Your SlideShare is downloading. ×
  • Like
Hacking Mat Honan
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Hacking Mat Honan

  • 411 views
Published

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
411
On SlideShare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
4
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. HACKING MAT HONAN Bill Condo // 12/12/2012Thursday, December 13, 12
  • 2. WHO IS MAT HONAN? Senior Writer at Wired honan.net @matThursday, December 13, 12
  • 3. WHAT HAPPENED? • Amazon.com Account Compromised • Apple / iTunes Account Compromised • Gmail Hacked • Mac Wiped • iPhone Wiped • Twitter Account StolenThursday, December 13, 12
  • 4. TIMELINE • 4:33 p.m. Attacker calls Apple support, requests a reset without being able to answer the security questions. Reset email sent. Data Required: E-mail address (website, Gmail), credit card number (via Amazon), billing address (whois). • 4:50 p.m. Reset email arrives to me.com email, and sent to trash. Email then used to to set a new password. • 4:52 p.m. Gmail password reset sent to me.com email. Attacker resets Gmail password, then notice email is sent to me.com. • 5:00 p.m. iCloud’s Find My tool used to wipe Mat’s iPhone. • 5:01 p.m. iCloud’s Find My tool used to wipe Mat’s iPad. • 5:02 p.m. Twitter password reset email sent. Attacker sets a new Twitter password. • 5:05 p.m. iCloud’s Find My tool used to wipe Mat’s MacBook Pro. • 5:10 p.m. Mat calls Apple Care. • 5:12 p.m. Attacker posts to Twitter. with Mat’s account.Thursday, December 13, 12
  • 5. FAILURES • Amazon accounts can be easily compromised. • Apple Care doesn’t enforce security questions.Thursday, December 13, 12
  • 6. WHAT’S REALLY NEEDED? • Do you need remote wipe? • Do you need to store credit cards? • Do you need public whois info?Thursday, December 13, 12
  • 7. DO: BACKUP • Consider both local snapshots and off-site backup options • Time Machine (Mac) or Windows Backup (PC) • Carbonite, BackBlaze, Mozy are some of the off-site options • Test / Verify BackupsThursday, December 13, 12
  • 8. DO: SETUP 2ND EMAIL • Consider a second email, one with a different prefix. • Consider second factor authentication • Different (stronger) passwordThursday, December 13, 12
  • 9. FOLLOWUP: AMAZON • Amazon updated their policy, removing the option for over- the-phone account settings changes (credit cards, emails, etc.)Thursday, December 13, 12
  • 10. FOLLOWUP: APPLE • “We found that our own internal policies were not followed completely.” - Apple • Apple suspends password change requests via the phoneThursday, December 13, 12
  • 11. MORE INFO • Wired: http://www.wired.com/gadgetlab/ 2012/08/apple-amazon-mat-honan-hacking/ • Security Now: http://twit.tv/show/security-now/364 • Wired: http://www.wired.com/gadgetlab/ 2012/11/ff-mat-honan-password-hacker/all/Thursday, December 13, 12
  • 12. COMMENTS? @mavrck bill@billcondo.comThursday, December 13, 12