Mark Cuban pen tests himself (he told me); why you should do that, too
Recent data leaks have everyone spooked, especially celebrities. There's so much worry that I had a brief exchange with Dallas Mavericks owner Mark Cuban last night on Twitter. Cuban, it turns out, tells me he did a bit of self "penetration test" (or pentesting as its also known) on his own account, something that everyone should do periodically, as this helps identify weaknesses in the system and assists on improving the security of a computer.
Cuban took to Twitter late Monday and offer a bullet list of advice to "celeb/high-profile friends."
"NEVER put your real birthday in your Apple ID setup.Anyone with yr bday has path to hack u," it began. Followed by:
2) if it's remotely possible the answer to your security question is online pick a different question or avoid using that feature 3)on apple if I have your birthday, email and I search and find the answer to your security question. I own your account. Scary dang, If you have a wikipedia entry or your birthday and other information is online, this includes YOU 4) as much of a pain as it is, 2 factor authentication is becoming a necessity
I asked Cuban the obvious question: Why the sudden interest in Apple ID? "Did something happen to you, Mark?" He said no.
"nope. was checking out how easy my account would be to hack. Ended up changing everything."
That's smart. Unless you've been on another planet for the past few weeks, you know hackers have ways to attack cloud-based storage like Apple's iCloud -- well, hackers have ways to attack anything. It didn't start with celeb photos, of course. You might remember this Wired reporter's awful saga a few years ago.
You can follow all the advice columns you like, but circumstances and tactics change constantly. So the best thing to do is think like a hacker once in a while. Pretend to be an angry ex-lover, or a debt collector, or a jealous co-worker, and see what you could get into if you tried. Use someone else's computer to really simulate an attack. Companies do this all the time: it's called "pen testing," short for penetration testing services uk. And it's really the best way to make sure a hacker doesn't embarrass you, or worse.
So kudos to Mark for calling attention to the technique. It's not just for celebs. It's for anyone who might have something in the cell phone or on their social media pages that you might not want everyone else to see. And that's all of us.
As for iCloud specific advice, here's a bullet list. And here's a nice set of instructions for using two-factor authentication on all the major consumer cloud providers. But know that setting up two-factor is a good idea, but it's not a cure-all.