In the previous post, I described some of the barriers to using FileVault 2 to protect data on a laptop hard drive. I have since made some discoveries that shine a light in what looks like a pretty dark corner of OS X. In the previous post I conclude that FileVault 2 offers no protection against data snoops because OS X unlocks the disk when an administrator logs in. The security afforded by an administrator account can be circumvented in a matter of minutes. Under 10.7, a user could not access the system login screen until entering in the disk password. It appears that Mavericks can be made to work this way. The older behavior occurs if the disk is encrypted using the “encrypt” item from the contextual menu that appears when ctrl- or right-clicking on the disk icon on the desktop. The insecure behavior occurs if the disk is encrypted using the FileVault 2 system preferences pane. I take it that the password is required to access the disk even if the machine is booted from an external disk. The machine cannot be booted into single user mode until the disk access password is entered, which defeats one of the ways most likely to be used to take control from an administrator.
I conclude that the combination of a good disk access password and a good administrator password offer effective data security against data snoops, unless they have access to a quantum computer.
I wonder if storing sensitive files on an encrypted disk image would provide still increased security, beyond what is afforded by requiring the user to enter an additional password.
This happened to me:
- Due to a minor medical condition which doesn’t warrant going into, I had to put band-aids, or as is said in some parts of the world, “sticking plasters,” on my fingertips.
- Because they don’t stick all that well, the band-aids came a little loose.
- As a result of typing on my laptop with the loose band-aids, glue was transferred onto the keys from my fingertips.
- Next, glue was transferred from the keyboard to my laptop screen.
- The usual cleansers, such as iKlear, the generic stuff I got at Best Buy, and soap and water, only served to spread the glue around on the screen.
I knew to google this before panicking. On a years-old HP message board, I found an answer. Get a petroleum based cleaner, made for removing things like paint, caulk, wax, asphalt, and glue. Goo Gone is a good brand. When I used to work on bikes, I used this to clean grease and oil stains out of my clothes. Avoid alcohol-based solvents, such as Windex and similar window cleaners. (Note: I think Windex comes in non-alchohol formulations, but since there are other cleaners readily available, it’s not worth hunting around for.) Avoid acetone. Use a lint-free cloth, like the ones that come with screen cleaners. Don’t use paper towels, which will scratch the screen. Don’t worry, even though the stuff seems industrial-strength, it’s perfectly fine to use on your screen. Wipe the screen until the glue is gone. Then, take a different lint-free cloth, get it a little wet, put a dab of soap on it, and wipe off the residue of the goo-gone. I used dish soap. If there’s any glue left on the screen, repeat the step with the goo gone. When the glue is gone, use your screen cleaner to wipe off the soap and water residue. You can use the same technique if there’s glue on your laptop’s case. Make sure there’s enough ventilation so you don’t inhale too many solvent fumes.
Now that you have goo gone around, you can remove the glue from all those things around the house that have residue from price tags and labels on them!
I recently moved my WordPress installation to an “https://” address, that is, I now route all traffic (except the user’s first visit to a page) over a Secure Sockets Layer (SSL). As the title of this blog posting suggests, the upgrade was maddening. I encountered a “too-many-redirects” error, which turns out to be a bug in WordPress 3.0.2. and probably other recent builds. Readers more interested in how I dealt with this problem should skip to the section entitled My experience with SSL, below. As will be seen, although I succeeded, I was not able to find a general solution to the problem. Those want to read more generally about my decision to use SSL connections should start at the section immediately below and continue to read until the end.