1

I took a screenshot of a certain finder window to ask a question on apple.stackexchange, and the image includes the name of my home folder, i.e. my user name.

Should I bother to blur that out?

Is there any chance that information could assist a hack or inspire a hacker to aim at my machine?

The information revealed is the username via home folder name, not the hostname.

mherzl
  • 113
  • 5
  • 3
    Possible duplicate of [Should a hostname ever be considered a secret?](https://security.stackexchange.com/questions/43315/should-a-hostname-ever-be-considered-a-secret) – TheJulyPlot Jun 16 '17 at 08:50
  • 1
    I dunno, he disclosed his username via home folder name, not the terminal or something, so hostname is not what is asked here. – Nalaurien Jun 16 '17 at 09:12
  • @Nalaurien It is not a pseudonym and does contain my real first and last name, but I don't see how that could be a problem as theoretically my name could be posted on my SO profile anyway. – mherzl Jun 16 '17 at 13:28
  • 1
    In that case, the security implications are a bit higher. But not for personally attacking your computer, just be a little more aware of spam that may contain your real name coming into your email from now on. Be weary of links, etc... basic stuff. Theoretically anyone can post their real information anywhere. However, in reality, the more you do this, the more you will encounter someone who adds your email, name, DOB etc... to some targeted mass social engineering attack. But just keep your internet wits about you, radar up, and you should be ok. – Nalaurien Jun 16 '17 at 13:39

1 Answers1

2

In theory, any information about a computer is helpful in attacks. What you did was disclosed recon information or partial user enumeration.

But practically? If the username is not your real name, or doesn't contain any personally identifiable information such as birth date city or anything of the sort and is purely a pseudonym? No don't worry about it.

Targeted attacks on personal computers require more information than just a user name, a lot more, and usually the goal would be some sort of reverse shell that will either be within the permissions of a limited user (your account name) or root, depending on the exploit. In the case the shell results in a user, the attacker already knows your account name. In the case of root, he doesn't care.

And blanket attacks are only effective if they don't rely on enumerables such as usernames so again they don't care.

I think you're fine.

EDIT:

Personally I would blur out any information that distinguishes my computer from any other, but I'm the paranoid sort. I would advise you to be conscious of this sort of thing in the future, but I wouldn't lose any sleep over this one.

Nalaurien
  • 1,614
  • 9
  • 16