view in plain text or web browser  
Tech Tails | Apple news straight from the Tech Room | SmallDog.com | 800-511-MACS
 
#921: The Glorious iCloud.com and FMIP, Security by Obscurity - The Myth of Hiding your SSID, Personal "Security" in Today's Tech-Savvy World

 
     
 

Hello Fellow Tech Enthusiasts,

We’re on the verge of spring cleaning season, and before that whole rigamarole starts, I thought we should all get ahead of the pack and have a good ol’ backup conversation. I consistently find that there is a very solid feeling of security when a user has two or three backups of their important data, and I highly recommend an onsite as well as offsite backup solution. I usually keep my photos and music backed up at home, with documents backed up at home and via free cloud storage solutions such as iCloud or DropBox.

This winter we have repaired a lot of devices, and as usual we see dead iPod and iPhone batteries due to them being left out in sub-zero temperatures. Remember to bring devices inside from cold and heat, as this can prevent lasting damage, and when you bring a frozen device indoors keep in mind it may need time to be free of condensation before it is safe to use without causing further damage to it. Back in the 90s I lost a Sony MiniDisc player in the snow out in the woods for three days, and it still worked! However I would not that I recommend leaving your iPhone under a foot of snow!

Now that football season is over, we can focus on other things, like where to put your data, or how iCloud works…

-Mikhael
mikhael@smalldog.com

 
   
     
  The Glorious iCloud.com and FMIP  
   
 

There’s a lot of really nifty stuff at iCloud.com. I’ve watched it grow over the years since it was released with iOS 5 a few years back. Personally, the email and Find My iPhone are the features I find myself using all the time on the web interface of iCloud.

Find My iPhone (FMIP) is wonderful. It’s a little confusing having “iPhone” in the title, as it works on iPad, iPod touch, and the Mac to some degree. I frequently misplace my phone somewhere at home, and I know it has to be somewhere close because I haven’t left the house that day. FMIP to the rescue! I go to my computer (much larger, and therefore a bit less likely to misplace) and visit iCloud.com, click on the button labeled “Find my iPhone” (it will looks like a radar screen) click on that and you’ll be in the FMIP screen. It gives you a map with the last known location of all the devices logged into that iCloud account.

It is important to understand that an internet connection is required for the device to communicate that location information to the iCloud servers. This is also a way for the device to know where it is. Cellular enabled devices also have a built in GPS, so the device knows exactly where it is, providing it’s able to get a GPS signal. Many wifi networks provide location information, but if the device leaves that, and is not cellular enabled, it will not be able to determine where it is or communicate that to the iCloud servers.

At the top there will be a bar, with “devices” in the middle. Click that and you’ll get a drop down menu of all the devices on that account with FMIP turned on. On mine, I have a happy green dot right next to my iPhone as well as when that location was last updated, but the other devices have a sad, dim, gray dot with “Offline” under the device name. Right now I see one dot on the map, and that’s my iPhone right here with me. If my iPad wasn’t powered off, it would see it at home, providing it hadn’t evolved legs and wandered off somewhere…

From this menu I have a few options: Play Sound, Lost Mode, and Erase iPhone. Play Sound is the button I push regularly. It makes this loud sound that helps me reunite with my device that stayed where ever I put it and then forgot about. There’s Lost Mode which will allow me to give it a lock code that’ll keep prying eyes from the contents of my iPhone (or other iDevice) as well as display a message to a (hopefully) good Samaritan that will bring it back to me. There’s not much incentive to hold on to an iPhone in lost mode, as FMIP is also an “activation lock” making the device useless to anyone that doesn’t have the username and password of the account that last had FMIP turned on. This feature has been very successful at deterring theft of iPhones, because they’re simply worthless to any nefarious party when it’s turned on. Finally, there is Erase iPhone, which will erase all of the content but will continue to display the message that you have set.

There are many other features of iCloud.com, but each one would have me going on nearly as long as I just did for FMIP. While I hope you never lose your device, I expect FMIP to assist you in any event where you seem to have misplaced it.

See more details here.

 
   
     
  Security by Obscurity - The Myth of Hiding your SSID  
   
 

There is this myth that hiding your SSID is a form of keeping your wifi network safe from malicious intent…this is a lie! Service Set Identifier was never meant to be a form of security, it was designed to be a network identifier. Even when you “hide” your SSID, your router is broadcasting information whether it is “hidden” or not and with the right software you can find these quicker then Waldo in the children’s books. If anything, hiding your SSID is worse because when and if your network is discovered, you raise curiosity in the viewpoint of the attacker…“what are they trying to hide?”

To understand what is going on here, you must first understand how networks work to communicate and transport data via the OSI Model. The OSI Network Model is based on 7 layers. See the diagram above for details.

In this case we will use a MacBook and wifi router to explain. If the MacBook is connecting to a wifi router, the router will broadcast a name to identify the network called the SSID. When you click on the wifi signal icon at the top of your desktop you see a listing of available wifi networks. Those names are the Service Set Identifier. Now the myth: if you “hide” that from being broadcasted, you should be safe from would-be attackers trying to gain access to your network. Again, this is a lie.

Say hello to our non-friendly software, such as Aircrack-ng or Kismet. Certain hacker tools such as these can monitor wifi air traffic and pull information right out of the air. Wifi traffic is broadcasted on layer 2 and it is broadcasting layer 3 information (the network layer) as “packets.” These types of software are called packet sniffers, meaning they can pull your info right out of thin air, even if you are trying to hide it.

So how do I keep people off of my network? One answer is complex passwords. When an attacker chooses a target, they have a plethora of tools, and a password cracker is one of them. The more complex you make your password, the longer and more difficult it is for the cracker to figure out the hash encryption of the password, thus the more likely the attacker will give up for fear of being discovered.

Surf safe, friends!

 
   
     
  Personal "Security" in Today's Tech-Savvy World  
   
 

Time and time again, I am confronted with the harsh realities of personal security in today’s tech-savvy world. In many ways I feel like we’ve lost some ground on how we manage our private data, and I would like to discuss here some of the observations and conclusions that I’ve discovered in my search for “the perfect system” (so to speak). There are a few different methods of storage popularly accepted in the tech world, and I’d like to go over the pros and cons of those before delving into my extrapolation of the deeper factors at work.

  • Tangible Storage (my own term) is defined as a storage volume(s) that is physically connected to a device that handles information in a closed loop system with that media. Examples include external USB/FireWire/Thunderbolt backup hard drives, USB Flash storage, CDs/DVDs, etc.
  • Referenced Storage (in this case) would be defined as storage that is still maintained in a closed loop system within the larger range of LAN (Local Area Network) or WAN (Wide Area Network) behind a router that masks internal device identifiers. Examples of these devices or setups include NAS Drives (Network Attached Storage), Servers, WiFi-enabled drives, Shared Directories (on local machines, e.g. your Mac’s Public folder or a publicly accessible drive partition).
  • Cloud/Net storage – Most commonly associated in reference to services such as Dropbox, iCloud, Amazon Cloud Drive, Google Drive, Mozy, etc. Also referring to farm-based servers, web-based data transfer protocols, email caching, social media websites, etc.

So, after that long-winded introduction, here’s the deal: We are all becoming more trusting of corporations and privacy policies over time, sacrificing security for ease-of-use. It’s a question of priorities for many – and I don’t mean to single out any individual or lifestyle. If you have a secure and efficient system for organizing and protecting your digital life, then by all means disregard what might seem to be my paranoid observations. If you are interested in learning more about how to stay ahead of the game, this is for you. I am calling out to both lightweight users and professionals – your personal data might not seem that important, until you lose it (or worse, it’s stolen). As a concerned and sympathetic fellow technophile, I would like to help dismantle the jumble of services and solutions that are available, and dispel some commonly held misconseptions.

The bottom line is that unless you are in physical possession of your data, or you use proper and airtight current-generation file-level encryption, your sensitive files may very well be at risk. Even with those precautions, and barring physical storage failure (also insanely common and to be expected from any media regardless of statistics or ratings), you may still run into problems. So what (or who) is to be trusted? Where can you turn when your data is priceless and you want to ensure it’s healthy life?

The real answer is similar to one you’d get about other aspects of your life – never put all your eggs in one basket, and under NO circumstances should you assume that you have eliminated all points of failure. I would recommend using mirrored, NAS storage for local backups and storage, with the caveat of using a separate LAN to manage that data service. Direct local backups are great too, and you can feel free to make as many of those as you like, but prudence suggests that we should never assume that any one drive will be reliable. Depending on a user’s needs, one may decide to give up some security (file-level encryption, for instance) in order to boost access speeds or ease-of-use. However, I caution those who would say “I don’t have anything to hide”, because that’s never completely true, and even if it was, it’s still a matter of respect for one’s own privacy. Sites like Facebook, Twitter, MySpace, and even Google are breeding grounds for identity theft and other security threats. It’s the same story with services such as Dropbox or Copy.com. Privacy policies aside, when you put your personal data on storage media that is not local to you, you have given up control of that data. Many companies do offer storage in encrypted formats, but most of these encryption levels and protocols are sub-par and often not up-to-date.

With a growing population of more and more technically adept individuals, it is becoming increasingly common for any given user to have experienced data loss, theft, or misuse related to poor security and storage practices. I urge the reader to consider how they interact with their information and who they entrust it to, as well as how secure and redundant their backup solution is. Keeping these factors in mind can be the difference between a simplistic, efficient, and secure solution and one that is fragmented and prone to theft or loss.

 
   
     
  SPECIAL | G-Technology G-Raid Thunderbolt 4TB hard drive  
   
 

Save $70 on G-Technology Professional High-Performance Dual-Drive Storage System

G-RAID with Thunderbolt, designed specifically for professional content creation applications, features the most powerful, flexible I/O technology ever. At double the data transfer rates of USB 3.0 and over 12 times faster than Firewire 800, no other PC I/O interface can match the raw speed of Thunderbolt now available in G-Technology’s leading RAID solution.

See the product here but please call for pricing and availability.

 
   
     
  SPECIAL | 360 Electrical 6 Outlet PowerCurve Surge Protector  
   
 

TT SPECIAL | Save $5 on Electrical Power Curve 6 Outlet Surge Protector

24.99

The 6 Outlet PowerCurve Surge Protector from 360 Electrical allows you to protect all your sensitive electronic devices from power surges and spikes. It has six 360° rotating outlets which accommodate large plugs that normally won’t fit in your regular surge protectors. The Surge Protector also features auto shutdown technology, which cuts power in the event of a major surge.

View

 
     
  SPECIAL | Lego Builder Case for iPhone 5/ 5s  
   
 

TT SPECIAL | Save $20 on Lego Builder Case for iPhone 5/5S

Starting at $ -12.34

The Lego iPhone case is designed to protect the buttons on the sides of your iPhone 5 or 5s, while keeping the ports and speakers fully exposed. Adjusting your volume, plugging in your headphones, and connecting your charging cable is fast and easy — all while keeping your case on and your phone fully protected.

It also turns your phone into a buildable brick!

View