Security Basics mailing list archives
RE: Weakness in Social Security Numbers Is Found
From: "Lorna Alamri" <lalamri () go-integral com>
Date: Wed, 8 Jul 2009 12:53:30 -0500
Ali, Thanks, This is an interesting article. What the article did not address is that consumers are trained to give out the last 4 numbers of their social security number for authentication. Since the 1st 5 are the easy ones to figure out (44% in a single try if born after 1988) "From the researchers' sample, it was possible to identify in a single try the first five digits for 44 percent of deceased individuals who were born after 1988 and for 7 percent of those born from 1973 to 1988. It was possible to identify all nine digits for 8.5 percent of those born after 1988 in fewer than 1,000 attempts. The accuracy of the prediction system increased for smaller states and for people born after 1988. The accuracy was higher for those born in the late 1980s and after because of rules that led increasingly to the assignment of Social Security numbers at birth. The researchers, for example, reported that they needed 10 or fewer tries to predict all nine digits for 1 out of 20 Social Security numbers assigned in Delaware in 1996." It begs the question should any organization protecting private information (PII), use a SSN as an identifier since it is inherently weak? Companies using the last four SSN digits for authentication need to understand how SSN are generated to understand the risks for using as an authenticator. Lorna -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Ali, Saqib Sent: Wednesday, July 08, 2009 9:29 AM To: security-basics () securityfocus com Subject: Weakness in Social Security Numbers Is Found Read more: http://www.nytimes.com/2009/07/07/us/07numbers.html?_r=2&ref=instapundit saqib http://www.capital-punishment.us ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442 f727d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Weakness in Social Security Numbers Is Found Ali, Saqib (Jul 08)
- RE: Weakness in Social Security Numbers Is Found Lorna Alamri (Jul 09)
- RE: Weakness in Social Security Numbers Is Found ONeill David J (Jul 10)
- Re: Weakness in Social Security Numbers Is Found Kurt Buff (Jul 09)
- <Possible follow-ups>
- Re: Weakness in Social Security Numbers Is Found ron (Jul 13)
- RE: Weakness in Social Security Numbers Is Found Lorna Alamri (Jul 09)