before with the newer update.  To update your Mac to Mac OS X 10.7.4, just use the Software Update feature within Mac.  You can find Software Update feature if you left click on the Apple logo at the top left corner of the monitor/screen.

Sources:

Passware Claims To Break FileVault 2 Encryption In 40 Minutes

Cryptographically secure pseudorandom number g...

Image via Wikipedia

Cnet reported Passware, password recovery company, has claimed that FileVault 2 for Mac could be broken under or around 40 minutes.  In case you have never used Mac before, FileVault 2 is similar to TrueCrypt and Windows’ BitLocker.  These three major popular encryption software help computer users to securely wipe (i.e., format hard drives, partitions, external drives, etc…) and then encrypt hard drives and the likes.

Using encryption technology supposes to be helping computer users to secure their data, but it seems companies such as Passware do have ways around the encryption technology after all.  Nonetheless, since we now know encryption software are vulnerable, we can at least understand that relying on encryption software alone to protect our most precious data might not be enough.  This way we only have ourselves to blame and be angry at when we’re not actually going to the extend to protect our precious data beyond the deploying of encryption software.

To the best of my knowledge, I think most software that are designed to break encryptions (i.e., encrypted data) need to have access to the physical machines before such software can actually decrypt the data.  I wonder will this be the case for Passware’s claim too.  If it’s, then as how it has always been so; computer users best protect their precious data by physically secure their machines better.  This way, hackers have to jump more than one hoop to actually attain your precious data.

In the end, I think security is at best when wise computer users go to the extend in deploying whatever that is necessary to protect their computer data, that’s if such computer data are that important to some folks.  For now, let hope Apple, TrueCrypt, and Microsoft can soon come up with better encryption software so computer users know they can rely on encryption technology to protect their data better.  Let hope Passware isn’t claiming to have the ability to decrypt data from the cloud also, because such a scenario might be horrible for people who rely on encryptions to protect their data in the cloud.  So far, I don’t think this is possible yet.

Source:

Even The FBI, CIA, And NSA Admit That Full Disk Encryption Is Hard To Crack

Category:WikiProject Cryptography participants

Image via Wikipedia

According to Extremetech’s article “Full disk encryption is too good, says US intelligence agency,” a study with a title “The growing impact of full disk encryption on digital forensics” suggests that CSI teams from intelligence agencies (e.g., FBI, CIA, NSA) are facing many difficulties in gathering evidences against criminals who use full disk encryption to lock out incriminatory data.  So, when the elite federal intelligence agencies within the United States think that full disk encryption is making their jobs too hard, then everybody should know full disk encryption can protect data appropriately against most hackers.  Just don’t let the hackers social engineering you to give out the password to unlock the encrypted data, OK?

Surprisingly, full disk encryption can be done so easily, but I doubt that many good citizens are willing to do so.  Sure, full disk encryption can take a very long time if the disk is huge, but by being patience enough to wait out for the encryption process to finish can actually pay off in the end in regarding to safeguard one’s data.  TrueCrypt is the best free software known to date which allows users to truly encrypting disks and files easily.  TrueCrypt is compatible to Mac, Windows, and Linux.  Besides TrueCrypt, Windows 7 Ultimate and Enterprise editions have full disk encryption known as BitLocker Drive Encryption; Mac OS X Lion has FileVault 2; and Linux has various free software to do full disk encryption.  So, it’s clearly that one can do a full disk encryption on any computer platform easily.

Nowadays, web services and businesses encourage customers and computer users to store data online (i.e., inside cloud networks).  As more people store their data online, it’s obvious that such data should be encrypted.  Online data can be stored in network structure known as cloud network.  Cloud network is like a farm of servers that work tightly together to store and compute data with ease.  Since cloud network provides a central hub to store data, and so it’s enormously attractive to hackers.  Hackers love to go after cloud networks; once they break through the cloud networks’ security measures, one fell swoop can reward the hackers with enormous amount of data.  What if the majority of information that store in any cloud network aren’t that valuable, does this mean hackers are wasting their time?  Not really, because stealing few important data from a cloud network might still yield more booties than targeting small banks of data one at a time.  So cloud network users, you all should encrypt your data before uploading such data to the cloud.

In summary, the bad guys love to use full disk encryption for protecting their illegal activities, and so the good guys too should take note and do the same to protect their valuable information from hackers.  Of course, the difference between the two is that the good guys are willing to give the authorities their passwords to unlock encrypted data when such requests are made.  Just make sure not to do the same for the hackers, OK?  It’s not hard to encrypt one’s data since there are too many freely downloaded free tools that allow full disk encryption.  A perfect example of a very good free tool which allows full disk encryption is TrueCrypt.

Source:  http://www.extremetech.com/computing/105931-full-disk-encryption-is-too-good-says-us-intelligence-agency

Using FileVault Is A Must On Mac If You Really Want To Protect Your Data At All Cost

The best way to protect your Mac’s data is to use FileVault.  Without FileVault, anybody who has physical access to your Mac can become root as will by holding down the command key and s key on the keyboard right after a reboot.  As root, that specific person can take a look at your data at will and might do something even more nefarious.  So, the next time, don’t think that user accounts on your Mac can be secure, because these accounts have passwords!  The passwords can only protect users from remote hacking, somewhat!