If you want to beef up the security on your Mac, you can try enabling the built-in firewall.

Enabling the Firewall in Mac OS X 10.6 Snow Leopard

* Open “System Preferences” from the Apple menu
* Click on the ‘Security’ icon
* Click on the ‘Firewall’ tab
* In the corner of this window, you’ll see a lock icon, click on that and enter the administrator password
* Now click on the ‘Start’ button to activate the firewall

Yes, it’s that simple.

If you want to allow certain ports, applications, or network connections, you can enter the ‘Advanced’ tab and adjust the settings as necessary. The Mac OS X firewall is quite secure by default and will block nearly all incoming connections (again, unless specified otherwise). It’s my opinion that if you’re behind a router with it’s own firewall, and on a trusted network, you probably don’t need to use the Mac firewall at all. For small home and school networks you should be fine, but for larger, untrusted, or exposed networks, using the firewall may be a prudent idea, even if the likelihood of an attack on your Mac is extremely low in comparison to a Windows machine.

It’s worth mentioning that since Mac OS X 10.6, the Firewall service has been placed under the “Security” systems preference as opposed to ‘Sharing’ as it was in prior versions of Mac OS X.

You can set Mac OS X to always securely empty the Trash just by adjusting a preference within the Finder. Here’s how:

* Enter the Finder Preferences by either going to the Finder menu and selecting “Preferences” or by hitting Command+, within the Finder.
* Click on the ‘Advanced’ tab icon
* Click the checkbox next to “Empty Trash Securely”

Now your Trash will always be securely emptied! Note this makes data recovery practically impossible.

Note: this is not necessary for standard iPhone users, only Jailbroken iPhones.

Changing the iPhone’s root password is a good idea if you have Jailbroken your iPhone, it will prevent unauthorized users and applications from doing things you certainly don’t want them to do since the password is universal on all Jailbroken phones (unless it’s changed by the user). So with that in mind, here’s how to change the root password on your Jailbroken iPhone:

* First you have to have the app called MobileTerminal, it’s available free at the Cydia app store
* Launch MobileTerminal and at the prompt type the following: passwd
* When asked for the old password, type: alpine
* You’ll then be prompted for a new password, so type your new password, it will ask for a confirmation so type it again
* That’s it! The root password on your Jailbroken iPhone is changed and you’ll be sent back to the command prompt.

Note: you will want to change the password for the ‘root’ user as well as the default mobile user, doing this is easy:
* Login to the root account by typing: login root
* Enter this as the password: alpine
* Now type passwd and follow the same instructions as above

[ via JustAnotheriPhoneBlog ]

I just came across a really useful QuickLook plugin called SuspiciousPackage that lets you inspect those .pkg package installer files that so many Mac apps and downloads come in. Using this plugin, you can determine if an admin password is required, how many install scripts are in the package file, where the installation locations of files is going to be, and if a restart is required.

Installation is simple and like any other QuickLook plugin. Download the SuspiciousPackage QuickLook plugin and drop it into ~/Library/QuickLook/ and you’ll be good to go (restart the Finder if necessary).

SuspiciousPackage home
Download SuspiciousPackage now

Locker is a very simple Dashboard widget that does something Mac OS X should have included by default, it instantly locks your Mac desktop. All you have to do is open your Dashboard and double click the Locker icon and you’ll end up at a login window where you need to enter a login and password to regain desktop access. The uses for this are many, but I am still surprised Apple does not provide a simple way to lock your Mac outside of either a screensaver or fast user logout with Shift-Command-Option-Q. Anyway, check out Locker, it’s no frills and gets the job done.

Developer home
Download now

Have you ever gotten emails from someone that you really don’t want to get? Be it just plain spam or annoying messages from people you’d rather not hear from, you can reduce this unwanted email by using the Bounce feature of Apple’s Mail app. Bounce tells the message sender that your email address isn’t valid, which is very effective when dealing with real people, but less so when dealing with spammers.

How do I stop someone from emailing me?

The most effective way to reduce unwanted emails is to ‘Bounce’ a message back to the sender. Select the message you want bounced back to the sender and go to the “Message” menu and select “Bounce”, or after selecting the message you can hit the keyboard shortcut Command+Shift+B to achieve the same effect.

Is there anything else I can do to stop unwanted emails?

Yes, you can try labeling the message and sender as Spam and that will help to weed them out as well. For dealing with individual people I find that “Bounce” works the best to send a message to them, then marking any future emails from this individual as Spam.

You can reset a lost Administrator (the original account you created) password in Mac OS X by utilizing a Mac OS X installation DVD, here’s how:

* Insert the Mac OS X DVD into your Mac’s DVD drive
* Restart the Mac and hold down the ‘C’ key to boot from the DVD
* You’ll see a language selection screen, select your language (English) and continue
* Navigate to the ‘Utilities’ menu, select “Reset Password”
* Select the Mac OS X boot drive
* Select the original user account (not the root user!) and choose a new password
* Reboot as usual
* Your Mac administrator password is now reset!

[ screenshot from Apple ]

Update: Apple has fixed the exploit, the below link is preserved for posterity but no longer works to display anything abnormal.

A few weeks ago, there was an active XSS Exploit on Apple.com with their iTunes site. Well, a tipster sent us the exact same cross site scripting exploit found again on the Apple iTunes site (UK in this case). As a result, there are some rather amusing variations of the Apple iTunes page appearing, and again some very frightening ones, as the above screenshot demonstrates a login page that accepts username and password information, stores this login data on a foreign server, then sends you back to Apple.com. The most annoying variation sent to us tried to stuff about 100 cookies onto my machine, initiated an endless loop of javascript pop-ups with Flash files embedded in each of them, and iframed about 20 other iframes, all while playing some really awful music.

Here’s a relatively harmless variation of the XSS capable URL, it iframes Google.com:

http://www.apple.com/uk/itunes/affiliates/download/?artistName=Apple%20%3Cbr/%3E%20%3Ciframe%20src=http%3A//www.google.com/%20width=600%20height=200%3E%3C/iframe%3E&thumbnailUrl=http%3A//images.apple.com/home/images/promo_mac_ads_20091022.jpg&itmsUrl=http%3A%2F%2Fitunes.apple.com%2FWebObjects%2FMZStore.woa%2Fwa%2FviewAlbum%3Fid%3D330407877%26s%3D143444%26ign-mscache%3D1&albumName=a%20wide-open%20HTML%20injection%20hole

It doesn’t take much effort to do your own version. Anyway, let’s hope Apple fixes this quick.

Attached are a few more screenshots of links sent in by tipster “WhaleNinja” (great name by the way)

Flash cookies are not deleted when you remove your browser cookies, because they are stored independent of your browser, meaning Flash cookies from Safari are accessible via Firefox, and vice versa. The interesting thing about Flash cookies though is that they could technically track your web browsing long after you have left the site that originated the Flash cookie, this is particularly the case with some advertising networks that appear ubiquitously around the web. Flash cookies actually have another name, they are known as Locally Stored Objects, or LSO’s, but whatever you want to call them, here is how to delete and remove Flash cookies, or LSO’s.

Delete Flash Cookies in Mac OS X

* Flash cookies are located in two locations, shown as follows:

~/Library/Preferences/Macromedia/Flash Player/#SharedObjects

~/Library/Preferences/Macromedia/Flash Player/macromedia.com/support/flashplayer/sys/

Note that ~ signifies the user home directory
* You can navigate to these directories by using the Finder or by hitting Command+Shift+G and pasting the above location one at a time into the Go To Folder box and hitting “Go”
* You’ll now see a directory with a bunch of randomly generated names like VDZJH1CX
* Delete all of these folders if you want to delete ALL Flash cookies
* Repeat with the other directory listed above to completely remove all Flash cookies from your Mac

Now if you’ve used an Adobe AIR application, you might want to delete those AIR cookies too since they can track things outside of their realm as well, these are a little more tricky to delete because they are in the following location format:

~/Library/Preferences/AIR App Name/Local Store/#SharedObjects/flash file.swf/flash object.sol

You’ll need to know the specific Adobe AIR application name to delete the AIR cookies.

If you want to read more about Locally Stored Objects (Flash Cookies) check out Wikipedia’s entry on LSO’s, it is informative and helpful in understanding the technology.

I want an easy way to delete Flash cookies!

If you don’t want to go mucking around in various Mac system preference folders, try out this application called Flush. Flush is very easy to use and will delete the Flash cookies itself, so you don’t have to do much except launch the app. Flush works with Mac OS X Leopard and Snow Leopard.

Download Flush Now
Flush Developer Home

Another option is to use Kill Flash Cookies, the cross platform compatible LSO deletion tool discussed below:

I have a PC running Windows or Linux, how do I delete my Flash cookies?

Easy, try out the aptly named Kill Flash Cookies, it’s got the most simple GUI in the world and it deletes flash LSO files in an instant whether you’re running Mac OS X, Windows XP, Vista, Windows 7, or Linux. Try it out!

Kill Flash Cookies

You can securely delete files by going to the Finder menu and down to “Secure Empty Trash”, which actually writes zeros over the data rather than just freeing up the space. This is particularly useful for removing any sensitive data or files you don’t want anyone else to dig up, like when you’re transferring your Mac to a new owner. Note that deleting files in this secure manner takes longer than the typical file deletion method.