cybersecurity

5921 readers

13 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub

All US Social Security numbers may need to be changed following a massive breach that is already being investigated as a national threat (www.ecoticias.com)

submitted 5 days ago by Innerworld@lemmy.world to c/cybersecurity@infosec.pub

6 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] givesomefucks@lemmy.world 5 points 5 days ago (2 children)

This is a good time to remind everyone that most of the problems with using SSNs for security is because at no point during design or implementation was it supposed to be used as a private thing.

It was supposed to be as common and easily accessible as your name.

It's just when it's started, it wasn't listed anywhere publicly yet

So third parties just started treating it like it was a secret, and eventually it had enough momentum that the government just went with it.

We don't need to just give people new numbers, we need a new system with both a public identifier and then some kind of secure system.

[–] mindbleach@sh.itjust.works 4 points 5 days ago

Or: strenuously avoiding a national ID system, because of how obviously that could be abused. And probably still hacked anyway.

It is possible to do such an ID system sensibly, fairly, and for considerable net good. But we wouldn't.