Mat Honan was hacked. The nightmare unfolded minute by minute, a sequence of security failures daisy-chaining their way into a disaster. But there was a single point of entry: Apple's willingness to hand over the keys to his account to anyone with the last four digits of his credit card number and home address.
What happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s. Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.
It reminds me of how air crashes occur. In isolation from one another, storms, structural flaws and tired or incompetent personnel are rarely enough. But together, in just the right sequence, it all goes horribly wrong.
The worst part: Wired attempted the same social engineering technique today, and it still won them control of iCloud accounts.
How Apple and Amazon Security Flaws Led to My Epic Hacking [Wired]
Previously: Yes, I was hacked. Hard. [Emptyage.com]
Why we secretly love our cords. Tamara Warren: There’s a certain security in the cord. It’s the idea of connection, perhaps even dating back to our days in the womb. … A battery, no matter how sophisticated, is fleeting. When we have our cords with us, we are in constant pursuit of power, even when […]
The classic beatbox – not an expensive clone or a collection of cleverly-tweaked samples – is back. Roland’s TR-08 directly models the original machine’s analog circuits to recreate its sound as accurately as possible with modern digital technology, and joins revived versions of the TR-909[Amazon] and TB-202[Amazon] in the company’s lineup of boutique boxes. The […]
Coming after improvements to Firefox and continued unease at Google’s life-pervading insight, this image is outperforming the ███████ ████ Virality Control Group today (via). It got me thinking about all the promises that were made. Here’s the earliest article in Google News to contain “Big browser” in its headline, published by Time Magazine on Nov. […]
The Pry.Me Bottle Opener holds tens of thousands of times its own weight, and you can pick one up now from the Boing Boing Store.This remarkable keychain is considerably smaller than any of your keys, but don’t let that fool you: it can easily open any bottle, and could even tow a trailer full of […]
Guaranteeing your privacy online goes way beyond checking the “Do Not Track” option in your browser’s settings. To ensure that your internet activity is totally hidden from Internet Service Providers, advertisers, and other prying eyes, take a look at Windscribe’s VPN protection. It usually costs $7.50 per month, but you can get a 3-year subscription […]
This project management bundle will help you get organized and learn how to lead a team to success. You can pay what you want for these five courses when you pick them up from the Boing Boing Store.To help you become an invaluable asset for your company, this bundle includes a curated collection of professional […]