Really the right thing to do is post in Site and Forum Feedback but anything you post there about it will just get closed down.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Temporarily Halts Over-the-Phone iCloud Password Resets [Updated]
- Thread starter MacRumors
- Start date
- Sort by reaction score
Really the right thing to do is post in Site and Forum Feedback but anything you post there about it will just get closed down.
If people are careless enough to A) lose their passwords and B) forget the answers to their security questions, they deserve to be tremendously inconvenienced while they try to prove their identities. Why should everybody else's identities be more vulnerable because some people are stupid?
Agree, but I wish that website operators let me enter my own security questions, rather than selecting from the usual suspects ("Where were you born?" What is your pet's name?"). There are times when I'd like to prevent everyone, including people who know me well and therefore would probably know the answers to the typical questions, from accessing my account.
You'll need to call back on Face Time Mr. Cook.Hello, I'm Tim Cook and I forgot my password. Give me access or you're fired.
I don't backup my timecapsule.
I'd recommend looking into arRsync, and to not rely too heavily on TimeMachine.
You forget your password, can't remember what your fav food was ten years ago when you started the account and don't have access to that email.
It does happen.
I hate TimeMachine. I had a hard drive start to go bad on my iMac, but I didn't realize the hard drive was bad yet. My computer was crashing a lot after I updated the version of OS X I was running, so I reinstalled from my external TimeMachine Backup choosing an older backup date. After the backup restored my iMac from TimeMachine, my iMac hard drive crashed. Well, TimeMachine "automatically wipes all prior Backup files/logs" it has saved when you do a restore from any backup date and replaces them with a blank file until you backup to it again. Since I didn't realized this was a "Ridiculously dumb built in feature of TimeMachine," I hadn't performed a new backup and due to the Hard Drive crashing within an hour of completing the restore, I lost EVERYTHING that was backed up to TimeMachine. I lost over a year of daily Backup files on the external hard drive, so TimeMachine can completely suck my
!!!
Of course it happens. That's why online commerce companies have such lax password-reset procedures. They want to get the idiots back online and buying stuff with as little friction as possible. "Too bad; you're screwed" is not an acceptable response to any customer with a credit card.
That's one of the reasons Google can afford to have better security procedures. Their users aren't customers. If you get locked out of your Google account and can't figure out how to get back in and abandon the account.....well, you weren't buying anything from them anyway.
Last edited:
Social engineering is about manipulating employees to provide information they are not supposed to. In this case the employees were sticking to the script. It's not social engineering. It's bad security policy.
I already have 2 clones (well one is temporary) and a Time Machine backup that is copied with RAID to another disk. There are actually 3 disks, and one is rotated to the bank every once in a while after being copied to in the RAID device. It's saved my butt a few times, and it really saved my brother when I accidentally put Windows onto his Mac partition for Bootcamp.
----------
I did complete step B without completing step A, and I couldn't make purchases on any other devices after that. Luckily, some Apple employee must have cut corners because he simply reset my security questions when I asked, no email address verification required.
Yes!! But this whole mess, if it is indeed true, underlines how vulnerable we all are now in this interconnected world. I think a whole new approach is needed with standardized practices amongst ALL players so that loopholes like these can no longer be exploited.
I'm not holding my breath!
Apple said that procedures weren't followed, but didn't elaborate. If Wired managed to repeat the break-in (twice?) then procedures must get broken an awful lot.
True. Arn take away bc his posts were downvote. So no chance to get it back.
The person who give password over phone at apple I hope is fired and becomes homeless. To do damage to apple like this is horrible and needs punish.
It was the only way for a while...I have managed happily without forgetting / mislaying or otherwise corrupting my App store and itunes PW for decades..It's a sensible move by Apple to ramp up security, and yet another indicator of how hackers are now taking far more interest in Mac and IOS users.
Time Machine + Hard drive encryption (filevault). The purpose of remote wipe is that when your Mac is stolen, you'd rather turn it unusable than allowing someone to read it. With hard drive encryption it is unreadable to anyone else.
I heard (haven't tried) that on Mountain Lion you can have two Time Machine drives and alternatively backup to both.
I'm concerned that he is.
I think responsibility should be according to salary. If you put low pay employees into a position where a mistake can be very expensive, then you either invest in more training, or you accept that by saving money on salaries you sometimes have to pay out for damage.
Last edited:
I can confirm that in 10.8 it is possible to have multiple TimeMachines backups.
how effective would find my mac be if the thief goes in and unchecks the feature...OSX doesnt require a password to make this changes. Am I missing something?
Actually, as someone in IT, I can tell you it's not as bad as you think. At least in my company, all data is stored on just a couple of servers (users are aware that any data stored locally is not sanctioned by IT), then those servers are backed up to other onsite servers and other offsite servers ("the cloud" if you will). The whole thing costs several thousand $$$ per month, but for data security, well worth it. And best of all, it's almost entirely automated
While this was a pretty big security breach, I must admit that I am getting extremely fed up with news agencies reporting this as a hacking. Any of us, given the correct information about our intended victim, could have pulled this off very easily. Hacking = finding a system vulnerability (not a human one) and programming your way in. This wasn't hacking. It was the digital equivalent of forging a signature at a bank to get an extra key made into someone else's safe deposit box.