16 hrs.
After hackers turned the life of Wired's?Mat Honan upside down, he did what any good reporter would do ??he investigated the incident and broke down just how things went wrong. As a result of Honan's research, we learned that Apple and Amazon each have some security holes.
Both companies are seemingly?working on setting things right. Amazon has plugged its hole and Apple has?temporarily?shut down a faulty process.
The trouble with Amazon was that folks who dialed up the online retailer's customer service line could gain control of a stranger's account as long as they knew that individual's name, email address and mailing address. This appears to no longer be the case, based on our own quick tests.
Apple's issue, that?someone could reset an Apple?ID (or iCloud ID) by phone with only minimal details about the account holder (a?name, email address, mailing address and the last four digits of the person's credit card number), is not a problem at this very moment. When?attempts are made?to have an Apple representative?reset a password over the phone, customers are being directed to Apple's password reset page.?
My own attempts to reset an iCloud ID?resulted in a rep telling me that "the?reset option is currently undergoing maintenance" and that "they just tell us we're not supposed to [reset passwords over the phone] right now."
We have reached out to both Amazon and Apple, to hear more about the changes they're making to their security procedures. Apple spokesperson?Natalie Kerris gave us a statement which basically sums up what we've?discover?so far:
We've temporarily suspended the ability to reset Apple?ID passwords over the phone. We're asking customers who need to reset their password to continue to use our online iForgot system (iforgot.apple.com). This system can reset a password in one of two ways ??either have a password reset sent to an alternate email address already on record or challenge the customer to answer security questions they had previously set up. When we resume over the phone password resets, customers will be required to provide even stronger identify verification to reset their password.
An Amazon?spokesperson?explained that the company has?"investigated the reported exploit, and can confirm that the exploit has been closed as of Monday afternoon."
Want more tech news?or interesting?links? You'll get plenty of both if you keep up with Rosa Golijan, the writer of this post, by following her on?Twitter, subscribing to her?Facebook?posts,?or circling her?on?Google+.
ny jets ny jets sean payton saints bounty program toulouse france the situation cate blanchett
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.