bimmerpost/
BMW M2 and 2-Series Coupe
BMW Garage BMW Meets Register Today's Posts
home
BIMMERPOST Universal Forums Off-Topic Discussions Board

Post Reply
 
Thread Tools Search this Thread
      08-27-2024, 10:01 AM   #45
nerdogray
Captain
1469
Rep
719
Posts

Drives: Beater
Join Date: Jul 2018
Location: TN

iTrader: (0)

Quote:
Originally Posted by M_Six View Post
Experian is less than trustworthy itself. Sort of ironic that a company you go to for a solution is actually part of the problem.

https://krebsonsecurity.com/2023/11/...u-at-experian/
Well I'd like you to try and opt out of a credit bureau. It's $3/month for the privacy stuff, and the only other service I have is for visibility into my credit with all other bureaus on a monthly basis. What "solution" have I purchased?

And that Krebs article is pretty damned irrelevant. Just put me on ignore if you don't like my posts. You don't have to try so hard.
Appreciate 0
      08-27-2024, 10:23 AM   #46
cmyx6go
Colonel
cmyx6go's Avatar
16807
Rep
2,088
Posts

Drives: 2022 X6///M Comp
Join Date: Aug 2015
Location: NYC

iTrader: (2)

Garage List
2019 X6 ///M  [10.00]
Quote:
Originally Posted by nerdogray View Post
Well I'd like you to try and opt out of a credit bureau. It's $3/month for the privacy stuff, and the only other service I have is for visibility into my credit with all other bureaus on a monthly basis. What "solution" have I purchased?

And that Krebs article is pretty damned irrelevant. Just put me on ignore if you don't like my posts. You don't have to try so hard.
I'm sure M_Six was calling out Experian, not you.
__________________
I thought I was a good person but the way I react when people drive slowly in the left lane would suggest otherwise
Appreciate 5
zx10guy5514.50
vreihen1620433.00
BMWGUYinCO4323.00
M_Six19183.00
      08-27-2024, 11:08 AM   #47
BMWGUYinCO
Second Lieutenant
BMWGUYinCO's Avatar
4323
Rep
284
Posts

Drives: 22 M850 Convertible '23 X3 M40
Join Date: Apr 2020
Location: Colorado

iTrader: (0)

Quote:
Originally Posted by cmyx6go View Post
Yes, it was from the breach. WTF? And thanks, I'll take a look at the data removal service.
As an FYI...there is a free app on the Apple store called "Permission Slip". It is written by the peeps from Consumer Reports, and it attempts to send formal requests to all the data collection companies on your behalf to remove your tracking and other data. I am using it, - there is an automated feature where it sends these requests automatically for you. Can't hurt, right?
Appreciate 3
cmyx6go16806.50
vreihen1620433.00
RickFLM411825.50
      08-27-2024, 11:13 AM   #48
zx10guy
Brigadier General
5515
Rep
3,317
Posts

Drives: 2013 135i
Join Date: Feb 2014
Location: DC

iTrader: (0)

Quote:
Originally Posted by nawfoo View Post
I didnt read through the pages. It's ok if you dont need to make big purchases like real estate or vehicles. Or if you need to open a new account.
It's not just about buying things or opening up new credit/accounts. It's how much damage that information can cause for other things.

I'm a victim of some low life trying to commit unemployment fraud. No doubt this dirtbag got my information from either the Experian or OMB breach as it was during Covid and before the latest breach. How I found out was a letter from my state being sent to me saying they're closing out my unemployment claim because I didn't supply additional information they were requesting. I was stunned.

I called the unemployment department to figure what the heck is going on. Found out the dirtbag filed the claim a full year before I got the letter. The state did the extra verification safe guards because of all the fraudulent claims they were receiving.

So I asked how I go about clearing things up. The rep said I needed to send additional documentation verifying my identity to them. Here's where things go off the rails and just the stupidity of the system we all live under. I was told to email those documents to them. I was stunned. I said to her that you know sending sensitive documents via email is a huge security risk. She said that's the only way they can receive documents. I asked if they have a fax number. No. I asked if I could go in person and drop off the documents. The answer again was no. So right now, my "account" with the state is frozen so if I actually do need to file for unemployment, I would have to unlock it then. I would periodically get people laughing at me for my insistence to have a multifunction printer with analog fax capabilities. This is precisely why. Not everything new tech is good and there are times old tech is better.
__________________
Quote:
Originally Posted by Lups View Post
We might not be in an agreement on Trump, but I'll be the first penis chaser here to say I'll rather take it up in the ass than to argue with you on this.
Appreciate 5
cmyx6go16806.50
BMWGUYinCO4323.00
vreihen1620433.00
NickyC19206.50
JeffL01182.50
      08-27-2024, 11:39 AM   #49
reallymarkedup
Second Lieutenant
645
Rep
270
Posts

Drives: 2021 M2C
Join Date: Aug 2024
Location: CO

iTrader: (1)

Quote:
Originally Posted by zx10guy View Post
I was told to email those documents to them. I was stunned. I said to her that you know sending sensitive documents via email is a huge security risk. She said that's the only way they can receive documents. I asked if they have a fax number. No.
Email is incredibly secure, the primary security risk inherent to sending an email is sending something to the wrong address. The easiest way to mitigate that is to have the third party send you an email you can respond directly to.

If you want an extra layer of security save your documents as a PDF and secure that with a password. If you want even more, secure the PDF with a password and then upload it to a protected server with 2fa requirements so that the receiving party has to log in, download the document, and then still enter their password. But really all of that is theater at that point, you would have been fine just sending the email.

None of the security breaches that have occurred were because of someone hacking an SMTP server. They were all stupidity on the part of the organization we blindly trusted to protect that data.
Appreciate 1
vreihen1620433.00
      08-27-2024, 11:45 AM   #50
zx10guy
Brigadier General
5515
Rep
3,317
Posts

Drives: 2013 135i
Join Date: Feb 2014
Location: DC

iTrader: (0)

Quote:
Originally Posted by reallymarkedup View Post
Email is incredibly secure, the primary security risk inherent to sending an email is sending something to the wrong address. The easiest way to mitigate that is to have the third party send you an email you can respond directly to.

If you want an extra layer of security save your documents as a PDF and secure that with a password. If you want even more, secure the PDF with a password and then upload it to a protected server with 2fa requirements so that the receiving party has to log in, download the document, and then still enter their password. But really all of that is theater at that point, you would have been fine just sending the email.

None of the security breaches that have occurred were because of someone hacking an SMTP server. They were all stupidity on the part of the organization we blindly trusted to protect that data.
That's a big negative. Email flows through servers and can traverse different servers before arriving to its ultimate destination. Even financial institutions tell people to never send anything over email with sensitive personal information. For my day to day work we are not allowed to send email with sensitive information outside of the organization without first encrypting it with tools such as PGP.

What you don't understand with this state agency is there is no method of doing pseudo two factor authentication. It goes into one general email bin and gets processed from there. Me sending something password locked/encrypted and then following up with an email with the password does nothing in this case. At a minimum my state should have half a brain to set up a secure "drop box" for me to upload my documents which most financial agencies I've worked with now do.
__________________
Quote:
Originally Posted by Lups View Post
We might not be in an agreement on Trump, but I'll be the first penis chaser here to say I'll rather take it up in the ass than to argue with you on this.
Appreciate 4
JeffL01182.50
BMWGUYinCO4323.00
vreihen1620433.00
David701755.00
      08-27-2024, 12:04 PM   #51
reallymarkedup
Second Lieutenant
645
Rep
270
Posts

Drives: 2021 M2C
Join Date: Aug 2024
Location: CO

iTrader: (1)

Okay. Well carry on then.
Appreciate 0
      08-27-2024, 12:35 PM   #52
JeffL0
Private
JeffL0's Avatar
United_States
1183
Rep
91
Posts

Drives: '25 X5 50e
Join Date: Apr 2024
Location: Music City

iTrader: (0)

Quote:
Originally Posted by zx10guy View Post
That's a big negative. Email flows through servers and can traverse different servers before arriving to its ultimate destination.
This. SMTP was never intended to be secure, the protocol was implemented before anyone knew how to spell security.

The above mention of encrypting files before sending is the bare minimum, the further suggesting of uploading to a secure sever rather than sending via email is another good measure. Where people often fail in this encryption attempt is they then send the password over the same insecure channel. Better to convey the password over a different/independent method, such as a voice call.
Appreciate 2
zx10guy5514.50
vreihen1620433.00
      08-27-2024, 09:37 PM   #53
M_Six
Free Thinker
M_Six's Avatar
United_States
19183
Rep
7,540
Posts

Drives: 2016 MB GLC300 4matic
Join Date: Jan 2009
Location: Foothills of Mt Level

iTrader: (0)

Quote:
Originally Posted by vreihen16 View Post
The latest breach was of a company that did background searches for employers, and somehow they had a private copy of every single SS# ever issued that was stolen.

The news is full of "how to know if your info was stolen" clickbait articles. Rather than read the article, assume that it has been stolen if any digit in your SS# is in the range of 0-9.....
Up until the Age of the Internet, Massachusetts used your SSN for your driver's license number. It was printed right there on your license. Imagine losing such a license today? Full name, DOB, SSN, address, all on one card.
__________________
Mark
markj.pics

"Life is uncertain, eat bacon now."
-UncleWede
Appreciate 1
vreihen1620433.00
      08-28-2024, 07:00 AM   #54
vreihen16
Recovering Perfectionist
vreihen16's Avatar
20433
Rep
1,002
Posts

Drives: BMW-less :(
Join Date: Jun 2019
Location: Orange County, NY

iTrader: (0)

Garage List
Quote:
Originally Posted by M_Six View Post
Up until the Age of the Internet, Massachusetts used your SSN for your driver's license number. It was printed right there on your license. Imagine losing such a license today? Full name, DOB, SSN, address, all on one card.
Funny thing is that NY State used a 17-character driver's license number until converting to a 9-digit number in the 1990's. I still remember mine, because I had to write all 17 characters on racing registration forms every weekend.....
__________________
Currently BMW-less.
Appreciate 2
cmyx6go16806.50
M_Six19183.00
Post Reply

Bookmarks


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -5. The time now is 11:57 PM.




g87
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
1Addicts.com, BIMMERPOST.com, E90Post.com, F30Post.com, M3Post.com, ZPost.com, 5Post.com, 6Post.com, 7Post.com, XBimmers.com logo and trademark are properties of BIMMERPOST