Whether or not you've made friends with Dropbox it's a good idea to familiarize yourself with it. Here's some very important information, just released by Dropbox on 7-1-11, notifying me by email on 7-2-11 at 7:49 pm. By this time there were so many complaints and comments posted there it would take 114 pages to print it. The blog explains TOS, (Terms of Service), privacy policy and security. By continuing to use Dropbox you automatically agree to the new TOS which takes effect 7-15-11.
Learn About Facebook
If you or your kids are users of Facebook Jim Hamm found this link to a 4 page tutorial that he says might be helpful.
Apple Releases Security Update Today
Alerted first by a PCmagazine article, the official info comes from this Apple Support site. The security update 2011-003 is 2.1 MB and takes less than 2 minutes to download. It was released earlier today, May 31, for OS X v. 10.6.7.
What do you know? David Passell writes to brag that his update took less than a minute!
More About: Keep in Mind About Your Computer Security . . .
A good reminder comes from Allen Laudenslager. He sends this CNN article, declaring that it might help give a little clarity on the MacDefender malware issue. The article, entitled, "New Malware Revives Mac vs. Windows Security Debate" states that Microsoft recently pointed out that 1 in 14 downloads on Windows are malicious. And the fact that there is just one piece of Mac malware being widely discussed illustrates how rare malware still is on the Mac platform. The writer concludes, " . . . the moral of this story is to be wary that Mac malware is in the wild, and be cautious about installing sketchy software from unfamiliar sources."
This evening several news reports discuss the malware. AppleInsider, states that Apple will release an update to Mac OS X to automatically find and remove the malware. The article concludes, "The scam site is also unable to install the malware without the user supplying an administrative password. Even so, hundreds of users have been duped by the scam, although the outbreak appears to be more of a nagware annoyance than a serious security problem."
First thing this morning, (5-25) Allen passes on this Apple Support information which lists the authorized steps to take to remove the malware if you happen to inadvertently download it. Once the Mac OS X software update is here we'll have "no more concern about the only widespread Mac malware that we have to worry about" because it will automatically find and remove the MacDefender malware and its known variants.
Joining in with helpful info now is Art Gorski, recommending this from MacWorld.
This afternoon (5-25) we found this in ComputerWorld: "Mac users running Safari can stop avRunner from automatically opening its installer screen by unchecking the box marked 'Open 'safe' files after downloading' at the bottom of the General tab in the browser's Preferences screen." Read the whole article.
Here's the 5-26 article from Computer World with more details.
What else are PMUG members saying about malware, security, anti-virus issues? On the right side of this newsblog scroll to the Labels list and look up those keywords, and any other keywords you're interested in researching. Our PMUG members do a good job of finding out -- and passing along -- all kinds of Mac information.
Security Settings for Safari
Thanks to Jim Hamm who writes, "Here are some comments about security in Safari from a member of a Mac forum I belong to. These are the settings he recommends. I’ve not tried or read about the last item in his list: FlashToHTML5. I’ll have to learn more about this, and why/if to use it.
Safari - Block Pop-Up Windows
Safari - Preferences - General - Open "safe" files after downloading (uncheck)
Safari - Preferences - Autofill - Using info from my Address Book card (uncheck)
Safari - Preferences - Autofill - User names and passwords (uncheck)
Safari - Preferences - Security - Fraudulent sites (check)
Safari - Preferences - Security - Location services (uncheck)
Safari - Preferences - Security - Web content (uncheck all for most security, but check as you need capability)
Safari - Preferences - Security - Accept cookies (check only "Only from sites I visit")
Safari - Preferences - Security - Ask before sending a non-secure form from a secure website (check)
Safari - Preferences - Extensions - AdBlock (add this extension to block most ad content)
Safari - Preferences - Extensions - FlashToHTML5 (add this extension to convert Flash to HTML5 when possible)
"The biggest setting to change is the Human Setting. Think about links before you click them. Hover over them to reveal their true destinations before clicking on them. Watch for non-secure (http://) links that ought to be secure (https://)--anything that deals with money, like banks, checkouts, etc. Look for the green secure/trusted indicator in the URL bar.
"Watch for links that include multiple 'http' strings -- these initially look like they go to the first domain listed, but actually go to the last one listed (http://www.trustedbank.com.http://evil-domain.net/blah/blah). DON'T click these. If a bank asks you for your account login information in email, via a link sent in email, it's fraudulent. If clicking a link causes a 'Enter your system administrator password' prompt, think long and hard before typing it in. I think you get the idea."
How to Check It Out
With scams and suspicious things in the news we can thank Art Gorski for passing along his experience. He writes, "Just yesterday I got an email from PayPal asking me to agree to a new set of terms and conditions to continue to have a PayPal account.
"If I didn't have a PayPal account this would obviously be spam I could just delete. However, I do have a PayPal account.
"This could still be an attempt to lure me into trouble, so I carefully examined the email. The Reply-To address looked OK, it ended in 'paypal.com' and not in something dangerous like 'paypal.com.ru.' I used the 'View > Message' menu in Mail to show the message as 'Raw Source.' This makes it thoroughly ugly, but will reveal all the website links hidden in the message as they really are. All of these looked OK.
"But still, I'm paranoid about 'social engineering' scams that try to get you to give up your username and password, and PayPal is a potentially very damaging one if you lose your credentials to a hacker.
"So in the end, I trashed the email and just used my normal Safari bookmark to log in to PayPal. Sure enough, the website asked me immediately to agree to new terms and conditions, so I handled it from there, since I knew it was safe to do so."
Watch Out For This
Just spotted this article from ComputerWorld about fake security software on Mac. You'll want to be knowledgeable about this threat. Apple discussions has more than 20 entries on this, with the most recent dated today, 5-2-11.
Jim Hamm sends us this from The Unofficial Apple Weblog with specifics for finding and deleting -- as well as preventing -- the MacDefender app. The article tells us to uncheck "Open 'safe' files after downloading" in Safari Preferences. And the writer closes with, "For those of you who haven't been hit by the MacDefender app, take care while downloading images for the next few weeks."
Adobe Critical Update
Adobe calls it a "critical update" and you'll want to read about it here. Thanks to Jim Hamm for alerting us this afternoon. Go to Adobe here to see what version you already have installed. Then go to this help page to specify settings you want for privacy, storage, security, notifications, playback settings, and peer-assisted networking panel. Are you giving permission for companies to access your computer's microphone and camera?
Privacy Features in Today's Update
Earlier today we found out that Apple plans to add a new privacy feature to Safari that keeps online advertising networks and other tracking tools from monitoring user activity. We posted this and we thanked David Passell for this info.
Later this afternoon after reading what MacObserver said up came notification for Security update 2011-002 for Leopard and Snow Leopard, iPhone, and Safari. Read all about it, and keep up with these great improvements.
Summary of Internet Security
This report from ArsTechnica declares that social networking sites are a huge target for malware. They also mention that URL shortening services mask the actual URL. Smartphones are attracting malware. Thanks to Jim Hamm for keeping us informed.
Security Issues with Thunderbolt
A very disturbing scenario regarding Thunderbolt comes to us from Jim Hamm. Be sure to check this report. Farther down that page find links to info on other serious security concerns.
Info on Security Issues
The latest issue (February) issue of Popular Mechanics addresses "the war on privacy." Page 56 tells briefly about Super Cookies. Trying to track down specifics I looked at this PCWorld article, then an article from Adobe about these LSOs, Local Shared Objects, which are also known as flash cookies. Here's Adobe's seven page document outlining their policies on their legal rights and practices. Elaine's take on this, "The invasion of gadgets which spy on us is not a thought to be easily dismissed; we might well take time to consider how we are affected."
Encrypt Your Thumb Drive
"Many of us use a thumb drive to backup data while traveling and to pass data to trusted friends," Allen Laudenslager gets our attention. He elaborates, "Some of that data needs to be very private and should be encrypted. So, how do you encrypt your thumb drive?
"Here is a link to the entire Wired magazine article, but the specific directions for the Mac are below:
"Mac OS X actually has a nice built-in encryption tool you can use right out of the box. To get started, just plug in your USB stick and open up Disk Utility (you'll find it in the Utilities folder inside your Applications folder).
"In Disk Utility head to File >> New >>Blank Disk Image. Select your USB stick as the destination and choose one of the encryption options. You can also set the size of the volume, number of partitions and the format.
"Once that's done click create and enter a good password (see our guide to picking strong passwords). Alternatively, there is a Mac version of TrueCrypt which may be used.
"May not be important for pictures of the gandkids, but if you need to take your tax information to the accountant you just might care!"
Anti-Virus Protection
"Does your Mac need virus protection?" Jim Hamm gets our attention here. "Lots of opinions on that question. An article from the MakeUseOf.Com newsletter (11/16/10) describes a new anti-virus program from Sophos, a company based in the United Kingdom. There was a short video in the newsletter that didn’t come through with this email. If interested, perhaps you could watch it on their website. I’ve also included a link where MakeUseOf.com describes two other anti-virus programs for the Mac: PC Tools and ClamXav.
"So far I haven’t used an anti-virus program on my Mac, but I’m keeping an open mind on the issue. I don’t really want another program running all the time, and something else to keep updated. But, I don’t want a virus either, or be directed to a website that puts malware on my Mac. As I understand the protection native to the Mac’s OS X, nothing can be installed without you specifically allowing it to be installed. However, if one is misdirected to a malicious website—one different than the one you thought you were going to—perhaps that could be a problem.
"I’ll keep an open mind and be cautious on what I install."
Flash Security Update
The new Flash security update comes to our attention from Jim Hamm. Adobe recommends the upgrade to version 10.1.85.3 and calls it "critical." They state that they expect to provide updates for Adobe Reader 9.3.4 for Mac during the week of October 4. Jim notes that you can check the version you're using by clicking this link.
Google Privacy Policy is Changing
As of October 3, 2010 Google's new privacy policies go into effect. This affects such features as Blogger, Alerts, Gmail, Picasa Web Albums -- a total of 27 Google products are involved. Here's the FAQ page. The Data Liberation page gives more info. For blog posts on the issue of privacy read here.
Facebook: Privacy, Security Concerns
Here's the straight scoop from today's posting on PCWorld, "When a piece of software is automatically installed on your computer without your knowledge, it's called malware. But what do you call it when Facebook apps are added to your profile without your knowledge? We discovered Wednesday that this is actually happening, and stopping it isn't as easy as checking a box in your privacy settings." Read the whole article and decide if your kids and grandkids need to know this, too.
Sneaky Cookies You Might Not Have Seen
Flash “cookies” can be up to 100 kb. They never expire, will never be deleted automatically, and by default they don’t have to ask your permission to save all this data. There’s no easy way to delete them yourself, your browsers are not aware that they exist, so clearing Cookies and History doesn’t help. Adobe has hidden the settings in a Flash app deep in their website. Got your attention, so far?
Also, did you know you can set privacy settings for access to your camera and/or microphone on your computer? The Maintain Blog alerted me to check out Adobe’s Website Storage Panel. The page that comes up has the information from your computer already listed. You can view and make changes in Storage, Security Settings, Global Notifications Settings, and more. Reassuringly, it says, “Adobe has no access to this list or to any information that the websites may have stored on your computer. (Double click on this illustration to enlarge.)
Google Remembers You
Following up on PMUG blog posting of 10-24-09, “Do You Value Your Privacy?” here’s more.
Read this article from Google on how to clear your address bar history, your toolbar history, and your search box history.
This entry details how to delete your web history. You can also choose to stop your web history from being recorded in the future.
Also, remember you can go to Safari and click to Clear History.
Did you follow up on the suggestions from 10-24? You can delete Web History, Clear History, and delete Cookies.
Be Careful What You Post
This is reminder to be cautious about telling too much about yourself online. A December 14 article from NewsBusters quotes the New York Times, "The government is increasingly monitoring Facebook, Twitter and other social networking sites for tax delinquents, copyright infringers and political protesters." They go on to quote from Boston Globe, Wall Street Journal, and Wired.