How to Have the Best Umbrella – Using on-site and cloud-based backups to prepare the for the worst rainy day

Office worker slumped on his desk

As computers become a bigger part of our lives, our pictures, documents, movies, and other data are increasingly stored on our computers or devices. Those hard drives and gadgets are susceptible to being dropped, stolen, damaged, or lost, not to mention the fact that they fail on their own once in a while. The need to be confident in our backup has never been greater.

On Site Backup

Having a local hard drive that backs up everything on your computer is a necessity. With a Mac, Time Machine makes backing up your entire computer a no-brainer. All you need for Time Machine is a hard drive that can connect to your Mac. You can find good deals on the kinds of hard drives needed at amazon.com. Configuring Time Machine is as simple as:

Open System Preferences, select Time Machine, turn Time Machine on and select your new hard drive. The Mac operating system will take care of the rest.

You should set this up immediately if you’re not already backing your computer up somehow.

Off-Site Backup

A local Time Machine backup is fast, inexpensive, and comprehensive. But it does no good in the case of theft, fire, or hurricanes, any one of which could damage all the electronics in your home. Because of this danger, I strongly suggest to have an off-site backup in addition to a local Time Machine backup. My personal favorite is CrashPlan from Code 42. CrashPlan is a free program that runs on your computer. It can back up to another computer, a server in your network, or, as we’re discussing in this case, the CrashPlan cloud. For a reasonable price (there are cheaper alternatives out there. If you know what you’re doing, by all means, save a bit of money here– I think CrashPlan is the easiest and best offsite backup for the price), CrashPlan will backup all the most important files from your computer to their data center.

Once you install CrashPlan, you need to create an account. Here’s where you would sign up for the paid account, which is what you’ll need for off-site backup to CrashPlan. Configure CrashPlan for backing up to CrashPlan Central, which is their data center. Once its configure, CrashPlan will take care of the rest in the background. CrashPlan even throttles its own speed so your internet browsing is not negatively affected.

 

Having a complete local backup, and a secondary, cloud-based backup should help you rest easier.  As Jimmy Fallon’s character says in Almost Famous, “I didn’t invent the rainy day, man. I just own the best umbrella.”

 

What Should You Do About the Heartbleed Bug?

heartbleed

Last week news broke about the Heartbleed bug, a vulnerability that affects the way secure websites communicate with your computer. Tech blog Mashable writes: “The bug has affected many popular websites and services — ones you might use every day, like Gmail and Facebook — and could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years.”

Scary stuff, no doubt. You should check the freshly updated full list at their site, but here’s the glimmer of good news: all the banks and financial institutions Mashable reached out to (and that’s quite a few) were completely unaffected.

So what should you do? Change your passwords. And don’t just add one to the end of your current password. Make secure passwords, and use a database to keep them straight. My recommendation is for long, non-dictionary passwords. It’s a hassle, but it’s a price we ought to be willing to pay for the benefits of doing business on the internet. I use a secure program, 1Password*, to keep my existing passwords straight, and to generate new passwords when I make new online accounts. I’ve personally gotten to the point where I don’t know what most of my passwords are, but I know the one password I need to access them.

If you’d like help implementing a system like that, let me know. For now, check the Mashable database of affected sites, and change your passwords accordingly.

*1Password is just one of many apps like this. Lastpass is another good one, and Apple even has iCloud Keychain now, which is great, and is free!

UPDATE: Apple releases 10.9.2, closes SSL Security hole

OSXmavericks

Today Apple released Mac OS X 10.9.2, which fixes the SSL vulnerability in OS X (discussed in detail previously). In addition to patching the security hole, OS 10.9.2 also fixes a number of bugs in OS X Mavericks. arstechnica.com writes,

Apple has included a large number of other fixes and features too. The most prominent is probably support for the FaceTime Audio feature originally introduced in iOS 7—as the name implies, it lets you use the FaceTime application to make voice calls as well as video calls. Call waiting support for FaceTime video and audio calls has also been added.

Run Software Update on your Mac now to update to 10.9.2 and solve the security vulnerability when connecting to SSL. You can also download the update directly here (for 10.9.1 users) and here (combo update for 10.9 or 10.9.1 users)

UPDATED: Apple’s SSL Vulnerability: How Does it Affect Me?

padlock

Apple recently released iOS 7.0.6, and 6.1.6 in order to address a dangerous security hole in the mobile operating system. If you haven’t updated your device yet, it’s important, do it now.

While Apple has fixed the issue for iPhone and iPad users, the vulnerability still exists in Mac OS X.
So, what exactly is the vulnerability; what data is at risk?
The vulnerability is in the way Apple’s software “handshakes” with secure servers on the internet. For a detailed explanation, the wikipedia article on SSL/TSL is excellent. To sum it up, SSL (and its successor, TSL) is a protocol that facilitates a virtual “handshake” between your computer and a server. If you go to http://www.google.com, your browser loads the non-secure version of google.com. If you change the URL to add an S to the “http” you get https://www.google.com, and your computer checks Google’s SSL credentials to verify the server’s identity. The visual cue you are viewing a secure site is a padlock, usually in the browser’s address bar.
This handshake is where Apple’s vulnerability becomes a problem. Apple’s software checks for the SSL credentials, but can be easily tricked into a “man in the middle” attack, whereby someone could fake SSL credentials and Apple’s software would think it was actually connected securely to the right server.
So what data is at risk? Theoretically, lots.
Which Apps should I stop using?
Only Apple’s own apps are in danger. If you use Google Chrome or Firefox for web browsing, you’re ok browsing the web.
BUT, Apple’s Mail program is vulnerable. Some people use SSL certificates to communicate securely via email. Mail’s secure communication is vulnerable until Apple releases an update to close the hole. Additionally, Apple’s Calendar app, FaceTime, Keynote, Twitter, and iBooks are all at risk.
Am I at risk all the time?
Honestly, if you’re practicing good internet security, you’re probably fairly safe.
In order the someone to take advantage of the security hole, they would have to be connected to the same local network as you. Meaning, they would have to be on your home or work wifi. To be safe online, limit work you do on networks other than your safe home or work network. If you’re at the coffee shop, airport, public library, or ANY NETWORK YOU’RE NOT CONFIDENT IS SECURE make sure you use Firefox or Chrome to access your email and calendar instead of Apple’s Mail and Calendar programs.
If you have a VPN connection to your work network, use it.
This security flaw is a great opportunity to think about network security. Is your home wifi protected? Have you changed the default passwords from when your network was originally installed? Is it worth it to set up a VPN connection, or invest in a VPN service? Have you applied all available software updates?
It’s becoming more and more important to have a grasp on good practices for keeping safe online. Never hesitate to reach out to someone (feel free to email me) who knows more about this if you’re unsure.
UPDATE 2/25/2014: Apple has released an update to fix this issue. Read more about it here.