Main Area and Open Discussion > Living Room
Hacked "hard" via the cloud.
NigelH:
A warning about having multiple interlinked devices and accounts.
hacked really hard
mouser:
wow. scary.
NigelH:
Must admit, the remote wipe could be useful in certain circumstances.
But why was there no mandatory additional authentication to proceed with it?
Seems like just being just being logged in to the iCloud account was sufficient.
I own none of that particular vendors devices, nor use none of their services.
Don't intend to either, although MS seem to be heading down the wrong track.
wraith808:
I don't have remote wipe setup on my mbp. That seemed quite silly at the time- to treat something that has a hard drive the same as something that doesn't. I'm glad now that I don't.
Renegade:
Ouch! That's gotta hurt!
Looking at the comments... Cripes... Go figure. They degenerate immediately. I think there was only 1 there that was worthwhile reading and not just full of vitriol and arrogance.
Here's the worthwhile one:
Spoiler1. I seriously doubt that the hacker brute forced the iCloud account password. iCloud (as does Google) allows for only a limited number of password attempts before locking up. Then you have to answer two of three security questions (the two factor authentication). Therefore, unless you use an extremely easy password to guess, brute force is going to fail since it will take too much time to do.
2. MORE LIKELY: The Hacker is someone the person knows who then got access to his password or someone who used a keylogger. With a keylogger, if you ever log into any of your accounts on someone else's computer or public terminal, you are screwed immediately.
3. Since the iCloud account was used as the person's central account, any other account which uses that central account as the backup email address (such as his Google and Twitter accounts) became vulnerable to a password resent request.
4. The Hacker easily gained access to his Gmail Account and Twitter Account even without knowing the password by simply knowing those accounts' backup addresses and sending a password reset request. This shows that Gmail and Twitter are also not very secure.
5. Remote Wipe is a good thing. The only problem is if a Hacker gains access to the account that can do a remote wipe, you can be remote wiped. Thus, to guard against this possibility, always do backups of your data.
6. Backups are clearly important. If the person used Time Machine AND another app (such as ChronoSync) to do hourly backups AUTOMATICALLY AND WITHOUT SUPERVISION, then he would only lose 1 hour of work.
7. Using only one backup email address is bad. This can occur not only with iCloud but also Google and any other email accounts. The key is that the person used his iCloud account as the backup email account for every other account he had - his Google account, his Twitter account, etc. This links these other accounts to the original account. This problem is the same if he used his Gmail account as his primary backup account. It isn't limited to using Apple's iCloud account. Using only one email as the primary backup account makes every other account linked to it insecure and accessible because all these other accounts are easy to access via a password request - Google, Twitter are easily accessed.
8. Strong passwords and regularly changing passwords are important. This helps protect against keyloggers and people you know from accessing your account if they don't do it immediately. Being able to mix numbers, capital letters, and small letters helps make the password more secure. Being able to add symbols (e.g. !
or *, etc.) to the password increases security even more.
The most important lessons:
1. any account can be hacked.
2. backup, backup, backup, backup, backup, backup,...
--- End quote ---
Navigation
[0] Message Index
[#] Next page
Go to full version