Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

The Biggest Cloud Computing Security Risk Is Impossible to Eliminate

Anatomy of a Successful Personal Hack

How did a hacker help expose holes in cloud security at Apple and Amazon? By doing some basic research and making some calls. If your end users carry iOS devices, read on.

More Insights


More >>

White Papers

More >>


More >>

According to Mat Honan's detailed discussion of his pwnage, he wasn't targeted for his connection with Gizmodo or Wired or anything he wrote online.

A hacker calling him/herself "Phobia" (whom Honan interviewed via email and Twitter DM) sparked on Honan because of his ultra-short Twitter handle: @mat.

Phobia's goal was always to crack Honan's Twitter account, but doing so meant starting with bigger fish and working gradually toward details that would allow the Twitter account to be cracked.

Apple's record of the attack starts at 4:33 Aug. 3 with a call from "Honan" complaining he was shut out of an email account on Apple's iCloud service.

The actual attack started earlier, when "Phobia" followed a link on Honan's public Twitter profile to his personal webpage, where they found his Gmail address, which, he/she assumed, was the email linked to his Twitter account.

Off Phobia went to the Gmail password-recovery page, which offered not only Honan's Gmail handle, but also most of the backup address he listed for account recovery--m****n@me.com.

That told Phobia Honan had an iCloud account and an AppleID that would probably have access to all his other Apple devices or accounts.

"'You honestly can get into any email associated with apple,' Phobia claimed in an e-mail," Honan wrote in his explanation. "And while it’s work, that seems to be largely true."

To get into his Twitter account, Phobia needed Honan's Gmail password; to get the Gmail password Phobia needed access to either the Gmail account, or the password-recovery account, which could also log in to Honan's Gmail.

Getting the AppleID was a little more complicated, but required only the last four digits of Honan's credit card and his street address. Phobia got the street address by running a whois search on Honan's personal webpage but could have done a five-minute Google search and come up with the same result, as is the case for most Americans.

The credit-card information sometimes comes up in Google Searches, but it didn't in Honan's case. Phobia got that by scamming Amazon--the giant retail service, not AWS, the cloud service. Phobia phoned Amazon, asking to add a credit card to the account, then giving a bogus number and new email address. The bogus email allowed Phobia to go to Amazon's password-recovery page and send a temp password to the fake account.

Honan and Wired ran the same scam, to see if it worked. It did, twice--it took a few minutes each time.

Amazon's temp password let Phobia log in to Amazon, read Honan's credit-card information, then use the credit card and confirmed-by-Amazon street address to confirm ownership of Honan's iCloud account during a phone call to Apple tech support.

AppleCare responded by sending a temporary password; Phobia used the temp password to change the password to the AppleID account, locking Honan out and gaining control of Honan's iCloud account and access to all the accounts to which it was linked.

"It’s also worth noting that one wouldn’t have to call Amazon to pull this off. Your pizza guy could do the same thing, for example," Honan wrote. "If you have an AppleID, every time you call Pizza Hut, you’ve giving the 16-year-old on the other end of the line all he needs to take over your entire digital life."--K.F.

Page: « Previous Page | 123 4  

Related Reading

Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

Research and Reports

Network Computing: April 2013

TechWeb Careers