How I Stole Someone's Identity in Security http://www.dslreports.com/forum/r20979059 en Wed, 11 Nov 2009 12:47:02 EDT Wed, 11 Nov 2009 12:47:02 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20992379 tempnexus :
said by Traker1001 :

I confirm, because none of it is information I deem to be personal. I am not concerned that you find this info, Otherwise I wouldn't of put it out on the web in the first place. And, I am not impressed that someone can use a search engine. In fact I wish there were more people capable of using a search engine.
Did not devote more then 5 minutes to it. So yeah just a 5 min search engine, I was not data minning you, just showing how much just google can reveal. Believe me, if I wanted to get more info I would. (and you can prob do the same). But there is no need since you have done nothing wrong.]]> http://www.dslreports.com/forum/remark,20992379 Fri, 22 Aug 2008 19:07:49 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20992158 anon : I confirm, because none of it is information I deem to be personal. I am not concerned that you find this info, Otherwise I wouldn't of put it out on the web in the first place. And, I am not impressed that someone can use a search engine. In fact I wish there were more people capable of using a search engine.]]> http://www.dslreports.com/forum/remark,20992158 Fri, 22 Aug 2008 18:15:17 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20989160 mikenolan7 : We have a real life example of personal information mining making big news right now. The IOC has now requested that the gymnastics federation launch an investigation into the ages of several Chinese gymnasts.

"Hackers have unearthed more compelling evidence that China's dual-gold medal winning gymnast He Kexin is underaged and should have been barred from competing at the Olympics."

"A US-based internet security consultant and part-time hacker calling himself "Stryde Hax" has trawled through the search results on Google, Google China and the Chinese search engine Baidu, unearthing numerous examples of cached official Excel spreadsheets showing He Kexin listed as being born on January 1, 1994..."

»www.smh.com.au/news/gymnastics/u···664.html]]> http://www.dslreports.com/forum/remark,20989160 Fri, 22 Aug 2008 08:39:25 EDT Re: Time for a CAC? http://www.dslreports.com/forum/remark,20988133 tempnexus :
said by Traker1001 :

All that generic semi-accurate information from one nick search.

Yes, Yes, Sort-of, Not anymore, No - Some other traker1001 (another tidbit for the search - Will not use online insurance companies and never will.), Yes, sold the acer for another M1330. Any more semi-accurate outdated info you can find?

Oh BTW, Just
mostly guessing and you confirmed the guess]]> http://www.dslreports.com/forum/remark,20988133 Thu, 21 Aug 2008 23:07:10 EDT Re: Time for a CAC? http://www.dslreports.com/forum/remark,20988018 anon : All that generic semi-accurate information from one nick search.

Yes, Yes, Sort-of, Not anymore, No - Some other traker1001 (another tidbit for the search - Will not use online insurance companies and never will.), Yes, sold the acer for another M1330. Any more semi-accurate outdated info you can find?

Oh BTW, Just ]]> http://www.dslreports.com/forum/remark,20988018 Thu, 21 Aug 2008 22:43:21 EDT Re: Time for a CAC? http://www.dslreports.com/forum/remark,20987839 tempnexus :
said by Aidens Daddy See Profile :

I am not promoting, more so suggesting. Maybe a smart card / CAC would help? I use it for everything from signing into my computer, signing/encrypting e-mail, accessing websites, etc. The down side is getting everybody on board, expense, etc. It is also 'big brother' like.
CAC is DoD many users aren't

However a two factor dongle would be great]]> http://www.dslreports.com/forum/remark,20987839 Thu, 21 Aug 2008 22:12:25 EDT Time for a CAC? http://www.dslreports.com/forum/remark,20987758 Aidens Daddy : I am not promoting, more so suggesting. Maybe a smart card / CAC would help? I use it for everything from signing into my computer, signing/encrypting e-mail, accessing websites, etc. The down side is getting everybody on board, expense, etc. It is also 'big brother' like.]]> http://www.dslreports.com/forum/remark,20987758 Thu, 21 Aug 2008 21:56:24 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20987212 raythompsontn : Yep. Do you count customers, or institutions? The institutions that I use (3 banks and an investment broker) do not allow address changes via the web site. And I personally think that is the correct approach.]]> http://www.dslreports.com/forum/remark,20987212 Thu, 21 Aug 2008 20:13:25 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20987095 tempnexus :
said by traker1001 :

Ok, raythompsontn, give me your name and address, the check will be on its way ;D.
Hmm Traker1001?
Let me guess, male,IT professional for the past 16 years , living right outside of Springfield Missouri city limits since early 2007, Greene County recently had trouble with her GMAC insurance.
Good with IT security but sucks in every day security like locking house doors and his trucks car doors.
OH and how is your ACER small form factor media center doing?

Ok that was in 5 min ]]> http://www.dslreports.com/forum/remark,20987095 Thu, 21 Aug 2008 19:46:48 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20987054 dentman42 :
said by raythompsontn See Profile :

said by nil See Profile :

Most online banking applications would allow you to change an address and have a new debit card issues as well.
I would counter that most DO NOT allow you to change your address. I use three banks and none of them allow me to change the mailing address.
I just logged into Chase and I've got a form up allowing me to change my mailing address and phone number. I'm not sure what verification would be in place if I would change it, but since I don't want to change it I'm stopping here. However, Chase is one of the largest banks and credit card issuers. I'm pretty sure BofA has the option as well.

Whether or not "most" banks allow online address changes, if the top 2 or 3 do that covers a large number of accounts.]]> http://www.dslreports.com/forum/remark,20987054 Thu, 21 Aug 2008 19:37:51 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20986991 dentman42 :
said by Link Logger See Profile :

Want to give me a chocolate bar for my password, sure but how are you going to check what I gave you as by the time you find out I gave you a bogus password, I'll have already eaten the chocolate bar.

Blake
If the password you gave me doesn't work I don't give you the antidote for what was in the chocolate. :D]]> http://www.dslreports.com/forum/remark,20986991 Thu, 21 Aug 2008 19:26:06 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20984483 anon : Ok, raythompsontn, give me your name and address, the check will be on its way ;D.]]> http://www.dslreports.com/forum/remark,20984483 Thu, 21 Aug 2008 11:37:18 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20984279 CylonRed : Now I have more firepower to hate blogs - I never do blogs and will never do blogs. Lack of security on some of the email accounts is unbelievable.
--
Brian

It drops into your stomach like a Abrams's tank.... driven by Rosanne Barr...]]> http://www.dslreports.com/forum/remark,20984279 Thu, 21 Aug 2008 11:01:42 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20983965 MyDogHsFleas : Yes of course you should make your logins hard to crack, you should use encryption, you should practice safe computing re viruses and malware, you should not use public PCs to log into bank accounts, you should shred your paper, etc. etc. But all of this is really just hygiene.

What you really need to do is to CHECK YOUR ACCOUNTS OFTEN (I do it daily). That way, if anything suspcious happens, you can catch it right away.

I'm always surprised that no one gives this advice, they all focus on how to stop the flow of information outwards. This is like telling people that the way to be healthy is to wash your hands and brush your teeth. Yes, that helps, but really you have to go to the doctor and be checked periodically. You have to look at the actual source of the problem, which is the money in your accounts.]]> http://www.dslreports.com/forum/remark,20983965 Thu, 21 Aug 2008 09:54:23 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20983586 raythompsontn :
said by nil See Profile :

Most online banking applications would allow you to change an address and have a new debit card issues as well.
I would counter that most DO NOT allow you to change your address. I use three banks and none of them allow me to change the mailing address.]]> http://www.dslreports.com/forum/remark,20983586 Thu, 21 Aug 2008 07:45:28 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20983582 raythompsontn : All electronic transactions between banks are traceable. I also find nothing on my banks (three of them) where I am allowed to authorize an electronic transfer to another bank. I can do bill pay but that again involves a check or electronic transaction, both traceable, and most importantly, reverseable.]]> http://www.dslreports.com/forum/remark,20983582 Thu, 21 Aug 2008 07:43:33 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20983240 Link Logger : I never use real information for those questions (plus I can't remember how to spell my mother's maiden name), as really those questions are just another place to put a password and yes you need to remember it or mark it down and store it in a secure way.

Want to give me a chocolate bar for my password, sure but how are you going to check what I gave you as by the time you find out I gave you a bogus password, I'll have already eaten the chocolate bar.

Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool]]> http://www.dslreports.com/forum/remark,20983240 Thu, 21 Aug 2008 02:27:37 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20982471 nil : Having online access would enable someone to say, authorize the account for transfers from another bank (most common method is to verify a couple small deposit amounts therefore proving access to the account). Transfer money through an non-US based bank.. and tracing would not be simple.

Most online banking applications would allow you to change an address and have a new debit card issues as well.

--
Life is too short to be boring]]> http://www.dslreports.com/forum/remark,20982471 Wed, 20 Aug 2008 22:21:08 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20982404 devrandom : This reminded me of something Bruce Schneier posted awhile back (in 2005), so I went to hunt for it.

»www.schneier.com/blog/archives/2···_th.html

said by FTA :
The point of all these questions is the same: a backup password. If you forget your password, the secret question can verify your identity so you can choose another password or have the site e-mail your current password to you. It's a great idea from a customer service perspective -- a user is less likely to forget his first pet's name than some random password -- but terrible for security. The answer to the secret question is much easier to guess than a good password, and the information is much more public. (I'll bet the name of my family's first pet is in some database somewhere.) And even worse, everybody seems to use the same series of secret questions.

The result is the normal security protocol (passwords) falls back to a much less secure protocol (secret questions). And the security of the entire system suffers.
]]> http://www.dslreports.com/forum/remark,20982404 Wed, 20 Aug 2008 22:05:17 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20982362 raythompsontn : OK, so he now has access to her online bank account via the web. What is he going to do? I don't know of a PC yet that can produce money. Have a check issued? Well that is easily traced. He could check her balance I suppose. He could see if a check had cleared.

Bottom line is he really got access to very little useful information if cash is the ultimate goal. Having online access is not nearly as good as having the debit card information.

If you really want to be shaken up I will send you a check for $1.00. You deposit the check blindly writing your account number on the back, or kindly placed on the back by the bank. When I get back the image of the check I now have your bank's R/T number and your account number. Now I simply print checks with a bogus name and address with your account number. I can drain your account using these checks. And recovering the funds is much more difficult.]]> http://www.dslreports.com/forum/remark,20982362 Wed, 20 Aug 2008 21:58:32 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20982095 Greg_Z : Depends on how backwoods the bank is. There are some that have never caught up with the times, and their Online Banking sites look like something from the early dawn of the Internet.]]> http://www.dslreports.com/forum/remark,20982095 Wed, 20 Aug 2008 21:10:28 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20982054 nil : This is where speaking a foreign language could be quite useful. Who knows which one of the three languages I speak I used to answer my questions.. or maybe a combination of more than one!
--
Life is too short to be boring]]> http://www.dslreports.com/forum/remark,20982054 Wed, 20 Aug 2008 21:03:55 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20981990 53059959 :
said by Greg_Z See Profile :

Again, you are asking this why? She is probably one of those that has their password the same as when they started, with it saved in their email, or taped under the Keyboard.
yeah but what i'm saying is the bank's password recovery policy is ludicrous. I mean a single email account? he skipped like 4 steps right there just cuz her bank is n00b]]> http://www.dslreports.com/forum/remark,20981990 Wed, 20 Aug 2008 20:50:17 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20981973 GameGuy369 : I always try to make my security questions something that are not only based on fact, but my own personality. One site had you answer 3 separate custom questions to reset the password. I have since changed this, but since I am from Philly...

Question: "Passwords?"
Answer: "We're talkin bout passwords?"

*Allen Iverson reference*

I have fun with em. I never use anything that much of anyone would know unless they married me, haha.]]> http://www.dslreports.com/forum/remark,20981973 Wed, 20 Aug 2008 20:47:43 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20981957 Greg_Z :
said by 53059959 See Profile :

why would her bank account information go to her gmail account?

I get statements sent to my email, but my actual login is separate, and in order to make any changes I need to call up my bank.
Again, you are asking this why? She is probably one of those that has their password the same as when they started, with it saved in their email, or taped under the Keyboard.

They are also the same ones that have their pin number as their Bday, or house address.]]> http://www.dslreports.com/forum/remark,20981957 Wed, 20 Aug 2008 20:44:45 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20981939 53059959 : why would her bank account information go to her gmail account?

I get statements sent to my email, but my actual login is separate, and in order to make any changes I need to call up my bank.]]> http://www.dslreports.com/forum/remark,20981939 Wed, 20 Aug 2008 20:43:01 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20981569 exocet_cm : Makes it sound so easy... :o]]> http://www.dslreports.com/forum/remark,20981569 Wed, 20 Aug 2008 19:31:39 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20981508 anon : Im not really that impressed, I would be more impressed if he had used a total stranger.

On that note I use these ideas and tools to reset passwords for clients that forgot their passwords and amusingly can't get passed the reset questions themself's. You would be surprised at how often this happens.]]> http://www.dslreports.com/forum/remark,20981508 Wed, 20 Aug 2008 19:15:48 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20981409 Greg_Z : Why go to all that trouble, when all he had to do is dangle some Chocolates in front of her, and she would of spilled her guts.]]> http://www.dslreports.com/forum/remark,20981409 Wed, 20 Aug 2008 18:55:23 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20981185 Grail Knight : Excellent article.

Thanks.
--
"Lego Succurro Lima"]]> http://www.dslreports.com/forum/remark,20981185 Wed, 20 Aug 2008 17:58:36 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20981152 NetFixer :
said by nwrickert See Profile :

I'm not really surprised.

I never did like those "additional security questions" that so many sites require you to answer. It has always seemed to me that they weaken my security.
For me most of the "additional security questions" have been impossible to answer with any truly personal information because I did not have a "favorite whatever". I also did not have a prayer of remembering the correct what/who answer for the "first whatever/whoever" questions (I am older than dirt, and there are very few "firsts" still accessible in my personal memory bank).

As a result I generally have to fabricate the answers for those questions and put the Q/A information into the same encrypted database that I always use for account credentials. The end result is really no different than if I had used computer generated random questions and answers.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.
Test your firewall.]]> http://www.dslreports.com/forum/remark,20981152 Wed, 20 Aug 2008 17:50:28 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20981051 SnowyOne :
said by habya See Profile :

Just because they force a 'personal information' question does not mean you have to answer with personal information.
That is true. It's the folks who aren't aware of that or use real data that this becomes a real security issue.]]> http://www.dslreports.com/forum/remark,20981051 Wed, 20 Aug 2008 17:22:19 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20980945 sivran : True, but it makes it more likely I'll forget what I made up for that question.]]> http://www.dslreports.com/forum/remark,20980945 Wed, 20 Aug 2008 17:00:06 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20980205 habya : Just because they force a 'personal information' question does not mean you have to answer with personal information.

You are allowed to enter any answer you want, so just make something up you will remember (I've never had one that forced an 'answer' only select questions). Or use a passphrase instead of the actual answer. No less secure than anything else so long as it is hard to guess/crack. I never use real personal information on the security questions and I doubt anyone would be able to guess the answers :).
--
HABYA HABYA HABYA TEAR DOWN THE HEMP STALKS EAT UP THE OLD MAN AND WOMAN AND CARRY OFF THE LITTLE GIRL MAY YOU DIE ALONE]]> http://www.dslreports.com/forum/remark,20980205 Wed, 20 Aug 2008 14:48:57 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20979989 sivran :
said by nwrickert See Profile :

I'm not really surprised.

I never did like those "additional security questions" that so many sites require you to answer. It has always seemed to me that they weaken my security.
They weaken your security if they force you to use personal information for them.

Sites that allow you to make up your own questions and answers have the potential to greatly enhance your account security however. Upon seeing my custom question, I doubt anyone would have any response other than, "WTF?"
--
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon profitable cause...]]> http://www.dslreports.com/forum/remark,20979989 Wed, 20 Aug 2008 14:08:44 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20979831 justin9876 : SUMware, thanks for posting. That is a very interesting article. What's really interesting is how easy it was, starting with so little info. I have already sent the members of our computer club the link to the article, think it will be good reading for them (and their children and perhaps grand-children).

Thanks again.]]> http://www.dslreports.com/forum/remark,20979831 Wed, 20 Aug 2008 13:44:34 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20979712 nwrickert : I'm not really surprised.

I never did like those "additional security questions" that so many sites require you to answer. It has always seemed to me that they weaken my security.
--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.1]]> http://www.dslreports.com/forum/remark,20979712 Wed, 20 Aug 2008 13:18:03 EDT Re: How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20979705 sobergeorge : Interesting Read!!]]> http://www.dslreports.com/forum/remark,20979705 Wed, 20 Aug 2008 13:15:53 EDT How I Stole Someone's Identity http://www.dslreports.com/forum/remark,20979059 SUMware : From Scientific American
By Herbert H. Thompson
August 18, 2008 -
said by Herbert H. Thompson :
As a professor, a software developer and an author I've spent a career in software security. I decided to conduct an experiment to see how vulnerable people's accounts are to mining the Web for information. I asked some of my acquaintances, people I know only casually, if with their permission and under their supervision I could break into their online banking accounts. After a few uncomfortable pauses, some agreed.

Visit above link for full story.]]> http://www.dslreports.com/forum/remark,20979059 Wed, 20 Aug 2008 11:21:06 EDT