Get a boarding pass, steal someone's identity
leichter_jerrold at emc.com
leichter_jerrold at emc.com
Mon May 8 09:55:25 EDT 2006
| I got this pointer off of Paul Hoffman's blog. Basically, a reporter
| uses information on a discarded boarding pass to find out far too much
| about the person who threw it away....
|
| http://www.guardian.co.uk/idcards/story/0,,1766266,00.html
|
| The story may be exaggerated but it feels quite real. Certainly I've
| found similar issues in the past.
|
| These days, I shred practically anything with my name on it before
| throwing it out. Perhaps I'm paranoid, but then again...
I've actually gone in the opposite direction: I shred less than I used
to. Grabbing this kind of information off stray pieces of paper in a
garbage can is buying retail. It's so much easier these days to buy
wholesale, stealing hundreds of thousands to tens of millions of on-line
records in one shot.
It would be useful to get some idea of the chances one takes in throwing
identifying material out. Everything in security is cost vs. benefit,
and the cost of shredding, while it appears low on a single-item basis,
adds up in annoyance. And all too many of the companies I deal with
seem to make it ever harder. Just yesterday, I threw out a couple of
letters having to do with incidental matters (e.g., an incorrect charge)
from a credit card provider. Every one of them had my full card number
on it. Some of them looked like the routine junk you get every month
and don't even look at twice before discarding.
Meanwhile, my statements contain my credit card number, in small but
easily readable numbers, *vertically* on the page - next to what appears
to be a bar code with the same information. Even a cross-cut shredder
probably isn't sufficient to render that unreadable.
The entire infrastructure we've built based on a shared pseudo-secrets
is one of the walking dead. For credit cards, the responsibility for
loss is on the card companies, where it belongs - and I let it stay
there. I take basic reasonable care, but I'm unwilling to go any
further, since it can't possibly help me and I'm paying indirectly for
all the costs the credit card companies assume anyway (since they push
them off on the vendors, who then raise their prices). As far as
identity theft as a general issue: What little evidence there is as to
the way the identity thieves work today implies that nothing I'm likely
to do - absent obvious dumb moves - will change my odds of being
successfully hit by very much.
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list