[ale] Now this is just bloody frightening as all hell!

Tue Aug 7 12:50:43 EDT 2012

A story that I could see coming and part of the reason why I don't
participate in that type of digital life.  Call me backwards but I
refuse to go down the road of being that wired-in.  (Proud member of the
ANTI-SOCIAL NETWORKING movement!)  I frankly don't need to have a
digital device wired to me 24x7 and don't need to have my life
plugged-in for all the world to see like that.

Toggling rant "OFF" before I go too far.......Thanks for sharing
Michael!  Sending this on to my support users and students.........

+100 on Kinney's comments!!!

On Tue, 2012-08-07 at 11:17 -0400, Michael H. Warfield wrote:

> I'm sure a number of us are already aware of this incident.  It was even
> mentioned at last nights AUUG meeting about a reporter getting hacked
> and wiped back to the stone age.  Here's his report up on Wired from
> yesterday about what happened to him.  It contains a large number of
> lessons for us all, users and implementers of security systems alike!
> Yeah, this dude should NOT have done a whole LOT of things but...
> Amazon and Apple deserve fellowship positions in the halls of shame and
> stupidity for their systems.  As Shakespeare once wrote "he is the idol
> if idiot worshipers!"  Apple and Amazon BOTH here by qualify.
> 
> http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/
> 
> Some choice comments...
> 
> -- 
> “You honestly can get into any email associated with apple,” Phobia
> claimed in an e-mail. And while it’s work, that seems to be largely
> true.
> --
> 
> -- 
> And it’s also worth noting that one wouldn’t have to call Amazon to pull
> this off. Your pizza guy could do the same thing, for example. If you
> have an AppleID, every time you call Pizza Hut, you’ve giving the
> 16-year-old on the other end of the line all he needs to take over your
> entire digital life.
> -- 
> 
> Basically...  If you know the last 4 digits of the credit card number on
> the account (printed on every credit card receipt you throw out) and the
> billing address, you can own a person's Apple account...  Sigh...
> 
> As FOR Amazon...  This is just incredibly lame!
> 
> -- 
> First you call Amazon and tell them you are the account holder, and want
> to add a credit card number to the account. All you need is the name on
> the account, an associated e-mail address, and the billing address.
> Amazon then allows you to input a new credit card. (Wired used a bogus
> credit card number from a website that generates fake card numbers that
> conform with the industry’s published self-check algorithm.) Then you
> hang up.
> 
> Next you call back, and tell Amazon that you’ve lost access to your
> account. Upon providing a name, billing address, and the new credit card
> number you gave the company on the prior call, Amazon will allow you to
> add a new e-mail address to the account. From here, you go to the Amazon
> website, and send a password reset to the new e-mail account. This
> allows you to see all the credit cards on file for the account — not the
> complete numbers, just the last four digits. But, as we know, Apple only
> needs those last four digits. We asked Amazon to comment on its security
> policy, but didn’t have anything to share by press time.
> --
> 
> Really???  Yes the author was stupid in what he did.  But this just
> blows my mind on the part of those two companies!
> 
> Regards,
> Mike
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20120807/be514b44/attachment-0001.html 