Gary,
An acquaintance took his Macbook on a business trip and used it to send some email via public WiFi in his hotel. Afterwards he had many problems with his computer (I don’t know the details) and people in his AddressBook started getting junk mail. I can attest to the junk mail part. What do you suppose was the likely cause of the vulnerability and what would the best prevention have been?
— Jerry
It is impossible to know what happened without more details.
Being on a public wifi network is not a good idea no matter what computer or device you are using.
If he had file sharing on, and no password, then someone could have simply looked at the entire contents of his hard drive.
If he was using any online email account, like gmail, yahoo, hotmail, etc, then someone couldnhave sniffed his I'd and password out of the air if he was not using encryption, and then logged on to his email account. This is easy to do, in fact.
A program can even be installed In the public wifi router that will intercept data like email addresses, emails, etc.
The key is to keep your access on these public hotspots to a minimum and always use encryption (https versions of sites like gmail) when accessing email or anything you log in to.and make sure you have a good strong password set on your user account on you Mac, and all your online accounts. See http://macmost.com/online-password-security.html
Gary,
Thanks for your reply. I tried to get more details on this case, but I guess it's embarrassing to have been hacked and I didn't get far. You didn't mention anything about Firewall settings. Would Firewall settings be a non-issue with File Sharing turned off?
Firewall probably isn't the issue. Firewall can prevent serious hacker-spy stuff, theoretically. But why worry about someone digging a tunnel into the basement if the doors and windows are wide open?
Firewall won't help if you simply have file sharing on with no password, or are sending passwords in the clear over public wifi.
So, to summarize: File Sharing Off, Use Secure Gmail, keep the sessions short?
Thanks too for the link to your great Online Password Security article!
File Sharing off, but it is OK to have it on as long as anything shared can only be seen by a user account that has a strong password set.
Any online email or account of any kind should only be accessed by using secure pages, indicated with https:// -- you can do that with Gmail, yes. Some online accounts don't have an https option, though.
Email through the Mail client application should only be done if the client and server are communicating through SSL (see your Mail prefs to check). Without it, even the automatic checking of email sends your password in the clear for anyone nearby to steal.
Lots of other things to consider, as well, but those are the basics.
BTW, a public wifi system that requires a password is much more secure than one that doesn't. That is because using a password usually means the signal is encrypted as well.