Sunday, November 27, 2005

Schneier on Security: Want to steal the identity of a Janus Mutual Fund holder?

If I held any Janus mutual fund shares I'd be writing them an letter ...
Schneier on Security: Vote Someone Else's Shares

If you have a valid proxy number, you can add 1300 to the number to get another valid proxy number. Once entered, you get another person's name, address, and account number at Janus! You could then vote their shares too.
This amount of information suffices for much identity theft. Schneier (and I) am right to spread the news. In the absence of any governmental action, we need to expose the staggering failures of these companies to implement even trivial security measures. I am sure Janus isn't the only mutual fund to make this mistake.

Perhaps the pasting they are now receiving will cause others to change their operating procedures.

No comments: