Dropbox: How Does BoxCryptor Compare to TrueCrypt?

Following a post earlier this week extolling the virtues of BoxCryptor, I received an email from a reader asking how it compared to TrueCrypt when it came to securing the contents of a Dropbox.  This was such a great question that it warranted a followup post all its own.  For the unfamiliar, TrueCrypt is a great open-source end to end encryption tool.  It is a software package that does a lot of things and does them very well.  Many of its features are beyond the scope of this post.  We are going to take a look at the features as they pertain specifically to Dropbox.

TrueCrypt allows users to create an encrypted disk image anywhere on the computers file system.  In this case, users have been choosing to create that image inside the root of the Dropbox folder.  This means that the encrypted TrueCrypt image is then synced back to the Dropbox server cloud and all other client systems attached to that Dropbox account.  In order to use this encrypted disk image, the user must first mount it on a Mac or Windows PC.  Once the image has been mounted, files can be copied to and from the image as though the mounted image were an attached USB thumb drive.  The advantage being that any files stored on this mounted image are encrypted by the simple virtue of being saved to the TrueCrypt disk image.

There are several problems with this configuration.  First is that, while the disk image is mounted, the contents of the TrueCrypt file cannot sync back to the Dropbox cloud.  So real time sync is really out.  So the users workflow must consist of mounting the disk image that is stored in the Dropbox.  The user can then copy data to or from the image, or work on files directly off of the disk image saving their revisions back to the image.  When finished, the user then dismounts the virtual disk.  At this point Dropbox picks up the change to the TrueCrypt file and then uploads the entire TrueCrypt disk image file to the Dropbox server cloud.
Keep Reading!

Dropbox Adds 2 Factor Authentication

dropbox_iconDropbox added support for two factor authentication earlier this week.  This is a great step in securing Dropbox data but I wonder if the less technically immersed will understand exactly what this means for them.  It’s one thing to know that two factor authentication is a good thing but something entirely different to know why.  And since it actually requires more effort to access user data a times, it is also important to understand why this extra effort is worth its weight in gold.

Anyone who banks using an ATM machine is already well versed in the concept, whether they know it or not.  Every ATM transaction uses two factor authentication.  Each transaction requires a banking card, something that the user has in their possession, and each transaction requires every user to enter their PIN code, something that the users knows.  Anyone trying to access a bank account via the ATM but lacking either one of these requirements simply is not allowed access.

The same functionality can now be added to Dropbox, though in a slightly different implementation.  Normal access to a Dropbox account is authenticated via a login, also known as a username and password combination.  This is considered more traditional security.  It is something that the user knows.  But the potentially fatal flaw here is that anyone who knows the login information can access the entire contents of the Dropbox account.  And since it is a Dropbox account, this means that data can be accessed from anywhere in the world.  So, should a users login information be compromised by a virus or malware, or even a disgruntled trusted friend, this means that anyone with that login information has access to the contents of the Dropbox from anywhere on the planet.  Ouch.
Keep Reading!

BoxCryptor: Secure Your Dropbox

Two factor authentication entered public testing this week and is being welcomed with open arms by the security conscious among us.  But since the very first release of Dropbox, I have hungered for the ultimate in personal information security: the ability to specify a personal encryption key for my account and the data contained within.  While I consider two factor authentication a serious win for security, I still won’t trust the cloud with any truly sensitive information until I know that my files are wrapped in encryption that only I can decode.

Enter BoxCryptor, an application that runs on a Mac or Windows computer.  It creates an encrypted folder, essentially a secure disk image that is placed on the local drive.  Simply save this file into the Dropbox folder and the BoxCryptor folder actually becomes a mounted drive on your Mac desktop.  When creating the BoxCryptor folder, the user is asked to enter their own encryption key.  Any files that are saved into this mounted drive (or into the BoxCryptor folder inside the Dropbox folder since they are one and the same) is then encrypted and synced to the Dropbox cloud just like normal Dropbox data.  The only significant difference is that the data has been encrypted prior to leaving the local computer.
Keep Reading!

Disk Drill Pro: Data Rescue for the Mac

Here’s a great file recovery tool to keep handy in your bag of tricks.  Disk Drill is a tool that makes it possible to recover files from corrupted media.  Specifically, and of most interest to me was a corrupted SD memory card that I had a number of photos saved to.  I could not get my Mac to recognize the memory card even though the photos appeared to be intact when viewed in the camera.  The memory card was clearly acting flaky, and in one instance the Mac did mount the card and show me a few of the photos but the majority were invisible on the media.  Something was clearly wrong with the disk.  This is one of the places where Disk Drill comes it.  In many cases it makes it possible to recover the files from flakey or damaged media.

Disk Drill was able to recover the photos in the case of my messed up memory card.  I’m still not sure what the actual issue was with the media.  After a reformat the media seemed to be back in working order so it does not seem to be a physical problem with the memory card.  But Disk Drill, in my case, Disk Drill Pro, did the trick and saved the day.
Keep Reading!

Encrypted Email Support for the iPhone with iOS 5

Back in November, we took a look at what it takes to encrypt email on the Mac using Apple Mail.  If you are the user of an iPhone, iPod Touch, or iPad, and checking your email on that iOS device while sometimes sending encrypted email from your Mac, you will find that you have a problem.  The certificate used to encrypt outgoing mail and decrypt incoming mail is stored on the Mac and is not installed on the iOS device by default.  Oddly, Apple engineers have not seen fit to make the certificate files part of the information that is synchronized between the computer and the mobile device.  But, not to worry.  With the release of iOS5, email encryption is now supported.  You just have to know the tricks necessary to get the certificate installed and the iOS configured to use the certificate.  As it stands now, iOS encrypted email support is technically functional.  Its just not smoothly implemented or what I would describe as “up to typical Apple standards.”

We start by assuming that you have already implemented encrypted email on your desktop/laptop Mac OS computer.  If you have not, check out this post for the details explaining everything you need to know.  The steps detailed below assume that you have the email encryption certificate installed and working on OS X as you will need to export some of that information in order to install it into the iOS based device.

First, open the application called Keychain Access, found in /Application/Utilities of your OS X based computer.  Select My Certificates from the Category pane of the main window the locate the certificate that has the name of the email address you want to use for encrypted email on your iOS device.  Right click on that certificate and select Export (your email here)…  This will create a .p12 file.  Give it any time you like and then save it to your Desktop for easy access.  There will be a prompt to create a password.  Come up with something secure but also make sure it will be easy to type on your iOS device.  Once you have created a password, Keychain will require you to enter your system password before it allows you to complete the export of the key.  This is just an additional authentication step to insure that someone did not run up to your machine and try to export your certificate while you were away at the coffee machine.

Keep Reading!

Send and Receive Encrypted Email with Apple Mail

With the release of OS X 10.7, Apple engineers brought a serious update to Apple Mail.  When this happened I was finally able to cast Microsoft Outlook (formerly Microsoft Entourage) aside.  Entourage was functional but slow.  But when it was deprecated in favor of Outlook things went sideways.  Microsoft went for a complete rewrite of the codebase and in doing so introduced significant issues into the product, any of which they have yet to fully resolve.  So when Apple Mail turned out to be a truly impressive update, I made the switch and have not regretted the change.

One of my larger issues with Entourage and Outlook was their support for encrypted email.  It worked, in the technical sense, but it never worked well… at least in my opinion.  Conversely, Apple Mail just works.  No qualification necessary, no messing around.  It just works.  The only tricky part is the initial configuration.  Here we will configure Apple Mail (version 5.1 that is part of OS X 10.7.1) to send encrypted messages.
Keep Reading!

iPhone and iPad iOS 5 Wi-Fi Auto Sync Disabled

This is an issue that will likely only affect a small number of users.  But since it was an problem for me, it worth a post to explain the fix.

One of the great new features of iOS 5 is the ability to sync with iTunes over Wi-Fi and eliminate the need to plug the iOS device directly into the computer in order to backup and update software, content and playlists.  To enable this feature, first plug the device into the computer via USB.  When it appears in the Devices list on the left side of the main iTunes window simply click once in your devices icon.  Then select Summary from the top of the main window on the right.

Scrolling to the bottom of the main window, there is a section labeled Options.  Be sure to select the box labeled Sync this Device over Wi-Fi.  Until that box is checked, the iOS device will not sync over Wi-Fi.  If the box was already checked by default, you’re set.  But if you had to check it yourself, be sure to click the Sync button in the lower right hand corner of the window.  This insures that the settings take effect.

Apple’s documentation explains that iOS devices should auto sync with iTunes when the iOS device and the computer running iTunes are located on the same wireless network.  The auto sync is supposed to kick in shortly after the iOS device is plugged into a power cable to recharge.  But in my case this sync was not kicking in automatically.  I had to engage the sync manually.
Keep Reading!

Mac OS X 10.7.2 iChat Stops Working with AOL Instant Messenger Logins

When Apple released Mac OS X 10.7.2 yesterday, a wide set of new features were made public.  Many of these included support for the long awaited iCloud.  But in the process, Apple managed to break iChat’s support for AIM (AOL Instant Messenger) logins in some cases.  So, if you launch iChat and some of your buddies are missing, or you see a small message in the buddy list showing AIM is disconnected, you are one of the effected.

Fortunately there is an easy fix.  From in iChat, select Preferences from the iChat menu.  Then click on the Accounts button at the top of the window.  Click once on your AIM account in the list on the left and then click on the Server Settings tab at the right.  Odds are your Server field is currently listed as  Apparently this server address no longer works if the Use SSL check box has been selected.
Keep Reading!

Parallels Desktop 7 Full Screen on Mac OS X 10.7 Lion

I feel compelled to post this because I know there is someone else out there going through what I have, and I hope to save you the frustration.  When Apple released OS 10.7, one of the new features was full screen support for applications.  Just click the small widget in the corner of the window and the application window expands to take over the entire screen.  And if your Mac has more than one monitor attached to it, that application takes over all attached displays.

This is useful in some cases.  But this is 100% counterproductive for me when I am using Parallels Desktop to run Windows on my Mac.  The goal was to put Windows full screen on my second display and then continue to run all of my Mac applications on the primary display.  This way I would have access to the Windows and Mac environments without switching virtual desktops (which is essentially what happens when an app is in full screen mode).

When Parallels upgraded Parallels Desktop to version 7, they brought all of the 10.7 Lion goodness to the product… including Lion’s “improved” full screen support.  The problem was that this full screen support murdered my daily workflow and forced me to start running Windows inside a window rather than full screen on my 2nd display.
Keep Reading!

Mac OS X 10.7 Lion FileVault Whole Disk Encryption Benchmark Comparison

One of the exciting features unique to Mac OS X 10.7 Lion is the new and improved FileVault.  Greatly enhanced over the implementation found in Snow Leopard (OS X 10.6), the new version allows users to fully encrypt the system’s boot drive as well as entirely encrypt additional data drives such as USB or FireWire externals, or even USB thumb drives.  This is welcome news to mobile users.  Now MacBook users can travel with additional safety and security.

Once FileVault is activated, the system must reboot.  The OS will begin encrypting the boot drive in the background allowing the user to keep productive as the encryption procedure can take some time.  Once the boot drive has encryption activated, it is no longer possible to boot the computer without first entering login information.  Let me go over that again so I can clarify.  Normally the system boots up and then prompts the user to enter login credentials prior to gaining access to their data.  But once FileVault has been activated, a username and password must be entered before the machine will even begin the boot process.

This makes for some really slick security.  And since the login process is moved to the point prior to the system booting, it’s no longer necessary to enter a login at the end of the boot process… the user is brought right into the associated user account and is ready to go.
Keep Reading!

1 2 3 4 5  Scroll to top