An 'Ethical Hacker' On Protecting Your Identity 159
qwqwss writes "Canada.com is running an article by Terry Cutler, a 'certified Ethical Hacker', who wants to get the word out to people on protecting their identities from a growing number of risks. The piece covers shopping online, keeping your personal information contained, and avenues of inquiry if your identity is stolen."
Hiding your credit report (Score:5, Informative)
1-888-567-8688
Call this one number to opt out of all three bureaus. You can protect yourself from identity theft by taking your name off of the credit bureaus mailing lists. The credit bureaus are one of the biggest offender when it comes to selling your name and information to the credit card companies who in turn send you all those pre-approved applications. One call to the Opt Out Request Line (for Equifax, TransUnion, Experian and Consumer Credit Associates) is all it takes to permanently remove your name from all marketing lists that the credit agencies supply to direct marketers. You can also opt for a two-year period, renewing your request at any time in the future.
Identity theft certainly happens on the Internet, but it's the old-fashioned cons that usually get your SSN and such. Put your paranoia in the right place. Please.
Re:Hiding your credit report (Score:5, Interesting)
Seriously, it is so bogus that in order to "opt out" you have to hand over your personal info -- SSN, address, full name - to the very same people who are abusing that info in the first place. Somehow I just don't trust them to keep it safe and never figure out a new way to abuse it for their own gain.
A real opt-out list would be maintained by a 3rd party with contractual and legal penalties for distributing your personal info. Then the agencies would be required send their lists to the 3rd who would filter out the people who have opted out. That way, even if the agencies were to reverse engineer the list by comparing before-and-afters, they would not know anything about the people whom they missed because they were never on the first list, nor would they get any sort of corrective information (like updated address, corrected spelling of names, etc).
Hell, while I am dreaming, these lists would be opt-in to start with and we wouldn't have these problems.
Re:Hiding your credit report (Score:1, Informative)
I believe that they ask for that information for two reasons.
1. To keep people from being able to easily unsubscribe other people.
2. So that they can match future incoming data with records of who should be excluded to avoid accidentally re-including you when they are not supposed to.
Re:Hiding your credit report (Score:4, Interesting)
No, you are wrong.
I use a bogus name for my telephone directory listing (it is like getting an unlisted number, but better because it is free and it avoids having my real name on the "list of people with unlisted numbers"). I get tons of snail-mail marketing for this bogus person, I also get plenty of sales calls asking for this bogus person by name.
There is no way the credit marketing agencies are giving away this info because this person does not exist and the name was made up on the spot for the telephone listing - they certainly have no SSN and my real name is the one used for the bills so there isn't even any "credit history" to the name.
So you see, you are 100% demonstrably incorrect in saying that the sales contacts are due only to the credit marketing agencies. Even if this bogus person somehow did aqcuire an entry in their databases, there is no way for me to remove them because the person has no SSN to give them.
Re:Hiding your credit report (Score:3, Interesting)
I've done that [used a bogus name] and that name has gotten pre-approved credit card offers in addition to the other stuff you mention! Every time I see a story about ho
Re:Hiding your credit report (Score:2)
I used to work for a company called Acxiom [acxiom.com], and they are a good bet to be where this info came from. I used to work on a project where we got phone books from all over the
Re:Hiding your credit report (Score:5, Insightful)
Companies that do direct marketing send their lists in, and get them back without those persons who have opted out. They learn nothing new about you in the process, other than the fact that you've opted out.
For electronic marketing (email, sms, fax) it's opt-in rather than opt-out. In other words, they cannot legally do it unless you've given prior, informed consent to that. The logic is that this in this type of marketing, the recipient typically pays a large part of the cost. Marketers are less likely to abuse say paper-based marketing as that actually costs them to print and distribute. (compare the quality of the marketing in the average paper-based marketing and the average spam you receive to see what I mean..)
For unadressed "distributed to all" marketing there's a small sticker you can put on your mailbox, and you won't get any.
In short, you can eliminate receiving any marketing by following 3 simple steps:
Re:Hiding your credit report (Score:2)
I've often maintained the most powerful tool would be for ordinary citizens to claim copyrights on correlated collections of personal information. Then, individuals would be permitted to pursue all the penalties that the *AA organizations do for unauthorized distribution of Britney Spears songs and Owen Wilson movies.
Re: (Score:2)
Paranoia -- The Word
Paranoia is a term used by mental health specialists to describe suspiciousness (or mistrust) that is either highly exaggerated or not warranted at all. The word is often used in everyday conversation, often in anger, often incorrectly. Simple suspiciousness is not paranoia--not if it is based on past experience or expectations learned from the experie
Re: (Score:2)
Delusional Disorder
Psychiatrists make a distinction between the milder personality disorder described above and the more debilitating delusional disorder. The hallmark of this disorder is the presence of a persistent, nonbizarre delusion without symptoms of any other mental disorder.
Delusions are firmly held beliefs that are untrue, not shared by others in the culture, and not easily modifiable. Five delusional themes are frequently seen in delusional disorder. In some individuals, mo
Re:Hiding your credit report (Score:3, Funny)
Re:Hiding your credit report (Score:5, Informative)
However, it will not prevent the credit bureaus from selling your name and information to other companies for other reasons, and it will not hide your credit report from anyone.
Also, some credit companies don't use the big credit bureaus, and will instead compile information from other sources. If you have a home loan for example; your name, address and value of the loan are available at some county and state offices.
Re:Hiding your credit report (Score:3, Informative)
However, a few notes on the service:
1) It can easily take 6 months for a mailing list to be updated removing your address from it. This has to do with the frequency that mar
Re:Hiding your credit report (Score:4, Funny)
A: Hi! I'd like to open a line of credit.
B: What's your name.
A: John Smith
B: There are alot of John Smith's, could you be more specific?
A: John Smith from New York, New York.
B: Sigh. That doesn't really help.
A: Well, how then?
B: Give us a publicly known number that refers to you and you alone.
A: My Social Security Number is 012-34-5678
B: Fine. Now I need to prove I'm actually talking to John Smith, 012-34-5678
A: How?
B: Tell us a number that only you know and would never, ever, tell anyone else.
A: My Social Security Number is 012-34-5678
B: Meh, I guess that's good enough. Have fun with your new credit card.
Re:Hiding your credit report (Score:1)
(substitute SSN for luggage for more laughs)
Re:Hiding your credit report (Score:2)
Well, it is (sort-of) if you saw this movie [imdb.com].
Re:Hiding your credit report (Score:2)
Re:well.. (Score:5, Funny)
Re:well.. (Score:3, Funny)
Re:well.. (Score:4, Funny)
Re:well.. (Score:5, Funny)
Wrong title (Score:1, Troll)
I don't even have to read the article... (Score:5, Funny)
Re:I don't even have to read the article... (Score:3, Funny)
Re:I don't even have to read the article... (Score:2)
I hear ya, those are quite expensive. As the saying goes, "there is no such thing as a free ride"...
Re:I don't even have to read the article... (Score:5, Funny)
KFG
Re:I don't even have to read the article... (Score:1)
This article is too Canada-centric (Score:5, Informative)
Re:This article is too Canada-centric (Score:2, Interesting)
To those who haven't checked out this site: no matter the outcome, it's ~10 minutes very well spent. Check it out.
Re:This article is too Canada-centric (Score:2)
Equifax (Score:3, Interesting)
I got all of my reports except Equifax. The whole process fails when I get to them. Does this happen to anyone else. I think out of all the credit reporting agencies this one is the most difficult to deal with.
Of the three major credit report agencies, Equifax is the worst. Especially if you're trying to clean up your credit reports. Even if they're supposed to investigate and delete bad info if they ever get around to it they drag their feet to investigate. They're also supposed to allow you to write
Re:Annual Credit Report (Score:1)
Re:Annual Credit Report (Score:3, Informative)
One per year per agency. Get one from one agency every four months. If anything major happens, you can bet on it being in all three. Minor stuff, like addresses, etc are most likely what will differ from one agency to another and are not so urgent to get fixed.
Re:This article is too Canada-centric (Score:2)
Re:This article is too Canada-centric (Score:2)
Re:This article is too Canada-centric (Score:2)
I believe this one [annualcreditreport.com] is the official one. I got it from a reference I found on the FTC site [ftc.gov]. I've done it before, and is about time for another one...but, I think you only get one free one from each credit bureau annually.
Re:This article is too Canada-centric (Score:3, Informative)
Re:This article is too Canada-centric (Score:2)
If someone from your company pulled his credit multiple times, *you* did fuck him.
I don't want to be a killjoy, but... (Score:3, Insightful)
Re:I don't want to be a killjoy, but... (Score:4, Insightful)
Re:I don't want to be a killjoy, but... (Score:3, Informative)
Saboteurs install a small keycard reader right next to the keycard reader at the ATM's door, so when you slide your car to enter, both readers get it. Recommendation: open the door with any other card, since the reader only checks for a magnetic strip and not for a valid card.
As for keypads, they usually install a different keypad over the regular one, which logs key presses and also activates the regular keys, so you notice nothing. The newspaper once showed one of
Re:I don't want to be a killjoy, but... (Score:2)
Find where someone is installing a retail POS system. Many of them come with "test" credit cards. Installers just toss them in the trash. I have test Visa card in my car presently, as a matter of fact.
Re:I don't want to be a killjoy, but... (Score:2)
Never had to swipe a card just to get into a bldg. with an ATM in it. Heck, most of the ATM's I go to aren't indoors at all....they are on the outside wall of the bank. Many are in convenience stores or grocery stores too. Do they all have 'special' sealed buildings for ATM's in Argentina?
Re:I don't want to be a killjoy, but... (Score:2)
Re:I don't want to be a killjoy, but... (Score:2)
Yeah, I'd seen a thread like this before, and I think the conclusion was, this is mostly a geographical thing, at least in the US....they do them indoors a lot up north, due to the long term freezing weather....
Not so much a problem down here...
Re:I don't want to be a killjoy, but... (Score:3, Informative)
The device was a little over a half inch thick, and had a slot through which the card went. This device was placed over the normal ATM card slot. When you put your card in, it got read by the device, and the ATM sucked it in and read it there.
I found out from the bank that the PIN was read through a hidden camera nearby. The "nice" thing about a setup like this is that no change is made to the ATM itself. To add ins
Re:I don't want to be a killjoy, but... (Score:2)
That's why I specifically as for an ATM only card, I refuse to have a 'debit card'. With a true credit card, if stolen, you can report it and you are only liable for a small amount...with a stolen debit card...the money is GONE from your bank immediately, and stays gone till you can prove it is a criminal. I don't like that ascpect of it. I like to use cash when I have it, CC for when no cash on me (but pay off in full each month).
"2.S
Re:I don't want to be a killjoy, but... (Score:2)
No, I'm not talking about department store credit cards, I am talking about Visa, Mastercard, Amex...etc. And no, none of them require anyone taking one of their cards to request ID be shown. If a store accepting a major credit card, asks for ID, then it is the store's policy, not the major credit card companies'....
too much work. (Score:1)
Until the current standards change or are more rigorously enforced, Identity theft will remain one of our electronic cultures downfalls. And now that pandora's box has been opened on identity thef
This is pretty much what I do (Score:4, Informative)
a. shredding the account numbers and names/address on your bills or mail.
b. taking out the recycling only on recycle day, and making sure none of it contains identifying materials, but that all those are shredded and then mixed.
c. not taking too much ID with you.
And realizing that you're being phished. I learned a lot of techniques in the Canadian Armed Forces, when they would try to get information out of our systems by trying to pretend they were from someplace that just needed info, or wanted to verify something.
Never trust email, don't trust phoners, and never action things that you didn't originate.
And keep your hand over the other one (shading it) when entering your PIN.
Canada.com is a website for daily newspapers in Canada, FYI. Always right-click to inspect any links and ensure they go to the correct location before clicking them - and always use URLs you made yourself to access your banking and credit info.
Now, I've got an underwater tunnel to sell you if you don't want to follow that advice, and I'm sure other people will tell you about all the lotteries you've won, and how a rich religious minister left you money in [NAME OF COUNTRY]
Re:This is pretty much what I do (Score:2)
The grocery store I use has a very quick link to the network; using my card + pin is typically faster than handing the cashier cash and waiting for him to count change.
I even lost my card once (forgot to get it out of the ATM). Fortunatly I found out pretty quick, but the card was gone (the machi
Re:This is pretty much what I do (Score:2)
Well, there's a few good reasons. First, I've often seen banks that will give you 'free checking', no monthly or per check fees if you have direct deposit, and ONLY use ATM's. Basically they charge for human interaction.
Secondly...well, there's a pretty high danger of carrying large amounts of cash on you. You can lose it, but, more commonly, it is not a
Get your CEH creditial now! (Score:4, Funny)
How does one judge "ethical"? (Score:2)
Right and wrong are always blurred and I can't see how "ethical" can really be defined.
Re:How does one judge "ethical"? (Score:1, Funny)
Re:How does one judge "ethical"? (Score:2, Insightful)
It's about predictability. I have friends with a different standard of ethics than I do, but that's ok, if I know what it is, I can know what to trust them with.
Not a conclusive definition, but that's a fair part of how I assess ethics.
Re:Get your CEH creditial now! (Score:2)
Re:Get your CEH creditial now! (Score:2)
certifed ethical hacker (Score:3, Insightful)
Apparently, 'certifed ethical hacker' is an actual cert one can get. But I don't think I would the term 'hacker' to appear anywhere on my resume. Unless I was trying to get a job with some black hat pseudo legal firm...that'd been sweet.
I've never heard of any certification for ethical hackers before reading this article. What organization issues the cert? Once upon a tyme I read about the Model Railroad Club at MIT, the WOZ, and others and I wanted to be a hacker like them. Alas back then adjective "
Re:certifed ethical hacker (Score:2, Interesting)
CEH = bogus cert (Score:3, Informative)
Anyone can pick up a book and learn how to run vuln scanners or use prepackaged exploits.
If people want to go to some real security training, I recommend http://www.immunitysec.com/education-overview.shtm l [immunitysec.com]
Dave Aitel is both technically brilliant and incredibly funny - a rare combination.
Re:Get your CEH creditial now! (Score:3, Insightful)
I've actually taken a CEH prep course, but that was because my boss had been pressuring me to take a class, and it was a week away from work paid. The information it covers is very basic, the vast majority of it is based on the "tools" used. They spend a bit of time covering how you're supposed to operate as a CEH, but there's so much material that even with
Buy a shredder (Score:4, Funny)
Just don't ever allow your kids to shred anything, even once. If you do, you may find yourself re-filling your taxes, one piece of sellotape at a time.
Re:Buy a shredder (Score:1)
I know my own mom would dearly like to get her watch back.
KFG
Re:Buy a shredder (Score:5, Informative)
Just don't ever allow your kids to shred anything, even once. If you do, you may find yourself re-filling your taxes, one piece of sellotape at a time.
Or have a bunch of fanatic Iranian students [thememoryhole.org] do it for you. I have a copy of Documents From the US Espionage Den, volume 5 [6 MB PDF] [thememoryhole.org] that is a quite good illustration of why US embassies have been incinerating and not shredding their paper waste since 1979.
Online identity theft = FUD? (Score:5, Insightful)
I have a feeling that the mjaority involvement of the internet in these crimes is as a vehicle for the transmission or cracking or databases made available by poor security practices.
Re:Online identity theft = FUD? (Score:1, Insightful)
Re:Online identity theft = FUD? (Score:4, Informative)
100% of the identity theft cases and about 30% of the fraud cases I've helped out with or heard of were not due to any use of the Internet (even though many of the unapproved charges were made to Internet resellers). Disgruntled/dishonest employees, ex-spouses and boyfriends/girlfriends, and neighbors/acquaintances are, in my experience, the top three perpetrators of identity theft. Then there are the randoms: the car salesman that puts through auto loans in other customers' names; the 'crew' that dumpster-dives tax preparation offices and then sells the identities to illegal immigrants.
If you are reasonably careful and avoid 'risky behavior' on the Internet you are fairly safe from fraud and identity theft. Never give your SSN or birthdate to anyone over the phone, and only the bare minimum as absolutely required on a face-to-face basis (i.e. banks, financial institutions, employers, medical as needed for insurance processing). For anyone else, just make up a SSN and birthdate: there's no point in arguing with people too stupid to understand that there's no legitimate use for that information.
Never pay for anything by check. ACH fraud is trivial and is probably the most common scam because of the lack of controls and authentication. It can also be the most damaging because, unlike credit-card fraud, the money is gone from your account and you have to convince the bank to put it back. Any organization with either an ACH merchant account with a bank or via one of hundreds of ACH 3rd-party processors can take money from any US bank account with nothing more than your bank's routing number (public information) and your account number (printed on every check). I have been hit with ACH fraud a few times and now order only a one-year supply of checks and then open a new account when the checks run out.
When paying on-line or over the phone always use your credit card company's 'temporary account number' service. These are time-limited and, optionally, amount-limited account numbers that do not reveal your permanent credit card number. You can set limits for how long they are valid (from one month to one year) and how much total can be charged. Most MasterCard and Visa providers offer this service. You have to be Internet-connected to generate a new number. (American Express pioneered this service but then discontinued it shortly before introducing their enhanced security service, for an extra fee). An added benefit is if someone does make fraudulent use of the temporary account number you know who is at fault for leaking your information.
If you have the ability, use a separate e-mail address for each financial institution and each vendor you use. If you have your own domain name you can usually configure "catch-all" email forwarding so any incoming email without a matching mailbox gets forwarded to a specific address. This helps identify phishing attempts because you will see email supposedly from, e.g., Citibank Security come into your "ebay@example.com" address instead of the proper "citibank@example.com" address. An added benefit here is being able to identify who is selling your email address (surprisingly, very few).
And if you deal with illegal, semi-legal, illicit or other fringe sites (porno, high-yield investing, paid-to-surf/email, Ponzi, pirate software/music/video/games, or an
Re:Online identity theft = FUD? (Score:2)
My bank (a rather large one) was hacked. Later, that information was used in connection with the Russian mob to commit internet fraud.
And my bank has not been the only one out there that has been hacked.
Re:Online identity theft = FUD? (Score:2)
If you have not already
Get a Prepaid Master Card (Score:3, Interesting)
Re:Get a Prepaid Master Card (Score:1, Insightful)
Re:Get a Prepaid Master Card (Score:2)
Or just use cash. You know, the green rectangular pieces of paper and the small round metal things ?
Re:Get a Prepaid Master Card (Score:2)
You poor bastard, sharing the face of a known insurgent and terrorist :(. Maybe you should consider plastic surgery, least you get confused with this infamous rebel who used tactics of harassment and attrition and kept his troops hidden - a strategy favored by terrorists !
Yes, this infamous leader of the treacherous insurgency which murdered several British soldiers - wait, you use dollars so you're an American, so
similar tips for highly mobile (homeless) people (Score:3, Informative)
-Jon
Re:similar tips for highly mobile (homeless) peopl (Score:2, Funny)
Simple: post AC! (Score:5, Insightful)
Re:Simple: post AC! (Score:1, Interesting)
The reason the Anonymous are cowardly is because they refuse to show even their funny little cyber-nicknames when they post vitriolic comments. They don't want to be known because they usually know they are wrong, and will lose karma. Some cowards are very funny however and get modded up considerably. I suspect taco and others post anonymously, don't you?
Re:Simple: post AC! (Score:1)
And others are reluctant to let the world know that, let's see, from two randomly picked comments of yours, you think "pacifism and veganism" are "philosophically flawed nonsense" and you want Pluto to be considered a planet because you don't know how to pronounce "Quaoar". Well, I must say I agree with you on both counts, but sometimes one wants to make a controver
Re:Simple: post AC! (Score:2, Interesting)
Ah but you see, that's exactly what cowardice is
Use Virtual Credit Card Numbers (Score:5, Interesting)
Re:Use Virtual Credit Card Numbers (Score:3, Informative)
Re:Use Virtual Credit Card Numbers (Score:2)
I found out the hard way that my bank doesn't do that - I was off by one cent (typo), so I had to update the amount again and resubmit the order.
Mind your language please (Score:1, Insightful)
world is changing, Slashdot too.
But I object to the phrase "Ethical Hacker"
Kudos to the ed/poster who placed it in quotes, but personally I would have dropped the qualifying word.
I never knew a genuine hacker who wasn't deeply ethical, even the mischievous ones up for cracking and pranks.
To propagate this newspeak merely reinforces unfounded prejudices and panders to the frightened powers and ignorati.
"Contained" (Score:2, Insightful)
Last week, I tasked myself with determining ways to contact 72 Slashdot users. (People who'd responded to a subset of my journals in the past.) I found email addresses for fifty of them, instant messenger IDs for three others, profiles in other communities for five of them, and other ways to contact all the rest but four. That's a success rate of 94%. Oh, and I didn't spend a cent on acces to databases. Google and WHOIS was sufficient for most of them.
My recomm
Re:"Contained" (Score:2)
You can correlate my identity across the net... so what? And you have your email address publicized in your comment, so I could contact you without going to a WHOIS site or even Google.
So what's your point?
All about credit (Score:3, Interesting)
In fact, I had a company (BellSouth Advertising) screw up my business listing badly last year. They published my store hours saying that we were closed a day that we're not. I never signed off on that ad. As a result, business is slower that day. Of course, BellSouth Advertising is giving me some bullshit about "you signed off on the previous year, and it says in fine print that if you don't sign off for the next year, that we can still bill you, blah, blah, blah". I told them that I don't pay for anything that I don't agree to, and I certainly won't pay for an ad that hurts my business. They call every few days, and all they can threaten me with is that they'll ding my credit rating. I just smile and say, "that's fine. I'm still not paying."
That's REAL freedom. I'm not beholden to ANYBODY, from a financial standpoint. How many people in the US today can say that they're financially free?
I call B.S. ..... (Score:3, Interesting)
worrying about id theft (Score:2)
Let's be honest. "Identity theft" is only about the precious "credit rating". "Credit ratings" are useful, true, but they're waaaay overused, primarily because people tend to live faaar beyond their means. A credit rating can only be held over your head if you insist on living on credit. The simple fact of the matter is that by avoiding using credit you don't really have to worry about "identity theft"
If only this were true but it's not. Even if you're careful and watch your spending, say you have a sma
Re:All about credit (Score:2)
Re:All about credit (Score:2)
That's fine and everything. I agree with you; don't have any credit cards, buy cars with cash, only use my Visa check card to make purchases with money I have in the bank. But what about when I want to buy a house? Mos
Fool Me Twice (Score:1)
Let us analyse this boobytrap shall we ?
"Certified" -- Here we have the Welcome Mat, designed to make us feel comfortable & willing to continue.
"Ethical" -- Ah, we find outselves Tempted By Cheese sitting on the welcome mat.
"Hacker" -- And here we have, the 10 Ton sandbag hanging above the welcome mat, if you look closely, you can see the fishing line that holds the bag above the mat going through a series of pullies & eventually running under the mat.
ph1rst of 4ll (Score:1)
LOL @ CEH! (Score:2, Insightful)
"Ethical Hacker" (Score:1)
The ones who help other people are ethical. The ones who try to fuck other people over are not.
Calling yourself ethical doesn't make you that. It's your deeds that determine whether or not you're ethical.
LK
Ethical Hacker(tm) Certification, only $29.95 (Score:2)
1. Certificate of Authenticity
2. Certified Ethical Hacker Mug
3. Paper bag to hide your face from your friends and loved ones.
Re:Ethical Hacker(tm) Certification, only $29.95 (Score:2)
Do not, I repeat, do not create eye holes in a paper bag with scissors or a knife while still wearing the paper bag.
All bags are made from the highest quality unbleached organically grown paper cut with no old growth material and 95% post consumer recycled paper.
All your details are belong to us!! (Score:2, Informative)
Information security has only reached its peak in the last couple years. Prior to this, it was pretty lax especially during the height of companies outsourcing their call centers to foreign lands an
Look what I can do! (Score:2)
Woo hoo! Look at me...I'm parroting back a little bit of information, containing nothing new whatsoever in depth or breadth of scope, about protecting your identity!
(yawn)
New technologies == Trouble (Score:2)
Good question. If you give information to a third party, what are your privacy rights concerning that? In some cases, that's pretty clear. If I give my credit card to a store clerk, it's implied that he will not give it to anybody else but the card company.
But there are many instances where we presume a right that others may consider subject to interpretation. "Is Jack Brown here?" -- "Let's see. Sure, his key is here". Perhaps Jack Brown would o