Frequent contributor Bennett Haselton writes: After I sent 10 new proxy sites to my (confirmed-opt-in) mailing list, two of them ended up on one of Spamhaus's blacklists, and as a result, all 10 domains were disabled by the domain registrar, so the sites disappeared from the Web. Did you even know this could happen?"

Slashdot contributor Bennett Haselton writes with "a response to some of the objections raised to my last article, about a design for a distributed social networking protocol, which would allow for decentralized (and censorship-resistant) hosting of social networking accounts, while supporting all of the same features as sites like Facebook." Social networking is no longer new; whether you consider it to have started with online communities in the mid-90s or with the beginnings of sites many people still use today. As its popularity has surged, it has grown in limited ways; modern social networks have made communication between users easier, but they've also made users easier to market to advertisers as well. There's no question that the future of social networking holds more changes that can both help and harm users — perhaps something like what Bennett suggests could serve to mitigate that harm. Read on for the rest of his thoughts.

McGruber writes "Dublin-based writer Leo Traynor has written a piece about confronting the troll who drove him off Twitter, hacked his Facebook, and abused and terrified his family. Quoting: 'I blocked the account and reported it as spam. The following week it happened again in an identical manner. A new follower, I followed back, received a string of abusive DMs, blocked and reported for spam. Two or three times a week. Sometimes two or three times a day. An almost daily cycle of blocking and reporting and intense verbal abuse. ... Then one day something happened that truly frightened me. I don't scare easily but this was vile. I received a parcel at my home address. Nothing unusual there – I get lots of post. I ripped it open and there was a Tupperware lunchbox inside full of ashes. There was a note included, saying, "Say hello to your relatives from Auschwitz." I was physically sick. ... In July I was approached by a friend who's basically an IT genius, and he offered some help. He said that he could trace the hackers and trolls for me using perfectly legal technology, which would lead to their IP addresses. I said yes. Then I baited them – I was deliberately more provocative toward them than ever I'd been before.'"

Barence writes "The University of Cambridge has released a free 12-step online course on building a basic operating system for the Raspberry Pi. The course, Baking Pi — Operating Systems Development, was compiled by student Alex Chadwick during a summer interning in the school's computer lab, and has been put online to help this year's new recruits start work with the device. The university has already purchased a Raspberry Pi for every new Computer Science student starting in 2012."

colinneagle writes "Earlier this week I installed the final version of Windows 8. And it is awesome. That's not a joke. Windows 8 is absolutely, unequivocally stellar. And yet, at the end of the day, I am right back to using Linux. Why is that? What is it about Linux that makes me so excited to use it — even while enjoying another operating system that I view as, in all seriousness, a work of art? Why do I not simply install Windows 8 on every machine I own and be happy with it? For me, it's the ability to slowly chip away and remove items from your user interface until you are left with only want you want, and nothing more. The option of looking at an item on the screen, right clicking on it, and declaring to said item 'Listen up, mister Thing-On-My-Screen. I don't want you anymore. Be gone!' Panels, bars, docks, launchers, widgets, gadgets – whatever is on your screen, there is probably a way to send it to whatever form of the afterlife is reserved for unwanted Desktop Crud. And, I'll tell you this right now – as great as it is, you don't find a whole lot of 'Right click, Remove Panel' in Windows 8."

wiredmikey writes "It's been over a month since spam-spewing Grum botnet has been shut down, but spam experts say there hasn't been a noticeable impact on global spam volume. Symantec researchers at the time estimated that Grum was responsible for one-third of all spam being sent worldwide, and its takedown led to an immediate drop in global spam email volumes by as much as 15 to 20 percent. However, the drop was only temporary. While Grum had an estimated hundred thousand zombies sending spam, the machines were likely blocked for sending emails too frequently, or wound up on IP blacklists, said Andrew Conway, Cloudmark researcher. IP filtering is fast and cheap, and is a good first line of defense against spam, Conway said. Grum spam was easy to blacklist, and despite its size, most spam messages from the botnet probably never reached user inboxes."

An anonymous reader writes "The newspaper Kommersant reports that the Russian Foreign Intelligence Service (formerly part of the KGB) has invested 30 million roubles (USD $940,000) on 'blog and social network intelligence' programs (Google translation of Russian original). A small part of that money is used for surveillance and analytics, but 22 million roubles (USD $690,000) is invested in 'mass distribution of messages in social networks with a view to the formation of public opinion.' Which presumably can be rephrased as 'launching massive pro-Kremlin astroturfing propaganda spambots in order to stifle and undermine political dissent.' The brazen Russian government acknowledgement of this investment indicates that the Kremlin does not think of such activities to be in any way illegal or unethical. No words whether these spambots would respect any anti-spam laws or the Terms and Conditions of victim websites. But hey, now you can accuse anyone you disagree with online of being a 'KGB bot'!"

tsu doh nimh writes "An examination of a control server seized in the recent takedown of the Grum spam botnet shows the crime machine was far bigger than most experts had assumed. A PHP panel used to control the botnet shows it had just shy of 200,000 systems sending spam when it was dismantled in mid-July. Researchers also found dozens of huge email lists, totaling more than 2.3 billion addresses, as well evidence it was used for phishing and malware attacks in addition to mailing pharmacy spam. Just prior to its takedown, Grum was responsible for sending about one in six spams worldwide."

shellster_dude writes "Slashdot is certainly no stranger to the problem of spam bots. While blocking a spam bot may seem like the best solution, it is likely that the spammer will simply re-register with a different name. While trying to solve this dilemma on my own forums, I had an epiphany. What if, instead of blocking a spam bot, I could mark a spammer, and then hide all their comments from everyone else? The spammer could continue to go their merry way, spamming to their heart's content. When they visit the forum, they see their spam comments correctly placed in the threads, but their comments would only be visible to them. Thus, an effective sandbox which would prevent them from registering a new user once they had been 'blocked.' Are any other Slashdotters familiar with this technique? Does any software currently use this technique?"

tsu doh nimh writes "The FBI is warning that it's getting inundated with complaints from people taken in by ransomware scams that spoof the FBI and try to scare people into paying 'fines' in lieu of going to jail for having downloaded kiddie porn or pirated content. KrebsOnSecurity.com looks inside a few of the scams in the FBI alert, and it turns out it only takes 1-3 percent of victims to pay up to make it seriously worth the fraudsters' while."

hypnosec tipped us to reports that Demonoid is still down after a suffering a massive DDoS last week, and that the domain is now redirecting to a malware-ridden spam site. Notable for surviving a CRIA mandated shutdown, this may be lights out for the torrent tracker: "To begin, while Demonoid’s admin told us that he would eventually bring the site back online, he clearly has other things on his mind. A really important family event puts a torrent site nowhere near the top of his priorities. ... Demonoid has been experiencing staffing issues this year. As we mentioned in an earlier article, there were rumors that one or maybe more Demonoid staffers had been questioned by authorities about their involvement in the site."

An anonymous reader tips news that Google has sent out a letter to app developers explaining policy changes for any new apps published on the Google Play store. In-app purchases must now use Google Play's payment system unless it's for goods or services used outside the app itself. They've added language to dissuade developers from making their apps look like other apps, or like they come from other developers. But more significantly, Google has explained in detail what qualifies as spam: repetitive content, misleading product descriptions, gaming the rating system, affiliate traffic apps, or apps that send communications without user consent. Also, advertisements within apps must now follow the same rules as the app itself, and they can't be intrusive: Ads can't install things like shortcuts or icons without consent, they must notify the user of settings changes, they can't simulate notifications, and they can't request personal information to grant full app function.

colinneagle writes "Twitter today launched a new tool that leverages its estimated 400 million daily Tweets to gauge public opinion on the candidates for the 2012 presidential election. Progress in political polling is long overdue, and with Twitter providing a constant, international conversation for web users to join or leave at their own will, there may not be a better time than now to make that change. However, there are some concerns. One of the interesting points made in Twitter's description of its new tool is where it claims to be 'illustrating instances when unprompted, natural conversation deviates from responses to specific survey questions.' That assumes conversation on Twitter is natural. If parody accounts, Twitter trolls, and spam bots have taught us anything (and they usually don't), it's that Twitter conversation can be manipulated just as easily as it can be used naturally. How will Twitter distinguish between positive Tweets coming from voters or news outlets and those from spam bots designed to drive the conversation surrounding a candidate one way or the other? How easy could it be for an organization with a vested interest in positive poll numbers for one candidate to craft an army of Twitter bots designed to drive Barack Obama's positive numbers down, or vice versa? How many people reading the data, which is sure to make its way to TV news as election coverage increases in the coming months, will be aware that Tweets can be manipulated?"

bigvibes writes "A couple of weeks ago Dropbox hired some outside experts to investigate why a bunch of users were getting spam at e-mail addresses used only for Dropbox storage accounts. The results of the investigation are in, and it turns out a Dropbox employee's account was hacked, allowing access to user e-mail addresses." This particular employee had a list of user emails stored in their Dropbox. To prevent future incidents, Dropbox is moving toward two-factor authentication.

New submitter AaronLS writes "There has been a debate about whether HP has or has not developed a memristor. Since it's something fairly different from existing technologies, and similar in many ways to a memristor, I think they felt comfortable using the term. However, the company has been criticized for using that labeling by former U.S. patent officer Blaise Moutett. On the other hand, had HP created a new, unique label, they would have probably gotten flack for pretending it's something new when it's not. Will anything positive come from this debate? Electrical engineering analyst Martin Reynolds sums it up nicely: 'Is Stan Williams being sloppy by calling it a "memristor"? Yeah, he is. Is Blaise Moutett being pedantic in saying it is not a "memristor"? Yeah, he is. [...] At the end of day, it doesn't matter how it works as long as it gives us the ability to build devices with really high density storage.'"

beaverdownunder writes "Many Aussies across New South Wales and South Australia had a bit of a shock this morning when they received an SMS threatening them with assassination. Although somewhat varied, the messages have typically read, 'Someone paid me to kill you. If you want me to spare you, I'll give you two days to pay $5000. If you inform the police or anybody, you will die, I am monitoring you', and signed with the e-mail address killerking247@yahoo.com. Police and the Australian Competition and Consumer Commission have warned that the messages are almost certainly fake, and that no dialogue should be entered into with scammers." I hope "almost certainly" is droll understatement.

An anonymous reader writes "7,500 Black Hat USA 2012 attendees may have been surprised to get a fake password reset e-mail sent to accounts they used to register for the conference. Black Hat has apologized and explained the lame phishing spam attempt."

mikejuk writes "Support Vector Machines (SVMs) are fairly simple but powerful machine learning systems. They learn from data and are usually trained before being deployed. SVMs are used in security to detect abnormal behavior such as fraud, credit card use anomalies and even to weed out spam. In many cases they need to continue to learn as they do the job and this raised the possibility of feeding it with data that causes it to make bad decisions. Three researchers have recently demonstrated how to do this with the minimum poisoned data to maximum effect. What they discovered is that their method was capable of having a surprisingly large impact on the performance of the SVMs tested. They also point out that it could be possible to direct the induced errors so as to produce particular types of error. For example, a spammer could send some poisoned data so as to evade detection for a while. AI based systems may be no more secure than dumb ones."

wiredmikey writes "Dutch authorities have pulled the plug on two secondary servers used by the Grum botnet, a large botnet said to produce about 17% of the world's spam. According to researchers from FireEye, the backup C&C servers were located in the Netherlands, and once word of their existence was released, Dutch authorities quickly seized them. While any C&C server takedown is a win, the impact may be minimal, as the two primary servers are fully active, and the datacenters hosting them are unresponsive to fully documented abuse reports. That being said, FireEye's Atif Mushtaq noted that the botnet does has some weak spots, including the fact that Grum has no failback mechanism, has just a few IPs hardcoded into the binaries, and the botnet is divided into small segments, so even if some C&Cs are not taken down, part of botnet can still remain offline. The removal of the C&C servers shines light on how quickly some law enforcement agencies work, given that proof of their existence is just over a week old."

An anonymous reader writes "Spammers used to depend on email recipients to tie the noose around their own necks by inputing their personal and financial information in credible spoofs of legitimate websites, but with the advent of exploit kits, that technique is slowly getting sidelined. Prompted by the rise in numbers of spam runs leading to pages hosting exploit kits, Trend Micro researchers have recently been investigating a number of high-volume spam runs using the Blackhole exploit kit. According to them, the phishing messages of today have far less urgency and the message is implicit: 'Your statement is available online'; or 'Incoming payment received'; or 'Password reset notification.'" One thing that's long worried me is that the bulk of spammers and malware writers may hire copywriters with a better grasp of English than most of the ones I see now. "I send you this file in order to have your advice" was funny, because it stuck out.