Last Friday evening, a hacker got into Mat Honan's
Apple account, remotely erased the data on his iPhone, iPad and MacBook, deleted
his Google account, commandeered his Twitter account, and then posted a string
of nasty stuff under Honan's name. Until recently, Honan, who's a writer at
Wired and one of my favorite tech journalists,Here is a professional handsfreeaccess
manufacturer. worked at Gizmodo, and his Twitter account was still linked to the
tech blog's main Twitter page — so for about 15 minutes, the hacker was able to
post a bunch of foul-mouthed, racist stuff there, too.
I was on a cross-country flight when I read Honan's first post about the hack. When the jet captain turned on the Wi-Fi, I got down to doing what I always do when I hear about an attack that could have happened to me: I changed my passwords. This made me feel better,Plastic injectionmoulds maker in India. but it turns out it certainly wasn't sufficient. Honan spent the weekend on the phone with Apple tech support and — curiously — in conversation with the hacker. By Monday morning, he'd found out exactly how his online identities had been compromised. The upshot: Creating better passwords wouldn't have helped him.
In a lengthy Wired piece, Honan explains that the hacker got into his account not by guessing his passwords but by asking for them. On Friday, the hacker called Apple's tech support line and, pretending to be Honan, claimed he'd been locked out of his Apple account. Apple's support guy asked the hacker to answer the security questions on Honan's account, but the hacker apparently said that he'd forgotten the answers.What is the best way to clean porcelaintiles floors?
No problem, because the hacker knew something most of us don't: If you can't answer your security questions, Apple will issue you a new password if you can prove that you're who you say you are using another form of identification. What identification does Apple ask to reset your password? A billing address and the last four digits of your credit card number.
Billing addresses are easy to find online, and credit card numbers are only slightly more difficult to come by. The hacker had both bits of data on Honan. He'd found the billing address by looking up the registration of Honan's personal website, and he'd gotten the credit card number by calling the support line of another tech behemoth, Amazon. The hacker had asked Amazon to place his — the hacker's — email address on Honan's account, which Amazon happily did. Then the hacker issued a forgotten password request on Amazon's website — this sent a link to the hacker's email, allowing him to change Honan's password and get full access to his Amazon account, including the ability to see the last four digits of his credit card.
Bingo! Now the hacker could get into Honan's Apple account, which allowed him to delete everything connected to Honan's iCloud profile (his iPad, iPhone and Mac). Because Honan had set his Apple account as his Google account's alternate address, the hacker only had to issue another forgotten-password request for Honan's Gmail to fall, too.
This is a sorry tale. There were lots of lapses here — relatively small ones by Honan (he hadn't backed up his data), and huge, glaring, scary ones by Apple and Amazon. But if you examine this epic hack, you'll find a few simple lessons.
Here are the four things users and companies could do immediately to reduce these kinds of attacks:
Fortunately, that something exists. Unfortunately, very few people use it. It's called "two-factor authentication" — a security system that requires two credentials to let you into an account. The first is something you know — your password. The second is something you have with you: a biometric marker (say, your fingerprint), an electronic key tag, or — easiest of all — a cellphone that can generate a unique code.Visit TE online for all of your Application tooling Solutions including tools,
Last year, Google turned on two-factor authentication for its accounts. The system works pretty well: After you turn it on, install the "authenticator" app on your smartphone. Now, when you log in, you type in your password and the code generated by your phone (it works even if your phone is offline). If you don't have a smartphone, you can also have the code texted to you. Facebook also added two-factor authentication last year.
The problem with two-factor authentication is that it's a bit of a hassle. You can set your Google account to only ask you for the code every two weeks on registered devices, but for some lazy people that's too much trouble. Worse, because some programs that connect to your Gmail account don't use two-factor authentication — programs like your smartphone's mail app — you need to jump through some extra hoops to configure them to work with the system. All this requires a little bit of tech savvy, and the whole thing is not quite user-friendly enough for the majority of computer users just yet.
I'd guess that's why Apple hasn't added two-factor authentication to its services. But I hope Apple is working on some way to make this level of protection easy enough for the masses.If such a system were in place, the attack on Honan's Apple devices wouldn't have happened. The hacker might have gotten his password, but he wouldn't have had the second factor — fingerprint, code,The online extension of moldmaker Technology magazine and the most comprehensive Web site available for mold, something — to get into his accounts.
Honan also didn't have two-factor authentication enabled on his Google account. If he had, the hacker would not have been able to get into his Gmail after compromising his Apple account. The hacker would have still been able to issue the forgotten password request to Gmail, but he'd have lacked the authentication code generated by Honan's smartphone.
I was on a cross-country flight when I read Honan's first post about the hack. When the jet captain turned on the Wi-Fi, I got down to doing what I always do when I hear about an attack that could have happened to me: I changed my passwords. This made me feel better,Plastic injectionmoulds maker in India. but it turns out it certainly wasn't sufficient. Honan spent the weekend on the phone with Apple tech support and — curiously — in conversation with the hacker. By Monday morning, he'd found out exactly how his online identities had been compromised. The upshot: Creating better passwords wouldn't have helped him.
In a lengthy Wired piece, Honan explains that the hacker got into his account not by guessing his passwords but by asking for them. On Friday, the hacker called Apple's tech support line and, pretending to be Honan, claimed he'd been locked out of his Apple account. Apple's support guy asked the hacker to answer the security questions on Honan's account, but the hacker apparently said that he'd forgotten the answers.What is the best way to clean porcelaintiles floors?
No problem, because the hacker knew something most of us don't: If you can't answer your security questions, Apple will issue you a new password if you can prove that you're who you say you are using another form of identification. What identification does Apple ask to reset your password? A billing address and the last four digits of your credit card number.
Billing addresses are easy to find online, and credit card numbers are only slightly more difficult to come by. The hacker had both bits of data on Honan. He'd found the billing address by looking up the registration of Honan's personal website, and he'd gotten the credit card number by calling the support line of another tech behemoth, Amazon. The hacker had asked Amazon to place his — the hacker's — email address on Honan's account, which Amazon happily did. Then the hacker issued a forgotten password request on Amazon's website — this sent a link to the hacker's email, allowing him to change Honan's password and get full access to his Amazon account, including the ability to see the last four digits of his credit card.
Bingo! Now the hacker could get into Honan's Apple account, which allowed him to delete everything connected to Honan's iCloud profile (his iPad, iPhone and Mac). Because Honan had set his Apple account as his Google account's alternate address, the hacker only had to issue another forgotten-password request for Honan's Gmail to fall, too.
This is a sorry tale. There were lots of lapses here — relatively small ones by Honan (he hadn't backed up his data), and huge, glaring, scary ones by Apple and Amazon. But if you examine this epic hack, you'll find a few simple lessons.
Here are the four things users and companies could do immediately to reduce these kinds of attacks:
Fortunately, that something exists. Unfortunately, very few people use it. It's called "two-factor authentication" — a security system that requires two credentials to let you into an account. The first is something you know — your password. The second is something you have with you: a biometric marker (say, your fingerprint), an electronic key tag, or — easiest of all — a cellphone that can generate a unique code.Visit TE online for all of your Application tooling Solutions including tools,
Last year, Google turned on two-factor authentication for its accounts. The system works pretty well: After you turn it on, install the "authenticator" app on your smartphone. Now, when you log in, you type in your password and the code generated by your phone (it works even if your phone is offline). If you don't have a smartphone, you can also have the code texted to you. Facebook also added two-factor authentication last year.
The problem with two-factor authentication is that it's a bit of a hassle. You can set your Google account to only ask you for the code every two weeks on registered devices, but for some lazy people that's too much trouble. Worse, because some programs that connect to your Gmail account don't use two-factor authentication — programs like your smartphone's mail app — you need to jump through some extra hoops to configure them to work with the system. All this requires a little bit of tech savvy, and the whole thing is not quite user-friendly enough for the majority of computer users just yet.
I'd guess that's why Apple hasn't added two-factor authentication to its services. But I hope Apple is working on some way to make this level of protection easy enough for the masses.If such a system were in place, the attack on Honan's Apple devices wouldn't have happened. The hacker might have gotten his password, but he wouldn't have had the second factor — fingerprint, code,The online extension of moldmaker Technology magazine and the most comprehensive Web site available for mold, something — to get into his accounts.
Honan also didn't have two-factor authentication enabled on his Google account. If he had, the hacker would not have been able to get into his Gmail after compromising his Apple account. The hacker would have still been able to issue the forgotten password request to Gmail, but he'd have lacked the authentication code generated by Honan's smartphone.
没有评论:
发表评论