Linked by Thom Holwerda on Mon 6th Aug 2012 11:12 UTC
Apple Mat Honan got hacked, and lost all the data on his MacBook, iPad, and iPhone. How? Somebody broke into his iCloud account. Brute force attack? Simple password? No, not really - the hacker called Apple tech support, and convinced the person on the phone he was really Mat Honan. Apple then reset the iCloud password. The dangers of a monoculture, kids. Even Steve Wozniak has doubts about everything going into the cloud.
Permalink for comment 529889
To read all comments associated with this story, please click here.
RE[2]: oh, FFS...
by maccouch on Mon 6th Aug 2012 14:44 UTC in reply to "RE: oh, FFS..."
maccouch
Member since:
2012-03-14

"what exactly is the "monoculture" danger here? *


iPhone, iPad, MacBook Air, iCloud. All his computing devices rendered useless because he relied on a monoculture.

I have Windows, Linux, Android phone/tablet, and a separate, independent cloud backup solution (which is encrypted and only I know the password - not even the provider itself knows my password; if I lose it, I can't access my data anymore since its encrypted). No monoculture, hence, no danger is me being knocked out because my monoculture gets knocked out.

This is not rocket science.
"

Aparrently it is... Correlation does not mean causality.

lets say you would use androidlost (http://androidlost.com) on your android phone, lojack (http://www.absolute.com/lojackforlaptops/features) for your windows laptop, and prey on your linux laptop (https://panel.preyproject.com/forgot).

In all of them you activate the remote wipe feature. In all of them you've got a nice "i forgot my password" webpage that allows you to resend a reset request for your email. But your email accounts, all of them, were hacked. so what now? how has your avoidance of "monoculture" stopped it?

the question here is not the reliance on apple's system. the question is that we've chainlinked all of our email accounts and webservices in to either a something of a pyramid or, in some times, an endless loop of accounts. And if a sufficiently high weak link can be broken by social engineering, you're royally screwed.

Specially if, like this guy, you activate remote wipe without even considering doing local backups. On that issue alone i find serious problems feeling sorry for him. that's doubly dumb and whining shouldn't be allowed here.

you can join apple or google or microsoft monoculture as much as you want. just either don't give them the power to wipe everything (i would say phone wipe is ok, but laptop is better served with encryption) or do backups!

Reply Parent Score: 1