|
|
ARCHIVE: Rutgers 'Security List' (incl. misc.security) - Archives (1987)
DOCUMENT: Rutgers 'Security List' for August 1987 (18 messages, 13314 bytes)
SOURCE: http://securitydigest.org/exec/display?f=rutgers/archive/1987/08.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.
START OF DOCUMENT
-----------[000000][next][prev][last][first]---------------------------------------------------- From: "McMahon,Brian D" <MCMAHON%GRIN1.BITNET@wiscvm.wisc.edu> 12-Aug-1987 12:10:25 To: SECURITY@RED.RUTGERS.EDU
From: "McMahon,Brian D" <MCMAHON%GRIN1.BITNET@wiscvm.wisc.edu>
To: SECURITY@RED.RUTGERS.EDU
Subject: More bad news on EMBL break-in
Yesterday, I posted a message from the info-vax list to this board; at
least, I *think* I posted it. I never actually saw it leave. Just in
case, I'll repeat that before going on to the latest combat reports, and
network loads be damned - this is serious.
In a message dated 31-Jul-1987, Roy Omond <OMOND%EMBL.BITNET> of the
European Microbiology Lab in Heidelberg reported the following hair-raising
story:
>Well, the well known patch to SECURESHR.EXE took a *long* time in coming
>to Europe. In fact, it took me several days to convince the local DEC
>people that there was a security loophole in VMS 4.5 ... *sigh*.
>Anyway, in the meantime, we got screwed around by German hackers
>(probably from the notorious Chaos Computer Club in Hamburg). Before I
>had the chance to install the patch, "they" managed to get in and did
>pretty well at covering their tracks. They patched two images, SHOW.EXE
>and LOGINOUT.EXE, so that a) they could login to *any* account with a certain
>password, which I'll not divulge, b) SYS$GW_IJOBCNT was decremented and
>c) that process would not show up in SHOW USERS. They have cost us a lot of
>real money by using our X.25 connection to login to several places all round
>the globe. I have done my best to notify per PSImail those VAX sites that
>were accessed from our hacked system. I pray (and pray and pray ...) that
>no other damage has been done, and that I'm not sitting on a time bomb.
>Anyway, the following information might help others to check if they have
>been tampered with:
>
>Use CHECKSUM to perform a checksum of LOGINOUT.EXE and SHOW.EXE as follows:
>
> $ Check Sys$System:Loginout.Exe
> $ Show Symbol Checksum$Checksum
>
> if you get the value 3490940838 then you're in trouble.
>
> $ Check Sys$System:Show.Exe
>
> if you get 1598142435, then again you're in trouble.
>
>Now something I'm a bit unsure about whether I should publicise :
>
>Two persons with known connections with the Chaos Computer Club in Hamburg
>who I know have distributed the patches mentioned above (and in my opinion
>are to be considered along with the lowest dregs of society) I will name
>here :
>
> Claus Traenkner (at our own outstation of the EMBL in Hamburg)
>and Stefan Weirauch (at the Univ. of Karlsruhe)
>
>in the hope that someone somewhere will a) be saved some hassle from them
>and b) might perform physical violence on them.
>
>Jeez, I'm scared ...
>
>Roy Omond
Pretty bad, already. But today, I found this cheery piece, dated 04-Aug-1987:
>Further to my "important message" of last week, I have since discovered
>that the patches done to LOGINOUT.EXE were even more lethal than I had
>imagined. Not only would it allow entry to any username with the magic
>password, but it would also store (in 1's complement form) the valid
>password of all users logging in since the patch was installed in the
>12 bytes "reserved for customer use" in the UAF. How many system managers
>ever even look at these bytes, never mind spot the danger there ?
>
>Well, they also distributed a small vanilla program to decypher these
>bytes and, lo and behold, a list of username/password pairs with accounts
>with (potentially) all privileges neatly marked with an asterisk.
>
>So everyone who even suspects that something might be amiss, look very
>closely at your UAF. Look in particular at the 12 bytes from offset
>1f6 (hex) in each record. If you reverse the 1's complement on these
>bytes and get something that looks like a password then ... :-(
>
>(Users with passwords longer than 12 characters or those with 2 passwords
>(like me) are relatively ok).
>
>Yet another hacker name to surface is user DKL at Bitnet/EARN node
>DHDMPI5 (the Max-Planck Institute for Atomic Physics, our neighbouring
>institute in Heidelberg). I don't know who the person is, but I hope
>that he/she is condemned to working with IBM MVS for evermore.
I will post to info-vax the suggestion that further developments be send to
this list, as well as to info-vax, by their originators, so you won't have
to deal with me any more. I have a hunch this may not be over yet...
Brian McMahon, Grinnell College
<MCMAHON@GRIN1.BITNET>
-----------[000001][next][prev][last][first]---------------------------------------------------- From: "Stefan Weirauch, IRA, Uni Karlsruhe" 12-Aug-1987 12:48:12 To: info-vax%sri-kl.arpa%germany.csnet@RELAY.CS.NET,
Remarks on the messages from Roy Omond (31-Jul) and Michael Bednarek (4-Aug).
Just back from my summer holidays I have to notice some very strange
statements in connection with my name.
Roy Omond wrote:
> Now something I'm a bit unsure about whether I should publicise :
He better should have given it more thought...
> Two persons with known connections with the Chaos Computer Club in Hamburg
> who I know have distributed the patches mentioned above (and in my opinion
> are to be considered along with the lowest dregs of society) I will name
=======================
This is, in fact, a primitve insult, based on nothing but speculations.
> Claus Traenkner (at our own outstation of the EMBL in Hamburg)
> and Stefan Weirauch (at the Univ. of Karlsruhe)
>
> in the hope that someone somewhere will a) be saved some hassle from them
> and b) might perform physical violence on them.
=========================
Well, just an instigation to perform violance.
To build an opinion about this way of writing a public message is left
to the reader.
However, as System/Security Manager I know very well those problems with
hackers (see below). In case of detecting such a penetrator, I grab him and
take further steps personally.
At my site no personal mail relative to those topics in Roy Omonds message
reached me. May be, that is not astonishing in the light of a message,
which is based on some vague informations.
Michael Bednarek wrote:
> I knew I had seen this name before, and (using rn) the command ?weirauch?ra
> showed article <8707221338.AA29452@ucbvax.Berkeley.EDU> which is a patch
> to PHONE. The date was 21-Jul-1987.
>
> In the light of Roy's experience you might want to examine the nature of that
> patch.
Well, this comment fully deserves my agreement, because you will see, how well
written the Phone Patch is (of course, I mean the second, bugfixed version).
But, does it make sense, to examine software, distributed over the net, only
if there is someone, railing at the creator ?
I think, you allways should very carefully examing such software, performing
modifications of the operating system. If your are not able to do this, for
example, because you have no micro-fiches, it is reasonable to wait for such
modifications from DEC.
I did not add such a hint to my PHONEPAT - description, because I suppose, we
all think that way.
As I mentioned in my PHONEPAT message, there are many clever student users at
our site, detecting bugs or undocumented features in VMS. I spend a lot of
time in preventing them from successfully attacking the system. To do this
efficiently I made my thoughts about the things a hacker might perform.
Thus, I learned much, and hacked patches to parts of the system as a problem
of system security (again affecting my nerves and time) are old for me;
if they are new to you, dont accuse those people, making their experiences
with these aspects of security, but learn from them and be thankful !
Stefan Weirauch CSNET: WEIRAUCH%iravcl@germany.csnet
Informatik-Rechner-Abteilung UUCP: WEIRAUCH%iravcl%uka.uucp@unido.uucp
Universitaet Karlsruhe PSI: PSI%026245721042100::WEIRAUCH
D-7500 Karlsruhe 1
West Germany
-----------[000002][next][prev][last][first]---------------------------------------------------- From: John Owens <john@xanth.cs.odu.edu> 15-Aug-1987 10:12:39 To: SECURITY@RUTGERS.EDU, WBD.MDC@office-1.arpa
Well, most garage door openers that I've seen (I don't have one myself,
not having a garage) have a set of DIP switches you can use to encode
a unique pattern. The frequencies, at least within the same brand, are
the same. So you could set your two openers to be one bit apart, and
leave the hood off of the dip switches, and switch the one bit....
John Owens Old Dominion University - Norfolk, Virginia, USA
john@ODU.EDU old arpa: john%odu.edu@RELAY.CS.NET
john@xanth.UUCP old uucp: {decuac,harvard,hoptoad,mcnc}!xanth!john
-----------[000003][next][prev][last][first]---------------------------------------------------- From: GREENY <MISS026%ECNCDC.BITNET@wiscvm.wisc.edu> 17-Aug-1987 10:49:48 To: <security@RED.RUTGERS.EDU>
>A friend of mine has a two car / two door garage. He wants to install >a remote control garage door opener on both doors with different frequencies >for each door. He would also like ONE controller ... Seems simple enough to me. The crystals in those handy-dandy garage door openers are *usually* (if they arent...just de-solder em..) plugged into a socket somewhere in the controller. Just mount the two crystals somewhere else and wire them thru a DPDT (Double Pole Double Throw) switch from Radio Shack and wire the switch into the now empty socket from the crystals. Stick it in the car with some double stick mounting tape, and label the switch Left/Right or 1/2 or 0/1 (whatever suits your fancy...) and then hit the button. When it's on "1" door "1" opens, and when on "0", door "0" opens....no biggie. And if there is such an "off the shelf" (i.e. Unhackerish) type available, it probably is part of a so-called "system" and costs giga- bucks!... Hope this helps.... bye for now but not for long.... Greeny Bitnet: miss026@ecncdc Internet: miss026%ecncdc.bitnet@wiscvm.wisc.edu
-----------[000004][next][prev][last][first]---------------------------------------------------- From: Joe Harrington <jh@ATHENA.MIT.EDU> 17-Aug-1987 22:22:51 To: security@red.rutgers.edu
MIT, in a noncharacteristic burst of liberal generosity (or they're tired of getting kicked in the *** by people who demand their rights), gives you the option of having your ssn or a pseudo ssn which they provide as your MIT ID number. The pseudo ssn's all begin with 888, as (so goes the story) there have not (yet) been any real ssn's issued with that prefix. If it is true that no 888 numbers have been issued (please reply if you think otherwise and have counterexamples), then giving some random 888 number as your ssn could be an easy solution for people who wanted to hide theirs and avoid hassle (though be careful about misrepresenting yourself on signed legal documents). Unfortunately, it is too late for me, as my ssn is plastered all over everything. Oh well, --jh--
-----------[000005][next][prev][last][first]---------------------------------------------------- From: "Mike @ (214)575-3517" <LINNIG%eg.ti.com@relay.cs.net> 18-Aug-1987 12:27:21 To: security@RUTGERS.EDU
sure, you can do that .. but not by changing the frequencies. Some of the new garage door openers send a digital code (typically 8 bits) as part of their signal. The door opener and the controller have to be set to the same code for it to work. All you need is two openers (same brand and model) and one controller. To change codes on my controller, their are some jumper cables that you cut to set the bits. Wire a switch up to one of the jumper cables. Set the codes in the door openers so they only differ by one bit (the one with the switch). Now the switch allows you to send two different codes, one for each door. Enjoy, Mike Linnig, Texas Instruments
-----------[000006][next][prev][last][first]---------------------------------------------------- From: Brint Cooper <abc@brl.arpa> 18-Aug-1987 13:44:30 To: Security@RUTGERS.EDU
Nearly all of the requests for SSN that I have seen have not required me to produce the card. In every case that I can think of, I could just supply the number from memory. What's to prevent someone who objects to passing his/her SSN around the town to provide a false one? Similarly, many places now require a phone number on a credit card slip (Visa/MC). They don't check this number as part of verification. In restaurants, it's not even requested until you're signing the slip and leaving. I wonder what they do with this info. It might help someone who's fradulently using your credit card number. It might also be sold to telemarketing firms. Again, why not submit a false one? Or your work phone? Or whatever? _B
-----------[000007][next][prev][last][first]---------------------------------------------------- From: davy@intrepid.ecn.purdue.edu (Dave Curry) 29-Aug-1987 12:03:02 To: RMOREY%ATLAS%rca.com@relay.cs.net
From: RMOREY%ATLAS%rca.com@relay.cs.net
Date: Fri, 31 Jul 87 11:03 EST
Subject: Dogs, defense against
I have heard about aerosol sprays that deter attackers, but can't find
them and don't know if they are legal. Someone suggested to my wife
that she buy a squirt gun with a 30-foot range and fill it with
ammonia to shoot at dogs. Q: Would this work without getting me into a
lawsuit from seriously injuring a dog?
Ammonia? Sounds pretty nasty, and I would think it could hurt the dog.
I've always heard lemon juice is what you should use.
And what is in aerosol sprays that are used for self defense, if
not mace? What sprays are legal and where are they found?
Well, there is "PARALYZER", which is basically Army tear gas. It comes
in a small black aerosol; most "army surplus" type stores sell them,
among other places. I'm not sure what a dog would do if you sprayed
him with it though; the stuff is NASTY.
I'm not a dog hater. I've never been a dog owner, either. Does
anyone have any better suggestions?
Most of the postal carriers here have some sort of small aerosol
clipped to their mail bags; I assume it is for discouraging dogs. You
might call your local post office and ask them what they recommend.
--Dave Curry
-----------[000008][next][prev][last][first]---------------------------------------------------- From: Carl DeFranco <DEFRANCO@radc-tops20.arpa> 31-Aug-1987 09:30:52 To: rmorey%atlas%rca.com@relay.cs.net, security@RUTGERS.EDU
I'm assuming this is related to the net. R. Morey inquired about things
to protect people from less than freindly dogs. There are a number of
such products available, tho' I'm not sure of the sources.
1. STOP! is an aerosol designed for protection specifically
from dogs. Aimed at their snouts, it will stop them in their
tracks without doing permanent harm. A bicycling friend of
mine swears by it.
2. DAZER is a new electronic device that generates high
frequency sound painful to dogs. A recent Syracuse, NY
newspaper article described tests as ambiguous - when it
worked it worked very well.
3. The originally mentioned ammonia squirt gun trick is very
effetive if you can hit the dog.
Regarding liability for hurting dogs: I'm not a lawyer, but in nearly
every community, some form of leash laws exist. Even when they don't,
a pet owner is responsible for his/her pets actions. If they leave the
confines of the owners property, you are justified in using reasonable
means, including physical harm if truly necessary, to protect the health
and safety of yourself and your family. I personally wouldn't hesistate
to take action against a dangerous animal if it threatened me, my wife,
or my children. I would also be glad to answer any pet owners complaints
about my treatment of their animal. By the way, I have a large dog and
two cats of my own - I'm NOT an animal hater.
Carl DeFranco
DEFRANCO@RADC-TOPS20.ARPA
-----------[000009][next][prev][last][first]---------------------------------------------------- From: John Pershing <PERSHNG@ibm.com> 31-Aug-1987 09:56:35 To: security@RUTGERS.EDU
There used to be a product called "Halt!", sold at bicycle stores, that
was *quite* effective at stopping charging dogs in their tracks.
However, I have no idea what would happen when it wears off, as I was
always long gone by that time -- maybe you would simply have a very angry
dog on your hands...
Halt! is more-or-less aerosol Tabasco Sauce, and does not cause any harm
to the dog; ammonia, on the other hand, can cause blindness if you get it
in the dog's eyes. I don't know if Halt! is still available, but I assume
that it is -- check out your local bike shop.
John A. Pershing Jr.
-----------[000010][next][prev][last][first]---------------------------------------------------- From: Simson L. Garfinkel <simsong@cunixc.columbia.edu> 31-Aug-1987 14:04:19 To: Security@red.rutgers.edu
(I saw this on somebody's desk today. It is on official stationary.) NATIONAL SECURITY AGENCY Fort George G. Meade, Maryland, 20755-6000 Serial: V1-072/L-87 24 July 1987 Dear Gentlemen and Ladies: The National Security Agency, in conjunction with four major U. S. Corporations, is currently developing a new family of secure telephones. These new phones, designated STU-III, will begin fielding in October 1987, and will serve as the primary secure telephone for the U. S. Government and its contractors. In support of this program, the National Security Agency will host a "STU-III" Seminar for U. S. Contractor Personnell" on 5-8 October 1987 at the Aladdin Hotel, Las Vegas, nevada. The purpose of this seminar is to furnish the U. S. contractor community with essential information on the STU-III family of secure telephones, and to provide a forum for discussing STU-III issues of mutual interest. This meeting is the only one of its type planned for the contractor community in the foreseeable future. If your company plans to acquire STU-III terminals, appropriate personnel should attend. ... Highlights from agenda: Tuseday, 6 October 1987: STU-III overview and Program status STU-III Implementation Schedule and Field Plans STU-III Testing (Progress report and future plans) STU-III Vendor Presentations AT&T Motoroal RCA WEDNESDAY, 7 October 1987 STU-III Key Management System Overview STU-III TErminal Keying procedures Vendor Keying Demonstrations STU-III Doctrine Contractor STU-III Key Management Sturcture Command Authority/User Representative/COMSEC Custodian Relationships Thursday, 8 October 1987 STU-III Key Ordering and Distrib7ution Accounting for STU-III Key Key Management System Milestones and Schedule .... A security clearance is not required for attendance at this seminar. However, attendance will be limited to U. S. Citizens only, and the attached registration from must be signed by each attendee. The name and phone number of a company security officer should also be provided, so that U. S. citizenship may be verified. Further information concerning the seminar may be obtained from Mrs. Linda Amrein, Miss Maureen Anderson, or Mr. Bill Johnston on (301) 688-7897/8255.
-----------[000011][next][prev][last][first]---------------------------------------------------- From: James M Galvin <galvin@udel.edu> 31-Aug-1987 14:38:55 To: security@RUTGERS.EDU
Hmmm, watching all the discussion about social security numbers, I am curious about two things in regards to phone numbers. When I use my credit card retailers invariably ask for a phone number under your signature, and worse insist on it. Generally I just give them a random number. (I even used 999-123-4567 once, and nobody noticed.) First, can a retailer insist on a phone number? Second, am I in trouble for giving out wrong numbers? And just to go a step further, what about when they ask for your address? Jim
-----------[000012][next][prev][last][first]---------------------------------------------------- From: mason@oberon.lcs.mit.edu (Nark Mason) 31-Aug-1987 15:44:09 To: RMOREY%ATLAS%rca.com@relay.cs.net, SECURITY-REQUEST@RUTGERS.EDU
There are two kinds of spray dog repellants I know of, one's mace (CN or CS gas) and the other's just something nasty billed as a dog repellant. Generally either one will repel an attacker, man or dog. But if you run into a really mean dog or really mean (or drugged) human it will just make them mad. I've spent a lot of time biking in the mountains in western mass and NY and have had problems with dogs. I got a can of mace (CN I think, it was illegal - tear gas), next dog I ran into I leveled the can at him and he ran for cover before I had a chance to douse him. I haven't carried a can since, all the dogs I've run into KNOW, they've been maced before. Unless the dogs are an extra ornery junkyard type mace, CS, CN or dog repellant will teach them quickly to stay away. (good luck finding the stuff, I believe it's illegal many places - my grandmother got some from her mailman once [for use on dogs])
-----------[000013][next][prev][last][first]---------------------------------------------------- From: mason@oberon.lcs.mit.edu (Nark Mason) 1-Sep-1987 09:09:00 To: security@RUTGERS.EDU
There's been a lot of talk about how not to give out your SS #, the one thing I still fail to understand is why not give out your SS #? How can it be abused?
-----------[000014][next][prev][last][first]---------------------------------------------------- From: Mary Akers <makers@col.bbn.com> 1-Sep-1987 10:38:49 To: Security@RUTGERS.EDU
I received this over the net from a friend. I thought it would make an interesting counter point to the recent discussion on releasing Social Security Numbers - note the section about using false numbers. ------------------------------------------------------------------------ Date: Tue, 11 Aug 87 19:00:24 edt From: decvax!LOCAL!minow@decwrl.dec.com (Martin Minow) To: decwrl!risks@csl.sri.com Subject: [Found on Usenet (net.consumers)] Social Security Administration -- Inside Scoop From: lance@ubvax.UUCP (Lance Keigwin) Just after college I accepted a job with the Social Security Admin (SSA) in a NYC district office. I spent several years with SSA as a claims representative, operations supervisor, and regional program specialist. Fortunately I had the good sense to leave several years ago, when it became very clear that federal service was not an alternative to anything. In these jobs I dealt with all levels of the SS program. Undoubtedly the two biggest headaches for SSA (and the public claimants) were resolving discrepancies in dates of birth and earnings records. Screwups in establishing age is another story, and far less controversial. SSA's record there is really pretty good, if the claims rep is not a dope. But scrambled earnings records are almost impossible to fix. This usually happens when somehow an employer gets a hold of a wrong number, usually from an employee (although the employer could pick it up from almost anywhere...and they do!). Of course there is cross-checking against what SSA believes is the right name and number but all it takes is some (#$%@$%) clerk to cross refer two numbers to the same person and zap! Suddenly you're record relects someone else's wages too. Or worse: your covered earnings are credited to some third party. This happens all the time because people forget their numbers, re-apply for a second one, guess wrong, etc. Safeguards exist but if you consider the scale here (all those workers, all those employers, and the general interest of the average gov't employee in doing the job right even if it means more work and worsened processing statistics) there are bound to be major problems. When does the error come to light to you, John Q. Public? If at all, almost always at retirement, some decades in the future; at a time when many employer records are gone, if not the employer itself, and your recollection is at best fuzzy. Chances are probably 9 in 10 that you'll never get credit for all the taxes you paid, if your record is messed up obviously enough for a rep to notice it and to look into it. My advice: 1) Never, NEVER give anyone a fake SSN. It will haunt you later in life. If SSA has to search for earnings under a different number (spotted on an application for employment, a credit card report, school record, etc.) you will suffer significant delays in getting your correct benefit at best. More likely, you will never live to see the tax credit. 2) Always, ALWAYS request a statement of your earnings every three years. There are screwy statute of limitations regulations (3 years, 3 months and 15 days), about when an error can be corrected. Also the statement of earnings you get will only breakout the last several years individually, and will total all prior years in one lump sum, so it it good to do it periodically. 3) If you suspect an error, ask for a complete posting of each year (a "certified earnings record"). If you're given a little card to complete and told it will be mailed to you, don't buy it! You can only get a complete record by seeing a Service or Claims representative, who must complete an SSA-450 for transmission to HQ in Baltimore. Insist on a photocopy of it when it arrives. Be troublesome, if necessary. 4) If you do see an error, put your dispute in writing and if you must mail it in, do so certified mail. Establishing the date you first suspected an error is important. SSA has ways of "scouting" an employer's records. Ask to have it done. 5) Check your W-2 for the correct SSN. Paystubs too, but especially the W-2. Report any error to your employer and IRS. 6) If you don't want to give your correct SSN to someone and feel you must fake it, give them a number that starts with "9". There is no such thing as a real 900-series number so you are not risking screwing up yours or someone else's account. SSA will never accept it. 7) If you get an official decision that goes against you, protest if you really believe you're being cheated. There are several appellate steps, and usually the official who decides is reasonably intelligent and responsible. Read the back of the notice about "reconsiderations", "hearings", etc. The reversal rate it very high. As a matter of interest, two years after I started work for SSA I requested a record of my earnings. Sure enough, there was an error in two quarters. Want to guess who the employer was that messed up? Yep, SSA. It took them 3 years to fix it. Good thing I had an "in". :-) I also discovered that my retired father should have been getting benefits for three of his student children (an SSA snafu). I had us apply, and asked for full retroactivity (over 8 years). The claims examiner awarded only 12 months of retroactivity. I appealed. We won. Total family benefits came to over $7000. I used my $1500 to buy a washer and dryer. Lance P. Keigwin (lance@ubvax.UUCP) (408)496-0111 (operator) 562-7738 (direct)
-----------[000015][next][prev][last][first]---------------------------------------------------- From: "Bryan, Jerry" <VM0A61%WVNVM.BITNET@wiscvm.wisc.edu> 1-Sep-1987 14:40:51 To: <SECURITY@RED.RUTGERS.EDU>
>To the best of my recollection, the last time I renewed my California >driver's license, I was told my SS# was required. I asked for confirmation, >saying it was my understanding that it could not be required by law, but >they were adamant, so I did not pursue the issue even to the point of >asking to talk to a supervisor. > Jeff Rothenberg > The RAND Corp. > jeff@rand.org My understanding is that in about 1979 or so, Congress made an explicit exception to the Privacy Act of 1974 to explicitly permit states to use SSN's for all forms of motor vehicle registration, including both your driver's license and the registration of your car. This means, of course, that the original Privacy Act really does not mean anything any more because your driver's licence is such a ubiquitous ID that once there, it is available to all the world.
-----------[000016][next][prev][last][first]---------------------------------------------------- From: "Bryan, Jerry" <VM0A61%WVNVM.BITNET@wiscvm.wisc.edu> 1-Sep-1987 14:53:04 To: <SECURITY@RED.RUTGERS.EDU>
>One of my biggest frustrations is interest bearing bank accounts. The IRS >requires you to give the bank your SS#, but as far as I know there are >no restrictions on what they can do with it. Does anyone have a solution >for this? Write your congressman. Existing law is *not* on your side. I fear I am cynical, but I have lost several times -- after fighting hard and even hiring lawyers. Present law favors, encourages, and often requires the use and disclosure of SSN's. The somewhat limited provisions restricting SSN's that were present in the Privacy Act of 1974 have been emasculated by subsequent legislation.
-----------[000017][next][prev][last][first]---------------------------------------------------- From: <FXSDD%ALASKA.BITNET@wiscvm.wisc.edu> 1-Sep-1987 17:03:33 To: security@red.rutgers.edu
From: Scott Dennis, Computer Support Subject: Social Security Numbers In Alaska, they appear to have a more enlightened approach to Social Security numbers. When I renewed my drivers license a couple of years back, I told them to remove it. The clerk didn't know how to do it, but the supervisor was very helpful. My license now shows 000-00-0000 in the SS # location. My other experience with this was at Arizona State University, where they use it for a student ID number. I refused to give it, and they were happy to issue me a 998-xx-xxxx number. Their forms call it a 'student ID #' The University of Alaska is pretty insistant on getting the actual number, however. Their forms have the gall to always call it a 'SS #'
END OF DOCUMENT
| ISSN 1742-948X 01 (Online) | 2005/03/01 | Copyright 2002-2008 securitydigest.org. All rights reserved. |