GitHub/quartz
1
0
Fork 2
mirror of https://github.com/jackyzha0/quartz.git synced 2025-12-27 23:04:05 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity

vault backup: 2022-10-12 12:14:46

Browse Source
This commit is contained in:
Jet Hughes 2022-10-12 12:14:46 +13:00
parent 2c0916da1d
commit f00169f85f
1 changed files with 47 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
content/notes/ass03-security-flaws-essay.md
View File

@ -13,7 +13,54 @@ Jet Hughes 9474308
# What are the articles? # What are the articles?
## 2012 Honan Wired ## 2012 Honan Wired
[link](https://blackboard.otago.ac.nz/bbcswebdav/pid-2956926-dt-content-rid-18904224_1/xid-18904224_1)
- guy got hacked
- amazon - apple - gmail - twitter
- could have been prevented with 2fa on google
- ultimate goal twitter
- should have used backups for devices
- was his fault
- but also security flaws in apple and amazon
- final four digits shared by amazon are required by apple
- disconnect exposes flaws in tech industry
- foreshadows issues in era of cloud and connected devices
- password based systems are no longer suffice
5pm
- phone powered down
- This was irritating, but I wasnt concerned
- assumed it was a software glitch
- phone automatically backs up
- I was irritated, but not alarmed.
- the screen went gray, and asked for a four-digit PIN
- I knew something was very, very wrong.
- unplugged my router and cable modem, turned off the Mac Mini
- called AppleCare
- a call had been placed just a little more than a half an hour before my own.
- Apple rep didn't bother to tell me about the first call concerning my account
- only shared this information after I asked about it
- someone called AppleCare claiming to be me.
- reported that he couldn't get into his Me.com e-mail
- issued a temporary password
- despite the callers inability to answer security questions I had set up
- it did this after the hacker supplied only two pieces of information that anyone with an internet connection and a phone can discover.
- a password reset confirmation arrived in my inbox
- I dont really use my me.com e-mail, and rarely check i
- hackers immediately sent it to the trash.
- reset my AppleID password
- Gmail password recovery e-mail
- Google account password had changed
- reset my Twitter password.
- used iClouds “Find My” tool to remotely wipe my iPhone, iPad, Macbook
- deleted my Google account
- the attackers posted a message to my account on Twitter taking credit for the hack.
- not only had the ability to control my account, but were able to prevent me from regaining access
- those deletions were just collateral damage
## 2015 Brandom Anatomy of a Hack ## 2015 Brandom Anatomy of a Hack
[link](https://blackboard.otago.ac.nz/bbcswebdav/pid-2956926-dt-content-rid-18904225_1/xid-18904225_1)
# What do they have in common? # What do they have in common?