Someone I know claims that she was looking for some quilt batting online, last night, by surfing the web. (that is the stuff that goes between the front and back of quilts in case you are interested). She claims that today, she got a telephone call from a man who was affiliated with one of the batting websites and he offered her a deal that wasn't uploaded on the batting website. She declined because it wasn't the right size but wondered if it was legit.

Frankly, I don't see cons lurking about waiting for some fool quilter to stumble on their batting website and expect to make money off offering them a deal on batting but be that as it may, I was astonished that he was allegedly able to get her telephone number simply based on her web surfing.

Could this happen or did she just embellish the story? I don't know if she had ordered from them before.

They most likely filled out a form that included a phone number.

Yep.

Or created an account, thought about ordering then didn't.


Otherwise, there is no way to get your phone number from just clicking on a website.

Yep.

Or created an account, thought about ordering then didn't.


Otherwise, there is no way to get your phone number from just clicking on a website.

Actually, there is.

depending on what type of service was being used to access the internet.


Was she using an IPhone or Edge/3g network?

AT&T Universe or DSL?

Cox?

Dialup?

Of course, the most likely reason was that she did previously create an account or order in the past.

Actually, there is.

depending on what type of service was being used to access the internet.


Was she using an IPhone or Edge/3g network?

AT&T Universe or DSL?

Cox?

Dialup?

Of course, the most likely reason was that she did previously create an account or order in the past.


i can't think of any situation where a phone number could be divined simply by analyzing an http request... please elaborate.

-M

I don't know if she had a previous account but it wouldn't surprise me. I also don't know if it is a dial up - I wondered about that, myself.

There are browser vulnerabilities that would allow a malicious web site to collect information stored in the browser. If the phone number, address, and other information had been entered in the browser database then that information could be harvested.

That's creepy. Hell, if you can't trust a quilting website what can you trust??

Thanks.

That's creepy. Hell, if you can't trust a quilting website what can you trust??
That's why it seems to me more likely that someone completed a form on the site or that there is another explanation.

She claims she never did but she is a bit flaky so I am not completely convinced.

I buy on the internet occaisionally and have tracked deadbeat sellers by searching their Ebay User name or Forum ID. The ones I've found were due to their posts in a forum listing their phone number or real name & address.

Wow. Who knew!

Along these same lines, I think the availabilty of online public records has gone way too far by making too much information available. A person can go to a number of city, county, and state government websites and collect a lot of information on an individual. I think it is an an invasion of privacy, especially if you are a homeowner, had a traffic ticket, filed for bankruptcy, been involved in a lawsuit, if you have been divorced, or if you currently happen to be in the county jail.

I have also come to learn that even some blogs, comments, messages, posts, rants and raves made by indivduals show up when you do a search of the web. So, be very careful what you write. That's scary!

I also don't know if it is a dial up

That wouldn't matter... You are still dialing into a service provider so they would have to be the ones sharing your phone number, and that is no different than DSL, cable modem, etc.


As far as public records being on-line, that is public information and it's always been available. The Internet is just a tool that facilitates access.

And you should always be careful about what you put in writing. If you don't want others to see it, don't write it out.

It's one of the reasons I use my real name on this forum... I want to stand behind everything I post instead of getting caught up (as many often do) in a bunch of angry rhetoric and things they would never say in person.

As far as public records being on-line, that is public information and it's always been available. The Internet is just a tool that facilitates access.

Given the changes in the laws and the advances in technology over the years, you are absolutely correct. It just concerns me that an individual could possibly come up with my home address, phone number, the type of car I drive, license number, and even my SSAN. I just hope my bank account numbers aren't out there.

possum, those types of things aren't generally out there unless you post them somewhere yourself.

But even so (and not to pick you individually -- I just hear this sort of thing often) what would it matter if someone knew the type of car you drove? And until very recently, all addresses and phone numbers were easily accessible.

I don't really understand the perceived risk.

Now, SSN numbers and bank accounts are different but those are very hard to come by.

Pete,

Recently I was doing some research on the the number of families in Oklahoma impacted by divorce. I checked out a State website looking specifically for divorces with children. I clicked on several links within that site, and IT displayed several legal forms that clearly showed addresses, phone numbers, and in 2 different records...the SSAN.

Soon after that I wrote to the Clerk of Courts expressing my concerns. I never did receive a reply.

That is the kind of information widely available to the public (on the internet) I am concerned about, because it is my understanding that if you go to the County Clerks office, the only people that can look at your court records (the physical file) are the parties involved, the lawyers involved, the court clerks office and the Judge.

Maybe I am just being paranoid.

I clicked on several links within that site, and IT displayed several legal forms that clearly showed addresses, phone numbers, and in 2 different records...the SSAN.

I've seen that. I've even seen social security numbers on court documents online.

Look at what we have in the newspaper this morning...

"Report ranks Oklahoma low on records accessibility, Most counties don’t put data online"

http://www.newsok.com/report-ranks-oklahoma-low-on-records-accessibility/article/3392477?custom_click=headlines_widget

SSN's should never be listed on-line.

As far as addresses and phone numbers, again, that information has always been pretty public and it's only recently people have become so secretive about this stuff.

My phone number is pretty much out there but with the no-call laws, I get very, very few unwanted calls.

A good option on phone numbers I think is to go with Google Talk (or a competitive one number system) that lets you control everything about phone conversations.

i can't think of any situation where a phone number could be divined simply by analyzing an http request... please elaborate.

-M

I can't either. I wasn't suggesting an HTTP request would even be used for gathering such info.

An always-on, static IP connection is much more vulnerable to an attack that is intended to gather personal info from cookies, browser auto-complete vulnerabilities, information gathering trojans, etc.. which can easily be installed on a target computer as soon as they visit or interact with a site.

That's the only reason why I was curious about the type of connection..

well, that and the fact that anyone who lets cox or at&t setup their home network(*especially* if you're using wifi) runs an even greater risk of having security problems..


like I said before, I also think the most likely cause of this was the previous filling-out of a form, or maybe a cookie identifying her to the website where she had prviously ordered from.

This is a very interesting discussion because it highlights what I hear a great deal - people who are not tech types becoming readily concerned, worried, even paranoid about the risks associated with even having a connection to the Internet. I've always tried as best I can to frame the risks in terms of practical reality vs technical reality. We have so many media members willing to drum up hysterical frenzies these days it makes someone who (such as myself) tries to put those risks in perspective very frustrated. I've been in the computing/software business for 20 years, and hysteria rarely matches up with reality. I was astounded at how people were so easily convinced the world was going to implode on the Y2K business, and was infuriated at the number of people supposedly "in" the business that were propagating fear for a buck. The frustrating thing was that when you tried to tell people what the practical risk was, which wasn't very exciting, they thought you were either a) ignoring the Terrible Risk Ahead, or b) just not "up" on this Horrible Issue.

Technically, yeah, someone could theoretically inject some malicious code into a quilting website and technically could exploit one of several possible vulnerabilities that could, in turn, put information on that computer at risk for exposure.

But what's the practical risk? Very small. The normal, day-to-day operation of a web browser has nothing whatsoever to do with your phone number. A browser sends a string of primarily technical information to a web server, and the web server may tailor its content accordingly.

I have a relative that is borderline paranoid about even having a wireless router in their home. All they hear are the stories about hackers and compromised computers, but they don't hear about how a proper security setup prevents it. Does it make it immune to every possible attack? No, but that goes again to the practical versus merely technical issue. Turn on the security, set up a good, strong passphrase, and that means (at a minimum) don't just rely on the out-of-the-box configuration for most things.

Just like no doorknob and deadbolt lock is impervious to an aggressive intruder, there is no "perfect" security online. The idea, just as with a physical intruder, is to make such attempts so difficult that the would-be attacker just gives up and moves on to one of any number of easier targets...

Excellent post SoonerDave.

Question: Is Microsoft "Firewall" (Vista Basic) sufficient, by itself, to ward off getting infected?

And, I just have to say it...Goooooooooo Pokes!

pf

i dont know anything about a website getting phone numbers unless you fill out a form, like others have mentioned. to not trace your ip and that kind of information, just go through a proxy to hide all that stuff. thats what i do.

..