Apple Support Gives Hacker Access to Blogger's iCloud

Status
Not open for further replies.

Netherscourge

Distinguished
May 26, 2009
390
0
18,780
Hacker: Hi, I forgot my password. Please tell me?

Apple CS: Sure, you just have to answer a security question.

Hacker: Ok, what is it?

Apple CS: What year is it?

Hacker: um.... 2012?

Apple CS: Ok. Here ya go! ______ Is there anything else we can do for you today Mr. Honan?

Hacker: Nope. I'm good. Thanks!

Apple CS: Thank you and have a nice day!

Hacker: Oh, I will. MWAAA HA HA HA HA HA HA!

Apple CS: Goodbye!
 

hoofhearted

Distinguished
Apr 9, 2004
1,020
0
19,280
How is it that this hacker remote wiped his iPhone, iPad, and Mac? (local devices with local storage) Or is this another advantage of cloud computing?
 

ixxbobafettxxi

Honorable
Aug 6, 2012
2
0
10,510
[citation][nom]hoofhearted[/nom]How is it that this hacker remote wiped his iPhone, iPad, and Mac? (local devices with local storage) Or is this another advantage of cloud computing?[/citation]
icloud
 

Khimera2000

Distinguished
Jul 16, 2009
324
0
18,780
Apple has never put enough emphasis on security. I remember a time not to long ago when they wouldn't reveal any details on breaches to there OS, no matter how bad (they did push out a fix incognito). A company with history of keeping there customers in the dark would probably have other issues with security, shame it was something like this.

at least that's my take.
 

molo9000

Distinguished
Aug 14, 2010
646
0
18,990
[citation][nom]hoofhearted[/nom]How is it that this hacker remote wiped his iPhone, iPad, and Mac? (local devices with local storage) Or is this another advantage of cloud computing?[/citation]

It's an iCloud feature meant to be used on stolen iPhones/iPads/Macs. Most users don't activate it, because they don't find out about this feature until after their device was stolen.
This guy actually activated it and karma bit him in the ass.
 
G

Guest

Guest
Lots of ignorant haters coming out and hating for no reason. The guy was the victim of a social engineering attack; this "vulnerability" had nothing to do with the hardware platform.

It's really not that hard to crack people's security questions if they have a reasonable online footprint. You Android trolls need to get over yourselves and quit hating.

I know it's fun to root for the underdog and hate whoever is on top, but it's getting to be old and childish, and this site needs to warn or ban about half of its users over the stupid and incessant trolling.
 

ithurtswhenipee

Distinguished
Mar 6, 2010
105
0
18,680
I saw a report a few years ago that said apple was actually fairly easy to hack due to the complacency of Jobs and Company. Since Apple was comparatively insignificant in the grand computing scheme, Apple arrogantly did little in the hardening of their OS. Now that the isheep population has grown, Apple's security practices seem to have a hard time keeping up now that Apple is starting to be a larger target.
 

aracheb

Distinguished
Nov 21, 2008
275
0
18,780
[citation][nom]Netherscourge[/nom]Hacker: Hi, I forgot my password. Please tell me?Apple CS: Sure, you just have to answer a security question.Hacker: Ok, what is it?Apple CS: What year is it?Hacker: um.... 2012?Apple CS: Ok. Here ya go! ______ Is there anything else we can do for you today Mr. Honan?Hacker: Nope. I'm good. Thanks!Apple CS: Thank you and have a nice day!Hacker: Oh, I will. MWAAA HA HA HA HA HA HA!Apple CS: Goodbye![/citation]
lol...
hahahahahahaha funny thing.
 
I hope that people think long and hard about this considering that many can learn an important lesson. Any weak link in your security can compromise everything. Another reason why I don't keep everything online.
 

thorkle

Distinguished
Feb 12, 2010
118
0
18,680
As much as I don't support apple, this is clearly the fault of a bad tech support employee falling for a social engineering attack. They need to train their employees more diligently is all there is to it.
 

teh_chem

Honorable
Jun 20, 2012
902
0
11,010
Apple never put much of an emphasis on external security measures because they became too complacent that their wall-to-wall control could not be circumvented. But I refuse to believe that something as simple as challenging a call-in customer with account security questions is not part of their standard operating procedure. Either the tech was being lazy, or the hacker that called in knew much more about the person than we're being led to believe by this interesting article. We have yet to hear from Apple what actually transpired between the hacker and the phone support tech.
 

sstym

Distinguished
Feb 16, 2009
118
0
18,680
[citation][nom]AndroidUsersAreTROLLS[/nom] this site needs to warn or ban about half of its users over the stupid and incessant trolling.[/citation]

Basically you are saying people should be banned for having an opinion that is different from yours. This is eerily like Apple being Hush hush about vulnerabilities in their software (and pushing fixes in the dark), or closing forums when people complain about the bad signal on their iPhone 4 (which they are holding wrong.)

Even though the tone of some of those posts may be offensive to you, they do have a point: social engineering in this case did expose a flaw in the software platform: a unique key allowed the hacker to wreak complete havoc on that guy's hardware collection.
 

v90k

Distinguished
Jan 17, 2012
96
1
18,665
[citation][nom]AndroidUsersAreTROLLS[/nom]... this site needs to warn or ban about half of its users over the stupid and incessant trolling.[/citation]

Your username is a troll, why don't they ban you.
 
G

Guest

Guest
[citation][nom]sstym[/nom]Basically you are saying people should be banned for having an opinion that is different from yours. This is eerily like Apple being Hush hush about vulnerabilities in their software (and pushing fixes in the dark), or closing forums when people complain about the bad signal on their iPhone 4 (which they are holding wrong.)[/citation]

No. I'm saying that making comments (like yours) about Apple's hardware, alleged antenna issues etc. in a thread about a social engineering attack are completely irrelevant and borderline trolling.

We get it. You think "Apple sux lul", etc. and it is posted 300x in every post. Cool story, bro. No one is forcing you to use its stuff.

Is it really asking that much to keep the discussion on topic and intelligent, like how the internet used to be in the 90s before every moron and child had access? How using stories like this to discuss why using multiple passwords is important, discussing security practices, etc.?

Right, I forgot; it is easier to get up votes by saying "crapple sux".
 
Status
Not open for further replies.