Dan Kaminsky([email protected])@Wed, Nov 17, 2010 at 10:02:32PM -0800:
> On Wed, Nov 17, 2010 at 5:49 PM, Peter Evans <[email protected]> wrote:
> > On Wed, Nov 17, 2010 at 03:58:50PM -0800, Dan Kaminsky wrote:
> >> Did anyone actually read the ruling?
> >> They're basically saying a SSN# isn't an identity.
> >> Given that SSN#'s aren't actually unique in the population, they're, you
> >> know, right.
> >
> > They aren't?
> >
> > I thought they were supposed to be. Like passports and driver's
> > licenses.
>
> Nawp, I was wrong. They're non-random, but unique.
They _should_ be unique. A family member of mine was issued a duplicate
SSN at birth, and only found out about it after the age of 40 when they
noticed that their social security statements were all messed up. It
turns out that the other person on that number hadn't really had jobs most
of their life and was in prison.
Surprise, have some shitty credit!
Oh, and good luck explaining to everyone that your SSN changed at the age
of 50.
--
Bill Weiss
Many environments don't have a well-defined perimeter - they're like Klein
bottles: everything is both inside and outside.
-- Gene Spafford
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
