How Do I Use Free WiFi Safely With My Mac?

Posted on January 18, 2012 by Dennis

If you’re settling down with a latte at the local coffee shop or waiting for your car to be repaired at the dealership, you might be tempted to use the free WiFi that these businesses often provide. It’s convenient to be able to use the internet while you’re waiting, but that convenience comes at the expense of security. And let’s face it, our entire *lives* are online these days, so keeping your personal information protected is important!

Hackers are all too eager to find an easy target. They can connect to unprotected or poorly-configured computers and silently listen to everything you do, including knowing which websites you’re visiting. But with a few minutes’ work, you can really bolster your security, and it’s easy.

These tips are all free, and make use of software built in to Mac OS X. Specific directions here are for Apple’s latest version of OS X, named “10.7″ or “Lion”. These tips are great for any time you’re using a network you don’t control.

First, some general security tips:

  • Just because you use a password to get on the WiFi network, doesn’t mean it’s secure!
  • Just because you click-through an agreement on a web page in order to use the WiFi network, doesn’t mean it’s secure, either!
  • Watch out for “evil twin” WiFi networks. The bad guys create legitimate-sounding WiFi networks with names like “Free Public WiFi” or “Starbucks WiFi”. If you’re in doubt, ask an employee what the name of their WiFi network is.
  • Don’t do any online banking or online shopping or *anything* that could expose passwords or financial information.

If you can, use versions of websites that support “HTTPS” connections. Those are secure connections that scramble any information you provide so that it can’t be read in transit. HTTPS also verifies that what you typed is what the website sees at their end, and verifies that the server is who it claims to be. Look for a padlock symbol on your web browser, a green address bar, or simply a web address that starts with ‘https://’. Remember, it’s the ‘s’ at the end of ‘https’ that makes all the difference. (BONUS TIP: If you’re a FireFox user, get the ‘HTTPS-Everywhere’ plugin. It will intercept your attempts to visit websites and automatically redirect you to a secure version if one is available.)

Now, for my Mac-specific recommendations:

Put your shields up

You can tell your computer to reject any attempts the bad guys might make by turning on the Firewall feature.

How to do it:
1. Click the Apple Menu in he upper left corner of the screen.
2. Choose “System Preferences” from the menu.
3. In the System Preferences window, click the “Security and Privacy” icon.
4. Click the “Firewall” tab.
5. Click the Start button to turn the firewall on. (You /may/ have to click the padlock in the bottom-left corner of the window and supply a password to make the Start button clickable.)

Turning on the Firewall is as easy as clicking the 'Start' button.

From now on, you’ll be notified whenever a program on your Mac wants to make or receive a connection from the network.

If you want to go even further, click the Advanced button, and in the subsequent window, check the boxes for “Block all incoming connections” and “Enable Stealth Mode”. With these settings enabled, your Mac becomes essentially invisible on the network.

Close the doors

Another useful step is to tell your computer to stop allowing connections for built-in services like file sharing and remote access.

How to do it:

  1. Click the Apple Menu in he upper left corner of the screen.
  2. Choose “System Preferences” from the menu.
  3. In the System Preferences window, click the “Sharing” icon.
  4. See all those checkboxes? Uncheck each of them. Close the window when you’re done. (Just like earlier, you may have to click the padlock in the bottom-left corner of the window and supply a password to make the checkboxes clickable.)

Uncheck these boxes to increase your security.

These two things by themselves make you much safer when using an un-trusted wireless network. Now, these suggestions aren’t the kind of thing you’ll need to use every day. They’re temporary settings for heightened security. Remember, you don’t run the WiFi network, and you have no idea who else is on the network with you. Once you get back home, feel free to turn your Firewall off (if you like) and re-enable the sharing services.

People who looked at this item also looked at…

Related items

Posted in Uncategorized | Leave a comment

Mac Administrators Have a Unique Challenge: Apple

Posted on October 24, 2011 by Dennis

New hardware is a mixed blessing to many Mac admins. Here’s what is going on, if you’ll permit me to put on my analyst hat:

Apple nearly always revises the build of OS X to go with new hardware. They do this to include new drivers for the new hardware itself (video chipsets, thunderbolt, etc.)

If it’s only the bundled OS that’s been revised (from 10.6 to 10.7 for example), and not the hardware inside the box, admins can wipe the drive and ‘roll-back’ the installed OS back to 10.6, to maintain a homogenous installed base. But once Apple releases new hardware, you’re stuck. All new hardware coming in the door is going to require Lion, whether you like it or not.

Admins for schools, and other cash-strapped facilities who can’t buy an extra machines sometimes get caught out if they haven’t adopted the new OS (Lion, in this case) yet.

This is a unique problem for Mac Admins, compounded by Apple’s secrecy. You never really *know* when a new Mac will be released, you have to go on the age of the existing product line and posts from the rumor websites. The Windows guys don’t have this problem since the hardware/drivers and OS are de-coupled.

The solutions are:

  • As soon as system requirements are released for a new OS, plan to sunset any hardware that doesn’t make the cut. (This should dovetail with an existing hardware management strategy that keeps machines around for 3-4 years.)
  • Manage software and make sure it’ll run under the new OS too. Update or replace as needed, or find an emulation alternative.
  • Vet new OSs quickly and often. (This is easier said than done. Most admins like to wait until X.y.2 or X.y.3 updates are ready in order to shake out the bugs.)

The MacEnterprise mailing list has been blowing up today with the MBP news. It caught a few admins off-guard, since Apple rarely changes the line-up of their products in the last 60 days or so of the calendar year and Lion is only 90 days old or so.

People who looked at this item also looked at…

Related items

Posted in Uncategorized | Leave a comment

Resetting an OS X Password

Posted on August 9, 2011 by Dennis

One of the mailing lists I subscribe to, Consultant Talk, had a really well-written post recently. Chris Hart posted three different ways to reset a Mac admin password.  I thought it was so well organized that I wanted to share it with my readers. Some of these methods require that you type commands from the keyboard. In those instances, I’ve set the commands in bold type.

So if you ever find yourself needing to reset a password on a Mac, here are a few options:

Method 1: Reset password on existing admin account

  1. Restart the Mac and immediately hold down Command (⌘) and S keys to enter single-user mode.
  2. Type mount -uw / and press Enter.
  3. Type launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist and press Enter.
  4. Type ls /Users and press Enter. This lists all of the usernames on the computer – helpful if you don’t know or remember what these are.
  5. Type dscl . -passwd /Users/***** password (Replace “*****” with the user name and the word password with your desired password) and then press Enter.
  6. Type reboot and press Enter.

Method 2: Reset password by creating new admin account

  1. Reboot and hold Command and S keys to enter Single User mode
  2. When you get text prompt enter in these commands (each followed by Enter key):
  3. mount -uw /
  4. rm /var/db/.AppleSetupDone
  5. shutdown –h now
  6. After rebooting you will be walked through creating a new admin account. Then you can login into that account and change the password on the original admin account. Then login to that original admin account and delete the admin account you created following the steps above.

Method 3: Reset user password using OSX system disc

  1. Start up from a OS X Install disc (one whose version is closest to the version of Mac OS X installed) by holding C key at power on/restart.
  2. Choose a language, click the arrow button to continue.
  3. Click on the Utilities menu and choose Password Reset.
  4. Select your Mac OS X hard disk volume.
  5. Choose the user name you want to modify.
  6. Enter your desired password.
  7. Click Save.
  8. Close the Reset Password window.
  9. Next to the Apple menu, select the Mac OS X Installer menu and choose Quit Mac OS X Installer…
  10. Click Restart.

People who looked at this item also looked at…

Related items

Posted in From Elsewhere, Security, ToolsIUse | Leave a comment

MacSmarts Review: Marware CEO Hybrid for iPad2 Case

Posted on July 26, 2011 by Dennis

The folks at Marware are at it again, extending their line of iPad cases to the iPad2, offering six different choices in various colors and materials. Their most popular case is the “CEO Hybrid for iPad2″, a folio-style case that Marware is famous for.

Unsurprisingly for a case with “CEO” in the name, the overall look is very modern and professional. The case is covered in ‘eco-leather’, and is offered solely in black. The exterior surfaces have a faux-carbon-fiber look. The inside of the case is a light gray suede-like material, and is stitched around the edges. This model fits only the iPad2, not the original iPad. The case itself is thin and stiff. Marware says that the back is just over 3mm thick, and the front is 6.5mm thick.

Installation is as simple as sliding the iPad2 into place on the ‘back’ portion of the case, then pinching the hinge-side corners of the case around the corners of the iPad. The fit is perfect, neither too tight or too loose — as long as you don’t have a screen film installed.

The shape of the CEO Hybrid case is well thought out. Most importantly, the ports, switches, buttons and camera remain fully accessible. There’s even a portion of the back which has been specially shaped to offer clearance for the headphone plug, and a perforated portion for the iPad2′s speaker. If you’re looking for a case to keep dust or moisture out of the dock connector or headphone jack, this isn’t the case for you.

The CEO Hybrid case is hinged, and the lid closes snugly against the face of the iPad2 with tabs at each corner that snap around the iPad. Magnets in the lid trigger the iPad2′s ‘sleep and wake’ feature, exactly like Apple’s own Smart Cover. Marware claims that their case covers 97% of the iPad2 when closed.

The case also has a built-in hand strap, which is useful for holding the iPad while you tap the screen with your opposite hand. The subtle grooves on the back of the lid offer a bit of tactile grip when using the case in this orientation.

Snapping the hinge-side corners away from the iPad allows the case to act as a landscape-orientation stand, offering three propped-up positions. The exposed edge of the iPad rests in one of the two grooves, or lays nearly flat. The steepest two angles are best for watching video, reading, or using FaceTime for a video chat. The lowest is very good for typing on the iPad’s on-screen keyboard. Typing forcefully causes the iPad2 to bounce just a bit, so a light touch is best.

One somewhat unique feature was the corner protection. It always seemed to me that an iPad’s corners were the most in need of cushioning, and this case protects them admirably, unlike the vast majority of Marware’s competitors.

As for quibbles, there really aren’t many. A slightly larger cut-out for the volume rocker and the rotation-lock switch would help those with larger hands. Also, when using the hand strap, it would be nice if the case would attach to itself to keep the iPad from flopping around if you look at your watch, for instance. Finally, there’s no hole in the case for the camera when you flip the lid around to take a picture with the iPad2’s rear camera.

This case was heavily tested by an entire family. It was used around the house, taken on road trips, stuffed into purses and work bags. Even after a few months’ heavy use, this case has proven to be durable, retaining its great looks and functionality. It doesn’t add much heft, and offers great protection. This is a highly recommended product to anyone who has an iPad2.

Marware’s suggested retail price is $50, but it’s available from Amazon for less.

People who looked at this item also looked at…

Related items

Posted in Uncategorized | 1 Comment

How do I type a ‘Service Mark’ character with my Mac?

Posted on June 28, 2011 by Dennis

The short version? You can’t. Unlike ®, ©, and ™, the Service Mark ℠ doesn’t have its own reserved key on the keyboard. We have to dive a bit deeper, but it is in there!

Here’s how to find it:

First, starting at the apple menu in the upper-left corner of the screen, click on the following, in order: Apple Menu > System Preferences > Keyboard > check “Show Keyboard & Character Viewer in menu bar”.

Then, go to the menu bar at the top of the screen and click: Menu Bar > American Flag > Show Character Viewer > View: Roman > By Category > Miscellaneous.

Service Mark is the fourth from the upper-left. Click the ‘SM’, then click ‘Insert’. This will paste the ‘SM’ directly into your document.

People who looked at this item also looked at…

Related items

Posted in Uncategorized | Leave a comment

Smartpens: Lightscribe Echo vs. Lightscribe Pulse?

Posted on May 2, 2011 by Dennis

I got a question from a friend the other day:

“Hey guys! Know anything about the live scribe pen? I see Best Buy has them, 3 different ones. Would you be able to check it out and tell me what you think?”

I know a little bit! LiveScribe Smartpens work like traditional ball-point pens, but they have a small recording device inside that does a few neat tricks.

The Smartpen records everything you hear in the room, and write on your paper. you can review the recorded audio later, by tapping on a portion of your notes.  The pen will play back the recording of what it heard at that time. It also has dictionary, foreign-language translation, and can access Wikipedia and dictionary apps (among others you can download).

Livescribe has two models, the LiveScribe Echo (which is newer) and the LiveScribe Pulse (which is older).

The Pulse models are available in 2 GB ($99) and 4 GB sizes. More GB means more recording time.
The Echo models are available in 4 GB ($149) and 8 GB ($249) sizes. (I’m quoting the BestBuy prices here. More on pricing later.)

According to LiveScribe’s website, the Echo model includes the following improvements:

  • a flat spot on it (so that it won’t roll off your desk)
  • charges with a micro-USB cable (it doesn’t need a special docking cradle in order to charge, just use any USB port.)
  • you can use the Echo while it’s charging (unlike the Pulse, which has to sit in its cradle to charge)
  • a standard headphone jack to listen to recordings with regular headphones (rather than out the pen’s speaker.)
  • easily replaceable ink cartridges

Here’s a breakdown of how long you can record with the different models.

As for pricing, Best Buy is likely to be convenient, but pricey. As an alternative, Amazon has the Echo models for $123 for the 4 GB model, and $180 for the 8 GB model(Full disclosure: if you buy from these links, Amazon gives me a small commission.)

You can also order directly from the Livescribe site. Pricing is about the same as the BestBuy prices on their new pens, but you might also want to see if they sell a factory refurbished Echo pen at a discount.

Keep in mind: No matter what pen you buy, you’ll need special Livescribe paper. The paper is available in notebook form from their website (they’ll ship it to you), at local office supply stores (and possibly the campus bookstore), or you can print out your own with your own printer.

If you want to learn more about the product, I encourage you to search YouTube for some information. You might try the search terms “Livescribe CES 2011″ to see demos from Livescribe employees at the Consumer Electronics Show that was in Las Vegas last January.

Good luck! The smartpens are an interesting technology, and I hope that they’ll be useful for you!

People who looked at this item also looked at…

Posted in Education, Gadgets | Leave a comment

Use Canandaigua National Bank’s website with your Mac

Posted on April 28, 2011 by Dennis

I stumbled upon an interesting problem last week with a client. She was a member of Canandaigua National Bank, and was trying to use her Mac to get to her account balances. But no matter what she tried, she received a message about her SSL certificates that were unable to be ‘renegotiated’. I called the bank to ask about the problem.

“Hi there, we’re receiving this error in Firefox.”

Secure Connection Failed – ssl_error_renegotiation_not_allowed – server does not support RFC 5746, see CVE-2009-3555

“Yeah, that’s what happens when you use FireFox.” the customer service representative told me.

I raised an eyebrow.

“She’s been visiting your website using FireFox for years. What changed?” I asked.

“Well, the place who handles our certificates made some changes, and now FireFox doesn’t work right,” he said.

“Any chance you have a workaround, or documentation of the issue?”

“No, all we know is that the only browser that seems to work is Internet Explorer,” he explained.

“Hmm. That’s going to be a problem. Internet Explorer hasn’t been made for the Mac in years. So, Firefox doesn’t seem to work anymore?”

“Right.”

“But it used to work…”

“Right.”

It went on like this for a few minutes. It was clear that I wasn’t getting anywhere, and this fine fellow didn’t have the information that I needed. I asked him to make contact with his IT department to find out more specific information about what broke, and give me a call.

Later that day, I received a call and and email with a workaround for FireFox. So if you’ve got a Mac, and you want to check your account with Canandaigua National Bank, and you want to do it with the more secure ‘certificate’ style of security rather than the ‘cookie’ style, here’s what to do:

1. Launch your Firefox browser, and type in ‘about:config’ into the location bar.Firefox for Mac, showing the warning when you go to 'about-config'.

2. Click to acknowledge that you know what you’re doing.

2. Scroll all the way down to ‘security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref’ (that’s a mouthful!)

Firefox for Mac, showing the About:Config screen, searching for the proper setting to adjust SSL certificate renegotiation

Double-click the line item to set the Value field from ‘false’ to ‘true’.Firefox for Mac, after double-clicking the proper line-item to enable SSL certificate renegotiation

After this, you should be able to access their site.  I performed this adjustment for my client, and she was thrilled! She was able to get back to work, and check her bank balances.

People who looked at this item also looked at…

Related items

Posted in Troubleshooting, Uncategorized | Leave a comment

How do I reset my administrator password?

Posted on March 15, 2011 by Dennis

Alert reader Ben writes:

I bought a used MacPro. In setting up it asks for an Admin password which I don’t have. I have forwarded the question to the seller. In the meantime can I reset the password myself? How? Thanks.

Thanks for writing, Ben! Good news! If you have physical access to the Mac Pro, you can do just about anything you want with it — including changing passwords.

First, restart the computer, and hold down the Command key (hint: it’s the one with the ⌘ symbol on it) and the ‘S’ key. This boots the Mac into “single user” mode.

A bunch of text will fly by, leaving you with a “#” prompt. From here on out, things get slightly geeky.

First, type fsck -fy

Then type mount -uw /

Then type launchutil load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist

Finally type dscl . -passwd /Users/username password replacing username with the

Now you can go to all of this trouble, it *will* work — but there is a much easier way. Simply put your Mac OS X disc into the computer and hold down the C key. The Mac will boot from the disc. After you tell the computer which language you’d like to use, you can use the Utilities menu to change the password. This alternate way reduces the amount of typing you have to do, but it does require that you have a System CD.

What’s that you say? You don’t /have/ a MacOS disc? No problem, you can order a Snow Leopard disc from Amazon.com here.

People who looked at this item also looked at…

Related items

Posted in Letters | Leave a comment

Google Chrome Disk Image Pops Up Intermittently For No Good Reason

Posted on October 7, 2010 by Dennis

A few months ago, I noticed something strange. For no reason I could think of, my desktop would look like this:

The disk image would just show up, like a jack-in-the-box.

It was maddening. I’d be working away, minding my own business, and the disk image would pop-up, hang around for about 20 seconds, and then disappear just as mysteriously.

It was after a lot of Googling that I found a thread at the Chrome support area where many other people had the same problem.

I figured that Google Chrome was checking for updates behind-the-scenes, but I had no way to prove it.

Eventually, I decided that this had to be the result of some change I’d made to my mac, so I took a mental inventory of all of the things I’d installed, and all the customizations I’d made. The only one that even seemed like a reasonable culprit was when I turned on an option to make all hidden files visible in the GUI.

My new theory was that if I disabled this feature, the disk image might continue to do whatever it needed to do, but do it invisibly.

So, I fired up Terminal and issued this command:

defaults write com.apple.finder AppleShowAllFiles FALSE


Followed by this one, to make the changes take effect immediately:

killall Finder

After that, all I could do was wait. It has been several months now, and the disk image hasn’t reappeared.

People who looked at this item also looked at…

Related items

Posted in Troubleshooting | Leave a comment

Time Machine crashes with a “Bus Error”

Posted on September 20, 2010 by Dennis

Time Machine reports this in console:

(com.apple.backupd[286]) Exited abnormally: Bus error

Time Machine starts okay, but bails at the same point every time.

So I read this, where the solution was to hop into terminal and nuke the LaunchServices caches.

“sudo rm /Library/Caches/com.apple.LaunchServices-*” (without the quotes)

People who looked at this item also looked at…

Related items

Posted in Troubleshooting | Leave a comment