Wapsi Square Forum

...I was just warning about a possible hack-mageddon, guys. If you wanna hash this out, may I request it be taken to PMs?

GlytchMeister wrote:...I was just warning about a possible hack-mageddon, guys. If you wanna hash this out, may I request it be taken to PMs?

As i said, i'm outta the discussion.

Equifax was breached.
...
Check if your info was exposed here

Mine was. I'm furious. Absolutely fucking livid. Of all the companies to let themselves be breached, it was a fucking credit reporting agency? Fuck. They are offering 1 year of free credit monitoring. It costs money to freeze your credit (another recommended step) and I have to lift the freeze of I want to apply to a job or for a loan, which makes things difficult because I'M ALWAYS APPLYING FOR FUCKING JOBS. Is changing my SSN an option? I know it's probably a pain in the ass to accomplish but would it take care of my exposed SSN for good?

I want my shit safe NOW god damnit and I want it safer than some computer watching my credit. I want it, my identity, locked the fuck down.

I'm also gonna look into getting lifelock in addition to everything. This is horrid.

At a minimum, change your PINs.

According to Reddit, the Equifax EULA to check your hack status includes a declination to sue. Loverly! Read carefully before you click....

Atomic wrote:At a minimum, change your PINs.

According to Reddit, the Equifax EULA to check your hack status includes a declination to sue. Loverly! Read carefully before you click....

What I read on CNN, is that if you accept their offer for a free year of credit monitoring and reports, you would have been agreeing not to sue them concerning that free year of service... you'd have to accept binding arbitration if the free service isn't to your liking.

The EULA language did not (according to what I read) prevent you from suing them concerning the privacy and security breach itself. I strongly suspect they realized they couldn't possibly get away with that.

And, they've now added language which permits you to opt out of the arbitration clause (you must do so fairly soon, and in writing).

I checked, and the checking site said that neither I or my wife Gwen was believed to have been affected. That's good news. It's been some years since we applied for any new credit and I suspect the breach may have affected mostly people who had had credit reports "pulled" within the last year or so.

I think I'm going to see about putting a long-term freeze on, at all three credit bureaus.

According to the SSA web site, they will assign a new SSN to a victim of identity theft if continuing to use the old number would cause that person to "continue to be disadvantaged". They don't say anything about being willing to issue a new number to a potential victim. Glytchmeister, you may have to wait until you can prove that someone is abusing the stolen information. Yeah, that sucks.

Thre execs sold $200 million in Equifax stock after tge breach was disckvered ... but BEFORE it was made public.

Is that not considered insider trading?

AnotherFairportfan wrote:Thre execs sold $200 million in Equifax stock after tge breach was disckvered ... but BEFORE it was made public.

Yeah... the company claims those execs had no knowledge of the breach at the time they sold their shares, but I suspect that's going to be a really difficult story to sell to the SEC and the courts.

Unless those execs can present convincing evidence that they'd actually given their brokers "sell" orders well before anyone in the company knew of the breach, they may be in for a huge world of personal hurt (and Equifax would likely refuse to participate in, or pay for their legal defense).

They may have to try the "Do you really think that we're actually that stupid?" defense.

Alkarii wrote:Is that not considered insider trading?

If they knew... yes, it would probably be a textbook-quality example of insider trading. I've always been told that the SEC has absolutely no sense of humor about that sort of thing.

Gentlemen, I have a message here from Dr. Evil. He's going to attack our holiday resort at Costa Del Phlab on Monday with laser sharks if we don't pony up ... One Milllllleon Dollars. Since our stock is at an all time high, I suggest we bail out now, take the hit, and buy back our stock after the attack. It should be at least 30% less. The profits should more than cover any remaining repairs after the insurance payoff. All those in favor?

Atomic wrote:Gentlemen, I have a message here from Dr. Evil. He's going to attack our holiday resort at Costa Del Phlab on Monday with laser sharks if we don't pony up ... One Milllllleon Dollars. Since our stock is at an all time high, I suggest we bail out now, take the hit, and buy back our stock after the attack. It should be at least 30% less. The profits should more than cover any remaining repairs after the insurance payoff. All those in favor?

"Umm... boss, do you happen to know the current price for a carton of cigarettes at the prisoners' exchange in Club Fed?"

haha what the fuck is this bullshit?

Apparently the tool to see if your info was released is bogus. Al and I have both tested it and obtained the same results as seen in the article.

iOS might not be your only problem.

Consider your Nest Smarthome stuff...

I would have been able to avoid the iPhone problem by accident, because I don't want one. As for the security devices with internet connectivity... Hasn't anyone else seen Live Free or Die Hard? Or any of the other cyber thriller movies that have come out in the past two or three decades? That movie Enemy of the State comes to mind.

Basically, if it connects to any outside network at all, it can be hacked. Kind of reminds me of all the times that one scammer kept calling me and saying they detected that my computer had a virus... And each time I'd responded with "Wow, it must be a pretty bad virus, if it can infect a computer that was never connected to the internet."

They refuse to put a new IOS on my i-devices, and then made it so that most of the apps out there won't run on it, because they only allow one app version on the I-store.

The people who want the "Internet of Things" are obviously oblivious to ongoing events like the Internet of Unlocked Video Cameras, the Internet of Default Password Routers, and the Internet of Backdoor Rootkits.

Sign me up for one of those Do-It-Yourself Root Canal things, won't cha?

Atomic wrote: ↑Tue Dec 04, 2018 5:41 pm The people who want the "Internet of Things" are obviously oblivious to ongoing events like the Internet of Unlocked Video Cameras, the Internet of Default Password Routers, and the Internet of Backdoor Rootkits.

Sign me up for one of those Do-It-Yourself Root Canal things, won't cha?

Frankly, the internet of default password routers aren't a problem. I haven't seen a router for 10+ years that allowed external access by default. The ones that are a problem are the Internet Of Abandoned Network Devices, which the manufacturers won't support because their money is in forcing people to buy new ones, rather than fixing the security holes.

I write passwords on top of my customer's equipment. I tell them straight out - if someone needs it, it's there. If someone you don't want access has it in their hands, you have other problems.

GlytchMeister wrote: ↑Fri Sep 08, 2017 9:45 pm Is changing my SSN an option? I know it's probably a pain in the ass to accomplish but would it take care of my exposed SSN for good?

Lifelock won't do much.

Anyway - only replying to this because I believe you _can_ get your SS number changed. I don't know the steps, but I do know they make it a PITA.

Yeah, looked into them both. Life lock basically just keeps an eye on your shit for you and has a guarantee and lawyers.
Changing SSN requires that it has actually been stolen and used, not merely compromised. Which is bullshit.

Well, of course they make it hard to change SSNs. For a good reason. They are in danger of running out of numbers.

SSNs are 9-digit numbers.

The population of the US is also a 9-digit number. As it was when Social Security started in 1935 - about 127 million then, 328 million early this year. That's, as a first approximation, 455 million out of 1 billion possible SSNs occupied.

(That approximation done by assuming that everyone alive in the US in 1935 got an SSN and then died, and everyone now alive in the US has an SSN. Some inaccuracies: not everyone at either time got/has an SSN; some people alive in 1935 are still alive; there are people who were born or immigrated to the US, and got an SSN, and are already dead so would not be included in either count.)

However... every corporation registered in the US gets a federal tax ID number. It's also 9 digits. There are lots of forms where the person filling them out enters their SSN or corporate tax ID - without indicating which sort of number it is. The numbers come out of the same pool. And there are LOTS of corporations. My efforts to quantify "lots" have so far been fruitless, but I'd be surprised if it's less than 50 million currently operating or at least technically in existence with at least another 75 million that have lost registration (actually died) since Social Security started.

And the method of assigning Social Security and tax ID numbers leaves the likelihood that there will be holes - blocks of numbers that, unless they change the assignment method, will probably NEVER be assigned to anyone. Further depleting the pool.

Now... when a person (or corporation) dies, how long should the system wait before reassigning their SSN to someone else? I'd think a nice long time would be good.

Frankly, they need to revise the system to use longer SSNs. Which need not be strictly numeric, but must be designed to be easily remembered.

And doing that, and getting every computer application and database in the country that uses SSNs updated, is going to make the fuss over the Y2K bug look like small potatoes.