Hacker

TraceyHamilton wrote:

I understand I could be completely wrong about having a hacker, but at the moment I believe I do and TW agrees with me ... we just can't determine how he/she's getting in.

The more I think of this business, the less sense it makes to me.

If this hacker can do all you say he did, then he couldn't have helped notice that you were on to him. So how come he's still around? Does he have a Death Wish? Is he a kamikaze hacker on a suicide run? Criminals who want to get caught are the stuff of crime fiction, not real life.

Until you provide details about the setup (the setup, not details about your data), it's a waste of time and bandwidth to speculate what might be going on.

Did you make that USB pendrive bootable? I gather the ESP partition is re-created with each clean install, and its content, if any, deleted in the process.

"According to Wikipedia (accessed today), Macs do use ESP "as a staging area for firmware updates". However, the Apple KB HT2434 document cited in support says nothing of the kind -- it merely states that firmware updates will not install on a Mactel if the boot drive partition map is not GPT."

When I was talking about OS X needing it as a launchpad of sort to install firmware updates, that's what I was referring to. I've read the same material as you, and it would make sense to store, or even simply decompress, .pkg files in the ESP partition prior to updating/upgrading the firmware, rather than use the boot partition, to the risk of corrupting a file or two. You have to remember that the boot sequence in OS X doesn't mount the file system right away. In any case, I agree: using the ESP to store some malware, or even hidden network settings, does seem a little far-fetched.

Tracey: like fane_j suggested, we need to know more about how your home network is set up (see my previous post for more detail) to fully answer your question.

Oh, and by the way: Happy New Year to all you guys!

FrenchToast wrote:

Did you make that USB pendrive bootable?

I'm not aware that anything is required to make a drive bootable (other than having the correct partition table and installing the OS). Am I missing something?

I've read the same material as you, and it would make sense to store, or even simply decompress, .pkg files in the ESP partition prior to updating/upgrading the firmware

Maybe. One would have to create a file system first, of course. The problem is that I am profoundly skeptical of unsupported statements, in Wikipedia and elsewhere. The entry quoted an Appe KB article which didn't say what it was supposed to say (which increases the level of skepticism by an order of magnitude) and a posting in an Ubuntu forum. I could not access the latter -- hence I can't judge it -- but I have great difficulty regarding something like that as authoritative.