Mat Honan was hacked. The nightmare unfolded minute by minute, a sequence of security failures daisy-chaining their way into a disaster. But there was a single point of entry: Apple's willingness to hand over the keys to his account to anyone with the last four digits of his credit card number and home address.
What happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s. Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.
It reminds me of how air crashes occur. In isolation from one another, storms, structural flaws and tired or incompetent personnel are rarely enough. But together, in just the right sequence, it all goes horribly wrong.
The worst part: Wired attempted the same social engineering technique today, and it still won them control of iCloud accounts.
How Apple and Amazon Security Flaws Led to My Epic Hacking [Wired]
Previously: Yes, I was hacked. Hard. [Emptyage.com]
Coming after improvements to Firefox and continued unease at Google’s life-pervading insight, this image is outperforming the ███████ ████ Virality Control Group today (via). It got me thinking about all the promises that were made. Here’s the earliest article in Google News to contain “Big browser” in its headline, published by Time Magazine on Nov. […]
The WiFi232 is a traditional old-timey old-schooley Hayes-compatible 300-115200 baud modem, no wider than its own parallel DB25 port. Automatically responds with a customizable busy message when already in a call. The killer app seems to be using it to get internet onto ancient retro portables like the TRS-80 Model 102, but it’s been put […]
Most tech-media takes on the iPhone’s 10th anniversary are bland and self-congratulatory, but I like Tom Warren’s at The Verge. He laments how Apple’s pocket computer killed his inner nerd. As a youngster, he’d be constantly tearing down and building computers, even in the sweltering heat of summer. But now… …All of that tinkering and […]
Just because English has become the common global tongue doesn’t mean it’s the easiest language to write—even for native speakers. If you’re looking to improve your written communication skills, especially on your smartphone, take a look at Ginger Page.Ginger is a cross-platform app that offers corrections for phrasing as well as grammar. It’s powered by […]
The current web development landscape is rife with buzzwords and technology that gets abandoned almost as soon as it’s made. If you’ve never written a line of code before, it can be hard to figure out what’s coming, what’s here to stay, or how to get ahead.This Beginner Web Development Bundle is a great place […]
The Fader Stealth Quadcopter from TRNDlabs packs incredible flight performance into a package small enough to land on your phone screen, and it’s available now in the Boing Boing Store.The Fader’s six-axis gyroscope module gives it perfect balance in the air. This makes the onboard 720p HD camera all the better for shooting amazing flight […]