Definitely ID theft. It happens all the time. BTW, with that many iCloud-enabled IT equipments, he would be fool not to have offline/site backups. I guess either he is or this is just, what they call it, a stunt, if the way this story developed (as per post #31 above) is true. Either way, ID theft. Not traditional hacking..
I was quite worried by this story until I saw the bit about it being a Gizmodo article. I used to be a big fan of that site until the stolen iPhone incident. However now I don't trust that site at all. They are a bunch of Apple hating crooks and I couldn't care less about what they say.
Any time I see a story link to a Gizmodo article, I automatically ignore.
I was quite worried by this story until I saw the bit about it being a Gizmodo article. I used to be a big fan of that site until the stolen iPhone incident. However now I don't trust that site at all. They are a bunch of Apple hating crooks and I couldn't care less about what they say.
Any time I see a story link to a Gizmodo article, I automatically ignore.
Yeah, i usually don't open links to Giz or Engad. Those sites seem to only worship specs and cores.
How predictable that this story is plastered as a headline on every tech blog and website, I thought maybe this site would have a little more self control/discipline and refrain from the sensationalism, but I guess not. Every website has become like an RSS feed of every other site, just a different layout with the same stories. Regardless, if this story is indeed true, this Matt guy is an absolute moron and grossly negligent- expecially considering that he's a tech blogger (!). Everyone is asking for the head of the Apple tech support guy, but we don't know if he actually did anything wrong or not. What if he followed the official guidelines, and the guy was able to answer every security question and give enough detail/personal info? Regardless, let's look at the facts, and how this tech cloumnist got himself to this point, and the choices he made:
- He CHOSE to somehow not have a single backup of his data. On OSX this couldn't be easier. Open time machine, turn on the massive ON button, and boom- data is backed up completely, automatically, consistently on an external volume. Not to mention the myriad of free cloud syncing services available like dropbox, etc. But no, he lost 'years' of data because this tech blogger couldn't be bothered to make a single backup of his data. Brilliant. My neighbor who once asked me if the printer was her computer knows how to backup on OSX.
- He CHOSE to not once change his passwords for 'many years'. Again, brilliant.
- He CHOSE to link up all his online accounts, so once iCloud was compromised access to his gmail/twitter/etc were also wide open. Genius.
- He CHOSE to turn on the find my device/wipe options for all his devices, knowing that he didn't have any backups and that he'd be screwed if he had to use the option. Thats some foresight for you.
- He CHOSE to put his entire digital online and offline life behind a single password with absolutely no fallbacks.
These are just the few things he mentioned, any of which would be considered bad security practise, but all together present the picture of someone who is grossly negligent considered his supposed knowledge of tech and the industry he covers. And he's in a position to advise others about tech? It's why I can't scrounge up an ounce of sympathy for him. Shit happens. Hard drives crash. Stuff gets stolen. There's no excuse for him not to have a backup. There's less excuse for all that other stuff. Before attacking Apple's security practises and calling for heads to roll, why not demand some personal responsibility? Yeah, he got unlucky, but he left the door wide, wide open for catastrophic damage. If someone got access to my iCloud, the damage would be temporary and reversible. I'd have some downtime but would be up and running within a few hours. If I was him I'd be embarrassed to post this story, but hey, there's no such thing as shame these days. He need to publicize his massive mistakes to the world so he can point the blame to someone else. Practise some common sense people, and something like this could never ever happen to you.
How predictable that this story is plastered as a headline on every tech blog and website, I thought maybe this site would have a little more self control/discipline and refrain from the sensationalism, but I guess not. Every website has become like an RSS feed of every other site, just a different layout with the same stories. Regardless, if this story is indeed true, this Matt guy is an absolute moron and grossly negligent- expecially considering that he's a tech blogger (!). Everyone is asking for the head of the Apple tech support guy, but we don't know if he actually did anything wrong or not. What if he followed the official guidelines, and the guy was able to answer every security question and give enough detail/personal info? Regardless, let's look at the facts, and how this tech cloumnist got himself to this point, and the choices he made:
- He CHOSE to somehow not have a single backup of his data. On OSX this couldn't be easier. Open time machine, turn on the massive ON button, and boom- data is backed up completely, automatically, consistently on an external volume. Not to mention the myriad of free cloud syncing services available like dropbox, etc. But no, he lost 'years' of data because this tech blogger couldn't be bothered to make a single backup of his data. Brilliant. My neighbor who once asked me if the printer was her computer knows how to backup on OSX.
- He CHOSE to not once change his passwords for 'many years'. Again, brilliant.
- He CHOSE to link up all his online accounts, so once iCloud was compromised access to his gmail/twitter/etc were also wide open. Genius.
- He CHOSE to turn on the find my device/wipe options for all his devices, knowing that he didn't have any backups and that he'd be screwed if he had to use the option. Thats some foresight for you.
- He CHOSE to put his entire digital online and offline life behind a single password with absolutely no fallbacks.
These are just the few things he mentioned, any of which would be considered bad security practise, but all together present the picture of someone who is grossly negligent considered his supposed knowledge of tech and the industry he covers. And he's in a position to advise others about tech? It's why I can't scrounge up an ounce of sympathy for him. Shit happens. Hard drives crash. Stuff gets stolen. There's no excuse for him not to have a backup. There's less excuse for all that other stuff. Before attacking Apple's security practises and calling for heads to roll, why not demand some personal responsibility? Yeah, he got unlucky, but he left the door wide, wide open for catastrophic damage. If someone got access to my iCloud, the damage would be temporary and reversible. I'd have some downtime but would be up and running within a few hours. If I was him I'd be embarrassed to post this story, but hey, there's no such thing as shame these days. He need to publicize his massive mistakes to the world so he can point the blame to someone else. Practise some common sense people, and something like this could never ever happen to you.
I second that emotion. I have Time Machine plus I have Carbon Copy Cloner making a bootable backup of my main hard drive. No sympathy at all.
To me looks like Honan got a friend to pretend to be him, let him know the answers and trick the tech support to do all that stuff and then come as a victim and generate some attention... Look at his tweets.. he is not anger at all, like he doesn't care about his lost of data.. Anyone else would had the blood pressure up high, it would be totally normal to be angry. But Honan is not..
Then, the use of the word "hacker" exaggerated... yes... Guy didn't hacked that equipment, not iCloud, tricked a tech support agent.. But thats it.
Quote:
Originally Posted by jkgm
Given Jizmodo's history, this wouldn't surprise me even a little bit.
Quote:
Originally Posted by AdonisSMU
thats what I was thinking....some clever social engineering my ass...
100% agree with these comments. I don't believe Anything coming from Gizmo... this was completely faked. Apple did update security for cloud accts. minimum of 8 characters 1 capital, 1 lower case, and at least 1 number. They also added 3 more security questions in addition to the original security question, plus birth date. If you are too lazy to make a GOOD STRONG password, update that password once in a while, and use the added security provided to you, then getting hacked is no ones fault but your own.
[quote name="Slurpy" url="/t/151749/apple-tech-support-allows-hacker-access-to-journalists-icloud-account/40#post_2162554"]- He CHOSE to not once change his passwords for 'many years'. Again, brilliant.[/QUOTE]
The story says that wasn't a factor because they didn't use brute force.
[QUOTE]- He CHOSE to link up all his online accounts, so once iCloud was compromised access to his gmail/twitter/etc were also wide open. Genius. [/QUOTE]
According to the story I read his account passwords were all different. It was having access to the one email account that allowed for the password retrieval process for the other accounts.
[QUOTE]- He CHOSE to turn on the find my device/wipe options for all his devices, knowing that he didn't have any backups and that he'd be screwed if he had to use the option. Thats some foresight for you. [/QUOTE]
While he should have backups having Find My Device turned on is a good thing in case it's lost. I've taken issue with Find My Device on many occasion on this site for the lack of a passcode for turning it on/off and for the lack of additional authentication for accessing the data. There should be an additional link between devices, much like BT pairing, and an additional code, even just a PIN [I]after[/I] you've inputed the iCloud password.
[QUOTE]- He CHOSE to put his entire digital online and offline life behind a single password with absolutely no fallbacks. [/QUOTE]
That isn't what I read. Still, it does sound like he did use real answers to security questions which is a big mistake for anyone serious about security. I also sounds like that info wasn't used in Apple's reseting of his account.
100% agree with these comments. I don't believe Anything coming from Gizmo... this was completely faked. Apple did update security for cloud accts. minimum of 8 characters 1 capital, 1 lower case, and at least 1 number. They also added 3 more security questions in addition to the original security question, plus birth date. If you are too lazy to make a GOOD STRONG password, update that password once in a while, and use the added security provided to you, then getting hacked is no ones fault but your own.
Regardless of whether it's staged or not there are valuable lessons to be learned here.
Use a strong password
Use passwords that are unique across systems and accounts so a single breach will be compartmentalized
Don't use your real birthday and answers for security questions. This can be tricky if you use the same "false answers" across accounts but it does protect you social snooping.
I use 1Password. There are only 3 passwords I know by heart. My 1Password, my Mac password, and my iCloud password. These are complete and unique but human readable. All others were created using the 1Password generator. I do worry about my Dropbox being hacked and my 1Password file being decrypted but I have taken all measures I can on that front and can't think of anything I can do to make it more secure.
People also need to know that when they use WiFi, especially public WiFi, they need to make sure that anything they send is using SSL. Unfortunately most apps don't encrypt data sent via their apps. I wish Apple would make this a requirement or at least have a badge on their App Store to indicate which apps are secure. I blame Apple for not being diligent on this front.
I always thought it would be right up Google's alley to offer a free VPN service that would allow you to have all sessions encrypted between your Mac and their VPN servers. They could not only data mine everything you send but also show relevant ads in a window. While I don't trust Google I trust them more than someone in a Starbucks who could be capturing all my traffic, like this post I'm sending to AI.
PS: I find it odd that the financial institutions I deal with have requirements for passwords that are comparatively short and without special characters. In a way this makes sense because leting users create passwords that are too complex to remember will lead to more password resets which really should be done in person in a branch, but it still strikes me as odd that I can't even use a 24 character password with most of them.
Update Four: I’ll be discussing this on TWiT with Leo Laporte, Ed Bott and others today live at 3 PM Pacific. I now know how it happened, basically start to finish, which I’ll explain in a story on Wired tomorrow (Monday, August 6).
Attention-whore much? I'm thinking a book deal might be in the works.
According to the story I read his account passwords were all different. It was having access to the one email account that allowed for the password retrieval process for the other accounts.
Mmmm. That actually points to a big security hole in the other password retrieval systems then. Presumably they just reset the password on the basis of a publicly known email address?
I'd love to know what was said to make the tech support chap reset the password.
Apple certainly missed important use cases and seems to have forgotten about user control.
Point is, Apple DOESN'T want users to "worry about data". Apple has a point (most users are hopeless about understanding data), but Apple is, imho, wrong. Or just has an agenda about selling cloud storage, who knows?
There used to be a time when the Library was not hidden, where installing "non signed code" did not force you to ctr+click or disable some setting on your Mac. I call this "iPadization".
Comments
I was quite worried by this story until I saw the bit about it being a Gizmodo article. I used to be a big fan of that site until the stolen iPhone incident. However now I don't trust that site at all. They are a bunch of Apple hating crooks and I couldn't care less about what they say.
Any time I see a story link to a Gizmodo article, I automatically ignore.
Quote:
Originally Posted by lostkiwi
I was quite worried by this story until I saw the bit about it being a Gizmodo article. I used to be a big fan of that site until the stolen iPhone incident. However now I don't trust that site at all. They are a bunch of Apple hating crooks and I couldn't care less about what they say.
Any time I see a story link to a Gizmodo article, I automatically ignore.
Yeah, i usually don't open links to Giz or Engad. Those sites seem to only worship specs and cores.
Quote:
Originally Posted by djsherly
Only if you think those at giz are douches to a man/woman. As best I can tell its just the douche holding the phone that's the douche.
Unfortunately there is more than one person without morales in that bunch of 'journalists'.
I must admit to being extremely suspicious of this report as well.
.[/SIZE]
Quote:
Originally Posted by djsherly
Only if you think those at giz are douches to a man/woman. As best I can tell its just the douche holding the phone that's the douche.
How predictable that this story is plastered as a headline on every tech blog and website, I thought maybe this site would have a little more self control/discipline and refrain from the sensationalism, but I guess not. Every website has become like an RSS feed of every other site, just a different layout with the same stories. Regardless, if this story is indeed true, this Matt guy is an absolute moron and grossly negligent- expecially considering that he's a tech blogger (!). Everyone is asking for the head of the Apple tech support guy, but we don't know if he actually did anything wrong or not. What if he followed the official guidelines, and the guy was able to answer every security question and give enough detail/personal info? Regardless, let's look at the facts, and how this tech cloumnist got himself to this point, and the choices he made:
- He CHOSE to somehow not have a single backup of his data. On OSX this couldn't be easier. Open time machine, turn on the massive ON button, and boom- data is backed up completely, automatically, consistently on an external volume. Not to mention the myriad of free cloud syncing services available like dropbox, etc. But no, he lost 'years' of data because this tech blogger couldn't be bothered to make a single backup of his data. Brilliant. My neighbor who once asked me if the printer was her computer knows how to backup on OSX.
- He CHOSE to not once change his passwords for 'many years'. Again, brilliant.
- He CHOSE to link up all his online accounts, so once iCloud was compromised access to his gmail/twitter/etc were also wide open. Genius.
- He CHOSE to turn on the find my device/wipe options for all his devices, knowing that he didn't have any backups and that he'd be screwed if he had to use the option. Thats some foresight for you.
- He CHOSE to put his entire digital online and offline life behind a single password with absolutely no fallbacks.
These are just the few things he mentioned, any of which would be considered bad security practise, but all together present the picture of someone who is grossly negligent considered his supposed knowledge of tech and the industry he covers. And he's in a position to advise others about tech? It's why I can't scrounge up an ounce of sympathy for him. Shit happens. Hard drives crash. Stuff gets stolen. There's no excuse for him not to have a backup. There's less excuse for all that other stuff. Before attacking Apple's security practises and calling for heads to roll, why not demand some personal responsibility? Yeah, he got unlucky, but he left the door wide, wide open for catastrophic damage. If someone got access to my iCloud, the damage would be temporary and reversible. I'd have some downtime but would be up and running within a few hours. If I was him I'd be embarrassed to post this story, but hey, there's no such thing as shame these days. He need to publicize his massive mistakes to the world so he can point the blame to someone else. Practise some common sense people, and something like this could never ever happen to you.
Quote:
Originally Posted by Slurpy
How predictable that this story is plastered as a headline on every tech blog and website, I thought maybe this site would have a little more self control/discipline and refrain from the sensationalism, but I guess not. Every website has become like an RSS feed of every other site, just a different layout with the same stories. Regardless, if this story is indeed true, this Matt guy is an absolute moron and grossly negligent- expecially considering that he's a tech blogger (!). Everyone is asking for the head of the Apple tech support guy, but we don't know if he actually did anything wrong or not. What if he followed the official guidelines, and the guy was able to answer every security question and give enough detail/personal info? Regardless, let's look at the facts, and how this tech cloumnist got himself to this point, and the choices he made:
- He CHOSE to somehow not have a single backup of his data. On OSX this couldn't be easier. Open time machine, turn on the massive ON button, and boom- data is backed up completely, automatically, consistently on an external volume. Not to mention the myriad of free cloud syncing services available like dropbox, etc. But no, he lost 'years' of data because this tech blogger couldn't be bothered to make a single backup of his data. Brilliant. My neighbor who once asked me if the printer was her computer knows how to backup on OSX.
- He CHOSE to not once change his passwords for 'many years'. Again, brilliant.
- He CHOSE to link up all his online accounts, so once iCloud was compromised access to his gmail/twitter/etc were also wide open. Genius.
- He CHOSE to turn on the find my device/wipe options for all his devices, knowing that he didn't have any backups and that he'd be screwed if he had to use the option. Thats some foresight for you.
- He CHOSE to put his entire digital online and offline life behind a single password with absolutely no fallbacks.
These are just the few things he mentioned, any of which would be considered bad security practise, but all together present the picture of someone who is grossly negligent considered his supposed knowledge of tech and the industry he covers. And he's in a position to advise others about tech? It's why I can't scrounge up an ounce of sympathy for him. Shit happens. Hard drives crash. Stuff gets stolen. There's no excuse for him not to have a backup. There's less excuse for all that other stuff. Before attacking Apple's security practises and calling for heads to roll, why not demand some personal responsibility? Yeah, he got unlucky, but he left the door wide, wide open for catastrophic damage. If someone got access to my iCloud, the damage would be temporary and reversible. I'd have some downtime but would be up and running within a few hours. If I was him I'd be embarrassed to post this story, but hey, there's no such thing as shame these days. He need to publicize his massive mistakes to the world so he can point the blame to someone else. Practise some common sense people, and something like this could never ever happen to you.
I second that emotion. I have Time Machine plus I have Carbon Copy Cloner making a bootable backup of my main hard drive. No sympathy at all.
Quote:
Originally Posted by plokoonpma
To me looks like Honan got a friend to pretend to be him, let him know the answers and trick the tech support to do all that stuff and then come as a victim and generate some attention... Look at his tweets.. he is not anger at all, like he doesn't care about his lost of data.. Anyone else would had the blood pressure up high, it would be totally normal to be angry. But Honan is not..
Then, the use of the word "hacker" exaggerated... yes... Guy didn't hacked that equipment, not iCloud, tricked a tech support agent.. But thats it.
Quote:
Originally Posted by jkgm
Given Jizmodo's history, this wouldn't surprise me even a little bit.
Quote:
Originally Posted by AdonisSMU
thats what I was thinking....some clever social engineering my ass...
100% agree with these comments. I don't believe Anything coming from Gizmo... this was completely faked. Apple did update security for cloud accts. minimum of 8 characters 1 capital, 1 lower case, and at least 1 number. They also added 3 more security questions in addition to the original security question, plus birth date. If you are too lazy to make a GOOD STRONG password, update that password once in a while, and use the added security provided to you, then getting hacked is no ones fault but your own.
The story says that wasn't a factor because they didn't use brute force.
[QUOTE]- He CHOSE to link up all his online accounts, so once iCloud was compromised access to his gmail/twitter/etc were also wide open. Genius. [/QUOTE]
According to the story I read his account passwords were all different. It was having access to the one email account that allowed for the password retrieval process for the other accounts.
[QUOTE]- He CHOSE to turn on the find my device/wipe options for all his devices, knowing that he didn't have any backups and that he'd be screwed if he had to use the option. Thats some foresight for you. [/QUOTE]
While he should have backups having Find My Device turned on is a good thing in case it's lost. I've taken issue with Find My Device on many occasion on this site for the lack of a passcode for turning it on/off and for the lack of additional authentication for accessing the data. There should be an additional link between devices, much like BT pairing, and an additional code, even just a PIN [I]after[/I] you've inputed the iCloud password.
[QUOTE]- He CHOSE to put his entire digital online and offline life behind a single password with absolutely no fallbacks. [/QUOTE]
That isn't what I read. Still, it does sound like he did use real answers to security questions which is a big mistake for anyone serious about security. I also sounds like that info wasn't used in Apple's reseting of his account.
Regardless of whether it's staged or not there are valuable lessons to be learned here.
I use 1Password. There are only 3 passwords I know by heart. My 1Password, my Mac password, and my iCloud password. These are complete and unique but human readable. All others were created using the 1Password generator. I do worry about my Dropbox being hacked and my 1Password file being decrypted but I have taken all measures I can on that front and can't think of anything I can do to make it more secure.
People also need to know that when they use WiFi, especially public WiFi, they need to make sure that anything they send is using SSL. Unfortunately most apps don't encrypt data sent via their apps. I wish Apple would make this a requirement or at least have a badge on their App Store to indicate which apps are secure. I blame Apple for not being diligent on this front.
I always thought it would be right up Google's alley to offer a free VPN service that would allow you to have all sessions encrypted between your Mac and their VPN servers. They could not only data mine everything you send but also show relevant ads in a window. While I don't trust Google I trust them more than someone in a Starbucks who could be capturing all my traffic, like this post I'm sending to AI.
PS: I find it odd that the financial institutions I deal with have requirements for passwords that are comparatively short and without special characters. In a way this makes sense because leting users create passwords that are too complex to remember will lead to more password resets which really should be done in person in a branch, but it still strikes me as odd that I can't even use a 24 character password with most of them.
Quote:
Update Four: I’ll be discussing this on TWiT with Leo Laporte, Ed Bott and others today live at 3 PM Pacific. I now know how it happened, basically start to finish, which I’ll explain in a story on Wired tomorrow (Monday, August 6).
Attention-whore much? I'm thinking a book deal might be in the works.
Quote:
Originally Posted by enzos
I smell a rat.
Me too. I think the whole thing is a put on.
Quote:
Originally Posted by SolipsismX
According to the story I read his account passwords were all different. It was having access to the one email account that allowed for the password retrieval process for the other accounts.
Mmmm. That actually points to a big security hole in the other password retrieval systems then. Presumably they just reset the password on the basis of a publicly known email address?
I'd love to know what was said to make the tech support chap reset the password.
Quote:
Originally Posted by Slurpy
Attention-whore much? I'm thinking a book deal might be in the works.
Now this is all starting to look a little bit suspect.
So for the benefit of the less enlightened, elucidate.
Quote:
Originally Posted by wizard69
Apple certainly missed important use cases and seems to have forgotten about user control.
Point is, Apple DOESN'T want users to "worry about data". Apple has a point (most users are hopeless about understanding data), but Apple is, imho, wrong. Or just has an agenda about selling cloud storage, who knows?
There used to be a time when the Library was not hidden, where installing "non signed code" did not force you to ctr+click or disable some setting on your Mac. I call this "iPadization".
A TECH journalist that doesn't have any backups.
A blogger is not a journalist!
Quote:
Originally Posted by Zedd
A blogger is not a journalist!
Alright!
A TECH blogger/reporter who works in Gizmodo that doesn't have any backups.