mrgeek
Premium
join:2002-12-13
Dundee, IL
clubs:
| Potential Security Issues? I see that starting 12/1, we will be able to get free copies of our credit reports from the three major credit bureaus. A web site was created for this purpose,(annualcreditreport.com, live 12/1) where you will enter personal information such as DOB and SSN, and, possibly other items such as mortgage company and/or payment amount. The article further stated your information would be protected with a "barrage of anti-hacker tools". The reports would also be available by phone or mail. Will this be a potential security problem and phishers dream?
I DO know one person who will not be using the web site;) | |
|
 B
Premium,MVM
join:2000-10-28 | Re: Potential Security Issues? With relevant links to a news source or links on the credit bureaus' own sites, this would make a great front page post.
I wasn't aware of the program.
-- B
--
In a realm outside causality and function | |
|
|
 | |
| | |
| | | B
Premium,MVM
join:2000-10-28
| Re: Potential Security Issues?
Hilarious. Keep trying though. I get "For security purposes, www.AnnualCreditReport.com cannot be accessed from the referring website." in Mozilla 1.7, but then a refresh works just fine.
I think for a change this isn't browser-specific, but that they're telling the truth -- they don't like displaying the https secure page when referred from a different site. Makes sense.
-- B
--
In a realm outside causality and function | |
|
| | | |
| | | | B
Premium,MVM
join:2000-10-28
1 edit | Re: Potential Security Issues? The problem is that you guys are cutting and pasting after you've arrived at the site and ALREADY been transferred from the unencrypted (http) page to the https page.
What you need to post is THIS link: »www.annualcreditreport.com
That should work without any complaints.
(Edit: Crud. It didn't work, although my link IS properly without https. But it just continues to transparently auto-refer. Drat.)
And yes, I suppose this phenomenon will cause confusion for others posting links to the site -- they should probably skip the referrer check on the first page!
-- B
--
In a realm outside causality and function | |
|
| | | Mele20
Premium
join:2001-06-05
Hilo, HI
| said by Bobby_Peru  :Probably compliance with Fed Law forcing this, which they might just figure out a way to turn profitable through data mining, and or ads? Interestingly, the site won't let me on through the above link, in FF. You can't go there by a link for security purposes which is good! I got the following error when I tried:
"For security purposes, www.AnnualCreditReport.com cannot be accessed from the referring website."
You MUST manually type in the url in the address bar. When I did that, I had no problems getting to the main page of the site via Firefox.
I'm glad top know the site is already up. I have been waiting for December 1 so I can order my report. My mom wants hers but she is in Arkansas and that state will not be eligible until July. This is mandated by Congress and has taken over a year to become reality and even so the rollout is gradual as you can see from the map. Each person will be allowed ONE report PER YEAR FREE from each of the THREE credit bureaus and the reports can be ordered from the website or from calling any of the three credit bureaus. You will get all three reports with just one phone call or one request from the website. The credit bureaus have said almost nothing about this except for Experian which, to its credit, has had this information on its main web page since June and has this column about the FACT act:
Ask Max credit advice
Our most recent column
Select a topic from our most recent column – July 14, 2004
* Update on the FACT Act implementation
* Experian sponsors National Fraud Awareness Week
Update on the FACT Act implementation
"Dear Readers,
In January I provided a summary of the new Fair and Accurate Credit Transactions Act (FACT Act) and what Experian knew then about the law. Since that time, significant progress has been made. Here's an update.
When I wrote the January column the Federal Trade Commission (FTC) and other regulators were tasked with making decisions about how some aspects of the new law would be implemented. Perhaps the most notable is how you will be able to get a free credit report every 12 months from the national credit reporting agencies.
The FACT Act required that the national credit reporting agencies establish a centralized source through which you will request the free reports. The FTC was given six months to create the rules for the centralized source. Those rules were announced in June.
Experian and the other national credit reporting agencies are now working to put the centralized source in place.
One of our greatest concerns was that if everyone asks for their reports at the same time it would not only delay delivery of the free reports, it could impact our ability to provide service to people who need critical assistance, such as fraud victims.
To address that concern, the FTC established a plan to roll-out free report access by regions beginning Dec. 1, 2004. The chart below illustrates the regions and the dates free reports will become available.
FACT Act rollout graphic
You will be able to request free reports by telephone, in writing, or online. You also will be able to request reports from all three national credit reporting agencies at the same time, or one at a time.
The national credit reporting agencies are working together to finalize the details of the system, including a telephone number, mailing address and Internet address.
In addition to your free report, you will be able to request a credit score for a reasonable fee. Like other details of the system, that fee is still being determined by the FTC.
The credit score will include a description of the factors from your credit report that most impacted it. Knowing the factors will help you take steps to become more creditworthy and improve your credit scores.
Experian has added information about the FACT Act to its homepage, www.experian.com. You will find a link in the lower right corner in the Consumer Alerts section. The information will be updated as more details become available.
Thanks for reading."
»www.experian.com/consumer/index.html#
This is a popup window see bottom right column under Consumer Alerts: The FACT Act
I was thinking of doing this online but I am not giving my Social Security number online. I will wait a bit and then call for mine.
--
The first and foremost function of our jurors is to protect private citizens from a tyrannical and intrusive government...Jurors are the last line of defense for liberty. Thomas Jefferson 1789 | |
|
| | 
wwdubbia
join:2002-06-03
Clinton, NY | You were always entitled to a free annual credit report, or a free report if you were denied credit.
A great site where they will probably be discussing this is: »www.creditboards.com | |
|
| | | B
Premium,MVM
join:2000-10-28
| Re: Potential Security Issues? said by wwdubbia :You were always entitled to a free annual credit report No, I wasn't.
-- B
--
In a realm outside causality and function | |
|
| | | | 
kayajer
@honeywell.com |  Re: Potential Security Issues?
only in certain states- only 1 FREE one a year!!
I beleive that it will be the same at this site as well! | |
|
| | | | | B
Premium,MVM
join:2000-10-28
| Re: Potential Security Issues?
Yes, "only in certain states".
Again, I was NOT "always entitled" to such a report before. Sheesh.
The whole point is that this is a tri-bureau report that will eventually be available to everyone. They've managed to roll it out slowly so as to get away with another year of charging for the things in half the states.
So no, ultimately it will not be the "same at this site as well".
-- B
--
In a realm outside causality and function | |
|
|
| B
Premium,MVM
join:2000-10-28
1 edit | Re: Potential Security Issues? If one can't properly link to the darned site, then they had darned well better:
a. Register EVERY possible misspelling and variant of annualcreditreport.com, since they're forcing all those great spellers out there to type the URL manually, and
b. Put a note on the refusal page that says "hit Refresh, dummy". Or words to that effect. 
Damn, that doesn't really work either! (I was actually hitting ALT-D and then ENTER, since that's how I usually refresh a page. That DOES work, but it's because I'm activating the URL bar, and effectively typing and entering the URL.) Thanks for the reality check, Snowy.
-- B
--
In a realm outside causality and function | |
|
| | Bobby_Peru
Premium
join:2003-06-16
2 edits | Re: Potential Security Issues? I didn't elaborate that the https link returned the "Security" page. I realize that they probably see this referral block (or what ever it is) as a security measure. I didn't mean that there was any compatibility problem between The Weasel and the site, just that it occurred and was interesting.
FF's Contextual Menu Extension PlainTextLinks ("Open Selected URL in New Tab") works, as does IEView. I am generally way too lazy to be typing anything way way up in that there address bar [edit: unless it's about:config related].
It is way past time that these Agencies made this information readily available to folks, and at no direct charge to folks. While one Report per Agency per year is not really sufficient to enable frequent enough review to catch problems in a timely manner, it's better than nothing, and at least a start. It might make sense to make 3 separate single Agency requests to increase the frequency, if that is permitted.
Now, as the OP wondered, how will all this wind up being abused? One way might be that the scammers will utilize this roll-out to simultaneously capture folks through more sleaze-ball prestidigitation (UCE for scam sites, PHISHING...).
--
**~~Infected/Hijacked? FAQ~~~Protect/Secure Your Box/Data FAQ~~~Security Forum FAQs~~** | |
|
| | | Mele20
Premium
join:2001-06-05
Hilo, HI | Re: Potential Security Issues? TBE opens all new links in a new tab. I still get the security error. | |
|
| | | | B
Premium,MVM
join:2000-10-28
1 edit | Re: Potential Security Issues?Me too, with the stock Moz Ctrl-Click tab.
Hmm, just noticed that the page title reads "Black List Message" -- implying that DSLR, SPECIFICALLY, is not allowed to refer people to the site.
I'm guessing that it's either meaningless, or they intend to establish a whitelist later.
The HTML is a bit scary, though:
Black List Message
Black List Message</title>
<meta name="GENERATOR" content="Microsoft Visual Studio .NET 7.1">
<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
<link rel="stylesheet" href="css/styles.css" type="text/css">
</head>
<A HREF="css/styles.csstype=text/css">
Doesn't bode well for security OR standards compliance OR cross-platform compatibility, ya know?
-- B
--
In a realm outside causality and function | |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| I think they currently have all links blacklisted. I tried from the Yahoo news article link and got the same security error. This was on IE in case it just Firefox getting the error from dslr link.
Perhaps they simply don't want visitors even to the main page until December 1. They will be swamped on December 1, I would think.
--
The first and foremost function of our jurors is to protect private citizens from a tyrannical and intrusive government...Jurors are the last line of defense for liberty. Thomas Jefferson 1789 | |
|
| |
| | B
Premium,MVM
join:2000-10-28
| Re: Potential Security Issues? The same link does NOT work from here ( »rds.yahoo.com/S=2766679/K=annual···ort.com/ )
So I guess Yahoo's on the whitelist I theorized earlier?
-- B
--
In a realm outside causality and function | |
|
| | | 
ylen131
join:2000-02-09
Canoga Park, CA
| Re: Potential Security Issues? no idea but after i click on your link i needed to delete "cra/index.jsp" and click enter to enter website | |
|
| | | | B
Premium,MVM
join:2000-10-28 | Re: Potential Security Issues?
Nah, you don't need to delete anything. It's the same referrer issue we were discussing above.
-- B
--
In a realm outside causality and function | |
|
| | | | |
ylen131
join:2000-02-09
Canoga Park, CA
| Re: Potential Security Issues? said by B :Nah, you don't need to delete anything. It's the same referrer issue we were discussing above. -- B you're right just read the hole thread, basically it safe you time from retyping the link | |
|
| | | | | |
ylen131
join:2000-02-09
Canoga Park, CA
1 edit | Re: Potential Security Issues? nm | |
|
| | | | | | | B
Premium,MVM
join:2000-10-28 | Re: Potential Security Issues?
Uh, that looks like the same URL I posted a few minutes ago, grabbed from your Yahoo link. And no, it still doesn't work (directly).
-- B
--
In a realm outside causality and function | |
|
| | | | | | | |
ylen131
join:2000-02-09
Canoga Park, CA
2 edits | Re: Potential Security Issues? said by B :Uh, that looks like the same URL I posted a few minutes ago, grabbed from your Yahoo link. And no, it still doesn't work (directly). -- B ye it was i posted and tried and it didn't work
edit:if u drag and drop that link it works | |
|
mrgeek
Premium
join:2002-12-13
Dundee, IL
clubs: | The original article I referenced to was in the Sunday edition of the Chicago Tribune, in the Real Estate section, page 2. It does show a Washington Post Writers Group byline. | |
|
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| To all of you who are pooh-pooing this, I'm glad you are lucky enough to live in a state (there are only a few states) where you could get a free credit report from each bureau. I cannot in Hawaii and my mother cannot in Arkansas. I am disabled and mother is quite elderly. We both do not have the money to pay for credit reports. I have never had one nor has my mother. We are both grateful to Congress for passing this act that will allow us to get credit reports even though once a year is not enough to monitor for identity theft it is a start and is certainly better than no credit reports. I do think it is taking way too long to implement the law. My mother has to wait until this summer to get hers.
--
The first and foremost function of our jurors is to protect private citizens from a tyrannical and intrusive government...Jurors are the last line of defense for liberty. Thomas Jefferson 1789 | |
|
|
ylen131
join:2000-02-09
Canoga Park, CA
1 edit | Re: Potential Security Issues? we the rich do not want poor to enjoy the same benefit that we have been able to pay for. We have been paying for this privilege for many years and don't feel that poor should have the same ability to protect there identity as we the rich have been able to:):) | |
|
| mrgeek
Premium
join:2002-12-13
Dundee, IL
clubs:
| said by Mele20 :To all of you who are pooh-pooing this, I'm glad you are lucky enough to live in a state (there are only a few states) where you could get a free credit report from each bureau. I cannot in Hawaii and my mother cannot in Arkansas. I am disabled and mother is quite elderly. We both do not have the money to pay for credit reports. I have never had one nor has my mother. We are both grateful to Congress for passing this act that will allow us to get credit reports even though once a year is not enough to monitor for identity theft it is a start and is certainly better than no credit reports. I do think it is taking way too long to implement the law. My mother has to wait until this summer to get hers. _______________________________________________________________________________________ The way to do it is to get a credit report from a different bureau every four months during the year. Since there are 3 major bureaus, you can monitor for changes every 4 months. | |
|
| 
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| said by Mele20 : We are both grateful to Congress for passing this act that will allow us to get credit reports even though once a year is not enough to monitor for identity theft it is a start and is certainly better than no credit reports. Why should a private organization be required to give you, or anybody else, free service? Why not require the milkman to give you a free gallon of milk every year? And a free issue of Playgirl while they're at it?
Steve
--
Stephen J. Friedl • Unix Wizard • Microsoft MVP • Tustin, California USA • my web site | |
|
| |
See 11 replies to this post |
|
| |
| | |
| | |
ylen131
join:2000-02-09
Canoga Park, CA
| Re: Potential Security Issues? with out taking it to much off topic $54 for gas sometimes in L.A. will only last for 3 days depending on how much you drive and what you drive.
Regarding credit history it self, you have a right to get credit history for free every time you get denied for cc,loan or anything that involves checking your credit history score. If someone that can't afford to spend $54 a year on credit history shouldn't worry to much about his credit as crooks don't steal people identity that don't have allot of money | |
|
| | | | 
SnowyOne
Premium
join:2003-04-05
Kailua, HI
 ·RoadRunner Cable
 ·Clearwire Wireless
| Re: Potential Security Issues? said by ylen131 : If someone that can't afford to spend $54 a year on credit history shouldn't worry to much about his credit as crooks don't steal people identity that don't have allot of money Not true.
Identity thieves are looking for credit worthy identities.
Assets play into credit scores, but not as much as you may think. People who "don't have allot of money" can easily have a better credit rating than people who do have a lot money.
--
Dave said "By the way, 4294967295 is just another way to write -1". | |
|
mrgeek
Premium
join:2002-12-13
Dundee, IL
clubs: | So, is anybody here going to use the website when the time comes? Or, due to security concerns, use the phone or mail option? | |
|
|
See 8 replies to this post |
|
|
dvd536
as Mr. Pink as they come
Premium
join:2001-04-27
Phoenix, AZ | so does this 'automatically' enroll you in some expensive hard to cancel service like freecreditreport.com does?
--
You can never be too rich, too thin or have too much Bandwidth | |
|
|
ylen131
join:2000-02-09
Canoga Park, CA
| Re: Potential Security Issues? said by dvd536 :so does this 'automatically' enroll you in some expensive hard to cancel service like freecreditreport.com does? NO | |
|
ObdH
Premium
join:2003-06-11 | You have selected Texas.
Free credit reports will become available through this site for Texas on June 1, 2005.
ugh...
I guess it's going to be a while  | |
|
whateveah
join:2004-12-01 | Tried it - it timed out - no way to log in again to get it - got hosed. I would say wait a few weeks until the trafic dies down and they have bugs like this worked out. | |
|
|
See 9 replies to this post |
|
|
|
|
