When you're a celebrity or a high profile citizen, it's not uncommon to be targeted by selfish individuals looking to make a dollar at your expense. It's possible that Steve Jobs has fallen victim to a phishing scam that may have given access to his Amazon account.CultofMac.com is reporting that they have been contacted by a phishing artist who managed to get into Steve Jobs' Amazon account by claiming to have "sent Jobs a phony but official-looking email that tricked him into logging onto a fake Amazon.com website".
Like any greedy individual, the phishing artist wants to sell the details of what items Jobs has purchased, which he claims to be over 20,000 items over the last 10 years, or about 5 items a day.
The phishing artist goes by the name of orin0co, and claims neither Jobs nor Amazon knew of the intrusion because he didn't change the password on the account. The phishing attack was a well-crafted email that "instead of spamming millions with scattershot email scams, ...targeted high-worth corporate executives with cleverly-crafted emails full of personal details. The executives received messages that appeared to come from the Better Business Bureau, Internal Revenue Service, or Federal Trade Commission, among others."
Even if this turns out to be a hoax, it's a good reminder to keep strong and secure passwords. Use a variation of numbers, letters and symbols when possible and don't keep the same password for every site.
1. Register to Amazon.
2. Tell them my name is Steve Jobs on the registration page
3. Buy some things
4. ...
5. profit
SOOOO FAKE !
Which apparently works just swell, eh?
But I guess this blows the whole, Mac's are 100% secure and don't have any worries commercial out of the water. Good job, orin0co!
But I guess this blows the whole, Mac's are 100% secure and don't have any worries commercial out of the water. Good job, orin0co!
What does having a weak password, or replying to a phishing email have to do with your OS security?
Let me answer for that for you, since you seem to miss the linkage.
There is no link. No corresponding statistic. No connection.
But I guess this blows the whole, Mac's are 100% secure and don't have any worries commercial out of the water. Good job, orin0co!
What does having a weak password, or replying to a phishing email have to do with your OS security?
Let me answer for that for you, since you seem to miss the linkage.
There is no link. No corresponding statistic. No connection.
Because Outlook and/or IE8 would've warned him that it's a phishing site or phishing e-mail. Mac's don't do that hence the great Steve Jobs is tricked into giving up his personal details.
That's the link.
Brb going to grab pitchfork for the witch hunt.
That was just wrong dude....
[< snipped > - Calum]
Last edited by Calum on 14 May 2009 - 20:06
See my above post 1.6
If you think that a weak password, or falling for social engineering has anything to do with how secure the OS is, then I pray you don't work with computers.
If you think that a weak password, or falling for social engineering has anything to do with how secure the OS is, then I pray you don't work with computers.
What "post 1.6"?
And do you really think that anyone who hacks anything Apple related is an "idiot"? Where did all the moderational zeal on the "calling other people names" go?
BTW, Neowin + Firefox =
If you think that a weak password, or falling for social engineering has anything to do with how secure the OS is, then I pray you don't work with computers.
What "post 1.6"?
And do you really think that anyone who hacks anything Apple related is an "idiot"? Where did all the moderational zeal on the "calling other people names" go?
Sorry. 2.6 Way to get pedantic on the typo.
And what the heck are you dragging me into a discussion point I did not make or support with regards to the term "idiot". Firstly, I never claimed anyone hacking an Apple is an idiot. Secondly, an Apple wasn't hacked - just an online account credential.
Save your scorn for someone else, rather than throwing it around at random.
I for one don't really feel sorry for Jobs if it is his account. He shouldn't fall victim to that stuff, but I guess he took those Mac Vs PC ads a bit too seriously...
Better have a touchscreen
Anyone can change their name on amazon to Steve Jobs. Look i just have!
http://img517.imageshack.us/img517/8129/stevejobs.png
OMG I haxxored Steve's account /sarcasm
Unless there is actual proof that this is THE Steve Jobs' account then this is worthless......
EDIT: Removed image tags as it's a bit big.
I know right? Unprofessional doesnt have to mean low-class
Agreed. Keep personal opinions.. well.. personal.
And Microsoft is a better company because they donate so much. That's just very kind of them, so stop calling them M$.
However, in this case, it's a moot point. Safari has the same phishing protection as Firefox. You can only detect a phishing attack if it's been discovered before, and I doubt someone would target Jobs with a mass mailing.
Additionally, it's probably a fake. It's easy enough to say "Look who I hacked!". It's another to actually prove that the account belongs to them.
Exactly.
The browser in question is not "Webkit" it's Safari. And it is BAD. Why would any browser let sites to palce executible files on your desktop without your consent? (non-issue for Apple)
And if it happens to be genuine, the idiot isn't the person selling the data. The true idiot is the person who thinks it is money well spent. So Steve bought some stuff on Amazon, how does that impact anyone's life? Get a grip.
And if it happens to be genuine, the idiot isn't the person selling the data. The true idiot is the person who thinks it is money well spent. So Steve bought some stuff on Amazon, how does that impact anyone's life? Get a grip.
For once I agree. I couldn't care less what famous people have purchased... how will this benefit anyone in any way?
And if it happens to be genuine, the idiot isn't the person selling the data. The true idiot is the person who thinks it is money well spent. So Steve bought some stuff on Amazon, how does that impact anyone's life? Get a grip.
I also agree with you for once, but highly doubt this is genuine.
I heard they did it for people selling the free tickets to Obama's inauguration.
If he had been on a Mac using Safari, this would have never happened."
They are? Most of the Mac people would disagree with you.
Phishing filters should not be a requirement. Simple as that. Someone as educated in the tech industry as Steve Jobs knows when they are being targeted. They know the signs to look for. They know to check for security certificates, and valid ones at that, for big sites like Amazon. So I am 100% sure that this is fake.
Regardless, say he was an everyday Joe. Safari has anti-phishing built in. Mail has pretty good spam/phishing detection. And the OS simply has nothing to do with it.
The way a phishing filter works is through past experience. If a phishing site is discovered, it is added to a large list of other sites. Same way a virus works: different routine to create it, different routine to remove it. You can't just say "he should've used a different browser" because a site wasn't yet added to the filter. If an attack is aimed specifically at one person, an idea not too far out of the question, a phishing filter will not detect it. Even if it's detected as spam, some people may click through.
But we have to go back to the first point and be rational about this. We're talking about a billionaire who made it through the tech industry. Not just a businessman, but a businessman who sold computers through the birth of the Internet. He knows what a phishing attack is as well as anyone on this site, and I doubt any of us would blindly put our password into a site linked to us in a e-mail.
What good is a strong password if you're dumb enough to get phished?
What good is a strong password if you're dumb enough to get phished?
Amateur articles at their finest.
http://www.neowin.net/forum/index.php?auto...;showentry=2792
Impartial? You tell me....
Ontopic:
This is important because I believe that Amazon has their member's personal details and anyways he might have bought things that he doesnt want to get in the public eye.
On a related note, kinda stupid being in the computer industry and not being able to detect with your own eyes a phishing scam.
If Amazon/paypal/eBay/etc. said to me in an email (like most phishing scams do) you have to log onto your account to update some new security questions, click here:, I would delete THEN GO TO AMAZON.COM MYSELF, typing it in or my OWN bookmark, and logging in to check. Why people believe convenience is ok to be lazy and get screwed I have no clue. Just dumb and ignorant if you ask me.
That beats ANY issue about "oh safari is terrible, IE is terrible, should have used outlook, etc."...actually its the email 'provider' that needs to warn you [if IT knows about it that is], they 'are' the ones handling it first...duh.
Now earlier comments made a good point earlier, its probably fake anyway, and as well, who cares its not like its his bank account details that are up for grabs...
Give Forrest back his company he would not fall for that!
If? Wow. People can be so gullible.
I guess it wasn't too complex for him to figure it out
and if its not shopped then its just a fake (or a guy with the same name).
Last edited by Magallanes on 15 May 2009 - 16:35
For more information:
SA31384
2) A boundary error in the handling of Compact Font Format (CFF) fonts in Apple Type Services can be exploited to cause a heap-based buffer overflow when specially crafted document is downloaded or viewed.
Successful exploitation allows execution of arbitrary code.
3) A vulnerability in BIND can potentially be exploited by malicious people to conduct spoofing attacks.
For more information:
SA33404
4) An error in the parsing of Set-Cookie headers in CFNetwork can result in applications using CFNetwork sending sensitive information in unencrypted HTTP requests.
5) An error in CFNetwork when processing long HTTP headers can be exploited to cause a heap-based buffer overflow when visiting a malicious web site.
Successful exploitation allows execution of arbitrary code.
6) Multiple errors exist in the processing of PDF files in CoreGraphics, which can be exploited to corrupt memory and execute arbitrary code via a specially crafted PDF file.
7) An integer underflow error in the processing of PDF files in CoreGraphics can be exploited to cause a heap-based buffer overflow when specially crafted PDF files is opened.
Successful exploitation allows execution of arbitrary code.
For more information:
SA34291
9) Multiple vulnerabilities in cscope can be exploited by malicious people to compromise a user's system.
For more information:
SA34978:
10) A boundary error in the handling of disk images can be exploited to cause a stack-based buffer overflow when a specially crafted disk image is mounted.
11) Multiple unspecified errors in the handling of disk images can be exploited to cause memory corruptions when a specially crafted disk image is mounted.
Successful exploitation of vulnerabilities #10 and #11 allows execution of arbitrary code.
12) Multiple vulnerabilities in enscript can be exploited by malicious people to compromise a vulnerable system.
For more information:
SA13968
SA32137
13) Multiple vulnerabilities in the Flash Player plugin can be exploited by malicious people to compromise a user's system.
For more information:
SA34012
14) An error in Help Viewer when loading Cascading Style Sheets referenced in URL parameters can be exploited to invoke arbitrary AppleScript files.
15) A vulnerability exists due to Help Viewer not validating that full paths to HTML documents are within registered help books, which can be exploited to invoke arbitrary AppleScript files.
Successful exploitation of vulnerabilities #14 and #15 allows execution of arbitrary code.
16) An error in iChat can result in AIM communication configured for SSL to be sent in plaintext.
17) An error in the handling of certain character encodings in ICU can be exploited to bypass filters on websites that attempt to mitigate cross-site scripting.
1
For more information:
SA31450
SA31478
19) Multiple vulnerabilities in Kerberos can be exploited by malicious people to potentially disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
For more information:
SA34347
20) An error in the handling of workqueues within the kernel can be exploited by malicious, local users to cause a DoS or execute arbitrary code with Kernel privileges.
21) An error in Launch Services can cause Finder to repeatedly terminate and relaunch when a specially crafted Mach-O is downloaded.
22) A vulnerability in libxml can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
For more information:
SA31558
23) A vulnerability in Net-SNMP can be exploited by malicious people to cause a DoS (Denial of Service).
For more information:
SA32560
24) A vulnerability in Network Time can be exploited by malicious people to conduct spoofing attacks.
For more information:
SA33406
25) A vulnerability in Network Time can be exploited by malicious people to potentially compromise a user's system.
For more information:
SA34608
26) A vulnerability in Networking can be exploited by malicious people to cause a DoS (Denial of Service).
For more information:
SA31745
27) A vulnerability in OpenSSL can be exploited by malicious people to conduct spoofing attacks.
For more information:
SA33338
2
For more information:
SA32964
29) An unspecified error in QuickDraw Manager can be exploited to cause a memory corruption and potentially execute arbitrary code via a specially crafted PICT image.
30) An integer underflow error in the handling of "0x77" tags within PICT images in QuickDraw Manager can be exploited to cause a heap-based buffer overflow via a specially crafted PICT file.
Successful exploitation allows execution of arbitrary code.
31) Multiple vulnerabilities in ruby can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and conduct spoofing attacks.
For more information:
SA31430
SA31602
32) An error in the use of the OpenSSL library in ruby can cause revoked certificates to be accepted.
33) A vulnerability in Safari when handling "feed:" URLs can be exploited to compromise a user's system.
For more information:
SA35056
34) Multiple unspecified errors in Spotlight can be exploited to cause memory corruptions and execute arbitrary code when a specially crafted Office document is downloaded.
35) An error when invoking the "login" command can result in unexpected high privileges.
36) A boundary error in telnet can be exploited to cause a stack-based buffer overflow when connecting to a server with an overly long canonical name in its DNS address record.
Successful exploitation may allow execution of arbitrary code.
37) A vulnerability in WebKit when handling SVGList objects can be exploited to corrupt memory and potentially execute arbitrary code.
For more information:
SA35056
3
For more information:
SA20100
SA25350
SA34723
39) A vulnerability in xterm can be exploited by malicious people to compromise a user's system.
For more information:
SA33318
40) Multiple vulnerabilities in libpng can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library.
For more information:
SA29792
SA33970
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.