Sorry for the late post. Here is the code we were playing around with in class:
xordemo.c
xordemo2.cpp
Web 3.0 Requires Data Integrity
1 hour ago
For students of Math/Sec 270 at John Jay College
Google's gathering of information and making it available online is provoking outrage in Germany, triggered by such things as its Street View service to capture and post images of streets all over the world using car-mounted cameras. "These pictures, which are available for retrieval worldwide over the Internet, could easily be linked to satellite photos, address databanks, and other personal data," says Germany's federal commissioner for data protection Peter Schaar, who suggests that such information could be tapped for shady activities. The aggregate data Google has compiled makes many intelligence agencies seem "like child protection services" in comparison, says Hendrik Speck of the applied sciences university in Kaiserslautern. Peter Fleischer, whose job as Google's head of data protection is to defuse such concerns by shielding users' information, insists that nothing Google collects identifies any particular individual. Opponents such as author Gerald Reischl counter that Google cannot validate such assurances, and he warns that the free Google Analytics program that Web site owners use to keep tabs on usage patterns can be used for surveillance. Thilo Weichert, who heads Schleswig-Holstein's Independent State Agency for Data Protection, writes that most Google Analytics users do not realize that the service routes data to the United States. "This violates the data privacy laws protecting those who use the Web sites," he says. Weichert also complains of Google's non-transparent operation, and its refusal to disclose anything about its data management strategy except "what is absolutely necessary ... and then only under pressure."
Moyer noted that on any given social network there are what he called, "linkwhores." These are people that will accept friend connections from anyone else. So the researchers sent out friend requests to people based on a Google search for people that had security in their profiles. Moyer claimed they had more than 50 connections within 24 hours. They also got invites from other people, among them was Ranum's sister who was also fooled by the bogus profile.
The security researcher did the same trick on Twitter for noted security researcher Gadi Evron. Moyer claimed that the bogus Twitter profile actually received an interview request from a journalist who was looking for a source to talk about the Kaminsky DNS flaw.