or Connect
AppleInsider › Forums › General › General Discussion › Apple tech support 'socially engineered' in hack of journalist's iCloud account
New Posts  All Forums:Forum Nav:

Apple tech support 'socially engineered' in hack of journalist's iCloud account - Page 3

post #81 of 121

LoL lol.gif

post #82 of 121
Quote:
Originally Posted by GTR View Post

 

LOL.

 

That's twice.

LOL, indeed. So obvious you can't even bring yourself to explain.

post #83 of 121
Quote:
Originally Posted by charlituna View Post

IF someone at Apple screwed up then I'm fine with them making it a major story, but only if they can prove it was an Apple screw up. At this point the deck is still equally spilt on yea or nay.

More like, it's split between "Apple is guilty. We don't need facts - Apple's a big, bad, incompetent firm" and "There are not enough details to reach any conclusions".
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #84 of 121
Quote:
Originally Posted by mcarling View Post

This story has an extremely misleading introduction.  Apple are not "partly" to blame.  Apple are entirely to blame.

When the hacker was unable to answer the security questions,

According to Mr Honan the attacker couldnt answer the security questions but which questions are we talking about. Was this the ones that Mr Honan put in when he set up the account. Or something more secure. Maybe the hacker did know the answer but didn't know the birthdate and convinced the tech he put in something made up and can't remember what he put to get to another level where he had the info, provided publicly by Mr Honan, to correctly answer all the questions

We have only Mr Honans vague comments at this point about what went down and given that he's a known blogger and supposed to be an expert and just showed his ignorance for not having a backup, of course he's likely in damage control and going to tip the blame away from himself
post #85 of 121

All very horrible except for Gizmodo's Twitter getting hacked.

 

On edit: As others have hinted, it sounds like an inside job.

 

Gizmodo would do anything for a few extra ad clicks.

post #86 of 121
Quote:
Originally Posted by Quadra 610 View Post

Payback.    1wink.gif

I think it's much more sinister. Need to know the exactly when this started so the exact point time when iCloud became self aware can be documented... How else will Kyle [Reese] know what to tell Sarah to tell John?
post #87 of 121
[
Quote:
Originally Posted by sumjuan View Post


I think If it was this easy, why not someone else?. Why not a whole lot of other accounts?
It just happened to be the one Jizzmodo?

Other hacks have surfaced since yesterday, and older ones have been drug up, but no details to prove they were even remotely the same

As for this, it wasn't says the 4chan source an attack on Apple but on this guy personally. Just happens that he is an Apple user so we aren't reading about his nexus, tab and dell being screwed with
post #88 of 121
Quote:
Originally Posted by plokoonpma View Post

To me looks like Honan got a friend to pretend to be him, let him know the answers and trick the tech support to do all that stuff and then come as a victim and generate some attention... Look at his tweets.. he is not anger at all, like he doesn't care about his lost of data..  Anyone else would had the blood pressure up high, it would be totally normal to be angry. But Honan is not..

Then, the use of the word "hacker" exaggerated... yes... Guy didn't hacked that equipment, not iCloud, tricked a tech support agent.. But thats it.

I would not put it past them.

TechnoMinds

We are a Montreal based technology company that offers a variety of tech services such as tech support for Apple products, Drupal based website development, computer training and iCloud...

Reply

TechnoMinds

We are a Montreal based technology company that offers a variety of tech services such as tech support for Apple products, Drupal based website development, computer training and iCloud...

Reply
post #89 of 121
Quote:
Originally Posted by Ed Steinberg View Post

I sure hope that AI is not going to make this a major story. Yes, a tech support guy (or gal) screwed up. Yes, Apple is going to tighten the process. But AI is going to blow this way out of porportion. AI give it a rest......


AI hardly covers anything critical of Apple or their processes, and the forums are even less tolerant. The worse thing to happen would be for this to be ignored. Having all of your devices wiped is not exactly something that can be 'blown out of all proportion'. Apple has not taken security seriously, because they have this misguided belief that no one would want to attack Apple or its users. That is unfortunately not true anymore.

Do not overrate what you have received, nor envy others.
15" Matte MacBook Pro: 2.66Ghz i7, 8GB RAM, GT330m 512MB, 512GB SSD

iPhone 5 Black 32GB

iPad 3rd Generation, 32GB

Mac Mini Core2Duo 2.26ghz,...

Reply

Do not overrate what you have received, nor envy others.
15" Matte MacBook Pro: 2.66Ghz i7, 8GB RAM, GT330m 512MB, 512GB SSD

iPhone 5 Black 32GB

iPad 3rd Generation, 32GB

Mac Mini Core2Duo 2.26ghz,...

Reply
post #90 of 121
Quote:
Originally Posted by muppetry View Post

Now that should not be possible. If it's true then I'll bet Apple are scrambling to roll out some new training.

They will make this a teachable moment. lol.gif

post #91 of 121
.
Edited by SolipsismX - 8/6/12 at 9:09am

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

 

Goodbyeee jragosta :: http://forums.appleinsider.com/t/160864/jragosta-joseph-michael-ragosta

Reply

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

 

Goodbyeee jragosta :: http://forums.appleinsider.com/t/160864/jragosta-joseph-michael-ragosta

Reply
post #92 of 121
Quote:
Originally Posted by wizard69 View Post

ICloud as a service is extremely flawed. If nothing else the service should have a way to backup to an owners Mac OS machine. Further saving a copy of an iCloud file locally shouldn't be so damn difficult. ICloud is like 80% of the way there but Apple certainly missed important use cases and seems to have forgotten about user control.

 

I have 2TB on my iMac...that is not going to work and iCloud files are different from ALL files on your Mac.
 
post #93 of 121
Quote:
Originally Posted by SolipsismX View Post

BREAKING NEWS: Someone just hacked NASA's iCloud account and used Find My Rover to erase Curiosity's drive.

Did you notice last night at JPL that if you saw a laptop, it was a Mac?

post #94 of 121

OSX 10.8 scares me because it took years of information off my computer and placed it on Apple servers. I discovered this transfer because my computer slowed to snail pace accessing this information.

 

When I started turning off the iCloud connections suddenly I am faced with warning messages that I am going to lose my years of collected information.  What???  Since I have no other devices Mail was my central concern.  Turning off the store on server options resulted in my information disappearing.  Whoa!!!

 

A bunch of clicking and copying later I got most of the information back but not in convenient formats.  Turning off store functions, at first stopped email from being sent.  Reboot fixed some of that.  What a mess.

 

My private information in hacker rich territory, how is that a good deal?

 

Then the traditional information sync problem that technology has been trying to solve since the 1960s, who is the chicken and who is the egg?  Which information is original which is modification?  A trail of change, a trail of trial and error from multiple sources.  Should be fun to see what turns out to be unintended consequences.

post #95 of 121
Here's a collection of comments from people who have doubts about this story. I missed a few, but clearly Gizmodo has a credibility problem around here.

The whole story stinks. Starting with the obfuscatory term "social engineering." WTF is that supposed to be?
Quote:
Originally Posted by enzos View Post

I smell a rat. 

Quote:
Originally Posted by sumjuan View Post

Jizzmodo?
The same bottom feeding scum, short attention span whores; Jizzmodo?
Really?
There must be a lot more to this. A whole lot.

I think If it was this easy, why not someone else?. Why not a whole lot of other accounts?
It just happened to be the one Jizzmodo?

Quote:
Originally Posted by plokoonpma View Post

To me looks like Honan got a friend to pretend to be him, let him know the answers and trick the tech support to do all that stuff and then come as a victim and generate some attention... Look at his tweets.. he is not anger at all, like he doesn't care about his lost of data..  Anyone else would had the blood pressure up high, it would be totally normal to be angry. But Honan is not..
Then, the use of the word "hacker" exaggerated... yes... Guy didn't hacked that equipment, not iCloud, tricked a tech support agent.. But thats it.

Quote:
Originally Posted by jkgm View Post

Given Jizmodo's history, this wouldn't surprise me even a little bit.

Quote:
Originally Posted by AdonisSMU View Post

thats what I was thinking....some clever social engineering my ass...

Quote:
Originally Posted by lostkiwi View Post

I was quite worried by this story until I saw the bit about it being a Gizmodo article.  I used to be a big fan of that site until the stolen iPhone incident. However now I don't trust that site at all. They are a bunch of Apple hating crooks and I couldn't care less about what they say. 

Any time I see a story link to a Gizmodo article, I automatically ignore.

Quote:
Originally Posted by GTR View Post

Unfortunately there is more than one person without morales in that bunch of 'journalists'.

I must admit to being extremely suspicious of this report as well.

Quote:
Originally Posted by Slurpy View Post

Attention-whore much? I'm thinking a book deal might be in the works. 

Quote:
Originally Posted by ascii View Post

Me too. I think the whole thing is a put on.

Quote:
Originally Posted by Rayz View Post

Now this is all starting to look a little bit suspect.

Quote:
Originally Posted by RichL View Post

Nope, Gizmodo is a rotten tech blog that will resort to any tactic to generate page views.

Quote:
Originally Posted by enzos View Post

That's why I smell a rat. A tech geek without a hard-drive back-up = Unbelievable!

And this is a site/company known for receiving stolen property then lying about it.  

The breach might well be real but I see no reason to believe it until independently confirmed.

And if confirmed, that only confirms that Apple staff can be conned and that the Giz journo is an idiot. 

Enz

Quote:
Originally Posted by asdasd View Post

It would be interesting to see how the supposed social engineering worked. If it was guessing the security questions it would be the user mistake. Otherwise I doubt if calling Apple would work easily, let's see what his excuse is. I bet we will find out that he gave some information, which could be used on the phone, to somebody to do this.

The whole thing sounds so rehearsed. Somebody worked out that if you got someones email  iCloud or other - you could use it go retrieve other emails, and reset passwords, and close down systems. Since the iCloud password couldnt be hacked he is claiming some kind of social engineering. Possible,  the people in AppleCare might relent with someone who genuinely forgot his password and had lost email, if there was some other information which only the user should know. 

So I could see this happening, if it didnt then some people would lose their iCloud for ever. However, how likely is that it happened to a gizmodo journalist, and not to a random guy on the street who then called gizmodo? Think about that. There are no known social engineering cases except a journalist for Gizmodo. 
Quote:
Originally Posted by techno View Post

I would not put it past them.
post #96 of 121
Quote:
Originally Posted by webfrasse View Post

I have 2TB on my iMac...that is not going to work and iCloud files are different from ALL files on your Mac.
 

I don't think that's what was being suggested. The post you were responding to suggested putting a copy of your iCloud files on your hard drive - which shouldn't be a problem for most people.

I agree, however, with your sentiments. I don't see iCloud as a viable solution right now. The older iDisk was great - information was automatically mirrored from your computer to the cloud and you could buy massive amounts of space for relatively little. (although you'd probably not want to mirror your whole 2 TB to the cloud). There are other solutions now, but they're not quite as transparent or convenient.
Quote:
Originally Posted by jimoase View Post

OSX 10.8 scares me because it took years of information off my computer and placed it on Apple servers. I discovered this transfer because my computer slowed to snail pace accessing this information.

What evidence do you have that Apple transferred your information to iCloud? They only transfer what you allow them to do.

The slowing you witnessed was probably Spotlight indexing your hard drive - but that information is never sent to Apple.
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #97 of 121
Quote:
Originally Posted by Flaneur View Post

Here's a collection of comments of people who have doubts about this stroy. I missed a few, but clearly Gizmodo has a credibility problem around here.
The whole story stinks. Starting with the obfuscatory term "social engineering." WTF is that supposed to be?

 

The guy writes for Wired, a publication with significantly more credibility than Gizmodo... or AI for that matter. Let's see how it's explained there.

Do not overrate what you have received, nor envy others.
15" Matte MacBook Pro: 2.66Ghz i7, 8GB RAM, GT330m 512MB, 512GB SSD

iPhone 5 Black 32GB

iPad 3rd Generation, 32GB

Mac Mini Core2Duo 2.26ghz,...

Reply

Do not overrate what you have received, nor envy others.
15" Matte MacBook Pro: 2.66Ghz i7, 8GB RAM, GT330m 512MB, 512GB SSD

iPhone 5 Black 32GB

iPad 3rd Generation, 32GB

Mac Mini Core2Duo 2.26ghz,...

Reply
post #98 of 121
Quote:
Originally Posted by Flaneur View Post

Here's a collection of comments of people who have doubts about this stroy. I missed a few, but clearly Gizmodo has a credibility problem around here.
The whole story stinks. Starting with the obfuscatory term "social engineering." WTF is that supposed to be?

'Social Engineering' is the phrase for "I was stupid and gave my password or personally identifying information to someone".
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #99 of 121

Good Strong password....... is another way of saying your information is likely to be attacked and its best protection is a password?  Really!!!  Thats like standing on FreeWay convinced your reactions will save your life every time.  Why place your life, your information at risk for so little gain?

post #100 of 121
Quote:
Originally Posted by jragosta View Post

'Social Engineering' is the phrase for "I was stupid and gave my password or personally identifying information to someone".

Exactly, which means that he's not playing with a full deck with this story. It's nowhere near proof of anything, but fakes usually give themselves away by using language like that.

By the way, as of last night, he seems to have snagged Gruber.
post #101 of 121
So, here we are and Monday is half over. Where's the Wired update that was promised? Surely this should be their highest priority.

Author of The Fuel Injection Bible

Reply

Author of The Fuel Injection Bible

Reply
post #102 of 121

Apple Care mixed up my ID too this weekend, though it was no hack... It was a crack in Apple's database! Tech asks my phone # so he can get back if we're disconnected and I ask "Don't you have that on record?" And he says yeah, your name is Joe S and the # id blah blah blah. And I said WTF? I gave you my name, it certainly isn't Joe S and that's not my #! The tech replies, "Oh,  well, our database got screwed up... Give me the proper info and I'll update it."

 

To which I repeat, WTF?

post #103 of 121
Quote:
Originally Posted by EricTheHalfBee View Post

So, here we are and Monday is half over. Where's the Wired update that was promised? Surely this should be their highest priority.

Maybe, with them being a magazine with real journalists and a reputation to care about, they don't want to just shove out a story without fact-checking before hand. You know, that thing that separates journalism from blogging.

Do not overrate what you have received, nor envy others.
15" Matte MacBook Pro: 2.66Ghz i7, 8GB RAM, GT330m 512MB, 512GB SSD

iPhone 5 Black 32GB

iPad 3rd Generation, 32GB

Mac Mini Core2Duo 2.26ghz,...

Reply

Do not overrate what you have received, nor envy others.
15" Matte MacBook Pro: 2.66Ghz i7, 8GB RAM, GT330m 512MB, 512GB SSD

iPhone 5 Black 32GB

iPad 3rd Generation, 32GB

Mac Mini Core2Duo 2.26ghz,...

Reply
post #104 of 121

This is one of the reasons why I don't use iCloud. Once you trust your data to someone else, and give them remote access to your physical devices, they are not secure any more.

 

Trust your data and syncing to the only fully secure method: managing it yourself.  It's not that hard to have bookmarks set up on your devices.  It's not hard to pass information between devices.  Moving pictures you just took to a computer is solved by a cord and Image Capture. Oh the horror of manual connections!

post #105 of 121
Quote:
Originally Posted by Mazda 3s View Post

Why does everyone keep saying he works for Gizmodo? He USED to work for Gizmodo, he now works for WIRED. I find WIRED to be much higher quality than Gizmodo and tends to attract good writers.
Not everyone that was attached to Gizmodo in the past is trash, so get the stick out of your ass.

Some stains you can never remove from your pants. In Gizmodo's case, they're brown ones.

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply
post #106 of 121
Quote:
Originally Posted by vandil View Post

This is one of the reasons why I don't use iCloud. Once you trust your data to someone else, and give them remote access to your physical devices, they are not secure any more.

Trust your data and syncing to the only fully secure method: managing it yourself.  It's not that hard to have bookmarks set up on your devices.  It's not hard to pass information between devices.  Moving pictures you just took to a computer is solved by a cord and Image Capture. Oh the horror of manual connections!

Touché
Hokey religions and ancient weapons are no match for a good blaster by your side, kid.
Reply
Hokey religions and ancient weapons are no match for a good blaster by your side, kid.
Reply
post #107 of 121
Quote:
Originally Posted by Zoolook View Post

Maybe, with them being a magazine with real journalists and a reputation to care about, they don't want to just shove out a story without fact-checking before hand. You know, that thing that separates journalism from blogging.

 

Or maybe there isn't any real story here at all. At least not one the Apple haters are hoping for.

Author of The Fuel Injection Bible

Reply

Author of The Fuel Injection Bible

Reply
post #108 of 121

Wired has put up a story with the timeline's, Apple's response generally confirming the story, and a Wired test confirming the way it worked, and still worked. Worth a read.

.http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/

melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #109 of 121
Quote:
Originally Posted by Gatorguy View Post

Wired has put up a story with the timeline's, Apple's response generally confirming the story, and a Wired test confirming the way it worked, and still worked. Worth a read.
.http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/

That's very interesting reading, and, if it's accurate, they need to make some security enhancements.
post #110 of 121

I'm not sure why this is an Apple problem.

 

First they go to Google to see his alternate e-mail address (even with blocked out characters, the fact it ends in @me gave them enough). They used Whois to get the billing address for his personal website. Then they go to Amazon and add a credit card to his account (how could Amazon let you add a credit card without first confirming who you are is beyond me). Then they call Amazon back and provided the new credit card number as a verification to change the account e-mail, and once they reset the password with the new e-mail they can see all the CC's he has on file (only the last 4).

 

After all that work they finally go to Apple with information they need to reset his account (billing address, e-mail and last 4 of the CC on file).

 

And all the news stories are yapping about how Apple has some huge flaw in their security.

Author of The Fuel Injection Bible

Reply

Author of The Fuel Injection Bible

Reply
post #111 of 121
Quote:
Originally Posted by EricTheHalfBee View Post

I'm not sure why this is an Apple problem.

First they go to Google to see his alternate e-mail address (even with blocked out characters, the fact it ends in @me gave them enough). They used Whois to get the billing address for his personal website. Then they go to Amazon and add a credit card to his account (how could Amazon let you add a credit card without first confirming who you are is beyond me). Then they call Amazon back and provided the new credit card number as a verification to change the account e-mail, and once they reset the password with the new e-mail they can see all the CC's he has on file (only the last 4).

After all that work they finally go to Apple with information they need to reset his account (billing address, e-mail and last 4 of the CC on file).

And all the news stories are yapping about how Apple has some huge flaw in their security.

I think it's a problem because there are plenty of ways to get a billing address and credit card number - the whole thing, not just the last four digits. Neither are especially private - that's the point of having secret questions and passwords. So even though this indicates flaws in Amazon and Google security too, it still shows a major weakness in Apple's security.
post #112 of 121
Quote:
Originally Posted by muppetry View Post


I think it's a problem because there are plenty of ways to get a billing address and credit card number - the whole thing, not just the last four digits. Neither are especially private - that's the point of having secret questions and passwords. So even though this indicates flaws in Amazon and Google security too, it still shows a major weakness in Apple's security.

 

Can you tell us what my billing address is? Any 4 digits of any of my CC cards? Well, if you snooped through my mail at my house you could get that information. But you'd still need an e-mail to attach it to, and it's not that easy to get all 3 of those for one person.

 

If someone has such easy access to an entire CC and your billing address, then having an Apple account (or GMail or Yahoo or.....) getting compromised is the least of your worries. You should be worried about identity theft and someone else opening up bank accounts and CC's in your name and going to town.

 

Plus this guy is stupid. He's a tech writer and made so many mistakes. Like using his @me address for his Gmail alternate contact. Or using the same CC on multiple online stores (Apple and Amazon at least). Not using an alternate contact e-mail for his website instead of his main e-mail. Not using a different e-mail on his online stores (they never would have been able to get into Amazon in the first place if he didn't use the same e-mail for Amazon).

Author of The Fuel Injection Bible

Reply

Author of The Fuel Injection Bible

Reply
post #113 of 121
Quote:
Originally Posted by EricTheHalfBee View Post

Quote:
Originally Posted by muppetry View Post

I think it's a problem because there are plenty of ways to get a billing address and credit card number - the whole thing, not just the last four digits. Neither are especially private - that's the point of having secret questions and passwords. So even though this indicates flaws in Amazon and Google security too, it still shows a major weakness in Apple's security.

Can you tell us what my billing address is? Any 4 digits of any of my CC cards? Well, if you snooped through my mail at my house you could get that information. But you'd still need an e-mail to attach it to, and it's not that easy to get all 3 of those for one person.

If someone has such easy access to an entire CC and your billing address, then having an Apple account (or GMail or Yahoo or.....) getting compromised is the least of your worries. You should be worried about identity theft and someone else opening up bank accounts and CC's in your name and going to town.

Plus this guy is stupid. He's a tech writer and made so many mistakes. Like using his @me address for his Gmail alternate contact. Or using the same CC on multiple online stores (Apple and Amazon at least). Not using an alternate contact e-mail for his website instead of his main e-mail. Not using a different e-mail on his online stores (they never would have been able to get into Amazon in the first place if he didn't use the same e-mail for Amazon).

Obviously I can't since I don't even know who you are, but I'll bet there are others you might not trust who can. Anytime you order something by phone you give out that combination, and possibly your email address too.

But my point was broader than any specific case; most people's billing address is publicly available (i.e. their home address), and their credit card numbers, while not advertised, are not a closely kept secret such as a password would be. It seems very unwise not to require any secret information or key to be able to unlock an account.
post #114 of 121
Quote:
Originally Posted by EricTheHalfBee View Post

Can you tell us what my billing address is? Any 4 digits of any of my CC cards? Well, if you snooped through my mail at my house you could get that information. But you'd still need an e-mail to attach it to, and it's not that easy to get all 3 of those for one person.

If someone has such easy access to an entire CC and your billing address, then having an Apple account (or GMail or Yahoo or.....) getting compromised is the least of your worries. You should be worried about identity theft and someone else opening up bank accounts and CC's in your name and going to town.

Plus this guy is stupid. He's a tech writer and made so many mistakes. Like using his @me address for his Gmail alternate contact. Or using the same CC on multiple online stores (Apple and Amazon at least). Not using an alternate contact e-mail for his website instead of his main e-mail. Not using a different e-mail on his online stores (they never would have been able to get into Amazon in the first place if he didn't use the same e-mail for Amazon).

I agree, although there are some flaws here.

1. It's interesting that Amazon is the one who gave out identifying information (4 digits of his credit card number) yet Apple is the one who is indicted in almost every press report on the problem.

2. If this isn't a put up, have they contacted law enforcement authorities? It sounds like there's enough evidence here to put someone in jail - yet they've never made any attempt to report it (at least not that they've mentioned publicly). Makes you wonder.

3. I agree that the last 4 digits of your credit card plus your billing address is not a high level of security and Apple should probably have higher standards. OTOH, if they go too far the other direction, then everyone would be complaining that Apple has your full credit card number accessible to the call center person for verification. There is no exact answer and someone's going to be unhappy no matter what vendors do. The real answer is that this person should have set up security questions and should have backed up his information.

4. I just hope we don't get to requiring even more stupid security questions. I hate it when I get a list of questions and I can't remember any of them. "what is the name of your first girlfriend's pet turtle?" "What was your favorite color when you were three?" "What was your favorite ice cream when you were in kindergarten?" Who the heck remembers garbage like that?
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #115 of 121
Quote:
Originally Posted by jragosta View Post

Quote:
Originally Posted by EricTheHalfBee View Post

Can you tell us what my billing address is? Any 4 digits of any of my CC cards? Well, if you snooped through my mail at my house you could get that information. But you'd still need an e-mail to attach it to, and it's not that easy to get all 3 of those for one person.

If someone has such easy access to an entire CC and your billing address, then having an Apple account (or GMail or Yahoo or.....) getting compromised is the least of your worries. You should be worried about identity theft and someone else opening up bank accounts and CC's in your name and going to town.

Plus this guy is stupid. He's a tech writer and made so many mistakes. Like using his @me address for his Gmail alternate contact. Or using the same CC on multiple online stores (Apple and Amazon at least). Not using an alternate contact e-mail for his website instead of his main e-mail. Not using a different e-mail on his online stores (they never would have been able to get into Amazon in the first place if he didn't use the same e-mail for Amazon).

I agree, although there are some flaws here.

1. It's interesting that Amazon is the one who gave out identifying information (4 digits of his credit card number) yet Apple is the one who is indicted in almost every press report on the problem.

2. If this isn't a put up, have they contacted law enforcement authorities? It sounds like there's enough evidence here to put someone in jail - yet they've never made any attempt to report it (at least not that they've mentioned publicly). Makes you wonder.

3. I agree that the last 4 digits of your credit card plus your billing address is not a high level of security and Apple should probably have higher standards. OTOH, if they go too far the other direction, then everyone would be complaining that Apple has your full credit card number accessible to the call center person for verification. There is no exact answer and someone's going to be unhappy no matter what vendors do. The real answer is that this person should have set up security questions and should have backed up his information.

4. I just hope we don't get to requiring even more stupid security questions. I hate it when I get a list of questions and I can't remember any of them. "what is the name of your first girlfriend's pet turtle?" "What was your favorite color when you were three?" "What was your favorite ice cream when you were in kindergarten?" Who the heck remembers garbage like that?

Even the entire card number would not be good security. There has to be something that you don't ever give out in other contexts - a password or a secret question. They're not that hard to deal with.
post #116 of 121
Quote:
Originally Posted by muppetry View Post


Obviously I can't since I don't even know who you are, but I'll bet there are others you might not trust who can. Anytime you order something by phone you give out that combination, and possibly your email address too.
But my point was broader than any specific case; most people's billing address is publicly available (i.e. their home address), and their credit card numbers, while not advertised, are not a closely kept secret such as a password would be. It seems very unwise not to require any secret information or key to be able to unlock an account.

 

To battle that I use common sense. I have a different card for Apple and Amazon (curiously, the only two retailers I actually leave this data with). For all other purchases I have a pre-paid credit card that I keep only as much money on as I plan to spend (I load it up just before a planned purchase). I use this at gas stations, restaurants and other likely places to get "skimmed" by a staff member collecting CC data. I also use it for online purchases at retailers I'm not familiar with.

 

I also use different e-mails for Apple and Amazon, and I have a "throwaway" e-mail when dealing with all the smaller stores. None of the techniques these people used would have worked on me, since I keep things separate. This guy used the same e-mail and CC on both Amazon and Apple, which made it easy to "link" his accounts once one was compromised.

 

Apple could add more items to their security questions, but as mentioned customers would get mad at having to jump through more hoops to create an account (or get customer support). I think people should be better educated on using accounts, credit cards and e-mails online. It's funny how people will create fake e-mails so they can post in an online forum, yet can't be bothered to create a separate e-mail for banking or other online transactions.

Author of The Fuel Injection Bible

Reply

Author of The Fuel Injection Bible

Reply
post #117 of 121
Quote:
Originally Posted by EricTheHalfBee View Post

Quote:
Originally Posted by muppetry View Post

Obviously I can't since I don't even know who you are, but I'll bet there are others you might not trust who can. Anytime you order something by phone you give out that combination, and possibly your email address too.

But my point was broader than any specific case; most people's billing address is publicly available (i.e. their home address), and their credit card numbers, while not advertised, are not a closely kept secret such as a password would be. It seems very unwise not to require any secret information or key to be able to unlock an account.

To battle that I use common sense. I have a different card for Apple and Amazon (curiously, the only two retailers I actually leave this data with). For all other purchases I have a pre-paid credit card that I keep only as much money on as I plan to spend (I load it up just before a planned purchase). I use this at gas stations, restaurants and other likely places to get "skimmed" by a staff member collecting CC data. I also use it for online purchases at retailers I'm not familiar with.

I also use different e-mails for Apple and Amazon, and I have a "throwaway" e-mail when dealing with all the smaller stores. None of the techniques these people used would have worked on me, since I keep things separate. This guy used the same e-mail and CC on both Amazon and Apple, which made it easy to "link" his accounts once one was compromised.

Apple could add more items to their security questions, but as mentioned customers would get mad at having to jump through more hoops to create an account (or get customer support). I think people should be better educated on using accounts, credit cards and e-mails online. It's funny how people will create fake e-mails so they can post in an online forum, yet can't be bothered to create a separate e-mail for banking or other online transactions.

Those are all good ideas, and good practices, but to require all customers to have multiple credit cards and multiple emails for different accounts, just to stay secure, seems much more inconvenient than putting in place a simple, yet robust authentication system. That's how banks and other financial institutions work - they would be crucified if they used CC, email and address. I guess I'm just a bit baffled by your resistance to that solution.
post #118 of 121
I wouldn't touch iCloud with a ten foot pole -
Do we even have a clue who actually runs it - owns it?

I'd rather use Rack Space - an entity that has a real face - address - and phone number.

Ever Since iCal became a worthless way to live - of missed birthdays - missing past events -
I've given up on Apples childish attempts at anything iCloud based solely to keep the airway alive by 3rd party kickbacks vs hard core real data on a device that doesn't need a connection to some entity.

Everything would be just fine - had I stuck with Yahoo Calendar -
in ten years - it has always worked -
Has always sent an alert of the event.

Still no calendar from Apple - Stuck at iCal 4.0.4
A search on iPad at App Store led to hundreds of others - not one from Apple.

I went Apple 6-7 years ago with everything -
the childish acts of software are still there -
even down to the names of files.

There's no Professional business I know that uses Apple vs Rim for solid Apps.

Some Stuff Related, PC to Apple 2005

Reply

Some Stuff Related, PC to Apple 2005

Reply
post #119 of 121
Quote:
Originally Posted by Philscbx View Post

I wouldn't touch iCloud with a ten foot pole -
Do we even have a clue who actually runs it - owns it?

Apple!

 

And what do you mean by "Still no calendar from Apple - Stuck at iCal 4.0.4. A search on iPad at App Store led to hundreds of others - not one from Apple."?

JLL

95% percent of the boat is owned by Microsoft, but the 5% Apple controls happens to be the rudder!
Reply
JLL

95% percent of the boat is owned by Microsoft, but the 5% Apple controls happens to be the rudder!
Reply
post #120 of 121

Did I knowingly allow Apple to transfer my private information or was it transferred by default?  

 

Kind of like saying to your neighbor "You door was unlocked so I just walked in".  OSX 10.8 was defaulted to "just walk in".  Communities can not survive on low ethical, moral standards such as that.  There must be a basic set of community standards, that everyone knows, or there will be more "you allowed" comments because you didn't read all the fine print and turn off all the defaults.  A situation made more difficult because of automated install processes.

 

Such substandard behavior will grind free enterprise to a halt with reams of convoluted contracts.

 

More appalling was what it took to correct the "default".  Apple wasn't doing what you would do for your neighbor if you had inadvertently wronged them.  There was not obvious, famously Apple clean way to reverse the process.

 

Ethics, morals and self responsibility are no longer taught in state run mandatory attendance public education.  Apple's and responses like yours are good indication of the results.

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: General Discussion
AppleInsider › Forums › General › General Discussion › Apple tech support 'socially engineered' in hack of journalist's iCloud account