Subscribe now and choose from over 30 free gifts worth up to £49 - Plus get £25 to spend in our shop
http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/
Sobering story. Be careful out there.
Interesting. Good link.
Goes to show that protecting your online identity is as important as safeguarding tangibles like your smartphone, credit cards, passport etc, and not something to be insouciant about. Good tips at the end about email prefixes, recovery email addresses and backing stuff up.
Hopefully Apple & Amazon will look at examples like this and put in measures to protect their customers - it goes to show that they don't insulate you from everything out there in ‘cyber space’.
The most worrying for me was his Twitter account being hacked with inflammatory racist comments - imagine what that could do to a persons reputation / career? Not to mention the hassle of convincing the authorities what the facts were.
Sobering, indeed.
That's really boring to read, but ultimately, the bloke trusted online services without backing things up?
Had I been regularly backing up the data on my MacBook, I wouldn’t have had to worry about losing more than a year’s worth of photos, covering the entire lifespan of my daughter, or documents and e-mails that I had stored in no other location.Those security lapses are my fault, and I deeply, deeply regret them.
So, he had all his files stored on an online server? With no back-up?
Why on earth do people trust these things? It's the equivalent of leaving all your valuables in a leisure centre changing room locker!
Scary! Just turned on the two stage authentication thang.
Very interesting stuff. I hope people read this & can learn from this poor guy's mistakes. I've already turned off "Find My Mac"! The idea of having a separate email for recovery purposes is a great one as well. Cannot fathom however why a technology journalist had no physical backup though, especially on a Mac where it is [i]so easy[/i]. Another lesson there I guess.
Or locking your bike up in a dodgy area with just a cheap flimsy lock.
Just read that, very interesting indeed. Fortunately, perhaps, I don't have the luxury of several email accounts with the same prefix, and I'm not likely to be hacked like this guy, just not high profile enough.
I did have my main email hacked a while ago, where a number of odd mails were sent out, but changing my password to a much more complicated one seems to have stopped that.
Trouble is, remembering the new, eighteen character alphanumeric password is a bitch...
So, he had all his files stored on an online server? With no back-up?Why on earth do people trust these things? It's the equivalent of leaving all your valuables in a leisure centre changing room locker!
I think you've missed the point. The fact that he's lost his files isn't the scary part - it's that he's had his google/amazon/twitter/etc passwords stolen which could have terrible consequences if the hacker had serious criminal or malicious intent. I think the poor guy actually got off lightly under the circumstances.
Semi-related, Dropbox will also be adding 2-step authentication soon
Trouble is, remembering the new, eighteen character alphanumeric password is a bitch...
Try this.
Indeed, one thing lots of people do is keep a copy of their passwords for various sites in emails. Stored on Gmail or hotmail. Which then get hacked.
One thing that cheeses me off is that every bloody site on the net wants you to link in other profiles. Youtube...google. News site? Post from facebook, google or other site logins etc. It's such a bad idea to link all these things together.
Did he get the hard drive recovered? Was he able to get the pin back and get the hard drive restored to get the pictures? Where do I find the next instalment???
In response, Apple issued a temporary password. It did this despite the caller’s inability to answer security questions I had set up. And it did this after the hacker supplied only two pieces of information that anyone with an internet connection and a phone can discover.
This says to me it was human error.
I back up my cloud accounts to a HD regularly, then shove that in a fire safe, do they same with my iMac and MBP as well.
I think you've missed the point. The fact that he's lost his files isn't the scary part - it's that he's had his google/amazon/twitter/etc passwords stolen which could have terrible consequences if the hacker had serious criminal or malicious intent.
So it's a bit like leaving a set of keys lying around with the address of the house on a label?
I don't really understand what's happened here. Can somebody explain it in normal geek-free language please?
Geek free, Apple gave his account and the ability to wipe all his machines to a bloke who just phoned up and said 'I'm him, honest gov'. Bit like Barclays asking for your surname as a security question then giving someone access to your account.
one thing lots of people do is keep a copy of their passwords for various sites in emails. Stored on Gmail or hotmail. Which then get hacked.
Even if you don't, with access to the email account "recover my password" on any website is trivial.
Mind you, someone opened an Ocado account with my CC and spent a £400 last week on goods being delivered to a random address, so this sort of thing happens all the time. Luckily I won't be paying for any of it, but Ocado are pretty slack not to check the delivery address matches the CC address.
reading through it, Apple are at fault; a bored guy at Apple gave access which resulted in said disaster.
£££££££££££££££££££££££££££££££££££££££££££££££££££££££££££££, I would have thought...
So the problem is a lack of understanding of potential security flaws on all sides then?
Why you would think, with all the horror stories of hacking going around, that you'd allow your computers and files to be open to potential risk, is beyond me. I would never use any system that involved any such personal risk. My important and valuable files are backed up to external HDs and DVDs and memory cards. There's at least two extra copies of everything at all times. I wouldn't dream of storing anything online at all.
I remember a few years ago, I'd just moved into a new flat and didn't have internet. A simple wi-fi search revealed several unprotected networks. i'm not a geek at all, but I still managed to login and change the name of one network. I am sure a dedicated hacker could easily have done all sorts of damage. Fortunately whoever network it was quickly secured it. Made me think about how easy it is though.
What did you change it to mike?
Freedom-for-Tooting?
I'm*your*anarchist*neighbour?
Cycl!ng$my$way$into$power?
mikeconnor - I suspect your contrarianisim will become quite tedious. You apparently visited us @ STW as a new user due to your disappointment at the responses on the Critical Mass thread - appreciating your unalienable rights to contribute as much as anybody else, what now keeps you here?
What did you change it to mike?
'Protectyournetwork' or something similar, can't remember. I didn't know which house it was, and was just trying to warn them. I think they got the message!
what now keeps you here?
Fascinating, amazing, wonderful people like you.
Yeah, I can see that - carry on. 😀Fascinating, amazing, wonderful people like you
Thank you, so nice to know I have your approval.
I suspect your contrarianisim will become quite tedious
All I'm doing here is trying to learn what and why. And wondering how someone can be quite so lax, especially considering their apparent knowledge of such systems. i hardly think that constitutes 'contrarianism'.
Bit harsh, I thought. Contrarianism is a prerequisite here.
And wondering how someone can be quite so lax,
How was the author lax? Apple answered the phone and a dude asked for a password, Apple gave it. Apple failed. The End.
I think you're all missing a trick here, mike reminds me of a certain bicycle built for two rider; passionate, and dedicated. I like him and I want him to stick around.
I thought STW's Fred Replacement Programme had finally borne fruit.
How was the author lax? Apple answered the phone and a dude asked for a password, Apple gave it. Apple failed. The End.
True, but the author of the article does point out several security precautions that, had he employed them, would've thwarted the hackers. IMO anyone in a similar situation would be wise to heed the his advice!
This gmail double authentication thing looks good. Anyone comment on how well it actually works?
Facebook uses it. If you log in from a device you've not used before, it SMSes you a PIN code. Works well. I'd assume the Gmail one is a similat idea.
Less use if you lose your phone or laptop of course, but effective in stopping long-distance sillybuggery.
reading through it, Apple are at fault; a bored guy at Apple gave access which resulted in said disaster.
Partially, the hackerz had already got loads of info from his Gmail account, then more from Amazon, before they hacked his Apple account, and they were only able to do that because of the prior info.
He's stated, quite clearly, that securing Gmail would have stopped the problem dead.
That, and not having the same emial prefix on three different accounts.