GitHub/quartz
1
0
Fork 2
mirror of https://github.com/jackyzha0/quartz.git synced 2025-12-27 23:04:05 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity

vault backup: 2022-10-12 12:29:46

Browse Source
This commit is contained in:
Jet Hughes 2022-10-12 12:29:46 +13:00
parent f00169f85f
commit 337eed85d9
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
content/notes/ass03-security-flaws-essay.md
View File

@ -57,7 +57,23 @@ Jet Hughes 9474308
- the attackers posted a message to my account on Twitter taking credit for the hack.
- not only had the ability to control my account, but were able to prevent me from regaining access
- those deletions were just collateral damage
- I spent an hour and a half talking to AppleCare
- Apple had been looking at the wrong account
- alternate set of questions
- a billing address and the last four digits of my credit card.
- all you need to access someones AppleID is the associated e-mail address, a credit card number, the billing address, and the last four digits of a credit card on file.
- company spokesperson Natalie Kerris told Wired, "Apple takes customer privacy seriously and requires multiple forms of verification before resetting an Apple ID password. In this particular case, the customer's data was compromised by a person who had acquired personal information about the customer. In addition, we found that our own internal policies were not followed completely. We are reviewing all of our processes for resetting account passwords to ensure our customers' data is protected."
- Wired tried to verify the hackers' access technique by performing it on a different account. We were successful
- I logged into Tumblr and posted an account of how I thought the takedown occurred
- one of my hackers @ messaged me - Phobia
- I agreed not to press charges, and in return he laid out exactly how the hack worked.
- “didnt guess ur password or use bruteforce. i have my own guide on how to secure emails.”
- why - the hack was simply a grab for my three-character Twitter handle
- take it, and fuck shit up, and watch it burn.
- My Twitter account linked to my personal website, where they found my Gmail address
- I didnt have Google's two-factor authentication turned on, when Phobia entered my Gmail address, he could view the alternate e-mail I had set up for account recovery - ****@me.com - rev
- Google partially obscures that information, starring out many characters, but there were enough characters available
## 2015 Brandom Anatomy of a Hack
[link](https://blackboard.otago.ac.nz/bbcswebdav/pid-2956926-dt-content-rid-18904225_1/xid-18904225_1)