I am a long-time Mac user, but not a Unix geek, so I'd like some help sniffing out who or how someone broke into a couple of different computers on my network using screen sharing. To avoid getting flamed like other newbies who have asked for help with suspected intruders, here are the facts I've been able to determine so far: I have two kids with MacBooks on my network, plus an iMac with the rest of my kids individual accounts. No one shares accounts. I noticed one day that my own MacBook cursor was moving when I was doing something else at my desk. I watched it for a few minutes while it hovered and selected a browser window I had open. It was very clearly someone who was sharing and controlling my screen. After a few minutes, and thinking I knew who it was (my college age son goofing around), I changed my passwords, turned on my firewall, and adjusted my screen sharing settings. Immediately after this incident (and before I changed the passwords) I saw a Bluetooth device disconnection notice. I have a Bluetooth mouse sitting on my bookshelf in back of my chair, so I initially thought I must have bumped it. When I checked to see where it was, it was not in a position where I could have bumped it. I talked to my son, who is an extremely trustworthy kid, and he said he knew nothing about screen sharing and had never messed with it. I asked all of my other kids if they had ever messed around with screen sharing and either attempted or were successful at sharing a screen on my computer. They are all pretty trustworthy kids, and none of them gave me any reason to think they had done it. Fast forward to today. My oldest son, whom I had at first suspected of the first incident, came in and asked me if I had screen shared his screen a few minutes earlier. I hadn't. No one was physically near the other computers in the house, so it had to be someone outside. He said he watched as the mouse was controlled for a few seconds, and then "fought" with the mouse to turn off Bluetooth and Airport. I noticed a lawn service truck parked on the street. Maybe the guy was on his lunch break with his laptop snooping around? Where in the logs can I find out if/how/who someone accessed the screen sharing on my son's computer?