Orome1 writes "Spammers are establishing their own fake URL-shortening services to perform URL redirection, according to Symantec. This new spamming activity has contributed to this month's increase in spam by 2.9 percentage points, a rise that was also expected following the Rustock botnet takedown in March. Under this scheme, shortened links created on these fake URL-shortening sites are not included directly in spam messages. Instead, the spam emails contain shortened URLs created on legitimate URL-shortening sites. These shortened URLs lead to a shortened-URL on the spammer's fake URL-shortening Web site, which in turn redirects to the spammer's own Web site."

WrongSizeGlass writes "A team of computer scientists at two University of California campuses has been looking deeply into the nature of spam, and they think found a 'choke point' [PDF] that could greatly reduce the flow of spam. It turned out that 95 percent of the credit card transactions for the spam-advertised drugs and herbal remedies they bought were handled by just three financial companies — one based in Azerbaijan, one in Denmark and one in Nevis, in the West Indies. If a handful of companies like these refused to authorize online credit card payments to the merchants, 'you'd cut off the money that supports the entire spam enterprise,' said one of the scientists." Frequent Slashdot contributor (and author of a book on Digital Cash) Peter Wayner wonders if "the way to get a business shut down is to send out a couple billion spam messages in its name."

Hershel Robinson writes "A new book released by Packt Publishing called Using CiviCRM defines CiviCRM as 'a web-based, open source Constituent Relationship Management (CRM) system, designed specifically to meet the needs of advocacy, non-profit and non-governmental organizations.' What is not mentioned in this definition is that CiviCRM is a large and complex package with a wealth of features--the rest of this book deals with discovering and explaining how to use them." Read below for the rest of Hershel's review.

Trailrunner7 writes "Researchers at the French security firm VUPEN say they have discovered several new vulnerabilities in Google Chrome that enable them to bypass the browser's sandbox, as well as ASLR and DEP, and run arbitrary code on a vulnerable machine. The company said they are not going to disclose the details of the bugs right now, but they have shared information with some of their government customers. The vulnerabilities are present in the latest version of Chrome running on Windows 7, VUPEN said."

ecmguru writes "My first impression of the book was that the author did an excellent job in presenting records management (RM) concepts, describing how Alfresco implemented the RM features in Share, and how you could customize this features if necessary. I was somewhat excited about reading this book because I am currently working on an RM project." Read on for the rest of ecmguru's review.

MojoKid writes "Although much of the buzz lately has revolved around AMD's upcoming Llano and Bulldozer-based APUs, AMD isn't done pushing the envelope with their existing processor designs. Over the last few months AMD has continued to ramp up frequencies on their current bread-and-butter Phenom II processor line-up to the point where they're now flirting with the 4GHz mark. The Phenom II X4 980 Black Edition marks the release of AMD's highest clocked processor yet. The new quad-core Phenom II X4 980 Black Edition's default clock on all four of its cores is 3.7GHz. Like previous Deneb-based Phenom II processors, the X4 980 BE sports a total of 512K of L1 cache with 2MB of L2 cache, and 6MB of shared L3 cache. Performance-wise, for under $200, the processor holds up pretty well versus others in its class and it's an easy upgrade for AM2+ and AM3 socket systems."

jm2dev writes "The title is self descriptive, you will learn what a REST architecture is, the concepts behind it, advantages and constraints, and how to implement web services in a RESTful way serving and consuming content using the Java programming language, as command line applications, desktop graphical client, run by an application server or even as standalone applications. Almost everything you need to know to start working with web services in Java the REST way is covered by this book." Read on for the rest of Jose's review.

RickJWagner writes "Once upon a time, I thought communication was one of my strong suits. Alas, a few years into my programming career I realized I'm more of the head-down codeslinging type, not one of the schmoozing managerial types. So when I have a point to make, I really like to have my data ready to do the talking for me. In that capacity, this book is a very good weapon to have in my arsenal." Read on for the rest of Rick's review.

wiredmikey writes with an update to the previously reported Epsilon breach: "It turns out that Kroger is only one of many customers affected by the breach at Epsilon, which sends over 40 billion emails annually and counts over 2,500 clients, including 7 of the Fortune 10, to build and host their customer databases. It has been confirmed that the customer names and email addresses, and in a few cases other pieces of information, were compromised at several major brands, a list which continues to grow ..." An anonymous reader points out that U.S. Bank is on the list of affected companies; I wonder how many more phishing attempts this will mean.

wiredmikey writes "The Rustock Botnet was sending as many as 13.82 billion spam emails each day before being taken down early this month by an effort headed by Microsoft in cooperation with authorities and the legal system. According to Symantec's March 2011 MessageLabs Intelligence Report, the Rustock botnet had been responsible for an average of 28.5% of global spam sent from all botnets in March. Following the takedown, when the Rustock botnet was no longer cranking out spam by the billions, global spam volumes fell by one-third. For reference, toward the end of 2010, Rustock had been responsible for as much as 47.5% of all spam, sending approximately 44.1 billion e-mails per day, according to MessageLabs stats. Since then, Bagle, a botnet that wasn't even on MessageLabs' top ten spam-sending botnets at the end of 2010, has taken over from Rustock as the most active spam-sending botnet this year."

RickJWagner writes "So you want to be an Android developer? If you're like me, you've probably been wanting to learn how to program a mobile device, but just haven't found the time to master Objective-C. So now that Android is here, all of us garden-variety Java coders can jump on the bandwagon and start slinging apps out, right? Well, it turns out there's a little more to it than that. This book can make the trail from everyday Java code slinger to best-selling Android app writer a little more plausible." Read below for the rest of Rick's review.

h4rm0ny writes "Microsoft, in cooperation with Federal agents, conducted what the Wall Street Journal described as 'sweeping legal attacks' as they entered facilities in Kansas City, Scranton, Pa, Denver, Dallas, Chicago, Seattle and Columbus, Ohio to seize alleged 'command and control' machines for the Rustock botnet — described as the largest source of spam in the world. The operation is intended to 'decapitate' the botnet, preventing the seized machines from sending orders to suborned PCs around the world."

One can only imagine how enraged the Kinect would have been if it found out he had broken the ToS.

wiredmikey sends this quote from Security Week: "Today's tragic events of the 8.9 magnitude earthquake and resulting tsunami, as sad as it is, is a dream for scammers and fraudsters around the world. Tragic events are always something scammers use to their advantage, helping them prey on and exploit innocent victims. Scams are already spreading across Facebook, which started in a matter of minutes after the news broke of the earthquake in Japan. As I write this, scammers are hard at work, registering new domains and cranking out templates for their fake donation sites. This will be followed with massive volumes of email spam, Tweets through Twitter, and Facebook posts, as scammers gear up to solicit donations from around the world." As coverage of the earthquake and resulting tsunami has proceeded, collections of videos and pictures are showing the extent of the devastation. The NY Times makes the excellent point that things could have been much worse if not for building codes and quake-resistant engineering. A state of emergency was declared at one of Japan's nuclear plants, after the earthquake caused cooling problems at one of the reactors. No radiation leakage has been reported, and the US Air Force has helped by delivering coolant by air.

brothke writes "One can sum up all of Social Engineering: The Art of Human Hacking in two sentences from page 297, where author Christopher Hadnagy writes 'tools are an important aspect of social engineering, but they do not make the social engineer. A tool alone is useless; but the knowledge of how to leverage and utilize that tool is invaluable.' Far too many people think that information security and data protection is simply about running tools, without understanding how to use them. In this tremendous book, Hadnagy shows how crucial the human element is within information security." Keep reading for the rest of Ben's review.

www.sorehands.com writes "While one spammer, Robert Soloway, gets released on probation, the Feds send another, Robert Smoley, to the slammer for 40 months. I know about Smoley because I tracked him down, and beat him in court. Not only was he an attorney, he still has not lost his license, yet. The IRS contacted me as a result of seeing my web site, and I gladly assisted the IRS in tracking his business. He not only bounced a check on me, but stiffed his local counsel and one of his ISPs."

jfruhlinger writes "Looking to solve the problems of spam, phishing, and unconfirmed email identities, Germany is betting very, very big. The country will pass a law this month creating 'De-mail,' a service in which all messages will be encrypted and digitally signed so they cannot be intercepted or modified in transit. Businesses and individuals wanting to send or receive De-mail messages will have to prove their real-world identity and associate that with a new De-mail address from a government-approved service provider. The service will be enabled by a new law that the government expects will be in force by the end of this month. It will allow service providers to charge for sending messages if they wish. The service is voluntary, but will it give the government too much control?"

An anonymous reader writes "Brian Krebs has posted a deep dive through more than a year worth of emails leaked from ChronoPay, Russia's largest online credit card processor. The ... evidence indicates that ChronoPay executives created scareware companies from the ground up, paying for everything from their domain name registration to virtual hosting, to setting up the front companies and associated bank accounts and the 1-800 support lines for entire scareware operations that typically netted the company millions in revenue for each scam."

dmmiller2k writes "Apparently, after 'nearly four years in prison, the man dubbed the 'Spam King' by federal prosecutors, is allowed back online.' I wonder if there's some variation of Megan's Law requiring him to register with the local police department and notify all his neighbors with computers?" I sure hope any potential employers google "Robert Soloway" and find "Spam king" high on the results list.

angry tapir writes "It's been a few years coming, but it looks like China may finally be getting a handle on its spam problem. Once the largest source of the world's spam, China has been gradually fading off the list of the world's top spam-producers. Right now Cisco Systems' IronPort group ranks it at number 18 in terms of spam-producing countries. That's a big drop from two years ago, when it consistently ranked in the top five."