Communications

Widespread Compromise Of Yahoo-Backed Email In New Zealand 47

First time accepted submitter Bitsy Boffin writes "Xtra, the largest ISP in New Zealand, which outsources email provision to Yahoo, has in the last two days been subject to a widespread email compromise, causing potentially thousands of accounts to send spam messages to every address in their webmail address books. Discussion at Geekzone centers around this potentially being a continuation of the Yahoo XSS exploit. While Telecom NZ, the owners of Xtra internet service provider indicate that the problem was "resolved", reports of spam from its members continue unabated. Telecom NZ are advising those affected to change their passwords."
The Almighty Buck

How To Stop Prediction Market Manipulation 129

Frequent contributor Bennett Haselton is still thinking about prediction markets, and giving away money. He writes: "In an article last December I described a problem with prediction markets, where even markets with cap on betting limits could be manipulated by a single trader willing to spend a lot of money to distort the marketplace odds. So I offered a $100 cash prize to be split between readers who collectively came up with the best solution to the problem. Here's an idea that I think would work." Read on for the rest.
Spam

Ask Slashdot: How Do You Handle SPF For Spam Filtering? 187

An anonymous reader writes "Our organization had had a decent SPF record of our own for a long time. Recently, we decided to try using SPF for filtering inbound mail. On the up side, a lot of bad mail was being caught. On the down side, it seems like there is always a 'very important' message being caught in the filter because the sender has failed to consider all mail sources in writing their record. At first, I tried to assist sending parties with correcting their records out of hope that it was isolated. This quickly started to consume far too much time. I'm learning that many have set up inaccurate but syntactically valid SPF records and forgotten about them, which is probably the worst outcome for SPF as a standard. Are you using SPF? How are you handling false positives caused by inaccurate SPF records?"
Communications

FTC Gets 744 New Ideas On How To Hang Up On Robocallers 281

coondoggie writes "The Federal Trade Commission today said the submission period for its Robocall Challenge had ended and it got 744 new ideas for ways to shut down the annoying automated callers. The FTC noted that the vast majority of telephone calls that deliver a prerecorded message trying to sell something to the recipient are illegal. The FTC regulates these calls under the Telemarketing Sales Rule and the Challenge was issued to developing technical or functional solutions and proofs of concepts that can block illegal robocalls which, despite the agency's best efforts, seem to be increasing."
Networking

Barracuda Appliances Have Exploitable Holes, Fixed By Firmware Updates 88

Orome1 writes "Barracuda Networks has released firmware updates that remove SSH backdoors in a number of their products and resolve a vulnerability in Barracuda SSL VPN that allows attackers to bypass access restrictions to download potentially insecure files, set new admins passwords, or even shut down the device. The backdoor accounts are present on in all available versions of Barracuda Spam and Virus Firewall, Web Filter, Message Archiver, Web Application Firewall, Link Balancer, Load Balancer, and SSL VPN appliances." Here's Barracuda's tech note about the exploitable holes.
Privacy

Facebook Lets You Harvest Account Phone Numbers 185

Frequent contributor Bennett Haselton writes with some strong cautions on a Facebook "feature" that lets you search for random phone numbers and find the accounts of users who have registered that number on their Facebook profile. This has privacy implications that are more serious than searching by email address. Especially in light of the expanding emphasis that Facebook is putting both on search qua search and on serving as a VoIP intermediary (not to mention the stream of robocalls that the FCC is unable to stop), this might make you think twice about where your phone number ends up. Read on for Bennett's description of the problem and some possible solutions.
Facebook

Facebook Testing $100 Fee To Mail Mark Zuckerberg 228

iComp writes with a story about how it will cost you $100 to message Mark Zuckerberg on Facebook. "Got something you'd like to say to Mark Zuckerberg? The Facebook CEO still maintains a profile on the social networking site he founded, but beginning on Friday, sending him a personal message could cost you. Mashable was the first to notice that some users who weren't otherwise on the Behoodied One's Friends list were being asked to pony up before they could send a message to his Inbox, to the tune of $100 a pop. As El Reg reported in December, Facebook has been conducting a limited test of a feature that requires users to pay a fee to send messages to people with whom they have no direct connection. The idea is that the type of users who like to send spam, hate speech, and otherwise frivolous messages typically aren't willing to pay for the privilege. Impose a fee – however small – and they probably won't bother."
Piracy

Chinese Man Pleads Guilty To $100M Piracy Operation 174

iComp sends word of a Chinese businessman who pleaded guilty to selling pirated software the retail value of which totaled more than $100 million. The software came from over 200 different companies, and was sold to buyers in 61 different countries over a 3-year period. The man was arrested by the U.S. Department of Homeland Security on the island of Saipan in 2011, after undercover agents had been working on the case for 18 months (PDF). "Li trolled black market Internet forums in search of hacked software, and people with the know-how to crack the passwords needed to run the program. Then he advertised them for sale on his websites. Li transferred the pirated programs to customers by sending compressed files via Gmail, or sent them hyperlinks to download servers, officials said. ... Agents lured Li from China to the U.S. territory of Saipan under the premise of discussing a joint illicit business venture. At an island hotel, Li delivered counterfeit packaging and, prosecutors said, "Twenty gigabytes of proprietary data obtained unlawfully from an American software company." Officials did not identify the company in court documents."
Canada

Proposed Canadian Anti-Spam Rules Restrict Secret ISP Monitoring 24

New submitter Fnordulicious writes "Although Canada's anti-spam legislation is already in place, the rules to implement it have been under development for more than a year. This weekend the proposed rules from the Department of Industry were published in the Canada Gazette. Kady O'Malley reports on the CBC Inside Politics Blog that Canadian ISPs will not be allowed to secretly monitor activity except in the case that the activity is illegal and represents an 'imminent risk to the security of its network.' In addition, consent would be required for monitoring of legal activities 'that are merely unauthorized or suspicious.'"
Advertising

French ISP Blocking Web Ads By Default 317

New submitter GavrocheLeGnou writes "The french ISP 'Free.fr' is now blocking ads from Adsense and other providers by default for all its subscribers. The option can be turned off globally, but there's no whitelist (Google translation of French original). From the article: 'Because the service doesn’t offer a whitelist (contrary to Adblock, a service I’ve used for years), this means that it is an all or nothing choice, activated by default to block everything. And since it is not only internet, but TV and phone lines running through the FreeBox, it’s possible that, if left unchecked, Free could beginning blocking TV ads, or phone calls from known spam hotlines. While this seems like a potentially beneficial service, there’s no doubt that it’s biting at the heels of several sectors who rely on advertisement to make money, let alone the advertisers themselves who pay to reach an audience, and are blocked at the door.'"
Crime

Africa's Coming Cyber-Crime Epidemic 142

jfruh writes "Those Nigerian spam scams of the last decade may have just been the first step in a looming African cyber-crime wave. Africa has the world's fastest-growing middle class, whose members are increasingly tech-savvy and Internet connected — and the combination of ambitious, educated people, a ceiling on advancement due to corruption and lack of infrastructure, and lax law enforcement is a perfect petri dish for increased cybercrime."
Google

New Android Malware Uses Google Play Icon To Trick Users 223

An anonymous reader writes "A new trojan for Android has been discovered that can help carry out Distributed Denial of Service (DDoS) attacks. The malware is also capable of receiving commands from criminals as well as sending text messages for spamming purposes. The threat, detected as "Android.DDoS.1.origin" by Russian security firm Doctor Web, likely spreads via social engineering tricks. The malware disguises itself as a legitimate app from Google, according to the firm."
The Internet

Ask Slashdot: Dealing With Anti-Spam Service Extortion? 279

An anonymous reader writes "I work for a European ISP, and lately we're receiving quite a few complaints from customers about not being able to send emails because of UCEProtect's listings. After checking with their site, we found out that our whole AS (!) was blacklisted. Their 'immediate removal policy' asks for money, around 90 euros Per IP for end users and 300 euros for ISPs, and their site has bold statements like 'YOU ARE LOSING YOUR RIGHT TO EXPRESSDELIST YOUR IP IF YOU ARE STUPID AND CLAIMING THIS WOULD BE BLACKMAIL...' Could this be considered extortion-blackmail ? Has anyone else on Slashdot dealt with this service before?"
Facebook

Facebook Test Will Let You Message Strangers For $1 325

Spy Handler writes "According to PC Mag, 'Facebook is testing a feature that will let select users pay $1 to send messages to people with whom they have no connection on the social network. The $1 fee will open a thread with a non-Facebook friend. If that person replies to your note, you won't have to pay again to respond to them.' Facebook explained the test thus: 'Several commentators and researchers have noted that imposing a financial cost on the sender may be the most effective way to discourage unwanted messages and facilitate delivery of messages that are relevant and useful. This test is designed to address situations where neither social nor algorithmic signals are sufficient. For example, if you want to send a message to someone you heard speak at an event but are not friends with, or if you want to message someone about a job opportunity, you can use this feature to reach their Inbox. For the receiver, this test allows them to hear from people who have an important message to send them.'"
Privacy

How Much Are You Worth To an Online Lead-Gen Site? 83

jfruh writes "You may remember the tale of the blogger who found that an infographic he'd put on his site was the front end of an SEO spam job. Well, he's since followed the money to figure out just who's behind this maneuver: the for-profit college industry. He discovered that the contact info of someone who expresses interest in online degree programs can be worth up to $250 to an industry with a particularly sleazy reputation."
Privacy

Ask Slashdot: What To Tell Non-Tech Savvy Family About Malware? 340

First time accepted submitter veganboyjosh writes "I got an instant message from an uncle the other day, asking me what was in the link I sent him. I hadn't sent him a link so I figured that his account had been hacked and he'd received a malicious link from some bot address with my name in the 'From' box. This was confirmed when he told me the address the link had come from. When I tried explaining what the link was, that his account had been hacked, and that he should change the password to his @aol.com email account, his response was 'No, I think your account was hacked, since the email came from you.' I went over it again, with a real-life analog of someone calling him on the phone and pretending to be me, but I'm not sure if that sunk in or not. This uncle is far from tech savvy. He's in his 60s, and uses Facebook several times a week. He knows I'm online much more and kind of know my way around. After his initial response, I didn't have it in me to get into the whole 'Never click a link from an unfamiliar email address' bit; to him, this wasn't an unfamiliar email address, it was mine. How do I explain this to him, and what else should I feel responsible for telling him?"
Spam

The SEO Spammers Behind Online Infographics 55

jfruh writes "Over the past couple of years, you may have noticed a rash of often high-quality infographics by third parties appearing on your favorite websites. These images are offered to Web publishers free of charge, with the only request being a link back to the creator's own site. But when one blogger got an odd email from a the creator of infographic he put on his site two years ago, he did some digging and discovered that he had inadvertently helped some shady characters do SEO spamming."
Censorship

Hotmail & Yahoo Mail Using Secret Domain Blacklist 345

Frequent contributor Bennett Haselton writes: "Hotmail and Yahoo Mail are apparently sharing a secret blacklist of domain names such that any mention of these domains will cause a message to be bounced back to the sender as spam. I found out about this because — surprise! — some of my new proxy site domains ended up on the blacklist. Hotmail and Yahoo are stonewalling, but here's what I've dug up so far — and why you should care." Read on for much more on how Bennett figured out what's going on, and why it's a hard problem to solve.
Communications

Text Message Spammer Wants FCC To Declare Spam Filters Illegal 338

TCPALaw writes "ccAdvertising, a company purported to have 'a long, long, long history of pumping spam out of every telecommunications orifice, and even boasting of voter suppression' has asked the FCC to declare spam filters illegal. Citing Free Speech rights, the company claims wireless carriers should be prohibited from employing spam filters that might block ccAdvertising's political spam. Without stating it explicitly, the filing implies that network neutrality must apply to spam, so the FCC must therefore prohibit spam filters (unless political spam is whitelisted). In an earlier filing, the company suggests it is proper that recipients 'bear some cost' of unsolicited political speech sent to their cell phones. The public can file comments with the FCC on ccAdvertising's filing online."
Security

Malicious QR Codes Posted Where There's Lots of Foot Traffic 89

Orome1 writes "QR codes are very handy for directing users to specific sites by simply scanning them with their smartphones. But the ease with which this technology works has also made it a favorite of malware peddlers and online crooks, who have taken to including QR codes that lead to malicious sites in spam emails. They have also begun using the same tactic in the physical world, by printing out the malicious QR codes on stickers and affixing them on prominent places in locations where there is a lot of foot traffic. According to Symantec Hosted Services director Warren Sealey, these locations include airports and city centers, where the crooks stick them over genuine QR codes included in advertisements and notices, and most likely anywhere a person might look and be tempted to scan them."

Slashdot Top Deals