Hi All :)
First of all... due helping my Dad out with his finances (read 84 year
old parent situation :( ) I won't be able to do much research on this site
or the concept for a bit...
First of all... SS*N is not unique (read up on it and you will find that
this is why my COBOL teach Myron Murray taught never to use it by itself as
a unique key for large population databases)
Second, SS*N are definitely out there :( Too many companies don't
protect 'em... H*LL even the Congressional Record has them printed in it!!!
Jim, if you want give me a holler (email :) ) and I will work with you
for the research ... it could make a good paper for InfoSec World 2008 which
I would love to present at :) (out of work CISSP's love to get free
conference attendance by presenting :) hehehe)
BTW, whenever you see this type of thing... it means you have visited
the webpage and therefore really do need to clean your machine!!
When going around googling things and visiting sites ... please
immediately run antivirus and anti-spy programs to check your machine...
SpyBot is very good... as is AdAware... you don't know what your machine has
been exposed to... :(
Art "OpSec ain't just for the Military anymore!" Bahrs
=========================================
Art Bahrs, CISSP
[log in to unmask]
-----Original Message-----
From: HP-3000 Systems Discussion [mailto:[log in to unmask]] On Behalf
Of John Stephens
Sent: Friday, January 18, 2008 08:39
To: [log in to unmask]
Subject: Re: [HP3000-L] OT: googling my own SSN: What are the odds of thiis?
Not sure what you've got here. Baidu is a Chinese
search engine (the Google of China), and the
post.Baidu.com has something to do with their email
service (like gmail for Google). Doesn't seem too
incriminating as far as trafficking in SSNs, though.
--- Jim Mc Coy <[log in to unmask]> wrote:
> I thought this might be a good place to start
> asking, since so many work with applications that
> generate, validate and process account numbers,
> customer ID's and numbers for other identification
> purposes.
>
> There are known to be web sites where ID thiefs
> trade Social Security Numbers and other personal
> information. So I decided to GOOGLE my own SSN to
> see if maybe it would show up on a web site
> somewere. And it did. The only thing is, it's a
> Japanese web site so I have to have someone
> translate it for me so I can find out what it is. I
> am concerned that, even if it appears to be a legit
> site, it could be an ID theft site disuiguised as
> something else. I'm sure it would just be at
> IDTHIEFSRUS.COM
>
> The URL that GOOGLE returns is
> http://post.baidu.com/f?kz=######### (where the #'s
> are replaced by my SSN)
>
> so kz is a parameter being passed to the page and it
> contains my SSN as a value.
>
> Is this something I need to be concerned about? Or
> is it not that unusual for numbers used for other
> purposes to just happen to work out to be U.S. SSNs?
>
> Thanks.
>
> Jim Mc Coy
>
> * To join/leave the list, search archives, change
> list settings, *
> * etc., please visit
> http://raven.utc.edu/archives/hp3000-l.html *
>
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|
