Came across a very interesting article (and a downright terrifying one if you are a part of the Apple ecosystem) about how an editor at Wired had his Gmail, Apple email, and Twitter accounts hacked and his iPhone, iPad, and MacBook all wiped due to some vulnerabilities in how his information was handled by Apple and Amazon. It’s a fascinating article (at least in my opinion, although I likely have more of a network security lean than you do) and I recommend you take a few minutes to read it when you get the chance. I will discuss a couple ideas below; reading the article is not necessary, though it will help.
The scary part about this hack is that virtually no computer knowledge was required. Most of us have this idea that hacking is some smelly, sweaty guy sitting in a dark basement pouring over lines of code looking for that one vulnerability that will get him access to thousands of credit card or social security numbers. You can maximize your chances of successfully defending your personal information from these kinds of attacks by choosing a sufficiently complicated password. Remember that every character you add to your password makes it exponentially more difficult to crack, and every different type of character (lower case letter, uppercase letter, number, symbol) makes it that much harder.
A quick aside based on the last statement, you can skip to the next paragraph if you are familiar with basic password theory. If your password consists of five lowercase letters a hacker only has to try 26^5 combinations which seems like an impressive amount (11,881,376) but is pretty much nothing to a modern computer. Adding an extra letter increases the complexity (308,915,776 combinations), but what if you simply replaced one of your characters in the original five letter password with a number? You’ve now made it so the machine has to go through 36^5 (the 26 lowercase letters plus the 10 digits 0-9) which nets 60,466,176 combinations, a 508% improvement over just five lower case letters. Thus using the full range of 26 lowercase letters, 26 uppercase letters, 10 numbers, and 15-20 or so symbols (depending on your keyboard and password rules) leads to 70+ possibilities per character and makes it that much more difficult for a computer to crack. A good password is a phrase or acronym that is uncommon but easy for you to remember and has been encoded to use both cases of letter and some numbers and symbols for good measure.
Unfortunately, historically, these passwords may be secure on an individual basis, but you still have to rely on the companies keeping them to have secure systems in place. We’ve all heard of many situations recently where a company’s password storage was hacked and people’s passwords were exposed. This article, however, exposes the other problem with assuming your information is secure; if you are being targeted, social engineering allows them to get access to your accounts with minimal computer access. And when you use the same email account across multiple platforms, exposure of that single email account can lead to multiple security failures. In the case from the article, information obtainable from Amazon was used to be able to hack an Apple account because Apple, for some reason, believes that some mildly difficult to obtain information (and the mechanism is laid out in this article) can override pre-selected security questions for identification. We are arriving at the point where having customer service available by phone is one of the greatest security risks of all, because it can be easier to trick a human into giving you access than a computer.
Weight: 229 Loss: 11 lbs – Running Yearly Mileage: 240.1 miles
Volleyball Match Record: 5-3 (13-11 Game Record)
Fitocracy Level: 23 ID: disciplev1
One Response
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.
https://xkcd.com/936/