Security News Roundup 7/06/2007

Hacker?s eBay: Legitimate Marketplace or Organized Blackmail? Well, there are only 4 items listed, so it’s hardly an eBay, but it is interesting nonetheless. From Techcrunch, The product FAQs state that all purchasers will be ?carefully evaluated? to ?minimize the risk of selling the right stuff to the wrong people.? But there is only one appropriate buyer for most vulnerabilities (Yahoo, in the case above); it?s unclear who else should be authorized to purchase such information.

The company says that they are simply trying to take activity that?s happening underground into a legitimate marketplace. Perhaps, but this thing doesn?t seem to be fully baked.

It doesn’t seem fully baked for sure, I wonder what the real intent is? The server ip address is owned by California Regional Intranet, Inc. in San Diego, a company that sounds like a regional jail.

MPack Clearance Sale! Looking to create some mischief or make some money? The Mpack is on sale at 85% off, now, I wonder why they would drop the price so low? Must’ve realized people could get it for free somehow.

Google: Our data retention is not data protection watchdogs’ business The retention of search engine query data is a security matter and not one for Europe’s data protection officials, according to Google’s global privacy chief. Peter Fleischer said that its retention of user search data was “just not their field”. Ohh, sounds like a challenge.

iPhone Hacking News Update: iPhoneInterface Tool is Out!! We have successfully written a tool named iPhoneInterface allowing for some basic manipulation of things on the phone, and are releasing it tonight. We are including source code so you can understand the techniques we have used so far. We will be expanding the functionality of this tool significantly tomorrow.