----MESSAGE-BEGIN---- <1987081104302500> From: "McMahon,Brian D" 12-Aug-1987 12:10:25 To: SECURITY@RED.RUTGERS.EDU Subj: [4400] More bad news on EMBL break-in From: "McMahon,Brian D" To: SECURITY@RED.RUTGERS.EDU Subject: More bad news on EMBL break-in Yesterday, I posted a message from the info-vax list to this board; at least, I *think* I posted it. I never actually saw it leave. Just in case, I'll repeat that before going on to the latest combat reports, and network loads be damned - this is serious. In a message dated 31-Jul-1987, Roy Omond of the European Microbiology Lab in Heidelberg reported the following hair-raising story: >Well, the well known patch to SECURESHR.EXE took a *long* time in coming >to Europe. In fact, it took me several days to convince the local DEC >people that there was a security loophole in VMS 4.5 ... *sigh*. >Anyway, in the meantime, we got screwed around by German hackers >(probably from the notorious Chaos Computer Club in Hamburg). Before I >had the chance to install the patch, "they" managed to get in and did >pretty well at covering their tracks. They patched two images, SHOW.EXE >and LOGINOUT.EXE, so that a) they could login to *any* account with a certain >password, which I'll not divulge, b) SYS$GW_IJOBCNT was decremented and >c) that process would not show up in SHOW USERS. They have cost us a lot of >real money by using our X.25 connection to login to several places all round >the globe. I have done my best to notify per PSImail those VAX sites that >were accessed from our hacked system. I pray (and pray and pray ...) that >no other damage has been done, and that I'm not sitting on a time bomb. >Anyway, the following information might help others to check if they have >been tampered with: > >Use CHECKSUM to perform a checksum of LOGINOUT.EXE and SHOW.EXE as follows: > > $ Check Sys$System:Loginout.Exe > $ Show Symbol Checksum$Checksum > > if you get the value 3490940838 then you're in trouble. > > $ Check Sys$System:Show.Exe > > if you get 1598142435, then again you're in trouble. > >Now something I'm a bit unsure about whether I should publicise : > >Two persons with known connections with the Chaos Computer Club in Hamburg >who I know have distributed the patches mentioned above (and in my opinion >are to be considered along with the lowest dregs of society) I will name >here : > > Claus Traenkner (at our own outstation of the EMBL in Hamburg) >and Stefan Weirauch (at the Univ. of Karlsruhe) > >in the hope that someone somewhere will a) be saved some hassle from them >and b) might perform physical violence on them. > >Jeez, I'm scared ... > >Roy Omond Pretty bad, already. But today, I found this cheery piece, dated 04-Aug-1987: >Further to my "important message" of last week, I have since discovered >that the patches done to LOGINOUT.EXE were even more lethal than I had >imagined. Not only would it allow entry to any username with the magic >password, but it would also store (in 1's complement form) the valid >password of all users logging in since the patch was installed in the >12 bytes "reserved for customer use" in the UAF. How many system managers >ever even look at these bytes, never mind spot the danger there ? > >Well, they also distributed a small vanilla program to decypher these >bytes and, lo and behold, a list of username/password pairs with accounts >with (potentially) all privileges neatly marked with an asterisk. > >So everyone who even suspects that something might be amiss, look very >closely at your UAF. Look in particular at the 12 bytes from offset >1f6 (hex) in each record. If you reverse the 1's complement on these >bytes and get something that looks like a password then ... :-( > >(Users with passwords longer than 12 characters or those with 2 passwords >(like me) are relatively ok). > >Yet another hacker name to surface is user DKL at Bitnet/EARN node >DHDMPI5 (the Max-Planck Institute for Atomic Physics, our neighbouring >institute in Heidelberg). I don't know who the person is, but I hope >that he/she is condemned to working with IBM MVS for evermore. I will post to info-vax the suggestion that further developments be send to this list, as well as to info-vax, by their originators, so you won't have to deal with me any more. I have a hunch this may not be over yet... Brian McMahon, Grinnell College ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987081105081200> From: "Stefan Weirauch, IRA, Uni Karlsruhe" 12-Aug-1987 12:48:12 To: info-vax%sri-kl.arpa%germany.csnet@RELAY.CS.NET, Subj: [3566] RE: *** Important message *** Remarks on the messages from Roy Omond (31-Jul) and Michael Bednarek (4-Aug). Just back from my summer holidays I have to notice some very strange statements in connection with my name. Roy Omond wrote: > Now something I'm a bit unsure about whether I should publicise : He better should have given it more thought... > Two persons with known connections with the Chaos Computer Club in Hamburg > who I know have distributed the patches mentioned above (and in my opinion > are to be considered along with the lowest dregs of society) I will name ======================= This is, in fact, a primitve insult, based on nothing but speculations. > Claus Traenkner (at our own outstation of the EMBL in Hamburg) > and Stefan Weirauch (at the Univ. of Karlsruhe) > > in the hope that someone somewhere will a) be saved some hassle from them > and b) might perform physical violence on them. ========================= Well, just an instigation to perform violance. To build an opinion about this way of writing a public message is left to the reader. However, as System/Security Manager I know very well those problems with hackers (see below). In case of detecting such a penetrator, I grab him and take further steps personally. At my site no personal mail relative to those topics in Roy Omonds message reached me. May be, that is not astonishing in the light of a message, which is based on some vague informations. Michael Bednarek wrote: > I knew I had seen this name before, and (using rn) the command ?weirauch?ra > showed article <8707221338.AA29452@ucbvax.Berkeley.EDU> which is a patch > to PHONE. The date was 21-Jul-1987. > > In the light of Roy's experience you might want to examine the nature of that > patch. Well, this comment fully deserves my agreement, because you will see, how well written the Phone Patch is (of course, I mean the second, bugfixed version). But, does it make sense, to examine software, distributed over the net, only if there is someone, railing at the creator ? I think, you allways should very carefully examing such software, performing modifications of the operating system. If your are not able to do this, for example, because you have no micro-fiches, it is reasonable to wait for such modifications from DEC. I did not add such a hint to my PHONEPAT - description, because I suppose, we all think that way. As I mentioned in my PHONEPAT message, there are many clever student users at our site, detecting bugs or undocumented features in VMS. I spend a lot of time in preventing them from successfully attacking the system. To do this efficiently I made my thoughts about the things a hacker might perform. Thus, I learned much, and hacked patches to parts of the system as a problem of system security (again affecting my nerves and time) are old for me; if they are new to you, dont accuse those people, making their experiences with these aspects of security, but learn from them and be thankful ! Stefan Weirauch CSNET: WEIRAUCH%iravcl@germany.csnet Informatik-Rechner-Abteilung UUCP: WEIRAUCH%iravcl%uka.uucp@unido.uucp Universitaet Karlsruhe PSI: PSI%026245721042100::WEIRAUCH D-7500 Karlsruhe 1 West Germany ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987081402323900> From: John Owens 15-Aug-1987 10:12:39 To: SECURITY@RUTGERS.EDU, WBD.MDC@office-1.arpa Subj: [718] Re: Garage Door Openers (not your typical question) Well, most garage door openers that I've seen (I don't have one myself, not having a garage) have a set of DIP switches you can use to encode a unique pattern. The frequencies, at least within the same brand, are the same. So you could set your two openers to be one bit apart, and leave the hood off of the dip switches, and switch the one bit.... John Owens Old Dominion University - Norfolk, Virginia, USA john@ODU.EDU old arpa: john%odu.edu@RELAY.CS.NET john@xanth.UUCP old uucp: {decuac,harvard,hoptoad,mcnc}!xanth!john ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987081603094800> From: GREENY 17-Aug-1987 10:49:48 To: Subj: [1250] re: Garage Door Openers >A friend of mine has a two car / two door garage. He wants to install >a remote control garage door opener on both doors with different frequencies >for each door. He would also like ONE controller ... Seems simple enough to me. The crystals in those handy-dandy garage door openers are *usually* (if they arent...just de-solder em..) plugged into a socket somewhere in the controller. Just mount the two crystals somewhere else and wire them thru a DPDT (Double Pole Double Throw) switch from Radio Shack and wire the switch into the now empty socket from the crystals. Stick it in the car with some double stick mounting tape, and label the switch Left/Right or 1/2 or 0/1 (whatever suits your fancy...) and then hit the button. When it's on "1" door "1" opens, and when on "0", door "0" opens....no biggie. And if there is such an "off the shelf" (i.e. Unhackerish) type available, it probably is part of a so-called "system" and costs giga- bucks!... Hope this helps.... bye for now but not for long.... Greeny Bitnet: miss026@ecncdc Internet: miss026%ecncdc.bitnet@wiscvm.wisc.edu ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987081614425100> From: Joe Harrington 17-Aug-1987 22:22:51 To: security@red.rutgers.edu Subj: [906] ssn's MIT, in a noncharacteristic burst of liberal generosity (or they're tired of getting kicked in the *** by people who demand their rights), gives you the option of having your ssn or a pseudo ssn which they provide as your MIT ID number. The pseudo ssn's all begin with 888, as (so goes the story) there have not (yet) been any real ssn's issued with that prefix. If it is true that no 888 numbers have been issued (please reply if you think otherwise and have counterexamples), then giving some random 888 number as your ssn could be an easy solution for people who wanted to hide theirs and avoid hassle (though be careful about misrepresenting yourself on signed legal documents). Unfortunately, it is too late for me, as my ssn is plastered all over everything. Oh well, --jh-- ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987081704472100> From: "Mike @ (214)575-3517" 18-Aug-1987 12:27:21 To: security@RUTGERS.EDU Subj: [824] re: garage door openers sure, you can do that .. but not by changing the frequencies. Some of the new garage door openers send a digital code (typically 8 bits) as part of their signal. The door opener and the controller have to be set to the same code for it to work. All you need is two openers (same brand and model) and one controller. To change codes on my controller, their are some jumper cables that you cut to set the bits. Wire a switch up to one of the jumper cables. Set the codes in the door openers so they only differ by one bit (the one with the switch). Now the switch allows you to send two different codes, one for each door. Enjoy, Mike Linnig, Texas Instruments ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987081706043000> From: Brint Cooper 18-Aug-1987 13:44:30 To: Security@RUTGERS.EDU Subj: [877] Re: SS and the data theives... Nearly all of the requests for SSN that I have seen have not required me to produce the card. In every case that I can think of, I could just supply the number from memory. What's to prevent someone who objects to passing his/her SSN around the town to provide a false one? Similarly, many places now require a phone number on a credit card slip (Visa/MC). They don't check this number as part of verification. In restaurants, it's not even requested until you're signing the slip and leaving. I wonder what they do with this info. It might help someone who's fradulently using your credit card number. It might also be sold to telemarketing firms. Again, why not submit a false one? Or your work phone? Or whatever? _B ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987082804230200> From: davy@intrepid.ecn.purdue.edu (Dave Curry) 29-Aug-1987 12:03:02 To: RMOREY%ATLAS%rca.com@relay.cs.net Subj: [1496] Re: Dogs, defense against From: RMOREY%ATLAS%rca.com@relay.cs.net Date: Fri, 31 Jul 87 11:03 EST Subject: Dogs, defense against I have heard about aerosol sprays that deter attackers, but can't find them and don't know if they are legal. Someone suggested to my wife that she buy a squirt gun with a 30-foot range and fill it with ammonia to shoot at dogs. Q: Would this work without getting me into a lawsuit from seriously injuring a dog? Ammonia? Sounds pretty nasty, and I would think it could hurt the dog. I've always heard lemon juice is what you should use. And what is in aerosol sprays that are used for self defense, if not mace? What sprays are legal and where are they found? Well, there is "PARALYZER", which is basically Army tear gas. It comes in a small black aerosol; most "army surplus" type stores sell them, among other places. I'm not sure what a dog would do if you sprayed him with it though; the stuff is NASTY. I'm not a dog hater. I've never been a dog owner, either. Does anyone have any better suggestions? Most of the postal carriers here have some sort of small aerosol clipped to their mail bags; I assume it is for discouraging dogs. You might call your local post office and ask them what they recommend. --Dave Curry ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987083001505200> From: Carl DeFranco 31-Aug-1987 09:30:52 To: rmorey%atlas%rca.com@relay.cs.net, security@RUTGERS.EDU Subj: [1674] Personal protection from Dogs I'm assuming this is related to the net. R. Morey inquired about things to protect people from less than freindly dogs. There are a number of such products available, tho' I'm not sure of the sources. 1. STOP! is an aerosol designed for protection specifically from dogs. Aimed at their snouts, it will stop them in their tracks without doing permanent harm. A bicycling friend of mine swears by it. 2. DAZER is a new electronic device that generates high frequency sound painful to dogs. A recent Syracuse, NY newspaper article described tests as ambiguous - when it worked it worked very well. 3. The originally mentioned ammonia squirt gun trick is very effetive if you can hit the dog. Regarding liability for hurting dogs: I'm not a lawyer, but in nearly every community, some form of leash laws exist. Even when they don't, a pet owner is responsible for his/her pets actions. If they leave the confines of the owners property, you are justified in using reasonable means, including physical harm if truly necessary, to protect the health and safety of yourself and your family. I personally wouldn't hesistate to take action against a dangerous animal if it threatened me, my wife, or my children. I would also be glad to answer any pet owners complaints about my treatment of their animal. By the way, I have a large dog and two cats of my own - I'm NOT an animal hater. Carl DeFranco DEFRANCO@RADC-TOPS20.ARPA ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987083002163500> From: John Pershing 31-Aug-1987 09:56:35 To: security@RUTGERS.EDU Subj: [727] There used to be a product called "Halt!", sold at bicycle stores, that was *quite* effective at stopping charging dogs in their tracks. However, I have no idea what would happen when it wears off, as I was always long gone by that time -- maybe you would simply have a very angry dog on your hands... Halt! is more-or-less aerosol Tabasco Sauce, and does not cause any harm to the dog; ammonia, on the other hand, can cause blindness if you get it in the dog's eyes. I don't know if Halt! is still available, but I assume that it is -- check out your local bike shop. John A. Pershing Jr. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987083006241900> From: Simson L. Garfinkel 31-Aug-1987 14:04:19 To: Security@red.rutgers.edu Subj: [2410] Mail (I saw this on somebody's desk today. It is on official stationary.) NATIONAL SECURITY AGENCY Fort George G. Meade, Maryland, 20755-6000 Serial: V1-072/L-87 24 July 1987 Dear Gentlemen and Ladies: The National Security Agency, in conjunction with four major U. S. Corporations, is currently developing a new family of secure telephones. These new phones, designated STU-III, will begin fielding in October 1987, and will serve as the primary secure telephone for the U. S. Government and its contractors. In support of this program, the National Security Agency will host a "STU-III" Seminar for U. S. Contractor Personnell" on 5-8 October 1987 at the Aladdin Hotel, Las Vegas, nevada. The purpose of this seminar is to furnish the U. S. contractor community with essential information on the STU-III family of secure telephones, and to provide a forum for discussing STU-III issues of mutual interest. This meeting is the only one of its type planned for the contractor community in the foreseeable future. If your company plans to acquire STU-III terminals, appropriate personnel should attend. ... Highlights from agenda: Tuseday, 6 October 1987: STU-III overview and Program status STU-III Implementation Schedule and Field Plans STU-III Testing (Progress report and future plans) STU-III Vendor Presentations AT&T Motoroal RCA WEDNESDAY, 7 October 1987 STU-III Key Management System Overview STU-III TErminal Keying procedures Vendor Keying Demonstrations STU-III Doctrine Contractor STU-III Key Management Sturcture Command Authority/User Representative/COMSEC Custodian Relationships Thursday, 8 October 1987 STU-III Key Ordering and Distrib7ution Accounting for STU-III Key Key Management System Milestones and Schedule .... A security clearance is not required for attendance at this seminar. However, attendance will be limited to U. S. Citizens only, and the attached registration from must be signed by each attendee. The name and phone number of a company security officer should also be provided, so that U. S. citizenship may be verified. Further information concerning the seminar may be obtained from Mrs. Linda Amrein, Miss Maureen Anderson, or Mr. Bill Johnston on (301) 688-7897/8255. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987083006585500> From: James M Galvin 31-Aug-1987 14:38:55 To: security@RUTGERS.EDU Subj: [660] giving out phone numbers Hmmm, watching all the discussion about social security numbers, I am curious about two things in regards to phone numbers. When I use my credit card retailers invariably ask for a phone number under your signature, and worse insist on it. Generally I just give them a random number. (I even used 999-123-4567 once, and nobody noticed.) First, can a retailer insist on a phone number? Second, am I in trouble for giving out wrong numbers? And just to go a step further, what about when they ask for your address? Jim ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987083008040900> From: mason@oberon.lcs.mit.edu (Nark Mason) 31-Aug-1987 15:44:09 To: RMOREY%ATLAS%rca.com@relay.cs.net, SECURITY-REQUEST@RUTGERS.EDU Subj: [1095] Re: Dogs, defense against There are two kinds of spray dog repellants I know of, one's mace (CN or CS gas) and the other's just something nasty billed as a dog repellant. Generally either one will repel an attacker, man or dog. But if you run into a really mean dog or really mean (or drugged) human it will just make them mad. I've spent a lot of time biking in the mountains in western mass and NY and have had problems with dogs. I got a can of mace (CN I think, it was illegal - tear gas), next dog I ran into I leveled the can at him and he ran for cover before I had a chance to douse him. I haven't carried a can since, all the dogs I've run into KNOW, they've been maced before. Unless the dogs are an extra ornery junkyard type mace, CS, CN or dog repellant will teach them quickly to stay away. (good luck finding the stuff, I believe it's illegal many places - my grandmother got some from her mailman once [for use on dogs]) ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987083101290000> From: mason@oberon.lcs.mit.edu (Nark Mason) 1-Sep-1987 09:09:00 To: security@RUTGERS.EDU Subj: SS #'s There's been a lot of talk about how not to give out your SS #, the one thing I still fail to understand is why not give out your SS #? How can it be abused? ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987083102584900> From: Mary Akers 1-Sep-1987 10:38:49 To: Security@RUTGERS.EDU Subj: [5604] Social security # - a different viewpoint I received this over the net from a friend. I thought it would make an interesting counter point to the recent discussion on releasing Social Security Numbers - note the section about using false numbers. ------------------------------------------------------------------------ Date: Tue, 11 Aug 87 19:00:24 edt From: decvax!LOCAL!minow@decwrl.dec.com (Martin Minow) To: decwrl!risks@csl.sri.com Subject: [Found on Usenet (net.consumers)] Social Security Administration -- Inside Scoop From: lance@ubvax.UUCP (Lance Keigwin) Just after college I accepted a job with the Social Security Admin (SSA) in a NYC district office. I spent several years with SSA as a claims representative, operations supervisor, and regional program specialist. Fortunately I had the good sense to leave several years ago, when it became very clear that federal service was not an alternative to anything. In these jobs I dealt with all levels of the SS program. Undoubtedly the two biggest headaches for SSA (and the public claimants) were resolving discrepancies in dates of birth and earnings records. Screwups in establishing age is another story, and far less controversial. SSA's record there is really pretty good, if the claims rep is not a dope. But scrambled earnings records are almost impossible to fix. This usually happens when somehow an employer gets a hold of a wrong number, usually from an employee (although the employer could pick it up from almost anywhere...and they do!). Of course there is cross-checking against what SSA believes is the right name and number but all it takes is some (#$%@$%) clerk to cross refer two numbers to the same person and zap! Suddenly you're record relects someone else's wages too. Or worse: your covered earnings are credited to some third party. This happens all the time because people forget their numbers, re-apply for a second one, guess wrong, etc. Safeguards exist but if you consider the scale here (all those workers, all those employers, and the general interest of the average gov't employee in doing the job right even if it means more work and worsened processing statistics) there are bound to be major problems. When does the error come to light to you, John Q. Public? If at all, almost always at retirement, some decades in the future; at a time when many employer records are gone, if not the employer itself, and your recollection is at best fuzzy. Chances are probably 9 in 10 that you'll never get credit for all the taxes you paid, if your record is messed up obviously enough for a rep to notice it and to look into it. My advice: 1) Never, NEVER give anyone a fake SSN. It will haunt you later in life. If SSA has to search for earnings under a different number (spotted on an application for employment, a credit card report, school record, etc.) you will suffer significant delays in getting your correct benefit at best. More likely, you will never live to see the tax credit. 2) Always, ALWAYS request a statement of your earnings every three years. There are screwy statute of limitations regulations (3 years, 3 months and 15 days), about when an error can be corrected. Also the statement of earnings you get will only breakout the last several years individually, and will total all prior years in one lump sum, so it it good to do it periodically. 3) If you suspect an error, ask for a complete posting of each year (a "certified earnings record"). If you're given a little card to complete and told it will be mailed to you, don't buy it! You can only get a complete record by seeing a Service or Claims representative, who must complete an SSA-450 for transmission to HQ in Baltimore. Insist on a photocopy of it when it arrives. Be troublesome, if necessary. 4) If you do see an error, put your dispute in writing and if you must mail it in, do so certified mail. Establishing the date you first suspected an error is important. SSA has ways of "scouting" an employer's records. Ask to have it done. 5) Check your W-2 for the correct SSN. Paystubs too, but especially the W-2. Report any error to your employer and IRS. 6) If you don't want to give your correct SSN to someone and feel you must fake it, give them a number that starts with "9". There is no such thing as a real 900-series number so you are not risking screwing up yours or someone else's account. SSA will never accept it. 7) If you get an official decision that goes against you, protest if you really believe you're being cheated. There are several appellate steps, and usually the official who decides is reasonably intelligent and responsible. Read the back of the notice about "reconsiderations", "hearings", etc. The reversal rate it very high. As a matter of interest, two years after I started work for SSA I requested a record of my earnings. Sure enough, there was an error in two quarters. Want to guess who the employer was that messed up? Yep, SSA. It took them 3 years to fix it. Good thing I had an "in". :-) I also discovered that my retired father should have been getting benefits for three of his student children (an SSA snafu). I had us apply, and asked for full retroactivity (over 8 years). The claims examiner awarded only 12 months of retroactivity. I appealed. We won. Total family benefits came to over $7000. I used my $1500 to buy a washer and dryer. Lance P. Keigwin (lance@ubvax.UUCP) (408)496-0111 (operator) 562-7738 (direct) ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987083107005100> From: "Bryan, Jerry" 1-Sep-1987 14:40:51 To: Subj: SS# & Utilities -- a story >To the best of my recollection, the last time I renewed my California >driver's license, I was told my SS# was required. I asked for confirmation, >saying it was my understanding that it could not be required by law, but >they were adamant, so I did not pursue the issue even to the point of >asking to talk to a supervisor. > Jeff Rothenberg > The RAND Corp. > jeff@rand.org My understanding is that in about 1979 or so, Congress made an explicit exception to the Privacy Act of 1974 to explicitly permit states to use SSN's for all forms of motor vehicle registration, including both your driver's license and the registration of your car. This means, of course, that the original Privacy Act really does not mean anything any more because your driver's licence is such a ubiquitous ID that once there, it is available to all the world. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987083107130400> From: "Bryan, Jerry" 1-Sep-1987 14:53:04 To: Subj: SS# and Utilities >One of my biggest frustrations is interest bearing bank accounts. The IRS >requires you to give the bank your SS#, but as far as I know there are >no restrictions on what they can do with it. Does anyone have a solution >for this? Write your congressman. Existing law is *not* on your side. I fear I am cynical, but I have lost several times -- after fighting hard and even hiring lawyers. Present law favors, encourages, and often requires the use and disclosure of SSN's. The somewhat limited provisions restricting SSN's that were present in the Privacy Act of 1974 have been emasculated by subsequent legislation. ----MESSAGE-END---- ----MESSAGE-BEGIN---- <1987083109233300> From: 1-Sep-1987 17:03:33 To: security@red.rutgers.edu Subj: Social Security Numbers From: Scott Dennis, Computer Support Subject: Social Security Numbers In Alaska, they appear to have a more enlightened approach to Social Security numbers. When I renewed my drivers license a couple of years back, I told them to remove it. The clerk didn't know how to do it, but the supervisor was very helpful. My license now shows 000-00-0000 in the SS # location. My other experience with this was at Arizona State University, where they use it for a student ID number. I refused to give it, and they were happy to issue me a 998-xx-xxxx number. Their forms call it a 'student ID #' The University of Alaska is pretty insistant on getting the actual number, however. Their forms have the gall to always call it a 'SS #' ----MESSAGE-END----