"Yes, I was hacked. Hard."

Discussion in 'other security issues & news' started by Cudni, Aug 4, 2012.

Thread Status:
Not open for further replies.
  1. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  2. x942

    x942 Guest

    Ouch. That just sucks. This is why I use two-factor authentication and a minimum 16 char password for EVERYTHING!! People need to get on this.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    I didn't see anything about local offline backups. That seems odd, for someone that experienced. I really can't imagine trusting the cloud that much.
     
  4. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    When I first seen the title I thought Cudni got hacked,I should of know better it was not a wilders member.
     
  5. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    You're not the only one who thought it.
     
  6. Montmorency

    Montmorency Registered Member

    Joined:
    Oct 9, 2011
    Posts:
    181
    I even wrote a post saying how sorry I felt for Cudni...
     
  7. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    Thanks for the concern and sorry for the unintentional confusion thanks to the original title. Having said that, it could have been me (don't see what he did wrong in his approach) but luckily it wasn't. Maybe change password periodically?
     
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Is it really common that devices can be wiped remotely through cloud backup services?
     
  9. SirDrexl

    SirDrexl Registered Member

    Joined:
    Apr 14, 2012
    Posts:
    545
    Location:
    USA
    I don't know, but I wouldn't be comfortable with it. I understand it would be a good thing if the device is stolen, but I'm not sure it's worth risking malicious wiping.
     
  10. java dude

    java dude Registered Member

    Joined:
    Aug 5, 2011
    Posts:
    75
    I completely agree with you, local backups on an external drive are a must, even with cloud backups. To put all of your faith in the cloud, especially with it being relatively new is absolutely crazy IMHO!
     
  11. Let me get this straight: the hacker got access to his iCloud account... And that let him wipe the contents of this guy's personal electronic devices remotely? Is this sort of remote stuff within the normal purview of iCloud, or was some kind of exploit involved?

    Because I cannot imagine ever using a service that I knew could be used for such things. It might be more of a pain to have to synchronize your devices manually, but IMO allowing full remote access to your PC's filesystem is a little lacking in foresight. Strong passwords are good, but there should be more than just a password between your local data and a remote attack.

    (BTW, I would advise people to avoid reading the comments on the linked page. The trolls are out in force today.)
     
  12. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    It's normal.
     
  13. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Woah all his devices were wiped completely, that's insane, specially his computer o_O . :eek:
    Well personally i have my Google Account set to 2 way authentication (And only remembers my desktop) and all my main accounts have what i would call extremely hard passwords. :D
     
  14. Marja

    Marja Honestly, I'm not a bot!!

    Joined:
    Mar 8, 2004
    Posts:
    4,553
    Location:
    In the Vast Fields of My Mind
    This brings new meaning to "having your head in the Clouds"... :D

    Not sure what makes people and companies trust a third party with sensitive info-
    (especially companies...they have much to lose.)

    I think I'd just rather keep my info outta the cloud.
     
  15. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Can users opt out of that?

    Can Apple wipe your stuff if it decides that you're evil?
     
  16. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Cloud services can come quite handy in some ways (Let's say sync some files that you may need somewhere such as documents etc.) but i would never ever trust em with sensitive information or as my only way of back up. :D
     
  17. Marja

    Marja Honestly, I'm not a bot!!

    Joined:
    Mar 8, 2004
    Posts:
    4,553
    Location:
    In the Vast Fields of My Mind
    I would still rather use a spare tablet or cell to sync my files, gather my documents remotely, without anyone else involved.

    If I were a company with sensitive info, such as clients personal health information, banking or ideas for new patents,
    a prize winning secret ale recipe.. :)
    I would rather have my company set up it's own closed cloud system,
    with strict security protocols for the employees who are allowed to access it.

    To me, the Clouds are just another way for, say the gov or a competing company, to pick up all the info they want in one fell swoop..or anyone else that wants the leverage/info for that matter

    Just my opinion.

    Does anyone think there may come a day that we (or the generations coming up) will not even have a choice
    of whether we want to use the cloud system?
    It just seems like the perfect setup to add to that world wide database. :ninja:
     
    Last edited: Aug 5, 2012
  18. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Data is KING. Simple as that. If your data is really important, you should have redundancy. Period. If you don't have redundancy, then your data must not be that important.

    Cloud, not for me right now. I can see the use. Local storage is where I like it. But, no matter the location or how secure you think it is -- if the data is important, you need redundancy.

    Isn't that second section a bit redundant? :argh: o_O lol

    Sul.
     
  19. Marja

    Marja Honestly, I'm not a bot!!

    Joined:
    Mar 8, 2004
    Posts:
    4,553
    Location:
    In the Vast Fields of My Mind
    Are you talking about the world wide database? :D

    It's not redundant yet, cuz they are still slavering after everyone's personal data..
    I imagine they won't be happy until they know the contents of your actual drawers ....er dresser drawers.

    I prob read too much science fiction, which isn't so far out anymore..
    and was also thinking about that Verizon 'share everything' - such a deal!

    Gee just what I would want to do with my whole family, especially if I were a teen.

    If you have important data, why not use some form of backup you control, is what I am curious about.

    Better? :)
     
  20. biscuits

    biscuits Registered Member

    Joined:
    Feb 16, 2010
    Posts:
    111
    It was not because of his passwords. Mat Honan said "They got in via Apple tech support and some clever social engineering that let them bypass security questions."
     
  21. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,086
    Hmmm...
    1. Choosing a relatively short/weak password when a stronger one was likely an option
    2. Not changing that password for years and years
    3. Setting up iCloud to use the same, older Apple ID used for other services (reusing the same login credentials for multiple services)?
    4. Using the same email address for multiple important accounts
    5. Using someone else's cloud service to store/sync personal data
    6. Failing to maintain offline backups of important data
    7. Having multiple personal devices open to remote wiping/modification by other parties
    8. Linking one online account to another such that if one is compromised the other is too
    9. Too many devices/services from the same provider creating an unnecessary single point of failure
     
  22. Marja

    Marja Honestly, I'm not a bot!!

    Joined:
    Mar 8, 2004
    Posts:
    4,553
    Location:
    In the Vast Fields of My Mind
    "They got in via Apple tech support and some clever social engineering that let them bypass security questions."

    There will always be a way .... IMHO.

    The bigger the company the easier it is to spring leaks.

    Instead of trying to learn or open their minds coporate leaders are still content to
    do as little as possible including listen to their own tech department ...

    As far as they are concerned it has zero to do with profits and isn't in their big bonus description.
    Instead they will pay/push politicians to pass a law. any law that 'sounds' good -
    The same politicians that barely know what's going on as far as computers and security as they do.


    Which in the long run, affects us and the freeness of the internet in usually negative ways..

    ===============
    Reading WindBringeth's post. He may have been relating to a single person. Still, that sounds alot like some of the same things the employees and management did at the last company I worked for, your security is no good if your own people cut the corners he listed.
     
    Last edited: Aug 5, 2012
  23. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    Was my idea also.
    Using the same short password for years and years for a service which offers access to all devices and data and not having any backups...Uh oh!

    Then again, as biscuits already posted;
    'Update Three:I know how it was done now. Confirmed with both the hacker and Apple. It wasn’t password related. They got in via Apple tech support and some clever social engineering that let them bypass security questions. ...'

    Some tech support employee has seemingly utterly failed/has had poor training/works with lame procedures/etc.
    Even with a 20+char password changed every couple of months, he'd be in the same situation now.
     
  24. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,086
    I saw the "It wasn't password related" comment. Regardless, it sounds like this person made poor choices when it came to password handling and thus I included that in my list. Which was but a quick, coarse attempt to identify the "potentially dangerous choices" that were made on the user's side, and by extension those "potentially dangerous choices" which others could/should re-evaluate immediately.

    It saddens me to read such a story, but there are things that can... should... must... be learned from this. Things that, I truly hope, will be fleshed out and elaborated upon in greater detail. Everything should be on the table for evaluation including not only the choices the user made, not only the choices an Apple tech support employee made, but also the choices Apple and other technology companies are making in terms of how devices, services, tech support tools, etc, etc are being designed and implemented.

    Focusing on only one factor that contributed to this (poor choices made by one Apple tech support employee or whatever) would be the greatest of mistakes. This I'm sure is well appreciated by very many here, but not necessarily all who visit the forum.
     
    Last edited: Aug 5, 2012
  25. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    Is anyone really shocked these days when they've just read about someone on the internet, or someone using a popular phone OS' having had their security compromised??

    Everything is bugged up to the eyeballs with backdoors for the Governments to snoop us. So why wouldn't the crafty criminal have success doing so too.
     
Loading...
Thread Status:
Not open for further replies.