[FireWire]

I'm about to install Lion and before doing so, I'd like to find a better way to store my "sensitive" files. Ok, I'll admit it: it's mostly picture of fine ladies, along with log files or other files I don't want other to stumble upon browsing my computer (especially with the new All my files function). Currently I just download them in the default download location so I have to open the guest account whenever someone wants to use my computer. I don't like to appear non-trusting so I'd like to find a better solution. Also, with my normal downloads, I usually have so much I tend to rename my default folder to "Download may 2011" when there's too many files in it, and start with an empty Downloads folder. However, Time Machine is not very smart and will interpret the renamed folder as a new folder and will waste a lot of space by backuping the same content twice.

so I'm wondering what would you suggest to solve my problem. I thought about creating an encrypted disk image but I read those are prone to data loss in the event it gets corrupted. Also I'm not sure it can handle a multi-GB image smoothly on a daily basis. I also thought about using a second account for "private" browsing but it's not very convenient to log back and forth. I also prefer to use right click "save image to xyz" than drag-n-drop. Is it possible to change the default location "on the fly" with a script without restarting any app for it to take effect?

As for the download folder, should I just point the default location to a pre-created folder at the beginning of the month, so I wouldn't have to rename the folder, like Download August 2011, Download Sept 2011, etc? Anyone have a better idea?

[iMOTOR]

[subego]

Option one: Truecrypt.
Option two: put everything in a folder named Justin Bieber. No one would want to look there.
Option three: post pictures here for safe-keeping.

[besson3c]

Originally Posted by subego 

Option one: Truecrypt.
Option two: put everything in a folder named Justin Bieber. No one would want to look there.

Maybe "Justin Beiber tokeing" just to be on the safe side...

[besson3c]

Have you played around with moving these files to directories that start with dots to make them hidden by default?

[tightsocks]

Multigig disk images are not a problem. Have been using sparseimages and sparsebundles for years with no issues. Although I'm not convinced that they can withstand a concerted brute-force attack by a moderatly sophisticated cracker. That said, I do use them for storing financial info in the cloud...

[Waragainstsleep]

Just hide them somewhere people won't look and exempt that file from the Spotlight index.

I would keep things like logs or genuinely sensitive data (stuff that can do more than just embarrass you if someone sees it) in an encrypted image. Chances are this data isn't taking up anywhere near as much space as your feature length version of Two Girls, One Cup. Keep backups of this file in case of corruption.

[Doofy]

Originally Posted by subego 

Option three: post pictures here for safe-keeping.

This is the correct answer. We even have a specific thread for said backups.

[Athens]

Turn on File Vault after you install Lion, and use truecrypt to encrypt a backup hard drive volume.

For real secure stuff I mean the stuff that is illegal or would get you in hot water you can create a true crypt image on your laptop along with File Vault. Just remember that people go to jail for not turning over passwords to law enforcement

[LegendaryPinkOx]

Setting the permissions on the folder for "write only" (effectively making it a drop box until the permission is changed on the folder with my password) is how I have it set in Leopard, did this stop working?

[angelmb]

Don't forget to fry your Mac's FireWire ports.

Source: Intego.

Passware, a company that provides computer forensics tools, has released a product that can grab your password via a FireWire port in seconds. The company’s new forensic toolkit captures data from your Mac’s memory, analyzes it quickly, and reveals passwords for your user account, and for your keychain, if that password is different. And it can do this even if your Mac is asleep, and even if you have FileVault encryption activated.

However, there is an easy way to protect your Mac from this type of software. Turn off your Mac instead of putting it to sleep, and turn off Automatic Login, as we suggested in a recent Mac Security Tip.

It’s worth noting that many new Macs don’t have FireWire ports, and that this form of connection is disappearing, but, for now, desktop Macs all do have FireWire.

Passware Proves Mac OS Lion Insecure Revealing Login Passwords in Minutes -- MOUNTAIN VIEW, Calif., July 26, 2011 /PRNewswire/ --

[FireWire]

If I go with the disk image route, will Time Machine be smart enough to back it up incrementally, or will it do a full backup of the multi-GB file everytime? Because when I rename a large folder, it seems like it's backuping it entirely again...

[CharlesS]

Originally Posted by angelmb 

Don't forget to fry your Mac's FireWire ports.

Source: Intego.

Passware, a company that provides computer forensics tools, has released a product that can grab your password via a FireWire port in seconds. The company’s new forensic toolkit captures data from your Mac’s memory, analyzes it quickly, and reveals passwords for your user account, and for your keychain, if that password is different. And it can do this even if your Mac is asleep, and even if you have FileVault encryption activated.

However, there is an easy way to protect your Mac from this type of software. Turn off your Mac instead of putting it to sleep, and turn off Automatic Login, as we suggested in a recent Mac Security Tip.

It’s worth noting that many new Macs don’t have FireWire ports, and that this form of connection is disappearing, but, for now, desktop Macs all do have FireWire.

Passware Proves Mac OS Lion Insecure Revealing Login Passwords in Minutes -- MOUNTAIN VIEW, Calif., July 26, 2011 /PRNewswire/ --

Frying your FireWire (fryerwire?) ports seems pretty extreme, given that this is probably something that Apple will eventually issue a patch for anyway.

[angelmb]

I was kidding with the fact that there were some Mac models inclined to fry those ports… somehow I didn't remember to add the sarcasm smiley. My bad.

[tightsocks]

Originally Posted by FireWire 

If I go with the disk image route, will Time Machine be smart enough to back it up incrementally, or will it do a full backup of the multi-GB file everytime? Because when I rename a large folder, it seems like it's backuping it entirely again...

If the diskimage is a .sparsebundle I think TimeMachine will only copy the portions which have changed. (Not positive about this, as I don't use TM)

[tightsocks]

Originally Posted by CharlesS 

Frying your FireWire (fryerwire?) ports seems pretty extreme, given that this is probably something that Apple will eventually issue a patch for anyway.

I don't think this type of vulnerability in WDE can be patched.
Apple totally re-designed FileVault and the issue still exists.
The key needs to be in memory for WDE to function - Firewire provides direct access to memory.

[FireWire]

Originally Posted by tightsocks 

If the diskimage is a .sparsebundle I think TimeMachine will only copy the portions which have changed. (Not positive about this, as I don't use TM)

According to this document, TM should backup incrementally in 8 MB chunks. However, the sparse image has to be closed in order to be backuped. Minor bummer but as nothing is critical in there, I can live with once a day backup.

[CharlesS]

Originally Posted by tightsocks 

I don't think this type of vulnerability in WDE can be patched.
Apple totally re-designed FileVault and the issue still exists.
The key needs to be in memory for WDE to function - Firewire provides direct access to memory.

Not according to the developers of the hack themselves:

Originally Posted by http://www.loopinsight.com/2011/07/26/lion-firewire-security-issue-misleading/

“This is not true,” said Sumin. “Even if you have a login password enabled, automatic login disabled and your computer is locked the software is capable of extracting your password. That is the problem unique to Mac OS X. Windows does not store login passwords unencrypted in memory.”

This makes it sound awfully like a software issue to me, especially if it would affect OS X and not Windows. FileVault has nothing to do with this issue, since this issue involves dealing with the contents of RAM, whereas FileVault is about encrypting the contents of the disk. All you have to do is encrypt the passwords in memory, and the problem is solved, and if Windows is already doing this, that proves that it's possible. I'd be pretty surprised if Apple didn't end up patching this.