judgecorp writes "Dutch ISP A2B has filed police complaints against anti-spam project Spamhaus, calling its CEO 'nuts' and accusing him of blackmail. Spamhaus added all A2B's addresses to a spam blacklist, when A2B did not obey the letter of its demands in blocking a spammer."

drmartin66 makes it to the front page with this question: "Last weekend I installed a new spam filter server for a client, and enabled connection rejection if the sending server did not have a Reverse DNS record. Since then, I have had a number of emails rejected from regulator bodies that do not have a Reverse DNS record, and are refusing to have one created for their email server. What is your opinion of Reverse DNS records? Are they (or should they be) a standard, and required? Or are they useless for spam fighting?"

Orome1 writes "Most users get hacked at high rates even when they do not think they are engaging in risky behavior, with 62% unaware of how their accounts had been compromised, The results of a Commtouch survey presenting statistics on the theft, abuse and eventual recovery of Gmail, Yahoo, Hotmail and Facebook accounts, shows that less than one-third of users noticed their accounts had been compromised, with over 50% relying on friends to point out their stolen accounts. Also, more than two-thirds of all compromised accounts are used to send spam and scams, which is not surprising, as cybercriminals can improve their email delivery rates by sending from trusted domains such as Gmail, Yahoo, and Hotmail, and enhance their open and click-through rates by sending from familiar senders."

An anonymous reader writes "That email you might be getting from Barnes and Noble might not be spam, but rather your only chance to prevent the comprehensive record of your buying history at defunct arch-rival Borders from ending up in B&N's data warehouse. You have15 days after the email arrives, assuming that it ever does, since chances are the email address you originally signed up with Borders is long gone." For that very reason, this sounds like a good place for the terms of the bankruptcy to require opting in, rather than opting out.

wiredmikey writes "As any IT security department knows, social networks pose a significant threat to users across the board as they blindly click links which often lead to spam or other malicious sites that could result in malware infection. In a move to further protect users of the world's largest social networking site, Facebook is adding a new feature to help protect users from links to these malicious sites. Starting today, when a Facebook user clicks on a link it will be checked against a database from Websense in an attempt to determine if the link is malicious. If the link is determined to be risky, the user will be given the choice to continue at their own risk, return to the previous screen, or get more information on why it was flagged as suspicious."

Trailrunner7 writes "Earlier this week, Microsoft released an announcement about the disruption of the Kelihos botnet that was responsible for spam messages, theft of sensitive financial information, pump-and-dump stock scams, and distributed denial-of-service attacks. The botnet had a complex, multi-tiered architecture as well as a custom communication protocol and three-level encryption. Kaspersky Lab researchers did the heavy lifting, reversing the protocol and cracking the encryption and then sink-holing the botnet. The company worked closely with Microsoft's Digital Crimes Unit (DCU), sharing the relevant information and providing them with access to our live botnet tracking system."

Trailrunner7 writes with an excerpt from an article in Threatpost: "Continuing its legal assault on botnet operators and the hosting companies that the criminals use for their activities, Microsoft has announced new actions against a group of people it contends are responsible for the operation of the Kelihos botnet. The company has also helped to take down the botnet itself and says that Kelihos's operators were using it not only to send out spam and steal personal information but also for some more nefarious purposes."

itwbennett writes "People trying to email information about the Wall Street protests on Monday using Yahoo mail, found themselves on the receiving end of messages from Yahoo claiming 'suspicious activity'. ThinkProgress.org has a YouTube video of users trying to send emails that mention the 'OccupyWallSt.org' web site, which seemed to be the magic phrase to get your email blocked. Via Twitter, Yahoo announced the blockage was now fixed, but 'there may be residual delays.'"

AmyVernon writes "This piece from RWW got me thinking about whether, when you sign up for access to a site, you're actually signing up to get a slew of email spam from them. The single opt-in is still really popular, which I've noticed because I often check the box indicating I don't want further emails from a company or publisher. I always assume that giving my actual email address means I'm going to get spam-type emails from whomever. It still surprises me that most people don't. But it does raise a good question: Shouldn't you be able to sign up for something without automatically being signed up for a never-ending stream of 'updates?'"

An anonymous reader writes "The price of a pair of hearing aids in the U.S. ranges from $3,000 to $8,000. To the average American household, this is equivalent to 2-3 months of income! While the price itself seems exorbitant, what is even more grotesque is its continuous pace of growth: in the last decade the price of an average Behind the Ear hearing aid has more than doubled. To the present day, price points are not receding — even though most of its digital components have become increasingly commoditized. Is this a hearing aid price bubble?"

www.sorehands.com writes "Back in 2006, e360Insight and David Linhardt obtained an $11.7M judgment against Spamhaus, an international anti-spam organization. The judgment was subsequently appealed and reduced to $27,002. That judgment was appealed yet again, and the appeals court has now vacated the earlier number and entered a judgment against Spamhaus in the amount of $3. (Yes, three dollars.) As you may recall, e360's oral arguments for the latest appeal were not well received by the court." The ruling itself is a fairly entertaining diatribe about how e360 shot itself in the foot repeatedly and with enthusiasm throughout the case, and contains gems like this: "By failing to comply with its basic discovery obligations, a party can snatch defeat from the jaws of certain victory."

hellkyng writes with a transcript of interesting chat logs in Krebs on Security. From the article: "Leaked online chats between the co-owners of the world's largest pharmacy spam operation reveal the extent to which illicit organizations in Russia purchase political protection, and bribe public officials into initiating or stalling law enforcement investigations."

Trailrunner7 writes "There has been a huge spike in spam volume in the last few days, including a massive amount of malicious spam with infected attachments, and researchers say that levels of junk mail are now far higher than they were before the takedown of the notorious Spamit affiliate program last fall. The huge spike comes at a time when spam should, in fact, be dropping because of the takedown of the Rustock botnet, the Spamit network and other botnets. 'From the beginning of August, we have observed a huge surge of malicious spam which far exceeds anything we have seen over the past two years, including prior to the SpamIt takedown last October. The majority of the malicious spam comes from the Cutwail botnet, although Festi and Asprox are among the other contributors,' M86 researcher Rodel Mendrez said."

jfruhlinger writes "Today's programmers have much more advanced languages and more forgiving hardware to play with — but it seems many have forgotten some of the lessons their predecessors picked up in a more resource-constrained era. Newer programmers are less adept at identifying hardware constraints and errors, developing thorough specifications before coding, and low-level skills like programming in assembly language. You never know when a seemingly obsolete skill will come in handy. For instance, Web developers who cut their teeth in the days of 14.4 Kbps modems have a leg up in writing apps for laggy wireless networks."

itwbennett writes "Notorious spam king Sanford Wallace is facing federal fraud charges for allegedly breaking into the Facebook accounts of 500,000 victims in 2008 and 2009 and using the stolen credentials to post 27 million spam messages. The charges are outlined in an indictment, filed July 6 but made public Thursday after Wallace turned himself in to federal authorities. If convicted, Wallace could get more than 16 years in prison."

Eric Smalley writes "If you're like most people, you give yourself high ratings when it comes to figuring out when someone's trying to con you. Problem is, most people aren't actually good at it — at least as far as detecting fake positive consumer reviews. Fortunately, technology is poised to make up for this all-too-human failing. Cornell University researchers have developed software that they say can detect fake reviews (PDF)."

Lucas123 writes "Adding NAND flash memory to a PC does more for performance than DRAM and costs less, according to a new study. As the price difference between the two memory types widens, NAND flash will become the memory of choice in the PC. The effects of NAND flash adoption are already being felt in the DRAM market, as revenue in 2011 is expected to decline 11.8%."

Orome1 writes "Spammers today favor compromised accounts for sending spam, gradually shifting distribution away from botnets, according to Commtouch. The changed tactic has emerged as spam levels dropped dramatically, following several high-profile botnet takedowns. Spammers are now using a combination of malware and phishing to compromise legitimate accounts and then using these accounts to send low-volume spam outbreaks."

twoheadedboy writes "Yahoo has come under fire for updating its terms and conditions so it can scan user emails. The move has attracted the attention of notable privacy group Big Brother Watch, which has called on the email provider to scrap the feature altogether. Yahoo says it is only doing the scanning to identify spam and better target ads, but that still hasn't put people off from criticizing the firm."

We've sometimes seen malware sources broken down by country; now a Dutch study attempts to increase the resolution of that information. An anonymous reader writes with some bits gleaned from the recently published study (PDF): "Seoul is the most criminal city on the Internet, followed by Taipei and Beijing. When the population of the top 20 cities is taking into account, Chelyabinsk , in Russia, tops the list, followed by Buenos Aires and Kuala Lampur. These results were found by researchers from the from the University of Twente and Quarantainenet, a security company from the Netherlands. The researchers also found that analyzing attacks' origin at the city level [Original, in Dutch] instead of country level reveals interesting findings. For example, the U.S. ranked #3 in the list of the most criminal countries for the reporting period, while no major U.S. city was found among the most evil ones, while only one European city was listed among the top 20 cities, but 8 EU countries were among the most criminal. It was also observed that the list of criminal cities remains stable over a period time and that when the attack type is taken into account, 50% of the most evil cities remains the same."