Leopard Security Sensationalism

So, out of the gate, there have been a number of people talking and blogging about security in Leopard from a number of perspectives.  Some, though, are just looking for attention.  Take the two posts at "Internet Security for Your Mac" warning that people stay away from the new "Back to My Mac" feature:

http://www.isfym.com/Site/Blog/Entries/2007/10/27_Don’t_go_Back_to_My_Mac.html
http://www.isfym.com/Site/Blog/Entries/2007/10/29_More_about_Back_to_My_Mac.html

At least they admit that it's a "potential" security hole (it isn't).

This must be for sensationalism, as the blog doesn't allow feedback, therefore, they can't be debunked in public.  Seriously, what's a blog without feedback?

In any case, the new "Back to My Mac" feature allows OS X machines that share a dot-Mac account to file-share and screen-share over the Internet.  Basically, from anywhere.  So, why is it an issue for another Leopard machine on the same LAN to have this access?  If you don't want someone accessing your Mac, turn off sharing and Back to My Mac.  Better yet: don't hand out your dot-Mac id and password!  If you do need to leave your machine on for remote access, make sure you kick in the password protected screen saver.

is this the best design?  Perhaps not, but this is not a bug, but rather is working as designed.

Don't believe everything you read about Leopard over the next month or so.  Verify the source, verify with others, examine for yourself.  Explore.  I'd love to hear how you feel about any of the new so-called 'issues'.

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Seriously...

“Seriously, what’s a blog without feedback?”

I think it is called… “a website.”

–chuck
http://chuck.goolsbee.org

OK

Well, OK, this made me laugh. But then, yes, that’s true. It’s not a blog, it’s a website. They should call it like it is.