Slashdot Mirror
Dumpster-Diving for Your Identity
The NYT magazine has a story titled Dumpster-Diving for Your Identity - the author interviews two convicted identity thieves talking about their methods and successes.
← Back to Stories (view on slashdot.org)
I tried to use Google News to find a registration-free link. No luck. Will this do?
Dumpster-diving bears at greater risk
It's not about bears stealing your identity, though I pity the bear that applies for a Visa card with a FICO as bad as mine! But it is an interesting tale:
Then there are the people: One older woman set out a batch of syrup-slathered pancakes for the bears, and some parents smeared peanut butter on their children's faces so they could photograph cubs licking it.
Where's Darwin when you need him?
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
Remind me to check my dumpster here at the office for a NYT login...
But seriously, we use a shredding company here at my office for our important papers. They're supposed to do all the shredding "on site" in their truck. Yesterday they were here to empty our shred bins, and they brought in a big trash bin to haul our stuff out to the truck. One of these bins was sitting in the hallway, and no one was around, so I took a peek inside. It was papers from an accounting firm down the street! I mean, we're supposed to be paying these guys to keep our info secure, but here they are waiting until their bin is full before they shred anything?! Needless to say, I had a long conversation with our facilities manager after this...
If you want something done right, better do it yourself! I'm now using a $30 shredder BEFORE I dump anything in our shred bins! Who knows where our important documents have been travelling to before they actually got shredded?!
This is why I burn all my important docs, credit card offers, old checks, etc... at home, who knows who is going through your trash? All they need is an account number, and a shredded document can be taped back together with enough motivation and time... (although with some people being easy marks, I guess the harder you can make it, the better!)
My local police department recently published a blurb asking residents to dispose of identity theft-related materials (e.g., financial statements, anything with a SSN, etc.) in the ordinary garbage, instead of the "mixed paper" recycling bins as we've been asked by the rest of the city government.
It seems that identity thieves are very happy about the shared, clean, and portable "mixed paper" recycling containers found throughout my (rather affluent) city, and they tend to pick them up, quickly sort through the cereal and microwave dinner boxes for the good stuff, and have the container back before anyone notices.
Presumably today's dumpster divers have the luxury of avoiding coffee grounds, so you can go a long way towards protecting yourself by dumping the financial correspondence in with the smelly stuff.
I produce very few pieces of paper that have sensitive information like this. I am more worried about the information on my computer, which is sensitive. Companies, on the other hand, do need to worry.
If my answers frighten you, stop asking scary questions.
If you're so worried about ID theft, then maybe you should keep a close eye on your credit card bills, credit scores, etc.. Buy a paper shredder. Shred all bank statements and whatnot before you throw them out. Internet-shminternet, dumpster diving is the fastest way to someone's finances. Get the carbons at the gas station, or stores where they still use the old carbon-thinger credit card machine.
I knew someone who got screwed big time by a gas station who would keep the carbons, and double bill her every time she filled up, the cash going straight into the owners pocket. She was a dope for letting it go on so long, as she never bothered scrutinizing her Visa bills. Turned out the station was owned by a Russian mobster. This was long before the world wide weeb.
Just don't toss your sensitive data into the dumpster where any bum can get your CC number.
What if all your bills are past due? Then it doesn't matter. It's like that old joke (or is it a scene from a movie?)...
"A thief stole my credit card and has been using it for the past couple of months."
"Oh my! Why haven't you reported it?"
"Because it still works out to be cheaper than me using it!"
Small potatoes make the steak look bigger.
This is the reason i have a fireplace in addition to central heat and air. Well, that and the fact that i like making smores.
I've always taken a few moments to shred my bank machine receipts when I get them. Since sorting for recycling takes time anyway, I've always gone through it and shredded anything remotely useful, long before the notion of "identity theft" became mainstream.
Honestly, if people would just be a bit more paranoid, and not worry about being casual with risk as a fashion statement, these guys would have a lot less to go on.
That's with regard to personal papers. Businesses should know better, and should get their asses sued for failing to protect sensitive information that was entrusted to them by their clients.
Shredders are a form of technology, last time I checked. And, seeing as how this story comes straight from the "buy-a-shredder" department, it is directly related to shredders and is thus quite applicable to technology in general.
Go buy a shredder and port Linux to it today!
I'd argue that was nothing but a slap on the wrist, and not much of a deterrent to future fraudsters.
Outside of a dog, a book is man's best friend. Inside a dog it's too dark to read. - Groucho Marx
Im not saying Im agreeing with the parent post, but if you do, please remember that certain papers must be filed by you for a period of up to 10 years.. so you might want to do what most people in this situation does: buy a small file-safe... othervise you might end up having troubles with the IRS, and we dont want that, do we?
Here is an interesting couple of articles on identity theft by Robert X. Cringely (or Mark Stephens, depending on your version of reality).
Ego, Super-ego, and ID Theft
How to Steal $65 Billion
Dogma - "let's just say we'd like to avoid any empirical entanglements."
The New-York "registration required" Times running an article on people fishing for other people's personal information, that's amusing ...
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Quick question...since personal shredders are only $30, why does your company use the shredding service at all? It would probably be cheaper to outfit every employee (or at least every department) with their own shredder than pay for 2 months of that service, when you empty your personal shredders, just use ordinary recycling for the shreds.
Jason
ProfQuotes
A little googling resulted in the same basic story without the registration:
refers to future article in NY Times
and
Over a year ago on CBS News
Why do I need to do that? I know who I am..
One electronic version of "dumpster diving" would be looking through a company's website/anonymous FTP server. Sometimes, a few moronic folks decide to store otherwise-vital information in these "undisclosed" locations that anyone can get into over the web.
Somewhat popular among the consulting types, they upload client data to an FTP server, then fly off to the client's office, and download it from there...or maybe use it as a means to "share" data among themselves. Some forget to password-protect it, relying instead on security through obscurity.
How is this related to dumpster diving? Well, if you look hard enough, those servers are just like public-access trash bins fit for people to...um...recycle data.
If you're a consulting group, make sure you treat your client data with absolute confidentiality. If you're a business working with consultants, make sure they don't leak your info to the world.
>>Remind me to check my dumpster here at the office for a NYT login...
Use this to randomly generate a login for you
http://www.majcher.com/nytview.html
...burn it in the barbeque, or in a fireplace if you have one.
Dumpster-Diving for Your Identity
By STEPHEN MIHM
Published: December 21, 2003
tephen Massey was only a few minutes late, yet he apologized profusely as he strode into the lobby of a crowded restaurant in downtown Eugene, Ore. ''I'm very punctual about my time,'' he said, clasping my hand in a firm shake. With his freshly combed hair, crisp white shirt and trimmed mustache, he looked like an off-duty cop or fireman -- a ''pillar of the community,'' as he later described himself, a wolfish smile playing across his lips. Far from it: Massey, 39, directed one of the most extensive and notorious identity-theft rings prosecuted so far by federal authorities. By the time investigators broke the case, Massey and his partner in crime, a computer whiz named Kari Melton, had ruined hundreds of people's credit. A judge sentenced them to prison in 2000; Melton was released in 2001, Massey the next year.
Advertisement
The Federal Trade Commission estimates that identity theft costs nearly $53 billion annually. Some seven million people were victimized in 2002. Yet little is known about how the perpetrators actually operate. It's a popular perception that most identity theft happens on the Internet, but over the course of dinner, Massey quickly made clear that low-tech methods of getting people's personal information are far more effective. ''Every day was exciting,'' he recalled between mouthfuls of potato skins. ''We went to Vegas, Atlantic City. We made a business of it. It was like James Bond . . . 'Mission: Impossible.'''
In late October, Massey disappeared, violating the terms of his supervised release and prompting a national warrant for his arrest. It had become clear to me in five months of interviews that not everything he said was to be trusted, although much of it was verified by the detectives and prosecutors who had already investigated his crimes and by Kari Melton. As for Massey's current whereabouts, Steve Williams, a detective in the Eugene Police Department, who worked on the first case against Massey and is once again on his trail, said: ''My gut feeling is that he is in the Seattle area'' -- where he has family -- ''back to his old tricks, doing drugs, identity theft and counterfeit checks.''
If Massey has indeed resumed operations, it's a sure thing that he's not working alone. His identity-theft crimes depended on the work of a carefully built ring, one that employed hordes of petty thieves and drug addicts. If he sticks to his old techniques, his crimes will originate in Dumpsters and garbage cans, where information can be culled from discarded personnel files and other trash. It's not the most glamorous crime, but that doesn't make it any less devastating to its victims.
Discovering the Dump
Massey's life began to unravel in his late 20's, soon after he started experimenting with the highly addictive stimulant methamphetamine. Before that, Massey achieved some semblance of success, managing an awning-maintenance company, marrying and, with his wife, having two daughters. Then he and his wife divorced in 1992. Soon after, he remarried, and divorced a year later. His business began to decline. Sometime in the mid-90's, his teenage girlfriend offered him some meth. ''So here I am with no place to live, on the rebound and with a habit,'' Massey recounted. ''Who wants to look for a job again?'' Massey began hanging out with a much younger crowd of meth addicts, called ''tweakers,'' and forging checks to feed his drug use. It was during this time that he began to wonder if he could hijack people's identities for profit. He stumbled onto the answer soon after, when the meth-heads invited him to go ''Dumpster diving'' for junk. Massey and the teenagers piled into his Ford Explorer and drove to the outskirts of Eugene.
''It was the first time I had ever been to the dump,'' Massey recalled, wrinkling his nose. ''I said, 'I'm not going to get dirty,' so I wandered over to a shed where the recycling was stored. I notice there's a big barrel for rec
a fiancee of my cousin (who is in the Air Force), says that US military top secret documents, which are destined for destruction, have to be escorted by 2 armed guards, and thrown into an oven which bakes the quadruple-shredded-and-reshredded dust of the formerly top-secret document at 1600 F for 1 hour.
There are a huge number of yeast infections in this county. Probably because we're downriver from the bread factory.
Fireplaces produce too much air pollution. The ecologically correct way to dispose of these sensitive documents is to first shred them. Then mix the paper shredding into your backyard compost bin or worm bin and let nature dispose of it cleanly.
I doubt that many id theives would want to rummage through your compost bin, if they even thought to look there in the first place.
For added security, add a couple of large dogs to your backyard. They will help deter personal property thieves in addition to compost-diving identity thieves!
This is not a new technique and doesn't seem worthy of a Slashdot story. Low tech identity theft is nothing new or hard to do.
-=- Many seek good nights and lose good days.
While I cannot say for what reasons the poster above uses professional shredding services, I do know why such services still exist.
The difference between a $30 Office-Depot Shredder and a good commercial shredder is significant. The Cheapo shredder usually shredes only vertically, and does so usually so that there are about 20 cuts down one page. People sending 3-4 documents in at once will find that they have those 3-4 documents nearly intact, just cut into 20 vertical peices which are easy to put back together if someone is careful in extraction.
On the other hand, good commercial shredders litterall demolish the paper, turning it into sawdust like material that would be impossible (virtually) to reconstruct. Along these same lines, good document security companies use combination of methods, not just shredding to ensure security (read: chemical treatment, randomization, etc).
Brushfireb
If your mailbox is on the curbside like mine, seriously consider getting a secure lockable one where the mailman can only drop mail off, but a key is required to retreive it. I just received mine from oregontrailbox. I did some research, there are a few places that sell those under different names, but the ones I liked are actually the same box that seems to be manufactured by pinnacle (or pinnacle is yet another reseller of the same box made by a unknown third party....)
In any event, I will be installing my Heavy Duty Standard tomorrow...
--
OpenHosting Virtual Servers for the geeks.
"How, exactly does this apply to technology? Am I mistaken by assuming this is a "news for nerds" website? Oh well..."
Hmmm... I can't find the word technology in the phrase "news for nerds, stuff that matters." I even tried CTRL + F. No luck. I'm having serious trouble finding the source of your complaint here. Help?
"Derp de derp."
I have had way too many people asking for my SSN in the last few years. It started with my dentist's secretary demanding it, and when I declined to provide it, she insisted that they needed it for my dental records.
I told her, "You're not offering me a job, and I'm not opening an iterest-bearing account with you. You don't need my SSN, and you're not getting it."
About a month ago, a freaking cell phone provider asked me for an SSN just to get an account with them? WTF?
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
since personal shredders are only $30, why does your company use the shredding service at all? It would probably be cheaper to outfit every employee (or at least every department) with their own shredder than pay for 2 months of that service
;)
Because $30 personal shredders suck ass. They're cheaply made, their motors burn up if you put more than 5 sheets at a time through them with any regularity, and they jam very easily.
Spend a hundred for each one and you might get something worth using.
Spend $1500 for a serious industrial crosscut confetti model and let 30 employees share it and your company is probably far better off than with either of the above options, or the shredding service.
Bonus points if the company then sells the shredded paper *directly* to a pulp mill
p
In Korea, long hair is for old people!
That is why I recycle all my personal papers into tinder for my wood stove.
Properly rolled and bound newpaper "logs" burn for a long time, and give up some nice heat.
I use the cheap single cut shredder to shred everything with personal info, this is good enough for starting the fire.
I cut the address from my old trade periodicals before I drop them off at the waiting room at my Doctor's office. Better computer magazines than Women's Day.
Now before all of you green geeks flame me, the county stopped collecting paper, ever since the price dropped. They had a scandal when it was exposed that they were dumping sorted recycle paper in the landfill with regular garbage.
As far as I know they still properly recycle glass, plastic and metals.
That's one of the reasons the military and (some) government agencies have adopted standarized protocols to deal with this kind of stuff and generally are quick to reprimand those who violate policy.
Many security problems these days have to do with the fact that people for some reason refuse to apply common sense -- requiring people to wear ID tags at all times and conducting thorough background checks is not going to do any good if you just dispose of confidential documents into some backyard alley dumpster.
If jail space is the issue, stop locking up drug offenders and/or bring back corporal punishment. A nice "IDENTITY THIEF" brand on the forehead would be a good start. Perhaps reversed so they can read it for themselves in the mirror every day. My other thought is a tattoo on the fingers, one ring for each guilty conviction. Heck, I'd even chip in for some local for the schmucks, because they are going to have hell getting the time of day from anyone in the street.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
When I read about guys like this - they are always idiots. Basically he got caught because he was hanging around a bunch of crazy drug addicts.
I keep wondering if for every guy like this they catch, there must be like 3 guys who are really careful and "normal people" (i.e. professionally minded, don't take drugs or hang around prostitutes, etc.) who do these type of crimes to build up some large amount of money, then move someplace and live off the interest. Those would be the guys that would be real hard to catch.
I wonder if those kind of criminals exist and in what numbers?
Avoid Missing Ball for High Score
The cost of having every employee or department having their own shredder isn't restricted to the initial $30/seat investment. There's also the time involved in shredding documents.
Probably not a good example, but:
I once had a job which involved faxing purchase orders to suppliers. When I first started, the process was:
- Print batch of purchase orders.
- Go to accounting department. (I didn't have a fax machine on my desk.)
- Fax each purchase order individually.
This process consumed 2 to 3 hours of each of my days.COST: 2 to 3 hours employee time per day.
SAVINGS: $100 one-time cost of fax machine
Upper management greatly improved the situation when they donated a fax machine from their office for my desk...because it didn't meet their needs - it didn't automatically identify the sender in the page headers.
COST: 45 to 60 minutes employee time per day; plus additional 40 minutes of long-distance calling per day for the header page.
SAVINGS: $100 one-time cost of fax machine; 2 to 2-1/4 hours employee time per day.
Although it saved the daily trip to the accounting office, faxing now required a header page identifying where the fax was coming from. At least I could be mostly-productive while doing the mindless hours of fax work.
Eventually, we did end up with a fax modem which was connected directly to the mainframe which saved even more time.
COST: $300 for the fax modem; software written in-house in about an hour
SAVINGS: 2 to 3 hours of employee time per day
Queue batch of purchase orders.
Time is money - even if it is 15 minutes.
He had all sorts of personal data in his home direcrtory: passport & visa applications, paycheck stubs for several years, copies of expense accounts including scans of credit card statements, info about his retirement from the company we used to be a part of, ...
Once I realized what it was I rm'ed it, but what would posses a supposedly rational person to not only save this data to a networked machine at work but to leave it there after leaving the company?
"Glory is fleeting, but obscurity is forever." --Napoleon Bonaparte
Getting all your employees to do it is the main problem. There is no way you're going to get the consistency you need.
Another reason is liability. Having a company you can sue is nicer than having to cut your own throat by firing someone who screws up.
a journalist in my country (Poland) made an investigation about possible uses of Kazaa to find data of national importancy (I cannot find URL now, and the article is written in polish ;).
In just a few hours he found documents related to national security and bussiness. Mostly because careless employers of crucial national institutions carelessly install Kazaa just to download junk, and don't even know (or understand) that they share C:\My Documents\ directory. This is outrageous.
The journalist said that not all national-importancy institutes suffer this sick employers behaviour, but some of them do. Which is proven by simple Kazaa search.
#
#\ @ ? Colonize Mars
#
$30 personal shredders won't handle many items such as old badges, bernoulli disks, floppies, backup tapes, CD's, last year's Xmas fruitcake, whistleblowers, etc.
""Initially they were Dumpster diving (a few years ago), but now they've actually progressed into tearing open black garbage bags in cans that don't have lids," said Jessy Coltrane, the assistant area biologist for the Alaska Department of Fish and Game. "When moose start getting into garbage, they're almost worse than bears because they're pretty persistent about it."
...because something even more invasive would be put in its place. The Devil that ya know, and all that.
We don't even need to pass new laws to restrict the use of the SSN, because we already have them. It's not supposed to be used for any identification purpose other than actual Social Security.
Once again, the problem is not lack of laws. It's lack of enforcement. (Look at Bush and Kenny Boy, and tell me if you're surprised.)
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
we will continue to have situations where the banks don't give a damn about your identity being stolen, and will continue to refuse assisting in investigations.
Why should they? It's a 100% writeoff.
Start changing the writeoff to 95% next year, 90% the year after that, 85% 3rd year, and see how fast they change their attitude.
We use a shredding company to do our work as well. The papers are put into a loosely locked box and picked up monthly.
The man who picks ours up is a toy short of a happy meal. He rarely says more than an incoherent mumble or two. Something usually about the damn lock on the door (I share his frustration).
We started using them after we shred about 5000 pounds of confidential data. I filled 12 large bins that they provided for us. These were probably 3.5 feet tall and large enough for at least two of my fat asses to fit inside easily.
Why do we use them? Because it would take me two or three days to destroy a single box of paper records that we have. I don't have time for that.
It's something like $500 for 5000 pounds. You do the math... Pay an employee $15/hr to shred documents for 3 days ($15 x 8) x 3 or $500 for 5000 pounds.
A credit rejected letter is an identity theifs DREAM! by law, credit rejection letters contain not only pertinent stuff like your social security number, but they must give you a copy of your credit report if asked to show why you were denied. Once a thief gets your credit report it is all over. the credit report has every bank account and credit card number you own. as well as a lot of other personal info.
http://notanumber.net/
The two primary examples of this use are the medical profession adn the Motor Vehicles establishment, both of whom seem to think the SSN is a handy Unique ID. Obviously, this magnifies the security risk for anyone who complies. Here's how to deal with both.
When you sign up for health insurance, fill in the SSN field with the phrase "assign ID". Sometimes they will just do it, but usually some clerk will complain that you haven't completed the form, they can't process it, etc. Firmly explain (often several times) that this is illegal, and that their companies have procedures to handle this, and that they need to speak to their manager. They will soon return with a sheepish demeanor, and you will get an ID in the SSN format.
Now, whenever you go to ANY doctor, dentist, hospital, or whatever, fill in this assigned ID as your SSN on their form. If asked whether this is your SSN, simply respond that "This is the correct ID.", and do not let pressure you into revealing your SSN.
The DMV and police may be easier or more difficult to deal with. The DMV should have a checkbox on the form which allows you to decline using the SSN, usually with some corresponding inconvenience. E.g., some states will require you to come in for renewed licenses, whereas they will mail them if your SSN is in their system. If your state doesn't have this option and you cannot argue them out of it, transposing a few digits might not be a bad idea.
When dealing with the police (e.g., in a speeding ticket situation), I've found it is best not to tell them that their request for your SSN is illegal. Best to just say that you don't remember it. Of course you don't want to give false information, right?
These tactics will obviously not close all vulnerabilities, but they will eliminate two major potential sources of identity theft. Good Luck.
If it is not bad intention, it is just stupidity. For a while, I had a fax number, which was the same as that of some medical lab (or insurance company) -- except for the area code.
Twice a week a fax would arrive from a doctor's office in my area -- thanks to an absent minded "office manager" or some such. Due to the nature of the business, all faxes contained not only the patients' names, SS#, but also diagnoses, health histories -- the works! I called them back every time -- boy, were the morons surprised... They never even bothered to check the fax ID string, which I had configured to my company's name.
Not to give any ideas, but how difficult is it for a scumbag to get a phone number similar to that of a claims department of an insurance company?.. Or a mortgage department of a bank? You can guess the other steps she/he will need to make. Mind you, completely passive and impossible to detect. No dumpster diving involved either -- totally white-collar job...
We can moan about the need to use encryption and authentication, but faxes don't have this feature at all. As long as this sort of information passes over telephone lines unencrypted, your info is not safe.
In Soviet Washington the swamp drains you.
What about idiot colleges who require are not allowed (legally) to request your social security number, but anyone can ask for your "student ID" which is coincidently the same?
(all sarcasm aside, really what could one do?)
yes but those ads imply most of it's over the internet; it's not. I had my identy stolen in 1995, when i was a college student -- taken from a job application in NYC. The worst part was, after i found out, and the bank had me fill out an affidavit of fraud, my student loans were cancelled for bad credit. I called and explained the situation, and they restored my loans at a higher interest rate because now i was a "credit risk" due to my credit report having to be cleansed. I wish i could have hunted down the guy and smacked him around some
The Cheapo shredder usually shredes only vertically, and does so usually so that there are about 20 cuts down one page
...
On the other hand, good commercial shredders litterall demolish the paper, turning it into sawdust like material that would be impossible (virtually) to reconstruct.
I have the second-cheapest cross-shredder I could buy from WallyWorld (Yeah, I know, evil, but show me a Mom&Pop that carries cross-shredders). For USD$25, I end up with 0.25" by 1.5" confetti. Good luck putting that back together.
And for a teensy bit extra security, when I empty the bin, I dump a cup of water on it for good measure. 15 minutes later I have paper mache - Even if you could still recognize a word here and there, how do you scoop it out of the wet blob to reassemble without obliterating it?. I suppose I could go a step further and burn it as well, but really, why bother? Anyone wanting my personal data that badly can get it a lot easier than searching my garbage for paper mush.
The easiest problem to attack here is that it's too easy to open a credit card account. If this were made a grueling, lengthy process requiring written correspondence, with extra safeguards for changing addresses, then all the credit card side of identity theft would be mooted.
The FTC website says that if you're the victim of identity theft, you can contact the credit bureaus to put a FRAUD WARNING on the top of your credit card report. This makes me wonder whether we should all just do this anyway.
I have read that in Europe, getting a credit card is difficult and not instantaneous, and that identity theft (at least, on the credit card side) is less of a problem.
OK, I'll burn some karma here by being off-topic and politically incorrect. I don't understand why everyone seems to be so concerned about NYT registration. I registered years ago, and just out of curiosity I looked at my user profile just now. It showed an old, long-defunct email address and a fraudulant zip code. There were some other demographic drop-down boxes that I had never selected. So what's the big deal? I had to supply an email address to register for /. too. Neither one has abused that information AFAIK.
I'm looking to get a memory hole installed in my house actualy.
Dumpster-diving is my identity!
How about changing the law so lenders are required to verify the identity of the people they lend money to? If they don't, they would be prohibited from taking any legal action against the debtor, referring the debt to a collection agency, or putting a black mark on the debtor's credit record. The identity verification process would have to meet high standards, comparable to what the government requires before issuing sensitive licenses and identification documents. Maybe a current photograph, thumbprint, and signature, collected by someone like a notary public or other trusted person, and submitted directly to the creditor.
Mea navis aericumbens anguillis abundat
I don't know exactly how this is setup, but my father has some type of high-security flag set with the credit agencies. I found out about when he cosigned for a loan with me. He owns his own business and his business had identity-theft problems a few years back.
So basically how it works, is that there's a phone number specified on his credit report and a secret question and answer. So if anyone makes an attempt to check my father's credit history, or take out credit in his name or SSN, the creditor must call the listed phone number and my father must answer the phone. They identify themselves and what creditor they're representing. Then they ask the security question and my father gives the correct answer. Now business can proceed as usual.
It gets more secure when the security question/answer must be changed each time it's used. Plus, changing the phone number requires a 30-day written notice.
I think that's a GREAT idea... Why don't more people implement that? Once I get some actual credit, instead of just Student Loans, I'm going to put that security measure on MY credit!
"One touch of Darwin makes the whole world kin." George Bernard Shaw
Easiest solution to this whole mess, and one I'm seriously considering.
1. Buy a personal cheapo shredder with a small wastebasket and shred stuff until the basket is full.
2. Buy a beanbag chair.
3. Remove the styrofoam packing peanuts from the beanbag chair, they'll be mashed flat and useless in a week anyway.
4. Place the shredded documents into the beanbag chair.
5. Repeat until the beanbag chair reaches the desired firmness.
Instant furniture, very comfy when playing games.
"Why Subscribe?" Good question...
If you check your own credit report with the the credit bureaus, it does not get reflected on your credit rating.
Banks don't get to see how often you check your report.
-
"Vengeance is fine," sayeth the Lord.
I cant believe you people don't simply get the free registration to New York times Magazine. This article is very useful to help you protect your identity. To register you just have to give your email, gender, zip code, date of birth, address, industry in which you work, household income range, job title, credit card number, ATM nip and the last ten years of data of your tax income.
Yahh, hiii haaaaa! -Major Kong, from Dr. Strangelove
If you feel you're being spied-on by individuals poking through your garbage, toss into the bag a few carefully selected, ummm, "leavings" as a bonus for the sifters.
This should point the searchers in a different direction, causing them to move on to a more attractive find, much as car alarms doo.
It is a well known fact that if you keep crumpling up a piece of paper over and over, it gets so soft you can use it as asswipe. Let someone try to get the information off that!
From excellent karma to terible karma with a single +5 funny post...
Yes, slashdot personals. It's part of the new OSDN - Open Source Dating Network.
Dating must go by the GPL - General Personal License, where if you date someone, you may only continue to date them if they may also date others. This however, is not a viral license. If you already have a partner and pick up another GPL'd partner you need not give up your original partner.
It's really quite simple.
Having abhorrently bad credit is the best way to protect your financial assets. No one is going to get a credit card under MY name, that's for damn sure.
Easy way to do it is to not pay a utility at an old residence (People's Energy is trying to extort $50 for the 0.07 therms of natural gas I used at my last apartment, and they will never see a dime of it. And no, I'm not kidding about the 7/100ths of a therm.)
Slashdot is proof that Sturgeon's Law applies to mankind.
By law, with few exceptions relating to the government, you are not obligated to give *anyone* your social security number. This is protected by the Fair Credit Billing Act of 1976 and the 1974 Privacy ACt. The ACLU has some good info on your rights andn your SSN.
In addition, there's the "liability" factor.
If someone happens to get ahold of your sensitive data, it's nice for the bigwigs to have someone to blame other than themselves....
Think about it. Someone forgets to shred some confidential documents in their own personal shredder, and they get into the dumpster intact. That would be a whole lotta egg on the company. But, if the shredding company acidentally let a document "leak", then they'd probably lose more than just face... they'd probably lose a lotta money!
Karnal
I can vouch for the effectiveness of dumpster diving; I snarfed the entire budget info for the science dept. in college once. Interesting reading, too.
C|N>K
No, really. Three gerbils = 1 5-year-old in terms of destructive capacity. Just feed sheets of paper into the cage, and stand back. It takes a little longer, but you still end up with confetti.
Having a security clearance, I can vouch for the fact that few techniques that don't involve fire destroy documents so thoroughly as rodents.
And there lies the answer. You don't have to perfectly destroy the papers. Just make it cost more to get the data than the data's worth. Even the most basic methods (straight shredder) will deter most thieves. Unless you're being specifically targeted, there's always the idiot down the street (or next door) that's an easier target.
It seems to me that the problem is a social one, not a technological one, and therefore we should be looking for solutions in the social domain.
..... usually official letters such as gas / electricity statements and bank statements for your address, and a passport or driving licence for your signature and photo. If you join a video club, for example, you might have to produce two bills and a signature, and you'll get a card which is only good for renting videos; there is no information on the video card that links it back to the papers you submitted. Of course you could mug someone on their way to or from joining a video club and get their papers that way, but if you already knew what they were about to do you probably already know enough about them.
..... but it's recognised that the name and address aren't enough, so other documents are also usually required. {And if, say, my electric bill shows I paid 10 last Saturday, they might want to see my payment card and make sure the account number matches.} Most places also require a signature, and you may even be required to sign the form in front of them. It does take skill to forge signatures with an audience ..... I could do a very convincing one of my last-but-one boss's, but nowhere near as quickly as he could.
..... there is a published part known to everybody, a secret part known only to one individual and a mathematical relationship that makes it difficult to determine the secret part from the published part. If I just send you ajs318's public key, that doesn't prove I am ajs318. If I sign something with ajs318's secret key, and you can recover it with ajs318's public key, then that at least proves I know ajs318's secret key, and there's a better chance that I might actually be ajs318. It seems to me that the SSN {which identifies without authentiation} is being misused.
Somebody who knows me is better qualified to say "That is the real ajs318" {or not} than some piece of machinery ever will be. A human being can check subtle things like signatures far more reliably than a machine. But the corporate mentality seems to be far too trusting of machines and far too distrustful of human beings. It's well known that humans make mistakes, but who designed and built the machines?
In Britain, we have a National Insurance Number as a unique per-person identifier, but it is only used for taxation purposes. Also, your employer is responsible for stopping your tax right out of your wages before you ever see them, making it physically impossible for the working classes to commit tax fraud.
With no national identity card, anyone requiring ID has to seek it from multiple sources
Now, your name and address are published in the telephone directory. So places insist on official letters. Of course these could be forged
It seems the problem in the USA is that the social security number {which uniquely identifies a person} is treated as though it were a secret, unknown to any entity beyond the person it identifies. That clearly is not the case. Look at how PGP works
The other thing is, when you go into somewhere like a newsagent's shop, you are recognised by the regular staff there. {Kids in my old village used to shoplift from the local newsagents' once at most. The items they took got added onto their parents' slate.} The point is, the main identity used in that situation is the person themself, which is hard to forge. In a large impersonal supermarket, there is less potential for recognition, so if you pay by payment card or credit card then they require a signature {though trials are underway where the shopper will merely have to enter a 4-digit PIN, thus relieving the cashier of the responsibility to check a signature and not at all paving the way for brand new opportunities in crime}; on the Internet, none at all.
If you want security, stick with old fashioned pound notes, because they can only steal as many of those as you actually have. And, until they get RFID in money, it's untraceable. You can't look at a 20 note and see it was won in a poker game, for instance.
Je fume. Tu fumes. Nous fûmes!
He was root on an NFS client, browsing files on the server. In that situation, root (on the client) is mapped to nobody on the server, i.e. not very useful.
In order to read the data, he need to change his identity to the file's owner first.
Either you're a troll, or you're a pretty stupid sysadmin for not knowing this.
Or, maybe he had only the root password of a couple of NFS clients, but not the server?
for not destroying his home
If he was not the sysadmin of the server, it was none of his responsibility to do this kind of cleanup when the guy left.
I end up with 0.25" by 1.5" confetti. Good luck putting that back together.
Its simple, you dump the stuff out on a scaner, do a boundry scan and then run length encode each end and then sort thouse. The result is a map of how to put it all back together. No big deal and there is shareware that will do it.
That size of paper is good for running through a blender with a bit of water.
How would I go about finding out if someone else has some form of credit opened in my name?
If the offers you get change, its time to start looking at your credit report. If your getting offers for gold cards and then you start getting offers for secured credit cards, there is a reason and it will be on one of your credit reports.
Also, per our regulations, if you don't run it through the shredder, you have to manually tear up the piece of paper 6 times. This is social security numbers, addresses, medical information, etc.
I have often wondered how wrong this is, but my boss never seems concerned when I bring it up....we are from the government - we are here to help...
Before my illustrative career in IT, I worked in the Facilities dept. of a bank (S&L to be exact). We were responsible for all sorts of things, one of which was transporting cancled checks to storage after microfilming, and after 1 yr retention, we would remove them and hand them over to a recycling company. Potential problems with the path the check took:
After microfilming, they were bundled into archive boxes and handed over to us. We hated that duty. At the time when I was there, we transported the boxes either in the back of a pickup truck or in a van. More than once, a cover blew off and scattered canceled checks down the highway. Yes, we stopped and tried to pick up the ones that got loose...but you know they were'nt all retrieved. Also, more than once after reaching the storage facility, the boxes would sometimes get stacked to high on the carts and I saw at least twice bundles of checks scattered in the snow-ladden street. Those were all retrieved, but God help the poor sucker that needed the original check for court or something. Hope that microfilm was of good quality.
During storage, access was restriced to Records dept. or Facilities...but if anyone in either dept wanted to go into the storage room, there was no checkin/checkout. Anyone that had a key had total unrestriced access to every box in there and the millions of canceled checks, account numbers, addresses, names, phone numbers, signature samples...you get the picture.
Probably the most troublesome to me was after the year was up, we would turn the checks over to some very scary individuals that worked for the recycling company. More than once I saw checks fall out of the barrels and be left in the street for anyone to pickup.
:-)
Now, before you all give me shit for not complaining...I did. I also tried my best to not let any of those things described above happen, but there's only so much I can do.
Eventually, I got out of there, the S&L was bought out and security was tightned up.
Don't EVEN ask about the executive area shredding we did (that we weren't supposed to do but the secretary was too lazy so she had us do it). I had access to the board of directors meetings as well as the hand written notes of the members. And I didn't even have to get dirty in a dumpster.
No, I never used that info for stock trading, never disclosed that to anyone other than my wife, and I destroyed everything I was asked to....mostly.
WTF? Over?
very important. Screw your home dumpster, screw your office. The most dangerous place for your credit cards is where you shop. It's a really bad idea to shop anywhere that prints out credit card receipts w/ full numbers, or takes ( shudder ) a direct print of your card.
Want to know why? The manager that collects all those receipts might be honest enough, but do you know what a lot of those places do w/ their receipts? After anywhere from 1-3 years, a lot of them just throw boxes full of them in the dumpster. A college bookstore I worked at when I was starting college did just that. Literally thousands of credit card receipts w/ full pin numbers, signatures, and names in the bin. A lot places shred that receipts when they're done, but some don't. And think of the traffic a college bookstore generates.
Before you say anything like "well, you didn't have an id, address, or a social or anything like that", imagine the damage I could have done had I been so inclined to steal some of those numbers and then used them where I had a friend on the inside. Or done the digging to find that person's SSN, address, or whatever.
Trust me, I was so tempted to finance the rest of college education w/ a little bit of scamming. Thankfully, I had a hellish cunt of a girlfriend that ruined my life so badly that I dropped out of college and went to work in IT.
Damn...now that I think about, maybe theft was the better option...
PC moderators can suck my White pierced, tattooed dick. If you think pride == hate, s/dick/Aryan meat mallet/g.