back to article Scribe's mobe, MacBook pwned after hacker 'fast-talked Apple support'

Tech journo Mat Honan has told how he helplessly watched a hacker remotely erase and lock his iPhone, iPad and MacBook after his iCloud account was hijacked. It's a cautionary tale against relying too heavily on one cloud platform. But the kicker? It's alleged that the miscreant sweet-talked an Apple support staffer and …

COMMENTS

This topic is closed for new posts.

Page:

Re: The problem with a walled garden

Are you sure you mean Tiger not Mountain Lion!

1
1
FAIL

This is why

I advise nobody I deal with to trust iCloud. They've said themselves it's not fit for enterprise, it surely has no chance of credibility in that field now.

My macbook pro gets backed up weekly to an external USB drive, and regular iPhone syncs mean at worst I lose a day or two's pictures.

And I keep account linking down to a minimum, at best my gmail pulls in other POP3 accounts.

2
0
Silver badge
Alert

Re: This is why

You need to program a forward from your other POP3 accounts, you do.

0
0

The problem isn't backing up to the cloud. It's the low paid phone monkey that gave access to his account. That combined with the security feature to remotely wipe your stuff is what caused him problems.

The remote wipe feature is really nice if you lose your hardware but that means you need to be very certain you're giving access to the right person to do that.

0
2
Silver badge
Stop

iStickMyHeadInTheSand

Anyone who entrusts their data to iCloud and allows their devices to be remote wiped after seeing story after story about MobileMeh in action and Apple IDs getting compromised is just asking for it.

Not Apple bashing, all consumer-orientated cloudy services are in their infancy and I don't know of one which authenticates with e.g. certificates instead of simple passwords (that'll get some replies proving me wrong).

0
0
Anonymous Coward

Now there's a phrase you don't hear every day...

... incontrovertibly incommoded"

2
0
Anonymous Coward

"......helplessly watched a hacker remotely erase and lock his iPhone, iPad and MacBook after his iCloud account was hijacked. It's a cautionary tale against relying too heavily on one cloud platform."

Automatic, Everywhere, not so clever after all!

1
0
WTF?

The more important question here

who the hell is Paul Ducklin and what has he done with Graham Cluley?????

4
0
Black Helicopters

[iPolice]Graham Cluely? Never heard of him.[/iPolice]

Maybe they finally caught up with him after he wrote about an actual Mac OS X virus. Some time later, Apple pulled a 2007 virus advice web page that contained no new virus advice.

0
0
Silver badge
FAIL

oh dear

if data doesn't exist in at least 3 places then it doesn't exist at all.

Even my mum knows that

3
0
Anonymous Coward

Re: oh dear

.. but that's just you explaining away the height of the pr0n magazine stack ..

1
0
Silver badge
Joke

Re: oh dear

unless its a pic of you doinking the bosses homely daughter in which case it will be resurrected constantly - usually at around annual review time :-)

0
0
WTF?

A lot of "Moral High Ground" crap here

How many people here talking about "their strict internal policys" and "should have taken a backup" are talking out of their arse?

I mean ffs, strict internal policies are only good untill they meet reality, and reality is a human being on the phone ignoreing policys to get their job done. The oldest trick in the book for getting an admins password changed is to phone up the internal it and ask them to reset it. Ive done it myself to proove how a companies "strict internal policys" are utter crap.

And backups? I personally own 5 removable hard drives for backing up my wifes web site, every time I think about doing the backup I buy another one. But I know I have only ever taken 3 out of the wrapping.

Its a chore we know we are supposed to do, and like many organistations I get employed by to perform backup audits and process checks, the one thing many of the people on this page would be up s***t creak if they ever needed to restore something.

I really hope the people laughing here are 100% certain that their own deck of cards is nice and secure.

0
1
Gold badge

Re: A lot of "Moral High Ground" crap here

I really hope the people laughing here are 100% certain that their own deck of cards is nice and secure.

I wasn't laughing, I was annoyed with someone who (as a tech hack) should know better being stupid. Apple screwed up, badly, but the author cannot blame a lack of backup on Apple - especially since he had a Mac in that collection. Getting a decent backup going on a Mac is incredibly easy with time machine, and it's even easier if you se t it up on a network mount because Time Machine will automatically resume as soon as it recognises the home network.

As for you, if you use Windows get yourself a copy of Acronis True Image Home (download from acronis.com). That's all you need, and once you made the emergency boot CD (of which I always keep a spare ISO dump on the backup disk itself) you just let it do its thing to have a full, up to date backup (also saves deciding on what to back up - just do the lot). If you do this at least weekly you should be fine - better than buying yet another external drive you'll never use.. The benefit of a full backup is that you don't spend a week digging out serial number and installing and configuring everything again - you just rebuild from scratch and get on with it.

1
0

This post has been deleted by a moderator

Devil

Re: CandleFOREX MetaTrader Programming Services

Ah, are you by any chance helping Knight Capital Group with their auto-trading scripts? Nice.

0
0

Here's my answer to any 'secret answer' / 'password reminder' questions on these sorts of things...

0gu9034n= 7b =30yperh erhg werhgp wehrgklwehrguipehrghekgdfbn.db ndb ddfjkdjdddfafg34349394tb

I then proceed to remember my actual password.

0
0
Gav
Boffin

Re: Here's my answer to any 'secret answer' / 'password reminder' questions

I'm right with you there. Unfortunately some places *additionally* ask you these questions, even after you have already logged in, if you wish to do anything particularly relating to your account or security. Like changing your existing password.

So at that point your smart answer would effectively lock you out of managing your account.. Unless you really have remembered 0gu9034n= 7b =30yperh erhg werhgp wehrgklwehrguipehrghekgdfbn.db ndb ddfjkdjdddfafg34349394tb.

The best thing to do is answer something totally unrelated to the question, and 'remember' it in a suitably encrypted password vault. But of course, that's not going to help you if the support staff can be "sweet talked" into ignoring the requirement to answer it.

1
0
Facepalm

Backup

I do my own backup, on an external HDD. I have enough problems with my *own* mistakes -- why should I let the rest of the world help make mistakes for me? No cloud, not for me.

0
0

Re: Backup

That external drive won't be of much use when your house burns down or if someone steals it.

I find it makes more sense to make up locally and then also dump data on a service like rsync.net. With three copies of something and one in a remote localtion, I'll have to be pretty unlucky to lose all of it at the same time.

0
0
Holmes

Re: when your house burns down

Therefore we have off-site storage.

Where personal, rather than commercial, situations are concerned, this can be one hdd at home, one at a friend's house. This is what I do.

(although I must confess, they are both on site at the moment, but I've got a surprise security audit lined up for myself next week...)

0
1
Trollface

Who down-votes a simple, reliable backup method?

Probably a cloud salesman, I suppose.

Well, getting a hint of a coming security audit, I sent my disk offsite today.

I'm not a professional any longer. What I do is ample for a personal system --- and it doesn't rely on the stinking cloud!

(Or the internet connection to it, which has been damned unreliable here, for the past six weeks, and not available at all for days on end)

0
0
Bronze badge

It makes rain so it must be a...

Apple, Microsoft, and Amazon are data centers. They are not a cloud. The cloud is when your computer has full access to the systems of your choice. The cloud would be you, your family, and a few friends having online storage in their homes that you share with each other. There's nothing technically new or difficult about software to aggregate multiple systems into one robust virtual device. The problem is that ISPs have money making monopolies/duopolies that must be protected with tight customer usage controls. You don't get a static IP address, you aren't allowed to run servers, and anything that doesn't make the ISP money gets throttled. As long as ISPs don't allow it, nobody is going to create the software for it either.

2
3
xyz

Re: It makes rain so it must be a...

..ah, a BT customer writes

0
2
Anonymous Coward

Re: It makes rain so it must be a...

You mean...

The "cloud" providers just borrowed a word that has been on every network diagram that includes the internet, and turned it into a proprietory product? Or should I say "stole?"

0
0
Silver badge
Coat

Has to be said

One bad Apple spoils the bunch.

0
0
WTF?

is there any proof to this?

so some journo who is probably is looking to spice up an article (career) has been targeted for hacking, with the entry method being social engineering access to his iCloud account through apple support.

All sounds plausible, but it aint true until its been verified / validated that that is what (could of) happened. Come on el reg, dig deep and prove to us this is a legitimate story. What bad apple policies make this plausible. What could apple do to mitigate these issues.

actually whilst at it, could you do an article as to why some people are whipped into a frenzy at any opportunity to bash apple? i don't get it.

0
2
Bronze badge

Devices with that level of built in remote access...

Any equipment that has a built in method for the company who made to go into it and wipe your data remotely is not equipment I want to own. That kind of access existing in the device holding your data is wrong.

1
0
Thumb Down

backups...

There is always risk. Fire is a big one - even if you have a week-old HD in a fire-proof, is it really fire-proof? Will it really read after a couple of hours of cooking, then marinating in the water used to try to put the fire out? Offsite mirroring of some sort - Mozy, Memopal, Carbonite, iCloud - helps with this, but yes, you can't rely on it either. Even without fire, I once came to work (small consulting company) and the building was surrounded with yellow tape - crime scene, no access for a week. All the computers were stolen, from all the businesses in the building. Fortunately we had some old 386 and 486 machines as file servers and the thieves knew they weren't valuable and left them. So we had the current source trees and archives for most of our projects - but we did lose a lot.

0
0

Page:

This topic is closed for new posts.

Forums