I came across this “hack” last week and have been following it with interest. This should be a wakeup call to lots of people and a reminder to those that already try and secure their accounts.
Short Article
http://www.businessinsider.com/a-hu...o-a-wired-reporter-getting-hacked-hard-2012-8
Long article and detailed follow up by the author / victim
http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/
The author did lots of things wrong but was also let down by insecure policies of Apple and Amazon.
My favourite quote referring to a credit card was:
“The very four digits that Amazon considers unimportant enough to display in the clear on the Web are precisely the same ones that Apple considers secure enough to perform identity verification.”
I am sure most of you have had similar concerns with account security but how do we reduce the risk of being compromised by a method that is not really our fault e.g. a service provider being social engineered to reset an account password.
There are lots of us who have domain names and multiple email accounts hosted, now we could experience a whole world of pain if our hosted account was compromised!!
I was wondering what others’ thoughts on this were?
Short Article
http://www.businessinsider.com/a-hu...o-a-wired-reporter-getting-hacked-hard-2012-8
Long article and detailed follow up by the author / victim
http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/
The author did lots of things wrong but was also let down by insecure policies of Apple and Amazon.
My favourite quote referring to a credit card was:
“The very four digits that Amazon considers unimportant enough to display in the clear on the Web are precisely the same ones that Apple considers secure enough to perform identity verification.”
I am sure most of you have had similar concerns with account security but how do we reduce the risk of being compromised by a method that is not really our fault e.g. a service provider being social engineered to reset an account password.
There are lots of us who have domain names and multiple email accounts hosted, now we could experience a whole world of pain if our hosted account was compromised!!
I was wondering what others’ thoughts on this were?
