Bug

Facebook Glitch Let Spammer Post To Walls 63

angry tapir writes "A clever spammer found a glitch in Facebook's photo upload system and used it to post thousands of unwanted Wall messages last week. Facebook confirmed the bug Friday, after notifying affected users of the issue. Most of the messages promised 'Free iPhones,' a common spam message on Facebook these days. Facebook says that the spammer hit thousands of profiles before the company removed the spammy photos and notified affected users. No accounts were compromised as a result of the bug."
Spam

Spammers Attack Apple's Ping Social Network 85

An anonymous reader writes "Scammers and spammers have deluged the new Ping musical social network, created by Apple and built into the new version of iTunes. Sophos researchers have found that Ping is being overrun by scams and spam messages. 'Apple seems to have anticipated a certain degree of malfeasance, as profile pictures that you upload will not appear until approved by Apple. They are likely filtering for other offensive content as well, so they probably have means in place they could use to stop the spam.' It's ironic that the most common scams on Ping right now revolve around Apple's own iPhone." The Sophos blog post adds that Apple is doing their best to clamp down on the spam, manually deleting many of the offending messages for now. Reader Tootech adds that Facebook integration was quickly disabled, possibly because of blocked API access.
Botnet

Researchers Cripple Pushdo Botnet 129

Trailrunner7 writes with this from ThreatPost: "Researchers have made a huge dent in the Pushdo botnet, virtually crippling the network, by working with hosting providers to take down about two thirds of the command-and-control servers involved in the botnet. Pushdo for years has been one of the major producers of spam and other malicious activity, and researchers have been monitoring the botnet and looking for ways to do some damage to it since at least 2007. Now, researchers at Last Line of Defense, a security intelligence firm, have made some serious progress in crushing the botnet's spam operations. After doing an analysis of Pushdo's command-and-control infrastructure, the researchers identified about 30 servers that were serving as C&C machines for the botnet. Working with the hosting providers who maintained the servers in question, the LLOD researchers were able to get 20 of the C&C servers taken offline, the company said."
Spam

Rustock Botnet Responsible For 40% of Spam 250

angry tapir writes "More than 40 percent of the world's spam is coming from a single network of computers that computer security experts continue to battle, according to new statistics from Symantec's MessageLabs' division. The Rustock botnet has shrunk since April, when about 2.5 million computers were infected with its malicious software that sent about 43 billion spam e-mails per day. Much of it is pharmaceutical spam."
Security

"Dislike" Button Scam Hits Facebook Users 179

An anonymous reader writes "A message saying 'I just got the Dislike button, so now I can dislike all of your dumb posts lol!!' is spreading rapidly on Facebook, tempting unsuspecting users into believing that they will be able to "dislike" posts as well as "like" them. However, security researchers say that it is just the latest 'survey scam', tricking Facebook users into into giving a rogue Facebook application permission to access their profile, and posting spam messages from their account. The rogue application requires victims to complete an online survey (which makes money for the scammers) before ultimately redirecting to a Firefox browser add-on for a Facebook dislike button developed by FaceMod. "As far as we can tell, FaceMod aren't connected with the scam — their browser add-on is simply being used as bait," says Sophos security blogger Graham Cluley."
Government

MP Wants Official Email Address Kept Private 179

nk497 writes "An MP in the UK has had his official email address removed from the parliamentary website, because he's tired of getting 'nuisance' emails via online campaign websites. MP Dominic Raab's parliamentary.uk email is currently not listed on the House of Commons' website following a spat with online campaigners 38 Degrees. 'Just processing the emails from your website absorbs a disproportionate amount of time and effort, which we may wish to spend on higher priorities, such as helping constituents in real need or other local or Parliamentary business,' he said, threatening to report the group to the government's data and privacy watchdog if they didn't remove the details from their own website. 38 Degrees says Raab gave them his personal email address during the election: 'it's only since he became a member of parliament with a taxpayer funded email address that he's now said he doesn't want to hear from people,' unless they're willing to shell out for a stamp to write him a letter. The lobby group said Raab likely averaged fewer than two emails from their site each day."
Social Networks

Buried By The Brigade At Digg 624

Slashdot regular Bennett Haselton writes in with an essay on a subject we've dealt with internally at Slashdot for years: user abuses of social news... this time at Digg. He starts "Alternet uncovers evidence of a 'bury brigade' coordinating efforts to 'bury' left-leaning stories on Digg. Digg had previously announced that the 'bury' button will be removed from the next version of their site, to prevent these types of abuses, but that won't fix the real underlying issue — you can show mathematically that artificially promoting stories is just as harmful in the long run. Here's a simple fix that would address the real problem."
Security

ReCAPTCHA.net Now Vulnerable to Algorithmic Attack 251

n3ond4x writes "reCAPTCHA.net algorithms have been developed to solve the current CAPTCHA at an efficacy of 30%. The algorithms were disclosed at DEFCON 18 over the weekend and have since been made available online. Also available is a video demonstration of random reCAPTCHA.net CAPTCHAs being subjected to the algorithms." There's probably an excellent Firefox plugin to render this page's color scheme more bearable. Note: the PowerPoint presentation linked opens fine in OpenOffice, and the video speaks for itself.
Image

Beautiful Data Screenshot-sm 18

eldavojohn writes "Beautiful Data: The Stories Behind Elegant Data Solutions is an addition to six or so other books in the 'Beautiful' series that O'Reilly has put out. It is not a comprehensive guide on data but instead a glimpse into success stories about twenty different projects that succeeded in displaying data — oftentimes in areas where others have failed. While this provides, for the most part, disjointed stories, it is a very readable book compared to most technical books. Beautiful Data proves to be quite the cover-to-cover page turner for anyone involved in building interfaces for data or the statistician at a loss for the best way to intuitively and effectively relay knowledge when given voluminous amounts of raw data. That said, it took me almost two months to make it through this book, as each chapter revealed a data repository or tool I had no idea existed. I felt like a child with an attention deficit disorder trying my hand at nearly everything. While the book isn't designed to relay complete theory on data (like Tufte), it is a great series of short success stories revolving around the entire real world practice of consuming, aggregating, realizing and making beautiful data." Keep reading for the rest of eldavojohn's review.
Patents

Company Claims Patent On Spam Filtering, Sues World 186

EvilAlphonso notes news of a "Texas" IP holding company suing 36 actual companies for violating its claimed patent on spam filtering. Techdirt deconstructs the patent itself, No. 6,018,761, which seems to amount to little more than a database lookup. It was filed in 1996 and issued in 2000 (despite the lawyers' press release claiming that it "was awarded... nearly 15 years ago"). Among the companies being sued are 3Com, Apple, Google, AOL, Yahoo, J.C.Penney, IBM, Dell, Citigroup, and RIM. Not Comcast, Verizon, AT&T, or Microsoft, oddly enough.
Security

Safari Privacy Bug May Be Leaking Your Data 152

richi writes "If you use Safari, your browser may be leaking your private information to any website you visit. Jeremiah Grossman, the CTO of WhiteHat Security, has discovered some Very Bad News. I have some analysis and other reactions over at my Computerworld blog. The potential for spam and phishing is huge. A determined attacker might even be able to steal previously-entered customer data." In short, autofill for Web forms is enabled by default in Safari 4 / 5 (and remotely exploitable), and the data that this feature has access to includes the user's local address book — even if the information has never been entered into a Web form.
Social Networks

Cow Clicker Boils Down Facebook Games 237

mjn writes "Game designer and academic Ian Bogost announces Cow Clicker, a Facebook game implementing the mechanics of the Facebook-games genre stripped to their core. You get a cow, which you can click on every six hours. You earn additional clicks if your friends in your pasture also click. You can buy premium cows with 'mooney,' and also use your mooney to buy more clicks. You can buy mooney with real dollars, or earn some free bonus mooney if you spam up your feed with Cow Clicker activity. A satire of Facebook games, but actually as genuine a game as the non-satirical games are. And people actually play it, perhaps confirming Bogost's view that the genre of games is largely just 'brain hacks that exploit human psychology in order to make money,' which continue to work even when the users are openly told what's going on."
Google

Google Goes On Offensive vs. JavaScript Attacks 108

alphadogg writes "Google's e-mail security team has updated its Postini engine to stop a new type of JavaScript attack that helped fuel a rise in spam volume in recent months. Google says it has seen a surge in obfuscated JavaScript attacks, describing them as a hybrid between virus and spam messages. The e-mails are designed to look like legitimate messages, specifically Non Delivery Report messages, but contain hidden JavaScript. 'In some cases, the message may have forwarded the user's browser to a pharma site or tried to download something unexpected,' Google said in its official blog."
Image

R In a Nutshell Screenshot-sm 91

joel.neely writes "R is a statistical computing environment that is fully-compliant with state-of-the-art buzzwords: free, open-source, cross-platform, interactive, graphics, objects, closures, higher-order functions, and more. It is supported by an impressive collection of user-supplied modules through CRAN, the 'Comprehensive R Archive Network.' And now it has its own O'Reilly Nutshell book, R in a Nutshell, written by Joseph Adler. I am pleased to report that Adler has risen to the challenge of the highly-regarded 'Nutshell' franchise. As is traditional for the series, this title mixes introduction, tutorial, and reference material in a style that is well suited to a reader who already has a background in programming, but is a new or occasional user of R." Read on for the rest of Joel's review.
Spam

Spammers Moving To Disposable Domains 147

Trailrunner7 writes "Spammers and the botnet operators they're allied with are continuing to adapt their techniques to evade security technologies, and now are using what amount to disposable domains for their activities. A new report shows that the spammers are buying dozens of domains at a time and moving from one to another as often as several times a day to prevent shutdowns. New research shows that the amount of time that a spammer uses a given domain is basically a day or less. The company looked at 60 days worth of data from their customers and found that more than 70 percent of the domains used by spammers are active for a day or less."
Communications

When Telemarketers Harass Telecoms Companies 234

farnz writes "Andrews & Arnold, a small telecoms company in the UK, have recently been hit with an outbreak of illegal junk calls. Unlike larger firms, they've come up with an innovative response — assign 4 million numbers to play recordings to the telemarketers, put them on the UK's Do-Not-Call list and see what happens. Thus far, the record is over 3 minutes before a telemarketer works out what's going on." The sound quality (and the satisfying humor) of the recording gets better as it goes on.
Image

Magento 1.3 Sales Tactics Cookbook Screenshot-sm 60

Dmitry Dulepov writes "Magento is a very popular open source e-commerce platform. It was created by the company named Varien in 2007. Varien worked with osCommerce but it did not suit Varien's expanding requirements. After writing more and more changes to osCommerce, Varien finally wrote its own e-commerce software from scratch. It took Varien seven months in 2007 to publish the first public version of Magento." Read on for the rest of Dmitry's review.
Communications

Why Engineers Don't Like Twitter 460

PabloSandoval48 writes, "A recent EE Times survey of 285 engineers found that 85% don't use Twitter. More than half indicated that the statement 'I don't really care what you had for breakfast' best sums up their feelings about it." Reader mattnyc99 notes a related article in which the authors analyzed the content of tweets during a recent World Cup game, finding 76% of them to be useless. "Out of 1,000 tweets with the #worldcup hashtag during the game, only 16 percent were legitimate news and 7.6 percent were deemed 'legitimate conversation' — which leaves 6 percent spam, 24 percent self-promotion, about 17 percent re-tweets, and a whopping 29 percent of useless observation (like this). Is the mainstream media making too big a deal out of the avalanche of World Cup tweets, or is the world literally flooding the zone?"
Advertising

HP and Yahoo To Spam Your Printer 397

An anonymous reader writes "As many suspected when HP announced its web-connected printer, it didn't take long for the company to announce it will send 'targeted' advertisements to your new printer. So you'll get spammed, and you'll pay for the ink to print it. On the bright side, the FCC forbids unsolicited fax ads, so this will probably get HP on a collision course with the Feds."
Government

Spamhaus Fine Reduced From $11.7M To $27K 378

eldavojohn writes "In 2006, anti-spam crusader Spamhaus was sued for 'defamation, tortious interference with prospective economic advantage and interference with existing contracts' after blocking 'promotional e-mails' from e360. What with the case being in Illinois and Spamhaus being a British outfit, Spamhaus didn't bloody care. So, e360 was awarded $11.7 million in damages, which was later thrown out in an appeals court with a request for the lower court to come up with actual damage estimates instead of the ridiculous $11.7 million. (e360 had originally stated $135M, then $122M, and then $30M as sums of damages.) As a result, the actual damages were estimated to be just $27,002. While this is a massive reduction in the fine and a little bit more realistic, I think it is important to note that Spamhaus is a service that people proactively utilize. They don't force you to use their anti-spam identification system — it's totally opt-in. And now they're being fined what a foreign judge found to be 'one month of additional work on behalf of the customers' to a company they allegedly incorrectly identified as spam. Sad and scary precedent."

Slashdot Top Deals