Welcome Hacker News, Slashdot, DF and TechMeme. Be sure to read the follow up post on "What Good Fraud Detection Looks Like."
欢迎Hacker News,Slashdot,DF和TechMeme。 请务必阅读的随访后的“有什么好处欺诈检测的模样。 ”
So Apple is America's most valuable company. They are, like everyone else, betting the company on the cloud. You may be familiar with the cloud, as it's where all your valuable stuff is. The stuff that you may lose access to at any moment.
因此,苹果公司是美国最有价值的公司。 像其他所有人一样,他们将公司押在云上。 您可能对云很熟悉,因为云是您所有有价值的东西所在。 您可能随时无法访问的内容。
The most valuable companies have your valuable data in the cloud. We may think the cloud is decentralized, but it's not. It's totally centralized. All the valuable data is now in one place with one password that's connected to your one bank account. We've centralized and simplified fraud and the public pays for it.
最有价值的公司会将您的宝贵数据存储在云中。 我们可能认为云是分散的,但事实并非如此。 它是完全集中的。 现在,所有有价值的数据都放在一个位置,只需一个密码即可连接到您的一个银行帐户。 我们已经对欺诈进行了集中化和简化,公众为此付费。
I've got email in Gmail, Music in Spotify, files in DropBox, documents in SkyDrive, photos in Flickr, and media and Apps in the Apple Cloud.
我有Gmail中的电子邮件,Spotify中的音乐,DropBox中的文件,SkyDrive中的文档,Flickr中的照片以及Apple Cloud中的媒体和应用程序。
I got this email out of nowhere yesterday.
昨天我从哪里收到这封电子邮件。
Dear Scott Hanselman,
Your Apple ID, scott@hanselman.com, was just used to purchase 明珠三国OL from the App Store on a computer or device that had not previously been associated with that Apple ID.
If you made this purchase, you can disregard this email. This email was sent as a safeguard designed to protect you against unauthorized purchases.
If you did not make this purchase, we recommend that you go to iforgot.apple.com to change your password, then see Apple ID: Tips for protecting the security of your account for further assistance.
Regards,
Apple亲爱的斯科特·汉瑟曼, 您的Apple ID scott@hanselman.com仅用于在以前未与该Apple ID关联的计算机或设备上从App Store购买明珠三国OL 。 如果您进行了购买,则可以忽略此电子邮件。 发送此电子邮件是为了保护您免遭未经授权的购买。 如果您没有进行此项购买,建议您访问iforgot.apple.com更改密码,然后参阅Apple ID:有关保护帐户安全的提示,以寻求进一步的帮助。 问候, 苹果
After confirming the email path via headers and checking all the links as well as the HTML source of the email (seriously, you expect my Mom to do this?) I decided it was legit.
通过标头确认电子邮件路径并检查所有链接以及电子邮件HTML来源之后(很严重,您希望我妈妈来做这件事?),我认为这是合法的。
The phrasing of this email is irritating and wrong-headed. Here's why.
这封电子邮件的措词很烦人,而且措词错误。 这就是为什么。
- They know it's a device they've never seen before. 他们知道这是他们从未见过的设备。
- They let it happen anyway. 他们还是让它发生了。
They tell me it's for my good in a self-congratulatory way.
他们以一种自我祝贺的方式告诉我,这对我有好处。
This email was sent as a safeguard designed to protect you against unauthorized purchases.
发送此电子邮件是为了保护您免遭未经授权的购买。
- But, if I didn't make this purchase, rather than a Dispute button or Fraud link, they recommend I change my password. 但是,如果我没有购买,而不是“争议”按钮或“欺诈”链接,他们建议我更改密码。
Stunning.
令人惊叹。
I changed my password and went into the Apple Cloud of past purchases via the App Store. Note that it's "Not On This iPhone." It's actually not on any of my devices, because I never bought it.
我更改了密码,并通过App Store进入了以前购买的Apple Cloud。 请注意,它是“不在此iPhone上”。 实际上,它不在我的任何设备上,因为我从未购买过它。
If you look at the App, you'll note that it's got a sudden rash of negative reviews from folks who have apparently also been hit by this issue. Someone buys this app (no idea how) and then uses in-app purchase to steal money.
如果您查看该应用程序,您会注意到它突然遭到了很多人的负面评价,这些人显然也受到了这一问题的打击。 有人购买了此应用程序(不知道如何购买),然后使用应用程序内购买来窃钱。
The part I can't get my head around is this. My password is/was rock solid. I use a password manager, my passwords are insane and have high entropy. Not to mention that Apples knows what devices I have and still allowed the purchase.
我无法理解的部分是这个。 我的密码坚如磐石。 我使用密码管理器,我的密码很疯狂并且具有很高的熵。 更不用说苹果知道我拥有什么设备并且仍然允许购买。
Next, I got a Paypal Email thanking me for my $40 purchase from Apple. As an interesting data point, I haven't received an iTunes receipt for these illicit purchases.
接下来,我收到一条Paypal电子邮件,感谢我从Apple购买的40美元。 作为一个有趣的数据点,我还没有收到关于这些非法购买的iTunes收据。
Instead, I look in iTunes. Odd that we have to go into iTunes to see purchase history instead of a website.
相反,我在iTunes中查看。 奇怪的是,我们必须进入iTunes以查看购买历史记录而不是网站。
And there they are. A whole series of in-app purchases for an App I don't have on a phone that doesn't exist.
他们在那里。 我在不存在的手机上没有的应用程序的整个应用程序内购买系列。
I looked into Recent Purchases on my phone and found a bunch of music and videos I never purchased either.
我在手机上查看了“最近购买的商品”,发现一堆我从未购买过的音乐和视频。
Another data point is that the error I get is "This Apple ID has been disabled," NOT "This Apple ID has been disabled for security reasons." Just search around. Everyone has had this problem. Some folks have told me they reset their password every time they buy an app! Others have just given up. We'll never see this fixed until Gruber gets the error.
另一个数据点是,我得到的错误是“该Apple ID已被禁用, ”不是“出于安全原因已禁用此Apple ID。 ”到处搜索。 每个人都有这个问题。 有些人告诉我,他们每次购买应用程序都会重置密码! 其他人刚刚放弃。 在Gruber收到错误之前,我们永远不会看到此修复程序。
According to iTunes I've got 479 apps. I've got movies, TV shows, and music. All this is in the Cloud. You know, that amazing thing where all our stuff is stored so we can get to it from anywhere? The Cloud where everything is moving towards, that utopian future where there's no DRM and unlimited storage. Freedom, commerce, and media for all. Except I can't access the cloud. And I have no idea how to fix it.
根据iTunes,我有479个应用程序。 我有电影,电视节目和音乐。 所有这些都在云中。 您知道吗,那惊人的东西存储了我们所有的东西,以便我们可以从任何地方访问它? 一切都将朝着云发展,没有DRM和无限存储空间的乌托邦式未来。 人人享有自由,商业和媒体。 除了我无法访问云。 而且我不知道如何解决它。
Protect your neck, Dear Readers. For now, today, I am here and my things are in the cloud and never the twain shall meet.
亲爱的读者,保护好脖子。 就目前而言,今天,我在这里,我的东西在云端,永远不会有二人相遇。
If you have stores about fraud or hacking, tell me your stories at http://myappleidhasbeendisabled.tumblr.com
如果您有关于欺诈或黑客的商店,请在http://myappleidhasbeendisabled.tumblr.com上告诉我您的故事
翻译自: https://www.hanselman.com/blog/welcome-to-the-cloud-your-apple-id-has-been-disabled
2万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
