<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Sun, Sep 10, 2017 at 11:25 AM, Henry Baker <span dir="ltr"><<a href="mailto:hbaker1@pipeline.com" target="_blank">hbaker1@pipeline.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">FYI --<br>
<a href="https://www.troyhunt.com/introducing-306-million-freely-downloadable-pwned-passwords/" rel="noreferrer" target="_blank">https://www.troyhunt.com/<wbr>introducing-306-million-<wbr>freely-downloadable-pwned-<wbr>passwords/</a><br>
<br>
Introducing 306 Million Freely Downloadable Pwned Passwords.</blockquote><div>....</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
"The entire collection of 306 million hashed passwords can be directly downloaded<br></blockquote><div>....</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Ok, all you crypto wizards: here's a real-world problem that needs to be solved.<br></blockquote><div><br></div><div>This is only one of numerous toxic and poisonous nuts in the set of Equifax generated problems. <br><br></div><div>Equifax and other credit validation services have a series of risks </div><div>that are ill defined in the law.</div><div><br>They (EquiFax) were contracted to watch dog Target customers... now they may be in breach of the Target payments and settlements especially if they abused the information they got from Target. Target wrote the contract and thus has a liability risk as that tree shakes as does Equifax...<br><br>Equifax seems to be slurping up data left and right in the wake of this and apparently </div><div>the 1 in 1000 social security number plus name hack creates more risk than is obvious.<br>i.e. Name plus <span style="color:rgb(69,85,95);font-family:"Open Sans",Arial,sans-serif;font-size:14px;font-weight:bold">Last 6 Digits of Social Security Number... </span><br>Equifax might have been used by a real estate company and not notify the client which financial service check was used. So anyone is at risk... <br><br>Credit locks may need to be made in half a dozen perhaps more services.<br>The process of locking and unlocking is not free...<br><a href="https://www.nytimes.com/2017/09/08/your-money/identity-theft/equifaxs-instructions-are-confusing-heres-what-to-do-now.html">https://www.nytimes.com/2017/09/08/your-money/identity-theft/equifaxs-instructions-are-confusing-heres-what-to-do-now.html</a><br></div><div><a href="https://www.wsj.com/articles/putting-a-freeze-on-credit-thieves-a-look-at-your-protection-options-1505150917">https://www.wsj.com/articles/putting-a-freeze-on-credit-thieves-a-look-at-your-protection-options-1505150917</a></div><div><br>See reported "PIN Generation for Security Freezes" flaw.<br> <br>Customers and others need to address exactly this zero knowledge problem</div><div>to discover if they have a risk from the Equifax breach to not leak more secrets.<br><br></div><div><a href="https://yro.slashdot.org/story/17/09/10/0128214/techcrunch-equifax-hack-checking-web-site-is-returning-random-results">https://yro.slashdot.org/story/17/09/10/0128214/techcrunch-equifax-hack-checking-web-site-is-returning-random-results</a><br><br>At best the web page was a quickly thrown together hack now fixed web page at worst it is phishing for confidential data and illegal. The illegal bit does not go away the evidence might.<br><br>Then there was the stock transactions by insiders dumping stock in advance of the public announcement. Brokers now have a liability to not obfuscate these transactions...<br>brokerage houses might have used Equifax when an account was opened... now they have a disclosure issue.<br><br>Some have observed the hack on Equifax was so extensive that they cannot be relied on to continue their business. If so how can they be part of the solution...</div><div><br></div><div>So this zero knowledge topic is very timely.<br>How to not leak information in the clean up ... is the trick question...<br><br><br></div></div><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"> T o m M i t c h e l l</div></div>
</div></div>