backtop

Print 18 comment(s) - last by Sal24.. on Aug 9 at 2:41 PM
Both responded to the hack by making changes to how users update account information and reset passwords

After journalist Mat Honan had his accounts hacked earlier this week due to Apple and Amazon's respective security flaws, the two tech giants have changed (or started to change) their policies.

Earlier this week, Honan found that someone had hacked into his Gmail, Twitter, Amazon and Apple iCloud accounts. That someone was a 19-year-old referred to as "Phobia" (along with an unknown accomplice), and they were able to do this through security loopholes in both Apple and Amazon's systems.
 
Just yesterday, the Wired crew discovered that Amazon had quietly changed its privacy policies in wake of what happened. Users are no longer allowed to add new credit cards or change any other account settings over the phone.

That same day, Wired journalists contacted Apple customer care to see if they could replicate what the hackers did to Honan. As it turns out, Apple has frozen AppleID password resets over the phone. It's not clear if this is a temporary freeze just while Apple figures out a new security policy, or if it's a permanent move.

Events like this are enough to scare those with any significant online presence to take extra precautions with security. As Honan reported in his Wired piece, he likely wouldn’t have been hacked to such disastrous results had he enabled Google’s 2-Step verification for his account.
 
Facebook offers a similar feature to help lockdown your account.

Sources: Wired [1], [2]


Comments     Threshold


now DailyTech needs to follow suit
By kleinma on 8/8/12, Rating: 0
RE: now DailyTech needs to follow suit
By JasonMick (blog) on 8/8/2012 2:59:59 PM , Rating: 2
quote:
What's the deal dailytech???
That's crazy...

Are you sure you typed the URL right?

Can you try to verify this via a bookmark?

In other words, if you type dailytevk.com ('v' being next to 'c') we may not own that domain and some malicious website may have camped there, given the similarity. Of course, you can report such websites to me and I'll funnel that along to our tech/PR folks to try to send out a takedown notice.

My contact info is available under the articles I write, please let me know some more details and I can look into this for you... this shouldn't be happening EVER.


RE: now DailyTech needs to follow suit
By sigmatau on 8/8/2012 7:50:31 PM , Rating: 2
It's Java I do believe. If your antivirus can't catch it after a scan, download MS Security Essentials, it cleaned it off my laptop. I do believe it popped up also while on this website.

It's a Rogue:JS/FakePAV with Severe alert. Trojan.

Check your Java also.


By sigmatau on 8/8/2012 7:54:37 PM , Rating: 2
Oh, and run all updates for Windows.


By kleinma on 8/9/2012 2:20:38 PM , Rating: 2
I was not able to find your contact info on your last few recent articles. Unless I am missing something.


By Sal24 on 8/9/2012 2:41:39 PM , Rating: 2
I can confirm I've had this happen to me. I'm an IT professional and fully aware of what these type of things look like. I keep a fully patched Win7, MSE, and refuse to install java for security reasons. I also don't use adblock.
I was re-directed to a site trying to tell me I was infected, the kind of virus that requires user intervention to install it. You can naviagate away from the page and not get a virus. If it happens again I'll snap a screen shot, but its only happened once. I like DailyTech and this is not an anti-DailyTech thing. Just confirming that kleinma is not out of his mind.


RE: now DailyTech needs to follow suit
By Rukkian on 8/8/2012 3:46:21 PM , Rating: 2
I would guess you have an infection on your pc, and it is has nothing to do with Daily Tech. I get support calls for stuff like this all the time.


RE: now DailyTech needs to follow suit
By JasonMick (blog) on 8/8/2012 5:57:30 PM , Rating: 2
quote:
I would guess you have an infection on your pc, and it is has nothing to do with Daily Tech. I get support calls for stuff like this all the time.
Yup, that's another possibility -- if his computer was infected, it could be injecting foreign code into his browser for any of his most visited sites. Nothing we could do in that case, other than suggest a system restore or some TLC. :)


RE: now DailyTech needs to follow suit
By kleinma on 8/9/2012 2:16:00 PM , Rating: 2
I do this stuff for a living. I don't have an infection and my buddy verified it happened to him as well. This is a redirect happening on dailytech (I am not typing anythign wrong. it can happen when I am already on the site and click a link).

I am sure it is not YOU dailytech, but it is an ad you are serving up. I see it all the time on legit websites.

I will try to get more info to you Jason, but I already emailed off to Kristopher Kubicki via the about us page, and I think I sent one to Brandon as well.


By kleinma on 8/9/2012 2:17:32 PM , Rating: 2
Oh and it is not java, because I don't have java installed on my machine. It is likely a flash based app. It redirects to some shady website that tells you that you are infected, then presents you with a screen that is a screenshot of a Microsoft Security Essentials window saying you have an infection. Clicking on it serves you up a setup.exe which of course is a virus. So I have been infected from your site, but that is only because I know better.


RE: now DailyTech needs to follow suit
By Reclaimer77 on 8/8/2012 6:59:59 PM , Rating: 1
You're infected. Trust me I come here way more than you, and I'm never redirected. Honestly the thought never crossed your mind? Hello! Reputable sites rarely if ever redirect your browser.

You better fire up the Malwarebytes Anti-Malware, the Security Essentials, something, and start scanning dude.


By kleinma on 8/9/2012 2:23:19 PM , Rating: 2
Nope. It is the site (well an ad in the site) It only happens on dailytech, it happens on multiple PCs, and my buddy didn't believe me either and then I got a message from him yesterday "Dailytech finally redirected me to a virus site".

We might not agree on just about everything, but I am 1000% certain here that it is the dailytech site and 99.999% sure it is coming through an ad (since I trust the site in general). I do this stuff for a living, and I have seen just about every virus under the sun, although no one has brought me a flame or stuxnet infected machine yet ;)


By kleinma on 8/9/2012 2:25:51 PM , Rating: 2
Do you happen to use adblock or something? That would explain a lack of it happening to you.


Power of the media
By rrburton on 8/8/2012 12:27:08 PM , Rating: 4
Would the companies have done anything so quickly if it had been just some joe schmoe like you or I?




RE: Power of the media
By lightfoot on 8/8/2012 12:45:19 PM , Rating: 3
Every company, not just Apple and Amazon, should be reviewing their security policies after this incident. I'm sure that there are far worse offenders out there than either Apple or Amazon.


RE: Power of the media
By Motoman on 8/8/2012 12:50:27 PM , Rating: 2
The question isn't really about the fact the guy was a journalist...it's about how much publicity it got.

If the hack had gotten no publicity, they wouldn't have cared.


RE: Power of the media
By MadMan007 on 8/8/2012 12:52:02 PM , Rating: 2
IT got a lot of publicity, or more than it would have otherwise, because he was a journalist.


RE: Power of the media
By Motoman on 8/8/2012 12:57:16 PM , Rating: 2
Nah. It's a good story and just needed to make it's way to the media. Plenty of such stories have gotten all over the media after having happened to average schmucks instead of VIPs or industry insiders.


"It looks like the iPhone 4 might be their Vista, and I'm okay with that." -- Microsoft COO Kevin Turner











botimage
Copyright 2012 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki