SalemNews.com, Salem, MA

Business

August 12, 2012

Slate: 4 steps to avoid getting hacked

(Continued)

Billing addresses are easy to find online, and credit card numbers are only slightly more difficult to come by. The hacker had both bits of data on Honan. He'd found the billing address by looking up the registration of Honan's personal website, and he'd gotten the credit card number by calling the support line of another tech behemoth, Amazon. The hacker had asked Amazon to place his — the hacker's — email address on Honan's account, which Amazon happily did. Then the hacker issued a forgotten password request on Amazon's website — this sent a link to the hacker's email, allowing him to change Honan's password and get full access to his Amazon account, including the ability to see the last four digits of his credit card.

Bingo! Now the hacker could get into Honan's Apple account, which allowed him to delete everything connected to Honan's iCloud profile (his iPad, iPhone and Mac). Because Honan had set his Apple account as his Google account's alternate address, the hacker only had to issue another forgotten-password request for Honan's Gmail to fall, too.

This is a sorry tale. There were lots of lapses here — relatively small ones by Honan (he hadn't backed up his data), and huge, glaring, scary ones by Apple and Amazon. But if you examine this epic hack, you'll find a few simple lessons.

Here are the four things users and companies could do immediately to reduce these kinds of attacks:

1) Everyone should turn on two-factor authentication now.

To get into most online accounts, you only need to dig up a single piece of data — a password. (The username on many services — including email accounts, Twitter, and Facebook — is your public handle, available to everyone.)

There was a time when passwords were enough (and you should follow my advice on how to create very strong, easy to remember passwords: http://slate.me/NPHd3h). But now we've all got so many online accounts protecting so much valuable information that we need something in addition to passwords.

Text Only | Photo Reprints
Business

AP Video
AP Review: Amazon Fire Adds Spark to Smartphones All Aboard! LIRR Strike Averted Microsoft to Cut Up to 18,000 Jobs Time Warner Rejects Murdoch's Takeover Bid Yellen Says Economy Still Needs Fed Support Cleveland Expects Economic Boom From Lebron Justice Dept. Fines Citigroup $7 Billion Justice Dept. Fines Citigroup $7 Billion Downside of Low Mortgage Rates? Less Selling Cupcake Shop Crumbs Shuttering All Its Stores San Francisco Prepares for Soda Battle Dow Breaks Record 17,000 GM Crash Compensation Could Top $1 Billion GM Won't Limit Crash Compensation Funds Justices Rule for Broadcasters in Aereo Fight
NDN Video
Justin Bieber In Calvin Klein Underwear Shoot Samsung Pre-Trolls The IPhone 6 With New Ad Jimmy Kimmel Introduces His Baby Girl Swim Daily, Nina Agdal in the Cook Islands Guilty Dog Apologizes to Baby for Stealing Her Toy Prince George Turns 1 and is Already a Trendsetter Train Collides With Semi Truck Carrying Lighter Fluid Kanye West Tells-All on Wedding in "GQ" Interview Tony Dungy Weighs in on Michael Sam Scarlett Johansson Set To Marry In August New Star Wars Episode XII X-Wing Revealed Obama: Putin must push separatists to aid MH17 probe Michigan inmates no longer allowed to wear orange due to 'OITNB' Adam Levine Ties the Knot Sebastian The Ibis Walks Beautiful Bride Down The Aisle | ACC Must See Moment NASA Ceremony Honors Moon Walker Neil Armstrong Faces of Souls Lost in Malaysian Plane Crash 105-year-old woman throws first pitch Man Creates Spreadsheet of Wife's Reasons for Turning Down Sex 'Weird Al' Is Wowed by Album's Success
Comments Trcker