A Primer on OSX Security

July 30, 2010 | Doug, Tech Features, Tips & Tech

In the past year both Dave Gallagher and myself have had a personal laptop stolen. The experience highlighted the issue of security and our findings were depressing indeed. Here are a few points highlighted for your attention and further research. Neither Dave nor I are security experts and this should not be considered legal or professional advice; just a caution against taking security for granted.

Foreword

Anytime an article on security is published it raises the question on whether the author should highlight weaknesses. My personal stance on this is absolutely firm: the people who want to bypass your security already know everything I’m writing below. Literally an intelligent 10-year old could find the information in under 10 minutes using google, and much of the information is posted publicly in Apple’s own help documents. This article is to help honest people understand what is needed to guard themselves against dishonest people.

OSX Password

All Mac user accounts must have a password associated with them. This password is required to make any low-level changes to the system like installing applications or changing important system preferences. If you’ve disabled “Auto-Login” in the system [System Preferences > Security] panel then the password is required to log into the computer. In addition [System Preferences > Security] can be set so that the computer automatically logs you out after X minutes of inactivity and requires a password to log back in. This is a pretty good level of security right?

Breaking the OSX Password

How long does it take to break past the OSX password? Using a good password makes it next to impossible for someone else to guess or “crack” your OSX Password. But they don’t have to. Anyone can change your OSX password by inserting an OSX install DVD and booting from the DVD. They even have a step-by-step guide to do this on Apple.com. Bottom line: if someone has physical access to your computer and more than 5 minutes then your OSX password is useless.

But I use a Firmware Password!

OSX allows you to set a “firmware password” which is required before a user can boot from a DVD. Since the procedure above requires the user to boot from the OSX DVD the idea is that the Firmware Password will prevent someone from subverting your OSX Password. Unfortunately it’s really easy to subvert the firmware password.

Breaking a Firmware Password

The Firmware Password can be reset by opening the computer and physically removing one of the sticks of ram, then booting the computer holding command-option-P-R (the shortcut to reset the PRAM). That’s it – the firmware password has been reset and you can boot from an OSX DVD to reset the OSX Password. If the bad-guy has physical access to the computer this entire process requires a OSX DVD, a screwdriver, and less than 10 minutes and your system is completely unlocked.

So what Can I Do?

So far as I can find, the only way to truly secure your system is FileVault. It may be possible for the NSA or CIA to crack a FileVault password, but as far as I can find, it’s impossible for any average bad guy. So unless you’re carrying state-secrets you’re probably more than safe using a FileVault with a good, hard to guess password. FileVault encrypts the entire contents of your home folder where the vast majority of programs store their data. Your Desktop, Documents, Pictures, Music, and Settings files are are located within your Home folder.

The Damage Possible

Nearly everyone I know stores sensitive information on their computer, even if they don’t know it. Here are some of the things a thief might do after unlocking your computer:

• Open and view all the passwords you’ve stored on the computer by selecting “Remember this password” in any application
• Read your email (if you use Mail)
• Send email in your name to your contacts (“e.g. Hey Mom, I can’t remember my ATM PIN – do you remember it??”)
• Check popular websites to see if you are auto-logged in (e.g. your gmail/hotmail/AOL email)
• Go to banking websites and use the “forgot my password” to email your secure passwords to your email address or initiate a password reset

Overall Recommendations

• Use a reasonably secure OSX password, set up a firmware password, and set up File Vault.
• Only store confidential documents in your user folder where File Vault will protect it.
• Turn your [System Preferences > Security] to disable automatic OSX login, and to require a password when coming back from a screen saver, set your screen saver to come on after only a few minutes of inactivity.
• Tier your passwords. Anything really important like bank accounts, tax information, etc., should be very secure passwords which are not directly related to your less important passwords. When creating throw-away accounts (e.g.  you have to create a username/password for a stupid giveaway) use a dedicated low-security and unrelated password like “nothing123″ so that anyone able to view such passwords cannot use them to access your important accounts.
• Do not use “auto logins” on any website or program which should be secure.
• Remember that many websites, even some financial websites, will email you your password with only a few (easy to guess/find) questions like date-of-birth. So whichever email address you use with secure accounts needs to be, itself, a high security password and should not be set to auto-login. For example a “hacker” (read: smart alec kid) gained access to one of Sarah Palin’s secure email address by using the “reset password” function which emailed the secure password to a much less secure email address.
• NEVER write your password down or type it into any document (only password entry fields). If needed write yourself clues on what the password is that are obscure/personal enough that they won’t be decipherable by anyone else. For instance if your password is “John4Galt2 you might remind yourself “Rand Also Can’t Remember” which easily jogs the memory of the originator but would be impossible to reverse engineer.
• If you ever suspect your computer or smart phone has been stolen immediately reset every password you have. If you have a smart phone which can be remotely wiped do so immediately as anyone who is stealing a phone in order to mine data off of it will know they only have a limited time to take advantage of it.
• If you have so many passwords you can’t keep track then consider creating an encrypted disk image file where you can type your passwords and other ultra-confidential information. Doing so in OSX takes only a few minutes.

_

New Mac Pros

July 27, 2010 | Tips & Tech

Apple Unveils New Mac Pro With Up to 12 Processing Cores

CUPERTINO, California—July 27, 2010—Apple® today unveiled a new Mac® Pro line with up to 12 processing cores and up to 50 percent greater performance than the previous generation.* Featuring the latest quad-core and 6-core Intel Xeon processors, all-new ATI graphics and the option for up to four 512GB solid state drives (SSD), the new Mac Pro continues to deliver amazing performance and expandability for the most demanding consumers and professionals.

Capture Integration is an Apple Reseller specializing in configuration and setting up mac systems for high-end photographic applications. Contact Us for advice in which components are worth upgrading through Apple, which components should be bought 3rd party, and how to set up your software and hardware configurations.

Visit the Product Page to browse possible configurations then give us a call.

Note the new Mac Pros were announced today (July 27) and pricing and specs have been released but they will not be available to order until sometime in August.

_

Firmware Update for ALL P+ Back

July 15, 2010 | Tech Features, Tips & Tech

A new firmware, version 5.1.2, has been released for all Phase One P+ Backs (P20+, P21+, P25+, P30+, P40+, P45+, P65+). This firmware adds supports for several high-end compact flash cards including SanDisk Extreme 32/64GB (60/90MB) and Lexar 300X 16GB.

It is recommended for all users and is available for download here.

RZ Pro IID Users: This firwmare update adds a new functionality when using a P40+ or P65+ with an RZ Pro IID and studio strobes. This “RZ Pro IID” feature is added under the Camera Mode menu and allows normal latency to be used (increasing battery life) whereas previously in this setup you would need to use zero latency.

IMPORTANT NOTE:

• Windows Users: You should use Windows XP SP3, Vista, or Windows 7
• Mac Users: You should use 10.5.8 or 10.6.4 ONLY. Do not attempt to run this updater in 10.6.3. Bad things may happen.

_

C1 5.1.2 Released

June 10, 2010 | Tech Features, Tips & Tech

Capture One 5.1.2 has been released with enhancements mainly for Leaf cameras, Windows 64 bit drivers, and some limited but welcomed integration with Expression Media (recently acquired by Phase One).

Future versions of Capture One will surely further increase support and integration with Expression media; this update comes only days after the purchase of Expression media by Phase One, so seeing any results this fast is surprising and very welcome.

Capture Integration will be testing this new version of Capture One. Until then we recommend customers follow the same general advice as always. If you are a professional photographer depending on your computer as a tool to accomplish his work that you should not update their software or operating-system until:

• the update has been out long enough to give a sense of whether it contains any nasty bugs that would slow down your workflow, waste your time, or worse.
• you have time to make a complete bootable backup of your system in case you need it
• you have time to do a complete test of anything critical you do on your computer (tethering, processing, retouching, printing etc)

Also, we recommend you follow our Capture One Uninstall Instructions to remove any previous version of Capture One from your computer before updating to a new version (rather than simply overwriting the previous version).

From the release notes:

Capture One 5.1.2 contains the following enhancements:

• Updated firmware for Leaf backs (compatible with Leaf Capture 11.3.5).
• Tethered support and file support for the Leaf Aptus-II 10R.
• JPEG Quickproof® support on Windows.
• More stable tethering driver for Windows 64 bit.
• QuickLook and WIC support for Leaf MOS files.
• A number of bug fixes.

Expression Media support:

• Easily add a selection of images to an Expression Media catalog.
• Preview images in Expression Media using Capture One’s default rendering.
• Transfer rating and color tag between applications by drag and dropping images.
• Create an album with images found by searching in Expression Media.

You can always buy Capture One from Capture Integration following these instructions for a 10% discount.

_

Capture One Keyboard Shortcuts

May 14, 2010 | Tech Features, Tips & Tech

by Doug Peterson, Head of Technical Services

Capture One allows the user to easily customize the default set of keyboard shortcuts. After repeated requests we are releasing our internal Capture Integration recommended Custom Keyboard Shortcut list. These are intended to increase the speed of your workflow.

Below is the list of our recommended shortcuts. Some of these are defaults, some we added, and at the bottom are three that we removed.

See the shortcuts and download/install the custom shortcuts.

_

Capture One Styles

April 13, 2010 | Doug, Tech Features, Tips & Tech

by Doug Peterson, Head of Technical Services

One of Capture One’s most powerful features is the styles menu. However, it often gets overlooked because the variety and usefulness of the included styles is somewhat limited, and the method of creating your own style is easy, but not very intuitive or discoverable.

We hate to see our users missing out on powerful features we think they would benefit from, so we are working on a set of styles under our own Capture Integration brand. They will be free and offered without limitations / watermarking etc, though you do need to enter your email address to receive the download link.
Click here to read the rest of the article and download the styles.

_

OSX 10.6.3

April 9, 2010 | Tech Features, Tips & Tech

OSX 10.6.3 was released late last month. It served as an excellent reminder that if you are a professional photographer depending on your computer as a tool to accomplish his work that you should not update their software or operating-system until:

• the update has been out long enough to give a sense of whether it contains any nasty bugs that would slow down your workflow, waste your time, or worse.
• you have time to make a complete bootable backup of your system in case you need it
• you have time to do a complete test of anything critical you do on your computer (tethering, processing, retouching, printing etc)

In this case 10.6.3 appears to contain two bugs that affect Capture One users. As with most types of bugs these may or may not effect all 10.6.3 users. If either of these issues seem relevant to you or if you don’t have time to properly backup and test your system you may wish to hold off on updating to 10.6.3 for the time being.

• KB 2207 – specific bug in the operating system which causes license issues in programs including Photoshop CS4 and Capture One – Capture One crash after upgrading to Mac OS 10.6.3 if system serial number is greater than 12 characters.
• KB 1168 – After updating to Mac OS 10.6.3 all my images are blue (effects those proofing in CYMK only)

For more information on creating a bootable backup of your system see our article on backups before and during a shoot.

_

Copal Shutter Repairs On the Rise

April 8, 2010 | Tech Features, Tips & Tech

A must read if you use a Technical Camera or View Camera.

One of the best parts of working for Capture Integration is the direct interaction our company has with the technicians and engineers at the manufacturer’s we represent.

This email came from the Head of Technical Services at Cambo. Note that while his English is very good he is not a native speaker.

We like to share with you some experience that occurs lately more than previously.

Schneider as well as Rodenstock confirm that there is an increase of needed repairs for Copal shutters. We also notice this, where in the past the Copal shutter was a reliable product for years.

One of the possible reasons might be a different way of use by the newer generation of users
who shoot digital and may use a different workflow compared to the old style Large Format Shooters.

The traditional way of working is to open the shutter for viewing, then close the shutter before setting the shutter speed and aperture, and only then cock the shutter just before releasing the shutter. This is trouble free.

Appearantly with the workflow of digital shooting with a CCD-back always in place, it is tempting to cock the shutter directly after the shot, and perform time adjustments after that. On itselves this is OK, but once the shutter is cocked, and then the shutter opening lever is opened for viewing and the shutter speed setting ring is being used, the mechanism will be destroyed after some time. This can be noticed also because the time setting travels very difficult and stiff in that case.

So, please consider that the shutter speed setting may NOT be used when the lens is open
and the shutter is already cocked.

This information applies to any lens mounted on a Copal shutter, independent of the type and make
of the camera.

_

New and Old Canon 70-200/2.8 IS

April 1, 2010 | News, Steve, Tech Features, Tips & Tech

I did a quick comparison of the new Canon 70-200mm f/2.8 IS Version II vs the Canon 70-200mm f/2.8 IS Version II

e
I was told the new IS technology provides up to 4 stops hand-holdability. I thought, yeah, right. So, I zoomed to 200mm, set it 1/15th of a second and shot it alongside our Version I. Color me convinced! We ordered a bunch on the spot. If anyone wants one, a phone call and deposit puts you at the front of the line.

High resolution 100% crops after the break.

_

Phase One P40+ vs 5DMKII: ISO 800

March 30, 2010 | News, Steve, Tips & Tech

For some time, I’ve wondered how the Phase One P40+ would handle high ISO in the Sensor Plus mode. In Sensor Plus mode, the P40+ produces a 10 megapixel file (40 megapixels at normal full rez mode). The Phase One P65+ also utilizes Sensor Plus technology and produces a 15 megapixel file in Sensor Plus mode (60 megapixels at normal full rez mode). I decided to do a basic comparison with my Canon 5DMKII at ISO 800. No adjustments have been made to these images other than white balance off the right arm of the white sweater.

e

I have to say I was surprised at the results. While I expected good results, I didn’t expect the P40+ to rival the 5DMKII, but that is just what it did. Very similar results, if even a little more natural looking to my eye in favor of the P40+. This gives users a very flexible system that is capable of producing 35mm DSLR-equivalent image quality at high ISO. The beauty is that if light changes (either by choice or not), there is no need to change cameras and lenses, but instead, with the push of a button, you can continue shooting medium format, shooting with the same lenses and covering the same size sensor (no sensor crop when using Sensor Plus).

e

Interestingly, though taken at virtually the same exposure, the P40+ file appeared about a third stop more sensitive than the 5DMKII file.

100% crops after the jump.

_

Next Page »