computerwoche.de

Archiv

Lessons learnt from high profile security breaches

02.10.2012
On Friday August 3 2012, Mat Honan, a reporter for Wired magazine, had his digital life erased after attackers were able to gain access to his Apple, Amazon, Gmail and Twitter accounts. Losing every photo from his daughter's life was serious enough, but the true shock came from how easy the process was. It all started with someone knowing Honan's personal domain name. From there, the escalation of steps was simple:

" Public 'whois' search: Having Honan's personal domain name yielded a billing address.

" Amazon.com: Having a billing address yields a partial credit card number.

" Apple: Having a partial credit card number yields access to an AppleID and me.com email (via password reset functionality).

" iCloud: Having an AppleID yields the ability to remotely wipe Honan's iPhone, iPad and MacBook laptop.

" Google: Having access to Honan's me.com email account yields access to his Gmail account (again via the password reset functionality).