Linked by Thom Holwerda on Mon 6th Aug 2012 11:12 UTC
Apple Mat Honan got hacked, and lost all the data on his MacBook, iPad, and iPhone. How? Somebody broke into his iCloud account. Brute force attack? Simple password? No, not really - the hacker called Apple tech support, and convinced the person on the phone he was really Mat Honan. Apple then reset the iCloud password. The dangers of a monoculture, kids. Even Steve Wozniak has doubts about everything going into the cloud.
Permalink for comment 529856
To read all comments associated with this story, please click here.
oh, FFS...
by maccouch on Mon 6th Aug 2012 12:17 UTC
maccouch
Member since:
2012-03-14

what monoculture? the guy had gmail, twitter, facebook, icloud and old .mac accounts, all entangled and chained up in some sort of mail accounts pyramidal chain, the same way pretty much everyone has...

what exactly is the "monoculture" danger here? *

there's basically 2 lessons from here:

a) do the damn backups! i keep repeating this and people just keep going without doing them. and them wonder what happened to their data...

b) every webservice in the planet will ask you to link your account with some other service account. Just make sure that the final (or better yet, more than one final) account is something you really have control of, as in physical control of.

I use my old university alumni perpetual account. They have a actual client service you can walk in, they ask for my citizen id, they check the data. (and actually i can even use my national citizen card smartcard and encryption features as a login/two factor authentication with it).

if you can't have some sort of this kind of physical way of controlling your final account, use two-factor authentication with something you physically control. something Yubikey-like would be perfect, but your mobilephone number is a reasonable option too.

------
* thom, can we stop with the blind anti-apple bias that's going on around lately? yes, apple can be (and should be) criticized like every other company on earth, but you've really been completely engulfed by it lately. is everything wrong in the world apple's fault?

this case was about social engineering. the same kind of social engineering that breaks every other security system in the world. Although i have no doubt that apple service did something really wrong here. But i don't trust apple with my remote encryption keys and other stuff. And for the matter i don't trust google with this kind of stuff any more than apple.

Reply Score: 4