[Infowarrior] - Dangers of the cloud...
Richard Forno
rforno at infowarrior.org
Sat Aug 4 12:04:41 CDT 2012
The Cloud(tm) has its uses and conveniences, obviously. The key thing is to remember that there are trade-offs that go along with that, and how much risk are you willing to accept? --rick
http://www.emptyage.com/post/28679875595/yes-i-was-hacked-hard
Yes, I was hacked. Hard.
So maybe you saw my Twitter going nuts tonight. Or you saw Gizmodo’s Twitter account blow up. Or you saw this in AllThingsD. Or this in the DailyDot. Although embarrassing, Twitter was the least of it. In short, someone gained entry to my iCloud account, used it to remote wipe all of my devices, and get entry into other accounts too.
Here’s what happened:
At 4:50 PM, someone got into my iCloud account, reset the password and sent the confirmation message about the reset to the trash. My password was a 7 digit alphanumeric that I didn’t use elsewhere. When I set it up, years and years ago, that seemed pretty secure at the time. But it’s not. Especially given that I’ve been using it for, well, years and years. My guess is they used brute force to get the password (see update) and then reset it to do the damage to my devices.
The backup email address on my Gmail account is that same .mac email address. At 4:52 PM, they sent a Gmail password recovery email to the .mac account. Two minutes later, an email arrived notifying me that my Google Account password had changed.
At 5:00 PM, they remote wiped my iPhone
At 5:01 PM, they remote wiped my iPad
At 5:05, they remote wiped my MacBook Air.
A few minutes after that, they took over my Twitter. Because, a long time ago, I had linked my Twitter to Gizmodo’s they were then able to gain entry to that as well.
< - big snip >
http://www.emptyage.com/post/28679875595/yes-i-was-hacked-hard
---
Just because i'm near the punchbowl doesn't mean I'm also drinking from it.
More information about the Infowarrior
mailing list