Do Not Link Accounts through Apple!

Talk about anything you want here
Post Reply
User avatar
Collector
Grand Poobah
Posts: 12013
Joined: Wed Oct 08, 2008 12:57 am
Location: Sierraland
Contact:

Do Not Link Accounts through Apple!

Post by Collector »

Mat Honan of Wired magazine had many of his accounts linked through his Apple account. A hacker was able to get just the last four digits of the credit card on record with Amazon, which he then used to access Honan's Apple account. From there he he was able to access Honan's Gmail, Twitter and several other accounts. The hacker then wiped all of Honan's emails and his Twitter account. The hacker then wiped Honan's iPhone and formatted the hard drive of his Macbook Pro.

http://www.wired.com/gadgetlab/2012/08/ ... cking/all/

This is what I have been saying about Apple's scheme of making the iOS a "walled garden" giving nothing more than a fig leaf for security. It limits functionality for no real tangible benefits and only encourages people to "jailbreak" their iPhones/iPads to expand functionality.
01000010 01111001 01110100 01100101 00100000 01101101 01100101 00100001

Image
User avatar
Tawmis
Grand Poobah's Servant
Posts: 20960
Joined: Wed Oct 08, 2008 1:19 am
Gender: Not Specified
Contact:

Re: Do Not Link Accounts through Apple!

Post by Tawmis »

Pfft. I still say if a hacker wants to do it - he or she will do it. Doesn't matter if it's Apple, Android, etc. For example, just today also released Blizzard Entertainment Gets Hacked. Determination of the hacker will be what decides if something can and will be hacked. But reading more about Honan's hack, it looks like it has a LOT less to do with the iPhone's security and more like some dumb ass customer service rep at Apple who gave out part of the guy's password despite the hacker's inability to provide proper information.
User avatar
MusicallyInspired
Village Elder
Posts: 3143
Joined: Fri Oct 10, 2008 8:46 am
Gender: Male
Location: Manitoba, Canada
Contact:

Re: Do Not Link Accounts through Apple!

Post by MusicallyInspired »

Solution: don't buy Apple products.
01010100 01110010 01110101 01110011 01110100 00100000 01010100 01001000 00110001
User avatar
Tawmis
Grand Poobah's Servant
Posts: 20960
Joined: Wed Oct 08, 2008 1:19 am
Gender: Not Specified
Contact:

Re: Do Not Link Accounts through Apple!

Post by Tawmis »

MusicallyInspired wrote:Solution: don't buy Apple products.
Or use any form of online buying like Amazon... or eBay...

Oh, and don't forget to NEVER use credit cards at gas stations. Those have been hacked too. Only pay with cash.

Oh! But be careful if you get cash at an ATM!

People get robbed there.

So maybe only go INSIDE the bank to get money!

Oh! But be careful.

People rob banks too.

Oh. And don't go to movie theaters.

People get shot there.

Oh. And don't go to school. Home school your kids. People shoot up colleges and schools.
User avatar
BBP
Village Elder
Posts: 5105
Joined: Thu Mar 26, 2009 3:07 am
Gender: Not Specified
Contact:

Re: Do Not Link Accounts through Apple!

Post by BBP »

Tawmis wrote: Oh! But be careful if you get cash at an ATM!
People get robbed there.
Don't mock that please, it happened to my father. He had to buy a train ticket in The Hague (he was taking care of Gran's since she was in hospital with a heart attack) at one of those ticket machines that they have out here, and happened to do that at the only one that didn't have a security camera. This Yugoslav gang operated there by looking at their PIN code and stealing their pass by distracting them with a wad of paper saying "You dropped some money". My father doesn't keep his money with his bank cards, so he knew he was lying and held his hand on the card slot, after which the robber started jerking his arm. In the struggle, he got hold of my father's bank card and ran off.
In the next five minutes, my father had gone to the police and blocked his bank card. By then it was too late: the robbers had stolen 1500 euros off his account.
He didn't tell Gran about that, ever. He did get his money back, from the bank, which was a struggle of its own.
After this, he didn't use any outside ATM for months unless somebody else was with him, he got a second account to use for these small payments so the damage will be limited, he keeps an eye out for security cams, and he never used those train ticket vendor machines again. Psychological damage is enormous.
There's a new script around: PHANTASMAGORIA - A Puzzle Of Flesh! Check the Script Party topic in the Bard's Forum!
Skip to new scripts
User avatar
Collector
Grand Poobah
Posts: 12013
Joined: Wed Oct 08, 2008 12:57 am
Location: Sierraland
Contact:

Re: Do Not Link Accounts through Apple!

Post by Collector »

Tawmis wrote:Pfft. I still say if a hacker wants to do it - he or she will do it. Doesn't matter if it's Apple, Android, etc.
But that is my point. The "walled garden" approach gains nothing. It does, however, limit functionality. This story does illustrate the stupidity of linking accounts in general.
01000010 01111001 01110100 01100101 00100000 01101101 01100101 00100001

Image
User avatar
DeadPoolX
DPX the Conqueror!
Posts: 4833
Joined: Mon Oct 27, 2008 3:00 pm
Gender: XY
Location: Canada
Contact:

Re: Do Not Link Accounts through Apple!

Post by DeadPoolX »

Collector wrote:
Tawmis wrote:Pfft. I still say if a hacker wants to do it - he or she will do it. Doesn't matter if it's Apple, Android, etc.
But that is my point. The "walled garden" approach gains nothing. It does, however, limit functionality. This story does illustrate the stupidity of linking accounts in general.
That's real danger, Apple's "walled garden" or not. If you link all of your accounts, it only takes a breach in one of them to compromise all of them. That's part of the reason why I don't link accounts, especially on those sites that want me to log in using my Facebook account.

CSRs should also be better trained. In this particular case, the CSR did a real half-assed job and allowed someone else to gain access to another person's account. Unfortunately, no matter how good the security measures are at a company or in a piece of software, the weakest link is always people.
"Er, Tawni, not Tawmni, unless you are doing drag."
-- Collector (commenting on a slight spelling error made by Tawmis)
User avatar
Collector
Grand Poobah
Posts: 12013
Joined: Wed Oct 08, 2008 12:57 am
Location: Sierraland
Contact:

Re: Do Not Link Accounts through Apple!

Post by Collector »

DeadPoolX wrote:CSRs should also be better trained. In this particular case, the CSR did a real half-assed job and allowed someone else to gain access to another person's account. Unfortunately, no matter how good the security measures are at a company or in a piece of software, the weakest link is always people.
This is why they tend to pay CSRs more for critical accounts. An agent for credit cards, for example, is generally better paid than those of more generic customer service or lower level tech support. It makes them more conscientious about their jobs. I don't if Amazon outsources their call centers, but I do know that Apple does. This means that the CSRs are probably not as well trained nor paid as well and with fewer (if any) benefits as an Apple employee. If a call center is based in some place other than the first world these differences will be even more extreme.
01000010 01111001 01110100 01100101 00100000 01101101 01100101 00100001

Image
User avatar
DeadPoolX
DPX the Conqueror!
Posts: 4833
Joined: Mon Oct 27, 2008 3:00 pm
Gender: XY
Location: Canada
Contact:

Re: Do Not Link Accounts through Apple!

Post by DeadPoolX »

Collector wrote: If a call center is based in some place other than the first world these differences will be even more extreme.
It can go further than that, too. For instance, Canada has far stricter privacy laws than the US does, which includes the kind of information that companies are allowed to share or give out.
"Er, Tawni, not Tawmni, unless you are doing drag."
-- Collector (commenting on a slight spelling error made by Tawmis)
Maxor127
Sierra Obsessed
Posts: 237
Joined: Wed Feb 11, 2009 11:57 am

Re: Do Not Link Accounts through Apple!

Post by Maxor127 »

That can and will happen with any company. It's naive to just blame Apple. That problem was because of a crappy customer service rep. I know from experience that crappy customer service reps exist in all businesses. Not to mention the fact that if a hacker can gain control of one account, then he's going to gain access to all of your accounts. It doesn't matter if it's Apple or not.

One of my email accounts was hacked last year because someone guessed my security answers and was able to get into my Facebook through there and also my gmail. I try not to link accounts, but sometimes you have to. The lesson I learned is that security questions are no different than passwords and you pretty much have to use codes instead of actual answers for them. This is the world we live in now, get used to it.
Post Reply

Return to “Miscellaneous Chatter”