Apple Support Gives Hacker Access to Blogger's iCloud

Page 2 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
Status
Not open for further replies.
[citation][nom]NoMoreTrolls[/nom]No. I'm saying that making comments (like yours) about Apple's hardware, alleged antenna issues etc. in a thread about a social engineering attack are completely irrelevant and borderline trolling.[/citation]

A- The antenna issues were not just "alleged". They are very well documented (and fixed in the iPhone 4S) on web sites that are not biased against Apple (like Anandtech).
B- Summing up my comments as "Apple Sux lul" is a complete straw man attack. I did not imply that (much less in those err... words?). I pointed out that it indeed was a social engineering attack that did expose a flaw in the iCloud platform. It turns out you'd much rather accuse anyone who points this out of being a stupid troll than actually reading the comments. Much like... a troll would.
C- This is your second post with a DIFFERENT user id with the name "Troll" in it. I am not surprised.
 
Lots of ignorant haters coming out and hating for no reason. The guy was the victim of a social engineering attack; this "vulnerability" had nothing to do with the hardware platform.

It's really not that hard to crack people's security questions if they have a reasonable online footprint. You Android trolls need to get over yourselves and quit hating.

I know it's fun to root for the underdog and hate whoever is on top, but it's getting to be old and childish, and this site needs to warn or ban about half of its users over the stupid and incessant trolling.
Click to expand...

For someone asking for an intelligent conversation you missed the point. Security is from top to bottom, you can't look at only one aspect. Since Apple keeps the system closed to everyone but themselves THEY are responsible for the security of the entire system, from the hardware to the software to the people that work with it. Credit card numbers are blanked on receipts and statements so they aren't inadvertently given away during a social engineering attack. Security questions are easy, but I work in an environment were these types of attacks are common. There are a number of ways to prevent them (phone number matching, preventing the rep from seeing the answer, etc), Apple obviously doesn't use them. Androids open system makes it more difficult for an issue like this to occur, because "Given enough eyeballs, all bugs are shallow."

It's issues like these that point out the fact that Apple isn't all some people make it out to be is what prompts the responses. Your "intelligent" commentary proves the point.
 
WELCOME TO THE CLOUD!
ALL YOUR CLOUD BELONG TO US!

can't wait until this happens to obama. it's all fun and games until somebody gets a nuke down the pipe!
hopefully they wiped out his bank accounts too. would like to see this hit the front page of news papers why everything online is not always gold.
 
This is what happens when you cater to the lowest common denominator. When a consumer's consumption is more intelligent than they are, and still fails, one can only blame the consumer for making such poor choices in their product selection.

It's not Apple's fault this person was hacked. It's the person's fault for thinking Apple or uCloud was worth buying in the first place. Technology isn't a popularity contest.
 
[citation][nom]lordstormdragon[/nom]This is what happens when you cater to the lowest common denominator. When a consumer's consumption is more intelligent than they are, and still fails, one can only blame the consumer for making such poor choices in their product selection.It's not Apple's fault this person was hacked. It's the person's fault for thinking Apple or uCloud was worth buying in the first place. Technology isn't a popularity contest.[/citation]

I agree with you but I have to say Apple has fault for not placing any security layers between there products. I mean its great to have all your "stuff" together in one easy and accessible point but there should be a point of demarcation. Like the banks monitoring there customers, any spike in activity would set off a red flag so all there accounts don't get drained. In this case, his iphone, ipad, and macbook.
 
The moral here is to get a PogoPlug, nettop, thin client or old PC and a copy of Linux and make your own email server and use OwnCloud for your own cloud service. That way you get all the convenience of the cloud without any security vulnerabilities (other than yourself). No one will reset your account, terminate it do to obscure TOS, share your information, go bankrupt and disappear with your files, hand over your data without a warrant, etc. Meanwhile there are open source replacements for all the cloud webmail, syncing, docs, etc. services.
 
[citation][nom]NoMoreTrolls[/nom]I forgot; it is easier to get up votes by saying "crapple sux".[/citation]
Mate, people up-vote if they agree. You commented in a public news forum where people don't agree with you, it happens. Its nothing to get upset about, your comment has not been blocked from people reading so suck it in. But you really shouldn't post under multiple user names, makes us folk wonder if you have a hundred accounts to abuse the voting system?
 
And if Apple wants to be so closed about security problems and trick users into thinking Apple products are hack/virus free, well they (and their supporters that defend said practises) deserve their fair share of comments over social media. Imagine this happening with your bank account...
 
Apparently people don't even have to hack an Apple account, they just call Apple support and get all the account details at once. Apple seems to be an amazingly good Shepard, let the wolf in to wreak havoc whenever it wants to in their sheep pen!

If the company wants a closed system for its users due to "security" they should at least not leave the key in the door!
 
You only have to have basic skills to hack a phone running android, and decent phone skills to get customer service to hack a iphone. Both fail.
 
[citation][nom]ddpruitt[/nom]For someone asking for an intelligent conversation you missed the point. Security is from top to bottom, you can't look at only one aspect. Since Apple keeps the system closed to everyone but themselves THEY are responsible for the security of the entire system, from the hardware to the software to the people that work with it. Credit card numbers are blanked on receipts and statements so they aren't inadvertently given away during a social engineering attack. Security questions are easy, but I work in an environment were these types of attacks are common. There are a number of ways to prevent them (phone number matching, preventing the rep from seeing the answer, etc), Apple obviously doesn't use them. Androids open system makes it more difficult for an issue like this to occur, because "Given enough eyeballs, all bugs are shallow."It's issues like these that point out the fact that Apple isn't all some people make it out to be is what prompts the responses. Your "intelligent" commentary proves the point.[/citation]
...pwned.
I know, a low-level comment, but maybe he can understand that. I doubt he can process an intelligent answer like yours, since he can't even remember his own username from one post to the next. Poor sap, he didn't even notice that nobody mentioned Android in their comments, and that makes his two posts the pure definition of trolling.
 
Apple customer service reps are going to have a few more training seminars. Since this happen to a somewhat known tech blogger, someone is going to probably get fired. It is pretty ridiculous that this could happen at Apple, tho we are probably not getting all the information about this subject.
 
[citation][nom]NoMoreTrolls[/nom]I forgot; it is easier to get up votes by saying "crapple sux".[/citation]

CRAPPLE SUX!
 
The funny part about this is that no iSheep will belive this and they would even blame the person being hacked for being hacked 😀
 
John...

Sorry hater but not all Apple users are dumb arse liberals. Rush Limbaugh uses them as do I and many other conservatives who are not brain dead libtards. OS X is a great OS.
Click to expand...

That's just pathetic. Stop, son, you're killing us all with the irony.
 
[citation][nom]AndroidUsersAreTROLLS[/nom]Lots of ignorant haters coming out and hating for no reason. The guy was the victim of a social engineering attack; this "vulnerability" had nothing to do with the hardware platform.It's really not that hard to crack people's security questions if they have a reasonable online footprint. You Android trolls need to get over yourselves and quit hating. I know it's fun to root for the underdog and hate whoever is on top, but it's getting to be old and childish, and this site needs to warn or ban about half of its users over the stupid and incessant trolling.[/citation]

This is what you get when you hire incompetent foreigners to manage your call centers.
 
[citation][nom]otacon72[/nom]I will never use cloud anything. Will never use iOS and will never use Android after I read about a back door that can be accessed over the air.[/citation]

You're sticking with the complete safety and security of your Windows or OS X desktop. 🙂
 
LOL at the idiots yapping without knowing the full story. Now the truth has come out, and here's how they got access:

The hackers got his Gmail from his personal website. They also did a WHOIS to get his billing address. They went to the password rest page at Google and didn't even need to reset - they saw the e-mail for his alternate contact (some letters blocked out, but they were able to guess those and since it was an @me account it verified he had an Apple ID. They contacted Amazon with his billing address and e-mail and added a new credit card number to his account. Not sure why Amazon would let you add a new CC number without fully verifying the caller, but they did. They then called back Amazon for a password reset.

Now get this: They called back Amazon to change their e-mail/reset their password. One of the pieces of ID they used was the credit card THEY JUST PROVIDED. They then reset the password and logged into his Amazon account. Looked at the credit cards on file (which shows the last 4 of the number).

With all this information they called Apple, provided the e-mail, billing address and last 4 digits of his credit card. Apple then let them reset the account.

So after hacking into Amazon first they were then able to fill in the pieces to fool an Apple tech support person to reset their password/account.


So much for all you idiots going on about how insecure Apple is when it was Amazon's security issues that game them the info they needed.
 
@ericburnby - All that shows is that Amazon's security is worse than Apple's. I would still expect that part of changing the password for iCloud would be security questions. Why do security questions/passwords usually state not to be something someone could easily find out, e.g. children's names etc? There's a number of ways that someone's credit card number can be lifted (mail, less secure websites, heck even stealing the guy's wallet!), and an address for a person is even easier to obtain.
Yes, Amazon may have also screwed up and led to the iNtrusion (lol c wut i did dere), but that doesn't excuse some Apple employee from not asking security questions.
 
[citation][nom]Wattsbo[/nom]@ericburnby - All that shows is that Amazon's security is worse than Apple's. I would still expect that part of changing the password for iCloud would be security questions. Why do security questions/passwords usually state not to be something someone could easily find out, e.g. children's names etc? There's a number of ways that someone's credit card number can be lifted (mail, less secure websites, heck even stealing the guy's wallet!), and an address for a person is even easier to obtain. Yes, Amazon may have also screwed up and led to the iNtrusion (lol c wut i did dere), but that doesn't excuse some Apple employee from not asking security questions.[/citation]

Really? show me the link cause without proof your post means nothing.
 
Status
Not open for further replies.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom