Skip to main content

Hack! Slash! Burn! Crush!!

The big tech news story of the weekend was the hacked account of Mat Honan. As documented in his posting on Wired.com, in the space of a few hours his digital life was in shambles. And as much as we always talk about strong passwords, etc., this was not a case of password failure. It was a case that shows just how our desire for on-demand, cloud based services that are convenient can come back to haunt us.

I highly suggest you go read all 4 pages of the article, but the quick summary is that a hacker wanted control of Mr. Honan's Twitter account. In order to get it, they started with basic social scouting, and proceeded to use all of the built-in tools of Google, Amazon and Apple to gain access to his accounts without ever needing to crack a single password. At Google they discovered what his Apple ID e-mail address was when they did a simple "Forgot my password" query. Then at Amazon, they called up customer service and game'd the system to get access to the last 4 digits of his credit cards he had on file there. Once they had that info, they were able to call Apple and convince the support person that he needed to have his password reset. They had the last 4 digits of his credit card, which was all Apple required to validate the account. At this point they were able to remote wipe his iPhone, iPad and Mac Book Pro. Since they already had his Google account, they didn't need to get his Apple account to find his twitter password, but they destroyed his Mac so that he would be delayed in getting back in.

First, it's important to realize that he made a tremendous error in judgement by not having a backup of his laptop. He lost years and years of data in one fell swoop, and there's only a remote chance that he'll be able to get it back. In this day and age, backups are cheap and easy, and online providers provide a great way to store your data somewhere safe with only a small impact. I HIGHLY recommend going and getting an account at CrashPlan and start feeling safer.

Apart from that faux pas the bigger issue comes in how much data we all have online, and how it can be used to manipulate us, no matter how safe we think we are. In fact, even I was recently targeted with some sort of Skype attack that took over my account and charged up a bunch of international calls before it was caught and turned off. I utilize strong passwords, so I'm not sure how they got in, but my big mistake was letting Skype have a credit card number for no good reason. I almost never use their service for anything but toll-free calls, but I got lazy.

One thing we have very little control over is how businesses handle our account data. As shown in this hacking case, both Amazon and Apple had major holes that only took a phone call to break through. Why do these holes exist? Because companies don't ever want a lost password to impede your ability to spend money. By the same token we don't ever want a lost password to ever stop us from getting what we want. I remember many years ago I had forgotten my eBay password, and despite continuously hitting the "Send me a new password" button, their system was too slow and overloaded, and I missed out on an auction because I couldn't get in to the system in time.

On the flip-side, something we DO have a lot of control over is how much data we let companies, that we do business with, have access to. Sometimes this requires us to give up some speed and convenience, but if it protects us in the long run, isn't it worth it? So here's a couple of tips that you can consider using for your online security. I'll admit that some of them I'm not good at following myself, but even acting on some of these can help prevent getting your digital life compromised.

  1. Have a strong password strategy. If you have a common password you use on bulletin boards and other simple sites, DON'T use it on any site that has access to any of your financial information.
  2. Think twice about clicking the "save my credit card" button. How much time do you really save by not having to enter your credit card every time you want to make a purchase?
  3. Consider using something like PayPal. This shields your bank and credit card information with another layer of access. Many sites, and even iTunes will accept a PayPal account as a method of payment, and you can link your PayPal account to any number of bank accounts and credit cards.
  4. Backups, backups, backups. I know of many people who utilize the Find My Mac feature that allows you to locate and wipe your Mac if it's stolen. This is all well and good, but if you don't have a way to get your data back, what are you going to do then? Seriously. CrashPlan. Get it. 
So there are a few tips to help navigate this new reality that we live in. Even doing a couple of these things can help make your online experience much safer and secure. 

Comments

Popular posts from this blog

I love typing on my iPad

Ok, before you think I've gone crazy and suddenly believe I like smacking away at a non-responsive touch-screen, let me clarify that title... "I love typing on my bluetooth keyboard on my iPad." Like many people, I took the plunge and got a wireless keyboard for my iPad, because for any serious typing work, you really can't beat the smooth responsiveness of the Apple Wireless keyboard. But, just to clarify things further, it's not the bluetooth keyboard that is the reason I love typing on my iPad. Let's correct that title one more time... "I love writing on my bluetooth keyboard on my iPad." There we go, that's better, and it gets to the heart of what I wanted to share in this post. I'm going to make a bold statement, which I'm sure tons of people will find issue with, but here is it. The iPad is a perfect writing tool. Ya, that's right. I just said that a small 10 inch device that you need to purchase an additional keyboard for

I don't have a wood shop...

It's been a few weeks since my last entry on this site, and there's been a good reason. No, it's not because there hasn't been anything interesting to write about, I certainly didn't take advantage of many good opportunities to write about tech news. It has been for a simple, somewhat silly reason. The new Warcraft expansion launched. I hear the groans now, all the way through the ether. People screaming "Oh no... he's one of THEM!" Well, sorry to disappoint, but yes, I am "one of them". But, some clarification is in order. I don't abandon my family to play WoW, I get my work done, I don't call in sick, etc., etc.,. However, it does bring up an interesting new phenomenon in our modern society. Gaming as a hobby. It's long been a staple of adult life to fill our time with hobbies and pastimes that give us something to do beyond work, but yet challenge us a bit mentally or physically. Video gaming has been around only a few deca

Where in the world am I?

This week saw the launch of iOS6, the latest in Apple's mobile operating system iterations. For the most part, it's been a decent incremental upgrade, with lots of new little tweaks, such as Facebook integration, and the ability to update applications without inputing a password. However, the big feature that's been getting all the press is the new mapping app. In Apple's bid to rid themselves of Google "taint", they decided to make their own mapping service, but I think it's become very apparent, that it's not as easy as it looks. Many places are mis-located, or labels are wrong (especially internationally), causing no end to the hilarity of people posting screenshots of mistakes. There's a reason why Google Maps is king, and it's based on why my friend Wes so aptly put forth, that Google is a data company, and Apple is not (yet). Providing good mapping data requires good... well... data. Google has it. Apple, and other competitors don't