HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Topics » Computers & Internet » Macintosh Users (Group) » How Apple and Amazon Secu...
Introducing Discussionist: A new forum by the creators of DU

Tue Aug 7, 2012, 05:30 PM

How Apple and Amazon Security Flaws Led to My Epic Hacking

BY MAT HONAN August 6, 2012 |

... Those security lapses are my fault, and I deeply, deeply regret them.

But what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s. Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.

This isn’t just my problem. Since Friday, Aug. 3, when hackers broke into my accounts, I’ve heard from other users who were compromised in the same way, at least one of whom was targeted by the same group.

‬Moreover, if your computers aren’t already cloud-connected devices, they will be soon. Apple is working hard to get all of its customers to use iCloud. Google’s entire operating system is cloud-based. And Windows 8, the most cloud-centric operating system yet, will hit desktops by the tens of millions in the coming year. My experience leads me to believe that cloud-based systems need fundamentally different security measures. Password-based security mechanisms — which can be cracked, reset, and socially engineered — no longer suffice in the era of cloud computing ...

http://m.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/

6 replies, 1018 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 6 replies Author Time Post
Reply How Apple and Amazon Security Flaws Led to My Epic Hacking (Original post)
struggle4progress Aug 2012 OP
cbayer Aug 2012 #1
struggle4progress Aug 2012 #2
cbayer Aug 2012 #3
Stinky The Clown Aug 2012 #4
hamerfan Aug 2012 #5
onehandle Aug 2012 #6

Response to struggle4progress (Original post)

Tue Aug 7, 2012, 05:43 PM

1. I don't trust iCloud at all and will probably never use it.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to cbayer (Reply #1)

Tue Aug 7, 2012, 05:46 PM

2. Inclined to agree but Apple seems to be forcing us down some alleys

Lion and Mountain Lion must be downloaded thru the Apple Store

In fact, if I want to listen to a CD I myself stick in my optical drive, I get routed thru the Apple Store

Reply to this post

Back to top Alert abuse Link here Permalink


Response to struggle4progress (Reply #2)

Tue Aug 7, 2012, 05:55 PM

3. Hmmm....

I just got a new computer, so I don't need to update my software.

Should be interesting to see how this plays out, but I am going to continue to avoid it.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to cbayer (Reply #3)

Tue Aug 7, 2012, 10:20 PM

4. I think the cloud is all but unavoidable

Apple makes it exceedingly difficult to do anything with their newest OSs that isn't through the cloud. In fact, if you have an available internet connection (and all of us who post on DU certainly do), the Apple mothership is watching what you do.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to struggle4progress (Original post)

Wed Aug 8, 2012, 07:25 AM

5. I don't trust clouds either

Clouds of any flavor.
I only have my desktop iMac, no iDevices, and run Snow Leopard, but I still use the iCloud for mail and calendar.
All my apps/documents/etc stay on my iMac.
This is still too much "ether dependence" for me.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to struggle4progress (Original post)

Wed Aug 8, 2012, 09:57 AM

6. Amazon and Apple are changing the 'reset rules' to prevent this.

Amazon won't let you call in and verbally change your info any more. Which makes sense, you use their website, duh.

Apple has suspended call in and reset and are working on a plan.

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread