BreachExchange mailing list archives
Re: At Least 20 Big-Name Passports Breached
From: "Max Hozven" <mhozven () tealeaf com>
Date: Thu, 27 Mar 2008 16:33:28 -0700
Well, I don't know if we'll ever find a way to hide our contact info (name, address, phone, etc) from public databases as this inevitably ends up in county records, etc and gets sucked into databases. Regarding identity theft for the purpose of siphoning off bank-accounts (which is one of the worst-case end result risks), etc, maybe corporations need to add an option of "anonymous" accounts, like the "Swiss Bank Accounts" where you are only identified by a number. They could also issue you an electronic card, where you would enter your account-number and it would generate you an "effective" account number to use for customer service like a cell-phone, that communicates back to the company's base for keys/instructions). Similar to a cryptographic card some companies use for VPN access, etc. So if John Smith opened an account (at a branch, where some identification was provided), they would issue him account number 123456789 and an electronic card. When he calls the bank to do a transaction, he enters 123456789 on his personal electronic card, and gets his effective account number for the day "358749123"). So, for someone to pose as John Smith, so siphon some money out of his account, they'd have to jump a number of hurdles. In the end, everything is hackable, but adding hurdles, should lower the probability of an effective hack. Adding the overhead of electronic cards, etc, isn't cheap, adds complexity, etc, but would be a nice option for some people. And this doesn't solve the problem of people opening up new accounts, to perpetrate identity theft. -Max Note: Opinions expressed are solely my own. -----Original Message----- From: dataloss-bounces () attrition org [mailto:dataloss-bounces () attrition org] On Behalf Of Allan Friedman Sent: Thursday, March 27, 2008 11:59 AM To: dataloss () attrition org Subject: Re: [Dataloss] At Least 20 Big-Name Passports Breached
Another seemingly simple solution would be to flag certain high-profile accounts with an option that requires a supervisor's electronic okay to open a record.
Flagging or escalating is fine for presidential candidates and probably academy award winners, but where does that leave you and me, who happen to live next door to anyone with access to a major database. Access control and least privilege are huge privacy issues that we haven't even started to get into: they are human scale rather than technical.
Another seemingly simple solution would be to flag certain high-profile accounts with an option that requires a supervisor's electronic okay to open a record. It seems like what they have now is that certain accounts are flagged
as high-profile (government officials, celebrities, etc) and the management is notified AFTER somebody pulls up the record. Kind of like closing the barn door after the cows have left. -Max
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- At Least 20 Big-Name Passports Breached Richard Forno (Mar 26)
- Re: At Least 20 Big-Name Passports Breached Chris Walsh (Mar 27)
- Re: At Least 20 Big-Name Passports Breached Max Hozven (Mar 27)
- Re: At Least 20 Big-Name Passports Breached Allan Friedman (Mar 27)
- Re: At Least 20 Big-Name Passports Breached Max Hozven (Mar 27)
- Re: At Least 20 Big-Name Passports Breached Jim Kerr (Mar 28)
- Message not available
- Re: At Least 20 Big-Name Passports Breached Allan Friedman (Mar 28)
- Re: At Least 20 Big-Name Passports Breached Jim Kerr (Mar 28)
- Re: At Least 20 Big-Name Passports Breached Casey, Troy # Atlanta (Mar 28)
- Re: At Least 20 Big-Name Passports Breached Max Hozven (Mar 27)
- Re: At Least 20 Big-Name Passports Breached Chris Walsh (Mar 27)