Cloudburst! – First reports of iCloud security breaches surface

Social Engineering. That’s a polite term used to describe the art of lying
to obtain sensitive information from unsuspecting victims, or in this case,
service providers. It’s a tactic that has been used for decades, whereby
someone poses to be you, and asks a series of carefully worded questions
designed to get into your account. If the setup is convincing enough,
compassionate service staff is duped into helping an impostor access your
account. Remember those times you tried to “talk sense” to the support desk,
but they wouldn’t help you if you couldn’t remember the answers to security
questions? This is why. These kinds of social engineers have gotten really good at pleading
for help on your behalf (or what the target assumes is your behalf). Situations range from “mom is in the hospital”, “I’ll lose my job”, to the financial ruin they (you) will face unless they (you) can retrieve that spreadsheet for a meeting. With multiple online services that don’t use a standardized security format, innocuous information on one account can serve to unlock an account elsewhere. According to Mat Honen, an IT journalist for Gizmodo and Wired Magazine, this was the tactic used to wipe the last year of data he stored on iCloud. He is the first to admit that as an IT journalist, he should have known enough to backup his data elsewhere, in addition to what he had in the Cloud. But like many of us, he never quite got around to it. A link to the full story of his nightmare is posted at the end of this article.

In the beginning of our modern era, social engineering was used effectively by pranksters to gain information about phone services, so they could then make calls for free. (Case in point, Steve Jobs and Steve Wozniak, who went on to build “Blue Boxes” to place free long-distance calls). Since then, criminals have taken the art to entirely new levels, gaining access to email, online data, credit card information, and even bank and investment accounts.

How many times have you requested a new password be emailed to you because you couldn’t remember it? Hacking a server that stores your email could make it available to that hacker. There are time limits on temporary passwords, in an effort to protect you of course. However, many of us out there use the SAME password across to board, for all accounts. Once one “harmless” account’s password is revealed within an email, it can be used to
unlock everything else, for an unlocking, cascading, domino effect bonanza. Worried yet?

In the aftermath of Mat Honen’s disaster, Apple has quietly made adjustments to their security procedures. (Mat, by the way, was by no means the only victim. He just happens to be the public face on the issue). At Applecare, passwords will apparently no longer be reset over the phone. Period. That takes some of the human error out of the equation. Amazon, meanwhile, is said to be reviewing its security practices as well.

So do we throw up our hands in surrender? Do we lose sleep over all the data we have already sent out via email, shuddering at the implications of the security risk? No. What we want to do is lock down our information in a simple, yet effective manner. First, don’t upload your sensitive data to a “cloud” (read “online storage”) account of any kind, UNLESS you encrypt it first. Encryption can be achieved in several ways. There are inexpensive apps available to do the job, or you can use the Disk Utility in your Utilities folder, to create what’s known as an encrypted disk image. (See our how-to video clip on how to do that, coming soon). Microsoft Word also offers a relatively easy way of password-protecting documents from within the program. The catch is, of course, that if you forget that password, the data is irretrievable. The average Joe will not be able to get back in to that data, nor want to pay some genius hacker somewhere to crack it open. Back it up before you encrypt it and post it.

Second, don’t send explicit photos of your naked significant other via email, unless you won’t mind those images being posted  across the universe, completely out of your control. Eventually, someone you never intended, somewhere you never imagined, could access those images and run with them, even use them on their own site. Just ask the thousands of teenagers who have faced suspension, expulsion and / or ridicule as their private images made the rounds of their schools. Or celebrities whose smartphones were supposedly hacked (more likely, things were forwarded, then forwarded again, multiple times).

Third, do not use the same password for your online banking, your online gaming site, and the local online pizza delivery service. Use passwords that make sense to you, but no one else, preferably combining an invented word or short phrase with a number (NOT “123”!) Create a high-security, for-your-eyes-only password that only YOU know, for your online financial accounts. Never stick to a temporary password a provider gives you. It’s best to take the time to go in and change that temporary password to something you will remember. Who can remember “tZ005Ty#4eduL”? Not me. We encourage clients to change their passwords on their Macs after we’ve made a service call. Or, they can change their admin passwords to something they’d only use for troubleshooting, then change it back to something private and more secure after a technician leaves. Absolutely valid. For our part, as techs for our clients, we do not track client passwords as a matter of policy. We fully expect our clients to change their passwords themselves on a regular basis. It’s the smart thing to do. (For instructions on how to do this on a Mac, see our how-to video. The process remains the same across all OS X versions)

It’s always fascinating to me when I find someone using their first name or the word “password” as their online password for anything. While I understand keeping it simple for the login in of a kid’s profile on a Mac at home, you would never want to use something like that online. Indeed, many online services won’t allow it, and will prompt you to choose something more secure. Other favorite (and easily guessed) passwords are pet names, kid names, addresses and birthdays. One scan of your facebook account will offer that information up pronto.

Believe me, I feel your pain. Who can track all the various types of passwords that online services, computers, and devices require to get anything done? Some sites want caps, no caps, numbers and symbols, while others require more than six, but no more than eight characters. Apple iTunes requires that you use a DIFFERENT password if you’ve already used a favorite one within the past year. And they wonder why a majority of IT guys are bald, but wear a goatee.

What we suggest to our clients is a database. There are many out there that will fit the bill. Obviously the database itself should be password protected, with something secure (read “complex”), yet easy for you to remember – like “Green!Berries9”. Bento, and offshoot of Filemaker, is a good option if you want to keep it relatively easy. Apple makes that available for download online for about $50. A database like Bento is more practical than a Word document, because databases are searchable. Yes, Word documents are searchable too, but who wants to scan through a Word document to find a password?

We would not recommend storing passwords online. Keep a written record somewhere in your home, preferably not in a booklet labeled “Passwords” on your kitchen table. Why not cut out a hidden compartment into that paperback copy of War and Peace, and hide it in there? Works for drug dealers. At least in the movies.

But seriously, we do NOT recommend storing passwords within your Mac address book. Now that contacts sync wirelessly, losing your phone means you could potentially lose your keys to your Kingdom, and to your identity.

Rather than going the other extreme, whereby you lock yourself in your house, unplug the computer from the internet, and refuse to store anything digitally, we suggest you take some necessary precautions when venturing onto the world wide web. Just as the safer days of leaving your door unlocked in a major city have mostly evaporated, so too have the carefree days of  surfing the internet. Use the “Cloud” by all means, but keep in mind what you upload could potentially fall into the wrong hands. (Several clients who had refused to use iCloud are feeling pretty smug about now). And always, always backup you data. It is so inexpensive and easy to do these days, that no one really has an excuse for losing data. Especially not, by his own admission, an IT journalist.

To read Mat Honan’s digital nightmare in detail:

Running out of space after upgrading memory. Hard Drives & RAM: Storage vs. Performance

We hear it often. “I just upgraded my memory, so how I can I be running out of space?” Do you know what an SSD is versus a SATA Drive? Or what it was you upgraded when you added memory to your Mac awhile ago? Apple is increasingly shipping more Macs (specifically Macbook Air laptops) with solid state drives (SSDs), and many users may not realize what it means to have an SSD versus a SATA drive. Why should you care? Because it’s all about your data. Often it’s not until a laptop runs out of space that the hard drive is given much thought. At that point. the proud owner of a fairly new Mac usually complains that the Mac was purchased with “a LOT of memory”, and is surprised space has run out.

I should explain that operational memory (RAM) is very different from storage memory (hard drive space). Although both use the same measurement format (megs and gigs), they are not the same. More RAM allows the computer to process more calculations at the same time. Think of the size of RAM as being room for the computer to work. The higher the RAM number (4 Gigs instead of 1 Gig), the faster the performance of the computer system. I’ve found that the amount of RAM can even be more important than processor speed itself. Our trusty G5 Tower here in the office had no trouble keeping up with a “faster”, yet less-endowed-with-RAM Intel Mac. Even though the processor (brain) of the G5 is technically slower, the 12 Gigs of RAM available to it allows it to process more data than an Intel Mac with a much faster processor, but only 2 Gigs of RAM. Increasing RAM is the easiest way for a user to improve the performance of his computer. Period. Most computer systems allow for the addition of at least one, larger or equal RAM chip. (See our article on RAM upgrades, coming soon).

The higher the Gig number of a hard drive (500 gigs instead of 160 gigs), the more data or files a drive can hold. For most laptops, the addition of memory refers to RAM (Random Access Memory), not Gigabytes of hard drive space. The addition of RAM is fairly simple and involves a few chips or mini circuit boards that are plugged in to slots. The addition of hard drive space requires replacing an existing hard drive for a larger one. RAM you may be able to add yourself. Hard drive, maybe not. Get a pro to help you.

So what are hard drives anyway? People may lament that theirs “crashed,” but it’s likely they couldn’t tell you how it works. Why should you care? Simply put, the hard drive houses ALL of your data. Every document, every application, photo, song, and your operating system too. Without that drive, your computer is toast – an assembly of parts without any instruction. Lose that drive, and you’ve lost it all, unless you have a copy or backup of your data somewhere.


A hard drive is a box that holds a sandwich of highly-polished, electromagnetic disks. These disks spin at varying speeds, almost all the time you’re using it. A standard speed for laptop hard drives was 5400 rpm (revolutions per minute), and is considered “ok”. A better, newer standard, is 7200 rpm. The faster the spin rate, the faster the hard drive can offer up data stored on it, which translates into better performance. Higher speeds are more desirable, and more expensive. (Not that long ago, drives that could maintain a spin rate of 10,000 rpm cost over $1,000 each). The challenge comes when we reach a trade-off between storage capacity of a drive, and the spin rate (rpm). The larger a drive gets, the more difficult it is to spin and read data from those disks accurately. Depending on the specs, a one terabyte (1TB) drive will operate more efficiently and faster than a 2 TB drive.

The capacity + speed + accuracy = expensive engineering and production. While a three terabyte (3x 1,000 megs) hard drive seems very desirable because of it’s size, that drive may be considerably slower than a 1 TB drive, and will thus slow down computer operation. Three TB drives generally run at 5900 RPM, while 1 TB drives usually run at 7200 RPM. One would want to get the best trade-off and return for ones investment, and match the capacity to required performance.

If we put a very large drive into an older Mac , performance could suffer because larger drives spin at 5900 rpm, and not 7200 rpm, like the 1 and 2 TB drives. Another issue is whether an older Mac can even recognize a large drives. Some older Macs cannot, but that’s another topic. A common mistake people make is to replace an original hard drive with the largest drive they can find. Their computers then become so sluggish that the users want to throw it through a window.

In short, we want to consider performance AND storage capacity when upgrading a Mac.

Enter the Solid State Drive. As it’s name implies, the SSD has no moving parts, thus there is NO spin rate. The SSD is a collection of silicone chips that have been assembled in an array, much like the USB flash drives we have all come to use and love for moving files between computers. While they have dropped in price considerably, SSDs are still much more expensive than the standard SATA drives. A 500 Gig SSD option currently runs $500 at Apple, while a 1,000 Gig SATA drive, with twice the capacity, runs about $110 at your local Best Buy store. If you do some minimum shopping around, 1 TB drives can be had for under $100. iMacs still sport 1TB SATA drives as a standard, but a second, smaller and faster internal SSD drive can be ordered for that iMac now – straight from the factory.

So why go SSD? Speed, space and weight. Apple builds all of its Macbook Air laptops with SSDs in them. The thin form factor, and light weight, require it. This also limits how much storage space is on those machines – currently a maximum of 500 Gigs. iPads and iPhones too have a form of SSDs built into them, which accounts for their speed, expense and limits to capacity.

Some die-hard fans of performance boosting modifications install Solid State drives in their towers (G5s and Mac Pros). An SSD configured properly in a tower allows it to boot up much more quickly, and applications to really snap to attention. Still, if you’re not an expert with manipulating operating systems from a variety of sources, you may want to reconsider trying this at home. It’s easy to get confused, not backup what you think you’re backing up, etc. There are other limitations too, and you have to be knowledgeable to set up necessary work-arounds.

And finally, there is much debate around which type of drive, the more traditional SATA drive, or the newly “standardized” SSD, is best in a recovery situation. Currently, the recovery of data from a crashed SATA or IDE drive is more likely to be successful than from an SSD. In the case of SATA or IDE (the two older types of drives found in most computers today), a hard drive “crash” usually involves failure of a slider or drive head (think needle of a phonograph), the motor that spins (called the “spindle”), or the controller card that controls communication between the drive and a computer connected to it. Replacing the spindle, re-calibrating or replacing the head, and / or the controller card often allows for full recovery. That sort of work remains the domain of specialists like DriveSavers, and is not something you would or should attempt. But the point is, if you have the budget, at least some data recovery is likely.

SSDs, on the other hand, employ chips. Depending on the damage, and because of the technology used to store data on them, data recovery from solid state drives is less likely. As a rule, we rely on SATA drives here in our office, and use SSDs as temporary, even experimental storage media. We assume the data on SSDs is transient, and backup to SATA drives. That USB flash drive on your keychain? Make sure the data on it exists somewhere else. USB flash drives can fail too.

To sum things up, before you rush out to take advantage of a performance-boosting Solid State Drive for your system then, think it over. And, if you are lucky enough to own a Macbook Air with a 500 gig SSD in it, make sure you have a regularly scheduled backup configured for it. Time machine will do that for you of course, but only if you set it up with a backup drive. It’s up to you.

Apple says “Last Chance – Really”

Just when you thought you had blown it, and lost everything, Apple gives you a reprieve. Thankfully, all is not lost after all. Go to, log in using your old mobile me or dot mac email account and password, and finally make the switch to icloud. Your mail will be moved to the new servers, and you’ll be able to continue using your mac email address. If you haven’t done it yet, make sure you do it NOW. This reprieve will expire soon. No, really, they really mean it. Seriously.

Note also that your existing settings within your email client (like Entourage, Apple Mail or whatever you use to manage mail) will have to be changed too. See the screen shot below for that information. (Click on it and it’ll be legible) And welcome back!

Countdown to June 30th – The End of MobileMe. Is it the end of your email and data?

In case some of you have been under a rock, or trapped on a deserted island without WIFI, allow me to bring you up to speed. The end of this month marks the end of MobileMe, the annual subscription service Apple once sold for $99 a year, which included synchronization of contacts, calendars, bookmarks, easy-to-create and use iWeb websites, find-my-iphone, back to my Mac, Photo Gallery and iDisk. While this post may seem repetitive, the questions we continue to receive make it clear that we really need to review this change again, before folks lose their email addresses or data. As corny as it sounds, time really IS running out here.

After June 30th, unless you’ve made the migration to a new server called “iCloud”, these services, and your precious (albeit perhaps under used) email address ending in either or, will evaporate and be irretrievable. The “new and improved” iCloud services will NOT include photo galleries, NOT include iWeb, nor include iDisk storage. If you have data stored online with iDisk, you’ll want to pull it off quickly and find an alternative (such as Photo Galleries will also evaporate, but your photos in the online galleries should already be in your iphoto library – so it shouldn’t be necessary to pull photos from your online galleries unless you’ve deleted them from iphoto.

Any websites you’ve created using iWeb, the handy site-creating tool, will disappear unless you move them to another host. Other web hosting companies have offered hosting for iWeb too, and it shouldn’t be difficult to find a new place to park your iWeb site. Currently, most iWeb sites reside on Apple’s servers dedicated to the domain. After June 30th, those sites will be gone. If you have iWeb sites, all you need to do is purchase a hosting account elsewhere, such as with or many other available vendors, launch iWeb, and change the settings in iWeb to publish using FTP. Note that, at some point, iWeb itself will cease to function. Systems updates will most likely render iWeb obsolete. Detailed explanations on how to move your iWeb sit can be found online, and soon in a how-to video here on our site.

The transition to iCloud is explained in more detail on a link to Apple’s Summary (“Apple iCloud Migration Info”) posted in our links column. The migration is for the most part automated, and simple to implement. Even if you don’t have the latest Lion operating system, you will be able to preserve your or email address, and eventually take full advantage of iCloud down the road. For today though, you’ll want to make sure you’ve at least taken the minimum precautions to avoid loss of your apple email, and perhaps any data you’ve been storing with Apple. If you’re a MobileMe user and don’t do anything, your or address and data stored with Apple will be toast come July 1st. Don’t say we didn’t warn you.

Good luck.

What can Siri, on the iPhone 4S, do for you?

Need a personal assistant but can’t afford one? Or are you a personal assistant trying to do the job of three people? Take another look at the iPhone 4S and Siri.

Siri is the personal digital assistant that is accessible via every iPhone 4S, and soon, the iPad. We say accessible because it’s not actually built-in to the phone, but rather “she” resides on a super-computer, accessed online. That’s why Siri’s performance can vary according to how good the iphone’s connectivity is. She’s an advanced online database, capable of remarkable voice recognition. But, go “off the grid” (outside the cellular or wifi network), and Siri asks you to get on the internet, then falls silent. To understand why some folks love Siri, and others are less enamored, let’s examine what expectations are vs. the real-life functionality.
Some of us couldn’t wait to get that iPhone 4S, and others don’t really see the point. The nay-sayers believe the iPhone 4 works just fine, and really, Siri has been a big disappointment for many, right? Well, not exactly. The iPhone 4S, just like it’s 3GS predecessor, is markedly faster than the 4. The screen is brighter, and certainly crisper with that retina display. But let’s face it. We live on our iPhones, having adopted it as an additional, indispensible appendage. We check for messages, updates, use it as a watch, a map, a pricing comparison tool, a problem-solver, a camera, a camcorder, a journal, a level, and a flashlight – all in less than an hour. And, it’s a phone. I almost forgot.

Yes, we’ll admit it. We are hooked. And since we use the iPhone so much (to the point we might have to consider a 12-step program to pull us away from it . . . briefly), speed and ease of use is paramount. Enter Siri, supported by a dual A5 processor. Tired of tapping away on those little keys? Ask Siri to write it for you. Can’t see the calendar in the bright sunlight to jot down that appointment you just agreed to? Tell Siri to make the appointment with Julia next Tuesday, at 10am. She’ll even confirm that she got it right. They’re not kidding with those commercials. Siri CAN remind you to pull something off the stove in 15 minutes. While not perfect, Siri is as impressive as the flipping of a light switch for the first time must have been in 1893. We take those light switches for granted now, and within months, perhaps weeks, we will do the same with Siri.

When Siri was first introduced, users couldn’t wait to put this wonder assistant through its paces. Users asked Siri the meaning of life, among other things, and were amused by the multiple, entertaining answers Apple has programmed into it. Curse Siri, and she will reprimand you. But soon enough, unrealistic expectations mounted. Who doesn’t want a device that understands not only what we say, but what we MEAN? Those unfamiliar with how voice recognition works don’t realize that background noise can interfere with Siri’s ability to understand a command or a question. Harder still, the program is challenged by erratic, halting dialogue some users might use to communicate with the assistant. Rather than ask Siri a straightforward question, someone asks “uhm…let’s see, tell me how many stars.. are …uh… (what was I going to ask? Oh yeah) how many stars are in the uh..”
Siri would pause, unable to answer. Or, one would say “call my mother and tell her I’m going to be running about five, no, better make it ten…nah…let’s say 20 minutes late, then remind me that I need to write her a birthday card before I leave for my trip, ok?” Imagine the myriad of accents, poorly enunciated speech, or jumbles of words coming out of mouths that have just taken a bite of food. Humans can adapt to poor speech quality – computers, not so much.

Clearly, the more direct, and simple the questions are, such as “how many stars are in our galaxy” or “remind me to call my mother to let her know I’m running 20 minutes late”, the more successful the command. With that in mind, let’s review some of the commands that you might use to take full advantage of this cool feature.

A few tips to keep in mind:

– You’ll want to pay attention to background noise.
– If you’re driving, roll up that window, and turn off the radio.

– If you’re walking past a construction site, or are in the middle of traffic noise, or a
large hall full of people chatting away, Siri will most likely not be able to discern your commands from the background noise.

– If someone is speaking to you, don’t pull Siri up and ask a question. Not only is it rude, but Siri will listen to the person addressing you as much as she will listen to your being rude.

– If a child is crying, or a dog is barking, or a door is slammed just when you try to use Siri, you will not get the desired result.

– Find a quiet moment when posing questions to Siri. And, pause a moment when giving a command, so that Siri can process your question.

– Remember, Siri is not in the palm of your hand, but rather a super computer you are calling for information. It takes time to retrieve such information, especially if your cellular connection is slow at the time.

– If you don’t get the result you expected, she probably couldn’t connect to the mothership.

What Siri can do (Pre-iOS6):

Pull information from the web
Read back the last text that was sent to you
Write and send a text that you dictate
Retrieve information from the internet (weather, time, definitions)
Find places close to your location (such as restaurants, stores, landmarks)
Set appointments in you calendar when prompted properly
Set reminders when prompted properly
Call contacts in your Apple Address Book
Allow you to dictate to any app that offers a keypad (such as Mail, Safari, Texting, Notes)
Play selected playlists.
Remind you of events when you’ve setup location-aware event reminders (reminds you to pick up groceries when you’re near a supermarket)
Show addresses you dictate, on a map
Recite stock quotes
And More . . .

What Siri does not do (Pre-iOS6):

Launch multiple apps and steps to execute complex command sets.
Read back your email (in pre-iOS 6 versions)
Delete photos you’ve taken
Give turn by turn directions
Tell a joke
Change voices
Look up store hours of retail establishments on a website
Turn on or off on command
Send messages or texts to contacts not in your address book.

This is by no means an exhaustive list. And keep in mind that with the new iOS updates that were just announced (coming this Fall), Siri’s functionality is about to expand to include:

Future developments

Support for Sports Scores
More restaurant information (Reviews and Open Table Reservations)
Geo-fenced reminders (we’ll go into that on another post when the time comes)
Navigation (technically a separate application, but accessible via Siri
And the list goes on. . . .

The good news for real-life assistants is that Siri and the iPhone can make them more efficient, and actually assist THEM in underscoring how invaluable they are to their employers. The iPhone 4S should be in every executive assistant’s ammo belt.

For some examples of Siri in action on the iPhone 4S, please refer to our “How-to” video clips (COMING SOON), and locate the one entitled “Hello Siri!”
Last but not least, Siri will soon be available not only on the iPad, but will also be integrated into the new Mountain Lion OS as dictation becomes part of the standard OS. Don’t get rid of that Mac Dictate software by Nuance just yet. We have to see how well the built-in dictation works. If it’s all that Apple promises, we may soon be able to finally ditch that keyboard, and ask Siri to bring us coffee.