(no subject)

Aug. 7th, 2012 10:08 pm
theweaselking: (Default)
[personal profile] theweaselking
Insanely stupid Amazon and Apple standard practices mean Apple gives away the password to any .me email account, to anyone who calls in.

Which gives the caller the ability to remotely wipe any of your Apple devices, and, in this case, because the author trusted Apple as the backup of his Google account and assumed that would be good enough, also compromised his Google account, his Twitter account, and everything else.
Flat | Top-Level Comments Only

(no subject)

Date: 2012-08-08 04:22 am (UTC)
From: [identity profile] coffeehouse.livejournal.com
and they hacked him just because they wanted his twitter handle.

This shit scares the shit out of me.

(no subject)

Date: 2012-08-08 04:42 am (UTC)
From: [identity profile] ben-raccoon.livejournal.com
Thus exemplifying every single argument against cloud computing.

(no subject)

Date: 2012-08-08 11:07 am (UTC)
From: [identity profile] dantheserene.livejournal.com
The scenario didn't include overzealous government seizure of an entire data center right down to the power strips because *a* tenant *may* have been involved in online gambling or somesuch. Can't forget that argument.

(no subject)

Date: 2012-08-08 12:01 pm (UTC)
From: [identity profile] theweaselking.livejournal.com
Or at least, the dangers of single-factor single-sign-on cloud computing managed by the desperately incompetent.

(Also: Dude seriously ran with no backups, of anything. That's not uncommon, but it IS sad.)

(no subject)

Date: 2012-08-08 01:19 pm (UTC)
From: [identity profile] glenn-3.livejournal.com
That really is incredible, isn't it? I'm next door to computer illiterate, and keep nothing of great importance on my infernal machine, and still back up frequently--and then back up the back-ups. If I know to do that...how can a guy who keeps his entire life on his computer just...not bother?

(no subject)

Date: 2012-08-08 01:57 pm (UTC)
From: [identity profile] theweaselking.livejournal.com
I got burned by losing my cellphone, once - it had gone from "a thing that I carry" to "a place where I store all the phone numbers" without me really noticing.

But that was once.

(no subject)

Date: 2012-08-08 02:13 pm (UTC)
From: [identity profile] skington.livejournal.com
The other thing to notice is that Apple consider the last four digits of your credit card as a shared secret, which is insane - the first 6 and the last 4 digits are explicitly the parts of the PAN (primary account number) that PCI regulations let you expose (http://www.pcicomplianceguide.org/pcifaqs.php#19).

(no subject)

Date: 2012-08-08 02:17 pm (UTC)
From: [identity profile] theweaselking.livejournal.com
Of course, which is why their policy is so brilliant: those are the parts they can let their first-level outsourced underpaid halftrained tech support see!

(no subject)

Date: 2012-08-08 11:50 pm (UTC)
From: [identity profile] en-ki.livejournal.com
"I don't always daisy-chain my account-recovery email addresses, but when I do, I don't put a consumer-electronics company at the root."
Flat | Top-Level Comments Only

Profile

theweaselking: (Default)theweaselking
Page generated Feb. 6th, 2026 06:18 pm