|
|
Security Basics
Weakness in Social Security Numbers Is Found Jul 08 2009 02:28PM Ali, Saqib (docbook xml gmail com) (2 replies) Re: Weakness in Social Security Numbers Is Found Jul 08 2009 06:37PM Kurt Buff (kurt buff gmail com) |
|
Privacy Statement |
Thanks, This is an interesting article. What the article did not address
is that consumers are trained to give out the last 4 numbers of their
social security number for authentication. Since the 1st 5 are the easy
ones to figure out (44% in a single try if born after 1988)
"From the researchers' sample, it was possible to identify in a
single try the first five digits for 44 percent of deceased individuals
who were born after 1988 and for 7 percent of those born from 1973 to
1988. It was possible to identify all nine digits for 8.5 percent of
those born after 1988 in fewer than 1,000 attempts.
The accuracy of the prediction system increased for smaller
states and for people born after 1988. The accuracy was higher for those
born in the late 1980s and after because of rules that led
increasingly to the assignment of Social Security numbers at birth. The
researchers, for example, reported that they needed 10 or fewer
tries to predict all nine digits for 1 out of 20 Social Security numbers
assigned in Delaware in 1996."
It begs the question should any organization protecting private
information (PII), use a SSN as an identifier since it is inherently
weak? Companies using the last four SSN digits for authentication need
to understand how SSN are generated to understand the risks for using as
an authenticator.
Lorna
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of Ali, Saqib
Sent: Wednesday, July 08, 2009 9:29 AM
To: security-basics (at) securityfocus (dot) com [email concealed]
Subject: Weakness in Social Security Numbers Is Found
Read more:
http://www.nytimes.com/2009/07/07/us/07numbers.html?_r=2&ref=instapundit
saqib
http://www.capital-punishment.us
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an
SSL certificate. We look at how SSL works, how it benefits your company
and how your customers can tell if a site is secure. You will find out
how to test, purchase, install and use a thawte Digital Certificate on
your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]