My comment was in response to his relationship with Gizmodo. I never said anything regarding Gizomodo being anti-Apple. Don't add context that isn't there.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Support Allowed Hacker Access to Reporter's iCloud Account
- Thread starter MacRumors
- Start date
- Sort by reaction score
My comment was in response to his relationship with Gizmodo. I never said anything regarding Gizomodo being anti-Apple. Don't add context that isn't there.
It just seems odd that the hacker contacted him directly and didn't release some statement to the general public about Apple and their iCloud.
This is not a case of "hacking", this is a case of "identity theft". If someone knows enough about you to impersonate you, there is little any company can do.
I don't think any judgement can be made until we hear what was said to the tech support bod to convince him/her that this person was genuine.
And I still don't understand why someone who calls himself a 'tech journalist' doesn't take regular backups.
Last edited:
Ya, relying on iCloud and it having the authority to wipe all of the devices is not the best backup plan.
Not having another type of data backup here is similar to making 3 different types of backups of the same data but storing them all in the same bag in your car trunk.
The only shock there is that it took so long. Hacker has his email accounts etc.
----------
Oh no, this is clearly what happens when you get caught cheating on Acid Burn
That is silly come on, Apple is stringing everything together into the cloud, it's a major feature of the Mac experience now. Maybe a government employee (or any other employee) thought he/she was doing something innocuous like synching contacts across devices.
A lot of people have asked him via Twitter, his response is "Waiting for Apple to respond before I publish the article."
This is also in his Twitter feed
Is this Mat Honan?
@mat
Incidentally @strngwys and @redgirlsays were able to recreate the entire hack, involving multiple companies, using the hacker's instructions.
http://twitter.com/mat/status/232596581227065347
----------
[/COLOR]
Sorry, I have to chime in here. I'm 61 and I have no problems keeping up. Nor do any of my friends. There really are many of us 'old people' who were actually involved with the tech revolution. Without us you wouldn't have the products and capabilities you enjoy today.
While I agree that probably many older people are confused, many younger people are too. I know because I spent almost 30 years in IT (developing, training) and age has nothing to do with technical expertise.
Just because the younger generations grew up using the tech doesn't mean they actually understand it or are more prepared for the challenges. In fact, they are probably less prepared because they think that since they have a 'smart phone' or can turn on a computer and create a document that they are experts. I find that older people are more ready to understand that they need help and are willing to ask for it.
__________________
Asus EP121 slate - windows 7, iPads 1, 2, 3
[/COLOR]
Sorry, I have to chime in here. I'm 61 and I have no problems keeping up. Nor do any of my friends. There really are many of us 'old people' who were actually involved with the tech revolution. Without us you wouldn't have the products and capabilities you enjoy today.
While I agree that probably many older people are confused, many younger people are too. I know because I spent almost 30 years in IT (developing, training) and age has nothing to do with technical expertise.
Just because the younger generations grew up using the tech doesn't mean they actually understand it or are more prepared for the challenges. In fact, they are probably less prepared because they think that since they have a 'smart phone' or can turn on a computer and create a document that they are experts. I find that older people are more ready to understand that they need help and are willing to ask for it.
__________________
Asus EP121 slate - windows 7, iPads 1, 2, 3
Last edited:
Yes!
Amen to that. I make a lot of money on the side helping tech unsavvy people use their tech, and the older someone is, the likelier they are to ask for help and follow directions I give them.
Sure, they may ask a ton of questions (for some reason most of the Baby Boomer + people that I help are scared to break things by pressing buttons) but they certainly seem more willing to learn.
And they even listen when I plead with them never to use text speak unless absolutely necessary.
As for those my age (I'm 33) and younger?
"******* you, I grew up with this stuff, of course I can figure it out" and then they end up dropping their phone and losing all of their pictures because they didn't take my backup advice.
Yes, I'm generalizing and stereotyping, but I'd much rather help my parents than my siblings.
Amen to that. I make a lot of money on the side helping tech unsavvy people use their tech, and the older someone is, the likelier they are to ask for help and follow directions I give them.
Sure, they may ask a ton of questions (for some reason most of the Baby Boomer + people that I help are scared to break things by pressing buttons) but they certainly seem more willing to learn.
And they even listen when I plead with them never to use text speak unless absolutely necessary.
As for those my age (I'm 33) and younger?
"******* you, I grew up with this stuff, of course I can figure it out" and then they end up dropping their phone and losing all of their pictures because they didn't take my backup advice.
Yes, I'm generalizing and stereotyping, but I'd much rather help my parents than my siblings.
Well, I haven't made it all the way through the well written, and fairly heartbreaking article ... going over the mistakes I have made along these lines, combined with Apple's (using the very public Apple e-mail address as a key to "secure" ID ...), I just hope Apple comes up with a meaningful change to respond to this soon -- like how about just a second "private" e-mail address for the account, or something ... anything ....
Having just wen't vainly trying to scrub my .mac address from my dormant Facebook account (how I regret ever sticking my toe in there ...), I think a lot of folks would like to get to have do-over on a lot of their security flubs.
Looks like the daisy-chain effect is the big problem here.
The problem is that personal identification is about as secure as a high school gym locker.
Hey - at least you can make some steps to make it a bit more secure. I already took my CC off Apples site a few weeks ago, and will rely on paypal and gift cards (great at 20% off... ) -- looking at 2-step verification for Google -- not sure what to do about Amazon ...
And, oh yeah -- personal backups as always, and encrypt anything important going into any "cloud".
Agreed. I'm 56, my step son is 27. Guess who asks who for help? He hasn't figured out how to print via the wireless printer and when he dropped his phone one too many times, wanted to know why he lost all his contact info.
He's a lawyer. What can I say. Good kid, but just shows that age is no predictor of tech savviness.
Thanks for these comments - I didn't know Google offered 2-step authentication and since it is the email I use for almost all my logins the added authentication has me feeling much safer.
Also, I finally installed Keypass on all my devices and spent several hours yesterday changing all my passwords to the unique random ones it generated. I hate to admit it, but before I was using the same password for my bank, for work, for forums, Facebook, etc. If someone had figured out my password they could have easily logged into other sites. Thankfully this never happened - that I know of - but at least now if they compromise one of my accounts they can't compromise one of the other accounts.
Facebook also offers two-step authentication as well - if that has yet to be mentioned.
This is pretty scary and shows a need for security questions to be enforced, of course this could be a security risk in itself for people that know you and could be a disaster for the people that put jibberish as their answers.
Amazon is even scarier since if a person can get into your account they have free reign to order whatever they want. I'm curious to know what these companies are going to do about this.
The hacks you hear about are scary enough but the fact that even a monkey can get into your account is scarier.
Amazon is even scarier since if a person can get into your account they have free reign to order whatever they want. I'm curious to know what these companies are going to do about this.
The hacks you hear about are scary enough but the fact that even a monkey can get into your account is scarier.
Dude that was a very hard lesson to learn and it is sad to see something like this happen, but I think this is the type of wake-up call that they needed to kick the complacent attitude that many companies have about authentication and passwords. There continues to remain the need for more preventative measures to be put in place. For example many of the leading online storage providers are giving users the perfect balance between security and user experience by implementing 2FA which allows us to telesign into our accounts. I know some will claim that the verification process makes things more complicated, but the slight inconvenience each time you log in is worth the confidence of knowing your info is secure. I'm hoping that more providers start to offer this awesome functionality. This should be a prerequisite to any system that wants to promote itself as being secure.
When I think about how many times I've seen four digits of my credit card number on a receipt or in a confirmation email.....
And Apple accepts that as ID.
To a corporation a credit card number is you.
Well, we're not sure that they accept this alone. As others have pointed out, we still don't know the precise details of this social engineering.
And the reason that Apple accepts uses just the 4 digits could be because the support rep can only see four digits. Would you be comfortable if the Apple rep could read all your card details on screen? Apple doesn't trust them any more than you should.
From the two attacks we've read about, it seems that a known weak point is domain registration. This is where the fella picked up the victim's full address. Once he had this and the four-digits from the credit card, then he was pretty much home free.
My thinking is all domain registrations should be kept private. I can't see why the registrant's home address has to be exposed for the world to see. That might be a good first step.
Mat Honan and Apple are still being very vague as to the precise nature of this 'social engineering'. Apple says that procedures weren't followed. Fair enough, but if Wired did managed to engineer the same scam twice, then that would mean that Apple's procedures weren't followed...twice. And then the concern becomes how often are the tech supports not following Apple's procedures and why.
Too many questions still.
The big unknown is this 'social engineering' term, because it covers such a multitude of ways in: plausibility, threats, bribery.