Go | New | Find | Notify | Tools | Reply | |
| Ol' Jack always says... what the hell. |
OK, so you do the check and it gives you an enrollment date. What does that mean? | |||
|
Info Guru |
Go back on that date to the same link and you can enroll in the free credit monitoring service. They are staggering enrollments to keep the page from crashing. “Facts are stubborn things; and whatever may be our wishes, our inclinations, or the dictates of our passions, they cannot alter the state of facts and evidence.” - John Adams | |||
|
| Ol' Jack always says... what the hell. |
Gotcha. Is it worth enrolling? I think it's TrustedIDPremier? Are they part of Equifax? | |||
|
Nullus Anxietas |
Yeah, there was quite an uproar over that. If they'd tried to keep that in place, it's a pretty safe bet they'd have attracted unwanted attention from Congress, so...
and...
Ref: Cybersecurity Incident & Important Consumer Information (Equifax) I like how it magically became a FAQ and a clarification all-of-a-sudden  "America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher | |||
|
Don't Panic |
I don't know about Schwab's system, but I do know a subset of the junk/scam callers are set up to try to record your voice to use on that sort of system. They do this by asking pre-recorded questions that most people will answer in expected ways, for example answering 'Yes' to some sorts of questions. They gather the recordings, and pair it with info they already have (name, address, phone number, ...) in hopes of further exploits. Long way of saying, nothing's perfect. It might be an improvement. I would ask them what happens to a stroke victim. My next door neighbor is recovering and his voice is not yet back to where it was. If he'd set up something with voice recognition, he'd have a hard time using it now. | |||
|
| Oh stewardess, I speak jive.  |
Voice recognition? Definitely not foolproof. Far less secure than typical modern encryption, from a technical perspective. Fairly easy to beat, for a great many people (thousands upon thousands of modern musicians and audio engineering sorts, and more). This is impossible to prove here in this venue and in general (unless you're the head of the NSA or someone who Knows what we have in our nation's tool box), but just the same I'd confidently bet real money that there's no automated voice recognition system in existence that couldn't be spoofed with enough equipment and high quality recordings of the subject's voice, perhaps even an impostor, and with such resources I'm confident it would be fairly trivial to beat. Audio Engineering is well understood, and the bank has no magic. At the end of the day, any such system is nothing more than some combination of microphones (usually cheap / inaccurate ones), a digital recording of the subject's voice (taken in an imperfect environment, with unwanted noise and artifacts, and probably at a sub optimal bitrate for more efficient storage), and some software to compare them (waveform and frequency analysis, dynamic range, etc, and some algorithm that weights these measurements with some acceptable margins of error, as inconsistencies will exist for everyone given the imperfect conditions/gear, and probably some tools that filter noise and such first), and some hardware to crunch those numbers on demand without it taking forever, none of which is very difficult or expensive, nor has it been for, say, 10-20 years. Unless they have you stop by a fairly fancy recording studio and record the master copy of the passphrase or whatnot using the best (most accurate) gear in the world (say, a $10,000 microphone through a $100,000 console, at 24+bit 96+k, in a room that cost thousands to insulate, and done by professionals), what the bank has for the master audio will be fairly imperfect from the get-go, and predictably so (the audio signature, so to speak, of xyz-brand microphone in 123-brand phone (with published specs as most are), where - for example - the mic has a known hump of 3db at 3000hz and the phone has a built-in 2:1 soft compression to reduce the dynamic range and make everything you say more uniform in volume and a bit louder), and so on, where, say, 75% of all customers use one of the same 30 popular phones... this list of possibilities is not only finite but fairly small. These things are simple to find and adjust for, including adding them to to pristine audio to make it sound phone-like if needed, so, say, taking an accurate recording of Bob via a hidden mic and digital recorder placed on the bookshelf behind his desk, then adjusting it to sound like it was recorded on an iPhone5, and feeding that adjusted audio back into a phone call for such verification, and so on, is kids play, technically. The bank/whomever just bets most will not bother and leverages other methods/policies. There are home recording setups and software available now, much of which is available for free, that are significantly more accurate than talking through the telephone or most everything that existed for decades. A kid in his bedroom these days may not write music as well as (The Beatles or whomever) but his laptop has much more powerful and accurate tools to edit/manipulate audio than The Beatles crew ever did. Which some say makes music less interesting nowadays (too perfect, too sterile), but ideally suited for this topic. Now, most people just aren't important enough (big enough targets) for it to matter. Thank goodness, because this is an easy egg to crack. Plus, there are AI chat/email bots that can already spoof lots of real people are into thinking they're having conversations with real people, and I'd bet there are already AI tools out there that can use a recording of, say, your last 100 phone calls, that were chopped up into words and phrases, and even fool humans in phone conversations, at least brief ones, into thinking it's you on the phone, and certainly when it's not trying to fool your wife/mom or best friend of 30 years that you see regularly, but some mope at the bank branch, just to verify your SSN, paraphrase, or a 911 call, or some other fuckery, I've no doubt our gov't and big crooks can already do this. | |||
|
Baroque Bloke |
"Equifax announced late Friday that its chief information officer and chief security officer would leave the company immediately, following the enormous breach of 143 million Americans' personal information…" https://www.google.com/amp/s/w...5caaeb8dc_story.html Serious about crackers | |||
|
Oriental Redneck |
 Q | |||
|
אַרְיֵה |
My involvement with computer technology goes back to the very early 1960s, working at Bell Labs. At that time there was no such thing as a Computer Science, or IT, or anything similar offered as a curriculum at any college or university. Bell Labs did offer a Graduate Study Program (GSP) leading to Masters and PhD degrees with much of the curriculum taught in house. They discovered that math majors were the second most successful candidates for developing programmers via the GSP. The first? Music majors. Something to do with pattern recognition, structured approach to analysis, etc. הרחפת שלי מלאה בצלופחים | |||
|
member |
Math, music, and chess produce the most prodigies. The "thinking" processes are similar. | |||
|
| member |
It seems that (according to the WSJ.), that many of those in the past who enrolled in their "credit monitoring" were subjects to the data breach: WSJ article. Sorry, the full article is subscription only. | |||
|
Mensch |
My dad studied Computer Science at NYU in the early 60's, and then taught it there. He even recorded a radio ad for them which I have on reel to reel. ------------------------------------------------------------------------ "Yidn, shreibt un fershreibt" "The Nazis entered this war under the rather childish delusion that they were going to bomb everyone else, and nobody was going to bomb them. At Rotterdam, London, Warsaw and half a hundred other places, they put their rather naive theory into operation. They sowed the wind, and now they are going to reap the whirlwind." -Bomber Harris | |||
|
Member |
F it. Just froze credit on all 3 agencies. Equifax is currently free, Transunion has a free True Identity product, where you can lock/unlock credit directly on their site, and Experian cost me $10. Your state may vary in fees charged. __Phase plasma rifle in the 40-watt range__ | |||
|
| I believe in the principle of Due Process  |
I spoke to Schwab about this. To set it up, they record you saying a phrase the Schwab guy tells you to say, something you will be most unlikely to say in any other context. When you call in, to confirm your identity, you are prompted to say the phrase. The system matches up a certain number of characteristics. It works even if you are hoarse, etc. Luckily, I have enough willpower to control the driving ambition that rages within me. When you had the votes, we did things your way. Now, we have the votes and you will be doing things our way. This lesson in political reality from Lyndon B. Johnson "Some things are apparent. Where government moves in, community retreats, civil society disintegrates and our ability to control our own destiny atrophies. The result is: families under siege; war in the streets; unapologetic expropriation of property; the precipitous decline of the rule of law; the rapid rise of corruption; the loss of civility and the triumph of deceit. The result is a debased, debauched culture which finds moral depravity entertaining and virtue contemptible." - Justice Janice Rogers Brown | |||
|
| Member |
Interesting. I would want to make up the phrase myself. I read an article recently that passwords using four random words were far more secure than current ones that require you to meet all kinds of ridiculous requirements. Of course you write it down somewhere and tell no one. I am sure that crooks are now working on this angle. At least Schwab is trying. I recall prior to the internet age of some poor doctor whose mutual funds were liquidated and reinvested in penny stocks. They of course had a recording of the voice, but he did not find out until he received his paper statement in the mail three months later. It was Vanguard I believe and it took him about one year to straighten out the mess. | |||
|
| Member |
I'll add a bit. This is from a guy named Steve Rubin, dated September 9 at 7:31pm · Phoenix, AZ "Equifax. How big of a deal is it? Well, I'm actually posting, so that should tell you right there... Basically, if you are in the US and not dealing with a major weather event right on top of you, this is what you should be working on. Now! I've spent the last 48 hours combing over security blogs, legal and financial advice threads, news reports, etc. I'll try to step through what's known at this point and what you can do. It's a VERY long post and working through all the steps may take you a few hours. Or you may have your identity compromised. I do this (web security) for a living, so I at least sort of know what I'm talking about. Hopefully, having a step by step guide will make it easier for some people to get a handle on what's happening. Sites are (unfortunately) breached all the time, so what's different now? Quite simply, it's the nature of the information that was compromised. For most "normal" breaches, a list of usernames and passwords are taken. You find out that your ABCCorp account was compromised, change the password everywhere you are using that username/password combination (you shouldn't ever be reusing passwords, but I know that's a tall order for some people), and move on. That's easily changed information. What appears to have been taken from Equifax is nearly immutable information: Name - changeable fairly easily, but even if you wanted to, it will still be tied to your old name in most cases Social Security Number - very hard to change, pretty much only after identity theft has definitely occurred, and it will still connect to your original number anyway Birth Date - immutable Address - changeable, if you feel like moving, but your old addresses are kept in your records, so that doesn't help much Driver's License Number - changeable, but there is hassle and likely a fee Credit Card Numbers (it appears that a relatively smaller number of these were compromised) - easily changed; interesting that in this situation it's one of the less dangerous items that got out Other "Personal Identifying Information" (also a relatively small number of these) - without more detail we don't know exactly what this is, but I'll speculate security questions and such Everything that is commonly used to verify identity is there. By way of analogy, this like having the keys to your front door, the code to the alarm system, and the location and combination to your safe. You're totally vulnerable. But maybe I wasn't affected? Assume you were. Equifax is one of the three big agencies, so they almost certainly had your information, and nothing in the details suggests this was only a partial breach. Start with US population, subtract minors and those with no (or too old) credit history, and that leaves about 200 million people. The breach is reported to have affected 143 million. Do you want to take a 70% chance? And no, I don't care what their official site tells you. Scared yet? Good. I'm conveying the scope of the problem. So what can you do? There are some steps you can take to limit your risk with regard to financial and tax fraud, so I'll focus there. Here it is, in ten steps (follow them in order). The first few won't seem to be directly related, but they create the foundation for what you need to have in place in later steps. 1. Don't get angry (that comes later). Find a comfortable place to work and maybe get yourself a snack. 2. Set up a password manager, if you don't already use one. I'm not going to get into password theory too much, but you should be using passwords of at least 16-20 characters long and thus you won't be able to remember them all. I use 1password and I'm happy with it. 3. Secure your primary email address(es). You have to be sure that you can receive communications safely. Set a strong password. Enable two factor authorization (2FA). Save the credentials in your password manager. 4. Secure your mobile phone. Set a strong password. Use Touch ID if you have it. This is where those 2FA codes are going to be sent, so you have to be sure that is completely safe too. Save the credentials in your password manager. 5. Make sure you have control of your Social Security account. Go to https://www.ssa.gov/ and create an account. Choose every security option it gives you. Save the credentials in your password manager. 6. Make sure you have control of your IRS account. Go to https://www.irs.gov/individuals/get-transcript and create an account. Choose every security option it gives you. You don't actually need to get the transcript at the end (but you can); you just want the account controlled. Save the credentials in your password manager. 7. For every bank account, credit card, or other financial account you have, log in and make sure you have a strong password set. Save the credentials in your password manager. Then, go through all the alert options and use them! Get used to receiving lots of emails confirming that transactions are actually yours. That's your new normal. 8. Are there any new credit cards that you NEED to apply for, insurance policies you are planning to open, or utilities you have to set up? Want a new phone? Anything else that might at all trigger a credit check. Do it now. Then come back to this list. I'm not suggesting doing anything you wouldn't have done anyway, but if you were two days away from applying for a fancy new credit card, it will be easier to deal with before you lock things down. 9. Set up a schedule for getting your free annual credit reports. Look them over for errors and report any that you find. You get one free from each major agency per year. A possible schedule might be SEP 10 Experian, JAN 10 Transunion, MAY 10 Equifax (and fee free to hope that Equifax doesn't exist in eight months...). Set annual calendar alerts and act on them when they come up. The official site is https://www.annualcreditreport.com/ 10. Set up fraud and security alerts. The upside is that this should mean that a credit agency has to contact you (preferably by phone) before taking an action on your credit history. So if someone tries to use your information, you'll receive a phone call, thus it should be obvious if the inquiry is on your behalf or not. The downside is that you have to renew it every 90 days. At the moment, there is no way around this hassle. You need to contact one of the three major agencies and they will inform the other two. You want an Initial Fraud Alert. It should be obvious that Equifax is a lost cause, so use Experian or Transunion: https://www.experian.com/fraud/center.html https://www.transunion.com/fra...r…/place-fraud-alert You also should contact ChexSystems. They deal with new checking/savings accounts, and you don't want someone else opening one in your name. You want to Place A Security Alert. https://www.chexsystems.com/ 11. BONUS ITEM. Contact your state's Attorney General and/or members of Congress. Equifax has to be brought to task for this failure (AG), and the rules about how credit works and identities are verified need to be completely rebuilt (Congress). What about identity/credit monitoring? Equifax is going to be giving away a year of monitoring. That's standard procedure for these breaches, and when it's a standard breach that's a mediocre response. Remember the difference in the type of information, though? This is not a standard breach, so it's a nearly irrelevant response. You also may (it's unclear) forfeit your right to join a class action lawsuit if you accept it. Identity monitoring is really insurance. They promise lots of things, but they can't prevent anything. They can only react. If you feel more comfortable having that insurance, so that you have a team available to help you in case your identity is compromised, then feel free to get one of these products. But you may want to look for one that isn't run by one of the credit agencies or their subsidiaries. That seems like a conflict of interest to me. What about credit freezes? Unless you live in a state that has laws making these free, I don't recommend them. The biggest problem is that all of the information needed to call a credit agency and unfreeze has been leaked, so you'll probably just be wasting your money! You can read more about what these are at https://www.consumer.ftc.gov/a...7-credit-freeze-faqs" | |||
|
| I believe in the principle of Due Process |
It's not the words that make the match. It's the voice that says the words that is somehow analyzed for the characteristics that make the match. Done by computer, I imagine. It's the same idea we used to tell if someone is a genuine Native Texan. Luckily, I have enough willpower to control the driving ambition that rages within me. When you had the votes, we did things your way. Now, we have the votes and you will be doing things our way. This lesson in political reality from Lyndon B. Johnson "Some things are apparent. Where government moves in, community retreats, civil society disintegrates and our ability to control our own destiny atrophies. The result is: families under siege; war in the streets; unapologetic expropriation of property; the precipitous decline of the rule of law; the rapid rise of corruption; the loss of civility and the triumph of deceit. The result is a debased, debauched culture which finds moral depravity entertaining and virtue contemptible." - Justice Janice Rogers Brown | |||
|
| Member |
I was thinking Voice recognition PLUS a phrase that you created to add another layer of protection as an additional security feature. I wanted to eliminate the Schwab guy from using the same phrase for every customer. | |||
|
| I believe in the principle of Due Process |
At my age and state of health, I do not want to have to remember some goofy PIN or password. I dread calling USAA one of these days unable to remember the security questions, and being locked out, like The Man Who Never Returned or something. I believe everyone uses the same phrase. It is not that you know the phrase, but that the computer recognizes that it is the same voice compared to your authentication recording. Not even Rich Little can fool it, they say. Luckily, I have enough willpower to control the driving ambition that rages within me. When you had the votes, we did things your way. Now, we have the votes and you will be doing things our way. This lesson in political reality from Lyndon B. Johnson "Some things are apparent. Where government moves in, community retreats, civil society disintegrates and our ability to control our own destiny atrophies. The result is: families under siege; war in the streets; unapologetic expropriation of property; the precipitous decline of the rule of law; the rapid rise of corruption; the loss of civility and the triumph of deceit. The result is a debased, debauched culture which finds moral depravity entertaining and virtue contemptible." - Justice Janice Rogers Brown | |||
|
| Official forum SIG Pro enthusiast  |
Such a stupid mistake. This better effect equifax's credit. ~~~~~~~~~~~~~~~~~~~ The price of liberty and even of common humanity is eternal vigilance | |||
|
| Powered by Social Strata | Page 1 2 3 4 5 6 7 8 |
 | Please Wait. Your request is being processed... |
|
© SIGforum 2024