We posted this weekend about Mat Honan’s saga about being hacked. Now Mat, formerly of Gizmodo now of Wired, is filling in the gory details about the experience. You can read the first in what looks like a series of articles here. It is worth a read if you spend any time at all on the Internet. If that’s you or anyone in your family, this is a scary story. Perhaps this will end up being a landmark moment where many of us take a deep breath, take some online inventory and change our behavior. Perhaps many online companies will do the same. I wouldn’t count on either of those things creating a safer world out there. Simply put, no one has come up with a method to keep humans from doing harmful or potentially harmful things to themselves.
That said the big key here (and there are many big keys) is to be very careful with whatever credentials you give to the Internet. We’re talking emails. We’re talking credit card numbers. We’re talking, well, anything. Admittedly that’s tough. As an example, if you use any of Google’s products and then use that Google email address and password to sign in to other services, you open yourself up for potential trouble. Google has practically been begging folks to use two factor authentication for awhile. I’m guessing that’s going to increase after this story. Remember all the hullabaloo and the now somewhat accepted practice of signing into other Apps and services with Facebook or Twitter? Makes live easier, certainly. But you open yourself up for potential trouble down the road.
The bottom line in Mat’s story is that it could be any of our stories. The Internet is fast, convenient, and fun. It is the same for those who spend their energies looking to do harm. There are many culprits in Mat’s saga, including Mat himself as he admits. But the big standout bit of information here is the disconnect between security between web businesses. If you store credit card info on Amazon and log in (or someone else gets you log in) to your account you can see the last four digits of those credit card numbers. Turns out those last four digits are one of the bits of info that Apple uses to verify identity in case you need a temporary password reset. Keep in mind you give those last four digits (and the rest) to any waiter who takes your check at a restaurant as well. Remember Mat’s hackers only wanted access to his Twitter account to do some pranking around. They claim they didn’t want to do anything more malicious.
I’ll admit I’m taking some inventory and planning some changes. That Amazon/Apple news sort of rocked me backwards when I read it. Amazon’s “one-click” and Apple’s continued claims of credit cards stored might be interesting marketing points that don’t mean the same thing going forward. I’m guessing Amazon will need to rethink some things here, as well as Apple. It makes the “one-click” convenience of the Kindle experience a little less appetizing.
Again, there’s nothing you can do to be 100% secure. That’s just life. Being smart about tossing your credentials around can certainly help, but only until the next way of getting your info crops up and moves us from things like two factor authentication to three factor authentication.
Be careful out there. It’s a big scary place.
Again, there is nothing you can do to prevent humans from doing human things.