Hasta La Gadget!

By now, you may have heard the story of the identity ‘hack’ perpetrated against Wired journalist Mat Honan. Using easily obtained data, an anonymous duo bluffed its way into changing his Amazon account, then his Apple iCloud account, then his Google account and ultimately the real target, Twitter. Both Amazon and Apple were docked for how easy it was to modify an account over the phone — and, in close succession, have both put at least a momentary lockdown on the changes that led to Honan losing much of his digital presence and some irreplaceable photos. His own publication has reportedly confirmed a policy change at Amazon that prevents over-the-phone account changes. Apple hasn’t been as direct about what’s going on, but Wired believes there’s been a 24-hour hold on phone-based Apple ID password resets while the company marshals its resources and decides how much extra strictness is required.

Neither company has said much about the issue. Amazon has been silent, while Apple claims that some of its existing procedures weren’t followed properly, regardless of any rules it might need to mend. However the companies address the problem, this is one of those moments where the lesson learned is more important than the outcome. Folks: if your accounts and your personal data matter to you, use truly secure passwords and back up your content. While Honan hints that he may have put at least some of the pieces back together, not everyone gets that second chance.

Filed under: Internet

Amazon, Apple stop taking key account changes over the phone after identity breach originally appeared on Engadget on Tue, 07 Aug 2012 23:40:00 EDT. Please see our terms for use of feeds.

Permalink   |  Wired (1), (2)  | Email this | Comments

A high-profile case of cloud hijacking and data vandalism has thrown new attention on iCloud, Amazon, Google and other big online names, as gaps in the ways security is handled potentially allow for hacking. Flaws in how Apple and Amazon handle account recovery have been blamed for the “digital destruction” of journalist Mat Honan’s online life, following hackers’ successful attempts to crack security on his iCloud account, gain access to his Gmail and Twitter, and then remotely lock and delete his MacBook, iPhone and iPad.

[Image credit: Louis Argerich]

At fault – at least in part – was the inexact overlap between recovery policies for Apple and Amazon accounts, Honan writes. Although he himself shoulders the blame for the ensuing permanent loss of data – which comes down to not doing enough backups – a difference in opinion on how important the final four digits of a credit card number can be between Apple and Amazon proved the key with which the hack was achieved.

“Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification” Mat Honan

Apple gave Honan’s hackers a temporary password to iCloud after they supplied his billing address and the last four digits of his credit card; the former was accessed from a WHOIS search, as Honan had used the address to register his personal site, and the latter through a manipulation of the Amazon account recovery system which reveals those digits of each saved card. The iCloud email account in question was identified via Gmail which, as Honan did not have two-factor authentication turned on, showed the partial recovery email address – m****n@me – which proved easy to guess in its entirety.

Those details allowed for unofficial iCloud access, and then everything in Honan’s OS X and iOS connected life was up for grabs. The hackers locked him out of his devices and then wiped his data using the very tools provided in Find My Mac intended to help legitimate owners protect their information.

“If you have an AppleID, every time you call Pizza Hut, you’ve giving the 16-year-old on the other end of the line all he needs to take over your entire digital life” Mat Honan

Although each company with a cloud service worth mentioning has its own data protection policies, few users stick solely to one provider. Apple claims that some aspects of its security polices “were not followed completely” but would not say if it was reconsidering how Find My Mac or other aspects of its iCloud security works; Amazon is yet to comment.

The takeaway for most users is to backup – preferably using local and/or separate cloud storage from other cloud data services relied upon – and to turn on two-step verification on Google accounts. Don’t link important accounts together, and consider having a completely separate account for recovery purposes.

When iCloud becomes the Perfect Storm is written by Chris Davies & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

When Mat Honan was hacked, and the @Gizmodo Twitter account was compromised, we all assumed the weak link in the chain was on the user end. Turns out it may not have been; the hackers didn’t even need a password to get started. More »

Apple’s plans to erect an iCloud data center in Sparks, Reno have gained traction now the local board of economic development have rubber-stamped the deal. While largely ceremonial, it’s given its assent to $89 million in tax breaks to entice the company to break ground on the weirdly-named “Project Jonathan Hub.” The new data center is expected to go live before the end of the year, hopefully ensuring that upgrading to OS 10.9 aren’t as fraught as they were for Mountain Lion last week.

[Image credit: Amy Meredith, Flickr]

Continue reading Apple’s iCloud data center gets green light to come to Reno, be a star

Filed under: Internet

Apple’s iCloud data center gets green light to come to Reno, be a star originally appeared on Engadget on Thu, 02 Aug 2012 05:48:00 EDT. Please see our terms for use of feeds.

Permalink 9to5Mac  |  FoxReno  | Email this | Comments

In the months leading up to this very moment, we’ve seen Apple introduce a full set of new MacBook Airs and an extremely high-res Pro of its own — but today the company’s taking a slightly different route, shutting down its doc-sharing iWork.com for good. Not all is lost, however, as this a natural move from the Cupertino outfit to make an expected transition to a more iCloud-heavy ecosystem — a place where you’ll essentially be able to accomplish similar things. The good news is you still have the rest of the day to clean out your invisible locker and save your must-have documents, and in case you need help with that, Apple’s support page (linked below) will fill you in on all those step-by-steps.

Filed under: Internet, Software

PSA: Apple to shut down iWork.com beta today, iCloud patiently awaits you originally appeared on Engadget on Tue, 31 Jul 2012 12:37:00 EDT. Please see our terms for use of feeds.

Permalink   |  Apple  | Email this | Comments