"Yes, I was hacked. Hard."

Discussion in 'other security issues & news' started by Cudni, Aug 4, 2012.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,059
    Location:
    Texas
  2. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Make your passwords look like This.>>>>>>@@#$%^&&**%^&<<<<<<<?><?:LL:p"""::">>::<:pP)(*^^&%%^$#$$%WY^$$^^:p
     
  3. hogndog

    hogndog Registered Member

    Joined:
    Jun 9, 2007
    Posts:
    632
    Location:
    In His Service
    Your too late they already have a tool to decipher that password.. :ninja:
     
  4. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    LOL,I dont doubt it.
     
  5. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    A tool that also takes into account smilies? That's some password cracker...:p
     
  6. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    All I know is the frenetic way technology is heading, it will be more than likely we will be hacked, and less likely, whacked. :D
     
  7. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    Yes I got the same idea! I thought Cundi got hacked! That was wrong!
     
  8. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    FWIW, his Wired article is up and it provides additional details about what happened.

    http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/

    He had eight years of email and many influential contacts stored in Gmail. Imagine all the information that was compromised when the perps gained access to just that one account. Unfortunately, even those who do adhere to safe computing practices can have their information compromised by someone else in a manner like this. I know several people who not only use their webmail account as their email archive but also email themselves very sensitive documents, scans, etc so that those things are "backed up" via their webmail account.

    The perps having access to just the last four digits of a credit card came in very handy. Many credit card companies, and other companies for that matter, include partial account numbers in the emails they send to clients. Perhaps, at least if people start demanding that less information be leaked via email, that can be changed.

    He warns that better security measures are needed as Apple, Microsoft, etc push cloud computing. While that is certainly true, I think it will give some the false impression that such cloud computing models can be fixed and made secure.

    I think he was wise to physically severe his Internet connection when he thought he was being hacked.

    Email, text message, and/or other alerts sent in response to account login, the changing of account information, etc can come in handy. It won't always save you, but I think it is wise to take advantage of and build into online accounts.

    I'm not familiar with that remote wiping feature, but clearly that type of function calls for several levels of authentication including at least one level that can only be affected or utilized by the owner/admin of the device. It doesn't sound like, after gaining access to the online account, the perps had to provide a secondary security phrase that only the device owner/admin knows.

    I can't tell if they would have or could have gained access to the actual files in his iCloud account (as in looked at his pictures, documents, etc). What do you think? A related question being, even if there was no actual wipe feature, could they have setup another machine to sync with/via the cloud storage, deleted the files on that machine, causing other machines to duplicate the file deletions and in that way carried out an indirect wipe?

    It doesn't sound like Apple allows customers to setup their own account security question/answer. Personally, I think that is a much better approach and if the caller can't answer their own question the call should be escalated to a security specialist.

    Private domain name registration doesn't cost much.
     
  9. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
  10. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,436
    Location:
    U.S.A.
    Merged Threads to Continue Related Topic.
     
  11. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,059
    Location:
    Texas
    http://www.wired.com/gadgetlab/2012/08/mat-honan-data-recovery/2/
     
  12. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    Wow. After ALL of that... and even after explicitly saying "When you control your data locally, and have it stored redundantly, no one can take it from you."... he says "I'm a bigger believer in cloud services than ever before".
     
    Last edited: Aug 18, 2012
  13. guest

    guest Guest

    He could have saved so much trouble by backing up data...
     
  14. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Apple Remote Wipe?

    Re: The Mat Honan incident.

    I know nothing about Apple products, but apparently, a data recovery service was able to get back a lot of his data. Reading the account, it looks like they ran across a lot of zeroed out sectors, but then found data. Did the wipe not complete? I can't find out, what exactly Mat did (power down, etc...) when he realized something was wrong, but I assume he interrupted the process? No way any data should have been recoverable from even a 1 pass wipe if it completed...or Apple has some 'splainen to do. Anybody have a better read on the remote wipe process that happened to him?

    PD
     
  15. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,436
    Location:
    U.S.A.
    Merged Threads to Continue Related Topic.
     
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Yes, he shut everything down when the wipe was about 20% complete.
     
  17. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    FWIW, in the Wired article he said "When you perform a remote hard drive wipe on Find my Mac, the system asks you to create a four-digit PIN so that the process can be reversed." I'm not sure what if any role that played in recovering his data, but to me that suggests it shouldn't be called a wipe to begin with.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.