How Mat Honan was hacked

How Apple and Amazon Security Flaws Led to My Epic Hacking

This is a both a fascinating and sad story and a wakeup call for those of us who have built up a complex life online. It’s also a wakeup call for those of us who do not back up our computers, iPhones, iPads, and other devices connected to a single or even multiple connected digital ecosystems.

This story scares the shit out of me. I’m paranoid enough right now so that I have serious mixed feelings about posting this (it might be looked at as a potential challenge to a hacker).

I urge anyone reading this post to read Mat’s story slowly and carefully and make note of every detail described and put yourself in Mat’s shoes. He may have made some mistakes that you haven’t made but no doubt we all have vulnerabilities, I know I do.

In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.

It isn’t just having an Amazon account, an Apple ID and an iCloud account, or having “Find my Mac” turned on in iCloud that brought Mat’s digital life down, it’s also a seemingly insignificant fact that he had a short, desirable three character Twitter handle and enough followers to make that account useful to hackers who wanted a high profile account so they could send a message: “we got into this account via a complex ID hack.”

But, even if you’re nobody of import on the internet, reading this article is a useful wakeup call if for no other reason than to hear that a person like Mat who’s a relatively sophisticated tech journalist stupidly did not back up his home computer and so it was vulnerable when hackers took over his iCloud account and found “Find My Mac” turned on. They did a remote wipe on his Mac for no good reason given the reason he was hacked and he lost the complete early photographic history of his daughter because he had no backup.

Here’s how I map myself into this

I’m a much less desirable target but who knows what makes a person a desirable target?

I use an Apple AirPort Extreme router between my local network of computers and iOS devices and our cable modem and the internet. It has a built-in firewall. We do not use local file sharing although I trust the AirPort firewall to protect us. If you have a computer directly connected to a cable or DSL modem you are extremely vulnerable and you need to do something about that.

I back up my iPhone and iPad to my computer daily (sync – backup). If they are mistakenly or maliciously remote wiped I can get the data back easily.

I use iCoud’s Find My iPhone and Find My iPad features (like David Pogue) so I can find and if necessary, remote wipe my iPhone and iPad if they fall into the wrong hands. I do not use Find My Mac which means my Macintosh isn’t visible and vulnerable to a complete wipe from my iCloud account (I hope).

I back up my computer daily in two different ways (SuperDuper and Time Machine) which means I have a complete back up of my computer and my iOS devices in case of accidental or malicious remote wipe. I actually have multiple complete backups: I have two external drives that I swap daily one being kept in the basement in a fire proof box.

I’ve only lost everything once in my life, in the very early days of personal computing before there were easy ways to back things up. It felt bad enough so that I swore I’d never let that happen to me again and hopefully it won’t. But, all it takes is once and that ought to be enough of a wake up call to get your attention and get you doing something about it. Since the early ’80s (pre-Mac) I’ve had a backup scheme in place that I’ve used religiously. Some people who hear about this think I’m nuts but their time will come and when it does they’ll get it.

I may be vulnerable via the online methods that got Mat in trouble and rather than blaming Apple and/or Amazon I need a plan to do something about this. I’m working on it and for obvious reasons I’m not posting that plan here. Your ideas are always welcome in comments, email, chat, phone.

I’m quite sure that some reading this are even more vulnerable than I am and I urge you to read Mat’s story and make note of both his mistakes and how your digital life maps onto his. Even if you feel you’re not a target because you have no status online there may be other aspects of your life that make you a desirable target for a hack or an ID theft.

Hacking and ID theft like this should bring on the most severe legal punishment no matter what age the hacker (Mat’s hacker is 19). Life in prison sounds about right. Of course, the stiffer the penalty the greater the challenge for a motivated hacker.

[via Dale Allyn]

Kindle Fire

Seen in a comment thread this morning:

Person 1: “Anyone know: what planet or star system is Jeff Bezos from?”

Person 2: “Kindle.”


In all seriousness, the Kindle Fire looks like a very interesting device.

The iPad and Kindle Fire are two different things and will appeal to two different types of users. My guess is there will be plenty of room for both devices: the iPad will continue to grow its already large user base and the Kindle Fire will grow a large user base as well, some of which will be iPad users who want both devices.

It’s not all or nothing, one or the other. Framing it that way is a mistake. There will be room for many devices and different operating system styles in this category.

These types of devices are the first steps toward replacing general purpose and cumbersome computers with smaller, cheaper, and much less cumbersome tools for doing the same things. I use my iPad in places I would never carry the MacBook Pro and have used a MacBook Pro for many years in many places where one could not use a desktop computer. The fact that these devices are getting smaller and cheaper coupled with the fact that access to the internet is getting cheaper (free in many places) and more widespread seems to me to be a leveling of what used to be a rather tilted playing field.

I like the fact that people are tweeting the Green Revolution from the streets of Iran (with smartphones) and these tablet devices are another category of device that allows computing anywhere.

Never sell Jeff Bezos short, he may not be as charismatic as Steve Jobs (his laugh is hilarious) but he’s done amazing things with Amazon and I’m pretty sure the Kindle Fire is the beginning of something important for the industry and for us users, whether we ever buy one or not.

Small publishers feel power of Amazon’s ‘Buy’ button

Small Publishers Feel Power of Amazon’s ‘Buy’ Button

Oh boy, Amazon throws weight around with “One-Click.” I think they also do it with Amazon Prime although I may be mistaken.

As a consumer who buys most of what I buy online, I’m always torn between Amazon and other online retailers who have less streamlined buying processes. I have both One-Click and Amazon Prime and they do what Amazon designed them to do, they pull me to use Amazon more than I might otherwise because of the ease with which I can buy there.

One-Click is being able to make a purchase with a single click of a button (you have 90 minutes to cancel the order).

Amazon Prime is free two day shipping on any item (even big, heavy ones) for a single yearly fee of $89. One has to use Amazon a lot to make this pay for itself but in our case, it does.

I once had an argument with an author who asked his online readers not to buy his book at Amazon. He preferred people buy it from his publisher because he got more money out of each purchase that way. I told him that if he didn’t approve of Amazon then he should stop his publisher from selling through them. While I want him to have as much of the sale price as possible, he can’t have it both ways: he can’t use Amazon’s huge marketing engine to spread word of the book and then ask us to buy it somewhere else. This is like me going into the local camera shop and examining cameras, then buying on Amazon. And, as a buyer, it’s my choice how I buy his book, not his. He got really mad. I didn’t buy the book.

He had a point but so do I. Apple made the smart move to license One-Click from Amazon for their online store and my guess is that it pays them huge dividends. Not that every small online retailer has the resources to license One-Click but most of them need to think hard about their online shopping experiences if they want to take sales away from Amazon.

It’s the process, stupid.