Hmmm. I wouldn't want to try it myself...

It seems kind of risky to type your SIN number or Credicard # over the internet...

What if you have a keylogger on your machine? You'd be giving away your numbers instantly and then you certainly would be compromised.
Jerome | Homepage | 01.23.07 - 4:32 pm | #

Well, Jerome, if you have a keylogger on your machine, you're still going to have that problem.
Alex Eckelberry | 01.23.07 - 4:50 pm | #

True, but this service invites you to enter private information:

- there are people who would never type their SIN # on their computer otherwise.

- there could be phishing scams on that stolen ID service model

All in all, although it sounds like a very convenient service, it opens up the gate for fraud.
Jerome | Homepage | 01.23.07 - 4:55 pm | #

Hey everyone, you can put your CC number at risk by giving it to someone you don't know (let alone trust) on a regular basis.

Alternatively, you could let your CC company do the fraud analysis, which they spend tens of millions on every year.

If you use this website, please contact me, I would like to sell you some moon-land I have recently acquired.
Dom De Vitto | Homepage | 01.23.07 - 5:05 pm | #

The comments are pretty negative at TechCrunch too: http://www.techcrunch.com/2007/0...n-the-internet/
Corrine | Homepage | 01.23.07 - 5:43 pm | #

Why not let people enter something like the sha-1 checksum of the Credit Card Number or Social Security Number instead? It's just as searchable (if they've been stolen, the services just looks for the corresponding checksum). It's safe (even if you send the checksum, it can't be used nor reversed).

It's not like there are no tools to calculate something like that, and it would make people feel safe about sending the data anyway.
TNT | Homepage | 01.23.07 - 6:20 pm | #

Nothing personal, but I agree with Joe over on techdirt.com:

"Identity Theft Search Engine Not Such A Wise Idea"
http://techdirt.com/articles/200...23/ 094946.shtml

I wouldn't use it, and I'm a security professional (among other things

- ferg
Fergie | Homepage | 01.23.07 - 8:56 pm | #

There's no way in hell I'd give them my SSN or any other confidential info. Who are they, anyway? What is really known about them??

I think encouraging people to give their SSN, etc., sets a very bad example.
suzi | Homepage | 01.23.07 - 10:10 pm | #

Oh well, forget what I just said above.

The number combinations are WAY too few for a SSN to guarantee that a the remote server doesn't have a precompiled "estensive" DB of all possible combinations and marks one "valid" when it's entered remotely. In fact, I'm not sure this would be enough "trustworthy" with Credit Card Numbers, either.

I guess one still would need to trust them.
TNT | Homepage | 01.23.07 - 10:35 pm | #

A security 'expert' endorsing a site that gathers vital user information such as SSN's is not only a bad idea, but it's a sign of a site that I no longer need to read daily to keep abreast of security concerns and solutions.

You've become part of the security concern.

Next step - deleting your RSS feed from my daily routine. Click...
Former reader | 01.26.07 - 8:37 am | #

Sorry, I have to agree with everyone else on this. I understand the idea, though.
J | 01.26.07 - 12:21 pm | #

Think I'll pass on this until its been well tried, tested and trusted. But I won't stop reading this blog just because it passes on information some people don't agree with. Way OTT.
Bill | 01.26.07 - 6:31 pm | #

I also would liko to try it and thanks for this information
Software Tips | Homepage | 02.17.07 - 4:47 pm | #