| News | Features | Interviews |
| Blog | Contact | Editorials |
| The dangers of a monoculture |
| By Thom Holwerda on 2012-08-06 11:12:21 |
| Mat Honan got hacked, and lost all the data on his MacBook, iPad, and iPhone. How? Somebody broke into his iCloud account. Brute force attack? Simple password? No, not really - the hacker called Apple tech support, and convinced the person on the phone he was really Mat Honan. Apple then reset the iCloud password. The dangers of a monoculture, kids. Even Steve Wozniak has doubts about everything going into the cloud. |
|
| RE: No Cloud for me thanks. |
| By Lennie on 2012-08-06 13:21:56 |
|
I have no problems with the cloud, but I have very clear lines about what I want to put in the cloud. Public data, can be stored in the cloud just fine. It's just like any webhosting service really. Private data: like backups or syncing bookmarks and other browser settings get encrypted before they are stored in the cloud. So for backup that means: duplicity/duplicati/deja-du p For bookmarks, etc. it means: Firefox, which does encryption by default. And I will also not use Facebook or similair to create an account on an other website for registering/logging in. OpenID and BrowserID al ready solve that problem. |
 - Score: 3 |
| RE: No Cloud for me thanks. |
| By kaiwai on 2012-08-06 13:53:03 |
|
> As a firm believer in security of personal data, I prefer to have my data handled by native applications with regular backup schemes. No way I am giving personal/business information to third parties, regardless what their terms of service state. There is a reason why Apple doesn't allow synchronising of Keychain into the cloud but you'd be surprised at the number of Mac users who demand something that would make them incredibly vulnerable. I think the greater question that needs to be asked is why don't people have multiple passwords for different things? I have an entirely different password than for example the one I used for my banking when compared to one I have for for my Paypal - why do people insist on putting all their eggs into one basket? |
| - Score: 3 |
| RE: iCloud |
| By CapEnt on 2012-08-06 13:55:03 |
|
The problem here is not about laziness, to a extent. It is about to have several distinct services chained around a single authentication account provided by a company that don't properly secure their customer's password. Mat Honan don't loose only his files in iCloud, but also: - got his twitter compromised. - his Google Account deleted (together with his Google Voice phone number, effectively cutting him out from the world). - all his Apple devices began also forbidding access even to their basic functionality due to their Apple's account password and PIN cross-device sync. - and the worse of all: all their personal devices from Apple was remotely wiped too using the Apple's anti-theft service. |
| - Score: 4 |
| RE[4]: oh, FFS... |
| By moondevil on 2012-08-06 14:10:13 |
|
> But what a Google password? How many services does Google have? All accessible with one login/password. That is why the only things I use from Google are the minimum ones required to develop for Android. I even deleted all my Picasa albums the minute G+ asked me for permission to access them. Right away I decided to delete them instead and forget about G+. |
| - Score: 2 |
| RE: oh, FFS... |
| By Thom_Holwerda on 2012-08-06 14:12:21 |
|
> what exactly is the "monoculture" danger here? * iPhone, iPad, MacBook Air, iCloud. All his computing devices rendered useless because he relied on a monoculture. I have Windows, Linux, Android phone/tablet, and a separate, independent cloud backup solution (which is encrypted and only I know the password - not even the provider itself knows my password; if I lose it, I can't access my data anymore since its encrypted). No monoculture, hence, no danger is me being knocked out because my monoculture gets knocked out. This is not rocket science. Edited 2012-08-06 14:14 UTC |
| - Score: 5 |
| RE[2]: oh, FFS... |
| By maccouch on 2012-08-06 14:44:49 |
|
> > what exactly is the "monoculture" danger here? * iPhone, iPad, MacBook Air, iCloud. All his computing devices rendered useless because he relied on a monoculture. I have Windows, Linux, Android phone/tablet, and a separate, independent cloud backup solution (which is encrypted and only I know the password - not even the provider itself knows my password; if I lose it, I can't access my data anymore since its encrypted). No monoculture, hence, no danger is me being knocked out because my monoculture gets knocked out. This is not rocket science. Aparrently it is... Correlation does not mean causality. lets say you would use androidlost (http://androidlost.com) on your android phone, lojack (http://www.absolute.com/lojackfo...) for your windows laptop, and prey on your linux laptop (https://panel.preyproject.com/for...). In all of them you activate the remote wipe feature. In all of them you've got a nice "i forgot my password" webpage that allows you to resend a reset request for your email. But your email accounts, all of them, were hacked. so what now? how has your avoidance of "monoculture" stopped it? the question here is not the reliance on apple's system. the question is that we've chainlinked all of our email accounts and webservices in to either a something of a pyramid or, in some times, an endless loop of accounts. And if a sufficiently high weak link can be broken by social engineering, you're royally screwed. Specially if, like this guy, you activate remote wipe without even considering doing local backups. On that issue alone i find serious problems feeling sorry for him. that's doubly dumb and whining shouldn't be allowed here. you can join apple or google or microsoft monoculture as much as you want. just either don't give them the power to wipe everything (i would say phone wipe is ok, but laptop is better served with encryption) or do backups! |
| - Score: 1 |
| RE[3]: oh, FFS... |
| By Thom_Holwerda on 2012-08-06 14:51:09 |
| He lost all his data because all his machines were Apple and his cloud provider was Apple. He relied on a monoculture, and everything was lost. You seem to think I'm blaming Apple (your favourite company), which I'm not - I'm blaming the guy for being stupid enough to have only Apple devices and Apple software. Had he had a Windows laptop, an Android phone, and an iPad, this would have NEVER happened. |
| - Score: 2 |
| RE[4]: oh, FFS... |
| By maccouch on 2012-08-06 14:59:19 |
|
sigh.... Thom, he lost his data because he installed "remotely wipe" solutions on his devices that were linked to one of his mail accounts. i've just shown you that you can install similar applications on other OSes and devices and they all behave the same and they all are linked to your webmail. Apple's fault here is the original reset of his password. That's dumb. i'm not sure if they could have avoided it, considering the kind of safety features for this kind of systems (i can't stop bitching about "what' my pet name" questions). But apart from that Apple is as guilty as any other provider of the same services. which is none. they did what they were asked by what they believed was the user. Remotely wipe solutions are solutions for protecting the data in your physical computer from getting in the hands of thieves. they are not designed to prevent you loosing access to your webmail accounts. ----- and just for the record, Mac OS X is currently my favourite system. Apple is just the company that does it. I find less fault in their computer systems than with other vendors, but i sure hell don't trust them or "like" them nor are they my "favourite company". they provide me with what i want. for now. the way things are going not sure if that will last for a long time. |
| - Score: 1 |
| RE[4]: oh, FFS... |
| By maccouch on 2012-08-06 15:49:09 |
|
i've just realized that there might another misinformation that doesn't help in our discussion. You do realize that you can have mac devices without using icloud, and you can use some features of icloud but not use/allow the remote wipe right? the use of the icloud data wipe, where's my phone and storage of encryption keys by apple are all the user option, and you don't have to use them to use the rest of the features/software. it was this particular user decision to activate them. he didn't have to. they didn't came enabled by deafult, apple asks you if you want to do that. i didn't. he apparently did. |
| - Score: 1 |
| RE[2]: No Cloud for me thanks. |
| By Neolander on 2012-08-06 15:57:15 |
|
I'd hazard the guess that it's hard for people to find and remember several robust passwords. That's the main reason why I used no more than 3 distinct passwords on the web before I got around coding a password generator and manager that suits my taste with the help of Alfman. |
| - Score: 3 |
| News | Features | Interviews |
| Blog | Contact | Editorials |