netbuzz writes "Fed up with phishers using Google Forms to commandeer campus email accounts as spam engines, Oxford University recently blocked access to Google Docs for two-and-a-half hours in what it called an 'extreme action' designed to get the attention of both its users and Google. 'Seeing multiple such incidents the other afternoon tipped things over the edge,' Oxford explains in a blog post. 'We considered these to be exceptional circumstances and felt that the impact on legitimate University business by temporarily suspending access to Google Docs was outweighed by the risks to University business by not taking such action.' The move generated widespread complaints from those affected, as well as criticism from outside network professionals."

First time accepted submitter trellz writes "My sister and brother-in-law are self employed, and run a small business with a storefront. It was broken into about a year ago, and since then they have reinforced physical security; bars on the doors and windows, better locks, etc. Unfortunately, their store was broken into and vandalized again last week, in spite of the added security measures. Being technically savvy, I'm trying to come up with inexpensive ways to add deterrence, monitoring, and alerting to their business. They run an extremely lean lifestyle and profit margin, so the solution needs to be almost free. They do have an internet connection at the store, so motion detection, web cameras, Arduino devices, and the like are certainly an option. Ideally I would like a rock-solid alerting method. Something like an email or text to a laptop at home, or a dedicated prepaid phone, but without the pitfalls of such a solution (i.e. random wrong numbers, solicitors, email spam, etc). I'd also prefer not to poke holes in their firewall at the shop if at all possible. I was considering an email with some sort of long code or hash in the body, and then could white list that on the receiving end to key off of. The goal is to never have a false alarm based on the transmission/reception method." What advice, beyond ZoneMinder?

Yvonne Lee, Community Manager at Dice.com writes, "Not using standard job titles, not tying your work to real business results and not using the right keywords can mean never getting called for an interview, even if you have the right skills to do the job. I once heard advice to use the exact wording found in the ad when placing your keywords. I think you're even more unlikely to get a job if you do some of the things on this list."

Yvonne Lee, Community Manager at Dice.com, writes "Because EMC has expanded through more than 70 acquisitions in eight years — it was hiring even during the recession — and because many of the acquired companies were startups, it is trying to leverage the more dynamic cultures it's inherited and make itself more nimble and innovative. People it hired 'need to be able to move fast and run,' Thus, a key to getting the company's attention is to prove you can do what you say you can. In other words, when Murray asks if you can work fast, you can't just say yes. You'll have to use your previous achievements to prove that you can."

First time accepted submitter Bitsy Boffin writes "Xtra, the largest ISP in New Zealand, which outsources email provision to Yahoo, has in the last two days been subject to a widespread email compromise, causing potentially thousands of accounts to send spam messages to every address in their webmail address books. Discussion at Geekzone centers around this potentially being a continuation of the Yahoo XSS exploit. While Telecom NZ, the owners of Xtra internet service provider indicate that the problem was "resolved", reports of spam from its members continue unabated. Telecom NZ are advising those affected to change their passwords."

Frequent contributor Bennett Haselton is still thinking about prediction markets, and giving away money. He writes: "In an article last December I described a problem with prediction markets, where even markets with cap on betting limits could be manipulated by a single trader willing to spend a lot of money to distort the marketplace odds. So I offered a $100 cash prize to be split between readers who collectively came up with the best solution to the problem. Here's an idea that I think would work." Read on for the rest.

An anonymous reader writes "Our organization had had a decent SPF record of our own for a long time. Recently, we decided to try using SPF for filtering inbound mail. On the up side, a lot of bad mail was being caught. On the down side, it seems like there is always a 'very important' message being caught in the filter because the sender has failed to consider all mail sources in writing their record. At first, I tried to assist sending parties with correcting their records out of hope that it was isolated. This quickly started to consume far too much time. I'm learning that many have set up inaccurate but syntactically valid SPF records and forgotten about them, which is probably the worst outcome for SPF as a standard. Are you using SPF? How are you handling false positives caused by inaccurate SPF records?"

coondoggie writes "The Federal Trade Commission today said the submission period for its Robocall Challenge had ended and it got 744 new ideas for ways to shut down the annoying automated callers. The FTC noted that the vast majority of telephone calls that deliver a prerecorded message trying to sell something to the recipient are illegal. The FTC regulates these calls under the Telemarketing Sales Rule and the Challenge was issued to developing technical or functional solutions and proofs of concepts that can block illegal robocalls which, despite the agency's best efforts, seem to be increasing."

Orome1 writes "Barracuda Networks has released firmware updates that remove SSH backdoors in a number of their products and resolve a vulnerability in Barracuda SSL VPN that allows attackers to bypass access restrictions to download potentially insecure files, set new admins passwords, or even shut down the device. The backdoor accounts are present on in all available versions of Barracuda Spam and Virus Firewall, Web Filter, Message Archiver, Web Application Firewall, Link Balancer, Load Balancer, and SSL VPN appliances." Here's Barracuda's tech note about the exploitable holes.

Frequent contributor Bennett Haselton writes with some strong cautions on a Facebook "feature" that lets you search for random phone numbers and find the accounts of users who have registered that number on their Facebook profile. This has privacy implications that are more serious than searching by email address. Especially in light of the expanding emphasis that Facebook is putting both on search qua search and on serving as a VoIP intermediary (not to mention the stream of robocalls that the FCC is unable to stop), this might make you think twice about where your phone number ends up. Read on for Bennett's description of the problem and some possible solutions.

iComp writes with a story about how it will cost you $100 to message Mark Zuckerberg on Facebook. "Got something you'd like to say to Mark Zuckerberg? The Facebook CEO still maintains a profile on the social networking site he founded, but beginning on Friday, sending him a personal message could cost you. Mashable was the first to notice that some users who weren't otherwise on the Behoodied One's Friends list were being asked to pony up before they could send a message to his Inbox, to the tune of $100 a pop. As El Reg reported in December, Facebook has been conducting a limited test of a feature that requires users to pay a fee to send messages to people with whom they have no direct connection. The idea is that the type of users who like to send spam, hate speech, and otherwise frivolous messages typically aren't willing to pay for the privilege. Impose a fee – however small – and they probably won't bother."

iComp sends word of a Chinese businessman who pleaded guilty to selling pirated software the retail value of which totaled more than $100 million. The software came from over 200 different companies, and was sold to buyers in 61 different countries over a 3-year period. The man was arrested by the U.S. Department of Homeland Security on the island of Saipan in 2011, after undercover agents had been working on the case for 18 months (PDF). "Li trolled black market Internet forums in search of hacked software, and people with the know-how to crack the passwords needed to run the program. Then he advertised them for sale on his websites. Li transferred the pirated programs to customers by sending compressed files via Gmail, or sent them hyperlinks to download servers, officials said. ... Agents lured Li from China to the U.S. territory of Saipan under the premise of discussing a joint illicit business venture. At an island hotel, Li delivered counterfeit packaging and, prosecutors said, "Twenty gigabytes of proprietary data obtained unlawfully from an American software company." Officials did not identify the company in court documents."

New submitter Fnordulicious writes "Although Canada's anti-spam legislation is already in place, the rules to implement it have been under development for more than a year. This weekend the proposed rules from the Department of Industry were published in the Canada Gazette. Kady O'Malley reports on the CBC Inside Politics Blog that Canadian ISPs will not be allowed to secretly monitor activity except in the case that the activity is illegal and represents an 'imminent risk to the security of its network.' In addition, consent would be required for monitoring of legal activities 'that are merely unauthorized or suspicious.'"

New submitter GavrocheLeGnou writes "The french ISP 'Free.fr' is now blocking ads from Adsense and other providers by default for all its subscribers. The option can be turned off globally, but there's no whitelist (Google translation of French original). From the article: 'Because the service doesn’t offer a whitelist (contrary to Adblock, a service I’ve used for years), this means that it is an all or nothing choice, activated by default to block everything. And since it is not only internet, but TV and phone lines running through the FreeBox, it’s possible that, if left unchecked, Free could beginning blocking TV ads, or phone calls from known spam hotlines. While this seems like a potentially beneficial service, there’s no doubt that it’s biting at the heels of several sectors who rely on advertisement to make money, let alone the advertisers themselves who pay to reach an audience, and are blocked at the door.'"

jfruh writes "Those Nigerian spam scams of the last decade may have just been the first step in a looming African cyber-crime wave. Africa has the world's fastest-growing middle class, whose members are increasingly tech-savvy and Internet connected — and the combination of ambitious, educated people, a ceiling on advancement due to corruption and lack of infrastructure, and lax law enforcement is a perfect petri dish for increased cybercrime."

An anonymous reader writes "A new trojan for Android has been discovered that can help carry out Distributed Denial of Service (DDoS) attacks. The malware is also capable of receiving commands from criminals as well as sending text messages for spamming purposes. The threat, detected as "Android.DDoS.1.origin" by Russian security firm Doctor Web, likely spreads via social engineering tricks. The malware disguises itself as a legitimate app from Google, according to the firm."

An anonymous reader writes "I work for a European ISP, and lately we're receiving quite a few complaints from customers about not being able to send emails because of UCEProtect's listings. After checking with their site, we found out that our whole AS (!) was blacklisted. Their 'immediate removal policy' asks for money, around 90 euros Per IP for end users and 300 euros for ISPs, and their site has bold statements like 'YOU ARE LOSING YOUR RIGHT TO EXPRESSDELIST YOUR IP IF YOU ARE STUPID AND CLAIMING THIS WOULD BE BLACKMAIL...' Could this be considered extortion-blackmail ? Has anyone else on Slashdot dealt with this service before?"

Spy Handler writes "According to PC Mag, 'Facebook is testing a feature that will let select users pay $1 to send messages to people with whom they have no connection on the social network. The $1 fee will open a thread with a non-Facebook friend. If that person replies to your note, you won't have to pay again to respond to them.' Facebook explained the test thus: 'Several commentators and researchers have noted that imposing a financial cost on the sender may be the most effective way to discourage unwanted messages and facilitate delivery of messages that are relevant and useful. This test is designed to address situations where neither social nor algorithmic signals are sufficient. For example, if you want to send a message to someone you heard speak at an event but are not friends with, or if you want to message someone about a job opportunity, you can use this feature to reach their Inbox. For the receiver, this test allows them to hear from people who have an important message to send them.'"

jfruh writes "You may remember the tale of the blogger who found that an infographic he'd put on his site was the front end of an SEO spam job. Well, he's since followed the money to figure out just who's behind this maneuver: the for-profit college industry. He discovered that the contact info of someone who expresses interest in online degree programs can be worth up to $250 to an industry with a particularly sleazy reputation."

First time accepted submitter veganboyjosh writes "I got an instant message from an uncle the other day, asking me what was in the link I sent him. I hadn't sent him a link so I figured that his account had been hacked and he'd received a malicious link from some bot address with my name in the 'From' box. This was confirmed when he told me the address the link had come from. When I tried explaining what the link was, that his account had been hacked, and that he should change the password to his @aol.com email account, his response was 'No, I think your account was hacked, since the email came from you.' I went over it again, with a real-life analog of someone calling him on the phone and pretending to be me, but I'm not sure if that sunk in or not. This uncle is far from tech savvy. He's in his 60s, and uses Facebook several times a week. He knows I'm online much more and kind of know my way around. After his initial response, I didn't have it in me to get into the whole 'Never click a link from an unfamiliar email address' bit; to him, this wasn't an unfamiliar email address, it was mine. How do I explain this to him, and what else should I feel responsible for telling him?"