Category Archives: apple
Apple launched OS X Yosemite and El Capitan with a little known security feature called ‘Stealth Mode’. This feature was added to the Firewall and would be useful to enable if you use your Mac on unsecured or public networks.
When you enable Stealth Mode, your Mac’s firewall will hide your OS X Yosemite and OS X El Capitan computer from ping scans that attempt to discover system information or look for open ports which might have vulnerabilities. Stealth Mode protects both Yosemite and El Capitan Mac OS X users from packet requests from a closed TCP and UDP network as well as from hackers and malware.
How to enable Stealth Mode
- Navigate to > System Preferences
- Click > Security & Privacy > Firewall
- Click the lock to make changes – enter your OS X password
- Click > Turn On Firewall
- Click Firewall Options… > Click the ‘Enable stealth mode’ checkbox
Alternatively you might want to use Terminal to enable Stealth Mode:
/usr/libexec/ApplicationFirewall/socketfilterfw --setstealthmode on
Turn off Stealth Mode as follows:
/usr/libexec/ApplicationFirewall/socketfilterfw --setstealthmode off
My suggestion is only enable Stealth Mode when you use unsecured or public networks, as it’s not required for use (and can cause problems) on private networks.
Once you redeem iTunes Gift Cards or iTunes Gifts on iOS (tested on iOS 9.x), your updated balance will appear in your iTunes Store account. When you purchase content, iTunes will deduct funds from the credit until it is depleted.
Note: You can also do the following through iTunes, the Mac App Store or the iBooks Store.
Checking your balance on iOS:
- Tap iTunes Store, App Store or iBooks
- In iBooks, tap Featured at the bottom of the screen
- Scroll to the bottom of page
- If you are signed in, tap Sign-In and enter your Apple ID and password
- If you have a credit balance, you’ll see it below your Apple ID*
*If you are not in credit, the credit balance will not be visible.
If you have insufficient store credit to purchase content, iTunes does not prompt you with a notification reminder upon clicking to purchase. Permitting customers to purchase content without notifying them at checkout that their iTunes payment credit or debit card is about to be debited the outstanding difference, could be perceived as deliberate by design.
Mac OS X 10.11 or later doesn’t support the “Secure Empty Trash” feature. This was removed as it actually didn’t securely delete files placed in the Trash. Apple also identified an issue with guaranteeing secure deletion of Trash files on some systems, such as those with flash storage.
Apple responded by removing the “Secure Empty Trash” option from OS X 10.11 or later versions. You could use FileVault if you are worried about your privacy. Alternatively, you can use the Mac Terminal app to securely remove files using the ‘srm’ command. Securely deleted files or folders uses a 35-pass erase (Gutmann algorithm), which complies with the US DoD 5520.22-M standard.
As with my previous posts, using Terminal can be dangerous, so you should only use this, if you are familiar with the command line. Repeat the following steps to use the ‘srm’ (see NOTE below) command to securely delete files or folders as and when you want:
- Locate the file(s) in OS X Finder
- Open Spotlight > Type “Terminal” and hit the return key to open Terminal app
- Copy the following syntax to delete a file
OS X Server for Mavericks, Yosemite, Mountain Lion and Lion has an adaptive firewall built in that controls incoming access based on client attempts to abuse the OS X Server. The adaptive firewall in Yosemite can be controlled in OS X Server in the Access pane.This allows you to create default access rules and custom rules for specific services.
For the less technical savvy, I’d suggest enabling the adaptive firewall to generate a rule for when a user or IP address generates 10 consecutive failed login attempts. You will need > Terminal and run all the following commands on the Terminal server as an admin:
Cut and paste this code if you use OS X Server on Mavericks or Yosemite:
sudo pfctl -f /etc/pf.conf
You will see an error reporting ‘No ALTQ support in the kernel’ and it being disabled appears; please ignore it. Now cut and paste the following:
sudo /Applications/Server.app/Contents/ServerRoot/usr/sbin/serverctl enable service=com.apple.afctl sudo /Applications/Server.app/Contents/ServerRoot/usr/libexec/afctl -c sudo /Applications/Server.app/Contents/ServerRoot/usr/libexec/afctl -f
You will see the same error as above reporting ‘No ALTQ support in the kernel’ and it being disabled appears; please ignore it again.
As above and if you use OS X Server on Mountain Lion or Lion (also note the errors):
iOS9 provides some additional security and privacy improvements. The major security highlight included a six-digit passcode(which actually makes it harder to brute-force attack a passcode) option, rather than four-digits. This option is available to all iOS9 supported devices, including the Touch ID-enabled iPhones and iPads.
Note: The following assumes you were using the four-digit passcode.
How to enable six-digit passcode
- Settings > Passcode > ‘Type in your Passcode’
- Tap > Change Passcode > ‘Enter your old passcode’
- Tap > Passcode Options > 6-Digit Numeric Code
- Type your new 6-digit numeric code > Verify your new passcode
TIP: Repeat one of the digits in your 6-digit passcode. This makes it harder to guess from smudge marks on the screen.
Why did Apple provide the 6-digit passcode option?
There are 10,000 possible combinations that the digits 0-9 can be arranged to form a 4-digit passcode, whereas with a 6-digit passcode, there are over 1m.
Chip & Pin numbers (4 digits) are often re-used with mobile devices and accessing mobile apps (that require a PIN), so setting up the 6-digit passcode on your iOS device, should be the first security and privacy measure after this upgrade.