What Web Surfers Can Find Out About You 234
cweditor writes in with an updated version of a story the likes of which you might have read before, What the Web Knows About You. But reporter Rob Mitchell found out vastly more about himself (his research subject) online than he could have even a year or two ago. The big difference is that state and local governments are putting online digitized records, often with Social Security numbers and other personal details intact. Mitchell ends by questioning how much good it does for banks or credit card companies to require 4, 5, or more independent identity "factors" before providing access to account details, when most or all of the factors they request can be found online about nearly anyone.
CWEditor can grab a spoon and eat my ass (Score:0, Informative)
Stupid Slashdot. (Score:5, Informative)
<Page 1>
Why
Cant
You
<Page 2>
Provide
A
Link
<Page 3>
So
Everything
is
<Page 4>
on
One
Page?
how abut a link here [computerworld.com]
Re:ID information available to the public (Score:3, Informative)
Just make an answer up (Score:3, Informative)
Re:pipl (Score:3, Informative)
Not surprising in the least. There are many of these services online and the free ones are little more then goggling your own name if anything.
OTOH there are pay services like lexis.com and others that i used to use in my skip tracing days. Now with nothing more then a name and a county i could usually get everything from SSN's to VIN numbers of cars you have/do own. DL number's phone number's (including potentially unlisted). Hell itll tell me if your married divorced (with links to the pdf's of the court papers if available). Employment history (with a list of associates employed at the same places around the same times as you.
About the only thing it wont tell me is your dog's name so there is no surprise to me.
I dont even have to go online to find out your address and phone numbers. If i know what kind of car you drive. Chrysler has an 800 number that you put in the first 5 digits of the last name and it will give me address and phone number on record...
Re:ID information available to the public (Score:1, Informative)
Why can't I use my own security question and pick something that I actually am one of the few people that know (me and maybe my wife or something)?
A while back, a friend of mine was running a student forum, which used ID numbers as a login, and allowed people to set their own question for password resets. He was having a serious problem with people claiming their accounts were being broken into. After a while, he noticed that only men were complaining. He ran a script to pull out the answers to the security questions, and found that 20% of the answers were "8 inches".
Re:Multi-Factor Authentication (Score:3, Informative)
Re:Times Changes (Score:2, Informative)
Re:It's worse than that (Score:3, Informative)
Oh, don't be like that.
Let me give you an example. When I got my American Express corporate card, part of the activation process was to create a PIN. The process is done through a voice menu system. The message suggests that you use your mothers birthdate (month and day).
My intention was to make the PIN a random four digit string. Turns out the system would not accept a four digit string that was not a valid month and day. They actually had software in place to make sure you didn't pick the 32nd of Grune.
So, yeah, I am surprised that this system would accept a grandmother's middle name that included numbers and punctuation characters. Or a "first pet's name" of "Your mother was a hamster and your father smelt of elderberries". ("By the time I had finished calling him in to dinner, he starved to death." But I digress.) Or that it didn't bother to check that my daughter's high school, hospital where she was born, and maternal grandmother were all coincidentally named "none of your damned business, monkey boy". [1]
I half expected to see the message "That name is not valid. Your grandmother's middle name must match an entry in 'The perfect book of baby names'. Available on Amazon." Or, more likely, get an email from the bank something to the effect "Our IT department does not appreciate your thoughts on their personal habits. You will have to re-enter your personal information to access your account."
[1] None of those are the real passphrase, of course.
Re:Bad News (Score:3, Informative)