Security

Y2.01K 269

After our recent discussion of decimal/hexadecimal confusion at the turn of 2010, alphadogg writes in with a Network World survey of wider problems caused by the date change. "A decade after the Y2K crisis, date changes still pose technology problems, making some security software upgrades difficult and locking millions of bank ATM users out of their accounts. Chips used in bank cards to identify account numbers could not read the year 2010 properly, making it impossible for ATMs and point of sale machines in Germany to read debit cards of 30 million people since New Year's Day, according to published reports. The workaround is to reprogram the machines so the chips don't have to deal with the number. In Australia, point-of-sales machines skipped ahead to 2016 rather than 2010 at midnight Dec. 31, rendering them unusable by retailers, some of whom reported thousands of dollars in lost sales. Meanwhile Symantec's network-access control software that is supposed to check whether spam and virus definitions have been updated recently enough fails because of this 2010 problem."
Idle

Honest $10,000 SPAM Screenshot-sm 16

I knew these couldn't all be scams!
It's funny.  Laugh.

Scambaiting Gets Comical; Internet Scammers All Dressed Up 178

Nurse Nasty writes "Scambaiting is a fun and relaxing full-contact email sport. It's all about baiting Internet and email scammers into exposing themselves and sharing that humiliation with the entire world. Recently I baited four different groups of Internet scammers into being comic book action super-heroes, and then giving them their own 10-page graphic novel. It's a bit of fun and eduction through entertainment." (Warning: The comic contains a bit of naughty language.)
Security

Citibank Denies Reported Breach Linked To Russian Gang 53

alphadogg writes "US authorities are investigating the theft of an estimated tens of millions of dollars from Citibank by criminals using Russian software tailored for the attack, according to the Wall Street Journal (subscription required to access that link — CNET's coverage here). The security breach at the major US bank was detected mid-year based on traffic from Internet addresses formerly used by the Russian Business Network gang, the WSJ reported today, citing unnamed government sources. The Russian Business Network is a well-known group linked to malicious software, hacking, child pornography, and spam. The FBI is probing the case, the report said. It was not known whether the money had been recovered and a Citibank representative said the company denied any system breach or losses, according to the report."
Security

Malware and Botnet Operators Going ISP 131

Trailrunner7 writes to mention that malware and botnet operators appear to be escalating to the next level by setting up their own virtual data centers. This elevates the criminals to the ISP level, making it much harder to stop them. "The criminals will buy servers and place them in a large data center and then submit an application for a large block of IP space. In some cases, the applicants are asked for nothing more than a letter explaining why they need the IP space, security researchers say. No further investigation is done, and once the criminals have the IP space, they've taken a layer of potential problems out of the equation. 'It's gotten completely out of hand. The bad guys are going to some local registries in Europe and getting massive amounts of IP space and then they just go to a hosting provider and set up their own data centers,' said Alex Lanstein, senior security researcher at FireEye, an anti-malware and anti-botnet vendor. 'It takes one more level out of it: You own your own IP space and you're your own ISP at that point.'"
Google

Yes, Google Does De-List Pages; But When? 133

Frequent Slashdot contributor Bennett Haselton writes "Google finds itself inserting a disclaimer once again above some offensive search results. But the disclaimer still leads many to believe (incorrectly) that Google doesn't tamper with search results even in cases of 'harmful' or 'offensive' material. We know that Google has in fact de-listed some pages at the request of offended parties. What is their real policy on the issue?" Read on for Bennet's essay.
Communications

Are You Using SPF Records? 263

gravyface writes "I've been setting up proper Sender Policy Framework records for all my clients for past year or so, hoping to either maintain or improve their 'reputation' in the email universe. However, there's a lot of IT admins I speak with who either haven't heard of SPF records or haven't bothered setting them up. How many of you are using SPF records for your mail domains? Does it help? How many anti-spam vendors out there use SPF records as part of their 'scorecard'?"
Security

Autonomous Intelligent Botnets Bouncing Back 152

coomaria writes "Thought that 2009 was the year botnets died? Well, think again: compromised computers were responsible for distributing 83.4% of the 107 billion spam messages sent around the world every single day this year, and it's going to get worse if intelligent and autonomous botnets arrive in 2010 as predicted."
The Courts

22 Million Missing Bush White House Emails Found 326

ctmurray writes "Computer technicians have found 22 million missing White House e-mails from the administration of President George W. Bush, and the Obama administration is searching for dozens more days' worth of potentially lost e-mail from the Bush years, according to two groups that had filed a lawsuit — which has now been dropped — over the failure by the Bush White House to install an electronic record-keeping system. Earlier we discussed the Obama White House's opposition to the lawsuit that led to this discovery." The related links reflect our discussions about the missing emails over two years.
Spam

Project Honey Pot Traps Billionth Spam 118

EastDakota writes "Project Honey Pot today announced that it had trapped its 1 billionth spammer. To celebrate, the team behind the largest community sourced project tracking online fraud and abuse released a full rundown of statistics on the last five years of spam. Findings include: spam drops 21% on Christmas Day and 32% of New Year's Day; the most spam is sent on Mondays, the least on Saturdays; spammers found at least 956 different ways to spell VIAGRA (e.g., VIAGRA, V1AGRA, V1@GR@, V!AGRA, VIA6RA, etc.) in mail received by the Project; and much more."
The Almighty Buck

Virtual Money For Real Lobbying 85

ogaraf writes "Silicon Alley Insider is reporting that health-insurance industry group 'Get Health Reform Right' paid Facebook users with virtual currency to be used in Facebook games in exchange for lobbying their Congressional Rep. 'Instead of asking the gamers to try a product the way Netflix would, "Get Health Reform Right" requires gamers to take a survey, which, upon completion, automatically sends the following email to their Congressional Rep: "I am concerned a new government plan could cause me to lose the employer coverage I have today. More government bureaucracy will only create more problems, not solve the ones we have."'" Relatedly, Trailrunner7 illustrates growing concern over realistic spammer profiles in social networking sites and their potential to wreak havoc, especially if these two methods were combined. "Many spammers now have large staffs of people working on nothing but building out completely fake personas for non-existent users on social networking sites and blog networks. The spammers use these personas to create accounts on Twitter, Facebook, Blogspot and other sites that have high levels of user interaction."
Spam

US No Longer Leading the World In Spam 96

darthcamaro writes "America is no longer the spam king. According to Cisco, US-originated spam dropped by over two trillion messages — American-based IP addresses sent about 6.2 trillion spam messages. The new world leader is Brazil at 7.7 trillion messages. 'I'm not completely surprised to see US falling to number two in the spam stats, but I didn't expect it to happen yet,' said Cisco Fellow Patrick Peterson. 'I was really gratified to see the actual spam volume decrease, not just ranking, but we [also] decreased the amount of spam that is pouring out of the United States.'" The drop in US spam might have had something to do with the temporary shutdown of the McColo spam ISP.
Image

Zombie Pigs First, Hibernating Soldiers Next Screenshot-sm 193

ColdWetDog writes "Wired is running a story on DARPA's effort to stave off battlefield casualties by turning injured soldiers into zombies by injecting them with a cocktail of one chemical or another (details to be announced). From the article, 'Dr. Fossum predicts that each soldier will carry a syringe into combat zones or remote areas, and medic teams will be equipped with several. A single injection will minimize metabolic needs, de-animating injured troops by shutting down brain and heart function. Once treatment can be carried out, they'll be "re-animated" and — hopefully — as good as new.' If it doesn't pan out we can at least get zombie bacon and spam."
Patents

Federal Appeals Court Tosses Spam Patent 76

Zordak writes "US patent 6,631,400 claims a method of making sure enough people get your spam. A federal district court had overturned the patent as anticipated and obvious, and not drawn to patentable subject matter. The Federal Circuit, the appeals court which hears patent matters, upheld the finding of obviousness, thus invalidating the patent."
Spam

Spammer Lance Atkinson Fined $16 Million 100

Nashville Guy writes "According to Australia's The Age, 'A New Zealand man living in Queensland and believed to be behind the world's largest spam operation, has been ordered to pay more than $16 million for running the illegal enterprise. Lance Atkinson, 26, originally from Christchurch, was living in Pelican Waters on the Sunshine Coast when the US Federal Trade Commission (FTC) had his assets frozen last year. ... The FTC found Atkinson and American Jody Smith were at the centre of the world's largest internet spam operation, dubbed 'AffKing,' having recruited spammers from around the world.'"
Biotech

Scientists Create Artificial Meat 820

Hugh Pickens writes "The Telegraph reports that scientists have created the first artificial meat by extracting cells from the muscle of a live pig and putting them in a broth of other animal products where the cells then multiplied to create muscle tissue. Described as soggy pork, researchers believe that it can be turned into something like steak if they can find a way to 'exercise' the muscle and while no one has yet tasted the artificial meat, researchers believe the breakthrough could lead to sausages and other processed products being made from laboratory meat in as little as five years' time. '"What we have at the moment is rather like wasted muscle tissue. We need to find ways of improving it by training it and stretching it, but we will get there," says Mark Post, professor of physiology at Eindhoven University. "You could take the meat from one animal and create the volume of meat previously provided by a million animals." Animal rights group Peta has welcomed the laboratory-grown meat, announcing that "as far as we're concerned, if meat is no longer a piece of a dead animal there's no ethical objection while the Vegetarian Society remained skeptical. "The big question is how could you guarantee you were eating artificial flesh rather than flesh from an animal that had been slaughtered. It would be very difficult to label and identify in a way that people would trust.""
The Courts

Prison Terms For Spammer Ralsky, Scientology DoS Attacker 328

tsu doh nimh writes "Alan Ralsky, the 64-year-old dubbed the 'Godfather of Spam,' was sentenced to 51 months in prison on Monday, the Washington Post's Security Fix blog reports. According to anti-spam group Spamhaus.org, Ralsky has been spamming since at least 1997, using dozens of aliases and tens of thousands of 'zombies' or hacked PCs to relay junk e-mail. Also sentenced — to 40 months in jail — was Ralsky's 48-year-old son-in-law, Scott K. Bradley, and two other men named last year in a 41-count indictment for wire fraud, mail fraud, money laundering and violations of the CAN-SPAM Act." And eldavojohn writes "19-year-old Dmitriy Guzner, Anonymous member and Scientology DDoS attacker, received one year and one day in jail for his admitted crime. His sentence could have been a maximum ten years. According to the Church of Scientology, Anonymous has harassed and attacked them with '8,139 threatening phone calls, 3.6 million e-mails, 141 million hits on its website, ten acts of vandalism against its property, 22 bomb threats, and eight death threats against Church leaders.'"
Security

English Shell Code Could Make Security Harder 291

An anonymous reader writes to tell us that finding malicious code might have just become a little harder. Last week at the ACM Conference on Computer and Communications Security, security researchers Joshua Mason, Sam Small, Fabian Monrose, and Greg MacManus presented a method they developed to generate English shell code [PDF]. Using content from Wikipedia and other public works to train their engine, they convert arbitrary x86 shell code into sentences that read like spam, but are natively executable. "In this paper we revisit the assumption that shell code need be fundamentally different in structure than non-executable data. Specifically, we elucidate how one can use natural language generation techniques to produce shell code that is superficially similar to English prose. We argue that this new development poses significant challenges for in-line payload-based inspection (and emulation) as a defensive measure, and also highlights the need for designing more efficient techniques for preventing shell code injection attacks altogether."

Slashdot Top Deals