Thoughts of the Digital Past
Just another onMason site

Are You Secure?

When I read Matt Honan’s How Apple and Amazon Security Flaws Led to My Epic Hacking I thought it was really entertaining and very clever of the hackers.  When he explained how all is accounts got hacked one after the other because they shared information I was shocked.

I really like that he was able to get in contact with the hackers and find out exactly how they did this and also try if it works on other peoples account.

It was interesting when Honan was talking about Apple and how you only need the email billing address and the last four digits of a credit to change the account but in Amazon the last four digits are something that are not considered secured and are shared.

“Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification.”

I thought that was really interesting because I would think that big companies like Apple and Amazon that are commonly used would have some sort of contact about security measure to prevent this from happening.

I especially think that Amazon need to step up with security. I thought it was hilarious when Honan described how the hackers got his credit card info through Amazon.

“First you call Amazon and tell them you are the account holder, and want to add a credit card number to the account. All you need is the name on the account, an associated e-mail address, and the billing address. Amazon then allows you to input a new credit card. (Wired used a bogus credit card number from a website that generates fake card numbers that conform with the industry’s published self-check algorithm.) Then you hang up.

Next you call back, and tell Amazon that you’ve lost access to your account. Upon providing a name, billing address, and the new credit card number you gave the company on the prior call, Amazon will allow you to add a new e-mail address to the account. From here, you go to the Amazon website, and send a password reset to the new e-mail account. This allows you to see all the credit cards on file for the account — not the complete numbers, just the last four digits.”

Amazon needs to really do some some more things for their security measures…

Its scary to think about..

Posted by on September 30th, 2012 at 12:51 pm | Comments & Trackbacks (0)




Leave a Reply