Posted on 09/06/2006 7:53:28 AM PDT by APRPEH
Theres been a lot of talk about identity theft in recent days, and a lot of technology is being thrown at the problem. But with all the technology thats out there, its still pretty easy for a good social engineer to steal an identity and exploit it swiftly, even if they only have a single piece of personal information.
In a recent project, my penetration testing firm was able to gain an alarming amount of access to personal information and even financial accounts with only a birth date to go on.
We were hired by a private college to assess the security of its network. After completing numerous tests for vulnerabilities in the primary systems, we started looking at the Internet sites for the various departments and schools within the college. We found a major flaw in the alumni site, so we asked for permission to exploit it. The college agreed, as long as we agreed to stop our attack before any of its alumni were actually robbed. We began the exploit immediately.
(Excerpt) Read more at it-observer.com ...
There is a simple fix to identity theft: 1. Allow people to put a hold on their credit record that will allow no new accounts to be opened on this record without notifying and receiving an confirmation from the listed address, email, or phone number. People should have a right to know if anyone is trying to open an account in their name. This seems basic stuff to me, yet the credit companies fight it and our lawmakers give in to them. If someone is making a purchase over a certain dollar amount, then they should have to show a photo id that matches the name on the credit card. If buying by phone, items should only be shipped to the address on the credit card account, unless confirmation is sent and received from that address, so people can order gifts online. Any new account opened up using a person's credit rating that features a different address than the one on file should be immediately treated as suspect.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.