12 August 2012 | 11:49

Wired reporter hack reveals perils of digital age

viewings icon comments icon

ПОДЕЛИТЬСЯ

whatsapp button telegram button facebook button
Mat Honan. Photo courtesy of the age.com.au Mat Honan. Photo courtesy of the age.com.au

The perils of modern dependence on Internet-linked gadgets and digitally-stored memories remained a hot topic on Friday in the wake of a hack that wiped clean a Wired reporter's devices, AFP reports. Mat Honan laid out at wired.com in gripping detail how his "digital life was destroyed" right down to irreplaceable photos of his baby daughter. Honan next week is to share his quest to repair the damage. "The take-away from his bad experience is that people need to be careful with using an online service, especially a backup service," Lookout Mobile Security engineer Tim Strazzere told AFP on Friday. "The main part is to mitigate risk; he lost a lot of personal information." Basic hacker skills were combined with "social engineering," the art of sweet-talking someone like a customer service rep into bending rules during a phone call, to compromise Honan's Google, Twitter, and AppleID accounts. Honan told of his @mat Twitter handle apparently being the coveted prize for hackers who deleted his Gmail account and erased the data from his iPhone, iPad and MacBook laptop computer to hide their trail. The data-wiping feature was created by Apple to let people protect digital information if devices are lost or stolen. He said his Twitter account was used to fire off offensive messages. "In many ways, this was all my fault," Honan wrote. "My accounts were daisy-chained together." "But what happened to me exposes vital security flaws in several customer service systems, most notably Apple's and Amazon's." Hackers were able to get bits of information from Apple and Amazon tech support that helped them achieve their mission, according to Honan. Apple did not respond to an AFP request for comment, but reportedly gave Honan a statement saying his data was "compromised by a person who had acquired personal information about the customer." "In addition, we found that our own internal policies were not followed completely. We are reviewing all of our processes for resetting account passwords to ensure our customers' data is protected." The "daisy chain" mistake Honan described is especially perilous when it involves making links between work and personal accounts, according to Strazzere. An example would be using one's personal email address as the place to send password reset messages automatically generated by online services that require login information. Getting access to a personal email account could then give hackers keys to any password protected services someone uses - such as Twitter, Facebook or office email. "It is an interesting twist to the new age," Strazzere said. "These new capabilities are great tools, but it is a scary thing that if one gets compromised it can hurt you so much more." His recommendations included keeping work and personal online accounts separate, even going so far as to have "throw-away" Web-based email accounts for matters such as password resets. Pictures, documents or other data stored in the Internet "cloud" or on personal devices should be backed up as well as being encrypted. Some online services provide the option of "two-factor authentication" that tightens security on password resets. By Glenn Chapman

whatsapp button telegram button facebook button copyLink button
Иконка комментария блок соц сети
The perils of modern dependence on Internet-linked gadgets and digitally-stored memories remained a hot topic on Friday in the wake of a hack that wiped clean a Wired reporter's devices, AFP reports. Mat Honan laid out at wired.com in gripping detail how his "digital life was destroyed" right down to irreplaceable photos of his baby daughter. Honan next week is to share his quest to repair the damage. "The take-away from his bad experience is that people need to be careful with using an online service, especially a backup service," Lookout Mobile Security engineer Tim Strazzere told AFP on Friday. "The main part is to mitigate risk; he lost a lot of personal information." Basic hacker skills were combined with "social engineering," the art of sweet-talking someone like a customer service rep into bending rules during a phone call, to compromise Honan's Google, Twitter, and AppleID accounts. Honan told of his @mat Twitter handle apparently being the coveted prize for hackers who deleted his Gmail account and erased the data from his iPhone, iPad and MacBook laptop computer to hide their trail. The data-wiping feature was created by Apple to let people protect digital information if devices are lost or stolen. He said his Twitter account was used to fire off offensive messages. "In many ways, this was all my fault," Honan wrote. "My accounts were daisy-chained together." "But what happened to me exposes vital security flaws in several customer service systems, most notably Apple's and Amazon's." Hackers were able to get bits of information from Apple and Amazon tech support that helped them achieve their mission, according to Honan. Apple did not respond to an AFP request for comment, but reportedly gave Honan a statement saying his data was "compromised by a person who had acquired personal information about the customer." "In addition, we found that our own internal policies were not followed completely. We are reviewing all of our processes for resetting account passwords to ensure our customers' data is protected." The "daisy chain" mistake Honan described is especially perilous when it involves making links between work and personal accounts, according to Strazzere. An example would be using one's personal email address as the place to send password reset messages automatically generated by online services that require login information. Getting access to a personal email account could then give hackers keys to any password protected services someone uses - such as Twitter, Facebook or office email. "It is an interesting twist to the new age," Strazzere said. "These new capabilities are great tools, but it is a scary thing that if one gets compromised it can hurt you so much more." His recommendations included keeping work and personal online accounts separate, even going so far as to have "throw-away" Web-based email accounts for matters such as password resets. Pictures, documents or other data stored in the Internet "cloud" or on personal devices should be backed up as well as being encrypted. Some online services provide the option of "two-factor authentication" that tightens security on password resets. By Glenn Chapman
Читайте также
Join Telegram Последние новости
The Moon is calling: New lunar mission
Wolf attacked man in Atyrau region
Euronews office opened in Astana
Earthquake recorded in Zhambyl region
Tokayev sent telegram to Qatar’s Emir
A New Year gift guide for her
Tokayev expressed condolences to Macron
Bitcoin exchange rate hit a new record
EU expanded sanctions against Belarus
Kazhydromet warned residents of Almaty
Лого TengriNews мобильная Лого TengriSport мобильная Лого TengriLife мобильная Лого TengriAuto мобильная Иконка меню мобильная
Иконка закрытия мобильного меню
Открыть TengriNews Открыть TengriLife Открыть TengriSport Открыть TengriTravel Открыть TengriGuide Открыть TengriEdu Открыть TengriAuto

Exchange Rates

 523.95  course up  543.16  course up  5.1  course up

 

Weather

 

Редакция Advertising
Социальные сети
Иконка Instagram footer Иконка Telegram footer Иконка Vkontakte footer Иконка Facebook footer Иконка Twitter footer Иконка Youtube footer Иконка TikTok footer Иконка WhatsApp footer