Skip to main content

Hack! Slash! Burn! Crush!!

The big tech news story of the weekend was the hacked account of Mat Honan. As documented in his posting on Wired.com, in the space of a few hours his digital life was in shambles. And as much as we always talk about strong passwords, etc., this was not a case of password failure. It was a case that shows just how our desire for on-demand, cloud based services that are convenient can come back to haunt us.

I highly suggest you go read all 4 pages of the article, but the quick summary is that a hacker wanted control of Mr. Honan's Twitter account. In order to get it, they started with basic social scouting, and proceeded to use all of the built-in tools of Google, Amazon and Apple to gain access to his accounts without ever needing to crack a single password. At Google they discovered what his Apple ID e-mail address was when they did a simple "Forgot my password" query. Then at Amazon, they called up customer service and game'd the system to get access to the last 4 digits of his credit cards he had on file there. Once they had that info, they were able to call Apple and convince the support person that he needed to have his password reset. They had the last 4 digits of his credit card, which was all Apple required to validate the account. At this point they were able to remote wipe his iPhone, iPad and Mac Book Pro. Since they already had his Google account, they didn't need to get his Apple account to find his twitter password, but they destroyed his Mac so that he would be delayed in getting back in.

First, it's important to realize that he made a tremendous error in judgement by not having a backup of his laptop. He lost years and years of data in one fell swoop, and there's only a remote chance that he'll be able to get it back. In this day and age, backups are cheap and easy, and online providers provide a great way to store your data somewhere safe with only a small impact. I HIGHLY recommend going and getting an account at CrashPlan and start feeling safer.

Apart from that faux pas the bigger issue comes in how much data we all have online, and how it can be used to manipulate us, no matter how safe we think we are. In fact, even I was recently targeted with some sort of Skype attack that took over my account and charged up a bunch of international calls before it was caught and turned off. I utilize strong passwords, so I'm not sure how they got in, but my big mistake was letting Skype have a credit card number for no good reason. I almost never use their service for anything but toll-free calls, but I got lazy.

One thing we have very little control over is how businesses handle our account data. As shown in this hacking case, both Amazon and Apple had major holes that only took a phone call to break through. Why do these holes exist? Because companies don't ever want a lost password to impede your ability to spend money. By the same token we don't ever want a lost password to ever stop us from getting what we want. I remember many years ago I had forgotten my eBay password, and despite continuously hitting the "Send me a new password" button, their system was too slow and overloaded, and I missed out on an auction because I couldn't get in to the system in time.

On the flip-side, something we DO have a lot of control over is how much data we let companies, that we do business with, have access to. Sometimes this requires us to give up some speed and convenience, but if it protects us in the long run, isn't it worth it? So here's a couple of tips that you can consider using for your online security. I'll admit that some of them I'm not good at following myself, but even acting on some of these can help prevent getting your digital life compromised.

  1. Have a strong password strategy. If you have a common password you use on bulletin boards and other simple sites, DON'T use it on any site that has access to any of your financial information.
  2. Think twice about clicking the "save my credit card" button. How much time do you really save by not having to enter your credit card every time you want to make a purchase?
  3. Consider using something like PayPal. This shields your bank and credit card information with another layer of access. Many sites, and even iTunes will accept a PayPal account as a method of payment, and you can link your PayPal account to any number of bank accounts and credit cards.
  4. Backups, backups, backups. I know of many people who utilize the Find My Mac feature that allows you to locate and wipe your Mac if it's stolen. This is all well and good, but if you don't have a way to get your data back, what are you going to do then? Seriously. CrashPlan. Get it. 
So there are a few tips to help navigate this new reality that we live in. Even doing a couple of these things can help make your online experience much safer and secure. 

Comments

Popular posts from this blog

The beat goes on

Yesterday Apple revealed their long awaited entry into the streaming music field. They were able to do this quickly because of the acquisition of Beats last year, and the systems and intellectual property that came with that purchase. Considering that the music reveal was pretty much the only big news out of a pretty benign developer keynote, I'll take a few moments to talk about what I think about it. Apple was perhaps the defining company in the music revolution of the past 20 years. With the introduction of the iPod that revolutionized portable music, to the creation of the iTunes store and the eventual death of DRM, Apple has been at the forefront of digital music. This leadership comes with high expectations to continue to lead, and so many people have long questioned Apple not getting into the streaming music business quicker. For the past few years new companies have come forth to lead the change in the streaming music evolution. From Pandora and its ability to create un

The Great Experiment

Recently, a tech journalist that I've followed for many years, and who is an Apple fanboy, posted a series talking about why he switched from an iPhone to an Android phone . It's a good read, and worth the time to see why he made the decision he did. Since I have a Verizon Galaxy Nexus sitting on my desk as a Wi-Fi device, I thought, "What the heck, let's give this a go for a week." So for the past week I've shelved my trusty iPhone 5 and have delved deep into the world of stock Android 4.1. So in the spirit of "copying is the sincerest form of flattery" here's my write-up of my experiences with Google's mobile OS. First, I need to make one caveat. After using the Nexus for a week I have to say that I do NOT like this device. It constantly loses 4G signal, and the battery life almost makes it unusable. I could barely make it to lunch before I was at 20-30% battery. So in the spirit of fairness, if I truly wanted to switch full time to Andro

CES 2013

This past week was a big week for the tech industry, with the holding of the Consumer Electronics Show 2013. Recent years have been a bit 'meh', but this year really had some interesting tech show up. In particular the theme seemed to be changes coming to our living room TV's. Much of what we saw this year revolved around ways to get entertainment to our TV's with set top boxes that tie into other services, or all new TV technology like 4k (Ultra High Defenition). Personally, I'm less excited about UHD, since I just bought a new TV, and am quite happy with it. Plus, I don't think we have the internet bandwidth for UHD content yet. The really cool advances are less technological for me, but structural. One of the things I love about internet delivered entertainment, is the ability to control what you watch a LOT more than the old days of flipping cable channels. I love the idea of discovering a new show, downloading an entire season and devouring it as quickl