How secure is secure for account names?

(bin shift) #1

Hello all,

Currently I am performing all of my SEC stuff on my macbook pro running Kali in a vm. The vm is using alias name but my OS X account is my real name. Should this be safe enough? Is renaming the OS X account name good enough or should I wipe the entire OS and re-install with alias account that does not contain my real name.


(Occupi) #2

When I create a new VM for a project, I use a completely new username, randomized machine hostname, etc. Just so that there’s very little personal association (aside from physical) with the VM.

(EternalEclipse) #3

I am not very familiar with Apple network discovery protocols, but on Windows every computer broadcasts the machine name (and sometimes usernames) to the entire LAN (using MS Windows Browser Protocol, which uses SMB). There could be an equivalent thing that is enabled by default for OS X.

In general, if you have Host-guest network communications and VMTools support disabled, the VM shouldn’t have the ability to access host information. As always, there could be undocumented features, side channels or exploits that would allow an attacker to extract information about the host, so depending on the level of security you need here I suggest doing some research on that.

Nothing beats a separate, physically disconnected machine.

(bin shift) #4

Thanks all, Dedicated machine is planed for the future. I will generate new names for both the host and the vm.

(system) #5

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.