Security question

Posted:
in Genius Bar edited January 2014
Hi. This is my first post here and if it is not in the right place, you can move it to where it belongs.



So here goes and I hope my question won't be too confusing.



I am a photographer and I recently had important files and pictures on my hard drive. At one point, I made a password protected DMG file and then I moved everything to a DVD and Secure deleted all the files. It was then that I started thinking about how someone can have access to these documents and how would/could they do it. I don't mean physically having access to them, like putting a USB key in the iMac and then copying, but going through my router and taking them without my knowledge. Of course, my router has a password and my iMac's firewall is up.



I don't want to sound too paranoid (well, maybe I'm starting to... ), but I would like to know if it is at all possible, how can someone do this and what are the chances that some random guy, living on whatever street, be pirated in this way?



If you need more info, don't hesitate to ask me.



Thank you

Comments

  • Reply 1 of 7
    If it's just pics and vids of the girlfriend/boyfriend, sex or not, there's no need to be paranoid, unless one of you is a celebrity. No one is interested, and there is so much porn already on the internet that it would get lost in a crowd of photos and it's likely no one you know would ever see it even if someone posts it somewhere.



    If it's kiddie porn, you're on your own... I won't help, you sick schmuck. Just kidding.



    Oh, and it sounds like there's absolutely no way someone can hack your setup unless you made a really stupid password.



    If you're using wireless, just make sure your router is set up with a WPA2 password (not WEP or WPA), and you have pretty much nothing to worry about. Better still, turn off SSID broadcasting and also set up your router with MAC access control, and you've got triple protection.
  • Reply 2 of 7
    MarvinMarvin Posts: 15,177moderator
    Quote:
    Originally Posted by Mysthral View Post


    I am a photographer and I recently had important files and pictures on my hard drive. At one point, I made a password protected DMG file and then I moved everything to a DVD and Secure deleted all the files.



    Do you mean you copied the dmg to the DVD or just the unencrypted files? Also, is that the only copy you have?



    If you've copied important files unencrypted to a DVD without any other backup, that's not a good idea.



    If someone breaks in and steals the disc or you just have an untrustworthy guest or the disc gets damaged, those files are gone and they are unprotected.



    You should keep them on an encrypted DMG and you can and should put this DMG into more than one location. You can even put it on a server.



    The only security risk is that someone plants a keylogger on your system to get your password but it's not very likely unless someone even knows you have important pictures and has any motive for obtaining them.
  • Reply 3 of 7
    regreg Posts: 832member
    Depending on where you are physically located I would have SSID broadcasting disabled. Where I live it would take a repeater to get a signal off my property. I have a niece that lives in a town house and we can see 10 different networks from her living room. We have her SSID disabled and have MAC address control set up. Once a computer has been given access once it will have access from then on. We did this so people could not use up their bandwidth. If you have a good password then your password protected files should also be safe. Most people don't use good passwords, hope yours are stronger than most.
  • Reply 4 of 7
    Quote:
    Originally Posted by Mysthral View Post


    I made a password protected DMG file and then I moved everything to a DVD and Secure deleted all the files.



    Burned DVDs are a useless medium for long term storage because DVDs start degrading the minute they were burned, and they become unreadable between 5 to 10 years after burning. So your problem with those files is sooner going to be that you have lost (access to) them, permanently, rather than that a third party could somehow access them.
  • Reply 5 of 7
    Hi, this is Mysthral. PLEASE DO NOT REMOVE THIS REPLY. Sorry for not responding more quickly, but I cannot post any replies or do anything except log in. I have repeatedly emailed the people in charge, but I'm still waiting for an answer to my problem. So I made a temporary account to, at least, respond to the people who have taken the time to post. It would be a shame to cancel my membership and go elsewhere because this forum has a lot of useful information. To see what I really use photographs for: www.pierrefoisy.ca and parsimeon.deviantart.com.



    Quote:
    Originally Posted by tonton View Post


    If it's just pics and vids of the girlfriend/boyfriend, sex or not, there's no need to be paranoid, unless one of you is a celebrity.



    Thanks tonton. No, I am not a celebrity, not porn and it's definitely NOT child porn. But I do use models for art nudes, especially as reference for paintings that I do and they are sometimes people that I know, so I have to respect their privacy. Right now, I have nothing worth looking at and when I will review future pictures, I will do it on my MacBook that is not connected to the Internet... just to be safe. I was using my router in wireless mode with WPA2 encryption, but I've reverted to an Ethernet cable instead - don't know if it makes any difference security wise.



    Quote:
    Originally Posted by tonton View Post


    Better still, turn off SSID broadcasting and also set up your router with MAC access control, and you've got triple protection.



    Could you explain to me what those are?



    Quote:
    Originally Posted by tonton View Post


    Oh, and it sounds like there's absolutely no way someone can hack your setup unless you made a really stupid password



    By setup, do you mean my router and/or my Mac?

    I was told that even if someone had my router password, the only thing they could do is access the Internet ???



    TO Marvin : That it not the only back up I have and my client has a DVD as well. Also, how can someone install a keylogger without me knowing?



    Thanks again
  • Reply 6 of 7
    regreg Posts: 832member
    On an Apple Airport Extreme use your airport utility to get into setup. Select Manual setup - Click on the Wireless button and select Closed network. This will disable broadcasting your networks name.



    From Apple:

    Creating a Closed Network

    The closed network option provides additional security by hiding the name of the

    network created by the AirPort Extreme Base Station. Users must enter the exact

    network name to join the AirPort network.

    To create a closed network, select the ?Create a closed network? checkbox in the

    AirPort pane.

    To join a closed network, users of client computers must follow these steps:

    1 Click the AirPort status icon in the menu bar and choose Other from the list of available

    networks.

    2 Enter the name and password of the AirPort network.



    This site gives a good description on how to set up Mac address control on and airport.

    http://arfore.com/2009/04/03/configu...ac-filter-acl/

    For some reason I believe you can only have 50 Mac addresses



    Now if you have don't have an airport the idea is still the same, the setup will be a little different.
  • Reply 7 of 7
    MarvinMarvin Posts: 15,177moderator
    Quote:
    Originally Posted by FanGirl View Post


    TO Marvin : That it not the only back up I have and my client has a DVD as well.



    Consumer optical discs are not a good storage option as they degrade over time. If you need to protect the contents, it should be encrypted on the DVDs too but certainly keep a backup on your hard drive or even a portable external drive that can be unplugged.



    Quote:
    Originally Posted by FanGirl View Post


    Also, how can someone install a keylogger without me knowing?



    By using a security exploit or social engineering. Operating systems have bugs that can be taken advantage of to get higher privileges and install software.
Sign In or Register to comment.