A couple of experiments have been performed lately on Craigslist, a site hosting offers and requests from citizens all around the US. The first experiment, run by a guy named Simon Owens, tried to figure how easy it was to get a “date” through the system. The guy did it by posting several different ads (straight/bi men/women looking for the opposite/same sex) and then summarized the result to get to the point that he discovered (go figure) that it was really easy to obtain real data from real people in this way, especially if you pose as a horny girl looking for a guy. He concluded the experiment signalling how dangerous was it if people give out their personal data in this way.

Since “clever” experiments always go coupled, another person followed the same way, but going further. Jason Fortuny tried another experiment. He took the text and photo from a sexually explicit ad, reposted it to Craigslist Seattle, and waited for the responses to roll in. Like Simon's experiment, the response was immediate. He wrote, "178 responses, with 145 photos of men in various states of undress. Responses include full e-mail addresses (both personal and business addresses), names, and in some cases IM screen names and telephone numbers."

He actually gathered all the information and posted them on a website, integrally, uncut, uncensored, and with a comment taken from an AIM conversation in which the guy is making fun of one of the responders who, too bad too late, discovered he´s been 0wned. Most of the information posted in the end, lead to the possibility of identification of the sender.

Computer and printer giant Hewlett-Packard is under formal investigation for ordering private investigators to look into who was leaking board meeting secrets. This was all started from what appears to be a company led hacking spree using  pretexting, or social engineering tactics. Personal data was gathered by private investigators hired by HP to con phone companies into revealing call records of several reporters and a HP board member,Thomas Perkins, to discover who had leaked the info.

Private investigators hired by HP pretended to be the owners and billing parties for the aforementioned Perkins and reporters, and then tried to illicit calling information using personal data such as the name, address, and last 4 digits of Social security numbers to procure the data.

Apparently the illegal pretexting hacks were in response to a leaked boardroom meeting outlining HP's long term strategy for the next 18 months, back in January of 2005.
Hewlet-Packard then began an investigation into the source of the leaks.

Because of Mr Perkin's outrage in discovering these pretexting tactics by HP's investigators actions, he filed a formal Form 8-K complaint to the Securities and Exchange Commission. In response to learning about this complaint, HP then chose to formally respond to the SEC and baiscly spilled the beans about it's nefarious activities.

Is the Apple wireless vulnerability, presented at Blackhat in Las Vegas this year, genuine or a smoke and mirror show? That is the topic of some heated debate over the last few weeks between security researchers, bloggers and other media outlets.

The uproar is over whether or not the presenters, Jon "Johnny Cache" Ellch and David Maynor showed a real vulnerability in Apple's Airport wireless implimentation.  While many Mac enthusiasts take pride in the [ false ] fact that Macs can't be hacked, history and our friend Google say otherwise. As a mater of fact, even this author has found a simple vulnerability in the Mac OSX 10.4.x operating systems weblog feature. 

Many are pointing out some oddities in the presentation, and have been following conversations on the  DailyDave mailing list, in a thread entitled "This guy cracks me up". To be fair, Johnny Cache responded to these questions, and provides a glimpse into the possibility of a true issue in the drivers beacon timing, which may or not be Apple's problem. A copy of the video demo shown at Blackhat may be found here.  Zone-h noted that while stating that the wireless card does not need to be associated to a network, in the demo they clearly state that the attacker machine has been set up as an AP, and demonstrate this by defining the IP addresses of both boxes [ 192.168.1.1 for the attacker and 192.168.1.50 for the MacBook ]...

The Web is the latest frontline in modern wars and we see every day how powerful is the Internet as an instrument of propaganda and communication. Terrorism is one  of the organizations (if we can call it like that) that most take advantages of this characteristics for proselitism, recruiting, fund raising and so on..  

Global Jihad members, sympathizers and mere onlookers use to meet on private forums to exchange information, materials and opinions. After 9/11, international authorities have been keeping in check those web pages that represented a window on the Islamic world.

Besides, the growing popularity of the Internet among the youths and the increasing interest of Islamic boys and girls living in the west in learning more about their home-culture, made these web pages become  an ideal place for recruiting, especially among teen-agers.

Eric McCarty, 24, from San Diego was found guilty from intrusion into many computers of Southern California University. His vindication, as the International Herald Tribune reported, has been a mere wish for revenge, since he   was upset that the University did not admit him as a student. Therefore, he hacked the school's application system and stole other would-be students' personal information.

After accessing identification numbers, names, addresses, dates of birth and applicants' passwords to the USC site he created e-mail account "ihackedusc" and sent a message with the explanation of his deeds to a reporter of Security Focus, then he posted the information on his blog. Now he is expected to get a 6-months home detention and a pecuniary penalty of about $37.000.

This story just confirms that the Education field is still one of the most targeted for Security Breaces and Dat thefts. As the American Association of Retired Persons (AARP) informed, a study published in July 2006 pointed out that 43% of digital attacks’ targets are from the educational environment, and that the main cause for Security breaches are hackers. Unfortunately no study or analysis could be updated enough to highlight the exact number of cyber crime’s victims.

As expected, the area conveying the highest number of victims is the Financial field with more than 47.000.000 victims, and it is followed by Governmental Institution with over 34.000 000 attacked systems. But whereas Financial breaches are mainly led by hackers, Government is mostly affected by physical thefts.

Associated Press reported today that A government lawyer used a dramatic scenario of a nuclear attack on Washington to illustrate his arguments Tuesday in defense of President Bush's warrantless wiretapping program.

According to the lawyer Anthony Coppolino, the Constitution gives the President the right to do whatever he deems as necessary to surveil terrorists and prevent any further attack that could affect the U.S.A. and U.S. citizens. This “constitutional right” includes that of interrogating someone who might have information about an imminent attack.

“Suppose for example the president obtains intelligence that a nuclear bomb was planted ... right there in Washington, and the only way he was going to find out whether that was going to happen was to grab the person and interrogate him," Coppolino said in U.S. District Court in Manhattan. "Would that be in his constitutional authority? I would say so."

This impressive argument was used to justify the decision by Bush administration to monitor international phone calls and e-mails to or from the United States involving people potentially involved in terrorist plots.