SlideShare a Scribd company logo

MacMAD MacOS Security

B
bos45

Short presentation from MacMAD user's group on basic security measures for Macintosh users. Also applicable to iOS and other operating systems. macmad.org

Technology
1 of 21
Download to read offline
SECURITY ON THE MACINTOSH Jamie Cox - MacMAD User’s Group
Security Against What? ▪ Security of what against what? ▫ Loss of Use of Computer ▫ Disclosure of Private Data ▫ IdentityTheft ▫ OutrightTheft of $$$ ▫ Destruction of Data ▪ TheThreats ▫ Hardware Failures, Fires, etc. ▫ Malicious Software ▫ Phishing Attacks
Most Probable Events ▪ Hard Drive Failure ▪ Password Compromise for On-Line Service ▪ Malware Gets In BecauseYou: ▫ Clicked on a Link in an Email ▫ Visited a Malicious or Compromised Web Site
Common Fallacies ▪ “No One Would Bother to Hack My Computer” ▪ “My Account is not important enough to hack” ▪ “So What if someone reads my email?” 4 The Bad Guys: ▪ Use Shotgun approach ▪ Aim to get into as many computers as possible ▪ Use the Domino Theory: Any account provides leverage to get into more important accounts
5
Mac App Store Only 6 Kevin Mitnick, famous hacker er… “security consultant” says:
Top ~5 Things You Can Do 0. Regular Backups - (another meeting topic) 1. Frequent Software Updates 2. Strong, UNIQUE Passwords 3. Don’t run as administrator • Surf and read email on a user account • Install Software from an admin account 4. Never Click Links in Email 5. Use a Password Manager 6. Use 2-Factor Authentication
Prompt Software Updates ▪ The Software Update Cycle ▪ Software HasVulnerabilities ▪ (Security Bugs) ▪ Someone FindsThem ▪ Vendors Issue Security Patches ▪ TheVulnerabilities are now known publicly ▪ Bad Guys Use them against people who haven’t updated ▪ Lather, Rinse & Repeat
Frequent Software Updates ▪ Apply Updates Promptly ▪ Apply Updates From WithinThe App Store ▪ Otherwise, Do Not Install Software Unless it wasYOUR idea to do it ▪ UnlessYOU went looking for it
Actual Phishing Email 10
Spammy Phishing Email #2 11 Don’t Click Links in Emails
Phony Email Detected 12
Phony Email Detection 13 Does that look like an officialApple URL? No.
Unique Passwords ▪ Use Unique Passwords for Each Online Site ▪ When One Site is Compromised… ▪ Hackers try those usernames/passwords on other sites ◾What HappensTo AllYour Other Sites? ◾Use a Password Manager ◾Password Generator
Is This Your Password? 123456 password 12345 12345678 qwerty 1234567890 1234 baseball dragon football 1234567 monkey 15 letmein abc123 111111 mustang access shadow master michael superman 696969 123123 batman trustno1
Use Strong Passwords ▪ Terrible Passwords: 123456, password, fido ▪ Poor Passwords: ▫ Dictionary Words: telephone ▫ Birthdays, Names, 122555 BobSmith ▪ Strong Passwords ▫ 10+ Characters of Junk, Mixed Case & Specials ◾M4cM4d*Xamp1e ◾Initials of a phrase: ◾Over the River AndThruThe Woods: 0tr&ttWtghwg ◾Best Passwords ◾Random gibberish: e.g.:A2dpq%6cubbSKp
This is a Password Manager 17
Keychain Access ▪ Apple’s Free, Built-In Password Manager 18 ▪ Since OS 8.6, &1999 ▪ For Safari Browser Only ▪ Autofills Accounts & PWs ▪ Syncs with iCloud ▪ MacOS & iOS Only ▪ Secured with your logon Password
1 Password and LastPass $29.99 Mac App Store agilebits.com IOS “Pro Features” $5.99 $FREE at lastpass.com Premium $12/year
Don’t Run as Administrator Only UseYour Admin Account when Installing or Upgrading
Two Factor Authentication ▪ Varies by Site ▪ Not all Sites support 2nd Factor ▪ eBay, PayPal ▪ Google ▪ iCloud (Apple) ▪ Second Factor is Usually a Random-Looking Number ▪ Sent to your phone ▪ Computed by an app or a dongle 21

Recommended

Internet security
Internet securityInternet security
Internet securityNishant Pahad
 
Christoph Cemper - Advanced Link Audit & Google Updates
Christoph Cemper - Advanced Link Audit & Google UpdatesChristoph Cemper - Advanced Link Audit & Google Updates
Christoph Cemper - Advanced Link Audit & Google UpdatesWebrazzi
 
Free bitcoin auto pilot method $30 per hour
Free bitcoin auto pilot method $30 per hourFree bitcoin auto pilot method $30 per hour
Free bitcoin auto pilot method $30 per hourcaidedarrell
 
Topic 12 internet security
Topic 12 internet securityTopic 12 internet security
Topic 12 internet securityNFifa
 
Plunder Pirates Hack tool
Plunder Pirates Hack toolPlunder Pirates Hack tool
Plunder Pirates Hack toolluckyblossom8256
 
Internet security.spyware
Internet security.spywareInternet security.spyware
Internet security.spywarediwakar sharma
 
Sucuri Webinar: How to identify and clean a hacked Joomla! website
Sucuri Webinar: How to identify and clean a hacked Joomla! websiteSucuri Webinar: How to identify and clean a hacked Joomla! website
Sucuri Webinar: How to identify and clean a hacked Joomla! websiteSucuri
 
Bitcoin 100$ a day
Bitcoin 100$ a day Bitcoin 100$ a day
Bitcoin 100$ a day EGarage1
 

Recommended

Internet security
Internet securityInternet security
Internet securityNishant Pahad
 
Christoph Cemper - Advanced Link Audit & Google Updates
Christoph Cemper - Advanced Link Audit & Google UpdatesChristoph Cemper - Advanced Link Audit & Google Updates
Christoph Cemper - Advanced Link Audit & Google UpdatesWebrazzi
 
Free bitcoin auto pilot method $30 per hour
Free bitcoin auto pilot method $30 per hourFree bitcoin auto pilot method $30 per hour
Free bitcoin auto pilot method $30 per hourcaidedarrell
 
Topic 12 internet security
Topic 12 internet securityTopic 12 internet security
Topic 12 internet securityNFifa
 
Plunder Pirates Hack tool
Plunder Pirates Hack toolPlunder Pirates Hack tool
Plunder Pirates Hack toolluckyblossom8256
 
Internet security.spyware
Internet security.spywareInternet security.spyware
Internet security.spywarediwakar sharma
 
Sucuri Webinar: How to identify and clean a hacked Joomla! website
Sucuri Webinar: How to identify and clean a hacked Joomla! websiteSucuri Webinar: How to identify and clean a hacked Joomla! website
Sucuri Webinar: How to identify and clean a hacked Joomla! websiteSucuri
 
Bitcoin 100$ a day
Bitcoin 100$ a day Bitcoin 100$ a day
Bitcoin 100$ a day EGarage1
 
How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?paula_bolivar
 
Sucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri Webinar: How to Optimize Your Website for Best PerformanceSucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri Webinar: How to Optimize Your Website for Best PerformanceSucuri
 
Network Like A Pro Pca10
Network Like A Pro Pca10Network Like A Pro Pca10
Network Like A Pro Pca10KimBrushaber
 
Bitcoin 100$ a day
Bitcoin 100$ a day Bitcoin 100$ a day
Bitcoin 100$ a day VitouPro
 
Hackers love that you are not doing these 9 things. - The Cyber Anchor Group
Hackers love that you are not doing these 9 things. - The Cyber Anchor GroupHackers love that you are not doing these 9 things. - The Cyber Anchor Group
Hackers love that you are not doing these 9 things. - The Cyber Anchor GroupBlake Mitchell
 
World Password Day Tips- 10 Common Password Mistakes to Avoid in 2018
World Password Day Tips- 10 Common Password Mistakes to Avoid in 2018 World Password Day Tips- 10 Common Password Mistakes to Avoid in 2018
World Password Day Tips- 10 Common Password Mistakes to Avoid in 2018 Thycotic
 
Btc autopilot method
Btc autopilot methodBtc autopilot method
Btc autopilot methodMax Fom
 
Bitcoin 100$ a day
Bitcoin 100$ a dayBitcoin 100$ a day
Bitcoin 100$ a dayThoSantiago
 
Bitcoin 100$ a day autopilot
Bitcoin 100$ a day autopilot Bitcoin 100$ a day autopilot
Bitcoin 100$ a day autopilot AbsoluteVital
 
Bitcoin 100$ a day
Bitcoin 100$ a dayBitcoin 100$ a day
Bitcoin 100$ a daybadboy102030
 
Be Cyber Smart! (DLH 10/25/2019)
Be Cyber Smart! (DLH 10/25/2019)Be Cyber Smart! (DLH 10/25/2019)
Be Cyber Smart! (DLH 10/25/2019)David Herrington
 
ICT and end user security awareness slides
ICT and end user security awareness slidesICT and end user security awareness slides
ICT and end user security awareness slidesjubke
 
Cyber Awareness 101 - essentials package for kids
Cyber Awareness 101 - essentials package for kidsCyber Awareness 101 - essentials package for kids
Cyber Awareness 101 - essentials package for kidssumitsiddharth6
 
HACKED PC : -I don't care attitude
HACKED PC : -I don't care attitudeHACKED PC : -I don't care attitude
HACKED PC : -I don't care attitudeanupriti
 
How to Recognize a Fake Email.pptx
How to Recognize a Fake Email.pptxHow to Recognize a Fake Email.pptx
How to Recognize a Fake Email.pptxSultan593473
 
Thoughts on Defensive Development for Sitecore
Thoughts on Defensive Development for SitecoreThoughts on Defensive Development for Sitecore
Thoughts on Defensive Development for SitecorePINT Inc
 
eSecurity! Keeping your Business and Customers Safe
eSecurity! Keeping your Business and Customers SafeeSecurity! Keeping your Business and Customers Safe
eSecurity! Keeping your Business and Customers SafeAVG Technologies AU
 
Let me in! 10 tips to better passwords
Let me in! 10 tips to better passwordsLet me in! 10 tips to better passwords
Let me in! 10 tips to better passwordsMarian Merritt
 
Building Trust in the Digital Age
Building Trust in the Digital AgeBuilding Trust in the Digital Age
Building Trust in the Digital AgeMarian Merritt
 
Rayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayane Hazimeh
 
Rayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayane Hazimeh
 
cyber security presentation (1).pdf
cyber security presentation (1).pdfcyber security presentation (1).pdf
cyber security presentation (1).pdfw4tgrgdyryfh
 

More Related Content

What's hot

How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?paula_bolivar
 
Sucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri Webinar: How to Optimize Your Website for Best PerformanceSucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri Webinar: How to Optimize Your Website for Best PerformanceSucuri
 
Network Like A Pro Pca10
Network Like A Pro Pca10Network Like A Pro Pca10
Network Like A Pro Pca10KimBrushaber
 
Bitcoin 100$ a day
Bitcoin 100$ a day Bitcoin 100$ a day
Bitcoin 100$ a day VitouPro
 
Hackers love that you are not doing these 9 things. - The Cyber Anchor Group
Hackers love that you are not doing these 9 things. - The Cyber Anchor GroupHackers love that you are not doing these 9 things. - The Cyber Anchor Group
Hackers love that you are not doing these 9 things. - The Cyber Anchor GroupBlake Mitchell
 
World Password Day Tips- 10 Common Password Mistakes to Avoid in 2018
World Password Day Tips- 10 Common Password Mistakes to Avoid in 2018 World Password Day Tips- 10 Common Password Mistakes to Avoid in 2018
World Password Day Tips- 10 Common Password Mistakes to Avoid in 2018 Thycotic
 
Btc autopilot method
Btc autopilot methodBtc autopilot method
Btc autopilot methodMax Fom
 
Bitcoin 100$ a day
Bitcoin 100$ a dayBitcoin 100$ a day
Bitcoin 100$ a dayThoSantiago
 
Bitcoin 100$ a day autopilot
Bitcoin 100$ a day autopilot Bitcoin 100$ a day autopilot
Bitcoin 100$ a day autopilot AbsoluteVital
 
Bitcoin 100$ a day
Bitcoin 100$ a dayBitcoin 100$ a day
Bitcoin 100$ a daybadboy102030
 

What's hot (10)

How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?
 
Sucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri Webinar: How to Optimize Your Website for Best PerformanceSucuri Webinar: How to Optimize Your Website for Best Performance
Sucuri Webinar: How to Optimize Your Website for Best Performance
 
Network Like A Pro Pca10
Network Like A Pro Pca10Network Like A Pro Pca10
Network Like A Pro Pca10
 
Bitcoin 100$ a day
Bitcoin 100$ a day Bitcoin 100$ a day
Bitcoin 100$ a day
 
Hackers love that you are not doing these 9 things. - The Cyber Anchor Group
Hackers love that you are not doing these 9 things. - The Cyber Anchor GroupHackers love that you are not doing these 9 things. - The Cyber Anchor Group
Hackers love that you are not doing these 9 things. - The Cyber Anchor Group
 
World Password Day Tips- 10 Common Password Mistakes to Avoid in 2018
World Password Day Tips- 10 Common Password Mistakes to Avoid in 2018 World Password Day Tips- 10 Common Password Mistakes to Avoid in 2018
World Password Day Tips- 10 Common Password Mistakes to Avoid in 2018
 
Btc autopilot method
Btc autopilot methodBtc autopilot method
Btc autopilot method
 
Bitcoin 100$ a day
Bitcoin 100$ a dayBitcoin 100$ a day
Bitcoin 100$ a day
 
Bitcoin 100$ a day autopilot
Bitcoin 100$ a day autopilot Bitcoin 100$ a day autopilot
Bitcoin 100$ a day autopilot
 
Bitcoin 100$ a day
Bitcoin 100$ a dayBitcoin 100$ a day
Bitcoin 100$ a day
 

Similar to MacMAD MacOS Security

Be Cyber Smart! (DLH 10/25/2019)
Be Cyber Smart! (DLH 10/25/2019)Be Cyber Smart! (DLH 10/25/2019)
Be Cyber Smart! (DLH 10/25/2019)David Herrington
 
ICT and end user security awareness slides
ICT and end user security awareness slidesICT and end user security awareness slides
ICT and end user security awareness slidesjubke
 
Cyber Awareness 101 - essentials package for kids
Cyber Awareness 101 - essentials package for kidsCyber Awareness 101 - essentials package for kids
Cyber Awareness 101 - essentials package for kidssumitsiddharth6
 
HACKED PC : -I don't care attitude
HACKED PC : -I don't care attitudeHACKED PC : -I don't care attitude
HACKED PC : -I don't care attitudeanupriti
 
How to Recognize a Fake Email.pptx
How to Recognize a Fake Email.pptxHow to Recognize a Fake Email.pptx
How to Recognize a Fake Email.pptxSultan593473
 
Thoughts on Defensive Development for Sitecore
Thoughts on Defensive Development for SitecoreThoughts on Defensive Development for Sitecore
Thoughts on Defensive Development for SitecorePINT Inc
 
eSecurity! Keeping your Business and Customers Safe
eSecurity! Keeping your Business and Customers SafeeSecurity! Keeping your Business and Customers Safe
eSecurity! Keeping your Business and Customers SafeAVG Technologies AU
 
Let me in! 10 tips to better passwords
Let me in! 10 tips to better passwordsLet me in! 10 tips to better passwords
Let me in! 10 tips to better passwordsMarian Merritt
 
Building Trust in the Digital Age
Building Trust in the Digital AgeBuilding Trust in the Digital Age
Building Trust in the Digital AgeMarian Merritt
 
Rayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayane Hazimeh
 
Rayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayane Hazimeh
 
cyber security presentation (1).pdf
cyber security presentation (1).pdfcyber security presentation (1).pdf
cyber security presentation (1).pdfw4tgrgdyryfh
 
The Hacker's Guide to NOT Getting Hacked
The Hacker's Guide to NOT Getting HackedThe Hacker's Guide to NOT Getting Hacked
The Hacker's Guide to NOT Getting HackedJakub Kałużny
 
Awareness Security 123.pptx
Awareness Security 123.pptxAwareness Security 123.pptx
Awareness Security 123.pptxRajuSingh730938
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxBilmyRikas
 
USG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptxUSG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptxssuser59e4b8
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxsumita02
 
Security_Awareness_Primer.pptx
Security_Awareness_Primer.pptxSecurity_Awareness_Primer.pptx
Security_Awareness_Primer.pptxFaith Shimba
 
Protecting Microsoft Teams from Cyber Security Threats - a Practical Guide
Protecting Microsoft Teams from Cyber Security Threats - a Practical GuideProtecting Microsoft Teams from Cyber Security Threats - a Practical Guide
Protecting Microsoft Teams from Cyber Security Threats - a Practical GuideBenedek Menesi
 
Security and the Service Desk
Security and the Service DeskSecurity and the Service Desk
Security and the Service DeskNorthCoastHDI
 

Similar to MacMAD MacOS Security (20)

Be Cyber Smart! (DLH 10/25/2019)
Be Cyber Smart! (DLH 10/25/2019)Be Cyber Smart! (DLH 10/25/2019)
Be Cyber Smart! (DLH 10/25/2019)
 
ICT and end user security awareness slides
ICT and end user security awareness slidesICT and end user security awareness slides
ICT and end user security awareness slides
 
Cyber Awareness 101 - essentials package for kids
Cyber Awareness 101 - essentials package for kidsCyber Awareness 101 - essentials package for kids
Cyber Awareness 101 - essentials package for kids
 
HACKED PC : -I don't care attitude
HACKED PC : -I don't care attitudeHACKED PC : -I don't care attitude
HACKED PC : -I don't care attitude
 
How to Recognize a Fake Email.pptx
How to Recognize a Fake Email.pptxHow to Recognize a Fake Email.pptx
How to Recognize a Fake Email.pptx
 
Thoughts on Defensive Development for Sitecore
Thoughts on Defensive Development for SitecoreThoughts on Defensive Development for Sitecore
Thoughts on Defensive Development for Sitecore
 
eSecurity! Keeping your Business and Customers Safe
eSecurity! Keeping your Business and Customers SafeeSecurity! Keeping your Business and Customers Safe
eSecurity! Keeping your Business and Customers Safe
 
Let me in! 10 tips to better passwords
Let me in! 10 tips to better passwordsLet me in! 10 tips to better passwords
Let me in! 10 tips to better passwords
 
Building Trust in the Digital Age
Building Trust in the Digital AgeBuilding Trust in the Digital Age
Building Trust in the Digital Age
 
Rayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and students
 
Rayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and studentsRayane hazimeh building trust in the digital age teenagers and students
Rayane hazimeh building trust in the digital age teenagers and students
 
cyber security presentation (1).pdf
cyber security presentation (1).pdfcyber security presentation (1).pdf
cyber security presentation (1).pdf
 
The Hacker's Guide to NOT Getting Hacked
The Hacker's Guide to NOT Getting HackedThe Hacker's Guide to NOT Getting Hacked
The Hacker's Guide to NOT Getting Hacked
 
Awareness Security 123.pptx
Awareness Security 123.pptxAwareness Security 123.pptx
Awareness Security 123.pptx
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
 
USG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptxUSG_Security_Awareness_Primer (1).pptx
USG_Security_Awareness_Primer (1).pptx
 
USG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptxUSG_Security_Awareness_Primer.pptx
USG_Security_Awareness_Primer.pptx
 
Security_Awareness_Primer.pptx
Security_Awareness_Primer.pptxSecurity_Awareness_Primer.pptx
Security_Awareness_Primer.pptx
 
Protecting Microsoft Teams from Cyber Security Threats - a Practical Guide
Protecting Microsoft Teams from Cyber Security Threats - a Practical GuideProtecting Microsoft Teams from Cyber Security Threats - a Practical Guide
Protecting Microsoft Teams from Cyber Security Threats - a Practical Guide
 
Security and the Service Desk
Security and the Service DeskSecurity and the Service Desk
Security and the Service Desk
 

Recently uploaded

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 

Recently uploaded (20)

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 

MacMAD MacOS Security

  • 1. SECURITY ON THE MACINTOSH Jamie Cox - MacMAD User’s Group
  • 2. Security Against What? ▪ Security of what against what? ▫ Loss of Use of Computer ▫ Disclosure of Private Data ▫ IdentityTheft ▫ OutrightTheft of $$$ ▫ Destruction of Data ▪ TheThreats ▫ Hardware Failures, Fires, etc. ▫ Malicious Software ▫ Phishing Attacks
  • 3. Most Probable Events ▪ Hard Drive Failure ▪ Password Compromise for On-Line Service ▪ Malware Gets In BecauseYou: ▫ Clicked on a Link in an Email ▫ Visited a Malicious or Compromised Web Site
  • 4. Common Fallacies ▪ “No One Would Bother to Hack My Computer” ▪ “My Account is not important enough to hack” ▪ “So What if someone reads my email?” 4 The Bad Guys: ▪ Use Shotgun approach ▪ Aim to get into as many computers as possible ▪ Use the Domino Theory: Any account provides leverage to get into more important accounts
  • 5. 5
  • 6. Mac App Store Only 6 Kevin Mitnick, famous hacker er… “security consultant” says:
  • 7. Top ~5 Things You Can Do 0. Regular Backups - (another meeting topic) 1. Frequent Software Updates 2. Strong, UNIQUE Passwords 3. Don’t run as administrator • Surf and read email on a user account • Install Software from an admin account 4. Never Click Links in Email 5. Use a Password Manager 6. Use 2-Factor Authentication
  • 8. Prompt Software Updates ▪ The Software Update Cycle ▪ Software HasVulnerabilities ▪ (Security Bugs) ▪ Someone FindsThem ▪ Vendors Issue Security Patches ▪ TheVulnerabilities are now known publicly ▪ Bad Guys Use them against people who haven’t updated ▪ Lather, Rinse & Repeat
  • 9. Frequent Software Updates ▪ Apply Updates Promptly ▪ Apply Updates From WithinThe App Store ▪ Otherwise, Do Not Install Software Unless it wasYOUR idea to do it ▪ UnlessYOU went looking for it
  • 11. Spammy Phishing Email #2 11 Don’t Click Links in Emails
  • 13. Phony Email Detection 13 Does that look like an officialApple URL? No.
  • 14. Unique Passwords ▪ Use Unique Passwords for Each Online Site ▪ When One Site is Compromised… ▪ Hackers try those usernames/passwords on other sites ◾What HappensTo AllYour Other Sites? ◾Use a Password Manager ◾Password Generator
  • 15. Is This Your Password? 123456 password 12345 12345678 qwerty 1234567890 1234 baseball dragon football 1234567 monkey 15 letmein abc123 111111 mustang access shadow master michael superman 696969 123123 batman trustno1
  • 16. Use Strong Passwords ▪ Terrible Passwords: 123456, password, fido ▪ Poor Passwords: ▫ Dictionary Words: telephone ▫ Birthdays, Names, 122555 BobSmith ▪ Strong Passwords ▫ 10+ Characters of Junk, Mixed Case & Specials ◾M4cM4d*Xamp1e ◾Initials of a phrase: ◾Over the River AndThruThe Woods: 0tr&ttWtghwg ◾Best Passwords ◾Random gibberish: e.g.:A2dpq%6cubbSKp
  • 17. This is a Password Manager 17
  • 18. Keychain Access ▪ Apple’s Free, Built-In Password Manager 18 ▪ Since OS 8.6, &1999 ▪ For Safari Browser Only ▪ Autofills Accounts & PWs ▪ Syncs with iCloud ▪ MacOS & iOS Only ▪ Secured with your logon Password
  • 19. 1 Password and LastPass $29.99 Mac App Store agilebits.com IOS “Pro Features” $5.99 $FREE at lastpass.com Premium $12/year
  • 20. Don’t Run as Administrator Only UseYour Admin Account when Installing or Upgrading
  • 21. Two Factor Authentication ▪ Varies by Site ▪ Not all Sites support 2nd Factor ▪ eBay, PayPal ▪ Google ▪ iCloud (Apple) ▪ Second Factor is Usually a Random-Looking Number ▪ Sent to your phone ▪ Computed by an app or a dongle 21