Michael J. Ross writes "Of the leading content management systems used by developers for creating websites, Drupal is highly regarded for many characteristics, including a much smaller initial footprint, compared to Joomla and other CMSs. Yet some developers find this a disadvantage as well, because one of the most common criticisms leveled against Drupal is its lack of built-in support for images and multimedia elements — thereby forcing new Drupal developers to choose from the thousands of contributed Drupal modules those that would be optimal for implementing their websites' multimedia functionality. Aaron Winborn's book Drupal Multimedia is intended as a guide to help such developers." Keep reading for the rest of Michael's review.

palegray.net writes "SORBS, a well-known email blocklist provider, has reportedly been sold for $451k. Early reports indicate an acquisition by GFI, a company specializing in various communications services. In recent years, SORBS has been the target of frequent accusations of mismanagement and poor conduct, leading many to wonder if this turn in events might signal a chance for improved behavior. Citing lack of ISP support, the blocklist released statements earlier this year that they would be shuttering their operation."

An anonymous reader writes "Facebook is on a never-before-seen legal rampage against high profile internet spammers. Today Facebook was awarded yet another nine-figure settlement, this time for over $700 million. Facebook also has a criminal contempt case on Wallace, which means a high likelihood of prison, a big win for the internet and a milestone in cyber law. 'The record demonstrates that Wallace willfully violated the statutes in question with blatant disregard for the rights of Facebook and the thousands of Facebook users whose accounts were compromised by his conduct,' Jeremy Fogel wrote in his judgment order, which permanently prohibits Wallace from accessing the Facebook Web site or creating a Facebook account, among other restrictions."

angryrice tips a blog post by John Resig, lead developer for jQuery, about the failure of Google Groups to manage spam, declaring attempts to use it as a public discussion system "completely futile." Quoting: "The final straw was placed upon my patience with the Google Groups system a few weeks ago. Spammers are now spoofing the email addresses of existing group participants to sneak their messages through. Previously you would've seen a delightful 'FREE MOVIE DOWNLOADS' spam from 'freemovies123@gmail.com' — but now you'll see it coming from existing group users — or even the group moderators themselves. This cheat completely bypasses the moderation system since the spammers are pretending to be pre-moderated users. The Google Groups system is completely fooled. The spam message comes in claiming to be from an existing group participant — and according to the Google Groups interface there is no difference. If you click the user's name you'll be taken to a full listing of that user's posts (with the spam messages delightfully interspersed)."

get quad writes "I continually have to remind our end-users to be vigilant about the usual web security hazards, such as not clicking links in the occasional spam email that passes through our filters, avoiding suspicious websites, why some websites aren't entirely safe or appropriate for the work environment (Facebook apps, MySpace, remote access apps, proxies, etc), and the myriad other things an end-user can do to get into trouble. What I'm hoping to find are video or flash examples (mind you, in layman's terms) of what Web-based exploits/zero-day threats are capable of, how they can happen, and the harm they can ultimately cause — rather than posting links to technical docs the users will never bother to read. Getting the point across in a purely visual and less technical manner seems much more effective. Does anyone have any suggestions or experience with this type of training?"

Sooner Boomer writes "Nigerian police, in what is named Operation 'Eagle Claw,' have shut down 800 scam web sites and arrested members of 18 syndicates behind the fraudulent scam sites. Reports on Breitbart.com and Pointblank give details on the busts. The investigation was done in cooperation with Microsoft to help develop smart technology software capable of detecting fraudulent emails. From Breitbart: 'When operating at full capacity, within the next six months, the scheme, dubbed "Eagle Claw," should be able to forewarn around a quarter of million potential victims.'"

An anonymous reader writes "New Canadian anti-spam and anti-spyware legislation is scheduled for a key vote on Monday. Michael Geist reports that the copyright lobby has been pushing to remove parts of the bill that would take away exceptions which currently allow spyware to be installed without authorization. 'The copyright lobby is deeply concerned that this change will block attempts to track possible infringement through electronic means.' There have also been proposals to extend the exemptions granted to telecom providers to include the installation of programs without the user's express consent, which Geist says will 'leave the door open to private, surreptitious surveillance.'"

With the latest release of the popular anti-malware tool Ad-Aware, Lavasoft has added what is being referring to as "Genotype," a heuristic-based behavioral detection engine. In addition to a new (and what appears to be faster) method of detection and elimination, there are a few incremental updates like the simple/advanced toggle and a potentially always-on "gaming mode," which attempts to do real-time filtering while you are playing games, watching videos, or just browsing.

We recently redesigned the Submission Form to make it (hopefully) a little easier for you to shovel news our way. The new system also will allow you to tag your submissions. A reminder that you can participate in rating stories and filtering spam from the recent submissions page. And by bookmarking this convenient bookmarklet you can submit stories from the comfort of whatever web page you are browsing.

thadmiller writes "Comcast is launching a trial on Thursday of a new automated service that will warn broadband customers of possible virus infections if the computers are behaving as if they have been compromised by malware. For instance, a significant overnight spike in traffic being sent from a particular Internet Protocol address could signal that a computer is infected with a virus, taking control of the system and using it to send spam as part of a botnet." Update: Jason Livingood of Comcast's Internet Systems Engineering group sent to Dave Farber's "Interesting People" mailing list a more detailed explanation of what this trial will involve.

Usagi_yo writes "Endless whispers for Kinah (Aion's in-game currency), scrolling chat tabs of multi-line spam messages from currency traders, phishing scams, key-logger scam, power leveling — it's all there and it's very ugly for NCsoft's release of Aion MMORPG, as players are starting to revolt only two weeks into the game's release." This reader originally pointed to the Aion general forums, which displayed a ton of threads complaining about spammers. Many of those threads have since been deleted (though more continue to crop up). Make of that what you will. I've been playing Aion a bit, and the spamming is certainly becoming a problem. When it began, it was mainly just whisper-spam from level 1 accounts, which NCSoft quickly stepped on by denying whispers before level 5. Not the most elegant solution, but it was a decent attempt to complement the /anon command, which makes your character invisible to /who searches. Then the spammers just started leveling to 5, which doesn't take too long, but in order to make up for lost time, they co-opted the global "looking for group" channel, flooding it such that the channel is now useless. You can easily block the channel from view (giving up entirely on what was once a helpful channel), or individually block each of the spammers as they arrive, but hopefully NCSoft will soon implement a solution that's less annoying to players. They say they're still on the case.

Engadget has snagged some of the details behind a bunch of multi-touch mouse prototypes from Microsoft Research. The prototypes range from the wacky to the extreme, but at least they are thinking outside the mouse trap. "Each one uses a different touch detection method, and at first glance all five seem to fly in the face of regular ergonomics. The craziest two are probably "Arty," which has two articulated arms to cradle your thumb and index finger, with each pad housing its own optical sensor for mission-critical pinching gestures, and "Side Mouse" which is button free and actually detects finger touches in the table immediately in front of the palm rest. Of course, there's plenty of crazy in the FTIR, Orb Mouse and Cap Mouse (pictured), which rely on an internal camera, orb-housed IR camera and capacitive detection, respectively. Of course, there's no word on when these might actually see the light of day"

cheros was one of several readers to note that today, Oct 5, in 1969 was the very first airing of Monty Python. Although not every sketch has aged particularly well, you'd be hard pressed to find a more influential and funny show. Heck, look at the Icon we use here to indicate humorous stories! Who among us can't claim to have viewed the Holy Grail at least somewhere in the double digits.

badger.foo passes on the report of Peter N. M. Hansteen that a third round of low-intensity, distributed brute-force attacks is now in progress — we earlier discussed the first and second rounds — and that sloppy admin practice on Linux systems is the main enabler. As before, the article links to log data (this time 770 apparently already compromised Linux hosts are involved), and further references. "The fact that your rig runs Linux does not mean you're home free. You need to keep paying attention. When your spam washer has been hijacked and tries to break into other people's systems, you urgently need to get your act together, right now."

alphadogg quotes from a Network World piece reporting on ICANN's study of the prevalence of proxy services that shield registrants' personal information from WHOIS queries. "Approximately 15% to 25% of domain names have been registered in a manner that limits the amount of personal information available to the public... according to the preliminary results of a report from ICANN... Domain owners who want to limit the amount of personal information available to the public generally use a privacy [proxy] service. ... [Proxy services] register domain names on behalf of registrants. The main objective of ICANN's study — which was based on a random sample of 2,400 domain names registered under .com, .net, .org, .biz, and .info — is to establish baseline information to inform the ICANN community on how common privacy and proxy services are." Spammers and other miscreants abuse the ability to register domains by proxy, in order to avoid being found; but ordinary users have a legitimate interest in keeping their personal information out of the hands of those same bad actors. What's the right balance?

Today Spamhaus announced they are releasing a new list of IP addresses from which they've been receiving "snowshoe" spam — unsolicited email distributed across many IPs and domains in order to avoid triggering volume-based filters. "This spam is sent from many small IP ranges on many Internet Service Providers (ISPs), using many different domains, and the IPs and domains change rapidly, making it difficult for people and places to detect and block this spam. Most importantly, while each host/IP usually sends a modest volume of bulk email, collectively these anonymous IP ranges send a great deal of spam, and the quantities of this type of spam have been increasing rapidly over the past few months." A post at the Enemies List anti-spam blog wonders at the impact this will have on email service providers and their customers. The author references a conversation he had with an employee from one of these providers: "... I replied that I expected it to mean the more legitimate clients of the sneakier gray- and black-hat spammers would migrate to more legitimate ESPs — suggesting that it was, in the long run, a good thing, because ESPs with transparency and a reputation to protect will educate their new clients. His reply was essentially that this would be a problem for them in the short run, because it would swamp their new customer vetting processes and so on."

As Google Wave is about to be released to 100,000 beta testers tomorrow, reader snitch writes in with a link to an in-depth interview with Dhanji Prasanna, whose title is Core Engineer. It covers some of the technologies, tools, and best practices used in building Wave. "InfoQ: Would you like to give us a short technical outline of what happens to a message (blip) from the moment a user types it in the web client, until becomes available to every one else that is participating in that wave — humans or robots? ... Dhanji: Sure, a message written in the client is transformed into a series of operations that are sent to the server in real time. After authenticating and finding the appropriate user session, the ops are routed to the hosted conversation. Here these ops are transformed and applied against other incoming op streams from other users. The hosted conversation then broadcasts the valid set of changes back to other users, and to any listening robots. This includes special robots like the ones that handle spell checking, and one that handles livesearch (seen in the center search-panel), as well as explicit robotic participants that people have developed. Robotic participants write their changes in response to a user's and these are similarly converted into ops, applied and re-broadcast."

Nithendil writes "guyhersh from reddit.com describes the situation (warning: title NSFW): Based on what I've seen today, here's what went down. Reddit user Empirical wrote javascript code where if you copied and pasted it into the address bar, you would instantly spam that comment by replying to all the comments on the page and submitting it. Later xssfinder posted a proof of concept where if you hovered over a link, it would automatically run a Javascript. He then got the brilliant idea to combine the two scripts together, tested it and it spread from there."

RobinH writes "StackOverflow, the successful question-and-answer website for programmers, is now over a year old and its top user has just passed 100,000 reputation points. Now one of the creators of StackOverflow, Joel Spolsky, and his company Fog Creek, are developing a software-as-a-service form of the StackOverflow engine called StackExchange to support any topic you want. The software is currently in private beta, but the first few beta sites have surfaced. Topics include business travel, the home, parenthood, the environment, finance, and iPhone game development."

An anonymous reader writes "MessageLabs unveiled a list of the top US spammed states, with surprising results — the spam capital of the US is Idaho, with 93.8 percent of spam, far exceeding the global spam rate for September 2009 of 86.4 percent. Idaho has jumped 43 spots since 2008 when it was ranked the 44th most spammed state. The difference can be attributed to the resilient and aggressive botnet market as well as a higher volume of global spam that has ensued since the beginning of the credit crisis toward the end of 2008."