FAH want my SSN?

reelbigfish

I have had FAH running for along time. I just got EZ Armor fro CA which is basically Zone Alarm Pro. I told it to protect my passwords, SSN, phone and e-mail. I got a message saying FAH was trying to send my SSN back to the server. What up with that? I took it off my comp, and it's not going back on until I get an answer. SM15 will fold on, but it's not going anywhere near my main PC.

kanezfan

:o that's weird. where is you SSN stored on your PC anyways?

primesuspect

huh? How could any program know what your SSN is?

It's not like there's a registry key that says "Users SSN:"

KingFish

:confused2 :shakehead

reelbigfish

I dunno, it's not on my PC, it's kind of odd that the sequence number would match my ssn

reelbigfish

this just proves that firewalls make you more paranoid

kanezfan

can you give us logs?

primesuspect

It sounds like EZ Armor is probably confusing something that F@H is sending back with your social security number (as kanez said, why do you have your SSN on your computer anyway?) -- You should post this on the forums at folding-community.org to see what the Pande Group has to say...

kanezfan

well i was thiking maybe it's pulling your social from quicken or some other financial app, maybe like turbo tax or something, but why would f@h want your ssn? doens't make any sense, unless they're part of some giant homeland security conspiracy

Linc

I'm not sure what type of data a WU is when it sends it in, but if there are a lot of numbers involved if may have coincidentally hit that number somewhere in the string. As kanez and prime said, it's somewhere between unlikely and impossible that F@H was purposefully using your SSN. Definitely ask about it on the community board.

reelbigfish

My SSN isn't on the computer. It's in the ZA Pro myVault, but it's not the whole SSN, just the first 5 digits. It was just kind of scary seeing that pop up. The log says "Your SSN was blocked from being sent to 171.64.122.119."

primesuspect

well then it's not actually sending your SSN to stanford....... or am I missing something

reelbigfish

WHOIS:

OrgName: Stanford University Network
OrgID: SUN-5
Address: Pine Hall, Room 115
City: Stanford
StateProv: CA
PostalCode: 94305-4122
Country: US

NetRange: 171.64.0.0 - 171.67.255.255
CIDR: 171.64.0.0/14
NetName: NETBLK-SUNET
NetHandle: NET-171-64-0-0-1
Parent: NET-171-0-0-0-0
NetType: Direct Assignment
NameServer: ARGUS.STANFORD.EDU
NameServer: AVALLONE.STANFORD.EDU
NameServer: ATALANTE.STANFORD.EDU
Comment:
RegDate: 1994-08-22
Updated: 2000-08-17

TechHandle: JK535-ARIN
TechName: Kohn, Jay
TechPhone: +1-650-723-7515
TechEmail: security@stanford.edu

reelbigfish

right, it didn't actually send, it was blocked by the firewall. so I guess it was coincidence.

RWB

My take is that F@H doesn't know or ask what your SSN is, nor does it know where to look. And if it did, what use would it be to the group(s) who developed the program.

LawnMM

Oh god, it sent some piece of data back that had the matching first 5 numbers of your SSN...take a deep breath, and step back from the computer.

mmonnin

Thats not needed here.

Anyways...I dont know how it would get this and have never seen this happen before. I am puzzled.

http://forum.folding-community.org/viewtopic.php?t=2897&highlight=ssn
Seems like some other person had this with McAfee. Guess it just matched your SSN.

GnomeWizardd

how did it know it matched his SSN?? No program requires it so how does the firewall know that it matches his ssn?

Straight_Man

reelbigfish wrote:

I have had FAH running for along time. I just got EZ Armor fro CA which is basically Zone Alarm Pro. I told it to protect my passwords, SSN, phone and e-mail. I got a message saying FAH was trying to send my SSN back to the server. What up with that? I took it off my comp, and it's not going back on until I get an answer. SM15 will fold on, but it's not going anywhere near my main PC.

One of the previous thread answers is the most likely answer, combined with a false or misunderstood packet parsing. I run Sygate Pro firewall here, and Sygate'sfree version is adequate. One of the problems you have is that EZ Armor is looking fro partial matches and not matching whole thing if you give it part of SSN. False hit based on improper packet matching. SSN does not need to be on your computer for good security. The only way all that info could be gotten in reality is a Trojan or direct HD access. So you check for trojans, make sure box is clean of viruses, and keep your box yours by passwording logons with something very hard to break and by not doing so many things that are illegal that the HD gets subpoenaed or evidence seized by law enforcement.

I have never heard of Sygate Pro being bypassed if used right. And it never asks for your SSN in the first place. NOTHING other than an accounting system you use for a sole proprietorship that tracks taxables and tax exempt things and provides records keyed to what you use for your tax return should need your SSN put onto your computer. PERIOD.

John D.

profdlp

I'm sure it's just a coincidence. Just for kicks, I created a random number over 6,000 digits long. Using the "Find" tool I found my house#, my parents house#, the first and last parts of my SSN#, the last four digits of both my and my parents phone#, and my daughter's date of birth in MMDDYY format.

Try it for yourself - I'm sure you'll find some matches of your own:

mmonnin

If he entered his SSN into Zone alarm it could somehow know that that particular number was being sent out. Most likely by accident.

Camman

profdlp wrote:

I'm sure it's just a coincidence. Just for kicks, I created a random number over 6,000 digits long. Using the "Find" tool I found my house#, my parents house#, the first and last parts of my SSN#, the last four digits of both my and my parents phone#, and my daughter's date of birth in MMDDYY format.

Try it for yourself - I'm sure you'll find some matches of your own:

Hahaha awesome to see a post backed by some in the field research!!!

Sounds a lot like a coincedence to me and not F@H trying to get your SSN. I'm betting if FAH somehow searched for SSNs and sent them back it wouldve been discovered and very highly published everywhere.