Be Excellent To Each Other

And, you know, party on. Dude.

All times are UTC [ DST ]




Reply to topic  [ 88 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 9:11 
User avatar

Joined: 30th Mar, 2008
Posts: 32624
http://www.wired.com/gadgetlab/2012/08/ ... cking/all/

Quote:
In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.

In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened, because their ultimate goal was always to take over my Twitter account and wreak havoc. Lulz.

Had I been regularly backing up the data on my MacBook, I wouldn’t have had to worry about losing more than a year’s worth of photos, covering the entire lifespan of my daughter, or documents and e-mails that I had stored in no other location.

Those security lapses are my fault, and I deeply, deeply regret them.

But what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s. Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.


Read the whole thing. And then ponder your own security.

http://www.wired.com/gadgetlab/2012/08/ ... cking/all/


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 9:17 
8-Bit Champion
User avatar
Two heads are better than one

Joined: 16th Apr, 2008
Posts: 14518
Doctor Glyndwr wrote:
http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/


I was going to post it on here this morning after seeing the follow up (the info yesterday was still unclear about how they actually got in) - I also wonder about these companies who are 'trusted' as a repository for everything so if for example he had his pictures backed up onto iphoto (or whatever the apple photo system was) could the people who already have control of everything just wiped those as easily ?


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 9:18 
User avatar
UltraMod

Joined: 27th Mar, 2008
Posts: 55719
Location: California
Setting up two-step auth on Gmail as we speak.

_________________
I am currently under construction.
Thank you for your patience.


Image


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 9:20 
User avatar
Honey Boo Boo

Joined: 28th Mar, 2008
Posts: 12328
Location: Tronna, Canandada
Fuuuuuuuuck.


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 9:29 
User avatar
Part physicist, part WARLORD

Joined: 2nd Apr, 2008
Posts: 13421
Location: Chester, UK
The Last Salmon Man wrote:
Setting up two-step auth on Gmail as we speak.


Everybody should be doing this. The amount of seriously sensitive data in most people's email account is staggering. It's the portal to almost everything.


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 9:34 
User avatar
UltraMod

Joined: 27th Mar, 2008
Posts: 55719
Location: California
Malabelm wrote:
The Last Salmon Man wrote:
Setting up two-step auth on Gmail as we speak.


Everybody should be doing this. The amount of seriously sensitive data in most people's email account is staggering. It's the portal to almost everything.

Very clever that it can generate app-specific passwords for programs that don't support it.

_________________
I am currently under construction.
Thank you for your patience.


Image


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 9:48 
User avatar
Excellent Member

Joined: 25th Jul, 2010
Posts: 11128
The Last Salmon Man wrote:
Setting up two-step auth on Gmail as we speak.


:this: I should've done it ages ago but it just looked like such a pain in the arse but that's no excuse I suppose. Having to create a separate password specifically for Android was a surprise and I didn't entirely understand what was going on there if I'm honest but I'll read up on it later. Hopefully Google's implementation of this will be more reliable than fucking Steam's which pretty much asks me for an authentication code every time I login to the site for some reason.


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 9:53 
User avatar
Part physicist, part WARLORD

Joined: 2nd Apr, 2008
Posts: 13421
Location: Chester, UK
The Last Salmon Man wrote:
Malabelm wrote:
The Last Salmon Man wrote:
Setting up two-step auth on Gmail as we speak.


Everybody should be doing this. The amount of seriously sensitive data in most people's email account is staggering. It's the portal to almost everything.

Very clever that it can generate app-specific passwords for programs that don't support it.


Yep. It works quite well, really. So you can revoke individual apps/sites if they ever become compromised, without giving up access to anything outside that sandbox. As long as you don't re-use the app-specific passwords anywhere, of course. Pity generating them on mobile is such a fucking chore to find.


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 9:59 
Filthy Junkie Bitch

Joined: 17th Dec, 2008
Posts: 8293
Malabelm wrote:
The Last Salmon Man wrote:
Malabelm wrote:
The Last Salmon Man wrote:
Setting up two-step auth on Gmail as we speak.


Everybody should be doing this. The amount of seriously sensitive data in most people's email account is staggering. It's the portal to almost everything.

Very clever that it can generate app-specific passwords for programs that don't support it.


Yep. It works quite well, really. So you can revoke individual apps/sites if they ever become compromised, without giving up access to anything outside that sandbox. As long as you don't re-use the app-specific passwords anywhere, of course. Pity generating them on mobile is such a fucking chore to find.

I think that they now better explain app specific passwords now, and actually link through to generate them, rather than having to dig though to discover them when needed. I've had 2 Step Auth on for over a year now, and although I sometimes tut when I have to re-authenticate, it really has been no hassle. However, there is a potential glitch if your phone breaks and you then need to re-log in, or (potentially, not thought about it) unregister your phone if it is stolen.


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 10:04 
User avatar

Joined: 30th Mar, 2008
Posts: 16641
ApplePieOfDestiny wrote:
However, there is a potential glitch if your phone breaks and you then need to re-log in, or (potentially, not thought about it) unregister your phone if it is stolen.

It gives you a set of single-use, printable codes to keep somewhere.


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 10:04 
User avatar
Part physicist, part WARLORD

Joined: 2nd Apr, 2008
Posts: 13421
Location: Chester, UK
ApplePieOfDestiny wrote:
I think that they now better explain app specific passwords now, and actually link through to generate them, rather than having to dig though to discover them when needed. I've had 2 Step Auth on for over a year now, and although I sometimes tut when I have to re-authenticate, it really has been no hassle. However, there is a potential glitch if your phone breaks and you then need to re-log in, or (potentially, not thought about it) unregister your phone if it is stolen.


I'll have a look at that. Last time, I had to dig around the Google site for ages, switching it to the desktop version and praying it didn't kick me back to mobile. It was useless.

Hah, yeah… especially awkward when I only get a phone signal when I'm next to the bedroom window upstairs. Stupid house.

I think you can set a backup email address, can't you? I can't remember.


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 10:13 
User avatar

Joined: 30th Mar, 2008
Posts: 32624
Malabelm wrote:
Hah, yeah… especially awkward when I only get a phone signal when I'm next to the bedroom window upstairs. Stupid house.
Install the Google Authenticator app for iOS, Android or Blackberry and you don't need signal.


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 10:25 
User avatar
Part physicist, part WARLORD

Joined: 2nd Apr, 2008
Posts: 13421
Location: Chester, UK
Doctor Glyndwr wrote:
Malabelm wrote:
Hah, yeah… especially awkward when I only get a phone signal when I'm next to the bedroom window upstairs. Stupid house.
Install the Google Authenticator app for iOS, Android or Blackberry and you don't need signal.


I did not know such a thing existed. Brilliant. Cheers!


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 12:11 
Excellent Member

Joined: 5th Dec, 2010
Posts: 3353
Pretty shit thing to have happened, fair play to the guy for admitting his own failings, but Apple have some issues to address.

The hackers were just a pair of wankers then was no need or nothing proved by trashing the guys photos on his MAC. Hopefully he can get some of them back via a data recovery program.

I keep stuff on the cloud, but is replicated to my own RAID storage as well.


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 12:15 
User avatar
ugvm'er at heart...

Joined: 4th Mar, 2010
Posts: 22397
Can't be arsed with the 2 step authentication, but this has at least got me to change a few passwords to be much more secure ones. (now a conjoined word string and number string)


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 12:16 
User avatar
UltraMod

Joined: 27th Mar, 2008
Posts: 55719
Location: California
Trooper wrote:
Can't be arsed with the 2 step authentication

8)

_________________
I am currently under construction.
Thank you for your patience.


Image


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 12:17 
User avatar
Part physicist, part WARLORD

Joined: 2nd Apr, 2008
Posts: 13421
Location: Chester, UK
The Last Salmon Man wrote:
Trooper wrote:
Can't be arsed with the 2 step authentication

8)


:this:

It takes a little bit of set-up, depending on how many apps need access to your Google account for any reason (not that many), but after that it isn't any hassle at all. On trusted computers, tick a box and you won't need to authenticate for 30 days. Easy.


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 12:19 
User avatar
ugvm'er at heart...

Joined: 4th Mar, 2010
Posts: 22397
The Last Salmon Man wrote:
Trooper wrote:
Can't be arsed with the 2 step authentication

8)


What? I can't :D

I have it for work and it is an utter ballache.


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 12:21 
User avatar
ugvm'er at heart...

Joined: 4th Mar, 2010
Posts: 22397
Malabelm wrote:
The Last Salmon Man wrote:
Trooper wrote:
Can't be arsed with the 2 step authentication

8)


:this:

It takes a little bit of set-up, depending on how many apps need access to your Google account for any reason (not that many), but after that it isn't any hassle at all. On trusted computers, tick a box and you won't need to authenticate for 30 days. Easy.


30 day open sessions and single passwords for all devices that use the API? You are getting the illusion of safety at the cost of annoyance.


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 12:24 
SupaMod
User avatar
Est. 1978

Joined: 27th Mar, 2008
Posts: 69725
Location: Your Mum
Trooper wrote:
Can't be arsed with the 2 step authentication, but this has at least got me to change a few passwords to be much more secure ones. (now a conjoined word string and number string)

You'll notice that in the story above they never found out his password once.

_________________
Grim... wrote:
I wish Craster had left some girls for the rest of us.


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 12:26 
User avatar
ugvm'er at heart...

Joined: 4th Mar, 2010
Posts: 22397
Oh sure, but I used this as a pointer to do something I have been meaning to do for ages :)


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 12:30 
User avatar
ugvm'er at heart...

Joined: 4th Mar, 2010
Posts: 22397
"In response, Apple issued a temporary password. It did this despite the caller’s inability to answer security questions I had set up. And it did this after the hacker supplied only two pieces of information that anyone with an internet connection and a phone can discover."

This is the thing that failed in that chain and that caused the rest, nothing any of us can really do to protect against idiotic companies and call centre agents.


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 12:45 
Excellent Member

Joined: 5th Dec, 2010
Posts: 3353
Trooper wrote:
"In response, Apple issued a temporary password. It did this despite the caller’s inability to answer security questions I had set up. And it did this after the hacker supplied only two pieces of information that anyone with an internet connection and a phone can discover."

This is the thing that failed in that chain and that caused the rest, nothing any of us can really do to protect against idiotic companies and call centre agents.


I always get the impression that Apple are a bit less focused on security than they should be, it’s always about the freedom to do what you like with their devices. This is fine and it works well, however when you start with data in the cloud security needs to be tighter.


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 13:01 
User avatar

Joined: 30th Mar, 2008
Posts: 32624
Trooper wrote:
30 day open sessions
...on computers that already authenticated. Crucially, no-one with your password can log in from any random computer on the Internet.

Quote:
and single passwords for all devices that use the API?
You mean "one password per device that uses login methods like POP and IMAP that don't support two-factor auth".


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 13:04 
User avatar
ugvm'er at heart...

Joined: 4th Mar, 2010
Posts: 22397
Doctor Glyndwr wrote:
Trooper wrote:
30 day open sessions
...on computers that already authenticated. Crucially, no-one with your password can log in from any random computer on the Internet.

Quote:
and single passwords for all devices that use the API?
You mean "one password per device that uses login methods like POP and IMAP that don't support two-factor auth".


Yes, that is what I mean.

2-step that isn't always 2-step, and isn't ever 2-step on some devices isn't the saviour of your security. Don't just turn it on and think all is well.

As mentioned in the article, the failure was a human one. It was Apple who have lax security, that is the root cause of the issue.


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 13:12 
User avatar
UltraMod

Joined: 27th Mar, 2008
Posts: 55719
Location: California
Quote:
Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened

_________________
I am currently under construction.
Thank you for your patience.


Image


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 13:12 
User avatar

Joined: 27th Mar, 2008
Posts: 14497
I already use Google's two stage process, and would recommend to all. As noted, it's only on new machines and every 30 days on authorised machines.

I also use Facebook's similar process, which requires a code for any new machine but doesn't do the 30 day thing.


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 13:16 
User avatar
ugvm'er at heart...

Joined: 4th Mar, 2010
Posts: 22397
The Last Salmon Man wrote:
Quote:
Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened


Had he not used an apple email address as his reserve account, then it definitely wouldn't have happened.
Had Apple not given out a new password without the hacker knowing the security password it definitely wouldn't have happened.


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 13:18 
User avatar

Joined: 27th Mar, 2008
Posts: 14497
Regardless, it's not going to hurt to make your Google account a bit more secure... :shrug:


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 13:19 
SupaMod
User avatar
Commander-in-Cheese

Joined: 30th Mar, 2008
Posts: 49244
WTB wrote:
Regardless, it's not going to hurt to make your Google account a bit more secure... :shrug:


He who would trade liberty for some temporary security, deserves neither liberty nor security.

Fascist.

_________________
GoddessJasmine wrote:
Drunk, pulled Craster's pork, waiting for brdyime story,reading nuts. Xz


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 13:20 
User avatar

Joined: 27th Mar, 2008
Posts: 14497
:'(


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 13:22 
User avatar
ugvm'er at heart...

Joined: 4th Mar, 2010
Posts: 22397
WTB wrote:
Regardless, it's not going to hurt to make your Google account a bit more secure... :shrug:


It is going to hurt, in extra faff, for not a huge amount of gain.

The faff/gain ratio is all off for me personally, others may differ.

My point is, that this article shows how shit Apple are, not how "good" google 2-step is.

It's worth noting that the only place I actually use my gmail address anywhere is in my domain account, everywhere else has my domain address used.
And actually, due to my fucking idiot namesake who can't get his head around the fact that he doesn't own the email address he signs up to stuff with, if you actually searched using my gmail address, you would most likely find his personal details everywhere ;)


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 13:24 
User avatar
UltraMod

Joined: 27th Mar, 2008
Posts: 55719
Location: California
Trooper wrote:
WTB wrote:
Regardless, it's not going to hurt to make your Google account a bit more secure... :shrug:


It is going to hurt, in extra faff, for not a huge amount of gain.

The faff/gain ratio is all off for me personally, others may differ.

Can I just quote this so I can dig it up when your Gmail inevitably gets hacked now? ;)

_________________
I am currently under construction.
Thank you for your patience.


Image


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 13:26 
User avatar
ugvm'er at heart...

Joined: 4th Mar, 2010
Posts: 22397
The Last Salmon Man wrote:
Trooper wrote:
WTB wrote:
Regardless, it's not going to hurt to make your Google account a bit more secure... :shrug:


It is going to hurt, in extra faff, for not a huge amount of gain.

The faff/gain ratio is all off for me personally, others may differ.

Can I just quote this so I can dig it up when your Gmail inevitably gets hacked now? ;)


As long as I can do the same when you get hacked, even with 2-step on ;)


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 13:39 
User avatar
UltraMod

Joined: 27th Mar, 2008
Posts: 55719
Location: California
Trooper wrote:
The Last Salmon Man wrote:
Trooper wrote:
WTB wrote:
Regardless, it's not going to hurt to make your Google account a bit more secure... :shrug:


It is going to hurt, in extra faff, for not a huge amount of gain.

The faff/gain ratio is all off for me personally, others may differ.

Can I just quote this so I can dig it up when your Gmail inevitably gets hacked now? ;)


As long as I can do the same when you get hacked, even with 2-step on ;)

DEAL!

_________________
I am currently under construction.
Thank you for your patience.


Image


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 14:18 
User avatar

Joined: 31st Mar, 2008
Posts: 1883
I have to say I'm quite shocked that anyone can get full control of an Amazon account with just name, email address and billing address - that's is often fairly easily obtained information for any given person.

I am going to have to set up a new email account just for Amazon, I think.


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 14:19 
User avatar

Joined: 27th Mar, 2008
Posts: 14497
*gets to work hacking myp's Gmail account*


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 14:25 
8-Bit Champion
User avatar
Two heads are better than one

Joined: 16th Apr, 2008
Posts: 14518
lasermink wrote:
I have to say I'm quite shocked that anyone can get full control of an Amazon account with just name, email address and billing address - that's is often fairly easily obtained information for any given person.

I am going to have to set up a new email account just for Amazon, I think.


To me thats one of the security holes which need to be tightened up , that loophole should not exist.

If you've not read the story the Wired team tried this with someone else s account (i assume one of theirs) and also got things reset - Amazon *should* require you to authenticate to do anything on your account however for some reason they are quite happy to add another credit card without going through any authentication (and that new credit card number is then the mechanism to grant them access to the rest of the account)

However as pointed out on the article any typical receipt will also include the last 4 digits of a credit card (with the rest starred out) so those things are easy to come by and Apple should not accept that for authentication


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 14:48 
User avatar

Joined: 27th Mar, 2008
Posts: 14497
Is there any good reason for showing four digits of a card number on receipts and stuff anyway? Obviously it helps you to identify which card you used, but I've never found the need to do that anyway!

If I'm in a shop and the guy asks "do you want your card receipt, or...?" and I see that it's already printed off, I always think "well fuck yes I'd rather have it than leave it with you".


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 14:52 
User avatar
ugvm'er at heart...

Joined: 4th Mar, 2010
Posts: 22397
It would actually be better to show the first 4 digits, as they are specific to each provider but generic across those providers cards. So you could identify which card, but has nothing specific about you on it.

...and then not using that as ID for password changing in a phone call! :belm:


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 14:59 
User avatar

Joined: 30th Mar, 2008
Posts: 32624
Trooper wrote:
It would actually be better to show the first 4 digits, as they are specific to each provider but generic across those providers cards.
I have two accounts at NatWest (private and joint), the cards have the same prefix.


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 15:01 
SupaMod
User avatar
Est. 1978

Joined: 27th Mar, 2008
Posts: 69725
Location: Your Mum
Doctor Glyndwr wrote:
Trooper wrote:
It would actually be better to show the first 4 digits, as they are specific to each provider but generic across those providers cards.
I have two accounts at NatWest (private and joint), the cards have the same prefix.

Same.

Although not for much longer!

_________________
Grim... wrote:
I wish Craster had left some girls for the rest of us.


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 15:11 
User avatar
ugvm'er at heart...

Joined: 4th Mar, 2010
Posts: 22397
Doctor Glyndwr wrote:
Trooper wrote:
It would actually be better to show the first 4 digits, as they are specific to each provider but generic across those providers cards.
I have two accounts at NatWest (private and joint), the cards have the same prefix.


Fair point, I just assumed that most have a different card from a different provider, rather than two from the same provider. I wonder how common that is?
I know I had two from Lloyds, but that was because one was an Amex and one was a Visa and hence had two different originator numbers.


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 15:17 
User avatar

Joined: 30th Mar, 2008
Posts: 32624
Trooper wrote:
It would actually be better to show the first 4 digits, as they are specific to each provider
Also, no. You need six digits at least to get it down to the card issuer level: hhttp://en.wikipedia.org/wiki/List_of_I ... on_Numbers

E.g. consider
Quote:
4239** - St George Bank Visa Debit (Australia)
423966 - Suffolk County National Bank Visa Debit (NY)

522223 - Avangard Bank, Russia
522276 - Chase Manhattan Bank MasterCard Credit Card


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 15:21 
User avatar
ugvm'er at heart...

Joined: 4th Mar, 2010
Posts: 22397
Doctor Glyndwr wrote:
Trooper wrote:
It would actually be better to show the first 4 digits, as they are specific to each provider
Also, no. You need six digits at least to get it down to the card issuer level: hhttp://en.wikipedia.org/wiki/List_of_I ... on_Numbers

E.g. consider
Quote:
4239** - St George Bank Visa Debit (Australia)
423966 - Suffolk County National Bank Visa Debit (NY)

522223 - Avangard Bank, Russia
522276 - Chase Manhattan Bank MasterCard Credit Card


:nerd:

Well, I meant * for the individual* for them to see which card they used. I would be extremely surprised if you had a card from both Chase Manhattan and Avangard Russia...


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 15:34 
User avatar

Joined: 30th Mar, 2008
Posts: 32624
Trooper wrote:
:nerd:
Don't you work in QA?!


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 15:40 
User avatar
ugvm'er at heart...

Joined: 4th Mar, 2010
Posts: 22397
Doctor Glyndwr wrote:
Trooper wrote:
:nerd:
Don't you work in QA?!


I do indeed. *

Accuracy is overrated. ;)



*
ZOMG Spoiler! Click here to view!
Although currently I spend my time helping decide where your tax monies are being spent on government IT projects, or more precisely which mountain of shit we aren't going to plough £700 million into this time around. I hope you now feel safe and secure that I know what i'm doing ;)


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 16:49 
User avatar
Skillmeister

Joined: 27th Mar, 2008
Posts: 27023
Location: Felelagedge Wedgebarge, The River Tib
I'm going to use a bewildering array of different usernames and passwords for each application and service I use. Bound to be fine.

_________________
Washing Machine: Fine. Kettle: Needs De-scaling. Shower: Brand new. Boiler: Fine.
Archimedes Hotdog Rhubarb Niner Zero Niner.


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 17:01 
User avatar
Kvnt

Joined: 30th Mar, 2008
Posts: 2407
Location: Liverpool
2-step verification stopped the straight-to-YouTube publishing part of Windows Movie Maker from working, for me. It kept saying I needed to enter my Google password instead of my YT one, but I was already doing that. When I disabled it, everything worked again...

_________________
"Vexovoid is possibly the most inscrutable, evil-sounding thing to emerge from Australia since Mel Gibson."
XBL: Klatrymadon


Top
 Profile  
 
 Post subject: Re: Mat Honan's epic hacking
PostPosted: Tue Aug 07, 2012 17:02 
User avatar
Skillmeister

Joined: 27th Mar, 2008
Posts: 27023
Location: Felelagedge Wedgebarge, The River Tib
YOG wrote:
2-step verification stopped the straight-to-YouTube publishing part of Windows Movie Maker from working, for me. It kept saying I needed to enter my Google password instead of my YT one, but I was already doing that. When I disabled it, everything worked again...


Probably need to generate an application specific password then. I remember I had to do that with Thunderbird.

_________________
Washing Machine: Fine. Kettle: Needs De-scaling. Shower: Brand new. Boiler: Fine.
Archimedes Hotdog Rhubarb Niner Zero Niner.


Top
 Profile  
 
Display posts from previous:  Sort by  
Reply to topic  [ 88 posts ]  Go to page 1, 2  Next

All times are UTC [ DST ]


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search within this thread:
You are using the 'Ted' forum. Bill doesn't really exist any more. Bogus!
Want to help out with the hosting / advertising costs? That's very nice of you.
Are you on a mobile phone? Try http://beex.co.uk/m/
RIP, Owen. RIP, MrC. RIP, Dimmers.

Powered by a very Grim... version of phpBB © 2000, 2002, 2005, 2007 phpBB Group.