An anonymous reader writes "Of the 42,000 Internet Service Providers (ISPs) surveyed, just 20 were found to be responsible for nearly half of all the spamming IP addresses — and some ISPs have more than 60% of compromised hosts, mostly in Asia. Phishing Bad Neighborhoods, on the other hand, are mostly in the U.S. Also, there is a silent ticking 'spam' bomb in BRIC countries: if India would have the same Internet penetration rate as the United States while keeping its current ratio of malicious IP addresses, we would observe 200% more spamming IP addresses worldwide. These are just few of the striking results of an extensive study from the University of Twente, in The Netherlands, which scrutinizes the Internet Bad Neighborhoods to develop next-generation algorithms and solutions to better secure networks."

The quote in the title is from www.muckrock.com/about/. And that is exactly what MuckRock is all about: Making FOIA (Freedom of Information Act) requests for you (and investigative reporters) so you don't have to deal with the often-daunting paperwork and runarounds you may run into when you try to pry information out of a recalcitrant government agency. In theory, most government information is public. In practice, many local, state and federal government bodies would just as soon never tell you anything. This is why Tim Lord talked with MuckRock co-founder Michael Morisy, and why we're running this interview in the middle of Sunshine Week, which exists "...to educate the public about the importance of open government and the dangers of excessive and unnecessary secrecy."

rueger writes "One of Canada's biggest cable/Internet providers has their customers in an outrage. '... after an interruption of Shaw's email services Thursday led to millions of emails being deleted ... About 70 per cent of Shaw's email customers were affected when the company was troubleshooting an unrelated email delay problem and an attempted solution caused incoming emails to be deleted ... Emails were deleted for a 10-hour period between 7:45 a.m. and 6:15 p.m. Thursday, although customers did not learn about the problem until Friday, and only then by calling customer service or accessing an online forum for Shaw Internet subscribers.' To top it off, when Shaw did send out notices about this, they looked so much like every day phishing spam that many people deleted them unread."

MellowTigger writes "I work at a non-profit organization. I am looking for a site where we can register an account under our group's name, then spawn multiple projects to solicit programmer help for our organization. The current projects that we have in mind are small and probably not of interest to the wider world, although one very large project is possible. I need a site that emphasizes our non-profit as the benefactor rather than the wider world, since most projects are so specific that wider applicability seems slim. We would need help with various technologies including at least Powershell and SQL. At the moment, my available options emphasize individual projects of public interest, so we would have to spawn multiple independent projects, seeming to spam the host with 'pointless' minor tasks. We already have technical people seeking to donate time. We just need a way to coordinate skill matching, document sharing, and code submission out on the web. What do you suggest?"

New submitter Christopher Fritz writes "The Berkeley, CA city council recently met to discuss the closing of their downtown post office, in attempt to find a way to keep it from relocating. This included talk of 'a very tiny tax' to help keep the U.S. Post Office's vital functions going. The suggestion came from Berkeley City Councilman Gordon Wozniak: 'There should be something like a bit tax. I mean a bit tax could be a cent per gigabit and they would still make, probably, billions of dollars a year And there should be, also, a very tiny tax on email.' He says a one-hundredth of a cent per e-mail tax could discourage spam while not impacting the typical Internet user, and a sales tax on Internet transactions could help fund 'vital functions that the post office serves.' We all know an e-mail tax is infeasible, and sales tax for online purchases and for digital purchases are likely unavoidable forever, but here's hoping talk of taxing data usage doesn't work its way to Washington."

rueger writes "Right now there's an election happening in British Columbia. A desperate government is flooding Facebook with "Sponsored Post" spam (example) extolling the wonderful things that they plan to do if re-elected. There's one problem though. Every one of these posts is followed by hundreds of extremely negative comments added by people who either dislike the party in question, or Facebook spam in general. Desperate moderators are trying to control the 'discussion,' but seem to have no hope of doing so. What was thought to be a cool marketing tool has turned into a public relations disaster. Is this the worst use of social media in an election?"

nbauman writes "A New York Times consumer columnist tracked down the people who run a 'This is your second and final notice" robocall operation. The calls came from Account Management Assistance, which promises to negotiate lower credit card rates with banks. One woman paid them $1,000, and all they did was give her a limited-time zero-percent credit card that she could have gotten herself. AMA has a post office box in Orlando, Florida. The Better Business Bureau has a page for Your Financial Ladder, which does business as Account Management Assistance, and as Economic Progress. According to a Florida incorporation filing, Economic Progress is operated by Brenda Helfenstine, with her husband Tony. The Arkansas attorney general has sued Your Financial Ladder for violating the Telemarketing Consumer Fraud and Abuse Prevention Act. The Florida Department of Agriculture and Consumer Services investigated Your Financial Ladder, but the investigator went to 1760 Sundance Drive, St. Cloud, which turned out to be a residence, and gave up. The Times notes that you can type their phone number (855-462-3833) into http://800notes.com/ and get lots of reports on them."

netbuzz writes "Fed up with phishers using Google Forms to commandeer campus email accounts as spam engines, Oxford University recently blocked access to Google Docs for two-and-a-half hours in what it called an 'extreme action' designed to get the attention of both its users and Google. 'Seeing multiple such incidents the other afternoon tipped things over the edge,' Oxford explains in a blog post. 'We considered these to be exceptional circumstances and felt that the impact on legitimate University business by temporarily suspending access to Google Docs was outweighed by the risks to University business by not taking such action.' The move generated widespread complaints from those affected, as well as criticism from outside network professionals."

First time accepted submitter trellz writes "My sister and brother-in-law are self employed, and run a small business with a storefront. It was broken into about a year ago, and since then they have reinforced physical security; bars on the doors and windows, better locks, etc. Unfortunately, their store was broken into and vandalized again last week, in spite of the added security measures. Being technically savvy, I'm trying to come up with inexpensive ways to add deterrence, monitoring, and alerting to their business. They run an extremely lean lifestyle and profit margin, so the solution needs to be almost free. They do have an internet connection at the store, so motion detection, web cameras, Arduino devices, and the like are certainly an option. Ideally I would like a rock-solid alerting method. Something like an email or text to a laptop at home, or a dedicated prepaid phone, but without the pitfalls of such a solution (i.e. random wrong numbers, solicitors, email spam, etc). I'd also prefer not to poke holes in their firewall at the shop if at all possible. I was considering an email with some sort of long code or hash in the body, and then could white list that on the receiving end to key off of. The goal is to never have a false alarm based on the transmission/reception method." What advice, beyond ZoneMinder?

Yvonne Lee, Community Manager at Dice.com writes, "Not using standard job titles, not tying your work to real business results and not using the right keywords can mean never getting called for an interview, even if you have the right skills to do the job. I once heard advice to use the exact wording found in the ad when placing your keywords. I think you're even more unlikely to get a job if you do some of the things on this list."

Yvonne Lee, Community Manager at Dice.com, writes "Because EMC has expanded through more than 70 acquisitions in eight years — it was hiring even during the recession — and because many of the acquired companies were startups, it is trying to leverage the more dynamic cultures it's inherited and make itself more nimble and innovative. People it hired 'need to be able to move fast and run,' Thus, a key to getting the company's attention is to prove you can do what you say you can. In other words, when Murray asks if you can work fast, you can't just say yes. You'll have to use your previous achievements to prove that you can."

First time accepted submitter Bitsy Boffin writes "Xtra, the largest ISP in New Zealand, which outsources email provision to Yahoo, has in the last two days been subject to a widespread email compromise, causing potentially thousands of accounts to send spam messages to every address in their webmail address books. Discussion at Geekzone centers around this potentially being a continuation of the Yahoo XSS exploit. While Telecom NZ, the owners of Xtra internet service provider indicate that the problem was "resolved", reports of spam from its members continue unabated. Telecom NZ are advising those affected to change their passwords."

Frequent contributor Bennett Haselton is still thinking about prediction markets, and giving away money. He writes: "In an article last December I described a problem with prediction markets, where even markets with cap on betting limits could be manipulated by a single trader willing to spend a lot of money to distort the marketplace odds. So I offered a $100 cash prize to be split between readers who collectively came up with the best solution to the problem. Here's an idea that I think would work." Read on for the rest.

An anonymous reader writes "Our organization had had a decent SPF record of our own for a long time. Recently, we decided to try using SPF for filtering inbound mail. On the up side, a lot of bad mail was being caught. On the down side, it seems like there is always a 'very important' message being caught in the filter because the sender has failed to consider all mail sources in writing their record. At first, I tried to assist sending parties with correcting their records out of hope that it was isolated. This quickly started to consume far too much time. I'm learning that many have set up inaccurate but syntactically valid SPF records and forgotten about them, which is probably the worst outcome for SPF as a standard. Are you using SPF? How are you handling false positives caused by inaccurate SPF records?"

coondoggie writes "The Federal Trade Commission today said the submission period for its Robocall Challenge had ended and it got 744 new ideas for ways to shut down the annoying automated callers. The FTC noted that the vast majority of telephone calls that deliver a prerecorded message trying to sell something to the recipient are illegal. The FTC regulates these calls under the Telemarketing Sales Rule and the Challenge was issued to developing technical or functional solutions and proofs of concepts that can block illegal robocalls which, despite the agency's best efforts, seem to be increasing."

Orome1 writes "Barracuda Networks has released firmware updates that remove SSH backdoors in a number of their products and resolve a vulnerability in Barracuda SSL VPN that allows attackers to bypass access restrictions to download potentially insecure files, set new admins passwords, or even shut down the device. The backdoor accounts are present on in all available versions of Barracuda Spam and Virus Firewall, Web Filter, Message Archiver, Web Application Firewall, Link Balancer, Load Balancer, and SSL VPN appliances." Here's Barracuda's tech note about the exploitable holes.

Frequent contributor Bennett Haselton writes with some strong cautions on a Facebook "feature" that lets you search for random phone numbers and find the accounts of users who have registered that number on their Facebook profile. This has privacy implications that are more serious than searching by email address. Especially in light of the expanding emphasis that Facebook is putting both on search qua search and on serving as a VoIP intermediary (not to mention the stream of robocalls that the FCC is unable to stop), this might make you think twice about where your phone number ends up. Read on for Bennett's description of the problem and some possible solutions.

iComp writes with a story about how it will cost you $100 to message Mark Zuckerberg on Facebook. "Got something you'd like to say to Mark Zuckerberg? The Facebook CEO still maintains a profile on the social networking site he founded, but beginning on Friday, sending him a personal message could cost you. Mashable was the first to notice that some users who weren't otherwise on the Behoodied One's Friends list were being asked to pony up before they could send a message to his Inbox, to the tune of $100 a pop. As El Reg reported in December, Facebook has been conducting a limited test of a feature that requires users to pay a fee to send messages to people with whom they have no direct connection. The idea is that the type of users who like to send spam, hate speech, and otherwise frivolous messages typically aren't willing to pay for the privilege. Impose a fee – however small – and they probably won't bother."

iComp sends word of a Chinese businessman who pleaded guilty to selling pirated software the retail value of which totaled more than $100 million. The software came from over 200 different companies, and was sold to buyers in 61 different countries over a 3-year period. The man was arrested by the U.S. Department of Homeland Security on the island of Saipan in 2011, after undercover agents had been working on the case for 18 months (PDF). "Li trolled black market Internet forums in search of hacked software, and people with the know-how to crack the passwords needed to run the program. Then he advertised them for sale on his websites. Li transferred the pirated programs to customers by sending compressed files via Gmail, or sent them hyperlinks to download servers, officials said. ... Agents lured Li from China to the U.S. territory of Saipan under the premise of discussing a joint illicit business venture. At an island hotel, Li delivered counterfeit packaging and, prosecutors said, "Twenty gigabytes of proprietary data obtained unlawfully from an American software company." Officials did not identify the company in court documents."

New submitter Fnordulicious writes "Although Canada's anti-spam legislation is already in place, the rules to implement it have been under development for more than a year. This weekend the proposed rules from the Department of Industry were published in the Canada Gazette. Kady O'Malley reports on the CBC Inside Politics Blog that Canadian ISPs will not be allowed to secretly monitor activity except in the case that the activity is illegal and represents an 'imminent risk to the security of its network.' In addition, consent would be required for monitoring of legal activities 'that are merely unauthorized or suspicious.'"