黑客迫使苹果和亚马逊公司修改安全策略
2012-08-30 15:24
204 查看
纽约(CNNMoney)-在黑客成功的通过电话客服拿到了一个记者的网上帐号之后,苹果公司和亚马逊公司都已经修改了其服务政策,暂停了通过电话重置帐号信息(密码)的服务。
Wired writer Mat Honan's harrowing story of having all his digital files trashed swept across the Internet this week. The most startling part of his tale: The hackers who took over his accounts did it by simply tricking customer service representatives, rather than launching a technical attack.
《连线》杂志记者Mat Honan这周经历了一场噩梦,他所有的电脑数据都被人通过网络远程删除了。这个故事最让人震惊的一点是:黑客没有用什么高深的技术,仅仅是给(苹果和亚马逊)的客服打了一个电话骗了一下客服,就拿到了他的帐号的密码。
Apple and Amazon are working to close the loopholes exposed by the hack.
苹果和亚马逊正在处理这个漏洞。
Apple (AAPL, Fortune 500) on Wednesday confirmed that it is temporarily disabling its customers' ability to reset an AppleID password over the phone. Instead, customers will have to use Apple's online "iForgot" system.
苹果在周三确认,已经暂停了通过电话重置AppleID密码的服务。用户现在还可以通过苹果的“iForgot”系统来重置密码。
Apple representative Natalie Kerris said that the company doesn't have a specific timeframe for how long that "temporary" policy will be in place. When Apple restores the ability to call in for password resets, she said, users will have to provide "stronger" proof that they are who they say they are. She would not comment on specifics.
苹果公司发言人Natalie Kerris说目前还没有一个明确的时间表告诉大家合适能够修复这个问题。当这项功能恢复的时候,用户需要提供“更强”的信息来证明自己确实是帐号的所有者。她没有给出具体标准。
Amazon (AMZN, Fortune 500) told CNNMoney on Tuesday that "the reported exploit" was closed on Monday, the same day Honan's story ran in Wired. But what, exactly, has changed? Amazon declined to comment or answer further questions.
而亚马逊周二告诉CNNMoney相关的漏洞已经在周一被关闭了,就在《连线》报道Honan的悲惨故事的当天。但是到底改了什么地方?相关细节亚马逊拒绝回答。
However, a separate Wired article posted Tuesday said that Amazon's customer service reps will no longer change account settings like credit cards or email addresses by phone.
但是周二《连线》杂志的另外一篇文章说亚马逊的客服人员将不会再允许通过电话修改用户的信用卡信息或邮件地址。
Related story: How a lying 'social engineer' hacked Wal-Mart
相关链接:黑客如何通过“社会工程学”黑掉了沃尔玛。
The changes came too late for Honan, who lost all the data -- including photos of his baby daughter -- on his iPhone, iPad and MacBook. The hackers also deep-sixed Honan's Google (GOOG, Fortune 500) account, and posted racist and homophobic messages on his Twitter page.
这些改变对于Honan来说都太迟了,他失去了存放在iPhone、iPad和MacBook中的所有数据,包括他的宝贝女儿的照片。黑客同时毁掉了Honan的Google帐号(里面的信息),在他的推特帐号上发种族主义和恐同性恋的推。
While Honan blamed himself for not backing up his data and for "daisy-chaining" his accounts together, he condemned Apple and Amazon for making systems that could so easily be gamed -- especially when targeted together.
Honan悔恨自己没有对数据进行备份,后悔将各个帐号进行了关联。同时他也指责苹果和亚马逊的系统太容易被欺骗——尤其是相互以对方为目标(进行欺骗)的时候。
The problem is "endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices," Honan wrote.
Honan写道,这个问题“是技术公司的通病,尤其在云计算时代,将成为噩梦一般的隐患”。
传智播客收集整理,关注java培训,php培训,提供java入门教程、java程序设计教程、java视频教程下载
Wired writer Mat Honan's harrowing story of having all his digital files trashed swept across the Internet this week. The most startling part of his tale: The hackers who took over his accounts did it by simply tricking customer service representatives, rather than launching a technical attack.
《连线》杂志记者Mat Honan这周经历了一场噩梦,他所有的电脑数据都被人通过网络远程删除了。这个故事最让人震惊的一点是:黑客没有用什么高深的技术,仅仅是给(苹果和亚马逊)的客服打了一个电话骗了一下客服,就拿到了他的帐号的密码。
Apple and Amazon are working to close the loopholes exposed by the hack.
苹果和亚马逊正在处理这个漏洞。
Apple (AAPL, Fortune 500) on Wednesday confirmed that it is temporarily disabling its customers' ability to reset an AppleID password over the phone. Instead, customers will have to use Apple's online "iForgot" system.
苹果在周三确认,已经暂停了通过电话重置AppleID密码的服务。用户现在还可以通过苹果的“iForgot”系统来重置密码。
Apple representative Natalie Kerris said that the company doesn't have a specific timeframe for how long that "temporary" policy will be in place. When Apple restores the ability to call in for password resets, she said, users will have to provide "stronger" proof that they are who they say they are. She would not comment on specifics.
苹果公司发言人Natalie Kerris说目前还没有一个明确的时间表告诉大家合适能够修复这个问题。当这项功能恢复的时候,用户需要提供“更强”的信息来证明自己确实是帐号的所有者。她没有给出具体标准。
Amazon (AMZN, Fortune 500) told CNNMoney on Tuesday that "the reported exploit" was closed on Monday, the same day Honan's story ran in Wired. But what, exactly, has changed? Amazon declined to comment or answer further questions.
而亚马逊周二告诉CNNMoney相关的漏洞已经在周一被关闭了,就在《连线》报道Honan的悲惨故事的当天。但是到底改了什么地方?相关细节亚马逊拒绝回答。
However, a separate Wired article posted Tuesday said that Amazon's customer service reps will no longer change account settings like credit cards or email addresses by phone.
但是周二《连线》杂志的另外一篇文章说亚马逊的客服人员将不会再允许通过电话修改用户的信用卡信息或邮件地址。
Related story: How a lying 'social engineer' hacked Wal-Mart
相关链接:黑客如何通过“社会工程学”黑掉了沃尔玛。
The changes came too late for Honan, who lost all the data -- including photos of his baby daughter -- on his iPhone, iPad and MacBook. The hackers also deep-sixed Honan's Google (GOOG, Fortune 500) account, and posted racist and homophobic messages on his Twitter page.
这些改变对于Honan来说都太迟了,他失去了存放在iPhone、iPad和MacBook中的所有数据,包括他的宝贝女儿的照片。黑客同时毁掉了Honan的Google帐号(里面的信息),在他的推特帐号上发种族主义和恐同性恋的推。
While Honan blamed himself for not backing up his data and for "daisy-chaining" his accounts together, he condemned Apple and Amazon for making systems that could so easily be gamed -- especially when targeted together.
Honan悔恨自己没有对数据进行备份,后悔将各个帐号进行了关联。同时他也指责苹果和亚马逊的系统太容易被欺骗——尤其是相互以对方为目标(进行欺骗)的时候。
The problem is "endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices," Honan wrote.
Honan写道,这个问题“是技术公司的通病,尤其在云计算时代,将成为噩梦一般的隐患”。
传智播客收集整理,关注java培训,php培训,提供java入门教程、java程序设计教程、java视频教程下载
相关文章推荐
- 黑客迫使苹果和亚马逊公司修改安全策略
- 黑客攻击迫使亚马逊和苹果改变安全策略
- Win10 驱动装不上,提示:Windows 无法验证此设备所需的驱动程序的数字签名。该值受安全引导策略保护,无法进行修改或删除。
- win2008 IP安全策略关闭端口、禁止ping、修改远程连接3389端口、开放指定端口
- 注册表修改安全策略
- Win10 修改 IP 安全策略过滤某个IP的访问
- 让XP HOME使用组策略、本地用户和组、安全策略以及文件访问权限的修改
- Windows 2008 修改或取消密码安全策略
- AD-DS修改安全策略
- 黑客指出微软在安全架构方面已小有建树 超越苹果
- Windows 2012 修改或取消密码安全策略
- 搭建web服务器的SElinux策略保护 SElinux修改默认端口 安全web服务
- 安全策略修改密码
- 用安全模板修改XP本地策略设置
- windows server 2008 IP安全策略关闭端口,禁止ping,修改远程连接3389端口,开放指定端口
- mysql安全策略
- 当安全策略遇上OSPF
- 阿里安全称发现安卓WiFi漏洞:黑客可远程攻击
- Windows Server 2008 R2 /2012 修改密码策略