On a job application site for my local government it reveals if a specific social security has been used or not on that site. The site is very outdated.
You must log in or register to comment.
- stoy@lemmy.zipEnglish3 months
Here is a reminder for all US citizens.
Your social security number is simply a serial number with zero checksums or any logic built in.
If you want another valid social security number you can simply pick a number before or after your own.
The social security number was never designed to be a general ID number, and should not be used as such.
3 monthsIf you’d like this information told more wittily, watch CGPGrey’s video “Your Social Security Card is Insecure” (7:49).
We have our birthday and 4 not so random numbers at least. Also one of the numbers say if you are man or female.
- stoy@lemmy.zipEnglish3 months
Here in Sweden the personal number starts with your birthday, then a serial number and finally a checksum that also indicates your gender.
If you have an even checksum digit, that indicates that you are a woman, if you have an odd checksum digit, that indicates that you are a man.
Here you can find more information: https://en.wikipedia.org/wiki/Personal_identity_number_(Sweden)
- Hawk@lemmy.dbzer0.comEnglish3 months
Looks similar to Belgium.
Here it starts with your birth date, a serial number that specifies your gender (even for women, uneven for men) and a checksum.
- foodandart@lemmy.zipEnglish3 months
001-05-1120 was the number on the fake SS cards that used to be the inserts in wallets that had a clear plastic window for your ID. It is actually a number that the SSA set aside for advertising.
I use it where any business requires a SS number to get services.
When uploading my resume there was a little animation of a globe spinning.
- 3 months
More websites should do that. Bring back more fun throbbers! (yes, that is actually what they are called)
- DickFiasco@sh.itjust.worksEnglish3 months
Instructions unclear, I searched for “fun throbbers” and now my browser is buried in gay porn ads.
- Kairos@lemmy.todayEnglish3 months
And all of them only apply if you’re the most median white 50 year old man
We’ll see if I get there, I obviously used a phony ss number because f that. I also have zero professional it experience, just homelab stuff, building PCs running a lemmy instance, that kind of stuff. I know I can do the job, it’s just hard to get your foot in the door. I’m considering getting CompTia Network+
- 3 months
Using a fake ssn on a job application is profoundly counterproductive.
If you don’t trust them with your ssn why are you applying
When they try the standard background check and find you lied they will have no interest in you
Would you hire someone for it if they willingly put in their SSN to a random sketchy, unsecure looking website? I have never had another online application ask for that.
- 3 months
I can assure you they are far more interested in your ability to follow instructions than they are in your online hygiene.
- 3 months
Maybe they’re a local government, they inherited this undocumented unmaintained system and really need help? Sounds like that’s what’s happening here.
It would be different if the application was for a dodgy online make money from home setup
It seems like it’s a third party, the base url is https://www.applitrack.com/ but redirects to a different url for education applications.
- gtr@programming.devEnglish3 months
This is correct. It could even be part of the application process. I would write them an email that the obvious fake one didn’t work and you’ll not put your SSN on that site for security concerns. Especially not in the application phase. If they reject you for that you have dodged a bullet.
- 3 months
Don’t get your network+! I’m working on getting mine and I don’t need the competition /lh
- hodgepodgin@lemmy.zipEnglish3 months
Alternatively get CCNA if you want to be certified for something useful.
- 3 months
I have the A+ and am already scheduled for the Network+ test. I still consider myself quite the noob, but am learning a lot. I will look into the CCNA, as you’re not the first to mention it to me. Next on my list was Security+, however. At this point, I just want any entry-level job in IT. Or fuck… almost any job at all. Going on 6 months of unemployment here.
- thenumbernine@infosec.pubEnglish3 months
This is CWE-204, there are loads of big companies that don’t care about this. Netflix is one of them where you can enumerate registered users email addresses from the login screen.
If you want to report this to them you can check if they have a security.txt file at https://domainhere/.well-known/security.txt where they should list the contacts to their security team.
- 3 months
Never give any info in a security error. Just say there was an error. Goes right along with the rule to sanitize any and all input. Trust no one and nothing.
- 3 months
Depends on the size of the agency. You can already guess a SSN based on the range of numbers used. If you were targeting the youngest or oldest person at a small agency you could probably get a high percent chance of getting a match.
True, but this is all applicants as it’s a third party website. So likely not a huge issue, but it does lead me to believe there are other issues with their data handling.
- 3 months
Wonder if that record of ssns that its checking against is encrypted. That seems harder so maybe that’s a step they skipped?
