Is there any way to remove the ability for your Mac to be remotely wiped aside from simply turning off "Find My Mac" from the iCloud prefpane? I'd like to be able to turn off the ability to wipe my Mac without turning off my ability to FIND the Mac, but I suspect this isn't possible.
Is there any way to remove the ability for your Mac to be remotely wiped aside from simply turning off "Find My Mac" from the iCloud prefpane? I'd like to be able to turn off the ability to wipe my Mac without turning off my ability to FIND the Mac, but I suspect this isn't possible.
That's one of the things I wish Apple would add. Under the Security panel in System Administrators I'd like for a list of options of what Find My Mac can show and do about your Mac from a remote location.
And I’ll always have multiple backups of my own! If anyone somehow attacks me, I’ll be back up and running in a matter of hours with no loss. (I even do my backups in multiple different ways and store them in different places, but I know most won’t go THAT far. For most, the “cloud" is potentially a great thing in case of fire!)
I just turned off Find-My-Mac on my Mac Pro, which I use as a Time Machine backup server. I knew this wasn't ideal since it's not off site, but I didn't realize until now that if someone hacked into my iCloud account, they could erase all of my machines, including the one that contains all my backups of my other machines!
The hack was first thought to be a simple brute force attack on Honan's seven-digit alphanumeric iCloud password, which he has used for "years and years,
iCloud is less than one year old.
and not changing a password for "years and years"?
and then broadcasting the fact that he never changes his passwords?
The only way any organization in the world does resolve anything is if a big deal is made.
There I fixed that for you. A city won't put in a stop sign at a dangerous crosswalk until a pedestrian is killed in traffic. Websites that hold your financial/personal information don't beef up their security or encryption until some "Anonymous" hacks their site and steals thousands of individual's sensitive data. It's how the world works 99% of the time. We are reactive instead of proactive for the most part. So while this seems to be Apple's fault, you can't single Apple or any organization out for what the world accepts as common practice.
Quote:
Originally Posted by jonyo
Here's a possibly dumb question:
Is there any way to remove the ability for your Mac to be remotely wiped aside from simply turning off "Find My Mac" from the iCloud prefpane? I'd like to be able to turn off the ability to wipe my Mac without turning off my ability to FIND the Mac, but I suspect this isn't possible.
Maybe this unfortunate incident will motivate Apple to separate those features, however, what's to prevent someone whose hacked or let into your account from checking the "Ok to wipe" box then wiping your drive? Also, I can see certain specific situations where someone might need the "Find My Mac" function, but I'm still laughing imagining someone forgetting where they left their laptop and needing that feature, lol.
iCloud is less than one year old.
and not changing a password for "years and years"?
and then broadcasting the fact that he never changes his passwords?
and that he uses 7 digits?
As Red Foreman would say,,,
And that is an issue, but if this article is to be believed (and I think it is) then having a 32 digit password with random letters, numbers and special characters wouldn't have made a difference.
Well to be fair - if it is true then it is a real issue, since it implies that the controls against it happening are administrative, rather than engineered. That said, I'm sure Apple will fix it, and quickly.
It's to do with Apple retail support as a customer service being too helpful in this particular case, it seems.
There's a time to deny and a time to be firm - a time for everything under the sun...
You cast pearls before swine and they will trample them underfoot...
To me looks like Honan got a friend to pretend to be him, let him know the answers and trick the tech support to do all that stuff and then come as a victim and generate some attention... Look at his tweets.. he is not anger at all, like he doesn't care about his lost of data.. Anyone else would had the blood pressure up high, it would be totally normal to be angry. But Honan is not..
Then, the use of the word "hacker" exaggerated... yes... Guy didn't hacked that equipment, not iCloud, tricked a tech support agent.. But thats it.
There I fixed that for you. A city won't put in a stop sign at a dangerous crosswalk until a pedestrian is killed in traffic. Websites that hold your financial/personal information don't beef up their security or encryption until some "Anonymous" hacks their site and steals thousands of individual's sensitive data. It's how the world works 99% of the time. We are reactive instead of proactive for the most part. So while this seems to be Apple's fault, you can't single Apple or any organization out for what the world accepts as common practice.
Maybe this unfortunate incident will motivate Apple to separate those features, however, what's to prevent someone whose hacked or let into your account from checking the "Ok to wipe" box then wiping your drive? Also, I can see certain specific situations where someone might need the "Find My Mac" function, but I'm still laughing imagining someone forgetting where they left their laptop and needing that feature, lol.
It's about the possibility of attack from 2 sides, the 1st being if your icloud account is hacked or somehow compromised, and the 2nd being if your mac is stolen. If my laptop is stolen, I'd like to be able to use find my mac to possibly locate it on a map, maybe increasing the possibility that it could be recovered. At the same time, if my icloud were hacked, then someone could wipe my Mac, and I wouldn't know it until it happened, and I don't want that either. I do have local backups, as I use time machine and I also make period bootable clones of the drive. Because of the way icloud connects your computer and your icloud account, you essentially have to make a choice on what's more likely, your icloud account being hacked/compromised, or your Mac itself being stolen, and set your icloud settings accordingly both online and on the Mac.
I have a desktop Mac as well, and since I don't worry as much about that one being stolen as I do my laptop, I have Find My Mac turned off on that one.
To me looks like Honan got a friend to pretend to be him, let him know the answers and trick the tech support to do all that stuff and then come as a victim and generate some attention... Look at his tweets.. he is not anger at all, like he doesn't care about his lost of data.. Anyone else would had the blood pressure up high, it would be totally normal to be angry. But Honan is not..
Given Jizmodo's history, this wouldn't surprise me even a little bit.
Another option is use some other name on facebork.
e.g. they wanted me to fax a copy of my driver's license to create an account with my real name, but they had no problem with me creating one for Hank Hill from Arlen TX, where I'm the assistant manager at Strickland Propane, tell ya wut.?
I'd like to know more about the "social engineering" as I suspect it would involve identity theft.
"This is my name, my date of birth, my home address, my phone number, my email address, I've forgotten my password and my questions don't work, can you help me out here, is there any more information I need to give you?"
I doubt Apple reps (like anyone else working for a holder of secure information) would have access to credit card and social security numbers, maybe the last 3 or 4 digits but not the whole number.
It will be interesting to see what this "social engineering" involved.
How about roll out voice prints for an additional layer of security. It is NOT that difficult.
There is no biometric that is secure; especially not a voice print. The best security is still something you store in memory.
Now adding voice print to a list of other items can help with security but it's also a bit of a "TSA" in that it's mostly a false sense of security. Would the voice print even work if you have a cold or right after you wake up in the morning?
I'd like to know more about the "social engineering" as I suspect it would involve identity theft.
"This is my name, my date of birth, my home address, my phone number, my email address, I've forgotten my password and my questions don't work, can you help me out here, is there any more information I need to give you?"
I doubt Apple reps (like anyone else working for a holder of secure information) would have access to credit card and social security numbers, maybe the last 3 or 4 digits but not the whole number.
It will be interesting to see what this "social engineering" involved.
Assuming everything Honan has stated is accurate this is just identity theft, not hacking.
To me looks like Honan got a friend to pretend to be him, let him know the answers and trick the tech support to do all that stuff and then come as a victim and generate some attention... Look at his tweets.. he is not anger at all, like he doesn't care about his lost of data.. Anyone else would had the blood pressure up high, it would be totally normal to be angry. But Honan is not..
Then, the use of the word "hacker" exaggerated... yes... Guy didn't hacked that equipment, not iCloud, tricked a tech support agent.. But thats it.
thats what I was thinking....some clever social engineering my ass...
There is no biometric that is secure; especially not a voice print. The best security is still something you store in memory.
Now adding voice print to a list of other items can help with security but it's also a bit of a "TSA" in that it's mostly a false sense of security. Would the voice print even work if you have a cold or right after you wake up in the morning?
Assuming everything Honan has stated is accurate this is just identity theft, not hacking.
Just identity theft....nothing major like hacking.
Comments
Here's a possibly dumb question:
Is there any way to remove the ability for your Mac to be remotely wiped aside from simply turning off "Find My Mac" from the iCloud prefpane? I'd like to be able to turn off the ability to wipe my Mac without turning off my ability to FIND the Mac, but I suspect this isn't possible.
That's one of the things I wish Apple would add. Under the Security panel in System Administrators I'd like for a list of options of what Find My Mac can show and do about your Mac from a remote location.
In about two weeks I will be going the way of many soldiers. Take care.
Quote:
Originally Posted by sabuga
[....]private FaceBook account[....]
Being an oxymoron, was that stated for irony?
I just turned off Find-My-Mac on my Mac Pro, which I use as a Time Machine backup server. I knew this wasn't ideal since it's not off site, but I didn't realize until now that if someone hacked into my iCloud account, they could erase all of my machines, including the one that contains all my backups of my other machines!
Quote:
Originally Posted by AppleInsider
The hack was first thought to be a simple brute force attack on Honan's seven-digit alphanumeric iCloud password, which he has used for "years and years,
iCloud is less than one year old.
and not changing a password for "years and years"?
and then broadcasting the fact that he never changes his passwords?
and that he uses 7 digits?
As Red Foreman would say,,,
Quote:
Originally Posted by Bryce Yates
The only way any organization in the world does resolve anything is if a big deal is made.
There I fixed that for you. A city won't put in a stop sign at a dangerous crosswalk until a pedestrian is killed in traffic. Websites that hold your financial/personal information don't beef up their security or encryption until some "Anonymous" hacks their site and steals thousands of individual's sensitive data. It's how the world works 99% of the time. We are reactive instead of proactive for the most part. So while this seems to be Apple's fault, you can't single Apple or any organization out for what the world accepts as common practice.
Quote:
Originally Posted by jonyo
Here's a possibly dumb question:
Is there any way to remove the ability for your Mac to be remotely wiped aside from simply turning off "Find My Mac" from the iCloud prefpane? I'd like to be able to turn off the ability to wipe my Mac without turning off my ability to FIND the Mac, but I suspect this isn't possible.
Maybe this unfortunate incident will motivate Apple to separate those features, however, what's to prevent someone whose hacked or let into your account from checking the "Ok to wipe" box then wiping your drive? Also, I can see certain specific situations where someone might need the "Find My Mac" function, but I'm still laughing imagining someone forgetting where they left their laptop and needing that feature, lol.
And that is an issue, but if this article is to be believed (and I think it is) then having a 32 digit password with random letters, numbers and special characters wouldn't have made a difference.
Quote:
Originally Posted by muppetry
Well to be fair - if it is true then it is a real issue, since it implies that the controls against it happening are administrative, rather than engineered. That said, I'm sure Apple will fix it, and quickly.
It's to do with Apple retail support as a customer service being too helpful in this particular case, it seems.
There's a time to deny and a time to be firm - a time for everything under the sun...
You cast pearls before swine and they will trample them underfoot...
To me looks like Honan got a friend to pretend to be him, let him know the answers and trick the tech support to do all that stuff and then come as a victim and generate some attention... Look at his tweets.. he is not anger at all, like he doesn't care about his lost of data.. Anyone else would had the blood pressure up high, it would be totally normal to be angry. But Honan is not..
Then, the use of the word "hacker" exaggerated... yes... Guy didn't hacked that equipment, not iCloud, tricked a tech support agent.. But thats it.
Quote:
Originally Posted by silverpraxis
There I fixed that for you. A city won't put in a stop sign at a dangerous crosswalk until a pedestrian is killed in traffic. Websites that hold your financial/personal information don't beef up their security or encryption until some "Anonymous" hacks their site and steals thousands of individual's sensitive data. It's how the world works 99% of the time. We are reactive instead of proactive for the most part. So while this seems to be Apple's fault, you can't single Apple or any organization out for what the world accepts as common practice.
Maybe this unfortunate incident will motivate Apple to separate those features, however, what's to prevent someone whose hacked or let into your account from checking the "Ok to wipe" box then wiping your drive? Also, I can see certain specific situations where someone might need the "Find My Mac" function, but I'm still laughing imagining someone forgetting where they left their laptop and needing that feature, lol.
It's about the possibility of attack from 2 sides, the 1st being if your icloud account is hacked or somehow compromised, and the 2nd being if your mac is stolen. If my laptop is stolen, I'd like to be able to use find my mac to possibly locate it on a map, maybe increasing the possibility that it could be recovered. At the same time, if my icloud were hacked, then someone could wipe my Mac, and I wouldn't know it until it happened, and I don't want that either. I do have local backups, as I use time machine and I also make period bootable clones of the drive. Because of the way icloud connects your computer and your icloud account, you essentially have to make a choice on what's more likely, your icloud account being hacked/compromised, or your Mac itself being stolen, and set your icloud settings accordingly both online and on the Mac.
I have a desktop Mac as well, and since I don't worry as much about that one being stolen as I do my laptop, I have Find My Mac turned off on that one.
Quote:
Originally Posted by plokoonpma
To me looks like Honan got a friend to pretend to be him, let him know the answers and trick the tech support to do all that stuff and then come as a victim and generate some attention... Look at his tweets.. he is not anger at all, like he doesn't care about his lost of data.. Anyone else would had the blood pressure up high, it would be totally normal to be angry. But Honan is not..
Given Jizmodo's history, this wouldn't surprise me even a little bit.
Quote:
Originally Posted by mcarroll
Quote:
Originally Posted by sabuga
[....]private FaceBook account[....]
Being an oxymoron, was that stated for irony?
Another option is use some other name on facebork.
e.g. they wanted me to fax a copy of my driver's license to create an account with my real name, but they had no problem with me creating one for Hank Hill from Arlen TX, where I'm the assistant manager at Strickland Propane, tell ya wut.?
How about roll out voice prints for an additional layer of security. It is NOT that difficult.
"This is my name, my date of birth, my home address, my phone number, my email address, I've forgotten my password and my questions don't work, can you help me out here, is there any more information I need to give you?"
I doubt Apple reps (like anyone else working for a holder of secure information) would have access to credit card and social security numbers, maybe the last 3 or 4 digits but not the whole number.
It will be interesting to see what this "social engineering" involved.
Only if you think those at giz are douches to a man/woman. As best I can tell its just the douche holding the phone that's the douche.
There is no biometric that is secure; especially not a voice print. The best security is still something you store in memory.
Now adding voice print to a list of other items can help with security but it's also a bit of a "TSA" in that it's mostly a false sense of security. Would the voice print even work if you have a cold or right after you wake up in the morning?
Assuming everything Honan has stated is accurate this is just identity theft, not hacking.
Quote:
Originally Posted by plokoonpma
To me looks like Honan got a friend to pretend to be him, let him know the answers and trick the tech support to do all that stuff and then come as a victim and generate some attention... Look at his tweets.. he is not anger at all, like he doesn't care about his lost of data.. Anyone else would had the blood pressure up high, it would be totally normal to be angry. But Honan is not..
Then, the use of the word "hacker" exaggerated... yes... Guy didn't hacked that equipment, not iCloud, tricked a tech support agent.. But thats it.
thats what I was thinking....some clever social engineering my ass...
Quote:
Originally Posted by SolipsismX
There is no biometric that is secure; especially not a voice print. The best security is still something you store in memory.
Now adding voice print to a list of other items can help with security but it's also a bit of a "TSA" in that it's mostly a false sense of security. Would the voice print even work if you have a cold or right after you wake up in the morning?
Assuming everything Honan has stated is accurate this is just identity theft, not hacking.
Just identity theft....nothing major like hacking.