ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Hacked "hard" via the cloud.

<< < (3/4) > >>

Stoic Joker:
I was surprised to read that the hacker "got in through Apple tech support and some clever social engineering that let them bypass security questions."  Huh? -cyberdiva (August 05, 2012, 08:29 AM)
--- End quote ---

Why? That is quite literally the oldest trick in the book. Scam artists have been using pieces of info to validate claims about one person to fool another since the beginning of time. A casual 5 minute conversation with anyone will glean enough info to do a google search for the rest of the details to answer security questions. ...And with folks putting their life story on FaceBook...the first two steps are academic.


Security question: High school mascot

Hay friend, where you from?? [Gets town name]

Really? I've got a friend/cousin/coworker who grew up there..said it was a nice place but their HS mascot sucked... [Answer: That's odd, what's wrong with xxxxx?] oops.

cyberdiva:
I was surprised to read that the hacker "got in through Apple tech support and some clever social engineering that let them bypass security questions."  Huh? -cyberdiva (August 05, 2012, 08:29 AM)
--- End quote ---

Why? That is quite literally the oldest trick in the book. Scam artists have been using pieces of info to validate claims about one person to fool another since the beginning of time. A casual 5 minute conversation with anyone will glean enough info to do a google search for the rest of the details to answer security questions. ...And with folks putting their life story on FaceBook...the first two steps are academic.
-Stoic Joker (August 05, 2012, 09:34 AM)
--- End quote ---
Well, I guess I was assuming that other people are as cautious/paranoid as I am.  I put next-to-no personal info on Facebook and don't use security questions that can be answered via a Google search.  At least, I don't think I do.  :o   I do tend to be more truthful when I deal with tech support, but I frankly can't imagine someone knowing enough about me to be able to get personal info about me from tech support.  

wraith808:
^ Hah... I'm with you.  When they give you a limited number of questions to choose from, I usually use a totally unrelated answer that I've related somehow to that question in my mind.

40hz:
I found this part of Matt's blog account most interesting:

Update Three: I know how it was done now. Confirmed with both the hacker and Apple. It wasn’t password related. They got in via Apple tech support and some clever social engineering that let them bypass  security questions. Apple has my Macbook and is trying to recover the data.
--- End quote ---

The fact Apple now has his MacBook and is attempting to recover his data speaks volumes.

Guess that alone is enough to remove anybody's doubt Apple's Tech Support fell for some social engineering.

Which goes back to something Gerry Weinberg once observed: It's never a technical problem. It's always a "people" problem. And anytime you find something thats not, you need to check it again.

rgdot:
Apple tech support can see passwords?  :huh: Whatever happened to 'we can only send password reset link', etc?

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version