Forgot your password?
typodupeerror

Follow Slashdot stories on Twitter

Spam

Couchsurfing Hacked, Sends Airbnb Prank Spam 44

Posted by timothy
from the or-we'll-shoot-this-dog dept.
Slashdot regular (and Couchsurfing.org volunteer) Bennett Haselton writes with a report that an anonymous prankster hacked the Couchsurfing.org website and sent spam to about 1 million members, snarkily advertising their commercial arch-rival Airbnb as "the new Couchsurfing." (Read on below for more on the breach.) As of now, the spam's been caught, but not the spammer.
Advertising

Bezos-Owned Washington Post Embeds Amazon Buy-It-Now Buttons Mid-sentence 134

Posted by Soulskill
from the wait-till-they-start-delivering-papers-with-drones dept.
McGruber writes: While reading a story in the Jeff Bezos-owned Washington Post, I saw that the paper had begun embedding Amazon Buy-It-Now links in the middle of story sentences. For example, in this article, a sentence about the sales figures for differing covers of The Great Gatsby read: At Politics and Prose, the traditional [BUY IT NOW] version — featuring the iconic eyes floating on a blue background — sold better than the DiCaprio [BUY IT NOW] cover. This change follows the July news of much larger than expected losses at Amazon and a 10-percent decline in the Amazon's stock value. In related news, the Post reports that the literary executor of George Orwell's estate has accused Amazon.com of doublespeak after they cited one of Orwell's essays in their ebook pricing debate with Hachette and other publishers.
Data Storage

Solid State Drives Break the 50 Cents Per GiB Barrier, OCZ ARC 100 Launched 183

Posted by Unknown Lamer
from the ssds-for-everyone dept.
MojoKid (1002251) writes Though solid state drives have a long way to go before they break price parity with hard drives (and may never make it, at least with the current technology), the gap continues to close. More recently, SSD manufacturers have been approaching 50 cents per GiB of storage. OCZ Storage Solutions, with the help of their parent company Toshiba's 19nm MLC NAND, just launched their ARC 100 family of drives that are priced at exactly .5 per GiB at launch and it's possible street prices will drift lower down the road. The ARC 100 features the very same OCZ Barefoot 3 M10 controller as the higher-end OCZ Vertex 460, but these new drives feature more affordable Toshiba A19nm (Advanced 19 nanometer) NAND flash memory. The ARC 100 also ships without any sort of accessory bundle, to keep costs down. Performance-wise, OCZ's new ARC 100 240GB solid state drive didn't lead the pack in any particular category, but the drive did offer consistently competitive performance throughout testing. Large sequential transfers, small file transfers at high queue depths, and low access times were the ARC 100's strong suits, as well as its low cost. These new drives are rated at 20GB/day write endurance and carry a 3-year warranty.
Security

Password Gropers Hit Peak Stupid, Take the Spamtrap Bait 100

Posted by Unknown Lamer
from the bad-strategy dept.
badger.foo (447981) writes Peter Hansteen reports that a new distributed and slow-moving password guessing effort is underway, much like the earlier reports, but this time with a twist: The users they are trying to access do not exist. Instead, they're taken from the bsdly.net spamtrap address list, where all listed email addresses are guaranteed to be invalid in their listed domains. There is a tiny chance that this is an elaborate prank or joke, but it's more likely that via excessive automation, the password gropers have finally hit Peak Stupid.
Communications

Gmail Now Rejects Emails With Misleading Combinations of Unicode Characters 79

Posted by Soulskill
from the we-look-forward-to-being-caught-in-your-new-web dept.
An anonymous reader writes: Google today announced it is implementing a new effort to thwart spammers and scammers: the open standard known as Unicode Consortium's "Highly Restricted" specification. In short, Gmail now rejects emails from domains that use what the Unicode community has identified as potentially misleading combinations of letters. The news today follows Google's announcement last week that Gmail has gained support for accented and non-Latin characters. The company is clearly okay with international domains, as long as they aren't abused to trick its users.
Spam

Memo to Users: SpamCop Winding Down Webmail Service 44

Posted by timothy
from the not-the-whole-company-mind-you dept.
LuserOnFire (175383) writes with word that on Saturday SpamCop users received an email that says in part: "For over 12 years, Corporate Email Services has been partnering with SpamCop to provide webmail service with spam filtering via the SpamCop Email System for our users. Back then, spam filtering was rare. We heard story after story about how our service rescued people from unfiltered email. Nowadays, webmail service with spam filtering has become the norm in the general public. As such, the need for the webmail service with SpamCop filtered email has decreased. Due to these reasons, we have decided to retire the SpamCop Email System and its webmail service; while SpamCop will continue to focus on providing the World's best spam reporting platform and blacklist for the community. As of September 30, 2014 (Tuesday) 6pm ET, the current SpamCop Email service will be converted to email forwarding-only with spam filtered by SpamCop for all existing SpamCop Email users."
Power

Harvesting Wi-Fi Backscatter To Power Internet of Things Sensors 138

Posted by Unknown Lamer
from the energy-everywhere dept.
vinces99 (2792707) writes "Imagine a world in which your wristwatch or other wearable device communicates directly with your online profiles, storing information about your daily activities where you can best access it – all without requiring batteries. Or, battery-free sensors embedded around your home that could track minute-by-minute temperature changes and send that information to your thermostat to help conserve energy. This not-so-distant 'Internet of Things' reality would extend connectivity to perhaps billions of devices. Sensors could be embedded in everyday objects to help monitor and track everything from the structural safety of bridges to the health of your heart. But having a way to cheaply power and connect these devices to the Internet has kept this from taking off. Now, University of Washington engineers have designed a new communication system that uses radio frequency signals as a power source and reuses existing Wi-Fi infrastructure to provide Internet connectivity to these devices. Called Wi-Fi backscatter, this technology is the first that can connect battery-free devices to Wi-Fi infrastructure. The researchers will publish their results at the Association for Computing Machinery's Special Interest Group on Data Communication's annual conference this month in Chicago. The team also plans to start a company based on the technology. The Pre-print research paper.
Security

Internet Explorer Vulnerabilities Increase 100% 137

Posted by samzenpus
from the protect-ya-neck dept.
An anonymous reader writes Bromium Labs analyzed public vulnerabilities and exploits from the first six months of 2014. The research determined that Internet Explorer vulnerabilities have increased more than 100 percent since 2013, surpassing Java and Flash vulnerabilities. Web browsers have always been a favorite avenue of attack, but we are now seeing that hackers are not only getting better at attacking Internet Explorer, they are doing it more frequently.
Security

The Psychology of Phishing 128

Posted by samzenpus
from the click-and-release dept.
An anonymous reader writes Phishing emails are without a doubt one of the biggest security issues consumers and businesses face today. Cybercriminals understand that we are a generation of clickers and they use this to their advantage. They will take the time to create sophisticated phishing emails because they understand that today users can tell-apart spam annoyances from useful email, however they still find it difficult identifying phishing emails, particularly when they are tailored to suit each recipient individually. Fake emails are so convincing and compelling that they fool 10% of recipients into clicking on the malicious link. To put that into context a legitimate marketing department at a FTSE 100 company typically expects less than a 2% click rate on their advertising campaigns. So, how are the cybercriminals out-marketing the marketing experts?
Cellphones

Why My LG Optimus Cellphone Is Worse Than It's Supposed To Be 291

Posted by samzenpus
from the no-sir-I-don't-like-it dept.
Bennett Haselton writes My LG Optimus F3Q was the lowest-end phone in the T-Mobile store, but a cheap phone is supposed to suck in specific ways that make you want to upgrade to a better model. This one is plagued with software bugs that have nothing to do with the cheap hardware, and thus lower one's confidence in the whole product line. Similar to the suckiness of the Stratosphere and Stratosphere 2 that I was subjected to before this one, the phone's shortcomings actually raise more interesting questions — about why the free-market system rewards companies for pulling off miracles at the hardware level, but not for fixing software bugs that should be easy to catch. Read below to see what Bennett has to say.
Transportation

"Intelligent" Avatars Poised To Manage Airline Check-In 102

Posted by samzenpus
from the even-better-than-the-real-thing dept.
An anonymous reader writes One of the developers behind special effects used in the film Avatar has inked a deal with airline check-in kiosk manufacturer BCS to implement avatars for personalized and interactive customer service. Dr Mark Sagar's Limbic IO is applying 'neurobehavioral animation' combining biologically based models of faces and neural systems to create live, naturally intelligent, and expressive interactive systems. "One of the comments levelled at self-service check in is that it has lost the human touch that people had when checking in at a traditional manned counter," Patrick Teo, BCS CEO says. "Travelling can be stressful and our aim is to make the interaction between human (passenger) and computer (check-in) as natural and helpful as possible."
Education

How To Fix The Shortage of K-5 Scholastic Chess Facilitators 128

Posted by samzenpus
from the checking-the-checkmate dept.
theodp writes The good news, writes Michael Thomas, is that wired kids are learning chess at an unprecedented rate. Young children learning chess from tablets can quickly become more knowledgeable than their parents. But the bad news, laments Thomas, is there is so much demand for scholastic chess that there are not enough experienced chess facilitators to go around. Could technology like RFID-tagged chess pieces or services like ChessStream.com be employed to referee second-grader chess matches, Thomas wonders, or are more well-meaning-but-not-necessarily-expert human facilitators — a la T-ball coaches — the answer?
Google

How Google Map Hackers Can Destroy a Business 132

Posted by timothy
from the you-aren't-here dept.
An anonymous reader writes with an excerpt from Wired about the one big problem that comes with crowdsourced data: enough eyeballs may make all bugs shallow, but may not fare as well against malice and greed: Maps are dotted with thousands of spam business listings for nonexistent locksmiths and plumbers. Legitimate businesses sometimes see their listings hijacked by competitors or cloned into a duplicate with a different phone number or website. In January, someone bulk-modified the Google Maps presence of thousands of hotels around the country, changing the website URLs to a commercial third-party booking site ... Small businesses are the usual targets. ....These attacks happen because Google Maps is, at its heart, a massive crowdsourcing project, a shared conception of the world that skilled practitioners can bend and reshape in small ways using tools like Google's Mapmaker or Google Places for Business. ... In February, an SEO consultant-turned-whistleblower named Bryan Seely demonstrated the risk dramatically when he set up doppelganger Google Maps listings for the offices of the FBI and Secret Service..
Canada

Krebs on Microsoft Suspending "Patch Tuesday" Emails and Blaming Canada 130

Posted by samzenpus
from the who's-to-blame dept.
tsu doh nimh writes In a move that may wind up helping spammers, Microsoft is blaming a new Canadian anti-spam law for the company's recent decision to stop sending regular emails about security updates for its Windows operating system and other Microsoft software. Some anti-spam experts who worked very closely on Canada's Anti-Spam Law (CASL) say they are baffled by Microsoft's response to a law which has been almost a decade in the making. Indeed, an exception in the law says it does not apply to commercial electronic messages that solely provide "warranty information, product recall information or safety or security information about a product, goods or a service that the person to whom the message is sent uses, has used or has purchased." Several people have observed that Microsoft likely is using the law as a convenient excuse for dumping an expensive delivery channel.
Security

Microsoft Suspending "Patch Tuesday" Emails 145

Posted by timothy
from the just-visit-our-lair-for-updates dept.
New submitter outofluck70 (1734164) writes Got an email today from Microsoft, text is below. [Note: text here edited for formatting and brevity; see the full text at seclists.org.] They are no longer going to send out emails regarding patches, you have to use RSS or keep visiting their security sites. They blame "governmental policies" as the reason. What could the real reason be? Anybody in the know? From the email: "Notice to IT professionals: As of July 1, 2014, due to changing governmental policies concerning the issuance of automated electronic messaging, Microsoft is suspending the use of email notifications that announce the following: Security bulletin advance notifications; Security bulletin summaries; New security advisories and bulletins; Major and minor revisions to security advisories and bulletins. In lieu of email notifications, you can subscribe to one or more of the RSS feeds described on the Security TechCenter website." WindowsIT Pro blames Canada's new anti-spam law.
Spam

Researchers Outline Spammers' Business Ecosystem 14

Posted by timothy
from the is-that-enough-info-to-send-the-rebel-alliance? dept.
An anonymous reader writes A team of researchers at the UC Santa Barbara and RWTH Aachen presented new findings on the relationship of spam actors [abstract; full paper here] at the ACM Symposium on Information, Computer and Communications Security. This presents the first end-to-end analysis of the spam delivery ecosystem including: harvesters crawl the web and compile email lists, botmasters infect and operate botnets, and spammers rent botnets and buy email lists to run spam campaigns. Their results suggest that spammers develop a type of "customer loyalty"; spammers likely purchase preferred resources from actors that have "proven" themselves in the past. Previous work examined the market economy of the email address market in preparatory work: 1 million email addresses were offered on the examined forum for anywhere ranging between 20 and 40 Euros.
Social Networks

LinkedIn Spam Lawsuit Can Continue 50

Posted by timothy
from the unrepentant-spammers dept.
Charliemopps (1157495) writes "A lawsuit filed in September 2013 in the Northern District of California alleged that LinkedIn misled its users about the number of times it would attempt to invite their contacts using their name. LinkedIn tried to get the suit dismissed but Thursday Judge Lucy Koh ruled the suit can continue."
Crime

Cybercriminals Ramp Up Activity Ahead of 2014 World Cup 90

Posted by samzenpus
from the crime-wave dept.
wiredmikey (1824622) writes With the FIFA World Cup 2014 kicking off this week in Brazil, cybercriminals and scammers are working hard to take advantage of visitors to the World Cup in Brazil and those following the world soccer tournament online. In recent months, several security vendors have published advisories about the various scams, phishing and malware operations that target Internet users interested in the World Cup. While individuals from all over the world have been targeted, many of the malicious campaigns focus on Brazil and neighboring South American countries. While news that cybercriminals are zoning in on a large global event is no surprise, the scale and tactics being used is quite wide in scope, ranging from malware distribution and phishing scams, to fraudulent ticket sales, spam and other promising yet fraudulent schemes.For those visiting Brazil to watch the games in person, the cyber threats also include rogue wireless access points, ATMs rigged with card skimmers and Point-of-Sale malware.
Crime

Justice Dept. Names ZeuS Trojan Author, Seizes Control of P2P "Gameover" Botnet 76

Posted by samzenpus
from the shutting-it-down dept.
tsu doh nimh (609154) writes "The U.S. Justice Department announced today an international law enforcement operation to seize control over the Gameover ZeuS botnet, a sprawling network of hacked Microsoft Windows computers that currently infects an estimated 500,000 to 1 million compromised systems globally. Experts say PCs infected with Gameover are being harvested for sensitive financial and personal data, and that the botnet is responsible for more than $100 million in losses from online banking account takeovers. The government alleges that Gameover also was rented out to an elite cadre of hackers for use in online extortion attacks, spam and other illicit moneymaking schemes. In a complaint unsealed today, the DOJ further alleges that ZeuS and Gameover are the brainchild of a Russian man named Evgeniy Mikhailovich Bogachev, a.k.a. 'Slavik.'"
America Online

AOL Finally Admits They Were Hacked 54

Posted by Soulskill
from the change-the-password-on-your-coasters dept.
pdclarry writes: "Anyone managing email servers or lists has suspected for several weeks a major hack of AOL's servers, based on a sudden spurt in spam ostensibly from AOL email addresses (but actually spoofed) and sent to the contact lists of those AOL accounts. Of course, there is a steady stream of such spam from hacked individual accounts on many services, but the magnitude and suddenness of the most recent spam attack argues against individual account invasions. Well, AOL has finally come clean. Apparently unknown individuals accessed AOL's servers and took screen names, account information including mailing addresses, contact lists, encrypted passwords and encrypted answers to security questions. And possibly credit card information. AOL claims that it affects 'only' 2% of their members, but recommends that everyone change their passwords and security questions."

The best way to avoid responsibility is to say, "I've got responsibilities."

Working...