Turn off “Back to My Mac” immediately and think about it

When Alan Oppenheimer, co-inventor of AppleTalk, says something is an urgent security need, you’re well advised to listen to him. From Open Door Networks’ “ISFYM” blog:

We’re usually not alarmists here, but right now we need to be. Unless we’re proven wrong (and we’ll certainly admit it if we are), do not use Leopard’s new “Back to My Mac” feature. It contains a serious security hole, which allows anyone who can access your .Mac account to easily take full remote control of your Mac, without having to enter your Mac’s password.

In essence, “Back to My Mac” puts your .Mac-registered computers in the “Sharing” section of the Finder sidebar on every other computer also using your .Mac account, so that you can enter your .Mac credentials in another location (like an Internet café or at work) and find your primary machine in the Finder’s “Sharing” sidebar. Unfortunately, when you click on that machine in the sidebar, you have full access to it just from your .Mac credentials—you do not need to enter a user account name and password or otherwise log in.

Open Door is correct in that this essentially makes your .Mac password a second, “backdoor” password to controlling your machine from anywhere on the Internet. If your .Mac password is also your iTunes Apple ID, and you’ve shared it with some other people to share purchased music, those people may now have full access to your Leopard machines if they can enter your .Mac password in System Preferences. That’s unacceptable unless you choose to take that risk.

So, for now, in System Preferences > .Mac, disable “Back to My Mac” sharing, which in non-Apple fashion is on by default.

And, for those keeping score, note the difference between this and fear-mongering: Open Door explains exactly why it’s a problem, what the risks are, and what to do about it. If you’re relatively confident in the security of your .Mac password, you may choose to keep “Back to My Mac” enabled—but it’s a choice you need to make being aware of the issues. Kudos to Open Door for the discovery and the clear, calm, and rational description.