Recently, we reported on AT&T's push to make it easier for iPhone & iPod touch users to connect to their Wi-Fi Hot Spots. One of our readers, Jamie Phelps, pointed out on his blog that AT&T's Wi-Fi service is not actually a "secure connection," as is advertised in various places on their website; we had overlooked this, and mistakenly reinforced the company's shaky claim in our post.

This brings to light an important point about wireless networks and security, however. It's really easy (and sadly all too common) to hop on to an available wireless signal in your office, at the hotel, or your favorite coffee spot and not even think twice about logging in to your e-mail or checking your bank balance.

What many users don't realize is even though the server you are connecting to (i.e. your bank's website) may employ several layers of security, the connection between your computer and the wireless access point is very likely to be unsecured. Anyone who is within range of your computer can trivially monitor the traffic being sent between your computer and the access point, allowing them to see what websites you may be visiting or capture details about other services that you may be connected to. This isn't because of some gaping vulnerability or software bug, it's just an inherent part of how wireless networks work.

So, what can you do to protect yourself? Read on for a list of simple steps you can take to ensure that your wireless connection is safe and secure.

I swear, getting old is not a lot of fun.

Last night, I taught a class in data security for home and small business users at our local community college. There were a lot of good questions from the community education program students, so the class ended quite late and I was still answering questions as I walked out the door.

This morning, I went to grab my MacBook Air out of my laptop bag and literally grabbed air instead. In my haste to get out of the classroom and head home, I had packed everything but the laptop. Fortunately, the classroom was locked and few classes are scheduled for early morning, so I called the campus police and had them rescue the MBA for me. Problem solved!

After actually losing an iPhone 3G a few months ago, I wrote a post about what to do to prevent data loss and identity theft when lose your iPhone, and included a few tips on how to hopefully keep yourself from losing the phone in the first place. In this post, I'll talk about the things that I do (or can do) to keep my MacBook Air and my data safe, even when my mind conspires against me to try to lose the computer.

Today is Data Privacy Day, a global initiative to highlight information security rights and practices, especially among teens, professionals, corporations, and the government.

As part of the celebration, TUAW (along with our sister blog Download Squad) has seven good ideas for you about how to keep your data safe and away from prying eyes with Mac OS X Leopard. Also, be sure to browse TUAW articles filed under Security for other tips and alerts about keeping your data safe.

1: Turn on your firewall

Leopard, as we all know, comes with a built in firewall to prevent other computers from connecting to internet-facing ports on your computer. But: Did you know it's turned off by default?

To turn on your firewall, open System Preferences, and click the Security icon. Then, click the Firewall tab. Make sure either "Allow only essential services" is selected, or you can choose to "set access for specific services and applications" yourself.

You can also use "Stealth Mode": when enabled, computers that send data to blocked ports won't even get acknowledgement that the data was received. To enable Stealth Mode, click the Advanced button on the Firewall tab of the Security preference pane, and click the check box next to "Enable Stealth Mode."

2: Set a screen saver password

A feature popular with Windows users, Mac OS X can also lock your screen when your computer sleeps or when the screen saver comes on. Simply open System Preferences, select Security, and choose the General tab. Click the check box next to "require password to wake this computer from sleep or screen saver," and you're all set.

If you have automatic login enabled and click the "require password" check box, Mac OS X will recommend that you disable automatic login. This means you'll have to enter your password to turn your computer on, too; nefarious nogoodniks won't be able to restart your Mac while the screen saver is on to circumvent the need for a password. Good thinking.

RiftVault, which we covered when it was in a pre-release state, is now a full 1.0 release. $39.95 will get you this snazzy app which stores your important information the way it should be stored: using encryption. RiftVault is designed to hold credit card information, passwords, banking info, and even files that you want secured (using the very clever 'Safe Deposit Box' feature).

Everything that RiftVault stores for you is encrypted using 256-bit AES encryption. When you open an item it is unencrypted and cached for fast access only to be flushed from RAM when you close the item. Check out our gallery to get a glimpse of what this app has to offer.

RiftVault is available now for $39.95 and there is a free 30 day demo.

I recently wrote a post about Ilium Software, developer of longtime mobile apps eWallet and ListPro, and Apple's delays in getting their applications into the App Store.

I don't take any credit (it was pure coincidence), but about 8 hours after my post eWallet showed up in the App Store. I purchased it immediately, since I used the Windows Mobile and Palm OS versions for years and have been hoping for an iPhone version.

In short, eWallet is both attractive and functional. It stores your passwords, credit card numbers, and other personal information securely with 256-bit AES encryption, and it does it with iPhone style. At $9.99, eWallet for iPhone is priced at half of the price of its $19.95 siblings for Palm OS and Windows Mobile.

Read after the break for the rest of my review of Ilium Software's eWallet for iPhone (link opens iTunes Store), and check the gallery below for screenshots of eWallet in action.

Last night, an anonymous tipster pointed us to this Austin Heap webpage that purportedly reveals the iPhone's secret Application SDK key. Another tipster, also anonymous, then tipped me to iPhone "Elite" developer Zibri's blog, that shows the same key. So what does this mean? Since all iPhone applications must be properly signed for iTunes to process them and for the iPhone to load them, this key suggests that hackers are closer to creating compliant IPA application bundles for home-brew iTunes distribution. With the proper key, developers can create and distribute applications that load through iTunes without Apple's blessing.

photo by 2create via flickr

Reader Andrew dropped a note that Michael Rossberg, developer of KisMAC, the wireless network sniffer based on Kismet, has declared the project discontinued. I can't get the project's website to load (most likely because it's been Slashdotted), but apparently the reason Rossberg gave was that a change in Germany's laws would make it dangerous for him to continue working on it. The law apparently makes it illegal for anyone to sniff out a password that "allows access to data", and since that's a big part of KisMAC's function, Rossberg is calling it quits.

But he is asking for interested parties to continue his work, in the EU or the US, so if the site ever returns, feel free to grab the source and check it out yourself.

Of course, from what Slashdot commenters are saying, this isn't much of a loss anyway-- the program hasn't seen any real updates in a long time, and apparently it didn't even work with the new MacBooks. In terms of network finders, there's lots more to choose from (including iStumbler, which I didn't mention in the other article), but in terms of cracking WEP and WPA keys (legally, of course), are there any other OS X specific options out there?

Update: Clarification: the program will run on MacBooks, but it doesn't do anything but find networks, which is just a fraction of the intended functionality.

In OS X, you can always toss a file onto the command line instead of laboriously typing out a complete path name because Terminal supports drag and drop. Over at Murphymac, Murphy has posted a video showing you how to create a shell script using DES3 encryption to protect your files. It takes advantage of this drag and drop support so you can basically run the script and drop the file you want to encrypt. Even if you're not all that interested in encrypting your files, this videocast shows how to think about creating shell scripts with a particularly interactive OS X flare flair.

*Oh snap!* Agile Web Solutions has created a password and form manager extension for both Safari and Firefox that fixes one of my biggest gripes about Mozilla's flagship browser: it can store website passwords in Mac OS X's Keychain Access application. For those who haven't stumbled upon the wonders of the Keychain: it's a system-wide secure password manager that most other Mac OS X apps can use to store logins for things like websites and FTP access. 1Passwd is an extension that, amongst other features, lets Firefox join the Keychain party party so you can have one secure, centralized area for managing (and backing up) your logins. This also means that if you have a .Mac account, any passwords you enter into Firefox will sync between your Macs. But 1Passwd doesn't stop at handle just your login information. Check out the full feature list to see everything else it can do for both Safari and Firefox.

If beer could be sent virtually through PayPal, I'd send Agile Web Solutions a twelve pack; this brings Firefox one step closer to being a true Mac OS X browser. 1Passwd is currently in a third beta release, and those who opt to test the beta and offer their email addresses will receive a discount off its (somewhat steep) $29.95 price.

I'll admit it, I don't want people poking around my Mac. While I may want certain files encrypted, Apple's File Vault would be overkill for my needs. That's why I use Knox. With Knox, you can quickly create password-protected, encrypted volumes that you alone can gain access to. You can even schedule backups to occur whenever your iPod is docked. If that's not your cup of tea, you can use a remote server or even your .Mac storage space as a backup destination for Knox. Moving from volume to volume is easily accomplished via a menu bar item.

How secure is secure? From the website: "Knox’s encryption—based on Apple’s FileVault technology—protects files with the U.S. Government’s new Advanced Encryption Standard (AES)." So there you go. Changes to version 1.0.7 include:

• Fixed a problem with opening the Preferences window after upgrading to 1.0.6.
• Fixed a crashing bug in Knox task handling.

There is a free trial available, and a single license will cost you $29.95US (€29.95 w/ VAT). Knox requires Mac OS 10.3.9 or later.