Just how safe do we need to be online these days? The question begs quite an arguement so we won’t lecture people on the why’s and ‘why nots’ but an interesting and recent hacking incident with Mat Honan from Wired.com raised the question to multiple firms for their security policies to be reviewed.
Mat has documented how his entire digital life was destroyed in less than an hour on August the 3rd 2012. Hackers managed to gain access to his Twitter account, Amazon Account, Apple ID & Gmail Account. Whilst also setting up remote wiping facilities over his MacBook, iPhone and iPad.
The problem wasnt necessarily that Mat left his accounts open to hacking, he had secure passwords in place. It was the fact that the hackers managed to use Social Engineering to their benefit.
The hack consisted of some cleverly executed planning but it went something like this:
They used his Twitter BIO to find his personal website
His personal website displayed his Gmail address (of which he uses to login to Twitter)
To get into Apple, he needed the Billing info and 4 digits of a debit card, so the hackers did a Whois on the domain name he owned.
They then tricked Amazon into revealing his last 4 digits of his credit/debit card.
Then they phoned Apple and reset his Apple ID using these security codes.
They reset his gmail, twitter, and amazon passwords as well as sending Remote Wipe requests to his iPhone, Macbook and iPad.
Finally they changed all his info on Apple so he was prevented from getting back into the systems.
This may seem sophisticated to some people but in reality its quite a basic hack and in reality could be done by pretty much anyone with 10 minutes of their time and some smart thinking. Apple since this hack have removed the ability to reset user passwords over the phone, although this isnt a permanent fixture they are reviewing their policies to make sure these things can’t happen again, Amazon were yet to comment.
It does raise the question though, is the only way to be truly safe online; to offer some kind of seperation between the services we register for and use…?
Read the full article here: http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/
Posted by Kris Haynes on 08/08 at 01:27 PM
Next entry: Systems Engineer Vacancy
Previous entry: Don’t LinkedIn your passwords…Keeper them secure…