Visitors Now:
Total Visits:
Total Stories:
Profile image
By Pinoy Tech Blog
Contributor profile | More stories
Story Views

Now:
Last Hour:
Last 24 Hours:
Total:

Apple’s flawed security policy revealed in hacking

Friday, August 10, 2012 10:12
% of readers think this story is Fact. Add your two cents.

(Before It's News)



The billing address and the last four-digit of the credit card is all it takes for AppleCare to issue a temporary password on an Apple ID account (aside from the e-mail address of course). This is how a couple of hackers got into Wired.com’s senior writer Mat Honan’s digital life and took over his Twitter account, deleted his Gmail, and nuked the contents of his iPhone, iPad, and MacBook via Find My Iphone and Find My Mac.

According to Honan’s story over at Wired.com, the hackers got the last four-digits of his credit card from Amazon’s account maintenance. His .Me account was gleaned from his Gmail’s recovery page. Then the billing address was scraped from his domain registration records via WHOIS.

Part of the blame falls on Honan too, the way he daisy-chained his accounts together but I’m sure a lot of people are practicing that as well. Using one primary e-mail to connect other accounts doesn’t require hackers to acquire passwords anymore. Still, he was relieved that the hackers stopped there as they can still push to see what financial accounts are connected to the e-mail they took over and wreck much havoc.

As for Apple, they need to revisit their security policy since that last 4-digit of a credit card is not truly a secure information. Remember giving those charge slips to that Starbucks cashier for your free latte? The last 4-digit of your credit card is shown there.

Anyway, here are a few security measures we can learn from Mat Honan’s experience:

  • Don’t use your Apple ID e-mail as password recovery for other e-mail accounts. In fact, set up a separate e-mail for the sole purpose of recovery.
  • Don’t use the same username for your primary and sensitive accounts (e-mail, social networks, bank logins, etc.)
  • If you’re using G-mail, turn on the two-factor authentication
  • Backup your data to an external drive. Honan lost all his family photos when his MacBook was wiped using Find My Mac.

I suggest you read the full account of his experience. He even got to talk with the hacker who’s sole purpose was to take his 3-character Twitter handle. The others are just collateral damage.



Source:

Report abuse

Comments

Your Comments
Question Razz Sad Evil Exclaim Smile Redface Biggrin Surprised Eek Confused Cool LOL Mad Twisted Rolleyes Wink Idea Arrow Neutral Cry Mr. Green

Top Stories
Recent Stories

Register

Newsletter

Email this story
Email this story

If you really want to ban this commenter, please write down the reason:

If you really want to disable all recommended stories, click on OK button. After that, you will be redirect to your options page.