On Thu, 18 Nov 2010 08:51:17 -0600, Bill Weiss
<houdini+fun...@clanspum.net> wrote:
>Dan Kaminsky(d...@doxpara.com)@Wed, Nov 17, 2010 at 10:02:32PM -0800:
[snip]
>>
>> Nawp, I was wrong. They're non-random, but unique.
>
>They _should_ be unique. A family member of mine was issued a duplicate
>SSN at birth, and only found out about it after the age of 40 when they
>noticed that their social security statements were all messed up. It
>turns out that the other person on that number hadn't really had jobs most
>of their life and was in prison.
>
>Surprise, have some shitty credit!
>
>Oh, and good luck explaining to everyone that your SSN changed at the age
>of 50.
Won't someone please borrow my social security number? I need
the help.
"You need a Social Security number to sign up for utility
services, for example. No Social Security number, no
electricity, gas, phone, or satellite TV. So whats a poor
alien to do? They go down to some local hangout and buy a
Social Security number to give to the utility. This has to
be a legitimate number or it wont fly with utility
computer systems, but does it have to be the customers own
number? Good question.
Heres where we have an interesting business ethics issue.
Say you are the electric company and someone tries to set
up service using a Social Security number that already
exists in your database and is clearly borrowed, bought, or
stolen. What do you do? Most utilities go ahead and set up
the account, because to them what counts is whether the new
customer will actually pay that bill and it turns out that
people operating on such borrowed numbers are more reliable
bill payers than the rest of us. They cant afford to get
in trouble with the electric company because that would
draw attention to them. So there is a tacit agreement
between the parties that a Social Security number must be
provided because thats the rule, but if it happens to be
someone elses Social Security number, well thats okay.
The funny thing about this is the impact it has to have on
the person who was originally assigned that Social Security
number by the U. S. government. Rather than hurt their
credit it actually helps because there is so much evidence
that they are good at paying their bills! Of course the
credit bureau notices something and thats why they are so
able to estimate numbers in the first place. They know what
Social Security numbers are being overused and can probably
even trace the genealogy of that number as it makes its way
across the country. Heres an amazing fact: some individual
Social Security numbers are in use right now by up to 3,000
people and it isnt at all unusual for a borrowed number to
be used by 200-1,000 people at the same time . . . "
The whole article (recommended) is available here:
http://www.cringely.com/2010/01/predict-me-im-from-the-government/
Good info on one aspect of DHS ineptitude.
I now take a crack at haiku:
I see thee naked
before thou wingest thither.
Thy fingers doth shake.
March into the box!
Zap! Terror clothes are burnt off.
Ha, ha! Bad wig, Dad!
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
