funsec mailing list archives
Re: [privacy] City of Chicago Loses Voter Data
From: Drsolly <drsollyp () drsolly com>
Date: Tue, 23 Jan 2007 01:02:08 +0000 (GMT)
You asked for comments. My bank came up with a great idea. They called me, and asked me for my mother's maiden name. This, they said, would be used to prove my identity when I phone them up. It's good that my bank comes up with fresh and original security systems. So, first of all I put them through the "Who are you, you're someone phoning me out of the blue, why should I believe you're my bank?" So she offered to give me the phone number so I could call her back. We both had a bit of a luagh about that. Then she offered to email me; because it was email, I'd know it was coming from the bank. I had a bit of a laugh about that, and told her to speak to her IT people to have the joke explained. So I asked to speak to someone higher up. Then I made a counter offer. "Look me up on the internet, maybe use a geneology web site. Find out my mother's maiden name yourself, then you can ask me for it each time I call." Then there was a bit of a pause while the person I spoke to worked out that if they could discover my mother's maden name, so could anyone else. "So," I said, "how about I call you back on this." So I called my bank manager, using the bank's number. He denied that the bank would be so stupid, and said it was probably an attempt at identity theft, and he'd look into it. Then he called me back. Apparently, it was the bank after all. "And we really do need your mother's maiden name." I put it to him that he didn't. He insisted that he did. I said, "No, you want something that you can use to verify that it's me, it doesn't have to be mother's maiden name." "Yes it does," he insisted, "it's a directive from Head Office. Nothing else will do." "Hmm," I explained, "and what will you do when I tell you that this is confidential information that I'm not going to give you?" He said he'd call me back. I'm still waiting. On Mon, 22 Jan 2007, Shyaam wrote:
THAT REALLY STINKS. At this rate there is no use for passport or SSN or any secure ID as everything is being lost these days, infact not by individuals who are educated using "Security Awareness" but the ones who are supposed to maintain it. Any comments ??? Kind Regards, Shyaam On 1/22/07, Fergie <fergdawg () netzero net> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Via The Chicago Sun-Times. [snip] About 100 computer discs with 1.3 million Chicago voters' Social Security numbers have been distributed to aldermen and ward committeemen, and the whereabouts of at least an additional six CDs with the same information are unknown, according to the Chicago Board of Elections. This follows another security lapse in October 2006, when voters' Social Security numbers were available through the board's Web site. But unlike the Web site flaw, which was fixed in a few minutes, it will be difficult, if not impossible, for the Board of Elections to retrieve sensitive data physically scattered on more than 100 discs throughout the area. The discs also contain voters' birth dates and addresses -- information that along with Social Security numbers can be used to commit identity theft. [snip] More: http://www.suntimes.com/news/politics/222892,CST-NWS-data22.article - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.2 (Build 4075) wj8DBQFFtUscq1pz9mNUZTMRAtX9AKCJSeWlRvqDLdd7mIyNFA/nOIDkcgCg/Upq U3CFympEfBhxecNyDMkakSU= =7yUx -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ privacy mailing list privacy () whitestar linuxbox org http://www.whitestar.linuxbox.org/mailman/listinfo/privacy
_______________________________________________ privacy mailing list privacy () whitestar linuxbox org http://www.whitestar.linuxbox.org/mailman/listinfo/privacy
Current thread:
- [privacy] City of Chicago Loses Voter Data Fergie (Jan 22)
- Re: [privacy] City of Chicago Loses Voter Data Shyaam (Jan 22)
- Re: [privacy] City of Chicago Loses Voter Data Drsolly (Jan 22)
- Re: [privacy] City of Chicago Loses Voter Data Dr. Neal Krawetz (Jan 23)
- Re: [privacy] City of Chicago Loses Voter Data Brian Loe (Jan 23)
- Re: [privacy] City of Chicago Loses Voter Data Valdis . Kletnieks (Jan 23)
- Re: [privacy] City of Chicago Loses Voter Data Shyaam (Jan 22)