I was interviewd for Access Control and Security Systems Magazine. The article makes me sound smart and old. Okay, I guess I'd like to think I am smart, and I am, after all, getting on in years. (I am only 10 years old in "dog years!") The article is The More Things Change….

As I mentioned in System Back-ups, I have and do use SuperDuper! for backups, but since installing Leopard, I also let Time Machine do it's thing. Today, it was showing an error condition. When I queried Time Machine (I opened it then clicked on the little "information" icon, next to the error) it helpfully told me "Unable to complete backup. An error occurred while copying files to the backup volume." I tried again. Same thing. I used Disk Utility to check the disk. No problems.

So, first I did a back-up using SuperDuper! I use a different partition for that. Then I queried the Internet, which, as we know, knows everything. I found the solution.

Apparently, Time Machine was interrupted during the last time it was run. Now, a power outtage can do that, and we had one today. But, this was user error. I turned my machine off last night when going to bed. And I did not check to see if it was running.

It was a simple fix. I found it, via a search for the error message, at the MacCast Forum. The answer, from forum user "karinlord," was:

If Time Machine gets disrupted for any reason during a backup (e.g., hard drive unplugged, power failure) it seems to get stuck. Occasionally it gets stuck for reasons only known to Leopard. It's a known bug on the Apple discussion boards. What has worked for me is the following:

1. ensure hard drive is powered on and connected to computer
2. turn off time machine
3. go to your backup volume, backups.backupd, "your computer name", and then select and trash "In Progress" or "Latest" (it will be the last one in your backup folder listing)
4. turn Time Machine back on
5. either wait for the next backup cycle, or what I do to be sure things are working right: force an immediate backup (control-click on TimeMachine, select "backup now").

This worked for me.

Apparently, in it's never-ending battle to thwart spam, Comcast (apparently) recently started to require that connecting e-mail servers have a valid PTR record so Comcast's email servers can do a PTR (pointer) record lookup. This allows a look-up on your IP address to see if the IP address and the value returned—it should be the computer's domain namematch.

Now, I am not sure of a different way to do it, but Comcast chose a way that many choose. They returned it in a bounced error message.

Providentially, I knew this was coming. For some reason, I checked the mail queue on the server. This is what I saw.

242C7AFEC0D2 9406 Thu Jun 19 12:25:40
listname@example.org (connect to mx1.comcast.net[76.96.62.116]: server refused to talk to me:
554 IMTA08.westchester.pa.mail.comcast.net comcast 66.242.23.142 Comcast requires that all mail servers must have a PTR record with a valid Reverse DNS entry. Currently your mail server does not fill that requirement. For more information, refer to:
http://www.comcast.net/help/faq/index.jsp?faq=SecurityMail_Policy18784)
alpha@comcast.net
charlie3@comcast.net
delta4@comcast.net
echo5@comcast.net
foxtrot6@comcast.net
gold7@comcast.net
hotel8@comcast.net

Later, one of the errors was returned to the list owner (me).

<delta4@comcast.net>: delivery temporarily suspended: connect to mx2.comcast.net[76.96.30.116]: server refused to talk to me: 554 IMTA01.emeryville.ca.mail.comcast.net comcast 66.242.23.142 Comcast requires that all mail servers must have a PTR record with a valid Reverse DNS entry. Currently your mail server does not fill that requirement. For more information, refer to: http://www.comcast.net/help/faq/index.jsp?faq=SecurityMail_Policy18784

Now, I am fairly Internet, DNS, and SMTP e-mail clueful. What would (what do) the average person do with this error message? They should go to the indicated URL. It suggests going to your email administrator. Many people stop right there, eyes glazed over.

The funny thing in this case? Although the server was not in a Comcast address space, the server domain is a customer of Comcast. I'm thinking the error message could have been clearer.

I read Startup Launches New Firewall Line posted by Andrew Conry-Murray. He claimed it was innovative. It sounded to me like an application gateway firewall from the mid-90s, only faster.

I asked him about it, and he replied, "It's not an application gateway... it's not proxying the applications. The company uses signatures to identify applications rather than try to recreate every app that admins want to allow through." In a traditional application gateway firewall, proxy software that mimic various application servers (usually in a secure fashion) provide the security. He pointed me to From The Labs: Palo Alto's Firewall Appliance.

So, instead of writing proxy software for "550 applications," Palo Alto has "a signature-based system that allows for matching network traffic against a database of more than 550 applications."

It does sound innovative. Check it out and see if you agree.

I've praised the Radio Free Security, Watchguard's security podcast, before. The June offering included Dave Piscitello on how to "Prevent Domain Hijacking." The basic idea is that "Router-based rootkit shows some old attacks are new again." It reminded me of a column I did for WatchGuard in 2002! As Scott Pinzon writes on their blog page

Attacks on routers are not new. Before Trojan horse and virus attacks became so devilishly easy to launch, attacks against the basic protocols in the Internet were accomplished through routers and their undying and exact support of those protocols, built-in weaknesses and all. And if you appreciate that last sentence, you may want to read the article that I stole it from. Fred Avolio's concise steps toward "Basic IP Router Security" was written in 2002, yet … every word is still useful today. If you were ordered to harden your routers, would you know what that means, and more importantly, what to do? Check out Fred's article, which is suitable no matter what brand of router you use. Then, for extra credit, take a look at the Cisco paper, "Guide to Harden Cisco IOS Devices."

Comment on this.
[/security/] permanent link

Recently, I responded to a posting on Apple's discussion list asking if she needed to get 3rd Party Security Software. Someone posted and gave the opinion that "OS X has all the built-in security that anyone would need." I agreed, but reminded that "you have to use them."

Let me expand a bit on what I wrote.

• You have a firewall (in Windows or OS X); use it!
• Speaking of firewall, turn on application access. (See this Macworld article for some good recommendations.)
• Regularly back-up your data! TimeMachine is fine. So is something else. See what I wrote in my blog, System Back-ups. And back things up before you install updates.
• Both Safari and Firefox have antiphishing mechanisms. Use them.
• Keep your brain engaged.
  • You have no need to click on a URL in an email from a bank in which you don't have an account!. I mean, really. Do you have that many bank accounts that you cannot remember that you do not have one at Barclays Bank?
  • Even if you really do use E-bay a lot, E-bay doesn't send emails about problems with your account with URLs on systems in Korea
  • And no one, no one, no one wants your help to get at $15M. No widow in some foreign country has heard of what a kind-hearted, trustworthy person you are, no matter how kind-hearted and trustworthy you are.
  • No, you did not win a big Internet e-mail address lottery.
  • Did you really do business in another country and forget that they still owed you $75,000? (As I told a friend, "Holy cow! How did I forget that? At my standard rate that is 6 weeks of work! Maybe it was a fixed price contract.")