A couple of experiments have been performed lately on Craigslist, a site hosting offers and requests from citizens all around the US. The first experiment, run by a guy named Simon Owens, tried to figure how easy it was to get a “date” through the system. The guy did it by posting several different ads (straight/bi men/women looking for the opposite/same sex) and then summarized the result to get to the point that he discovered (go figure) that it was really easy to obtain real data from real people in this way, especially if you pose as a horny girl looking for a guy. He concluded the experiment signalling how dangerous was it if people give out their personal data in this way.

Since “clever” experiments always go coupled, another person followed the same way, but going further. Jason Fortuny tried another experiment. He took the text and photo from a sexually explicit ad, reposted it to Craigslist Seattle, and waited for the responses to roll in. Like Simon's experiment, the response was immediate. He wrote, "178 responses, with 145 photos of men in various states of undress. Responses include full e-mail addresses (both personal and business addresses), names, and in some cases IM screen names and telephone numbers."

He actually gathered all the information and posted them on a website, integrally, uncut, uncensored, and with a comment taken from an AIM conversation in which the guy is making fun of one of the responders who, too bad too late, discovered he´s been 0wned. Most of the information posted in the end, lead to the possibility of identification of the sender.

Is the Apple wireless vulnerability, presented at Blackhat in Las Vegas this year, genuine or a smoke and mirror show? That is the topic of some heated debate over the last few weeks between security researchers, bloggers and other media outlets.

The uproar is over whether or not the presenters, Jon "Johnny Cache" Ellch and David Maynor showed a real vulnerability in Apple's Airport wireless implimentation.  While many Mac enthusiasts take pride in the [ false ] fact that Macs can't be hacked, history and our friend Google say otherwise. As a mater of fact, even this author has found a simple vulnerability in the Mac OSX 10.4.x operating systems weblog feature. 

Many are pointing out some oddities in the presentation, and have been following conversations on the  DailyDave mailing list, in a thread entitled "This guy cracks me up". To be fair, Johnny Cache responded to these questions, and provides a glimpse into the possibility of a true issue in the drivers beacon timing, which may or not be Apple's problem. A copy of the video demo shown at Blackhat may be found here.  Zone-h noted that while stating that the wireless card does not need to be associated to a network, in the demo they clearly state that the attacker machine has been set up as an AP, and demonstrate this by defining the IP addresses of both boxes [ 192.168.1.1 for the attacker and 192.168.1.50 for the MacBook ]...

Eric McCarty, 24, from San Diego was found guilty from intrusion into many computers of Southern California University. His vindication, as the International Herald Tribune reported, has been a mere wish for revenge, since he   was upset that the University did not admit him as a student. Therefore, he hacked the school's application system and stole other would-be students' personal information.

After accessing identification numbers, names, addresses, dates of birth and applicants' passwords to the USC site he created e-mail account "ihackedusc" and sent a message with the explanation of his deeds to a reporter of Security Focus, then he posted the information on his blog. Now he is expected to get a 6-months home detention and a pecuniary penalty of about $37.000.

This story just confirms that the Education field is still one of the most targeted for Security Breaces and Dat thefts. As the American Association of Retired Persons (AARP) informed, a study published in July 2006 pointed out that 43% of digital attacks’ targets are from the educational environment, and that the main cause for Security breaches are hackers. Unfortunately no study or analysis could be updated enough to highlight the exact number of cyber crime’s victims.

As expected, the area conveying the highest number of victims is the Financial field with more than 47.000.000 victims, and it is followed by Governmental Institution with over 34.000 000 attacked systems. But whereas Financial breaches are mainly led by hackers, Government is mostly affected by physical thefts.

The British Techno-savvy Environment Secretary, David Miliband, promoted an initiative to publish a draft "environment contract" on his department’s website that turned out to be a tasty occasion for cyber-jokers to practise their sense of humour at Department for Environment Food and Rural Affairs’ (DEFRA) expense. 

Few hours after the publication, dozens of attacks were launched against the website, and the document was jeopardized by a series of fake paragraphs added for fun.

The heading "Who are the parties to the environmental contract?" became, "Where is the party for the environmental contract? Can I come? Will there be cake? Hooray!" ...

A new national child digital database has been set up in England. In such an archive personal information as name, address and telephone number of about 11 million English children have been filed up excluding the records about kids with famous parents, as confirmed last week by the British Department for Education and Skills (DfES).

The index doesn’t include also the contact details of children with violent parents.

The database has been approved last week by English Government and it will come into effect in 2008 with the purpose of linking sensitive information of children to their families. The database will be accessible to hundreds of thousands of officials, but the fact that someone’s data will be omitted, seems to be as an evidence that such a system might pose a risk to children safety.

Consumer Reports recently was overwhelmed by heavy critics from many  companies in the anti-virus industry for creating about 5,500 new virus variants to test a new antivirus product. Actually, they just modified known viruses on a grand scale for an anti-virus software test, and none of the new virus has found its way to the wild. In spite of that, this “testing method” raised strong critics. 

Over 100 security experts belonging to companies such as Microsoft, HP, F-Secure, McAfee, Sophos and Symantec signed to a letter that sounds as a denounce against Consumer Reports’ initiative.The declaration is based on the principle that it is "not necessary and ... not useful to write computer viruses to learn how to protect against them."

The declaration is supported by a wide bibliography including contributions by university of all around the world.What the critics most commonly objected is that considering the huge number of viruses still in circulation.. there was no need for new ones!