More about Back to My Mac

 

Here are some more things we’ve learned about the potential security hole with Back to My Mac:


  1. • If you follow our advice from the book (chapter 4) “After installing Mac OS X, run the Keychain Access utility, and change your keychain password to something other than your login password” (or otherwise lock your keychain) you can get Back to My Mac to behave the way we believe it’s supposed to. That is, it will ask for your remote machine’s login name and password before letting you connect to its file or screen sharing. You also have to deny something called “NetAuthAgent” access to your keychain when asked as part of the connection process.

  2. • The Apple video of Back to My Mac shows a user name and password login screen, with a soundtrack that says “click on your home computer... enter your user name and password and then connect.” We, and at least a few others, have not been able to get this screen to come up (other than as indicated above). The video, however, shows a Finder user interface that does not exactly match the current one.

  3. • As further indication that it’s “connected differently,” the Finder indicates “connected as user@mac.com” at the top of the Back to My Mac connection window (although not in the above video).

  4. • Back to My Mac is clearly not quite ready for prime time, as acknowledged by an Apple statement that “if you find that you cannot access your remote Mac right away, please be patient as we work to improve the service.”

  5. • Some people have reported, and we have observed at times, that Back to My Mac is enabled by default after a Leopard installation. Coupled with its current behavior, these situations are particularly bad, and violate the cardinal rule of all Internet services being disabled by default (which Apple, in general, has been amazingly good at following).


At this time we continue to recommend that you not go Back to My Mac by not enabling the service, and, because multiple levels of security are better, blocking UDP port 4500 with your personal firewall.

Monday, October 29, 2007

 
 
Made on a Mac

next >

< previous

blog home    book home