Main Area and Open Discussion > Living Room

Hacked "hard" via the cloud.

<< < (4/4)

Stoic Joker:
I was surprised to read that the hacker "got in through Apple tech support and some clever social engineering that let them bypass security questions."  Huh? -cyberdiva (August 05, 2012, 08:29 AM)
--- End quote ---

Why? That is quite literally the oldest trick in the book. Scam artists have been using pieces of info to validate claims about one person to fool another since the beginning of time. A casual 5 minute conversation with anyone will glean enough info to do a google search for the rest of the details to answer security questions. ...And with folks putting their life story on FaceBook...the first two steps are academic.
-Stoic Joker (August 05, 2012, 09:34 AM)
--- End quote ---
Well, I guess I was assuming that other people are as cautious/paranoid as I am.  I put next-to-no personal info on Facebook and don't use security questions that can be answered via a Google search.  At least, I don't think I do.  :o   I do tend to be more truthful when I deal with tech support, but I frankly can't imagine someone knowing enough about me to be able to get personal info about me from tech support.  -cyberdiva (August 05, 2012, 11:58 AM)
--- End quote ---

^ Hah... I'm with you.  When they give you a limited number of questions to choose from, I usually use a totally unrelated answer that I've related somehow to that question in my mind.-wraith808 (August 05, 2012, 12:04 PM)
--- End quote ---

Hay, I'm with you 1000%, I also use a fictitious history ... But... We. Ain't. "Normal"... Sheeple OTOH ...  :wallbash: ...Please don't make me say it... :)

SeraphimLabs:
Just one more reason not to trust your data to anything that you can't fit in a bank's safe deposit box. And even then, better have at least 3 discrete devices with the same dataset if it is anything you can't replace.

I know I put one over on a lawyer using the triplicate backup approach. Had a sensitive file with case damaging contents stored on a server in a colocation facility. Though I can't prove who did it, I have a good reason to believe that the opposing lawyer hired someone to DDoS that server to oblivion, in an attempt to keep that file from reaching court and damaging their case.

Unfortunately for them, I had 3 copies of it- the remote, the original on my old laptop, and a third copy on a memory stick in my wallet.

Needless to say the look on the lawyer's face when that file successfully reached the courtroom and was entered as evidence. And I didn't even invoke the third copy, the copy that was entered into evidence was actually sourced from the original file on the laptop that had encoded it. It proved to be far more useful than I thought, completely blowing the opposition out of the water.

But that's where good practice triumphs over shady business. Always, always always if it is important enough that you can't remake it or download it easily, maintain at least 3 current copies of it stored separately.

And this whole hacked via the cloud thing? It certainly took long enough. I expected stuff like this to start happening last year when Cloud became the latest big thing in IT. It's going to be a long time before I put anything in the cloud, and even then they'll be individually encrypted with the key something I would carry on me at all times.

Navigation

[0] Message Index

[*] Previous page