Posted on 05/27/2015 5:39:48 AM PDT by the_boy_who_got_lost
What would you say if I told you I could get your Social Security Number if you gave me your name and birth date? And sometimes I don't even need your birth day.
How easy is it? How many people know your name and birth date? I imagine quite a few. And if you have your birth date available on Facebook, LinkedIn or any number of other services online which ask for and publicly display your birth date then A LOT more people have your birth date.
The second half of the equation is finding an online service which you have used which is also vulnerable to the exploit.
(Excerpt) Read more at linkedin.com ...
I have been contracted by several private companies to secure their web applications after I revealed that I could steel their customers SSN's.
I have been in contact with two government agencies trying to get them to listen.
The first told me to write a letter to a P.O. box with my concerns telling me I was crazy.
The other listened and told me they would take the concerns to their security team.
I've found the private sector very responsive and the government agentcies very lack luster (and frankly offensive.)
Momentarily I thought the title meant a submarine.
I believe all government, federal, state, and local have decided that if citezens have problems of any type, those citizens turn to government. Many do. Most do not, at least in the United States. Self sufficiency is indedependance, is freedom. Thus, the lack of interest in any true solution to all problems from gubmint.
If you want to get the bureaucrats’ attention, steal their SSNs and include in your correspondence with them.
I also thought the title meant a submarine at first.
Same here. Title looked like a submarine. I always thought the correct abbreviation for Social Security number was SSAN, as in “social security account number”.
I’ve thought about that...I also don’t want to go to jail for any length of time....or have to fight anything in court. I am broke enough as it is.
I recently discovered a mortgage company who was leaking the:
Full SSN, first and last name, home address, mailing address, bank and routing number if they has signed up for automatic ACH payments each month.
I could have made millions selling that data on the black market.
I did the honerable thing and reported it...and made a measly $5,000 in comparison. Now I’m glad for the money and a clear conscience.
I read about this hack today: http://apnews.myway.com/article/20150527/us-irs-breach-a05ef24734.html
I could have done that easy sneezy...it doesn’t take a whole lot of sophistication do run a scheme like that. There are plenty of smart programmers out there.
Sorry I had no idea that SSN might mean a nuclear sub.
Me too!
Was wondering how they get past all the security to get inside!
Then figure out how to operate the controls; then make it out to sea!
I always fake my birth date but I’ll tell you guys. I was born on May 29, 1976.
Or did I graduate high school on that date? Man, I hate getting old.
Me too. I thought, “Well, that would be interesting.”
If you have a federal student loan I CAN steal your SSN.
Here is one website that is vulnerable to the attack.
https://fafsa.ed.gov/index.htm
Before telling me to shut up that it wasn’t possible they told me to write a report up and mail it to:
FSAIC
Application Processing Concern
P.O 84
Washington D.C. 20044
This is one of several BIG sites that are vulnerable.
My birth day on facebook is not my real birth day. My daughter pinged me one day and said, “Today isn’t your birthday”.
i.e. the downside is that everyone is wishing me a happy birthday when it’s not my birthday. I don’t care.
Does your mortgage company know your real birth date?
Does your bank know your real birth date?
Do you have student loans?
Typically if you give your SSN you give your real birth date.
You might not use a bank, have a mortgage or ever has a student loan. But millions of people do or have had one or more. And millions of SSN’s are potentially vulnerable.
Mortgage companies, banks and loan companies/government entities are prime targets for hackers.
I have helped a few in this industry secure their sites after proving that I could steal their customers Social Security Numbers.
However many sites are still vulnerable. Including government sites.
LOL. Me, too. When I visited the Stennis, in port of course, they had removed the steering wheel. Navy tradition, I was told.
I just checked outside in the pool, and my submarine is still there. Whew!
Ditto.
So did I!
The Mexicans are such a trashy bunch, along my property I have picked up litter and twice picked up SS cards they had discarded.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.