Tuesday, August 7, 2012

Security & Hacking: Ongoing Reactions to Mat Honan's Hacking & Reporting

If you haven't hear about Mat Honan's Apple ID being Hacked, and the Hacker using that access to remote wipe Mat's iPhone, iPad, & Macbook, see Mat Honan Targeted.

The Hacker(s) used vulnerabilities in Amazon's Customer Service to gain access to Mat's account there, so they could see the last 4 digits of his credit cards.

Because those Credit Card numbers were the only thing Apple required for getting access to Apple ID account wihtout password, that you couldn't find with Google. 

The other information need to access Hack Apple account was Name, Email, and Billing address for account your were hacking.

Amazon was first to respond to this http://arstechnica.com/security/2012/08/amazon-fixes-security-flaw-hackers-used-against-wireds-mat-honan/

Followed later by Amazon http://arstechnica.com/security/2012/08/apple-freezes-over-the-phone-password-resets-in-response-to-honan-hack/

I really hope that Apple & Amazon adds two factor authentication as a result of this.

I prefer Yubikey for Two Factor Authentication, but I believe temporary password texted to cell phone is more popular form of Two Factor Authentication among most people, mainly because they don't have to buy another device.

With Cell Phone Text, you get a second, temporary Password or Pin that you have to enter in addition to your main password.

Normally these temporary Passwords are only valid for a few minutes, if you don't use it before it expires you have to request a new one.

No comments:

Post a Comment