Secure Michael Lipman's SSN

[solomon23]

Although removed from the resulting data set the code was still leaky in making forbidden SSN available

[PatrickJS]

I think we need a unit test to confirm it's not 078-05-1120

[ortegaalfredo]

Tried to compile this, got this error:

WARNING in ./~/mongoose/lib/drivers/index.js Critical dependencies: 8:11-74 the request of a dependency is an expression @ ./~/mongoose/lib/drivers/index.js 8:11-74

WARNING in ./~/mongoose/lib/drivers/SPEC.md Module parse failed: /Users/richie/Code/CreativeFlumeProjects/cf-website/node_modules/mongoose/lib/drivers/SPEC.md Line 2: Unexpected token ILLEGAL You may need an appropriate loader to handle this file type. | | # Driver Spec | | TODO @ ./~/mongoose/lib/drivers ^./.*$

WARNING in ./~/express/lib/view.js Critical dependencies: 78:29-56 the request of a dependency is an expression @ ./~/express/lib/view.js 78:29-56

WARNING in ./~/es6-promise/dist/es6-promise.js Module not found: Error: Cannot resolve module 'vertx' in /Users/richie/Code/CreativeFlumeProjects/cf-website/node_modules/es6-promise/dist resolve module vertx in /Users/richie/Code/CreativeFlumeProjects/cf-website/node_modules/es6-promise/dist looking for modules in /Users/richie/Code/CreativeFlumeProjects/cf-website/src /Users/richie/Code/CreativeFlumeProjects/cf-website/src/vertx doesn't exist (module as directory) resolve 'file' vertx in /Users/richie/Code/CreativeFlumeProjects/cf-website/src resolve file /Users/richie/Code/CreativeFlumeProjects/cf-website/src/vertx doesn't exist /Users/richie/Code/CreativeFlumeProjects/cf-website/src/vertx.js doesn't exist looking for modules in /Users/richie/Code/CreativeFlumeProjects/cf-website/node_modules /Users/richie/Code/CreativeFlumeProjects/cf-website/node_modules/vertx doesn't exist (module as directory) resolve 'file' vertx in /Users/richie/Code/CreativeFlumeProjects/cf-website/node_modules resolve file /Users/richie/Code/CreativeFlumeProjects/cf-website/node_modules/vertx doesn't exist /Users/richie/Code/CreativeFlumeProjects/cf-website/node_modules/vertx.js doesn't exist [/Users/richie/Code/CreativeFlumeProjects/cf-website/src/vertx] [/Users/richie/Code/CreativeFlumeProjects/cf-website/src/vertx] [/Users/richie/Code/CreativeFlumeProjects/cf-website/src/vertx.js] [/Users/richie/Code/CreativeFlumeProjects/cf-website/node_modules/vertx] [/Users/richie/Code/CreativeFlumeProjects/cf-website/node_modules/vertx] [/Users/richie/Code/CreativeFlumeProjects/cf-website/node_modules/vertx.js] @ ./~/es6-promise/dist/es6-promise.js 132:20-30

WARNING in ./~/bson/lib/bson/index.js Critical dependencies: 20:16-29 the request of a dependency is an expression 44:18-31 the request of a dependency is an expression 71:19-32 the request of a dependency is an expression @ ./~/bson/lib/bson/index.js 20:16-29 44:18-31 71:19-32

WARNING in ./~/require_optional/index.js Critical dependencies: 63:18-42 the request of a dependency is an expression 71:20-44 the request of a dependency is an expression 78:35-67 the request of a dependency is an expression @ ./~/require_optional/index.js 63:18-42 71:20-44 78:35-67

WARNING in ./~/require_optional/README.md Module parse failed: /Users/richie/Code/CreativeFlumeProjects/cf-website/node_modules/require_optional/README.md Line 1: Unexpected token ILLEGAL You may need an appropriate loader to handle this file type. | # require_optional | Work around the problem that we do not have a optionalPeerDependencies concept in node.js making it a hassle to optionally include native modules | @ ./~/require_optional ^./.*$

WARNING in ./~/require_optional/LICENSE Module parse failed: /Users/richie/Code/CreativeFlumeProjects/cf-website/node_modules/require_optional/LICENSE Line 1: Unexpected identifier You may need an appropriate loader to handle this file type. | Apache License | Version 2.0, January 2004 |
http://www.apache.org/licenses/ @ ./~/require_optional ^./.*$ /Users/richie/Code/CreativeFlumeProjects/cf-website/public/server.bundle.js:235900 return map[req] || (function() { throw new Error("Cannot find module '" + req + "'.") }()); ^

Error: Cannot find module './node-mongodb-native'. at /Users/richie/Code/CreativeFlumeProjects/cf-website/public/server.bundle.js:235900:42 at webpackContextResolve (/Users/richie/Code/CreativeFlumeProjects/cf-website/public/server.bundle.js:235900:90) at webpackContext (/Users/richie/Code/CreativeFlumeProjects/cf-website/public/server.bundle.js:235897:30) at Object. (/Users/richie/Code/CreativeFlumeProjects/cf-website/public/server.bundle.js:48684:37) at webpack_require (/Users/richie/Code/CreativeFlumeProjects/cf-website/public/server.bundle.js:20:30) at Object. (/Users/richie/Code/CreativeFlumeProjects/cf-website/public/server.bundle.js:52685:17) at webpack_require (/Users/richie/Code/CreativeFlumeProjects/cf-website/public/server.bundle.js:20:30) at Object. (/Users/richie/Code/CreativeFlumeProjects/cf-website/public/server.bundle.js:236259:15) at webpack_require (/Users/richie/Code/CreativeFlumeProjects/cf-website/public/server.bundle.js:20:30) at Object.exports.contain.exports.reachTemplate.internals.Any.applyFunctionToChildren.internals.Err.toString.internals.getPath.internals.serializer.internals.annotate.internals.Response._prepare.internals.Response._processPrepare.internals.Auth.test.internals.Auth.payload.internals.Auth.response.internals.Authenticator.exports.wrap.internals.isIsoDate.internals.compare.internals.Date.min.internals.Date.max.internals.Connection._init.internals.Connection._start.internals.Connection._stop.internals.Connection._dispatch.internals.Methods._add.internals.state.internals.payload.internals.compare.internals.Number.min.internals.Number.max.internals.Number.greater.internals.Number.less.internals.Number.multiple.internals.Number.integer.internals.Number.negative.internals.Number.positive.internals.Object.length.internals.Object.min.internals.Object.max.internals.Object.assert.internals.compare.internals.String.min.internals.String.max.internals.String.creditCard.internals.String.length.internals.String.regex.internals.String.alphanum.internals.String.token.internals.String.email.internals.String.ip.internals.String.uri.internals.String.isoDate.internals.String.guid.internals.String.hex.internals.String.hostname.internals.String.lowercase.internals.String.uppercase.internals.Request.internals.Response.writeHead.internals.Topo.add.exports.execute.internals.prerequisites.internals.handler.internals.fromString.internals.pre.module.exports.internals.Plugin.internals.Plugin.register.internals.Protect.run.internals.Request.internals.Request._execute.internals.Request._lifecycle.internals.Request._invoke.internals.Server.start.internals.Server.initialize.internals.Server._start.internals.Server.stop._invoke.exports.send.internals.marshal.internals.fail.internals.transmit.internals.state.internals.input.exports.response.internals.Router.normalize.internals.parseParams.internals.Router.table.internals.Policy.get.internals.Policy._callGenerateFunc.internals.Policy.set.exports.generateKey.exports.encrypt.exports.decrypt.exports.hmacWithPassword.exports.seal.exports.unseal.internals.Array.items.internals.Array.ordered.internals.Array.min.internals.Array.max.internals.Array.length.internals.Binary.min.internals.Binary.max.internals.checkIpV6.exports.validate.internals.validate.internals.Definitions.parse.Items.serial.internals.unsign.Items.serial.internals.unsign.internals.decode.internals.Definitions.format.Items.serial.exports.prepareValue.internals.encode.internals.sign.internals.Parser.internals.Parser.parse.decoder.once.writeFile.internals.Parser.raw.decoder.once.internals.Parser.multipart.onPart.writeFile.exports.Dispenser.internals.Dispenser.internals.Client.request.internals.Client.read.internals.Client.parseCacheControl.internals.Client._shortcut.map../connection (/Users/richie/Code/CreativeFlumeProjects/cf-website/public/server.bundle.js:235702:19)

[PatrickJS]

Let's add more JavaScript maybe that will fix the error

[spetz83]

A little more JavaScripts should certainly do it. If not, toss some Rust in there.

[wiki-Bird]

Have you considered a security through obscurity solution? Perhaps we should change every SSN in the dataset to 078-05-1120 such that it becomes impossible to determine which is Michael Lipman's.

[toffee-makes-things]

no no no you guys are thinking about this all wrong! obviously we should provision a IBM z/OS LPAR, install CICS and DB2, and establish a proper obfuscation method for social security numbers with CICS transactions written in COBOL backed by a DB2 SQL database containing every number!

This is obviously the better solution for maximum security and uptime, i will call accounting and see how much money we can throw at IBM tonight

[toffee-makes-things]

Can someone call IT and request a 480V 3 Phase Power Line for the Mainframe?

Oh and can someone install windows defender firewall? I dont want the mainframe getting hacked, god forbid that happens

[Naamloos]

LGTM, I am Michael Lipman (proof: my SSN is 078-05-1120)

[vtiwari227]

Let's break this monolith and put Michael Lipman's SSN into it's own microservice architecture with on-perm kubernetes support to ensure full safety.

[cfpwastaken]

You are all thinking wrong. Obviously we need to throw machine learning at this. We can just use this 900 trillion parameter LLM with a huge prompt telling it to never include this SSN.

[kaechele]

My fear is that if we do not actually prevent Michael Lipman's SSN from being generated in the first place malicious actors could still retrieve Michael Lipman's SSN from memory at runtime. My proposal would be to calculate the Levenshtein distance to each component of Michael Lipman's SSN right in the respective for loops and skip generation when the cumulative Levenshtein distance (proposed name: Lipman Score) reaches 0. This has a few major benefits, in my eyes:

• We would never have to store a full string representation of Michael Lipman's SSN in code
• We would never have to compare the generated SSNs against a full string representation of Michael Lipman's SSN
• Using cumulative Levenshtein distances would allow us to determine when we approach the point of Michael Lipman's SSN being generated. Feeding this information into Full Stack Observability tools would allow us to alert whoever is on-call at this time to get an extra set of eyes on whether we have malicious actors peeking into memory at that moment and possibly start remediation actions.

[Sheepy3]

I think that any explorations into obfuscating SSN's which have been requested for removal is ultimately a fools errand. with the adoption of GPL, it will not matter if they are obfuscated. any malicious actors will be required to release the source code for their crimes, and that should be enough of a deterrent to prevent anyone from doing anything. if anything, it would be better to re-add all the removed SSN's for this reason.