An easy way to steal identities online

Catching up with my online reading a bit tonight, I found a link to a site which will check if your social security number is in their database of known stolen SSNs. I’ll not link to the site directly, because I want to save any of the less intelligent web users who accidentally find me site from doing something not-very-bright (I know both the regular readers of my site are so astonishingly above average intellect that not only would they not fall for this, they can actually read the mind of criminals attempting to steal their SSNs). All you have to do to see if you are in this stolen SSN database is enter your SSN into the handy-dandy search field. This news is a couple of days old already from the DownloadSquad folks, and thankfully there are a number of commenters there who have already pointed out the problem with this service.

So where did they get their data from? Well from the FAQ on their site, here is their response. “The information that powers StolenID Search is found online, by looking in places where fraudsters typically trade or store this kind of information. All information behind StolenID search is publicly available, but not in places where search engines such as Yahoo and Google would look. TrustedID abides by all state and federal laws in the collection and provision of this compromised information. The information behind StolenID Search comes from collection efforts led by TrustedID directly and also from other reputable companies that assist us in finding this information on our behalf. One of those companies is Cyvellience.”

Note that I am not saying StolenID Search is a web site operated by evil ub3r hackers. I am not saying you can’t trust the folks holding this information to protect the information you enter or the information they already have. I’m not even saying you will be exposed to any actual risk of identity theft if you use the site. I’m pointing this site out and warning against using it because giving out this information online just isn’t something you should ever do when you can avoid it. If you ever see something like this, please think carefully about what risk you are taking sending this information to people unknown. The site seems to have the recommendation of some seemingly trustworthy security and privacy resources. The site may be run by the most trustworthy people in the universe, and a chorus of angels may accompany everyone associated with the site to protect them from ever suffering ill. That still doesn’t make me feel I should send them my SSN.

[tags]Brilliant way to steal identities online, How to dupe trusting people[/tags]

A (loooong) analysis of the cost of DRM in Windows Vista

I’ll admit to posting this before I’ve finished reading it, but if I don’t, I’ll have forgotten it all by the time my readers get through it. I am still working through this massive Cost Analysis of Windows Content Protection by Peter Gutmann (and a shorter link for extra goodness). As the title suggests, it is a deep look at the cost of content protection and user rights restrictions in Windows Vista. There is also a response at the end to a rebuttal Microsoft made of the analysis (shorter link for linebreak protection).

Here is the executive summary. If you are going to read this (I will, and I hope others do as well), be prepared to invest some time so you really understand it and the rebuttal.

Windows Vista includes an extensive reworking of core OS elements in order to provide content protection for so-called “premium content”, typically HD data from Blu-Ray and HD-DVD sources. Providing this protection incurs considerable costs in terms of system performance, system stability, technical support overhead, and hardware and software cost. These issues affect not only users of Vista but the entire PC industry, since the effects of the protection measures extend to cover all hardware and software that will ever come into contact with Vista, even if it’s not used directly with Vista (for example hardware in a Macintosh computer or on a Linux server). This document analyses the cost involved in Vista’s content protection, and the collateral damage that this incurs throughout the computer industry.

Do you think rights restrictions are a good idea? Does this analysis change your view of digital rights mangling (DRM) controls?

[tags]A cost analysis of Windows contect protection, Analysis of Vista DRM costs with MS rebuttal and author’s reply to that[/tags]