Skip to main content

Hack! Slash! Burn! Crush!!

The big tech news story of the weekend was the hacked account of Mat Honan. As documented in his posting on Wired.com, in the space of a few hours his digital life was in shambles. And as much as we always talk about strong passwords, etc., this was not a case of password failure. It was a case that shows just how our desire for on-demand, cloud based services that are convenient can come back to haunt us.

I highly suggest you go read all 4 pages of the article, but the quick summary is that a hacker wanted control of Mr. Honan's Twitter account. In order to get it, they started with basic social scouting, and proceeded to use all of the built-in tools of Google, Amazon and Apple to gain access to his accounts without ever needing to crack a single password. At Google they discovered what his Apple ID e-mail address was when they did a simple "Forgot my password" query. Then at Amazon, they called up customer service and game'd the system to get access to the last 4 digits of his credit cards he had on file there. Once they had that info, they were able to call Apple and convince the support person that he needed to have his password reset. They had the last 4 digits of his credit card, which was all Apple required to validate the account. At this point they were able to remote wipe his iPhone, iPad and Mac Book Pro. Since they already had his Google account, they didn't need to get his Apple account to find his twitter password, but they destroyed his Mac so that he would be delayed in getting back in.

First, it's important to realize that he made a tremendous error in judgement by not having a backup of his laptop. He lost years and years of data in one fell swoop, and there's only a remote chance that he'll be able to get it back. In this day and age, backups are cheap and easy, and online providers provide a great way to store your data somewhere safe with only a small impact. I HIGHLY recommend going and getting an account at CrashPlan and start feeling safer.

Apart from that faux pas the bigger issue comes in how much data we all have online, and how it can be used to manipulate us, no matter how safe we think we are. In fact, even I was recently targeted with some sort of Skype attack that took over my account and charged up a bunch of international calls before it was caught and turned off. I utilize strong passwords, so I'm not sure how they got in, but my big mistake was letting Skype have a credit card number for no good reason. I almost never use their service for anything but toll-free calls, but I got lazy.

One thing we have very little control over is how businesses handle our account data. As shown in this hacking case, both Amazon and Apple had major holes that only took a phone call to break through. Why do these holes exist? Because companies don't ever want a lost password to impede your ability to spend money. By the same token we don't ever want a lost password to ever stop us from getting what we want. I remember many years ago I had forgotten my eBay password, and despite continuously hitting the "Send me a new password" button, their system was too slow and overloaded, and I missed out on an auction because I couldn't get in to the system in time.

On the flip-side, something we DO have a lot of control over is how much data we let companies, that we do business with, have access to. Sometimes this requires us to give up some speed and convenience, but if it protects us in the long run, isn't it worth it? So here's a couple of tips that you can consider using for your online security. I'll admit that some of them I'm not good at following myself, but even acting on some of these can help prevent getting your digital life compromised.

  1. Have a strong password strategy. If you have a common password you use on bulletin boards and other simple sites, DON'T use it on any site that has access to any of your financial information.
  2. Think twice about clicking the "save my credit card" button. How much time do you really save by not having to enter your credit card every time you want to make a purchase?
  3. Consider using something like PayPal. This shields your bank and credit card information with another layer of access. Many sites, and even iTunes will accept a PayPal account as a method of payment, and you can link your PayPal account to any number of bank accounts and credit cards.
  4. Backups, backups, backups. I know of many people who utilize the Find My Mac feature that allows you to locate and wipe your Mac if it's stolen. This is all well and good, but if you don't have a way to get your data back, what are you going to do then? Seriously. CrashPlan. Get it. 
So there are a few tips to help navigate this new reality that we live in. Even doing a couple of these things can help make your online experience much safer and secure. 

Popular posts from this blog

Push it... push it real good...

The other day I got a chance to play with the new Apple force touch trackpad. This is a new design that Apple has put on their laptops for non-mechanized clicking on trackpad. When you press on the trackpad it senses the force that you're pressing with, and when you reach a certain level, you feel a 'click'. If you keep pressing, you feel a second 'click'. The unique thing is that these 'clicks' aren't physical in nature. The trackpad never moves at all, but the click that you feel is from haptic feedback. In essence, when you press with enough force, the trackpad clicks back at you. You feel the sensation of clicking, but it's simply the trackpad responding to your pressure.

I got to play with this for a while, since the Apple Store rep was talking with us about soccer, and after a short bit I was getting the hang of it. I feel that it would take quite a bit longer though to really feel comfortable with this new paradigm. I'm someone who has a …

The beat goes on

Yesterday Apple revealed their long awaited entry into the streaming music field. They were able to do this quickly because of the acquisition of Beats last year, and the systems and intellectual property that came with that purchase. Considering that the music reveal was pretty much the only big news out of a pretty benign developer keynote, I'll take a few moments to talk about what I think about it.

Apple was perhaps the defining company in the music revolution of the past 20 years. With the introduction of the iPod that revolutionized portable music, to the creation of the iTunes store and the eventual death of DRM, Apple has been at the forefront of digital music. This leadership comes with high expectations to continue to lead, and so many people have long questioned Apple not getting into the streaming music business quicker.

For the past few years new companies have come forth to lead the change in the streaming music evolution. From Pandora and its ability to create uniqu…

CES 2015 quick notes

One of the fun technology events every year is the Consumer Electronic Show. I've never had the opportunity to attend this in person, but maybe now that I have family in Vegas I should try and make it out some year. CES is a huge event that highlights some of the cool and crazy stuff that all the big consumer electronics companies are working on, and attempting to bring to market. Since I've been laid up sick for the past day and a half, I've been catching up on the news feeds of all the stuff that's currently coming out.

Although CES isn't strictly laptop and computer focused, computer companies still play a major role. This year, I'm seeing a lot of emphasis on thin and light computing devices. ASUS and Lenovo have both released some exceptionally light weight laptops, and hybrid tablets, that give the MacBook Air line a run for it's money. Additionally, HP is building off the success of it's Stream line of Chromebook competitors with an HP Stream Min…