krypted February 23rd, 2017
Posted In: MacAdmins Podcast
A number of systems require you to use complex characters in passwords and passcodes. Here is a list of characters that can be used, along with the name and the associated unicode:
krypted April 29th, 2016
Ever since the kids from Silicon Valley went to TechCrunch, I’ve been thinking that at some point I’d want to put a piece there. Luckily, I recently got the chance. Today, 16 Apple Security Advances To Take Note Of In 2016 went up on TechCrunch. You can access the article here.
The original article actually listed the year that each was introduced in order. It was a lot of work to go back in time and piece the timeline together, so since the years didn’t make it through editorial, I list them here (not that anyone actually cares):
And yes, since I was there for each of these, I did feel old writing this… :-/
And yes, thank you for asking, I did just publish another book on Mac Security, which you can buy here. 🙂
krypted January 18th, 2016
Previously, I covered how to Programmatically Obtain Recent Wi-Fi Networks On A Mac. But, here I’m gonna’ go a step further and look at how to extract the password for a network as well. The two are stored in different locations. The recent networks are in the /Library/Preferences/SystemConfiguration/com.apple.airport.preferences defaults domain. If you pull one of those, then you can use the security command to extract the password itself.
security find-generic-password -ga "Krypted Home"
The output is as follows, showing everything that is tracked about this network in the keychain.
0x00000007 <blob>="Krypted Home"
"desc"<blob>="AirPort network password"
You can constrain the output with awk and grep so that you’d only see the password as the output of the command. Then, you can feed it back into other objects, like a new .mobileconfig.
krypted December 11th, 2015
In case anyone missed this fact: I love to write. The nerdier the content, the better. And when I heard that the JAMF Nation User Conference had a session for InfoSec (and specifically around how we do vulnerability assessments), I knew that was my kind of session. So, the marketing team was kind enough to let me write it up. Here it is on the JAMF Software blog: http://www.jamfsoftware.com/blog/jamf-software-security-and-vulnerability-assessments/.
krypted October 13th, 2015
Posted In: JAMF
At Bushel, we’ve been getting a lot of inquiries into how to use Bushel to childproof a Mac. We really had a target audience of organizationally owned devices when we sat down to write Bushel, but we realize that especially in a small business, devices end up very mixed use.
krypted January 30th, 2015
When I put a computer in my daughters room, I soon realized I could no longer watch over her shoulder as she worked away at school games, Minecraft and of course Civilization (after all, that was my first game). So much as I wrote an article a long time ago about child-proofing an iPad, now I’m writing about child-proofing a Mac.
For me, I find that child-proofing is a bit like taking my kid to McDonald’s. I said never ever ever ever would I do this and then… Well, peer pressure, ya’ll… So if I have to do it, I figure someone else might. So here’s a quick and dirty guide to doing so. The gist of this guide is to continue using the same admin account that was created when you setup the computer initially. But to also create another account for the child, one that has some restrictions to keep them in a customized user experience. This might be to keep them out of things they try to do on purpose, keep them from accidentally finding some things they shouldn’t or maybe just to customize the user experience to make the computer easier to use (after all, if they can’t remove Minecraft from the Dock, they can’t come crying when they can’t find it.
Most of the work that needs to be done, can be done within the System Preferences. This is available under the Apple menu as System Preferences…
Once open, click on the Users & Groups System Preference.
At the Users & Groups System Preference pane, click on the plus sign (+).
At the new account screen, choose “Managed with Parental Controls” in the New Account field. Then provide the child’s name in the Full Name field and an Account Name will be automatically created (note that I shortened the name in this example to make it easier for the child to log in).
Assuming your child doesn’t have their own iCloud account, set the password to “Use separate password” and then type it in. Once you’re happy with these settings, create the new account, which can be managed with Parental Controls by clicking on the Create User button.
Once the account is created, click on the “Enable parental controls” checkbox and then on the Open Parental Controls… button.
At the Parental Controls System Preference pane, you’ll have a few options.
Next, click on the Web tab. Here, you’ll effectively have 3 options: don’t restrict any content, let Apple try and block inappropriate content and build a whitelist of allowed content (with all other content blocked). Now, it’s worth mentioning that there can be an annoying element here, which is that if a site needs to be opened up for access, a child might come bugging you. But I like that, so I’m configuring this.
Note: It’s worth mentioning that I discovered a few websites I’d of never tried to use in the allow list, so worth checking them out to see if your child will dig on some of these sites!
Once you’re satisfied with the options you’ve configured, click on the People tab.
At the People screen, you can configure who the person using the Managed Account can communicate with. Here, restrict access to Game Center, restrict who the account can send and receive mail with and of course, who the account can use the Messages app with.
The above options include the following:
Note: Apple rarely uses the word restrict. Instead, they prefer to allow things to happen by default and then let you disallow these features. Basically the same thing, but keep this in mind when you’re configuring accounts as sometimes you can accidentally click the wrong thing if you’re not accustomed to such double-negativery.
Once you have configured who the user of this account can communicate with, click on the Time Limits tab.
Time limits are used to restrict what times the user can use the computer as well as how long per day that the user can actually use the computer. The options available include:
Time limits are the only things that matter for some who like to physically sit with a child while they use a computer, as you might just want to keep the child from waking up in the middle of the night and accidentally seeing something that scares them. But for many, time limits won’t be enough, as kids might spend hours gaming or doing homework unmonitored.
Next, click the Other tab. Here, you’ve got the miscellaneous restrictions that really don’t fit anywhere else in Parental Controls. The options available include the following:
Note: I know I said earlier that Apple rarely says restrict or disable. They will get around to fixing this screen eventually… 😉
Once you have configured parental Controls, click on that Logs button in the lower right corner of the screen. Here, you’ll see the following:
And that’s what you can do with Parental Controls. But there’s more, which we’ll look at shortly. When you click out of a field, the settings are changed in a System Preference, so you should be able to just close the window and have your settings persist.
We’ve gone through creating a new account, restricting access to what that account can do and how and when to use these options. But there’s much, much more than we can cover in this article. There are tons of other restrictions that don’t fit into these basic options, accessed either through what are known as managed preferences or via profiles, which can easily be created by tools like Apple Configurator, Profile Manager and 3rd party mobile device management tools such as Bushel.
Ultimately, I can pretty much break out of about any managed environment you put me in. And in the age of YouTube, chances are that your child has many the same materials I’ve either presented, written or that others have written. So please don’t consider these options as much more than just a general guideline unless you’re using a Device Enrollment Program-enabled device.
Anyway, good luck, and you’re a good parent for caring.
krypted December 29th, 2014
Recently I’ve read a lot of things about the attacks against Sony. I’ve read that they’re nothing more than extortion attempts by hackers that probably live in their parents basements (based on the fact that the initial demands didn’t mention North Korea at all). I’ve read they were orchestrated by China by people who felt North Korea was being picked on and couldn’t stand up for themselves. I’ve read highly unconvincing reports from the FBI that they were orchestrated by North Korea. No one really knows. I can send traffic to servers from anywhere in the world. Anyone can anonymize their web traffic as easily as using a ToR plug-in with Firefox. I’ve also spoken to friends at Sony that told me that they’re concerned about the future viability of Sony due to the business impacts of these attacks. I’ve also spoken with people at other studios freaking out about not wanting to “be the next Sony.”
But in all of it, there’s something kicking in the back of my head. You see, if someone tried to blackmail me, I’d go to the press (or government) and allow the public to judge me for whatever it is, not cave to demands that are only likely to recur. Not giving into extortion demands is the right thing to do. If someone threatened the safety of people to go to a movie, I’d pull it as well, so that’s the right thing to do as well. There have been enough shootings in theaters and while financially potentially devastating it’s not worth the loss of a single human life to show The Interview in theaters. Of course, now that the attackers have backed off their stance, The Interview will be shown in hundreds of theaters. And it will likely be viewed online by millions of people over the next few days. And if this was carried out by North Korea, they couldn’t visit all of our homes to pull it (although the awful remake of Red Dawn by MGM might indicate differently).
I believe that the good, American thing to do is show our support to Sony for all the brain candy they’ve given us in the past. More than that, our support for doing what’s right. And what’s more capitalistic of us than spending $6 on a movie (other than spending more)? What’s better for Sony than to make a little money? In America, we tend to root for underdogs. We love Rocky (which btw cost less than a million to make and brought in a breathtaking $225M – 1:225 ROI there). We wanted Rudy to score a touchdown for the Irish (TriStar – part of Sony). We practiced our kicks like the Karate Kid (Columbia Pictures – part of Sony). We watched Jerry Maguire (TriStar – part of Sony again) even though we couldn’t stand Tom Cruise and rooted for the guy who risked it all to do the right thing (Money, baby). We threw up in our mouth a little when we watched Dodgeball (Fox but a fun movie anyways). We adore Gandhi (Columbia – again part of Sony) because it won an Oscar and taught us the story of one of the greatest men of all time. We loved Charlie Sheen when he was Winning in Major League (Mirage). And we loved Kick-Ass (Lions Gate), one of the unlikeliest heros of all.
Sony made Bond great again. Sony brought us Spiderman to the big screen. Sony told us about The Social Network (and were still allowed to have Facebook accounts. Sony gave us Eat Pray Love. Sony killed zombies awesome sauce in Zombieland. Sony gave us Superbad. Sony taught us a history lesson with The King’s Speech. Sony brought The Da Vinci Code to the big screen. Sony made a great movie in the Lords of Dogtown. Sony brought us Hell Boy, Adaptation (as a writer, a movie I love), Ali, Black Hawk Down and countless other movies. Some great, some not. That’s the game.
Now, we have a chance to do a very small part by helping Sony escape financial ruin. And yes, they make more movies that suck than are awesome. Because that’s what all studios do. And yes, the film industry seems like a bunch of rich people being silly sometimes. But there are real people that work there. Normal people. With boys and girls and installations at burning man. Some of the best people I know. And they do great work. And sometimes the studio makes brilliant movies. And whether this was spearheaded (yes, bad pun on spear phishing) by a dictator with a bad fade, the remaining communist hardliners in China, another studio or something else, it’s up to the market to dictate the outcome. That’s capitalism. ‘Merica
PS – It’s hilarious.
krypted December 26th, 2014