TLUG Mailing List

> Are you running an X server or VNC?
No VNC, not sure about X Server, since I have NoMachine
(http://www.nomachine.com/) on my Mac to work on my little Linux box,.
> If not, it should not be possible
> for anyone not on the machine to mess with the pointer's position, and
> I can't imagine why anybody who wasn't basically benign (but a tease)
> would do such a thing.
Exactly (my local Mac Guru would if he could, the other reason why I
called him immediately). I was also thinking of a possible script kiddy
residing in the room above me, but only know he is interested in
computers, not neccessarily in breaking in somewhere. There is a chance
that he has access to our WLAN.

Uli

What services are running/accessible to the outside world?

$ netstat -an | grep LISTEN
tcp4       0      0 127.0.0.1.895          *.*                    LISTEN
tcp4       0      0 127.0.0.1.8080         *.*                    LISTEN
tcp4       0      0 127.0.0.1.631          *.*                    LISTEN
tcp6       0      0 ::1.631                *.*                    LISTEN

Above is an example from my MBP, only localhost so nothing accessible from the outside.

Make sure your firewall is up and running....here is a good guide to secure your Macbook and how to check for this
http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml#AppleMac

If no services are accessible from the outside (you can always check by running NMAP from another system on the LAN), it will be hard for anyone to take over control of your Macbook....

There are always "dial-home" baddies or reverse connections.... for the paranoid I can recommend Little Snitch.
http://www.obdev.at/products/littlesnitch/index.html

Hope this can give some piece of mind. I'm curious to see if you 'discover' anything. I'm familiar with forensics on Linux and Windows but not so much MacOS although some principles/tools also apply I guess.

Feel free to ping me if you need more help.

Re: [tlug] How to detect unwelcome visitors on my macbook?