I read about this earlier today. Long before today I decided never to
trust anything to a cloud. I made this decision because of all the
accounts I've read over the years of hackers breaking into corporate
systems and stealing passwords, credit card numbers and so on. Also the
recent failure of cloud services due to power failures back east
reinforced my suspicion of "the cloud". What good is the data to you if
you can't get to it due to a power or equipment failure?
I've long believed it's a smart move to backup anything important you're
going to put on a laptop or other portable device. It's too easy for
any of these portable devices to get lost, stolen or damaged. I did
read a few years ago that Google keeps a copy of mail in your gmail
account even if you delete it. If that's true today, Mat should be able
to contact Google and get his mail back.
I'm no expert, but I would not suggest trusting anything to a cloud.
Sure, encrypt your data before sending to the cloud, but also keep a
copy where you can get to it. If it's really important, keep a copy
somewhere besides your home, a safe deposit box perhaps.
On 8/6/2012 22:58, der.hans wrote:
moin moin,
Wired reporter Mat Honan lost almost all of his data. It took hackers an
hour to take over his Gmail, Amazon, Apple and Twitter accounts. Along
the
way they deleted all the data on his phone, his tablet and his laptop (
all Apple products using one stop deletion from Apple ). They also
deleted
his Gmail account and all 8 years of his email.
Do you allow the cloud to delete your data?
Do you store email addresses and physical addresses in your contact
list? Do those people use that same email address for banking? Online
shopping? Social networking?
Do other people store the email address you use for banking alongside
your physical address?
See my presentation Thursday on "Online security, privacy and password
management" for tips and tricks on how to keep this from happening to
you.
http://PLUG.phoenix.az.us/meetings/14-east-valley-meeting/89-plug-east-meeting-for-aug-9.html
Oh, and make sure you have off-cloud backups of important data!
Here's the longish story:
http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/
Below are some choice quotes:
###
In many ways, this was all my fault. My accounts were daisy-chained
together. Getting into Amazon let my hackers get into my Apple ID
account,
which helped them get into Gmail, which gave them access to Twitter.
###
###
After coming across my account, the hackers did some background
research. My Twitter account linked to my personal website, where they
found my Gmail address. Guessing that this was also the e-mail address
I used for Twitter, Phobia went to Google's account recovery page. He
didn't even have to actually attempt a recovery. This was just a recon
mission.
###
###
"You honestly can get into any email associated with apple," Phobia
claimed in an e-mail. And while it's work, that seems to be largely
true.
###
###
First you call Amazon and tell them you are the account holder, and want
to add a credit card number to the account. All you need is the name on
the account, an associated e-mail address, and the billing address.
Amazon
then allows you to input a new credit card. (Wired used a bogus credit
card number from a website that generates fake card numbers that conform
with the industry's published self-check algorithm.) Then you hang up.
###
### And it's also worth noting that one wouldn't have to call Amazon to
pull this off. Your pizza guy could do the same thing, for example. If
you have an AppleID, every time you call Pizza Hut, you've giving the
16-year-old on the other end of the line all he needs to take over your
entire digital life.
###
### They could have used my e-mail accounts to gain access to my online
banking, or financial services. They could have used them to contact
other people, and socially engineer them as well. As Ed Bott pointed
out on TWiT.tv, my years as a technology journalist have put some very
influential people in my address book. They could have been victimized
too.
###
ciao,
der.hans
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
