So... what if those identity-protection websites get hacked? by SIGNYM

REAL WORLD EVENT DISCUSSIONS

So... what if those identity-protection websites get hacked?

POSTED BY: SIGNYM
UPDATED: Saturday, October 3, 2015 05:10
SHORT URL:
VIEWED: 1570
PAGE 1 of 1

Friday, October 2, 2015 9:33 AM

I believe in solving problems, not sharing them.

Ive had my debit card hacked a half-dozen times ... the first few times when some third-party processors for online purchases got hacked, the last few times at local gas stations where card readers were being skimmed.

Fortunately, I was passed by the Target hack.

But I've gotten notices from a major health-care provider AND the IRS in the past few months that my family's personal ID was compromised.

The answer, they say, is to use one of those ID-protection racke... oh, I mean companies ... like Lifelock ... and to use Experian, Transunion, and Equifax to monitor your credit. But what if one of THOSE websites gets hacked?

Millions of T-Mobile customers exposed in Experian breach

Quote:
Experian Plc (EXPN.L), the world's biggest consumer credit monitoring firm, on Thursday disclosed a massive data breach that exposed sensitive personal data of some 15 million people who applied for service with T-Mobile US Inc (TMUS.N).

Connecticut's attorney general said he will launch an investigation into the breach.

Experian said it discovered the theft of the T-Mobile customer data from one of its servers on Sept. 15. The computer stored information about some 15 million people who had applied for service with telecoms carrier T-Mobile during the prior two years, Experian said.

http://www.reuters.com/article/2015/10/02/us-tmobile-dataprotection-id
USKCN0RV5PL20151002

Yanno, I kind of cringe at the security measures people take. People who put a wireless videocam into their baby's bedroom so they can monitor their little darling from afar ... open to anyone with the appropriate receiver driving thru their neighborhoods, just looking to pick up a signal. People who request notification (by mobile phone) of any bank transactions on their account. People with wireless home security systems.

The REAL problem, though, is those big fat servers ... health providers, banks, payment processing ... credit monitoring ....

It's been known for decades (since at least 1999) among technical people that Microsoft partnered with the NSA to build in "back doors" which allowed the NSA to decrypt anything on anyone's computer (_NSAKEY). That was one of the reasons why MS got such a minor slap on the wrist from the DOJ for engaging in patently monopolistic behavior ... the JUDGE (Penfield Jackson) was actually arguing that Microsoft was a monopoly and should be broken up, and the DOJ- which should have been doing exactly that... was protecting it's defendent.

Anyway, now "everyone" has their data on weakly-protected Miscrosoft-based servers. May as well bend over and ask for it.

People should be DEMANDING that their information be kept on NSA- and crime-proof servers. Better yet, they should be DEMANDING that their electronic information be reduced as much as possible, and erased as soon as it's no longer needed. WHY, for example, was T-Mobile keeping people's SSNs on its servers?? Whatever the reason they say it was, I can guarantee that it's stupid. The problem with edata is that it's CHEAP. There is no financial reason to get rid of it. I've been saying (for years) that anyone who keeps your data on a server, even if it's so-called "anonymized", should be required by law to inform you every year tell you what kinds of data they have, to provide the data to you, to allow you to make corrections, and to opt you out if you choose. Going thru that happy horseshit every year makes data expensive ... I guarantee you that in a couple of years, all of that irrelevant data would be wiped clean.

But, no. People don't realize how they're getting screwed, and even if they do, they start thinking that maybe it's necessary for the security agencies or maybe it might reduce convenience and so they'd rather be butt-f*cked by criminals.

NOTIFY: Y | REPLY | REPLY WITH QUOTE | TOP | HOME

Friday, October 2, 2015 10:33 PM

1KIKI

Goodbye, kind world (George Monbiot) - In common with all those generations which have contemplated catastrophe, we appear to be incapable of understanding what confronts us.

So ... I know someone who applied to the FBI. Actually got accepted, but hiring freeze and yadda yadda ...

When yet another story came out about how even MORE fingerprints got hacked than they originally thought (originally they thought it was 5.6M then announced it was 22.1M 'Hacks of OPM databases compromised 22.1 million people, federal authorities say') I got in touch with him and asked - is this you, too? Have you been notified of anything?

Well, no one is tellin' him nuthin'.

WTH? The hackers know who they hacked, the government knows who was hacked, but the people who might have been hacked are kept in the dark?

Why? Is it some big security risk to tell the people who might have been hacked whether they were or not? It's not like their information is necessarily secure anymore. And it's not like no one knows what happened and it's still a secret.

So I can only conclude these things
1) you're at risk from hackers
2) you're at risk from the corps who own the servers, hardware and software
3) you're at risk from your own government because they'd rather hide behind a 'security' blanket than tell you they lost your precious biometric data (unless you intend to chop off your fingertips).
4) you're on your own in a pool of sharks. Because NOBODY has your interests at heart.

SAGAN: We are releasing vast quantities of carbon dioxide, increasing the greenhouse effect. It may not take much to destabilize the Earth's climate, to convert this heaven, our only home in the cosmos, into a kind of hell.

NOTIFY: N | REPLY | REPLY WITH QUOTE | TOP | HOME

Saturday, October 3, 2015 1:50 AM

ELVISCHRIST

LifeLock guy used to brag about putting his real SSN on their vans and billboards. He doesn't do that anymore. Wanna know why? Because his identity was hacked and stolen at least 13 times!

NOTIFY: Y | REPLY | REPLY WITH QUOTE | TOP | HOME

Saturday, October 3, 2015 3:45 AM

SHINYGOODGUY

These hackers always find a way, which makes me think that these so-called experts have to know what can be done to stop this from happening. Vulnerabilities notwithstanding, I believe that there is a solution, a very expensive solution that the corporations must pay for.

I'm thinking too that medical info is always at risk as well. Every single doctor's office asks for you SS number, and to this day I'm stumped as to why. I read an article that explained it all, but I can't remember the reason that was given. Still, I wonder what can the hackers do with your medical history? Other than the SSN, what's there to steal? Anyone!?

SGG

Quote:
Originally posted by ElvisChrist:
LifeLock guy used to brag about putting his real SSN on their vans and billboards. He doesn't do that anymore. Wanna know why? Because his identity was hacked and stolen at least 13 times!

NOTIFY: Y | REPLY | REPLY WITH QUOTE | TOP | HOME

Saturday, October 3, 2015 5:10 AM

SIGNYM

I believe in solving problems, not sharing them.

I happen to have the great fortune to be married to a computer expert. I don't want to provide a list of everything he's done and everything he knows because that might be too identifiable, but suffice it to say that over the 30+ years we've been married, he's learned more about computers that GSTRING will even dream about. So altho I don't know computer security and couldn't program an ip table if my life depended on it, I know "about" computer security because I've heard about it for so long.

In order for any entity to have decent security, the first thing they have to do is shit-can Microsoft in favor of one of the 'nix flavors (Unix, Linux). Aside from the backdoors that were built into the MS operating system ... because the one thing that the NSA can't abide by is a computer that they can't compromise ... the Microsoft OSes itself is built like the Great Barrier Reef: code upon patches upon more code, which have accumulated for (in some cases) decades. MS OSs break the cardinal rule of good programming, the rule which is: Everything has to be modular. The reason for THAT is while it's easy to write and test a module 1000 lines long, it's impossible to test code that's 200,000 line long.

The second thing they need to do is hire somebody who knows what they're doing. It's reasonably easy to keep a business server secure, because - unlike your home computer or smart phone- the reality is that it SHOULDN'T be accessed by all kinds of other computers that want it to do random odd things like play videos games or present papers. A file server will only allow connections that YOU (the sysop) enable, and only perform actions that you (the sysop) allow. It's should be pretty easy to write a "white list" of allowed connections and simply disallow anything else.

The third thing is to be physically isolated. WIFI is a security death-knell. So is the internet. And don't allow USB sticks anywhere near.

There are all kinds of tricky hardware/firmware hacks that have been discovered over the years, like all of the Cisco routers having been hacked, and the USB protocol being extremely vulnerable, and even disk controllers being vulnerable, but those almost have to be done at the manufacturer. So the sysop needs to stay on the ball, but the first law of computer security is- don't allow anyone in who doesn't belong, and don't allow any activities outside of a specific set. Encrypt your data. If you do that, then most hackers will simply move on to softer targets.

Oh, by the way ... how do you feel about your car being hacked? It just a whole new spin on driverless cars!

http://www.caranddriver.com/features/can-your-car-be-hacked-feature

And then there's the whole "smart house" idea, where you (or anyone) can control the internals of you house.

That phrase "the internet of things"?

Anybody who buys into that deserves what they get!

--------------
You can't build a nation with bombs. You can't create a society with guns.

NOTIFY: Y | REPLY | REPLY WITH QUOTE | TOP | HOME

YOUR OPTIONS

SHARE THREAD

NEW POSTS TODAY

USER	POST DATE

USER

POST DATE