But what happened to me exposes vital security flaws in several customer
service systems, most notably Apple’s and Amazon’s. Apple tech support gave
the hackers access to my iCloud account. Amazon tech support gave them the
ability to see a piece of information — a partial credit card number — that
Apple used to release information. In short, the very four digits that
Amazon considers unimportant enough to display in the clear on the web are
precisely the same ones that Apple considers secure enough to perform
identity verification. The disconnect exposes flaws in data management
policies endemic to the entire technology industry, and points to a looming
nightmare as we enter the era of cloud computing and connected devices.
-- Mat Honan
A key impact of CGNs [Carrier Grade NAT] is that if you want to trace back “who did that” you may need to have recorded not only an IP address and an accurate timestamp, but also to be able to provide the source port of the connection. Failure to provide the source port will mean that an ISP using CGN will not be able to do any tracing, because they will be unable to distinguish between hundreds of possible perpetrators.
-- Richard Clayton
to post comments)