Horrific Leopard Security Snafu/Parental Controls
This is unbelievable. I gave my G4 Powerbook to my 12 year old son as I had recently purchased a MacBook Pro. Having bsod issues, I did a clean install of Leopard on his computer. I created a profile for myself as administrator and one for my son. I had no documents or mail in my profile. I put a 'curfew' on my son's profile, so that he couldn't go on between midnight and 6 am. Now here comes the perfect storm. The computer told him it was after midnight (even though it wasn't). The screen went blue and then he found himself in my profile (which is password protected). He happened upon Mail where lo and behold, all of my .Mac mail had mysteriously moved from my .Mac email account online, right into Mail. Where my son saw some emails he really had no business seeing. I went into mail, and there was my .Mac account activated in preferences. I deleted it. Close Mail. When I went back in, it had re-added the .Mac account and had set itself to transfer all emails from .Mac to Mail once again. I took a look at my .Mac account online and all the emails were gone. This is an appalling set of circumstances. I have no idea how it happened. The .Mac account in Mail had my username and password without my ever having put them in there. Now, the only explanation is that both his notebook and mine have the same computer name. But if I didn't set up the account, how did it get there. More importantly, how was my user login password circumvented by Leopard? And how did it put my .Mac user info into Mail without me knowing?
Ugghhhh.
lawguy51
Ugghhhh.
lawguy51
Comments
The computer told him it was after midnight (even though it wasn't). The screen went blue and then he found himself in my profile (which is password protected).
Why would you create a profile that is the same as your .mac account on a computer that isn't yours? Yes, it may have been yours, but you gave it to your son. It's his now. There's your first mistake.
The screen went blue and then he found himself in my profile
hmmmm, how exactly did he find himself in your administrative profile? Did you see this happen or is this what he told you? What is your password, what I mean is, could he have figured out your password?
I created a profile for myself as administrator and one for my son.
Does he have access to the Date & Time preferences pane? If so he could easily change the time thereby circumventing your 'curfew'.
There's preferences in Mail with regards to what to do with the mail at .mac, that may be how you lost your mail residing in your .mac account.
Why would you create a profile that is the same as your .mac account on a computer that isn't yours? Yes, it may have been yours, but you gave it to your son. It's his now. There's your first mistake. .
Totally agree with that one. But there's no way he cracked my password and therefore, why/how did Leopard let him into my profile? I only created it so that I could control his. My settings on .Mac were not set to forward my mail to my pop account because if they had been, they would have ended up on my Macbook Pro, which they didn't. Very weird.
lawguy51
Totally agree with that one. But there's no way he cracked my password and therefore, why/how did Leopard let him into my profile? I only created it so that I could control his. My settings on .Mac were not set to forward my mail to my pop account because if they had been, they would have ended up on my Macbook Pro, which they didn't. Very weird.
lawguy51
Might I suggest, It's possible that your son got your password somehow? There are many ways this could have happened:
1) Many people ignore security advisories never to write down passwords, and write them down somewhere so they don't forget it.
2) Some people choose passwords that have special significance to them. Favorite sports team, mothers maiden name. These are insecure, and especially for family members, easy to guess.
3) Saved passwords. Web browsers such as Firefox can store passwords you enter, and Firefox stores passwords using it's own system, not the global Keychain system. Most people DON'T have a master password set in Firefox that would prevent someone from viewing a list of all logins and passwords. Likewise, Keychain stores passwords used throughout all of Mac OS X. If left unprotected, your son could have easily gotten on to any of your computers while not in use – even for just for a moment while you were out of the room or not looking – and found some of the passwords.
4) Although I'm not aware of any Keylogger for Mac that is capable of logging things typed into encrypted fields (password fields), there are keyloggers that can log things typed in plain text (everything else). If you son was feeling particularly fiendish one day, and somehow got access to an account on any of your computers (i.e. you left it logged on or something), he could have installed it hoping you would enter the password in plain text accidentally – for example, in the username field.
5) Looking over your shoulder.
Where my son saw some emails he really had no business seeing.
Were they sexy emails?
Were they sexy emails?
While they could be, you know there are other things also you would not like to show to children.
While they could be, you know there are other things also you would not like to show to children.
Like...?
It's not like the kid is going to be interested in a bank statement or anything work-related.
It's not like the kid is going to be interested in a bank statement or anything work-related.
From that statement alone I can safely assume that you don't have children.
From that statement alone I can safely assume that you don't have children.
We'll seeing as I AM a child (teen)...
We'll seeing as I AM a child (teen)...
OK. How old are you now, if I am not asking too much?
OK. How old are you now, if I am not asking too much?
16. Prime trouble-making age.