or Connect
AppleInsider › Forums › General › General Discussion › Apple tech support 'socially engineered' in hack of journalist's iCloud account
New Posts  All Forums:Forum Nav:

Apple tech support 'socially engineered' in hack of journalist's iCloud account - Page 2

post #41 of 121
Quote:
Originally Posted by SolipsismX View Post


There is no biometric that is secure; especially not a voice print. The best security is still something you store in memory.
Now adding voice print to a list of other items can help with security but it's also a bit of a "TSA" in that it's mostly a false sense of security. Would the voice print even work if you have a cold or right after you wake up in the morning?
Assuming everything Honan has stated is accurate this is just identity theft, not hacking.

Just identity theft....nothing major like hacking.

post #42 of 121
Definitely ID theft. It happens all the time. BTW, with that many iCloud-enabled IT equipments, he would be fool not to have offline/site backups. I guess either he is or this is just, what they call it, a stunt, if the way this story developed (as per post #31 above) is true. Either way, ID theft. Not traditional hacking..
post #43 of 121

I was quite worried by this story until I saw the bit about it being a Gizmodo article.  I used to be a big fan of that site until the stolen iPhone incident. However now I don't trust that site at all. They are a bunch of Apple hating crooks and I couldn't care less about what they say. 

 

Any time I see a story link to a Gizmodo article, I automatically ignore.

..... the greatest fame comes from adding to human knowledge, not winning battles.
Paraphrased from Napolean Bonaparte, 1798
Reply
..... the greatest fame comes from adding to human knowledge, not winning battles.
Paraphrased from Napolean Bonaparte, 1798
Reply
post #44 of 121
Quote:
Originally Posted by lostkiwi View Post

I was quite worried by this story until I saw the bit about it being a Gizmodo article.  I used to be a big fan of that site until the stolen iPhone incident. However now I don't trust that site at all. They are a bunch of Apple hating crooks and I couldn't care less about what they say. 

 

Any time I see a story link to a Gizmodo article, I automatically ignore.

 

Yeah, i usually don't open links to Giz or Engad. Those sites seem to only worship specs and cores.

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply
post #45 of 121
Quote:
Originally Posted by djsherly View Post

Only if you think those at giz are douches to a man/woman. As best I can tell its just the douche holding the phone that's the douche.

 

Unfortunately there is more than one person without morales in that bunch of 'journalists'.

 

I must admit to being extremely suspicious of this report as well.

If you're going to be original, then you can count on being copied.
Reply
If you're going to be original, then you can count on being copied.
Reply
post #46 of 121
Quote:
Originally Posted by djsherly View Post


Only if you think those at giz are douches to a man/woman. As best I can tell its just the douche holding the phone that's the douche.

 

 

 

1000

post #47 of 121

How predictable that this story is plastered as a headline on every tech blog and website, I thought maybe this site would have a little more self control/discipline and refrain from the sensationalism, but I guess not. Every website has become like an RSS feed of every other site, just a different layout with the same stories. Regardless, if this story is indeed true, this Matt guy is an absolute moron and grossly negligent- expecially considering that he's a tech blogger (!). Everyone is asking for the head of the Apple tech support guy, but we don't know if he actually did anything wrong or not. What if he followed the official guidelines, and the guy was able to answer every security question and give enough detail/personal info? Regardless, let's look at the facts, and how this tech cloumnist got himself to this point, and the choices he made:

 

- He CHOSE to somehow not have a single backup of his data. On OSX this couldn't be easier. Open time machine, turn on the massive ON button, and boom- data is backed up completely, automatically, consistently on an external volume. Not to mention the myriad of free cloud syncing services available like dropbox, etc. But no, he lost 'years' of data because this tech blogger couldn't be bothered to make a single backup of his data. Brilliant. My neighbor who once asked me if the printer was her computer knows how to backup on OSX. 

 

- He CHOSE to not once change his passwords for 'many years'. Again, brilliant. 

 

- He CHOSE to link up all his online accounts, so once iCloud was compromised access to his gmail/twitter/etc were also wide open. Genius. 

 

- He CHOSE to turn on the find my device/wipe options for all his devices, knowing that he didn't have any backups and that he'd be screwed if he had to use the option. Thats some foresight for you. 

 

- He CHOSE to put his entire digital online and offline life behind a single password with absolutely no fallbacks. 

 

These are just the few things he mentioned, any of which would be considered bad security practise, but all together present the picture of someone who is grossly negligent considered his supposed knowledge of tech and the industry he covers. And he's in a position to advise others about tech? It's why I can't scrounge up an ounce of sympathy for him. Shit happens. Hard drives crash. Stuff gets stolen. There's no excuse for him not to have a backup. There's less excuse for all that other stuff. Before attacking Apple's security practises and calling for heads to roll, why not demand some personal responsibility? Yeah, he got unlucky, but he left the door wide, wide open for catastrophic damage. If someone got access to my iCloud, the damage would be temporary and reversible. I'd have some downtime but would be up and running within a few hours. If I was him I'd be embarrassed to post this story, but hey, there's no such thing as shame these days. He need to publicize his massive mistakes to the world so he can point the blame to someone else. Practise some common sense people, and something like this could never ever happen to you. 

post #48 of 121
Quote:
Originally Posted by Slurpy View Post

How predictable that this story is plastered as a headline on every tech blog and website, I thought maybe this site would have a little more self control/discipline and refrain from the sensationalism, but I guess not. Every website has become like an RSS feed of every other site, just a different layout with the same stories. Regardless, if this story is indeed true, this Matt guy is an absolute moron and grossly negligent- expecially considering that he's a tech blogger (!). Everyone is asking for the head of the Apple tech support guy, but we don't know if he actually did anything wrong or not. What if he followed the official guidelines, and the guy was able to answer every security question and give enough detail/personal info? Regardless, let's look at the facts, and how this tech cloumnist got himself to this point, and the choices he made:

 

- He CHOSE to somehow not have a single backup of his data. On OSX this couldn't be easier. Open time machine, turn on the massive ON button, and boom- data is backed up completely, automatically, consistently on an external volume. Not to mention the myriad of free cloud syncing services available like dropbox, etc. But no, he lost 'years' of data because this tech blogger couldn't be bothered to make a single backup of his data. Brilliant. My neighbor who once asked me if the printer was her computer knows how to backup on OSX. 

 

- He CHOSE to not once change his passwords for 'many years'. Again, brilliant. 

 

- He CHOSE to link up all his online accounts, so once iCloud was compromised access to his gmail/twitter/etc were also wide open. Genius. 

 

- He CHOSE to turn on the find my device/wipe options for all his devices, knowing that he didn't have any backups and that he'd be screwed if he had to use the option. Thats some foresight for you. 

 

- He CHOSE to put his entire digital online and offline life behind a single password with absolutely no fallbacks. 

 

These are just the few things he mentioned, any of which would be considered bad security practise, but all together present the picture of someone who is grossly negligent considered his supposed knowledge of tech and the industry he covers. And he's in a position to advise others about tech? It's why I can't scrounge up an ounce of sympathy for him. Shit happens. Hard drives crash. Stuff gets stolen. There's no excuse for him not to have a backup. There's less excuse for all that other stuff. Before attacking Apple's security practises and calling for heads to roll, why not demand some personal responsibility? Yeah, he got unlucky, but he left the door wide, wide open for catastrophic damage. If someone got access to my iCloud, the damage would be temporary and reversible. I'd have some downtime but would be up and running within a few hours. If I was him I'd be embarrassed to post this story, but hey, there's no such thing as shame these days. He need to publicize his massive mistakes to the world so he can point the blame to someone else. Practise some common sense people, and something like this could never ever happen to you. 

I second that emotion. I have Time Machine plus I have Carbon Copy Cloner making a bootable backup of my main hard drive. No sympathy at all.

NW '98
"Everything works, in theory..."
Reply
NW '98
"Everything works, in theory..."
Reply
post #49 of 121
Quote:
Originally Posted by plokoonpma View Post

To me looks like Honan got a friend to pretend to be him, let him know the answers and trick the tech support to do all that stuff and then come as a victim and generate some attention... Look at his tweets.. he is not anger at all, like he doesn't care about his lost of data..  Anyone else would had the blood pressure up high, it would be totally normal to be angry. But Honan is not..

Then, the use of the word "hacker" exaggerated... yes... Guy didn't hacked that equipment, not iCloud, tricked a tech support agent.. But thats it.

 

Quote:
Originally Posted by jkgm View Post

 

Given Jizmodo's history, this wouldn't surprise me even a little bit.

 

Quote:
Originally Posted by AdonisSMU View Post

thats what I was thinking....some clever social engineering my ass...

100% agree with these comments. I don't believe Anything coming from Gizmo... this was completely faked. Apple did update security for cloud accts. minimum of 8 characters 1 capital, 1 lower case, and at least 1 number. They also added 3 more security questions in addition to the original security question, plus birth date.  If you are too lazy to make a GOOD STRONG password, update that password once in a while, and use the added security provided to you, then getting hacked is no ones fault but your own. 

post #50 of 121
Quote:
Originally Posted by Slurpy View Post

- He CHOSE to not once change his passwords for 'many years'. Again, brilliant.

The story says that wasn't a factor because they didn't use brute force.
Quote:
- He CHOSE to link up all his online accounts, so once iCloud was compromised access to his gmail/twitter/etc were also wide open. Genius. 

According to the story I read his account passwords were all different. It was having access to the one email account that allowed for the password retrieval process for the other accounts.
Quote:
- He CHOSE to turn on the find my device/wipe options for all his devices, knowing that he didn't have any backups and that he'd be screwed if he had to use the option. Thats some foresight for you. 

While he should have backups having Find My Device turned on is a good thing in case it's lost. I've taken issue with Find My Device on many occasion on this site for the lack of a passcode for turning it on/off and for the lack of additional authentication for accessing the data. There should be an additional link between devices, much like BT pairing, and an additional code, even just a PIN after you've inputed the iCloud password.
Quote:
- He CHOSE to put his entire digital online and offline life behind a single password with absolutely no fallbacks. 

That isn't what I read. Still, it does sound like he did use real answers to security questions which is a big mistake for anyone serious about security. I also sounds like that info wasn't used in Apple's reseting of his account.

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

 

Goodbyeee jragosta :: http://forums.appleinsider.com/t/160864/jragosta-joseph-michael-ragosta

Reply

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

 

Goodbyeee jragosta :: http://forums.appleinsider.com/t/160864/jragosta-joseph-michael-ragosta

Reply
post #51 of 121
Quote:
Originally Posted by MacLuvin View Post


100% agree with these comments. I don't believe Anything coming from Gizmo... this was completely faked. Apple did update security for cloud accts. minimum of 8 characters 1 capital, 1 lower case, and at least 1 number. They also added 3 more security questions in addition to the original security question, plus birth date.  If you are too lazy to make a GOOD STRONG password, update that password once in a while, and use the added security provided to you, then getting hacked is no ones fault but your own. 

Regardless of whether it's staged or not there are valuable lessons to be learned here.
  1. Use a strong password
  2. Use passwords that are unique across systems and accounts so a single breach will be compartmentalized
  3. Don't use your real birthday and answers for security questions. This can be tricky if you use the same "false answers" across accounts but it does protect you social snooping.

I use 1Password. There are only 3 passwords I know by heart. My 1Password, my Mac password, and my iCloud password. These are complete and unique but human readable. All others were created using the 1Password generator. I do worry about my Dropbox being hacked and my 1Password file being decrypted but I have taken all measures I can on that front and can't think of anything I can do to make it more secure.

People also need to know that when they use WiFi, especially public WiFi, they need to make sure that anything they send is using SSL. Unfortunately most apps don't encrypt data sent via their apps. I wish Apple would make this a requirement or at least have a badge on their App Store to indicate which apps are secure. I blame Apple for not being diligent on this front.

I always thought it would be right up Google's alley to offer a free VPN service that would allow you to have all sessions encrypted between your Mac and their VPN servers. They could not only data mine everything you send but also show relevant ads in a window. While I don't trust Google I trust them more than someone in a Starbucks who could be capturing all my traffic, like this post I'm sending to AI.

PS: I find it odd that the financial institutions I deal with have requirements for passwords that are comparatively short and without special characters. In a way this makes sense because leting users create passwords that are too complex to remember will lead to more password resets which really should be done in person in a branch, but it still strikes me as odd that I can't even use a 24 character password with most of them.
Edited by SolipsismX - 8/6/12 at 1:26am

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

 

Goodbyeee jragosta :: http://forums.appleinsider.com/t/160864/jragosta-joseph-michael-ragosta

Reply

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

 

Goodbyeee jragosta :: http://forums.appleinsider.com/t/160864/jragosta-joseph-michael-ragosta

Reply
post #52 of 121
Quote:
Update Four: I’ll be discussing this on TWiT with Leo Laporte, Ed Bott and others today live at 3 PM Pacific. I now know how it happened, basically start to finish, which I’ll explain in a story on Wired tomorrow (Monday, August 6).

 

Attention-whore much? I'm thinking a book deal might be in the works. 

post #53 of 121
Quote:
Originally Posted by enzos View Post

I smell a rat. 

Me too. I think the whole thing is a put on.

post #54 of 121
Quote:
Originally Posted by SolipsismX View Post

According to the story I read his account passwords were all different. It was having access to the one email account that allowed for the password retrieval process for the other accounts.

 

Mmmm. That actually points to a big security hole in the other password retrieval systems then. Presumably they just reset the password on the basis of a publicly known email address?

 

I'd love to know what was said to make the tech support chap reset the password. 


Edited by Rayz - 8/6/12 at 12:51am
post #55 of 121
Quote:
Originally Posted by Slurpy View Post

 

Attention-whore much? I'm thinking a book deal might be in the works. 

 

Now this is all starting to look a little bit suspect.

post #56 of 121
Quote:
Originally Posted by Quadra 610 View Post




So for the benefit of the less enlightened, elucidate.
post #57 of 121
Quote:
Originally Posted by wizard69 View Post

Apple certainly missed important use cases and seems to have forgotten about user control.

Point is, Apple DOESN'T want users to "worry about data". Apple has a point (most users are hopeless about understanding data), but Apple is, imho, wrong. Or just has an agenda about selling cloud storage, who knows?

There used to be a time when the Library was not hidden, where installing "non signed code" did not force you to ctr+click or disable some setting on your Mac. I call this "iPadization".

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

Reply

Social Capitalist, dreamer and wise enough to know I'm never going to grow up anyway... so not trying anymore.

Reply
post #58 of 121

A TECH journalist that doesn't have any backups. 

post #59 of 121

A blogger is not a journalist!

post #60 of 121
Quote:
Originally Posted by Zedd View Post

A blogger is not a journalist!

 

Alright!

 

A TECH blogger/reporter who works in Gizmodo that doesn't have any backups.

post #61 of 121
Quote:
Originally Posted by djsherly View Post


Only if you think those at giz are douches to a man/woman. As best I can tell its just the douche holding the phone that's the douche.

 

Nope, Gizmodo is a rotten tech blog that will resort to any tactic to generate page views.

post #62 of 121
Quote:
Originally Posted by nitewing98 View Post

I second that emotion. I have Time Machine plus I have Carbon Copy Cloner making a bootable backup of my main hard drive. No sympathy at all.

That's why I smell a rat. A tech geek without a hard-drive back-up = Unbelievable!

 

And this is a site/company known for receiving stolen property then lying about it.  

 

The breach might well be real but I see no reason to believe it until independently confirmed.

 

And if confirmed, that only confirms that Apple staff can be conned and that the Giz journo is an idiot. 

 

Enz

post #63 of 121

I wish Apple would comment on this

I would love to see Apple come out with the specifics of this story - which questions (if any) were bypassed by the hacker and then show how the answers to the questions were easily discoverable, An Apple press release detailing exactly what went down would slap a richly-deserved STFU to a site that's been begging for it for at least 3 years.

Gizmodo has no integrity. As people have already pointed out, the fact that a person supposedly knowledgable about technology would allow his digital life to exist without backup is laughable or a deliberate attempt to make the story more dramatic. Given what I know about these shitheads, I'm inclined to believe the latter. Maybe it's just a simple screwup on the part of a single person, but I'm firmly in the skeptic's camp.
Snarky Mac commentary, occasionally using bad words.
themacadvocate.com
Reply
Snarky Mac commentary, occasionally using bad words.
themacadvocate.com
Reply
post #64 of 121
Why does everyone keep saying he works for Gizmodo? He USED to work for Gizmodo, he now works for WIRED. I find WIRED to be much higher quality than Gizmodo and tends to attract good writers.

Not everyone that was attached to Gizmodo in the past is trash, so get the stick out of your ass.
post #65 of 121
Quote:
Originally Posted by SolipsismX View Post


The story says that wasn't a factor because they didn't use brute force.
According to the story I read his account passwords were all different. It was having access to the one email account that allowed for the password retrieval process for the other accounts.
While he should have backups having Find My Device turned on is a good thing in case it's lost. I've taken issue with Find My Device on many occasion on this site for the lack of a passcode for turning it on/off and for the lack of additional authentication for accessing the data. There should be an additional link between devices, much like BT pairing, and an additional code, even just a PIN after you've inputed the iCloud password.
That isn't what I read. Still, it does sound like he did use real answers to security questions which is a big mistake for anyone serious about security. I also sounds like that info wasn't used in Apple's reseting of his account.

 

I hadn't really thought about it before but this would be a good idea - some additional warning and pin code before you can remotely wipe your device - of course how often will you do that and how likely might you be to forget the PIN code. 

 

Using fake info when setting up some accounts may sound like a good idea but I have a buddy who got locked out of an account and when trying to reset his password he could not remember what fake info he used when he set it up. So best to do something that you can remember perhaps if our real birthdate is 2/4 use 4/2 instead, or 3/5. 

post #66 of 121
Quote:
Originally Posted by Mazda 3s View Post

Why does everyone keep saying he works for Gizmodo? He USED to work for Gizmodo, he now works for WIRED. I find WIRED to be much higher quality than Gizmodo and tends to attract good writers.
Not everyone that was attached to Gizmodo in the past is trash, so get the stick out of your ass.

 

Still. Gizmodo or Wired he's an idiot for not making any backups especially his works as a reporter/blogger are probably drafted on his computer.

 

Did he seriously think that his hard drive will last forever? Even servers have mirroring RAID.

post #67 of 121
Quote:
Originally Posted by makingdots View Post

Still. Gizmodo or Wired he's an idiot for not making any backups especially his works as a reporter/blogger are probably drafted on his computer.

Did he seriously think that his hard drive will last forever? Even servers have mirroring RAID.

I won't disagree with you there. I'm just saying that people are using the name "Gizmodo" to sweep this incident under the rug because it's seen as some "stunt".

I seriously doubt that a respected magazine/site like Wired would want to be part of such shenanigans.
Edited by Mazda 3s - 8/6/12 at 4:58am
post #68 of 121

Yes, we certainly wouldn't want to embarrass Apple just because a customer's security was compromised by a "glitch" resulting in the customer's ownership being stolen and data destroyed. No, preserve Apple's image at any cost!

post #69 of 121
Quote:
Originally Posted by nitewing98 View Post

I second that emotion. I have Time Machine plus I have Carbon Copy Cloner making a bootable backup of my main hard drive. No sympathy at all.

Same here - except that Time Machine backup is on a RAID 5 device. Plus, I have the entire thing backed up on SkyDrive so I have an off-site.
Quote:
Originally Posted by hill60 View Post

I'd like to know more about the "social engineering" as I suspect it would involve identity theft.
"This is my name, my date of birth, my home address, my phone number, my email address, I've forgotten my password and my questions don't work, can you help me out here, is there any more information I need to give you?"
I doubt Apple reps (like anyone else working for a holder of secure information) would have access to credit card and social security numbers, maybe the last 3 or 4 digits but not the whole number.
It will be interesting to see what this "social engineering" involved.

There are just too few facts here to be of any use. What information did the criminal have? If he had personal information given to him by the 'victim', it's not a crime.

Oh, and btw, he confirmed it with the 'hacker'. So why hasn't he filed a criminal complaint? This is a clear violation of DMCA. If that law were enforced a little more frequently, maybe security would increase. The blogger could probably do more good by turning the criminal over to the authorities than by writing a sensationalistic article about something that may or may not have involved negligence on Apple's part (if the 'hacker' had the answers to all the security questions, Apple is SUPPOSED to release the information.)

I hate these stupid security questions. Often, I can't remember or don't know the answers. "whose birthday party did you attend when you were 4?" or "what is the name of your first girlfriend's pet snail?" or "where did you go for your first vacation?" or other such nonsense.
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #70 of 121
Is it wrong for me to not care about or have much sympathy for tech bloggers, especially ones that are referred to as "Apple fanboys"? Maybe it's just me being cynical because most of the tech sites these days are so anti-Apple it isn't even funny. And why is it that only users of Apple products get labeled as "fanboys" by the media. So the 50M people who bought Samsung phones last quarter aren't Samsung fanboys? And pro-Android posters on just about every tech site aren't fanboys, but Apple customers are?
post #71 of 121
Quote:
Originally Posted by Howie View Post

Yes, we certainly wouldn't want to embarrass Apple just because a customer's security was compromised by a "glitch" resulting in the customer's ownership being stolen and data destroyed. No, preserve Apple's image at any cost!

We don't know if anything was stolen.

The only thing we know (and none of it has been confirmed by anyone outside of the publicity hounds):
- Apple allegedly released information
- The 'hacker' allegedly had access to the security passwords
- The author (who is a tech blogger) didn't have any backups - and doesn't seem too concerned about the loss of data, anyway
- The author knows the 'hacker' since he was able to confirm what happened
- The author did not file a criminal complaint

Now, that doesn't guarantee that Apple didn't do anything wrong. It does, however, raise some questions about the entire incident. From what is presented, it looks as though Apple was presented with the right answers to the security questions and therefore released the information as they were supposed to do. I'm not sure what you wanted them to do.
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #72 of 121
Quote:
Originally Posted by djsherly View Post

So for the benefit of the less enlightened, elucidate.

 

LOL.

 

That's twice.

If you're going to be original, then you can count on being copied.
Reply
If you're going to be original, then you can count on being copied.
Reply
post #73 of 121
Quote:
Originally Posted by jragosta View Post

We don't know if anything was stolen.
The only thing we know (and none of it has been confirmed by anyone outside of the publicity hounds):
- Apple allegedly released information
- The 'hacker' allegedly had access to the security passwords
- The author (who is a tech blogger) didn't have any backups - and doesn't seem too concerned about the loss of data, anyway
- The author knows the 'hacker' since he was able to confirm what happened
- The author did not file a criminal complaint
Now, that doesn't guarantee that Apple didn't do anything wrong. It does, however, raise some questions about the entire incident. From what is presented, it looks as though Apple was presented with the right answers to the security questions and therefore released the information as they were supposed to do. I'm not sure what you wanted them to do.

From what I read/heard on twit with Leo laporte.
He was very upset he lost his data
Apple did release information
He did backup his other home computers.
The hacker/thief sent a twitter message after he made a comment on his blog. They just wanted his twitter account (how in the world did you jumped to 'knows the hacker' ... Did you assume.)
They bypassed the security message/answer at apple tech support(which is the real story if true.)
Hokey religions and ancient weapons are no match for a good blaster by your side, kid.
Reply
Hokey religions and ancient weapons are no match for a good blaster by your side, kid.
Reply
post #74 of 121
Quote:
Originally Posted by muppetry View Post

Now that should not be possible. If it's true then I'll bet Apple are scrambling to roll out some new training.

Until we know in detail what happened, no blame can really be placed.

The 4chan of the guy claiming to be the hacker says he did it because he was pissed at Honan for putting up a front that he's a tech expert when it was 'obvious he's a total moron'. The hacker wanted to teach Honan a lesson. That Honan had no backups was not a smart move for sure and if he is as tech stupid as this hacker claims we can't take him saying it was 'social engineering' at face value as who knows how he is defining that term

Honan was on TWiT yesterday and it was a mess. What little he did answer didn't make sense and felt more like a pitch for his upcoming article about he whole thing. Frankly I was left with the feeling the hacker is right and Honan is basically clueless. So the suggestion that Apple did everything by a very strict book and the caller had plenty of info, given out by Honan at one time or another, to prove who he was is a viable one to me
post #75 of 121

It would be interesting to see how the supposed social engineering worked. If it was guessing the security questions it would be the user mistake. Otherwise I doubt if calling Apple would work easily, let's see what his excuse is. I bet we will find out that he gave some information, which could be used on the phone, to somebody to do this.

 

The whole thing sounds so rehearsed. Somebody worked out that if you got someones email  iCloud or other - you could use it go retrieve other emails, and reset passwords, and close down systems. Since the iCloud password couldnt be hacked he is claiming some kind of social engineering. Possible,  the people in AppleCare might relent with someone who genuinely forgot his password and had lost email, if there was some other information which only the user should know. 

 

So I could see this happening, if it didnt then some people would lose their iCloud for ever. However, how likely is that it happened to a gizmodo journalist, and not to a random guy on the street who then called gizmodo? Think about that. There are no known social engineering cases except a journalist for Gizmodo. 

I wanted dsadsa bit it was taken.
Reply
I wanted dsadsa bit it was taken.
Reply
post #76 of 121
Quote:
Originally Posted by sabuga View Post

Just wondering, If you set really easy questions for the "confirm it's you" bit, then Google searches may have the answers.

But according to Honan that's not what happened. He wants us to believe that this hacker called Apple bad basically 'hi my name is Mat Honan and my password isn't working and I can't remember the answers to my security questions' and they just said okay and reset them.

Other reporters have tried the same call over the past year or so, even recently, and said it was hell to get anything. And yet Honan wants us to believe someone broke protocol cause it was tea time or such.
post #77 of 121

What do they mean by "clever social engineering"...thanks for the deets...NOT

post #78 of 121
Quote:
Originally Posted by Mazda 3s View Post

Why does everyone keep saying he works for Gizmodo? He USED to work for Gizmodo, he now works for WIRED. I find WIRED to be much higher quality than Gizmodo and tends to attract good writers.
Not everyone that was attached to Gizmodo in the past is trash, so get the stick out of your ass.

Wired is much worse, in fact.  They are largely responsible for the indefinite detention of an American whistleblower:

http://www.salon.com/2010/06/18/wikileaks_3/

 

It would not surprise me if this latest story is just another attempt at giving Apple a black eye and getting them to kowtow to the US government in some way or another.  Stay tuned...the next piece of news we'll hear is that some congressmen will be demanding that Tim Cook appear before them and provide answers regarding what occurred here.

post #79 of 121
Quote:
Originally Posted by wizard69 View Post

ICloud as a service is extremely flawed. If nothing else the service should have a way to backup to an owners Mac OS machine.

There is, it's called iTunes. Been there since before iCloud.

Not that it would help Honan cause he didn't back up his laptop and chances are that Apple won't have any method to unwipe it and they will refer him back to the warranty terms where it says they don't cover personal data
post #80 of 121
Quote:
Originally Posted by Ed Steinberg View Post

I sure hope that AI is not going to make this a major story. Yes, a tech support guy (or gal) screwed up. Yes, Apple is going to tighten the process. But AI is going to blow this way out of porportion. AI give it a rest......

IF someone at Apple screwed up then I'm fine with them making it a major story, but only if they can prove it was an Apple screw up. At this point the deck is still equally spilt on yea or nay.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: General Discussion
AppleInsider › Forums › General › General Discussion › Apple tech support 'socially engineered' in hack of journalist's iCloud account