[personal profile] lehser
A nice little report on a nice little analysis of SSNs and how to guess them.  I particularly liked the bit at the end:
"She said many businesses have errantly rely [sic] upon or have moved to redact all but the last four digits of a person's SSN, the very digits that are most unique to an individual." 

So, of course the first 3 digits are based on the zip code from which your application was made (almost certain to be place of birth for those born after ~1988); the middle 2 digits are apparently semi-stable over long periods for a region, and the last four (!) digits are not only FAR too few to be a good hash, but are ALSO the ones most likely to be shown.


Date: 2009-07-07 02:10 pm (UTC)
From: [identity profile] doctorhook.livejournal.com
That's what happens when you don't *plan* your data security. If the US had instituted a properly done national ID number....

Date: 2009-07-07 02:11 pm (UTC)
From: [identity profile] doctorhook.livejournal.com
P.S. That's the second person I seen post a headdesk today. Yay, event clustering!

Date: 2009-07-07 03:42 pm (UTC)
From: [identity profile] lehser.livejournal.com
...or when you use something that's patently not designed to be secure as a national ID. And don't put teeth into the "um, that's really not designed to be a national ID" advisories that the SSA has been issuing for decades.

Not 'til it's WAY too late, anyway.

Date: 2009-07-07 04:30 pm (UTC)
From: [identity profile] doctorhook.livejournal.com
And if it's the only ID there is, then of course people (and more to the point, companies) are going to use it. No amount of warning is going to stop that.



June 2010

131415 16171819

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Sep. 25th, 2017 11:25 am
Powered by Dreamwidth Studios