Her computer at work got hacked this morning.

[diehardbiker]

Why this person should be liable for this mess? It is flawed system, and government continues to use flawed system, the government should be liable for this and make sweeping changes to Social Security Number system and forcing all banks and credit bureau to set up their own Identity system somehow and make it dynamic.

I had to point out because every year it kept increasing the number of incidents, and this has to be stopped somehow.

I hope your friend has liability insurance. Compromising patient records is a serious problem. It involves identity theft, credit risk, and HIPAA offenses. All the patients should be notified, and your friend's business should provide free credit report monitoring for each patient.

 

[Reba]

Why this person should be liable for this mess?

Because the person who has custody of medical records is responsible for their security. It would be the same thing if a burglar broke into the office and hand copied the information out the records.

Hey, I don't make the rules.

 

[darkage]

If hacker use server mirror then FBI never will find hacker at all.

I agree..... FBI will not take care any minor unless they take care someone hacked on goverment's property.

When, our internet went down. I still can find free Wifi from other house which they do not set up security as "un-lock". Impossible to check their secret information.

At workplace, they called "Spy on your monitor". Unexpected to see your boss spy on you. No matter you are there or not.
Sometime happen to me, when my customer asked me to download their files from AutoCAD or Acrobat. Pop-up screen, they can see what I am going to download files.

 

[diehardbiker]

He does not mean minor, he means MIRROR, it is another term of Proxy server. It is like using third party server to mask where it started or came from. FBI will find that Mirror server and there is nothing left there to figure out where the other ends come from. That is why it is very difficult to track the hackers.

I agree..... FBI will not take care any minor unless they take care someone hacked on goverment's property.

When, our internet went down. I still can find free Wifi from other house which they do not set up security as "un-lock". Impossible to check their secret information.

At workplace, they called "Spy on your monitor". Unexpected to see your boss spy on you. No matter you are there or not.
Sometime happen to me, when my customer asked me to download their files from AutoCAD or Acrobat. Pop-up screen, they can see what I am going to download files.

 

[diehardbiker]

I understand that part. Problem is that the Networking is so sophsicated and there always loopholes that we are NOT aware until it is too late.

How to stop this, by prohibiting using SSN for external uses. Only government can do that, but because it is so cheap for Creditors to use SSN, and it is never change so they took advantage of it and ABUSED it.

Suppose the creditors took their own system and turn it into Dynamic, there is no reason for identity thieves to steal medical records. The real reason for medical records is IDENTITY, tied with SSN.

The identity thieves need Social security number to establish the identity, once that SSN is taken away, and new Financial Security numbers which can be easily changed every year making it IMPOSSIBLE for Identity thieves to repeat the crime after a year. This would cut down Multi-trillion dollars losses. Wake up, when? I hope soon!

Because the person who has custody of medical records is responsible for their security. It would be the same thing if a burglar broke into the office and hand copied the information out the records.

Hey, I don't make the rules.

 

[Jiro]

I understand that part. Problem is that the Networking is so sophsicated and there always loopholes that we are NOT aware until it is too late.

How to stop this, by prohibiting using SSN for external uses. Only government can do that, but because it is so cheap for Creditors to use SSN, and it is never change so they took advantage of it and ABUSED it.

Suppose the creditors took their own system and turn it into Dynamic, there is no reason for identity thieves to steal medical records. The real reason for medical records is IDENTITY, tied with SSN.

The identity thieves need Social security number to establish the identity, once that SSN is taken away, and new Financial Security numbers which can be easily changed every year making it IMPOSSIBLE for Identity thieves to repeat the crime after a year. This would cut down Multi-trillion dollars losses. Wake up, when? I hope soon!

because SSN never changes and it stays with you for life... it's easy for creditors to compile a financial record on you. with dynamic ID #, that's costly to maintain & implement... and difficult to track people because it's easy to abuse this system by creating multiple ID.

 

[diehardbiker]

Cheaper? How so? We already went though multi-trillion dollars fraud and scam, who loses? EVERYBODY!


Right SSN never change, that is BIGGEST advantage for scammer to use! Never change, wow! use it again for next 50 years! What a profit making for scammers.

Maybe it would cost 5-10 dollars to update identity information and ID number, and in 50 uears, may well cost only 500 dollars over lifetime, or is it cheaper to be a victim whenever somebody scam you oout of 100,000 dollars? It has happened and continues to happen.

I rather spent 500 dollars over my lifetime to maintain my ID security than to pay $$$ for credit reports, plus security expenses on computers, etc, so forth it is just too much, more than you realized.

WAKE UP!

because SSN never changes and it stays with you for life... it's easy for creditors to compile a financial record on you. with dynamic ID #, that's costly to maintain & implement... and difficult to track people because it's easy to abuse this system by creating multiple ID.

 

[webexplorer]

How come she didn't have a software that would have prevented this happened? I believe that she has an IBM PC.

I use mine for my Apple which called "Netbarrier X5." I think that it's a good software. Intego: Leading Internet Security and Privacy Software for Mac My computer can trace the IP address.

I hope that she has one for her IBM PC computer similar to Netbarrier. What would you recommend a software for her to buy?

 

[webexplorer]

I agree..... FBI will not take care any mirror unless they take care someone hacked on goverment's property.

That's definitely true. In fact, FBI won't help any people except who work for the government because it has too many cases from non-government people which is out of control. A local police almost never help them, and they can keep the information in the record for the database, but they won't work on your case. I probably think that it is only way for you to do is to hire a private detective that can help you to trace it or find the person who did it.

 

[Jiro]

Cheaper? How so? We already went though multi-trillion dollars fraud and scam, who loses? EVERYBODY!


Right SSN never change, that is BIGGEST advantage for scammer to use! Never change, wow! use it again for next 50 years! What a profit making for scammers.

Maybe it would cost 5-10 dollars to update identity information and ID number, and in 50 uears, may well cost only 500 dollars over lifetime, or is it cheaper to be a victim whenever somebody scam you oout of 100,000 dollars? It has happened and continues to happen.

I rather spent 500 dollars to maintain my ID security than to pay $$$ for credit reports, plus security expenses on computers, etc, so forth it is just too much, more than you realized.

WAKE UP!

it's only trillion dollars if you combine everybody. But for single corporation - it's just not cost effective. You need database, sophisticated software, etc. etc. etc.

 

[diehardbiker]

Database is ALREADY there, all need is add field and allow it change anytime how much it is gonna cost?

My idea was pretty much like as if add password protected to your SSN, bingo security has been enchanced. And it can be changed anytime to thrawt thieves Right not there is NOTHING to protect your SSN. How much it is gonna cost to add password protected? Probably alot less than you think.

And you said single corporation? Am I blind? There is only three credit report agencies in here that is all, whats wrong with this picture?

it's only trillion dollars if you combine everybody. But for single corporation - it's just not cost effective. You need database, sophisticated software, etc. etc. etc.

 

[Foxrac]

Good thing Apple dont use BIOS anymore.

I think Apple never use BIOS but they use Open Firmware on Mac with PPC.

 

[Jiro]

Database is ALREADY there, all need is add field and allow it change anytime how much it is gonna cost?

My idea was pretty much like as if add password protected to your SSN, bingo security has been enchanced. And it can be changed anytime to thrawt thieves Right not there is NOTHING to protect your SSN. How much it is gonna cost to add password protected? Probably alot less than you think.

lololololol yea sounds simple but afraid not... They're certainly not using MySQL for this kind of scale. On enterprise level - to make one change like adding field and generating ID for each and to generate new ID and to create records to keep track of all records... that would takes months of planning and another months of testing & executing and several hundred of dollars to million dollars to implement. sucks to be doing enterprise-level stuff

And you said single corporation? Am I blind? There is only three credit report agencies in here that is all, whats wrong with this picture?

i'm talking about credit card companies, insurance companies, etc. etc. You know - about what you said above... that's what the universities did. They used to use students' SSN on their ID card but because of federal privacy law, they had to quickly change it and produce generated ID for each student. That was easy... but not for companies especially credit card. way too easy to take advantage of it.

 

[diehardbiker]

lololololol yea sounds simple but afraid not... They're certainly not using MySQL for this kind of scale. On enterprise level - to make one change like adding field and generating ID for each and to generate new ID and to create records to keep track of all records... that would takes months of planning and another months of testing & executing and several hundred of dollars to million dollars to implement. sucks to be doing enterprise-level stuff


i'm talking about credit card companies, insurance companies, etc. etc.

Sure, but it is a investment to stop the identity thieves,


Who do you think credit card companies, insurance, etc depending on? The answer is way too obviously.

Many of creditors spent millions dollars on security and upgrades, like double webpage for security, add port 443, etc etc etc, instead of simply add FIN.

It sure amazes me when people think BIG where the solution is really small.

Please stop think big, think small.

I know it sounded off topic BUT, this is to give you idea why it is not good idea to avoid simpliest and focus on something bigger.

Back in 1960's NASA was doing experiment how to solve problem with saving while in space, they spent millions dollars on test to try to find the best way to do shave on face in space.

Result? Shaving cream works best and it cost only a dollar (That was back then).

 

[Jiro]

Sure, but it is a investment to stop the identity thieves,


Who do you think credit card companies, insurance, etc depending on? The answer is way too obviously.

Many of creditors spent millions dollars on security and upgrades, like double webpage for security, add port 443, etc etc etc, instead of simply add FIN.

It sure amazes me when people think BIG where the solution is really small.

Please stop think big, think small.

I know it sounded off topic BUT, this is to give you idea why it is not good idea to avoid simpliest and focus on something bigger.

Back in 1960's NASA was doing experiment how to solve problem with saving while in space, they spent millions dollars on test to try to find the best way to do shave on face in space.

Result? Shaving cream works best and it cost only a dollar (That was back then).

tell that to them I guess they don't see any incentive in doing so since identity theft issue is not really hurting their pocket... especially when they're not legally required to do so.

 

[~SG~]

Mod's Note:

Thread is moved from General Chat to Computers, Electronics, IT & Gaming.

 

[webexplorer]

I read on the internet that some stores sell a special adapter for the keyboard that can trace your keyboard such as passwords and many others. I wonder if you have that one for your computer. Here is a picture for example.

I found this on a computer spy supply website, and I lost its address. Sorry.

 

[Babyblue]

key logger devices. I have heard of those before.

 

[The Highlander]

be careful saying that... because last year there was hacker contest,

Whoever hacked machine wins, There were few different system, Linux, sun, windows, MAC

Which machines got hacked first? You guessed it, it is MAC!

Don't believe me???

Security researcher’s second consecutive win of Pwn2Own Mac hacking contest | TopNews United States

MAC lovers, read and weep...

I don't see any Linux, Sun, and M$ in there. How to tell that OSX got hacked first?

I can crack to Windows XP and Vista's user password under 30 seconds.

 

[The Highlander]

It's looks like backdoor trojans, in old time, they used Windows 95 backdoor called BackOfrice Netbus Trojan to control the computer as mouse moving and etc thru NetBios Port over the wireless.. Wardriver hackers can detecting wireless port and planted a trojan in the vicitim's computer.. I recommend TURN OFF the UPnP on the wireless routers.

Check it out, if your wireless router are secured or not, you can scan the ports on the website at,

Home of Gibson Research Corporation

Except DMZ for VPs. it's doesn't effects on your computers.

Use harder password (mix with nbr and letters) and "Hidden SSID" setting on your router, the wardriver hacker can't access to wireless routers.

Weak or strong password do not matter. It's level of security. Like STRONG password on WEP mode and crack under 5 minutes. Weak password on WPA II and crack around 1 year.