Free Republic
Browse · Search		 News/Activism
Topics · Post Article

Skip to comments.

Identity Theft Techniques
IT OBSERVER ^ | 5 September 2006 | Steve Stasiukonis

Posted on 09/06/2006 7:53:28 AM PDT by APRPEH

There’s been a lot of talk about identity theft in recent days, and a lot of technology is being thrown at the problem. But with all the technology that’s out there, it’s still pretty easy for a good social engineer to steal an identity and exploit it swiftly, even if they only have a single piece of personal information.

In a recent project, my penetration testing firm was able to gain an alarming amount of access to personal information — and even financial accounts — with only a birth date to go on.

We were hired by a private college to assess the security of its network. After completing numerous tests for vulnerabilities in the primary systems, we started looking at the Internet sites for the various departments and schools within the college. We found a major flaw in the alumni site, so we asked for permission to exploit it. The college agreed, as long as we agreed to stop our attack before any of its alumni were actually robbed. We began the exploit immediately.

(Excerpt) Read more at it-observer.com ...

TOPICS: Business/Economy; Crime/Corruption; Culture/Society
KEYWORDS: computers; crime; identitytheft; it; socialengineering; technology
The whole story is hyperlinked from the bottom of the abstract.
1 posted on 09/06/2006 7:53:30 AM PDT by APRPEH
[ Post Reply | Private Reply | View Replies]
To: APRPEH

There is a simple fix to identity theft: 1. Allow people to put a hold on their credit record that will allow no new accounts to be opened on this record without notifying and receiving an confirmation from the listed address, email, or phone number. People should have a right to know if anyone is trying to open an account in their name. This seems basic stuff to me, yet the credit companies fight it and our lawmakers give in to them. If someone is making a purchase over a certain dollar amount, then they should have to show a photo id that matches the name on the credit card. If buying by phone, items should only be shipped to the address on the credit card account, unless confirmation is sent and received from that address, so people can order gifts online. Any new account opened up using a person's credit rating that features a different address than the one on file should be immediately treated as suspect.


2 posted on 09/06/2006 8:14:39 AM PDT by sportutegrl (A person is a person, no matter how small. (Dr. Seuss))
[ Post Reply | Private Reply | To 1 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search		 News/Activism
Topics · Post Article
FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson