the cloud bites back ( or cumulus security is all wet and see through )

Derek Trotter expat.arizonan at gmail.com
Mon Aug 6 23:42:15 MST 2012 

I read about this earlier today.  Long before today I decided never to 
trust anything to a cloud.  I made this decision because of all the 
accounts I've read over the years of hackers breaking into corporate 
systems and stealing passwords, credit card numbers and so on.  Also the 
recent failure of cloud services due to power failures back east 
reinforced my suspicion of "the cloud".  What good is the data to you if 
you can't get to it due to a power or equipment failure?

I've long believed it's a smart move to backup anything important you're 
going to put on a laptop or other portable device.  It's too easy for 
any of these portable devices to get lost, stolen or damaged.  I did 
read a few years ago that Google keeps a copy of mail in your gmail 
account even if you delete it.  If that's true today, Mat should be able 
to contact Google and get his mail back.

I'm no expert, but I would not suggest trusting anything to a cloud.  
Sure, encrypt your data before sending to the cloud, but also keep a 
copy where you can get to it.  If it's really important, keep a copy 
somewhere besides your home, a safe deposit box perhaps.

On 8/6/2012 22:58, der.hans wrote:
> moin moin,
>
> Wired reporter Mat Honan lost almost all of his data. It took hackers an
> hour to take over his Gmail, Amazon, Apple and Twitter accounts. Along 
> the
> way they deleted all the data on his phone, his tablet and his laptop (
> all Apple products using one stop deletion from Apple ). They also 
> deleted
> his Gmail account and all 8 years of his email.
>
> Do you allow the cloud to delete your data?
>
> Do you store email addresses and physical addresses in your contact
> list? Do those people use that same email address for banking? Online
> shopping? Social networking?
>
> Do other people store the email address you use for banking alongside 
> your physical address?
>
> See my presentation Thursday on "Online security, privacy and password
> management" for tips and tricks on how to keep this from happening to 
> you.
>
> http://PLUG.phoenix.az.us/meetings/14-east-valley-meeting/89-plug-east-meeting-for-aug-9.html 
>
>
> Oh, and make sure you have off-cloud backups of important data!
>
> Here's the longish story:
>
> http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/ 
>
>
> Below are some choice quotes:
>
> ###
> In many ways, this was all my fault. My accounts were daisy-chained
> together. Getting into Amazon let my hackers get into my Apple ID 
> account,
> which helped them get into Gmail, which gave them access to Twitter.
> ###
>
> ###
> After coming across my account, the hackers did some background
> research. My Twitter account linked to my personal website, where they
> found my Gmail address. Guessing that this was also the e-mail address
> I used for Twitter, Phobia went to Google's account recovery page. He
> didn't even have to actually attempt a recovery. This was just a recon
> mission.
> ###
>
> ###
> "You honestly can get into any email associated with apple," Phobia
> claimed in an e-mail. And while it's work, that seems to be largely
> true.
> ###
>
> ###
> First you call Amazon and tell them you are the account holder, and want
> to add a credit card number to the account. All you need is the name on
> the account, an associated e-mail address, and the billing address. 
> Amazon
> then allows you to input a new credit card. (Wired used a bogus credit
> card number from a website that generates fake card numbers that conform
> with the industry's published self-check algorithm.) Then you hang up.
> ###
>
> ### And it's also worth noting that one wouldn't have to call Amazon to
> pull this off. Your pizza guy could do the same thing, for example. If
> you have an AppleID, every time you call Pizza Hut, you've giving the
> 16-year-old on the other end of the line all he needs to take over your
> entire digital life.
> ###
>
> ### They could have used my e-mail accounts to gain access to my online
> banking, or financial services. They could have used them to contact
> other people, and socially engineer them as well. As Ed Bott pointed
> out on TWiT.tv, my years as a technology journalist have put some very
> influential people in my address book. They could have been victimized
> too.
> ###
>
> ciao,
>
> der.hans
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20120806/43931f16/attachment.html>

More information about the PLUG-discuss mailing list