Leosghost - 4:32 pm on Aug 7, 2012 (gmt 0)
Man without backups and using same / similar passwords for multiple daisy chained accounts loses data when someone talks apple "helpdesk" staff into giving them access to his account..which allows an avalanche of data wipes..
But what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s. Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry,
the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification.
Everywhere I use , requires that I give the last 6 digits ( and or a 4 digit PIN )( not merely the last 4 digits of the credit card number ) to "authenticate"..
Because many, many places " including the "receipts" you are when you use some credit cards, print the last 4 digits on the "receipt" ( which many people then discard or leave behind ..for an "identity thief")...Amazon will show the last 4 in your account, only once you are "in"..
The initial fault here was Amazon's..for letting someone have access to his account where the last 4 digits are shown,( whether or not that could have been used to take over his "online" ID elsewhere ) and his for being a "so called" tech writer,( being paid to write about IT and "tech and security etc and thus his readers and employers would hope he would actually know some of the most basic stuff that he is being paid to write about ) and for not having a clue about security ( never "daisy chain" what you want secure, because one point of access breached, is all it takes to access it all ) and backups..
His time lines are off too..
First my Google account was taken over
except it wasn't the first thing , it was the third..
Next my Twitter account was compromised
that was the 4th on the time line, the time line he tell us in the next paragraph..
Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter.
thus, the "timeline" actually was..
in that order..
So Amazon are sloppy,and their helpdesk are easily manipulated into allowing outsiders to access confidential personal accounts..
Apple helpdesk are fools, and are sloppy,and their helpdesk are easily manipulated into allowing outsiders to access confidential personal accounts..
Mr Honan used a password for his gmail account which resembled very closely or was the same as that of his apple account..or left his gmail password in his apple account..so we know what he is ..
His apple account was used to remote erase all his apple kit, iPhone, iPad, and MacBook...
Did you know that Apple , or a hacker, or anyone with "access" could do this ? ..those of us who did ;-) have it amongst our many reasons for not using Apple :)
Oh and he had no "backups" ..so we know what he is ..
( and "cloudy" backups, which are not accessible to you unless the "cloudy" service lets you access them, if they haven't deleted them too, or gone out of business etc.. are not as good as your own backups, to your own disc drives, or optical media, or tape, ( not a drive in the same machine or another partition on the same drive, nor even in the same building )..off site regular backups, in two different places, this is our businesses we are talking about after all ;-)
Oh ..and his twitter account got hacked ..meh
As regards his repeated insistence that if he had two factor authentication in set up in Google's Gmail ( via a phone number ) ..they had already wiped his iphone by the time G would have been trying to "authenticate"..( which reading his article and deducing how his mind works, he would have given G his iphone number to authenticate to..after all the guy does like "daisy chains" ) ..it wouldn't have saved him..
Because he'd still have been relying on other people or their systems, looking out for him, thinking for him..
Which is why he used Apple..because they say it is safe, they infer it is "safer"..
Safer ( there is no true "safe" ) ..is..never "daisy chain your ID, your data, or your online or offline life..
Make regular backups, of every thing, sites, emails,photos etc etc, "image" your machines and their software, ..if you haven't ..begin ..now..
Never let some one else hold nor give to them, the vital information or data that can break your online or offline life or your business or your family life..
Think it is all too hard..to complex, too time consuming ?..
Here, we are all ( supposedly ) "pro webmasters"..looking after and securing our data is part of that job ..
ps ..I agree with everything incredibill posted whilst I was writing and speelchucking this post.. :)
Yes the guy was amazingly stupid , especially for someone who writes about, and probably well paid to write about, "tech"..