An anonymous reader writes "A Microsoft server accesses URLs sent in Skype chat messages, even if they are HTTPS URLs and contain account information. A reader of Heise publications notified Heise Security (link to German website, Google translation). They replicated the observation by sending links via Skype, including one to a private file storage account, and found that these URLs are shortly after accessed from a Microsoft IP address. When confronted, Microsoft claimed that this is part of an effort to detect and filter spam and phishing URLs."
Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.
New submitter apenzott writes "According to the BBC, a Dutch citizen has been arrested by Spanish police who suspect he was behind the recent Spamhaus DDOS attack, one of the biggest such attacks ever. 'The man arrested is believed to be Sven Kamphuis, the owner and manager of Dutch hosting firm Cyberbunker that has been implicated in the attack.' According to a press release from the Dutch Public Prosecutor (Google translation of Dutch original), the 35-year-old man's computers and other devices have been seized as evidence. The man will be transferred from Spain to the Netherlands shortly. 'Spamhaus is delighted at the news that an individual has been arrested and is grateful to the Dutch police for the resources they have made available and the way they have worked with us,' said a Spamhaus spokesman."
"Quirky.com has generated a lot of buzz," writes frequent contributor Bennett Haselton, "but it's hard to see how it could ever be more than a novelty unless they change two key features of their process. Fortunately, they already have all the infrastructure in place for bringing inventions to fruition, so that with these two changes, Quirky really could deliver on their early promise to change the way products get invented." Read on for Bennett's thoughts — which seem more sensible than quirky.
itwbennett writes "Amazon sent out a press release over the weekend announcing that the pilots for their original shows 'held 8 spots on the list of 10 most streamed Amazon VOD episodes.' So blogger and entertainment junkie Peter Smith decided to spend a couple of hours seeing if they were worth watching. He managed to sit through 4 of the 8 comedy shows and found a mixed bag — one a clear miss, two meh, and one he'd like to see turned into a series. Have you watched any of the pilots? What did you think?" The quality of these the pilots is not the only way they're a mixed bag: for many Linux users, they're simply not watchable. Watch soon for unknown_lamer's screed on the fat lot of good(will) Amazon is generating by making it harder to legally get these shows.
jrepin writes "A few weeks ago the FSF reported that Google had started blocking invites sent from non-Google Jabber servers. This was done as a crude anti-spam measure. Google have since rolled out proper anti-spam filtering for its Jabber service, and has removed the invite block. This was announced a few days ago in a public mailing list post. This means that users of all Jabber servers will once again be able to fully communicate with Google users."
sholto writes "An aggressive expansion strategy by LinkedIn has backfired spectacularly amid accusations of identity fraud. Users complained the social network sent unrequested invites from their accounts to contacts and complete strangers, often with embarrassing results. One man claimed LinkedIn sent an invite from his account to an ex-girlfriend he broke up with 12 years ago who had moved state, changed her surname and her email address. ... 'This ex-girlfriend's Linked in profile has exactly ONE contact, ME. My wife keeps getting messages asking 'would you like to link to (her)? You have 1 contact in common!,' wrote Michael Caputo, a literary agent from Massachussetts."
Nerval's Lobster writes "Twitter is plunging into the online music game. Twitter Music (or "Twitter #music," in the company's own rendering) uses Twitter activity such as Tweets and engagement "to detect and surface the most popular tracks and emerging artists," according to an April 18 posting on Twitter's official blog. Songs on the app derive from three sources: iTunes, Spotify, or Rdio. And yes, Twitter is big, but its victory is by no means assured: other IT giants have entered the same market only to watch highly-publicized projects wither away, doomed by some combination of audience apathy and implementation issues. Take Apple's Ping, for example: launched in September 2010 as part of an iTunes update, the ambitious social-networking and music-recommendation engine immediately ran into a number of problems, including a lack of Facebook integration (despite Steve Jobs' assurances to the contrary) and widespread reports of spam and fake accounts. Can Twitter's effort stand out, or will it just be lost in all the noise?"
benrothke writes "When I first heard about the book The Death of the Internet, it had all the trappings of a second-rate book; a histrionic title and the fact that it had nearly 50 contributors. I have seen far too many books that are pasted together by myriad disparate authors, creating a jerry-rigged book with an ISBN, but little value or substance. The only negative thing about the book is the over the top title, which I think detracts from the important message that is pervasive in it. Other than that, the book is a fascinating read. Editor Markus Jakobsson (Principal Scientist for Consumer Security at PayPal) was able to take the collected wisdom from a large cross-section of expert researchers and engineers, from different countries and nationalities, academic and corporate environments, and create an invaluable and unique reference." Read below for the rest of Ben's review.
badger.foo writes "When you publicly assert that somebody sent spam, you need to ensure that your data is accurate. Your process needs to be simple and verifiable, and to compensate for any errors, you want your process to be transparent to the public with clear points of contact and line of responsibility. Here are some pointers from the operator of the bsdly.net greytrap-based blacklist."
chicksdaddy writes "Social Media Widget, a free plug-in for the WordPress blogging platform with more than a million downloads, was restored to WordPress's official plugin directory on Thursday, days after it was found injecting WordPress websites with spam links to web sites offering Pay Day Loans. In a post on a support forum for Social Media Widget (SMW), Samuel Wood, a WordPress administrator, said that WordPress was willing to give SMW and its owner a second chance after he claimed to have been the victim of a contract developer gone rogue. 'Naturally we do take a very hard line on spam, and obviously an author putting malicious code into a plugin is enough grounds for us to bring down the ban hammer,' Wood wrote on Friday. 'But there are natural circumstances where an author may not be at fault.' SMW appears to be such a case. It is one of the 20 most popular WordPress add-ons and allows WordPress web site operators to include links to their other social media accounts. Brendan Sheehan, the owner of SMW, said, 'We trusted the wrong people with our plugin code and take full responsibility. We are a marketing company at heart and are not actually developers, so in order to provide major updates and improvements, we had to seek outside help. Some of these people deceived us and abused our trust and naivety...We will not make this mistake again.' Wood said the folks at Wordpress decided to accept that story — but that they're watching SMW closely. 'Basically, the current maintainer is not a professional programmer, and put his trust in the wrong freelancers to do the coding work for him...We'll be watching the plugin for changes,' he said. 'The plugin is back up for now, and as long as it stays clean, it's fine.'"
RougeFemme writes "Sven Olaf Kamphius, self-described 'Internet freedom fighter,' is reportedly at the center of the investigation into this week's alleged cyber-attack against Spamhaus, a group that fights Internet spam. Mr. Kamphius became incensed when Spamhaus blacklisted two companies that he runs, including Cyberbunker, a company that, earlier this week, claimed be under attack from Dutch swat teams. Though he initially solicited support for a DDoS against Spamhaus, he now disavows any direct role in the cyberattack, which threatened to slow some web traffic to a crawl."
CowboyRobot writes "Despite the headlines, the big denial of service attack may not have slowed the Internet after all. The argument against the original claim include the fact that reports of Internet users seeing slowdowns came not from service providers, but the DDoS mitigation service CloudFlare, which signed up Spamhaus as a customer last week. Also, multiple service providers and Internet watchers have now publicly stated that while the DDoS attacks against Spamhaus could theoretically have led to slowdowns, they've seen no evidence that this occurred for general Internet users. And while some users may have noticed a slowdown, the undersea cable cuts discovered by Egyptian sailors had more of an impact than the DDoS."
msm1267 writes with an excerpt From Threat Post: "While the big traffic numbers and the spat between Spamhaus and illicit webhost Cyberbunker are grabbing big headlines, the underlying and percolating issue at play here has to do with the open DNS resolvers being used to DDoS the spam-fighters from Switzerland. Open resolvers do not authenticate a packet-sender's IP address before a DNS reply is sent back. Therefore, an attacker that is able to spoof a victim's IP address can have a DNS request bombard the victim with a 100-to-1 ratio of traffic coming back to them versus what was requested. DNS amplification attacks such as these have been used lately by hacktivists, extortionists and blacklisted webhosts to great success." Running an open DNS resolver isn't itself always a problem, but it looks like people are enabling neither source address verification nor rate limiting.
An anonymous reader writes "The NYT is reporting that the Largest DDoS in history reached 300 Gbps. The dispute started when the spam-fighting group Spamhaus added the Dutch company Cyberbunker to its blacklist, which is used by e-mail providers to weed out spam. Millions of ordinary Internet users have experienced delays in services like Netflix or could not reach a particular Web site for a short time. Dutch authorities and the police have made several attempts to enter the bunker by force but failed to do so. The attacks were first mentioned publicly last week by Cloudflare, an Internet security firm in Silicon Valley that was trying to defend against the attacks and as a result became a target."
First time accepted submitter Sodki writes "The Linux Game Tome, one of the most important websites related to video gaming in GNU/Linux, will shut down on the 13th of April, according to a news post published on the website. The decision was made due to the 'lack both the time and the ambition to do what is necessary to keep the site afloat,' which has resulted in 'spam clogging the forums, lack of updates and increasing brokenness of the site.' This might not be the end, though. The maintainers of The Linux Game Tome will make available a dump of the games database, so that anyone interested can cook up a new and updated version of the website, and a worthwhile effort will be considered for a transfer of ownership of the domain. The current source code of the website, which is from 1999, will not be available because 'it is not fit for human consumption.'" It certainly had a good run; I remember poking around the Linux Game Tome as a teenager in the misty past (and it's where I discovered Freeciv, Warzone 2100, and lbreakout2). Are there any alternatives already operating (unfortunately, Freecode doesn't seem popular with game authors)? Or: Which one of you is going to write the Linux Game Tome 3.0?
coondoggie writes "Researchers at DARPA want to take the science of machine learning — teaching computers to automatically understand data, manage results and surmise insights — up a couple notches. Machine learning, DARPA says, is already at the heart of many cutting edge technologies today, like email spam filters, smartphone personal assistants and self-driving cars. 'Unfortunately, even as the demand for these capabilities is accelerating, every new application requires a Herculean effort. Even a team of specially-trained machine learning experts makes only painfully slow progress due to the lack of tools to build these systems,' DARPA says."
New submitter kxra writes "Do you have a federated jabber instant messaging account that never gets responses from Google accounts anymore? Or do you have a Gmail account that a friend has been unable to invite from their 3rd party Jabber account? The Free Software Foundation reports, 'Google users can still send subscription requests to contacts whose accounts are hosted elsewhere. But they cannot accept incoming requests. This change is akin to Google no longer accepting incoming e-mail for @gmail.com addresses from non-Google domains.' This sounds like something Facebook would try in order to gain even tighter control over the network, but they never even federated their Jabber service to begin with. According to a public mailing list conversation, Google is doing this as a lazy way to handle a spam problem."
An anonymous reader writes "Of the 42,000 Internet Service Providers (ISPs) surveyed, just 20 were found to be responsible for nearly half of all the spamming IP addresses — and some ISPs have more than 60% of compromised hosts, mostly in Asia. Phishing Bad Neighborhoods, on the other hand, are mostly in the U.S. Also, there is a silent ticking 'spam' bomb in BRIC countries: if India would have the same Internet penetration rate as the United States while keeping its current ratio of malicious IP addresses, we would observe 200% more spamming IP addresses worldwide. These are just few of the striking results of an extensive study from the University of Twente, in The Netherlands, which scrutinizes the Internet Bad Neighborhoods to develop next-generation algorithms and solutions to better secure networks."
The quote in the title is from www.muckrock.com/about/. And that is exactly what MuckRock is all about: Making FOIA (Freedom of Information Act) requests for you (and investigative reporters) so you don't have to deal with the often-daunting paperwork and runarounds you may run into when you try to pry information out of a recalcitrant government agency. In theory, most government information is public. In practice, many local, state and federal government bodies would just as soon never tell you anything. This is why Tim Lord talked with MuckRock co-founder Michael Morisy, and why we're running this interview in the middle of Sunshine Week, which exists "...to educate the public about the importance of open government and the dangers of excessive and unnecessary secrecy."
rueger writes "One of Canada's biggest cable/Internet providers has their customers in an outrage. '... after an interruption of Shaw's email services Thursday led to millions of emails being deleted ... About 70 per cent of Shaw's email customers were affected when the company was troubleshooting an unrelated email delay problem and an attempted solution caused incoming emails to be deleted ... Emails were deleted for a 10-hour period between 7:45 a.m. and 6:15 p.m. Thursday, although customers did not learn about the problem until Friday, and only then by calling customer service or accessing an online forum for Shaw Internet subscribers.' To top it off, when Shaw did send out notices about this, they looked so much like every day phishing spam that many people deleted them unread."