<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.32.2">
</HEAD>
<BODY>
A story that I could see coming and part of the reason why I don't participate in that type of digital life. Call me backwards but I refuse to go down the road of being that wired-in. (Proud member of the ANTI-SOCIAL NETWORKING movement!) I frankly don't need to have a digital device wired to me 24x7 and don't need to have my life plugged-in for all the world to see like that.<BR>
<BR>
Toggling rant "OFF" before I go too far.......Thanks for sharing Michael! Sending this on to my support users and students.........<BR>
<BR>
+100 on Kinney's comments!!!<BR>
<BR>
<BR>
On Tue, 2012-08-07 at 11:17 -0400, Michael H. Warfield wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE>
I'm sure a number of us are already aware of this incident. It was even
mentioned at last nights AUUG meeting about a reporter getting hacked
and wiped back to the stone age. Here's his report up on Wired from
yesterday about what happened to him. It contains a large number of
lessons for us all, users and implementers of security systems alike!
Yeah, this dude should NOT have done a whole LOT of things but...
Amazon and Apple deserve fellowship positions in the halls of shame and
stupidity for their systems. As Shakespeare once wrote "he is the idol
if idiot worshipers!" Apple and Amazon BOTH here by qualify.
<A HREF="http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/">http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/</A>
Some choice comments...
--
“You honestly can get into any email associated with apple,” Phobia
claimed in an e-mail. And while it’s work, that seems to be largely
true.
--
--
And it’s also worth noting that one wouldn’t have to call Amazon to pull
this off. Your pizza guy could do the same thing, for example. If you
have an AppleID, every time you call Pizza Hut, you’ve giving the
16-year-old on the other end of the line all he needs to take over your
entire digital life.
--
Basically... If you know the last 4 digits of the credit card number on
the account (printed on every credit card receipt you throw out) and the
billing address, you can own a person's Apple account... Sigh...
As FOR Amazon... This is just incredibly lame!
--
First you call Amazon and tell them you are the account holder, and want
to add a credit card number to the account. All you need is the name on
the account, an associated e-mail address, and the billing address.
Amazon then allows you to input a new credit card. (Wired used a bogus
credit card number from a website that generates fake card numbers that
conform with the industry’s published self-check algorithm.) Then you
hang up.
Next you call back, and tell Amazon that you’ve lost access to your
account. Upon providing a name, billing address, and the new credit card
number you gave the company on the prior call, Amazon will allow you to
add a new e-mail address to the account. From here, you go to the Amazon
website, and send a password reset to the new e-mail account. This
allows you to see all the credit cards on file for the account — not the
complete numbers, just the last four digits. But, as we know, Apple only
needs those last four digits. We asked Amazon to comment on its security
policy, but didn’t have anything to share by press time.
--
Really??? Yes the author was stupid in what he did. But this just
blows my mind on the part of those two companies!
Regards,
Mike
_______________________________________________
Ale mailing list
<A HREF="mailto:Ale@ale.org">Ale@ale.org</A>
<A HREF="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</A>
See JOBS, ANNOUNCE and SCHOOLS lists at
<A HREF="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</A>
</PRE>
</BLOCKQUOTE>
<BR>
</BODY>
</HTML>