Michael J. Ross writes "While it is possible to create a simple website using a base installation of Drupal, the real power of this content management system is achieved through the use of modules, which can be thought of as add-ons that extend the capabilities of Drupal in specific ways — oftentimes in conjunction with other modules. These modules are developed and contributed by PHP programmers who understand how to use one or more of the Drupal application programming interfaces (APIs) to access information stored in a Drupal database, such as content, user profiles, and theme settings. These APIs have changed with Drupal version 7, and thus Drupal coders could benefit from a book that explains how to create Drupal 7 contrib modules." Read on for the rest of Michael's review.

MarkvW writes with this welcome bit of Schadenfreude: "People are finally starting to use the anti-spam laws in the malevolent manner in which they were intended — unlimited consumer lawsuits from unlimited plaintiffs!" The story's protagonist is my hero for the season.

achowe writes "Steve Linford of Spamhaus sent this to a private anti-spam list and asked that the message get out far and wide: 'For speaking out about the crime gangs located at the wikileaks.info mirror IP, Spamhaus is now under ddos by AnonOps. As our site cannot be reached now [actually sporadic], we can not continue to warn Wikileaks users not to load things from the Heihachi IP. ... AnonOps did not like our article update, here is what we said and what brought the ddos on us.'" At the conclusion of this message: "Spamhaus continues to warn Wikileaks readers to make sure they are viewing and downloading documents only from an official Wikileaks mirror site. We’re not saying 'don’t go to Wikileaks' we’re saying 'Use the wikileaks.ch server instead.'" Here is Spamhaus's full warning.

Julie188 writes "As public IPv4 addresses dwindle and carriers roll out IPv6, a new problem has surfaced. We have to move through a gray phase where the only new globally routable addresses we can get are IPv6, but most public content we want to reach is still IPv4. Multiple-layers of NAT will be required to sustain the Internet for that time, perhaps for years. But use of Large Scale NAT (LSN) systems by service providers will cause problems for many applications and one of them is reputation filtering. Many security filtering systems use lists of public IPv4 addresses to identify 'undesirable' hosts on the Internet. As more ISPs deploy LSN systems, the effectiveness of these IPv4 filtering systems will be hurt."

An anonymous reader writes "An NYU study reveals that over 40% of the jobs posted by new employers on MTurk are some sort of spam request, such as fake account creation, fraudulent ad clicks, or fake comments, tweets, likes and votes. The study also shows that the bad jobs could be automatically filtered with 95% accuracy, but Amazon is not interested."

An anonymous reader writes "What ever happened to the good old days, when underhanded email practices were only used by shady email marketing companies and spammers? Today, it seems, the mainstream corporate world has begun to employ the same tactics as spammers to track their customers' email. Jonathan Zdziarski noted in a blog entry that AT&T is using web bugs to track email sent to customers. Could this be used for nefarious purposes?"

DaveNJ1987 writes "The FBI believes that one third of the world's spam messages are being generated by one 23-year-old Russian man. Oleg Nikolaenko of Moscow is being blamed for operating the Mega D botnet that sent spam emails from over 500,000 infected computers."

Mark Zuckerberg just held a presentation to unveil Facebook's "next generation messaging" system. He repeatedly drove home the idea that "this is not email," nor is it "an email killer." Their plan is to tie together multiple forms of communication — email, texts, social updates, etc. — and blend them into conversations. As users go about their days, interacting with a variety of devices, the communication method automatically updates to whatever is appropriate at the time. If a user receives an email while he's at a desktop, browsing Facebook, it will bring up the message in a Facebook chat window. If the user is browsing on a smartphone, it will bring up the message there, instead. If it's a dumbphone, then a text message can be sent. Another central feature is the idea that conversation histories from multiple sources and different forms of communication can be integrated through Facebook, so that you no longer have to separately root through IM logs, SMS logs, old emails, etc., to see old correspondence. (Users will have the ability to delete these, should they desire.) The last major feature they mentioned is what they call the "social" inbox, which is based on whitelisting. Users will be able to set up primary inboxes which only display communications they definitely want to see, while leaving low-priority messages, spam, and all the other noise typical to email in an inbox they check less frequently. The new system will be rolled out slowly over the next few months.

ashidosan writes "Hot on the heels of the Adafruit competition, Matt Cutts (a search spam engineer at Google) is sponsoring two more $1,000 bounties for projects using Kinect. 'The first $1,000 prize goes to the person or team that writes the coolest open-source app, demo, or program using the Kinect. The second prize goes to the person or team that does the most to make it easy to write programs that use the Kinect on Linux.'" Relatedly, reader imamac points out a video showing Kinect operating on OS X.

littlekorea writes "MessageLabs claims to have discovered that the systems of one of its customers were hacked by spammers after an entire block of MessageLabs IP addresses was blocked by antispam service SORBS. Customers of the managed email service had problems with outbound mail last week after MessageLabs' IP addresses were included in SORBS' block list. The Symantec-owned service provider has assured customers it has systems in place to prevent such incidents from happening again."

Pickens writes "Alexis Madrigal writes in the Atlantic that Google's famous PageRank algorithm can't be deployed to search through the 15 million books that Google has already scanned because books don't link to each other in the way that webpages do. Instead Google's new book search algorithm called 'Rich Results' looks at word frequency, how closely your query matches the title of a book, web search frequency, recent book sales, the number of libraries that hold the title, how often an older book has been reprinted, and 100 other signals. 'There is less data about books than web pages, but there is more structure to it, and there's less spam to contend with,' writes Madrigal. Yet the focus on optimizing an experience from vast amounts of data remains. 'You want it to have the standard Google quality as much as possible,' says Matthew Gray, lead software engineer for Google Books. '[You want it to be] a merger of relevance and utility based on all these things.'"

netzar writes "CAUSE executive director Neil Schwartzman, in a post on CircleID, urges governments and law enforcement to treat cyber crime as what it really is: 'crime': 'When someone is mugged, harassed, kidnapped or raped on a sidewalk, we don't call it "sidewalk crime" and call for new laws to regulate sidewalks. It is crime, and those who commit crimes are subject to the full force of the law. For too long, people have referred to spam in dismissive terms: just hit delete, some say, or let the filters take care of it. Others — most of us, in fact — refer to phishing, which is the first step in theft of real money from real people and institutions, as "cyber crime." It's time for that to stop... This isn't just email. This isn't a war. This isn't "cyber." This is crime.'"

Leon Buijs writes "Monday a 27-year-old Armenian was arrested at request of the Dutch authorities. The Dutch police think he is the brain behind the infamous, 30 million infected computers large Bredolab network, that was taken down by their Team (in Dutch) High Crime. Bredolab was used to spread virii and spam via the Netherlands. While taking the botnet down at a Dutch ISP, the suspect did several attempts to regain control. When this didn't work out, he did a DDoS attack on the ISP's servers using a 220,000 computers botnet. However, this was also broken off by taking 3 servers offline that the Armanian used for this, in Paris."

chicksdaddy writes "Spam — there's less of it, but it's much nastier, according to the latest statistics from Google's Postini e-mail security service. According to a post on Google's Enterprise blog, the viral content of spam e-mail (both malicious links and attachments) was up 111% from the same quarter in 2009, even as spam volume overall dropped 24%. The Summertime malware push may be evidence of a push to pump up bot networks in advance of the busy holiday online shopping season, according to Google researchers."

angry tapir writes "Microsoft has seen a dramatic drop in the number of computers infected with Waledac, a piece of malicious software affiliated with a botnet that was once responsible for a massive amount of spam. In the second quarter of this year, the company cleaned only 29,816 computers infected with Waledac, down from 83,580 computers in the first quarter of the year. The drop in the number of infected machines shows the success of the legal action Microsoft took earlier in the year, according to the company."

Trailrunner7 writes with this excerpt from ThreatPost illustrating the ongoing Spy-vs.-Spy battle between spammers and the rest of us: "Spammers have jumped on the little-used soft hyphen (or SHY character) to fool URL filtering devices. According to researchers, spammers are larding up URLs for sites they promote with the soft hyphen character, which many browsers ignore. Spammers aren't shy about jumping humans flexible cognitive abilities to slip past the notice of spam filters (H3rb41 V14gr4, anyone?). ... The latest trend involves the use of an obscure character called the soft hyphen or 'SHY' character to obscure malicious URLs in spam messages. Writing on the Symantec Connect blog, researcher Samir Patil said that the company has seen recent spam messages that insert the HTML symbol for the soft hyphen to obfuscate URLs for Web pages promoted by the spammers."

innocent_white_lamb writes "A man has been fined ONE BEELYUN DOLLARS (yes, really) for sending 4,366,386 spam messages that were posted on Facebook. He was fined $100 for each message, and including punitive damages he now owes $1,068,928,721.46. A ruling by a US District Court judge in San Jose, California has now been upheld by the Quebec Superior Court (the defendant lives in Montreal)."

JWSmythe writes "Free Internet Press has an interview with 'Random Digilante,' an anonymous hacker who has been taking over forum spammers' email accounts, and notifying forum operators to delete those accounts. It looks like his reasoning is sound, and his methods are safe, where he won't hurt any real users."

Anonymusing writes "Just what the world needs, another URL shortener, right? Google seems to think so, and it's making its own widely available to anyone — complete with tracking and statistics — for free. As noted on its blog: 'There are many shorteners out there with great features, so some people may wonder whether the world really needs yet another. As we said late last year, we built goo.gl with a focus on quality. With goo.gl, every time you shorten a URL, you know it will work, it will work fast, and it will keep working. You also know that when you click a goo.gl shortened URL, you're protected against malware, phishing and spam using the same industry-leading technology we use in search and other products.' Is bit.ly shaking in its boots?"

wiredmikey writes "On Monday morning, cybercriminals began sending massive volumes of spam email messages targeting LinkedIn users. Starting at approximately 10am GMT, users of the popular business-focused social networking site began receiving emails with a fake contact request containing a malicious link. According to Cisco Security Intelligence, these messages accounted for as much as 24% of all spam sent within a 15-minute interval today. If users click, they are taken to a web page that says 'PLEASE WAITING.... 4 SECONDS..' and then redirected to Google, appearing as if nothing has happened. During those four seconds, the site attempted to infect the victim's PC with the ZeuS Malware via a 'drive-by download' – something that requires little or no user interaction to infect a system."