WIDESPREAD INTERNET SECURITY PROBLEM

All off topic conversation held here. Have fun and play nice. =)

Moderators: Bookworm, starkruzr, MrFireDragon, PrettyPrincess, Wapsi

User avatar
GlytchMeister
Posts: 3733
Joined: Wed Oct 16, 2013 2:52 pm
Location: Central Illinois
Contact:

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by GlytchMeister »

...I was just warning about a possible hack-mageddon, guys. If you wanna hash this out, may I request it be taken to PMs?
He's mister GlytchMeister, he's mister code
He's mister exploiter, he's mister ones and zeros
They call me GlytchMeister, whatever I touch
Starts to glitch in my clutch!
I'm too much!
User avatar
AnotherFairportfan
Posts: 6402
Joined: Thu May 01, 2014 2:53 pm

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by AnotherFairportfan »

GlytchMeister wrote:...I was just warning about a possible hack-mageddon, guys. If you wanna hash this out, may I request it be taken to PMs?
As i said, i'm outta the discussion.
Proof Positive the world is not flat: If it were, cats would have pushed everything off the edge by now.
User avatar
GlytchMeister
Posts: 3733
Joined: Wed Oct 16, 2013 2:52 pm
Location: Central Illinois
Contact:

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by GlytchMeister »

Equifax was breached.
...
Check if your info was exposed here

Mine was. I'm furious. Absolutely fucking livid. Of all the companies to let themselves be breached, it was a fucking credit reporting agency? Fuck. They are offering 1 year of free credit monitoring. It costs money to freeze your credit (another recommended step) and I have to lift the freeze of I want to apply to a job or for a loan, which makes things difficult because I'M ALWAYS APPLYING FOR FUCKING JOBS. Is changing my SSN an option? I know it's probably a pain in the ass to accomplish but would it take care of my exposed SSN for good?

I want my shit safe NOW god damnit and I want it safer than some computer watching my credit. I want it, my identity, locked the fuck down.

I'm also gonna look into getting lifelock in addition to everything. This is horrid.
He's mister GlytchMeister, he's mister code
He's mister exploiter, he's mister ones and zeros
They call me GlytchMeister, whatever I touch
Starts to glitch in my clutch!
I'm too much!
User avatar
Atomic
Posts: 2948
Joined: Tue Jul 31, 2012 12:39 am
Location: Central PA
Contact:

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by Atomic »

At a minimum, change your PINs.

According to Reddit, the Equifax EULA to check your hack status includes a declination to sue. Loverly! Read carefully before you click....
Don't let other peoples limitations become your constraints!

My Deviant Art scribbles
The Atomic Guide to Basic GIMP Stuff
User avatar
Dave
Posts: 7584
Joined: Tue Jul 31, 2012 5:58 pm
Location: Mountain View, CA, USA

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by Dave »

Atomic wrote:At a minimum, change your PINs.

According to Reddit, the Equifax EULA to check your hack status includes a declination to sue. Loverly! Read carefully before you click....
What I read on CNN, is that if you accept their offer for a free year of credit monitoring and reports, you would have been agreeing not to sue them concerning that free year of service... you'd have to accept binding arbitration if the free service isn't to your liking.

The EULA language did not (according to what I read) prevent you from suing them concerning the privacy and security breach itself. I strongly suspect they realized they couldn't possibly get away with that.

And, they've now added language which permits you to opt out of the arbitration clause (you must do so fairly soon, and in writing).

I checked, and the checking site said that neither I or my wife Gwen was believed to have been affected. That's good news. It's been some years since we applied for any new credit and I suspect the breach may have affected mostly people who had had credit reports "pulled" within the last year or so.

I think I'm going to see about putting a long-term freeze on, at all three credit bureaus.

According to the SSA web site, they will assign a new SSN to a victim of identity theft if continuing to use the old number would cause that person to "continue to be disadvantaged". They don't say anything about being willing to issue a new number to a potential victim. Glytchmeister, you may have to wait until you can prove that someone is abusing the stolen information. Yeah, that sucks.
User avatar
AnotherFairportfan
Posts: 6402
Joined: Thu May 01, 2014 2:53 pm

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by AnotherFairportfan »

Thre execs sold $200 million in Equifax stock after tge breach was disckvered ... but BEFORE it was made public.
Proof Positive the world is not flat: If it were, cats would have pushed everything off the edge by now.
Alkarii
Posts: 1854
Joined: Sun Nov 09, 2014 3:02 pm

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by Alkarii »

Is that not considered insider trading?
There is no such thing as a science experiment gone wrong.
User avatar
Dave
Posts: 7584
Joined: Tue Jul 31, 2012 5:58 pm
Location: Mountain View, CA, USA

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by Dave »

AnotherFairportfan wrote:Thre execs sold $200 million in Equifax stock after tge breach was disckvered ... but BEFORE it was made public.
Yeah... the company claims those execs had no knowledge of the breach at the time they sold their shares, but I suspect that's going to be a really difficult story to sell to the SEC and the courts.

Unless those execs can present convincing evidence that they'd actually given their brokers "sell" orders well before anyone in the company knew of the breach, they may be in for a huge world of personal hurt (and Equifax would likely refuse to participate in, or pay for their legal defense).

They may have to try the "Do you really think that we're actually that stupid?" defense.
Alkarii wrote:Is that not considered insider trading?
If they knew... yes, it would probably be a textbook-quality example of insider trading. I've always been told that the SEC has absolutely no sense of humor about that sort of thing.
User avatar
Atomic
Posts: 2948
Joined: Tue Jul 31, 2012 12:39 am
Location: Central PA
Contact:

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by Atomic »

Gentlemen, I have a message here from Dr. Evil. He's going to attack our holiday resort at Costa Del Phlab on Monday with laser sharks if we don't pony up ... One Milllllleon Dollars. Since our stock is at an all time high, I suggest we bail out now, take the hit, and buy back our stock after the attack. It should be at least 30% less. The profits should more than cover any remaining repairs after the insurance payoff. All those in favor?
Don't let other peoples limitations become your constraints!

My Deviant Art scribbles
The Atomic Guide to Basic GIMP Stuff
User avatar
Dave
Posts: 7584
Joined: Tue Jul 31, 2012 5:58 pm
Location: Mountain View, CA, USA

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by Dave »

Atomic wrote:Gentlemen, I have a message here from Dr. Evil. He's going to attack our holiday resort at Costa Del Phlab on Monday with laser sharks if we don't pony up ... One Milllllleon Dollars. Since our stock is at an all time high, I suggest we bail out now, take the hit, and buy back our stock after the attack. It should be at least 30% less. The profits should more than cover any remaining repairs after the insurance payoff. All those in favor?
"Umm... boss, do you happen to know the current price for a carton of cigarettes at the prisoners' exchange in Club Fed?"
User avatar
GlytchMeister
Posts: 3733
Joined: Wed Oct 16, 2013 2:52 pm
Location: Central Illinois
Contact:

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by GlytchMeister »

haha what the fuck is this bullshit?

Apparently the tool to see if your info was released is bogus. Al and I have both tested it and obtained the same results as seen in the article.
He's mister GlytchMeister, he's mister code
He's mister exploiter, he's mister ones and zeros
They call me GlytchMeister, whatever I touch
Starts to glitch in my clutch!
I'm too much!
User avatar
GlytchMeister
Posts: 3733
Joined: Wed Oct 16, 2013 2:52 pm
Location: Central Illinois
Contact:

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by GlytchMeister »

He's mister GlytchMeister, he's mister code
He's mister exploiter, he's mister ones and zeros
They call me GlytchMeister, whatever I touch
Starts to glitch in my clutch!
I'm too much!
User avatar
jwhouk
Posts: 6053
Joined: Wed Aug 01, 2012 7:58 am
Location: The Valley of the Sun, Arizona
Contact:

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by jwhouk »

iOS might not be your only problem.

Consider your Nest Smarthome stuff...
"Character is what you are in the dark." - D.L. Moody
"You should never run from the voices in your head. That's how you give them power." - Jin
Alkarii
Posts: 1854
Joined: Sun Nov 09, 2014 3:02 pm

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by Alkarii »

I would have been able to avoid the iPhone problem by accident, because I don't want one. As for the security devices with internet connectivity... Hasn't anyone else seen Live Free or Die Hard? Or any of the other cyber thriller movies that have come out in the past two or three decades? That movie Enemy of the State comes to mind.

Basically, if it connects to any outside network at all, it can be hacked. Kind of reminds me of all the times that one scammer kept calling me and saying they detected that my computer had a virus... And each time I'd responded with "Wow, it must be a pretty bad virus, if it can infect a computer that was never connected to the internet."
There is no such thing as a science experiment gone wrong.
User avatar
Bookworm
Posts: 615
Joined: Sun Jul 29, 2012 11:59 pm
Location: Houston, TX
Contact:

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by Bookworm »

They refuse to put a new IOS on my i-devices, and then made it so that most of the apps out there won't run on it, because they only allow one app version on the I-store.
I'll get a life when it's proven and substantiated to be better than what I'm currently experiencing.
User avatar
Atomic
Posts: 2948
Joined: Tue Jul 31, 2012 12:39 am
Location: Central PA
Contact:

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by Atomic »

The people who want the "Internet of Things" are obviously oblivious to ongoing events like the Internet of Unlocked Video Cameras, the Internet of Default Password Routers, and the Internet of Backdoor Rootkits.

Sign me up for one of those Do-It-Yourself Root Canal things, won't cha?
Don't let other peoples limitations become your constraints!

My Deviant Art scribbles
The Atomic Guide to Basic GIMP Stuff
User avatar
Bookworm
Posts: 615
Joined: Sun Jul 29, 2012 11:59 pm
Location: Houston, TX
Contact:

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by Bookworm »

Atomic wrote: Tue Dec 04, 2018 5:41 pm The people who want the "Internet of Things" are obviously oblivious to ongoing events like the Internet of Unlocked Video Cameras, the Internet of Default Password Routers, and the Internet of Backdoor Rootkits.

Sign me up for one of those Do-It-Yourself Root Canal things, won't cha?
Frankly, the internet of default password routers aren't a problem. I haven't seen a router for 10+ years that allowed external access by default. The ones that are a problem are the Internet Of Abandoned Network Devices, which the manufacturers won't support because their money is in forcing people to buy new ones, rather than fixing the security holes.

I write passwords on top of my customer's equipment. I tell them straight out - if someone needs it, it's there. If someone you don't want access has it in their hands, you have other problems.
I'll get a life when it's proven and substantiated to be better than what I'm currently experiencing.
User avatar
Bookworm
Posts: 615
Joined: Sun Jul 29, 2012 11:59 pm
Location: Houston, TX
Contact:

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by Bookworm »

GlytchMeister wrote: Fri Sep 08, 2017 9:45 pm Is changing my SSN an option? I know it's probably a pain in the ass to accomplish but would it take care of my exposed SSN for good?
Lifelock won't do much.

Anyway - only replying to this because I believe you _can_ get your SS number changed. I don't know the steps, but I do know they make it a PITA.
I'll get a life when it's proven and substantiated to be better than what I'm currently experiencing.
User avatar
GlytchMeister
Posts: 3733
Joined: Wed Oct 16, 2013 2:52 pm
Location: Central Illinois
Contact:

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by GlytchMeister »

Yeah, looked into them both. Life lock basically just keeps an eye on your shit for you and has a guarantee and lawyers.
Changing SSN requires that it has actually been stolen and used, not merely compromised. Which is bullshit.
He's mister GlytchMeister, he's mister code
He's mister exploiter, he's mister ones and zeros
They call me GlytchMeister, whatever I touch
Starts to glitch in my clutch!
I'm too much!
Warrl
Posts: 1723
Joined: Sat Jul 20, 2013 10:44 pm

Re: WIDESPREAD INTERNET SECURITY PROBLEM

Post by Warrl »

Well, of course they make it hard to change SSNs. For a good reason. They are in danger of running out of numbers.

SSNs are 9-digit numbers.

The population of the US is also a 9-digit number. As it was when Social Security started in 1935 - about 127 million then, 328 million early this year. That's, as a first approximation, 455 million out of 1 billion possible SSNs occupied.

(That approximation done by assuming that everyone alive in the US in 1935 got an SSN and then died, and everyone now alive in the US has an SSN. Some inaccuracies: not everyone at either time got/has an SSN; some people alive in 1935 are still alive; there are people who were born or immigrated to the US, and got an SSN, and are already dead so would not be included in either count.)

However... every corporation registered in the US gets a federal tax ID number. It's also 9 digits. There are lots of forms where the person filling them out enters their SSN or corporate tax ID - without indicating which sort of number it is. The numbers come out of the same pool. And there are LOTS of corporations. My efforts to quantify "lots" have so far been fruitless, but I'd be surprised if it's less than 50 million currently operating or at least technically in existence with at least another 75 million that have lost registration (actually died) since Social Security started.

And the method of assigning Social Security and tax ID numbers leaves the likelihood that there will be holes - blocks of numbers that, unless they change the assignment method, will probably NEVER be assigned to anyone. Further depleting the pool.

Now... when a person (or corporation) dies, how long should the system wait before reassigning their SSN to someone else? I'd think a nice long time would be good.

Frankly, they need to revise the system to use longer SSNs. Which need not be strictly numeric, but must be designed to be easily remembered.

And doing that, and getting every computer application and database in the country that uses SSNs updated, is going to make the fuss over the Y2K bug look like small potatoes.
Post Reply