NEWS January 26, 2015
REMINDER: FEB MEETING WILL BE THE 4TH MONDAY OF THE MONTH
FEB 23, 2015
Dave Peck on VPN software and use.
What is CloaK?
Keeps you safe when you are connected to WiFi networks in the wild.
It is a easy to use VPN.
Three freelancing software developers put it together.
They wanted to make a VPN that was Mac-like and Mac-friendly
Why should you care?
Unprotected WiFi can be dangerous.
For example, Firesheep is a FireFox plug-in that allows snooping of communications on a WiFi network.
It would even automatically log in to Facebook as some one else when a log-in was detected on the network.
Cloak provides value where HTTPS is not in use.
Cloak prevents passive snooping.
What is a VPN?
virtual private network
Every byte will be encrypted before it is sent from the local client.
A special VPN server receives the encrypted data, unwraps it,
and forwards it alone.
How is this different from TOR?
How does it affect workplace snooping?
What about other platforms?
We love our Apple devices, which is why when we first built Cloak we built it for Macs, iPhones, and iPads. But we haven't forgotten Android, Windows, and Windows Phone — and perhaps someday in the future, we'll have more to say about them!
How many Cloak accounts do I need?
One! You can use one Cloak account with as many devices (Macs, iPhones, iPads, etc.) as you like.
(We only ask that you keep it to one account per person.)
Do you support Yosemite?
Of course. We're all about Apple.
Do you support iOS 8?
Try for free for 30 days.
$9.99 per month for unlimited service.
$2.99 for 5 GB per month.
Given how much of our daily life and business is conducted online, the question isn’t really if you can afford to sign up for Cloak — it’s if you can afford not to.
Dan Moren, Macworld
SSL is pretty much broken - so people should be using TLS.
POODLE was an attack that caused a client browser to downgrade from SSL to TLS.
The terms SSL and TLS are often used interchangeably or in conjunction with each other (TLS/SSL), but one is in fact the predecessor of the other — SSL 3.0 served as the basis for TLS 1.0 which, as a result, is sometimes referred to as SSL 3.1.
It used to be believed that TLS v1.0 was marginally more secure than SSL v3.0, its predecessor. However, SSL v3.0 is getting very old and recent developments, such as the POODLE vulnerability have shown that SSL v3.0 is now completely insecure (especially for web sites using it). Even before the POODLE was set loose, the US Government had already mandated that SSL v3 not be used for sensitive government communications or for HIPAA-compliant communications. If that was not enough … POODLE certainly was. In fact, as a result of POODLE, SSL v3 is being disabled on web sites all over the world and for many other services as well.
SSL v3.0 is effectively “dead” as a useful security protocol. Places that still allow its use for web hosting as placing their “secure web sites” at risk; Organizations that allow SSL v3 use to persist for other protocols (e.g. IMAP) should take steps to remove that support at the soonest software update maintenance window.
Subsequent versions of TLS — v1.1 and v1.2 are significantly more secure and fix many vulnerabilities present in SSL v3.0 and TLS v1.0. For example, the BEAST attack that can completely break web sites running on older SSL v3.0 and TLS v1.0 protocols. The newer TLS versions, if properly configured, prevent the BEAST and other attack vectors and provide many stronger ciphers and encryption methods.
Cloak includes “Overcload”, which makes sure that when you change networks, no communication is made until the security has been established.
Cloak provides security for the immediate network, but not for the global network — The NSA can still get you.
Open Source Corner
Treat icons on a web page like styled text.
The iconic font and CSS toolkit
Font Awesome gives you scalable vector icons that can instantly be customized
— size, color, drop shadow, and anything that can be done with the power of CSS.
Free, as in Speech
Font Awesome is completely free for commercial use. Check out the license.
One Font, 519 Icons
In a single collection, Font Awesome is a pictographic language of web-related actions.
Q & A
1. Got a new MacBook Pro. Having trouble connecting Firewire 400 drives via an adapter. Does not work with USB either. The drive is a 5.25 with its own power supply. The drive works fine with older computers under Firewire 400.
We suspect the adapter is not good, but as USB is not working, something deeper might be going on.
Perhaps the bridge chips in the cables?
2. Any experiences with upgrading from Mavericks to Yosemite?
Most experiences seem to be good.
Read “Taking Control of Upgrading to Yosemite”
3. How to use AirDrop on a Mac?
4. Does iPhoto work on Yosemite?
Yes. But bear in mind the Photos will replace iPhoto and Aperture.
5. Demo Handoff.
6. Recurring directory corruption on internal hard disk.
Very intricate problem — we can only recommend AppleCare. Something is actively damaging your disk — perhaps a third party hardware, like one of the external drives.
Meeting Notes >