[Discuss] Another tale of social engineering
Tom Metro
tmetro+blu at gmail.com
Wed Aug 8 01:21:21 EDT 2012
Once again, humans are the weakest link, and keeping your stuff in the
cloud only increases your exposure to that.
Amazon Quietly Closes Security Hole After Journalist's Devastating Hack
http://www.wired.com/gadgetlab/2012/08/amazon-changes-policy-wont-add-new-credit-cards-to-accounts-over-the-phone/
Amazon changed its customer privacy policies on Monday, closing
security gaps that were exploited in the identity hacking of Wired
reporter Mat Honan on Friday.
[...]
The security gap was used by hackers...to gain access to Honan's
Amazon account on Friday. Once Phobia and another hacker gained access
to Honan's Amazon account, they were able to view the last four digits
of a credit card linked to the account.
The hackers then used those four digits to trick Apple customer
service into thinking it was dealing with Honan. Apple customer
service then gave the hackers a temporary password into Honan's Apple
ID, which the hackers used to wipe his iPhone, iPad and MacBook, and
gain access to a number of email accounts as well as his Twitter
account.
This Week in Tech (http://twit.tv/show/this-week-in-tech/365)
interviewed Mat Honan where he gave more details on the attack.
Here's one way to slightly boost your security: create a dedicated email
account for password recovery, and never use that address in public.
-Tom
--
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/
More information about the Discuss
mailing list