"Yes, I was hacked. Hard."

[ronjor]

Quote:

Journalist blames Apple tech for allowing iCloud hack

by Steven Musil

Former Gizmodo reporter Mat Honan is blaming an AppleCare technician for allowing his personal e-mail and Twitter accounts to be hacked, as well as the tech blog's official feed.

http://news.cnet.com/8301-1009_3-574...g-icloud-hack/

[Dark Shadow]

Make your passwords look like This.>>>>>>@@#$%^&&**%^&<<<<<<<?><?:LL"""::">>::<P)(*^^&%%^$#$$%WY^$$^^

[hogndog]

Quote:

Originally Posted by Dark Shadow

Make your passwords look like This.>>>>>>@@#$%^&&**%^&<<<<<<<?><?:LL"""::">>::<P)(*^^&%%^$#$$%WY^$$^^

Your too late they already have a tool to decipher that password..

[Dark Shadow]

Quote:

Originally Posted by hogndog

Your too late they already have a tool to decipher that password..

LOL,I dont doubt it.

[Baserk]

Quote:

Originally Posted by hogndog

Your too late they already have a tool to decipher that password..

A tool that also takes into account smilies? That's some password cracker...

[Tarnak]

All I know is the frenetic way technology is heading, it will be more than likely we will be hacked, and less likely, whacked.

[Escalader]

Quote:

Originally Posted by Dark Shadow

When I first seen the title I thought Cudni got hacked,I should of know better it was not a wilders member.

Yes I got the same idea! I thought Cundi got hacked! That was wrong!

[TheWindBringeth]

FWIW, his Wired article is up and it provides additional details about what happened.

http://www.wired.com/gadgetlab/2012/...n-hacking/all/

He had eight years of email and many influential contacts stored in Gmail. Imagine all the information that was compromised when the perps gained access to just that one account. Unfortunately, even those who do adhere to safe computing practices can have their information compromised by someone else in a manner like this. I know several people who not only use their webmail account as their email archive but also email themselves very sensitive documents, scans, etc so that those things are "backed up" via their webmail account.

The perps having access to just the last four digits of a credit card came in very handy. Many credit card companies, and other companies for that matter, include partial account numbers in the emails they send to clients. Perhaps, at least if people start demanding that less information be leaked via email, that can be changed.

He warns that better security measures are needed as Apple, Microsoft, etc push cloud computing. While that is certainly true, I think it will give some the false impression that such cloud computing models can be fixed and made secure.

I think he was wise to physically severe his Internet connection when he thought he was being hacked.

Email, text message, and/or other alerts sent in response to account login, the changing of account information, etc can come in handy. It won't always save you, but I think it is wise to take advantage of and build into online accounts.

I'm not familiar with that remote wiping feature, but clearly that type of function calls for several levels of authentication including at least one level that can only be affected or utilized by the owner/admin of the device. It doesn't sound like, after gaining access to the online account, the perps had to provide a secondary security phrase that only the device owner/admin knows.

I can't tell if they would have or could have gained access to the actual files in his iCloud account (as in looked at his pictures, documents, etc). What do you think? A related question being, even if there was no actual wipe feature, could they have setup another machine to sync with/via the cloud storage, deleted the files on that machine, causing other machines to duplicate the file deletions and in that way carried out an indirect wipe?

It doesn't sound like Apple allows customers to setup their own account security question/answer. Personally, I think that is a much better approach and if the caller can't answer their own question the call should be escalated to a security specialist.

Private domain name registration doesn't cost much.

[wearetheborg]

http://www.schneier.com/blog/archive...other_ris.html

[JRViejo]

Merged Threads to Continue Related Topic.

[ronjor]

Quote:

Mat Honan: How I Resurrected My Digital Life After an Epic Hacking

Here’s the thing: I probably got my stuff back faster than you would have. I’ve been a technology journalist for more than a dozen years, and in that time I’ve made lots and lots of contacts. Meanwhile, my Tumblr post spread like warm butter across the piping hot English muffin of the internet.

A lot of people saw the post, some of whom were executives or engineers at Google and Twitter. I still had to go through official channels, but they pointed me to the right place to start the recovery process on both of those services. On Friday night, I filled out forms on both sites (Google’s is here, Twitter’s is here) to try to reclaim my accounts.

Someone else saw my posts on that night too: my hacker.

http://www.wired.com/gadgetlab/2012/...ta-recovery/2/

[TheWindBringeth]

Wow. After ALL of that... and even after explicitly saying "When you control your data locally, and have it stored redundantly, no one can take it from you."... he says "I'm a bigger believer in cloud services than ever before".

He could have saved so much trouble by backing up data...

[PaulyDefran]

Re: The Mat Honan incident.

I know nothing about Apple products, but apparently, a data recovery service was able to get back a lot of his data. Reading the account, it looks like they ran across a lot of zeroed out sectors, but then found data. Did the wipe not complete? I can't find out, what exactly Mat did (power down, etc...) when he realized something was wrong, but I assume he interrupted the process? No way any data should have been recoverable from even a 1 pass wipe if it completed...or Apple has some 'splainen to do. Anybody have a better read on the remote wipe process that happened to him?

PD

[JRViejo]

Merged Threads to Continue Related Topic.

[mirimir]

Yes, he shut everything down when the wipe was about 20% complete.

[TheWindBringeth]

FWIW, in the Wired article he said "When you perform a remote hard drive wipe on Find my Mac, the system asks you to create a four-digit PIN so that the process can be reversed." I'm not sure what if any role that played in recovering his data, but to me that suggests it shouldn't be called a wipe to begin with.