Important Privacy Information, please READ
Registered User
Joined: Apr 2001
Posts: 449
Likes: 0
From: Grand Rapids
I don't understand what the big deal is. It's not like a VIN number is a top secret number...it displayed on you car which you drive to public places all of the time. If someone really wanted your VIN number it would be fairly easy to obtain. Am I missing something here?
Registered User
Joined: Nov 2000
Posts: 763
Likes: 0
From: Ann Arbor
cthree - I am sorry, I didn't mean to be offensive. It is just my point of view. I am sure you don't want to give up any of your information as well.
Nside - VIN number in the vehicles takes too much time to obtain. It is no where near as efficient as people just volunteer giving it up on line. It is not a case of somebody really want your VIN. It is the other way around. I have a VIN, now I can get to YOU .
What do you with the VIN? Let me give you an example:
With the VIN number, you will be able to decode lots of information down to options and build dates, even colors just with the VIN. If there is a collection of VINs, what do you do with this information? direct advertisement (b2p, business to person), or even sell this information to somebody else (I am not saying cthree is doing this). With the right people and right connection, this particular person can find who own this car very easily. Guess what else attached to your VIN? your address, home phone number, spouses name. If you finance the car, it will be your SSN, Credit card number, who is your boss, who you work for, how much you earn, how many houses you have, how much money you owe the bank, your stock portfolio. You get my point.
I am not saying not to trust cthree and s2000online. If you want to volunteer give up information about yourself, you are introducing like a back door to somebody who might find this information useful.
I am sure no body like spam mail. That is why lots of people (include me) give out a particular email address just for online form, advertisement or even sweepstake.
If you don't believe me, give me one of your car's VIN number. I can give it a shot to find out lots of info about you that you might not know or you might not want anybody else to know. I am not saying I will be successful, but I can try.
-------------------------------------------------------------
a little disclaimer - This is what I do for living. I teach other business how to protect themselves on-line and off-line. What kind of information you can obtain with little information given up by the third party. and, how information can harm you. I deal with network security (although I don't know how to config a firewall) and other services. In my line of work, I work for information. to me, information worth more than money. That is why I am so excited talking about the security. Sorry, if I offended anyone here. People in my line of work are all paranoia. I also love to talk about cars as well.
Remember, No one can protect you, if you don't protect yourself
Nside - VIN number in the vehicles takes too much time to obtain. It is no where near as efficient as people just volunteer giving it up on line. It is not a case of somebody really want your VIN. It is the other way around. I have a VIN, now I can get to YOU .
What do you with the VIN? Let me give you an example:
With the VIN number, you will be able to decode lots of information down to options and build dates, even colors just with the VIN. If there is a collection of VINs, what do you do with this information? direct advertisement (b2p, business to person), or even sell this information to somebody else (I am not saying cthree is doing this). With the right people and right connection, this particular person can find who own this car very easily. Guess what else attached to your VIN? your address, home phone number, spouses name. If you finance the car, it will be your SSN, Credit card number, who is your boss, who you work for, how much you earn, how many houses you have, how much money you owe the bank, your stock portfolio. You get my point.
I am not saying not to trust cthree and s2000online. If you want to volunteer give up information about yourself, you are introducing like a back door to somebody who might find this information useful.
I am sure no body like spam mail. That is why lots of people (include me) give out a particular email address just for online form, advertisement or even sweepstake.
If you don't believe me, give me one of your car's VIN number. I can give it a shot to find out lots of info about you that you might not know or you might not want anybody else to know. I am not saying I will be successful, but I can try.
-------------------------------------------------------------
a little disclaimer - This is what I do for living. I teach other business how to protect themselves on-line and off-line. What kind of information you can obtain with little information given up by the third party. and, how information can harm you. I deal with network security (although I don't know how to config a firewall) and other services. In my line of work, I work for information. to me, information worth more than money. That is why I am so excited talking about the security. Sorry, if I offended anyone here. People in my line of work are all paranoia. I also love to talk about cars as well.
Remember, No one can protect you, if you don't protect yourself
Registered User
Joined: Oct 2001
Posts: 1,611
Likes: 0
From: Melbourne
Being in the same line of work as Stealthy_S2K, I agree with him in a sense that any information you give out can be used against you. This includes your license plate number and your VIN. You can never be too safe, but it appears C3 has come up with a "secure" method. Now if this site were run on an unpatched IIS server I would worry..but at least he is smart enough to run Apache on some variant of *nix.
Hopefully C3 is sending the VINs straight to /dev/null after the initial validation.
Hopefully C3 is sending the VINs straight to /dev/null after the initial validation.
Registered User
Joined: Mar 2001
Posts: 350
Likes: 0
From: Redwood City
As a sysadmin, network admin and network security/firewall engineer,
yada, yada, yada. I can as easily get information from a IP address so unless you have something to truly hide then as cthree stated don't list your VIN#
You may as well place the VIN# your IP is already logged.
Once the IP is obtained, one can easily retrieve one's account info, e-mail address's etc. so there is no real point not to add the VIN#. I can go on and on, but it's OT and this thread should be moved to OT.
Nuff said...
[QUOTE]Originally posted by Stealthy_S2K
[B]cthree -
yada, yada, yada. I can as easily get information from a IP address so unless you have something to truly hide then as cthree stated don't list your VIN#
You may as well place the VIN# your IP is already logged.
Once the IP is obtained, one can easily retrieve one's account info, e-mail address's etc. so there is no real point not to add the VIN#. I can go on and on, but it's OT and this thread should be moved to OT.
Nuff said...
[QUOTE]Originally posted by Stealthy_S2K
[B]cthree -
Registered User
Joined: Mar 2001
Posts: 350
Likes: 0
From: Redwood City
Oh cut me a break Apache has as many holes in it as a old shot up Afghan flag
[QUOTE]Originally posted by moonpie
[B]Being in the same line of work as Stealthy_S2K, I agree with him in a sense that any information you give out can be used against you.
[QUOTE]Originally posted by moonpie
[B]Being in the same line of work as Stealthy_S2K, I agree with him in a sense that any information you give out can be used against you.
Registered User
Joined: Oct 2001
Posts: 1,611
Likes: 0
From: Melbourne
Once the IP is obtained, one can easily retrieve one's account info, e-mail address's etc. so there is no real point not to add the VIN#. I can go on and on, but it's OT and this thread should be moved to OT.
I'm waiting...
(let's see if he can use whois, nslookup etc...)
Registered User
Joined: Oct 2001
Posts: 1,611
Likes: 0
From: Melbourne
Welp, I guess this uberh4x0r can't locate me 
This is the kind of crap that gets on my nerves. I'm not trying to cause trouble or anything, but if you make a statement like this:
You should be able to back it up.
Here are the facts on how an IP address can get traced back to you.
Everytime you surf a website, your IP address gets logged in an access log. This may or may not be your real IP address depending on if you use a proxy server or not.
This IP address is almost useless to the website admins unless you commit a crime. About the only think that he can do with it is a reverse DNS lookup, which tells him a hostname, such as systemname.somecompany.com - wow
The second thing he can do is perform a query to see who owns the netblock. Again, no startling info here.
Now if a crime is committed that's another story. Then it's as easy as LE saying, OK, who owns this IP address? hmm... earthlink owns this address. Then they subpoena earthlink's logs and do a search for user account that had the IP address at the time the crime was committed. Even this isn't foolproof, since one can use any number of misconfigured proxy servers around the world.
So the above statement is total bullcrap - prove me wrong please
Additionally, this statement is bs too:
On a daily basis I break into web servers, and this has not proven to be the case at all. Searching any vulnerability database with disprove this statement. Now if you told me how insecure wu-ftpd was, then I just might believe you 
FUD - Fear, Uncertainty, and Doubt. Micro$oft's way...
This is the kind of crap that gets on my nerves. I'm not trying to cause trouble or anything, but if you make a statement like this:
Once the IP is obtained, one can easily retrieve one's account info, e-mail address's etc.
Here are the facts on how an IP address can get traced back to you.
Everytime you surf a website, your IP address gets logged in an access log. This may or may not be your real IP address depending on if you use a proxy server or not.
This IP address is almost useless to the website admins unless you commit a crime. About the only think that he can do with it is a reverse DNS lookup, which tells him a hostname, such as systemname.somecompany.com - wow
The second thing he can do is perform a query to see who owns the netblock. Again, no startling info here.
Now if a crime is committed that's another story. Then it's as easy as LE saying, OK, who owns this IP address? hmm... earthlink owns this address. Then they subpoena earthlink's logs and do a search for user account that had the IP address at the time the crime was committed. Even this isn't foolproof, since one can use any number of misconfigured proxy servers around the world.
So the above statement is total bullcrap - prove me wrong please
Additionally, this statement is bs too:
Oh cut me a break Apache has as many holes in it as a old shot up Afghan flag
FUD - Fear, Uncertainty, and Doubt. Micro$oft's way...
Registered User
Joined: Nov 2000
Posts: 763
Likes: 0
From: Ann Arbor
Originally posted by XCARS
Then you should also mention that it is not wise to register with your correct zip code and birthdate... since it is similarly easy to cross reference a person's zip and date of birth with other public records and information.
Then you should also mention that it is not wise to register with your correct zip code and birthdate... since it is similarly easy to cross reference a person's zip and date of birth with other public records and information.
This is just for argument sake. People who wants to input their VIN is each inviduals' freedom. I just voice my concern, that's all.
Thanks for C3 clarify the process of the VIN. I know he is working hard to keep this board operational and make everyone happy.