RSA asks for, receives, Central Park-goers' personal data
New York (NY) - With the nation’s heightened sense of security following the September 11th terrorist attacks, you would think that Americans would be more careful about divulging their personal information. For years, malicious users have pulled off "phishing" attacks, using fake e-mails and Web sites to obtain data from unsuspecting individuals. But in a test of citizens’ trust versus skepticism, RSA tried the direct route : Their team of surveyors just asked.
RSA’s results show that many people will still give up very personal information - such as their birth date or mother’s maiden name - to a complete stranger.
Between 24 August and 6 September, surveyors decked out in "I LOVE NY" shirts and holding clipboards asked New Yorkers passing by in Central Park to fill out an 18 question "tourism" survey. Their questions included blanks for filling in the participant’s mother’s maiden name, pet’s name, favorite sports team, and date of birth. There was even a question asking participants how they devised their passwords.
In a report released today, RSA said it succeeded in getting 108 people to fill out the survey - which, over a two-week period, is frankly poor success. But among the results RSA could tally, more than 70% willingly gave their mother’s maiden name ; almost 85% gave their full name, street address, and e-mail address ; and 90% included their date of birth.
Even more shocking, more than half of respondants gave their strategy for making online passwords.
The RSA survey did not ask for Social Security numbers, but given the above statistics, the RSA could conceivably have obtained them. Even so, almost anyone can find one of the respondant’s Social Security numbers from today’s abundance of online databases, using just the answers given. Many financial institutions still use the Social Security number as an identifier for users to access its Web site or talk to an operator.
Furthermore, even though participants were not asked to jot down their own passwords, the variations of addresses, pet names, and dates of birth they did provide, reflect the kind of data many often use to generate memorable passwords. Sadly, some phishers don’t even have to get the password right, because many online retailers have a "Forgot Password" button that will ask for mother’s maiden name - another field which respondants diligently supplied.
- rsa ,
- privacystudy ,
- newyork
- SGI listed on over-the-counter exchange
- PNY unveils new Verto GeForce 6800 GS
- Yahoo, TiVo enter into remote user partnership
- Solar cell maker SAS to increase production
- Flat panel HDTV market to begin gathering momentum
- Taiwan LED makers scheduling capacity expansion
- ATI graphics chips in short supply for Q4
- Qualcomm drags Nokia into IP mess over GSM, GPRS patents, joining Broadcom
- US charges 'Botmaster' in unique computer crime
- Former RIAA chief joins board of P2P file sharing company
- Samsung to drastically increase hiring and R & D investment
- Macromedia warns of a highly critical vulnerability in Flash
- David Strom: Sony BMG's music sounds off-key
- Aaron McKenna: Parents need to get game
- Wholesalers to cut DVD-R disc prices to US retailers 10%
- US Justice Dept. proposes jail time, seizing assets of copyright offenders
- Apple looks to source low-density NAND flash from Hynix
- LCD monitor makers have mixed results in October
