Apple, Amazon Close Holes that Allowed Honan Hack

Status
Not open for further replies.

jhansonxi

Distinguished
May 11, 2007
1,262
0
19,280
0
Most people learn the basics of this hack when they are kids - playing one parent against the other. Quite an interesting logical extension of it.
 

internetlad

Distinguished
Jan 23, 2011
1,080
0
19,310
10
fantastic use of social engineering. They knew how to manipulate the weak links (humans) to get the info they needed.

It's a shame when a good portion of the scams and malicious software installations we see are directly related to the user clicking on something stupid because it tells them they have an infection, etc.
 
G

Guest

Guest
Just goes to show as another example of how cloud systems are not proving themselves as safe.
 

ddpruitt

Honorable
Jun 4, 2012
1,109
0
11,360
45
Has it occurred to anyone that Apple stores passwords as plain-text? I think they have bigger issues than just giving out passwords over the phone, they need a top down security audit.
 

teh_chem

Honorable
Jun 20, 2012
902
0
11,010
17
[citation][nom]ddpruitt[/nom]Has it occurred to anyone that Apple stores passwords as plain-text? I think they have bigger issues than just giving out passwords over the phone, they need a top down security audit.[/citation]
It was discovered that apple stores passwords in plain text?
 

koga73

Distinguished
Jan 23, 2008
405
0
18,780
0
I would think that Apple uses hashed passwords and probably just reset his pass to something new temporarily... However if this is the case then how did the hackers gain access to his gmail account unless Apple read his original plain text password to the hackers?

"Because Honan's AppleID was linked to his Gmail account, the hacker was able to change that password"
 

hax0red

Honorable
Aug 8, 2012
2
0
10,510
0
We called this social engineering back on AOL in late 90's early 2,000's. We used to do the same, 3 letters(shortest AOL screen name you could have without an exploit) considered "elite" lol. Internal AOL accounts were the biggest prize as it gave you the power of god in the AOL chats....so sad. lol.

They eventually went to RSA secureid which stopped the internal AOL account pursuit short of having them sub7'd in which you could log their key presses @ login.
 

lathe26

Distinguished
Apr 15, 2010
119
0
18,680
0
The last 4 digits of your credit card have NEVER been secure. Almost every account I have where I pay a business via credit card displays these. Many receipts emailed to me have the last 4 digits. All of my paper receipts have the last 4 digits. Seriously, what were they thinking?
 
G

Guest

Guest
I think the term manipulator is more appropriate than hacker. There was no hacking involved.
 

Camikazi

Distinguished
Jul 20, 2008
1,405
1
19,315
5
[citation][nom]hax0red[/nom]We called this social engineering back on AOL in late 90's early 2,000's. We used to do the same, 3 letters(shortest AOL screen name you could have without an exploit) considered "elite" lol. Internal AOL accounts were the biggest prize as it gave you the power of god in the AOL chats....so sad. lol. They eventually went to RSA secureid which stopped the internal AOL account pursuit short of having them sub7'd in which you could log their key presses @ login.[/citation]
OMG sub7, I had so many accounts and passwords cause of that awesome program and some sneaky talking :)
 

Vorador2

Distinguished
Jun 26, 2007
462
2
18,785
0
The most terrible thing is that the hackers didn't used any zero day exploit nor sophisticated approach. They just phoned support posing as the owner of the account and using some clever talking. Social engineering at it finest.

Like almost always, the weakest link in the security chain is the human link.
 
G

Guest

Guest
I don't understand how the "hacker" got his gmail password. "Because Honan's AppleID was linked to his Gmail account, the hacker was able to change that password, and gain access to his Twitter account before deleting his Google account altogether."
 

rantoc

Distinguished
Dec 17, 2009
1,859
0
19,780
0
As for Apple, the company originally told Honan that his was a case of both the customer's data being compromised by a person who had acquired personal information and internal Apple policies not being followed completely. However, Honan said in his Wired post that he was able to verify the hackers' access technique by performing it on a different account. Not only that, but AppleCare staff told him twice that billing address and last-four-digits were enough to verify someone's identity.
The company i would expect all out lies from, the above just enforces it. A company so arrogant that they lie their customers right in the face even when they are at fault clearly deserves no customers! Only a fool would believe in them!
 

andrew_b

Honorable
Jul 23, 2012
3
0
10,510
0
I don’t know what type of wake-up call companies need kick this complacent attitude to authentication and passwords. There is an increasing need for people to be better educated on this matter. I was just reading a blog article on telesign.com that that brought out a couple more ideas to protect our accounts. You might like to take a look.
 

mamailo

Distinguished
Oct 13, 2011
166
0
18,690
1
[citation][nom]rantoc[/nom]The company i would expect all out lies from, the above just enforces it. A company so arrogant that they lie their customers right in the face even when they are at fault clearly deserves no customers! Only a fool would believe in them![/citation]

Apple customers are safe from Zombies , because of their lack of brains
 
Status
Not open for further replies.

ASK THE COMMUNITY

TRENDING THREADS