diff --git a/content/notes/ass03-security-flaws-essay.md b/content/notes/ass03-security-flaws-essay.md index 7f2148e0a..da1a000b6 100644 --- a/content/notes/ass03-security-flaws-essay.md +++ b/content/notes/ass03-security-flaws-essay.md @@ -13,7 +13,54 @@ Jet Hughes 9474308 # What are the articles? ## 2012 Honan Wired +[link](https://blackboard.otago.ac.nz/bbcswebdav/pid-2956926-dt-content-rid-18904224_1/xid-18904224_1) + +- guy got hacked +- amazon - apple - gmail - twitter +- could have been prevented with 2fa on google +- ultimate goal twitter +- should have used backups for devices +- was his fault +- but also security flaws in apple and amazon + - final four digits shared by amazon are required by apple + - disconnect exposes flaws in tech industry + - foreshadows issues in era of cloud and connected devices + - password based systems are no longer suffice + +5pm +- phone powered down +- This was irritating, but I wasn’t concerned +- assumed it was a software glitch +- phone automatically backs up +- I was irritated, but not alarmed. +- the screen went gray, and asked for a four-digit PIN +- I knew something was very, very wrong. +- unplugged my router and cable modem, turned off the Mac Mini +- called AppleCare +- a call had been placed just a little more than a half an hour before my own. +- Apple rep didn't bother to tell me about the first call concerning my account +- only shared this information after I asked about it +- someone called AppleCare claiming to be me. + - reported that he couldn't get into his Me.com e-mail + - issued a temporary password + - despite the caller’s inability to answer security questions I had set up + - it did this after the hacker supplied only two pieces of information that anyone with an internet connection and a phone can discover. +- a password reset confirmation arrived in my inbox + - I don’t really use my me.com e-mail, and rarely check i + - hackers immediately sent it to the trash. + - reset my AppleID password +- Gmail password recovery e-mail + - Google account password had changed +- reset my Twitter password. +- used iCloud’s “Find My” tool to remotely wipe my iPhone, iPad, Macbook +- deleted my Google account +- the attackers posted a message to my account on Twitter taking credit for the hack. +- not only had the ability to control my account, but were able to prevent me from regaining access +- those deletions were just collateral damage + + ## 2015 Brandom Anatomy of a Hack +[link](https://blackboard.otago.ac.nz/bbcswebdav/pid-2956926-dt-content-rid-18904225_1/xid-18904225_1) # What do they have in common?