Hacking at Apple Stores

Data security is one of my favorite subjects… and I’m always amazed at how careless some people (and major corporations) are with their digital identities.

I recently did a simple, non-scientific study at the local Apple Store. No elite hacking skills are needed (that’s L337 for you H4X0R5). Walk to any computer and pretend to be familiarizing yourself with the user interface. Load the Safari browser and check the History menu. You’ll immediately find a list of recently accessed websites. Usually this list is full of webmail visits: every computer at an Apple Store is internet enabled and people love to take advantage of Apple’s friendly, air-conditioned stores to check their email, blogs, bank accounts and even iWeb profiles.

Most of them forget to logout or clear the browser’s cache. Simply select any address from the history list and Safari will take you there. Most of the times you’ll still have access to a user’s account. On my last visit to the Apple Store I was able to access a webmail account on one iMac, a Hotmail account on another and a complete iWeb profile on a third one (this one even included an easy to click desktop icon to access the user’s account).

But the most shocking was the one that prompted this article in the first place: a security company’s confidential PDF document. Right there on the Mac’s desktop, below the hard drive icon, stood a lonely Adobe PDF file. Out of curiosity I clicked on it and found a one-page document addressed to a high-level executive at a very high profile international security firm from a market leading auditing firm. I’d hate to have this firm in charge of my personal security.

It’s been said that the definition of privacy is a situation in which we’re able to spy on our peers but refrain from doing so. I agree, but I certainly don’t live my life as if that Utopian statement is true. It’s most certainly a great starting point to begin discussing privacy issues and policy, but don’t go around believing it’s the way the world works.

Unfortunately, common sense is not at all common. If you feel the need to check your webmail, work mail, bank account or whatever on a public computer (which I highly discourage), at least make sure you logout, clear the browser’s history cache and delete any temporary files after you’re done. It’s really the least you can do.

What do you think? Have any careless-user stories to share? Leave a comment, let me know.