Social Security Numbers: Identification is STILL not Authentication…
My attention was just grabbed by a Infosec Island post on Social Security Numbers Easily Cracked, by Robert Siciliano. That's because I remembered quite a lot of fuss about it being made back in 2009.
And it turns out that the article, though posted today, is actually referring back to an article from July 2009 by Robert Westervelt for SearchSecurity: Researchers predict SSNs, crack algorithm putting identities at risk. Which is fine: there's still an issue, and Siciliano makes one or two interesting points.
If you find it of interest, though, there are some ESET blogs you might also find of interest and even a white paper I wrote in August 2009 that explores some related issues: Social Security Numbers: Identification is Not Authentication.
David Harley CITP FBCS CISSP
ESET Senior Research Fellow