Get in Touch

Very few internet users understand the meaning of the padlock icon in their web browser’s address bar. It represents HTTPS, a security feature that authenticates websites and protects the information users submit to them. Let’s go over some user-friendly HTTPS best practices to help you surf the web safely.

HTTPS Encryption

Older web protocols lack data encryption. When you visit a website that doesn’t use HTTPS, everything you type or click on that website is sent across the internet in plain text. So, if your bank’s website doesn’t use the latest protocols, your login information can be intercepted by anyone with the right tools.

HTTPS Certificates

The second thing outdated web browsing lacks is publisher certificates. When you enter a web address into your browser, your computer uses an online directory (called DNS) to translate that text into numerical addresses (e.g., www.google.com = 8.8.8.8) then saves that information on your computer so it doesn’t need to check the online directory every time you visit a known website.

The problem is, if your computer is hacked it could be tricked into directing www.google.com to 8.8.8.255, even if that’s a malicious website. Oftentimes, this strategy is implemented to send users to sites that look exactly like what they expected, but are actually false-front sites designed to trick you into providing your credentials.

HTTPS created a new ecosystem of certificates that are issued by the online directories mentioned earlier. These certificates make it impossible for you to be redirected to a false-front website.

What this means for daily browsing

Most people hop from site to site too quickly to check each one for padlocks and certificates. Unfortunately, HTTPS is way too important to ignore. Here are a few things to consider when browsing:

  • If your browser marks a website as “unsafe” do not click “proceed anyway” unless you are absolutely certain nothing private will be transmitted.
  • There are web browser extensions that create encrypted connections to unencrypted websites (HTTPS Everywhere is great for Chrome and Firefox).
  • HTTPS certificates don’t mean anything if you don’t recognise the company’s name. For example, goog1e.com (with the 'l' replaced with a one) could have a certificate, but that doesn’t mean it’s a trustworthy site.

Avoiding sites that don’t use the HTTPS protocol is just one of many things you need to do to stay safe when browsing the internet. When you’re ready for IT support that handles the finer points of cybersecurity like safe web browsing and preventing trick DNS addresses, give our office a call.

Published with permission from TechAdvisory.org. Source.

A glaring security mistake has been discovered in Apple’s most recent desktop operating system. It’s not the sort of vulnerability that requires complicated malware or IT knowledge; anyone can learn this exploit in a matter of minutes to steal your password. Here’s how to stop that from happening.

What is the bug?

The vulnerability pertains to sweeping changes in how macOS stores files. In the High Sierra update, the Apple File System (APFS) was introduced to make opening and saving files much faster. As an added bonus, APFS also added advanced features like drive encryption.

However, users who add a second encrypted APFS partition to their computer’s drive aren’t keeping their data safe from prying eyes.

Let’s imagine you want to create a separate storage partition for your work files. The data contains sensitive information so you encrypt the drive and add a password.

If in the course of setting the password you were to provide a password hint, High Sierra will display your password when anyone clicks Show Hint when accessing the drive. You can see how it’s done in this 45-second video.

When anyone can retrieve your password in a matter of seconds, encryption becomes completely pointless.

How to fix this vulnerability

Sadly, the update for encrypted APFS drives requires much more than installing a patch. As such, we do not recommend trying to fix this issue without professional help if your encrypted partition has irreplaceable data. It is a complicated process and could result in data loss.

Apple procedures for fixing the issue if you’ve already encrypted a drive include:

  1. Installing the most recent macOS update
  2. Backing up the encrypted drive
  3. “Unmounting” and erasing the original drive
  4. Creating a new encrypted APFS drive
  5. Entering a new password and password hint
  6. Restoring the backup from Step 2 to the updated partition

Apple’s macOS is a great operating system. It is reliable, secure, and user friendly -- but like any piece of software, it’s not perfect. Don’t make the mistake of assuming macOS is safe enough to protect your data without outside help. For help encrypting your drives or securing your Macs, call us today.

Published with permission from TechAdvisory.org. Source.
Sales
Support
Email
SHOPCUSTOMER SUPPORT CENTREEMAIL SUPPORT
Sensible Business Solutions © 2021 All Right Reserved
Privacy Policy
magnifiercrossmenuchevron-down