Discussion in 'other security issues & news' started by Cudni, Aug 4, 2012.
Make your passwords look like This.>>>>>>@@#$%^&&**%^&<<<<<<<?><?:LL"""::">>::<P)(*^^&%%^$#$$%WY^$$^^
Your too late they already have a tool to decipher that password..
LOL,I dont doubt it.
A tool that also takes into account smilies? That's some password cracker...
All I know is the frenetic way technology is heading, it will be more than likely we will be hacked, and less likely, whacked.
Yes I got the same idea! I thought Cundi got hacked! That was wrong!
FWIW, his Wired article is up and it provides additional details about what happened.
He had eight years of email and many influential contacts stored in Gmail. Imagine all the information that was compromised when the perps gained access to just that one account. Unfortunately, even those who do adhere to safe computing practices can have their information compromised by someone else in a manner like this. I know several people who not only use their webmail account as their email archive but also email themselves very sensitive documents, scans, etc so that those things are "backed up" via their webmail account.
The perps having access to just the last four digits of a credit card came in very handy. Many credit card companies, and other companies for that matter, include partial account numbers in the emails they send to clients. Perhaps, at least if people start demanding that less information be leaked via email, that can be changed.
He warns that better security measures are needed as Apple, Microsoft, etc push cloud computing. While that is certainly true, I think it will give some the false impression that such cloud computing models can be fixed and made secure.
I think he was wise to physically severe his Internet connection when he thought he was being hacked.
Email, text message, and/or other alerts sent in response to account login, the changing of account information, etc can come in handy. It won't always save you, but I think it is wise to take advantage of and build into online accounts.
I'm not familiar with that remote wiping feature, but clearly that type of function calls for several levels of authentication including at least one level that can only be affected or utilized by the owner/admin of the device. It doesn't sound like, after gaining access to the online account, the perps had to provide a secondary security phrase that only the device owner/admin knows.
I can't tell if they would have or could have gained access to the actual files in his iCloud account (as in looked at his pictures, documents, etc). What do you think? A related question being, even if there was no actual wipe feature, could they have setup another machine to sync with/via the cloud storage, deleted the files on that machine, causing other machines to duplicate the file deletions and in that way carried out an indirect wipe?
It doesn't sound like Apple allows customers to setup their own account security question/answer. Personally, I think that is a much better approach and if the caller can't answer their own question the call should be escalated to a security specialist.
Private domain name registration doesn't cost much.
Yet Another Risk of Storing Everything in the Cloud (Apple amazon google)
Merged Threads to Continue Related Topic.
Wow. After ALL of that... and even after explicitly saying "When you control your data locally, and have it stored redundantly, no one can take it from you."... he says "I'm a bigger believer in cloud services than ever before".
He could have saved so much trouble by backing up data...
Apple Remote Wipe?
Re: The Mat Honan incident.
I know nothing about Apple products, but apparently, a data recovery service was able to get back a lot of his data. Reading the account, it looks like they ran across a lot of zeroed out sectors, but then found data. Did the wipe not complete? I can't find out, what exactly Mat did (power down, etc...) when he realized something was wrong, but I assume he interrupted the process? No way any data should have been recoverable from even a 1 pass wipe if it completed...or Apple has some 'splainen to do. Anybody have a better read on the remote wipe process that happened to him?
Yes, he shut everything down when the wipe was about 20% complete.
FWIW, in the Wired article he said "When you perform a remote hard drive wipe on Find my Mac, the system asks you to create a four-digit PIN so that the process can be reversed." I'm not sure what if any role that played in recovering his data, but to me that suggests it shouldn't be called a wipe to begin with.
Separate names with a comma.