| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by madcadmium 808 days ago
	It's in the article: > Ken didn’t know it when all this was happening (and it’s not at all obvious from the Apple prompts), but clicking “Allow” would not have allowed the attackers to change Ken’s password. Rather, clicking “Allow” displays a six digit PIN that must be entered on Ken’s device — allowing Ken to change his password. It appears that these rapid password reset prompts are being used to make a subsequent inbound phone call spoofing Apple more believable.

1 comments

throw20240328 808 days ago

I did not see this when I read the article. Upon rereading it now, I see this:

> Update, March 27, 5:06 p.m. ET: Added perspective on Ken’s experience.

Internet archive confirms that this was the edit: The paragraph you quoted was added to the article the next day.

link

trompetenaccoun 808 days ago

Anyone who edits news articles, blog posts or such without clearly disclosing the edit immediately loses my trust. It's a huge problem these days where everything is online instead of in print, but most people do not want to take responsibility for sloppy research or misleading reporting. And that's part of the reason why there is so much misinformation, it sometimes comes from trusted sources too, not just anonymous social media users.

link

shkkmo 808 days ago

I agree with you.

However, in this case, the edit is disclosed at the bottom of the article. Do you think this isn't sufficient? Does the edit disclosure need to contain a link to a diff of the changes or does it need to be at the top?

link

tanelpoder 807 days ago

If you look into the edits in Wayback Machine, you see that previously, the "Ken's experience" was:

"Unnerved by the idea that he could have rolled over on his watch while sleeping and allowed criminals to take over his Apple account, Ken said ..."

Once the article was updated, the original sentence implying that criminals could take over your account while you are sleeping was completely rewritten to say the 180 degree opposite - completely reversing what the initial sensational content said. In reality it is not possible to accidentally hand over your account to attackers by accidentally tapping Allow on your watch in your sleep.

The update disclosure only says: "Added perspective on Ken’s experience."

link