On Tue, Jun 18, 2002 at 03:25:21PM -0700, Crispin Cowan wrote: > Seth does raise a good point: the *other* social engineering attack is > to call up tech support in the name of some other user, and start > messing with the account. Current common authentication practice is to > ask for a zip code and a social security number. That sucks, because > I've already seen at least one on-line service that will cough up zip > codes for arbitrary people's names. > > Fortunately for me, that service had data-mined my zip from a false > entry that I gave Yahoo :) You're obviously not referring to google, which uses relatively up-to-date phone records. For example, searching for "Crispin Cowan Oregon" gives: <http://www.google.com/search?hl=en&lr=&q=Crispin+Cowan+Oregon> which pretty clearly lists your home zip code + rest of your address. -- Steve Beattie Don't trust programmers? <steve@private> Complete StackGuard distro at http://NxNW.org/~steve/ immunix.org http://www.personaltelco.net -- overthrowing QWest, one block at a time.
This archive was generated by hypermail 2b30 : Tue Jun 18 2002 - 17:50:30 PDT