This is topic Karma is a beyotch!!! in forum Our stupid lives at The Geek Culture Forums!.

To visit this topic, use this URL:;f=9;t=003199

Posted by geekygoddess (Member # 15702) on February 26, 2010, 14:53:
So, the other day I came home to busted down front door and my house was completely ransacked. They took my Mac and all my goodies that go with it, my jewerly, an Xbox and about 50 games, and oddly enough a whole deepfreezer full of meat. I hope whoever took it chokes on a porkchop bone! My question is screwed am I in terms of them accessing all my personal info from my Mac...ughghghg! I did back-up, so my pics and important stuff are safe, but I am concerned about all the other stuff...Thanks:)
Posted by Snaggy (Member # 123) on February 26, 2010, 16:05:
OH NO! that's horrible! [Frown]

Well, chances are they will just wipe your drive and resell it, but you will want to change every password you have on every website and email account asap.
Posted by MacManKrisK (Member # 955) on February 26, 2010, 16:58:
There isn't a simple way to answer this, but there's a few things to think about.

1) If you had a login password, that'll keep most people out as they'll have to go to decent measure to brute force your password. MacOS X doesn't require you to set one (a *grave* security hole, IMHO), but I hope you did.

2) A password isn't everything. Was your home folder encrypted with "FileVault?" If so, then if they hack into your machine (that is, they *don't* brute-force the password but crack it by other means [i.e. some sort of password resetting tool]) then your data will be unaccessable to them.

3) Don't forget that this all depends on the tech-savvy of the crooks. If they know how to get your Mac into Single-User-Boot mode, and know how to use it then they can do pretty much whatever they want.

4) Snaggy makes a very valid point... the most likely thing is that they'll format it and sell it for cash. Most crooks aren't all that smart... and the kind of crooks that'd steal a freezer full of meat.... I'm not going to continue that sentence.

Sorry to hear this happened to you. I hope you're able to recover everything.
Posted by Grummash (Member # 4289) on February 26, 2010, 17:13:
gg - what a horrible experience! I'm vegetarian, but if the low-lifes do happen to choke on that porkchop bone I'll be happy that the piggy's life was not wasted.

But to answer your question - I think that if the scum have a boot CD/DVD for the same version of the Mac OS as on your stolen machine, you may have a problem. Change every single password - now!

On the other hand, any crims who might wish to steal a person's identity are unlikely to spend any time trying to crack your HDD - not when identity details can be bought in bulk on teh interwebs for peanuts.

My suggestion would be to change every password you can think of...cancel bank cards and request re-issues if you stored details on the Mac. It might also be a good time to subscribe to an on-line credit reference agency service, to get alerts of any new financial products taken out in your name.

So, in a nutshell - plan for the worst case scenario but take comfort in the notion that the worst case scenario is really, really, really unlikely to happen.
Posted by geekygoddess (Member # 15702) on February 26, 2010, 17:31:
Thanks guys for the help! I just changed all the passwords I can think of...and changed the bank info yesterday. A friend of mine gave me his laptop to use until I get my new machine, I am experiencing with Linux, the thought of going back to Winblows unsettles my tummy:)
Posted by TheMoMan (Member # 1659) on February 26, 2010, 17:40:

_______________ POOP
Posted by dragonman97 (Member # 780) on February 26, 2010, 18:43:
Silly question, but from whence does this 'Change every password immediately' bit come from?

Practically speaking, unless you use a password saving feature that doesn't have a master password, it shouldn't be the end of the world. Cookie-based auth. that doesn't routinely expire, like GC, could be an issue, but no banking system I've ever used has such a weakness. Gmail has a neat link at the bottom that lets you log out all sessions that aren't the one you're using...though I'm not sure that anyone else is quite so nice. Also, some sites log out other sessions once you log in from another location - I believe Facebook works this way.

I'm not saying this isn't a bad situation, and geekygoddess, I'm very sorry for this mess that's happened to you...but I don't believe it's an utter calamity, either. I think by far, the greatest loss is that of the property, and any data that hasn't been backed up. The rest of the stuff is nearly extraneous.
Posted by The Famous Druid (Member # 1769) on February 26, 2010, 21:51:
Originally posted by MacManKrisK:
2) A password isn't everything. Was your home folder encrypted with "FileVault?" If so, then if they hack into your machine (that is, they *don't* brute-force the password but crack it by other means [i.e. some sort of password resetting tool]) then your data will be unaccessable to them.

You beat me to it MMKK, this is really good advice.
Everything even halfway confidential on my computers is kept in encrypted volumes, so if the computer is stolen, the bad guys only get the hardware.
Posted by macmcseboy (Member # 1232) on February 27, 2010, 01:22:

That really sucks. I hope they catch those bastages and hang them up by their buster browns in the town square, flogg, tar and feather them.

FileVault... EVIL... You can't brute force that and if you change the password with a reset utility they STILL need the original password to decrypt and decompress the sparseimage. My advice for FileVault... Do NOT use it unless you are a doctor, lawyer, judge, or other person with EXTREMELY SENSITIVE INFO, make very regular backups and are not prone to filing your drive...

the constant decrypt/decompress, compress/encrypt is MURDER on the file system and the user. This has been my experience... I have had to save more than a few users from their error in its use.

If you DO use FileVault. Set a MASTER PASSWORD in addition to you user password.... Make regular backups... make sure you have more than adequate space (manage your pictures, videos and other downloads carefully and leave at least 15% of the drive free, never exceed that, consumption-wise) and of course don't forget you MASTER PASSWORD
Posted by quantumfluff (Member # 450) on February 27, 2010, 11:28:
I just switched my work MacBook from FileVault to PGP full disk encryption. You have to enter a passphrase during the boot sequence, but after that it is transparent.

Unfortunately, the rest of my family let's the browser cache their gmail password and never shuts down their machines. Sigh. At least I convinced them that they should use distinct passwords for any sort of account tied to a bank or credit card.
Posted by TheMoMan (Member # 1659) on February 27, 2010, 14:14:
____ Since the topic of PassWords came up is one like this hardened enough. A1s9t9r8o This is not what I use but it is simular. we have a 1998 Astro van.

____ Just asking??
Posted by The Famous Druid (Member # 1769) on February 27, 2010, 14:45:
Originally posted by TheMoMan:
____ Since the topic of PassWords came up is one like this hardened enough. A1s9t9r8o This is not what I use but it is simular. we have a 1998 Astro van.

Conventional wisdom is that passwords based on details of your life, eg birthdays, kids/pets names, phone numbers and car details are 'weak' - i.e. easily guessed by hackers who have done a little research.

But they're easy to type and remember, so they're what I use for most stuff.

For stuff that really matters (eg online banking) I use long, difficult to guess passwords, usually based on some distortion of an easily remembered quote, for example

"Four score and seven years ago"

delete the spaces, then replace all the vowels with the letter to the right of it on your keyboard

Posted by dragonman97 (Member # 780) on February 27, 2010, 15:29:
Isn't that a Welsh town? [Wink]

I second mmb's protest against FileVault. As I see it, it's overkill, and potentially quite dangerous if either: a) You forget the password; or b) It gets corrupted somehow. I know someone who had (b) happen to him, and he was /not/ happy.

Instead, I recommend making an encrypted DMG or using a TrueCrypt volume (or something similar and provably strong) to store things that you wouldn't want someone getting their hands on.

qf's approach to full disk encryption is very smart for a work laptop...but I'm not quite certain that everyone else has the same needs. Mind you, I'd put more confidence in PGP than FileVault, as Apple tends to be smarter about making things pretty than making things work in an extremely reliable fashion. In any event, if you choose to take a heavy encryption route, I strongly recommend making routine backups of your data, which unless they're in a very secure location, also should be encrypted.

Regardless of the encryption strategy that you take:
Assuming you have a safe deposit box, with good access controls, I would also recommend having a copy of your password/passphrase there, lest some ill befall you, and someone else needs to legitimately get a hold of your data. (Or, you bump your head and forget your password and are really quite sunk!)
Posted by Mr. Geek 2U (Member # 28663) on March 04, 2010, 10:11:

That is so very bad, Mz. GeekyGoddess!

No offence, but my first question is if they have your computer, then how do we know this is YOU????

What if this is the thief trying to get geek information to unlock deep, dark secrets on your computer?

Like a chocolate chip cookie recipe! Or something!

Do you know the secret Geek handshake?

If this is the real GeekyGoddess, well I say I am sorry to hear that the smartest person in Tennessee history is a crime victim.

I would say Have a Great day. But that doesn't work for this!

Chin up. You have Geek friends.

Mr. Geek 2U!

© 2018 Geek Culture

Powered by Infopop Corporation
UBB.classicTM 6.4.0