protect yourself – data loss on the net at app sec usa

speaker: Kelly Fitzgerald

Interesting points and urls

  • Remember that the first three digits of your Social Security Number are based on where you live. Also interesting that you get SSN at birth now and didn’t in the past.
  • Spokeo – paid service that shows info about person including what credit card and ad agencies think about you. Thinks speaker is a boy. You can opt out of spokeo everything except name and age.
  • Knowing someone’s primary email, helps you see many acccounts – facebook data, etc.
  • On Facebook, most people keep unprotected profile pic, other pics, freinds list (ex a friend’s comments). Also watch for backgrounds in photos. Surroundings, books,reflections in glass/computer monitors
  • If you buy from someone on e-bay, you can probably find their location
  • Your Facebook friends are 70% people looking at your profile and 30% random noise
  • will show interesting info
  • openbook shows open posts by person
  • – make sure you have locked down status
  • wolfram alpha self-analytics tool
  • many people use full name or email in profile. Don’t use twitter/linked in/etc pictures because can connect your online pic to the rest of your internet presence. The search by image services aren’t good yet. [facial recognition seems like this will fail eventually too]
  • – people will post stories about you. Similarly for don’t date him girl
  • People on linked in can pay to see who saw your profile
  • Amazon wish lists are public by default
  • United has upgrade status public. Only has first letter of first name and three letters of last nme. Could only find it new person already
  • Zillow, trulia, spokeo, blockshopper – all have your home’s info. Can’t get zillow off
  • Finding criminals can be tough because need to know county arrested in. But can search your and neighboring counties
  • Megan’s law offender app – shows where sexual offenders are
  • SearchDiggity – free tool to search for PII. Worry about typing in your info is still a valid fear
  • Do sensitive things on other taccounts, don’t use Oauth for touchy situtations, track old accounts down and delete them
  • Facebook has a blog – you can use it to find out about updates
  • Misinformation lets you stay anonymous
  • Can see people’s charitable and political donations
  • See if your credit card company offers virtual credit card numbers. Can use for online purchases and set short expiration date. Like a one time use number

My take
Great presentation. She took a guy who had a PII leak on a tv show and how much more she could find out about them. Entertaining and informative. It was a little short, but the Q&A were great. She brought cupcakes to bribe people to ask questions. I think we would have anyway as they were thoughtful questions. And it was good to get a break at the end.

2 thoughts on “protect yourself – data loss on the net at app sec usa

Leave a Reply

Your email address will not be published.