Go Back   Technibble Forums > Technical Discussions > Security, Viruses and Trojans

  Technibble Sponsor

Reply
 
Thread Tools Display Modes
  #1  
Old 08-06-2012, 09:52 PM
Galdorf Galdorf is online now
 
Join Date: Feb 2009
Location: Ontario, Canada
Posts: 1,678
Galdorf will become famous soon enough
Default Apple Support Gives Hacker Access to Blogger's iCloud

Apple Support Gives Hacker Access to Blogger's iCloud

Wow now this is scarey that something like this could happen my guess is this guy got fired and im glad i don't have any apple stuff this could happen too.
So much for Cloud security lol if they just give passwords away to hackers lol.
Reply With Quote
  #2  
Old 08-06-2012, 11:52 PM
anonymous Mac Tech's Avatar
anonymous Mac Tech anonymous Mac Tech is offline
 
Join Date: Apr 2009
Location: Michigan
Posts: 2,512
anonymous Mac Tech has a spectacular aura aboutanonymous Mac Tech has a spectacular aura about
Default

Quote:
Originally Posted by Galdorf View Post
Apple Support Gives Hacker Access to Blogger's iCloud

Wow now this is scarey that something like this could happen my guess is this guy got fired and im glad i don't have any apple stuff this could happen too.
So much for Cloud security lol if they just give passwords away to hackers lol.
This essentially could happen (and probably has happened) to anybody with any big companies tech support. But this time it happened to a tech blogger and it happens to be with Apple, so now its news?

Most tech companies have authentication questions and just by digging through someones trash, you can gain access to a billing statement that got tossed that could give you an account number, which is enough to get your email password reset with Comcast as well as throw the whole security question setup out of the window. To reset your Apple ID online, you have to choose no less than three security questions and provide answers for each. I'm not sure what the process is when resetting your Apple ID over the phone or what could override the security questions and answers. What I'm finding most of the time since the integration from Mobile Me to icloud is still an ongoing process, most folks haven't even done the security Q&A setup yet.

Quote:
Mr. Honan said that he had confirmed with both the hacker and Apple that it wasn't password related. The hacker simply phoned Apple support, convinced the tech support worker that he was Honan and had them reset the password.
Confirmed with the hacker?

Quote:
At 5:05pm, his MacBook Air was wiped clean.
From Apple about erasing a Macs functionality;
Quote:
Erase a Mac: Enter a passcode that you’ll need to use to unlock the device if you find it (to prevent anyone but yourself from using the computer if found), and then follow the onscreen instructions.
The hacker must've gotten his passcode reset from Apple support also? Not likely...The only way I know of to reset a passcode on iOS device for that matter is to have physical access to the device. For a Mac running OSX, I assume they mean the admin password. This also can only be reset locally. So I'm not seeing how this is possible without having access to way more than an icloud account. Unless he sent himself an email the hacker found that has his admin passwords recorded? That in itself is about the dumbest thing you can do.

Quote:
To all asking exactly what info let hackers access my account, I want to give Apple a chance to respond first. Should be an easy fix
I'd say this too if I wasn't 100% sure I wasn't going to come out looking like a moron after all is said and done.
__________________
[FONT=Arial]ACMT[/FONT]
Quote:
People fear what they don't understand and hate what they can't conquer. Andrew Smith

Last edited by anonymous Mac Tech; 08-06-2012 at 11:55 PM.
Reply With Quote
  #3  
Old 08-07-2012, 03:38 AM
anonymous Mac Tech's Avatar
anonymous Mac Tech anonymous Mac Tech is offline
 
Join Date: Apr 2009
Location: Michigan
Posts: 2,512
anonymous Mac Tech has a spectacular aura aboutanonymous Mac Tech has a spectacular aura about
Default

Here is the full story. Just as I thought. The hacker gained a piece of info through a gaping security hole through Amazon, which in turn happened to be just the piece of info (besides billing address) that would override the security Q&A with Apple. Moreover, the reason why the hacker called to reset the password as opposed to doing it online.

These online security Q&A get forgotten all the time. Therefor, there must be some manual override beyond these questions. Just like I mentioned with Comcast, an account number and billing address (along with the telephone number on the account) is all that is needed to override the security Q&A. These are standard procedures used to override security Q&A used by just about any company.

I'm not saying, Apple is void of all blame, but lets give credit where credit is due to all parties involved. Amazon really got the ball rolling by disclosing the last four numbers of the credit card without any kind of effort. Then this guy is crying about losing all of his "priceless" photos, but hasn't done a backup in at least a year? Yeah, I'm going to recommend folks to read this guys tech blogs...

I'd still like to know how the remote wipe of the Macbook Air happened without any further authentication? Supposedly during the setup assistant, you can set up a code besides the admin password. He states it asked for the code which he apparently never set up. Although I haven't played with remote wipe it must allow you to skip setting up the code with setup assistant (which is reasonable if you never plan to connect your Mac to icloud). So I suppose between not setting up the security code, not backing up, and using the same credit card number for just about everything, this guy is a big part of the destruction of his digital universe.

I just love how this forum members seem to avoid there were many factors at work to compromise his information (a perfect storm between Amazon, Apple, Gmail, and most of all how he left himself vulnerable in so many ways) but the only one that really stands out is Apple.
__________________
[FONT=Arial]ACMT[/FONT]
Quote:
People fear what they don't understand and hate what they can't conquer. Andrew Smith

Last edited by anonymous Mac Tech; 08-07-2012 at 03:46 AM.
Reply With Quote
  #4  
Old 08-07-2012, 03:29 PM
TimM TimM is offline
 
Join Date: Oct 2011
Location: Olinda
Posts: 71
TimM is on a distinguished road
Default

The numbskull who writes Apple's Windows software must've been on support duties that day.
Reply With Quote
  #5  
Old 08-15-2012, 10:41 AM
Big Jim Big Jim is offline
 
Join Date: Aug 2011
Location: Derbyshire, UK
Posts: 438
Big Jim is an unknown quantity at this point
Default

It seems ridiculously easy to gain access to someone elses amazon account though.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 03:26 AM.


Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Technibble.com is based out of MELBOURNE, AUSTRALIA.