Skip to main content

Hack! Slash! Burn! Crush!!

The big tech news story of the weekend was the hacked account of Mat Honan. As documented in his posting on Wired.com, in the space of a few hours his digital life was in shambles. And as much as we always talk about strong passwords, etc., this was not a case of password failure. It was a case that shows just how our desire for on-demand, cloud based services that are convenient can come back to haunt us.

I highly suggest you go read all 4 pages of the article, but the quick summary is that a hacker wanted control of Mr. Honan's Twitter account. In order to get it, they started with basic social scouting, and proceeded to use all of the built-in tools of Google, Amazon and Apple to gain access to his accounts without ever needing to crack a single password. At Google they discovered what his Apple ID e-mail address was when they did a simple "Forgot my password" query. Then at Amazon, they called up customer service and game'd the system to get access to the last 4 digits of his credit cards he had on file there. Once they had that info, they were able to call Apple and convince the support person that he needed to have his password reset. They had the last 4 digits of his credit card, which was all Apple required to validate the account. At this point they were able to remote wipe his iPhone, iPad and Mac Book Pro. Since they already had his Google account, they didn't need to get his Apple account to find his twitter password, but they destroyed his Mac so that he would be delayed in getting back in.

First, it's important to realize that he made a tremendous error in judgement by not having a backup of his laptop. He lost years and years of data in one fell swoop, and there's only a remote chance that he'll be able to get it back. In this day and age, backups are cheap and easy, and online providers provide a great way to store your data somewhere safe with only a small impact. I HIGHLY recommend going and getting an account at CrashPlan and start feeling safer.

Apart from that faux pas the bigger issue comes in how much data we all have online, and how it can be used to manipulate us, no matter how safe we think we are. In fact, even I was recently targeted with some sort of Skype attack that took over my account and charged up a bunch of international calls before it was caught and turned off. I utilize strong passwords, so I'm not sure how they got in, but my big mistake was letting Skype have a credit card number for no good reason. I almost never use their service for anything but toll-free calls, but I got lazy.

One thing we have very little control over is how businesses handle our account data. As shown in this hacking case, both Amazon and Apple had major holes that only took a phone call to break through. Why do these holes exist? Because companies don't ever want a lost password to impede your ability to spend money. By the same token we don't ever want a lost password to ever stop us from getting what we want. I remember many years ago I had forgotten my eBay password, and despite continuously hitting the "Send me a new password" button, their system was too slow and overloaded, and I missed out on an auction because I couldn't get in to the system in time.

On the flip-side, something we DO have a lot of control over is how much data we let companies, that we do business with, have access to. Sometimes this requires us to give up some speed and convenience, but if it protects us in the long run, isn't it worth it? So here's a couple of tips that you can consider using for your online security. I'll admit that some of them I'm not good at following myself, but even acting on some of these can help prevent getting your digital life compromised.

  1. Have a strong password strategy. If you have a common password you use on bulletin boards and other simple sites, DON'T use it on any site that has access to any of your financial information.
  2. Think twice about clicking the "save my credit card" button. How much time do you really save by not having to enter your credit card every time you want to make a purchase?
  3. Consider using something like PayPal. This shields your bank and credit card information with another layer of access. Many sites, and even iTunes will accept a PayPal account as a method of payment, and you can link your PayPal account to any number of bank accounts and credit cards.
  4. Backups, backups, backups. I know of many people who utilize the Find My Mac feature that allows you to locate and wipe your Mac if it's stolen. This is all well and good, but if you don't have a way to get your data back, what are you going to do then? Seriously. CrashPlan. Get it. 
So there are a few tips to help navigate this new reality that we live in. Even doing a couple of these things can help make your online experience much safer and secure. 

Comments

Popular posts from this blog

The beat goes on

Yesterday Apple revealed their long awaited entry into the streaming music field. They were able to do this quickly because of the acquisition of Beats last year, and the systems and intellectual property that came with that purchase. Considering that the music reveal was pretty much the only big news out of a pretty benign developer keynote, I'll take a few moments to talk about what I think about it. Apple was perhaps the defining company in the music revolution of the past 20 years. With the introduction of the iPod that revolutionized portable music, to the creation of the iTunes store and the eventual death of DRM, Apple has been at the forefront of digital music. This leadership comes with high expectations to continue to lead, and so many people have long questioned Apple not getting into the streaming music business quicker. For the past few years new companies have come forth to lead the change in the streaming music evolution. From Pandora and its ability to create un

Microsoft Surface Pro 3

So I've been a horrible blog author and have neglected this site for far to long. It's not that I haven't had anything to say, I've just neglected to say it. So with an attempt to get back on the wagon, here's some thoughts on Microsoft's announcement yesterday for it's Surface Pro 3. Despite being a minor Apple fanboy, the most interesting company to watch, in the personal computing space right now, is Microsoft. With the departure of Steve Ballmer, and the rise of Satya Nadella, it has been an interesting 9 months for one of the founding pioneers of personal technology. Many agree that Windows 8 has not lived up to what Microsoft would like it to be. They made a bold attempt to redefine how users interact with their computers, and merge the tablet and desktop experience. However, that experiment, by most accounts, has failed. This is a common pattern for Microsoft however, alternating between a mediocre OS release, and then a stellar one. Therefore, it&#

Under the Surface of Microsoft

One of the big tech announcements recently, that caught the world by surprise, was the new Microsoft Surface tablet. Although many people expected some sort of tablet annoucement, I don't think anyone thought that Microsoft would pull out a full-on iPad competitor, complete with massive innovations in design and functionality. My first impression of Surface is that it's a really great piece of technology, and things like the built-in kickstand, and the smart-cover-like touch keyboard are really inventive. Since I'm writing this on an iPad with a wireless keyboard, I know there are plenty of times when the marriage of an old-school physical keyboard input method with modern touch screen interfaces results in something even better :) The thing I wanted to comment on though wasn't the introduction of new hardware, because I think that story is still evolving, and Microsoft's involvement with it's OEM's could be quite the fireworks show. What I want to ramble