Students are taking some time getting used to the new “network homes” thing. In previous years, all J-School Macs had a single sign-on. Private files were stored in remote protected folder shares. This year, a student can walk up to any of our 82 new 20″ iMac G5s and log in as themselves. A few seconds later, they’re looking at their desktop, their documents, their email and bookmarks, etc.
The system is working marvelously, except that some people aren’t quite comprehending that if they walk away from a terminal, anyone can sit down and steal/delete/alter any of their content. Loud lectures from the sysadmin aren’t making a difference, so yesterday I made (a larger version of) this wallpaper. Now when we find a machine left logged in, we copy this file into the user’s home and make it their wallpaper. Could have done a nicer job on the lettering, but it’s not meant to be fine art, and it gets the job done. Reaction so far seems to be one of mixed embarassment and satori.
It’s the “Ah-Hah!” part I’m after.
It’s shocking to me that this is a problem for a generation of people raised around computers. Leaving a computer logged-in as you is such a brain-dead thing to do that I’m surprised the offenders were able to complete the UCal admissions application, never mind get accepted.
Next thing you know they’ll be surprised when they leave the keys in the car and it gets stolen.
I get a 404 on the linked image.
Yipes! I know why it happened, but thought I had fixed it. Oops, looks like I fixed one path reference but not the other. Thanks.
Scot did you implement stuff like http://packetstormsecurity.nl/mac-osx/050819-securing-mac-os-x-tiger.pdf ?
Ludovic, we’ve implemented a good many of the techniques on that list, but not all are relevant to us, and others we feel are too paranoid on the ease of use vs. required security scale. But I’m not going to talk here about what we have or have not implemented.
Scot, I was’nt asking. I w&s just trying to suggest a pointer.
It’s a great document, thanks for the link!
Students do the same thing here at UT in our labs. They leave themselves logged in (with an ID that can be used to check their e-mail, drop classes, transfer money from their bank into the residence hall cafeteria debit system, etc). Nevermind that someone could come along, start up a BitTorrent session, download half of Hollywood on their dime (students pay for bandwidth after 500 MB), and laugh as the DMCA notice comes on down.
bleh
We use network login on our support center Macs (and *shudder* Windows machines), and I don’t think there’s a one of us support consultants who hasn’t left their machine logged in at one time or another. Granted, we all know that the only person who might sit at that station is another call center worker, all of whom we know and trust (mostly), but I think it would still happen. Being smart or growing up around computers can help this to not happen, but it’s also really easy in a busy day to just put the tool down when you’re done with the task at hand and move onto the next thing. Computers are the only tools you have to tell when you’re done!