Amazon, Apple tighten security following devastating Mat Honan attack

[Leeky]

Mat Honan, a senior writer for Wired had his digital life turned upside-down on Friday after a cybercriminal gained access to his Amazon, Apple ID and Google accounts in a bid to target his three-letter long @mat Twitter account. The……

[newwindow="https://www.techspot.com/news/49693-amazon-apple-tighten-security-following-devastating-mat-honan-attack.html"]Read more[/newwindow]

 

[Guest]

Ultimately, he was able to restore access to his Apple ID account, but a lack of backups resulted in him losing many irreplaceable files, such as his entire photo collection of his young daughter. Similarly, the termination of his Google account resulted in the loss of thousands of emails.

I wonder if these "permanent losses" are no more than "permanent hidings". I'm sure everything (or most of it) is still there, just unavailable to see.

 

[Leeky]

It's possible he could enlist the help of a specialist recovery firm -- which assuming the disk hasn't been overwritten -- could recover the data erased, assuming it hasn't been scrubbed.

 

[Kibaruk]

People still want to get into cloud computing and one access to everything, they have a single mail and a single password for all their services and make it very easy for others to find a weak link in the chain to exploit without much work.

 

[Guest]

It's possible he could enlist the help of a specialist recovery firm -- which assuming the disk hasn't been overwritten -- could recover the data erased, assuming it hasn't been scrubbed.

I was suggesting that the data is never really deleted. There's just this "isVisible" flag somewhere. Both to content (hide) and to accounts (disabled).

So he could request formally to have everything reinstated, I suppose. Going directly to the HDDs of the cloud services' provider seems highly unlikely.

 

[h4expo]

iDont Cloud

 

[3DCGMODELER]

Opppsssss

use a differant email and password for all accounts

I do
7 email and 7 passwords, change passwords once a month..
15 minutes a month can save you allot of headache

me safe..

Me safe for now...

 

[Zilpha]

use a differant email and password for all accounts

I do
7 email and 7 passwords, change passwords once a month..
15 minutes a month can save you allot of headache

me safe..

Did you read the article? He didn't need to hack any passwords - he used social engineering to add himself to the accounts and reset the passwords. Your methods won't save you from a hacker like this. This was a process failure - but what sucks is that now it's going to be harder for legitimate users to manage their accounts.

Still, it's better than being hacked.

 

[gwailo247]

use a differant email and password for all accounts

I do
7 email and 7 passwords, change passwords once a month..
15 minutes a month can save you allot of headache

me safe..

Challenge accepted. Just kidding. =)

I guess the one good thing is that these stories make me change my passwords, and go back and change some of the simpler answers to my password reset questions.

The other thing this illustrates is that people who are somewhat public need to take extra steps to insure their cyber security.

Was it Romney who got hacked because his reset question was the name of his dog, and the name of his dog was very well known due to it being covered by the media.

From what I've read on Wired, the commenters tend to get into it with some of the article authors, I could see someone getting pissed off and trying to do stuff like this.

 

[Tygerstrike]

I personally hope that the hacker gets his accounts hacked. I think ppl like this hacker needs to have a hand cut off or a few fingers removed. It may SEEM a bit extreme, but given that the hacker has caused this much trouble and cost this guy so much. Those pictures are invaluable. This hacker didnt even do this for revenge. He did it because he wanted the twitter name. Talk about petty and stupid.

 

[Guest]

No matter what security methods we put in place the hackers will find the weakest link, be it brute force, social, malware, etc.
One thing is on those reset questions, they are usually just a string field, that is you can put any data in there as long as it matches. So What is your pets name? answer could be "1600 Amphitheatre Parkway" for example, as long as you remember you used that. Someone trying to guess that might have a challening time.

 

[miska_man]

I personally hope that the hacker gets his accounts hacked. I think ppl like this hacker needs to have a hand cut off or a few fingers removed. It may SEEM a bit extreme, but given that the hacker has caused this much trouble and cost this guy so much. Those pictures are invaluable. This hacker didnt even do this for revenge. He did it because he wanted the twitter name. Talk about petty and stupid.

I wrote a huge reply earlier, but it didn't go through. Basically what I said was that instead of revenge of wanting the twitter account (which he never would have gotten as Honan would have got on the horn with twitter and said "Block that account! Im the real one!" only after having a double-layer verification)... but what I really think is that Phobia was actually just creating a little bit of havoc to make people a little afraid of these security flaws. This in turn would probably make companies fix these security issues.. and they did. So really I believe Phobia just did this to prove a point, because if he really wanted to I'm sure he could have had Amazon ship a $1000 LED TV to a "new" address.

 

[dividebyzero]

A red letter day for Amazon...or it's customers
Buy a TV and get a $2,176 Swiss SIG716 assault rifle instead. That's some pretty mean added value....yeah, and I checked, the "TV" offer shipping criteria are "Currently, item can be shipped only within the U.S."

/Waits for non-U.S. loony tune psychotics to bring restraint of trade suit against Amazon

 

[Leeky]

I believe that was his aim as well @miska_man. When Honan spoke to him he did actually express regret for the wiping of his Apple devices, saying a partner in crime did it without his knowledge, and had he known, he wouldn't have allowed it. His sole aim was to take over his Twitter account whilst exposing Amazon and more alarmingly, Apple's security policies during the process.

Still, his actions exposed loopholes that many people have likely succumbed to, it just took a high-profile attack in order for it to reach front page news. It is a lesson for everybody, myself included and whilst I feel for the writer, even he acknowledged his reputation could have been dealt considerably more serious blows than losing emails and having his Twitter account hacked.

As a father with a young child myself, I do deeply sympathise with his loss of pictures however. If anything, the one thing I'm continually paranoid about myself is losing the thousands of pictures I have of mine -- above everything else. You simply can't replace those memories.

 

[Guest]

Gmail has problems to rely on it as your only email. Why do these people seem to always reinvent the wheel? It had script errors for the longest time, and now you're telling me that at a whim all saved emails can be gone in a flash? Aren't there legal requirements? AOL and Yahoo keep your email for 6 months after terminating the account. For the thousands of resumes Google gets per day, why are they all amateurs? I'm going back to POP email.

 

[amstech]

All computer code is transparent. Software cannot secure other software, period. If you don't want your data to be compromised put it on a device that will never see connectivity to anything.

 

[Darth Shiv]

use a differant email and password for all accounts

I do
7 email and 7 passwords, change passwords once a month..
15 minutes a month can save you allot of headache

me safe..

Challenge accepted. Just kidding. =)

I guess the one good thing is that these stories make me change my passwords, and go back and change some of the simpler answers to my password reset questions.

The other thing this illustrates is that people who are somewhat public need to take extra steps to insure their cyber security.

Was it Romney who got hacked because his reset question was the name of his dog, and the name of his dog was very well known due to it being covered by the media.

From what I've read on Wired, the commenters tend to get into it with some of the article authors, I could see someone getting pissed off and trying to do stuff like this.

Seriously reset questions are retarded. It doesn't take a rocket surgeon to work out this info in the information age. When government websites etc require me to put in reset questions, I mash the keyboard because stuff like "Mothers maiden name", "first school" are so easy for any 15 year old googler nowadays.

 

[Det]

When government websites etc require me to put in reset questions, I mash the keyboard because stuff like "Mothers maiden name", "first school" are so easy for any 15 year old googler nowadays.

But if you just mashed your keyboard every time that happened, wouldn't that mean your keys started falling off?

 

[Rasta211]

He didn't hack into his Facebook account?

 

[wiyosaya]

With the cost of hard disks in the TB range and with SSD prices dropping like flies, I cannot understand why anyone would trust irreplaceable data to the "cloud". It is a relatively trivial matter to set up a PC/MAC/whatever at home and place several TB of storage on it.

So the hacker exposed a hole that will be or has been plugged; however, that still does not make cloud storage safe. Personally, I will never trust irreplaceable files to live in the cloud. I'll put TBs of storage on my PCs instead.

 

[Zilpha]

I will never trust irreplaceable files to live in the cloud. I'll put TBs of storage on my PCs instead.

Tech people aren't fooled by the *buzzwords*, but the average joe thinks that "the cloud" is actually something special and not a server-client relationship that has existed since almost the dawn of computing.

 

[Guest]

I applaud the efforts of phobia and crew, we need the occasional 'phreaker' to give people a check... the whole cloud sounds good as far as accessing your own items from anywhere, but as long as YOU are in control of said cloud and not an outside service. Like the Woz said this cloud deal wont be so hot in 5 years. I agree seeing if things go south like this more. aside from that I hope he can atleast recover his personal items, like the photos of his daughter.

 

[Darth Shiv]

But if you just mashed your keyboard every time that happened, wouldn't that mean your keys started falling off?

Got a heavy duty keyboard
That and been eying off a new one for a while. Nothing like a forced upgrade...