Metal Guitarist Forums banner
Cancel

Do you use iCloud?

1453 Views 16 Replies 9 Participants Last post by  79
elq
How Apple and Amazon Security Flaws Led to My Epic Hacking | Gadget Lab | Wired.com

It turns out, a billing address and the last four digits of a credit card number are the only two pieces of information anyone needs to get into your iCloud account.
Click to expand...
Reply
Save
Like
  • Like
Reactions: 1
1 - 17 of 17 Posts
darren
And people call me paranoid for shredding EVERYTHING that has my name, address and/or partial credit card number on it.
Reply
Save
Like
7
Sensationalistic headline, but yeah it sucks. There aren't security flaws in iCloud or Amazon (well there might be, but not outlined here), there are social engineering flaws in Apple support. There's a bit of a significant difference there.

Why he tied all of his stuff together like he did is beyond me. But I doubt he's alone.
Reply
Save
Like
darren
The very four digits that Amazon considers unimportant enough to display in the clear on the Web are precisely the same ones that Apple considers secure enough to perform identity verification.‪
Click to expand...
ABSOLUTELY ridiculous.

Merchants and credit card companies need to seriously get together and establish clear standards for this kind of thing. And if they can't - or won't - then governments need to step in and standardize this sort of thing on a global basis going forward.
Reply
Save
Like
7
Reading it again, it is worse than he described it on TWiT. Basically Apple, Amazon, AND he were all social engineered. Apple and Amazon really fucked up. They need to fix that shit immediately.
Reply
Save
Like
7
Enabled two-factor authentication on both my Google accounts, as well as changed the passwords on EVERYTHING. :lol:

I hope Apple and Amazon get their shit together with this issue.
Reply
Save
Like
3
This combined with always needing an internet connection is my biggest issue with cloud based file storage.

Darren i always shred all of my stuff also. One thing that really pisses me off is discover sends me checks i never use fairly regularly and i am always dreading someone swiping them out of my mailbox and going to town....


I have oodles of passwords :( since I have worked on so many websites i have multiple ones for hosting account info, registrars, email, Google analytics, adwords, gmail, youtube, facebook, paypal, wordpress/CMS, linked in, other web apps and sites. I actually have them printed on a file and locked in my desk. Its 29 printed pages....

Google is kind of a mixed bag now - its easier to use since they merge everything to one gmail account but if someone gets access to your gmail your are pretty much boned.
Reply
Save
Like
fathead
Wow, good to know. Was just shopping a new Ipad and AppleTV for the living room practice rig. First Apple gear in the house so very useful info.
Reply
Save
Like
7
Vegetta said:
I have oodles of passwords :( since I have worked on so many websites i have multiple ones for hosting account info, registrars, email, Google analytics, adwords, gmail, youtube, facebook, paypal, wordpress/CMS, linked in, other web apps and sites. I actually have them printed on a file and locked in my desk. Its 29 printed pages....
Click to expand...
https://lastpass.com

That's the best way to go, IMO. It also works with either a Yubikey or Google Authenticator for 2-factor authentication.

Google is kind of a mixed bag now - its easier to use since they merge everything to one gmail account but if someone gets access to your gmail your are pretty much boned.
Click to expand...
That's why two-factor authentication is nice. Something you know (password), something you have (cell phone).
Reply
Save
Like
darren
Yup, just enabled two-factor authentication and set up application-specific passwords.
Reply
Save
Like
4
enabled double authentication for all my google accounts today as well, will get the wife's set up this evening. can never be too careful, I'm glad i back up my mac religiously also
Reply
Save
Like
7
drache713 said:
enabled double authentication for all my google accounts today as well, will get the wife's set up this evening. can never be too careful, I'm glad i back up my mac religiously also
Click to expand...
Turn off Find My Mac too. Unless you travel a lot with it, there's no need. If you do need it, then use the Prey app that Chris linked yesterday.
Reply
Save
Like
4
Done and done. :yesway:
Reply
Save
Like
Buzz
I use Keepass (similar to lastpass) to manage my passwords and have it set up for multi-factor authentication to get to my password list; mainly something I have (one of my thumb drives with a key file stored on it) and something I know (very strong password). Another perk of programs like these is that you never have to actually type your account passwords so that key loggers are a moot point. Even if someone picks up the "reallylongpasswordthatwilltakeyearstobruteforcebecausetheydon'tknowwhatsortofcharactersiusedwhencreatingit" they still have a long way to go before compromising my accounts--time that would be much better spent attacking a single account.

Another thing you guys should do if you're interested in being more secure with your data: Encrypt your hard drives, especially if you have ever saved any sensitive information on it. That erases almost any hope of a thief being able to recover your sensitive information you may not even remember ever having on your computer if it ever were to be stolen.

Security is always a battle of convenience and actually being secure.
See less See more
Reply
Save
Like
S
thank you for sharing these infos guys! but yeah i dont use my icloud ;/
Reply
Save
Like
1
I had turned off 2 step authentication on my google account when I had to keep getting my phone replaced because it was a pain to keep setting up. Thanks for reminding me to turn it back on :yesway:

Gotta look into one of these keypass/lastpass type deals too.
Reply
Save
Like
7
satriani08 said:
thank you for sharing these infos guys! but yeah i dont use my icloud ;/
Click to expand...
This isn't really just about iCloud though. If you've got an online presence at all, this stuff is something to worry about. Do you buy stuff online? Do online banking/credit cards? All of this stuff could be fucked if you get hacked.
Reply
Save
Like
1 - 17 of 17 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Metal Guitarist Forums
A forum community dedicated to guitar owners and enthusiasts. Come join the discussion about collections, displays, models, styles, amps, modifications, kits, reviews, accessories, classifieds, and more!
Full Forum Listing
Explore Our Forums
Guitar: Instrument Discussion General Music Discussion Guitar: Gear Discussion Art, Movies, Books, TV & Media Guitar: Tech, Electronics and DIY
Top