Locks are changed. Now: is anything missing?
November 17, 2011 9:24 AM Subscribe
So despite being fairly knowledgeable about these sorts of things, I put on my own little "worst practices in computer security" seminar with my Mac Mini HTPC. And, surprise of surprises, it was compromised. Help me figure out if I've reversed the damage, won't you?
posted by supercres to Computers & Internet (17 answers total) 1 user marked this as a favorite
This is embarrassing, but here's the sequence of events whereby my Mac Mini (running Lion) got less and less secure, and eventually compromised:
Initially set up a standard (non-admin) account to watch movies/TV from, with a weak password. (Even more embarrassing: same as the short name for the account.) Also set up admin accounts for me and my wife, and enabled root access (all strong passwords).
For some reason (and I really do feel like it was a good one at the time, but can't remember) I gave the Media Center admin access. Naturally (sigh) I didn't change the password.
Yesterday I realized I couldn't log in to the Media account via VNC (which I only do on occasion and almost exclusively into that account). This morning I plugged in a keyboard and tried to authenticate... and the password was wrong. Wife didn't change it. Also noticed moderate outgoing traffic that I couldn't account for, as well as less free disk space than I remembered. I logged in as root (no, not over VNC) and reset the password to be stronger. Also took away admin access.
So the question is: is there a good way to make sure I'm now protected? Is there a good way to identify and clear out any changes (other than the password change) that might have been made by nefarious parties? I'm planning to run WhatSize to see if I can find ~20 GB or so of crap that I can't mentally account for. I don't have Time Machine running on this computer (use manual rsyncs to an external HD instead).
Bonus question: Is there an easy way to secure my VNC access? I use it Mac-to-Mac as well as from my iPhone with iTeleport.