May 27 2008
Network Security Podcast, Episode 106
Short show tonight folks, Rich is under the weather and our guest had to bail at the last minute due to a personal emergency. We’ll work at getting Jeremiah Grossman from White Hat on in the next couple of weeks. In the mean time Rich and I dug up a few news stories to talk about.
Show Notes:
- How LifeLock works – In their own words, they tell you most of what they do can be done by you for free.
- Announcing your social security number on national radio is a bad idea – That’s a no brainer.
- Legal experts wary of MySpace hacking charges
- Adobe Flash zero-day exploit in the wild
- NSS Labs PCI Suitability papers
- Tonight’s Music: With Arms Outstretched by Rilo Kiley
Network Security Podcast, Episode 106, May 27, 2008
Time: 25:47
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
Thanks for calling out the Lifelock service and explaining it. It annoys the heck out of me about services like this one and others that aren’t truly forthcoming on what they’re actually doing (or what the real value is). They’re almost borderline scams, IMHO.
Alright, for the sake of having an in-depth discussion, I’ll play the devil’s advocate. Nothing really bad did happen to him. The only money anyone was able to obtain was through a pay-day loan which legally would need to obtain more information than just a name and social to try and collect on the loan, or to affect his credit.
We’re really discussing two issues here:
1) If giving our your social security number and name a bad idea?
2) Is LifeLock a valid service that can help protect the consumer?
My answer to number 1, is generally yes. A person would need to obtain even further information to fully commit identity theft. All a person could really do, is screw up his taxes when the IRS wonders where the 500 W-2′s and 1099′s went on his filing. Now it wouldn’t take much more to fully steal his identity. A little social engineering could work up his driver’s license, home address, and other useful information. Then he’d really be messed up.
As far as #2 goes, I’d be more worried with LifeLock having my personal information than throwing it out over the air.