Skip to content
  • Home
  • Programming
  • Life / Philosophy
  • Privacy
My main homepage

The best reason to start caring about Internet security: it sucks when it happens to you

Posted on August 7, 2012 by Kjetil H

Mat Hanon experienced the worst nightmare of his digital life when he got hacked and irrevocable damages were made to his personal data.

This story reminds me of my own story of how I became more aware of security and privacy, because not long ago I was also hacked. I never fully understood how the perpetrators gained access to my e-wallet account, whether it was an inside job or a if I somehow leaked the user logins on an insecure network, but I figured out multiple weaknesses in my security routines. In that respect this was a good thing for me, believe it or not; it was a wake up-call. It all becomes real when it happens to you, and when it does it sucks.

What we can learn from this incident is a plenty, but judging from the article there also  seems to have been a flaw in the identifyment procedures over at Apple and Amazon. The worst part is that Apple customer support issued a temporary password to the hacker despite him not being able to answer the security answers. This is worse because that’s something out of our control. Hopefully Apple (and maybe other companies) gets that sorted.

Still, besides security 101 here’s some pointers in how to avoid suffering the same fate as Mat Hanon:

  • Actively try not to reveal too much personal information
    Your name, address, phonenumber and so on can be used in identity theft, but it also exposes you to more direct threats of which I’m sure you can imagine. According to the hacker in Hanon’s case he retrieved the address by WHOISing the domain name. Some domain registrants offers you a proxy solution which means they register the domain in their name and address instead of yours. Many people also broadcast (intentionally or unintentionally) their address and contact information publicly on online “phone catalogues” or on social media sites like Facebook. For “phone catalogues” I suggest checking your communications service provider, wheras for social media sites you could revise the privacy settings or delete the information all together from public view.
  • Be aware when chaining services together like iCloud and GoogleMail
    The hacker got access to Hanon’s Google Mail account using the iCloud (me.com) e-mail. As services gets more and more intertwined, we get more and more dependant on one or more key services. If that is the case then consider two-way authentication for the most dependant services. Imagine losing control over your Google account, how many services are affected? Maybe you have many apps linked to the Google account on various sites, e-mail, Google Drive etc.
  • Don’t store cards on e-commerce sites
    A key component used in the hack was the last numbers of a credit card retrieved after breaching his Amazon account. If the credit card was not stored in his Amazon account then the hacker could not have used the last four digits to breach his iCloud account through Apple’s customer service (at least I hope so).
  • Other than that I suggest everyone to use unique passwords for each different service
    Imagine if the hacker has somehow obtained Mat’s password. By using the e-mail address as login he could have breached a lot more services with a lot less effort.

Finally, his article also touches upon the backup subject which indeed is very important in this digital age. I’ll probably cover that in a later blog post.

Tweet
This entry was posted in Amazon, Apple, Google, Security and tagged age, amazon, Amazon account, Apple, broadcast, card, com, component, control, credit, customer, Drive, effort, everyone, fate, flaw, Google, Google Mail account, information, Internet security, job, login, Mat Hanon, password, phone, phonenumber, privacy, reason, something, story, support. Bookmark the permalink.
← Google phasing out iGoogle and screwing up
Apple location services you think you need enabled but you don’t →
  • RSS | Customize
  • Recent Posts

    • How to assign a ringtone to your iPhone 5 from the iTunes Store
    • MVC 2 – Model binding happens automatically for properties not fields
    • HTML/DOM attribute change events and how it can improve maintainability in your web application
    • Google API nightmare: How I fixed the “Could not load file or assembly ‘System.Net.Http.Primitives, Version=1.5.0.0 …” exception
    • How to access array elements of a VBScript class property (returning an array)
    • How to debug an infinite request/loading for an IIS website AND what my problem was
    • How to assign properties to the default ‘Content’ tab with PageTypeBuilder
    • EPiServer: Remember to set a PageName for programmatically created Pages
    • Simple helping function for managing dependencies in JavaScript
    • Possible issue when omitting semi-colons in JavaScript
    • An emotionless state (bedtime notes)
    • How to use the “multiple” attribute with wp_dropdown_pages
    • My acne is gone, have I become a happier person?
    • The illusion of encryption
    • “Hijacking” WordPress plugins
  • Categories

  • Archives

    • September 2014
    • July 2014
    • June 2014
    • February 2014
    • October 2013
    • September 2013
    • July 2013
    • June 2013
    • April 2013
    • March 2013
    • February 2013
    • January 2013
    • December 2012
    • November 2012
    • October 2012
    • September 2012
    • August 2012
    • July 2012
    • June 2012
    • May 2012
    • April 2012
    • September 2011
    • July 2011
    • June 2011
    • May 2011
    • April 2011
  •  

    album championship chance code course crucible day Death everyone everything Google hand idea information john higgins kind life mark selby moment name nbsp Open Page password Path programming reason right ronnie o sullivan root run search site Snooker snooker world championship solution something sort theory time today type value way Wordpress
  • Terms of Service - Privacy Policy

For enquiries or feedback, both positive and negative, you can reach me on e-mail: kjetil [at] kjetil-hartveit [dot] com.