HACKING MAT HONAN                            Bill Condo // 12/12/2012Thursday, December 13, 12
WHO IS MAT HONAN?                               Senior Writer at Wired                               honan.net            ...
WHAT HAPPENED?    • Amazon.com Account              Compromised    • Apple             / iTunes Account Compromised    • G...
TIMELINE    •   4:33 p.m. Attacker calls Apple support, requests a reset without being able to answer the security questio...
FAILURES    • Amazon                accounts can be easily compromised.    • Apple             Care doesn’t enforce securi...
WHAT’S REALLY NEEDED?    • Do         you need remote wipe?    • Do         you need to store credit cards?    • Do       ...
DO: BACKUP    • Consider               both local snapshots and off-site backup options         • Time             Machine...
DO: SETUP 2ND EMAIL    •   Consider a second email, one with a        different prefix.    •   Consider second factor authe...
FOLLOWUP: AMAZON    • Amazon    updated their policy, removing the option for over-        the-phone account settings chan...
FOLLOWUP: APPLE    •   “We found that our own internal policies        were not followed completely.” - Apple    •   Apple...
MORE INFO    •   Wired: http://www.wired.com/gadgetlab/        2012/08/apple-amazon-mat-honan-hacking/    •   Security Now...
COMMENTS?                                 @mavrck                             bill@billcondo.comThursday, December 13, 12
Upcoming SlideShare
Loading in...5
×

Hacking Mat Honan

449

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
449
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Hacking Mat Honan

  1. 1. HACKING MAT HONAN Bill Condo // 12/12/2012Thursday, December 13, 12
  2. 2. WHO IS MAT HONAN? Senior Writer at Wired honan.net @matThursday, December 13, 12
  3. 3. WHAT HAPPENED? • Amazon.com Account Compromised • Apple / iTunes Account Compromised • Gmail Hacked • Mac Wiped • iPhone Wiped • Twitter Account StolenThursday, December 13, 12
  4. 4. TIMELINE • 4:33 p.m. Attacker calls Apple support, requests a reset without being able to answer the security questions. Reset email sent. Data Required: E-mail address (website, Gmail), credit card number (via Amazon), billing address (whois). • 4:50 p.m. Reset email arrives to me.com email, and sent to trash. Email then used to to set a new password. • 4:52 p.m. Gmail password reset sent to me.com email. Attacker resets Gmail password, then notice email is sent to me.com. • 5:00 p.m. iCloud’s Find My tool used to wipe Mat’s iPhone. • 5:01 p.m. iCloud’s Find My tool used to wipe Mat’s iPad. • 5:02 p.m. Twitter password reset email sent. Attacker sets a new Twitter password. • 5:05 p.m. iCloud’s Find My tool used to wipe Mat’s MacBook Pro. • 5:10 p.m. Mat calls Apple Care. • 5:12 p.m. Attacker posts to Twitter. with Mat’s account.Thursday, December 13, 12
  5. 5. FAILURES • Amazon accounts can be easily compromised. • Apple Care doesn’t enforce security questions.Thursday, December 13, 12
  6. 6. WHAT’S REALLY NEEDED? • Do you need remote wipe? • Do you need to store credit cards? • Do you need public whois info?Thursday, December 13, 12
  7. 7. DO: BACKUP • Consider both local snapshots and off-site backup options • Time Machine (Mac) or Windows Backup (PC) • Carbonite, BackBlaze, Mozy are some of the off-site options • Test / Verify BackupsThursday, December 13, 12
  8. 8. DO: SETUP 2ND EMAIL • Consider a second email, one with a different prefix. • Consider second factor authentication • Different (stronger) passwordThursday, December 13, 12
  9. 9. FOLLOWUP: AMAZON • Amazon updated their policy, removing the option for over- the-phone account settings changes (credit cards, emails, etc.)Thursday, December 13, 12
  10. 10. FOLLOWUP: APPLE • “We found that our own internal policies were not followed completely.” - Apple • Apple suspends password change requests via the phoneThursday, December 13, 12
  11. 11. MORE INFO • Wired: http://www.wired.com/gadgetlab/ 2012/08/apple-amazon-mat-honan-hacking/ • Security Now: http://twit.tv/show/security-now/364 • Wired: http://www.wired.com/gadgetlab/ 2012/11/ff-mat-honan-password-hacker/all/Thursday, December 13, 12
  12. 12. COMMENTS? @mavrck bill@billcondo.comThursday, December 13, 12
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×