Updated: 24.11.2002; 12:01:20 Uhr.
disLEXia
lies, laws, legal research, crime and the internet
        

Monday, March 26, 2001

Re: Bogus Microsoft Corporation digital certificates (Savit, R-21.30)

The real risk here is the protection model used by Internet Explorer and related programs. Rather than establishing a mechanism whereby active content can be run (possibly with somewhat degraded performance) in a sandbox, it depends on all the certificants being able to ensure that their certificates and signed applets are secure.

Certificates are useful as an additional mechanism on top of a secure system, to provide accountability, but they're no replacement for one. [Peter da Silva via risks-digest Volume 21, Issue 32]
0:00 # G!

Identity Theft -- a personal experience (from IP)

[Contributed by an unidentified individual to Dave Farber's IP list, For IP archives see: http://www.interesting-people.org/ . PGN]

The following happened to a colleague. About a year ago he signed up for a membership at a video rental store. The form had a place for social security number and he made the mistake of filling it in. About three months later there was a message on his answerer from a bank with which he did not have an account asking about an overdraft. Upon calling he discovered that there was an account in his name with his ss number but with a different address. On calling and writing to the various credit bureaus, he discovered that there had been numerous queries about his creditworthiness. He then contacted each of these and discovered that there had been many credit cards issued in his name as well as a variety of wireless phone accounts. He called each of these in turn and got letters from the credit bureaus but could not be sure that the matter had ended.

The accounts/credit cards were in states other than his but police in those communities were not responsive to complaints. Fortunately, a friend worked in a state attorney general office and he made a call to a local official in the area where the perpetrators seemed to be based. In addition, quite by accident a local house was raided for drugs. Fortunately, one of the police in the raid remembered my colleague's name so when they discovered a collection of driver's licenses from a variety of states, as well as credit cards and other account info, in my colleague's name, he was able to put it all together. There were also cards and licenses for others. The perpetrators pled and got some jail time... probably more because of the drugs than the identity thefts and fraud.

All of this involved an incredible number of hours and associated aggravation to track down and fix the problem. And resolving it quickly depended on having a well placed connection and a good deal of luck.

The lesson is that we are all vulnerable. Just a ss number is enough to get a fraud going. AND There is no privacy wrt ss numbers. For example, at many universities the ss number is the same as the student ID...and appears on class rosters sent to departments and faculty. [[Identity withheld] via risks-digest Volume 21, Issue 30]
0:00 # G!


Maximillian Dornseif, 2002.
 
March 2001
Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31
Feb   Apr
Search
about this disLEXia thing
presentations
scientific publications
logner Texts
my old homepage
categories in this weblog
Subsections of this WebLog
bloging by me
german language content
hacks
computer investigations
computer incidents
going to court
events and conferences
statistics and the like
privacy
main page

Subscribe to "disLEXia" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.