Tag Archives: cloud

HOW APPLE AND AMAZON SECURITY FLAWS LED TO MY EPIC HACKING

In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.

In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened, because their ultimate goal was always to take over my Twitter account and wreak havoc. Lulz.

Had I been regularly backing up the data on my MacBook, I wouldn’t have had to worry about losing more than a year’s worth of photos, covering the entire lifespan of my daughter, or documents and e-mails that I had stored in no other location.

Those security lapses are my fault, and I deeply, deeply regret them.

But what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s. Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.

This isn’t just my problem. Since Friday, Aug. 3, when hackers broke into my accounts, I’ve heard from other users who were compromised in the same way, at least one of whom was targeted by the same group.

‬The very four digits that Amazon considers unimportant enough to display in the clear on the Web are precisely the same ones that Apple considers secure enough to perform identity verification.‪
‬Moreover, if your computers aren’t already cloud-connected devices, they will be soon. Apple is working hard to get all of its customers to use iCloud. Google’s entire operating system is cloud-based. And Windows 8, the most cloud-centric operating system yet, will hit desktops by the tens of millions in the coming year. My experience leads me to believe that cloud-based systems need fundamentally different security measures. Password-based security mechanisms — which can be cracked, reset, and socially engineered — no longer suffice in the era of cloud computing.

A MUST READ: DON’T USE THE CLOUD

Amazon Cloud Crash

The 21st of April saw a major crash of the Amazon Cloud EC2 system, which lasted for three days. The EC2 is used to host many websites including some big names in cyberspace, such as Foursquare, HootSuite, Reddit and Quora.

Amazon, like many other companies using the latest cloud server technology had been confident of the system, describing it as bomb proof. However, days after the event it has now emerged that Amazon have now lost some of their customers data. This has highlighted the lack of robust systems in place in Amazon, as well as other hosting companies when it comes to data back up and storage.

The outage occurred when Amazon were seeking to upgrade their system and error occurred as they shifted traffic from one router to another, in the process the data was moved to a low capacity redundant router.

Although the problem has been rectified the fact remains as more and more businesses trust the hosting companies to back up their data. Are their systems robust enough to protect data when outages and errors happen? For Amazon customers the answer was no.

America is under spiritual attack, the enemy wants to crash America. The nation’s economy is dependent upon modern technology and if the  technology being used is not safe it will be exploited. Not enough Christians understand the importance of technology, most of the church is 15 years behind the world, and is constantly playing catch up. Part of being effective in this age is being educated about the technologies the world works on, and safe guarding yourself against points of weakness, this is how the natural army operates, and it ought to be how the church operates. As the world walks shortsightedly into the new and latest technologies, we need to ask ourself is it a safe is our data secure.