The "victim" had a weak password.
Posted on 08/06/2012 5:54:06 PM PDT by for-q-clinton
On Friday, I wrote about how Gizmodo's Twitter account was hacked. It turns out that this was Apple's fault.
Let's take a step back. Over the weekend, it quickly became clear that the bigger story was how the whole thing started. First, former Gizmodo employee Mat Honan's iCloud account was hacked. The hacker then remotely wiped his iPhone, iPad, and MacBook Air, got into his Gmail account, his Twitter account, and finally Gizmodo's Twitter account.
When this came to light, I updated my article with a link to Honan's blog: Emptyage. Once Honan regained access to his iCloud account, he was able to retrace the hacker's steps through password reset emails. With this new Apple tidbit, however, it's worth looking at what Honan found: . . . The fact a hacker was able to access Honan's iCloud account with the help of AppleCare support is very worrying. Remember: the hacker then proceeded to destroy Honan's whole digital life. That's something iCloud users need to be very wary of, and something Apple should address, but knowing Cupertino, it probably won't even comment.
As a journalist, I need to point out Honan currently works for Wired. It's not clear if he was targeted for this reason, but it is clear that his work was affected by this attack. On the flipside, his connections allowed him to get the issue resolved relatively quickly. How long would it have taken for the average Apple user?
(Excerpt) Read more at zdnet.com ...
Pings please.
From history......."Windows is bad, and full of bugs"
If Alle will let someone mangle your devices, chances are your stuff in the cloud can be mangled :).
When all of your stuff is stored off in some cloud, away from your direct control, how could this possibly NOT happen?
And second, it validates my skepticism of the entire "cloud" concept. This generation of immature geniuses probably aren't aware that in the late 50s, the few mainframes in existence WERE the "clouds" of the day.
And the "experts" unanimously declared, "why would the world need more than a half dozen mainframes?
We know how that turned out.
No reason whatsoever that the rational individual user today, as opposed to large complex companies, would voluntarily turn over all her critical files and personal data to the current equivalent of a "mainframe."
I certainly won't. How may times does this concept need to be shot down?
The "victim" had a weak password.
The Woz has already spoken on this matter
http://www.i4u.com/2012/08/steve-wozniak/icloud-woz-foresees-horrendous-apple-s-problems
Another article on this incident: Casey Berwick Blog
Actually he didn't, but that didn't matter. From the article I posted:
And the scariest part is that he had a strong, seven-digit alphanumeric password. Apple has confirmed to Honan that its own tech support staff provided the hacker entry into his online world via a bit of clever social engineering.
Better yet, get one of everything Apple makes!
*Snortle*
Ha ha ha ha ha ha ha ha ha ha!
Ooops, my bad.
Cloud security is trickier than noncloud.
aww, get a linux.
No, more like “get in touch with a dunce from tech support.” But you already knew that and decided to make your post about something that is basically unrelated.
I don’t like the idea of putting all my stuff out there for someone else to store, or look through.
iCloud should have been named iNightmare from my perspective.
I don’t trust the concept at all.
The alleged "hacker" supposedly used social engineering, a con game, to convince AppleCare he was this "journalist."
Since this "journalist" has ties to ethics-challenged Gawker Media, who infamously purchased the stolen iPhone 4 prototype, I wonder how much of what he claims is truth and how much is fantasy.
It's amazing how willing people are to believe a story about a subject, Apple in this case, they have a grudge against.
The facts: A worker bee at the Apple helpdesk didn't follow policy. I'd hate to work there around now. Interestingly, the personal information that Apple asked for, last four of credit card and billing address, was acquired through a loophole over at Amazon customer support. I don't see you bitching about Amazon.
Apple only required his email, home address, and the last four digits of his credit card associated with his iCloud account to allow the hacker access to his account... allowing them full access to remote wipe his devices. This is unacceptable. However, the reporter/owner takes full responsibility for linking his google accounts and twitter accounts with simple information that lead the hackers to his Apple devices. Apple's employee, however, is culpable in letting the hacker through to the account when he could not answer the security questions. What are security questions FOR, if not security?
If you want on or off the Mac Ping List, Freepmail me.
No spin, but you are ignoring that before the hacker got full access to the target’s Apple iCloud account, he also achieved full access to his Amazon account, Google Gmail Account and twitter account... He could have purchased a lot of merchandise with the Amazon access that was granted him. The problem is not just Apple’s issue.
The only way he got access to the Apple iCloud account was the successful compromising of the Amazon account as the result of guessing the user’s other Google Gmail accounts from and then CALLING Amazon and telling them he could not access his (the target’s) Amazon account to add a new credit card with his password... and THEY, with minimal information gleaned from other internet searches, gave him a temporary password! He used THAT temporary password to change the Amazon account password which gave him full access to the target’s Amazon account, which gave him a list of the last four numbers of his credit cards associated with his Amazon accounts. He then called Apple armed with this data... and Apple obligingly ignored their own protocols about security questions, and also gave the hacker access. These were ALL PEOPLE MISTAKES! Social Engineering!
Ironically, when trying to correct all this later, Apple would NOT let the victim into his account because HE could not answer the security questions when the Apple people misheard his last name and were asking him the wrong security questions from someone else’s account!
Many companies are going to have to look at their security arrangement with what was revealed with this story.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.