OS

That Time Were My Security Paranoi Might Pay Off in a Real World personal Scenario

by

In a recent post I wrote about how I had to wipe my Mac Mini at home due to a potential compromise in my chrome browser. The ironic thing with that issue was for months I’ve already started taking steps to minimize the chance of such an exploit. The problem likely began months earlier and didn’t present itself until recently however the damage was already done. It just justifies the extreme measures I am taking taking in regards to securing my web browsing.

At a high-level my approach is isolating some but not yet all of my browser traffic to Linux virtual machine. I know that theoretically a virtual machine is not 100% isolated. I’m willing to chance using the virtual machine over booting into TAILS using a USB key. That level of inconvenience is not something I typically want to be bothered with and I feel that my current solution will be good enough.

Within the virtual machine I installed Firefox and chrome browsers as well as the TOR browser. I also configured open VPN to use my VPN provider. I then set up a visual cue i.e. a distinct background of the virtual machine to note that when I am using it I am in a semi-isolated system.

To protect the virtual machine from most exploits I take a snapshot about every month that includes the latest patch level for all the applications in the operating system. I do not ever use the virtual machine prior to that snapshot to do anything other thank update software or make base OS and application configuration changes I want to be persistent. Once a snapshot is taken I will use the virtual machine and then when I’m done I will revert back to that clean snapshot. I might not revert back to the clean snapshot after each use however I try to do it as often as possible. At minimum when I go to update the virtual machine I will revert back to the last known good “clean” snapshot and upgrade that. Then I’ll take another snapshot.

Late last year I implemented this solution using an Ubuntu 14.04 virtual machine. In April I built new ones using Ubuntu 16.04. Because I own a copy of VMware Fusion for personal use and a work copy of Parallels I have both virtual machine flavors of the operating system image. Other than a few minor tweaks with the new image the 16.04 version is mainly an operating system upgrade. I now have a “secured virtual machine” on all the main computers that I use day-to-day.

The solution isn’t perfect however as a first pass at this I feel that it gives me the best trade-off between additional security and ease of use. The VPN gives me some anonymity. TOR And VPN gives me more. The snapshot of the virtual machine decreases the chance that the system can be infected.

Longer term I want to build a dedicated machine for TAILS or Quibs. That solution would only work at home since I need a dedicated computer setup for it.  For now I will settle for the VM solution I have implemented until I am comfortable using it and able to accept the extra effort involved in a dedicated machine configuration.
What’s interesting or disturbing to me is some corporate executives and even government representatives (NSA labels Linux Journal readers and Tor and Tails users as extremists

The Time I Had To Nuke The Site From Orbit

by

Back in mid July I noticed something odd with my Mac Mini.  It turned out that At some point in the past few months my chrome browser on my Mac Mini at home was compromised. I’m not sure if it was malware or a configuration hack on the browser.

The problem may have existed for some time. I do not normally use chrome on my home Mac. What I noticed that was odd behavior  after I launched chrome to log into my Google account. Whenever I use my Google account I always login via chrome. Call me paranoid but I do not want Google possibly tracking activities via my login on Safari that I use as my daily browser. When I attempted to log in I noticed that after clicking on login from Google.com  I got some fake message about my Google account being compromised. The funny thing was I never actually gave it my login credentials and the screen that was displayed didn’t look at all like standard page on any Google site I have been on.

My first reaction was to clear all the settings on the browser like it was a brand-new set up. I then tried again however the problem persisted. That was concerning to me.

My next step was to completely delete the Chrome browser from my Mac and download a fresh copy from Google.com using a different browser. That worked and once I installed the new version everything seemed okay. The lingering question I had was how contained was the problem I had? I some confidence but not enough that  issue was purely within chrome.   I had no definitive evidence to back myself up. 

To be safe in the immortal words of Riply from the movie Aliens  “nuked the site from orbit”. I created a carbon copy cloner image of my OS drive and then deregistered any application I needed to associated with this computer and wiped it. That was the only way to be sure that there was no ongoing compromise to my system.

The rebuild process was slightly challenging and took more time than I’d hoped. As I was trying to reformat the drive in recovery mode the computer kept crashing. I am not sure why.  That forced me to start to do a network boot and download the original operating system that came with this Mac bypassing the step on my local hard drive that was crashing. The machine is from 2012 so that meant at least three OS upgrades to get me to the latest. By the time I completed the original OS install I was able to download El Capitan on my MacBook Pro and create a boot USB key. The USB key worked so I was able to save a significant amount of time and jump right to El Capitan.  I was handful I did not need to complete several more upgrades. The parallel efforts paid off of trying to create the sub key boot disk from my laptop paid off.

Once I had my base install done I was able to patch the system and install the standard applications that I typically use. Because I use Bittorrent Sync for replicating my data restoring most of the system was as simple as reseeding my data on this machine. It took several days for the data to replicate however when it was done everything was fine.

Weeks later there are still some applications I haven’t finished setting up yet. Of course that means I don’t use them that often so it’s a minor inconvenience. The main applications I use already set up and working perfectly fine.

For me the moral of this story is my data replication set up works. I also confirmed what I already knew that no matter how diligent I am I can still be compromised. I think the problem is existed for a while however have no way to prove it. Recently I have started compartmentalizing some of my web browser to prevent such exploits. That I hope will mitigate risk for the future however nothing is 100% safe. That Compartmentalizing effort in and of itself is a blog entry I’m working on.

Mac OS Yosemite

by

Its that time of year again. Apple has come out with its new OS. This time around I tried the Beta on my personal laptop. I was pretty happy with it so i installed it my remaining computers today when it became available.

One thing that is always a challenge when Apple OS upgrades come out is that some apps just don’t work. Typically it is my VPN app or Dragon Dictate or something specialized. This year I was pleased to see that everything worked without needing upgrades.

The biggest challenge for me isn’t upgrading my personal machines (I already did that). it will be upgrading MC’s and getting my parents iMac upgraded. I think MC is on Mavericks but her Macbook is getting up there in age. My parents are now 2 OS versions behind and getting time to go over there and upgrade is challenging.

Next Gen MacBook Air

by

After much pondering I broke down and put an order in for a new MacBook air 13 inch. I bought a 2011 model last August and I’ve been very happy with it, except for a few drawbacks. The new model seems to correct all the drawbacks I’ve experienced. The only thing I had to do to get it was spent a lot more money for it. I think it’ll be worth it in the long run. I have been generally upgrading laptops every year so, and in the near future I don’t think that’s going to happen with a baby on the way so I want to get the upgrade out-of-the-way and be happy with additional capacity now.

This new MacBook air is sporting eight gigs of RAM and a 512 gig SSD drive. The old model didn’t have enough memory for what I was using it for, especially running a virtual machine. I also maxed out the 256 gigs on the old one SSD, so going for the 512 gig SSD was a must. But that upgrade broke the bank. I contemplated going for a MacBook Pro 13 inch with the regular hard drive but the cost difference and the performance difference really didn’t make it worthwhile for me. I’ve been spoiled with the SSDs in the Air’s for the past two years so going back to a 5400 RPM hard drive wasn’t really something I wanted to do. Other notable improvements is the USB three, but I really don’t have any use for it at this moment. Also the Core i7 dual core processor is slightly faster than what I’ve been used to all my old air.

It doesn’t come with Mountain Lion, but I get a free upgrade when it comes out in a few weeks.  I will probably buy the upgrade anyway since I have other computers I want to upgrade anyway, and the free upgrade is only for this laptop.

So far I’ve been extremely pleased with the upgrade. Now all I have to do is eBay my old laptop.

Almost All Mac, Well Sometimes…

by

For over a year I have opted into a “bring your own equipment” pilot with my company.  It basically allows me to use a Mac at work.  There has been a great community helping with how too’s, what apps to use to replicate Windows apps, etc.  For the bulk of that time I have generally opted to continue to use a Windows machine.  It wasn’t because I wanted to, but it was because of limitations of email.  More specifically it was Entourage was a horrible app that came no were near its Outlook for Windows equivalent, and then it was that Outlook 2011 wasn’t compatible with the Exchange system I was using.  Last month that last part changed and I was able to use Outlook on the Mac.  It was the last major piece to my going all Mac again at work.

Over the past month I have been going days using all native Mac apps when working remotely and then days of using my Windows machine in the office.  For the most part I am able to work 80% or more on native apps on my mac when I try.  There are a few websites I need that require IE, plus doing certain things in Sharepoint is better looking or just easier to do in IE.  I can do a lot in Sharepoint on the mac but I do default back to IE a lot.

I also had a few issues with Webex on Lion.  I still have issues if logging in via one of the two Webex portals I use.  The other I found a work around for and it does work.  So half the Webex’s I need I have to goto my iPad or a VM.

As I mentioned earlier the big hold back was email.  Now that I can use outlook 2011, for a while I didn’t want to.  It is Outlook and much better than Entourage, however it is not as feature rich as Outlook 2010.  Plenty of reviews covered that.  But even with its limitations it is growing on me.  I am not yet ready to go all mac every day but I am getting closer.  Right now I am at 2-3 days a week.  Since I sit at a computer 8+ hours a day a change like this will take a while to get used to.  For now I hope to continue to be mostly Mac at work more days a week.

 

Mac OS 10.6

by

Today I received my copy of Mac OS 10.6 (I refuse to call any Mac OS by their animal names). Last night I backed up my Media Center iMac using Carbon Copy Cloner so i could have a full copy of my old configuration in the even the install causes problems. I like to wipe my computer before installing any OS. Previously I was never happy with the left over bits of the old OS when upgrading any Windows OS. I know I have read that the Mac OS upgrade is seamless but I am still not 100% convinced. I have used the migration wizard to move my apps and configurations from one mac to another when upgrading but that was between like OS’s (10.4 to 10.4). I do selectively copy the configuration files and “Application Support” files in the Library, but generally I start from scratch. That unfortunately requires a bit of effort.

Since I read that several programs that I rely on are not fully compatible with 10.6 I decided to try out the new OS on my media center machine before trying my main computer. The last time a new Apple OS came out I backed up my macbook using CCC and just booted back to the old OS when I needed applications that wouldn’t work with 10.5. This was a pain, but the price I paid for upgrading the day the software came out. This time around I think more of the programs I use are supported but there are a few key ones that are keeping me from taking the plunge on my main computer.

The install on my media center went well. I have what I believe to be all of the apps I use on it setup. The only glaring exception is the screen saver I like Fliqlo does not seem to work. Other than that everything else seems OK. I wanted to try the iMac I use for a media center first since it doesn’t have anywhere near as many applications on it than my main machine. So far that was a good decision. I am in the process of copying back a few remaining media files but I think the new OS install was a success.

, , , ,

Windows 7 Release Candidate

by

Last night I downloaded the Release Candidate for Windows 7. I had some false starts trying to install it on my Netbook last night. I finally was able to get the install files on a bootable USB flash drive I had. Once that was done it was really easy getting the OS on my Netbook. Since work was hectic today I only just got around finishing most of the install. I have the basic apps on it that I use.

I have to say I am so far impressed with what I see. I don’t know the true benchmarks but Windows 7 seems much faster than Windows XP Home was on the Atom processor. Granted I haven’t really run any apps. I have just been installing them, but the system does seem more responsive than with XP. The graphics on 7 are nice also. I like pretty, yet functional OS’. Right now I have the HP Mini 1000 plugged into a 23″ display and it is working fine. I will continue to play with it over the next few days, but my first impressions are positive. The only main downside I see is that at idle with 1 program running (IM) the system is using around 46% of my 2gigs of RAM. Not as bad as Vista, but not by much.

The Laptop Upgrade

by

I got a new laptop at work today. I am switching from a Thinkpad T61 to a Dell Latitude D430. The 430 is not as fast as the Thinkpad, but it is only 3lbs. Since I am never in the same place two days in a row working it is worth the performance loss to get the portability. I am not a huge fan of the fact that the build I get has XP on it but so did the Thinkpad so I am not complaining that much. I had to spend what little free time I had today moving my stuff onto the new computer so I can give back the old one. I guess it is being repurposed right away. The jury is still out on how good the Latitude is. My D420 at Redcats wasn’t horrible, so I am hopeful this guy is pretty good.

iPhone 2.2

by

I upgraded today to the iPhone latest version of the iPhone software, 2.2. On the off chance that the problem I had last week with my iphone not syncing with my computer was related to the phone and not the computer I am updating the software right away. So far I don’t see any major features stand out. I am happier that my Apple TV has a new OS version on it so I can control the volume of the Apple TV using my remote software on the iPhone! Now that is functional!

, , ,

Vista

by

I am once again dabbling with Microsoft Vista. I installed Vista using bootcamp on my Mac Mini the other day. Now that I am using the iMac more and more, I can give the Mini a dual role of normal Mac and Vista. The iMac is much more powerful so using it for video processing and other functions I used to do on the Mini makes sense. WIth the Mini freed up I can play with it and do Vista on it. So far I haven't put any software on it. I am just tweaking the install and patching it. I don't know why I am really spending any time with Vista if I am so happy with my Mac. I guess my need to tinker outweighs common sense sometimes. Not to worry I am not abandoning my Mac any time soon. On the contrary, I am waiting for the new Macbook's or Macbook Pro's to get released so I can upgrade.