Saturday, April 09, 2005
E-mail scam directs users to bogus Windows update
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
As the prostitute said, "It's not the work, it's the stairs." As told to me by Elaine Stritch, star of stage, screen, & TV, right after she won her 1st Emmy. Ago 79.
By Dan Lee, Mercury News
An e-mail scam making its way around the Internet purports to be a message from Microsoft warning users of the Windows operating system that they need to download a security update -- only to leave their PC infected.
Once users link from the e-mail to a bogus Web site their computers will be infected by a ``Trojan horse'' program that allows hackers to control their personal computers, anti-virus software maker Sophos said Friday.
The campaign of bogus e-mails could be timed for around the same time as Microsoft's latest regularly scheduled security update, planned for Tuesday.
Microsoft said it was aware of the scam and added that it would never use e-mails with attached software. ``We really want to emphasize with customers that microsoft.com is the only place to get authentic security updates for Microsoft products,'' the Redmond, Wash., company said in a statement.
The scam e-mail claims to come from ``Windows Update,'' with subject lines such as ``Update your windows machine,'' ``Urgent Windows Update'' and ``Important Windows Update,'' Sophos said. The message has a link to a Web site that claims to be operated by Microsoft but is actually used to download the malicious software to the victim's computer.
Users who try to download software from the scam Web site would have their computers infected with a piece of Trojan virus named ``Troj/DSNX-05,'' which leaves a ``backdoor'' program giving hackers remote control of the computer.
PCs infected by such Trojans are often used by spammers as ``zombie'' machines to send massive waves of e-mail pitches, without their owners' knowledge, that are harder to trace to the original source.
``It's kind of a classic attack in how they went at it,'' said Gregg Mastoras, senior security analyst with Sophos.
But this Trojan was discovered by security researchers in August and was simply included in this new scam targeting Windows users, said David Perry, global director of education for anti-virus software maker Trend Micro.
``Everyone using reasonably updated anti-virus software, they will not be infected by this because they will be protected by their anti-virus software,'' Perry said.
Sophos and Trend Micro said Friday that the attack appears to be on a small scale.
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
Yahoo doesn't tell you to update your "Instant Messenger" So don't
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
As the prostitute said, "It's not the work, it's the stairs." As told to me by Elaine Stritch, star of stage, screen, & TV, right after she won her 1st Emmy. Ago 79.
If you get an "info" window that opens up next time you go to use your Yahoo Messenger don't pay any attancen to it. Yahoo has never do it and is not doing it now. If you see this do an Alt.+Ctrl.+DEl and end it that way. Do not click on anypart of the the window itself. If you do you'll be taken to a website that well do you GREAT HARM.
But do go to http://messenger.yahoo.com and downloard a new messenger and instill it. Over the older one that some one got to you though.
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
First Convicted Spammer Gets 9 Years
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
As the prostitute said, "It's not the work, it's the stairs." As told to me by Elaine Stritch, star of stage, screen, & TV, right after she won her 1st Emmy. Ago 79.
By MATTHEW BARAKAT, Associated Press Writer
LEESBURG, Va. - He was once considered among the top 10 spammers in the world, using the Internet to peddle pornography and sham products and services like the "FedEx refunding processor," prosecutors say. Convicted in the nation's first felony case against illegal spamming, Jeremy Jaynes, 30, on Friday was sentenced to nine years in prison for bombarding Internet users with the junk e-mails.
But Loudoun County Circuit Judge Thomas Horne delayed the start of Jaynes' prison term while the case is appealed, saying the law is new and raises constitutional questions.
Jaynes was convicted in November for using false Internet addresses and aliases to send mass e-mail ads through an AOL server in Loudoun County, where America Online is based. Under Virginia law, sending unsolicited bulk e-mail itself is not a crime unless the sender masks his identity.
While prosecutors presented evidence of just 53,000 illegal e-mails, authorities believe Jaynes was responsible for spewing out 10 million e-mails a day. Prosecutors say his operation grossed up to $750,000 per month.
A jury recommended the nine-year term for the Raleigh, N.C., man.
Prosecutor Lisa Hicks-Thomas said she was pleased with Friday's ruling — and confident the law would be upheld on appeal.
But defense attorney David Oblon argued nine years was far too long given Jaynes was charged as an out-of-state resident with violating a Virginia law that had taken effect just weeks before. He planned to challenge both the constitutionality of the law and its applicability to Jaynes.
"We have no doubt that we will win on appeal, therefore any sentence is somewhat moot. Still, the sentence is not what we recommended and we're disappointed," Oblon said outside court.
Horne said he might also reconsider the sentence if Jaynes loses the appeal.
"I do not believe a person should go to prison for a law that is invalid," he said. "There are substantial legal issues that need to be brought before the appellate court."
A judge has ruled Maryland's anti-spam law unconstitutional because it seeks to regulate commerce outside the state's borders. However, an appeals court in California and the Washington state Supreme Court have upheld state laws that had been declared unconstitutional by lower courts on grounds similar to the December ruling in Maryland.
Many states have criminal laws against spam, but Virginia's makes it easier than others for prosecutors to obtain a felony conviction, which carries more jail time than a misdemeanor, said Quinn Jalli of the online marketing firm Digital Impact.
Jaynes told the judge regardless of how the appeal turns out, "I can guarantee the court I will not be involved in the e-mail marketing business again." He remains under $1 million bond.
The jury also convicted Jaynes's sister, Jessica DeGroot, but recommended only a $7,500 fine. Her conviction was later dismissed by the judge. A third defendant, Richard Rutkowski of Cary, N.C., was acquitted.
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
Thursday, April 07, 2005
Yahoo Adds Anti-Spyware To Firefox Toolbar
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
As the prostitute said, "It's not the work, it's the stairs." As told to me by Elaine Stritch, star of stage, screen, & TV, right after she won her 1st Emmy. Ago 79.
Yahoo Inc. (Nasdaq:YHOO - news) has added its anti-spyware to its toolbar for the Firefox browser.
The Sunnyvale, Calif., portal also released this week a version of its Firefox toolbar for people using the open-source browser on Mac and Linux operating systems.
Yahoo Anti-Spy, available for download at no charge, enables users to remove spyware and adware from their computers. The utility had been available only in Firefox for Windows.
Along with anti-spyware, the Yahoo Toolbar lets user search a single website and add news syndication feeds to a person's My Yahoo homepage. In addition, the utility stores a user's search history and provides alerts when email arrives in a person's Yahoo account.
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
Mossberg on puters & prices as of these days
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
As the prostitute said, "It's not the work, it's the stairs." As told to me by Elaine Stritch, star of stage, screen, & TV, right after she won her 1st Emmy. Ago 79.
Spring Buyer's Guide: PC Prices Get Cheaper, But Complexity Grows
By WALTER S. MOSSBERG
If you're in the market for a desktop PC this spring, there's good news and bad news. The good news is that you can buy a lot of computer for a surprisingly small sum. The bad news is that you have to take more factors into account than ever.
Your new desktop computer, in many cases, will be asked not only to run productivity programs and get you online, but to hook up to a constellation of other devices, such as digital cameras, camcorders and portable music players. And it will have to withstand mounting security threats.
So here's my annual spring buyer's guide to desktop PCs. As always, my advice is aimed at mainstream users doing the most common tasks. Hard-core gamers or folks doing massive video production need bigger, faster computers than those specified here.
You should be able to get a bare-bones Windows computer, with a monitor, for well under $500 after rebates. Three different chain stores this week were advertising an entry-level eMachines model for $339, after rebates, with a monitor and printer. It was decently equipped, with an 80-gigabyte hard disk. And for $60 more, you could double the memory and add a DVD recorder. Midrange Windows models with better features are $500 to $1,000. Even some Media Center models are under $1,000.
Windows or Mac: Because they are beautifully designed and so far haven't attracted viruses or spyware, Apple Computer's Macintosh models are getting more consideration than they have in years from Windows users. You can now buy a full-fledged, decently equipped Mac, called the Mac Mini, for just $499. It doesn't include a keyboard, mouse or monitor, but it can use the ones you already have on your old Windows machine. Doubling the memory adds $75.
Apple's iMac G5 models, starting at $1,299, are an even better choice. They use a powerful processor called the G5, and they have a brilliant built-in flat-panel screen. The Mac does everything a typical user needs at least as well as a Windows computer, and it's about to get a major new upgrade of its operating system, which already bests Windows in some respects.
But switching to the Mac isn't right for every user, and it requires buyers to master new software, some of which must be bought separately. Plus, the cheapest Windows PCs still cost less. So most Windows owners will likely stick with Windows.
Security: If you do go with Windows, you will need to immediately install an array of security programs. These include a firewall, an antivirus program, an antispyware program and an antispam program. For a full list of my recommendations for Windows security add-ons, take a look at http://ptech.wsj.com/archive/ptech-20040916.html.
Most of this isn't needed on a Mac, but Mac buyers may want to get an antivirus program because the Mac isn't invulnerable.
Memory: Memory, or RAM, is the most important factor in computer performance. Insist on 512 megabytes, especially if the PC's main memory is shared with the video system, as it often is on low-priced models.
Hard disk: Even very cheap PCs now offer 60 or 80 gigabytes of hard-disk space, and 250-gigabyte disks are offered in costlier models. Get as much hard disk as you can, especially if you plan to store a lot of music or video content.
Processor: Processor speed is overrated. On Windows machines, any Intel Celeron or Pentium microprocessor chip, or any AMD microprocessor, regardless of speed, will do fine at the most common computing tasks.
Device connectors: For connecting music players, cameras and other peripherals, get a PC with plenty of USB 2.0 connectors, including at least one on the computer's front. If you have a camcorder that can't use USB, you'll need an extra high-speed port called 1394, or FireWire.
Memory-card slots: Look for a model with slots that accept the various types of memory cards used by digital cameras, PDAs and music players.
Video system: Cheaper PCs use something called "integrated video." But the best route is to invest in a PC with a separate video card and dedicated video memory.
Audio system: If you're a music fan, spend extra for a subwoofer and good speakers.
Monitor: Flat-panel screens are best for most uses. The 17-inch flat panels now cost less than $300. Many 19-inch models can be had for $400 or less.
Mass storage: Look for a CD-RW drive that lets you record your own CDs for playing music, storing photos or backing up or exchanging files. If you do a lot of home video or photos, you may want to invest in a DVD recording drive.
Media Centers: A Windows Media Center PC is designed to be operated with a remote control from across the room to play music and videos, view photos and watch TV. But be careful with the cheapest of these machines. They may omit the TV, and even the remote.
Brands: All Windows desktops are similar, but unless you're a techie, stick with names like Hewlett-Packard, Dell, Sony, Gateway and eMachines. For greater control over your configuration, buy on the Web.
One more thing -- my most important tip: Don't let a salesperson talk you into more, or less, machine than you need. If you're confused at the store or Web site, walk away until you can get the answers you need to make an informed purchase.
END
P.S. From me. There is a reason for the low prices. There is a new big motherboard coming out. And they are out at tigerdirect.com and others. It is going to Double the Pipeline of your computer. Remember when we when from 16 to 32 byte motherboards, and how if you want to use one you needed a new case becuase the old cases could not be used with the new boards. WEll, and I don't really know anything as yet for sure on this time around, but we could run into the samethings. Never the less, sellers want to get their old motherboards out of their store and off the shelves. So, low prices on the old boards so they can get the new ones in and not get stuck with any old boards. So the longer you wait the lower the price, maybe.
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
Wednesday, April 06, 2005
Yahoo! Wallet
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
As the prostitute said, "It's not the work, it's the stairs." As told to me by Elaine Stritch, star of stage, screen, & TV, right after she won her 1st Emmy. Ago 79.
Yahoo! Wallet
Yahoo! Wallet is a secure online storage system for payment information. The virtual wallet holds your credit card data and shipping information. When you make an online purchase with Yahoo! Wallet, you enter your Wallet information instead of your credit card information. Yahoo! then completes the transaction with the merchant, using high-security connections to transmit your credit card number.
You can use the Yahoo! Wallet only in a Yahoo! store or when buying a Yahoo! service. You can't use it on eBay, or at Amazon.com, or any shopping haunt outside Yahoo! The Wallet does work in every Yahoo! store, however, which means thousands of online merchants accept Wallet transactions.
Yahoo! Wallet provides a secure method of shopping online, and beyond the safety it offers, it also saves you time. No longer, when shopping at a Yahoo! store or buying a Yahoo! service, do you need to dig out your credit card, enter personal information, and type your shipping address. All of that is accomplished in the single quick step of entering your security key.
The security key is the . . . um, key to the whole Wallet. It's like the PIN of a bankcard. You enter the key whenever using the Wallet to buy goods or services from a Yahoo! page or merchant. The Wallet does the rest of the work.
To check it out and sign up, visit the Yahoo! Wallet site for more details. And if you enjoy the ease of shopping with a Yahoo! Wallet, then you might also be interested in the Microsoft .Net Passport service, which can save you time at even more online merchants.
If you'll check out DiscoverCard online & look into thier "one use" card number you have the safest ways to pay online.
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
Tuesday, April 05, 2005
Edit the Registry Safely - don't if you don't have to, but it you do
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
As the prostitute said, "It's not the work, it's the stairs." As told to me by Elaine Stritch, star of stage, screen, & TV, right after she won her 1st Emmy. Ago 79.
Windows XP has a vast number of configuration dialogs, but some adjustments can be performed only by directly editing the Registry. Frequently, tips involving Registry tweaks include stern warnings to back up the Registry before making any change. The Windows XP Backup applet can back up the Registry along with other elements of the System State, but the resulting data file can occupy hundreds of megabytes. You're better off saving a system restore point each time you're about to edit the Registry. Better still, you can use Regedit to back up only the Registry keys that will be changed.
Click on Start | Run and enter Regedit to launch the Registry editor. To back up an individual key you plan to edit, navigate to the key and right-click on it. Choose Export from the menu, and save the key to a REG file. Open the REG file in Notepad and insert a few comment lines that describe the source and purpose of the tweak. (To create a comment line, simply put a semicolon at the start of the line.)
Now go ahead and make all the changes to Registry keys and values specified by the tip you're applying. Any time you add a new key or value, make a note of it with another comment line in the REG file. When you're done, save the REG file and close Notepad.
If later you want to undo this Registry tweak, just double-click on the REG file and confirm that you want to add it to the Registry. This will restore any deleted keys or values and will restore the original data for any values whose data was changed. Note that this will not remove new keys or values that were added; that's why you need to make comments about such changes.
Right-click on the REG file and choose Edit, which will open it in Notepad. Check for comments about keys or values that were added, and if you find any, use Regedit to delete them. You can delete the REG file itself once you've completed this process.
NOTE: If you don't know what a reg is don't get into editing it. Call me if you need help or need to know more to be able to talk to someone else so they'll understand what you think you need to do.
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
Money Matters - Limitations on Tax Deductions
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
As the prostitute said, "It's not the work, it's the stairs." As told to me by Elaine Stritch, star of stage, screen, & TV, right after she won her 1st Emmy. Ago 79.
If you're a high-income earner, tax laws limit the amount of itemized deductions you may subtract when calculating your taxable income. You have to reduce your total itemized deductions by 3 percent of your income above $139,500.
Here's how it works: Say that your income is $159,900, and your total itemized deductions come to $30,000. Because your income exceeds $139,500 by $20,000, you have to reduce your itemized deductions by $600 ($20,000 x 3 percent). Even though you started with itemized deductions of $30,000, you can deduct only $29,400.
Of course, given a large enough income and low enough total deductions, the 3 percent rule threatens to wipe out all your deductions. Don't worry. The IRS has benevolently set a limit on the amount that your deductions can be reduced — no more than 80 percent. So if we take the preceding example but boost your income to $1 million, you still get to deduct $6,000, because your $30,000 in deductions can't be reduced by more than $24,000 ($30,000 x 80 percent).
If you're in this high-income category and your spirits are down, here's a little consolation (and something to make it all a little more complicated). Not all of your deductions are subject to the 3 percent rule: Medical and dental expenses, investment interest, casualty and theft losses, and gambling losses are all exempt.
Knowing this 3 percent rule and all of its nuances is important if you're a high-income earner, because it can affect some of your financial decisions. The 3 percent rule raises your effective tax rate and may encourage you, for example, to spend less on a home or pay off your mortgage faster, because you don't merit a full deduction.
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
It's Tus. update your Anti-Verus software
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
As the prostitute said, "It's not the work, it's the stairs." As told to me by Elaine Stritch, star of stage, screen, & TV, right after she won her 1st Emmy. Ago 79.
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
Monday, April 04, 2005
Hackers Write Spyware For Cash, Not Fame
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
As the prostitute said, "It's not the work, it's the stairs." As told to me by Elaine Stritch, star of stage, screen, & TV, right after she won her 1st Emmy. Ago 79.
Gregg Keizer, TechWeb News
More than 70 percent of virus writers are now writing spyware under contract, one more piece of evidence that hacking has evolved from mischievous hobby to money-making criminal venture, a security firm reported Monday.
Tel Aviv-based Aladdin Knowledge Systems said its analysis showed that spyware is the favorite among malware writers, since it lets them re-wrap their own "technology" and sell it, or even introduce their own money-making ventures.
"We analyzed all the viruses we received during the past six months, and found that 70 percent contained some sort of spyware module or component," said Shimon Gruper, the vice president of technologies in Aladdin's eSafe unit. "Writers have definitely moved from creating simple viruses to sophisticated 'machines' designed to hijack computers and the information on them."
The bulk of the spyware being created by hackers, said Gruper, linked to organized crime. "They're doing it for financial gain, pure and simple," said Gruper. "Unlike in the past, when hackers were mostly 'script kiddies' who had nothing better to do, it's quickly becoming more of an organized crime venture."
Gruper's take mirrors that of most security analysts, who have been tracking a shift in hacker motivation over the past 12 to 18 months. Symantec, for instance, noted in its recent Internet Security Threat Report that "the use of malicious code for profit appears to be an increasing concern," particularly in bot networks.
Aladdin didn't concentrate on bots, but instead did detailed comparisons of spyware it found on sex-related Web sites, and found, Gruper said, that most shared multiple characteristics. "We believe that the same programmers wrote the bulk of the spyware being planted by these sex sites," he said.
Gruper's security team also found other connections between the viruses and worms it studied, and much of the spyware it analyzed. "When we started tracking spyware, we suspected that this was a trend, hackers turning to spyware for profit. After we decoded the viruses and compared their code with that of spyware, we confirmed the similarities. There were a lot of similar components in both the viruses and in the spyware."
Aladdin, added Gruper, is confident that even more spyware applications will be linked to organized crime in the future, such spyware created by new alliances of those with the technical resources (hackers) and those with the resources to turn stolen data into cash (criminals).
One thing that Aladdin's not yet seen, said Gruper, is a true blend of virus/worm and spyware. In that scenario, worms would be built to exploit known vulnerabilities or try to trick users into opening file attachments that would then infect systems with spyware.
"It's certainly possible, but most companies have anti-virus defenses that are hard to penetrate," he said. "Yet very few companies have Web browsing content protections."
The most likely exploitation route for spyware will remain malicious Web sites, where visitors are infected with spyware, often via vulnerabilities in Microsoft's Internet Explorer, said Gruper. "These people are professionals," concluded Gruper, "trying to do very malicious things."
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
Net Aids Access to Sensitive ID Data
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
As the prostitute said, "It's not the work, it's the stairs." As told to me by Elaine Stritch, star of stage, screen, & TV, right after she won her 1st Emmy. Ago 79.
By Jonathan Krim, Washington Post Staff Writer
Want someone else's Social Security number?
It's $35 at www.secret-info.com. It's $45 at www.Iinfosearch.com, where users can also sign up for a report containing an individual's credit-card charges, as well as an e-mail with other "tips, secrets & spy info!" The Web site Gum-shoes.com promises that "if the information is out there, our licensed investigators can find it."
Although Social Security numbers are one of the most powerful pieces of personal information an identity thief can possess, they remain widely available and inexpensive despite public outcry and the threat of a congressional crackdown after breaches at large information brokers.
Brokers such as ChoicePoint Inc. and LexisNexis have pledged to restrict the availability of such data after personal information on more than 175,000 people was purloined from the two firms by identity thieves posing as legitimate businessmen.
So far, neither those moves nor revelations of a series of breaches at major banks and universities has curbed a multi-tiered and sometimes shadowy marketplace of selling and re-selling personal data that is vulnerable to similar fraud.
A simple Internet search yields more than a dozen Web sites offering an array of personal data.
Some are run by small data brokers and other re-sellers. Others are run by private investigators, many of whom have complained that recently announced restrictions on the availability of Social Security numbers would hurt their ability to assist law-enforcement, track down deadbeat dads or locate witnesses.
Yet with only scant checks to verify whether someone requesting data is legitimate, several sites sell full Social Security numbers, potentially contributing to an epidemic of identity theft or fraud that touched about 10 million Americans in the past year.
No law prohibits the sale of Social Security numbers, but privacy experts and some government agencies have warned for years that the number is over-used and under-protected.
Inaugurated in 1936, the nine-digit number was intended to match citizens to the retirement money they would eventually receive. Over time, the number became essential for getting or verifying credit and for employment background checks.
Eventually, it became so deeply linked to personal data throughout the economy that it became a de-facto national identifier.
"For identity thieves, it's their magic key . . . that gets into every door," said Daniel J. Solove, a George Washington University law school professor who specializes in privacy law. Getting a number can make it possible for criminals to access to bank or credit-card accounts, establish credit to make purchases, or find someone they wish to harm.
Nonetheless, some insurance companies still use the Social Security number as an individual's account number, printing it on identification cards, leaving people vulnerable if wallets are stolen or lost. Medical offices routinely request Social Security numbers, often when initial appointments are made, and many universities use it as a student identification number.
According to a recent study commissioned by Unisys Corp., a technology consulting company, about half of large financial institutions use Social Security numbers to verify the identities of customers who call in for services. Some even use it to identify customers as part of the log-in process when they want to access accounts via the Internet.
So vital are Social Security numbers in this sea of information that ChoicePoint warned investors in a recent Securities and Exchange Commission filing that its business could suffer if the rules on distribution of Social Security numbers were tightened.
The mass breaches of data at ChoicePoint and LexisNexis forced the companies to be proactive.
Executives of both firms told Congress last month that for many of their non-law-enforcement clients, Social Security numbers would be truncated so that only five digits would appear on reports.
But plenty of sources of the information still exist. Using an intermediary, The Washington Post was able to obtain the full Social Security number of a reporter within 24 hours from two of three online providers the intermediary contacted.
Not all of the providers advertise Social Security numbers, and those that do promise to verify that the buyer has a legitimate reason for seeking the number, such as to complete tax forms of an employee or to find someone involved in a court action.
The intermediary, a security consultant who helped the Federal Trade Commission identify illegal data sales in 1999, told the providers he needed the number for tax purposes. Two providers accepted that reason without question or requests for documentation. A third provider refused to provide Social Security numbers.
Robert Douglas, the intermediary, operates the consulting firm PrivacyToday.com. Douglas, who chose the method of acquiring the numbers on his own, said he used the pretext of tax preparation because that would be a common trick used by an identity thief at this time of year.
Michael Leighton, a North Carolina private investigator who operates secret-info.com, acknowledged that he did not request further documentation from Douglas. But he said the company verifies that a requester is calling from a land-based phone line with a valid address. Douglas said he used a cell phone.
"We get on average between 30 and 75 requests a week," Leighton said. "We maybe do less than 10" because others did not have a valid reason for seeking a Social Security number.
Leighton declined to say whether he received the data directly from a large data broker, or from other re-sellers.
The other site that provided the reporter's number, USRecordsearch.com, does not advertise that it sells the numbers. But with the same explanation for why he wanted the data, Douglas received the reporter's full number.
A principal of the Florida-based company did not respond to phone messages seeking comment.
Under a law that took effect in 2001, non-public data from financial records cannot be sold or transferred without giving individuals a chance to opt out. There are several exceptions, however, including employment checks, for tax filing, or to process a financial transaction.
But the system relies on the honesty of the person seeking data, and the diligence of the person selling it.
"Until Congress understands about the re-sale market here, they are not going be able to get a handle on this problem," Douglas said.
Bruce Hulme, chairman of the legislative committee of the National Council of Investigation & Security Services, the largest investigators' trade group, said he could not condone investigators who make a side business out of indiscriminately selling data.
"They should pull those Web sites down," he said. "They better know the client."
Still, Hulme said private investigators have generally proved to be more careful stewards of private data than are information brokers. His organization is beginning a lobbying campaign to ensure that any new laws don't cut off private investigators' access to data they say they need.
Several members of Congress are sponsoring new privacy legislation, including bills that would ban the sale of Social Security numbers without individuals' permission.
Private investigators are clearly worried. In Internet chat groups, they exchange information on which data brokers are still selling full Social Security numbers, while bemoaning how they are being punished for the security lapses of the brokers.
For their part, ChoicePoint and LexisNexis say they are "re-credentialing" all non-government clients. At ChoicePoint, those who use the Internet to request information were greeted with a pop-up notice indicating that privileges might be restored after the certification process was complete.
ChoicePoint declined to provide an executive for an interview. Spokeswoman Kristen McCaughan said the company plans to give full access only to government or law-enforcement agencies, banks and insurance companies. She declined to say how many of its customers, including private investigators, would end up with restricted access.
McCaughan said the company sells data to fewer than 15 other brokers or re-sellers, and that their access will now be subject to stricter guidelines.
A LexisNexis spokesman said clients downgraded to restricted access included law firms, media and private investigators.
The financial services industry argues that it has steadily reduced its reliance on the Social Security number for several years, but that the number's use has benefits for consumers.
Nessa Feddis, senior federal counsel of the American Bankers Association, said that with so many numbers consumers already must remember, using Social Security numbers to verify accounts makes sense.
If a credit-card is lost or stolen, she said, a consumer can quickly report the missing card to a bank by knowing his or her Social Security number. If the only accepted identifier was a separate account number, she said, the person would have to wait until he or she could get to a credit-card statement at home.
Privacy experts argue that at the very least, institutions should employ multiple test questions when people call in, rather than just the Social Security number. And they point out that if the number is compromised, it is hard to limit the damage because new numbers are almost never issued.
"The current system has the worst of all worlds," Solove said. "Anyone can easily find it [the Social Security number] out . . . It's used everywhere, and it's really hard to change if it falls in the wrong hands. How could you come up with a worse system?"
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
Next-Generation Internetworks - Consortium Builds Next-Generation Internet
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
As the prostitute said, "It's not the work, it's the stairs." As told to me by Elaine Stritch, star of stage, screen, & TV, right after she won her 1st Emmy. Ago 79.
David M. Ewalt - Forbes.com
NEW YORK - The next generation of Internet networks isn't being dreamed up at Bill Gates' mountain retreat, pondered inside a corporate boardroom or sketched out in a basement research lab. It's already been built by a consortium that includes 207 universities, along with private and public research labs and government agencies. It's called Internet2, and it works like a test kitchen for tomorrow's networking innovations.
Internet2 is a nonprofit organization, founded in 1996 for the purpose of developing advanced networking technologies. It serves as an information clearing house, facilitating the exchange of research between members and allowing them to co-develop new bits of hardware and software.
"For a lot of these organizations, having a way to work with leading edge networks gives them an ability to sort of live in the future," says Internet2 Chief Executive Officer Doug Van Houweling. "If you really want to test what can be done, we provide an opportunity to do that."
Instrumental in that mission is Abilene, the consortium's private network. The most advanced research and education network in the United States, it connects member institutions at a rate of 10 gigabits per second, roughly 20,000 times faster than a typical home broadband connection. Four million users--mostly students, researchers and professors--use it to share information and test high-bandwidth applications that just couldn't run over the commercial internet.
Some of these applications are ones you might already use, like videoconferencing. But Abilene's users have such a high-quality connection that they don't have to deal with the shakes, jitters, slowness and errors common in existing commercial products, which opens up all kinds of new uses. Miami's New World Symphony uses Abilene to teach music classes to students. The connection provides enough clarity that it sounds like the student and teacher are in the same room, allowing instructors to identify wrong notes with the certainty that it isn't just a bad connection.
It's not just students taking advantage of Abilene's big pipes. About 60 corporations count themselves as members of Internet2, including tech giants Cisco Systems (nasdaq: CSCO - news - people ), IBM (nyse: IBM - news - people ), Microsoft (nasdaq: MSFT - news - people ) and MCI (nasdaq: MCIP - news - people ). "We actually provide a vantage point for our corporate members to see what advanced networks will look like, what they could do if they were working in a really high-bandwidth environment," says Van Houweling.
Juniper Networks (nasdaq: JNPR - news - people ) counts Internet2 as both a client and a partner. A member since 2000, Juniper provided the high-performance 10-gigabit routers which hold Abilene together. Now they're using that powerful backbone to understand the demands of future computer users and test equipment for eventual commercial release.
Networks like Abilene are different from existing consumer networks. On today's Internet, traffic flows in millions of small streams, consisting mostly of simple communications like e-mail, text-based Web pages and instant messages. But on Abilene, information travels through a few hundred extremely large rivers in the form of high-bandwidth applications and complex academic systems. This puts different stresses on hardware and provides a unique test bed for products under development.
"We beta-test things on the Abilene network," says John Jameson, director of research education markets for Juniper. "It gives us a chance to bake our equipment in networks with large bandwidth requirements and allows us to stay on the cutting edge for all kinds of pipes. If these guys weren't building high performance networks we'd be at a loss."
Juniper is currently connecting an engineering lab in Sunnyvale, Calif. to the Abilene network, installing routers that are completely surrounded by monitoring equipment so they can play with their configuration and see how that affects traffic flow. "This is something that you can't really recreate in a test lab, and telecom carriers can't be putting monitors in the middle of their networks," says Jameson. This monitoring opportunity will help them develop products that can handle the high-bandwidth requirements of tomorrow's networks.
"When downloading movies over the Internet becomes common, there will be bigger flows of information than ever before, and we'll have had years of experience handling it," he says.
Indeed, the proliferation of broadband applications like movies and video are what will drive deployment and adoption of next-generation networks like Abilene. But that's not expected to occur for several years.
But Internet2 isn't just about fast networks. The consortium has also made progress developing innovative software and services. "We're helping corporations experiment with and develop compatible ways of managing privacy and security" says Van Houweling.
One application, called Shibboleth, is a piece of open source software that enables users to share restricted online resources. Without the software, if a college or business wanted to subscribe to some kind of online database, they'd have to create hundreds or thousands of accounts, one for each individual user. That's a huge administrative burden, and particularly complicated in schools where new students are enrolling and old ones are graduating. But Shibboleth handles all the identification and authentication of users in between the school and the database, thus reducing the complexity of management and protecting the privacy of individual users. Pennsylvania State University is using the program to allow its students to access music download service Napster to give them a legal alternative to file sharing.
Development of the software was supported with funding from several public and private universities and the National Science Foundation. It's a partnership that might have been hard to come by if Internet2 wasn't around to serve as fertile ground for networking innovation.
"There aren't a lot of places which invite people with ideas across the full range to come together and talk about what makes sense for the future," says Van Houweling. "We want to make sure we help fill the vacuum that was left when the bloom went off the Internet rose."
There was a period when there were thousands of startups trying all kinds of things, Van Houweling notes, but now many of them are gone, and the remaining big corporations can't spend as much on research and development.
Internet2 helps fill that void. "We think that we're a highly effective way for corporations to come together, look at what's needed and jointly participate in building the technology that we're all going to need in the future."
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
