Discussion about this post

User's avatar
Steve Ross's avatar

I was on faculty until 2005 AND I'm a Columbia graduate, but never got the letter. My wife, who is a Columbia grad, did. Last month, she was sent a new Medicare card with new ID codes and a vague note about a security issue. I assume, but don't know for sure, that this break was the reason. But in truth, people leave a long ID trail as we amble through life. The last four digits of our Social Security number are public. The first three digits, for all but the younger generation, increase from east to west, just like ZIP codes. That leaves only the middle two digits to guess outright. Our school graduation years are birthdays litter the internet as well. AI (even ML AI) has long allowed combining seemingly benign data such as email addresses, phone numbers, various billing records kept by any store in customer databases with more sensitive data. Now it is easier.

Jack Baruth's avatar

IT security has been a lost cause since it was "corporatized" into SANS training and endless certifications and so on. For most corporations, it was the Last Place You'd Find The White Men Before They Were Fired, so I saw a lot of places where "Security" also did second-level troubleshooting and anything the moron aliens/immigrants couldn't find in their runbooks. But most of the people in "Security" have little idea of how to actually secure anything and in my experience they are all easy to Mitnick-social-engineer.

No posts

Ready for more?