My Definitive List of Must-have Free Mac Applications and Best Paid-for Counterparts
These are the apps that I will install first on pretty much any new Mac that I get. I’m a huge fan of free and open source software, and no other platform has free software of the same quality and calibre as Mac OS X. Most of these are Mac-only apps (a couple are cross-platform). I’m listing free applications wherever possible, but if there is a paid-for app that I consider best-of-breed, I mention those too. Hopefully this list will help all of the techie switchers get the apps they need quickly. This list is a work-in-progress, so I’ll be adding to this it over time.
If you’re only interested in my recommended security apps, they’re at the bottom! Feel free to post in the comments if you have any you think are worth mentioning.
Last updated: 14/04/2015
GPGTools Release Unified Installer for MacGPG/GPGMail
The guys at GPGTools have taken control of the MacGPG2, GPGMail, GPG Keychain Access and GPG Services projects, and have released a single unified installer that installs all of these apps. They are maintaining these tools, which are all 64-bit and Snow Leopard compatible. The package also include Enigmail, a GPG-compatible plugin for Thunderbird (Mozilla’s free email client).
GPG is an open source alternative to PGP’s suite of public key encryption software (PGP Desktop), which allows you to encrypt/decrypt files and emails and create/validate digital signatures.
For more information, check out my tutorial on using GPGMail to send encrypted emails on Mac OS X.
Creating a Secure Mac/PC Portable USB Drive
Ever since the release of the IronKey I’ve been drooling over the device (good thing it’s waterproof I guess). Due to not wanting to pay so much for a USB key, I decided to make my own. I grabbed myself a 32GB USB key, and got to work on making it as close to the IronKey as possible.
Using GPGMail to Encrypt Email
This post forms part of the series on Securing Leopard, and covers GPGMail, Mail.app plugin that allows you to digitally sign, encrypt and decrypt emails using PGP/GPG.
When Snow Leopard came around, it completely broke support for GPGMail, and there were no other solutions that enabled similar functionality. This caused a significant issue for Snow Leopard users needing GPG functionality. The original developer of GPGMail unfortunately did not have the time to update the plugin and restore support for Snow Leopard.
Since then the GPGMail project has been handed over to a new team of developers who have been working on restoring the full functionality of the plugin under 10.6. This tutorial shows you how to easily install GPGMail and start sending and receiving encrypted emails!
[Updated 21/01/2011] The team at GPGTools have now created a unified installer which consolidates MacGPG2, GPG Keychain Access, GPGMail and GPG Service. Their all-in-one installer simplifies the install process, and installs everything you need for encrypting/signing files and emails.
If you’ve used the GPGTools package, please post your experiences in the comments!
Apple Launches MobileMe Beta (adds persistent SSL)
After logging into my MobileMe account today I was greeted with a small banner in the left-hand menu announcing an upcoming Mail Beta. Although I haven’t yet been upgraded to the Beta, it appears that Apple have been hard at work on turning MobileMe Mail into a full blown web email client… it’s about time.
Additions include proper formatting capability, improved layout and display, e-mail rules, and persistent SSL. With regards to that last one, although MobileMe supports SSL at the login screen to protect your credentials, all subsequent information (read: all your emails are belong to us) is sent in cleartext – an issue I posted about a long time ago. Google enabled the option to use persistent SSL for its Gmail service back in mid-2008 (although it is an option you have to specifically set in your Gmail preferences).
From my initial impressions of the beta, it definitely looks much better to begin with. The ability to view your inbox in the three (classic, compact, widescreen) views will probably be quite popular. The search field also works better. They finally allow you to scroll fluidly through your mailbox folders, however it only loads a certain number of message at a time. Now, this wouldn’t be too bad except that in this case it takes a bit too long for that loading to happen. Apart from that the persistent SSL also works nicely, so once they fix any small bugs and improve performance, I’ll consider myself happy.
Oh… and there’s rumors that MobileMe might become free. THAT would make me happy too!
Compromising Disk Encryption Through Cold-boot Key Recovery
Note: This is a 2008 post I managed to recover from my archive of Securethoughts.net
A team of researchers at Princeton University have devised a way to compromise disk encryption mechanisms, and even other disk image encryption mechanisms, by recovering latent data such as encryption keys, that remain in RAM after a computer has been rebooted/turned off. They’ve tested their attacks against encryption mechanisms such as Microsoft’s BitLocker, TrueCrypt, Linux’s dm-crypt and Apple’s FileVault.
This technique is ingeniously simple, and they’ve written a tool from which they can boot a computer, and do a memory-dump of the latent memory data, which they then run through another utility which searches the memory dump for encryption keys, which can then be used to decrypt the encrypted drive/images.
With regards to Mac OS X 10.4 and 10.5, the group discovered that the system stores multiple copies of users’ login passwords in active memory, making them vulnerable to such imaging attacks. Those passwords are often used to protect the keychain, which stores many of users’ other passwords, including the FileVault password, and potentially other encrypted disk images. This is potentially something Apple should address, and they don’t really want to be storing passwords and keys in memory, if they don’t have to. Keeping as little sensitive data in active memory as possible would greatly reduce the chances of it being compromised in imaging attacks such as these.
Check out their great video below, and read more about it after the jump! Read more