Apple Temporarily Halts Over-the-Phone iCloud Password Resets [Updated]

[manu chao]

Why would you turn off remote wipe? If you back up, you are safe. Remote wipe is a safety feature you should not turn off. Why?

Which is more likely...

1. Someone hacks into your iCloud and remote wipes your laptop. If backed up with Time Machine or a clone, result is a day to restore it. Your data is still secure.

2. Someone steals your laptops (or you lose it) and they access your files because even if you use passwords, they have unlimited access to the machine and can find ways around it and you can't remote wipe it because you have it turned off. Your data is insecure.

Not only is 2 more likely to happen as only a hacker with a vendetta would remote wipe your machine and alert you to their access to your account, but scenario 2 leaves you more exposed.

While I also lean towards enabling remote wipe, in the case of Mat Conan, the attackers wiped Conan's devices to slow down the discovery and recovery action of Conan, ie, to being able to spam his Twitter account longer. But people who hack you to spam your Twitter followers are likely the clear minority, most hackers probably want to profit financially which means staying under the radar as long as possible, although maybe once they've done things like resetting your passwords, they need to act quickly and throwing a wrench into your understanding of the situation might buy them some time.

----------

Any advice on the best way to backup a time capsule?

Why do want to backup your backup? (One answer would be to backup the history which only exists within the TM backup. Though a simple answer to this is to add a second TM backup.)

But you can connect a USB disk to a TC and via the Airport Utility backup the TC content to it, though this is not automatic.

----------

I hate TimeMachine. I had a hard drive start to go bad on my iMac, but I didn't realize the hard drive was bad yet. My computer was crashing a lot after I updated the version of OS X I was running, so I reinstalled from my external TimeMachine Backup choosing an older backup date. After the backup restored my iMac from TimeMachine, my iMac hard drive crashed. Well, TimeMachine "automatically wipes all prior Backup files/logs" it has saved when you do a restore from any backup date and replaces them with a blank file until you backup to it again. Since I didn't realized this was a "Ridiculously dumb built in feature of TimeMachine," I hadn't performed a new backup and due to the Hard Drive crashing within an hour of completing the restore, I lost EVERYTHING that was backed up to TimeMachine. I lost over a year of daily Backup files on the external hard drive, so TimeMachine can completely suck my !!!

Really? Maybe Migration Assistant refuses to restore a second time from a TM backup, but the data are still there are not deleted after a restore, you can navigate with the Finder to them. In the worst case, I'd copy them manually to a new disk and try to point MA to it. Otherwise, you can still manually restore things.

And as usual, try to never let the number of copies come down to one, ie, have at least two independent backups.

 

[kingtj]

Yep, and you should be happy!

There's too much important information being stored in today's iCloud to act like it's something you should easily be given access to if you foolishly lose your password.

I guess that makes me sound like I'm trying to be a jerk, but I'm really not. All I'm saying is that most of us are used to have dozens of annoying passwords and PIN numbers to remember for things. Eventually, it all gets a little overwhelming and we start forgetting WHY all of those things were put in place.

The solution is to use technology to help you with technology! I could barely function without the "LastPass" browser extension, for example. With LastPass, you only need ONE central password to memorize, to log into their service. Let it remember all of your website logins/passwords for you. Then there's no more "forgetting my password" to online banking, 401K, and all sorts of other important sites you might use, and you're free to select really difficult to guess, random number/letter combinations for each of them too.

And before you say, "But what if someone hacks my LastPass account?!" ... yes, that's always a theoretical possibility. BUT, the site is run by people very focused on keeping things secure. Their password database is encrypted and they keep a close eye on anomalies in their network traffic (such as might happen if someone started an automated script trying to guess accounts and passwords on their site). It's a much safer solution than you using weaker passwords or the same password on multiple sites because they're "too hard to remember otherwise"!

great more inconvenience if we do indeed lose our password....

 

[manu chao]

how effective would find my mac be if the thief goes in and unchecks the feature...OSX doesnt require a password to make this changes. Am I missing something?

If you have a login password or better full disk encryption, the thief cannot uncheck that checkbox.

 

[GenesisST]

True. Arn take away bc his posts were downvote. So no chance to get it back.

The person who give password over phone at apple I hope is fired and becomes homeless. To do damage to apple like this is horrible and needs punish.

Fired? Sure. To become homeless, that's harsh.

Ever been inattentive and went through a red light? Not even texting or stupid crap like that, but ever had a newborn and been tired like you wouldn't believe? Now, do you wish that someone else that does this to die?

 

[lifeinhd]

The solution is to use technology to help you with technology!

Hehe... even though they're not the same, you reminded me of this:

 

[ixodes]

1) Good; it's a huge security flaw.

2) My advice to everyone, is to use at least TimeMachine, and to disable remote wipe of your macbook. It'd be more useful to use logmein or teamviewer.

3) Backup is the most important step.

Then backup.

Then backup the backup.

1a) I concur, it's very refreshing to see Apple do the right thing in a very timely fashion.

2a) Very sage advice.

3a) Early on in my career in computing, all work was mission critical, thus I was very mindful of a good backup routine. Fully automated, with a few copies daily, I still walk out of the office at the end of the day with a copy of my backup for offsite storage. There's nothing like the peace of mind that a solid backup provides.

 

[iChrist]

Fired? Sure. To become homeless, that's harsh.

Ever been inattentive and went through a red light? Not even texting or stupid crap like that, but ever had a newborn and been tired like you wouldn't believe? Now, do you wish that someone else that does this to die?

If you are that weak then you should not drive car. Is a selfish thing to do and consequences would be your fault, not the fault of innocent baby who you blame for your action.

If person is not competent and stupid at their job, they need to be removed and not work again so as not to damage another company after fired from first company. Many people in world competing for money so why need to put up with idiots. Competition is good.

 

[lifeinhd]

If you are that weak then you should not drive car. Is a selfish thing to do and consequences would be your fault, not the fault of innocent baby who you blame for your action.

If person is not competent and stupid at their job, they need to be removed and not work again so as not to damage another company after fired from first company. Many people in world competing for money so why need to put up with idiots. Competition is good.

I find your stance amusing considering your username

 

[iChrist]

I find your stance amusing considering your username

my name is christoff

 

[GenesisST]

If you are that weak then you should not drive car. Is a selfish thing to do and consequences would be your fault, not the fault of innocent baby who you blame for your action.

If person is not competent and stupid at their job, they need to be removed and not work again so as not to damage another company after fired from first company. Many people in world competing for money so why need to put up with idiots. Competition is good.

Bad example, I agree, but us mere mortals are sometimes innatentive even in the best conditions or might have minor lapse of judgement. OK, not as severe as that bad support rep at Apple.

And I agree, such person should not do this line of work, but they can work at places like Walmart or McDonald's. To wish someone to be homeless is just harsh. And then you would probably say "Why can't you get a job?" anyways!

I hope you don't pull an "iChristopher Reeves" when you get off your high horse!

 

[iChrist]

Bad example, I agree, but us mere mortals are sometimes innatentive even in the best conditions or might have minor lapse of judgement. OK, not as severe as that bad support rep at Apple.

And I agree, such person should not do this line of work, but they can work at places like Walmart or McDonald's. To wish someone to be homeless is just harsh. And then you would probably say "Why can't you get a job?" anyways!

I hope you don't pull an "iChristopher Reeves" when you get off your high horse!

Sorry is harsh for you. I have been told I am very much like Steve Jobs so can't help it.

 

[Domalais]

Original hack article: 489 comments.

Content: It's all a lie.


Apple confirms: 61 comments.

Content: Silence

 

[iOSMole]

Has nobody noticed the contradicting information that has been reported?

On one hand, the guy got his password reset and others reporting the news were able to to reproduce it by providing the same information, indicating a flaw in the system.

However, Apple also said an advisor didn't follow procedure properly but they didn't say how, indicating the advisor was at fault.

The reason for the contradiction?
The advisor didn't do anything wrong, he (or she) followed procedure as normal. Apple mentioned the advisor because it indicates it was a single incident and not a system-wide flaw. It stops people panicking.

The truth is the advisor doesn't just have a button that he chooses to press or not press. He literally can't press the button until he can verify the information from the customer. And he can't see the information, the system just tells him if it's right or wrong.

The reason they've suspended password resetting for so long is not just because they have to re-write the procedure. That could be done in a couple of hours and would say "ok now we need this, this and this". They have to re-write the program that resets the passwords.