Mat Honan of Wired magazine had many of his accounts linked through his Apple account. A hacker was able to get just the last four digits of the credit card on record with Amazon, which he then used to access Honan's Apple account. From there he he was able to access Honan's Gmail, Twitter and several other accounts. The hacker then wiped all of Honan's emails and his Twitter account. The hacker then wiped Honan's iPhone and formatted the hard drive of his Macbook Pro.
http://www.wired.com/gadgetlab/2012/08/ ... cking/all/
This is what I have been saying about Apple's scheme of making the iOS a "walled garden" giving nothing more than a fig leaf for security. It limits functionality for no real tangible benefits and only encourages people to "jailbreak" their iPhones/iPads to expand functionality.
Do Not Link Accounts through Apple!
Do Not Link Accounts through Apple!
01000010 01111001 01110100 01100101 00100000 01101101 01100101 00100001
- Tawmis
- Grand Poobah's Servant
- Posts: 20960
- Joined: Wed Oct 08, 2008 1:19 am
- Gender: Not Specified
- Contact:
Re: Do Not Link Accounts through Apple!
Pfft. I still say if a hacker wants to do it - he or she will do it. Doesn't matter if it's Apple, Android, etc. For example, just today also released Blizzard Entertainment Gets Hacked. Determination of the hacker will be what decides if something can and will be hacked. But reading more about Honan's hack, it looks like it has a LOT less to do with the iPhone's security and more like some dumb ass customer service rep at Apple who gave out part of the guy's password despite the hacker's inability to provide proper information.
Tawmis.com - Voice Actor
Comic Relief Podcast!
Neverending Nights
Hello, my name is Larry. Larry Laffer!
Comic Relief Podcast!
Neverending Nights
Hello, my name is Larry. Larry Laffer!
- MusicallyInspired
- Village Elder
- Posts: 3143
- Joined: Fri Oct 10, 2008 8:46 am
- Gender: Male
- Location: Manitoba, Canada
- Contact:
Re: Do Not Link Accounts through Apple!
Solution: don't buy Apple products.
01010100 01110010 01110101 01110011 01110100 00100000 01010100 01001000 00110001
- Tawmis
- Grand Poobah's Servant
- Posts: 20960
- Joined: Wed Oct 08, 2008 1:19 am
- Gender: Not Specified
- Contact:
Re: Do Not Link Accounts through Apple!
Or use any form of online buying like Amazon... or eBay...MusicallyInspired wrote:Solution: don't buy Apple products.
Oh, and don't forget to NEVER use credit cards at gas stations. Those have been hacked too. Only pay with cash.
Oh! But be careful if you get cash at an ATM!
People get robbed there.
So maybe only go INSIDE the bank to get money!
Oh! But be careful.
People rob banks too.
Oh. And don't go to movie theaters.
People get shot there.
Oh. And don't go to school. Home school your kids. People shoot up colleges and schools.
Tawmis.com - Voice Actor
Comic Relief Podcast!
Neverending Nights
Hello, my name is Larry. Larry Laffer!
Comic Relief Podcast!
Neverending Nights
Hello, my name is Larry. Larry Laffer!
Re: Do Not Link Accounts through Apple!
Don't mock that please, it happened to my father. He had to buy a train ticket in The Hague (he was taking care of Gran's since she was in hospital with a heart attack) at one of those ticket machines that they have out here, and happened to do that at the only one that didn't have a security camera. This Yugoslav gang operated there by looking at their PIN code and stealing their pass by distracting them with a wad of paper saying "You dropped some money". My father doesn't keep his money with his bank cards, so he knew he was lying and held his hand on the card slot, after which the robber started jerking his arm. In the struggle, he got hold of my father's bank card and ran off.Tawmis wrote: Oh! But be careful if you get cash at an ATM!
People get robbed there.
In the next five minutes, my father had gone to the police and blocked his bank card. By then it was too late: the robbers had stolen 1500 euros off his account.
He didn't tell Gran about that, ever. He did get his money back, from the bank, which was a struggle of its own.
After this, he didn't use any outside ATM for months unless somebody else was with him, he got a second account to use for these small payments so the damage will be limited, he keeps an eye out for security cams, and he never used those train ticket vendor machines again. Psychological damage is enormous.
There's a new script around: PHANTASMAGORIA - A Puzzle Of Flesh! Check the Script Party topic in the Bard's Forum!
Skip to new scripts
Skip to new scripts
Re: Do Not Link Accounts through Apple!
But that is my point. The "walled garden" approach gains nothing. It does, however, limit functionality. This story does illustrate the stupidity of linking accounts in general.Tawmis wrote:Pfft. I still say if a hacker wants to do it - he or she will do it. Doesn't matter if it's Apple, Android, etc.
01000010 01111001 01110100 01100101 00100000 01101101 01100101 00100001
- DeadPoolX
- DPX the Conqueror!
- Posts: 4833
- Joined: Mon Oct 27, 2008 3:00 pm
- Gender: XY
- Location: Canada
- Contact:
Re: Do Not Link Accounts through Apple!
That's real danger, Apple's "walled garden" or not. If you link all of your accounts, it only takes a breach in one of them to compromise all of them. That's part of the reason why I don't link accounts, especially on those sites that want me to log in using my Facebook account.Collector wrote:But that is my point. The "walled garden" approach gains nothing. It does, however, limit functionality. This story does illustrate the stupidity of linking accounts in general.Tawmis wrote:Pfft. I still say if a hacker wants to do it - he or she will do it. Doesn't matter if it's Apple, Android, etc.
CSRs should also be better trained. In this particular case, the CSR did a real half-assed job and allowed someone else to gain access to another person's account. Unfortunately, no matter how good the security measures are at a company or in a piece of software, the weakest link is always people.
"Er, Tawni, not Tawmni, unless you are doing drag."
-- Collector (commenting on a slight spelling error made by Tawmis)
-- Collector (commenting on a slight spelling error made by Tawmis)
Re: Do Not Link Accounts through Apple!
This is why they tend to pay CSRs more for critical accounts. An agent for credit cards, for example, is generally better paid than those of more generic customer service or lower level tech support. It makes them more conscientious about their jobs. I don't if Amazon outsources their call centers, but I do know that Apple does. This means that the CSRs are probably not as well trained nor paid as well and with fewer (if any) benefits as an Apple employee. If a call center is based in some place other than the first world these differences will be even more extreme.DeadPoolX wrote:CSRs should also be better trained. In this particular case, the CSR did a real half-assed job and allowed someone else to gain access to another person's account. Unfortunately, no matter how good the security measures are at a company or in a piece of software, the weakest link is always people.
01000010 01111001 01110100 01100101 00100000 01101101 01100101 00100001
- DeadPoolX
- DPX the Conqueror!
- Posts: 4833
- Joined: Mon Oct 27, 2008 3:00 pm
- Gender: XY
- Location: Canada
- Contact:
Re: Do Not Link Accounts through Apple!
It can go further than that, too. For instance, Canada has far stricter privacy laws than the US does, which includes the kind of information that companies are allowed to share or give out.Collector wrote: If a call center is based in some place other than the first world these differences will be even more extreme.
"Er, Tawni, not Tawmni, unless you are doing drag."
-- Collector (commenting on a slight spelling error made by Tawmis)
-- Collector (commenting on a slight spelling error made by Tawmis)
Re: Do Not Link Accounts through Apple!
That can and will happen with any company. It's naive to just blame Apple. That problem was because of a crappy customer service rep. I know from experience that crappy customer service reps exist in all businesses. Not to mention the fact that if a hacker can gain control of one account, then he's going to gain access to all of your accounts. It doesn't matter if it's Apple or not.
One of my email accounts was hacked last year because someone guessed my security answers and was able to get into my Facebook through there and also my gmail. I try not to link accounts, but sometimes you have to. The lesson I learned is that security questions are no different than passwords and you pretty much have to use codes instead of actual answers for them. This is the world we live in now, get used to it.
One of my email accounts was hacked last year because someone guessed my security answers and was able to get into my Facebook through there and also my gmail. I try not to link accounts, but sometimes you have to. The lesson I learned is that security questions are no different than passwords and you pretty much have to use codes instead of actual answers for them. This is the world we live in now, get used to it.