TechSpot

Amazon, Apple tighten security following devastating Mat Honan attack

By Leeky
Aug 8, 2012
Post New Reply
  1. Mat Honan, a senior writer for Wired had his digital life turned upside-down on Friday after a cybercriminal gained access to his Amazon, Apple ID and Google accounts in a bid to target his three-letter long @mat Twitter account. The……

    Read more
  2. I wonder if these "permanent losses" are no more than "permanent hidings". I'm sure everything (or most of it) is still there, just unavailable to see.
  3. Leeky

    Leeky TS Evangelist Topic Starter Posts: 4,378   +98

    It's possible he could enlist the help of a specialist recovery firm -- which assuming the disk hasn't been overwritten -- could recover the data erased, assuming it hasn't been scrubbed.
  4. Kibaruk

    Kibaruk TechSpot Paladin Posts: 1,238   +79

    People still want to get into cloud computing and one access to everything, they have a single mail and a single password for all their services and make it very easy for others to find a weak link in the chain to exploit without much work.
  5. I was suggesting that the data is never really deleted. There's just this "isVisible" flag somewhere. Both to content (hide) and to accounts (disabled).

    So he could request formally to have everything reinstated, I suppose. Going directly to the HDDs of the cloud services' provider seems highly unlikely.
  6. h4expo

    h4expo TS Rookie

    iDont Cloud
  7. 3DCGMODELER

    3DCGMODELER TS Enthusiast Posts: 307   +18

    Opppsssss

    use a differant email and password for all accounts

    I do
    7 email and 7 passwords, change passwords once a month..
    15 minutes a month can save you allot of headache

    me safe..

    Me safe for now...

    :)
  8. Zilpha

    Zilpha TS Enthusiast Posts: 349

    Did you read the article? He didn't need to hack any passwords - he used social engineering to add himself to the accounts and reset the passwords. Your methods won't save you from a hacker like this. This was a process failure - but what sucks is that now it's going to be harder for legitimate users to manage their accounts.

    Still, it's better than being hacked.
  9. gwailo247

    gwailo247 TechSpot Chancellor Posts: 2,105   +18

    Challenge accepted. Just kidding. =)

    I guess the one good thing is that these stories make me change my passwords, and go back and change some of the simpler answers to my password reset questions.

    The other thing this illustrates is that people who are somewhat public need to take extra steps to insure their cyber security.

    Was it Romney who got hacked because his reset question was the name of his dog, and the name of his dog was very well known due to it being covered by the media.

    From what I've read on Wired, the commenters tend to get into it with some of the article authors, I could see someone getting pissed off and trying to do stuff like this.
  10. Tygerstrike

    Tygerstrike TS Enthusiast Posts: 827   +93

    I personally hope that the hacker gets his accounts hacked. I think ppl like this hacker needs to have a hand cut off or a few fingers removed. It may SEEM a bit extreme, but given that the hacker has caused this much trouble and cost this guy so much. Those pictures are invaluable. This hacker didnt even do this for revenge. He did it because he wanted the twitter name. Talk about petty and stupid.
  11. No matter what security methods we put in place the hackers will find the weakest link, be it brute force, social, malware, etc.
    One thing is on those reset questions, they are usually just a string field, that is you can put any data in there as long as it matches. So What is your pets name? answer could be "1600 Amphitheatre Parkway" for example, as long as you remember you used that. Someone trying to guess that might have a challening time.
     
  12. miska_man

    miska_man TS Member Posts: 49

    I wrote a huge reply earlier, but it didn't go through. Basically what I said was that instead of revenge of wanting the twitter account (which he never would have gotten as Honan would have got on the horn with twitter and said "Block that account! Im the real one!" only after having a double-layer verification)... but what I really think is that Phobia was actually just creating a little bit of havoc to make people a little afraid of these security flaws. This in turn would probably make companies fix these security issues.. and they did. So really I believe Phobia just did this to prove a point, because if he really wanted to I'm sure he could have had Amazon ship a $1000 LED TV to a "new" address.
  13. dividebyzero

    dividebyzero trainee n00b Posts: 4,849   +679

    A red letter day for Amazon...or it's customers
    Buy a TV and get a $2,176 Swiss SIG716 assault rifle instead. That's some pretty mean added value....yeah, and I checked, the "TV" offer shipping criteria are "Currently, item can be shipped only within the U.S."

    /Waits for non-U.S. loony tune psychotics to bring restraint of trade suit against Amazon
  14. Leeky

    Leeky TS Evangelist Topic Starter Posts: 4,378   +98

    I believe that was his aim as well @miska_man. When Honan spoke to him he did actually express regret for the wiping of his Apple devices, saying a partner in crime did it without his knowledge, and had he known, he wouldn't have allowed it. His sole aim was to take over his Twitter account whilst exposing Amazon and more alarmingly, Apple's security policies during the process.

    Still, his actions exposed loopholes that many people have likely succumbed to, it just took a high-profile attack in order for it to reach front page news. It is a lesson for everybody, myself included and whilst I feel for the writer, even he acknowledged his reputation could have been dealt considerably more serious blows than losing emails and having his Twitter account hacked.

    As a father with a young child myself, I do deeply sympathise with his loss of pictures however. If anything, the one thing I'm continually paranoid about myself is losing the thousands of pictures I have of mine -- above everything else. You simply can't replace those memories.
    gwailo247 likes this.
  15. Gmail has problems to rely on it as your only email. Why do these people seem to always reinvent the wheel? It had script errors for the longest time, and now you're telling me that at a whim all saved emails can be gone in a flash? Aren't there legal requirements? AOL and Yahoo keep your email for 6 months after terminating the account. For the thousands of resumes Google gets per day, why are they all amateurs? I'm going back to POP email.
  16. amstech

    amstech TechSpot Enthusiast Posts: 850   +220

    All computer code is transparent. Software cannot secure other software, period. If you don't want your data to be compromised put it on a device that will never see connectivity to anything.
  17. Darth Shiv

    Darth Shiv TS Evangelist Posts: 1,161   +174

    Seriously reset questions are retarded. It doesn't take a rocket surgeon to work out this info in the information age. When government websites etc require me to put in reset questions, I mash the keyboard because stuff like "Mothers maiden name", "first school" are so easy for any 15 year old googler nowadays.
  18. Det

    Det TS Rookie Posts: 84

    But if you just mashed your keyboard every time that happened, wouldn't that mean your keys started falling off?
  19. Rasta211

    Rasta211 TS Enthusiast Posts: 194   +24

    He didn't hack into his Facebook account?
  20. wiyosaya

    wiyosaya TS Enthusiast Posts: 223   +28

    With the cost of hard disks in the TB range and with SSD prices dropping like flies, I cannot understand why anyone would trust irreplaceable data to the "cloud". It is a relatively trivial matter to set up a PC/MAC/whatever at home and place several TB of storage on it.

    So the hacker exposed a hole that will be or has been plugged; however, that still does not make cloud storage safe. Personally, I will never trust irreplaceable files to live in the cloud. I'll put TBs of storage on my PCs instead.
  21. Zilpha

    Zilpha TS Enthusiast Posts: 349

    Tech people aren't fooled by the *buzzwords*, but the average joe thinks that "the cloud" is actually something special and not a server-client relationship that has existed since almost the dawn of computing.
  22. I applaud the efforts of phobia and crew, we need the occasional 'phreaker' to give people a check... the whole cloud sounds good as far as accessing your own items from anywhere, but as long as YOU are in control of said cloud and not an outside service. Like the Woz said this cloud deal wont be so hot in 5 years. I agree seeing if things go south like this more. aside from that I hope he can atleast recover his personal items, like the photos of his daughter.
  23. Darth Shiv

    Darth Shiv TS Evangelist Posts: 1,161   +174

    Got a heavy duty keyboard :)
    That and been eying off a new one for a while. Nothing like a forced upgrade...


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.