Apple tech support 'socially engineered' in hack of journalist's iCloud account

24567

Comments

  • Reply 21 of 121
    jonyojonyo Posts: 117member


    Here's a possibly dumb question:


     


    Is there any way to remove the ability for your Mac to be remotely wiped aside from simply turning off "Find My Mac" from the iCloud prefpane? I'd like to be able to turn off the ability to wipe my Mac without turning off my ability to FIND the Mac, but I suspect this isn't possible.

  • Reply 22 of 121
    solipsismxsolipsismx Posts: 19,566member
    jonyo wrote: »
    Here's a possibly dumb question:

    Is there any way to remove the ability for your Mac to be remotely wiped aside from simply turning off "Find My Mac" from the iCloud prefpane? I'd like to be able to turn off the ability to wipe my Mac without turning off my ability to FIND the Mac, but I suspect this isn't possible.

    That's one of the things I wish Apple would add. Under the Security panel in System Administrators I'd like for a list of options of what Find My Mac can show and do about your Mac from a remote location.
  • Reply 23 of 121
    tylerk36tylerk36 Posts: 1,037member


    In about two weeks I will be going the way of many soldiers.  Take care.


     


  • Reply 24 of 121

    Quote:

    Originally Posted by sabuga View Post


    [....]private FaceBook account[....]



     


    Being an oxymoron, was that stated for irony?

  • Reply 25 of 121
    normmnormm Posts: 653member
    nagromme wrote: »
    And I’ll always have multiple backups of my own! If anyone somehow attacks me, I’ll be back up and running in a matter of hours with no loss. (I even do my backups in multiple different ways and store them in different places, but I know most won’t go THAT far. For most, the “cloud" is potentially a great thing in case of fire!)

    I just turned off Find-My-Mac on my Mac Pro, which I use as a Time Machine backup server. I knew this wasn't ideal since it's not off site, but I didn't realize until now that if someone hacked into my iCloud account, they could erase all of my machines, including the one that contains all my backups of my other machines!
  • Reply 26 of 121
    chris_cachris_ca Posts: 2,543member

    Quote:

    Originally Posted by AppleInsider View Post



    The hack was first thought to be a simple brute force attack on Honan's seven-digit alphanumeric iCloud password, which he has used for "years and years,


    iCloud is less than one year old.


    and not changing a password for "years and years"?


    and then broadcasting the fact that he never changes his passwords?


    and that he uses 7 digits?


     


    As Red Foreman would say,,,

  • Reply 27 of 121

    Quote:

    Originally Posted by Bryce Yates View Post


    The only way any organization in the world does resolve anything is if a big deal is made.

     



     


    There I fixed that for you. A city won't put in a stop sign at a dangerous crosswalk until a pedestrian is killed in traffic. Websites that hold your financial/personal information don't beef up their security or encryption until some "Anonymous" hacks their site and steals thousands of individual's sensitive data. It's how the world works 99% of the time. We are reactive instead of proactive for the most part. So while this seems to be Apple's fault, you can't single Apple or any organization out for what the world accepts as common practice.


     


    Quote:

    Originally Posted by jonyo View Post


    Here's a possibly dumb question:


     


    Is there any way to remove the ability for your Mac to be remotely wiped aside from simply turning off "Find My Mac" from the iCloud prefpane? I'd like to be able to turn off the ability to wipe my Mac without turning off my ability to FIND the Mac, but I suspect this isn't possible.



     


    Maybe this unfortunate incident will motivate Apple to separate those features, however, what's to prevent someone whose hacked or let into your account from checking the "Ok to wipe" box then wiping your drive? Also, I can see certain specific situations where someone might need the "Find My Mac" function, but I'm still laughing imagining someone forgetting where they left their laptop and needing that feature, lol.

  • Reply 28 of 121
    solipsismxsolipsismx Posts: 19,566member
    chris_ca wrote: »
    iCloud is less than one year old.
    and not changing a password for "years and years"?
    and then broadcasting the fact that he never changes his passwords?
    and that he uses 7 digits?

    As Red Foreman would say,,,

    And that is an issue, but if this article is to be believed (and I think it is) then having a 32 digit password with random letters, numbers and special characters wouldn't have made a difference.
  • Reply 29 of 121

    Quote:

    Originally Posted by muppetry View Post





    Well to be fair - if it is true then it is a real issue, since it implies that the controls against it happening are administrative, rather than engineered. That said, I'm sure Apple will fix it, and quickly.


    It's to do with Apple retail  support as a customer service being too helpful in this particular case, it seems.


     


    There's a time to deny and a time to be firm - a time for everything under the sun...


     


    You cast pearls before swine and they will trample them underfoot...

  • Reply 30 of 121


    To me looks like Honan got a friend to pretend to be him, let him know the answers and trick the tech support to do all that stuff and then come as a victim and generate some attention... Look at his tweets.. he is not anger at all, like he doesn't care about his lost of data..  Anyone else would had the blood pressure up high, it would be totally normal to be angry. But Honan is not..


    Then, the use of the word "hacker" exaggerated... yes... Guy didn't hacked that equipment, not iCloud, tricked a tech support agent.. But thats it.

  • Reply 31 of 121
    jonyojonyo Posts: 117member

    Quote:

    Originally Posted by silverpraxis View Post


     


    There I fixed that for you. A city won't put in a stop sign at a dangerous crosswalk until a pedestrian is killed in traffic. Websites that hold your financial/personal information don't beef up their security or encryption until some "Anonymous" hacks their site and steals thousands of individual's sensitive data. It's how the world works 99% of the time. We are reactive instead of proactive for the most part. So while this seems to be Apple's fault, you can't single Apple or any organization out for what the world accepts as common practice.


     


     


    Maybe this unfortunate incident will motivate Apple to separate those features, however, what's to prevent someone whose hacked or let into your account from checking the "Ok to wipe" box then wiping your drive? Also, I can see certain specific situations where someone might need the "Find My Mac" function, but I'm still laughing imagining someone forgetting where they left their laptop and needing that feature, lol.



     


    It's about the possibility of attack from 2 sides, the 1st being if your icloud account is hacked or somehow compromised, and the 2nd being if your mac is stolen. If my laptop is stolen, I'd like to be able to use find my mac to possibly locate it on a map, maybe increasing the possibility that it could be recovered. At the same time, if my icloud were hacked, then someone could wipe my Mac, and I wouldn't know it until it happened, and I don't want that either. I do have local backups, as I use time machine and I also make period bootable clones of the drive. Because of the way icloud connects your computer and your icloud account, you essentially have to make a choice on what's more likely, your icloud account being hacked/compromised, or your Mac itself being stolen, and set your icloud settings accordingly both online and on the Mac.


     


    I have a desktop Mac as well, and since I don't worry as much about that one being stolen as I do my laptop, I have Find My Mac turned off on that one.

  • Reply 32 of 121
    jkgmjkgm Posts: 22member

    Quote:

    Originally Posted by plokoonpma View Post


    To me looks like Honan got a friend to pretend to be him, let him know the answers and trick the tech support to do all that stuff and then come as a victim and generate some attention... Look at his tweets.. he is not anger at all, like he doesn't care about his lost of data..  Anyone else would had the blood pressure up high, it would be totally normal to be angry. But Honan is not..



     


    Given Jizmodo's history, this wouldn't surprise me even a little bit.

  • Reply 33 of 121

    Quote:


    Originally Posted by mcarroll View Post

     


    Quote:




    Originally Posted by sabuga View Post

     


    [....]private FaceBook account[....]




     


     


    Being an oxymoron, was that stated for irony?



     


     


    Another option is use some other name on facebork.


    e.g. they wanted me to fax a copy of my driver's license to create an account with my real name, but they had no problem with me creating one for Hank Hill from Arlen TX, where I'm the assistant manager at Strickland Propane, tell ya wut.?

  • Reply 34 of 121
    bocboc Posts: 72member


    How about roll out voice prints for an additional layer of security.  It is NOT that difficult.

  • Reply 35 of 121
    hill60hill60 Posts: 6,992member
    I'd like to know more about the "social engineering" as I suspect it would involve identity theft.

    "This is my name, my date of birth, my home address, my phone number, my email address, I've forgotten my password and my questions don't work, can you help me out here, is there any more information I need to give you?"

    I doubt Apple reps (like anyone else working for a holder of secure information) would have access to credit card and social security numbers, maybe the last 3 or 4 digits but not the whole number.

    It will be interesting to see what this "social engineering" involved.
  • Reply 36 of 121
    djsherlydjsherly Posts: 1,031member
    quadra 610 wrote: »
    Gizmodo. 

    Only if you think those at giz are douches to a man/woman. As best I can tell its just the douche holding the phone that's the douche.
  • Reply 37 of 121
    solipsismxsolipsismx Posts: 19,566member
    boc wrote: »
    How about roll out voice prints for an additional layer of security.  It is NOT that difficult.

    There is no biometric that is secure; especially not a voice print. The best security is still something you store in memory.

    Now adding voice print to a list of other items can help with security but it's also a bit of a "TSA" in that it's mostly a false sense of security. Would the voice print even work if you have a cold or right after you wake up in the morning?

    hill60 wrote: »
    I'd like to know more about the "social engineering" as I suspect it would involve identity theft.
    "This is my name, my date of birth, my home address, my phone number, my email address, I've forgotten my password and my questions don't work, can you help me out here, is there any more information I need to give you?"
    I doubt Apple reps (like anyone else working for a holder of secure information) would have access to credit card and social security numbers, maybe the last 3 or 4 digits but not the whole number.
    It will be interesting to see what this "social engineering" involved.

    Assuming everything Honan has stated is accurate this is just identity theft, not hacking.
  • Reply 38 of 121
    adonissmuadonissmu Posts: 1,776member

    Quote:

    Originally Posted by plokoonpma View Post


    To me looks like Honan got a friend to pretend to be him, let him know the answers and trick the tech support to do all that stuff and then come as a victim and generate some attention... Look at his tweets.. he is not anger at all, like he doesn't care about his lost of data..  Anyone else would had the blood pressure up high, it would be totally normal to be angry. But Honan is not..


    Then, the use of the word "hacker" exaggerated... yes... Guy didn't hacked that equipment, not iCloud, tricked a tech support agent.. But thats it.



    thats what I was thinking....some clever social engineering my ass...

  • Reply 39 of 121
    quadra 610 wrote: »
    Payback.    ;)



    1000
    Or at the very least, karma.
  • Reply 40 of 121
    adonissmuadonissmu Posts: 1,776member

    Quote:

    Originally Posted by SolipsismX View Post





    There is no biometric that is secure; especially not a voice print. The best security is still something you store in memory.

    Now adding voice print to a list of other items can help with security but it's also a bit of a "TSA" in that it's mostly a false sense of security. Would the voice print even work if you have a cold or right after you wake up in the morning?

    Assuming everything Honan has stated is accurate this is just identity theft, not hacking.


    Just identity theft....nothing major like hacking.

Sign In or Register to comment.