2012's worst security exploits, fails and blunders

Stolen social security numbers. Erased online identities. Pilfered payment information. Yep, 2012 was a banner year for the bad guys.

By Brad Chacos, PC World |  Security, privacy

A fool and his feeble p@$$w0rd are soon rooted, but if 2012 has proven anything, it's that even the most cautious security-minded souls need to double down on their protective practices, and think about the best ways to mitigate damage if the worst happens in our increasingly cloud-connected world.

A solid security toolbox should form the heart of your defense, of course, but you'll also need to consider your basic behavior. For example, a leaked LinkedIn password does little harm if that particular alphanumeric combination only opens the door to that particular account, rather than every social media account you use. Two-factor authentication can stop a breach before it happens. And do your passwords suck?

I'm not trying to scare you. Rather, I'm interested in opening your eyes to the types of precautions that are necessary in the digital age--as evidenced by the biggest security exploits, blunders, and fails of 2012. 'Twas a banner year for the bad guys.

Honan hack attack

The highest profile hack of 2012 didn't involve millions of users or an avalanche of pilfered payment information. No, the security highlight--or is that lowlight?--of 2012 was the epic hacking of a single man: Wired writer Mat Honan.

Over the course of a single hour, hackers gained access to Honan's Amazon account, deleted his Google account, and remotely wiped his trio of Apple devices, culminating in the hackers ultimately achieving their end goal: seizing control of Honan's Twitter handle. Why all the destruction? Because the @mat Twitter handle's three-letter status apparently makes it a highly coveted prize. (The malcontents posted several racist and homophobic tweets before the account was temporarily suspended.)

The devastation was all made possible by security snafus on Honan's end--daisy-chaining critical accounts, a lack of two-factor authentication activation, using the same basic naming scheme across several email accounts--and conflicting account security protocols at Amazon and Apple, which the hackers took advantage of with the help of some good ol' fashioned social engineering.

Originally published on PC World |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question