An anonymous reader writes "Apple's recent decision to restrict the languages that may be used for iPhone and iPad development has provoked some invective from Adobe's platform evangelist Lee Brimelow. He writes on TheFlashBlog, 'This has nothing to do whatsoever with bringing the Flash player to Apple's devices. That is a separate discussion entirely. What they are saying is that they won't allow applications onto their marketplace solely because of what language was originally used to create them. This is a frightening move that has no rational defense other than wanting tyrannical control over developers and more importantly, wanting to use developers as pawns in their crusade against Adobe. This does not just affect Adobe but also other technologies like Unity3D.' He ends his post with, 'Speaking purely for myself, I would look to make it clear what is going through my mind at the moment. Go screw yourself Apple. Comments disabled as I'm not interested in hearing from the Cupertino Comment SPAM bots.'"

eldavojohn writes "TV pitchman Kevin Trudeau was sentenced to 30 days in jail because he urged his fans and followers to spam a judge. Apparently the judge (who was deluged with emails) decided that this was an act of contempt of court on the court's 'virtual presence' since nothing happened while the court was in session in regards to Trudeau's courtroom behavior. US Marshals are now trudging through those emails to decide if any are threatening."

An anonymous reader writes "A proposal to let Internet service providers conceal the contact information for their business customers is drawing fire from a number of experts in the security community, who say the change will make it harder to mitigate the threat from spam and malicious software, according to a story at Krebsonsecurity.com. From the piece: 'The American Registry for Internet Numbers (ARIN) — one of five regional registries worldwide that is responsible for allocating blocks of Internet addresses — later this month will consider a proposal to ease rules that require ISPs to publish address and phone number information for their business customers. Proponents of the plan couch it in terms of property rights and privacy, but critics say it will only lead to litigation and confusion, while aiding spammers and other shady actors who obtain blocks of addresses by posing as legitimate businesses.'"

This weekend saw the delivery of iPads into hundreds of thousands of filthy hands. I managed to get my hands on a 32GB unit and put it through its paces for a battery charge and a half, and wanted to take a few minutes to share some notes with you. But if you don't care to read the whole review, let me give you a hint: I am typing this review on my laptop.

Wolf pointed me to a video clip demonstrating this game: "Miegakure is a platform game where you explore the fourth dimension to solve puzzles. There is no trick; the game is entirely designed and programmed in 4D." Nothing to download yet.

An anonymous reader writes "Even though over 80% of email users are aware of the existence of bots, tens of millions respond to spam in ways that could leave them vulnerable to a malware infection, according to a Messaging Anti-Abuse Working Group (MAAWG) survey. In the survey, half of users said they had opened spam, clicked on a link in spam, opened a spam attachment, replied or forwarded it — activities that leave consumers susceptible to fraud, phishing, identity theft, and infection. While most consumers said they were aware of the existence of bots, only one-third believed they were vulnerable to an infection."

www.sorehands.com writes "In the first case brought by a spam recipient to actually go to trial in California, the Superior Court of California held that people who receive false and deceptive spam emails are entitled to liquidated damages of $1,000 per email under California Business & Professions Code Section 17529.5. In the California Superior Court ruling (PDF), Judge Marie S. Weiner made many references to the fact that Defendants used anonymous domain name registration and used unregistered business names in her ruling. This is different from the Gordon case, where one only had to perform a simple whois lookup to identify the sender; here, Defendants used 'from' lines of 'Paid Survey' and 'Your Promotion' with anonymously registered domain names. Judge Weiner's decision makes it clear that the California law is not preempted by the I CAN-SPAM Act. This has been determined in a few prior cases, including my own. (See http://www.barbieslapp.com/spam for some of those cases.)"

Trailrunner7 writes "After Microsoft's actions to take down the Waledac botnet last month, there was some question about whether the operation was much more than a grab for headlines that would have little effect on actual spam levels or malware infections. But more than three weeks after the takedown, researchers say that Waledac has essentially ceased communications and its spam operations have dropped to near zero. One researcher said that Waledac now seems to be abandoned. 'It looks crippled, if not dead,' said Jose Nazario, a senior security researcher at Arbor Networks."

Trailrunner7 writes "Robert Hansen, a security researcher and CEO of SecTheory, has been gleaning intelligence from professional attackers in recent months, having a series of off-the-record conversations with spammers and malicious hackers in an effort to gain insight into their tactics, mindset and motivation. 'He's not the type to hack randomly, he's only interested in targeted attacks with big payouts. Well, the more I thought about it the more I thought that this is a very solvable problem for bad guys. There are already other types of bad guys who do things like spam, steal credentials and DDoS. For that to work they need a botnet with thousands or millions of machines. The chances of a million machine botnet having compromised at least one machine within a target of interest is relatively high.' Hansen's solution to the hacker's problem provides a glimpse into a business model we might see in the not-too-distant future. It's an evolutionary version of the botnet-for-hire or malware-as-a-service model that's taken off in recent years. In Hansen's model, an attacker looking to infiltrate a specific network would not spend weeks throwing resources against machines in that network, looking for a weak spot and potentially raising the suspicion of the company's security team. Instead, he would contact a botmaster and give him a laundry list of the machines or IP addresses he's interested in compromising. If the botmaster already has his hooks into the network, the customer could then buy access directly into the network rather than spending his own time and resources trying to get in."

52-year-old Anthony Digati was arrested for trying to extort $200,000 from an insurance firm by threatening to spam them with six million emails unless they paid up. Digati said he would use a spam service and his amazing talents as a "huge social networker" to drag the company "through the muddiest waters imaginable" and presumably unfriend everyone. He added that the price would increase to $3 million if they failed to pay up by Monday, according to federal authorities.

Frequent Slashdot contributor Bennett Haselton contributes the following piece on trying to get some measure of satisfaction in the struggle against pop-up ads, writing "The most annoying thing about some pop-up ads, is that you have no way of knowing which ad-serving network served them or who the responsible parties are. Could we reduce the incidence of illegal or deceptive pop-up ads, by giving users an easier way to trace their origin and figure out where to send complaints? Here's one way to do it with a simple right-click." Read on for the rest.

snydeq writes "A new breed of 'spear phishing' aimed at IT admins is making the rounds. The emails, containing no obvious malicious links, are fooling even the savviest of users into opening up holes in their company's network defenses. The authentic-looking emails, which often include the admin's complete name or refer to a real project they are working on, are the product of tactical research or database hacks and appear as if having been sent by the company's hosting provider. 'In each case, the victim remembered getting a similar sort of email message when they first signed on with a service and, thus, thought the bogus message was legitimate — especially because their cloud/hosting providers keep bragging about all the new data centers they're continuing to bring online.' The phishing messages often include instructions for opening up mail servers to enable spam relaying, to disable their host-based firewalls, and to open up unprotected network shares. Certainly fodder for some bone-headed mistakes on the part of admins, the new attack 'makes the old days of hoax messages that caused users to delete legitimate operating system files seem relatively harmless.'"

Spamresource.com has up a piece describing a new service that could be useful in evaluating the reputation of sites you deal with — anonwhois.org returns information on domains registered anonymously. It provides a DNSBL-style service that "is not a blacklist and wasn't meant to be used for outright rejection of mail." Only 619,000 domains are listed so far, but more are added as they are queried, so the database will grow more complete. Anonwhois.org seems to be a sister site to Spam Eating Monkey.

marpot writes "In an effort to assist Wikipedia's editors in their struggle to keep articles clean, we are conducting a public lab on vandalism detection. The goal is the development of a practical vandalism detector that is capable of telling apart ill-intentioned edits from well-intentioned edits. Such a tool, which will work somewhat like a spam detector, will release the crowd's workforce currently occupied with manual and semi-automatic edit filtering. The performance of submitted detectors will be evaluated based on a large collection of human-annotated edits, which has been crowdsourced using Amazon's Mechanical Turk. Everyone is welcome to participate."

Barence writes "Microsoft has quietly won court approval to deactivate 277 domain names that are being used to control a vast network of infected PCs. The notorious Waledac botnet is being used by Eastern European spammers to send 1.5 billion spam messages every day, and infect hundreds of thousands of machines with malware. In a suit filed in the US District Court of Eastern Virginia, Microsoft accused 27 unnamed defendants of violating federal computer crime laws. It further requested that domain registrar Verisign temporarily deactivate the domains, shutting down the control servers being used to send commands to the machines. The request was secretly approved by District Judge Leonie Brinkema, allowing the action to be taken covertly, preventing Waledac's operators from switching domains."

Making music has never been quite this awesome! Using only ThinkGeek products (Bliptronic 5000, Guitar Shirt, Drumkit Shirt, Stylophone, and Otamatone Electronic Instrument) the ultra-geeks over at ThinkGeek have created this ultra-cool cover of The Who's Baba O'Reilly. This also qualifies as a full blown shameless plug since ThinkGeek shares a corporate overlord with Slashdot.

coomaria writes "OK, even allowing for the fact this comes from a newly published study (PDF) from a security company, that's still one heck of a statistic. The fact that it's Symantec, and so has access to perhaps more enterprises than most, makes it a double-heck with knobs on. Or how about this one for size: 'every enterprise, yes, 100 percent, experienced cyber losses in 2009.'"

Trailrunner7 writes "Last year saw a monstrous increase in the volume of malicious spam, according to a new report (PDF). In the second half of 2009, the number of spam messages sent per day skyrocketed from 600 million to three billion, according to new research. For some time now, spam has been accounting for 90 or more percent of all email messages. But the volume of spam had been relatively steady in the last couple of years. Now, the emergence of several large-scale botnets, including Zeus and Koobface, has led to an enormous spike in the volume of spam."

ChiefMonkeyGrinder writes "Despite only being launched this week, spammers are already targeting Google Buzz, the search engine's social network." If my buzz box is any indicator, the spammers are pretty much the only people actually using Buzz, and until Facebook can integrate, I wonder if that will change. The Times also has a followup on Google's Apologies following various privacy bumbles throughout the launch of Buzz.

coomaria writes "The HoneyGrid scans 40 million Web sites and 10 million emails, so it was bound to find something interesting. Among the things it found was that a staggering 95% of User Generated Content is either malicious in nature or spam." Here is the report's front door; to read the actual report you'll have to give up name, rank, and serial number.