A friend on one of the e-mail lists I belong got a rude awakening this week to the awful truth — that if you live part of your life online, as most of us do, none of us are safe. Her PayPal account was hacked — to the tune of $3,000. The hackers also got into her .Mac account, changing the answer to her security question to: "Dude you’ve been hacked." They also hacked her primary e-mail account with her ISP, her eBay account and her cable account.
She talked to Apple security by phone, and they helped her change all of her passwords and remove her credit card and bank info. She said the person she talked to at Apple had personally assisted in putting over 400 people in jail this year alone.
She has filled out a reports with both her local police and the FBI.
"Because this is a federal offense, between the bank, the FBI, police dept., and Apple, I am hoping they nail the roast them," she said in an e-mail to the list.
All of this comes at a conspicuous time. In case you haven’t heard, on Sunday, July 6, the hackers of the world are holding a contest to see how much mischief they can cause. This won’t affect most of us, as it will be aimed squarely at Web servers. Out of the box, Mac OS X is a very secure operating system. As a matter of fact, the hackers in the contest will get extra points for hacking Mac OS X servers, just because they are so easy to break into. According to one account on Computer World’s site, "Rather than focusing on the volume of defacements, the Defacers Challenge is set up to reward the skill of malicious hackers who can compromise systems running less prominent operating systems, including Apple Computer Inc.’s Mac OS and Unix variants such as IBM’s AIX and Hewlett-Packard Co.’s HP-UX."
While Windows sites are worth one point, OS X-served sites are worth up to five points.
There is no way to be completely secure from an attack — simply by having your computer turned on and connected to the Internet (as many of us are now with our 24-hour broadband connections) opens us up to danger. But according to Apple and some of the discussion going on about the coming contest, there are some things you can do to protect yourself.
Change your passwords often and create them using both letters and numbers.
Make sure your software is up to date. If your Software Update preference pane is not set to check for updates regularly, check to see if Apple has made some patches available. Apple also maintains a page on security updates on its Web site. The company also has a page on how to report security problems and how to sign up for security notifications..
Turn on your firewall.
Turn off personal file sharing and Web sharing in the "Sharing" preference pane.
Keep your important documents and information in an encrypted disk image. Here are Apple’s instructions on how to do it.
In OS X 10.1 and later, you can turn on Open Firmware Password Protection, which will block the ability to use keys to do things at startup like starting from a CD-Rom, a NetBoot server or FireWire Target Disk Mode. It also blocks the ability to start up in single-user mode.
If you get an e-mail from eBay or PayPal telling you they need to update your records, so "click here" to do it — don’t. This is a common — and easy — ploy for hackers to get your information. Although it’s not easy to figure out where to send such things to eBay or PayPal to let them know of the schemes, they will never send you such an e-mail asking you to enter your personal information like that.
Short of turning your computer off (and who wants to do that when you have a Mac), there is no way to be 100 percent safe. Some of the people who will be competing in Sunday’s contest are very creative people who probably could do a lot to further the world’s knowledge if they used their brains in more constructive ways.
We shouldn’t let these things put us in panic mode or lead us to cut off all contact with the Internet or the places we frequent. No, much like terrorism, that would be letting them win, wouldn’t it?
But it also doesn’t hurt to prepare a little bit.