Hmm,
Odd that an Apple employee would be daft enough to have auto login enabled?
A pair of clueless US crooks were brought to justice when they went online using an Apple employee's stolen laptop. Edmon Shahikian, 23, of Katonah, and Ian Frias, 20, of the Bronx district of New York, were arrested and charged with burglary and possession of stolen property after their victim tracked them down. Kait Duplaga …
As a result of hearing this story a few days ago on one of the Mac forums, I am now in the process of ordering a site licence of this software to install on all the macs in the company - easily targeted by thieves, this is a superb way of keeping things safe.
Paris, cos she know a thing or two about the "dirty mac brigade"
Mine is the coat with the white apple sticker on the back
...it's not such an amazing feat of Mac-technology-sleuthing. All that happened was she took the picture before the dumb thief managed to cover the webcam, and by a huge turn of fortune, the thief was somebody known to a friend of hers.
So the software only works if your Mac is stolen by somebody who you'd already recognise.
Undercover from Orbicule can do this automatically. http://www.orbicule.com/undercover/
Saw this a few years ago and though is was neat. When the Mac is stolen and then gets a network connection, it'll silently send screenshots and iSight pictures to a nominated account, along with IP addresses etc. It that doesn't work, it'll then simulate hardware failures until it gets sold on or sent to a repair place, at which point it'll then announce to the next user that it's been stolen and disabled.
They'll also nicely refund the $49 (single user), or $59 (household license) if you Mac gets stolen and not recovered.
Essentially , as this story unfolds it shows that Mac's have some very serious ill conceived security flaws with this software as installed and is just what the botnet boys need to take all these Mac's down and own them literally from a through z !
Little wonder MacBook Air was history at that recent Canadian security Conference and the first to go down in less then two minutes flat !
Flames are what is needed when these self wanking fans of the one in twenty five have such weak and non existent intertube security , what a very flawed OS indeed as it is insecure by nature , what a hoot !
Question now becomes , can the wankers at the Cupertino Campus be sued for false and misleading advertising thus ?
The 'Back To my Mac' feature mentioned within the article isn't turned on by default. And, apparently....
"Back to My Mac uses advanced authentication and data encryption technologies to help prevent unauthorized access to your data and protect it during transit over the Internet. So you can rest easy knowing your data is secure."
Yeah, snagging the webcam pic was a stroke of luck, but I'm sure failing that having remote access to the box could've been used one way or another to try and track it down, if only from finding out the IP address and ISP.
I used LogMeIn on my home PCs, and whilst not designed for stealth access I'm sure I could utilise it to some extent to do something similar. Either way good work by the Mac Girl!
Presumably this means that the MAC is registering it's IP address at log on with some external DNS provider, otherwise there'd be no way to make the connection.
Some service like Dyn-dns, or no-ip, in which case the actual connection and photo wasn't necessary as the IP address should be sufficient for the police to trace through the ISP to a specific address.
@heystoopid - it appears that you have not understood the initial article, you're either stupid yourself or a mac troll.
> Essentially , as this story unfolds it shows that Mac's have some very serious ill
> conceived security flaws with this software as installed
Tw@t! Perhaps you should research what "Back to my Mac" is before posting such drivel. http://www.apple.com/dotmac/backtomymac.html
The WHOLE POINT of this software is to allow secure remote logins so you can access your Mac whilst not being sat in front of it.
It's not enabled by default and requires a .Mac account, so doesn't allow all Macs to be owned by "botnet boys".
Not that the facts mean anything to thick shits like you. "heystoopid" is a very apt user name for you.
I'd not worry too much about the comment Phreaky - I would suggest that heystoopid was attempting to spark a Mac/PC flame war. Every time I see an article like this posted on lesser sites it's always just a matter of time. Reg readers tend to be a cut above.
I would never subscribe to such debaucherous endeavours.
MACS RULE!
According to the docs, you need a valid .Mac account to use Back to My Mac. I surmise that when you fire up the network interface, Back to My Mac will register it's IP with the .Mac service, so the machine can then be accessed from elsewhere.
So your point about the IP being logged and traceable is essentially correct. The webcam part was not necessary. If I was using Back to My Mac, I'd be really careful not to plug my Mac in at my illicit lover or crack dealers house, however
A Linux equivalent would be pretty straight forward to concoct using a few boot scripts and tunneling X over SSH
Paris, because she'd probably leave her laptop on with the webcam running
She managed to take a shot with PhotoBooth without the crims realising something was up, PhotoBooth is well in your face.
You can do all this yourself using free stuff, I set up my old mans Macbook to covertly snap a pic and email me whenever it connects to an unknown network, as such I've a ton of pics of him stealing his neighbours wifi heh.
The 'undercover' service mentioned in the comments above is a nice solution to the less geeky, although if you can't roll it yourself you're reading the wrong site friend.
Or, you could use a cheap cctv setup with oodles better low light capability than a webcam, a burgular alarm with an earsplitting klaxon mounted inside the room and keep your expensive laptoy in a safe place where the criminals won't hang around to look for it.
That way, the computer is available for use the next day instead of in the hands of a burry individual that could be anyone.
Of course, that's old-school, pre web 2.5 thinking.
If you want to go totally over the top you could add a strobe light or two in the room too. Nothing says "hands off" like an epileptic fit.
No auto login would have been required. No PC, Mac or otherwise, is safe if the person has physical access to it. Requiring a password at login is little more than a deterent. Hiding login names is even better (which is what I do on my MacBook Pro).
Sure, auto login makes things easy, and the typical non-pc(mac)-literate user won't be able to bypass a login window, but if someone can get physical access to your PC, you can pretty much bet a determined hacker will be able to get into it.
For a Mac, you can use the install disc to boot up and reset the admin password. I think you can also do it with single user login.
"I'm Amazed... She managed to take a shot with PhotoBooth without the crims realising something was up, PhotoBooth is well in your face."
If you follow the link to the NY Times article, it explains that he realised what was happening but failed to cover the camera with his hand in time.
I just have to wonder why are there people stupid enough to buy stuff that does things that your OS *already does*. If you've got Windows XP or any win200X Server version, you've already got Remote Desktop / RDP. No need for Log Me In or Go To My WC. If you don't want to do the OS way, VNC has been doing this, *for free*. Really, what is the "big advantage" on these programs?
That said, looks like these thieves were very stupid. Anyone intelligent enough would assume the laptop's got a tracker on it, just waiting for you to go online. Software doing this goes back to 1998, maybe even before that.
I think the best answer to this is to have a remote session with full hardware access running in the background [IE not affecting their session] so you can access the hardware resources [such as a webcam for mugshots, and possibly the speakers so you can shout "I SEE YOU MOFO MUHAHAHA" etc down the wire to them] without giving them too much of a clue on their login session.
I don't suppose this would be terrifically hard to do with a *nix based system, but then, I'm not a software/OS dev and I rarely dabble in terminal services full stop, so I won't say any more ;-)
Steven "I SEE YOU MOFO" Raith.
Nice to see the Mac fans are still living in denial of the Mac Book Air fiasco in Canada or the recent Leopard 10.5.2 update debacle or the Ilooney Adobe fiasco too name but a few of the all to numerous scams originating from the Cupertino Campus and still do not understand one letter in the word denial by choice !
First the software is very buggy , needs a lot more work and refining as it is more alpha then beta software , extremely difficult to set up and securing it , is more of a nightmare then most users care to admit (good to see a minority of users tend to overlook the obvious faults )!
Ah yes the one in twenty five are truly classic in more ways then one , but as the real market says you are in the minority with pretensions for being the majority that will never happen in any century !
Choices can be seen to be evil , especially for those who choose to not look beyond their nose from behind those rose coloured glasses !
Flame on boys it be so funny it is more fun then using nitrous oxide with helium at a party !
You really are...
If you find a Mac difficult to set up then you're more stoopid than your name says... as for securing it, well, errr.... again pretty straightforward if you ask me.
There is no denial of the Macbook Air hacking either.... just because a Mac got hacked does that undo all of the past insecurities of Windows, Linux etc?
I am somewhat concerned about Webster though....
@Daniel B: RemoteDesktop terminates the current user session when it connects, so that is not going to help you much if you want to monitor someone else's session without them knowing.
The technology to accomplish this in a much more effective and automatic way than the way demonstrated with the Mac is not complex, it's just not commonly installed.
This will probably change pretty soon, for example what Lenovo is bundling with a lot of their new models:
http://static.tigerdirect.com/html/veriface.html
http://www.brightcove.tv/title.jsp?title=1445017879&channel=537061027
Keeping your laptop secure and garded by a "traditional system" is great but many laptop users only actually got a portable computer because it's, erm, portable! But otherwise yeah, my desktop pc weighs a tonne and is secured in a cupboard. It wouldnt be worth the burglar's time to free it (2nd hand value of an out of date cheap supermarket PC isnt all that...!).