| Author |
Message |
|
koli
Doesn't have much of a life
Joined: Fri Apr 24, 2009 5:12 pm
Posts: 1171
|
Meet Mat Honan. He just had his digital life dissolved by hackers: http://www.wired.com/gadgetlab/2012/08/ ... cking/all/
|
| Tue Aug 07, 2012 5:17 pm |
|
|
|
forquare1
I haven't seen my friends in so long
Joined: Thu Apr 23, 2009 6:36 pm
Posts: 5161
Location: /dev/tty0
|
I'm glad that I dont use my Apple email for anything...Only Apple related stuff...
I'll also agree that the guy is an utter plonker. He's bought into pretty much the entire Apple ecosystem, but left out Time Machine, which would have saved the things he cares about most...
|
| Tue Aug 07, 2012 5:52 pm |
|
|
|
timark_uk
Moderator
Joined: Thu Apr 23, 2009 6:11 pm
Posts: 12143
Location: Belfast
|
You don't need Time Machine, you just need an offline backup.
Any offline backup system will do, just make sure you have one.
Mark
|
| Tue Aug 07, 2012 5:57 pm |
|
|
|
koli
Doesn't have much of a life
Joined: Fri Apr 24, 2009 5:12 pm
Posts: 1171
|
The point of the article isn't really that he should have backed up his data.
It's more about thinking what you can do to make it as difficult for attackers to get access to your improtant accounts like google.
Using different passwords is a first step but there are also others like two step authentication.
I posted it in the meeting place for a reason: so people would see how easy it is for their life to get destroyed and that it pays to be careful.
|
| Tue Aug 07, 2012 6:35 pm |
|
|
|
paulzolo
What's a life?
Joined: Thu Apr 23, 2009 6:27 pm
Posts: 12251
|
Not hacked by cracking passwords - it was done by phoning up Apple support and using social engineering techniques. http://www.forbes.com/sites/timworstall ... ts-hacked/So, I'm this case the weak point was the tech support operative - something that anyone in any tech support call centre could fall prey to.
|
| Tue Aug 07, 2012 8:35 pm |
|
|
|
forquare1
I haven't seen my friends in so long
Joined: Thu Apr 23, 2009 6:36 pm
Posts: 5161
Location: /dev/tty0
|
I know. Time Machine is the most obvious choice though, IMO. Touted as a major feature of Leopard, it has always been one of the big features Apple has pushed since. It's not hard to imagine that someone who is surrounded by the Apple ecosystem to use Time Machine. But as you say, anything would have been better. Looking at this case, it's probably best to set up a new email account every time you sign up for a new service, at least until every service offers two step authentication. That way only one service is linked to an email account, minimising these sorts of attacks.
|
| Tue Aug 07, 2012 10:04 pm |
|
|
|
timark_uk
Moderator
Joined: Thu Apr 23, 2009 6:11 pm
Posts: 12143
Location: Belfast
|
I'm surrounded by Apple gear; iPhone, iPad, iPod, MBP, Apple TV, Airport Extreme, Airport Express, iMac … four offline backup hard drives all managed manually. I have about 0% interest in using Time Machine/iCloud for backing up. \•/ Mark
|
| Tue Aug 07, 2012 10:13 pm |
|
|
|
big_D
What's a life?
Joined: Thu Apr 23, 2009 8:25 pm
Posts: 10691
Location: Bramsche
|
Using different passwords is irrelevant - and he did use different passwords. If Apple will reset your password for anybody who has the last 4 digits of your credit card number, it doesn't matter how strong your password is! Also having to link mail accounts from one service to another (E.g. the Google and Twitter password resets were sent to his compromised Apple account) doesn't make things any better. If they manage to break into the account at the head of the chain, they can get to every account.
_________________
"Do you know what this is? Hmm? No, I can see you do not. You have that vacant look in your eyes, which says hold my head to your ear, you will hear the sea!" - Londo Molari
Executive Producer No Agenda Show 246
|
| Wed Aug 08, 2012 4:14 am |
|
|
|
koli
Doesn't have much of a life
Joined: Fri Apr 24, 2009 5:12 pm
Posts: 1171
|
So what is the solution? Having a dedicated google account with 2 step auth. set up just for password recovery? Or maybe using your corporate email for that purpose?
|
| Wed Aug 08, 2012 6:00 am |
|
|
|
jonbwfc
What's a life?
Joined: Thu Apr 23, 2009 7:26 pm
Posts: 17040
|
Having a method of password recovery for an email service that doesn't depend on having another email service...
|
| Wed Aug 08, 2012 7:16 am |
|
|
|
HeatherKay
Moderator
Joined: Thu Apr 23, 2009 6:13 pm
Posts: 7262
Location: Here, but not all there.
|
Send it by snailmail. Or by telegram? _________________My Flickr | Snaptophobic BloggageHeather Kay: modelling details that matter. "Let my windows be open to receive new ideas but let me also be strong enough not to be blown away by them." - Mahatma Gandhi.
|
| Wed Aug 08, 2012 7:34 am |
|
|
|
jonbwfc
What's a life?
Joined: Thu Apr 23, 2009 7:26 pm
Posts: 17040
|
What's the phrase... oh yes - 'You can have it cheap, you can have it convenient, you can have it secure. Pick any two'. Jon
|
| Wed Aug 08, 2012 7:45 am |
|
|
|
EddArmitage
I haven't seen my friends in so long
Joined: Thu Apr 23, 2009 9:40 pm
Posts: 5288
Location: ln -s /London ~
|
And Amazon are just as bad allowing you to add a new credit card over the phone with minimal security, and then use that credit card as a means of answering security questions to reset passwords.
|
| Wed Aug 08, 2012 8:07 am |
|
|
|
jonbwfc
What's a life?
Joined: Thu Apr 23, 2009 7:26 pm
Posts: 17040
|
|
| Wed Aug 08, 2012 8:30 am |
|
|
|
timark_uk
Moderator
Joined: Thu Apr 23, 2009 6:11 pm
Posts: 12143
Location: Belfast
|
|
| Wed Aug 08, 2012 9:08 am |
|
|
