08-08-2012, 10:41 AM
|
#1
|
|
Powerplay Quarterback
|
How Apple and Amazon Security Flaws Led to My Epic Hacking
A long read, but very worthwhile, especially with all the techy geeks on here
http://www.wired.com/gadgetlab/2012/...honan-hacking/
Quote:
|
In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.
|
|
|
|
|
The Following User Says Thank You to Top Shelf For This Useful Post:
|
|
|
08-08-2012, 11:03 AM
|
#2
|
|
Franchise Player
Join Date: Jul 2005
Location: in your blind spot.
|
This whole story has gone viral. Amazon has changed their procedures, and while Apple said they won't change, apparently internally they have done something.
Just for the sake of it, I turned on 2-step authentication for my Google account last night. If it become onerous I can turn it off again.
__________________
"The problem with any ideology is that it gives the answer before you look at the evidence."
—Bill Clinton
"The greatest obstacle to discovery is not ignorance--it is the illusion of knowledge."
—Daniel J. Boorstin, historian, former Librarian of Congress
"But the Senator, while insisting he was not intoxicated, could not explain his nudity"
—WKRP in Cincinatti
|
|
|
|
|
08-08-2012, 11:12 AM
|
#3
|
|
Franchise Player
Join Date: Oct 2010
Location: Calgary
|
2-step authentication isn't too bad for a little peace of mind. It's kind of cool too with the app your phone just becomes an RSA fob that you can use to confirm things. Might be a bit of a hassle, but better than having everything remotely wiped like the wired reporter.
|
|
|
|
|
08-08-2012, 11:15 AM
|
#4
|
|
Franchise Player
|
I've been using 2-step authentication for some time now. After Kotaku was hacked, then the PSN being compromised...I'll take every precaution I can in protecting my information/passwords/etc.
|
|
|
|
|
08-08-2012, 11:39 AM
|
#5
|
|
#1 Goaltender
|
Quote:
|
Had I been regularly backing up the data on my MacBook, I wouldn’t have had to worry about losing more than a year’s worth of photos, covering the entire lifespan of my daughter, or documents and e-mails that I had stored in no other location.
|
And he writes for Wired. I'm not sure if this says more about how big a moron he is, or how far Wired has fallen.
__________________
-Scott
|
|
|
|
|
The Following 2 Users Say Thank You to sclitheroe For This Useful Post:
|
|
|
08-08-2012, 11:53 AM
|
#6
|
|
Dances with Wolves
Join Date: Jun 2006
Location: Section 304
|
If you're reading this and you have photos of your kids in 1 single place, please fix that.
|
|
|
|
|
The Following 4 Users Say Thank You to Russic For This Useful Post:
|
|
|
08-08-2012, 11:56 AM
|
#7
|
|
GOAT!
|
Quote:
Originally Posted by Bobblehead
This whole story has gone viral. Amazon has changed their procedures, and while Apple said they won't change, apparently internally they have done something.
Just for the sake of it, I turned on 2-step authentication for my Google account last night. If it become onerous I can turn it off again.
|
Quote:
“We’ve temporarily suspended the ability to reset Apple ID passwords over the phone,” Apple spokesperson Natalie Kerris told Wired via email. “We’re asking customers who need to reset their password to continue to use our online iForgot system (iforgot.apple.com).
“This system can reset a password in one of two ways – either have a password reset sent to an alternate email address already on record or challenge the customer to answer security questions they had previously set up. When we resume over-the-phone password resets, customers will be required to provide even stronger identify verification to reset their password.”
|
http://www.wired.com/gadgetlab/2012/...ssword-resets/
|
|
|
|
|
08-08-2012, 11:59 AM
|
#8
|
|
Franchise Player
|
Heh, xbox live has had that problem for a while now mainly thanks to FIFA 12.
|
|
|
|
|
08-08-2012, 12:13 PM
|
#9
|
|
#1 Goaltender
Join Date: Oct 2009
Location: North of the River, South of the Bluff
|
Quote:
Originally Posted by sclitheroe
And he writes for Wired. I'm not sure if this says more about how big a moron he is, or how far Wired has fallen.
|
Couldn't agree more. 500GB external hard drives can be had for $50. I have a NAS ($400), backing up online for $100/year. So you have a large range of solutions that can cover this issue.
People are cheap and/or lazy though, that is something that will never change.
|
|
|
|
|
08-08-2012, 01:22 PM
|
#10
|
|
The new goggles also do nothing.
Join Date: Oct 2001
Location: Calgary
|
Been using the 2 step verification for Gmail for a while (before they had the authenticator app, wish I would have known that before when I only had Internet and no SMS/Phone coverage), I think it's very important for your primary email (i.e. the one for online banking, etc).
For the OP, it always seemed like even the "what's your address, what's your birth date" type verification questions were a very poor way to do that sort of thing.
Eventually it'll just be "what's your public crypto-key".
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
|
|
|
|
|
08-08-2012, 01:27 PM
|
#11
|
|
Franchise Player
Join Date: Jul 2005
Location: in your blind spot.
|
Quote:
Originally Posted by FanIn80
|
Yeah, that is as of today. Yesterday it was someone internal who had not done something correct.
Quote:
We talked to Apple directly about its security policy, and company spokesperson Natalie Kerris told Wired, “Apple takes customer privacy seriously and requires multiple forms of verification before resetting an Apple ID password. In this particular case, the customer’s data was compromised by a person who had acquired personal information about the customer. In addition, we found that our own internal policies were not followed completely. We are reviewing all of our processes for resetting account passwords to ensure our customers’ data is protected.”
On Monday, Wired tried to verify the hackers’ access technique by performing it on a different account. We were successful.
|
Last night some Apple employees were saying they were no long able to do password resets, but nothing official had been released.
It looks like now the air is being cleared a bit, which is good.
Anything to clear up this scenario:
Quote:
If you have an AppleID, every time you call Pizza Hut, you’ve giving the 16-year-old on the other end of the line all he needs to take over your entire digital life.
And so, with my name, address, and the last four digits of my credit card number in hand, Phobia called AppleCare, and my digital life was laid waste.
|
__________________
"The problem with any ideology is that it gives the answer before you look at the evidence."
—Bill Clinton
"The greatest obstacle to discovery is not ignorance--it is the illusion of knowledge."
—Daniel J. Boorstin, historian, former Librarian of Congress
"But the Senator, while insisting he was not intoxicated, could not explain his nudity"
—WKRP in Cincinatti
|
|
|
|
|
08-08-2012, 05:02 PM
|
#12
|
|
First Line Centre
Join Date: Feb 2010
Location: Calgary
|
Quote:
Originally Posted by Russic
If you're reading this and you have photos of your kids in 1 single place, please fix that.
|
I assure you, I have photos of your kids in more than one place.
|
|
|
|
|
The Following User Says Thank You to Regular_John For This Useful Post:
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -6. The time now is 09:29 AM.
|
|
